Colonel Peter Hayden on U.S. Cyber Command & National Security

Col. Peter Hayden on U.S. Cyber Command & National Security

 [00:00:00] Albert Cheng: Good morning, good afternoon, good evening to all of you wherever you’re at. Welcome to another episode of the Learning Curve podcast. I’m one of your co-hosts this week, Dr. Albert Cheng from the University of Arkansas. And with me co-hosting this week is Justice Barry Anderson. Justice Anderson, nice to have you back.

[00:00:39] Justice Barry Anderson: It’s great to be back. I’m coming to you, live from the Minnesota Judicial Center, where I’ll be finishing my employment here. I’m retiring from the court on May 10, so it’s accurate for the moment to describe me as a member, as an Associate Justice on the Minnesota Supreme Court, but very soon it’s going to be a change in status to retired member of the Minnesota Supreme Court.

[00:01:00] Albert Cheng: Well, congratulations, and I hope the last few days and weeks of your tenure are an enjoyable one.

[00:01:07] Justice Barry Anderson: It’s been a fascinating career and worthy of a podcast maybe someday. We could talk about that.

[00:01:12] Albert Cheng: Ah, okay. Alright, you heard it here first, folks. the retired justices. Anyway, let’s talk news before we get to the rest of our show.

[00:01:20] We’ve got an exciting show, exciting guest, Colonel Peter Hayden, going to talk to us about cybersecurity. But before we get there, I wanted to point out an article that talks about school spending. I know it’s a topic that comes up pretty often, but the U.S. Census Bureau, in a press release, just revealed some new numbers.

[00:01:40] And so, the top line result really is that per pupil funding increased about 9% From 14,000 in 2021 to about 15,600 in 2022. And so, for listeners who want the scoop of what some of the latest numbers are, go check out that article, check out that press release. If you’re in the know about some of these numbers, I don’t think these will surprise you.

[00:02:05] But if school spending, school funding is new to you, chances are you probably underestimate some of those numbers. And actually, they even highlight some states with the highest per pupil spending averages, New York. Tops the list at almost 30,000 per student. DC is about 27,000, New Jersey 25,000.

[00:02:24] And certainly there’s some districts, even within those states, that spend a lot. New York City alone spends about 36,000 per student. So anyway, if you want to the latest scoop on some of those numbers, check out that article and press release.

[00:02:37] Justice Barry Anderson: I want to comment, Albert, briefly on this, because way back in my wasted youth, one of the high school debate topics was reforming education.

[00:02:44] So we’ve been arguing about education spending, per pupil education spending, pre K to high school graduation, many years, decades, going back now probably a half a century, and one of the interesting things about that debate is, at some level, obviously, there’s a minimum amount of spending you have to engage in to So, I think that’s a great way to provide quality education, but how effective it is and what the sweet spot is varies from state to state.

[00:03:09] So, the statistics are interesting, but when you dive into the statistics in your individual state, and you start looking at rural districts versus urban districts, various other categories. There’s all sorts of data there with which to argue about what we should be doing relative to education spending.

[00:03:25] So, rarely is it just simply a matter of the top line number, which is often what we get. So, I encourage listeners to pay attention to the deeper dive on that data.

[00:03:36] Albert Cheng: That’s absolutely right. Speaking of decades, this is actually the largest increase in the past two, year to year. Two decades, but yeah, you’re absolutely right, Justice Anderson.

[00:03:44] Look, we’ve got friends that make a whole career out of trying to study school finance and the complexities of that.

[00:03:49] Justice Barry Anderson: So that’s exactly right. And I’d like to point our listeners to a article written by an Eric Wernie. Professor Wernie is. He’s an associate professor in the Education Economics Center at Kennesaw State University, and I hope I pronounced his name correctly, apologies in advance if I haven’t, but he’s written a piece for Education Next entitled, A School Sector in Search of a Name, which is really a fairly long piece talking about the history of what do we have and what do we call schools between homeschooling and education.

[00:04:19] Traditional five day a week public schooling. He notes that we call them micro schools, we can call them hybrid schools, cites several examples of these where parents gather to educate their children collectively, and he goes all the way back to an April 1971 issue of Stanford Law Review where They talk about communities of territory, and ultimately he concludes that what we should be calling these institutions are community crafted schools, and he points to a really interesting comparison, don’t run out and have your children drinking craft beer, but he points to the craft beer industry, which, appeared out of nowhere, And is a micro brewing kind of operation, noting that what these schools are doing is very similar to what is done there.

