Secretary Condoleezza Rice & FBI Director Christopher Wray talk about Emerging Threats, Innovation, and Security with international partners Director-General Mike Burgess, Australian Security Intelligence Organisation (ASIO), Director General Ken McCallum, British Security Service (MI5), Director David Vigneault, Canadian Security Intelligence Service (CSIS), and Director-General Andrew Hampton, New Zealand Security Intelligence Service (NZSIS) on Tuesday, October 17, 2023 at 10:30 AM PT.

TUESDAY, OCTOBER 17, 2023 AT 10:30 AM PT

>> Condoleezza Rice: Well, good morning and welcome, welcome to the Hoover Institution, welcome to Stanford University. This is a very, very special and historic moment, and we have together, at least for the first time publicly, the intelligence chiefs of what's called the Five Eyes. And I just have to say a word about that before I introduce them.

Obviously, the Five Eyes being the United States, Australia, New Zealand, the UK and Canada. But I was national security advisor on September 11th, and I cannot relay to you the shock of that day to see planes flying into buildings in New York. The Pentagon had been hit, a plane had gone down in Pennsylvania.

We did not know what had hit us, and we didn't understand why. And I just want to say that at that moment, and I'm sure Chris would join me in saying this, to have allies like we had at that time, the Five Eyes very quickly organized to be the backbone of intelligence for us at a critical time for the United States of America.

And I just want to thank you on behalf of the United States for this terrific partnership that we have that protects freedom, protects free peoples. And I know that what you do every day is hard, but we're grateful for what you do, and we're so happy to have you here.

 

>> Condoleezza Rice: So, here at Hoover, we are very proud of the fact that we take on hard problems. We try to bring the best data driven evidence and research to understanding those hard problems. When our founder, Herbert Hoover, thought about what we would do, he talked about improving the human condition.

But he talked about it in terms of improving it in terms of values of private enterprise, of individual liberty, of limited government. In other words, he believed that democracies were at the core of improving the human condition. And as I said, these gentlemen represent, if you will, the eyes and ears of democracy to protect ourselves.

And so, we're gonna have a conversation today about those issues of protection, but also protection of what? Protection of innovation, protection of technological progress, the partnerships that need to be developed with places like ours here at Stanford, where a lot of that technological innovation is taking place. And we'll talk about how adversaries wish to take advantage of the openness of our societies, but how, in countering them, we have to remember that we are indeed open societies, and that's what makes us different from our adversaries.

I'm gonna start by asking our colleagues on the stage to just introduce themselves and maybe just a word about who they are and how they got to where they are. And then I'm gonna do a little round robin of questions, so we'll start at the end.

>> Mike Burgess: Thank you so much, it's Mike Burgess, I'm the Director of General Security, that is Australia's security service.

I'm an electronics engineer that somehow found himself in charge of Australia's security service with no deliberate intent. I've had a background in the private sector and government, principally signals intelligence. But for the last four years, I've been the head of Australia's security service, it's great to be here.

 

>> David Vingeault: Bonjour, my name is David Vigneault, I'm the director of the Canadian Security Intelligence Service. Thank you very much, Doctor Rice, for the invitation. We are here because of a very important topic, but in terms of how we each got into our jobs, the ability to do something every day to protect your citizens, that's been the driving force.

I've had a chance to work in intelligence, national security, and defense throughout my career, and making a difference every day is getting out of bed in the morning. So, thank you for being here.

>> Andrew Hampton: My name is Andrew Hampton. I'm the director general of the New Zealand Security Intelligence Service.

Prior to this role, I headed up for seven years the GCSB, the Government Communication Security Bureau, which is our signal intelligence and cyber security agency. And prior to that, I've worked across government. I to, am very pleased to be part of this event today. One of the key things about national securities is it's a team sport, it requires people working together.

The strong partnership we have across the Five Eyes, but also the partnerships we have across the economy. And I look forward to talking about that more, thank you.

>> Ken McCallum: I'm Ken McCallum, the director general of MI5, the British Security Service. I've spent 27 years in MI5, keeping the UK safe.

Along the way, I have gained experience in other parts of government, but essentially, I am a career spook, having grown up in operational roles in the organization, running human sources, that kind of classic field craft. And latterly, obviously, in more leadership level positions.

>> Condoleezza Rice: Chris, and this is our FBI director, Christopher Wray.

And, Chris, you can introduce yourself in any way that you'd like, but of course, you can tell them that we once worked together before. But I also, why are we here? And why are we here at Stanford? But why are the five of you together at this particular moment in time?

So, over to you.

>> Christopher Wray: Well, so as you say, Condy, we worked together, and you referenced a time that I know is emblazoned on everybody's memory and certainly ours. I've been the FBI director now for a little over six years, I was a line prosecutor for a while.

I was in the Justice Department's leadership on 9/11 and spent most of 9/11 itself, and that night and the day after, and the night after that, and the day after that, and the night after that, in FBI headquarters. And that was a time when the world changed, although it changed kind of overnight.

Today we're gathered together in a way that is unprecedented, what's not unprecedented is all of us getting together, we do that all the time. And we're not only all great partners, but great friends. But what is unprecedented, at least in our experience and knowledge, is all five of these services heads appearing publicly together at one time.

And that unprecedented meeting is because we're dealing with now another unprecedented threat. And there is no greater threat to innovation than the Chinese government. And it is a measure of how seriously the five of us and our services take that threat that we have chosen to come together to try to highlight that, raise awareness, raise resilience.

