Podcast Summary: "Is America Ready for a Full-Blown Cyberwar?"

On with Kara Swisher
Host: Kara Swisher
Guests: Nicole Perlroth, Michael Schmidt, Lt. Col. Alexander Vindman
Release Date: March 20, 2025
Duration: Approximately 58 minutes

1. Introduction

In this compelling episode of On with Kara Swisher, host Kara Swisher engages in a no-holds-barred discussion with three esteemed experts—Nicole Perlroth, a cybersecurity journalist and founder of Silver Buckshot Ventures; Michael Schmidt, a Pulitzer Prize-winning investigative reporter; and Lt. Col. Alexander Vindman, former Director of European Affairs for the National Security Council. The panel delves into the pressing issue of cybersecurity vulnerabilities in the United States and the alarming potential for a full-blown cyberwar.

2. America's Most Worrisome Cybersecurity Vulnerabilities

Kara initiates the conversation by asking each panelist to identify what they believe is America’s most pressing cybersecurity vulnerability.

• Michael Schmidt (04:10): Highlights the shift from isolated ransomware attacks, like the Colonial Pipeline incident, to pervasive infiltration by state actors, primarily China. He warns of an “everything everywhere all at once” scenario where multiple critical infrastructures—pipelines, water systems, transportation networks—are simultaneously compromised.

  "What we're really worried about right now is what we call the everything everywhere all at once cyber scenario... simultaneously on gas, water networks." (04:54)

• Lt. Col. Alexander Vindman (04:59): Focuses on the nation’s preparedness to respond to catastrophic cyberattacks, drawing parallels to the collective response post-9/11. He emphasizes the lack of unified national strategies and the potential societal fragmentation during crises.

  "If society doesn't have an understanding of what's going on around it, it's less likely to make the right decisions." (06:00)

• Nicole Perlroth (06:02): Discusses adversaries' perspectives, noting that cyber threats are part of broader information confrontations. She criticizes the fragmented and often politicized responses from the federal government, which add chaos and hinder effective countermeasures.

  "We don't have a predictable, reliable response from the federal government. Potentially it's fractured and localized with different narratives about who the aggressive actor is." (06:59)

3. Using Fiction to Raise Awareness: "Zero Day"

To illustrate the gravity of the cyber threat, the panel references Michael Schmidt's Netflix political thriller "Zero Day," which portrays a devastating cyberattack on U.S. infrastructure.

• Michael Schmidt (07:30): Describes the show's premise, involving widespread outages and hijacked systems leading to mass casualties.

  "We received reports not only of widespread outages impacting multiple regional power grids... resulting in collisions and mass injury." (07:30-07:59)

• Lt. Col. Alexander Vindman (08:19): Expresses a mix of hope and skepticism regarding the show's impact, acknowledging the difficulty in conveying the complexities of cyber threats to the public.

  "What the show allowed me and the other creators to do was to show you what this looks like... in a way that no testimony from someone on Capitol Hill could give you." (09:55)

The panel discusses whether such narrative fiction effectively raises public awareness or is merely perceived as entertainment, with Vindman hoping it serves educational purposes despite acknowledging it may be seen as a sci-fi thriller.

4. China's Cyber Strategy and Infrastructure Infiltration

Nicole Perlroth introduces her documentary podcast, To Catch a Thief, which examines China's strategy to dominate cyber domains by stealing intellectual property (IP) and infiltrating critical infrastructure.

• Nicole Perlroth (10:37): Critiques the Trump administration’s cuts to the Cybersecurity and Infrastructure Security Agency (CISA), highlighting the degradation of national cybersecurity posture.

  "We need 12 people covering cybersecurity. I am one person... Nothing beyond like last week." (10:37-11:42)

• Michael Schmidt (11:42): Emphasizes the institutional failures in media and government to adequately cover and address cybersecurity threats, noting a substantial workforce shortage in the sector.

  "We've never needed them more desperately inside government in these roles. And so it's become a real national security threat." (40:34)

Perlroth elaborates on China’s long-term cyber strategies, including infiltrating telecommunication networks and leveraging AI to enhance hacking capabilities. She warns of a "mutually assured digital destruction" scenario, where both the U.S. and China possess extensive cyber warfare capabilities.

"They have reached apex predator status... no doubt in my mind that they have reached apex predator status." (26:55-30:27)

5. Institutional Failures and Legislative Priorities

The panel discusses the lack of sustained legislative and institutional focus on cybersecurity.

• Michael Schmidt (10:37): Criticizes the media and government for insufficient coverage and prioritization of cybersecurity, stressing the need for dedicated resources and personnel.

