Representatives from all over the globe to show the importance of the governors in dealing with International Trade and Business Development issues around the globe. We as governors want to do direct relationships with many of these countries and businesses who have come here. I thank them. I first want to think chin thank china for hosting our opening lunch. I think Governor Hogan for his stellar introduction at that lunch in the great state of maryland. I also would like to reference brian and katie from canada who are here with us. Please give them a round of applause. [applause] please give the governors from japan around of applause. Mayors from mexico, a round of applause for the mexican delegation who have joined us here today. [laughter] as we kick off this meeting, i want to take a moment to recognize the support of many of our partners and supporters who we could not have this meeting without your support. They fund our best practices and other areas. They partnered with the private sector through our newly relaunched nga partners program. A big thank you to all of our partners here with us today. [applause] where is our host governor . Okay we will skip that. I will let her, as soon as she gets here, i wil we will hear from our opening governor. I would like to first have an adoption for motion of the rules and procedures for this meeting. Would anyone make the motion . All those in favor say i. The motion is approved. Governors, as you know we adopt policies for two years at our winter meeting. If anyone has questions regarding the policy please see anna davis of the nga staff while you are here. I would like to welcome vice chair governor sandoval who is with us. Please give them a round of applause. [applause] let me start off by saying my main goal when launching my initiative which was Cyber Security was to elevate Cyber Security on every governors agenda. I want to highlight why it was more than just an Information Technology issue and at the health issue, a Public Safety issue and an economic issue. As you know in november, thousands of internet connected devices, including security cameras that were an ocean away were used to launch a cyber attack such as the new york times. The want to cry iran somewhere this year locked out users from all over across the globe and made it impossible for doctors and other professionals to access their devices. Some are still assessing the impact of this incident and potentially more worrisome. They are trying to influence elections here and in europe. These are troubling times. Through our new initiative we will have experts on Cyber Security in all the sectors and federal agencies involved to discuss this critical issue and to identify ways to meet the threat. In virginia we have taken very significant steps over the past three years to address Cyber Security for our commonwealth. We are in a very unique position in virginia. We have the Largest Naval base in the world. We have the pentagon, the Central Intelligence agency and 27 military installations are constantly under assault. We have come a long way in strengthening our systems and our policies. Last year we expanded Cyber Security apprenticeships for the first time in virginias history. We are now allowing businesses to stand up, register apprenticeships for Cyber Security occupations in virgini virginia. If you come work for the state for two years we will pay for your education to get a Cyber Security grade. We worked to strengthen Educational Opportunities and scholarships around the commonwealth. We want to provide Cyber Security training to our veterans pretty in virginia we have 36000 open cyber jobs. We now have 600 cyber companies. Those 36000 jobs, the starting pay is 88000. You do not need a fouryear degree. It is a twoyear degree or less and its imperative for all of us as governors to make sure we are building not workforce the 21st century. Earlier virginia entered their Strategic Partnership with Amazon Web Services to make virginia a National Resource center for Cyber Security. Virginia has an awardwinning program in place. We can build on that strong foundation, but as we all know it requires continued diligence. We might be in great shape today, but tomorrow some new cyber hacker will come up with latest technology to get into our system. Government is a very attractive target for our criminals. As you know we have more data than the federal government. Many of the cyber hackers believe the best opportunity is to come into the states because of the wealth of data we have. It takes a commitment of all the governors to keep our families and businesses safe. These threats do not stop at state lines. This july weve accomplished a lot. Weve held a series of roundtables focusing on the risks facing the health sector, educational institutions and Small Businesses. Weve spent time highlighting the opportunity Cyber Security presents for all of us and a more connected society and vibrant economy. Weve held two regional summits in boston and san jose were many of you sent teams of state officials to discuss pertinent Cyber Security issues and to identify goals and objectives to move our states forward. As ive said from day one, if we do a great job in virginia but other states dont do anything they will reach our state through backdoor provider or some other business doing business with our states. These summits culminated in a National Summit in june where i was proud to say they attended and learned about how cyber trends and Innovative Technology can mitigate those threats. You may recall we gave each one of you a cyber scorecard that no one else saw but yourselves and highlighted the areas where you are exceeding, areas where you could use a little