Counterterrorism, Cybersecurity, and Homeland Security

Lisa O. Monaco

Assistant to the President for Homeland Security and Counterterrorism, The White House

Dina Temple-Raston

Counterterrorism Correspondent, National Public Radio


Lisa O. Monaco joins Dina Temple-Raston to discuss domestic security, counterterrorism, and cybersecurity issues during her tenure as President Obama’s homeland security advisor.


TEMPLE-RASTON: Good morning. Thank you very much for coming. And my name is Dina Temple-Raston. And for about the last decade I’ve been the counterterrorism correspondent for National Public Radio. So if the visual bothers you, just close your eyes. I understand. (Laughter.) And Lisa Monaco and I, in one way or another, have kind of crossed paths over the last decade, just because of the sheer volume of jobs that she has had in the public sector.

You have her bio, but whether it is counterterrorism or cybersecurity or the thing about which we’ve talked a lot more recently, trying to think of ways to stop young people from—in this country from being lured to Syria to join ISIS, Lisa’s been on the front line of all these things. And I wanted to say, since it’s 10 days before you leave Washington, for all of us here you have basically been in public service for your entire career, and you’re one of those few selfless people who did that. And if we could just give Lisa a round of applause for that. (Applause.)

MONACO: Thank you. Thank you.

TEMPLE-RASTON: So, as I said, 10 days and you get to leave the warren of the West Wing. And we have a tradition here at the Council on Foreign Relations—I don’t know if anybody said this, but—

MONACO: Uh-oh.

TEMPLE-RASTON: When you’re actually going to have an interview 10 days before the White House you always make news.

MONACO: (Laughs.) Have to.

TEMPLE-RASTON: Have to make news, OK. (Laughter.) So I—

MONACO: Dina knows me too well.

TEMPLE-RASTON: (Laughs.) Yes. Well, we’ll do what we can.

MONACO: (Laughs.)

TEMPLE-RASTON: So let’s talk a little bit—because I think that this is on—in the forefront of most people’s minds—is the Russian hack. And we’ve learned a little bit about it from the declassified report, in the way that there was some sort of meddling in the elections. Some people disagree about how much there was, but there was certainly some. There were troll farms that created false news. There were email hacks and selected releases. And since cybersecurity is in your portfolio, and because we know that Russians have meddled in elections in Europe in the past, were we surprised by this? It seems like we were.

MONACO: So, first of all, great to be here. I want to thank the Council and thank you, Dina, for doing this, and for everyone coming out this morning. It is, A, always nice to get out of Washington. B, nice to get—you referenced the warren of the White House. It’s actually a windowless office in the basement of the West Wing. (Laughter.) So very nice to be here. And particularly nice to be in front of such a thoughtful audience, which is always my experience, every time I’ve been to the Council whether here or in Washington. So thank you.

Were we surprised by this? I think the first question is what’s the this you’re talking about, right? So hacking of private sector entities—private or public sector entities? No, I don’t think we’re surprised by that. We’ve been talking about that and identifying that as—and cybersecurity in general as one of the biggest national security and economic security threats we face. The president said that when he first took office. And we’ve taken a number of steps to address those threats.

When it comes to the question of using information operations to interfere in our democracy, and I think the president recently spoke to this, you know, that is something—the asymmetric tools, whether it’s cyber hacking, cyber intrusions, information operations, those things, I think, are tactics and techniques that we are going to have to come to grips with increasingly going forward. So I think that’s an area that is—has probably not been on people’s radar screens as much as it should.

TEMPLE-RASTON: And were you surprised by the—or was the White House surprised by the Russian hack on the DNC, or? That’s what I mean by whether or not—

MONACO: I mean, look, we have been talking about and identifying and working on an increasingly aggressive set of actors. And Russia has—when it comes to cyberspace, so just talking about cyberthreats. And Russia has always been at the top of that list. Russia, China, Iran, you saw North Korea’s activity obviously with the Sony attack. So, no, I don’t think we’re at all surprised about their capabilities. We’ve been talking about that and identifying that as a real threat for some time.

TEMPLE-RASTON: And the Russians—I mean, sorry—the Republicans were hacked as well? And do we know for a fact that the Trump campaign was affected?

MONACO: So a few data points on this. One is the October 7th statement that the director of national intelligence and the secretary of homeland security in a very—frankly, an unprecedented statement calling out and identifying the Russian government-directed intrusions on, at that time, it described political organizations. And so I would call people’s attention to the plural there. So I think as we saw in the unclassified report, that obviously you’ve identified the DNC hack, as well as some Republican infrastructure.

TEMPLE-RASTON: What does that mean exactly?

MONACO: So infrastructure, or apparatus, or businesses, or companies used by Republican—by the Republican National Committee, but not the headquarters itself.


MONACO: And certainly what we know is we did not see the same type of information disclosures and leaks that we saw with the DNC.

TEMPLE-RASTON: Which gets me to my next question, which has to do with Julian Assange. You know, he has said—of WikiLeaks. He says he doesn’t know where the docs came from, or from they didn’t come from a state actor. Do we know that to be true?

MONACO: I think that the unclassified report speaks to this, that they cannot say definitively one way or another whether or not he was witting. I think that is how—

TEMPLE-RASTON: Whether he was?

