>> that part isn't for you all, but -- [indiscernible] [laughter] >> stand by for music to begin the event. ♪

>> good afternoon. good afternoon, everybody. my name is graham brookie, and i'm vice president of technology programs at the atlantic council. i'm pleased to welcome you to today's discussion and the d.c. launch of the department of state's first-ever cyberspace and digital policy strategy. this is an exciting conversation because last week the strategy was released. america's top table met traveled to a conference of computer -- top diplomat traveled to a conference of computer programmers and techie in san francisco as opposed to some far-flung capital to discuss strategy and highlight the centrality of the tech community's role in the united states' role in the world. in my opinion, more

portly, a plan in jew political commission and dizzying catalog -- geopolitical conversation and dizzying technological change, includes guiding principles with the combined 23 lines of effort around this idea of digital solidarity, we will get into. this is a concept that is near and dear to the atlantic council's mission of shaping the global future together. i have to say that. i wake up in the morning and say that every single day. the work of technology programs including the democracy and tech initiative, digital forensic research lab, tech center, and capacity-building initiative, is deeply aligned with every element of the strategy. we have been looking forward to this document for a long time. importantly, an essential part of this is the workforce that is behind it, as well as how the department of state and the rest of the agency organizes around the strategy. i way of background, in 2021,

secretary blinken announced the creation of a new bureau of cyberspace and digital policy led by the first-ever u.s. ambassador at large for a number of different things, but specifically technology, who you will hear from shortly. it brought together parts of america's foreign policy working on cyber, digital economy, digital freedom policy, all in one entity capable of drawing on all elements of u.s. power, and working across the u.s. government and capable of implement such a now-ambitious strategy. today we are joined by ambassador nathan sick, ambassador at large for the department of state, jen easterly, director of cybersecurity and infrastructure security agency department of homeland security, and alan davidson, assistant secretary of commerce for communications and information and administrator for the national telecommunications and information administration,

which i live in washington, d.c. commencing the full title is hard for us -- and assaying the full title is hard for us, so i will say ntia from here on out. thank you all who have joined in person and online. if you have any questions, feel free to ask them, askac.org. excited to get into this. first-ever strategy -- what is the point -- what is the main organizing function, what has been the main entry -- main energy behind drafting and doing the organizing that goes into drafting a comprehensive document accurate ambassador fick. nathaniel: i will jump right in, and thank you for having us, and thanks to the atlantic council. thanks also to jen and alan, who in addition to being co-panelists today are great colleagues on these issues, and i appreciate your partnership.

the fact that the three of us are here in part should that this is the united states' cyberspace and digital policy strategy. the task for drafting the strategy came last year in the ndaa, and it had been over a decade since the u.s. produced an international strategy in this domain. obviously things have changed tech landscape and the geopolitical and skip in the intervening -- geopolitical landscape in the intervening 10 years, 12 years. we have worked very hard to keep it from being an accretion, the typical christmas tree of little programs and initiatives and buzzwords. instead, to make it an intellectual architecture and something that could help guide decision-making, policymaking, program formulation, implementation. it has got -- it's guiding

principle is the notion of digital solidarity, the idea that in the tech domain we are better off if we stick together with others who believe in it rights-respecting future for technology, and that ecosystem, that operating system become one in the world that others can opt into. within that kind of overall framework, there are guiding principles. one, again, recognizing the rationale for having this group here, it's the full ecosystem. previous strategies like this one talked about cybersecurity pretty narrowly defined. this strategy tries to make clear that you cannot talk about cybersecurity without talking bout the policy related to undersea cables and satellites and wireless networks, the influence of critical and emerging technologies like quantum computing and artificial

intelligence. another guiding principle here is it is anchored in affirmative revision. this strategy does not want a future that is characterized or defined by a balkanized internet . if that is the future we are moving towards, it is incumbent on us to offer a positive, affirmative, inclusive vision that as many people in the world can opt into. graham: one could be forgiven for calling this a cyber strategy, which a lot of the headlines around the rollout last week, we have a new cyber strategy, but incorporates all of these -- goes so far beyond that, to your point. i will turn to jen for a question on the actual cyber element of it, which is an international strategy, and you

