Adam Segal is the Maurice R. Greenberg Senior Fellow for China Studies and Director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations. He is author of The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age (New York, NY: PublicAffairs, 2016).
1. What is the most interesting project you are currently working on?
We just did a workshop in California—on the edges of the RSA Conference—on zero-days and the market for vulnerabilities, and how we think about that as a national security and foreign policy challenge. I think the interesting things that have started to come out of it are fairly obvious to the actual operators but probably less known to the policy community. One is that the policy community tends to think of zero-days or vulnerabilities as a kind of atomic commodity—a unit that you can focus on—but instead, the operators think of them as morphing and changing. Another is that the problem probably isn’t that big. The market isn’t that big and, as the head of the National Security Agency’s Tailored Access Operations said in January, you don’t need to rely on zero-days. You can get in through lots of other types of vulnerabilities.
2. What got you started in your career?
As an undergraduate, I knew I wanted to do something international, but I didn’t really have any idea what that meant. During my first year as an undergraduate at Cornell, I took a course on Chinese culture and then a course on Japanese culture. Everyone who was studying Japanese at the time wanted to be an investment banker (Japan was going to take over) and everyone who studied China was interested in peasant revolutions. So I took three years of Chinese and then realized I couldn’t speak any, and went to China after I graduated. From there, I just continued studying. My PhD was also at Cornell, in Chinese politics, and my dissertation became my first book, Digital Dragon: High-Technology Enterprises in China, which looked at how four Chinese cities—Beijing, Shenzhen, Xi’an, and Shanghai—tried to encourage and create their own Silicon valleys.
3. What person, book, or article has been most influential to your thinking?
I think it has kind of shifted in every part of my career. Probably the most important book, the one that has always shaped my thinking and what I’ve done on China from the beginning, was Richard Samuel’s book, Rich Nation Strong Army, which looks at techno-nationalism in Japan and how the Japanese always thought about technological innovation and technology exchanges as essential to their national and military strength. I read that book as I was working on my dissertation, and I thought, “All of these same phrases are used all the time by the Chinese.” And ever since then, techno-nationalism has really been one of the main lenses through which I look at China.
4. What kind of advice would you give to young people in your field?
It’s been more of a challenge as I’ve expanded my focus to cyber. As a China expert, it is relatively easy to tell people that they need expertise in China—they need to learn the language and spend time there—and also to master the international relations, comparative politics, and foreign policy literature. It is harder with cyber, where the career path is, so far, much less clear. You need to understand the technology (or at least know what you don’t understand, and who you should ask for help) and then you can decide, should I address cybersecurity as a foreign policy question, or do I want to use an economic or anthropological lens?
I think one mistake a lot of younger people make is they are overly focused on the job they want. It is very hard to come up with the perfect topic that ends with someone as a tenured professor, a fellow at a think tank, or a member of the National Security Council. You are better off figuring out what kind of questions motivate you. It’s not enough to say, “I’m interested in China and cyber,” because there’s going to be lots of people who have that expertise. But what is it that’s really driving you? What is it really that you want to answer?
5. What was the last book you finished reading?
In the field, I just finished Fred Kaplan’s, Dark Territory: The Secret History of Cyber War. Out of the field, I just finished, When Breath Becomes Air. That’s by Paul Kalanithi. He was a neurosurgeon at Stanford who died tragically young from lung cancer. It’s about his ruminations on life, purpose, meaning, and identity.
6. What is the most overlooked threat to U.S. national interests?
It’s hard to say what’s overlooked since we are worried about everything. I do think that most of the problems are self-inflicted. We could address many of our threats much more effectively if we could solve most of our domestic political problems. A lot of the issues about infrastructure, education, and research and development spending tend to get short-shrift in the larger debate about national security.
7. What do you believe is the most inflated threat to U.S. national interests?
Of course, a cyber Pearl Harbor would be high on the list. I think the Obama administration and intelligence agencies have pretty much said that’s not what they’re worried about. Director of National Intelligence James Clapper has been pretty clear that that’s not what he’s worried about.
There was that interesting article in the New York Times several weeks ago about how lots of people are beginning to think that we have to consider if we’re going to be more like Israel, where threats of terrorism are around all the time and there will be small terrorist attacks, lone wolves that we can’t stop. But those are not existential threats. The biggest threat will be how we respond to them so that we don’t affect or change our domestic politics or society. I think we’re just going to have to get used to being more like Israel or Europe, where they have a more recent history of politically motivated violent attacks. We have been very insulated because of the ocean, and a long stretch of fairly stable domestic politics.
8. What is the most significant emerging global challenge?
Hat-tip to our colleague, Laurie Garrett. I think Ebola and the World Health Organization’s (WHO) inability to move quickly enough to it, suggest we are in no way prepared for any real global pandemic. International institutions have just not kept pace, and that’s with new resources and ideas coming from places like the Bill and Melinda Gates Foundation.
9. What would you research given two years and unlimited resources?
If I had an unlimited budget and two years, I think one of things that I would like to do, which I tried to do in the book, is hear more about the cyber debate in other places. We hear about the big players—China, Russia, the United Kingdom, Israel, Germany, and Brazil. But the next several billion users are going to be coming from places that we do not have a lot of interaction with or access to. Most of those users are going to be young, and most of those users are going to have completely different conceptions of privacy, security, and how they want to interface with devices and the Internet. There’s been a little work done; on the CFR blog Net Politics we’ve carried maybe one or two posts. There’s not much focus on what’s happening in Latin America and throughout most of Asia, other than China. How do new users think about these questions and what needs to happen for them to actually shape it? Do they need technology companies? Do we have to have different types of international institutions? Or, do they have to hack things to cause problems or challenges that draw international attention?
10. Why did you write The Hacked World Order?
I wrote The Hacked World Order in part as a reaction and in part to be more constructive. As a reaction, I was skeptical of the narrative of cyberattacks as empowering individuals, that the nation state would lose all this power, and that we were going to have radically empowered terrorists and non-state actors. I thought that these new technologies were going to be something that made the strongest states stronger, and that the strongest states would be pretty skilled at figuring out how to wield the new tool and develop new techniques to exert influence. They would, of course, lose some absolute power, but the relative gains would still be really important.
The second reason I wrote the book was a sense that if “history is one damn thing after another,” then cyber history seemed like “one damn hack after another.” This was unsatisfying and so there must some kind of political grammar to cyber power. Could we see things as more than event after event, hack after hack? Instead, could we describe the political motivations for the hacking and see state-based hackers as driven by foreign or domestic policy concerns? I was hoping to develop a framework for understanding states’ motivations in cyberspace and how they interact with the interests and actions of other states.
I hope readers, after they finish the book, read the newspaper the next day and news of an espionage campaign or there the hack of the power grid in Ukraine, and they ask why it happened. What were the motivations? Why did it happen in this way? Why is it likely to happen again? And that they also think about how we can control that type of behavior, or at lease moderate or ameliorate it.