MONACO: Witting.


MONACO: Of the sources.

TEMPLE-RASTON: I see. So it could have been removed by a couple—OK. So we’ll talk more. I’m sure members will have more to ask you about the hack. But I wanted to—

MONACO: I can’t imagine that that would be—

TEMPLE-RASTON: Yeah, maybe one or two things. (Laughter.) But I just wanted to get that much out there.

Let’s talk a little bit about terrorism, which has been sort of front and center of your portfolio since 2013, right? So—

MONACO: Well, in this job. But in my prior role as the assistant attorney general for national security, also oversaw the terrorism prosecutions around the country.

TEMPLE-RASTON: So we were talking—we’ve both been doing this at least 10 years, is that right, on terrorism?

MONACO: Mmm hmm, that’s right.

TEMPLE-RASTON: So President Obama said recently—

MONACO: I personally have been working to counter terrorism. (Laughter.)

TEMPLE-RASTON: Oh, yes, sorry. Mine—to be clear—my title is counterterrorism correspondent.

MONACO: Yeah. (Laughs.)

TEMPLE-RASTON: So President Obama said recently—he was—had an interview with George Stephanopoulos on the Sunday shows. And he said that we don’t get decisive victories fighting terrorism. So I guess I wonder, how do you know if the effort has been successful if there’s not a decisive victory? And what do you think, looking back now over this decade, what the Obama legacy on terrorism is—or counterterrorism?

MONACO: Counterterrorism. You know, the president’s comments—I think this is something we’ve all observed, which is to say you’re not going to have the, you know, Emperor Hirohito moment to resolve the conflict, you know, on the deck of the ship, to say now this conflict is over. That is not the nature of the conflict we’re in now with—whether it’s al-Qaida, its affiliates, the so-called Islamic State, and other terrorist groups. So our war against terrorist groups is not going to have that definitive moment because it is an ever-evolving challenge that we face. And we’ve seen that in the time that you and I have been working to counter terrorism, and just in the last four years since I’ve been in the White House.

What do I think are—is the president’s legacy? I think by any measure it has been to be relentless in the fight against terrorism, to do so leading with our values—and that is something he has been very clear about—that we will act unilaterally to address threats against the United States, against U.S. persons here and abroad. But we will also do better if we are working in partnership, and that that should come in many different forms, whether it’s allied governments and partner governments, and a 68-member coalition in the counter-ISIL campaign. Whether it’s with the Iraqi security forces that we’re working with on the ground in Iraq. Whether it’s with a Syrian-Arab coalition that we’re working with in Syria. Across the board, we have embarked on and executed on a strategy of building a series of partnerships because that’s what it’s going to take to combat these groups wherever they arise.

TEMPLE-RASTON: Is there one partnership in particular that you think has been particularly effective in helping that effort?

MONACO: I think there’s a whole range, right, from the increasingly effective Iraqi security forces. We’ve now taken back more than 50 percent of the territory that ISIL once controlled in Iraq. About 25 percent of that territory in Syria. So what we’ve shown is building up that capacity for local and indigenous forces is going to have a much more lasting impact, to have those forces be able to become capable to take, and importantly hold, that territory. Otherwise, we’re just going to be repeatedly at this. At the other end of the spectrum, I think we have tried, particularly over the last few years, to build partnerships and work more effectively with the private sector on making their platforms less susceptible, or I should say more resilient, against the abuse that ISIL and its ilk are trying to make of those platforms.

TEMPLE-RASTON: By private sector, in this case you’re talking about Twitter, Facebook—

MONACO: Exactly.

TEMPLE-RASTON: Right. And you feel that effort is working?

MONACO: I think it’s improved markedly. And how I measure that is over the last year, year and a half, you have seen—I think the figure, most recent figure, I saw was 360,000 pieces of ISIL content being taken down off of Twitter, terrorist-related content taken down. And that is just an explosion in that effort. And it’s because, you know, these companies don’t want to see their platforms abused, any more than we in the counterterrorism community want to.

TEMPLE-RASTON: Yeah. I wonder when it comes to ISIS and social media platforms, whether—(coughs)—excuse me—there’s something slightly different going on. And David Remnick wrote recently in The New Yorker that social media has created a new social permission that sort of validates thoughts and opinions in a way we’ve never really seen before. The radio person’s losing her voice. And he makes the argument that as a result social media is creating this whole new permission structure, and so that things like beheading or the sort of summary executions that we’ve seen on the web by ISIS suddenly becomes OK. How do you fight something like that, for all your public-private efforts?

MONACO: Yeah. Well, one, I would challenge the notion that we ever get to a point where beheading videos become OK. I just—I refuse to believe that we get there. I think the point that social media creates an environment in which we can choose to only have—engage in the same discussion and discourse with those who are sympathetic to our views. Now, I’m not—I don’t do social commentary. I certainly don’t do political commentary. But what I have seen is social media have profound impact on the whole range of issues that I deal with. It has done—contributed to, I think, supercharging every crisis I’ve ever had to manage from my current role, whether it’s an active shooter situation, whether it’s a horrific attack in an airport—

TEMPLE-RASTON: By supercharging, meaning it gets ahead of the facts, or?

