The World Unpacked

Iran's Cyber War

Episode Summary

While the loud, public conflict between the United States and Iran rages on, a secret war has been waged in the shadows for years. How dangerous is the cyberwar between the two countries? And how has the digital battlefield changed?

Episode Notes

While the loud, public conflict between the United States and Iran rages on, a secret war has been waged in the shadows for years. How dangerous is the cyberwar between the two countries? And how has the digital battlefield changed? Jen Psaki talks to Jon Bateman about the tools and strategies of both countries have developed, and what an all-out cyberwar would look like.

Episode Transcription

Jen Psaki: 00:00 I'm Jen Psaki, welcome to The World Unpacked

Music: 00:07

Jen Psaki: 00:08 We break down the most important global issues with experts, journalists, and policy makers. We ask the questions you want answers to in order to get smart on foreign policy. The Iranian relationship with United States has been fraught and complicated and loud for decades, but behind the headlines, a secret battle is being fought. Today we're talking about the shadow war with Iran. Where did the cyber conflict between the United States and Iran begin?

Jon Bateman: 00:32 Well, in one sense it's hard to pin down exactly because things that are happening in cyberspace are typically hidden from view, but the first time this spilled out into the open very dramatically was in the Stuxnet attack, which began over 10 years ago when the Bush administration sought to find covert ways of slowing down or impeding Iran's nuclear program without having to resort to a physical kinetic strike.

News Clip: 00:56 Stuxnet is the computer virus that rendered thousands of Iranian nuclear enrichment centrifuges useless. It's widely believed that the U.S. And Israel were behind it.
News Clip: 01:05 The reason it's hugely significant is this the first time the computer code has crossed the threshold from the realm of cyber to the realm of the physical and starts blowing stuff up.

Jon Bateman: 01:17 And what they came up with in concert with the Israeli government is an effort to use cyber tools to infect the computer infrastructure that controlled Iran's nuclear activities and attempt to gum up the works and essentially sabotage it. That was Stuxnet.

Jen Psaki: 01:34 That's Jon Bateman, a fellow at the Carnegie Endowment for International Peace where I also work. He's worked extensively in both the U.S. Department of Defense and the intelligence community. He's been watching Iran for years. So how did Iran react at the time?

Jon Bateman: 01:49 So it's important to take a step back and just think about what Stuxnet was attempting to do because Iran was really caught unawares by the sophistication and the complexity of this type of operation. It was kind of remarkable and unprecedented for what it was. Uh, it was an attempt by a cyber operation to create a physical effect somewhere in the world rather than just in a computer system itself. And this is something that computer experts had really just speculated about the possibility up beforehand. So Iran wasn't prepared for that kind of attack. It also was a way to attack a physical system that wasn't directly connected to the Internet. And so there was a lot of sophistication and technical complexity in what the U.S. did. So in that sense it was kind of a preview of an American way of cyber war. It was technically exquisite; it was highly targeted and it had a strategic effect on Iran. It was also very secretive and costly and time consuming. So when Iran eventually discovered this, it was shocked. And it paired this with another event that had happened, the green movement, the, uh, disputed presidential election inside Iran where millions of Iranians fled to the streets. And Iran viewed this as another form of cyber attack in a way, because Facebook and Twitter, these western-origin tools, were being used to help foment dissent within the country. So Iran realized at that time that it needed to create its own cyber program to create asymmetric capabilities that it could use in response.

Jen Psaki: 03:25 And an important backdrop here is there were not diplomatic relations. There still are not, uh, between the United States and Iran. There wasn't a normal channel through which, uh, with other countries, um, you know, a diplomat may have said, 'what's going on here? Why are you attacking our country? Or why are you attacking our systems?' That didn't exist.

Jon Bateman: 03:44 That's right. And in fact, in this period, uh, when Stuxnet really accelerated under the Obama administration, this was a real peak of tensions between the two countries where there was not only this covert cyber war happening in the shadows, but there were real physical things happening in the real world. Iran at that time still was killing U.S. troops with its proxies in Iraq. It had an attempt to assassinate the Saudi ambassador in Washington inside the U.S., and the U.S. had really started to impose very biting economic sanctions on Iran. So cyber was just a tool that was being added to the arsenal in this increasingly hot shadow war.

Jen Psaki: 04:25 So how, how did this play into the, a, you spent a lot of time in government, um, how did this play into the strategy or the approach to Iran as it related to the nuclear negotiations? Do you think it brought them to the table or was it a tool used for that purpose?