[00:05:04] Except that with the schools, the goal is education, and one of the great things about this piece is it’s very neutral. He’s not trashing public school education, he’s not saying that there aren’t other alternatives that work, or if you prefer homeschooling or something else, that those aren’t the ways to go.

[00:05:21] But he lays out what some of those developments have been and how we should look to the future here. So, I thought it was a very balanced and fair article and I recommend it to people. It turns out education is much more complicated than walking to your neighborhood school and the opportunities are out there in ways that we didn’t really anticipate decades ago.

[00:05:42] Albert Cheng: Oh yeah, we’re just in the middle of a paradigm shift, really, about how to think about education. And yeah, I really enjoyed reading that article as well. Of course, the craft beer metaphor, I think, was excellent. But there’s an issue of what we, what do we call all these new models of education that are emerging?

[00:05:57] So anyway, great read, and I enjoyed that article as well. Well, that’s the news for this week. Stick with us because coming up after the break, we’re going to have Colonel Pete Hayden talk to us about cybersecurity.

[00:06:22] Colonel Pete Hayden serves as the General Counsel of U.S. Cyber Command at Fort Meade, Maryland. His previous assignments include Strategic Initiatives Officer for the Army Judge Advocate General. Deputy Legal Adviser for the National Security Council, General Counsel for the 10th Mountain Division, including deployment in support of Operation Freedom’s Sentinel.

[00:06:44] Deputy Legal Counsel to the Chairman, Joint Chiefs of Staff, and Associate Professor of International Law at the Naval War College. In Newport, Rhode Island. His military decorations include the Defense Superior Service Medal, the Bronze Star Medal, the Presidential Service Badge, Joint Chiefs of Staff Identification Badge, and the Parachutist Badge.

[00:07:05] He is a graduate of Colby College, Cornell Law School, the College of Naval Command and Staff, and the National War College. But before we go on, I just want to give a disclaimer, that Colonel Hayden has asked us to, provide. And so let me read that for us.

Colonel Hayden, I just want to remind folks, this is speaking in his personal capacity, and his comments do not necessarily reflect the views of the Department of Defense, U.S. Cyber Command, or the U.S. Army. Colonel Hayden, it’s a pleasure to have you on this show. Welcome.

[00:07:17] Pete Hayden: It’s an honor to be here. Thank you very much for taking the time.

[00:07:20] Albert Cheng: Let’s start by maybe doing a little bit more introduction about yourself to our listeners.

[00:07:24] And I just read your bio, but tell us a bit more. Share with us where you grew up, how you decided to enter military service and your own personal journey through the U.S. military.

[00:07:34] Pete Hayden: I grew up in Western Massachusetts, in West Springfield, Massachusetts, where I played soccer and ran cross country and did all the things that a lot of boys do.

[00:07:43] I was an active Boy Scout. I got to work at Boy Scout camp where I was a lifeguard growing up. Off to college and law school. And I went straight through, and at law school I tried, I did what a lot of law students do, which is during your second summer, you work at a big firm, and I tried that, but I really decided that I’d move more towards public service, and so I was looking at district attorney’s offices, or U.S. attorney’s offices, And I hate to say it, I saw the movie A Few Good Men with Tom Cruise and Kevin Bacon, and it had just never occurred to me that practicing law in the military as a prosecutor was a thing, but, as a guy who was a Boy Scout and who grew up in uniform from the age of seven, it really wasn’t that difficult to transition, so I thought I’d try that.

[00:08:27] My plan was to do three years as a military prosecutor. I was assigned to the 101st Airborne Division at Fort Campbell, Kentucky. I was going to do three years and get out, and I had one of those moments that was life defining. Our brigade, a brigade is about 5,000 soldiers, and it has all of the logistics and the infantry and the artillery and the helicopters.

[00:08:46] So our brigade went and did a two-week training exercise at another post a long way away in Louisiana, where we have a fake country set up with role players and bad guys, The idea is to train a brigade how to conduct counterinsurgency operations. This is back in 1997, before counterinsurgency was a thing, but the point was to train a brigade how to do this.

[00:09:06] And the commander took me as the lawyer to handle all of the legal issues that came up in the course of the exercise. And so, I wound up handling investigations of accidental discharges and damage to equipment and damage to pine forests that we absolutely burned down. And it was one of those times when I, it was just good leadership.

[00:09:25] The brigade commander used me, even though he probably knew most of the answers himself as a young attorney, but he kept turning to me and saying, what do we do, Judge? What do we do, Judge? What do we do, Judge? And the light went on and it made me say, you know what, I want to stay and do this much more than three years.

