Brad and chris, who will engage in our next chat. Brad is the executive Vice President of booz allen hamilton. Chris is the director of the sartment of Homeland Security cybersecurity and infrastructure security agency. We are 55 days away from the u. S. Election, so it is my great pleasure and honor to introduce medairy for this fireside chat. Brad i appreciate the invite. It is a pleasure to be here with chris. That e are think thankful that you agreed to join us today to talk about some important topics. I think we should jump in. Chris ive got to admit my heart is racing a little bit right now. You said 55 days. I thought i had more time than that. Brad lets dive in, chris. Aside from the election, theres covid19. Certainly we saw the federal government move from a day in the office to telecommuting in a matter of days. Is your perspective around this new normal, not just in the federal government, but in some of the critical sectors you are seeing . Has been hugely transformational. Every aspect of how we engage has changed. Way elections have shifted, the way we are working to provide cybersecurity support to our federal government partners has changed so risk ofally, given the agencies who are so critical to ensuring we have the right Management Structure in place, that we are developing a vaccine, and at the same time weve got a multitude of threats coming at us, looking for research, looking for information, so weve got to make sure that, again, at the top, that we are providing the appropriate security support to those critical agencies, but at the same time, when weve got all these other federal agencies that are shifting to a remote work environment, or have shifted to a remote work environment, they are introducing new risks that are expanding their attack surface that we dont put take our foot off the gas in terms of the progress we have made. We should be doubling down on investments right now, accelerating the deployment of like endpoint detection and response. It is that much more critical that we get our arms around our Security Problems and close them out as rapidly as possible. Brad you mentioned the risks. Tainly, certain agencies but are you seeing any changes in terms of the attack sectors or the risks . Typically from the threat side, we are seeing three major or primary lines of attack. Attacks the nationstate and the Intelligence Services, the military operations. The Intelligence Services are doing what they always do. Spies are being spies, looking to collect information on what is really going on in the country, what is the status of the vaccine development, what is the Economic Health of the country . They look at that shifting the relationship with china over the last six or seven months. Chinese Intelligence Services have been very active, as have the russians. There is a second bucket of activity, cyber criminal activity. That is going to be focused on fraud and criminal type activities. It has been fascinating to watch have just about every single war out there with phishing scams, for instance, has been linked to covid, some kind of covid theme, whether it is the early days of sign up here to get tested, and now we are starting to see things about sign up here for a vaccine, early trials for vaccines, things like that. They are praying on the fact that people are concerned about covid. Also, i dont know about you, but on my phone i get a weekly activity update, and my numbers keep going up, so everybody is more connected than ever right now. The other threat we are seeing is less on the technical cyber side, but it is disinformation. Whether it is the russians, the chinese, the iranians, or some other group, we are continuing to see information be pushed out through social media, and traditional media. Things are being circulated about martial law take over. My favorite thing over the summer was that 5g towers help spread coronavirus, which is complete garbage. Nonetheless, it is like a textbook to simcoe campaign, where it circulates or is going by at, and then it takes root in the real world. In the u. K. , we saw 5g towers getting torched by vandals. That is problematic on a couple of different levels, but as soon as these narratives, these conspiracy theories turn into physical manifestations of violence, then weve got a much larger problem on our hands. At the Risk Landscape on the other side, risk being a combination of vulnerability with a sprinkle of likelihood on top, we have been working closely with our Intelligence Committee partners, our Law Enforcement partners. We can say, here is where that sort of attack could gain purchase due to the vulnerable systems, and here are the potential consequences. We are able to target our messaging to our stakeholder groups. A great example, a couple weeks ago we released an alert on operational technologies just because of the way folks are having to go home and manage things remotely. We are seeing remote maintenance of Operational Technology and industrial control systems, and that just opens the door for bad activity to come into a network, an operational environment and really disrupt functionality. For us, that is the next frontier of Risk Management, disrupting functionality rather than compromising the privacy or security of data. Brad we have been tracking the threat for a while. That seems to be on the uptick. The other thing that has been interesting is the recent Ransomware Attack on garmin. And the ransomware was more than the two bitcoin ran some. It was more significant. In wasteda surge locker attacks. When you think about paying off a