Return to Transcripts main page

CNN Live Event/Special

CNN Presents: We Were Warned, Cyber Shockwave

Aired February 20, 2010 - 20:00   ET


WOLF BLITZER, HOST: This program is a simulated exercise. We want to welcome you to "We Were Warned, Cyber Shockwave." I'm Wolf Blitzer.

What you are about to see is not real but the threat is very real indeed. You're about to get an unprecedented look how the U.S. government would deal with a massive cyber shockwave. The bipartisan policy center has developed a cyber war game scenario.

The center has brought together a bipartisan group of former administration and national security officials to play the role of cabinet members. Simulate the White House situation room reacting to a cyber attack in the real time. As the war room exercise begins, news of a crisis is starting to unfold.

SIMON MARKS, GNN CORRESPONDENT: Welcome back to GNN's coverage of a developing story that is affecting millions of Americans. Two and a half months ago a gaping security vulnerability in the operating systems of this nation's smartphones was exploited by the now infamous March madness application, an application that was purchased and downloaded by over five million smartphone users. As viewers of this program certainly know, this resulted in the largest case of identity theft in history and the theft of tens of millions of dollars from the American public. Now Federal government and industry officials believe this same application is shutting down the nation's cellular phone network.

Up to 20 million and counting of the nation's cell phones have stopped working so far today in what officials claim is the largest communications crisis in the cell phone era. So what is going on here? Are we under some kind of attack? What is being done to stop it and how many more people are going to lose their service? To help us sort through these questions and more, we have with us Joe Franklin. Mr. Franklin is an expert on Internet security who acts as a security consultant to many of the nation's telecommunications providers as well a GNN special contributor on technology and cyber crime.

Joe what is the latest?

JOE FRANKLIN: Thank you for having me today Simon. This is in the industry what we call a baud (ph) attack. Simply put, what is happening is buried in the March madness application which many downloaded thinking it was a legitimate application is malicious software. Once loaded on a smartphone, this software will rip through the entire directory, that's the phone list in someone's phone, smart phone and it will then start to send that virus, that malware, that malicious software to every person that's in that directory. And of course, that then multiplies itself again because once having received it, as soon as it's opened, that malicious software takes over the next phone and it sends it to that entire directory. So I would not be surprised if this number jumps well beyond the 20 million already affected because this is sort of like too many people trying to get on to or off of a highway at exactly the same time. The arteries simply clog up.

MARKS: Was this a deliberate effort to derail a critical component of the U.S. economy Joe? I understand that the video component of the messages may have some significance.

FRANKLIN: To the extent that the video clips contained the shots of the red army, there is suspicion that it could well have originated in some part of Russia. We have seen attacks from Russia as well as China before so that would not be uncommon. I think it's premature to make that claim now. It will take some time before they can trace this back to its origin. One other concern I might add before we finish and that is that the nature of this traffic being a video clip which is digital data, makes several of us very concerned that this attack could very well spread to the Internet and further could clog up the basic telephone system in the United States, that is the land line phones.

MARKS: So to summarize, a growing number of the nation's cell phones are being disabled as a significant cyber attack takes its toll on U.S. communications infrastructure. No one seems to know at the moment how many phones will be affected, how to stop the attack or what is going to happen next. The president has called a meeting of the National Security Council as the nation's telecom providers search for an answer to what appears to be a snowballing problem.

Stay tuned to GNN for continuing coverage throughout the day.

MICHAEL CHERTOFF, FORMER U.S. SECRETARY OF HOMELAND SECURITY: Well, I want to thank each of you for attending this National Security Council meeting on short notice. As I know you are all well aware, this smartphone baud net attack that we are currently experiencing represents a serious problem that has the potential to become even more serious as time goes on. We need to know how to deal with this, but we also need to think about what this means in terms of our implementation of a strategy that would prevent this from happening in the future. The president is scheduled to give a press conference in a little over an hour. He expects to be asked about this attack and I think that is a reasonable expectation. He's provided me with a set of three specific questions he would like the NSA to consider so that I can get back to him before the press conference in about an hour.

First, the president wants to know how bad the situation is likely to get and what we are doing to get our telecommunications system back to normal as quickly as possible. Second, the president wants to know who did this and why they did it and what his options are for a response both in the short term and in the long term and how we can prevent this from happening again. Finally, the president needs to know what he can say in the press conference to calm the public and reassure them that we are taking vigorous action to deal with this problem as it unfolds. I am going to go around quickly and just ask for your reactions in terms of how bad you think this is going to get. Please bear in mind I've got to get back to the president in about an hour so let's be brief and to the point. Let me start with the secretary of homeland security since your department has the lead for the critical infrastructure in the U.S..

FRANCES TOWNSEND, WHITE HOUSE HOMELAND SECURITY ADVISER, 2004- 2008: Secretary Chertoff, I will tell you that given the nascent capability inside the Department of Homeland Security, I have real confidence in cert (ph). But even at this point, I think we're going to be quickly overwhelmed and may need the assistance of NSA and ask the secretary of Defense for help.

CHERTOFF: Well Mr. Secretary from the Department of Defense standpoint, I know NSA has terrific capability as a national security agency to bring its tools to the fight. What can you do and what do you see coming up?

GENERAL CHARLES F. WALD, USAF (RET): We are in contact with homeland security Mr. Secretary and we really have the National Security Agency working this. They've had some indications earlier on so they have been working already, but as of now, we have no indication where it is from. We are working it hard and will get back to you soon to find out.

CHERTOFF: I would like to ask the secretary of State, Secretary of State Negroponte, are we the only ones experiencing this or are we getting any kind of reaction or information from other countries around the world?

JOHN D. NEGROPONTE, DEPUTY SECRETARY OF STATE 2007-2009: We are already checking our worldwide telegraph system with 300 diplomatic establishments, embassies and consulates around the world. Everything is in good order as of just before I came to this meeting. I think it is terribly important that we not engage in speculation about a possible foreign source for this attack until -- unless and until we receive some solid information in that regard. I certainly don't think the fact that we have a video of the red army marching up and down Red Square can be taken one way or another in that regard. I just got a note saying that reports are coming in from all over the world indicating that the effects of this attack are not limited to users in the United States and that there have been occurrences in Japan, some of the Scandinavian countries where the use of smartphones for financial transactions is more widespread than here in the U.S. So the current information does, indeed, suggest that telecom outages are spreading rapidly in many countries.

BLITZER: Coming up -- computers across the country threatened.

(BEGIN VIDEO CLIP) UNIDENTIFIED MALE: We have a serious problem but it is one that could get a lot worse if we can't cut this off from spreading into the Internet.



BLITZER: This program is a simulated exercise.

CHERTOFF: This smartphone baud net attack that we are experiencing represents a serious problem that has the potential to become even more serious.

STEPHEN FRIEDMAN: I have just been handed a note which I should read to you. I have not read this yet myself. Incidents of identify theft and online financial fraud have increased dramatically. That you know. Talking about significant losses in the financial sector, marked increase in customer service problems, credit scores affected, users have plummeted. Right there you can see how that would have a dramatic negative effect and telecommunications carriers and mobile device manufacturers each noted significant financial losses due to consumer anger and distrust. This will exacerbate. So we have a serious problem, but it is one that could get a lot worse if we can't cut this off from spreading into the Internet.

WALD: From a DOD perspective, are policies that we have had in place and defensive mechanisms that we have had in place before have been fairly effective so far. We haven't seen any indication our classified systems have been tampered with. The nuclear command and control system is still up and running. We got cyber command working on, again through DHS coordination looking for the source. Thus far, militarily, we are not affected. Our national security in that respect is in good shape.

CHERTOFF: My takeaway from this, by the way, is that a lot of the vulnerability arises from the fact that you've got a lot of people out there, millions with smart phones, their decisions about what to do are going to have a huge impact on how quickly this spreads. The question is do we have the capability to communicate or even order people to do or not do certain things in order to tamp this down. Attorney General, do you have any legal perspective on this?

