Summer meeting held in providence, rhode island, last week. Virginia Governor Terry mcauliffe chairs the nga. I would like to welcome everyone to the great state of rhode island and the official opening of the 2017 of the nations governors association. Before i get started i would like to recognize some of the very distinguished guest guest e with us. I would ask that they please stand when we recognize you. I would first as you will see at this summer meeting that first is the first time weve actually had a head of state, Prime Minister trudeau will be with us today, in addition we have representatives from all over the globe to show the growing importance of the governors and giddy with International Trade and Business Development issues around the globe and that we has governors want to do direct direct relationship with any of these countries and many of these businesses who have come to visit us here at the nga, and i thank them for i also want to thank china. I want to thank ambassador from china. He and his group were here yesterday come if we can give them a great round of applause for helping our opening lunch. [applause] and i think Governor Hogan for his stellar introduction yesterday at the lunch and the great attributes of the great state of maryland next to the great commonwealth of virginia. I would also like to reference premier brian and Canadian Premiere when from candidates who are here with us. If we could give them a great round of applause. [applause] governor xi and governor from japan. Give them a round of applause, please. [applause] mayor angel from mexico, and applause for the entire mexican delegation who have joined us here today. [applause] as we kick off this meeting i also want to get take a moment to recognize the support of many of our partners and supporters who we could not have this meeting without your support and funds are best practices and all the different initiatives of the governors for nearly 30 years the nga has partnered with the private sector to our newly relaunched nga Partners Program to the nga partners help support the organization not only financially but intellectually with a sharing of best practices as well as helping the nga stay tuned in the emergency policy trends that are happening in our individual states. A big thank you to all of our partners who are here with us today. Governors, thank them. [applause] next i would like to juarez governor raimondo . Where is our host governor . Well, we will skip that. I will let her come as soon as she gets her well hear from our opening governor. I would like to first of all have an adoption for a motion for the adoption of rules of procedure for this meeting. Would anyone make the motion . Governor malloy. May i have a second . All those in favor say aye. All opposed say nay. The motion is good. Governors come as you know under our policy process we adopt policies for two years at our winter meeting pic if anyone has questions regarding the policies i would ask you to see anna davis of the nga staff while you were here over the course of this we can. I would now like to announce the appointment of the following governors to the nominating committee for the 20162017 nga executive id like to welcome governor vice chairman governor sandoval who was here with us today. If we could give the governor a great round of applause. [applause] okay, great. So let me start off by saying first of all my main goal when launching my initiative, which was cybersecurity come was to elevate the importance of cybersecurity on every single governors agenda. I wanted to highlight why substitute he was more than just an Information Technology issue. I wanted to show the cybersecurity is a health issue and educational issue, a Public Safety issue and an economic issue as well as a democracy issue. When i launched my initiative i did not imagine that cybersecurity wouldve captured the National Headlines through so many different events that we experienced, including last years president ial election. As you know in november thousands of internet connected devices including security cameras that were an ocean away were used to launch a cyber attack that took down several Popular Web Services such as netflix as well as the new york times. This may we saw a cyber attack that the world has never experienced before. The Wannacry Ransomware locked out users all across the globe and made it impossible for doctors and other practitioners to access their devices. Experts today are still assessing the impact of this incident. And potentially more worrisome that we are now seeing adversaries use Cyber Attacks to undermine the core Democratic Values by attempting to influence elections, not only here but as well as in europe. He is a troubling times. Yet there are new initiative at the continued commitment of all of you we have now convened experts from cybersecurity policy from the State Government, from the private sector to Higher Education and to all the federal agencies involved to discuss this critical issue and to identify ways for all of us to meet the threat. Let me just say as a relates to virginia, in virginia with taken very significant steps over the past three years to address cybersecurity for our commonwealth, for now and beyond. We are in a very unique position in virginia. We have the Largest Naval base in the world where the pentagon, the Central Intelligence agency, quantico and 27 military installations that are constantly under assault. We have come a long way in strengthening our systems and our policies. Last year we expanded cybersecurity apprenticeships for the first time in virginias history. We are now allowing visitors to stand up registered apprenticeship for cybersecurity occupations. In virginia