And work closely with the private sector to try to build better protection for innovation, especially in a place like Northern California, but really across all five of our countries.

>> Condoleezza Rice: Let's start with the threats to innovation, and I'd like to eventually come back to some of the opportunities that we have.

But let's start with how you do see the threats from The People's Republic of China. And by the way, there are other adversaries as well who would be on that dock. I would suspect that the Russian Federation might be a country of concern, not to mention others like the Iranians and others.

It's not just as if China is the only country that's after our innovation, but they've been a particular concern and a particular challenge in some particular ways. And so, I'm gonna start at the end again and ask you, Mike, to talk a little bit about how you see that challenge from the PRC, and why you might see it as different from some of the others that I've outlined.

 

>> Mike Burgess: Yes, certainly, thank you, so I think the fact that we're holding this summit here with the heads of security services and representatives from the tech and innovation sector speaks something about the nature of this threat and our ability to resolve it. And it's important to start that conversation about how we see China and maybe others in the context of I recognize upfront that all nations spy, all nations seek secrets, and all nations seek strategic advantage.

But the behavior we're talking about here goes well beyond traditional espionage. And the threat is that we have the Chinese government engaged in the most sustained, scaled, and sophisticated theft of intellectual property and acquisition of expertise that is unprecedented in human history. And that's why we're together, and that's why I'm, as Australia's security service head, calling that behavior out.

And importantly, we shouldn't be defeatist about this. The Chinese, to their credit, are very clear about where they want to innovate and what they need in their own national sovereign interest, which is fine and entirely appropriate. The problem with that is they're engaged in wholesale intellectual property theft and the acquisition of expertise through means which is exploiting our open and collaborative DNA used against us.

Because it's when that expertise is linked with the intellectual property stolen that harm is amplified. And that threat really does need to be drawn out, awareness raised, so together, we can all do something about it.

>> Condoleezza Rice: Would others like to comment on this particular point, which is how the PRC goes about this?

And by the way, they haven't been exactly quiet about their desire to challenge the United States in terms of technological superiority. Xi Jinping actually gave a speech in which he said that China will surpass the United States in AI and in quantum and in others. So, they haven't been quiet about that, so how do you think, you said they're exploiting our openness, but they also are pretty well organized.

Is that part of the story as well?

>> Christopher Wray: I think the challenge that they present is both scale and breadth. So, scale in terms of, for example, cyber intrusions as part of their means to steal intellectual property, they have a bigger hacking program than that of every other major nation combined.

Combine that with human intelligence operations, which include not just traditional spies engaged in stealing trade secrets from private businesses and research institutions. But also tasking all sorts of non-traditional collectors and recruiting insiders inside businesses and other institutions. And then layered on top of that in the private sector in particular, seemingly innocuous joint ventures, investments, other kinds of transactions which are designed to facilitate or enable the threat.

So, part of what makes it so challenging is all of those tools deployed in tandem at a scale the likes of which we've never seen.

>> Condoleezza Rice: So, on the question, again, I'm gonna just stay with China for a moment because we've identified it as the sort of biggest issue out there.

Why might they be right about what they're trying to do? And then I'll get to the converse step, why might they be wrong? So, why might they be right about what they're trying to do, like to talk about that?

>> Ken McCallum: Now, that's a big and interesting question. As Mike said a moment ago, we shouldn't be necessarily sort of foaming with moral outrage that states look to gain advantage.

But our job is to protect what we see as the crucial advantages that our democratic nations enjoy today. Emerging technologies have such potential to change our world in quite fundamental ways that I think we should all care about where that power flows and goes. If you are working at the cutting edge of technology today, you might not be interested in geopolitics, but geopolitics is certainly interested in you.

And so, my organization, MI5, has for many years, obviously worked to protect government secrets, military secrets. We've worked for generations to protect our national critical infrastructure. But these days, as Chris has been saying, the things that need protecting are way wider than that. It is no longer about government and a small number of large companies.

It is about raw research taking place in universities, just like Stanford, it's about promising startup companies. It's about innovative spin outs doing interesting things off the back of research taking place in our universities. And so, lots of people who perfectly understandably, may not previously have thought that national security had anything to do with them do need to think about this in a new way.

So, that's why we are seeking to work in a different form of partnership and reach lots of people across our nations who haven't previously had to think in these terms.

>> Condoleezza Rice: Well, let's talk about this issue of partnerships, but first I'm gonna ask the other side of my question.

So, they might be right, because it sounds what my friends at the Pentagon used to call a target rich environment. In other words, there are lots of ways that they could access this technology, there are lots of ways that they could steel Ip. Obviously, there are people who do joint ventures, there's university research, there's all of that.

But there is also a question of will they be good at it? Are they going to get this right? And what you're saying is they'll be good at it unless we have a response to it. So, let's talk about what that response might be, because I think one of the concerns is that the response can't be one that compromises our ability to innovate.

And our ability to innovate is also very much driven by our creativity, which is driven by our openness. So, how do we think about dealing with this challenge when we don't want to look like China in doing it, yes?

>> Andrew Hampton: New Zealand has a very open economy, we are a trading nation.

Our tech sector is now our second biggest export earner. And key to driving that growth in our tech sector has been innovation, has been an ability, a keenness to collaborate with others, both for research purposes, also for, for investment. And that's a really, really good thing. The challenge with it though, is that openness, as we've already touched on, presents a range of threats.

