Deputy National Security Advisor Anne Neuberger discusses international cyber cooperation initiatives to improve resilience to ransomware, efforts to disrupt ransomware and pursue those responsible for its proliferation, and countering illicit finance that underpins the ransomware ecosystem.
SANGER: Well, good afternoon. I’m David Sanger from the New York Times. Great to see so many old friends in the crowd here. And we are joined by many others who are watching on video. And I’m delighted to be here with Anne Neuberger, the deputy national security adviser for cyber and emerging technology. Anne has really sort of revolutionized the way the White House thinks and deals with all of these issues. So I am delighted that she’s here.
So here’s how it’s going to unfold today. Anne and I are going to talk for about a half an hour on the new ransomware initiative she has, current ransomware issues, and a few other related cyber issues. And then at about 1:30, halfway through, we’re going to invite questions from the audience and from our extended audience as well. I want to remind everybody, boy, this makes me so happy to say, Anne, this is all on the record. (Laughter.) How often do we have a chance to talk on the record? This is great. And then we will proceed. That means that not only are Anne’s answers on the record, it means your questions are on the record. So think about that for a moment. (Laughs.) So.
NEUBERGER: David’s joyfully enjoying this moment.
SANGER: Yeah. (Laughs.) So, Anne, let’s just go back to the beginning of the administration when you were—after a quite remarkable career, which you can all read about in the materials in front of you, as a White House fellow, as the official of the NSA working on commercial issues, defensive issues, offensive issues—you end up coming to the White House. And even before President Biden is in office, while he is still in Delaware under COVID restrictions. Sort of hard to remember what this was all like now. The first big issue he is dealing with, apart from the fact that his predecessor was trying to overturn the election, was SolarWinds, right? We had the Russians having come in to the—to the supply chain of software that was so critical. And then once you are in, you end up with this wave of ransomware issues that you’re dealing with, including Colonial Pipeline. Sort of changed the way he, and I think much of the country, thought about ransomware. So take us back to those days and the issues that that raised. And that I think will probably guide us into our current moment.
NEUBERGER: Absolutely. So good afternoon. Great to be here with you. Great to be here for this discussion. I see many friends in the room. So it’s particularly nice to be here.
So, David, as you know, coming into the administration SolarWinds was really where our mindset was around espionage threats and around the way new technologies—particularly, for example, like SolarWinds—companies providing services to thousands of other companies, could become the channels to explosively scale espionage. So when the Colonial Pipeline ransomware attack occurred in May, that changed the paradigm in two ways. It changed the paradigm because the actors were criminal. Based in Russia, but criminal. And it changed the paradigm because it fundamentally disrupted core critical infrastructure, a pipeline serving the entire East Coast, the only pipeline. Leading to cars at gas stations, leading to a disruption. The kind that we had always thought would only happen by a nation-state actor in a time of crisis or war. So that fundamentally shifted the way we had to think about, how does a country respond to that kind of attack?
SANGER: So this had a big effect on the White House. I remember sitting in the briefing room. You came out and talked about it some. Your colleague Liz Sherwood-Randall was out. There was discussion of whether you’d bring out the National Guard to ship oil until—as it turned out, you were able to turn on the pipelines before most of that had to kick in. But it led to some pretty severe conversations between President Biden and President Putin. This was after we had seen a build-up on the Ukraine border that the Russians had then backed away from.
The president called Putin up and said: We’re going to take a series of sanctions against you. Some of them were for election activity. Some of them were for this. But then talked about getting together with him in Geneva. The one time, as it turns out, that Vladimir Putin and Joe Biden met in person. This administration, my guess is that whether the president is a one-term or two-term president, that will probably remain the one time that they talk in person. But it’s hard to remember now, most of that summit was all about cyber and ransomware. Tell us what you were trying to achieve.
NEUBERGER: Absolutely. So, first, the Colonial Pipeline attack changed the domestic approach to cybersecurity. You know, I recall when the president asked the question of, OK, this company, what are the requirements that they have in terms of protecting their networks from a cybersecurity perspective? There were none, because we had put a focus on voluntary public-private partnerships. So that fundamentally changed the focus to say: If a company is owning and operating major critical infrastructure in this country, either because it can cause harm transporting hazardous materials or because of its reach, there have to be minimum required cybersecurity practices. And you’ve seen the administration roll out those regulations, sector by sector, over the last—pretty much over the last two years since then. So that fundamentally changed—
SANGER: So pipelines, you gave to the TSA. Hospitals, you gave to—
NEUBERGER: So we let—we essentially reviewed where there were authorities. The TSA can set requirements for pipelines, for rail, both commercial and as well as regular rail systems, for aviation, for airports and airlines. EPA sets it for water. Hospitals is an effort that’s underway by HHS and really Medicare and Medicaid, that sets safety standards. But it was that mindset, to say cybersecurity is safety. Regulators who have safety authorities will be the ones who will take the lead in enforcing cybersecurity standards. So that was the first way the Colonial just really changed our domestic strategy for cybersecurity.
SANGER: So it also changed the kind of red lines that the president set for Putin. Geneva meeting happened at this beautiful estate, right on the—on the lake. And I remember, Biden came out and saw us right after—had a news conference right after the meeting. And he said that he had said to Putin: How would you feel if this happened to your oil pipelines? Which sounded as vaguely threatening as Joe Biden can ever get, because it sounded like, gee, nice pipelines you have there, producing all your income. Be sad if something happened to them. And then I asked him about this at the news conference. And he said he was trying to set out a series of norms. And said to Putin that if they violate these norms, we will respond with cyber action against you, was his phrase. Where do we stand on how they’re doing on those red lines?
