
Loading summary
Kara Swisher
It's on. Hi everyone from New York Magazine and the Vox Media Podcast Network. This is on with Kara Swisher and I'm Kara Swisher. Today I'm talking about cyber security, cyber attacks and the potential for a full blown cyber war with Nicole Prolrath, Michael Schmidt, and Lt. Col. Alexander Vindman. Nicole Perlroth spent a decade as the lead cybersecurity reporter at the New York Times before going inside the tent and joining the advisory board of the Cybersecurity and Infrastructure Security Agency and the Council on Foreign Relations Cyber Task Force. She's a founding partner at Silver Buckshot Ventures and a producer and host of To Catch a Thief, a new podcast about China's rise to cyber dominance. Michael Schmidt is a Pulitzer Prize winning investigative reporter for the New York Times and the author of the bestselling book Donald Trump v The United States. He's also the executive producer and co creator of the Netflix show Zero Day, a political thriller about a devastating cyber attack on the U.S. lt. Col. Alexander Vindman is a former Director of European affairs for the National Security Council. Vindman was a key witness during President Trump's first impeachment and testified about Trump's infamous phone call with President Zelensky of Ukraine. He is a senior Fellow at the Johns Hopkins Foreign Policy Institute and the author of the Folly of How the West Deceived Itself About Russia and Betrayed Ukraine. So stick around. It's a panel of real experts here. And on an important topic to me, support for today's show comes from Chevrolet. Whether it's just a quick jaunt or a long journey, Chevy's all electric Equinox EV has you covered with a massive 17.7-inch diagonal touchscreen. And starting at around $34,995, you can hit the road and still afford snacks. Equinox ev A vehicle you know, a value to expect and a dealer right down the street. You can go EV without changing a thing. Learn more@chevy.com Equinox EV the manufacturer's suggested retail price excludes tax title, license, dealer fees and optional equipment. Dealer sets final price. Support for this show comes from ServiceNow, which is enabling people to do more meaningful, creative work. The work they actually want to do. You know what people don't want to do? Boring, busy work. But now with AI agents built into the ServiceNow platform, you can automate millions of repetitive tasks in every corner of a business, it, hr, customer service, and more. And that means your people can focus on the work they want to do. That's putting AI agents to work for people. It's your turn. Get started@servicenow.com AI agents support for on with Keras Swisher comes from ARM. Have you ever wondered what's powering your smartphone and the other devices we interact with daily? Or what lies at the heart of life saving drug discoveries and robotic surgeries? The answer is arm. ARM technology is moving the world forward, enabling AI to create a more meaningful, more connected life for everyone everywhere. ARM believes the future isn't about technology, it's about people and the possibilities technology can offer us all. The future is built on ARM. You can discover more@arm.com it is over. Nicole, Michael and Alexander, thank you for coming on. On.
Nicole Perlroth
Thanks for having me.
Michael Schmidt
Thanks for having us.
Lt. Col. Alexander Vindman
Thanks for having us.
Kara Swisher
So I'm excited to have a panel with three smart people from different but related fields. So let's start by setting the table. I'd love each of you right now to say there's so many of them, but what's America's most worrisome cybersecurity vulnerability right now? If there's a serious cyber attack or a series of attacks against the US in the next years, what will it look like? Nicole, why don't you start and then Michael, then Alexander.
Michael Schmidt
I think we got a glimpse of it with Colonial Pipeline, but if you remember, that was a ransomware attack by sort of this bumbling group of cyber criminals. And since then, what we've seen is China infiltrating pipeline networks, water networks, transportation networks, ports, grid, and they're doing it in a way where all they're doing is getting in and just making sure that they can stay in for the event of some sort of geopolitical political tensions. And so what we're really worried about right now is what we call the everything everywhere all at once cyber scenario, where you wouldn't just have one colonial pipeline, but you would maybe have five or ten simultaneously, not just on gas but on water networks.
Kara Swisher
So that's called the long game, essentially the long game of being there just in case they need to do that.
Lt. Col. Alexander Vindman
Michael I mean, the whole thing that, that I have about cyber attacks in sort of attacks in general is like how would the country actually respond if something really horrific happened? If there was something catastrophic that really shut down communications or stuff like water or electricity, what would the response from the country look like? We all lived through the aftermath of 9 11. We saw how the country responded to a horrific catastrophic attack. It's hard to believe the country would be united simply just on fact of what happened, let alone on response. And I'm a believer that if society doesn't have a understanding of what's going on around it, it's less likely to make the right decisions. So not a technical answer, but I think a larger thing about the threat that a threat really poses to this country.
Kara Swisher
That's an excellent answer, Alex.
Nicole Perlroth
Yeah, I think about it from the perspective of our adversaries. They think about it in terms of information confrontation, with cyber being a componen component of that bigger confrontation. And in the environment where the chances of an attack may be increasing, we're disarming and we are adding chaos to a potential response. I think in line with what Michael said, we don't have a predictable, reliable response from the federal government. Potentially it's fractured and localized with different narratives about who the aggressive actor is. I mean, there's reason to believe that if it was Russia, Trump would potentially downplay Russia as the threat actor and look for other different excuses. Elon Musk was talking about, you know, Twitter coming down because of Ukraine and that was a false flag. So I think that's part of what I see unfolding disarmament in the midst of increasing threat environment.
Kara Swisher
Right. So essentially long game chaos and we're not ready at the same time or we're even worse than not ready, which is purposely incompetent essentially. So for the American public, the chances of cyber warfare actually affecting them can seem remote right now. Narrative fiction, in fact, is possibly the most effective way to make people wake up to the threat. So let's play a clip from Michael's Zero Day, which starts with a Wolf Blitzer cameo.
Michael Schmidt
We've received reports not only of widespread.
Nicole Perlroth
Outages impacting multiple regional power grids, but of computer systems that control transportation, communications and other infrastructure completely hijacked. With safety warnings somehow overridden, early estimates suggest a significant but unknown number of casualties as subway cars and commuter trains filled with passengers found themselves switched onto the same track, resulting in head on.
Michael Schmidt
Collisions and mass injury.
Kara Swisher
So Michael the show was number one in English language TV on Netflix earlier this month. Talk about reactions you've gotten from the viewers. Did this switch on a light bulb for people or they see it more as a Robert De Niro going out with Connie Britton sci fi thriller.
Lt. Col. Alexander Vindman
My hope is the former, but I'm probably going to say the latter. Yeah, I think the thing that that clip tries to show is something that as journalists we really struggle with. And Nicole and I both covered, you know, cyber stuff together at the times about this and When. When. When I started covering this stuff, I went to the Department of Homeland Security and I said, what would a cyber attack look like? This is like 10 years ago, 12 years ago. What would it be like? Help me tell this story. You had all these national security officials going up to Capitol Hill and saying, there's going to be a cyber Pearl Harbor, Cyber911. But so I went to them, and they had this, like, something that looked like it came from the 1950s, and it had different light bulbs, and they were like, well, if this happens, this light bulb goes off. And if this. And I remember thinking at the time, man, this is a really hard story to tell people. You have people really sounding alarms about it. But even in text, I don't know how to bring this to life. And what the show allowed me and the other creators to do was to show you what this looks like in a way that no testimony from someone on Capitol Hill could give you. And sure, it's Hollywood. It's dramatized, but what it is is that it shows people, hey, this is what this could look like. And it does it in a way that's accessible on a platform that millions and millions of people watch and in a forum where they can easily digest it. And for. For me, that was really exciting.
