And great set of speakers today, along with acknowledging additional support. I am here for the next 30 minutes with brandon wales, the acting director of cybersecurity and infrastructure security agency, for what i hope is going conversationnating about the election, about the covid pandemic, about the state of cybersecurity and infrastructure security and Critical Infrastructure across the country. Brandon, thanks so much for joining us today. Brandon garrett, thank you so much for the invitation. I am very happy to be here and talk about the important work our agency is doing. Is december 3. It is hard to believe that exactly a month ago on november 3 we were sitting down as a country to watch the first Election Results role in. Roll in. It feels like as a country we have lived about 25 years in the last month, and i would imagine for you, it has actually felt somehow longer than that. Byanted to start off today taking you actually back three thursday after the election. They put out a statement i wanted to quote three lines from. The november 3 election was the most secure in american history. There is no evidence that any Voting System deleted or lost votes, changed votes, or was in any way compromised. While we know there are many unfounded claims and opportunities for misinformation about the process of our elections, we can assure you we have the utmost confidence in the security and integrity of our elections, and you should, too. My question, brandon, we have seen a lot of claims, a lot of arguments, a lot of court cases over the three weeks since that statement came out. Is there any reason in your mind, anything you have seen, anything you have read, anything you have heard that would cause you to change that Statement Today . , the agencyrett stands by the statement that was issued at the beginning of november. But i do want to add a little bit of context to that. First of all, it was not a statement that cisa issued alone. It was a statement that was by the entire Election Security community, the people who work for the security of our election infrastructure, people from the federal election assistance commission, people who represent the secretaries of state, the state election directors, the private companies that actually provide the equipment for most of the elections. Secondly, a lot of the claims that are out there have to do with Election Fraud, which is beyond the scope of the work that we do here at cisa, and of the work that we have been focused on building. Election fraud is the purview of the department of justice and state and local authorities that have the responsibility for investigating and prosecuting that. And the attorney general has been on record talking about his views on the scale of Election Fraud during this election, while recognizing they are continuing to investigate potential claims of fraud. As of right now, we do not have any specific evidence of systems being compromised, but we continue to work with our state and local officials. If they have concerns, we are one phone call away from helping and assisting them. I think there are times when our statement has been misconstrued to say there have been no problems with the election, that it was fraud free, and that is just not the case. Secureelieve that it was from external interference, which is our mandate, and we are proud of the work we did to get to that point. Garrett i want to stay with the election for a moment longer to talk about the rumor control website that cisa launched in the runup to the election. Tell us a little bit about what the agencys goal and hopes were for that website, and what lessons you feel like you have how that website has been used and the mission it has fulfilled over the last couple weeks. Brandon we originally put that website up in the weeks before the election, partially in response to activity we were seen from the iranian government, associated with voter intimidation emails. We thought it was an important way for us to put out Accurate Information about the security of voting infrastructure, that foreign adversaries were undermine peoples confidence in that voting infrastructure. And since that time, we have continued to highlight key parts of the process and talk about the security and resilience measures that were either always in place within those systems, or have been put in place over the past 3. 5 years to give us greater confidence in these that these systems perform as expected. We are putting out very broad information about how these systems normally operate, the systems that are in place, the laws that govern it, and providing information where people can get more detailed information. You will notice that our website is not the same as Fact Checking done by media organizations, which tend to be extremely specific to claims that are made in specific locations and have unique circumstances. We are talking more broadly about the overall processes in place, the overall site guards that are in place. That continues to be important to educate the American Public about how these systems work and why they should have confidence and why there should be a high theser perusin proving systems have been compromised. Garrett do you intend to keep the rumor control website going through the Georgia Senate elections, or is this something where it was a website targeted at the president ial federal races and you see it now winding down . Brandon what i have told our staff is our Election Security mission, particularly associated efforts,protect 2020 will continue until all the elections are complete. Rumorl continue issuing control entries as we think the situation warrants it and where we think we can have an impact. We will do that through the end of this cycle, which hopefully will happen sometime in early january. Curious ifwould be you could talk a little bit about this is the first president