if you will come work for the state for two years, we will pay your education to get a cybersecurity degree. We have Creative Partnerships to strengthen cybersecurity employment and Educational Opportunities and scholarships around the commonwealth. I launched the cyber vets Virginia Program to provide cybersecurity training to our veterans. Today virginia we have 36,000 open cyber jobs. We now have nearly 600 cyber companies. Those 36,000 jobs, the starting pay is 88,000. You do not need a fouryear degree. It is a twoyear degree or less and its imperative for all of us as governors to make sure were building that workforce of the 21st century earlier this year urging entered a Strategic Partnership with Amazon Web Services and the virginia cyber range to make virginia a National Resource center for cybersecurity education. Virginia has an awardwinning Cybersecurity Program in place. We can build on that Strong Foundation but as we all know as governors it requires continued diligence. We might be in great shape today but tomorrow some new cyber hacker is going to come up with some latest technology to get into our system. Government is a very attractive target for our cyber criminals. As you know we have collectively more data than the federal government through our drivers licenses come to our healthcare, medicaid programs, for our state tax returns. Many of the cyber hackers steal the best opportunity to get that data is to come into the states because of the wealth of data that we have. So it takes a commitment of all the governors to keep our families and our business is safe. These threats do not stop at state lines. Since july with accomplished a lot since we met. We have held a series of roundtables focusing on the cybersecurity risk facing the health sector, critical infrastructure, educational institutions and Small Businesses. We have also spent significant time highlighting the opportunities cybersecurity presents for all of us, and the opportunities of a more connected society and a vibrant technology economy. As you know we have held to soldout events, to regional summits can one in boston and san jose, where many of you sent teams of state officials to discuss pertinent cybersecurity issues in to identify them formidable goals and objectives to move our states forward. As ive said from day one, if we do a great job and bring it to but there are states that dont do anything as it relates to cybersecurity, they will reach our state through a back door, through a healthcare provider, and should provider or some other business that is the business with both of our state. So these summits culminated in a National Summit in june where i was proud to say 45 states attended and learned about how future cyber trends and how to use Innovative Technology to mitigate those threats. At our winter meeting many of you may recall that we giv get h one of you a cyber scorecard which no else saw but yourselves that highlighted the areas where you are exceeding, areas that you could use a little more help, and areas that you need, your full and immediate attention. This continues to be a useful highlevel tool that you and your team can utilize to track your progress. Our cyber best Practices Center now has the updated report cards for all of you. We were also joined in february by admiral michae mike rogers, e command of your cyber, and the director of the National Security agency for an off the record discussion on how states, the National Guard and the Cyber Command can work together. He stressed to all of us governors that we are at the forefront, that he cannot do his job as head of the National Security agency if we and the states are not doing our part. We held a joint governor sanded and meeting a cybersecurity priorities and challenges of the United States congress. We had a great group of governors to meet, governor sandoval and i went up and met with the leadership of the house and the senate. We have implored of the congress to have a cybersecurity committee. One does not exist today in congress. It is spread among many of the different committees, and there is jurisdictional territories where people are not wanted to give up some of their jurisdictions. We once again as governors call upon the congress to put together a National Committee to deal with this issue and to but funny and so that we at the state level can do our jobs. Lastly, we put together 18 documents that highlighted the recommendations and best practices of the National Guard, Cybersecurity Response plans, and workforce development. That you can all implement your state starting today pick you all have those documents in front of you and they are maintained at the nga cyber resource page, nga. Org. This is a package of the all of you have in front of you. It has all the latest data pick it has what you need to do as a governor to make sure that your state is up and beating the threat of cybersecurity. What we saw last fall was only the beginning. Richard clarke, who is a National Expert on cybersecurity, advisor for four president s, briefed me the other day and said the actions that we saw last year as relates to russia and other nationstates is only the beginning. It is only going to ramp up, and they want to wrap up by coming after that state data. So i would say its incumbent upon us as governors to make sure that we are doing our part to keep our states and our nation safe. Most of your begun implementing these recommendations. We say thank you dirk since the launch of my initiative over 30 governors have now signed an executive order or legislation or announced a states average good initiative. This does resulted in a dozen executive orders, 14 sign bills, in 17 initiatives. In idaho, for example, the government