Kara Swisher
So, Nicole, you have a new documentary podcast called To Catch a Thief. It tells the story of how China used cyber attacks to steal our IP and also hack our critical infrastructure. Now, the former has been going on for a very long time, as you know, but the critical infrastructure is a whole new. We referenced this a bit already, but does the cyber threat get enough attention? In D.C. president Trump created the Cybersecurity and Infrastructure Security Agency in his first term, but its funding and staffing are getting cut. It's getting decimated. And you obviously fired the head of IT, famously, because he said the elections were fine. So who are the lawmakers and people in power right now who are making it as a priority because they seem busy with every other distraction known to man?
Michael Schmidt
Yeah. And I'm just gonna back up and say I did this podcast because I. And really, to Mike's point, we have failed at every institutional level to convey just how serious this threat is. And as we failed to convey it in media. You know, at the New York Times, I always said, we need 12 people covering cybersecurity. I am one person. Mike was covering dhs, but there was a lot that goes on at DHS beyond cyber. We need one person just covering what Russia is doing in our infrastructure. Every single Day, we need someone that's covering what China's doing with the IP theft and now critical infrastructure attacks. And we never did that. And so it was really hard to tell this story. And I think there are some people in government who get it. And thank God cybersecurity is still a bipartisan issue. Is it? We are losing support for this on the right because of exactly what you just said, because it became a political issue with the 2020 elections and Chris Krebs getting out there and calling it the most secure election in history. And Trump never forgave him for that.
Kara Swisher
Well, he fired him.
Michael Schmidt
Right. So I think really where a lot of the backchannel lobbying going on right now is in making sure that this administration gets it. Sean Palenke was just named as the new CISA director. By all accounts, he's a great guy and he gets it. Inside nsa, so far, a lot of the leadership is still there and they have a very.
Kara Swisher
She's a National Security Agency just for people.
Michael Schmidt
That's right, the National Security Agency. You know, of course, people on the Intelligence Committee still see this. Mark Warner is doing a lot on this topic, but there's no longer someone. I could say this person in the Republican Party is being very loud and clear on cyber aspect because.
Kara Swisher
Trump.
Michael Schmidt
Well, because everything is changing every 20 minutes. I would have said Marco Rubio really understands the threat of Russia on cyber and definitely China on cyber. But watching what happened in the White House in the Oval Office a few weeks ago, I don't know who is holding the line on this anymore.
Kara Swisher
Alex, your new book, the Folly of Realism, shows how the US has spent decades misunderstanding and mismanaging the Russia threat. In case anyone missed it, the running theme here is that all three of you are trying to alert policymakers and the public to risks that haven't gotten enough attention, which is why I wanted to do this. First, read how the US has responded to Russia's developing cyber program in the last decade and what, what is happening now? I would say. And obviously, the Russia Ukraine war is the first major conflict to involve large scale cyber operations. Now, more than three years after the full invasion of Ukraine, what have we learned about the role it's going to play? And if there's nobody there, as Nicole says, on the Republican side, and they're running the table, what happens?
Nicole Perlroth
The book makes the point that we keep repeating the same mistakes of the past. We make the mistakes of catering to Russia's exceptionalism and buying into the hopes that we could do more with Russia or succumbing to fears that if we do too much with regards to Russia, that the relationship, you know, could, could break or spiral in a dangerous direction. And we've done this repeatedly across six different administrations is the point I'm making. Same thing with regards to cyber. Although we, we only really started paying attention to cyber over the last 25 years, we are now in an era in which we are the most transactional. We don't understand any of the lessons of the past. It's only what's immediately in front of us. So we, you know, Trump, he's been in power, he had four years in office. This is now really like month 60 or something like that of his, of his presidential tenure, but nothing beyond like last week or the week before, except for some key themes. Russia good, Ukraine bad. Continue on. Everything else is highly transactional. Immediately what's in front of him. So, you know, we're looking at, get a reset here, coming between a conversation between Russia and the United States, Putin and Trump, in which we could pivot further down the road of accommodating Russia, throwing out the playbook on the fact that we need to be hardening ourselves against Russian cyber attacks. We've already kind of unilaterally disarmed on offensive cyber, or it's hard to believe Trump is going to learn his lesson anytime soon. But eventually we get to the point where Trump is provoked and is made to look weak. Weak and might respond aggressively.
Kara Swisher
So those cyber threats to Ukraine have increased. Obviously, that's how they began softening up the country.
Lt. Col. Alexander Vindman
Right.
Kara Swisher
That was their first move.
Nicole Perlroth
Sure. And I think the fact is that nobody really knows the Russians better than the Ukrainians. And the Ukrainians are looking and constantly playing in the Russians backyard very, very. In a sophisticated manner. They might not have all the tools we have, but they certainly understand the Russians. And, but, you know, the Russians have been attempting to exploit vulnerabilities not entirely successfully with regards to Ukraine. Actually, Ukraine has been very effective at parrying a lot of these attacks on Ukrainian critical infrastructure. That's why you see hard power, you see, you know, missile strikes to do the work that they thought that they might be able to execute.
Kara Swisher
To do through cyber.
Nicole Perlroth
Yeah. So, but there are, that's. Ukraine is a bit of a hard target. There are soft targets all around Ukraine for the Russians to exploit, either with hard power or in the cyber domain that the Russian are aware of and are becoming increasingly comfortable with attacking.
Kara Swisher
So let's talk about where the cyber threats are coming from domestic groups a little bit. I'm not gonna give away your whole plot, Michael, but there's also domestic threats throughout your series. What domestic threats concern you most? And America's politics become more and more fraught because that's a topic here.
Lt. Col. Alexander Vindman
I defer to Nicole on the specifics, on sort of like who has what capabilities and such. But what we're trying to sort of show and raise in the show is the idea that these tools can be stolen. Even they don't have to be created outside of the government, they can be stolen from the government. And whether that is a state actor or that is, you know, someone sitting in their basement, you know, not to simplify it, but that the threat of this is everywhere and it's not just Russia and it's not just state sponsored folks. And you know, Nicole understands it better than I do. But what we're trying to say is that this is something that can rear its head from anyone in any different ways. And in a time in which things are so fraught and so divisive, you know, what does that mean for people that can get their hands on things like this?
Kara Swisher
So Nicole, your whole book was about this, obviously using US government created technology and then spread all around the world by lots of people. So talk a little bit about what's happening because. Because AI is another element here. It can lower the barrier to entry for hackers. AI enabled military systems are vulnerable in the way traditional systems aren't. AI powered cybersecurity tools can also be very powerful. In the end, talk about that impact and non state actors in exploiting all this technology.
Michael Schmidt
Well, it really is the perfect weapon. Which is the name of another of our colleague's book, David Sanger's book. Because all of these tools can be developed, reverse engineered, fired back on their maker. Yes, the US bears some responsibility for launching probably the most sophisticated cyber weapon of them all. Stuck stat with Israel on Iran's nuclear facility way back when. And that has opened Pandora's box. And right now we are seeing a whole well oiled economy of ransomware in particular where anyone can pick up these tools. They don't even need to have any technical savvy. They can pick up these tools, rent them and fire them on anyone. And we've seen American teenagers, Canadian teenagers arrested in some of these hacks. And the barrier to entry only gets lower every day because we've all somewhat come to realize what a Chinese phishing email would look like. But now with AI, it's really hard. But let me just say something, you know, on Ukraine, Ukraine's Defense is really the deterrence on Taiwan. You know, China has been watching very carefully how Vladimir Putin's invasion has gone. And they've watched what we've done with our support, with sanctions, with funding, with weapons. And now they're watching what we're doing on dithering on that support, on trying to make a deal on minerals, et cetera, and they're taking the lessons to heart. One thing I just want to say on what we've been witnessing with China creeping into our water networks and our pipelines is that this is, to Alex and Mike's earlier point, really, I think about it as a psychological weapon. Know, we have incredible appetite in both parties still. Maybe it's waning to support Taiwan in the event of some larger military conflict. But what appetite will Americans have to support an island 7,000 miles away if we can't get gas for more than three days, or we can't get clean water, or our water is contaminated? And really the goal with some of these weapons is to basically win a war without firing a single bullet.