more help in areas where you need your full and immediate attention. This continues to be a useful highlevel tool that you and your team can utilize. Our best Practice Center now has the updated report card for all of you. We are also joined in february by michael rogers, the commander of the u. S. Cyber and the director of the National Security agency for an off the record discussion on how states, the National Guard and the Cyber Command can Work Together. He stressed to all of his governors that we are at the forefront and he cannot do his job as head of the National Security agency. We held a joint meeting. We had a great group of governors. We went and met with the leadership of the house and the senate. We have implored the congress to have a Cyber Security midi, one does not exist today in the congress. It has spread among many of the different committees and there is jurisdictional territories were people do not want to give up some of their jurisdiction. We once again, as governors call upon the congress to put together a National Committee to deal with this issue and put funding in at the state level so we can do our jobs. We put together aching documents and highlighted the recommendations and best practices and workforce development. You can all implement that today. You have those documents in front of you and they are maintained at nga. Org. This is the package that all of you have in front of you. It is all the latest data. What we saw last fall was only the beginning. Richard clark, a National Expert on Cyber Security and an advisor for four president s briefed me the other day and said the actions we saw last year as it relates to russia and other nationstates is only the beginning. It is only going to ramp up. They want to ramp up by coming after that state data. Its incumbent upon us as governors to make sure we are doing our part to keep our state and our nation safe. Most of you have begun implementing these recommendations. We say thank you. Since the launch of my initiative they have signed an executive order or legislation or announced a Cyber Security initiative. This has now resulted in a dozen executive orders, 14 signed bills and 17 initiatives. In idaho, for example they are implementing recommendations made by his Cyber Security body and has recently named the state Cyber Security director. In new mexico, the governor signed legislation clarifying when the National Guard can be used during a cyber event. In oregon, Governor Brown signed an executive order to unify all cyber scaredy efforts into one agency. Lastly our incoming chair recently signed a bill to create a Cyber Defense center to lead all their cyber projects in the state. More can be done. There are now at least 34 pending bills in state legislatures they can all help advocate for and push through so we can land on your desk to sign. Although these are great accomplishments, we must never ever be complacent. Criminals in foreign adversaries will continue to pursue vulnerabilities in our defenses that will harm our citizens, crippled cripple our infrastructure and steel our resources. That is why my initiative will live on through the Resource Center for safe Cyber Security and ive been privileged to cochair with governor schneider. The staff will continue to assist your state and implement best practices and be a lasting resource for you and your staff. Before we go on to our speakers and our discussion, and want to give a special shout out to jeff and tim. If all the folks who worked on Cyber Security would stand up, please give them a great round of applause for the work they have done. [applause] before we get to the speakers, i see our host governor has arrived. She was busy doing interviews outside but i would like to turn it over to you if you would like to give an opening statement. I like to think the governor for hosting this beautiful state, this great nga summer meeting. Im proud to say a record number, 33 governors and 1800 folks have signed up to come to this which is three times more than weve ever had. I know its because of our great governors in the great state of rhode island. I know the time and work you put into this. On behalf of all of governors, thank you. Its great to be in rhode island. [applause] thank you, good morning. For those of you who i havent seen yet, welcome to rhode island. We are very pleased with the turnout. It has broken record. I want to thank you, some of you have travel very far to be here. I also want to thank and acknowledge terry for his leadership on this issue. It is true you will be leaving us as the chair, but i think you should be proud of your legacy. You started on an initiative that many of us have followed. I signed an executive order around cyber for the task force in place and have hired a director of cyber and Homeland Security reporting directly to me. I think we are all doing our part. The hardest part is behavior change. Technology is one thing, resources are another, this is really about getting people to change the way they do, when they log on, if they change passwords, how they do their business. Thats even harder than the technology. I think as we go forward under governor sandovals leadership, anything we can do to focus on that would be helpful. We are thrilled to have you here in rhode island. I want to make a quick plug, at noon we have a governors only session with two important ceos. The ceo of cvs and the ceo of igt, both very substantial companies and sponsors of this event. Thats at noon, governors only and i would love it if all the guys could be there. Thank you governor. Back to the Cyber Security, they had a little more context, the issue that weve been discussing. We are are honored that we have