NEUBERGER: So that’s exactly right. In the initial discussion, you know, at the time, President Putin pointed to the activity and said: This is criminal. It’s criminal activity. Let’s have our law enforcement talk about it. And the president’s response was, well, we’ve signed up to a set of international norms, which our countries do not disrupt critical infrastructure in those other countries. And whether it’s a—whether it’s your government or whether it’s a criminal operating out of your country—operating out of your country, you’re accountable for that. And that was a change in thinking to say: You need to follow up and ensure you’re taking—the expectation that countries will take ownership for disruptive attacks coming out of those countries.
And indeed, following up on that discussion, you know, we downgraded and shared information with the Russians outlining who the individual was. It was an individual based in St. Petersburg at the time.
SANGER: Downgraded, just for those who don’t follow it, means you took it out of classification.
NEUBERGER: And shared it, exactly. And shared it with the Russian government. And said, we expect you to act. Shortly thereafter, the Russian government did, you know, very publicly—cameras, et cetera—you know, arrest a group of individuals.
SANGER: It’s a great YouTube if any of you have not seen it. A Russian bust on a group of hackers who we don’t know remained in jail very long.
NEUBERGER: Exactly. Well, six to eight weeks later Russia’s illegal of—illegal invasion of Ukraine happened. And that changed the entire context of the conversation. But to the point you’re asking, David, which is bringing full circle that set of if a disruptive attack happens from a country, even if it’s done by a criminal for purely financial reasons, the country needs to take accountability, arrest that individual, for example, or prevent it happening in the first place.
SANGER: So now we’re seeing a big surge in ransomware. And this point, these barely merit stories in the New York Times anymore, in the way that they would have, because we’ve seen so many different institutions get hit—some paying, some not. Some of them are teenagers who are doing this. Sometimes it’s non-Russians. But there’s a lot of it still coming out of Russia, isn’t there?
NEUBERGER: Ransomware is costing the global economy $8.7 trillion a year. That was the figure for last year, for 2022—$8.7 trillion dollars. And as we become more and more digitally connected, as we connect our power systems—and we want a connected grid, for example, so that we can use different sources of energy most efficiently. You know, around the world as we talk with countries, they have two core concerns. Concern number one is criminal disruption of critical services. They want to digitize their economies. Concern number two is China. So, to your point, it is costing a large amount.
And fundamentally, it’s not just the money, it’s the disruption. We’ve had—in this country alone, we’ve had hospitals turn away ambulances for days, because of disruptions of their electronic medical records. We’ve had critical manufacturing lines disrupted. Clorox announced the recent significant cost to operations. As well as, of course, schools in various states disrupted as well. So we’ve put a real focus on countering it within the complexity you noted, which is that many of the actors are living in Russia. So in the current environment, that’s clearly—that’s not something where we can see the Russian government acting against. So our approach has fundamentally been building a global coalition, which we’ll talk about, to tackle and disrupt the infrastructure, stop the money moving—the elements of this threat.
SANGER: I want to get to the ransomware initiative in just one question away. But just going back to what the president said in response to my question in Geneva. He made it sound as if he was prepared to go use offensive cyber operations to respond to these. Now, we might not see those, because frequently offensive cyber is—deliberately most of the time—silent. But is there much concern here, the president set out a red line that we haven’t heard him talk about very much since?
NEUBERGER: I think the president’s red line was more—or, the president’s clear line was more about a disruption from a country being met with a response. He wasn’t necessarily saying, we’ll use cyber, we’ll use economic. It was to say, we will respond if there is a disruption of our critical infrastructure coming out of your country.
SANGER: And so far, most of those disruptions we’ve seen have been, as you said, against companies, some against hospitals. But we haven’t seen it against what you would call classic critical infrastructure. We haven’t seen it against the rails, the electric grid, the water supply.
NEUBERGER: That’s correct.
SANGER: Do we believe that means deterrence is working here?
NEUBERGER: It’s a good question. I think we believe a few things. First, defense matters. And it’s not surprising to us that the most vulnerable sectors are the ones that continuously get hit. And that’s one of the reasons we put such a focus on defense. That’s the first piece. I think the second piece is the work that really the FBI, and other, and the Department of Defense have been doing to disrupt infrastructure, to take down infrastructure, to make it harder to execute attacks has been effective. And then finally, clearly the president did convey that was an important line that would be observed. So that’s something that, within the broader circle of efforts we’ve had underway, we think is important.
SANGER: So at the end of the month, you’re going to be gathering officials from, what, forty different countries?
SANGER: Fifty, OK, for your ransomware initiative, and for critical infrastructure in particular. Tell us a little bit about that, and what you’re trying to get done?
NEUBERGER: Absolutely. So over the last twenty years there’s been extensive work on norms, on confidence-building measures in international relations related to cyber. In the current geopolitical context, it’s hard to see how those efforts—hard to see how bodies like the U.N. can be effective in really enforcing those norms today. So what we work to do is say, let’s build a purpose-built international partnership, because the problem of criminal disruption of hospitals of schools, of companies is a global one. And let’s build that partnership to drive action and to drive coordinated work on both policy and operations.
And what’s been fascinating to see is, we focused on crime because if you make it a counter-China cyber partnership there’s some set of countries who say, not for us. If you make it a counter-Iran cyber partnership, there’s some set of countries who say, hmm, we’re going to stay out of that. When we talk about crime, even though accountability and norms is in the background, we can build that broad partnership. And, frankly, the partnership, the information sharing, the shared policy is then usable for other things as well.