Kara Swisher
Right.
Michael Schmidt
And one of the things that makes cyber this perfect weapon is we wouldn't immediately know whether this is a Chinese cyber attack or a Russian cyber attack or a ransomware attack. There are a whole host of possibilities for false flags, which we saw last week with Elon Musk accusing Ukraine of hacking Twitter. And I haven't followed that to its logical conclusion. But if it's coming directly from Ukrainian IP addresses, then you probably can be 100% sure that it's not Ukraine.
Kara Swisher
Yeah. Right. So we'll come back to Taiwan. But first let's get to the foreign hacking gangs, which is, I think probably did something like this. For example, the Russian speaking cyber gang called, I think it's Alf v Black Cat, hacked Change Healthcare, the subsidiary of United healthcare that processed 40% of all healthcare claims and caused chaos for providers and patients. A lot of this stuff is not as well known. Cause they try to keep it quiet, obviously. A few weeks ago, North Korean hackers known as the Lazarus group stole $1.5 billion in crypto. Alex, talk about the relationship between criminal gangs and foreign foreign adversaries like Russia, North Korea, Iran and China. Generally speaking, they do have the tacit permission of these governments to hit American targets.
Nicole Perlroth
It's more than tacit in a lot of ways. They're extensions. It's well documented that the Russians have used Russian organized crime to do some of their dirty work. Whether that's to channel hard currency or just muck around mischief. Make think about it from this way, when the Russians want their lawfully detained folks back. There have been a number of folks that have been cyber actors that were acting on behalf of the Ukrainian, of the Russian government. It wasn't because they were benign looking to repatriate their folks. It's because these were actors that were serving the Russian Federation. Yeah, exactly. So they're, they're on a string. They have some latitude to engage in their own criminal activity just to enrich themselves, but they are also oftentimes employed as part of the government apparatus. Same thing in Ukraine.
Kara Swisher
We'll be back in a minute. Support for on with Kara Swisher comes from Delete Me. All of us have had a moment in our life we wish we could just delete. Unfortunately, Internet doesn't work that way. And your sensitive information can live online for a long, long time. And a lot of that data can be collected and sold to the highest bidder by data brokers, which leads to identity thefts, phishing attempts, harassment, and unwanted spam calls. But Deleteme wants to help you protect your privacy. Delete Me is a hands free data removal service that will monitor and remove the personal information you don't want on the Internet. I've been using Deleteme for a while now and I have to say I am still surprised by how much personal information of mine is on the Internet. Super easy to delete information from your site. It is an endless test. It's like weeding the lawn or something like that. They always pop up again somewhere else. You can take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners. Get 20% off your delete me plan when you go to joinedeleteme.com Kara and use the promo code Cara at checkout. The only way to get 20% off is to go to JoinDeleteMe.com Kara and enter code Kara at checkout. That's JoinDeleteMe.com Kara CodeCara era support for this show comes from Smartsheet. You know the frustrating feeling when you're getting really into the flow of a work task and then you hear a little ping of a message notification. You then switch the screen, then you open a new application, then check the message, then click the link in the message. Whoops that Open a new application and your flow is totally broken. You're definitely not alone here. On average, this toggling between tasks and application adds about 9% of time spent working each year. Year. That's five whole work weeks. This distracting task switching is what Harvard Business Review calls the toggling tax, and it increases stress hormones, decreases focus, and makes it impossible to tap into that state of flow. That's where SmartSheet comes in. SmartSheet is the work management software, or workflows, where you and your team can plan, track and deliver their best work without toggling back and forth between multiple applications. Imagine what you could do with those five extra work weeks if your work had happened all in one place. Smartsheet the place where workflows. Visit smartsheet.com fox to learn more today.
E
FOX Creative this is Advertiser Content brought to you by Hanes, Bali and Maidenform.
Nicole Perlroth
They're more loose fitting than form fitting, so they're not the most attractive.
Michael Schmidt
They're tight.
Kara Swisher
They still fit.
E
Maybe my thigh, one thigh, it's stretched.
Kara Swisher
Out because, like, I do a lot of squats.
Nicole Perlroth
If I am wearing this in public, I am at my lowest of low.
Michael Schmidt
I'd be very embarrassed if anybody saw these old underwear.
E
Okay, we can admit it. We all have that one undergarment stashed in the back of the drawer that's just a bit past its prime. And maybe they are hot pink.
Michael Schmidt
They're definitely hot pink. Rainbow polka dots.
Kara Swisher
They're white. They have a red trim.
E
And you've probably had these ancient undies longer than you cared with admit, like maybe Since Middle School.
Nicole Perlroth
August 7, 2016 2012.
Michael Schmidt
They are very old, but I feel.
E
Like I've literally just never thrown them away. And maybe there's a reason your faded boxers or your stretched out bra has survived decades of closet cleanouts.
Nicole Perlroth
They remind me of a time when, you know, I was just getting started, beginning adulthood. There's a sense of nostalgia.
E
I get it changes hard, hard. But you are constantly evolving and it's time to let your underwear drawer evolve along with you.
Nicole Perlroth
So I think in order to toss.
E
Them out, I'd have to find a.
Nicole Perlroth
Replacement that fits my current style.
E
So toss that old undergarment you'd never let anyone see. And refresh your underwear drawer. Whether it's the comfiest boxers or bralettes from Hanes, beautiful and supportive bras from Bali, or sleek and seamless shapewear from Maidenform. There's something for everyone for that much needed undies up upgrade. Because if you wouldn't flaunt it, it's time to refresh it.
Kara Swisher
So, Nicole, in your podcast To Catch a Thief, you quote Rob Joyce, the NSA's former director of cybersecurity, says russia is Like a hurricane. But China is like climate change, right? Can you talk a little bit about that? What is our offensive against them? And walk us through their long term cyber strategy and defense for their end game.