[00:09:39] And so, so I stayed in for 28 years over the course of time. I’ve, got to teach. I got to go back to that training center as one of the exercise designers and deployed to Iraq twice and Afghanistan once, and eventually wound up as the General Counsel of Cyber Command.

[00:09:54] Albert Cheng: Wow, great. Yeah, it’s fascinating. Thank you for your service. And so, you, you mentioned U. S. Cyber Command. So, let’s ask the basic question, what is U.S. Cyber Command and what are its overall missions and priorities? I think it fits with the Department of Defense and the U.S. government’s larger cyber security efforts, so tell us more about what U.S. Cyber Command is.

[00:10:17] Pete Hayden: So, U.S. Cyber Command is, there are 11, what we call, unified combatant commands in the military. They’re all made up of service members of all the services, the Marines, the Navy. The Air Force, the Army, the Coast Guard, the Space Force. Think of the military in two main parts. The military comes in what we call the military services, the Army, Navy, Air Force, Marine Corps, Space Force.

[00:10:39] The job of the military services is to train, equip, recruit, retain service members who can do special things. the Navy is to build ships and then man them with sailors. The Army builds ships. Brigades and divisions and bands them with soldiers and then the Combatant Commands, which is what I’m currently a part of, there’s 11 Combatant Commands, they take those forces, and they use them to go conduct assigned missions, so when the President assigns a mission, you may have heard of Central Command.

[00:11:07] That played prominently in the wars in Iraq and Afghanistan. The central command commander took service members from all those services. They would assign them over to him and then he would use those forces to accomplish missions in Iraq and Afghanistan. Well, at Cyber Command, we are the command that’s responsible for conducting military operations in cyberspace, our mission statement.

[00:11:26] And it’s interesting because our mission statement is actually defined by Congress. Most commands are not. Our mission is to plan and execute global cyber operations and missions to defend and advance national interests in collaboration with domestic and international partners. And it’s very interesting that our explicit mission is to partner with domestic and international partners to do things together.

[00:11:48] The way we do that in four subtasks, one of which is to defend D.O.D. information networks to make sure that all the parts of D.O.D. can talk to each other. And that’s everything from the White House Situation Room all the way down to a squad or a missile silo, to the front end of a jet, to a radio-controlled missile.

[00:12:08] The second mission we have is to defend the nation in cyberspace. We can talk about that a little more because that’s a pretty big mission that we have, and one which has gotten some attention in the news lately. The third mission we have is to support other combatant commanders. So, if the commander of Central Command or the commander of Indo Pacific Command requires cyber support, we give that expertise.

[00:12:29] And then we also picked up a new mission with the new cyber strategy, and that is to build the capacity of our allies and partners. And just to contextualize briefly, we’re only one stem of the entire U.S. government cybersecurity effort, right? So, the Department of Homeland Security and the Cybersecurity Infrastructure Security Agency They’re responsible for helping the nation as a whole ensure cyber security through warnings and alerts and information sharing and understanding and patch recommendations.

[00:12:59] And then the FBI and the Justice Department are responsible for law enforcement, which is cyber-crime and cyber operations inside the United States. The Department of Defense is responsible for national security military operations, which is primarily outside the United States. And then, of course, underneath that, the intelligence community.

[00:13:17] Provides insights to all three of those stems. So that’s how we fit within the broader U.S. government.

[00:13:23] Albert Cheng: Well, let’s move on to talk about you and your education. This is an education podcast. And so, you gave us a little bit, but describe a little bit more of your role as chief legal officer at U.S.

[00:13:33] Cyber Command and talk about your law school experience, your legal training within the military. How did this all prepare you to lead a team of lawyers on cyber centered national security issues?

[00:13:45] Pete Hayden: Well, as Chief Legal Officer, so I’m the senior lawyer, the general, my official title is Staff Judge Advocate, that’s the military title, but it basically means general counsel.

[00:13:54] I see an office of 18 attorneys, and so I advise General Timothy Hawk, the four-star commander of Cyber Command, and all of his subordinate commanders and directors. We advise on the law applicable to military operations, international law, interagency and private sector engagements, so that we can account for the equities and legal positions of the people we partner with.

[00:14:14] But we also do a lot of Routine but vital services common to an in-house law firm, such as employment law. We do a lot of contract and acquisition law, government ethics and investigations, lots of investigations. And then, in addition, I offer technical oversight to the more than 45 attorneys who serve our component commands.