MONACO: It can get ahead of the facts, it can bring it to us more quickly, which has some good about it. But it can also create some misimpressions. Everything becomes on the same level of hyperbole, if you will, in terms of the crisis. In the terrorism space, as you’ve alluded to, it has allowed the so-called Islamic State to perpetuate a—in many respects—a brutal vision, but also to recruit and radicalize young people to violence, not, frankly, with beheading videos.

You talk to the experts, these young people—by and large young people—are being drawn in not by brutal beheading videos, but by themes that the branding experts will tell you are—and this has stuck with me ever since I talked to folks about this—the themes that are enticing young people to travel to Syria and Iraq and strength and warmth, which is really quite bracing, when you think about it. So these kids are not being drawn in by beheading videos, but rather by a sense of wanting to belong to something bigger than themselves—this notion of a caliphate, this notion of a utopian governance structure. And in fact, what I think—you ask, what’s going to work and what is—what do we see as accomplishments in this. It is undercutting that messaging, showing with facts, not with religious fighting or discourse because we in the government will not be good messengers on that, not be legitimate messengers on that, but rather undercutting this notion that ISIL is doing any form of actual governing, that it is providing a utopian enterprise, but rather a brutal and horrific state.

TEMPLE-RASTON: Right. Or that it’s saving women and children, which is one of the big motivators for a lot of the people who go.

MONACO: Right. And far from it. It is brutalizing and putting into sex slavery women and children.

TEMPLE-RASTON: Right. I wonder if you can call a distinction though, given that you have this whole spectrum of looking at radicalization and young people who sort of embrace these ideas. If the al-Qaida recruit—how different that person is, aside from the fact that they’re older sort of across the board—and the ISIS recruit, and whether or not—ISIS recruits, just in my experience, tend to be much younger, sometimes in their teens—whether or not it’s easier to undo ISIS’s message because you are working with someone who’s so much younger, versus al-Qaeda? And does that leave an opening for maybe something besides prison sentences for someone who mistakenly embraces their ideology?

MONACO: I think there’s a lot that’s different about the challenges we face in the recruiting and radicalization of those who are seeking to join ISIS versus the al-Qaeda model. One, you don’t need to travel. You don’t need to find your way into the FATA for three weeks, three months, in order to get trained. All of that travel and that path is of great benefit to people in the counterterrorism community. You can help identify folks who follow that pattern. That is not true in the challenge, which is why I think we are in a new phase of this terrorism fight, because the individuals who are radicalized sometimes—often very quickly to violence. That can happen without any travel, without, frankly, any direct contact with those in the ISIL hierarchy.

So what it means in my view is it puts a premium on communities being part of this, facing down part of this challenge. So that means working with, from the ground up, those who are susceptible, those who are vulnerable, those who are looking for themes of strength and warmth, and giving it to them somewhere other than in an ISIL recruiting video. So that means schools, coaches, teachers, religious figures, anybody who is a trusted individual in that community. This is not about creating a culture of informing on one another. It’s about having different outlets for those, just as—and I’m a former prosecutor for many years—just as one would to try and divert kids from going into the gangs. So I think there’s a lot to be—to be learned there.

And it means also giving our law enforcement professionals additional tools. So, you know, is a prison sentence always going to be the choice? Are there off-ramps? And this is what we’ve been speaking of more in the last couple of years, working with local law enforcement to develop, again from the communities, ground up, off-ramps for these same vulnerable individuals.

 TEMPLE-RASTON: And it may not be well-known that, in fact, I think for the first time ever, someone who did want to go and join ISIS and was stopped in Minneapolis from getting on a plane, he was given parole, which we’ve never seen before.

MONACO: Mmm hmm. And that—in particular, that community has built a—and, again, it’s a community-based program to work with that individual, work with law enforcement, work with the court system to try and build some kind of netting around that community and that individual so that the choice isn’t only a lengthy prison sentence, which may end up just perpetuating more radicalization. We find that, you know, prison communities can be a radicalizing influence, rather than the opposite.

TEMPLE-RASTON: Which is certainly what’s happened in France.

So I guess my question is, what you seem to be saying is that there might be a softer approach to—without making it sound too soft—a slightly more empathetic approach to how to deal with this, which leads me to my next question, which is: Is this something that you think will continue in the next administration, or do you think that what you’ve started in terms of this—and this was very hard to get going, I know, because when you hear terrorism you immediately insight fear when you hear that word—but can you imagine this continuing into the next Trump administration?

MONACO: So, a few things. One, this isn’t going to be a federal effort. It’s got to be from communities, from the ground up. Two, whether it’s softer or harder, we got to be smarter, right? When we were putting together the elements across two administrations—and I have worked across two administrations—when we were developing the architecture and the tools and the approaches to address the post-9/11 environment, al-Qaeda and its affiliates, we had to look at all tools, right? Military, intelligence, law enforcement, homeland security. We’ve got to calibrate those same structures and build upon them for this new phase. So it’s things like the off-ramp program you referenced in Minneapolis. It’s things like building partnerships with the tech community, with the social media landscape to counter ISIL’s messaging. Those are things we’re going to have to add to our toolbox if we’re going to be able to combat this next phase.