Michael Schmidt
Yeah, I would say, you know, with China, they've been coming at us for a long time. They've been coming for our intellectual property. In some cases, we're only just beginning to see how that has manifested. You know, we don't talk about Nortel anymore, but it disappeared long ago and Huawei stole all of its business. And they've replicated that model across many different industries. Solar panels now, electric vehicles, electric vehicle batteries, genetically modified seeds. Over and over again, wherever you look. Now there is a hacking story that no one ever connected the dots back to this company's bankruptcy, but that is what's happening. And then they've added this critical infrastructure piece. And what's gnawing at me and why I did this whole podcast is that this is a very different actor from the one that I was covering at the New York Times 15 years ago. You know, when China was hacking the New York Times, they phished us. We didn't update our software. They took advantage of that. They weren't a very sophisticated actor, but these days there's no doubt in my mind that they have reached apex predator status. They are on par with what the US capabilities are. They have found a way to really utilize their authoritarianism to their advantage. You know, if you are a hacker in China and you are an elite hacker, you have been identified very early on in your student life. You are on a track. Maybe you work at a private company, maybe you work at Tencent, maybe you are a founder. Whatever you are, if you have these skills, you are now a gunslinger for the ccp. They can tap you on the shoulder at any time and bring you into these operations. And some of their best people do not work inside the PLA anymore or even inside the Ministry of State Security. They work through this loose satellite network of contractors, which makes attribution that much more difficult. And what have they done with this entire apparatus that they have built? They've infiltrated our telecommunication networks. The threat we call Salt Typhoon. They are inside our biggest telecommunication companies. We have not been able to get them out, and frankly, we probably never will. And now they are in our water and transport and pipeline and grid networks as well. So it's not a good situation. And now, in terms of what our capabilities are, I do think we've entered this new era of mutually assured digital destruction. And I was Actually very concerned when Putin invaded Ukraine, when we started escalating how much we were willing to support Ukraine with weapons and funding, that Russia didn't do more here. Right. That they didn't actually utilize the access they already have in too many cases to our pipeline networks and other critical infrastructure. And you would have to be a fly on Vladimir Putin's wall to understand why they didn't take advantage of that access. But I think it probably comes down to the fact that they know we are in their systems too. This idea that we're in their grid, we're in their pipeline networks as well. Now, one point that often gets overlooked when we talk about this is that essentially Cyber Command, which does these operations and nsa, et cetera, is limited by law from hacking certain civilian systems that could lead to mass casualties. So we actually have laws that prevent how much we can infiltrate our adversaries infrastructure. There are no laws like that in Russia and China. So it's not necessarily an even playing field.
Kara Swisher
So I saw you smile, Alex, about Russia as a hurricane. Can you talk a little bit about that? And also we've talked about Russian cyber operations in Ukraine. You mentioned Ukraine is successful, repelling many attacks, which means they're not as good. Right. If they're having trouble with Ukraine, they'll definitely have trouble with the US So does it give the US any lessons in how to fight back? Because I suspect we're pretty good at fighting off Russia at this point, or maybe not. But talk about this idea of Russia as a hurricane.
Nicole Perlroth
I think the fact is that it's a microcosm of the bigger deterrence that we've achieved with regards to Russia. They understand that. They do not want to provoke a direct confrontation. Now they'll dance around it. They'll, you know, issue threats, nuclear threats. They've got this doctrine called reflexive control that they've really tested over decades. They understand, you know, what happens when they threaten a nuclear escalation or an exercise size. We go to the, you know, the darkest place. We go to the consequence a nuclear war without understanding the probability. But with regards to lower threats, they believe that might be the way an escalation, a direct confrontation that could start us on a escalatory spiral. They have no interest in doing that. They're concerned about a direct confrontation with the West. You know, they do believe that we're in a lot of ways schizophrenic, but we're 10ft tall and we have lots of capabilities that we can employ, employ conventional cyber. And I think they Just are generally deterred by happy to make noise. But directly attacking the United States, that's a different kind of bar.
Kara Swisher
Different kind of bar, yeah.
Nicole Perlroth
Yeah.
Kara Swisher
So at the end of the day, it just, I think focus should be on China. As you all pointed out, it seems like the Chinese attempt, though, at reunification with Taiwan is one of the most likely events that could kick off a full fledged, not just cyber war, but other wars. What are the. What each of you, what are the chances that China invades Taiwan in the next five years? And if it does, we'll be able to defend against accompanying Chinese cyber attacks that will come probably before. Let's hear from each of you. Nicole first, then Michael and then Alex.
Michael Schmidt
I don't think it's inevitable, but why are they hacking into our water networks? Why are they hacking into these targets that have no espionage value whatsoever? The only reason you would go there is if you were looking to shut them down one day. And the thinking is that this is all pre positioning for an eventual invasion of Taiwan. Now, now Xi Jinping has basically made this part of his strategy. And he's talked a lot about reunification being inevitable. And I think he will see his success, his legacy, resting on whether Taiwan is quote, unquote, reunified. So the thinking is that in the next decade we might see China take action on this. Do I think it's gonna happen in the next two to three years? No. We've seen people like Milley come out, say that they think China would be ready to launch their attack by 2027. I don't think that means that they're going to actually launch that attack in 2027. I think five years, you know, maybe in the next decade, likely. I think the thinking is that they think this is somehow going to happen automatically, that Taiwan will just sort of acquiesce and stop being what they see as this renegade province. But we know that that is not how Taiwan sees things. And I do think cyber is going to be a big determinant of what happens here. When you look at just tsmc, they're not going to bomb Taiwan semiconductor. The thinking there is that to take it, they would hold it hostage with some kind of cyber attacks until they would basically hand over the keys.
Kara Swisher
Michael.
Lt. Col. Alexander Vindman
Look, I don't know how to. It's hard to predict the future. I guess what I would say is that the thing that concerns me the most is that we seem to be in increasingly sort of fragile position where any sort of signal or any sort of miscommunication can set something off. And the more and more that, you know, Trump increases the pressure on our foreign adversaries, whether that's through something as simple as tariffs or through his rhetoric. I just think that you're in a situation where something is more likely to be misconstrued. There's a ton of rhetoric, for example, going on right now between the administration and Canada. Right. Trump is saying all these things about Canada that are outside the norms of what politicians have said about Canada for decades, if not longer. And in that type of situation, you wonder if there is some sort of issue at the border or if there's some sort of miscommunication, what will the response be?
Kara Swisher
Right. So, Alex, obviously Russia has paved the way for this with Ukraine, although some people say that the situation in Ukraine has been a deterrent for China to move in there, even if they may engage in cyber attacks. Is that something they're looking at what's happened in Ukraine from your perspective?
Nicole Perlroth
They're carefully looking at it. And I think there was a significant level of deterrence based on the consolidated response of the democratic world imposing costs, Russia failing to achieve its military objectives. That looks like it's eroding three years on under the Trump administration. I think what Xi might be considering here is two different things. I think there was a lot of rhetoric about the decadence and decline of the west, but the reality is that the economy in China was slowing down. And maybe there was a diminished closing window of opportunity community where China felt strong enough to take action. That 2027 mark could have been important in that regard. But the reality, things have changed in a significant look like they might change in a significant way in that the Trump administration is breaking our alliances. And that's not just in Europe with NATO, frankly, we're unreliable to our Indo Pacific allies. The Japanese and South Koreans are thinking that they need to be much more working much more tightly together. Same thing with Australians. And in that kind of environment, watching things unfold over the next several years as they build up capabilities, there's a decision point somewhere in that last year whether the window is closing or it's likely to expand over the course of the subsequent decade or so. So I don't think we're in the next year or two where there, I think in the waning days of the Trump administration, if there's a deal to be had, that might be an opportunity, a narrow opportunity for the Chinese or it could be in the aftermath. So I'd say short to medium term might be okay, but in the medium to long Term things could get dangerous for Taiwan in particular and the noise coming out of the administration. I'm not sure how many people caught Albert Colby's testimony. He's uber China hawk for Under Secretary of Defense. He basically said the game is not about securing Taiwan, it's about preventing Chinese dominance in the Indo Pacific, which is a huge turn for him. And that, you know, that is an interesting signal, aligning closer with the Trump administration and not putting all our eggs on securing Taiwan.