So, key part of how we need to respond to that is, firstly, being able to raise awareness about the nature of the threat. So, my agency, a couple of weeks ago, released annual threat assessment which looked at the full spectrum of threats facing New Zealand. But one that we identified and called out was this threat of foreign interference, threat of espionage, including cyber enabled espionage, and identified some of the countries who were doing that, including the People's Republic of China.

But it's all very well to say, well, look, there's this big scary problem there, what do you actually do about it? And key to that is being able to share best practice. How do you go about mitigating those threats? And between our agencies, we've got a lot of knowledge.

And one of the things that is a feature of this summit is releasing some principles to help better inform innovators around the types of threats we face and what they can do about it. But that's only half of the equation. The other part of it is organizations like ours engaging with the private sector, because not only will you be seeing things that we don't see, you'll have ideas on how to mitigate it.

So, for us, the key thing is awareness, having your eyes open and being able to, to share that best practice to manage the threat.

>> Condoleezza Rice: Yes, David, you,

>> David Vingeault: Yeah, thank you, Condy. Maybe another way to look at it, and you mentioned openness before, and I think it's to look at what has made us successful over the years, what has made innovation driving the prosperity and the security of our countries.

And I think what we're trying to do is to be very clear eyed about that, making sure we protect that advantage of openness, making sure that our universities, our research centers continue to operate, attract the talent from everywhere and anywhere around the world, including from China. But you also need to understand that, unfortunately, the rules of engagement, the rules of the games have changed.

We see the PRC, the Chinese Communist Party, passing legislation to force any person of Chinese origin anywhere in the world to support their intelligence service. But it means they have ways, of course, people here in each of our countries anywhere, to essentially tell them and give them the secrets that they are working on.

And so, what we are trying to do here, in the spirit of that partnership, is to take the knowledge and awareness that we have and bring it to you in your own respective way, as experts. Working with government, to find the right frameworks so that we can enable that openness, transparency and innovation.

But at the same time, do it in a way that will protect what is important for us, freedom, democracy, freedom from interference and coercion as well. And I think this is where that partnership is absolutely critical.

>> Condoleezza Rice: Yes, go ahead.

>> Ken McCallum: So, I think that Andrew and David have put it rather well for us in the UK, the center of our approach is partnership.

There's a special part of MI5, the National Protective Security Authority, that looks to share guidance and advice with our private sector, with our universities. And the point of that advice is, it's not a list of things that we sort of draw up in our own bunker in MI5.

Those bits of guidance are co-created with people in the sectors to be pragmatic, to be workable, to avoid stifling the very openness and innovation that you're trying to protect in the first place. It would be a false victory if we made the average startup as hard an intelligence target as MI5 should be.

That's not the aim here, the aim is to work in partnership, and we are confident that we are making progress. So, the five principles that we are launching today, which will be adopted across all of our organizations, are we think an important step in taking that partnership approach further.

Not just to have sort of balkanized approaches within each of our nations, but to do this sort of linking arms together.

>> Condoleezza Rice: Are you gonna keep us in the dark as to the five principles?

>> Ken McCallum: So what I would say is, if you-

>> Condoleezza Rice: Apparently, this was supposed to be released later.

All right, I get it now, all right, yes.

>> Ken McCallum: If you think this applies to you, please go on the website and have a look at the guidance. I can reel off the principles if you wish, but it's probably not the best use of your finite time, Dr. Rice.

 

>> Condoleezza Rice: I don't know, no.

>> Ken McCallum: Sorry, Dr. Rice, if I may, sorry.

>> Andrew Hampton: A key theme running through the principles and what we've talked about is, there's a real risk to think that you have security at one end and innovation at the other. And it's very difficult to find the middle ground when the reality is they're entirely compatible.

Innovation is key to national security, we rely on innovation to be able to keep ahead of the threat. At the same time, innovators will have more valuable, more marketable products if they build security into it at the front end.

>> Condoleezza Rice: Good, let me turn to the technologies themselves.

And there are really kind of two parts of this. One is, to the degree that you can talk about it, what are adversaries most interested in trying to get their hands on, so to speak? These emerging technologies are pretty remarkable when you think about what AI is and can do.

One of the ones that we follow very closely here at the Hoover Institution through the work that we do with a bioengineer, Drew Endy, is the emergence of synthetic biology. And there we have not just whether somebody might try to steal it, but whether somebody might try to use it.

Because if you think a pandemic right now looks bad, think about a pandemic that is actually tailored to a population or the like. And so, you've got both the protection in the sense of not having people use them in adverse ways, but also what are they trying to steal so that they might be able to use them in adverse ways.

So, talk a little bit about what you're seeing out there on that landscape in terms of these emerging technologies. By the way, a little bit of a commercial for the Hoover Institution. We are going to release on November 14th, the Stanford Emerging Technology Review, Jennifer Whittem, the dean of engineering, and I are co-chairing that.

It's Hoover's opportunity to work with our scientists and engineers to identify where these emerging technologies are going, AI, nano quantum space. And to then make that available to policymakers, so that when you give these briefings, perhaps they'll understand a little bit better what it is you're talking about because I won't speak for the other capitals, but I do know in Washington, people have learned to spell AI now.

I'm not quite sure that they know what it means. So, let me turn to this question of what you're really seeing out there in a little bit more granular way.