[00:14:35] We have an Air Force Cyber, a Marine Corps Cyber, a Cyber National. So, think of them as subordinate business units. They all have their own henhouse offices, and I’m the senior lawyer in the whole enterprise. In order to be a JAG, and I am a JAG, By the way, what that means is, so you do have to go, funny, people ask me like, are you a real lawyer?

[00:14:54] Have you been to law school? Yeah, you have to go to an ABA accredited law school, and you have to be a member in good standing of a bar of a state. Each of these services has an entry point. So, once you graduate from law school, or if you come in laterally from the civilian sector, there’s a basic course at each department’s JAG school.

[00:15:09] Ours is in Charlottesville, Virginia for the Army. The great thing about the JAG Corps is they have a great training and education model. So, there’s two components to building. The General Counsel. There’s a training in education, so at seven years or thereabouts, we all go and get a Master of Law at our JAG school.

[00:15:25] There are other specialized Master of Law opportunities, and then further on, not law school specifically, but officers are sent, at 12 years, I was sent to what we call intermediate level education, which is, in my case, was a one year course at Newport, Rhode Island, to study joint military operations, how we work together to plan and advise operations.

[00:15:46] Senior commanders, if we have to conduct a major campaign. And then at around 20, between 15 and 20 years of service, I went to the war college. There are several war colleges. And that’s where we combine with our interagency and international partners to study grand strategy and learn not just where the military element fits in, but how we can cooperate with the economic instrument of statecraft or the informational instrument of statecraft.

[00:16:12] So there’s a very well-developed training and education model. But then the other thing that we do is we have a career model. So, every two to four years, people with the military will know this; we change jobs. And so, you gain specialty experience. And in my case, its national security law, but then you also get broadening experience, which is.

[00:16:32] So as a national security lawyer, I would love it if they left me in cyber for my entire career. But the fact is they pulled me out because they knew that I needed to learn employment law or contract law and I couldn’t do my job as a senior general counsel. This is my third general counsel gig. I couldn’t do a job as a senior general counsel without knowing or at least being familiar with and being able to advise on employment law or contract law. And then every couple of assignments come back to cyberspace or come back to national security practice. So that’s how they build a general council.

[00:17:03] Albert Cheng: Huh. Huh. It’s almost like the medical school residency program, except it sounds like this is longer than just a one year, gig in med school. Let’s talk a little bit more about Cyber Command. And you mentioned earlier about defending the nation in cyberspace. So, let’s get to all that. But first, let’s talk about a little history, So the U.S. Cyber Command was established in 2009 at the National Security Agency. Folks might know that as NSA.

[00:17:30] Cyber Command cooperates with NSA, but the roles are different. Tell us briefly about the NSA and its role in protecting national security. And then what’s the relationship of the NSA to Cyber Command?

[00:17:43] Pete Hayden: Yeah, that’s a great question. And because we share the same boss, General Timothy Hawke, and before him, General Paul Nakasone, the person that I advise, they wear both hats.

[00:17:52] And so Cyber Command think of it this way, we lease space from NSA, and we share a boss. Okay. But we aren’t the same organization. We’re a combatant, we’re a military warfighting organization with the missions that I talked about earlier, the missions to defend DoD information networks. to defend the nation in cyberspace and to provide support to combat commanders, bill allies, and partners.

[00:18:14] The NSA, on the other hand, it’s actually, it’s a component of the intelligence community. It’s actually the largest component of the intelligence community, and the NSA has two principal missions. The NSA provides signals intelligence support to policy makers and military forces. So, they’re part of the DOD, but they also are part of the intelligence community, and their job is to help provide intelligence.

[00:18:37] And then the other thing that they do is because They have this mission of providing signals intelligence. They also provide cybersecurity for national security systems. So, I talked about defending the DOD information network, national security systems is much broader, right? It involves elements of the state department, the Homeland security department, the intelligence committee, and their job is to make sure that those national security systems, that the information that’s resident on those systems is absolutely secure and assured.

[00:19:03] So individually, both of these organizations play key roles in our national defense, but. What’s interesting is they have a unity of effort by having one boss who can have us all rowing in the same direction to achieve outcomes for our nation nobody else can. So, we can leverage the insights that the intelligence community gets because we work in the same facilities.

[00:19:22] We work next door to them, and we attend the same meetings and then we can use those for our command to propose feasible options. For policy makers and leaders and the nature of our partnership lets us be really candid with one another. It lets us be candid with our boss and it provides a much more agile assessment of the risks and benefits of using a cyber operation or an intelligence operation or something else.

