Acknowledging the American Association for their additional support. Im here now for the next 30 minutes with Brandon Wales sampras charity Infrastructure Security Agency for what i hope its going to be a fascinating conversation about the election, about the covid pandemic, about the state of cybersecurity and infrastructures charity and Critical Infrastructure across the country. Brandon thanks so much for joining us today. Thank you so much for the presentation but im very happy to be here to talk about important the important work that our agency is doing. Today is december 3. It is hard to believe exactly a month ago on november 3 we were sitting down as the country to watch the first Election Results roll in. It feels like we as a country with about 25 years in the last month and i would imagine for you this is felt somehow even longer than that. I want to start off today by taking you back three weeks ago on ers day after the election. You put out a statement that i want to quote three lines from. The november 3 election was the most secure in American History and theres no evidence that any Voting System deleted or lost votes, changed votes or was in any way compromise. We know there are many unfounded claims and opportunities for misinformation about a process of our election. We can assure you that we have the utmost confidence in security and integrity of our elections and you should too. My question is we have seen a lot of court cases over the three weeks since that statement came out or is there any reason in your mind anything that you have seen for anything that you have heard that would cause you to change that Statement Today . Garrett the agency stands by the statement that was issued at the beginning of november but i want to give a little bit of context to that prefers the ball the statement was issued alone was a statement that was issued i the higher Election Security community the people up and working over the past three and a half years to improve the security of our election infrastructure. Folks on the Election Assistance Commission and the federal election and commission the secretary of state state election tractors and the companies that provide the equipment. Secondly a lot of the claims that are out there have to do with Election Fraud which is beyond the scope of the work we do here at cisa in the work we have been focused on building. Election fraud is the purview of the department of justice and state and local authorities that have the responsibility for investigating and prosecuting that and the attorney general has been on record talking about his views on the scale of Election Fraud during this election while recognizing that they are continuing to investigate potential claims of fraud. As of right now we dont have specific evidence of systems being compromised but we continue to work with our state and local officials. If they have concerns where one phonecall away from assisting them and helping them. But i think there has been misconstrued data. Thereve been no problems with the election and it is fraudfree and thats just not the case. We do believe that it was external interference which is our mandate and we are proud of the work we did to get that out point. I want to stay with the elections for a minute longer to talk a little bit about the web site that was launched in the runup to the election. Tell us a little bit about what the agency is goals and hopes were for the web site and what lessons you feel like you have learned out of how that web site has been used and the mission that is fulfilled over the last couple of weeks. We put that web site up the week before the election partially in response to activity were saying from the iranian government associated with spoofed voter intimidation emails and we thought it was an important way for us to put out Accurate Information about the security of the voting infrastructure that foreign adversaries were attempting to undermine peoples confidence in that voting of the structure and since that time we have continued to highlight keep parts of the process and talk about the security and resilience measures that were either always in place within those systems where we have put in place over the past 3. 5 years to give us greater content. We are putting out very broad information about how the system is normally operate the safeguards in place and providing information where people can get more detailed information. You will notice that our web site is not the same as factchecking done by media organizations which can be extremely specific. The claims that are made in specific locations that have unique circumstances where talking more broadly about people the overall safeguards that are in place for that continues to be important to educate the American Public about how these systems work and why they should have confidence in why they should whether should be a high bar for proving that the system has been compromised. You have kept the web site going through the Georgia Election or is this something where this is a web site targeted at the president ial race is an easy and now winding down . What i told their staff is our Election Security in mission is to protect the 2020th and will continue until all the elections are complete. We will keep issuing rumor control entries as we think the situation warrants it and where we think we can have an impact and we will do that through the end of the cycle which hopefully will happen sometime in early january. I would be curious if you could talk a little bit about, this is the first election, the first president ial election that the system has a existed for agency it was two years old last month i think on november 16. Happy birthday and i wonder as you look ahead now what lessons youve had going through this president ial election both in terms of looking at future elections and the Election Security mission but also what if you learned from the security effort as it applies to the Critical Infrastructure role specifically . Its for areas and i will try to do them quickly. First is the degree of partnership that we are able to build than the election Infrastructure Community and it was incredible, extremely broad relationship extremely and adjusted in counties and election vendors and those relationships were essential in allowing us to execute a broader range that 70s. We were able to dive into that sector and understand how it operated posing it as it critical function and looking in those functions in decide what operational work understood and applied security practices around those. Third is a relationship inside the federal government where we had information sharing that has been second to none in my 15 year history of working at the department. Information being shared between the Intelligence Committee are national security, Cyber Command and our fbi. Early word has allowed us to take quick action get official information passat back to our colleagues in the Intelligence Community for them to get the Additional Information where they had insights and access and that cycle allowed us to get ahead and to hunt for activity more quickly and allowed the intelligencedriven which it should have always been. Those are the things we are applying to our cybersecurity work in understanding in an area where we may not have the amount of leadership focus attention like we did across the entire u. S. Government how do we continue to get as much progress made on our mission . The in and the fourth is, this is frankly an area where we will have to continue to work more broadly with disinformation, what is the appropriate role for the federal government in countering this information where can we might not be able to make a real difference and how do we rely upon other voices and empower the right