>> Christopher Wray: So, obviously, in terms of which technologies, the list probably wouldn't surprise anybody here. Obviously, it's AI, its quantum, its biotech, it's robotics, its autonomy, which is a variation on some of the same.

But with almost every one of these technologies, we have sort of the same reaction. The first reaction is, wow, we can do that? And then, no, yes, Wells can do that, and we're constrained, and very proud of the fact that we're constrained by the rule of law, but what we worry about is adversaries who don't have those constraints and can get access to the same technology.

So, take something like AI as an example. Obviously, we're all looking to try to use AI to try to advance our own operations, but we're constrained, and we're trying to do that very thoughtfully and in a measured way. We worry about AI as an amplifier for all sorts of misconduct.

Taking right now where it's most dangerous is essentially taking junior varsity bad actors and bringing them to the varsity level. But in fairly short order, we're going to be seeing AI taking the varsity level athletes and taking them to a whole other level of dangerousness. But you could use AI now to find vulnerabilities that can be exploited, AI to write code to exploit those vulnerabilities.

AI to conduct more sophisticated sphere phishing efforts, which the Chinese, among others, use very actively. AI to enhance things like virtual kidnappings, where parents get a call, and they think their child's been kidnapped. But now AI can mimic your child's voice, so it sounds even more credible. Those are just a few examples, we're also worried about the theft of AI, because America leads the world in AI technology, and so the Chinese are keenly interested in stealing our AI.

And so, then when you come back to China, it's sort of the convergence of those two things together, the theft within the ability to misuse it, and in their case, AI since they have stolen more personal and corporate data than any other nation by orders of magnitude. If you then think about what AI can do to help leverage that data, to take what's already the largest hacking program in the world by a country a mile and make it that much more effective, that's what we were.

 

>> Condoleezza Rice: Yeah, more data training the model on more data, yeah do you want to go at this again?

>> Ken McCallum: So, when it comes to AI use by our adversaries, I think there's a limited extent to which I want to give good ideas to bad people. But as Chris has reflected there, there is real concern amongst our organizations that AI, over time, and potentially sooner than we might think, will give various of our adversaries both sophisticated adversaries.

And less sophisticated adversaries' new ideas, new access to dangerous knowledge. Coming back to something you mentioned towards the start of our conversation. The flip side, of course, is that used ethically, lawfully, intelligently, AI can help organizations like ours protect our societies. In MI5, for example, just to use an example, that's not right at the cutting edge, but just gives a flavor.

We collect thousands and thousands of hours of audio data in lots of interesting places every week, every month, I won't get into. You can imagine the tiny microphones that we might plant lawfully in certain locations to achieve that. But what that means is we end up with a lot of audio product that we need quickly to translate into knowledge that is searchable.

And the best means of doing that is to have AI scan across the material that you have, translate it into the language that you need to analyze it in, and rapidly pick out the things that might be clues to activity of concern. So, all of these technologies, even in our particular domain, present real opportunities as well as risks?

 

>> Condoleezza Rice: Yeah, I think that's really always the case, you've got opportunity, you've got risk. And we're gonna talk more about mitigating the risk, but I wanna go more to the opportunity side, since you've raised it. One of the criticisms of government, not just intelligence, but of government in general, is that it is not fully exploiting the emerging technologies on behalf of our democracies because I could make the list.

Bureaucracies are slow to adapt, procurement processes are really very, very difficult. If you're a young company sitting out here in Silicon Valley and you don't have an army of lobbyists to go and sell your product, you really can't deal with 18-month requests for proposals. And so, in fact, agencies like yours, or agencies, certainly the Pentagon, are missing the opportunity to do what you just said, Ken, which is to take what's out there, maybe even take it off the shelf and use it to good purposes.

So, while we're thinking about how to keep the Chinese from stealing, are we fully exploiting our own technological advantage? I'll tell you just a quick little story, we're talking about the sad events in the Middle East these days. But as you know, small satellites are making a huge difference now in coverage all out of the private sector.

What it takes our NRO, our national reconnaissance organization, to build a satellite is kind of like building the great pyramids. Now, when you think about that, think about me as national security advisor, when I was actually trying to get the Israelis to stop building settlements outward. And had I been waiting for overhead imagery from the intelligence community to do that, I might have been waiting for a long time.

Instead, I was doing what was called Google Earth, so I would point and say, it looks like to me that's going sideways. So, using these technologies, that can be very valuable, how do you think about that? You've mentioned that MI5 is trying to do this, how about others on this?

Do you want to start? And we'll come back this way, Mike and then David, and then.

>> Mike Burgess: Firstly, I think, yes, you raised a great challenge to us in this line of business and in government, of the challenge of how you use the best of what's out there and how do you move quickly like the private sector does.

I think that's one of the great strengths of innovation in tech sector. We do move quickly and it's brilliant to see, and we do, like our colleagues here, look for the opportunity and we will use AI. But can I just throw a different perspective on you because your challenge is absolutely right.

Remember, we are security services, we're subject to the rule of law and we live in a democracy that we're trying to protect. We also have to consider, if we just massively engage rapidly on new ideas, our license to operate might be questioned, because you might go to, I'm sorry.

It's great that that gives my organization the ability to quickly find a threat to security. Now, we will do that proportionately, but others in our society would rightly go, hang on, you're gonna do facial biometrics on everyone in the country at any moment in time, cuz it would make our job easier, I'm not suggesting we do that.