SANGER: So I understand the distinction. But what the president was doing back at the meeting with President Putin was making the point that if this happens on your territory, we are going to treat it to some degree as if it is a state responsibility. So that action could come that we take—could come against the state, because we can’t reach the criminal groups in your state, if they don’t believe that they’re doing this. Very similar to the standards that President Bush set after 9/11 with terrorism. If the terrorism originates from your country, we’re coming after your country. That was the concept behind the invasion of Afghanistan. Is that still the concept here?
NEUBERGER: It’s a really good question. As you know better than most, what we often think about when we think about responding via a cyber is what happens next, right? And that’s why fundamentally defensive and offensive cyber strategy for a country are so intermixed, because if you can’t defend against the next strike, it’s unwise to take the first. So that point about our own defensive efforts are important. But I would also note that cyber is so fascinating because it’s such a transnational issue. Yes, the individuals may be sitting in one or a set of countries, but the infrastructure that they use, that they compromise, and in many cases the malicious software that they use, happens in multiple countries, right? The infrastructure may be in multiple countries. In some cases, it’s countries where there is a lot of compute capacity. So in some cases, it’s our allies and partners.
So working to stop that, working to make it harder. Similarly, the crypto that we think funds this criminal activity works—moves through virtual assets service providers around the world. So in addition to thinking about how do you go back to the source, we’ve brought into the how do you stop a cyberattack, to say let’s target the infrastructure, the funds. And let’s build the broadest set of partnerships to be able to do that quickly. So, for example, three deliverables that, you know, we’ll be formally announcing during the counter ransomware initiative summit next week.
One in the area of rapid information sharing. Believe it or not, it’s really hard for countries to quickly share information regarding an incident—the specific elements that were compromised, the IP addresses it came from—in a way to protect the next country. So Lithuania and Israel are standing up information sharing platforms. And countries commit to rapidly sharing that after a major incident. So our goal is that an attack can be replayed again and again because once it’s done once, other countries could defend. Similarly—
SANGER: And we’ve seen the North Koreans exploit this time and again. They hit one central bank after another, usually using similar techniques.
NEUBERGER: Yeah. Similarly, from a crypto perspective, you know, we haven’t previously shared bad wallets. Information regarding wallets on the blockchain that are moving illicit ransomware-related funds. We’ll be committing to do that and actually share that with treasury departments around the world with the hope that countries operating virtual assets service providers can block that. Similarly, we’ve set up a capacity-building and mentoring program. And one of the interesting mentoring programs, Israel mentors Jordan around building cyber capacity in that country.
And then finally, we’re working on the final steps for a first-ever policy pledge that the members of the Counter Ransomware Initiative would make. We’re not quite there yet, because when you have fifty countries it’s going to be up to the last high wire moment. But for members of the CRI to say, the government elements will not pay ransoms. There isn’t a global norm today around, should ransom payments be made in the—during a cyberattack? And I think what we’re trying—what we’re saying is, yes, we could ideally bring this to a U.N. process for a new norm. Or, we can try to work it in this more purpose-built international partnership to start establishing that norm. And it takes quite a bit of—we’re seeing, it takes quite a bit of negotiation to get there, because there’s such a diversity of members you have.
SANGER: So when you say governments, do you mean only federal governments? Because I could name for you a half-dozen state and local government entities in the United States that have paid ransomware in the past year or two, and get quite upset when the New York Times writes about how they just spent taxpayer money to pay several million dollars for ransom because it’s cheaper than rebuilding their systems.
NEUBERGER: So, first, please continue to write about it. Because while a ransom payment may seem most effective for a given company or government, et cetera, it’s driving the next attack, and the next attack and the next. And from the data—and data is always from the available data. The data is hard to come by on this. But we sat down with a group of ransomware negotiators. Believe it or not, that’s a business. So we sat down with a group of them and said: What have you learned after several years of this? And they gave us some interesting data, which we’ll be seeking to get out.
The first piece is, companies that backup their data, keep a—back it up, and keep a copy offline—actually recover more quickly than those who pay ransom. Because those who pay ransom get essentially a piece of software that decrypts their data. Well, maybe the software doesn’t quite work. Maybe there’s some where it doesn’t work. So—
SANGER: Who in this era does not backup their data, if you’re a company?
NEUBERGER: You might ask the question the next time somebody pays a ransom.
SANGER: OK. (Laughter.) Thanks for reporting tip. (Laughs.)
NEUBERGER: So that piece around—that backups have an impact, you’ll recover faster, you know, this—so at this point, this number of years in, those practices—the practices around deploy basic cybersecurity. It’s a better investment of your $7 or $8 million than paying a ransom to some criminal who, oh, by the way, doesn’t—can still leak the data, can still cause harm. And, oh, by the way, company X, and then I’ll get off my soapbox, you still have reporting requirements to customers, if you’re a public company. So a ransom payment is not the be-all or end-all in that way.
SANGER: How will I be able to measure, and how will everybody else in this room be able to measure, whether this new ransomware initiative is actually making progress?
NEUBERGER: It’s a really good question. I would say, first, building the partnership between governments, especially a particularly diverse set of governments. You know, I looked at the ten new members who joined since last year. I’ll give you the list: Jordan, Costa Rica, Colombia, Albania, Greece, Slovakia, Uruguay, Sierra Leone, Egypt, and Interpol—not a government, but a key partner. That’s a really interesting list. For those who watch cyber, you’ll see a common theme. You know, Costa Rica, Colombia, Albania all had significant cyberattacks that took out their governments for multiple weeks.