ransom, you cant do that under the sanctions and law if they actually go to the Treasury Department and ask for a license and exemption. They have been loath to issue those, as far as i know. It does show there is big game hunting out there. These are very patient actors. We have seen them sit on a network of persistence and maintain that persistence for some time, watching how the system is maintained, and in some cases hopping into the backup channel and going intio what you thought was an online backup. It has to attach to the network at some point. Really capable adversaries, and that is one of those things where i remain very concerned about the threat of ransomware, not just the state and local networks on a daily basis, but particularly with the election, and the next 55 or be on days with or beyond days with ransomware remaining a potential threat to those networks. Your team is focused on innovation. I look at a lot of the threat until reports you put out, the advisories, they are very relevant. Can you talk about how you are working to really [indiscernible] yeah, just to clarify, the National Security agency has their cybersecurity director. Cyber security division. They are two organizations. They are really symbiotic. Lets go back to that Risk Management conversation. What are the components of risk . Threat, vulnerability, consequence, and likelihood. The nsa is really good at the threat piece and the vulnerability piece. We are also really good at the vulnerability piece, and we are exceptional at the consequence piece. When you bring those capabilities together, we can work with our partners in the Intelligence Community and work on, hey, here is what you are seeing over there. Here is where this could come home to roost in the united states. We can do that targeted context rich engagement with our Critical Infrastructure partners. I have spent a lot of time over the last several years working with the nsa to develop this relationship, to understand what our respective strengths are, how we can bring those together in defense of the nations Critical Infrastructure. 5g. you mentioned your team just released 5g strategy. Be paving the way for industry when it comes to how to think about this naturalizing technology, how to think about securing it and in the broader ecosystem. What are unique things you are seeing in the 5g front . Dir. Krebs the way we operate here is essentially over two different time horizons. Defend today, secure tomorrow. That means that as we work with our partners to understand what the Risk Landscape looks like today, we are going to be tackling active threats, closing out vulnerabilities, managing consequences as best as we can. But we want to bring that learning forward so we are not fighting the same battles as today, tomorrow, or five years out, so that the next appointment of infrastructure or technology is secured by deployment. But we are not naive in the sense that there will be new risks, new threat vectors. There is always a vulnerability somewhere, and it is about closing it out when we get to it. The 5g piece for us, our 5g engagement strategy is just about that secure tomorrow piece. It is understanding the Risk Landscape, managing risk, baking it into the process. We also have an exceptional ability across the federal government of convening partners and convening stakeholders. We can bring together trusted groups of industry and government partners to work on thorny issues. We have done that across a range of different subject matters, industrial control systems, Risk Management, and 5g is just another manifestation of that. Exquisite Risk Management capability with that unique ability to bring partners together. What we are looking at is, what are the threats posed, how can we test it taken componentry coming down the pipe, and how do we bring all our partners together so that we have a rich environment of information but we on what we know, dont know, and how we can use those two together. What gets to our top line objective is to help foster the vibrant International Ecosystem of trusted 5g componentry. It is that simple. There are too many options right now that dont fit that mold. How do we create and foster an environment for more trusted componentry in the 5g go system . . Ecosystem brad in the 5g world, what is interesting is that there is the 5g infrastructure, but what it enables is more processing, analytics at the edge. The attack surface is going to continue to expand. I think that 5g is going to continue to integrate the digital and physical world and introduce just a lot more real risk across the broader ecosystem. Dir. Krebs i do think that more than probably any other space, it is where the integrity and availability aspects become that much more critical, including availability. Is the network performing as you need it or expecting to perform at any given time, particularly if we are talking about more autonomous functionality out there in the infrastructure world. Brad lets pivot to elections. I am sure this is one of your favorite topics. Jointly gave us the countdown. What is your perspective. What are the challenges you are facing now . Dir. Krebs ive got to admit, when i came into government three and a half years ago, i thought i was just going to be doing almost pure cyber stuff. As it has come around, elections have been one of the core fortresses for the agency, but it is the whole Intelligence Community, working with the Law Enforcement community, working with dod. It has really been i mean, the best way i call it is a vibrant Election Security community