work at the department of homeland security. how do you see the role in international strategy, specifically on critical infrastructure and cybersecurity, kind of beyond that? how are you playing into the strategy? jen: well, thanks for having me here, and congratulations to nate for the rollout of the strategy and in particular for getting your secretary and matthew broderick at the rollout, stars of two of my favorite hacker movies, not just "wargames," but "ferris bueller's day off." cyber knows no boundaries, and everything we do as an agency is by and with partners, whether industry, state and local partners, academia, the research community, but importantly through international partners. that is why having us here on

this stage because we all have a role in defending and protecting cyberspace, which is inherently global and international, and that is why i was glad to be here -- even more to the point about critical infrastructure, before i was assistant director, i was at morgan stanley. you think about the interconnectivity, interdependence, and the vulnerabilities to our critical infrastructure, which also is very global. morgan stanley, a u.s. financial institution in 41 countries, i was the head of our resilience center, which had a locations around the world. -- had 8 locations around the world. as a private sector company we had to be able to work with regulators around the world, and at the end of the day for critical infrastructure, the international component is absolutely foundational, even at

rsa, while nate was rolling out the cyber and digital strategy, i was meeting with our israeli counterpart, australian, part, south korean, canadians tonight, ukrainians tomorrow. because we have to operate together with the divisibility of each of the different partners around the world who see cyberspace from their own perspective, we have to come together to connect the dots across the world so that we can understand that risk broadly and then drive down that risk to like-minded nations. international partnerships are foundational to everything we do as america's cyber defense agency. graham: i will turn to alan. how does ntia plate specifically on the industrial policy side? how does ntia play international strategy? alan: thank you for having me as

well, and congratulations to nate and the whole team at state for quarterbacking as strong articulation of strategy for us as a federal government approaching cyberspace and the digital will generally. -- digital world generally. at ntia we are guided by the idea that we are going technology -- building technology in a way that makes people's lives better, promotes human progress. so much of what we do -- almost everything we do in the policy space, we touched on in this strategy. especially thinking about that. approach to -- especially thinking about that full-stack approach to the issues in front of us, how do we build broadband infrastructure at home and around the world, how do we make sure we are doing good internet governance, how do we think about issues like privacy or ai policy, how do we think about governance principles generally for these technologies. all of that is work we are doing

at ntia and is informed by and needs to inform our international global strategy as well. i'll say also i think an effective international policy can start with -- needs to start with a solid approach to domestic issues, and we have really worked in this administrate -- and this administration is really working to make sure we have a solid foundation at home on these issues. ntia is in the process of administering $50 billion worth of funding to make sure we bridge the digital divide in this country and make sure everybody who doesn't have an internet connection can get one by the end of this decade. the work we are doing will make our country more resilient, but it also informs how we think about internet deployment around the world, how we can help other countries as they are going about the internet as a tool for development and deployment. issues like that can issues like

how do we make sure we are investing in the multi-stakeholder model, investing in good models of internet governance globally, are all part of how the approach domestically has to fit in with our approach globally. we are working in both spaces and it is great to have a strategy that articulates a good vision going forward. graham: two of the common threads i picked up throughout the strategy are this concept of making sure we have an affirmative revision and the strategy isn't just an articulation of a longest of things we stand against as a country, especially when it comes to tech policy, and are not tech policy is one thing, but something that increasingly touches on everything, as well as this need to bridge how we design, fund, and govern technology at home with how we show up in areas around the world, not just with partners,

but in places around the world that might not be predisposed to agree with us on every single element of policy. this seems like a space where there is a lot of room for collaboration and communication. how does -- i want to come back to the thing that guides both of those things, this concept of digital solidarity. it seems like it is a conceptual retort, a statement of something we are for, to things like the systemic approaches from ccv or china as well as russia, authoritarian systems, their approach to the way technology is designed and governed and communicated with or engaged on around the world. you mind unpacking digital solidarity a little bit? nathaniel: so i think what is essential to recognize here is that one phrase -- you look at

what is in and you can also like at its negative image, what's out. something that is not in the strategy is the descriptor "like-minded" in these classifications of groups, because this is deliberately not an attempt to bifurcate, balkanize, or fragment the world. it is an attempt to provide, again, an affirmative vision, unifying set of principles around the rights respecting development, deployment, and use of technology that can bring others, the vast middle, the billions and billions of people in the world who do not live in states that always align with united states and do not live in states that necessarily have a strongly different conception of the future in every dimension. digital solidarity is an alternative to the notion of

digital sovereignty, which is something we are hearing more and more, including from some of our most like-minded -- i use that term deliberately there -- allies and partners. digital sovereignty can be politically attractive. many of us who work on these issues globally have concluded that it is often little more than a seductive mirage. without ever undermining a state's obligations to its citizens or totally appropriate notions of sovereignty, it tries to make sense of the reality that these issues are intrinsically cross-border, and that we do in the world today face a very different set of actors who have a very different view of what the role of technology in the world ought to be.