Jon Bateman: 04:41 What the U.S. really was seeking to do is forestall the need to make a difficult decision about a military attack on Iran and give time for diplomacy to succeed. And so that's why they looked to covert tools like Stuxnet to try to delay the amount of time that Iran had to make progress in order to allow the sanctions to take effect. It's really difficult to assess how effective the cyber operation was just because Iran's nuclear program at that time with somewhat opaque. We do know that there were many centrifuges that actually had to be replaced around the same time that Stuxnet was attempting to damage these centrifuges. And some people have assessed that it at least prevented Iran from expanding its enrichment program more quickly. So you could argue that it gave additional leverage to the U.S. and the major powers negotiating with Iran.

Jen Psaki: 05:32 So you've outlined for us how it began. Iran has also hit back over the course of time, uh, as well back in 2012. Can you talk a little bit about that and, and what that looked like?

Jon Bateman: 05:43 So the most dramatic beginning of Iran cyber sort of reprisal on the United States came in 2012 with, it's a distributed denial of service attacks against U.S.banks. What these DDoS attacks, as they're called, really are, is a way to temporarily disrupt somebody's computer network. It's much cruder than what the U.S. did with Stuxnet, but it was innovative in its own way. It's essentially like taking thousands of phones and calling up somebody's phone in order to cause a busy signal so that they can't operate. You don't actually need the kind of exquisite access that the U.S. achieved in Stuxnet in order to do what Iran did. It doesn't cause lasting damage, but it's a nuisance. And so what Iran did was it targeted a number of us financial institutions and hit them with the most substantial DDoS attacks that had ever occurred in history at that time. This is the time when the U.S. sanctions were really starting to bite. And so Iran's cyber attacks, in some way, were meant as a form of reciprocal response for the financial impact of U.S. sanctions on Iran. In return, Iran would attack the U.S. financial system.

Jen Psaki: 06:53 So if you are a consumer at the time or a bank, how did this manifest itself? Kind of, how did you know something was up?