TEMPLE-RASTON: And have you talked to people within the Trump administration during this transition and made that case? Do they seem responsive to wanting—not seeing everything as a nail?

MONACO: So, look, I want to give folks the benefit of the doubt, right? I’ve talked to the individual who’s been named as my successor, who’s a professional who served in the last administration focusing on homeland security issues. I think my impulse is to give folks the benefit of the doubt, to once they get in the seat and see the challenges and see how the threat has evolved, and will likely—if history’s a guide—continue to do so. I think they’re going to be open to a whole set of approaches.

TEMPLE-RASTON: And if you were to give advice to the Trump administration, which is the question always people ask 10 days before you’re supposed to leave office, what is it—what three biggest pieces of advice would you give them?

MONACO: One, you’ve got to build a team that you’ve got confidence in. You cannot—the crises are going to come at you again and again. And I have been very privileged to work with a set of career professionals. The National Security Council staff is 99 percent career foreign service officers, FBI professionals, lawyers, intelligence analysts, you name it, people drawn from the rest of the government. So working with a career team of experts who have devoted their careers and their professional lives to addressing these issues—use that, rely on that.

I would also caution that what I have seen in my seat—and I have been struck not only in the almost four years I’ve been in the White House, but throughout my career in national security issues, the unrelenting transregional nature of the threats that we face. The biggest threats that I focus on that impact the homeland, that impact the United States and U.S. persons abroad are, by definition, not confined by borders—whether it’s the terrorism threat, cyber, emerging infectious diseases—which I would argue are the next issue that we are going to have to have our eye on and continue to develop our capabilities to deal with.


MONACO: Pandemics. But also, I would say that have no malicious introduction. In other words, we have always been, and should always be concerned about bad actors getting ahold of bad things. But when you think of Ebola, Zika, these are emerging infectious diseases that had no malicious introduction and can create tremendous strife and destabilizing impact. And given the nature of our world, of travel, of the borderless world in which we live, we need to be prepared for that to continue.

And then finally I would tell my successor to stock up on vitamin D because of the windowless rooms he will be populating. (Laughter.)

TEMPLE-RASTON: Do you have one of those little lights, or no? No vitamin D light?

MONACO: They don’t work. (Laughs.)

TEMPLE-RASTON: They don’t work? OK.

So I wonder—I’m going to ask you about accomplishments too. But looking back over your time in the administration, what was your biggest disappointment?

MONACO: Well, I think those types of questions are very hard to answer with, you know, distinct one-offs. I think your best—and I look at these in terms of kind of shades of gray. What I have recognized and what is constantly painful is the human toll that the terrorist threat has taken on victims’ families, on the Americans who are held hostage and killed abroad in Syria in the summer of 2014, and seeing—any time you see families going through such a horrific time it can’t help but have an impact.

TEMPLE-RASTON: Do you wish that the whole way that we deal with hostages had changed a little bit, kidnapping victims?

MONACO: Look, I think it is—I wish that it did not take the horrific facts that came out in the summer of 2014 and the horrific murders that we saw—

TEMPLE-RASTON: By that you mean James Foley—

MONACO: James Foley, Steven Sotloff, Peter Kassig, Kayla Mueller. I wish that it had not taken that to have us as a government take a hard look in our own mirror and realize that we needed to change how we approach this. We did do that as a result of those horrors. And I think with the help of, and the incredible generosity and bravery of the families of those Americans we were able to make substantial changes in how we—how we approach that issue, how we deal with and support families. But as always, I wish it had not taken such a—such a series of tragedies for that to happen.

TEMPLE-RASTON: So, back when I used to cover the White House during the Clinton administration, I was once in Domestic Policy Advisor Bruce Reed’s office. And above—and he was in a windowless office, not unlike yours. And he had a little yellow sticky above his desk, which were three things that he wanted to get done while he was in the administration. And he said that his predecessor had told him, there’s so much coming at you every day, at the end of your time you suddenly wonder, what did I get done? I had—I had these things I really wanted to do that didn’t get done because of the onslaught. If you had a yellow sticky above your desk, what are the three things that you came in wanting to do? And did you get them done?

MONACO: Yeah. On the cyber front, I wanted to execute on a plan that said: Let’s apply the counterterrorism lessons that we’ve learned to this threat. And I think we’ve done that in many respects. There’s certainly more to do, but we have done a whole series of things to address the cyberthreat by applying counterterrorism lessons learned. Creating an integrated intelligence center so that policymakers have one place—as we do with terrorism—one place where that intelligence comes in and you can understand and make better judgements as a result. Increasing our—the tempo of our responses and how we deal with them in the National Security Council. Employing philosophy and an approach that says we’re going to use all instruments of national power to combat the cyberthreat, just as we do with terrorism. So I think executing on a strategy that says let’s take the lessons we learned against the—on the CT threat and apply it to cyber. I think we have made substantial strides there.

On the issue of terrorism, I think we have built—thanks to American leadership—a series of partnerships. We have erected a set of what we call platforms to address worldwide the terrorist threat because what we know is it has evolved and, whether it’s al-Qaeda’s affiliates, including its largest in Syria which continues to pose an external threat to us, or ISIL and its provinces, we have to be poised as a government to be able to move, unilaterally if we must or in partnership with others, to address those threats where they pop up. And I think we have created a series of those platforms and those partnerships.