JAMIE GORELICK, DEPUTY ATTORNEY GENERAL 1994-1999: Well the secretary of the Treasury mentioned the word quarantine. We don't have the ability in this nation to as a government to quarantine peoples' cell phones. So we are in uncharted territory right now.

STEWART BAKER, ASST SEC. FOR POLICY DEPT OF HOMELAND SECURITY, 2005-2009: Well I'm actually shocked to hear that we don't have this authority. If this was someone with smallpox wandering through the Super Bowl, we would have the authority to quarantine them. If we don't have the authority, the attorney general ought to find it. The ISPs, the telecos can tell people your phone is not going to work until it has been patched. We just need to find the authority to order them to take that action. If they won't take it from us, then we have to go to the FCC and tell them they are not longer an independent agency. They need to take national security advice from this body.

GORELICK: Let me just make it clear, I'm not saying that there isn't an authority you could come up with, particularly if we make this determination here that this is an act of war. I'm just saying there is no off-the-shelf authority that lays out what you can and can't do in these circumstances which I'm sure you'll understand.

TOWNSEND: For one thing, the president should be clear when he speaks to the American people publicly that the best thing they can do is to not use their cell phones, to stop.

CHERTOFF: On the military side, we have obviously cyber command has been up for about a year now. What do you think that cyber command can do first and foremost in terms of the military area, but also more generally? Can cyber command help us defend here?

WALD: From a cyber command standpoint we can protect the government communications systems and the net and we are doing that as we speak. As was alluded to earlier, we are not necessarily into the domestic side, although I think there's going to have to be a determination made at some point whether or not this is really an attack on our national security. In that case, it is a policy decision.

CHERTOFF: Madam attorney general, could the president, is it an option for the president to say this is an act of war. It's an attack maybe from a state, maybe from a non-state actor and I'm going to license cyber command at least temporarily to use all of its capabilities to defend the country or is that going to get us in trouble?

GORELICK: Well, if the predicate is there for a finding that this is an act of war, yes, the president can act as commander in chief and he can task the Department of Defense to use the tools at its disposal. I have to tell you that, as I said earlier, we are operating in a bit of uncharted territory, as you know.

CHERTOFF: I want to just ask Counselor Lockhart as we turn to this issue of how do we restore and respond and mitigate, you are the president's counselor. We are talking about some pretty strong medicine here involving the military, involving telling people to turn their phones off. How is this going to play out from the standpoint of public reaction? What are you concern about?

JOEL LOCKHART, WHITE HOUSE PRESS SECRETARY 1998-2001: I'm concerned about what he does in the first instance here because that will set the tone for moving forward. I think the president has to, despite all of his instincts to reassure people, not undersell this.

The worst thing he can do in any of these instances is take a step and have it be ineffective early because he will be impotent as far as the public going forward. So he's got to define this as a major crisis. He's got to define this and take whatever power he is legally able to do. That is what the public expects and politically that is what we have to do. I think he's got to answer a couple of very important questions which is, you know, are we safe?

Are we subject to a military attack that is different than a cyber attack and I think those are areas where he can really be strong. I think he can overwhelm people with information about what is being done, just detailing a laundry list. I don't think we should be telling people to turn their phone off. Because guess what? People won't. And then the story will be the president of the United States can't even get his constituents to turn their phones off.

You got to go it from the other end which is, if phones have to go off, you've got to turn them off for them and then you've got to give them a justification and a reason. This is an attack on the United States. It may not be a bomb, but it is much more significant than a bomb going off as far as the quality of life in this country and the broadest and starkest terms.

BLITZER: When we come back -- who is behind the attack.


JOHN MCLAUGHLIN, ACTING DIRECTOR OF CIA, 2004: The terrorists, could be a hacker, could be a private citizen or a group of private citizens who are just out for mischief.


BLITZER: This program is a simulated exercise.


GORELICK: We don't have the authority in this nation to, as a government, to quarantine people's cell phones.

LOCKHART: You've got to go it from the other end, which is if phones have to go off, you've got to turn them off for them.


CHERTOFF: The initial reaction I heard around the table was we ought to ask people to cooperate, we ought to ask for information, we ought to ask people to turn their phones off, but as the discussion has developed what I'm starting to hear and I think Joe, you summed it up is, we can't ask. We're going to have to tell because the bigger danger is not that we're going to offend people, but that we're going to seem ineffective. And that ineffectiveness will cause a crisis of confidence. So are there different views about that, because I'll tell you, I'm inclined with Joe on the more kind of tough end of the spectrum. Mr. Secretary?

NEGROPONTE: I have no quarrel with acting decisively and doing things for people, making their decisions for them in this regard. But I do think that we need to be careful about talking about acts of war and attributing this situation to foreign powers before we really have definitive information that that's the case. Not only just because we need to have the necessary information, but we also don't want to make adversaries or enemies out of countries that might, in fact, be able to help us.

CHERTOFF: On the one hand what I'm hearing from the attorney general is, if we can characterize this as an act of war, we can be effective and energetic doing the limited capability to take care of the situation and that is what Counselor Lockhart said. On the other hand if we say it is an act of war, we're going to have to tell people who the actor is. That is going to get, you know, the State Department obviously concerned about making unfounded accusations and having people accuse us of wrongly fingering the person who is carrying this out. But if we don't declare an act of war, then as the secretary of Homeland Security says we are stuck. We are in a request don't tell mode. So first I'm going to ask the DNI, do we have any hope of getting the kind of proof that we need to satisfy everybody in the hours that we have to make this decision?

JOHN McLAUGHLIN, ACTING DIRECTOR OF CIA, 2004: This could be a state actor and we have three or four candidates just based on past practice and what we know. It could be a non-state actor, could be a terrorist, could be a hacker, could be a private citizen or a group of private citizens who are just out for mischief. We are pretty good at locating the origin of such attacks but that doesn't give you attribution because unlike a conventional arena where you can locate an army and you can attribute it to a state, we may locate this attack in some country, but citizens of another country could be using that location, that building and that city to carry out this attack. But at this point I cannot tell you that what we know about attribution allows us unambiguously to say this is an act of war. Let me also add to the point that someone made about the video. We may learn that that video is significant but typically in these attacks, people try to disguise their hand. So the video of Russian troops and so forth strikes me at this point as more of a diversion.

CHERTOFF: It could be a double diversion, right?

McLAUGHLIN: It could be a double diversion. It could be playing on the knowledge that we look at these things as a diversion.

CHERTOFF: That is true. Secretary Treasurer.

WALD: If we think about this conventionally we are going to tie our hands behind our back and only the president has the ability to bring the perspective of how we are looking at this. So whether it is a foreign state, a known terrorist organization or someone sitting in their mother's basement, let's focus on the effect, not the cause. The effect is an act of war. You turn off everybody's cell phone. You don't allow them to bank, work, communicate, the effect is an act of war. And I think if we focus on that and not think about it the way we normally think about these things, we give ourselves some room to move which is all we really need now. We will make the substantive decisions, we will follow the law but right now the biggest issue we have is defining the problem and just letting people know that we're on the top of it.

CHERTOFF: I've just been told there is an important new development. We will put the news on the monitor so we can get up to date.

MARKS: Welcome back to GNN and our continuing coverage of what officials have now deemed an aggressive cyber attack on U.S. communication infrastructure. As the nation's telecommunications network continues to suffer from widespread outages, the country's Internet system is now slowing down to a virtual crawl. Communications with financial trading houses are almost at a stand still. Reservations systems for the airlines and other transportation systems have slowed or are not working at all. News outlets and bloggers are reporting that their systems are ceasing to function and e-mails are taking hours to reach their destination. Officials in Washington are trying to assess the effects on major trading platforms such as stock exchanges and commodity markets.

Meanwhile, GNN has confirmed that U.S. authorities have traced the origins of this attack to a series of computer servers in the Russian city of Irkutsk. That information has fueled outrage on Capitol Hill where lawmakers are calling on the president to press Moscow for information on the level of state involvement in the attack. For the latest on today's events, we turn to GNN contributor Joe Franklin, Joe, what can you tell us?

