“Today as we seek to better conceptualize the threats and adversaries that face us all, none seems to be more global, threatening, and in need of attention than today’s cyber environment,” said the event moderator, Karen J. Greenberg, director of the Center on National Security at the School of Law. “Cyber vulnerabilities stand to affect governments, the private sector, institutions, organizations, and individuals—in a nutshell, all of us.” 

The three panelists are leading experts who have dealt with recent hacks. Cristin Flynn Goodwin is the associate general counsel of Microsoft’s digital security unit, where she counters nation-state actors and advanced attacks worldwide. Nowell Agent is a supervisory special agent for the FBI who was instrumental in identifying the Hafnium hack that affected thousands of organizations across the world. Adam R. James is a special agent for the FBI who led the investigation on APT40, a Chinese hacking group that has targeted governmental organizations, companies, and universities. 

The panel began with an overview of the current cyber environment. This year, nation-states like China and Russia have been primarily searching for information, said Goodwin. 

“We saw China very active in trying to gain information about the incoming administration. We saw Russia looking for shifts in U.S. policy relative to sanctions, defense, and NATO,” Goodwin said, adding that members from both nation-states were successful in gaining intel more than 40% of the time. 

One successful cyberattack was the SolarWinds hack, where a group of Russian hackers infiltrated a routine software update from a Texas-based company and gained access to about 18,000 machines. The hackers wanted to know what security teams know about Russian attackers so that they can evade detection, Goodwin said. 

She compared the SolarWinds hack to a scene in the movie Mission: Impossible, where Tom Cruise sneaks through the ceiling with wires and cables. But hacks aren’t usually that dramatic, she said. In most cases, a hacker is like a person walking down the street, trying the door knob to each house until they find an unlocked door, she explained. In other words, they try to break into multiple accounts until they find one with an easy password. 

“You don’t need Tom Cruise when you’ve left your windows and doors open. And so from a [big company’s]perspective, you have to be ready for the ‘Tom Cruise,’ for the most sensitive of situations. But most of the time, this is diet and exercise. This is really being cyber healthy to make it harder for them to have to work—to call out the A-team, Mission: Impossible, to come in and compromise your environment,” Goodwin said. 

This is important because the biggest risk in cybersecurity is literally us—the everyday computer user, said Agent. 

“Business email compromise is still the largest loss leader for cybercrime in America,” Agent said. “Most, almost all of that comes from a spear phishing email to an institution.” 

Agent urged people to implement multi-factor authentication across all accounts and to ensure that their employees understand how to use it. He recalled someone who once received a text message on their phone and clicked on it, nearly leading to a $40 million loss for that person’s company. 

“They didn’t even know what it meant. They thought their administrative assistant was trying to gain access to their account,” Agent said. “They clicked yes, and that gave the actor access to it.”

Special Agent James said that small businesses can better enhance their cybersecurity by reading annual reports like the Microsoft Digital Defense Report—a comprehensive resource from Microsoft security experts that describes the threat environment and how to counter cyber threats—and properly training their employees on how to recognize and avoid cyberattacks.

“You generally have a good information security staff that understands the threats. But like Nowell had pointed out, issues caused by the users are where most of the attacks originate. So pushing down that information in a digestible way to the people that actually may be impacted is what’s really important,” James said.  

This special webinar is part of the International Conference on Cyber Security (ICCS), which has become one of the top international events on cybersecurity over the past decade. The 2021 conference was postponed due to the pandemic. The next one is scheduled for July 18 to 21, 2022, in-person.

Brennan, a distinguished fellow on global security at the center, acknowledged that Soleimani was a “principal nemesis” of his while he was director of the CIA and that the general represented a threat to U.S. security, but he did not see a legal basis for the strike.

‘We’re Not at War with Iran’

Brennan made a clear distinction between an “unlawful combatant,” such as the leader of a terrorist group, and an individual acting on behalf of a sovereign state, such as a military general. He said that according to the Geneva Convention and “a lot of other important foundations,” a non-state actor is not afforded the same protections as a state actor working on behalf of a sovereign state.