Kara Swisher
Right, yeah, that was interesting. So I wanna shift gears then to talk about how Trump and DOGE are affecting America's ability to defend itself from cyber attacks and national security agencies, agency houses, the U.S. cyber Command. And this month Elon Musk met with the head of NSA for a conversation that was reportedly centered on staff reductions and operations. DOGE already spearheaded cuts at cisa. Nicole, talk us through these cuts and any future reductions in staffing affect overall preparedness, even if the leadership those agency get it. As you said earlier, just for people don't understand, it's not just cuts at cisa. There are cybersecurity security pros, agencies across the federal government that work on securing specific agency systems. And so when their jobs get cut, it further degrades cyber capabilities. Although the White House recently emailed agency telling to avoid laying off cybersecurity staffers. So they seem to have some understanding that it's a problem. And then Michael, I have a follow up question for you on this. But talk about these DOGE cuts because you wrote me right away when they started going, oh no, yeah, I mean.
Michael Schmidt
We have have a crazy cyber workforce shortage in this country already, already. And where that becomes most critical is on cyber defense inside government. And so I have spent a lot of effort over the past four years trying to figure out what would it take to get our best and brightest at some of these private security firms, people who work in security at Google, Microsoft, et cetera, to do a tour of duty inside government. And it's really difficult, Right? They all have stock they don' want to give up, they don't want to go work in a bureaucracy. They're getting paid really well to work at these companies. And they see the most interesting threat data because in many cases China comes first for Microsoft, as they did in 2023 or Google. So it takes a lot to get these people inside government. And what's really disturbing is to see how viciously we've been firing them. We need those people at cisa. We've never needed them more desperately inside government in these roles. And so it's become a real national security threat. Some of these Doji cuts. And yes, there have been these sort of memos sent out saying refrain from cutting cyber people. Well, it's too late. These people who've been fired, they're not gonna come crawling back.
Kara Swisher
No.
Michael Schmidt
To take these jobs. They have many other options. And so that's a big problem now on some of this reporting that Cyber Command has been told to stand down on some of its offensive planning operations around Russia. When I first read that, to be honest with you, I almost went into threw up. You know, this is like I said, we are in a mutually assured digital destruction.
Kara Swisher
We have to keep up the pressure.
Michael Schmidt
We have to keep up what they call active defense or forward defense, otherwise we're really screwed here. Now, I have heard in talking to people who are in the know that actually this isn't what it sounds like, that actually, you know, as part of any negotiation with a, with a foreign actor, it is standard practice to basically stand down, down on some of these operations as we are trying to come up with a deal on Ukraine. And so this might be more standard operating procedure than it is Trump telling the people to basically stand down on any kind of offensive cyber planning or operations. And let's hope that's all it is.
Kara Swisher
Let's hope. Well, we'll see. We'll be back in a minute.
Nicole Perlroth
This week on Unexplainable.
Lt. Col. Alexander Vindman
I, like decided, I don't know, at some point in high school that I.
Michael Schmidt
Would dedicate my life to trying to.
Lt. Col. Alexander Vindman
Do as much good as possible. How a group of moral philosophers started a movement.
Michael Schmidt
I think it appeals to young people. I think it feels like you can do anything whose mission. I think AI is one of the biggest threats, but I think we can aspire to guide it in a direction.
Nicole Perlroth
That'S beneficial to humanity to prevent the AI apocalypse. I'm like, damn, I think I can.
Lt. Col. Alexander Vindman
Actually move the needle on this good robot.
Nicole Perlroth
A four part series about AI from Julia Longoria and Unexplainable wherever you listen.
E
This week on the Vergecast, we have questions about smartphones. Questions like why isn't Siri better? And where is the better Siri that Apple has been promising for a long time? Questions like, why are all of our smartphones kind of boring now? And why is it that all of the interesting ideas about how smartphones could look or how they could work or what they could do for you happening in countries like China and not in the United States States. We have answers and we have some thoughts and we also have a lot of feelings about what a smartphone is actually supposed to be in our lives. All that and much more, much, much more on the Vergecast Wherever you get.
Lt. Col. Alexander Vindman
Podcasts, I'm Josh Muccio, host of the Pitch, where startup founders raise millions and listeners can invest. For lucky season 13, we looked at 2000 companies and selected 12 of the very best founders founders to pitch in Miami.
Michael Schmidt
They flew in from all over the.
Nicole Perlroth
Country and the world.
Kara Swisher
My name is Michele and I'm from Italy. I'm originally from Medellin, Columbia.
Lt. Col. Alexander Vindman
I was born and raised in Maysville, Kentucky.
Michael Schmidt
I'm from Baltimore, Maryland and I am from Finland.
Nicole Perlroth
This season we're diving even deeper into.
E
The human side of venture as these.
Lt. Col. Alexander Vindman
Founders pitch the sharpest early stage VCs in the game.
Kara Swisher
I normally don't like ed tech, but.
Michael Schmidt
I really like you.
Kara Swisher
I echo those sentiments.
Michael Schmidt
I do want to push back, though. Toughen up there, lady. That's healthcare.
Nicole Perlroth
I feel like I'm the lone dissenter.
Kara Swisher
Ooh, Charles, spicy. So I'm out.
Michael Schmidt
I'm sure when they air this episode, they'll be like, Charles was really dumb.
Kara Swisher
For those who can't see, my Jaw is currently on the floor.
Nicole Perlroth
Season 13 of the pitch is out now.
Lt. Col. Alexander Vindman
Episodes are available to watch on YouTube.
E
Or listen on your podcast player of choice.
Nicole Perlroth
So subscribe to the Pitch right now.
Kara Swisher
So aside from cuts, DOGE itself is gaining access to government databases with extremely sensitive information. They seem to be violating protocols and regulations while they're doing it. Michael, talk about that risk that it it poses, because this is. I mean, they seem to do one every day, largely probably out of ignorance. Who knows what they're taking. Some of these people have sketchy backgrounds themselves and love a good secret. You know, I know these types talk a little bit about the worries you have here.
Lt. Col. Alexander Vindman
I think it's an interesting political calculation by Trump, and I'm not saying that that much thought went into it, but I understand that part of his desire is to, and must desire, at least what they say is to like remake the federal government. But in the process, it certainly looks like they're destroying parts of it. And maybe in the end that results in better government. I'm open minded to that. But in the short term, I think that's a big political risk because it looks like they're doing it in a haphazard way. And it doesn't look like the Republicans on Capitol Hill have any interest in trying to understand that or to hold them accountable for that. And that's. I Think another thing in the whole thing is that they're going about it in a way that looks haphazard. And if something were to go wrong, wrong, tying the lines directly back to them by the, you know, that, that the media or the Democrats would do, looks like it would be pretty easy. So I, I do think that is a big political risk. But look, I mean, Trump often proves us wrong.
Michael Schmidt
Yeah, let me just jump in real quick. Yeah. You know, I think actually the security blogger Brian Krebs has done a great job covering some of this and he, and he's called it, you know, the great national hack. And that is really what it is. I mean, you have to think back to there was a Chinese hack attack on the Office of personnel management, OPM, right, about 10 years ago, and it was a huge counterintelligence win for China. They basically got into the system. They could see everyone who ever applied for a security clearance, and then they've baked in machine learning and AI so that they can do these pairings. So anytime there is an American person, whoever, who once applied for a security clearance traveling repeatedly to the same place as a Chinese citizen, well, now that Chinese citizen is put on a list of suspected CIA informants and you start to see how you could break down our entire intelligence apparatus that way in China. And that's what they've been doing. And so now what you have is you have Doji sending in 19 year olds, 21 year olds with their own little, you know, Rupe Goldberg server, plugging it in and basically like doing whatever they want at these agencies. There is no way that these people have not been identified and compromised on some level level, and that foreign actors in sophisticated nation states are taking advantage of this, and we have to look at it in that way. And I'm surprised that there are not people inside this administration who aren't sounding alarms over this. It really is a very real security risk.