JOE FRANKLIN: It is clear now that our worst fear that this baud attack has spread from the wireless network to the Internet. You remember I said that the nature of this attack being a video clip that's in a digital data format could easily spread. In fact, common practice is to sync your hand held smartphone up with your desktop computer to make sure that e-mails and updated, to make sure your directory is updated, etcetera. That simple act then passes on the infection to the local computer which is then networked into the Internet and so on and so on.

MARKS: All right, Joe Franklin, thank you very much, indeed. This is Simon Marks for GNN.

CHERTOFF: We've now seen a report identifying the source of this attack as coming from servers in Russia. The significance of that is not necessarily I think only that it is a data point in terms of who the attacker might be, but it means now we are going to face public demand or the president is going to face public demand for action.

BLITZER: Just ahead -- as the clock ticks, the situation only gets worse.


UNIDENTIFIED FEMALE: You are going to see planes being grounded now. You are going to see trains not taking to the tracks.




CHERTOFF: We've now seen a report identifying the source of this attack as coming from servers in Russia. Does this help us with respect to the question we asked earlier, about we have the authority, act of war; we can now take the kinds of steps that Joe Lockhart has talked about to enforce the rules on slowing this up?

GORELICK: Look, I am in the same point of hesitation in concluding that this is an act of the Russians, as John was earlier. And my guess is that we are not going to get to a point of sufficient certainty in the time frame we need to have that be a critical element of our decision. I think we need to look at the effect on the United States and put ourselves on a war footing.

CHERTOFF: Secretary Friedman?

FRIEDMAN: The potential is becoming an actuality. The grid is seriously threatened and power. You are likely to have lights going off in hospitals before long. Air traffic controllers depends on the Internet. Our economy does in financial transfers. So I think even if we still don't know precisely the motives of the people doing this, we know this has a major impact on national security. And I think we have to turn to exactly, OK, this has moved one step deeper into the entrails of the country.

What do we have to do now to contain this and stop this at this point? It is not longer just in smartphones. And then we have to get on it and say, Madam General, find us the authorization.


LOCKHART: I don't want to put too much pressure on this group, but based on that report, we are likely about to lose many of our channels to communicate with the public. So the parameters that get set out within the next half hour, 45 minutes are going to have to hold. So that does argue for taking the most aggressive, expansive step you can take, because we are going to have problems communicating and keeping people up to date and reassuring, based on the nature of the crisis.


MCLAUGHLIN: I have asked NSA and CIA if they can confirm the origination in Irkutsk and they cannot at this point. In fact, the prevailing theory is that these servers in Irkutsk may be a hopping point from an attack that could be coming from somewhere else. We just don't know at this point.

Nothing I said earlier is intended to in any way dampen an aggressive response to this. It is just without attribution, we can't go to the issue of retaliation, at least not based on intelligence.

WALD: The concern will be, as you start losing communication in the states and in other places, that our guard -- our National Guard may have to be called up to maybe help with some of the activity.

GORELICK: I think we need to be approaching this with open eyes, though. If the director is right, we don't know where this is emanating from. And we put ourselves in a war footing, we can find out later the attack emanates domestically. We are taking -- we have to go into this with our eyes open. I'm not arguing that we do something differently, but I think we need to admit of that possibility.

NEGROPONTE: Do we have to use the law of war to be able to act in the interest of public safety? This is a question that has been troubling me throughout this entire discussion. Is there no way on Earth you can't invoke the public safety of the United States as a legal basis for taking rigorous action?

GORELICK: Look, I'll make this really simple. Our laws are not set up for that. However, in times of extreme stress, presidents have acted without regard to the law, and gone to Congress immediately, and said, this is what I've done. This is what President Lincoln did in suspending the writ of habeas corpus. So presidents do what they have to do, and then the question is how do you make it straight with the American people.

I got to tell you, if you're asking me, do we have a rubric for doing this without summoning up all of the authorities of a wartime president? No.

BAKER: This is a regulated industry. Everybody who provides telecommunications services is subject to regulation in the public interest. We can take those authorities and tell them what they need to do to get this worm out of our system. We've got -- we can find authority. It is not well designed for this, but in a crisis, we've got enough leeway to do it.

CHERTOFF: Secretary Townsend.

TOWNSEND: DHS has gone out to all sectors, including health care, financial, transportation, in particular, who rely on the Internet backbone to tell them that their communications are vulnerable. You are going to see planes being grounded now. You are going to see trains not taking to the track. People are going to stop moving. As you look at the map behind you and see more and more red dots -- I support what Joe Lockhart and others have said, and that is we need to act.

CHERTOFF: Do we suggest to the president that he preemptively shut down aviation because of the air traffic control issue? Or call all the public health people in, because they may not be able to be reached by phone later? In other words, do we have to mobilize the country on the assumption that parts of the country will not be accessible to communications over a period of 48 to 72 hours. Let me ask you, Steve. What do you think?

UNIDENTIFIED MALE: I clearly think you need to notify people and ask them to be doing those things preemptively that they should be doing if their communications are shut down. It may be premature to shut them down. But there ought to be things that people should be doing, finding power sources in case the grid gets shut down.

WALD: I think we need to get more information from some of our friends around the world too, to see how they are being affected. If it is just isolated on America, it is a little simpler for us to make decisions. I think if it is more pervasive, it makes it more complicated.

NEGROPONTE: That is one thing I have asked our people to do, is go around to our key partners, friends, and others around the world to get as much -- it is a circular instruction, in fact. Get as much information from other countries as to what they are experiencing, what they know, what they understand about the situation.

We have also sent out some messages tailored to countries like Russia to say that we are experiencing this situation. We would appreciate whatever information you might have to shed light on this situation. And by the way, don't you even think about trying to take advantage of this situation in any way, shape or form.

CHERTOFF: Let me ask a question. We've talked about what we have to do here. We do have this report about Russian servers. If it should turn out to be the case that we can identify the attacker, and if the attacker is either a state actor or a terrorist group, what are our options for responding and, if necessary, retaliating, if we identify the actor?


BLITZER: Up next, the pressure to retaliate.


UNIDENTIFIED MALE: We have -- working with foreign intelligence services, CIA has identified the perpetrator of March Madness.



BLITZER: This program is a simulated exercise.


CHERTOFF: We do have this report about Russian servers. If it should turn out to be the case that we can identify the attacker, what are our options for responding and, if necessary, retaliating?

WALD: We need to have the options lined up for the president. I think the president has to be very clear that, number one, our national security is still intact, generally, that the -- if we find out it is a nation state, we will take action against that nation state. Specifically, what that is, I don't think you should say publicly. We have ways to do that.

I think through our offensive cyber capability, we can probably have some fairly significant retaliatory actions. CHERTOFF: How would the world react to this? Suppose we satisfy ourselves using our intelligence, courtesy of DNI and CIA and NSA, that we know who is responsible for this, whether it be a nation state or a terrorist group. We are not obviously going to talk about how we got that. Are we going to have a problem if we retaliate? And does our retaliation have to be limited in some way?

NEGROPONTE: Well, you know, this is an unprecedented circumstance. In the past, if the information has been clear, and the evidence has been good, and a nation has retaliated in self-defense, take the 9/11 attacks, for example -- we retaliated against the Taliban in Afghanistan, I think there was general acceptance of that action on our part.

Is this an analogous situation? Would you retaliate like for like, kind for kind? Would you retaliate with cyber or would you do some -- take some other step to penalize the offending nation? I don't know. I think we would have to see all these circumstances and all the background before we actually reached a recommendation for the president.


LOCKHART: With all due respect, I think we are in the wrong place. I look at this map and it reminds me of five category five hurricanes coming at the United States. We are looking at how we are going to retaliate against the Gulf of Mexico. That is down the road.

What it seems to me what we should be focused on, and what serves the president here, is what can we say, what can we -- how can we manage and not add to wide scale public panic?