[00:19:48] Albert Cheng: Well, so let’s get into some of the nitty gritty, which I think our listeners might be curious about. Okay, so defending the nation in cyberspace, all right? So, tell us what you mean by that. What are the threats that you guys are most concerned with? What are the challenges that you guys face in the day to day?

[00:20:04] Pete Hayden: Sure. Defending the nation in cyberspace. So, when we say defend the nation in cyberspace, that doesn’t mean, defending every cyber-attack on every bank account or every stolen identity. Yeah. It means it’s in the strategic sense when. Military forces are called on to meet certain threats and challenges when the scale of a threat, usually from a foreign nation state actor, is of such magnitude that, the President and Congress want the military forces involved.

[00:20:30] And so, defending the nation from, we call it foreign malicious cyber actors, who threaten our critical infrastructure and our democratic processes. So that’s really what we’re talking about. We’re talking about defending critical infrastructure. Those systems and processes that are essential to our life as Americans, and also to our democratic processes.

[00:20:48] And we have a strategy called Defend Forward. And what that means is, and we’re the military, so we’re, we don’t operate in domestic space, we operate in foreign space. But we defeat threats before they can reach our networks and our critical infrastructure. That could be everything from, Network hardening on foreign systems, to threat hunting on foreign systems, to sharing information with allies and partners so that they can act against threats in foreign systems, bolstering the resilience of our systems, and it also could mean foiling potential cyber-attacks before they can materialize, disrupting them before they can take action.

[00:21:25] The threat actors that we’re worried about. So, I’ll break this down into threats and challenges. The threat actors we’re worried about, so every January and February, the Director of National Intelligence puts out an annual threat assessment. And our threat actors are exactly what Director Haines identified in her threat assessment.

[00:21:41] There’s the People’s Republic of China. We’re very open about that. They’re our pacing challenge. They’re an enduring generational competitor based on their size and their scale and the growth of their economy, and make no mistake about it, they are engaged in a deliberate campaign to challenge the U.S. and our allies in cyberspace, technologically, and placing our critical infrastructure at risk, and by our standards, they aren’t constrained by law. Or scale, or risk tolerance, and they maintain their own centrally closed system, right, they call it the Great Firewall, whereas we have an open information environment, and they aren’t constrained by the different standard there.

[00:22:18] And so that’s our pacing challenge. We’re particularly focused right now on defending against the People’s Republic of China’s persistent access and pre-positioning for attack on U.S. critical infrastructure systems, and we can talk about that a little bit. The other threat actors are, Russia.

[00:22:32] That’s probably not much of a surprise. Russia engages in intelligence collection through cyberspace. They threaten our critical infrastructure, conduct malign influence operations, intent to interfere with our elections. Much like Iran. Iran is much the same way. Cyber enabled propaganda. And they have been targeting industrial control systems to disrupt critical infrastructure.

[00:22:51] And then Korea, North Korea, the DPRK, they use cyberspace to collect intelligence. And then they also do illicit revenue generation through cryptocurrency theft and things like that. And that’s to support the regime’s nuclear ballistic missile programs in violation of U.S. and international sanctions. So those are the threat actors.

[00:23:10] The challenge that I would point out, and this isn’t a threat, this is just a, it’s a challenge of the emerging environment. Thank you very much. We also have to adapt to the accelerating pace of technological change and global interconnectedness, right? That’s not a threat, it’s just a condition, but it’s one we have to acknowledge and adapt.

[00:23:26] And so, nation state research and development as the principal driver, that’s not the case anymore. Academia, corporations, even individuals play roles with strategic impact. And so, we have to think of this as the advantage doesn’t go to the large, but to the quick. Those actors that can Recognize and adapt rapidly to the pace of this change.

[00:23:49] The Chairman of the Joint Chiefs, General C.Q. Brown, gave a speech and he said, we have to accelerate change or lose. And that’s just lose our ability to build enduring advantage for our nation. And so that’s the challenge that we’re up against that provides a counterpoint or in a context to the threat environment.

[00:24:05] Justice Barry Anderson: Colonel Hayden, I wondered if you could give us an example and explain, we talk about cyberattacks, but what does an international or foreign cyberattack look like and what are the negative impacts that the United States, its government, and its citizens might experience as a consequence of one of those attacks?

[00:24:22] Pete Hayden: Now, that’s a great question. It’s not necessarily as seen on TV, it’s not the movies, but I don’t know how many of your listeners, how many of the podcast listeners are on the East Coast, or at least were on the East Coast on May 7th, 2021. I woke up that Sunday morning and read that four malicious cyber actors, unknown at the time, had disrupted the business systems of Colonial Pipeline Corporation.