I'm not asking to do that. But you can see how we have to counter that in terms of our license to operate. But of course, we do look for the opportunity and actually we are. I mean, I've created in my organization an office of future technical adviser to me.

And we are challenging ourselves cuz one of the most favorite, most popular phrases, my own workforce, because they're great people, well trained to do great work every day, is that's not how we do it. We're trying to disrupt ourselves by rapidly adapting bright ideas from the private sector, applying to our mission.

But in a way that's considerate of our license to operate and the fact that we have to be proportionate to the threats we face, and everything we have to do is lawful.

>> David Vingeault: Yeah, I do I totally agree with Mike's point, one of the largest impediments for us is cultural, is essentially finding a way for our officers or our experts to think differently.

Our engineers and computer scientists, to think that they do not necessarily need to develop their own technology to be able to apply it in a way, because the innovation and the pace at which the private sector will innovate will never be able to do that. The question is, how can we legally, safely operate with these technologies in our environment with the oversight that we have and so on?

But that cultural reticence from our organization is something we need to break. The fact that we have top secret clearances that we operate in an environment we're very comfortable with, so breaking down these silos is one of the most important aspects that we can do. And that's why we are here, that's why we want to engage.

And each and every one of us are spending a lot more time working with in the past called nontraditional partners, universities, research centers, venture capital, to be able to do all of this. And this is the kind of ecosystem that if we go back to the openness of our system and the opportunities, that's the only way we'll be able to be prosperous and secure in the future.

 

>> Condoleezza Rice: David, you had with you folks from the private sector when we had dinner last night, talk about how it's been in engaging that part of the community. Are people open to the idea? Now, we did have some stories here in the valley a few years ago about companies that did not wish to engage with the Pentagon or the intelligence services or whatever, so the cultural change is needed on both sides.

But are you having success on the private sector side?

>> Christopher Wray: I'd like to think so, but I think it requires a high degree of humility. We come with a lot of stigma attached to what we have been doing. We come with, after 911, there are a number of practices that have been put in place in each of our organizations that may not have tested with the passage of time, have resulted in the kind of outcomes we wanted, but we need to overcome that.

And I think one of the best way is to engage in a very personal way. So, we have been engaging with our business community. And when five, six years ago when every analyst would continue to say that investment in China was absolutely the way to go. You would go to Bay Street or Wall Street, and that was the thing to do.

And we would come from the intelligence community and say, well, wait a second, there are this aspect. There is this new legislation, there is these practices. But again, we need to go out of our way to give concrete examples because it's not enough to cry wolf. We need to be able to engage and unfortunately, or fortunately, depends how you look at it.

But the PRC has been, and Xi Jinping has been the best advocate for all of us to do more of what we do because they've been so bold about what they're doing, how they have been stealing intellectual property. How they have interfered in our democratic processes, how they have been engaging on campuses, of all places to interfere.

So, I think the job has been done to a large extent also by the PRC to show what the threat was. And we have not talked too much about other actors, but it's the exact same thing with Russia, for example now, post-invasion of Ukraine, everybody's put a lot of sanctions on them.

One of the things we try to do with the private sector is to say, be on the lookout because now what they cannot do through a front door, they're gonna do it through the back door. So, front companies, agents, that's gonna be cutting out from different countries to get the technology.

I'll finish on that, we had a very difficult discussion with a business leader in Canada where we essentially were able to show that person that we had discovered, working with our Ukrainian partners, that some components of iTECH guidance had been used in Russian drones to kill Ukrainians. And absolutely unbeknownst to that business leader, and so that engagement, us taking that information, finding the right way of having classified information share with those individuals, a tangible example like that goes a long way.

 

>> Condoleezza Rice: Yeah, good Hampton, yeah.

>> Andrew Hampton: Both in my current role, but also in my seven years in the cybersecurity and signal intelligence agency, I've seen significant changes on both sides, both on the agency side and on the private sector side in terms of engagement around national security issues.

Agencies like ours do need to show that we have something of value to offer, and often that is knowledge about the threats, the sharing of the best practice that we have talked about. It's also us being open to different ideas and different ways of doing our jobs than we traditionally have.

So, when I started in the business, there was a big focus on we had to build everything ourselves. Increasingly, we're now using open-source products or products that we get from the private sector. In the area of regulation, gone are the days where agencies like ours can prescribe to private sector, the steps that they need to take to manage their risks.

It's more focused on, well, what is the outcome that we're all trying to achieve and how can we work together? But when you get the balance right, agencies like ours, bringing our national security expertise to the table in the private sector with their scale and impact, when it works well, it is really impressive.

In New Zealand, our cybersecurity agency has entered into a series of partnerships with a range of managed service providers and network operators, where we provide them in real time with cyber threat feeds, which they then scale out to all of their customers. They provide a reach that we never would be able to, it's an example of security by design.

That's what we want to do cuz national security has to be a team supporter. It can't be left up to agencies like ours.

>> Condoleezza Rice: Absolutely, yeah, Chris?

>> Christopher Wray: Post 911, everybody talked about a paradigm shift in terms of how we approached security. And I think that we are now in the midst of a paradigm shift in the way in which services agencies like ours engage with the private sector.