So they came calling and essentially said, we need help. So one part of the Counter Ransomware Initiative is that we make a commitment that if another country has a disruptive attack on a lifeline sector or their government, we will provide support and help them recover. And in fact, a shout out to the FBI who have deployed teams to multiple countries when that threshold was hit to help them quickly recover. So that’s piece number one, how rapidly key allies and partners who are members recover and building that set of capacity building and that partnership. Because we’re such a connected world and fundamentally, as governments, we owe that partnership to each other.
The second piece is the actual sharing. So you’ll ask me next year, how many bad wallets were shared? How much information regarding network infrastructure from which attacks were conducted was shared, and how quickly? And that, believe it or not, in 2023 we are still aware that that needs to be different. Third, how much has been done to help countries with understanding how to tackle and respond to an incident to build cyber resilience? So, for example, we’ve done capacity building for a set of countries in Africa when we’re setting up mentoring programs between countries.
And the cool part of this partnership, it’s not just about the United States. In founding it, it was founded with six other key international partners. And they’re a part of fueling or sending their capacity building through this channel. So as a group of more capable countries with more capacity, we’re lifting up the other ones. Those would be three ways, I think, that will be fair questions for you to ask me next year.
SANGER: We’ll have you back next year and they will get asked. We’re about to go to the Q&A in about five minutes. I just wanted to ask you on two other related but big issues. You brought up one of them already, and it’s China. So this summer, my colleagues and I wrote a fairly lengthy piece about an effort that has really consumed a good deal of your past year, which has been China inside American critical infrastructure. There’s a pretty big mountain of evidence that Chinese government, through its intelligence agencies and to some degree through its military, has placed code in American critical infrastructure.
We’re finding it frequently around major military bases. That may be because we’re looking mostly around major military bases, but we’re seeing them there. That obviously has taken some people in the direction of they’re putting this here to complicate a response to Taiwan, because the key to defending Taiwan is speed in getting across the Pacific, and anything they can do to slow that down. But there are other theories. So that story appeared mid-summer. What are you seeing since? How have you communicated this to the Chinese? What might—assuming Xi Jinping and President Biden see each other in a few weeks in San Francisco, what do you plan to say or do about this?
NEUBERGER: Taking a step back for a moment, as you noted China has a very sophisticated, well-resourced, offensive cyber program. And China is—when we think about comparative defense, for its own domestic surveillance purposes, China operates a Great Firewall. So it’s domestic defense. And you’ve certainly seen as well, in addition to the Great Firewall, rolling out various cybersecurity regulations. The Chinese are—have a more capable national defense than we for the simple reason that the U.S. government doesn’t monitor U.S. communication. While we’re proud of that element of our laws, that’s what makes us who we are as a democracy and protects civil liberties and privacy of American citizens, it certainly makes domestic cyber defense a lot more challenging. And certainly comparatively with China, which as I said, built out this capability for domestic surveillance purposes but certainly extends to a better ability, we believe, to detect and track foreign cyber capabilities as well.
China has resource that sophisticated cyber program and integrated it within their broader national strategy, as part of both influencing the public, and government, and other elements in an adversary, as well as potentially disrupting key infrastructure in the event of a crisis or conflict. It’s something we’re very focused on both detecting and defending against. It’s something that we’ve communicated that we take that as a serious threat. And we will treat any kind of disruptive capabilities as a very significant concern and respond appropriately. But it’s certainly the sophistication and the focus of the Chinese program is something which we try to communicate again and again in our domestic defensive effort.
So I’ll give an example. You may have seen that the EPA’s new requirements for cybersecurity for water systems was recently struck down by a court. We’re engaging the Hill and will work to ensure that the EPA has the authorities needed to address that. But of course, water underpins our military bases, in many ways, underpins our communications. Safe water and safe drinking water is something that every American citizen expects. The ability to ensure that’s protected and safe is something, as a government, we want to commit to. Helping, you know, in some cases, the domestic critical infrastructure understand that the traditional homeland defense with an ocean on either side is different in an age of cyber, in an age where adversaries can kind of bridge that quickly in the event of a crisis, is something that’s been a big part of our communications, both to state leaders and to key constituents on the Hill.
SANGER: And the part about President Biden and Xi Jinping, should they meet?
NEUBERGER: One can expect that cyber would be a topic but I won’t—I won’t—
SANGER: OK. Since it became public that the Chinese were doing this, and elements of it have been public over a period of time, are we seeing the activity decrease, increase? What’s the current update?
NEUBERGER: It’s something we’re very focused on. I think we would expect that the Chinese program is a robust program. You know, whether it increases or decreases, I think it’s something that we’re within the constraints I talked about, which is for a government working with our private sector is a big part of our ability to get visibility to detect and block. We’ve doubled down on that and are—have a number of innovative efforts underway. And I’ll leave it at that.
SANGER: And you’re trying to root this stuff out as you find it? I mean, there’s always a risk that once you find it and root it out, that tips off the attacker that you found it and they come back in a more stealthy way.
NEUBERGER: That’s true. And that’s always a complexity. But we expect defense to be one step ahead of offense, as hard as that is.