CHERTOFF: Let me just take a little bit of issue with that. Here's the problem that I'm concerned about: this is one attack. If it, in fact, comes from a nation state or a sophisticated set of actors, what is going to happen if the attack tomorrow is different or the one after that? To the extent we can figure out who is responsible, the ability to incapacitate them, either by removing them from the scene or by deterrence, has got to be something we consider.

LOCKHART: I'm not arguing that we don't use every resource available to the US government to find out who did this and stop them. In this instance, we are talking about what we want to focus the public on. What are we going to tell -- the last thing on our charge is what is the president going say? I think going down the road of, you know, when and how we are going to retaliate doesn't seem central to what we have to get done.


FRIEDMAN: I agree with counselor Lockhart. I think retaliation is down the road. But what I would be very interested in is whether we can go to the Russians and tell them they have the option of being part of the problem or part of the solution. If we think we have localized this to Irkutsk, which may turn out to be wrong -- but that is the best intelligence -- it would be extremely helpful if they could pick up these people, one, so they aren't doing more of it. And, two, if they are the guys who started this thing, they may be the people under questioning who are best able to figure out how to contain this thing. Before retaliation, I would like to start worrying a lot about getting Russian help.

MCLAUGHLIN: To the secretary's point, I think we, through diplomatic channels and political channels, need to go to the Russians now and say, you need to find out what is going on in Irkutsk; you need to have possession of those servers. We need to find out what is going on inside of them. Help us sort through our options here.

There may be an opportunity here to start some cooperation on these things internationally, which, by the way, we don't have much of at this point.

LOCKHART: Do we have the ability -- does our military have the ability, if we know where the server is, to shut it? And if we have that ability, why aren't we using it?

WARD: We do have the ability to do that.

LOCKHART: That ought to be, it seems to me, central to -- if we have intelligence that says --

WARD: Again, that server --

CHERTOFF: If we were to enter into -- if we were to shut a server in Russia down, are the Russians going to view that as an attack. That raises the question for the group, sort of legal question as well, do we have a declared policy in the cyber realm, the same way we had for decades in the realm of nuclear weapons. An attack issuing from a particular geographical area will be met by either a defensive measure, including shutting down the server, or if it's a deliberate attack, by retaliation.

Do we have a policy like that? Mr. Secretary?

WARD: We do not have that policy.

CHERTOFF: Attorney general.

GORELICK: Let me give you the two analogs here. Obviously, if you harbor an attacker, and we say you harbor an attacker, we are going to take you out. That is what we did in Afghanistan, when Afghanistan was harboring the Taliban. We said -- we launched missile attacks. We invaded, for goodness sake.

On the other hand, we say to the owners of communications infrastructure, let traffic pass. We're not going to hold you responsible for traffic that is passing through your country.

Those are two very different choices. And if we choose to say we are going to take out your server, if we think what is coming across it is hurting us, imagine when the tables are turned, when somebody here in the United States, some activist uses servers here in the United States to do something that the Chinese don't like, or the Russians don't like. Will they be able to say, you said that is an act of war. We are going to reverse engineer this, and shut down servers in the United States.

This has profound policy implications for us, and for our affirmative capabilities at DOD and elsewhere.

MCLAUGHLIN: As you know, all of these rules about how we responded to nuclear attack were worked out elaborately during the Cold War in negotiations, treaty, declaratory policy. I try and stay out of the policy debates. But as best I can determine, we don't have a declaratory policy that the international community understands. Am I correct on that?

NEGROPONTE: I think that's right. We don't even have a policy yet. Maybe this will be the opportunity --

GORELICK: If we survive.

NEGROPONTE: -- that will create it, which is to start talking with some of the other great powers on these issues.

WARD: If we can get a phone line.

NEGROPONTE: With Russian, with China, with Israel. We have to sit down with these people early and often to talk these issues through.

MCLAUGHLIN: I have to add a piece of data, which unfortunately will not make this any easier. We have, working with foreign intelligence services, the CIA has identified the perpetrator of March Madness. This person is in Sudan. As you know, Sudan is not a country with which we have an extradition treaty. So we start off with some limitations there.

We cannot determine whether this individual is the originator of the attack. This is the person who is implementing the attack, but we can't, with confidence, say the inventor. But the perpetrator is in Sudan.

GORELICK: One other piece of -- our legal attache in Moscow says that the Russian authorities are denying any involvement of their servers, even as a hot point. So more ambiguity.

CHERTOFF: That raises two questions I guess I have to present to the president. One is what can we do with this person in the Sudan? Is there some way we can question them? Is there some way we can find out if they are, in fact, the originator of this, and what steps can we take practically? And then there is a legal question about what we can legally do.

The second question, which I'm going to raise to the secretary of state, is if the Russians are denying the fact their servers are involved and we know, in fact, they are involved, what does that tell us about what the Russians are thinking.

Let me begin with the question of Sudan. John, what is our set of capabilities?

MCLAUGHLIN: Well, you know, we have relationships with a number of foreign services in that area. And the first thing we've got to do -- what I have people working on now is determining the physical location of this individual. We don't yet have precision on that.

Once we get that, we can pressure the Sudanese through diplomatic and intelligence channels. Again, though, we are pushing on Jello, to some extent. We can pressure them to go find this person once we have the location. And to confiscate in particular any electronic gear in that person's possession, which is important then that we keep this very close as an operational matter. Once we have that electronic gear, we will probably learn a lot from the forensics about where it is coming from, the nature of the beast, and who is the originator.

UNIDENTIFIED MALE: John, can't you just mug him and take his stuff?

NEGROPONTE: That is an option.

CHERTOFF: Well, is it, Madam Attorney General? Can we do this?

GORELICK: We have authorities in place to do what's called renditions. We have done them in the past. There would be some constraints, with regard to where you could take him and what you could do with him when you've got him. But we do have authorities to do renditions. And I'm sure that John's people are up to it.

NEGROPONTE: And I'd add, also, although they aren't particularly good, we have diplomatic relations with Sudan. We have a charge d'affairs and an embassy there. Sudan, for a number of years, has been trying to find ways to improve relations with us, and it might be an opportunity for them to cooperate with us.

CHERTOFF: We have to stop. We have a bigger problem right now. Or a new problem. I have been informed about a major new development. We are getting preliminary reports that large portions of the power grid in the eastern portion of the United States are beginning to shutdown.


BLITZER: Coming up, dealing with another attack.


GORELICK: At 4:00 am, there was an improvised explosive device that was detonated at a key electric transmission substation.



BLITZER: Welcome back to "WE WERE WARNED, CYBER SHOCKWAVE." You have been watching a cyber war game simulation. The scenario is fictional, but the facts behind the war room exercise are very real. A panel of former administration and national security officials are assembled here in a White House situation room to simulate a real-time response to a crippling cyber-attack.

In this scenario, most of the nation's smartphones have now stopped working. The nations Internet system has slowed to a crawl, virtually shutting down the nation's financial and transportation systems. A power outage is now spreading across the Eastern United States. The news is bad, and it's getting worse.


MARKS: Welcome back to breaking news coverage on GNN, where in addition to the attacks on the nation's telecommunications infrastructure that we have been covering all day, we are also now receiving alarming reports of significant and growing power outages in major metropolitan areas in the eastern half of the United States. Affected areas apparently include cities on the East Coast such as Miami, Jacksonville, Atlanta, Washington, D.C., Philadelphia, New York City, Buffalo and Boston.

To get the latest information, we want to return now to our White House correspondent Angela Michaels.

Angela, what can you tell us about what seems to be another major crisis that's developing at this very moment?

ANGELA MICHAELS (ph), GNN WHITE HOUSE CORRESPONDENT: I can tell you this, Simon. The mood here has dramatically shifted in the last 20 minutes or so as reports of what appears to be a massive power failure have reached the White House. Utility officials are apparently reporting to the White House that the current issue does have a cyber component.

In addition, earlier today, we received reports of explosions at electric power facilities in both Tennessee and Mississippi, which may or may not be related to the power outages.