“We’re not at war with Iran,” said Brennan. “We have struck Al-Qaeda terrorists numerous times, but they are unlawful combatants. I see no equivalency, either in …  a domestic or international law, that striking a government official of a foreign country that you’re not in war with has a legal basis.”

Indeed, Brennan cited congressional hearings held in the 1970s that found that the CIA was involved in several “extra-legal” killings. The hearings resulted in an executive order passed by President Gerald Ford in 1976 that banned the assassination of state actors. He added that by the current administration’s rationale, the U.S. could take out the head of the Russian Federal Security Service because that agency is involved in nefarious activities.

“[The killing of Soleimani] certainly is very dissimilar from the strikes against unlawful combatants belonging to Al-Qaeda or any of the other terrorist groups that are in fact named in the authorization for the use of military force that has been in existence since 2001,” he said.

Drone Technology: Advances and Ethical Questions

That Soleimani was killed by a CIA drone, a technology used in a program supported by Brennan, was not lost on the audience, the interviewers, or Brennan himself. Dilanian asked him about the significant advances in the technology that enabled the killing. Brennan said two factors have played a large role in making such stealth and exact attacks possible. One is that today everyone leaves behind “digital dust” from their cell phones, credit cards, and from closed-circuit cameras watching them.

“It is not difficult at all to learn, through legal means, and then through government means, where somebody is,” he said.

Second, he said, is the “increasing refinement and advancements in technology about putting the ordinance on target … within inches.” And if that person moves, as was the case with Soleimani’s caravan at the Baghdad airport where he was killed, a missile can be steered in that direction at the last minute. He added that with machine learning, there is an additional ability to correlate all that information at the speed of light.

“It raises very serious questions about at what point should those actions that result from the machine learning and the ingestion of data require human intervention?” he said.

He said that in the case of the Obama administration, for every decision that was made to strike a terrorist, there was a rigorous review that had to determine that there was no other way to mitigate the threat that that person posed, except by the use of lethal force.

“Before striking that individual, there had to be near-certainty that that was the person, near certainty that there’d be no civilian casualties, there was no possibility of capture, by either U.S. forces or by local forces … in order for it to be an authorized strike,” he said, adding that no such criteria have been clearly articulated by the Trump administration in the Soleimani killing.

Concern About Retaliation

Brennan admitted that the strike was a significant blow to the Iranian high command, but he warned that “the concept of an eye for an eye” is very strong in Iran. Despite a retaliatory strike by the Iranians on a U.S. airbase in Iraq that resulted in more than 60 traumatic brain injuries of U.S. soldiers, there may still be yet another attack to come.

“We know that the Iranians have long memories, we know that they can be patient, and so I believe that there are some in Iran who will want to avenge Soleimani’s death with blood, not with brain injuries,” he said.

Greenberg noted that in attacking Suleimani, the Trump administration used the authorization for use of military force (AMF) from Congress set in 2001 and 2002 for those responsible for the 9/11 attacks and for attacking Iraq, respectively.

“Given that the scenario you’ve just laid out for the decisions that might be in front of the White House coming down the pipe, like this incident, do we need a new AMF, and if so, how would we begin to think about its focus, its limits?” she asked.

Congressional Authorization in the Trump Era

Brennan said that his views have changed on Congressional authorization since the Obama administration, when he thought that their approval constrained the president’s ability to act swiftly, such as in the case of Obama’s effort to close Guantanamo Bay prison.

“I felt that Congress’ intervention was really counterproductive to the ability of the chief executive and the commander in chief to carry out responsible policies,” he said. “Now during the Trump years, I feel as though, ‘My goodness, where’s Congress?’”

Yet, he said, the nation needs to be cautious in “reshaping the architecture of the federal government” in response to an unpredictable Trump presidency.

“He clearly is an anomaly, and he clearly is doing some things that I think would not have been expected of anybody that we thought would make their way to the Oval Office,” he said. “He’s trampling a lot of the foundations of our democratic republic, and I think he’s also demonstrating a real lawlessness. And so that’s the struggle now. What do you do when you have a lawless president? I would put the Soleimani killing in that bucket.”