SANGER: Last question for you is on Israel, a country that you’ve had to go deal with professionally but also is deeply personal to you and your family history. So beyond the awful tragedy that we saw on October 7th, which was painful for all of us, tell us a little bit about what you’re worried about of a cyber nature, since Israel was under considerable cyberattack prior to all of this. But if they go into Gaza, as seems likely, if a second font is opened with Iranian-backed militia, it would be pretty easy to expect that one of the first things that would be hit would be remaining critical infrastructure inside Israel.
NEUBERGER: You know, as you noted, Israel and Iran have had a in the shadows, you know, cyber battle for the last number of years. And as the Israelis think about really augmenting their defense, I know that they’re very focused on augmenting their cyber defenses as well. Ensuring that critical infrastructure that doesn’t need to be connected to the internet, isn’t connected to the internet. And really learning the lessons of the Russia-Ukraine conflict of the dangers of, for example, destructive malware, the dangers—the value of backing up systems to the cloud, the value of ensuring that any commercial defenses are on their highest alert to block anything that appears dangerous, and then look at it afterwards. So we certainly, in line with the president’s commitment to defend—to be supportive of Israel’s defense, we’ve been working closely with the Israelis to ensure that they are in the best position to defend their networks and cyber infrastructure as well.
SANGER: Are they seeing very much now?
NEUBERGER: I’ll leave that to the Israelis to talk about what they’re seeing.
SANGER: OK. Well, we have hit that magic hour where we are going to take questions first from our in-person audience and then from those who are plugged into this. A reminder to all that the meeting is on the record. And who wants the first question?
NEUBERGER: I think you really just enjoy saying that.
SANGER: I do. I do. It’s so much fun with you here. Yeah. (Laughs.)
Q: Thank you for that great presentation. Alan Raul from Sidley Austin.
One of the more notable aspects of the White House Cybersecurity Strategy was the promotion of secure software development through accountability, liability, federal standards of procurement. How’s that initiative going? And does the administration expect to go to Congress for additional legal authority on secure software development?
NEUBERGER: Yeah. And that element did get a lot of attention. So I’ll talk about it in three areas, if I can. Area number one is using the power of government purchases of tech. We buy billions and billions of dollars of tech. And we have not adequately used that power of purchasing to drive more security into the software we buy. So the president’s executive order, actually which happened shortly after the Colonial Pipeline attack, called on NIST to define a secure software development framework, and then called on the U.S. government to require that that be attested to. Not only used, but proof be given to us anytime we buy software.
It has taken two years in terms of NIST built that secure software framework and then it went through the very complex federal acquisition processes. And now that is a formal requirement as of just about three, four weeks ago. Any software purchased by the U.S. government—critical software purchased by the U.S. government, the companies have to give proof that it meets that NIST secure software framework. So it’s been, number one, using the power of what we buy. And clearly when we talk to corporate executives, we encourage them to point to the same framework and use that as well in their own purchases of software.
The second is the White House launched this summer, the U.S. Cyber Trust Mark. Essentially, a government label that goes on devices like home alarm systems, monitoring—you know, baby monitoring systems, fitness trackers, Internet of Things—
SANGER: This is the cyber UL approval kind of thing, right?
NEUBERGER: Exactly. That’s an Energy Star for cyber, or a cyber UL approval. Where companies have told us again and again, we’re happy to build—we would commit to building more secure software, but there’s no market for it. What customers want is faster tech, more innovative tech. But when—
SANGER: And cheaper.
NEUBERGER: And cheaper tech. But when Carnegie Mellon did a study looking at actually what consumers value in the tech they bring into their home, schools, and offices, we heard loud and clear that they do. And they’re willing to pay up to 20 percent more. Set that aside. So the launch of the Cyber Trust Mark Program, modeled after a successful program in Singapore, works to bridge those two by saying: You know, NIST issued a standard for those devices. Any company whose products meet that standard can put the government label on it. And we will market—we’ll have a have a marketing campaign to alert American consumers.
We had a rollout at the White House. Companies like Amazon committed to ensuring that when people search for a baby monitor, the ones with a label will come up first. Companies like Best Buy said they’ll train their employees so when somebody walks in and is buying a home alarm system, they’ll say, look, this one is actually cyber secure against the government standards. So we intend to have labeled products ready by Christmas of next year, because right now the standard is out there. Companies are adapting their products. So that’s the second pillar of a voluntary approach, but one with incentives.
And then the third one would be potentially going to the Hill for actual liability-related areas. As you know, that’s been an incredibly controversial issue. So the White House is doing a series of listening sessions to determine what would be the right approach there.
SANGER: OK. We’ll go to Glenn.
Q: Glenn Gerstell. Thank you both. Anne, in particular, thank you for your great comments and service.
I’d like to ask a question about an intersection of cybersecurity and another area for which you’re responsible, artificial intelligence. As you well know, some have said that with the advent of AI it will make cyber offense far more effective because you could easily create phishing emails, et cetera. Others have said, no, cyber—AI will assist cyber defense, because you’ll be able to more rapidly figure out vulnerabilities threats, vector—attack vectors, et cetera. One, do you have any thought on that dichotomy? And, two, do you think we need regulation or new norms, international norms, over the offensive use of AI in particular in this context? Thank you.
NEUBERGER: Thank you, Glenn. Close colleague back in our National Security Agency days.
So, first, I would say they’re both right. AI is fundamentally a dual-use technology, whether it’s in the area of cyber or whether it’s in the area of bio. It is dual use. So, to your point, there are specific scenarios I won’t go into here that keep me up at night regarding using AI for particularly effective adversary offensive cyber weapons against us. And on the defensive side, AI could potentially solve some of the intractable cybersecurity problems—like, how do you rapidly detect an anomalous attack? It could also help us in the area of building more secure code. I don’t know how many—you know, how many folks in here have written code. It’s hard. It’s hard to write secure code.