is of the many recommendations made by Cybersecurity Governance body and is recently named a state cybersecurity director. In new mexico Governor Martinez signed legislation clarifying when the National Guard can be used during a cyber event. In Oregon Governor brown signed an executive order to unify all cybersecurity efforts into one agency. Lastly, our incoming chair governor sandoval recently signed a bill to great a Cyber Defense center to lead all their cyber projects in their state. And more can be done. There are now at least 34 pending bills in state legislatures that you can all help advocate for and push through so that they could land on your desk to sign. Although these are great accomplishments, we must never ever be complacent o are crimins and foreign adversaries will continue to pursue vulnerabilities in our defenses that while on our citizens, cripple critical infrastructure, and steal our resources. That is why my initiative will live on ddgs Resource Center first date of cybersecurity that ive been privileged to culture with governor snyder. Through the center of the nga staff will continue to assist your states and diplomat best practices and be a lasting resource for you and your staff. Before we go on to our speakers and our discussion, i do want to give a special shout out to jeff and tim, and ask them at all the folks who worked on cybersecurity come if they could stand up, and if you could give them a great round of applause for the great work that they have done. [applause] thank you, gentlemen. Before we get to the stickers, i see that our host governor has arrived. I know she was busy doing some interviews outside, but i would like to turn if i could overdo it would like to give an opening statement. I do what you thank governor raimondo for hosting indisputable state this great nga summer meeting pit and very proud to say that a record number, 33 governors, and 1800, 1800 folks have signed up to come to this, which is by far more than three times more than weve ever had. I know its because of our great governor and the great state of rhode island. But i do want to thank him i know the time and work you put into this, she knew, so on behalf of all the governors, thank you, and great to be in rhode island. Thank you, terry. [applause] thank you. Good morning. For those of you i havent seen yet, welcome to rhode island. We are very pleased with the turnout dictators broken every record as i understand it somewhat to thank all of you, some of whom have traveled very far to be here. I appreciate that. I also want to think and acknowledge kerry for his leadership on this issue. It is true that you be leading us as the chair, but i think you should feel great about your legacy. Because you started an initiative that many of us have followed. I know i did. I signed an executive order around cyber for the task force in place and have hired for the First Time Ever a director of cyber and Homeland Security reporting directly to me. So i think were all doing our part. The hardest part of all of this, of course, is behavior change. I would love to hear, you know, technology is one thing. Resources are one thing. This is really about getting people to change the way they do, when they log on, if they change passwords, how they do their business. Thats even harder than it has been with technology. And so i think as we go forward under governor sandoval also leadership, anything we can do to focus on that would be helpful. But were thrilled to have anybody in rhode island. I want to make a quick plug, it is where having a governors only session with two important ceos, the ceo of cbs, larry merlot, and the ceo of igg. Both very substantial companies, and sponsors of this event. Bats at noon. Governors only and i would love it if all of you guys could be there. Thank you. Thank you governor. So back to the cybersecurity. To add a little context to the issue even discussing we are honored today that with three great speakers with us and i appreciate them coming to be with us today. Matt spence is a partner at the Venture Capital firm and restore whats. Chris bream is a chief Technology Officer at tanium and wes kremer from the rake and company, Vice President and president of raytheon integrated Defense Systems. These distinctive speakers are here to provide a window into the future of cybersecurity come what it will mean for our states and how we can take advantage of the tremendous opportunities in this sector. I would now like to get over to matt. Matt, the floor is yours. Great. Thank you very much. Governor mcauliffe, thank you for the invitation to speak about cybersecurity and in particular for your initiative in raising this issue to the governors in this area. By way of background on the part of the Venture Capital. We are a Venture Capital firm that invests into an exciting and emerging technologies. Everything from Artificial Intelligence to drones to Financial Technology to Health Technology. Companies like airbnb and lift a huge amount of cybersecurity companies. Companies like tanium workers is at, and other countries would look at to some of the most exciting technologies which have a huge impact on the work that all of you are doing. Before i was at that position i spent time in the Obama Administration i was at the white house as a National Duty council where i spent hundreds of hours in the white house situation room did it with everything from playing at the operation against Osama Bin Laden to trade issues to increasingly cybersecurity issues which really were in some of the most serious and significant which predated done everything that we talked about. I then spent time as Deputy Assistant secretary of defense give you some of those issues from the defense