as jen said, so much of what we are doing here in the united states actually is of great interest and value to partners. offering up some of what csa has developed and what they do is on the top five list of things that we at the state department get requests for all the time. alan meet the -- alland made the point that foreign policy can only be as strong as domestic policy. the approaches the united states it takes to things like broadband here at home directly underpin whatever moral authority or legitimacy we have out in the world to advocate for these principles. graham: so, there is one component cisa leads on, this pledge unsecured by design, which we are big nerds -- pledge on secure by design, which we are big nerds on at the atlantic

council. can you share about that effort and how it plays into your international engagement? jen: i appreciate you self- identifying as a nerd. i don't think you need to self-identify. [laughter] i have known graham for many years. let me make one point to what nate said. nate and i recently traveled to ukraine together. one of the great things about taking that trip together going to ukraine and meetings afterward in poland was the optic of the top severed technology diplomat -- top severed technology diplomat -- top cyber technology diplomat leveraging instruments of power that showed our support for information-sharing, capacity building. it is a powerful symbol which,

frankly, you wind the clock back to five years ago, there was no bureau of cyberspace and digital policy, there was no cisa. some of the advancements that have been made i think are fundamentally helping to bring greater security and resilience to cyberspace. one of the big things we have been focused on at cisa over the past year is the idea of secure by design, which is a very international concept going to the first principle of a resilient ecosystem. it really is a tremendous effort that is a tough one, frankly. i like to call it the secure by design revolution, because what we are trained to do, as folks -- what we are trying to do, as folks here know, is make up for decades and decades of technology being built with prioritization of speed to market and features, but not

security prioritized. you go back to the days when the internet was first invented, and some of the folks involved, the pioneers, said themselves that security was never in our minds at that time. what we are trying to do is security by design, to put security at the very top of priorities among technology manufacturers and software producers to ensure that the products that we use every single day that underpin the critical infrastructure we rely upon every day are foremost safe and secure. at rsa we are really excited to have 68 of the world's leading software producers and technology manufacturers sign on to this pledge that says they commit to the seven key areas of building security into their products. one might skeptically say, well, that is just a pledge.

but the beauty to me is rooted in our principle at cisa of radical transparency, which is having the pledge out there and the specific things companies are committed to, as well as the evidence that shows they have effectively implemented these seven areas. and we are going to work with a third party, maybe you all are interested in it, to layout what when you're down the road looks like. -- one year down the road looks like. it is important to wreck nice that this is absolutely a global endeavor and when we put -- it is important to recognize that this is absolutely a global in denver and when we put out our principles on security by design, 13 of our international partners launched at cyber week. to me, making sure that the technology we rely upon is a safe and secure as possible is the only way to catalyze a

sustainable and scalable approach t cybersecure ecosystem around the globe. graham: secure by design issue -- it is a critical point of the national cyber strategy and now a critical point of international strategy that bridges a bunch of different things. and importantly in includes a number of international government partners, but the industry partners are not just u.s. companies, which is a reflection of how the spaces going. this year is a global election year. we are not going to have more elections until at least 2048, which for election workers around the world is probably a blessing. it is also this underreported year of global internet governance. there are three different processes likely to -- three different processes like the global digital compact that

keeps the internet open, global, interoperable. a major part of the strategies engaging in those ecosystems to keep the internet in a multi-stakeholder fashion or govern in a multi-stakeholder fashion. what does that look like this year? i will turn to alan first. how important other processes commended i will turn to ambassador fick on how we are engaging on those. alan: the growth of the internet itself is a time -- is a testimony to the power of these stakeholder models. people of good faith from diverse communities coming together in the spirit of solving problems, harlem's of common interest -- hard problems are common interest. and these models are bringing

together the expertise of the private sector, academia, technologists, civil society, to solve the hard problems society faces full time that is the linchpin of the government process, part of what made the internet so successful, because it lends itself to making hard decisions and building infrastructure in the face of rapid technological change. you can look at the internet and said that whether it is the standards bodies, the organization that manages domain names and numbers, across we have had these organizations that have been critical to our success and to creating this internet that has been very decentralized, not governed by any single governance structure. i think that model is increasingly questioned around the world, despite its success.