He said the challenge would be to ensure that the mechanisms of government remain flexible enough to survive into the future, though he remains troubled that the Republicans in Congress have “checked their principles at the door.”

Doing What’s Right

When the conversation turned to impeachment, Brennan said, “I would love to be able to just sit in on a Fordham Law School class on the issue of ethics and defense attorneys,” noting that these topics are front and center in the hearings.

“There’s a cravenness right now in Washington among politicians that just refuse to do what is right. And then you can have very respected attorneys who are well known, some lawyers with big egos, to go up and do anything possible to get somebody off.”

During the question and answer period, David Myers, Ph.D., professor of history, asked if Brennan thought that the unwavering support from Republicans in Congress might stop future “good-minded, good-hearted intelligence servants” from coming forward as whistleblowers in the future.

Brennan said that he certainly hopes that will not be the case.

“I sure as hell hope they speak up. And it can be costly and people are going to come after you. It’s been costly for me. People come after me, but sometimes, maybe it’s my Fordham training or my Irish temper or any number of those things, but I feel that I have no choice but to speak out because what’s happening now is wrong. And if you are a person in the intelligence community and you see things wrong, speak up and speak out because it’s the right thing to do.”

“I will be a supporting researcher to senior fellows who have a lot of experience,” Matteucci says about the appointment, which begins in August and is based in Washington, D.C. “I’ve respected Carnegie’s work for a long time and used a lot of their work in my own research. I’m excited to be surrounded by these scholars.”

The fellowship provides the framework for Matteucci to advance her research in nuclear policy, an area of study she became interested in as an intern in the Center on National Security at Fordham Law during her sophomore and junior years.

“They work in the broader realm of international security,” explains the international relations and Spanish major who is graduating from Fordham College at Lincoln Center. “I was doing research related to counterterrorism and cybersecurity and there’s a lot of overlap with nuclear policy.”

From the Center for National Security, she was recruited by Sandia National Laboratories, the nuclear arms lab based in her hometown of Albuquerque, New Mexico. She served there as an international nuclear safeguards and security intern for nearly 18 months.

Today, Matteucci is interning with two nongovernmental organizations at the United Nations, where her focus has shifted from strategy to disarmament.

“It’s very different from the work I did at Sandia, where the focus was often on nonproliferation and strategic concerns,” she says. “I’m in the process of informing myself. Being in the field, you have to understand all of it.”

Matteucci says she aspires to a life of public service that may include government work. She notes the need for more women in leadership positions and more critical thinkers on the subject of nuclear policy in a country that has “one of the largest arsenals in the world.”

“When you learn about nukes and the strategic environment,” she said, “you inevitably learn about conventional weapons as well. So it gives you the full scope, which is why I consider it such a useful lens.”

In April, Matteucci traveled on a Fordham-funded trip to Geneva for the U.N. Preparatory Committee meeting for the 2020 Nuclear NonProliferation Treaty, attending as part of a youth delegation. She and her peers spent a week speaking with ambassadors and monitoring proceedings in the General Assembly. Matteucci also interviewed representatives from NGOs as part of her research for an independent study at Fordham.

“It was clear that states are preparing for the eventuality of cooperation on disarmament,” she says. “This is both timely and hopeful. With dialogue lacking in most political spaces—even the nuclear field is quite partisan— it is exciting to see people searching for common ground.”

Her passion for international policy began in high school with a debate case on unilateral intervention in foreign conflicts. After that, she says she “was hooked.”

Matteucci has presented at multiple conferences and was the first undergraduate student accepted into the Next Generation Safeguards Initiative course at the National Nuclear Security Administration. She has also contributed to the Journal of the Institute of Nuclear Materials Management and other publications.

A blues pianist who regularly sings and performs, Matteucci enjoys attending live concerts with her father who plays Spanish classical guitar.

One of her best memories? When she played the same piano graced by the talents of her idol, the legendary Herbie Hancock, at a jazz club in Spain while studying abroad in her junior year.

“It was the coolest moment of my undergraduate years!” she says.

–Claire Curry