perspective. So i say that by way of framing to take two different perspectives about what we think of cybersecurity issues. Both from the situation room to innocence the boardroom of what companies and states face every day. And where things are going to want to say two things that may seem a little counterintuitive. If the question is where is cybersecurity going the next five to ten years, part of the question is to look back ten years. It was ten years ago last month that the iphone came out as a product. Something that has funde a chane way we think about commerce with think about other types of things. But if you i can look back, the conversation about cybersecurity has not changed very much over the last five years. We still talk very much about the upcoming pearl harbor of a cyber attack. We talk in normalcy about the threat but actually what has happened that needs to change said that changed very much. The fundamental issue is on actually one of technology as governor raimondo said but is fundamentally one of human behavior. It using some of the basic work of hygiene and good Health Related to cybersecurity, and changing behaviors that leave us all vulnerable to thats where particularly governors and political leaders committed the second they want to say is there actually are tremendous opportunities we are not necessary attention to the when i was at the Defense Department i headed up working on middle east policy. And one thing that is very easy to do is talk all about the threats come into by the threats, you may thought to go home and take a nap and not have to worry about whats going on. What we dont spend time talking about as much is what the opportunities are. And i would say as a think about the threats to cybersecurity, a critical part of the conversation is not to talk about the enormous opportunities here. The internet of things, Artificial Intelligence, driverless cars, the enormous amount of connectedness that we have decreased vulnerabilities that we need to be thinking about, how to coordinate and stop from hurting gus. But at the same time that very innovation that drives those technologies he is critical to driving our economy. And as we think about what the role of governors and regulation are to do it, its to come up with the right balance to continue to encourage that innovation and head coach of the type of technologies which to create threats but continued use of that drive our economy a try to turn to technology to help us address and mitigate some of the Cyber Threats that we are dealing with today. Thank you, governor mcauliffe it is truly great to be with leaders from across the country addressing an issue that is so important to us. The work of the National Governors association has start over the past five years and has been accelerated by governor mcauliffe leadership in strengthening our nations cyber resiliency. Raytheon is a company that many of you know we have employees and 46 of the 50 states. I oversee raytheon integrated Defense Systems business. This includes radars, erin missileDefense Systems, commandandcontrol systems, systems, maritime systems. Wherever Strong Manufacturing base. In many ways raytheon looks like a lot of companies in your states. And we are cyber company. For raytheon, some of us the sort with protecting our own product, our own networks of which Sensitive Data resides and then it was natural to take those lessons to our customers. For the past decade weve invested billions of dollars in developing Disruptive Technologies for Network Defenders of the war fighters. In fact, i would argue every business is a cyber company. Every company that relies on networks, computers, devices, such as, databases, manufacturing automation and intellectual property that you want to protect. The unique thing about the cyber domain is that dynamic it is. The tech landscape is constantly changing. The user landscape is changing, as a threat skate is always changing and rapidly advancing. So the work that just are here at National Governors association is just the beginning for each of you. Cyber is an issue thats here to stay along with education, healthcare, jobs and Public Safety as it touches all of those. Cybersecurity is changed dramatically in less than a decade. From i. T. Issue protecting networks and intellectual property election protecting our very way of life. When everything is connected, everything is vulnerable. As a result we see cybersecurity even for commercial companies as a National Security issue. Multiple times over the past year we have been reminded by Cyber Attacks that are easily launched, farreaching, they have Global Implications and thats really the challenge. The Cyber Services become more sophisticated as nationstates and cyber criminals invest more resources and Cyber Attacks because the return on their investment is so great. Theres no doubt that the cyber domain is now a contested domain. For states with Large Research universities, you probably know this rather well. At state schools with Important Research work being done are important targets. So let me just take you through a simple example, a professor t get one of your Research Universities doing something and highpowered lasers. Clearly, engineer probably a gadget guy like me invest early the way you do requisition or acquisition. You can really try think spear you can change the agenda for the private sector is make you and certainly your driving the agenda for the public sector. I cant im excited to be and looking forward to an opportunity to talk about these challenges and thank you very much for the time. Well, thank you. Now we move to questions but before we do, obviously a big part of cybersecurity is making sure that we have a workforce to