we have known for years that there have been authoritarian regimes that have wanted to undermine this model, trying to seek more control, more centralization in our internet governance. sometimes it can be friendly fire. sometimes it's like-minded countries in the spirit of solving problems doing things that might hundred nine -- that might undermine this multi-stakeholder model. i think we face here that there is increasing questions in the digital compact, one initiative, the question of the future of some of these existing structures out there. and i think one of the things that is so important about this strategy is an articulation of a positive vision where we are honestly doubling down on the importance of openness and

freedom, these values we care about, doubling down on the notion of the multi-stakeholder model is a powerful tool for solving hard problems. in the spirit of solidarity, if you look at these top problems we have, ai governance, how we deal with internet governance questions that have come up, it is going to be by working together that we come up with these solutions, these hard problems. the multi-stakeholder model is a way that we can bring in broad communities to solve hard problems and do it in a way that is faithful to our values and the moral authority we try to bring to the world. graham: one element to a follow-up, which was asked anonymously, by the way -- how do you anticipate nonstate groups and civil society groups interacting with the principles articulated in the strategy, especially when it comes to

things like the multi-stakeholder system, which is designed to include those groups? where can they provide value? are they great. in much of these efforts -- are they great partners in much of these efforts? nathaniel: let me start broad and get very specific on an example of how these processes unfold and get to that and then to the earlier question. broadly, my very first trip in this job two years ago was to whip votes running up to the election of the secretary-general of the international telecommunication union. my first mission in this role was in a multilateral, and indeed, all the stakeholder forum -- multi-stakeholder form focusing on governance issues of technology last week i went from san francisco to new york for a meeting of an open-ended working group in the u.n.'s first committee, the

deliberative body that created the framework of responsible state behavior in cyberspace. the thread connecting those two days and separated by two years is that international organizations like nature abhor a vacuum. when the united states steps back, others fill the void. it is essential that if we want to fundamentally rights-respecting operating system to become the dominant one, the u.s. has to be engaged -- i don't think it overstates it to say everywhere all the time, because there are so many of these organizations geographically just debated, functionally distribute -- geographically just debated, function -- geographically distributed, functionally distributed. let's talk about ai. the white house started -- first of all, when chatgpt was

released in the fall of 2022, all of a sudden ai became a topic of interest for citizens all around the world, and by extension, a topic of interest for governments. it had come of course, been a focus, but all of a sudden it's front and center. the white house started with voluntary commitments from ai developers. voluntary for two reasons. voluntary by definition doesn't constrain innovation, and there is consensus that the power of the american innovation economy is something that is a massive contributor to our overall strength and influence and not something we want to constrain. second, because voluntary is fast, and we couldn't get sucked into a long and torturous legislative process when the technology was moving so quickly. the involuntary commitments were intended not as the last step in a regulatory or governance structure, but first step.

that give us a substantive, meaningful set of principles about ai safety, security, and trust that we can multilateral ize in the g7. that became the centerpiece of the code for ai developers in the g7. that was important, it was necessary, but it was insufficient. what about the g186, the others? it goes up to probably 186. we have engaged hard at the u.n. to ensure that there is a very broad-based discussion in the world about applications of ai to things like the sustainable develop and, using ai to alter the trajectory around things that everybody cares about, like climate modeling and agricultural

productivity and medical diagnostics. the u.s. tabled, and 123 countries including china cosponsored, a resolution adopted by consensus in the u.n. on ai safety and governance and capacity building. we have tried very hard to engage across the spectrum of international organizations, multilateral and multi-stakeholder, and on ai to name one example, it is meaningful that we are sitting here because the atlantic council administers the ai connect program, a terrific program to ensure that representatives from low- and middle income countries are meaningfully engaged in discussions around ai governance in the world. there are a lot of vectors here. a lot of ways for people and businesses, people in civil

society organizations, people in academia to engage directly in the process. alan: i think it's such a great example because it is very clear that if we want responsible ai innovation, we are going to get there if we deal in a clear right away with the risks -- clear right away with the risks -- clear-eyed way with the risks it poses. we are going to need input from the private sector. i think we are trying to create the structures in the initial forays, as nate said, were designed to bring in the best thinking of the private sector before we move quickly into the space. i think it is a good example -- it is a much more sophisticated conversation now than we had 10 or 20 years ago in the early days of the internet and the early days of social media.