MARX: Do we know how many people are affected by the power outage so far?

MICHAELS: Well, information here is very fluid. But we are hearing numbers of at least 10 million users, households and businesses that are without power. To put those figures in perspective, there are about 110 million households in the United States, so we are already up to a substantial number and the figure is just continuing to climb.

MARX: Angela Michaels at the White House. Thank you.

We are being told that emergency plans are being implemented in all of the affected cities. This is Simon Marx, GNN.

MICHAEL CHERTOFF, NATIONAL SECURITY ADVISER: As you know, we've been talking about the telecommunications problem that we've been experiencing all morning. But now we've got this additional problem having to do with the power grid. This disruption of the flow of electricity comes on top of the fact that we now have a large number of people in this country who are out of communication. We've got to discuss our options and recommendations now in light of this latest development in the power grid. And there are, again, three questions the president asked me to raise to you when I spoke to him during this break that we had.

First, again, how bad is this going to get? How much worse is the power grid condition going to be and what are the consequences going be? What do we do to restore the electricity to people who have been affected as quickly as possible?

Second, again, who did it? Is this connected to the prior attack? Is it a separate attack? What do we do to respond? And what do we do to make sure it doesn't get any worse.

And, finally, what do we say to the American public? And how does he reassure the public that we are in control of the situation, that we are going to be able to restore their communications and their power and that we're not going to face this kind of situation again in the future.

J. BENNETT JOHNSTON, SECRETARY OF ENERGY: Well, the nature of this attack indicates that it cannot be an attack on individual utilities. It's got to be, we think, an attack on a particular focal point in the system. It seems to me the president needs to first of all counsel calmness, and secondly, let people be aware that they need to cut down on their individual electricity consumption. Because what causes a blackout or a brownout is that the demand is greater than the generation. And when you have an attack on a particular focal point as we think we have now, we can't be sure, then what we need to do is reduce that demand. All the nonessential demand that we have in the country we need to reduce in order to bring the generators back online.

CHERTOFF: And the attorney general now, I understand there are some law enforcement elements as well here.

JAMIE GORELICK, ATTORNEY GENERAL: Yes. I just got this message from the FBI director whose back in the command center. He said that at 4:00 a.m., there was an improvised explosive device that was detonated at a key electric transmission substation for the pipeline corridor which has hindered restoration efforts as I understand it, and simultaneously an explosion near Clarksville, Tennessee, which disrupted all electrical service to both the city and to the adjacent Fort Campbell. It's not clear if these events are related to the ongoing power outages, but I have to say I would assume. So for the moment --

CHERTOFF: Let me ask you Mr. Secretary, what are the impact of these two physical explosions on the ability to restore our power? Is that going to be a big problem for us?

JOHNSTON: It will accentuate the problem clearly, but understand that these systems are interconnected in broad areas, the whole eastern interconnection. So an individual substation being taken out will not bring down the whole system. It will stress the system, which is an additional reason that we must reduce the demand for power as quickly as we can.

CHERTOFF: Now, are you -- do you have either the Department of Energy people or the utilities have people who can get in here and fix the results of this explosion quickly?

JOHNSTON: Well, they do. Understand there are 3,000 utilities in this country, each somewhat independent. They've been aware of this problem for two or three years and have been working at flank speed to put in systems that will insulate the system for this kind of attack. But the sophistication of the requirements, the costs of the requirements are such that it will still be perhaps 2015 until we are fully insulated.

We think in a matter of days that power can be restored. Now, a huge amount of damage can be done in a matter of days. As we've heard, hospitals and elderly people, people stuck in elevators, not to mention the freezers where all the food is spoiled are real problems for people.

CHERTOFF: All right. Again from Treasury standpoint. I know the financial markets and the business community has been badly hit by the communications piece. What is this going to do?

STEPHEN FRIEDMAN, SECRETARY OF TREASURY: Well, there's no question that this is -- has a disastrous impact on the economy. You have the financial markets shut down at this point. Ordinary transactions dramatically impeded. So this is a massive blow to the solar plexus of the economy.

BLITZER: When we come back -- calling in the National Guard.


UNIDENTIFIED MALE: I'm getting messages from governors. They don't want the National Guard federalized. Too bad.



FRIEDMAN: This is -- has a disastrous impact on the economy. This is a massive blow to the solar plexus of the economy.

JOE LOCKHART, COUNSELOR TO THE PRESIDENT: We've been at this for hours. The public has lost their Internet, their phone, cascaded to their power. 10 million to 11 million people, and they haven't heard from the president. So I would suggest two things. One is that we make a hard and fast decision, and no matter what we know that we push back on the president and say he's got to go out within the next hour, hour and a half. That will force all of us to do what we need to do here to give some sense of confidence.

The second question is, we haven't talked at all, but we've got to bring the hill leadership down to the White House. This is politically -- it doesn't matter what we do. If they don't feel involved they will -- this will kill us even if we solve this. GORELICK: We've been talking around the stable about utilizing some pretty extraordinary authorities. The secretary of Homeland Security said we are in communication with various industries. But that communication has to be very different if we are going to fix this. It has to be directive. And I know the cyber czar over here is telling everyone that we have authority, but we really don't. So we should -- I mean, you know, you don't have to sign it, I do. So let's get real about this.

So what I would say to Counselor Lockhart is let's take advantage of asking the hill leadership to come down, and let us all join arms around the solutions here. I think it is incumbent upon us to say here are the things we are going to do. There is no rule book for this, and we need your help and support in dealing with this emergency.

I cannot believe that Congress would walk at that given these circumstances. But you cannot leave the president by himself acting with these kinds of extraordinary powers that I think are called for here.

FRAN TOWNSEND, WHITE HOUSE HOMELAND SECURITY ADVISER: I think we just need to understand is while we're talking, 85 percent of the critical infrastructure in this country is owned by the private sector. And if you think they are waiting for us to tell them what to do that's like not true, right? So they are doing stuff. And they are moving to protect their own assets, not waiting for us. We're going to have to adjust based on additional data that comes into us on what the private sector is doing to protect their own assets which may not necessarily be something we want, consistent with what we want.

CHERTOFF: Well, we do -- do we have a way to find out if they would be interested in having National Guard or federal troops protecting their critical transmission stations and, you know, critical fuel depots? Can we check that and get a response so we know what their reaction is.

JOHNSTON: We are in touch with the utilities with respect to that. But it must be -- keep in mind again that we've got over 3,000 utilities, each of which operates its own generation and own transmission systems. So it must be a local coordinated nationally to be sure, but a local solution to this problem.

CHARLES WALD, SECRETARY OF DEFENSE: What concerns me in this case here is it has gone beyond just Malware, the IED attacks on the power station which shows that somebody is more than just a malicious hacker necessarily. It sounds like it's more of a coordinated effort to actually take our ability to run a nation and our economy down.

CHERTOFF: I appreciate that a lot of this is in private hands. But I want to put an issue on the table because we have the communications failure. That feeds rumors. We have the power issue. That feeds fear. We have the IEDs, and I'm sure that word will get around.

I think we are rapidly approaching a place where the American people would have a serious question about the ability of the president and the government to defend the country. And that is why I want to raise the issue whether there is an argument in favor of simply putting everything we have in the military domain out there, whether it is National Guard or regular military troops that we put them in cities to make sure we don't have disorder and violence, we put them in critical infrastructure. If necessary, we federalized the guard if the governors don't want to go along with it.

Do we need to make a full-court press? Can secretary of defense, do we have the capability to do it. Can we move them? Are they trained to do it?

WALD: First of all, we can do this. We have plans in place to do it. I would recommend we do it as a preventive nature. And with strong coordination with local authorities under whatever plan we have to do, but yes, we can do it.

CHERTOFF: So I'm going to ask our cyber coordinator, what do we do with respect to stopping the problem and preventing it from getting worse and then restoring power from a cyber standpoint? Are you connected up with this -- the power industry, do they get it from a cyber standpoint?