three great speakers with us today. Matt spence is a. [inaudible] he is the chief Technology Officer at 10 00 a. M. And the Vice President and president of raytheon integrated defense systems. These speakers are here to provide a window into the future of the Cyber Security, what it will mean for our state and how we can take advantage of the tremendous opportunities in the sector. I would like to turn it over to matt. The floor is yours. Thank you very much. Governor, thank you for the invitation to speak about Cyber Security. In particular for your initiative in raising this issue to the governors in this area. By way of background, on part of the Venture Capital, we are a Venture Capital firm that invests in new and exciting and emerging technologies. Everything from Artificial Intelligence to drones and Financial Technology and help technology and Companies Like airbnb and left and a huge amount of Cyber Security companies. Companies like tinian work chris is that and other companies we look at the have some of the most exciting technologies which have a huge impact on the work that all of you are doing. I spent time in positions in the obama administration. I was at the white house as the National Security council where i spent hundreds of hours in the white house situation room. I dealt with everything from the planning of the operation against Osama Bin Laden to trade issues to increasingly Cyber Security issues which really were some of the most serious and significant. I was Deputy Assistant secretary of defense and dealt with some of those issues from the defense perspective. I say that by way of framing to take two different perspectives to open up what we think about some of the Cyber Security issues from the situation room to the board room on what Companies Face everyday. Where things are going, i want to say two things that may seem counterintuitive. If the question is where is Cyber Security going the next 5 10 years, part of the question is to look back ten years. Was ten years ago last month that the iphone came out as a product. Something that is fundamentally changed how we about commerce and other types of things. If you actually look back, the conversation about Cyber Security has not changed very much over the past five years. We still talk very much about the upcoming pearl harbor cyber attack, we talk anonymously about the threat, but actually what has happened and what needs to change has not changed very much. The fundamental issue is not actually one of technology but its one of Human Behavior. It is doing some of the basic work of hygiene and good Health Related to Cyber Security and changing behaviors that leave us vulnerable. Thats in particular were governors and Political Leadership come in. The second thing i want to say is there are actually tremendous opportunities we are not necessarily paying attention too. When i was at the Defense Department, i was working on middle east policy. One thing thats very easy to do is talk all about the threats. You hear about them and you basically want to go home and take a nap and not worry about whats going on. What we dont spend time talking about as much is what the opportunities are. I would say, as we think about the threats of Cyber Security, a critical part of the conversation is not to talk about the enormous opportunities here. Artificial intelligence, driverless cars, the enormous amount of connectedness that we have create vulnerabilities we need to be thinking about how to coordinate and stop from hurting us, but at the same time the very innovation that drives those technologies is critical to driving our economy and as we think about what the role of governors and regulation are to do it, its to come up with the right balance and continue to encourage innovation and technology that creates threats and drive our economy to help us address and mitigate some of the Cyber Threats we are dealing with today. Its great to be here with leaders across the country at addressing an issue that so important to us. The work the National Governors association has started over the past five years and has been a accelerated is strengthening our nations cyber resiliency. This is a company that many of you know. We have employees and 46 of the 50 states. I oversee raytheons integrated defense business including radar, air and Missile Defense systems, commandandcontrol systems, maritime systems. We have a Strong Manufacturing base. In many ways they look like a lot of companies in estate. We are a cyber company. Cyber investment started protecting our own products, our own networks on which Sensitive Data resides and then it was natural to take those lessons to our customers. For the past decade, weve invested billions of dollars in developing Disruptive Technologies for Network Defenders of the war fighters. In fact, i would say that every business is a cyber company. Any company that relies on databases, manufacturing automation and intellectual property that you want to protect. The unique thing about the cyber domain is how dynamic it is. The user landscape is changing and the threats are always changing and rapidly advancing. The work that you have started as the National Governors association is just the beginning for each of you. Cyber is an issue thats here to stay, along with education, healthcare, jobs and Public Safety as it touches all of those. Cyber security has changed dramatically in less than a decade from an it issue protecting networks and intellectual property to actually protecting our very way of life. When everything is connected, everything is vulnerable. As a result, we see Cyber Security, even for commercial companies as a National Security issue. Multiple times over the past year