Jon Bateman: *07:00 *Basically what would happen is a U.S. consumer going to the Bank of America website in order to do a transaction, see her account balance, just wouldn't have been able to access it for maybe hours of a day. And what was striking about this attack is that it was ongoing over weeks and months and Iran actually used a false flag persona to take credit for the attack and deflect attention from itself. But it even went to the point of announcing when attacks would occur in advance. And setting up a regularly weekly schedule to kind of rub it in the U.S.'s nose and sort of embarrass the United States. And this is kind of the Iranian way of cyber war. It's really less technically sophisticated than the U.S.; it's more for psychological effect and it's an attempt to really shock and upset and embarrass its victims rather than creating the kind of strategic effect that the U.S. had against the Iranian nuclear program.
Jen Psaki: 07:55 Now, do the Iranians have the same, I mean that was their strategy -- did they have the same, how quickly did their capacity, um, escalate? I mean their ability to do cyber attacks because you kind of walked through Stuxnet. They were surprised by that. Then they came back a couple of years later and they did their own version of attacks. How should we assess what their capacity is at this point?
Jon Bateman: 08:18 They really developed what you might think of as a quick and dirty cyber program by looking to capabilities that were already resident within the country, but hadn't yet been leveraged by the government. So thinking about domestic hackers who may be conducting cyber crime on the side; or the IT industry, that's doing security work for Iranian companies, but those capabilities are dual use and can be redirected offensively. So what we now know from U.S. indictments against Iranians for these attacks is that there were actually two private Iranian companies that were working at the behest of the Iranian government to conduct this.
Jen Psaki: 08:53 Fast forward a little bit, we're just going a little chronological to get all of our listeners up to date. Uh, there's a nuclear negotiation. The United States, the, the P5+1 sign an agreement with Iran -- at that point, is there cyber peace? Or what happens then?
Jon Bateman: 09:08 You know, since 2013 when the nuclear talks really kicked off and then led to the nuclear agreement, even through today, there's been a period of relative cyber peace from Iran toward the United States. Once the nuclear talks started in earnest and President Rouhani was elected in [Tehran] and bringing a moderate faction to town, Iran's interests shifted toward negotiation and conciliation. So Iran has still continued its espionage and influence operations against the U.S., but in this whole period, there's only been one moment where they continued to do a disruptive or destructive cyber attack against the United States. And that was in 2014 when they attacked the Las Vegas Sands Casino Corporation.
Jen Psaki: 09:54 And what was that about?
Jon Bateman: 09:55 So that was a really strange and outlying episode and it's even hard now to understand what it was all about. Many people may be familiar with Sheldon Adelson -- he's a U.S. billionaire who made his money in the gambling industry in Las Vegas. He's somewhat combative and eccentric, and he's also highly involved in U.S. politics and Israeli politics. And in late 2013 he was giving a public talk and he provocatively called on the U.S. to drop a nuclear bomb in the Iranian desert as a warning about Iran's own nuclear program. The Supreme Leader of Iran was highly offended by this and gave his own public speech in which he called on Adelson to be slapped in the mouth. And just a few months after that, there was a major cyber attack against Adelson's company. The Las Vegas Sands Casino, which runs the Venetian and the Palazzo casinos in this, uh, in Las Vegas. A lot of data was deleted and servers were rendered inoperable, which caused major losses for the company. It was estimated that $40 million plus would be required just to recover the equipment. Um, and at the same time, Iran once again denied the attack and attributed it to a fictitious persona that they developed in order to claim that it was a form of cyber terrorism.
Jen Psaki: 11:05 Did you see similarities between the 2012 bank attacks and the 2014 attacks in terms of their strategy or approach?
Jon Bateman: 11:13 Yes. The major similarity, first of all is the use of this false flag persona to maximize psychological impact while creating a level of plausible deniability for Iran. And also each attack could be seen as a proportional reprisal for some offense or insult that Iran was experiencing. And they then chose a target to convey that message. Without saying, "hey, we're Iran, we did it," just the target itself gives a sense of who might've been behind it.
Jen Psaki: 11:43 When we come back, we'll talk about how the United States uses cyber weapons.
Music: 11:50
News Clip: 11:52 I do believe that the cyber threat will equal or surpass the threat from counter terrorism in the foreseeable future.
News Clip: 11:59 There's a strong likelihood that the next Pearl Harbor that we confront could very well be a cyber attack.
News Clip: 12:05 We will suffer a catastrophic cyber attack. The clock is ticking
News Clip: 12:10 We have near peer competitors in cyberspace from Russia and China, North Korea and Iran are also routinely working to gain a competitive advantage by, uh, getting into our networks.
News Clip: 12:23 Maybe it was, I mean made a be Russia, but it could also be China could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds. Okay.
Jen Psaki: 12:32 So the Stuxnet virus was developed under the Bush administration then accelerated under Obama. As you were just telling us, why did they decide to pursue this route of engagement with Iran, and what did they see as the benefits? I mean, you've sat in these meetings and as the decisions were being discussed, what were they hoping to achieve?