My daughter just graduated college with a degree in computer science. And I asked her how much focus was there on cybersecurity. Not as much as one would have hoped. So the potential to train models on secure code and help both generate secure code, help review code before, is very, very promising. And in fact, you know, as you know, the White House has been working on an executive order. The president’s deputy chief of staff has really led that effort, reflecting the priority upon which the president puts this work. And we have a number of elements related to cybersecurity in there. For example, you know, asking—for example, looking at how we roll out artificial intelligence across critical infrastructure. What are the appropriate steps that need to be in place before we have confidence that that doesn’t bring additional instability to critical infrastructure?
And with regard to your question regarding—
SANGER: And we will see that executive order, when? We’ve been waiting since early summer, probably.
NEUBERGER: One of the things I was taught when joining the White House is one never predicts.
NEUBERGER: You know, this is a priority for the president. So as such, it has moved faster than any executive order I’ve observed before, through the process.
SANGER: But your definition of fast in the definition that might be in this room might be different?
NEUBERGER: I think in the case of this EO, probably not. (Laughs.) Particularly for folks who’ve served in government and seen that path. But it really—the president has made this area of priority. And as such—and it’s a complex area, so we need to get it right. There’s speed and then there’s getting it right when it is such a complex area, particularly given the goal of the EO is to look at so many different areas where AI affects our economy and our society. From ensuring it doesn’t augment and reinforce biases to thinking about which sectors of the economy, which workers in particular sectors will be impacted, to thinking about national security aspects of that. So because of that complexity and that whole-of-nation approach, the goal was to be thorough, robust, and also move as quickly as possible.
SANGER: I think I interrupted you before you were getting to your last point for—
NEUBERGER: I think Glenn’s last question was related to international norms. So the first step with that you saw were the voluntary commitments that the president negotiated with key companies related to how models are trained, the transparency with which data they’re trained, how they’re red teamed. In other words, you know, making it harder for these models to be used—to be used offensively in a way that could cause harm.
Clearly nations—clearly governments can still build models. Those come at significant costs in terms of training models. But we are, you know, as the president has said, we’re very committed to really focusing on both the promise and the peril of AI, the voluntary commitments as a way to work with and hold companies accountable. The U.K. AI Safety Summit next month, brings governments together to bridge the other government process around the G-7 and the Hiroshima process that’s really focused on countries’ commitments in this area.
SANGER: We’ve seen that the Chinese are not really willing to discuss arms control with us on nuclear weapons. But they have said a few things that would make you think that they may be interested in discussing AI safety. And, of course, one of the big issues in the arms control world is not letting AI be used in nuclear command and control. Is this a way in to get China negotiating a little bit?
NEUBERGER: We’ve seen the positive remarks the Chinese have made. And the president has talked about his commitment to talk with other governments to press on joint work to combat the perils of AI.
SANGER: Has that discussion with China begun?
NEUBERGER: I think we—you know, certainly I’m not going to speak to specifics of that at this moment. But I think the way the president has talked about a commitment to work with China on global hard problems, a commitment to work with countries with capabilities in AI in this space, is certainly—and the positive remarks that the Chinese have made about partnership, is certainly an area to be explored.
SANGER: Do we have questions from our—those who are joining us virtually?
OPERATOR: We will take our next question from Munish Walther-Puri.
Q: Hi, Director Neuberger. Thank you for your comments.
You mentioned lifeline sectors. I wonder if, in the guise of CRI or otherwise, you’ve come up with a standard idea or definition of what constitutes lifeline sectors, you know, with CISA or otherwise. Thank you.
NEUBERGER: It’s such a—it’s such a great question, Munish, because it speaks to what we’re trying to do with CRI, which is build upon the years of norms and confidence building measures, discussions, to get to a level of rigor and detail in operational cyber partnership. So what can countries actually rely on each other for? So I think at this Counter Ransomware Initiative summit, we’re making that pledge, that a country that experiences an impact to lifeline sector. What we had in mind was where a disruption could impact lives in that country. That would seem to infer medical systems as the core definition, but I think we will see in that we intentionally used a term like “lifeline,” which conveys a particular threshold, but also if a country comes in and says their power systems are down, clearly that has an impact on life and limb as well. And we will—we will pledge to provide them assistance to rapidly recover.
SANGER: Jane. It’s only this table that’s asking questions.
Q: I know. This is the smart table.
SANGER: Yeah. (Laughter.)
Q: Just deal with it
NEUBERGER: That sounds like a challenge. (Laughter.)
Q: You sat at the cool kids table, that’s what Glenn says.
Well, as a cool kid, thank you both for your work in this area. I can’t remember, David, whether you used the term cyber 9/11, or repeated the term, or who invented the term. But anyway—
SANGER: It wasn’t me.
Q: You did?
SANGER: No, it was not me.
Q: Not you? But my question is about a cyber 9/11. Rumor has it that just maybe if China is trying to annex or attack Taiwan, that their first salvo might be a massive cyberattack here. And so my question is, are we wrapping our head around that idea? It’s a horrible idea, but are we? I mean, a massive attack, a swarm attack, various levels of cyber? And is the American public in any way prepared for this?
NEUBERGER: So the short answer is yes on the first. And we are working to communicate that and really drive massive cybersecurity improvements quickly on the second. And we welcome partners talking about the cybersecurity threat. So I think, yes on the first, in that the—President Biden has, as I said, you know, put in place those first requirements for critical infrastructure.