And on the pandemic front, what we saw was, with Ebola, we need to be able to integrate our international and our domestic responses. And that is going to be critical. Whether it’s building a global health security agenda of 50-plus countries that now have increased their ability to understand and see a pandemic as it emerges in their country and thereby stop it before it gets to our shores. And when it does, increase our capabilities, as we did with Ebola, to keep the pandemic from spreading. So building up that integration between the international and domestic response, I think, has been critical and will serve us well into the future.

TEMPLE-RASTON: OK, there’s just a little, tiny nugget in there that I wanted to dig out, which had to do with al-Qaida’s—

MONACO: Just one?

TEMPLE-RASTON: Well, there were many, but one in particular that I hadn’t heard before, which had to do with Jabhat al-Nusra in Syria. So are they trying to do something overseas to us? Or are they—because for a long time they seemed to have their own battle there in Syria. Do you feel that they have more ambition? They’re more along the lines of al-Qaeda’s arm in the Arabian Peninsula?

MONACO: Yeah. I think that while ISIL poses the most immediate threat in terms of both its external operations efforts, and things we saw, like, in Paris and Brussels and foreign fighters writ large, as well as their ability to inspire actors here at home, al-Qaeda’s largest affiliate now in Syria, also known as Jabhat al-Nusra, began to take root in, folks will remember, in the summer of 2014. It started with a group of, frankly, al-Qaeda veterans who decamped from the Afghanistan-Pakistan border region to Syria, because of the vacuum created by Assad’s brutality and the chaos there, to enable them to have a safe haven to plot and plan.

TEMPLE-RASTON: This is the Khorasan Group?

MONACO: The so-called Khorasan Group had begun to plan and tried to execute on external operations against the United States. And in the summer of 2014, at the same time that we undertook military operations against ISIL in Iraq, we undertook a series of military actions against the Khorasan Group, and did tremendous work through the intelligence community and the military to disrupt those efforts. The chaos still exists. That vacuum still exists. Assad’s and Russia’s activities there and brutality that they continue to rain down on whether it’s Aleppo or elsewhere still allows for al-Qaeda in Syria to use that space as a safe haven. And we are continuing to go after it. And the next administration is going to have to continue to be relentless as well.

TEMPLE-RASTON: OK. So I’d like to take some questions now. We’ll go and invite our members to join the conversation. A reminder that this meeting is on the record. And please wait for a microphone and speak directly into the microphone. And please state your name, and your affiliation, and actually ask a question, would be great too. (Laughter.)

OK, so this gentleman up front, Mr. Vance.

Q: Good morning, Lisa.

MONACO: Morning.

Q: Cy Vance, the New York County district attorney.

Lisa, in the arms race of nuclear arms, Russia and America at some point were able to identify the munitions they had and negotiate through SALT I and II a reduction in those arms. In the cyber arms race, we have national weapons that, by their nature, are entirely secret. And it seems as if you can’t get one government to talk to another about their weapons because they don’t want to acknowledge they exist—like the Stuxnet virus. And so as—how do you—as a nation-state, and in a world of China, Russia, America, and others—how do you and can you actually have a conversation to negotiate a reduction in a cyber—in cyber arms warfare?

MONACO: So this whole question of—and your question gets into deterrence, the notion of can you have deterrence in the cyber realm, as we’ve had in the nuclear realm—I think it’s a fascinating question. There’s going to be a lot more conversation about that, whether it’s because of the Russian hacking or steps that other nation-states have taken. I think you’re quite right that deterrence—and actually, Jim Clapper has recently talked about this—whether or not you can have cyber deterrence I think is an open question, precisely because you can’t measure each other’s stockpile.

What you can do—and I think we have tried mightily, particularly over the last few years, is try and build a set of international norms. Doesn’t mean everyone is going to adhere to them, because that’s true in the physical world as well as in the cyber realm, but it does enable nation-states to isolate other nations who violate those norms. So we have undertaken, frankly, a full-court press over the last few years in every multilateral forum—whether it’s the U.N., the G-7, G-20—to bring countries together around a set of international cyber norms, things like, countries should not attack other countries’ critical infrastructure in peacetime. Countries should not undertake intellectual property theft for purposes of commercial gain for their country. So that set of norms, which we are trying, and I would argue the next team has got to continue on those—in those efforts, to build a set of norms or, as the president likes to say, rules of the road around cyber—that has got to continue.

TEMPLE-RASTON: So one of those cyber norms potentially could be you don’t involve yourself or meddle in elections in a particular country.

MONACO: Could be.

TEMPLE-RASTON: So who’s the person who’s going to be in charge of that next? Do we know?

MONACO: I don’t—I don’t know that there has been a definitive ruling on that, so to speak. But certainly my successor, I’ve talked to him about the cyber issues, and it’s something that I know he’ll be focused on.

TEMPLE-RASTON: OK. Gentleman there in the red tie, please—burgundy.

Q: My name is Roland Paul. I’m a lawyer. I’ve been in the U.S. government a couple of times in national security positions.