Kara Swisher
How many big balls jokes do we have to tell before we realize this guy's a creepy, creepy, you know, he's making copies of everything. I'm like sitting there like he's. And it's on a hard drive that he hands to his mother or something. Anyway, I know, right? Right. You know how sloppy one of the great lies in Silicon Valley is, how precise they are. They're not precise in any way. They're actually quite sloppy. And then they're venal at the same time. So, Alex, I have to ask about Elon's attacks against you. He has posted X that you're a Traitor, a puppet, a puppeteer. You've committed treason. Now I've been attacked by Elon for a long time now and it's pretty vicious. He calls me, said my heart is seething with hate, which it isn't. But I'd like you to talk about that just briefly. And as Nicole already mentioned, we're not sure has halted Pentagon cyber operations against Russia earlier this month, which was denied by the dod. Is that Elon too or what is happening there?
Nicole Perlroth
Sure. So I think it's a little bit of smoke and mirrors kind of this idea that we're going to halt offensive cyber operations. It sounds good that we're in the midst of sensitive negotiations. That's actually not necessarily the way it plays out. We are just moving much more. This is a knee jerk reaction from an administration that is filled not with the practitioners that had the first go around that would be a little bit more surgical and methodical, probably be continue operations and maybe do some sort of reviews, maybe an extra layer of caution around things that could derail the kinds of negotiations that they're undertaking. But I think that's an afterthought because there was a blowback on this idea of halting defense. It just doesn't ring true. We conduct all sorts of different operations against adversaries. This is one in which there is constant attacks against our allies, against Dato and to halt all operations. That that's not the way it works. The other thing is, you know this. I don't understand how Elon is a successful businessman. I just don't, I don't understand that what he's doing with Doge is, I see it as just completely destructive. There's no element of efficiency unless you're just literally working on chipping away at the bottom line to return dollars to the federal budget. Because it's usually largely starts with probationary employees across the board, regardless of what kind of sensitive jobs that they're doing at NNSA or CISA or any other place. So it is not in any way bringing around efficiency. I don't understand taking down the Wilson center in Kennan Institute that studies Russia, how that works, Voice of America, our ability to compete in the information domain, you know, around the world, how that, how that's helping. These are not steps towards efficiency. This is potentially taking a hatchet to the way that the US employs both hard power and soft power. With regards to me specifically, you know, I guess I, I, I, I. My wife says I tend to piss people off.
Kara Swisher
Right.
Nicole Perlroth
So you know, I guess I pissed off the most powerful man in the world and the richest man in the world at very various points. I don't really take these folks all that seriously at the moment. There are obviously lots of nefarious actors that have been brought into this administration. I'm unmindful and I don't think I'm at the top of that list. You know, you might be more, you could be higher on that list than I am, Kara. But if they want to pick this fight, I've got nothing to hide. I would make it ugly for him. I mean, just think about the congressional testing. They came at me on my area of expertise that really, in a lot of ways I'm kind of untouchable on if they want to pick this fight, it's probably going to get ugly.
Kara Swisher
So last two quick questions. Trump administration is reportedly looking into a deal to let Oracle run TikTok. Obviously this is something I thought they would go with because they already were with Oracle and Project Texas. JD Vance and Mike Walls are leading Texas Project 2. I guess what they're trying to figure out, but there's virtually no way to ensure the Chinese government doesn't have a backdoor or access to American user data on TikTok unless they completely don't bring the algorithm over. Nicole, you said you'd never download the app and deserved urgency with which it was treated. Obviously Congress voted to ban it, so that's what they wanted to do. Whether you agree with that or not, I'd love you to talk about very briefly about TikTok. And do you think it's as big a deal and what do you imagine is going to happen. Happen to it?
Michael Schmidt
Yeah. It turns out they're. They're China hawks who happen to love TikTok. You know, I wish that, that the White House and this is across administrations would declassify the security risks that they've seen around TikTok. It is not effective to go out there and say Huawei is a national security threat if you use Huawei when it's so much cheaper than the competition. Or to say the same about tech when honestly it's more fun than any of the other social apps I've used. I finally downloaded it and then I quickly undownloaded it.
Kara Swisher
On your phone?
Michael Schmidt
On my phone, yeah. Going into the election. I know, I know you need the.
Kara Swisher
Fake phone like Kara Swisher.
Michael Schmidt
It's not on there anymore.
Kara Swisher
I told you this five years ago, Nicole. Goodness.
Michael Schmidt
But let me just say this. I have heard stories, too many stories now about people who are in Sensitive positions inside government whose wives and kids have been hacked, potentially through their access to TikTok. Okay, so it is a very real security risk. Now, will it be less of a security risk if it is owned and operated by a US Company? Yes, potentially. But you know, what I really worried about with TikTok was more on the misinformation front that they would tweak the algorithm. So, yeah, one day China invades Taiwan and, oh, there are college protests supporting it. And we have no idea how that happened. And there had just been a subtle tweak of the algorithm to basically serve up, you know, pro PRC content. But. But I also worry about the backdoor issue and. And I don't know, it's a big question mark. I think a lot about my old college buddy Mike Gallagher, who headed up the China Committee and is now outside.
Kara Swisher
Of government, crying inside.
Michael Schmidt
Yeah, he, you know, he spent so much effort on TikTok, and now to sort of watch people in his own party say, nevermind, you know, we're okay with this and we're gonna save. It probably has to hurt a little bit. So.
Kara Swisher
It does.
Michael Schmidt
I don't know.
Kara Swisher
I can tell you it does. I can tell you it does. Also, that J.D. vance, the world's most unsuccessful tech venture capitalist, is running the process. Really makes me feel good. I'm sure we'll get a great deal. Anyway. Last question. Zero Day raises the question of national security versus civil liberties in the face of a cyber attack. But what would happen to US Civil liberties if there's a serious cyber attack while Trump is president?
Lt. Col. Alexander Vindman
All three of you, I think that if there were to be an attack, that the response of the country, as I was saying, would be incredibly unpredictable, and what Trump would do would be unpredictable. And it seems like a lot of classical issues in the post 911 world, like civil liberties, sort of got lost in the trap. Trump era, that was a big debate. And during the war on terror, like, you know, what does civil liberties mean? And such. But when Trump, you know, rose to power and then even when he was out of power and back, those classical arguments sort of went by the wayside. So in. In the sense of the show, it was a way of raising that issue and saying, okay, what about the good old question of civil liberties? And. And what would that mean? And if there was an attack, would the government seize back power? And I think if we've seen anything based on Trump, Trump's basically willing to do anything here in this second term. And the people who would say no to him are no longer in the room.
Kara Swisher
Right. So worse. Worse than was already portrayed fictionally, Nicole.
Michael Schmidt
So, and I apologize because this is a little bit of a technical answer, but it's as technical as I'll go. You know, how is China infiltrating our infrastructure? They are using our civil liberty protections against us. They've actually hacked a lot of these systems by hack home routers and home office routers that have stopped getting patches and we call that legacy software. Right. And then they hack into these systems through like someone's house in Indianapolis. So that when you're the water operator, water treatment plant operator, you see this little traffic coming from some house down the street in Indianapolis, you don't think twice about it. You would never suspect it's a Chinese state sponsored hacker. Right. And so we are really not set up well to be resilient against these threats because our adversaries have figured out that our Fourth Amendment protections are actually very exploitable. And so if there were to be some kind of full scale conflict where we would see this, everything everywhere, all at once cyber attack scenario play out, it's an interesting question, like how do we defend ourselves when so much of this is coming in through American homes where the NSA and other agencies just don't have visibility. You know, we really are handcuffed when it comes to cyber defense. And I don't know how those would play out. But you know, the Fourth Amendment is still the fourth Amendment and you know, for now it's still holding. And so that is actually why it is really disturbing that we are seeing these reports of Cyber Command and other agencies being told to stand down on our own pre operational planning. Because all we really have in the United, United States when we're blind to our own domestic traffic, is the ability to hack these systems back overseas and to basically create pain for any adversary that would choose to create pain here.
