Video Interview
Speaker: John Mroz, EastWest Institute President and CEO.
Date: June 26, 2011
Q1: The EastWest Institute held its Second Worldwide Cyber Security Summit in London in June. What were some of the new developments and any new major breakthroughs?
A: Now this is the largest global effort to bring together a business, public policy community and technology community and this year we added in law enforcement. Because increasingly, for all of us around the world, an increasing problem is the ability of criminal groups or organize individual to exploit the Internet, and it’s becoming very costly, in many ways. So what we had, 47 countries, there are 400 participants, wonderful delegations from China from India, from Russia, from all over. And a number of things, that are very very clear, in terms of the over all how are we doing, everybody said good marks for moving on things we have identified a year ago, the world community is doing a pretty good job of moving ahead. That’s the good news. The bad news is that technology, the digitalization of the global economy, and the ability for criminals to exploit is moving faster than we can ever move. And so the bottom line was we should applaud ourselves, we’ve done some good things, but boy, we are loosing the battle and we are falling further and further behind, so we have to intensify the international cooperation aspects.
Q2: Yes, and the theme this year was “Global cooperation on global cyber threats," what are some of the cyber threats?
A: Well one of the biggest ones is the whole question of hacking has moved to a whole another level. And both from criminals from nation states, but also from these groups, from like just a few minutes ago they announced in Britain they arrested a 19 year old chap who was the one primarily, one of the people responsible for Sony, breaking into Sony. And these people, they’re actually not criminals in a sense that they’re taking money or anything. They just want to break into wherever and show what they can do. It’s called lots of laughs, so they find it fun to do this and of course the damage that they’re doing, both commercially, but also in terms of relations between states and others is quite significant. So one of the big new areas is that and another is the financial sector, around the world, every part of the world, the financial sector is being attacked in unprecedentedly sophisticated ways. And the ability of criminal gangs to actually organize and subcontract with each other to attack is another new one. So there’s a lot happening in the field that as you see, you can’t just pick up a newspaper, or turn on the television now any day and not hear stories about cyber security.
Q3: So are these countries, what kind of global co operations are these countries working together?
A: Well, it’s been tough because there’s no trust, there’s almost no trust in this field and by anybody for anybody. And so the end-users, like our young people, they don’t trust the private companies, don’t trust other private companies, countries don’t trust other countries. So it’s really starting from scratch to build. And one of the things that we have been very please with is that we’ve been able to since the Dallas summit a year ago, we’ve been able to actually make some very specific practical things. For example, what definitions, we use a definition and the Russians are using one thing and India is using another thing, and Europe is using another thing. So the idea of how do you begin to get common definitions, so we can agree on what we’re talking about. How do we begin to get rules of the road, how do we agree, like in traffic we know red light means something, green light means something, you can turn left, turn right, but in cyber there’s no rules. You can basically do whatever you want to do and so how do we begin to create rules of the road, which will prevent something really significant happening down the line. Another new piece of this was youth, so we added for the first time, a youth the biggest users the Internet and all are our young people. And this is their life. In fact, there was a poll quoted there, that 70% of young people, teenagers, said they rather loose their hearing than to loose their internet connectivity. Now for me, I don’t know, for you and I generation, would you give up your hearing for Internet connectivity? No I would try to find another way to connect, but this is how young people feel about it. It’s that passionate about it. So we started listening to them, and there were some very big messages they told us too. So for example on cyber security, young people were saying, from all over the world, they’re from Africa from everywhere, from Asia from North America etc. And they were saying, look, you know, words like cyber security, informational assurance, these kinds of professional concepts are not interesting to us, as young people. Now if you talk to us about sustainability of the Internet, in other words, if you said, you know what the internet might go down, you got our attention. You know, then tell me what should I do. You know, as a user, so that it doesn’t go down. And so we found a lot of very interesting messages to us from the young people, saying there’s different ways of doing that. So the other big one of course is the private sector. This is based on the field in the hands around the world of primarily the private sector. And there were some very good efforts. For example, priority communications, international priority communications. Like, if we have the Japan disaster, we’re coming very close to the system where things are happening in the world where we’re going to need a new way when there’s a big disaster like this, whether it’s man made or otherwise, or natural. We’re going to be able to prioritize communicational cross boarders, today you can’t do that. And so we’re interested in even in some of the private sectors. One of the leaders of Huawei, for example, got up and said well why don’t companies like ours build some of this software into our hardware, which will then allow for an easier international communications. And a chap who is on the board of Ericsson said, which is one of the competitors for Huawei in this, said you know what if you did it then we would do it. So we had a lot of these practical things, how do we take these issues and how do we cooperate. And what was nice was seeing bridging of the various sectors, private youth, a lot of the anti crime people, a lot of enforcement experts, FBI or the equivalents around the world were there. So there was a real sense of being a part of, there was a real buzz you know, in the room the whole time. To keep 400 people going from seven thirty in the morning to eight o’clock at night for several days, but we had the right people and the right issues.