weve been reminded by Cyber Attacks that they are easily launched, their farreaching, and they have global implications. Thats really the challenge. The cyber threat has become more sophisticated as nationstates and cyber criminals invest more resources and cyber attack because the return on investment is so great. There is no doubt that the cyber domain is now a contested domain. For states with Large Research universities you probably know this well. Important research is being don done. Let me just take you through a simple example. The professor working at one of your research universities, doing something in highpowered lasers. Clearly probably a gadget guy like me and they invest early adapter technologies and got one of those neat Garage Door Openers you can control with wifi and close your garage doors no matter where you are in the world. Five or six years ago the circuit cards probably didnt come from the United States. There certainly been no firmware updates in the past six years. He controls it from his iphone and now theres an instant gateway. Once youre on someones iphone, access to bank records and medical records and more importantly, probably Remote Access to Research Work hes doing at the university. Now youve just turn something simple for my gadget bought five or six years ago, connected through an iphone and its now a National Security issue. It is fair to say that if a cyber war were to come it would come across commercially owned networks and threaten not infrastructures. We believe companies and states must see their presence in the cyber domain through a National Security when spread this will become more important as we rely more heavily on automation, Artificial Intelligence and the internet of things for everyday devices. Raytheon created a commercial Security Company to take the technologies we develop for the defense and Intelligence Community to the commercial sector. The work you are doing is important and should continue. States have a major role to play in developing our workforce, strengthening the resiliency of Critical Services and making our nation safer. I look forward to continuing the discussion. Thank you. Good morning. Thank you governor for the opportunity to speak and for hosting us here. I am particularly excited to have this opportunity. I actually started my career in the Public Sector. I worked for a local government, i was virginia born bread and raised and after i worked for a little bit in the Public Sector, i had an opportunity to see the challenges that the Public Sector is facing. I have spent a few years at facebook, this is a company that works with a number of the fortune 500 including 12 of the top 15 banks. The governor mentioned in the beginning a little bit about Human Behavior and the importance of Human Behavior when it comes to security. That resonates up quite a bit with me in part because i want to talk about the Human Behavior of the governor surrounded here. One of the things i worry about from a security perspective, there is fear and uncertainty and doubt that the sky is falling, what i worry about is the opportunity for us, there is another attack on ukraine and the official government twitter account tweeted a cartoon of a dog and a flaming house and the caption said this is fine. Everything was on fire and they just had a resigned setback. I respect the fact that they can handle that with comedy, but at same time its tough to see a situation where we would become that resign and thats not the way we do things. I have sat and watched as a constituent what all of you have done in healthcare and energy and education and a number of other areas in your really leading the way. I thank you all know that. Whats interesting as many of the initiatives that you are undertaking are filled with technology. You are making things more connected and putting in devices to make sure your constituents lives are improved. That will be really important and security will be an important part of what makes that successful. We will have a number of challenges and overtime it will be a scale issue. How do you handle the gigantic number of connected devices . The key here is to make sure as you are considering securities throughout this lifecycle that youre using, there are two things that you can focus on when youre thinking about this. One is to use your convening power. Have them discuss and figure out ways in which they can Work Together to solve these problems. Then, focus on ushering in a new world or a new set of expectations. You have a number of powers how you purchase and how you do acquisition. You can change the agenda for the private sector if you need to enter already driving it for the private sector. Emily excited to be here and im looking for twin opportunity to talk about these challenges. Thank you very much for the time. Thank you. Now will move to questions. Before we do, obviously a big part of Cyber Security is making sure we have a workforce to deal with and make sure we are actually moving forward on building that workforce of the 21st century. Along those lines, governor hutchinson and he and i kicked off a coding event for young girls here today and it was a spectacular event. It really comes down to the teachers. I am honored today that we have a very special teacher with us, her name is sydney. Shes a humanities teacher in massachusetts. She teaches history, government and transforms those classes into authentic lessons to prepare her students for the future. Im happy to announce that in april of this year sydney was named the National Teacher of the year for the United States of america. Tonight she will be throwing out the first pitch. If we go to the with her to see the boston red