As you know—and thank you for your remarks. But, as you know, President Obama has been criticized publicly of being very slow in responding to the Russian hacking of the DNC and John Podesta’s emails. What would be your response? I would guess the reason might be that they figured Mrs. Clinton was going to win anyway and it wouldn’t make any difference. But why did they—we respond as slowly as we did?

MONACO: So I think I would challenge the premise, but I would also say that the issue of speed and—nimbleness I think is actually maybe a better word—is something we have to continue to be for. We need to be faster, more nimble on this threat, as well as a whole host of others. So I think that’s always something that we should be striving for. And with respect to this particular case, you know, there were a number of steps that were taken before the sanctions and other steps that we announced a few weeks ago, to include the messaging and direct discussions with the Russians, to include working across the state and local communities who have the responsibility and ownership and management of the voting infrastructure, because our first priority was to make sure that the integrity of the vote was protected, to include the step we took with the unprecedented statements that the DNI and the secretary of homeland security issued in October.

So I think across the board we applied the same framework we have done with regard to China’s malicious cyber activity, with regard to Iran’s malicious cyber activity, with regard to North Korea’s malicious cyber activity. That framework is: Apply all the tools we can—intelligence, law enforcement, private sector—which is a critical, critical actor when it comes to understanding cyber activity. We applied all of those tools, got that information, to understand to the best of our ability, to the highest confidence the intelligence community could assess it, to understand the attribution for this activity, then looked hard at what we could say that was in our national interest and protective and preserving of sources and methods that would allow us to continue to protect our own infrastructure, and then made that call.

And then, undertook a series of responses that did not confine ourselves to only addressing cyber with cyber. We’ve got to use all instruments of national power. And so that’s a framework that we applied here, and we did it and have done it with China, Iran, North Korea. And it’s one that, I would argue, we need to continue to apply. And, yes, we need to do so faster and more nimbly. That should always be our goal.

TEMPLE-RASTON: With the benefit of hindsight—my understanding is that the FBI tried to let the DNC know that something was going on. With the benefit of hindsight, do you wish that somebody maybe higher level had gone to someone higher level and said: No, actually, this is serious? Because it seems like it stayed down at this level instead of that level, and so it allowed the entire hack to be much more pernicious.

MONACO: So, you know—

TEMPLE-RASTON: And hindsight’s always 20/20, I realize, but—

MONACO: Hindsight is always 20/20. Sometimes it’s even better than 20/20, I find. (Laughter.) But, look, I’m not going to comment on the particulars of the communications, whatever communications FBI had with DNC. What is true is—I’ll go back to a point I made, because I know there’s lots of leadership from the private sector in the room—when it comes to the cyber threat, I’ve made now this morning a number of analogies to combatting the terrorism threat and applying those lessons and those structures to the cyber threat. Where my analogy breaks down is the role of the private sector.

So for the last decade and a half since 9/11, I think by and large government, intelligence communities from here at home to our partners abroad are usually privy to more information about the threat than the private sector, when it comes to the terrorism threat. That might be an overstatement. That’s a general premise, I would posit. That is not the case when it comes to cyber. The vast majority of infrastructure is owned and operated by the private sector. And they are often going to be most knowledgeable about the intrusions on their own systems. So we’ve got to, and we’ve made strides in this, improve the information sharing between the private sector and the government if we’re going to raise all of our defenses. And that’s ultimately what we’re going to have to do.

TEMPLE-RASTON: But isn’t the problem with that that most private sector companies don’t particularly want people to know that they’ve been hacked, because it can affect share price, it can open them to litigation potentially?

MONACO: So that is—that is true. I think that has gotten better. That was true in the late ’90s, when I was a young lawyer in the Justice Department, where the ethos was: Don’t tell the government you’ve been hacked because law enforcement’s going to come in and they’re going to put yellow tape around everything and, you know, haul your computers out with—you know, and your shareholders are going to be upset. I think we have moved a fair distance from that to, case in point, after the Sony hack, within 24 hours I think professionals from the FBI were there, working with the Sony executives to try and address the problem. And that’s because the FBI leadership and others have been very clear about the need to work with and get some benefit from working with law enforcement and the intelligence community to try and understand the cyber threat better.

TEMPLE-RASTON: Well, and you were talking about cyber norms from a government perspective, but I also wondered—I’ll go back to the members in a second—but just to build on your point. I wonder if there are these same sort of norms in the private sector, so that you have a minimum amount of security that you must have, as mandated. Do we have that yet? We don’t, right?

MONACO: So we don’t. At the beginning of this year, the president commissioned a bipartisan commission on enhancing national cyber security. And he received a report on December 1st and directed that the commissioners brief the transition team on this. And I would commend this report to you, because it makes a number of observations, including things like: We should have the equivalent of a—you know, the sticker you have on electronics that says this has been tested and it’s not going to blow up on your when you plug it into the wall. We need that same type of standard setting when it comes to software, when it comes to building—and secured by design has got to be the ethos, as opposed to constantly trying to get the fastest to market with a whole set of vulnerabilities built in. We’ve got to kind of change our orientation.

TEMPLE-RASTON: Mmm hmm. Right here in the red tie. This gentleman here.