To make that a little more concrete, the FBI has an entire office of the private sector with an assistant director who meets with me every morning. Every field office, all 56 field offices, have a private sector coordinator and an academia coordinator. Our cyber squads are out constantly engaging, sharing information with companies to try to help them better.

Not only harden their infrastructure, but often some of the more sophisticated companies are now working with us to conduct joint operations to disrupt adversaries. And along the way, the conversation has started flowing more and more in both directions. So, to your point about opportunities for innovation, we're coming in with the mindset of, we're here to help you and how to help you protect yourself.

But now more and more companies are starting to say to us, we've got this great idea about how you can be even better at protecting us. And so, I think that's the sort of virtual cycle that we're trying to accelerate, and we're seeing it happen more and more.

I think part of the reason it's so important to have this topic focused on in a place like this is because so much of the innovation is happening in very small startup type companies. And somewhere between four guys in a garage and a big thriving business is a transformation where the technology has advanced to the point where it's of keen interest to China in particular, but also other adversaries.

But the sophistication about protecting that innovation hasn't grown with it. And so, we're constantly looking for ways not just to engage with the big blue-chip companies, but the VC community and companies that are more at the front end of a lot of these technologies, cuz that's where the innovation is, that's where the attack surface is moving.

 

>> Condoleezza Rice: Well, let's talk about this place and places like this, because the private sector, we've talked about some of the cultural impediments to dealing with it on both sides. Maybe those are finally starting to be overcome, universities are a very special part of the ecosystem as well. Stanford in particular is a big part of the innovation system, the innovation ecosystem, and has been for our entire history, really.

And it sort of defines Stanford, that this is a place where people make discoveries, they find a way to put them into the mainstream in terms of commercialization. They spawn companies like Hewlett Packard and the Sun Microsystems was actually Stanford University network and Google and others, through our graduate students, through our students, through our faculty.

That's kind of who we are, and so then we sit with our colleagues, and they say, well, but that's great, and you need to keep doing that. But you need to be aware of how others might exploit that. And if openness is the hallmark of democracies, super openness is the hallmark of universities.

I can tell you, having been provost, that nobody actually runs a university, you need to understand that. So, in our environment, how do you think about us, the university, and how do you think about engaging us, the university, recognizing that universities are made up of lots of people in lots of places, most of whom operate pretty independently.

So, you all have universities that you're trying to do this with, but I'm gonna start with you, Chris, and we'll just go right down the road.

>> Christopher Wray: So we have, I think, found over time that using openness in a different sense to go along with the openness you're describing, which is more information sharing by us with universities about the threats.

And that can take either the form of things to be on the lookout for, so universities can make more thoughtful decisions, or in the case of specific targeting, very specific technical indicators, things like that, of a particular compromise, whether it's human or cyber. But the approach, again, is to try to share information to be more open on our end with the universities so the universities can make decisions to protect themselves.

Because at the end of the day, the same information that we're trying to protect from a national security perspective, is intellectual property that represents really hard work and research by academics in an institution like Stanford. And so, what we have found, and I've seen it firsthand over the last six years, is that more and more universities have responded well to that and have reciprocated by wanting to engage more.

We have universities around this country now where they've set aside office space for the FBI, a decade ago, that would have been unthinkable.

>> Condoleezza Rice: Not yet Stanford.

>> Christopher Wray: Well, it's a very competitive institution, peer pressure.

>> Christopher Wray: But I think the reason is they've recognized the value of that.

And I think, to be blunt about it, obviously, a lot of the most sensitive research is federally funded, and the federal government agencies, not like security services, but the grant making agencies have become more surgical and more thoughtful and more precise about what it is that they expect if taxpayer dollars are going to be used.

There's nothing inherently wrong with talent plans. But talent plans, if abused, are vehicles to steal intellectual property to fund China's resurgence at American taxpayer expense. So, the more we can have the virtues of openness without the pitfalls of naivete has kind of been the focus we've had.

>> Condoleezza Rice: And you've been very vocal, and I wanna give you a chance to say it, because some of the early efforts seem to imply that ethnic background was a reason to be suspicious.

And obviously, in the United States of America, we don't judge people by their ethnic background. And to the degree that Asian Americans felt somehow that they were in the crosshairs, I've heard you address it, would you address it now?

>> Christopher Wray: So, I have tried every time I've delivered prepared remarks to add this, which is for us, this is the threat we're talking about, is the Chinese government, the Chinese Communist Party.

It's not the Chinese people, and it sure as heck is not Chinese Americans. In fact, an awful lot of the time, the victims of the CCP's efforts are Chinese Americans. And we haven't talked about it a whole lot yet in this summit, but to go along with the theft of innovation and intellectual property is essentially transnational repression, where the Chinese government, reacting very much to the openness we have, openness allows dissent and criticism of the Xi Jinping regime.

And if there's one thing they can't stand, it's criticism. And so, a lot of times that criticism is coming on campuses, and they've engaged in efforts that some of these are, we've talked about publicly, where you have a Chinese American student in a major university who dares to speak glowingly about the Tiananmen Square protesters.

And within less than 24 hours, the Chinese security services pay a visit to his family back in China, and his parents call him frantically, saying, whoa, what are you doing? It's one thing to repress their population in China, but to then bring it here into the United States, onto our campuses, I think underscores the difference between Chinese Americans as not the culprits, but in many cases, the victims, and the Chinese government, which is absolutely the biggest threat this country faces.