do with and make sure that we are actually moving forward on building a workforce of a 21st century along those lines, governor hutchins center, this morning he and i kicked off a coding event for young girls who are here today, was a spectacular event, and it really comes down to the teachers. And im honored today that we have a very special teacher with us today, her name is sydney. Shes the humanas teacher, the academy for Public Charter School in massachusetts. She teaches history, covenant, but she transfers government by she transpose those into authentic lesson to prepare students for the future. Im happy to announce that in april of this year, sydney was named the National Teacher of the year for the United States of america. Not only does she have that on a but tonight she will be throwing out the first pitch, if we want to go with her today to see the Boston Red Sox you she will be throwing that pitch out, lisa can all recognize and thank sydney for being with us here today. [applause] thank you, sydney. I think that was something very special nga did today. Thank you, mr. Chairman. And i want to applaud you for your leadership on this issue. Just the awareness of it for the governors is equally important as well as the pledge that we have made to do more in the area of cybersecurity. And im glad you mentioned the girls who Code Initiative this morning. They are working right now as we speak on their different projects and will have more about them later, but in arkansas, you mentioned the workforce and it really ties in as part of our initiative, it is to prepare teachers to teach Computer Science, s. T. E. M. Education, to encourage the students to take it. Without enormous success in that. We mandated to be offered in every school. We have retained teachers. Sort of the flip side our company could side of coding is the cybersecurity. And we have for the first time conducted a Risk Assessment in arkansas and the Cyber Threats. We have looked at a coordinated agency. Our department of Information Services to coordinate that response capability. We are doing the workforce side of it, but if wes are one of, they just speak to the relationship between coding and Computer Science being taught, and cybersecurity and education that relates to it. Cyber resistant or cyber Resilient Networks putting cyber resiliency to be putting all of the software coding. But especially i think this is important for states and anything with National Security hospitals is that you have to be able to operate through a cyber attack but you still have to be operating through for medical services to be shut down during a cyber attack and we will never be able to avoid 100 of those. But for raytheon we dont report on the number of attacks that we have come at th, the metric that to the board of directors we know how good the firewalls will be. There is going to be the possibility someone gets inside of the network so we measure that amount of time. We look at that average time and that is the metric that we report to the board of directors im proud to announce today theyve chosen the seven states. Theyve now been chosen and within those seven states, the top that participate will each be given a 1,500 scholarship to study cybersecurity and they will then want to be able to access over 500,000 worth of scholarships. [applause] i want to thank you for your service. You played a number of different roles to bring that experience down to the entrepreneurial community. We have our own National CyberSecurity Center a few years ago in the defense contractor. They had the education to do with cybersecurity not just when they have a code would obviously but they need to know how to allocate the resources. In a day and a half people will come to understand at a deep level an awful lot in your initiatives here i want to appreciate that as well. Its the cybersecurity entrepreneurship built around places where those investments either department of defense or Homeland Security as well are made. How do we begin to accelerate the transfer of of the research thats coming out of the research institutions. Every one that has been successful to make sure you have the right people involved and we talk about how you can educate individuals to help make them more effective in this space. Its this activity into their curriculums. The university of alabama birmingham has a strong forensics program. To be honest i wouldnt have thought it was a place to serve as candidates like stanford and mit in the world in this advanced technology that they saw an opportunity. Whats really important is that starting early. You can help all of us understand the things that are emerging. How do you bridge the divide that youre talking about. Its focused on congress or the white house in our view is the most Important Technology policy makers. They are working on these issues and in a very practical way there are two things to bridge the divide that are hugely important in how the government buys and how the government hides the. Its lon a long and expensive ad these are Great Companies like the others that we look at but have great ideas and are looking to go in as they need to find a way to be able to purchase in a way that is more expedited. There are ways to do great things with Companies Like raytheon and others but also to make sure that when you find a great company, allow the government to be a good customer. The second issue is hiring. And that is not just trading and coating which is critical, but when you have done that, find a way to allow those people to come and work for the governme government. It is just so hard. To work longer and hours and there is no website were easy way to bring you in and when i walked out of the pentagon, the