[00:24:43] They provide petroleum products all up and down through the East Coast. So, I immediately texted all my kids, go fill up your cars, and they rolled their eyes and said that was a dad moment. But the malicious cyber actor Dark Side, a ransomware group, conducted a ransomware attack on the business systems, the billing system, really, of Colonial Pipeline, until they were paid a 4.4 million ransom. And so, as a result, we went through five days of gas lines on the East Coast and flights being canceled and delayed because Colonial Pipeline wasn’t going to ship fuel unless they could account for it and bill for it. And so that’s an example of a cyber-attack. That was a private criminal enterprise.

[00:25:26] The most recent one that perhaps you’ve seen in the news is my previous boss, General Paul Nakasone, plus Director Christopher Wray of the FBI and Director Jen Easterly of CISA, the Cybersecurity Infrastructure Security Agency. They testified in late January before the Special Committee on China. about the Volt Typhoon effort from the People’s Republic of China, those agencies and a lot of our international partners all put out a cyber security advisory that talked about how this organization attributable to the PRC compromised the information technology environments of lots of critical infrastructure organizations, communications, energy, transportation systems, water and wastewater system sectors.

[00:26:06] And the conclusion is when a cyber actor moves into a system. You try to figure out what they’re doing. Well, they’re not collecting intelligence, because there’s no intelligence value to be collected by going into a wastewater and water treatment system, or an energy system, or a transportation system.

[00:26:24] That’s not where they go in to gain intelligence insights. And so, the only remaining conclusion is, okay, that looks like they’re, preparatory to be able to leverage a threat in the event of a crisis. And so that’s the concern or the kind of thing that national security professionals think about for these kinds of cyber threats.

[00:26:44] Justice Barry Anderson: Now you, as part of the Cyber Command, partner with various branches of the United States Armed Forces, including our most recent branch, the United States Space Force, government agencies, the academic sector, and private sector. Can you talk a little bit about the broad outline of these partnerships, and what’s your role as General Counsel in shaping these partnerships?

[00:27:06] Pete Hayden: Thank you, I appreciate that. When you mention Space Force, so of course you’re talking about cyberspace, which is an emerging area of the world, an emerging area of law. And so, the law is still under development. That’s even more so with the Space Force. And so, when we talk about cyber and space, of course we look to see the existing laws on the books, and if they apply, and if so, how they might apply.

[00:27:29] So the Geneva Conventions for military operation in space or cyberspace. We’ll certainly obey those principles. But of course, there’s a lot of rules that have yet to be written, and so one of the fascinating things about this job is to work with our interagency and international partners.

[00:27:45] To determine, all right, is there a law that applies? Is there a law to be discovered? Or is this something where we want to address the issues to policy makers so that they can undertake efforts to shape the law? And that’s what makes cyber and, frankly, space real exciting. In a more defined role, we also do work a lot with academia in the private sector.

[00:28:07] We do a lot of research projects, a lot of workforce development. And so recently we’ve started to use authorities to That Congress has given to the federal government. So, with schools, we’re conducting educational partnership agreements. We have an academic engagement network of 140 schools, and we conclude educational partnership agreements that allow us to share information, to send officers to these schools, to teach classes, to inform the student body, to have the student body work on research projects with us.

[00:28:36] And when we want to get real detailed or focused on a project, we conduct things called Cooperative Research and Development Agreements. They’re called CRADAs. Think of it as a contract, but it’s not a contract in exchange for cash. It’s really passing information back and forth. It does spell out, the benefit of a crate is it lets you spell out who benefits from what parts of intellectual property that are developed, but it allows the command to achieve its research objectives and it allows the school to achieve research objectives.

[00:29:04] And so a lot of what we do is work on the negotiating these agreements, of course, with full respect for the interests and the equities and the liabilities faced by. The private sector partner or the academic partner. And then we also conduct a lot of information sharing agreements. Congress has recently given the command and the department authorities to explore opportunities to engage in information sharing, to share cyber threat information with tech companies.

[00:29:31] And that’s really critical because, as I said, we operate in foreign space. Our law enforcement and Department of Homeland Security partners operate in domestic space, but they’re all the U. S. government. But most of the space is occupied by the private sector, and so unless we can come up with a way of collaborating and sharing information with the private sector, and doing so in a way that respects their legal responsibilities, we’re never going to be able to see the environment to provide the insights that we need to be able to provide.