STEWART BAKER, CYBER COORDINATOR: Yes. DHS has connections into the sector with the secretary of Energy for coordination in precisely this sort of circumstance. The long-term solution is to reduce the amount of connection to the Internet that they have become dependent on for their control systems. I think we are going to have to take a close look at this smart grid and make sure that we've built some security into it because I'm not sure we have.

JOHNSTON: But keep in mind that the physical assets have not been harmed. The generators are still there. The wires are still there. It is a question of being able to bring them back online, which will take a matter of days, not weeks.

CHERTOFF: But frankly, a message from the president that we've got hundreds of different utility companies and they are all working hard and they are coordinating to get stuff up so be patient for a few days, strikes me as not the most comforting and appealing message.

LOCKHART: We are trapped a little bit in how we normally deal with a crisis, because it's the opposite here. Our normal crisis is we get some Intel, and the last thing you want to do is tell the public. And you want to deal with it surgically. This is the exact opposite. This is a crisis where the public is impacted more than we are as the government. We are all still working. We are still communicating. They know it is a crisis. So what we need to do and what everybody in this room will be judged on, and trust me you will be judged when this is all over for years to come, is did we carve out every absolute option, every piece of power we had?

So the fact that we're, you know, we -- you know, I'm getting messages from governors on whether they -- they don't want the National Guard federalized. Too bad. We need to -- again, where we will be judged is we don't know enough to know what the solution is so we have to have solutions across all platforms. So I don't think we should be debating whether we federalize the National Guard.

The president should say we are federalizing it if that is the right policy. We have to explain that we have a crisis, acknowledge there is a crisis and in a crisis you take extraordinary steps.

The government has a responsibility, the private sector has a responsibility, the public has a responsibility. The president needs to articulate what he is doing as the government. The president needs to say here's what I told the private sector to do, and then the president needs to say, here is what I expect the public to do and that is how we will get through this.

CHERTOFF: Yes. Fran?

TOWNSEND: One additional fact that everyone should be aware of is, of course, you understand hospitals have backup generators. Their backup generators run on diesel. When you are talking about not having access to refined petroleum, you're going to wind up -- those hospitals are only going to be able to run those generators for six to 12 hours. This isn't sit tight for three days. People after about 12 hours are going to start dying in hospitals. And so you not only have the public safety, but you now have a public health issue.

BLITZER: Ahead -- scrambling to restore the nation's power supply.


UNIDENTIFIED MALE: Let me just put on the table here unaccustomed as I am, that you may have to nationalize the power companies because we can't have this.



TOWNSEND: This isn't sit tight for three days, people after about 12 hours are going to start dying in hospitals.

CHERTOFF: Should we be talking about allocating diesel fuel and other kinds of fuel on a necessity basis and start basically some kind of a rationing system?

TOWNSEND: I think you are going to have to until you can be sure that you get supply back and restore supply. You are talking about some very difficult public policy choices.

CHERTOFF: Well, can we do that? Can we ration?

GORELICK: You can. You can have the National Guard help with delivery.

WALD: I think we need to start up a National Interagency Command Center that starts responding to these things, and we should start looking for international assistance as well. JOHNSTON: What we ought to do in the next 24 hours is get the best intelligence we can from our utilities, from our Department of Defense, et cetera, to determine how long they think this crisis will last. If we think we can bring electricity back online within a matter of two or three days, that is one thing. It is quite another if we think this is a very long and drawn out procedure. I tend to think it will be a short term --

LOCKHART: But this is a cyber attack, we don't know the answer to that.


LOCKHART: So we have to assume if this is someone in Russia, if this is again someone in someone's basement causing this, we have to assume that they are trying to cause harm. We have to assume that they have the ability to attack again and in a different place.

GORELICK: So let me tie this back --

LOCKHART: So I don't think we can get constrained with our answers to -- we think this is two or three days. We don't know. We have to plan for the worst and work back.

GORELICK: You know, let me try this back --

JOHN E. MCLAUGHLIN, NATIONAL INTELLIGENCE: Can I add one other thing here?


MCLAUGHLIN: The utility companies that controls the generation, the emergency generating power at the national security agency has just made a decision to divert that energy for its commercial customers. So let me just put on the table here unaccustomed as I am that you may have to nationalize the power companies because we can't have this.

CHERTOFF: Yes. Does the president have the authority under statute or inherently to say for a short period of time to a power company, here is the deal. You are not going to divert power from NSA. These are your first priority customers and you have no choice?

GORELICK: As I have been saying all day long, he has no statutory authority in almost any of these areas. He can direct a private sector enterprise to do "X" or "Y," except in very rare circumstances. And I'm unaware of any authority that would fix for example the NSA --

MCLAUGHLIN: Does article 2 give him that?

GORELICK: So he is the commander-in-chief. Article 2 says that is his job. And I believe that he has to assert that authority and where necessary for national security make those orders. I would like to have a joining of hands by the legislative branch on that issue, and I would like to see the president explaining the reasonableness of what he is doing, the fact that there is nothing less intrusive that he can do to keep us safe and asking essentially retroactively for his actions to be ratified.

CHERTOFF: The electrical system in this country is not capable of being nationalized and operated as one system. It is over 3,000 systems out there. Each of which has its own generation and distribution, et cetera. You can have some general rules of the road. You can say you must serve the Department of Defense first. You must serve other loads first. But you cannot operate it from one central control system from the White House. It just cannot be done.

LOCKHART: I would remind people that President Truman tried to nationalize the fuel industry in World War II. And the Supreme Court said, no, you can't. So we don't abandon the constitution in these circumstances. And the president is going to have to deal with that possibility.

CHERTOFF: I'm going to have to go up and see the president in about a quarter of an hour, in 20 minutes or so. So I'd like to frame, kind of a summary of where we have been in talking about the issues we have discussed today, both the original cyberattack and the following attack with respect to power.

I'd like to once again get everybody's best view on what is the short-term fix, but then I would also like to look at what do we tell the American people about why this is not going to happen again, or are we going to have to tell them, this is going to happen all the time, get used to living in a country where you are constantly unable to communicate and unable to turn your electric lights on.

So this is one of those moments before you walk into the Oval Office where you are going to have to be willing to tell the president this is a course of action that is bold but may get you in trouble after the fact is overreaching, or you may want me to go in and say to the president, look, here is what you've got to do to not get overreacting, and it may mean that we are going to have to muddle along for awhile, but in the long run you'll be able to say, look, I didn't touch on anything that civil liberties concern. So I asked you to explicitly address those issues as you talk about the way forward on these problems.

BLITZER: Up next -- grappling with the power of the president.


BAKER: The risk of second guessing is not that people will say, you did too much, you went beyond your authority. We will be criticized if we do not do everything that we can.


DON LEMON, CNN ANCHOR: Hello, everyone. Don Lemon here at the CNN world headquarters in Atlanta. Let's take a look at your headlines this hour.

Ron Paul has gotten the nod of approval from conservative activists at a CPAC meeting. The Texas congressman got the most support for the 2012 Republican presidential nomination in an unofficial straw poll. He received 31 percent of the vote. In second place, former presidential hopeful Mitt Romney, and former Alaska Governor Sarah Palin was third.

There's been a changing of the guard for the country's oldest civil rights organization. Rosalyn Brock, a health care executive from Maryland has been named the NAACP's new chair, the youngest person ever to hold the post. Brock had been serving as the group's vice chair. She will replace Julian Bond who's held the post since 1998.

The man who rammed his plane into an IRS building in Austin, Texas, this week, may have wanted to cause even more damage. A law enforcement official says Joseph Stack may have removed several seats from the Piper Cherokee and replaced them with a stolen fuel drum. Stack apparently was in rage at the IRS. Stack and an IRS employee were both killed.

Well, they had hoped to see him compete in the Olympics for glory, but instead thousands of mourners gathered for the funeral of a 21-year-old Luger in his hometown in the Republic of Georgia today. He was killed during a practice run in Vancouver when he was thrown from his sled. There had been concerns about the track speed. Following the accident, the track was modified.