we are thinking about a wide range of tools. some of them are multilateral, some of them are voluntary commitments, some of them thinking about how we build structure that are truly multi-stakeholder. i would just say that if you compare us to previous generations of governance around new technologies, we are engaging earlier with a greater sense of urgency and bringing a broader sense of tools in that spirit of digital solidarity that we are going to need globally. graham: the ai conversation is an interesting one. to your point on ai connect, the organizing premise of that program is to engage with policymakers in the global majority, global south them not just on what the u.s.'s stance is, but oecd principles, so there is a two-way conversation that leads to a multi-stakeholder system. you brought up ai, so i will ask a couple questions on ai.

the executive order that is comprehensive and a very long document to read, 200-some-odd pages, more taskings for you all than we probably know in public, but has action items for all of you, especially with cisa on security elements, for commerce on industrial policy, creating a new safety institute that is working through things like what does red-teaming means with regard to generative artificial intelligence in particular, and up to governance, which this year has been a year of -- i think the oecd's tracking 1000 different policy initiatives that have been propped up across 68 different countries. and so on something like ai, how does that strategy help coordinate all of these different elements that you all are working on?

i'll turn to jen first. jen: i'm happy to start. you mentioned the president's executive order. we have been engaged in this for years. you think about using machine learning. now coming out of the executive order we are working on a pilot -- we just did it and will be publishing the results, how to use generative ai for detection of cyber threats to infrastructure. i think there is promise there. we just published a document with the department last week on how critical infrastructure owners and operators can manage threats to their infrastructure from artificial intelligence. we will be doing some work on red teaming. we have specific expertise on cyber red teaming and we will be working with colleagues to do challenges specific to how you combine cyber red teaming and

things like prompt engineering when you talk about integrity and security of ai systems. we have a roadmap, whole effort on that. i will point to work that we did right after the ai summit working with our colleagues with the security center in the u.k. on secure guidelines for development of ai, which is part and parcel of this largeer secure-by-design effort we have going on, having you designed, develop, deploy, test, and deliver technology that puts security first. when you think about ai, which is moving faster than any technology we have seen before, that is more unpredictable, and arguably more powerful, we really need to ensure that even as these capabilities are developing, they are developing responsibly, that technology developers are innovating,

putting security is a top priority. again, it is the design of these symptoms that needs to take into security at the beginning, not at the far end. i will follow-up up on one other thing, as nate is mentioning the importance of working with right and respecting nations. in cyber we have to deal with a lot of nations that are not rights-respecting, to include those who very blatantly go after civilian infrastructure, whether it is russian attacks on ukraine's civilian infrastructure, whether it is chinese cyber actors burrowing into our own critical infrastructure at home with the intent to launch destructive attacks and the event of a major conflict or crisis overseas. we do want to marshal a collective international global strategy with allies and partners who are focused on ensuring protection of civilian

populations and civil society more broadly. it also recognize t -- but also recognize that civilian critical infrastructure should be off-limits from malicious cyberattacks. i think it is important to recognize the context that the strategy is being delivered in. a world, frankly, that is more complex and more dynamic from a threat-environment perspective puts an additional emphasis on how important it is to work with our allies and partners, for us all to bring the authorities, the talents, the capabilities together working with the private sector to really ensure the security and resilience of the cyber states we all rely upon. graham: we will go anything else on ai, but i have one specific follow-up which i want to come back to in a moment. alan: i would just add that last

week the president reiterated his belief that ai is the most consequential technology of our time. it's going to affect every corner of our economy. it's going to do a huge amount of good for people. we want ai innovation, responsible ai innovation to happen here at home. we wanted to happen in the west. -- we want it to happen in the west. we want it to be developed responsibly. we will continue to invest, and part of what you saw in the executive order that the president put out in the fall is that investment that is coming in making sure that we have responsible innovation happening at home first and foremost. the responsible party is important, too, and that is an area where we need to put tremendous investment in. that is something that is happening at the commerce department here, where my colleagues are standing up the ai safety institute. we have parts of the department