security issue that i was most concerned about wasnt isis or iran but it was whether we were equipped in our government to open the door to the most talented people to come and work for us and i think that is an enormously huge challenge. For that, it is heartening that youve invited us to talk about this and it is a privilege because part of what that is and biscuits to the question between innovation and the most important policymakers here. I look around the table and the governor has made a trip to Silicon Valley to talk with several entrepreneurs. In Silicon Valley in january and february perhaps it is better out there but we would love to host to talk with some of the people that are inventing the greatest ideas of the future and that are eager to talk about the partnership of what their technologies can do. Its still a pretty enormous divide. What problems need to be solved for the regulation opportunities and great thinking that is all around this room. As a quick followup, the basic Business Model that theyve put together with our commercial division is to take those Cyber Solutions that we employ in our products around the world with the Intelligence Services and with the various branches of the military and to be able to as the thread rapidly advances work through the process of deciding which ones of those can be curbed commercially available working in the commercial part of the company and then selling that as a commercial package as a cyber package that a Small Business and think it State Government and universities can purchase to provide the constantly updated to Cyber Protection package. When i was on facebook one of the things we focused on his privilege to. That is an opportunity for the states to attract the talent that they are looking for. You build a reputation around what youre doing and states are in the position. Thanks for your leadership on this. It seems that we occasionally read in the papers that a city or town or state go from another state and my question is i know for example the council of governors has been working on this but i would be interested in hearing the panels opinion on is there a better way to ensure information . We have the federal government, State Government, local government and private sector competing against one another but if we have another opportunity to learn from one another about the threats that have happened if my state gets hacked we have a better opportunity to share the National Alert system to prevent us from the states or communities or companies suffering the same sort of scheme so are we doing a good job and is there an opportunity in the future to do better to learn from one another and protect one another that is the great question. We are not doing enough to share information. Its security that permeates everything. Theres physical security, threats from cyber entries and other pieces that are very much related. When you are sharing information thing in that its not something in a particular bucket its something that permeates the whole range of things. They dont want to the amazing opportunity in technology to create a lot of new windows and doors that they can break into. Because the nature of the cybersecurity there will always be things that are overlapping but we need to do much more of this to increase trust and collaboration between the private sector and government. Its even more to do much of this. Finding ways to assure the information is the key. It wasnt out of an ill will. We cannot modernize the system and now it is time to take that next step. One of the Fastest Growing companies in the worl world then maybe you would like to share with the market signals are telling you and what problem you are trying to solve and why people find so attractive. I know that in disk you strategically look at places that are where the next place is coming and what is the next going to come from but it is looking for . Im happy to talk about the technology. Its kind of my role so im pretty excited about that. Something we mentioned a little bit earlier, which is skill. Its hard to manage these networks and they are only getting bigger. I read theres about 8. 4 billion devices that are connected right now, and that is like 31 and that is going to just grow tremendously over the years the one thing as a company we did is true to say okay, we cant do this in the traditional way that is another approach we can use to start handling the massive scale of these environments. So thats what drove the innovation and helps our technology to succeed and i think what is interesting for me, i think about all of the initiatives that are helping because i mentioned constituents and the growth of devices and people talk a lot about the internet of things for the want of definition they have but at the end of today all of those are devices that are interconnected in some way, shape or form and what we have focused on is being able to scale back to that size. Thats what made us successful because we recognize it is coming and i dont see that changing anytime soon. Thats a really interesting question. We look at what is coming down next. So theres two things right now on the security front what is exciting is there are threats we may not be thinking about. One for example you assume someone knows that its your voice but how do you really know and theres one company we are investing in gold pin drop security that works on the integrity of your voice to make sure when you are speaking they know it is you. Thats one. The other piece, and this relates to cybersecurity about the most exciting areas of innovation is Artificial Intelligence and whats called machine learning. So, a lot of the things that actually would seem to be ten or 20 years in the