Jon Bateman: 12:50 Well, they were really hoping to buy time and flexibility to prevent the need for a U.S. military strike, or even worse, to forestall the possibility of an Israeli unilateral strike on Iran's nuclear program that might draw the U.S. unwittingly into a war. You can think back to a series of continued covert sabotage against Iran's nuclear program, beginning even under the Clinton administration, when there was an effort to provide Iran with false plans for a nuclear bomb in order to set back their program. This was really a continuation of that same type of approach, but this time using cyber tools.
Jen Psaki: 13:25 So in some ways, what I'm hearing from you is you're saying it was, there's a perception that it's escalatory, but it may be deescalatory at some times in an effort to prevent military action.
Jon Bateman: 13:36 That's right. People typically think about cyber attacks as dangerous or destabilizing because they provide the means and the incentive for states to really coerce and damage each other in ways that are kind of unaccountable, hidden, low risk, cheap. So that could be seen as a destructive element in the international system. But what we saw with Stuxnet is that you have to consider what's the alternative? And if the alternative is something far more dangerous, like a real world conflict, even a limited one that could potentially spiral out of control, cyber operations could be really appealing and potentially even a helpful safety valve.
Jen Psaki: 14:12 Stuxnet was really the first cyber attack of its kind. What did the United States learn from it? What did the national security team learn? How did it impact approaches to cyber attacks moving forward?
Jon Bateman: 14:24 Well, we've talked about just how exquisite the Stuxnet operation was -- and really, you could compare it to the first use of the nuclear bomb by the United States in that it demonstrated to the world at large that the U.S. was at a level of technological sophistication in cyber war that hadn't really even been considered possible by other countries at that time. But what it also showed the U.S. is that even these exquisite cyber operations can be quite unpredictable. So it's still difficult to know whether the operation achieved its intended effect and, more seriously, Stuxnet spread to other countries. It spread beyond the Iranian nuclear program in a way that was unexpected and unintentional, and it spilled into view and eventually exposed the U.S. hand. In the meantime, this effectively triggered a new cyber arms race, inspiring Iran and other countries to think about how they might use this tool to their own advantage. Again, analogizing to Fat Man and Little Boy triggering a nuclear arms race with the Soviet Union and eventually other countries.
Jen Psaki: 15:25 And how have U.S. capabilities increased since then? What could we, what are we capable of? Now, I know you're not sitting in the current administration, but what's your estimate?
Jon Bateman: 15:35 You know the major change since Stuxnet is the development of the U.S. Cyber Command as a military unit that can use these tools. Because everything that we've been talking about to date has been in the realm of secretive, covert action, which takes years to develop and is only used under selective circumstances. Much of that activity still happens by the U.S. intelligence community, but it's mostly watching and waiting. Now the Defense Department has its own cyber command with a military model. So this not only increases the capacity of the number and extent of cyber operations that the U.S. can do, but it also changes the risk tolerance where there's now a willingness to use these tools to create damage when needed in a moment rather than holding them in the reserve for a rainy day.
Jen Psaki: 16:22 And so if you were sitting in the Department of Defense today or, or in the recent months, how do, what are the discussions about? How do they decide whether they're going to launch a cyber attack? What are the factors taken into account?
Jon Bateman: 16:34 Well, there are a number of factors, considering -- what strategically is the U.S. trying to accomplish? Down to operational and tactical decisions about, is this a tool that we want to use, and maybe lose? Because once you use something once, that access that you had placed within an adversary or a target's network is then exposed. And so, that target can then investigate, see what went wrong, remedy that vulnerability and you may no longer have access to that network. So thinking about the gain and the loss strategically, operationally versus maybe having to go back to square one and creating that access all over again, if you want to continue to monitor or effect that adversary.
Jen Psaki: 17:16 It was reported at the end of June that the United States had launched cyber attacks on Iranian missile control systems. Iran has denied this. Can you explain what happened there and what does it tell us about the U.S. strategy in using cyber weapons against Iran given the tensions in the relationship?
Jon Bateman: 17:32 Well, again, there's a strategic context for these operations. The U.S. Cyber operations occurred after Iran had been very provocative in the Gulf, in the Strait of Hormuz, shooting down a U.S. UAV and sabotaging several, uh, Gulf tankers in the region. And the U.S. was considering whether to strike back militarily or whether it had some other way of acting proportionally to impose some costs on a Iran''s behavior and preventing further assaults of that kind, uh, without necessarily triggering an escalatory spiral. And that's why the U.S. used these cyber tools. So on one level it's unprecedented because it's the U.S. military attacking a foreign government's military in cyberspace, outside of a declared zone of hostilities. I'm not aware of any other incident in which that's occurred. So it's showing how the Trump administration is somewhat taking the gloves off in cyberspace. But in the larger strategic context, it was still a way to climb down from that moment of crisis and not have to use a kinetic tool.