ial election that cisa has existed for. Two years old last month. I think it was november 16. Happy birthday. Whatu look ahead now, lessons do you take away from going through this president ial election, both in terms of looking ahead to the future of elections, the Election Security missions, but also what have you learned from the security efforts of this election that you apply to the Critical Infrastructure role that cisa plays . Brandon sure. It is four areas and i will try to make it quick. First is the degree of partnership that we were able to build in the election Infrastructure Community and it was incredible. Extremely broad relationships, extremely deep into counties and election vendors, and those relationships were essential in allowing us to execute a broad range of activities. Second, we were able to dive into that sector, understand how it develops, decomposing into critical functions, look inside those functions and see what was critical to those functions, and that fed into our operational work to understand vulnerabilities and apply enhanced security practices around those. Third is our relationship inside the federal government, where we had information sharing that has been second to none in my 15 year industry working at the department. Information being shared between our colleagues, the fbi, with us, early awareness allowed us to take quick action, get Additional Information, pass it back to our colleagues in the Intelligence Community for them to get Additional Information where they had insights and access, and that cycle allowed us to get ahead of threats. It allowed us to hunt for activity more quickly. It allowed us to be intelligence driven, which it should have always been. Those are some key lessons we are now applying to our broader cybersecurity work in understanding in an area where we may not have the amount of leadership focus and attention like we did across the entire u. S. Government. How do we continue to get as much progress made on our mission . , and thishe fourth is is frankly an area where we will have to continue to work, what is the appropriate role for the federal government in countering disinformation . Where can we be that trusted voice and where might we not be able to make a real difference, and how do we rely on other voices . How do we empower other people who can counter disinformation and misinformation that is out there. . Garrett i want to stay with that last point because i think it is such an interesting question. One of the things that was unique and somewhat unexpected is this countering disinformation role. That is not something that federal government traditionally did in past elections. Four years ago when we saw the russian attack on the president ial elections, the Internet Research agency, there were no capabilities by the federal government at all to combat this operation. And i wonder, particularly around the question of we are about to go from this very heated and fraught election information environment into over the next couple of months presumably a very heated and fraught information environment around the Covid Vaccine and the efficacy and the effectiveness of the vaccine and the treatments that are going to be rolled out by the federal government. Do you see cisa continuing to play a role in combating disinformation and misinformation around the vaccine . And do you think the federal government should have something who a misinformation czar has the inner agency, crosscutting role to take on big issues like this in the public sphere . Brandon i would say a couple of points. Outt is we rolled this based upon things we were seeing out there. Partially in response to iranian government activity. But we were also taking lessons from work that was done by others, for example fema often has rumor control during major disasters to dispel misinformation related to the incident or aid that they release, and they operated rumor covid earlyted to on during the pandemic. That being said, more broadly, i think this will be an important issue for future Political Leadership to look at. I dont think the u. S. Government has yet cracked the code on the best way of countering disinformation. As i pointed out, the federal government may not always be the best option, the right trusted voice, on these kinds of challenging, divisive issues. And certainly for cisa, i am not sure this Cybersecurity Agency will be a trusted voice when it comes to things like vaccine safety. And there are other people in the government who are better positioned to provide Accurate Information to the American Public, so they have confidence in the decisions that are made to approve, for example, vaccines for public use. You have been playing an active role in operation warp speed. We have seen reportings in the last 24 hours, including this actors, about foreign north korea and otherwise, attacking the intellectual property, attacking the Health Care Companies involved in vaccine development. What can you tell us about this threat that you are seeing involved the companies and the supply chains involved in the development of the vaccine . Brandon it should be no surprise to people within the Cybersecurity Community that from the very beginning of the pandemic foreign nations were targeting Vaccine Research and Development Efforts across the country, using a variety of mechanisms together information. We are seeing that continue to this day, and it is one of the reasons why we are in Close Partnership between cisa, the nsa, the fbi, with the department of defense and hhs to provide as much cybersecurity support to the entities involved in that effort. And i think in part based upon things like what was released this morning by ibm that there is more that we need to do to push deeper and further into these supply chains, not just the Big Companies behind the vaccine, but the companies