Q: Carter Page, Global Energy Capital.

Regarding a point you were just making about—and discussing, about the interface between the private sector and pernicious attacks, one of the big concerns during the Watergate era were various allegations that there may be aspects or institutions in the U.S. government which were using—such as the CIA and FBI—which were used to—for various pernicious attacks against private citizens. And one of the points you focused on from the intel report was the asymmetric tools. And the main theme of the report was very much focused on RT and Sputnik, whereas, you know, a lot of the false information that was out there about private citizens and many other aspects last year was also echoed by Voice of America and other state-sponsored institutions.

TEMPLE-RASTON: And your question?

Q: I’m just curious to hear, you know, based on your experience with, you know, the FISA process, et cetera, what your thoughts are on that and any potential lessons learned. Thank you.

MONACO: My experience with the FISA process is that the—it’s a group of Article III judges who’ve been confirmed by the Senate and who conduct rigorous oversight of government applications for surveillance authority. And it is an extremely rigorous process. And so that’s my experience with the FISA process.

TEMPLE-RASTON: Mmm hmm. Claude.

Q: Thank you. Claude Erbsen, Innovation International.

Given that so much of our hardware in the digital field—our telephones, our computers—are made in China, are we 110 percent sure that they don’t come with some form of Trojan horse, Trojan cat, Trojan whatever built into them, feeding information back to where we don’t want it to go?

MONACO: When it comes to cyber vulnerabilities, I don’t think we are 110 percent sure about anything. And that’s the point I was making earlier about needing to move to an orientation where we are building security into our systems, whether it’s—throughout the whole supply chain—whether it’s software, whether it’s the hardware. That has got to be our ethos going forward.

TEMPLE-RASTON: Question here in front.

Q: Thank you. Tina Brown of Tina Brown Live Media.

Given that so much of this new terror is the lone wolf who is radicalized, as you were discussing, what kind of framework can be put in place to incentivize friends and family member to alert to the threat? Because at the moment, obviously, many a mother or a sister is seeing something going dangerously wrong, but doesn’t want to turn their brother or their sister over to law enforcement and possibly prison. What can be put in place so that this threat is—you know, is deescalated and got to, without actually making—tearing a family apart with law enforcement and arrest?

MONACO: So it’s a great question. And this is really the new challenge. And I don’t think there’s going to be one approach. And I talk to communities. I talk to representatives from religious groups of all stripes. I talk to law enforcement. And across different communities, they’re going to have different approaches that they’re going to want to apply. In Minneapolis, it may be this New Horizons program that Dina talked about. And in a different community it may be a different approach. But it’s going to have to—and this is what’s so challenging about it—it’s going to have to come from the ground up. What can we do as a federal government? We can do and fund a whole bunch of research that says, you know, there may be five different models that you can use. And we can share best practices about that, and enable communities to build on what works for them.

I’d go back to the community policing model that I think has been—as a former prosecutor—used to great effect. And different communities would use that approach in different ways. We’ve got to, A, make people realize that it is important for them to get behind some approach, because this is the only way that we’re going to get ahead of this threat because, quite frankly, from a law enforcement perspective, from an intelligence perspective, how do you understand or know when something is going to be—goes wrong in someone’s head and, as we say, the flash-to-bang is very rapid.

One thing—thread you see through all of these cases—whether it’s Orlando, whether, as it appears from the public reporting, this individual in Fort Lauderdale—there’s a common theme of individuals who maybe have some mental health issue, have undergone some stressors in their life, and are consuming incredible volumes of violent media on the internet. Those combinations of things—there was one study that was done by the National Counterterrorism Center and the FBI. In almost 80 percent of the terrorism cases that they looked at, and individual close to the perpetrator saw something, but didn’t say anything. And we’ve got to change that orientation. And we have to create the permission structures for that now.

TEMPLE-RASTON: But isn’t part of the reason why—getting to your question, too—isn’t part of the reason that people don’t say anything in this country is because there’s a concern that the only tool we have to address this is a prison sentence. Whereas, you go in Europe, there are some very effective hotlines that, particularly in—the Dutch were using this—where it’s not a crime necessarily to go to Syria—although that may be—may be changing. So you can call and say: I think my child has radicalized, and there isn’t an automatic prison sentence that’s laid on that. And here in the United States, it just doesn’t seem like we have provided any wiggle room for people to make that choice.

MONACO: So we’ve got to do both, right? There has to be—I think there should be greater trust between community and law enforcement. Maybe that’s pie in the sky, but we’ve got to be able to have that because, in some instances, these are individuals who are bent on doing violence. And we have to be able to take steps and have communities trust law enforcement to take responsible actions in that regard. But by the same token, as I think Tina’s question points out, there needs to be other outlets for those folks who maybe aren’t quite at that stage, but you want to get to them sooner.

But I would argue that the surest—the death knell for any approach there would be the federal government dictating what it should be. And so unless we give some ownership, and communities themselves take up and have a sense of responsibility in creating those off-ramps, those other approaches, we’re not going to be able to tackle this. It’s got to come from the communities themselves.

TEMPLE-RASTON: We’re also very quick to say everything is ISIS-inspired, when there’s—it gives ISIS a tremendous amount of power.