Jen Psaki: 18:35 So one of the hallmarks of cyber attacks is, uh, the haziness about who perpetrated them, what are they about, who's behind them, and there's always guessing in the media about this. Uh, how do you, as somebody who's worked on these issues for quite some time, how do you differentiate between an attack from Iran? You've talked about some of the characteristics versus Russia versus China. Are there defining characteristics that if you're in government, you know, this is the originator of this attack?
Jon Bateman: 19:03 This is what we call the attribution problem. Who's doing what in this fog of war? So a lot of people focus on the technical red flags or kind of operational signatures that somebody is using that could sort of expose them as an actor in a given network. So for example, you could follow an actor over time and look at signatures in their malware, different infrastructure, IP addresses that they're continually using over and over, what time zones that they're operating in or what language or keyboard their malware is encoded in. You can also look at the patterns of their behavior, who are they targeting, and what countries, what types of targets and why does it make sense for Iran versus Russia versus Israel to be doing certain types of things. These are at the end of the day, useful indicators, but they're also incomplete. They can be falsified and they can be misperceived. What people sometimes forget is that the government still has traditional tools of intelligence collection. If the U.S. government intercepts somebody on the phone saying, "hey, I just did this big hack" that's pretty good evidence in and of itself. Especially if that phone call happens before the hack and the person says, "here's what I'm about to do." Or they're receiving an order from a government official. Sometimes people forget that these traditional intelligence tools that only governments have can be very powerful in terms of attributing attacks, but on the other hand, governments don't want to talk openly about those tools lest they lose them.
Jen Psaki: 20:35 After the break. We'll discuss how the cyber war between the United States and Iran is playing out today.
Music: 20:46
News Clip: 20:46 this a sophisticated nation that has built technologies that are world scale, meaning they are maybe right now a regional player, but they have aspirations of being a global cyber player just like China, the United States, Russia and Israel.
News Clip: 21:02 The crux of this case is the fact that the government of Iran systematically and methodically hacked into our country's computer networks with the intent to steal as much information as possible.
News Clip: 21:16 Well after President Trump reimposed economic sanctions on Iran last month, Iranian state backed hackers tried to break into the emails of US officials tasked with enforcing them.
News Clip: 21:27 They're saying there were no crippling cyber attacks. It's the first time they've made an official statements. Iran's Telecommunications Minister acknowledging that the U.S. has launched cyber attacks, but according to this minister, uh, none of them were successful. Of course, Washington's position is that they did launch cyber attacks targeting a spy network that allegedly helped Iran target, uh, some oil tankers last week, something Iran denies. Washington also saying there's cyber attacks targeted a missile control system, uh, that allegedly was used to down that U.S. drone. So competing narratives, very different narratives between Tehran and Washington. But certainly an indication that cyber warfare is, uh, in, will be a part of this conflict.
Jen Psaki: 22:15 So John, we're not the only country -- there's Iran whose cyber capacity has grown over the past couple of years. What is, what Iran's cyber capabilities in your assessment and what are other countries that we should be watching that maybe aren't getting a lot of attention but that are increasing their cyber capacity?
Jon Bateman: 22:34 Iran would be thought of as a second tier cyber power on par with let's say North Korea. The U.S. Is still light years ahead of Iran in terms of technical capabilities in cyberspace. But that's not necessarily the key question. When you take a step back and think that in almost every dimension, Iran is weaker than the U.S. There's this larger strategic conflict. And if you're thinking about it in military intelligence, economic or diplomatic terms, the U.S. is always going to be stronger. The question is, does Iran have enough capability to achieve an asymmetric effect and achieve its objectives? And I think it does. It uses these cyber tools to collect intelligence and to hold targets at risk for deterrence and retaliation purposes.
Jen Psaki: 23:15 So we've talked a little bit about the purpose of cyber attacks. I wanted to ask you, you know, if there was an all out cyber war between the United States and Iran, how does that fit into other strategies? Diplomacy, military? How is it discussed and, uh, and who would, how would you go about trying to win that war if you're the United States?
Jon Bateman: 23:36 Well, the first thing to think about is that there would never be a cyber war by itself. Both sides would be using these tools in concert with other, with other tools just we've done in the past with sanctions, covert action, military action. So an unrestrained cyber war would probably take place in the context of an unrestrained real world conflict, which thankfully we're not at yet. In terms of what Iran could do against the U.S., you know, there's often a lot of mystique and hype. Most people really aren't sure what a cyber war really could look like or if it could affect them personally. So you might look at the kinds of things that Iran has done in the past. We've talked about the bank attacks and the attacks against the Los Vegas Sands Casino. These are things that really harm their victims, but their victims are also individual corporations that are essentially just losing money and, uh, experiencing operational disruptions. So it's unlikely that the average everyday American would really experience much from that kind of escalation. But Iran could also aspire to a higher level of cyber damage beyond what it's done before. The most dangerous scenario would be if it had its own version of Stuxnet. If it got inside, let's say a U.S. power plant and caused an explosion that somehow killed someone. Or if it had something like what Russia or North Korea had done with these global ransomware attacks that can impede operations at hospitals, that can actually have real world consequences. That would be dangerous because it would create political pressure for a stronger U.S. action and that could create an escalatory spiral.