working on intellectual property issues, privacy issues, export control questions. all of that is going to be part of our national approach to ai. at ntia we have specific homework assignments. we finished up a big report on ai accountability and auditing. we are in the process of doing a big study on open model weights and the question about the openness of the most important foundational models. so there is a lot of work to do. again, our domestic policy and our international policy needed to be married up, need to be consistent with each other, need to reinforce each other. that is part of the power of the strategy and the importance. it is not stop at the border. any approaches we take domestically to the policy issues -- say, about ai openness -- need to be done in concert with other countries if they are

going to be effective. again, all to the need for having a strategic approach and making sure that our approach to these domestic issues and our industrial policy approach makes sense in the international context. graham: do we have the international mechanisms to meet the ai moment, in your opinion, as of right now? is this the thing you are getting the most amount from international partners, or is it a part of a broader array of things? nathaniel: clearly we are not using our existing fora in the ways that there is demand for. a hallmark of this administration's point of view has been a resistance to creating a lot of new things. d20k, whatever you want t call

it. but instead to make sure that the existing institutions in which we have invested time and energy over the years, that they are fit for purpose. as new technologies continue to come onto the scene. you see major digital initiatives in g7 but also at the u.n. within the nato alliance, inside the quad. secretary blinken calls it fit for purpose. i think that is how we are thinking about it, rather than seeking to create the single pane of glass for this check or that -- this tech or that tech. graham: fit for purpose is a better term than ai everything, which we have experienced at the atlantic council. a big part of the strategy that

we haven't talked through yet is something that is uniquely sta te, foreign assistance. there is a lot of words or ink spilled on foreign assistance throughout the strategy, and it includes importantly -- well, recently, not directly in the strategy, for congress has approved $50 million for state's foreign cyber fund in next year's budget. how much does foreign assistance play in the strategy? i guess is $50 million in cyber assistance enough for the threat landscape we face at this point? >> i look at the $50 million as a pilot. when i was in business, i told her people don't celebrate the w--i told our people don't celebrate the wins. we will treat the $50 million as

a pilot, and it is incumbent upon us to ensure outsized foreign-policy returns for the united states, so that when the appropriators reconvene and are deciding what to do next year, it doesn't get increased or decreased by 10% or 15%, but they decide it is worth an investment on the scale of a multiple. so, foreign assistance in that vein is one of the major principles that is a thread throughout the strategy. we need to ensure that foreign assistance is part of our technology strategy, that technology is part of our foreign assistance strategy, and security is baked throughout the whole thing. these are pretty self-evident ideas, i suspect, to most people tuned in here. but he does never been said and codify that way in a formal u.s. approach before. graham: i assume foreign assistance is dependent on

cracking the interagency for the implementation of programs with entities like cisa. jen: we benefit by working closely with nate's team through interagency agreements. we have done a tremendous amount of work with ukraine, ukraine cyber defenders, since we signed off on a memorandum of understanding in the summer of 2022, done a lot of work on training, on exercises. we do in particular training on industrial control systems and operational technology where we bring foreign partners to national labs to take an advanced course on that. but that is a really important part of how we are working with our foreign partners to help improve security and resilience of their infrastructure and the capacity of their cyber defense teams. with ukraine in particular that has been one of the most impactful partnerships for the ukrainians, but also for us,

because even as we have been working together we have been learning from them because they are actively learning how to defend their cyber infrastructure and their critical infrastructure under both cyberattack as well as barbaric kinetic attacks. it really is something where we are looking to take lessons from what they are doing even as we help them build their own capacity and capability. graham: turning to audience questions, we have gathered a couple, and if you have any questions, go to askac.org and it will show you how to. we have one question from bloomberg. how do you see digital solidarity manifesting itself? is it via treaties, trade agreements, joint infrastructure? what is the first building block or example in how the love strategy is going to be implemented today, o dish on how the strategy is going to be implemented today, or tomorrow, i suppose?