Kara Swisher
Alex, why don't you finish up?
Nicole Perlroth
I think for me it's pretty simple. I see autocrats seeing opportunity in crisis and chaos. So I think that's just an opportunity for power grab. I've started watching Zero Day and basically very quickly you see the legislative branch ceding authorities. I'm not sure what other authorities can be ceded to this president. I mean, he's already has immunity for all official acts, but I think there's just an enormous opportunity. Depending on where it lands in the timeline, that could mean delayed elections. If it happens to land in 2020, it could mean, you know, if there is chaos and looting, that's the last.
Kara Swisher
That'S actually the perfect time to do a cyber attack would be right before the election.
Nicole Perlroth
So no ideas. Sorry, I shouldn't have said that. But I think in a moment where you're seeing civil unrest as a result of, you know, services collapsing, you could see, you know, martial law and suspension of posse comitatus or something of that nature. So a lot of dangerous in that kind of crisis.
Kara Swisher
Okay, well just watch zero days. Cause it gets better. And the legislative, you'll see what they do. You'll see right what happens. They've got a little more fire than you think they do, but not maybe in a good way. We'll see. You should all watch it. And everybody please watch and read all these people. As I said, Alex's new book is called the Folly of Realism and Nicole's new documentary podcast is called To Catch a Thief. I recommend all of them and I really appreciate you all, even though the channel topic is dire. Thank you. On with Kara Swisher is produced by Christian Castro, Russell, Kateri Yocum, Dave Shaw, Megan Burney, Megan Cunain and Kaylin Lynch. Nishat Kurwa is Vox Media's executive producer of audio. Special thanks to Maura Fox. Our engineers are Rick Kwan and Fernando Arruda and our theme music is by Trackademics. If you're already following the show, you have reached apex predator status. If not, watch out for your teenager as a security risk. Go wherever you listen to podcasts, search for on with Kara Swisher and hit follow. Thanks for listening to on with Kara Swisher from New York Magazine, the Vox Media Podcast Network, and us. We'll be back on Monday with more.
Podcast Summary: "Is America Ready for a Full-Blown Cyberwar?"
On with Kara Swisher
Host: Kara Swisher
Guests: Nicole Perlroth, Michael Schmidt, Lt. Col. Alexander Vindman
Release Date: March 20, 2025
Duration: Approximately 58 minutes
In this compelling episode of On with Kara Swisher, host Kara Swisher engages in a no-holds-barred discussion with three esteemed experts—Nicole Perlroth, a cybersecurity journalist and founder of Silver Buckshot Ventures; Michael Schmidt, a Pulitzer Prize-winning investigative reporter; and Lt. Col. Alexander Vindman, former Director of European Affairs for the National Security Council. The panel delves into the pressing issue of cybersecurity vulnerabilities in the United States and the alarming potential for a full-blown cyberwar.
Kara initiates the conversation by asking each panelist to identify what they believe is America’s most pressing cybersecurity vulnerability.
Michael Schmidt (04:10): Highlights the shift from isolated ransomware attacks, like the Colonial Pipeline incident, to pervasive infiltration by state actors, primarily China. He warns of an “everything everywhere all at once” scenario where multiple critical infrastructures—pipelines, water systems, transportation networks—are simultaneously compromised.
"What we're really worried about right now is what we call the everything everywhere all at once cyber scenario... simultaneously on gas, water networks." (04:54)
Lt. Col. Alexander Vindman (04:59): Focuses on the nation’s preparedness to respond to catastrophic cyberattacks, drawing parallels to the collective response post-9/11. He emphasizes the lack of unified national strategies and the potential societal fragmentation during crises.
"If society doesn't have an understanding of what's going on around it, it's less likely to make the right decisions." (06:00)
Nicole Perlroth (06:02): Discusses adversaries' perspectives, noting that cyber threats are part of broader information confrontations. She criticizes the fragmented and often politicized responses from the federal government, which add chaos and hinder effective countermeasures.
"We don't have a predictable, reliable response from the federal government. Potentially it's fractured and localized with different narratives about who the aggressive actor is." (06:59)
To illustrate the gravity of the cyber threat, the panel references Michael Schmidt's Netflix political thriller "Zero Day," which portrays a devastating cyberattack on U.S. infrastructure.
Michael Schmidt (07:30): Describes the show's premise, involving widespread outages and hijacked systems leading to mass casualties.
"We received reports not only of widespread outages impacting multiple regional power grids... resulting in collisions and mass injury." (07:30-07:59)
Lt. Col. Alexander Vindman (08:19): Expresses a mix of hope and skepticism regarding the show's impact, acknowledging the difficulty in conveying the complexities of cyber threats to the public.
"What the show allowed me and the other creators to do was to show you what this looks like... in a way that no testimony from someone on Capitol Hill could give you." (09:55)
The panel discusses whether such narrative fiction effectively raises public awareness or is merely perceived as entertainment, with Vindman hoping it serves educational purposes despite acknowledging it may be seen as a sci-fi thriller.
Nicole Perlroth introduces her documentary podcast, To Catch a Thief, which examines China's strategy to dominate cyber domains by stealing intellectual property (IP) and infiltrating critical infrastructure.
Nicole Perlroth (10:37): Critiques the Trump administration’s cuts to the Cybersecurity and Infrastructure Security Agency (CISA), highlighting the degradation of national cybersecurity posture.
"We need 12 people covering cybersecurity. I am one person... Nothing beyond like last week." (10:37-11:42)
Michael Schmidt (11:42): Emphasizes the institutional failures in media and government to adequately cover and address cybersecurity threats, noting a substantial workforce shortage in the sector.
"We've never needed them more desperately inside government in these roles. And so it's become a real national security threat." (40:34)
Perlroth elaborates on China’s long-term cyber strategies, including infiltrating telecommunication networks and leveraging AI to enhance hacking capabilities. She warns of a "mutually assured digital destruction" scenario, where both the U.S. and China possess extensive cyber warfare capabilities.
"They have reached apex predator status... no doubt in my mind that they have reached apex predator status." (26:55-30:27)
The panel discusses the lack of sustained legislative and institutional focus on cybersecurity.
Michael Schmidt (10:37): Criticizes the media and government for insufficient coverage and prioritization of cybersecurity, stressing the need for dedicated resources and personnel.
"We have failed at every institutional level to convey just how serious this threat is." (10:37)
Nicole Perlroth (22:24): Argues that cybersecurity remains a bipartisan issue but is losing traction on the political right due to its politicization, particularly in the context of the 2020 elections and the handling of election security narratives.
"Cybersecurity is still a bipartisan issue... but they're running the table." (12:07-12:28)
The discussion underscores the urgent need for cohesive government strategies and sustained legislative attention to bolster national cybersecurity defenses.
Drawing parallels from the Russia-Ukraine conflict, the panel explores the implications for Taiwan and broader U.S. cybersecurity defense.