We have all kinds of quiet innovative partnerships related to working with key digital infrastructure in this country—the companies that essentially operate the core infrastructure that underpins our economy, that underpins our military, to ensure that we’re rapidly sharing information, more importantly determining what is needed in the period of significant attack. What options do we have to rapidly recover if such an attack were to occur?
And I think the final aspect of that is the deterrence aspect—what we convey to countries regarding the seriousness with which we would take a cyberattack, that we would treat it much as any attack on the homeland and respond accordingly. I think we don’t expect it would be cyber on cyber necessarily. We would treat a cyberattack as if it was any other attack and bring the full force of an American response to that.
SANGER: Anybody other—somebody who’s not sitting at this table. (Laughter.)
Q: Yeah. My name is Tom Miller.
Let me throw out a hypothetical scenario to you, because I’m a little bit confused about what the obligations of companies are. Let’s just take PG&E, a company that’s had some problems over the last several years. If they had a cyberattack, two questions. Number one, are they obligated to tell the U.S. government? And number two, if they said, basically, we’ve got to pay the $5 million ransom because we—this will—this will hit us so hard that we will not be able to survive—
NEUBERGER: So, first, PG&E is a public company. The SEC has new requirements to report material risks, so they would be required to report. And I think those are important new SEC requirements because the ability to sweep cyberattacks under the rug disincentivizes the investments that are needed.
And then with regard to the second question, my point earlier about our international initiative is to set that international norm around governments paying ransoms. Separately, we are having an internal policy discussion regarding what should national policy be around ransoms. We had this discussion a couple of years ago and there was strong perspective across the U.S. government that preventing ransom payments was something that companies weren’t ready for. Companies hadn’t made the investments in cybersecurity needed. Well, we’re two years later—two-and-a-half years later—and I think we’ve communicated again and again. Companies have seen the impact of ongoing cyberattacks. So we’ve lifted it up again and are having the discussion now to say: Would it be an appropriate time? How might one build a ransomware—a ransom regime that disincentivizes ransom payments, because they’re incentivizing the next attack, but in a way that if there’s a critical company and it would indeed help them recover much, much more quickly there’s a path for that as well? So those are the issues we’re grappling with.
SANGER: So extend that conversation to two examples we used before, if you could, Anne. One of them is hospitals, where they might say, well, yeah, we could invest in more cyber protection, but it’s going to come at the cost of getting the latest in cancer-detection equipment or treatment equipment.
And the state and local governments that we discussed. When Texas had a series of towns hit I remember calling the town manager or mayor in one of the towns and asking if they had a cybersecurity official who I could talk to about this. And he said, you know, we just got a sheriff last year. So, you know, they were completely unprepared to go to—and as it turned out, the attacks were aimed at a private company that was giving digital help to a number of small towns, you know, around.
So would you extend your requirements to public institutions? And could you do it to the states and local governments?
NEUBERGER: It’s a—it’s a really good question.
So, first, you know, the president’s bipartisan infrastructure law intentionally addresses investments in digital infrastructure as well, because our goal was to say we’re building out physical infrastructure in this country whether it’s a bridge, whether it’s a connected water system, and that has to be built secure from the start. So there are grants available to state and local governments to actually improve the cybersecurity of their systems.
And I think as we look at state and local governments, those are some of the hardest areas to look at because in many cases they have trouble attracting talent and the level of cybersecurity isn’t where it needs to be. There have been some states that have taken proactive, interesting, innovative ways to address it. So, for example, the state of New York has stood up a state-level security operations center and state-level resources that are available to smaller cities and townships. It’s smart because, as you know from a cybersecurity perspective, there is scale and there’s economies of scale. So efforts like what New York state has done, what we work to do is convene state officials, help them learn from each other so that a township isn’t standing by itself—to your point—when they just got a sheriff and cities can learn what is most effective.
But that is one of the hardest—every time I do these virtual conversations with state and local officials, I hear again and again about, you know, not having a lot of money, having trouble attracting talent. And that’s what led us to say the state-level models that then provide essentially an umbrella of support that smaller parts of that state can tap into is the most effective and I think economical approach.
SANGER: You’ve spent a lot of time in Baltimore. What was the lesson you drew out of their decision not to pay? But they ended up spending huge amounts of money rebuilding their systems.
NEUBERGER: First, we learned a lot about, as I mentioned earlier, preparing for it, so backing—having backups that can effectively be tapped into—
SANGER: And Baltimore did not, as I recall.
NEUBERGER: I don’t believe so.
NEUBERGER: You know, having digital, you know, alarm systems. I am originally from New York. Most homes in New York have an alarm system. It’s the smart thing to do. So digital locks and alarm systems, which in many cases local governments have not done. So those basic things help a city rapidly recover in the first place. And I think you’ve seen Baltimore, Maryland, do a lot in terms of attracting the talent, putting in place the innovation, and recognizing that if you are digitally innovative, it’ll also attract business to your state as well.
A fascinating—you know, I mentioned to prior Governor Hogan how impressed I was with their cybersecurity approach when I was at an RSA conference in Las Vegas and—in San Francisco. And I’m literally standing on the street in San Francisco, and a bus rolls by, and it says: Maryland, the home of cyber. Come work for us. (Laughter.) I was like, that is impressive. I don’t know if you only paid for the ad the week of RSA or even if you just thought that, hey, San Francisco, there’s a lot of tech talent and maybe something will attract them to go to Maryland, but it showed kind of the thinking and the reach of their approach.