  "We have failed at every institutional level to convey just how serious this threat is." (10:37)

• Nicole Perlroth (22:24): Argues that cybersecurity remains a bipartisan issue but is losing traction on the political right due to its politicization, particularly in the context of the 2020 elections and the handling of election security narratives.

  "Cybersecurity is still a bipartisan issue... but they're running the table." (12:07-12:28)

The discussion underscores the urgent need for cohesive government strategies and sustained legislative attention to bolster national cybersecurity defenses.

6. Lessons from Russia and Ukraine; Threat to Taiwan

Drawing parallels from the Russia-Ukraine conflict, the panel explores the implications for Taiwan and broader U.S. cybersecurity defense.

• Nicole Perlroth (32:35): Reflects on how the collective Western response to Russia has evolved deterrence mechanisms and compares it to China’s potential threat to Taiwan. She expresses concern over the erosion of alliances and the unpredictable stance of current administrations.

  "Xi might be considering... whether the window is closing or it's likely to expand over the course of the subsequent decade." (35:37)

• Michael Schmidt (32:35): Predicts that China's cyber aggression towards critical infrastructure is likely a prelude to potential military actions against Taiwan within the next decade.

  "In the next decade we might see China take action on this... Taiwan semiconductor... hold it hostage with cyber attacks." (34:14)

• Lt. Col. Alexander Vindman (35:37): Highlights the fragility of current geopolitical communications and the increased likelihood of miscommunications leading to conflicts.

  "It's an interesting question... You're blind to our own domestic traffic." (35:37)

The panel emphasizes that while immediate large-scale cyber warfare may not be imminent, the strategic positioning and cyber activities suggest a looming threat to Taiwan, necessitating robust defenses.

7. Domestic Cyber Threats and Tools Misuse

The discussion shifts to the potential of domestic groups exploiting cyber tools, exacerbating political tensions.

• Lt. Col. Alexander Vindman (17:33): Points out that cyber tools can be misappropriated by domestic actors, not just foreign states, especially in a politically volatile environment.

  "The threat of this is everywhere... it can rear its head from anyone in any different ways." (17:33)

• Nicole Perlroth (26:37): Explains how stolen or misused technology, combined with AI, lowers the barrier for non-state actors to execute sophisticated cyberattacks, complicating national security responses.

  "AI is another element here. It can lower the barrier to entry for hackers." (18:05)

The panel warns that as cyber capabilities become more accessible, internal threats could destabilize critical infrastructure and amplify political divisions.

8. AI's Impact on Cybersecurity and Non-State Actors

Artificial Intelligence (AI) emerges as a double-edged sword in the realm of cybersecurity.

• Nicole Perlroth (26:55): Discusses how AI enhances both offensive and defensive cyber capabilities, making cyber tools more potent and versatile for adversaries.

  "AI enabled military systems are vulnerable in the way traditional systems aren't." (18:05)

• Michael Schmidt (20:18): Argues that AI-powered tools are democratizing cyber warfare, allowing even non-technical individuals to launch effective attacks through accessible ransomware and hacking services.

  "The barrier to entry only gets lower every day because... with AI, it's really hard." (20:18)

The panel highlights the transformative impact of AI on cybersecurity, emphasizing the urgent need for advanced defensive measures to counter AI-empowered threats from both state and non-state actors.

9. Foreign Hacking Gangs and State Sponsorship

The episode explores the symbiotic relationship between foreign hacking gangs and state actors.

• Nicole Perlroth (21:27): Clarifies that groups like Russian organized crime are extensions of their governments, executing cyber operations that align with national interests while also pursuing personal gains.

  "They are extensions. It's well documented that the Russians have used Russian organized crime to do some of their dirty work." (21:27)

• Michael Schmidt (22:24): Extends the discussion to other state actors like North Korea, indicating that these groups often operate under tacit or direct state authorization, blurring the lines between criminal and military cyber activities.

  "They have some latitude to engage in their own criminal activity just to enrich themselves, but they are also oftentimes employed as part of the government apparatus." (22:24)

The panel underscores the complexity of attributing cyberattacks due to the intertwined nature of criminal gangs and state-sponsored operations, complicating governmental response strategies.

10. Trump's Administration and Its Impact on Cybersecurity Agencies

The conversation turns critical as the panel examines the Trump administration's policies affecting cybersecurity infrastructure.

• Nicole Perlroth (38:56): Details the administration’s cuts to CISA and other cybersecurity agencies, arguing that these reductions have severely weakened national defenses.

  "These cuts... have further degraded cyber capabilities." (38:56)

• Michael Schmidt (40:13): Discusses the exacerbation of workforce shortages caused by the administration's firing of seasoned cybersecurity professionals, hindering effective cyber defense and offensive operations.