alan: things like treaties and trade agreements tend to come later in a relationship. those are late stage elements. joint infrastructure can be a middle-stage develop it. in early stages it can actually be as simple as words and public positions, beginning to get comfortable with working together on these issues and standing together on these issues. i will give you a quick, concrete example that has unfolded the last 18 months in costa rica, with the costa rican government was the victim of a significant attack that shut down significant portions of their critical infrastructure. the costa rican government came to the u.s. for help. we waited in hard and fast with $25 million in cyber assistance to costa rica in order to reconstitute their capability and improve their cyber hygiene across the board. that cyber response was like the

first bounce of the ball. there up a couple more. the second bounce of the ball was the costa rican government standing up and deciding they were going to exclude un-trusted vendors from the telecom ecosystem. that was challenged and went all the way to the costa rican supreme court, where the government's decision was upheld by the supreme court. the costa rican government held a regional conference on 5g that had more than dozen partners -- not partners, other countries in the region show up to learn more and begin exploring their own, the beginning of their own journey to the commitment of trusted infrastructure. that was the second bounce of the ball. there is a third bounce unfolding, which is given the costa rican government's commitment to cybersecurity and infrastructure, uc global technology, and is including intel but not only interested in

increasing their investment in costa rica as part of the realignment of supply chains locally. you can see the early green shoots of solidarity here and you can imagine the different forms it could take over time. alan: i would add that this is a great example of the interagency cooperation having a real impact on our global approach. we have been really thrilled to work with state department now clanks at the white house and across government on the -- and our colleagues at the white house and across government. another couple of that is what is happening around open technologies around 5g, where we see we have a 5g market that -- 5g is a very exciting technology, the market for 5g's quite static and highly concentrated, very small number of vendors around the world. we've been working for several years to promote a different approach where we have a much more open stack of 5g equipment,

creating much more resilient supply chains for 5g, allowing more trusted networks, broader participation. it's been a journey, but it's one we have been working on altogether interagency. at the commerce department we are administering a wireless innovation fund to promote technologies. the arc -- we have changed the arc of adoption i'm gone from a place where it seemed like it might be -- that people are skeptical of this technology, to a place where we now have partners who are starting by adopting the ideas in the principles behind it and starting to actually deploy networks. i think we are going to see in a very short period of time much more adoption of the technology and that will make us more secure. jen: mentioned the attack on costa rica from ransomware.

ransomware is another problem we are dealing with not only in the u.s., but all over the world. being able to work with governments who have visibility and insight into various threat actors, either because they have been attacked or they have responded or they have waited to help other partners, is incredibly important, again, to have that visibility, to understand that threat so we can drive down risk to the total ecosystem so when something like that happens, cisa will go to assist, working with law enforcement colleagues and folks on the ground so that we can then produce an advisory which provides indicators of compromised information that the technical people can use to then mitigate the threat of those attacks on their infrastructure. it's goodness altogether to have this solidarity from a cyber- specific perspective that is

underpinned by a strong infrastructure that is, frankly, put in place for the past 10 years or so. real-time information sharing and cyber defense collaboration, getting to build on that with was like the assistance fund, are really important. graham: one point from the atlantic council, our cyber statecraft initiatives is going to have its first competition in costa rica this year, which is a workhorse competition for students designed up towards building a more capable workforce not just in the united states, but among partners. one other question from the audience is is the strategy about forming a "coalition of the willing to unite democratic countries against authoritarian countries like china. that is from breaking defense. i'll make that a jump ball. whoever wants to jump on that first. nathaniel: i feel obligated to

jump first. [laughter] [applause] but i will jump briefly. it is intended to offer up an affirmative point of view that others can choose to align themselves with. it's explicitly not oriented around like-minded. it is expressly not oriented around democratic and other. and yes, realistically the united states has a set of adversaries and competitors in the world who adopting a more and more authoritarian set of behaviors in the digital domain, not only on their own, but in collaboration with each other. that is troubling to us, it is coupling to many others. -- it is troubling to many others. this is fundamentally affirmative in its nature. but it enfolds in that context where there is a more authoritarian backdrop to the way the technology ecosystem