Q4: So you think, first is building trust, and then establishing rules. Youth and private sectors, these are kind of universal. How about each country? Do each of them have a different set of priorities in terms of when they’re looking at these threats?
A: Well first of all, yeah, that’s a good question. First of all, this is a relatively new subject. So many governments only in the past year or two, have organized themselves how to deal with this. Which I’m talking in big governments, and I’m talking from East and West, from all over the world, so this is all new. And it’s changing very very fast because technology is changing so fast, technology is just going crazy. And so you have a lot of very different things, so you have the ITU, the International Tele-communications Union which is the standard setter in I.T things, information technology things, but they’re governments only. They don’t interact with the private sectors the way that would be good, you have a lot of these kinds of issues, you don’t have these other dimensions of the field working together. So I think what we’re trying to do here is to create an international movement of not just governments, but governments, business, young people, the older end users etc. Who really are seeing that the stability of the global economy, their ability to communicate in the information age, you know is very very much at risk. And this is serious, and therefore we’ve got to take it together, and we’re beginning to see signs of people coming together, but it’s very early, very early.
Q5: During the summit, Ambassador Liu Xiaoming, he mentioned that China and the U.S have established a forum to cooperate on cyber-security issues. What are some of the common grounds shared by both sides?
A: Yes, well this is new, and btw the Ambassador gave a terrific talk, and on this issue, there’s a track one, which is government to government. It’s still in a very early stage, embryonic stage, what they are now discussing, government to government as part of the bilateral process, Strategic and Economic Dialogue, the issues of cyber. And then there’s been created a track two system, which is very honored to be partnering with some of the top people in China, including the state council from Asian office, but also the China internet society for doing a lot of the practical work. And one of the things we unveiled to a pretty big a claim in London was, this publication, which is called fighting spam to build trust. And this was a Chinese- American effort that we’ve been working on. A dozen Chinese top experts for mostly private sector companies, and a dozen American experts from private sector companies, have worked together, great experts on the issue of spam. Spam is important because it’s the glue that allows all the viruses to spread. A lot of criminals do this, a lot of hackers to do what they’re doing. And China has been quite effect in how it’s been able to limit spam. It’s actually has a lot of models for the rest of the world. So here’s a case where U.S. and China were together and working on this thing. Very very solid documental practical recommendations and issues that were there. And this was kind of a shock for people because, people were surprised. Wow! China and the United States cooperating on cyber security? It’s like, where did that come from. They’re kind of like scratching their head, you know. And what’s really interesting about this now is we’ve got new projects we’re doing, like this we’re doing one on hacking, we’re doing one on intellectual property, again, China, US, we’re doing on protection of youth in cyber space. And I think this is the thing because what this shows and by the way, are building the EastWest Institute ability to do this is very very much in partnership with CUSEF, China United States Exchange Foundation, which is our partner on China work. And we consider this to be a really significant breakthrough. And I think but the biggest thing is the shock factor. People are like, are you serious? China and U.S. together? So what this demonstrates is that we can work together, on issues like this, there’s endless possibilities for our cooperating.