 

>> Condoleezza Rice: Let me ask, if we go down the line here, there's another aspect of the university which is talent. And as we've talked about these emerging technologies, you talked about the engineers, there are a lot of those people here. How do you recruit the best talent when you've got lots of competitors for that talent, you have great universities as well.

Ken, why don't you talk a little bit about the talent recruitment issue?

>> Ken McCallum: So, MI5 and its partner agencies in the UK, we look to recruit the best talent based on the compelling nature of our mission, we are there to keep our country safe. When people join MI5 on their first day and I get the chance to talk to them, I say, look, you are not gonna be a billionaire working here.

You're certainly not gonna be famous, but you will have the chance to spend your talent working alongside other dedicated, selfless people in a noble cause. And that is the primary way in which we manage to reach very talented people who undoubtedly could earn more in other walks of life.

But we do succeed in managing to recruit and retain some really capable, talented people. And it's a pleasure for me to have a moment here to pay tribute to them. Alongside which we also work in close partnership with talented people in other contexts, in universities, in startups, in larger companies, because we don't always need to have all of the talent sort of locked into our permanent workforce.

And so, that ability to partner is central booth to the way in which we try to help our economy protect itself, but it's also central to how we harness the best innovation. So, we do obviously need to have significant numbers of capable, talented, specialist people inside MI5, but that's not the whole story, the partnership piece is the other bit there.

And just briefly on your previous question around how we work with universities, so alongside the five principles that we're launching today, in the UK, we're launching our secure innovation guidance, which is aimed at startups and investors. That's one of our campaigns. We already have a campaign called Trusted Research developed in collaboration with our academic sector, and that campaign has really helped shift the conversation.

We recently did a survey, and 84% of the universities who'd received that guidance have adjusted how they make decisions, how they think about some of these threats. It would be crazy for any of us to try to close down the fundamental openness of our universities. But you probably don't want a PhD student in advanced robotics to be sponsored by the People's Liberation Army in your university.

And so, this is not about changing the dial on the overall default towards open collaboration, joint research, that sort of expeditionary attitude that academia must rightly prize. But it is about having your eyes open to the most egregious forms of risk.

>> Andrew Hampton: There definitely is a war for talent on at the moment, and talent's probably winning at the moment.

There's high demand for the people with the skills and expertise that we need. Like the others, we have had quite a bit of success in attracting great people to come and work for our agencies, and partly that is because of the mission. We've had to pay our people more to be more competitive.

But there's another aspect of talent, which is really fundamental to the New Zealand agencies, and I think to the Five Eyes agencies, as well as having a workforce that better reflects the communities that we serve. So, our workforce is looking less and less like me and more and more like the diverse country that New Zealand is now.

Now that's fundamental for a few reasons. Firstly, we want the best people from any ethnic background to come and work for us. Secondly, we want to have the diversity of thought that comes with those different backgrounds, those different experiences. Third one though is its fundamental to public trust and confidence, which we've talked about for agencies like ours who operate mainly in secret, who have intrusive, but authorized powers.

The public doesn't always get to see everything we do, so they need to be satisfied that the people inside the organizations broadly reflect their values. So, we've been doing a range of things like scholarships, grad programs and the like to really both grow a diverse workforce, but just as importantly an inclusive workplace where that difference is valued.

And I think that's another one of the strengths that our Five Eyes agencies have compared to some of the countries we're concerned about.

>> Christopher Wray: When it comes to recruiting, I would say three things, mission, challenge, and variety. So, our mission is to protect the American people and uphold the Constitution.

And I will stack that mission up against any companies or universities, quite frankly, anywhere in the world. Challenge, in working for the FBI, you get to go up against the most sophisticated adversaries, the PLA, the MSS, the FSB, child predators, cartels. And you get to do things to those adversaries that if you tried to do them in the private sector are probably illegal.

 

>> Christopher Wray: So, those who embrace challenge, I think are attracted to the mission. And then the third is just the sheer variety, you can reinvent yourself 100 times over in the course of a career in the FBI. And I think all those things combined help make up for the fact that we can't pay nearly as well.

 

>> David Vingeault: So, maybe to go back to your initial question, Kandi, about how do we engage with universities? I remember my first meeting probably five, six years ago with the principals of the largest Canadian research universities, and it was a very one-way kind of engagement. People were very, very uncomfortable with the discussion, not much back and forth.

But as soon as the meeting finished, literally one of them wanted to have a one-on-one discussion, because they knew the issues they were dealing with. They had a very sophisticated understanding of some of the challenges, except they were not comfortable talking about them. And when we talk about genuine engagement, then you continue, you engage, you engage to the point now that it's them asking us, how can we work together?

And one of the concrete way in which we have done that in Canada is through the engagement and the intelligence service providing information to government. We now have new security guidelines for granting councils. So, we're not telling people who they should hire or not hire, but we tell them, if you're working for one of those seven universities in the PRC associated with the People's Liberation Army, again, it's probably not a good idea if you're working in cutting edge technology in the university.

Because what we have seen, and in this way, China has been very transparent, is that their legislation, they are telling the world what they are. They also have been clear about the fact that Xi Jinping is chairing the commission that integrates military and civilian technology together for the advantage of having the PLA surpass the United States military and all of the western military in terms of technology and capabilities, that's a stated goal.

So, that means everything that they're doing in our universities and new technology, it's going back into a system very organized to create dual use applications for the military. So, that's why I think working in partnerships, we will not want to tell people what they should do or should not do, but we wanna give them as much clarity as possible.