MONACO: It does. And that’s not—that’s the last thing you want to do, to feed its all-powerful narrative. I think what we have seen—look at the Orlando case—it is a—there doesn’t necessarily—there isn’t necessarily always a coherence to the ideology or what has inspired the individual to violence.

TEMPLE-RASTON: Or the connection.

MONACO: Right.

TEMPLE-RASTON: Gentleman way in the back there, with the long arm. (Laughter.)

Q: It is a long arm, yeah. (Laughter.) My name is Diego Senior. I work with W Radio for Latin America. I’m Colombian and this is a question about pardons.

President Obama’s coming towards the end of his terms, and some pardons are expected. And it’s a big debate in our country about the possibility of pardoning a member of a terrorist organization who is in prison here for terrorism charges. His name is Ricardo Palmera, aka Simon Trinidad. He’s a former leader. He’s been in jail for quite a lot of time in the U.S. And I’m wondering, what are the terms for a possibility of that kind of pardon to take place? So members of the administration have said that he won’t be pardoning him in particular. And it’s quite an important issue for a terrorist group that is trying to achieve peace in our country, in Latin America.

MONACO: Yeah. So two responses. One, when I left the Justice Department, I took off my lawyer hat. So I don’t comment on any matters that were or are before the Justice Department. And I don’t—I don’t know what the likelihood is of any particular pardon, let alone the individual you mentioned.

TEMPLE-RASTON: OK. We have five more minutes. Would you like—Sean, over here, in the front.

Q: Hi, Lisa. Sean Joyce from PWC.

Couple of things. Can you tell me, in your time, how you’ve seen the cyberthreat evolve from the different threat vectors? Secondly, what would you like to see, from a policy perspective, the next administration to build on in the cyber arena? And then many of us from the private sector here, what can we do better? As you said, the cyber is a little bit of a different beast and the private sector is very involved. What can we do different here that will help make it better?

MONACO: So in terms of the evolution of the threat—and, you know, I would say it hasn’t gotten better since you left the FBI. But thanks for your—for your help while you were there. The evolution has been exponential across every dimension: The number and variety of actors from nation states to hacktivists to criminal actors, the vectors are only getting more expansive, the Internet of Things is going to be a huge challenge going forward in terms of the attack surface that those bad actors have to operate with, and then the tactics and the techniques and the procedures are getting more varied from intrusions to asymmetric information operations to destructive attacks to those that, frankly concerns me greatly, which is the ability to manipulate data such that we question its integrity going forward. So that’s the evolution.

When it comes to policies that I hope will continue, I think we made great strides in the standup of the CTIIC, the Cyber Threat Intelligence Integration Center, which is the equivalent of the National Counter Terrorism Center when it comes to integrating intelligence about cyberthreats. I hope they continue that. And the policy we announced last year, which lays out the very clear roles for the FBI when it comes to responding to the cyberthreat, to the Department of Homeland Security when it comes to helping corporations and private sector entities to mitigate that threat once they’ve felt the effects, to the role of the intelligence community. So I hope they continue those very clear lines and build on that.

And in terms of what the private sector can do, the information sharing issue that I mentioned earlier is critical. To be able to, and be willing to, share information with the government so that we can, in turn, enrich that information, share it back with the private sector, to help you raise your defenses which, in turn, helps us all raise our defenses.

TEMPLE-RASTON: Excellent. Well, we’ve run out of time, unfortunately. I just wanted to say quickly, do you know what you’re going to do next? Are we going to see more of you?

MONACO: Long nap.

TEMPLE-RASTON: Long nap? Fair enough. (Laughter.) If you will join me in thanking Lisa for being here. (Applause.)

MONACO: Thank you.


"...Our war against terrorist groups is not going to have that definitive moment [to say now this conflict is over] because it is an ever-evolving challenge that we face."
- Lisa O. Monaco
"Across the board, we have embarked on and executed on a strategy of building a series of partnerships because that's what it's going to take to combat these groups wherever they arise."
- Lisa O. Monaco
"...We have undertaken, frankly, a full-court press over the last few years in every multilateral bring countries together around a set of international cyber norms, things like, countries should not attack other countries' critical infrastructure in peacetime."
- Lisa O. Monaco
More on This Topic

Defending an Open, Global, Secure, and Resilient Internet

The CFR-sponsored Independent Task Force report, Defending an Open, Global, Secure, and Resilient Internet, finds that as more people and services become interconnected and dependent on the Internet, societies are becoming increasingly vulnerable to cyberattacks.

Global Responses to NSA Surveillance: Three Things to Know

The latest revelations about NSA surveillance have caused a growing number of states to focus on issues of privacy, governance, and the free flow of digital information, says CFR's Karen Kornbluh.

Cybersecurity Debate: Three Things to Know

The White House and Congress have several differences to reconcile on cybersecurity legislation, explains CFR’s Robert Knake.

Terms of Use: I understand that I may access this audio and/or video file solely for my personal use. Any other use of the file and its content, including display, distribution, reproduction, or alteration in any form for any purpose, whether commercial, non commercial, educational, or promotional, is expressly prohibited without the written permission of the copyright owner, the Council on Foreign Relations. For more information, write