Ferocious mudslides have taken a deadly toll in the Portuguese Island of Madeira. At least 32 people have been killed and possibly dozens more are missing. The flood waters had damage homes, flipped over cars and knocked down trees. Look at that video. There are no reports of any tourist missing occurred in the popular resort destination.

CNN presents CYBER SHOCKWAVE returns right after this.


CHERTOFF: What do we tell the American people about why this is not going to happen again? Or are we going to have to tell them, "This is going to happen all the time. Get used to living in a country where you are constantly unable to communicate and unable to turn your electric lights on"?

FRIEDMAN: I am absolutely with you on the point that we have to have the National Guard mobilized, not only to secure areas in the energy grid, but other areas that we think if there is a concerted attack on the U.S. -- which this certainly looks like -- may be vulnerable.

And certainly we have to try to make sure that Congress is onboard as much as possible, and I am in the school that says that he's going to have to speak to the American people very candidly about the fact that in the world we are in today, we are at risk for this type of thing. And we cannot give them easy comfort, but we are going to have to have some shared determination and sacrifice here. CHERTOFF: Let me ask you, in the long run, what does this tell us about whether we have properly struck a balance between what the government can do and what the private sector does in a moment of crisis or emergency?

Do we have the mechanisms or do we need to create mechanisms to allow the federal government to step in and do some extraordinary things for a short period of time?

FRIEDMAN: I am hearing loud and clear just in the description from the attorney general that there are authorizations that we need to have that we don't have, and this is very much analogous to what has happened in the financial sector where the regulators stepped in and did some very aggressive things -- and I think very constructively.

But it is quite clear now that we need mechanisms there so that you do not have to have the same degree of improvisation, and we should not be debating the next time something like this happens - and the odds are very strong that there will be a next time - we shouldn't be debating whether the president has the authority to basically say, metaphorically, cars with faulty brakes that are a danger on the highways have to be recalled and fixed. We should just go through and have that kind of authority.

CHERTOFF: All right, Cyber Coordinator, Stewart.

BAKER: The risk of second-guessing is not that people will say, "You did too much. You went beyond your authority." We will be criticized if we do not do everything that we can. People will recognize that we are going to have to straighten out the authorities over time.

CHERTOFF: Let me ask you two questions, though, to press you on this because I'm sure the president is going to ask me about this.

First of all, some of what you want us to do involves getting people and institutions to use the tools they already have -- patches, anti-viral software -- and actually simply download them and implement them. And a lot of people don't do it.

How do you make them do it? And, do you say, instead of asking voluntarily to do it, do you simply make them do it by doing it from a remote location? In other words, do you have the ISPs and the telecoms make people or download it on their own volition even if people don't do it themselves?

BAKER: None of us can log on to our government computer networks without going through a set of security checks that are performed on the systems, on the computers that we are trying to log in.

Increasingly, as the Internet becomes subject to these sorts of attacks, people are going to have to demonstrate that what they are trying to hook up to the public network has been secured in some fashion, and Internet service providers are going to end up trying to make sure that people who are hooking up to the network are not posing a threat to that network.

CHERTOFF: Here is my second question then: If we go down that road, what happens the next time the president meets with the premier of China or if we ever meet with the leadership of Iran, and they say, "Wow, great. You are sitting on top of your Internet the same way we are sitting on top of our Internet, so we all agree - the government ought to control what comes across the Internet."

Isn't that argument going to be thrown in our face when we have activists in the U.S. trying to communicate with democracy advocates in Iran and other places in the world?

BAKER: Those governments are going to do what those governments want to do, and whether we have created a talking point or not for them - and the discussion I think is not relevant to what they will actually end up doing.

We have got to defend ourselves. Nothing looks worse to the international community than that map. We look weak and unable to help anyone in the world who shares our values. We have got to solve that problem first.

CHERTOFF: I need to turn to Homeland Security. In terms of the mechanism for coordinating the response here and getting all the various entities - federal, state, local, private sector - involved, are you satisfied based on what we have seen here today that we can tell the president the architecture is right. Or do we need to have some override that allows a unified response in a catastrophic event like the crime we have here?

TOWNSEND: I think that the sector system that we have in place worked the way it was expected to work. It was not built for a catastrophic event, and so do I think that you need an override? The answer is yes, I do.

And - this is - look, when you get into this magnitude of a crisis, to the attorney general's point, we are in the "better to ask forgiveness than permission." You no longer have time to be arguing the legal argument about authorities. You need to act.

BLITZER: Coming up, what to tell the president.


CHERTOFF: What does he say to the public in a little while when gets out there?



TOWNSEND: We're in the "better to ask forgiveness than permission." You no longer have time to be arguing the legal argument about authorities. You need to act.

CHERTOFF: I think the general consensus has been to be quite aggressive and active here. Part of my question relates to Stewart's suggestion about the ISPs and the telecoms is, what are you going to tell the private sector when you say to them, "Do all these things, help us in all these ways," and they say, "Well, Madam Attorney General, that is great, but we are going to be in litigation in the courts for the next five years. Who is going to pay our legal fees? Who is going to defend us?"? What is the answer you are going to be able to give?

GORELICK: Well, this is one of the critical questions that we have been discussing all morning. The structure of our laws today is that unless you can -- unless you can show that the action that you are taking is properly ordered by the government, you are leaving yourself open to lawsuit.

And in the current structure of our laws with regard to communications companies, I would have to certify that what they are being asked to do is lawful. Otherwise, they are open to lawsuit.

You asked what to do in the short term. We have to, as Joe said, deal with panic in the streets, which is, I understand, we have right now. So we have to get the Guard out there, and it knows how to do that consistent with any cooperation with local law enforcement.

But, two, we have to deal with the -- we have to make sure that what we are doing in terms of both the private sector and privacy interests are, is reasonable, temporary, necessary and not overreaching.

So I wouldn't reflexively go as far as you can go because we are in a state of panic. I would try to make sure that we communicate with the American people and with the private sector that what we are doing, steps we are taking, are steps that we feel are absolutely -- absolutely necessary.

Just to take the example on the table today -- it is less efficient if you say to anyone who wants to offer apps, "You have to make sure each of them is safe." It is more efficient to just put them out there. But we are going to have to say to the private sector, "I'm sorry, you are going to have to delay bringing this hot new application to market until you can assure that it is safe."

So both prongs -- the relationship with the private sector and the relationship with our privacy interests -- have to be discussed forthrightly by the president.

CHERTOFF: All right. Let me turn now to the issue of the fact that we have a reasonable perception that we are under attack. Turning first to the Defense Department, looking at this thing, entirety of what we are facing -- explosions, attacks on the power grid, attacks on communications -- what do we do from a defense standpoint?

WALD: One of the things I would recommend because of an opportunity and necessity is the president should call for Congress to approve Cyber Command standup immediately, and then we should make sure Cyber Command understands they have the lead for helping us develop policy, rules of engagement, for that matter. As was pointed out, we are in a different world than we used to be. The threats to our nation are different than we have planned for years and years.

CHERTOFF: The last thing I am going to have to talk to the president about is what does he say to the public in a little while when he gets out there? And, Joe, you have heard all the discussion. I would like your views, and then if anybody else wants to weigh in, then I will give you my kind of final sum-up of what I think I will take in to the Oval Office.


LOCKHART: I think the president has to be clear that this is a national emergency, crisis -- whatever the right word is -- that we don't have the answers, but the full weight of this United States government is behind getting the answers -- both who did this and how we are going to restore the power, the phone service, you know, normalcy to Americans' lives.

And I think he needs to frame this as a dynamic situation. He can cite the 9/11 attacks as a time when the country put counter- terrorism first and foremost. Well, now cyber-terrorism has taken that place, and we need to respond with the same sense of purpose and vigor, not just for the next few days, not just until you get your phone back or the lights go back on, but making sure that we are doing everything we can to resolve the problem.

I think that if he can speak broadly and thematically there, that will be the first - an important step to restoring confidence.