Nicole Perlroth (32:35): Reflects on how the collective Western response to Russia has evolved deterrence mechanisms and compares it to China’s potential threat to Taiwan. She expresses concern over the erosion of alliances and the unpredictable stance of current administrations.
"Xi might be considering... whether the window is closing or it's likely to expand over the course of the subsequent decade." (35:37)
Michael Schmidt (32:35): Predicts that China's cyber aggression towards critical infrastructure is likely a prelude to potential military actions against Taiwan within the next decade.
"In the next decade we might see China take action on this... Taiwan semiconductor... hold it hostage with cyber attacks." (34:14)
Lt. Col. Alexander Vindman (35:37): Highlights the fragility of current geopolitical communications and the increased likelihood of miscommunications leading to conflicts.
"It's an interesting question... You're blind to our own domestic traffic." (35:37)
The panel emphasizes that while immediate large-scale cyber warfare may not be imminent, the strategic positioning and cyber activities suggest a looming threat to Taiwan, necessitating robust defenses.
The discussion shifts to the potential of domestic groups exploiting cyber tools, exacerbating political tensions.
Lt. Col. Alexander Vindman (17:33): Points out that cyber tools can be misappropriated by domestic actors, not just foreign states, especially in a politically volatile environment.
"The threat of this is everywhere... it can rear its head from anyone in any different ways." (17:33)
Nicole Perlroth (26:37): Explains how stolen or misused technology, combined with AI, lowers the barrier for non-state actors to execute sophisticated cyberattacks, complicating national security responses.
"AI is another element here. It can lower the barrier to entry for hackers." (18:05)
The panel warns that as cyber capabilities become more accessible, internal threats could destabilize critical infrastructure and amplify political divisions.
Artificial Intelligence (AI) emerges as a double-edged sword in the realm of cybersecurity.
Nicole Perlroth (26:55): Discusses how AI enhances both offensive and defensive cyber capabilities, making cyber tools more potent and versatile for adversaries.
"AI enabled military systems are vulnerable in the way traditional systems aren't." (18:05)
Michael Schmidt (20:18): Argues that AI-powered tools are democratizing cyber warfare, allowing even non-technical individuals to launch effective attacks through accessible ransomware and hacking services.
"The barrier to entry only gets lower every day because... with AI, it's really hard." (20:18)
The panel highlights the transformative impact of AI on cybersecurity, emphasizing the urgent need for advanced defensive measures to counter AI-empowered threats from both state and non-state actors.
The episode explores the symbiotic relationship between foreign hacking gangs and state actors.
Nicole Perlroth (21:27): Clarifies that groups like Russian organized crime are extensions of their governments, executing cyber operations that align with national interests while also pursuing personal gains.
"They are extensions. It's well documented that the Russians have used Russian organized crime to do some of their dirty work." (21:27)
Michael Schmidt (22:24): Extends the discussion to other state actors like North Korea, indicating that these groups often operate under tacit or direct state authorization, blurring the lines between criminal and military cyber activities.
"They have some latitude to engage in their own criminal activity just to enrich themselves, but they are also oftentimes employed as part of the government apparatus." (22:24)
The panel underscores the complexity of attributing cyberattacks due to the intertwined nature of criminal gangs and state-sponsored operations, complicating governmental response strategies.
The conversation turns critical as the panel examines the Trump administration's policies affecting cybersecurity infrastructure.
Nicole Perlroth (38:56): Details the administration’s cuts to CISA and other cybersecurity agencies, arguing that these reductions have severely weakened national defenses.
"These cuts... have further degraded cyber capabilities." (38:56)
Michael Schmidt (40:13): Discusses the exacerbation of workforce shortages caused by the administration's firing of seasoned cybersecurity professionals, hindering effective cyber defense and offensive operations.
"We've been firing them. We need those people at CISA... It really is a very real security threat." (40:34)
Lt. Col. Alexander Vindman (44:32): Critiques the administration's campaign against cybersecurity experts and the undermining of governmental cyber operations, labeling it a significant political risk.
"They are destroying parts of it... there's no longer someone... holding the line on this anymore." (44:32)
The panel emphasizes that political interference and administrative mismanagement have critically undermined the U.S.’s cybersecurity infrastructure, rendering the nation more vulnerable to both external and internal attacks.
The discussion addresses the national security implications of Chinese-owned platforms like TikTok.
Michael Schmidt (51:33): Explains the security risks associated with TikTok, including potential data backdoors and algorithm manipulation for misinformation campaigns, particularly concerning foreign policy crises.
"They would tweak the algorithm to basically serve up pro-PRC content." (52:07)
Nicole Perlroth (50:03): Criticizes attempts to mitigate TikTok’s risks by transferring ownership to U.S. companies, arguing that it does not eliminate the inherent security vulnerabilities.
"There's no way to ensure the Chinese government doesn't have a backdoor or access to American user data." (50:03)
The panel concurs that while measures like U.S. acquisition might reduce some risks, the underlying vulnerabilities of foreign-owned applications like TikTok continue to pose significant threats to national security.
The episode concludes with concerns over the balance between national security measures and civil liberties in the event of cyberattacks.
Lt. Col. Alexander Vindman (54:01): Warns that in the face of severe cyberattacks, there might be unprecedented government overreach compromising civil liberties, especially under a Trump presidency.
"What's Trump would do would be unpredictable... suspension of posse comitatus or something of that nature." (54:58)
Michael Schmidt (55:02): Raises technical concerns about U.S. cyber resilience, noting that Fourth Amendment protections inadvertently aid foreign adversaries by limiting surveillance and defensive capabilities.
"We are really not set up well to be resilient against these threats because our adversaries have figured out that our Fourth Amendment protections are actually very exploitable." (55:02)
Nicole Perlroth (57:45): Highlights the risk of autocrats exploiting crises to enact power grabs, potentially leading to martial law or delayed elections in the wake of cyber-induced chaos.
"In a moment where you're seeing civil unrest as a result of services collapsing... a lot of dangerous in that kind of crisis." (57:45)
The panel underscores the precarious balance between enhancing national cybersecurity and safeguarding individual freedoms, cautioning against potential authoritarian responses during cyber crises.
Kara Swisher wraps up the episode by reiterating the dire cybersecurity threats facing the United States and the multifaceted challenges in addressing them. She encourages listeners to engage with the panelists' works—Alexander Vindman's The Folly of Realism and Nicole Perlroth's To Catch a Thief—to deepen their understanding of the complex cyber landscape.
"I really appreciate you all, even though the panel topic is dire. Thank you." (58:09)
The episode serves as a stark warning about the escalating cyber threats and the urgent need for cohesive strategies, robust defenses, and unwavering commitment to both national security and civil liberties.
Notable Quotes:
Michael Schmidt (04:54):
"What we're really worried about right now is what we call the everything everywhere all at once cyber scenario... simultaneously on gas, water networks."
Lt. Col. Alexander Vindman (06:00):
"If society doesn't have an understanding of what's going on around it, it's less likely to make the right decisions."
Nicole Perlroth (06:59):
"We don't have a predictable, reliable response from the federal government. Potentially it's fractured and localized with different narratives about who the aggressive actor is."
Nicole Perlroth (26:55):
"They have reached apex predator status... no doubt in my mind that they have reached apex predator status."
Michael Schmidt (40:34):
"We've been firing them. We need those people at CISA... It really is a very real security threat."
Lt. Col. Alexander Vindman (54:58):
"What Trump would do would be unpredictable... suspension of posse comitatus or something of that nature."
Recommendations:
Stay informed and vigilant as cyber threats continue to evolve, posing significant risks to national security and individual freedoms.