Jen Psaki: 25:13 Now in the region, where Iran lives, um, there are other countries that have cyber capacity that have different relationships with Iran. So if you look at a country like Israel or maybe there's some others, how do they view this back and forth, cyber conflict between the United States and Iran?
Jon Bateman: 25:29 Well, Israel is the most capable cyber actor in the Middle East. And as we see with Stuxnet, sometimes it acts in coordination with the U.S. But as we see in other realms, sometimes it doesn't. So that's a wild card in terms of thinking about it as not just a two way conflict, but a multi-way conflict in which actions by Israel or even by the UAE or Saudi Arabia could draw the U.S. into some broader cyber skirmish. The UAE and Saudi Arabia have also rapidly acquired significant capability, although in their case they often purchase it from foreign contractors that may be based in Israel or even in the U.S. in some cases. And their efforts are generally intelligence collection against their own dissidents. For example, the killing of Jamal Khashoggi brought some, uh, highlighting to the fact that he and other Saudi dissidents had been targeted by Saudi and Emerati intelligence officials using cyber capabilities. It's actually worth thinking about the U.S. connection here because some of the people working for Gulf countries are actually former U.S. Intelligence officials or come from Israel, and some of the victims of these operations are Americans or based in the U.S. And so U.S. policymakers are going to increasingly have to contend with, should we be turning a blind eye to these operations? Or is this a problem just as much as Iranian cyber operations are a problem?
Jen Psaki: 26:52 If there's one thing you wish, um, or more than one thing, average elected officials, members of Congress knew about cyber attacks, what would it be? What would you love to be able to tell them? This is, I'm not trying to place blame, it's just not an issue -- It's so new. It's not an issue that, that many elected officials are particularly briefed up on. Um, so what do you think they should know that they may not be paying attention to right now?
Jon Bateman: 27:17 I think among the U.S. policy community, there's a sense that the U.S. is just constantly on the receiving end of this cyber aggression. We're getting our lunch eaten, we never hit back. We've really got to step up and impose some costs on the adversary because we're just taking it lying down. And I think what people often forget is that when we make that point, we're kind of carving out of the picture all of the U.S. intelligence operations that the NSA and other agencies do that were, for example, exposed by Edward Snowden or the shadow brokers or others. So the U.S. is still the dominant player in cyberspace. We're still out there hacking the world,
Jen Psaki: 27:54 But people may not know about the majority of it, would you say? Or...
Jon Bateman: 27:58 We've gotten hints over the years with these major leaks and revelations. But the problem is a lot of U.S. policymakers consider our intelligence to be something that we have the right to do, that it's totally benign, that it's part of our effort to lead the liberal world order. And that's all true. But then on the other hand, the people on the receiving end of these intelligence operations, they don't know what the intention is. They don't know if this is preparation for an imminent attack. And so that's kind of why we have this security dilemma in cyberspace where more and more countries are developing these capabilities and they don't necessarily see the U.S. as a benign actor.
Jen Psaki: 28:36 So before I let you go, I could keep asking you questions for hours. I feel like you need to teach a class or something on the side. Um, but you know, for, for all the non-experts who are listening who don't know quite as much as you know, which is probably 99.9% of people, uh, about this, what will you be watching? You're not in government anymore, but what will you be watching, uh, from the outside to see if the conflict between the u s and Iran has escalated on the cyber front or has deescalated?
Jon Bateman: 29:02 So there are a lot of private companies out there that monitor streams of known Iranian cyber activity and they've been reporting on various increases in operations or network accesses. So that's one thing that we could look to, but it's also really difficult to interpret that. Like we were just talking about that could be preparation for an imminent attack or that could just be prudent preparation for a rainy day. In the meantime, let's not lose sight outside of the cyber world about how there's really open escalation happening in plain sight with the recent dueling ship seizures in the Gulf by the UK and Iran. These events could lead to an escalation in cyberspace, but the real danger is a military confrontation in the real world. At the end of the day, what Stuxnet teaches us is that cyber is always just one dimension of a broader strategic conflict between, in this case the U.S. and Iran. Hopefully the entire situation can deescalate and if that's the case, the cyber situation probably will deescalate as well.
Jen Psaki: 30:03 Jon Bateman, thank you for joining us on The World Unpacked and we hope we can have you back again to keep educating all of us.
Jon Bateman: 30:09 I'd love to be here.
Jen Psaki: 30:14 Thanks for listening to the World Unpacked, which is produced by the Carnegie Endowment for International Peace. You can find us on iTunes or wherever you get your podcasts. For more information and to subscribe, you can find us at Don't forget to rate the show. It helps other people find us. Our audio engineer is Tim Martin and our executive producer is Lauren Dueck.