that will be essential to get this vaccine from manufacturing through distribution, that last mile to the american people. We are doing everything we can to raise awareness in that community. Goal is toely, our secure that supply chain so that no effort by any foreign nation or other criminal organization has the possibility of disrupting this Critical Health care delivery. Garrett how has the deed and the partnerships you have been trying to develop through operation warp speed changed your way of thinking about the role of Critical Infrastructure sectors . Brandon i dont think it has changed how we think about our role. I think it has certainly shown us that we need to have deeper criticalhips with sectors before the Major Incident happens. I think our biggest challenge early on during the covid pandemic was that we were not able to as quickly as we wanted get the companies that we saw as highest risk, the facilities, the hospitals, others, up on our Cybersecurity Services because we did not have enough relationships with the right people and the right places. One of the key things i have asked the head of our Stakeholder Engagement division, we do stock taking on where we are across Critical Infrastructures because we dont know where the next issue is going to be that will require us to surge our efforts into that area, and do we have the right relationships at the right time for us to get our Services Fully utilized . That has been one of the key lessons we have taken out of this process. Garrett and that, by the way, what was learned out of the 2016 election, that we are starting to try to push back against the russian attacks. Dhs at that point did not have the election level relationship that it needed. This is obviously a hard thing to predict but you look at the failure of imagination that led us to now thehe relationship, failure of imagination in the relationship with the health care sector. Int are you thinking about terms of where we might see something we are not prepared for right now . Nation, whatss the do you think is the thing we are not prepared for next . Brandon i dont know that i could give that answer, if i could predict the future Major Incident and maybe we would not have it. That being said, i think partly the challenge is there was a big difference between elections in what we are doing with health care. In elections, we had no relationship with the Election Community because it was not on our sector framework and we had not invested time and energy. Health care is a little different. It has been a sector since the very beginning. We had relationships, they were not at the right level. We did not have the right executive Level Relationships to make a difference during those critical times. It is less about do we have no relationship in some of these critical areas, whether it is the electric power space or critical manufacturing or elsewhere, it is do we have the right relationships . Can we talk to the right Decision Maker if there is an urgent issue like a pandemic and get them to authorize some action, some partnership with the u. S. Government quickly when we see a potential problem . It is more thinking about is the relationship that we have maybe to their sock at a particular company, is that sufficient for what we need to engage with that company in the future . In a lot of cases, what we are seeing with covid is when we are in a really bad day, that relationship is not positioned. We need to have multiple levels and we need to do a lot more to engage with those companies and build the depth and strength of those relationships so we can take action more quickly. I am going to oversimplify a very complex, bureaucratic theme that has been playing out the last couple years, but this is primarily what i would describe as a carrot agency. You do not have a lot of stick you are able to better critical him batter Critical Infrastructures to do. Subpoena power, that type of thing. As you look back over the pandemic, do you feel there are authorities that should have or could have had this year help you navigate this pandemic more smoothly . Theett i think you raised administrative subpoena question, and that has been our top legislative priority during the past year. We are hopeful that if we get a National Defense authorization act, the authority will be captured in there. Even in that case, it is more carrot than stick, so that allows us to get information a vulnerable ip address that we are seeing out in cyberspace. It allows us to connect that to an individual company that we can go talk to. We still dont have sticks again site company. We will be showing up there in a voluntary way, asking them to close this vulnerability we have seen exposed on the open internet, and that that vulnerability has the potential to cause negative downstream impacts, and we want to have the ability to make contact with that company. Today, cisa cannot make contact with a company that has a vulnerable piece of infrastructure on the internet. We do not have the ability to compel that company to make a change, but today, we cannot even talk to them. We believe still that the voluntary approach that operates that cisa operates in his the best. There are challenges to trying to implement regulations in a space as cybersecurity. We believe the work we have done in things like elections, if we , we in a Close Partnership can have impacts even in a voluntary way. Garrett i am trying to squeeze in two or three more questions here in the minutes we have here. Be one of the longest serving employees in all of dhs. I know you came to the department in 2005. You are also presumably the newest agency head in the federal government. You have been the acting director now for i think a little over two weeks now. And i am curious as you look ahead now to the president ial transition, as you look ahead to the next couple of years of