globally is now starting to unfold. jen: i would -- i was basically going to say that, but it is all about the context. the strategy talks about the threat environment we are operating in with global cybercrime reaching over $10 t rillion by next year. you have to recognize that. but what makes our nation great and what makes our partnerships strong and robust comes down to our values. everything that makes america what we want it to be as public servants and citizens comes down to our fundamental values, and we recognize that those values are not shared by our adversaries. i do think where the strategy landed with an affirmative, positive vision, is a great reflection of those values and why those values should

ultimately triumph. alan: i think we have a strong track record of success to show the world, the incredible success of the internet as a powerful tool, the new technologies that are developing. there are real challenges that are out there, and that is why it is so important that the strategy addresses how we have an affirmative vision to address and deal with those challenges. i think at the end of the day the most important thing we can do is put out there a positive vision of what the internet and new technologies can be, grounded in our values, and let the world decide. we expect it's a positive vision people will feel good about. graham: to wrap up the conversation, and looking forward, how -- for ambassador fick, how do you measure the impact of the strategy?

and how do you want the bureau to position itself going forward into not just this administration, but the next administration and the next administration after that? and for both of you, how would you want your successor to be interacting with the strategy going forward? nathaniel: so, quickly, i think one of the things that i suspect we all are grateful for is that the national cybersecurity strategy has had a robust implementation plan. like hitting a baseball, you publish the strategy is connecting with the ball, but to put it over the fence, you have got to follow through, and all the follow-through happens after publication day. we have an implementation framework that is going to guide the work we do. one realistic a caveat, of course, is international strategy, you generally control the actors. in international strategy you don't.

it is less deterministic than a national strategy can be. but i think we will see it unfold across all of these lines of effort that are laid out in the strategy. they are all pretty well integrated. we will continue engaging hard in multilateral fora on these issues, we will continue to try to beef up our foreign assistance on technology issues, we will continue building capacity not only in the world, but inside our own institutions, making sure we have tech-capable diplomats at every u.s. vision and the wealth, that are ambassadors and chiefs of mission are increasingly selected with technology integrated as one of the criteria by which they are evaluated, and on and on. alan: i will just say hopefully our successors are still a long time in coming. you can looked a it as a long

arch to our internet policies, cyberspace issues. started back with the original magaziner report in the late 1990's, internet principles of the early 2010, it's the articulation of a positive vision for how we are going to approach the internet and new technology. and i think it's in the spirit of making sure we're putting out, as i said, a positive vision. anybody who is coming in to these roles in the future will be part of that long arc of making sure we're building technology that works for people and is consistent with our values and is a work in progress and this is very much in the spirit of that, this arc of history. jen: totally agree and plus one on the national security strategy which has been deliberately implemented. we'll certainly be releasing our own cyberinternational strategy,

cisa, that comes with assisted measures of effectiveness. we tried to drive it over the past several years to be a much more data driven agency because at the end of the day, our job is to lead the national effort to understand, manage, and reduce to the cyberand physical infrastructure that americans rely on every day. and what really matters is our ability to reduce that risk in a measurable way. so what i hope my successor can see a world of global cyberspace five years from now where ransom wear is a shocking anomaly and the only way we can get there is through robust, globally driven public-private operational collaboration and a technology ecosystem that is built, texted, delivered, and deployed to be delivered and has to be an international endeavor and hopefully is what we'll all see

in the coming years as a result of the great work of my teammates and our teams. graham: we'll invite you back and see how it's going in a little while. director davidson and ambassador fick, thanks for joining us and your work on the strategy and thanks for spending time with us this afternoon. we'll see you online for the next conversation when we check in on the strategy. thanks. [captions copyright national cable satellite corp. 2023]

>> today retired supreme court justice stephen breyer talks about his new book and time on the high court in a conversation hosted by george washington university. watch the fifth and final installment of conversations with justice stephen breyer live at 4:00 p.m. eastern on c-span, c-span now, our free mobile video app or online at c-span.org. c-span now is a free mobile app featuring your unfiltered view of what's happening in washington, live and on demand. keep up with the day's biggest

events of live streams of floor proceedings from the u.s. congress, white house events, the court, campaigns and more from the world of politics, all at your fingertips. you also can stay current with the latest episodes of washington journal and scheduling information for c-span tv network and c-span radio, plus a compelling variety of podcasts and is available at google play and download it free today or visit our website, c-span.org or c-span now, your front row seat to washington any time, anywhere. >> c-span is your unfiltered view of government. including buckeye broadband.