future are actually happening pretty closely here which of the above implications for things that governors are doing. So, for example Artificial Intelligence. Without the commission to write articles based out of the last olympics Artificial Intelligence has spent time trying to write music or write speeches. There is a company that emerges a lot of interesting Health Technology plus Artificial Intelligence to take a huge amount of data that we generate to provide Better Health outcomes. There is a Company Called cardiogram that analyzes your heartbeat from your apple watch, takes the data and can predict a heart attack, the best cardiologist at the best medical schools in the United States. And those types of things are interesting to take technology and the data to make the population healthier which can produce a whole range of things that are good for them so would i get most excited about are the opportunities for these type of things that are not even ten years in the future, they are a few years in the future or happening right now. Remake will things that ive been able to happen. I know it is a constant challenge to make sure that we provide funding for technology. Its a battle that we have to fight. One of the things that often falls by the wayside is cybersecurity, the Continuous Monitoring and assessment and training. Do you have a recommended percentage of the budget for the states that should be spent on cybersecurity . It is a great question and i think it gets to the issue. It becomes a cliche to say you are going to be hacked. Everyone is going to be hacked. And if you say that to a Corporate Board that tells people what am i supposed to do with that if it is all going to happen i want to put my head under the covers. When you are a company or if you are dealing with a resource constrained environment, you know, you dont have the luxury to spend an unlimited amount of money on the problems that you have. And so the key is thinking about the prioritization and i think there are two ways to think about it as you think about that. One is to prioritize the types of asset and what is critical and critical infrastructure. But the other pieces to think about the prioritized and information. Its to stop someone from getting into the house so you can lock the doors and put bars on the windows but there are a lot of cracks in a lot of ways to get into your house. You have things marked as secret and topsecret and then a level of security clearance even above that that has those sensitive ways of how the government gathers intelligence. So just because the work at the white house, you dont get access to all that information. Just because you happened to walk in the door you cant do everything even because just as a security clearance. If you think about prioritizing the budgets and these type of things, part of tha it is the ranking and understanding what happens, what is the crown jewel and what are the things you dont want to get out but are less important and taking just a more strategic approach rather than once it is in everything that is going to happen. I would like to offer just a couple of other thoughts on that. Some of the basic things you can start with that dont cost much and wouldnt have to be viewed as a percentage of the budget towards cybersecurity is the first question. Does every state have the chief Information Officer that reports directly to the governor and does that cio have a seat at the table in most all decisions especially any purchasing decisions because as i mentioned earlier, a lot of it is about thinking about the architecture of your system. So as the different universities, hospitals, and he states are thinking about the Architecture Design to be cyber resilient and have some standards around things like authentication or multifactor authentication. So i think theres a lot of opportunities where the fiber resiliency can be built into systems and its not at an additional cost. Its about thinking about an overall architecture and having someone designate that has oversight and influence into the state level decisions about what systems are procured and what the requirements are. But the most important thing to do. Do. The gop is our Technology Enables show you how it works. Im beginning to sound wicked broken record on the scale but how you scale your people use them as effectively as you can so you can get those fundamental problems solved. Lets give a round of applause. Let me remind you everybody has this packet and i would also like to recognize the newest member from the great state of alabama. If you can pull out one specific it is constantly being updated by the cyber team i would ask you to take this back and give it to your team and make sure you bring in your adjunct generals and or cio. I would call everybody into your office and Conference Room to make sure they have this so that they know it is critical you bring your National Guard in the early to make sure the sharing of information as a part of this process in your states and i also want to thank the governors. We have signed a compact here and we have 38 states that have signed on and we will now have a continuous dialogue as we go forward. Our team into the private sector folks i do want to thank the corporate sponsors. I want to thank all the folks that have been part of this process and now i will adjourn the first session and i will see you this afternoon. More now from the governors association. Coming up blank mac. To the challenges that we all face, governor mcauliffe thank you for your kind words of introduction into your thoughtful opening remarks. Thank you for your warm welcome in this extraordinary state hospitality. Its high summer here in rhode island the land of sand and