[00:30:03] Justice Barry Anderson: So, you’ve been talking about the partnerships and so forth that we work with government agencies, the academic sector, and the private sector, but I suspect that you also cooperate with international actors, foreign governments, some of whom are allies, some of whom are situational allies, and I’m wondering what role those strategic alliances, either more generally or with regard to specific efforts, play in defending our country against foreign cyber-attacks.

[00:30:31] Pete Hayden: Yeah, and the international partners, this is specifically why Congress put that in the statute. They wanted us working with our international partners. And so, we have, we obviously have some very close allies, the Five Eyes and select others. On an operational level, we work with these partners. Very respectfully, cyber capabilities are, cyber capabilities are often highly specialized and tailored.

[00:30:52] They’re very valuable. They’re sovereign capabilities for many countries. And so, we have to be respectful of the premium that another country places on them. And so, as we come up with an arrangement to jointly operate or jointly research or to work in parallel, we have to be respectful of that. One of the things that we’ve done, which is very successful, is something called hunt forward operations.

[00:31:13] And we’ve done this. Several times in 17 countries since 2018. Hunt Forward Operation is where a small team from the Cyber National Mission Force, our Defend the Nation Force, at the invitation of a foreign partner, will go into that country and hunt. on that foreign country’s network for malware or adversary, we call them TTPs, tactics, techniques, and procedures.

[00:31:40] So the idea being the adversary threats that we’re worried about, they’re not just attacking the United States, they’re also doing this elsewhere. And sometimes they do it elsewhere because they’re using it as a sandbox preparatory to taking on a more cyber secure country. But by going onto these other networks at the invitation of the foreign partner and hunting and getting the malware.

[00:32:02] Discovering the technique that they’re using, bringing it back, analyzing it. And then sharing our analysis with the partner that invited us, the rest of the U.S. government, the private sector, we essentially can render that malware invalid, we can inoculate our own networks and so for a very small price of just sending a few people overseas for a couple of weeks and building trust with a partner network, And understanding what the adversary is doing, we can draw all the value out of all the work that the adversary put into that malicious tool. And that creates an incredible amount of goodwill and trust and enhances the partnerships that we have with these countries and with our interagency and private sector partners who get the benefit of the follow on analysis.

[00:32:52] Justice Barry Anderson: Let’s move to not only that kind of trust, but also the public trust. You serve the American public, take an oath of office to protect and serve the Constitution of the United States, and so you’re interacting and educating the general public, but you’ve also got, as we all know from watching the movies, this obligation to maintain strictly classified national security secrets. We’re not going to be able to pry any of those out of you today, and you have that obligation, so how do you balance that? Maintaining the public trust and maintaining that strict classified security.

[00:33:25] Pete Hayden: That’s a great question and it’s something that our intelligence community and our other military commands have dealt with for a while. But we do need to be upfront about it. First, we are transparent where we can be. just even coming on to do something like this, is to tell you, hey, here’s a little bit about what we’re doing for the nation. General Hawk, my new boss who took over on, just in February, spends a fair amount of time on the road speaking.

[00:33:48] So, we produced a legal conference, and on April 10th, General Hawk came and spoke at our legal conference, and that was live broadcast to the world and recorded. The very next day, he testified before Congress in open session at what we call the posture hearing, which is the annual hearing to talk about, Hi, I’m the commander of Cyber Command.

[00:34:05] This is what my forces are doing. And then the following week, he went and spoke at one of our academic engagement partners. Vanderbilt was putting on a symposium. And so, General Hawk and all of the leaders in our command will get out there and talk when we can about what we’re doing. The other things that we do, the very nature of my job Our whole command has a staff.

[00:34:25] Many of the individuals on that staff, the whole point is to provide legal and policy review of anything that we do. So, we have a Civil Liberties and Privacy Officer. We have an Intelligence Oversight and Compliance Program Manager. We have an Inspector General who reports directly to the DOD Inspector General who reports to Congress.

[00:34:45] We have rigorous initial and annual training programs in anything we do. And then the other thing is We’re the military, so we act only when we’re authorized by the President and Congress and the Secretary of Defense, and so we are accountable to public officials, and when it comes to oversight of things that we have to do in the classified space, we report, we have a, there’s actually a statute that Congress enacted that says when you conduct a sensitive cyber operation or a sensitive military operation in cyberspace, you have to report to the relevant committees of Congress, the House Armed Services Committee and the Senate Armed Services Committee, to tell us what it is you did so that we have accountability, at least within the government, even for those things that must remain classified.