in practice. We work with the election assistance commission. Most importantly, we are the supportting supporting command to state and local election officials. Corner in aed the really meaningful way, and we are working all 50 states on a regular basis to share information, to secure their system, to ensure they have all the resources they need to be prepared, whether it is a covid environment or a non covid environment. We did not anticipate that, but we are ready. We anticipate this will be the most secure election in modern history, but i am not resting here. We are not resting on our laurels, because we know they are absolutely capable adversaries out there, whether it is china or a ransomware actor. Weve got to be ready. Weve got to have resilient measures in place. When we think about what that means, it is paper in the system, it is backups, and still being able to carry out the vote in an analog state. Ultimately, it all rests on the voter. Are they prepared to vote . Can they volunteer . Lastly, are they going to be patient . It is probably going to take longer to be counting with the absentee ballots. Have a little patience. Democracy was not made overnight so we may have to wait a little longer for the results. Referencedlso some of the disinformation campaigns earlier. From the washington perspective, in my opinion, that is one of the greatest risks we face as a nation. What is your perspective around the role of the federal government in terms of combating disinformation . Dir. Krebs this info just a is not federal government problem. We need the social media platforms involved. We need that traditional media platforms involved. We need the American People to be involved as well to have a more critical eye on the things being presented to them. We have the federal government looking for things to disrupt. We have the Law EnforcementCommunity Connecting the dots and sharing information on accounts and specifics like that within the social media platforms. That is supplyside disruption. We are focused here on the demand side and helping the American People understand how these campaigns, how these techniques manifest, what to look for, how to be a bit more of a Critical Thinking consumer of social media. The techniques have changed as well. We have been pretty effective as a community on the social media site. The adversaries are shifting. They are planting stories and seeing them spin. The thing that the average person can do is look at what is being presented to you. Why is it being presented to you, and who is it presenting who is presenting it to you westmark if it is tied to the kremlin, like rt or sputnik presenting it to you . Kremlin,tied to the like rt or sputnik, chances are it is not a good thing. Brad we only have a couple minutes left. About19, we talked digital transfer nation for years. Covid19 is accelerating that. Acceleratedg adoption of cloud and the federal government shifting to Software Service platforms. Cisa was designated as the for cybersecurity. We know that cyber talent is. Is hard to find. What is your perspective around covid as an accelerator . I think the federal government is a lagging indicator. If you look at theres been a pretty significant consolidation. That is going to manifest in the federal government, from every agency, 101 billion federal agencies. If youre talking about 101 really capable shops, youre never going to get there. It is not efficient, not effective. The way i look at it, if weve there are a couple others that can provide cybersecurity services, thats a much better edition. Consolidation. We are looking at a couple things right now thats going to be a game changer. Out. N continue pushing edr all of that has to roll out into a consistent dashboard to understand where the lists are, understand the problems across the federal government. This has been a game changer. I think we have made a lot of progress. You mentioned the expansion of cloud. I think we have been cloud ready across the government and that has allowed us to skip over some of these vpn vulnerabilities that have been pervasive over the last year or so, bypassing vpn going straight to workplace as a service. Those are great things, more advancement ahead of us. Dir. Krebs appreciate the conversation thomas appreciate the conversation. Any closing comments . Dir. Krebs be prepared, participating in voting. Thanks to thomas for doing this. You adapted once again. I know its the spring rather, i know its the fall, going into cyber conference. Thank you. Appreciate your time today. Probably is the 19th anniversary of the 9 11 terrorist attack. From the 9 11 Memorial Plaza in new york city, and the 9 00 a. M. Eastern on cspan3, the observant ceremony from the pentagon. 93nine on cspan, the flight memorial in shanksville, pennsylvania. Live coverage on cspan, cspan2, and cspan3, online at cspan. Org, or listen live with the free cspan radio app. And heres a look at some other events were covering on friday. At noon eastern on cspan, the house Intelligence Committee holds a hearing on u. S. Saudi arabia relations. At 7 00, republican senator Susan Collins in a debate with the three candidates who are challenging her in maines u. S. Senate race. On cspan2, a subcommittee looks at the Energy Departments response to covid19. That gets underway at 1 30 p. M. Eastern. Youre watching cspan, your unfiltered view of government, created by americas Television Companies as a Public Service and brought to you today by your television provider. The House Oversight and Reform Committee held a hearing on the 2020 u. S. Census