CHERTOFF: Well, listen, I appreciate everybody's advice. I am going to sum up my takeaway on this before I go into the Oval Office.

The first is, to me, I have a clear takeaway. This is a dynamic problem. This is not a one-shot deal -- we are going to fix the problem, we will win the war and then we will go about peace. We are going to live with this for as many years as we can foresee.

Second thing is, I detect the frustration on the part of everybody with the binary system in which we tend to address these problems -- the domestic traditional law enforcement on the one hand, the international overseas war-fighting on the other.

The fact is this is going to take us in and out of our borders. The servers may be in Russia, the actual originator may be in Sudan or may be next door here somewhere in suburban Virginia. So we are going to have to find a way to assemble all the tools in the tool kit.

And then I think the last observation I would make is there seemed to be a surprising amount of uniformity in taking very aggressive, vigorous action, but I think also a sense that it would be important very quickly thereafter to get the public to buy into it so that the president might go out and assert quite aggressively not only statutory but even non-statutory authorities, but that you would expect to bring Congress down, have them stand there in the first couple of days and support what was done and then ultimately ratify it in the way that Congress did with what Lincoln did during the Civil War. Of course, that means Congress has to be grown up and be willing to do that as well.

And then ultimately we have to get the public. The public has to buy in and understand with clarity what it is the president is doing and why the president is doing it.

So with that, before I terminate this meeting of NSC, any further comments anybody wants to pass on?

Well, thank you for your dedication, and the wealth and the wisdom of your experience has been very manifest, and I am pleased to have been a colleague of yours.

Thanks very much.


BLITZER: When we come back -- a discussion with the war room participants. Are we ready?


BLITZER: Do you see evidence, Joe Lockhart, that the Obama Administration is on top of this issue -- and answer the question honestly.



BLITZER: We are going to continue now with "We Were Warned: Cyber Shockwave." We have just seen a fictional scenario where a cyber attack crippled the United States infrastructure and the economic system.

But what could we really learn from what we have just seen, and what is being done to prevent a real cyber war? We are going to get some answers now from these former high-level officials in the U.S. government who participated in this war room simulation.

And I guess the first question goes to John Negroponte. Was it really realistic? In the real world of today, could the United States face this kind of crisis?

NEGROPONTE: It didn't -- none of it struck me as particularly outlandish, no.

BLITZER: If the President of the United States asked you right now, John McLaughlin, who would be the source of this attack?

MCLAUGHLIN: I would be hesitant to say that it would be a state, because nothing we heard here today amounted to a motive, I think, for a state to do it. And states would do this sort of thing only if they were prepared I think to have it done to them, although attribution would be difficult. But sooner or later, we would figure out if this was a state attack.

BLITZER: So you are saying it would be a terrorist group? Is that what you are saying?

MCLAUGHLIN: I would at this point -- with little doubt I would put my money on either a terrorist group or a group of hackers who have some motive to do this ranging from mischief to hostility toward the United States.

BLITZER: Anarchists, Fran Townsend, is that the likely source of this kind of attack?

TOWNSEND: You know, I actually -- no, I don't think so. We know that there are foreign actors who have got capability to launch these kinds of programs.

BLITZER: Like who?

TOWNSEND: Well, you heard it in the context of the scenario -- the Chinese and the Russians have this capability.

BLITZER: Based on what you learned when you were in the government, and what you have learned since then, is there any evidence that there is a country right now or a foreign entity planning such an attack against the United States?

CHERTOFF: You know, I think the general view has been that for most sophisticated countries that might have capabilities like this, an attack of this kind would have such a devastating blowback effect -- not only in terms of the possibility of retaliation, but just in terms of the fact that we are a globally connected world and all of our economies are interdependent -- that no country would likely undertake an attack like this.

BLITZER: Bennett Johnston, have you seen any evidence at all, in all your years, recent years, that someone is actually planning this kind of an attack?

JOHNSTON: Certainly not on the electric grid. It seems to me that while the electric grid has certain vulnerabilities, to try to take on the whole grid or the whole northeast reliability of system is really not realistic.

BLITZER: Charles Wald, do you believe that the United States is prepared right now to deal with this threat?

WALD: I think we're preparing for it. I don't think we are prepared as much as we should be.

I think the scenario we saw today is believable. It may be more difficult than we have made it look potentially, but I think people would like to do this to us. And I think it would be a non-state actor, myself.

So I think we need to continue to now treat cyber threats the same way we do WMD, for example. We need to put the same emphasis on that, and we need to be thinking through this and start developing better policy, and understanding the process better. It is still very abstract to most people, I think.

BLITZER: Ambassador Negroponte, does Al Qaeda today have these savvy, sophisticated computer experts that could launch this kind of attack?

NEGROPONTE: Well, they certainly have pretty sophisticated communication capability. Whether they have the kind of experts you're talking about, I haven't had access to that kind of information.

BLITZER: But you are skeptical that Al Qaeda currently does?

NEGROPONTE: Only skeptical in the sense that their top leadership at least is holed up in fairly remote parts of the world.

BLITZER: Are you skeptical, John McLaughlin?

MCLAUGHLIN: Oh, I'm sure Al Qaeda would like to do this, but we don't understand their capabilities in this area, I believe. As the ambassador said, they have got great communications capabilities, great public relations capabilities. We just don't know the extent to which they could carry out something like this.

BLITZER: Jamie Gorelick, it sounds to me, based on everything we heard you say during this war game right now, that the legal questions are so murky and muddy out there, that it sort of cries out for some either new legislation or a decision-making process that comes to grips with what is out there right now.

GORELICK: Well, we have to come to grips, as you put it, with the implications for our personal privacy and the relationship between the federal government and the private sector.

I mean, our national security rests on a bed of wholly-owned private enterprise, and unless we are very clear as to what we expect from them, expect from private enterprise in the easy times, and what we need from them in the time of crisis, we are going to be left to the kind of "Let's just do it and figure it out later."

BLITZER: Legislation is needed to deal with this -- you believe this is a realistic scenario..


BLITZER: Stephen Friedman, is it possible that this kind of cyber attack could bring the entire U.S. economy to a halt?

FRIEDMAN: Look, the financial system melting down -- I am incapable of thinking that as being anything other than a total catastrophe, but so would this be. Each of them in their own way is pretty dreadful.

So we really need to be -- this highlights areas that we need to really be getting our act together on because this is an absolute disaster that we can see potentially coming. There are too many people who have the capability to do it who wish us ill, for whatever their motives are.

BLITZER: The people who are watching this program on CNN in the United States and around the world right now, they are going to be scared, Stewart Baker, because they are going to come to the conclusion, "You know what? The United States is not prepared for this kind of an attack." Is that an appropriate conclusion that they should come to?

BAKER: I think unfortunately that that is true. In fact, I'm writing a book called "Skating on Stilts," and I think that is exactly what we are doing -- we are skating toward a fall.

BLITZER: Do you see any evidence, Joe Lockhart, that the Obama Administration is on top of this issue - and answer the question honestly.


LOCKHART: I am going to have to think about it.


And this will be a first with you, Wolf, that I answer a question honestly.


Seriously, yes, they are on top of it. But you don't solve problems like this by people like this around the table being on top of it.

You know, Jamie will back me on this -- countless meetings in the second half of the Clinton Administration on counter-terrorism, bio- terrorism, cyber-terrorism - particularly with the work Jamie was doing.

But without things like this, or without a full-blown crisis, it doesn't rise to the level where people within government take it seriously enough, people within industry take it serious enough, and, most importantly, the public.

So, the question I think you asked, is the public scared? Yes, and that's a good thing. Because when the public has a demand, the government provides the supply.

BLITZER: It has been an extremely valuable session. I think all of us learned something. Especially in the coming weeks when we all start talking about March Madness, we'll have a new appreciation of March madness. Let me thank all of you very much for joining us. This fictional scenario we have just seen is certainly frightening, but what is even more frightening is the danger of it potentially becoming reality.

Thanks very much for joining us. I'm Wolf Blitzer.