[00:35:31] Justice Barry Anderson: Colonel, we really appreciate the time you’ve given us today. And my last question for our podcast today is Let’s point to an increasingly complicated and interconnected world. We’ve got delicate international relations; we don’t need to rehash what’s in the newspaper. We’ve got the internet, we’ve got the realities of cyberattacks, and of course, artificial intelligence. There are young people who are facing questions about what they’re going to do with their lives, like you and I did decades ago. I’m wondering how you would advise those young people to handle those ever-growing technologies, and what advice do you have for those who might be interested in your line of military legal work?

[00:36:13] Pete Hayden: That’s great. You’re basically offering me the opportunity to say what I say to my own kids as a dad, and I do. I say this to them. So, I do have four children. They’re between the ages of 20 and 25 right now, and I recognize the economy is changing. The economy is now cyber, and AI enabled. They’re growing up, kids these days, they’re growing up with a literacy and a dependency on cyberspace that’s just foreign to the three of us. There’s a lot of change and they have to be able to leverage their native expertise as digital natives. But they also have to be cautious. And one of the things that won’t change is there’s always going to be a need for an understanding of technology, math, science, engineering, and not just what the capabilities, but what the possibilities are.

[00:36:54] And so that’s going to require a degree of responsibility for our children. I’m glad that our children are learning that in this environment, what they say and do will not go away, and they won’t necessarily be able to limit its distribution. Children are learning this. Sometimes they’re learning it in hard lessons, but it’s becoming more and more obvious.

[00:37:14] I think they’re also going to have to learn that what and read in the digital domain may or may not be true. That you have to be discerning and questioning, which is a good habit to be in anyway. To be open minded and be curious, as Ted Lasso says, but to be discerning. And discernment comes through experience. But it also, and this is what I’ve told my own kids, it comes through experience, but Your own experience is never going to be broad enough to help you make those decisions, and so Secretary Mattis, former General Mattis, used to say our experiences aren’t broad enough to sustain us with the important judgments we have to make, and so that’s why he urged people to read.

[00:37:52] And so that, you get the benefit of other people’s experience to be able to help navigate these challenges. And when it comes to public service, I think there’s a, Like I said, I was going to do three years and get out, and I’m 28 years in because it’s been an honor. I’ve never had to consider the morality of what I’m doing or the rightness of what I’m doing because my duty as an executive branch lawyer is to the Constitution. General Milley, the former chairman of the Joint Chiefs, said we’re unique amongst armies. We don’t take an oath to a king or a queen, a tyrant or a dictator. We don’t take an oath to an individual; we take an oath to a constitution. And so, because we take an oath to an ideal and to a collective, I think There’s value in not just military service, but in public service generally.

[00:38:35] And I’m not saying it’s for everybody, but I think it’s worth everybody’s consideration on whether to spend some time in public service.

[00:38:44] Albert Cheng: Well, those are a lot of wise words for everyone to continue pondering. Colonel Hayden, it’s been such a pleasure to have you on the show. We really enjoyed that interview. Thanks for being on.

[00:38:54] Pete Hayden: Gentlemen, thank you. The pleasure was all mine.

[00:39:08] Albert Cheng: Yeah, that was fascinating. I felt like I learned a lot from that interview as well. So, pretty cool stuff. Well, that takes us to the end of our show. But before we conclude, we have the Tweet of the Week, which comes this time from Andy Rotherham, who tweets, these new public lab schools are from across Virginia.

[00:39:28] Maritime trades, tech, health professions, exciting! Check out that article, what he’s referring to is a development in Virginia where looks like six new lab schools have been approved. So, these lab schools are partnerships between local schools and universities, and it looks like a lot of them in Virginia have a career focus or a vocational focus and so check out what’s going on there.

[00:39:53] It’s a new initiative that’s going on in the state and it seems exciting to see some of these new opportunities show up. All right and of course I want to close by thanking Justice Barry Anderson for co-hosting with me. Justice Anderson, always a pleasure to have you on with me.

[00:40:09] Justice Barry Anderson: Delighted to be here and I agree with you. Great interview and it looks like next week it will also be another great interview.

[00:40:15] Albert Cheng: That’s right. Join us next week where we’ll have Peter Canellos, who’s the managing editor for Enterprise at Politico and the author of The Great Dissenter, the story of John Marshall Harlan, America’s judicial hero. And just to tease it a little bit more, John Marshall Harlan was the dissenting opinion of the classic and very important Supreme Court case Plessy v. Ferguson. So, join us next week for that interview.