SANGER: Well, your previous employer is, in fact, in Maryland, so.
SANGER: Yeah. Right.
NEUBERGER: Indeed. Good point.
SANGER: Great. Thank you.
Q: Hi. Thank you so much. Kat Duffy, senior fellow here at the Council for digital and cyberspace policy.
I would—I would love to hear your thoughts as we are hearing so many different initiatives coming in for AI governance, right? Everything from the White House is voluntary commitments, G-7, OECD, Council of Europe, the U.K., and now last week China’s announcement of an AI governance initiative for all 155 nation members of the Digital Belt and Road Initiative. What—having looked at the evolution of cybersecurity and cybersecurity governance over the past couple of decades, what are the lessons that you think are most critical that can be taken from that process and applied right now in AI governance, where we’re trying to move very quickly to do something that is, ideally, deliberative?
NEUBERGER: I so appreciate your question because I’ve had a number of people approach me and say: Folks are talking about AI as if it isn’t software. And we’ve had significant lessons about how to secure software where, to your point, what is the governance both between governments and between governments and private sector that we need to learn from. So appreciate the question.
And I would say three takeaways.
Takeaway number one was we rolled out digital systems across our economy—across our hospitals, across our power systems, across our water systems—without adequately considering the risk that connected systems bring, whether from criminals or from adversarial nations who could then disrupt those systems via those digital connections. So that’s the reason that there’s a real focus, you know, in—that we’ve been discussing as we worked on the upcoming executive order to say: What are the controls that need to be put in place, from explainability to human in the loop to understanding the data upon which a model has been trained and red teamed? So there is that first lesson with regard to knowing that there will be uses that bring particular risk, and we need to carefully consider those risks before those are deployed and then monitor them thereafter.
The second aspect is the role of the private sector. We did not put an adequate focus and a set of requirements on companies building tech. We’re still working to adapt to that, to the question asked earlier, but in AI the reason there was an early focus on voluntary commitments—and that is likely a bridge to what the Hill does in the area of regulation—was to say that if you are building critical tech, there’s a responsibility to how that’s built and how that’s maintained.
And then the third part is, is the roles between governments and how governments consider use of offensive capabilities in this space in a responsible manner. We have twenty years of development of norms: the UNGGE norms in cyber from 2015, 2019; the OECD, to your point—the CSC, sorry; the confidence-building measures in this space as well. And I think what we can learn from that is we can put a lot of work into norms; enforceability of norms is what matters. I mentioned that in the context of the Counter Ransomware Initiative. We’ve seen that bringing a group of countries together on accountability may be—purpose-built may be needed as well.
So I think as we think about the responsibilities of countries to each other, certainly the norms matter. But how those will be detected and enforced we need to consider from the outset.
SANGER: We only have time for probably one or two other questions if we have short questions and short answers. (Inaudible)—what do we have? There we go.
OPERATOR: We will take our next question from Jason Forrester.
Q: Thank you, Anne and David.
Regarding the recent hack of the MGM and Caesar’s and the personal information that has been leaked through those hacks, how does the White House look at the leak of personal information on one side versus the potential threat to critical infrastructure? Are these comparable problems, or are there notable differences?
NEUBERGER: I think certainly those are both significant problems. We view disruption of critical infrastructure, of the critical services Americans rely on, as a key threat we are focused on as we press companies to, for example, encrypt the data, protect the data. I think, certainly, the Hill’s work on privacy legislation, on legislation related to data protection, is important. There were efforts and progress made in that area. And I think the requirement that companies inform when personal data is leaked so that there is some accountability for that we believe is driving improved cybersecurity protection.
From a national perspective, our focus is on both. But a premier and priority focus on preventing disruptions of critical infrastructure.
SANGER: One more? You have anybody else? Heidi. (Laughter.) Heidi, just for you we are exempting the table here.
Q: Thank you so much for this.
I know you’re working on capacity-building in other—in other countries to tackle some of these threats. But within the U.S. agencies that you are working with, some that are internationally facing, they need capacity-building as well, whether it is for cyber or for critical and emerging technologies that you’re also responsible for. So how is that process going within the U.S. government?
NEUBERGER: That’s a really good question. State’s standup of a bureau focused on capacity—focused, really, on these cyber and digital issues—and the role of Ambassador Nate Fick, who’s been doing a terrific job representing the United States in these digital forums, has highlighted that there is a real demand for our capacity-building and there’s a real demand for our technical capacity-building. Bringing American tech into the fight—which, oh, by the way, when American tech is deployed and American cybersecurity firms deploy, that enables better global detection and defense, and in an effective way that also protects us at home and protects allies and partners around the world, because the power of some of these technologies is when a particular technique is found a defense can be deployed globally.
So, you know, I know the State Department has been asking for an additional grant for cybersecurity capacity assistance. We stand firmly behind that. And, indeed, we’ll be very focused on ensuring that that’s done as technical grants. While sometimes we give grants for building strategies or building policies, we think what we see countries most need is the practical digital locks and alarm systems to defend their networks most quickly.
SANGER: Well, I want to thank everybody here for joining this session. And I particularly want to thank Anne Neuberger for spending so much time with us. We could keep doing this for hours, and we’ve been known to, but we have to let everybody get on with their day, especially Anne. So I thank you all very much.
Note that the video and the transcript of this session will be posted on CFR’s website fairly quickly, so you’ll be able to go back to it and people will be able to catch up with it.
Thank you very much, Anne.
NEUBERGER: Thank you, David. Thank you. (Applause.)