socks, she will be there throwing up that pitch. Lets give her a round of applause. Thank you, mr. Chairman. I want to applaud you for your leadership on this issue. Just the awareness of it for the governors is critically important as well as the pledge that we have made to do more in the area of Cyber Security, and im glad you mentioned the girls who Code Initiative this morning. They are working right now, as we speak on their different projects and we will hear more about them later. In arkansas, you mentioned a workforce and it really ties in as part of our initiative to prepare teachers to teach Computer Science and Stem Education and encourage the students to take it. Weve had enormous success in that. We mandated to be offered at every school and we retrain teachers. Theres a flipside and thats the Cyber Security. For the first time we have conducted a Risk Assessment in arkansas. We have looked at a coordinated agency to coordinate that response capability. We are doing the workforce side of it, but if wes or one of you could just speak to the relationship between coding and Computer Science and Cyber Security in the education that relates to it, how do those fit together benchmark of a complementary . Is it need to be a distinct focus or can it be a similar focus . Her thats a key thing to think about going forward. The cyber threat advances so rapidly and is changing so quickly that it isnt something we can afford to always be in a reactive mode about. I would even argue, although its important to increase our Cyber Workforce across the nation, at the end of the day we are probably not going to be able to out higher the threat. So this is why it becomes even more important. What you talk about is developing cyber resistance or cyber resilient networks, putting cyber resiliency to be built into all of the software, all of the coding and back to your point, it really becomes one of the key things about designing a cyber resilient architecture. For many reasons that is one to repel attacks but it also may be an especially, i think this is important for states and anything with National Security, you have to be able to operate through a cyber attack and maybe its in a degraded mode, but you still have to be able to operate through. We cant afford Emergency Services or medical services to be shut down during a cyber attack. We are never going to be able to repel one 100 of those. Its how we operate through that. For raytheon, we have moved away, we dont report on the number of reports we have. The metric we report to our board of directors is well time. We know no matter how good our firewalls will be, theres always going to be a possibility that someone gets inside the network will always be the threat of an Insider Threat so what we measure is the amount of time that an attack is persistent inside our network. I would much rather have 100 penetrations for a minute then one penetration for 100 minutes. We look at that average dwell time and thats the metric we report to our board of director directors. Theres also an announcement they want me to make that the Science Institute, i know many competed for the scholarships and im proud to announce they have chosen the seven states. The winners of the collaboration and building the workforce of the 21st century for Cyber Security, seven states virginia, rhode island, nevada, hawaii, michigan, iowa and delaware have been chosen and within those seven states, the top 100 who participate in the program will each be given a 1500 scholarship to study Cyber Security and they will go on to be able to access over 500,000 worth of scholarships. Lets give the Science Institute a great round of applause for building that workforce in the 21st century. [applause] i wanted to comment briefly and thank all of you for taking the time to come here. Matt i want to thank you for your service. Obviously you played a number of different roles to bring that experience to her entrepreneurial immunity. Colorado, we have our own National Science community. We had an old defense contractor who had left a large building and we got the legislature to rehab that building and were really trying to find ways to build bridges, one is making sure that elected officials, and by that i mean not just governors but mayors and city councilmembers have the education to deal with Cyber Security not just, they dont need to know how to code, they need to know how to allocate resources and assess threats and we do a class, if anybodys board on november 1 through third redoing a class at the broadmoor with the Cyber Security center on these issues on how to make sure people are competent to understand at a deep level. Anyway, i wanted to ask the other guests as well, when you look at so much of what were doing that comes out of our Defense Department in our government and we see great concentrations of Cyber Security and entrepreneurship built around places where those investments are made, how do we begin to accelerate the transferral of the resources coming out of resource institutions to make sure that is also translating into businesses and jobs that are ultimately going to be the ones to help keep us safe . I think this dribbles back to the education. Ive been lucky, ive been pretty successful thus far my career in a large part of that is because ive been able to surround myself with people who are very much smarter than i am. Making sure you have the right people involved, and we talked a little bit about how you can. We talk about. [inaudible] the university of birmingham has a strong forensics program. Its a place where we founded a number of candidates when i was working there a few years ago. I would not have thought that uab would be a place that you