Q6: One of the, in fact looking into one of the sessions, was very interesting was the deeper understanding session. You’ve got four sessions. One is about insights by U.S. experts about the United States. And then you have insights about U.S. experts about China. And then you have the reverse of China’s experts about your country, and then China’s experts about U.S. why do we have to have these four sessions?
A: Well we found it very interesting because when you have no trust, I’m going to show you another diagram which is very interesting. When you have no trust and you don’t really understand each other, it’s really really important to kind of get under… these are all professionals. All the people who worked on this are people who know this subject area. So these weren’t novelists, these are real pros. And so what they want to do was wow, how do you feel and why. And one of the interesting thing is that the chart here, a graph that’s, let’s see here on page 17, which is very interesting because where we agree and where we disagree, the reasons why it turns out that when Chinese experts on spam were saying we can’t do that, they were talking largely because technologically it was not possible. They didn’t believe it was technological possible to do exert why. Where as when you have the Americans talking about what was not a good idea, it was much more what I call ideological, it was like well we really shouldn’t do that, not couldn’t do that, but you shouldn’t do that. And it was a big shock to a lot of the American participants because our image is that China, is much more the ideological ones, and we’re the pragmatists, so it was kind of an interesting experience that even these people found quite amazing, to see when you graph it out, where do we agree or disagree and why. You learn a lot about each other, and this is what builds trust. This kind of thing builds trust, because you start to really understand each other. All of those people who were on this, many of them are in London, and they were real ambassadors for each other. They’re like, no no, we understand that when the Chinese say such and such or when the Americans say this, we understand this, and it was really exciting that we can just keep building more and more people doing things like this, we’re going to over come the trust deficit.
Q7: I understand this is a collaborative report done by the International Society of China, as well as the East West Institute. And it’s endorsed by China’s State Council, so they must be very impressed with this.
A: Yeah, they were please, well we agreed to, we kept with an agenda, the East West Institute and the State Council from Asian office came up with an agenda almost two years ago, of what we would do, and everybody. Frankly, if I can tell you there were a lot of people on both sides that said, that is really crazy. You know the idea that China and the United States could cooperate in cyber security, forget it. You know, that’s fifty years away. Well you know frankly we don’t have fifty years. By the way, the Chinese participants made it very clear that hacking and all these problems, you know, stuff that go on here are also problems in China. China is not exempt from these problems. And so we have a lot of reasons why we’re very much in the same boat on this. As cyber doesn’t respect boundaries, you know there’s no boarders in cyber, so it’s been a very exciting effort to move this from kind of a crazy idea that we can cooperate together, to actually doing it. And now of course, the skeptics are saying, okay, this was an easy one. Now let’s see you do hacking. And we’re like okay, and the participants from both sides say come on, you know, bring it on, we’re ready to do it. So we still have a lot of suspicion, a lot of things we still have to do. But this, because it’s done very professionally by top people, it carries a lot of weight. I kind of call this the open the door. This is open the door to make important people on both sides say you know, just maybe we can cooperate, and it’s not a bad start.
Q8: I also noticed that the largest email service providers such as Sina and Netease in China, and Google in the United States, they all participated in this whole report.
A: Oh yeah, we had a line of companies on both sides that we had to cut it off, to have a manageable group. We have a big waiting line of companies that want to get involved in this on both sides. So many other companies from other countries have said, in Europe and Japan, Korea and other places, have said how come we can’t get in? But I think our feeling about this right now is that the United States and China have an opportunity to build strategic trust with each other, on this issue. This is supposedly the most divide issue between our two countries. And so we think that keeping the bilateral for now doesn’t mean excluding other countries, because now our recommendations are for all countries and for all companies. It’s very clear in here. Here’s what you do to reduce spam. And so now hopefully, I want to see a hundred countries and a thousand companies say we’ll pick up these ideas, but I still think this banner of the China America banner, and this is what we need to do, we need to keep pushing this, and pushing this, and we’re going to have several more of these within the next year, on other even more difficult topics, and we’re convinced that this, you know, people said show me, so we did it. Wonderful, it’s a wonder report, and a wonderful job, thank you very much John. Thank you Fred. I appreciate the partnership.