cisa s growth, what are you going to be looking for from the Biden Administration in terms of where it needs to go where cisa needs to go . Tuesday matt travis on shouldt he thinks there be a 3 billion a year agency. Cisa is about half of that size right now. About previously written the size, that the agency writ the security staff of j. P. Morgan. It is a pretty small agency right now. I am curious, what are you looking for from the next administration . Where do you think cisa needs to be going . Brandon i think as you said, i have been with the agency for 15 years, so i might take a longer perspective on what it will take to build, develop, and mature cisa to maybe what its full potential could be in the future. I have no doubt that one day it will be a 3 billion agency. What fiscalt say year that will manifest in. I think there are a number of areas i have asked the team to start looking at, to be prepared for a future political provide themnd to with key decision points on important parts of our work, including things like the support we provide to federal agencies to secure the dotgov. We have been working off of a legacy architecture for a long time and i believe it is given the changes in how the federal government has been architected, the ip architecture, that we need to evolve our capabilities to keep pace with the cybersecurity threats we have been facing. That will take some new thinking. That will take a radical departure from our legacy programs. We dont have an answer today, but we have pieces of the answer. I think the next Political Leadership team, what i want to present them is, here is the roadmap for how you evolve our capabilities to be where they are. I think you can replicate that on a number of topics, including things like disinformation, including things like our information sharing architecture s that we have put in place over the past decade. There are a lot of areas where i think we need to make substantial changes to how we do business, to keep pace with the threats, and i think those will be some of the important discussions that i want to have with the next political leader. Garrett let me ask one final question about how the government structures cyber responsibilities right now. One of the major decisions or one of the major recommendations coming out of the cyberspace from the commission earlier this and is the idea of creating reinstalling at the white house they National Cyber director a National Cyber director, a position the Trump Administration did away with. Groupting cybersecurity picked up and endorsed that aboutendation yesterday, a cyber agenda for a new administration. Think ofous what you the idea of a National Cross agency cyber director . Would that be useful to you . Is that something you think would be helpful to cisa at the table in these conversations . Brandon sure. Garrett, i believe the official Administration Position has not been supportive of a National Cyber security director. That being said, that issue is still being debated within congress and we could very well have a recommendation coming out of the National Defense authorization act recreating such a position. I think cisa is ready to work in partnership with the National Cyber director or cybersecurity coordinator at the white house like we had during the getting part of this administration and during the obama administration. I think our major concern would have the right degree of oversight over all aspects of the Cyber Mission to really pull the Community Together . There are a lot of ways this could be structured where it may not be sufficient to advance the whole of u. S. Government. I think the devil is going to be in the details, and i. E. Girly await tests and i eagerly await the results. Wales, acting director thanks so much for joining us. Brandon really appreciate it. Thanks a lot, garrett. [captions Copyright National cable satellite corp. 2020] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. Visit ncicap. Org] cspans washington journal. Every day, we take your calls live on the air on the news of the day, and we will discuss policy issues that impact you. Coming up this morning, we will talk about the planned house vote on the moore act, which would decriminalize marijuana. Then Stephanie Murphy on the future of the Democratic Party and the priorities of the Blue Dog Coalition and the new congress. Mcclintock discusses decriminalizing marijuana at the federal level and other news of the day. Watch cspans washington journal live at 7 00 eastern this morning. And be sure to join the discussion with your phone calls, facebook comments, texts, and tweets. Coming up live on friday, the house returns at 9 00 a. M. For debate on the marijuana decriminalization bill. That is 9 00 a. M. Eastern on cspan. At 2 45 p. M. , former president barack obama at a Virtual Campaign rally for georgias Democratic Senate candidates jon bothf and rafael warnock, facing runoff elections on january 5. On cspan2 at 8 30 a. M. , john boehner, former new york congressman joe crowley, and former transportation secretary Rodney Slater look at the key decisions in the transition from a Trump Administration to a Biden Administration. And at 10 45 a. M. , House Speaker policy holds her Weekly Briefing with reporters. Youre watching cspan, your unfiltered view of government. Created by americas Cable Television companies as a public service, and brought to you today by your television provider. Arizona republican congressman andy biggs and members of the House Freedom caucus held a News Conference on capitol hill, claiming the Justice Department was not adequately investigating claims of voting irregularities in the 2020 election. Earlier in the week, attorney general barr told the associated press, today we have not seen fraud on a scale that could have effected a different outcome in the election. I am. That is really good