  "We've been firing them. We need those people at CISA... It really is a very real security threat." (40:34)

• Lt. Col. Alexander Vindman (44:32): Critiques the administration's campaign against cybersecurity experts and the undermining of governmental cyber operations, labeling it a significant political risk.

  "They are destroying parts of it... there's no longer someone... holding the line on this anymore." (44:32)

The panel emphasizes that political interference and administrative mismanagement have critically undermined the U.S.’s cybersecurity infrastructure, rendering the nation more vulnerable to both external and internal attacks.

11. TikTok and National Security Risks

The discussion addresses the national security implications of Chinese-owned platforms like TikTok.

• Michael Schmidt (51:33): Explains the security risks associated with TikTok, including potential data backdoors and algorithm manipulation for misinformation campaigns, particularly concerning foreign policy crises.

  "They would tweak the algorithm to basically serve up pro-PRC content." (52:07)

• Nicole Perlroth (50:03): Criticizes attempts to mitigate TikTok’s risks by transferring ownership to U.S. companies, arguing that it does not eliminate the inherent security vulnerabilities.

  "There's no way to ensure the Chinese government doesn't have a backdoor or access to American user data." (50:03)

The panel concurs that while measures like U.S. acquisition might reduce some risks, the underlying vulnerabilities of foreign-owned applications like TikTok continue to pose significant threats to national security.

12. Civil Liberties in Cyber Conflict

The episode concludes with concerns over the balance between national security measures and civil liberties in the event of cyberattacks.

• Lt. Col. Alexander Vindman (54:01): Warns that in the face of severe cyberattacks, there might be unprecedented government overreach compromising civil liberties, especially under a Trump presidency.

  "What's Trump would do would be unpredictable... suspension of posse comitatus or something of that nature." (54:58)

• Michael Schmidt (55:02): Raises technical concerns about U.S. cyber resilience, noting that Fourth Amendment protections inadvertently aid foreign adversaries by limiting surveillance and defensive capabilities.

  "We are really not set up well to be resilient against these threats because our adversaries have figured out that our Fourth Amendment protections are actually very exploitable." (55:02)

• Nicole Perlroth (57:45): Highlights the risk of autocrats exploiting crises to enact power grabs, potentially leading to martial law or delayed elections in the wake of cyber-induced chaos.

  "In a moment where you're seeing civil unrest as a result of services collapsing... a lot of dangerous in that kind of crisis." (57:45)

The panel underscores the precarious balance between enhancing national cybersecurity and safeguarding individual freedoms, cautioning against potential authoritarian responses during cyber crises.

Conclusion and Final Insights

Kara Swisher wraps up the episode by reiterating the dire cybersecurity threats facing the United States and the multifaceted challenges in addressing them. She encourages listeners to engage with the panelists' works—Alexander Vindman's The Folly of Realism and Nicole Perlroth's To Catch a Thief—to deepen their understanding of the complex cyber landscape.

"I really appreciate you all, even though the panel topic is dire. Thank you." (58:09)

The episode serves as a stark warning about the escalating cyber threats and the urgent need for cohesive strategies, robust defenses, and unwavering commitment to both national security and civil liberties.

Notable Quotes:

• Michael Schmidt (04:54):
  "What we're really worried about right now is what we call the everything everywhere all at once cyber scenario... simultaneously on gas, water networks."

• Lt. Col. Alexander Vindman (06:00):
  "If society doesn't have an understanding of what's going on around it, it's less likely to make the right decisions."

• Nicole Perlroth (06:59):
  "We don't have a predictable, reliable response from the federal government. Potentially it's fractured and localized with different narratives about who the aggressive actor is."

• Nicole Perlroth (26:55):
  "They have reached apex predator status... no doubt in my mind that they have reached apex predator status."

• Michael Schmidt (40:34):
  "We've been firing them. We need those people at CISA... It really is a very real security threat."

• Lt. Col. Alexander Vindman (54:58):
  "What Trump would do would be unpredictable... suspension of posse comitatus or something of that nature."

Recommendations:

• Listen to Nicole Perlroth’s To Catch a Thief for an in-depth exploration of China’s cyber dominance strategies.
• Read Lt. Col. Alexander Vindman’s The Folly of Realism to understand the mismanagement of Russia-related cyber threats.
• Watch Michael Schmidt’s Zero Day on Netflix to grasp the fictional yet plausible scenarios of cyber warfare.

Stay informed and vigilant as cyber threats continue to evolve, posing significant risks to national security and individual freedoms.