And I think when we get it right, we know we're gonna have to come back at it again in a narrative process. And I just want to also endorse what my colleagues have said about not stigmatizing anyone. It is indeed the policies and the ideology of the Chinese Communist Party.

It is the corrupt approaches of the Russian regime under Putin that is the real problem. So, we have to be very careful not to attach etiquettes to people, thank you.

>> Mike Burgess: Two aspects, obviously, the open three collaboration, which is fundamental to academia, that needs to be protected. It's one of our nation's greatest strengths.

But sometimes I recognise in our business, when we're talking about these threats, it's taken by commentators as we're anti that, we're not. Just like we're not anti-Chinese people, we need to protect this and how we work that, as we explain the threats to the research and academic community.

We've got to have a shared understanding of your sector and the shared values. And when we see those alignment of values, we actually find great connection and we see positive benefits. Those things really do need to be protected, we are not anti-innovation. And in my remarks, I deliberately talk about intellectual property theft at a scale which is unprecedented, and expertise acquisitions through legitimate, open and free academic exchange, joint ventures and acquisitions.

And it's when those two things come together, because the sinister element of China has a right to be prosperous, China has a right to innovate, not trying to stop any of that. We're not trying to contain that, my nation has benefited greatly from China's rise, and actually we'd like to benefit from that as it continues.

Of course, there are some things which are unacceptable and wholesale intellectual property theft and mischievous acquisition of expertise that links those two together, where the harm is amplified. That's what we're about, that's what we're trying to call out, and that's what we're trying to work with you to prevent.

Finally, on the recruitment side, like our colleagues here, we have no trouble attracting people. We go with the market on losing people, that's understandable, but we're pretty good in that space. And when people do come to us, they know they work for an organization where they can do things which they can't do anywhere else.

And that sense of purpose, protecting Australia and Australians with threat to security, is the thing that holds them. And when we do lose some of them, actually, that's still okay, because they go off into the private sector or elsewhere and they have a security mindset that benefits you all, that's a pretty damn good thing.

 

>> Condoleezza Rice: I'm gonna ask Chris, as our convener of this wonderful group, to say the last word. I just wanna say one thing, which is, thank you for coming to the university to talk about these things. I think I speak for all of my colleagues, that everybody wants to be on the right side of this.

We want to do so in accordance with our values, with the way that we've innovated over the years. But there are very few people any longer who are blind to what the PRC is doing. As you said, Xi Jinping has made it pretty clear, it's also the case, I've studied geopolitics all my life, I've studied technology all my life.

And these technologies are of a level, and of an importance both in terms of the opportunity they present and the dangers that they present of something like we've never seen. But I sometimes do the thought experiment, what if Nazi Germany or the Soviet Union had won the nuclear race instead of the United States?

We might have lived in a very different world, and so these technologies are critical, and this is a very different relationship for the United States and our allies. I'm often asked, is this a new cold war? I tell people, no, it's harder because the Soviet Union was a military giant, but it was an economic and technological midget.

This time around, we have a competitor, an adversary who's technologically, militarily, and economically likely to be our equal. And so, mobilizing free peoples to do what we do best, which is to out innovate them, out compete them so that this comes out right for history, I think, is very critical.

And thank you for what you do every day to try to make that true, and Chris, you'll get the last word.

>> Christopher Wray: Well, thank you for that, I'm grateful to Hoover and Stanford for helping us put on this unprecedented summit. I actually, despite some of the things we've talked about, I'm actually quite optimistic, which is not something you always hear from security service heads.

But part of the reason I'm optimistic is because I think we have advantages. The advantage we have, you see it up here on this stage, partnerships that are true partnerships that are based on shared values, on mutual trust, on a commitment to collaboration, on genuine friendship. And I will stack that kind of partnership against the sort of transactional partnerships that the Chinese government attempts to stand up with Russia or Iran any day of the week.

And what we're seeing and have seen over the last few years is that same kind of partnership developing, and growing, and strengthening between our agencies and the private sector, our agencies and universities. Our agencies and our counterparts who are not maybe part of the Five Eyes, but who are close friends and partners of all of ours.

And the awareness that I see across all those audiences and the desire to partner against the threat is something that makes me optimistic. I'm confident that partnerships based on collaboration and trust and teamwork are gonna outperform coercion, control and pressure in the long run.

>> Condoleezza Rice: Right, well, thank you very much, and please join me in thanking our guest.

 

Show Transcript +

Upcoming Events

Wednesday, December 4, 2024
artificial intelligence
Watermarking for AI-Generated Content
The fifth session of Challenges and Safeguards against AI-Generated Disinformation will discuss Watermarking for AI-Generated Content with Xuandong… HHMB 160, Herbert Hoover Memorial Building
Wednesday, December 4, 2024
Ideas-Uncorked
Health Care Policy In The New Trump Administration And Congress
The Hoover Institution in DC hosts Ideas Uncorked on Wednesday, December 4, 2024 from 4:45–6:00 pm ET. The event will feature Hoover Institution… Hoover Institution in DC
Friday, December 6, 2024
Emerging Technology And The Economy
The Hoover Institution cordially invites you to attend a conversation with President and CEO of the Federal Reserve Bank of San Francisco, Mary C.… Shultz Auditorium, George P. Shultz Building
overlay image