would be able to source but what they saw was an opportunity. They pulled together the right people to do education. I think ultimately, whats really important is we are starting early and getting people familiar with the technology, making sure they understand how it connects to Cyber Security. We need to be able to keep up i think you are asking the right question. As i think about it, this may seem counterintuitive, but we spend a lot of time with Cyber Security focusing on congress for the white house, but our view is actually the most Important Technology policymakers and there sitting around the table. They are the governors. Really, when you look at the things that really matter, it is governors and mayors working at these issues. In a very practical way, there are two things to really bridge the divide that arent particularly sexy but are hugely important. Its how the government buys and hires. What i mean by that is these Cyber Security problems are incredibly hard. They are evolving quickly and the best thing our country offers is Amazing Technology and entrepreneurs which are and to speeding these threats and looking for them and finding ways to do that. The problem is its incredibly hard for these entrepreneurs and innovators to sell to governments. Processes take too long, procurement is long and extensive. There are great Companies Like cranium and others who have great ideas and are looking to go in and it really needs to find a way to be able to purchase a way thats more expedited and sell their great things. There are ways to do great things like raytheon and others and also to make sure when you find a Great Company and a great idea, allow the government to be good customer. The second issue is hiring. That is not just training and coding which, of course is critical, but when you have done that, find a way to allow those great people to come in and work for your government. You are working on incredibly important and interesting issues and i know that the pay is nowhere near as good in the private sector, but thats not the issue. There are eat Mission Driven people who are desperate come in and serve at the government and its so hard. When i was at the Defense Department i probably talk to ten people. Week who were eager to come work for the government, longer hours for less pay but permission they cared about, and our answer was im sorry, theres no website, theres no easy way to bring you in. When i walked out of the pentagon, the National Security issue i was most concerned about was not isis and it was not iran and it was not syria, but whether we were equipped, in our government to open the door to the most talented people to come and work for us. I think that is an enormously huge challenge that you have enormous power to do something about. For that, its heartening that you invited us to come talk about it and its a huge privilege. Part of what that is is really having a conversation between innovation and the most important policymakers here. One thing that we try to do at our firm is have a conversation between what you are doing and what some entrepreneurs are doing. I look around the table and they are visiting with several entrepreneurs and, if any of you would be interested in coming to the main streets of Silicon Valley in january or february perhaps when its beautiful out there, but in all honesty, we would love to host you to talk with some of the people who are really inventing the greatest ideas of the future and eager to talk to about partnership and what their technologies can do to help solve the incredibly vexing issues that you are dealing with. Cyber security, infrastructure, homelessness, healthcare and to have a conversation that bridges what i think is still an enormous divide between what is happening in Technology Innovation and what problems need to be solved in the great thinking that is all around this room. Governor, just as a quick followup, the basic Business Model that raytheon has put together with our commercial division is to take those Defense Cyber solutions that we employ in our products around the world with the Intelligence Services in the various branches of the military and be able to, as the threat rapidly advances, work through the process of deciding which ones can now be commercially available, moving that over to our commercial part of the company and selling that as a commercial package that a Small Business or a bank or a State Government can purchase to provide a constantly updated Cyber Protection package. I think the other opportunity you have, as you hire great engineers, you will start writing code that will solve some problems for the State Government. When i was at facebook, one of the things we focused on was giving back because we had a lot of privilege software engineers. We would open source a number of different tools and i think thats an opportunity for states to attract the talent youre looking for. This is coming to someone thing listen, youll be able to support the mission and youll be able to give the software back and help other states or companies and so you build this reputation around what youre doing. I think states are in a unique position because of their role to do exactly that. Thank you. Mr. Chairman, thank you for your leadership. The great panel and a great discussion. The question is, it seems that we occasionally read in the papers that a city or town or a state has been attacked by ransom where, and the next day you hear it in another state. The question is, i know for example the council of governors has been working on this and states have been working on this, but i would be interested in hearing the panels opinion on is there a better way for us to share information