people who encountered disinformation and misinformation is being pushed out there . I want to say with that last point for a second because its a good question. One of the things that was unique and somewhat unexpected was the way this disinformation. Its not something government traditionally did in past elections four years ago when we saw the russian attack on the president ial election and there was no capability inside the federal government at all to combat this information. I wonder particularly around the question from the very heated and fraught election information environment over the next couple of months presumably a very heated and fraught information environment around the Covid Vaccine and the efficacy and the effectiveness of the vaccine and the treatments that are be going to rolled up by the federal government. Do you think theres a continuing role in combating disinformation and misinformation around the vaccine . To take on big issues like this in the public sphere. I see a couple of points. First is, i think we roll this out based upon things we were seeing out there. And partially in response iranian government activity. But we were actually taking some lessons from work done by others. For example fema often had control of nature disasters to dispel misinformation out there related to the incidents, the aide that they operate a rumor control operated so i think fax birth versus myth related to covid during the covid19 pandemic. That being said, more broadly i think this is going to be an issue for Political Leadership to look at. I dont think the u. S. Government has yet cracked the code on the best way of countering disinformation. And as i pointed out the federal government may not always be the best option, the right trusted voice on these kinds of challenging divisive issues. And certainly im not sure the Cybersecurity Agency can be a trusted voice when things like vaccine safety. There are other people in the government her better conditioned to provide Accurate Information to the American Public so that they have confidence in the decisions that are made to approve for example vaccines for public use. It does have and you have been playing throughout this year very active role in the program of operation work speed. Thus few hours including this morning about foreign actors, north korea and otherwise attacking the intellectual property of the Healthcare Companies involved in vaccine development. What can you tell us about the threat that you are seeing online to the Companies Involved in the supply chains involved in the development of the vaccine . Sure should be no surprise to thin the Cybersecurity Issue that from the very beginning of the pandemic, foreign nations were targeting Vaccine Research and Development Efforts across the country. Using a variety of mechanisms to gather information. We are seeing that continue to this very day. It is one of the reasons why there is a Close Partnership between cirencester, the nsa, the fbi with the department of defense and hhs with operation work speed to have as much cybersecurity support to the entities involved in that effort. I think in part based on things like what was released this morning by ibm that there is more we need to do to push deeper and further into these supply chains. Not just accompanied behind the vaccine but the companies are going to be essential to get this vaccine from manufacturing, through distribution, that last mile to the american people. So we are doing everything we can to raise awareness in that community. Provide additional cybersecurity deep into that supply chain. And ultimately our goal is to secure that supply chain. That no effort by foreign nation has the possibility of trusting this Critical Healthcare delivery. How has the partnership that you have been trying to develop through operation or warp speed change your way of thinking about the role with Critical Infrastructure factors. I dont think its change how we think about our role. I think it is certainly shown as that we need to have deeper relationships inside critical sectors before the Major Incident happens. I think our biggest challenge early on during the covid pandemic as we were not able to as quickly as we wanted get the companies we saw at highest risk, the facilities, the hospitals, others upon our cybersecurity systems because we did not have enough relationships with the right people in the right places. So one of the key things i have asked the head of our Stakeholder Engagement division is, we do a lot more stocktaking about where our relationships are across all of the Critical Infrastructure sectors. Because we do not know where the next issue is going to be thats going to require us to surge our efforts into that area. And do we have the right relationship at the right time for us to get our services being fully utilized. That is where the key lessons weve taken out of this process. Bout by the way some of the same lessons effectively. Theyre starting to try to push back against the russian packed. I wonder look at the failure of imagination with dhs to realize the lessons now the failure of imagination. From the healthcare sectors thats needed. What are you sort of thinking about in terms of where we might see something were not prepared for right now threat wise . When you look across the nation the Cyber Threats what you think is the thing we are not prepared for next. I dont know that i could give that answer if i could predict a Major Incident that maybe wouldnt have it. That being said it think partly the challenge is the big difference between elections in healthcare with elections we had no relationship with the relation community. It was not on the sector framework investing time and energy for it healthcare will be different from the very beginning. We had relationships of they were not at the right levels. Too actually make a difference during one of those critical times. So it is less about two we have no relationship in these critical areas. Whether its in the electric power space or critical manufacturing or elsewhere. We have the right relationship . Can we talk to the right Decision Maker if theres a surging issue like a pandemic and get them to authorize some action to get them to authorize some partnership in relationship with the u. S. Government quickly when we see a potential problem. So its more thinking about is the relationship that we have maybe to their stock at his particular companies that sufficient for what we may need to do and engage with that company in the future . I think a lot of cases with covid we are in a really bad day that when relationship is not sufficient. We need to have multiple levels and when you do a whole lot more to engage with those companies and to build the depth and strength of those relationships so we can take action more quickly. Im going to over simplify very complex displayed over the last couple of years. This is primarily what ill call a care agency. Theres not a lot we are able to matter to do the things we want them to be doing. Administrative subpoenas, other subpoena power, as you look back over the pandemic, do feel there are authorities that could have, would have help you navigate this pandemic more smoothly . Soon i can think you raise the administrative subpoena question has been a top priority during the past year. We are hopeful that if we get a National Defense authorization act that the authority will be captured in there. But even in that case its more carrots than sticks print that allows us to get information from ifp unable nibble ip address that we are seeing out in cyberspace. Allows us to connect that to an individual company we can go talk to. We still do not have any sticks against that company. The showing of their involuntary way asking them to close this vulnerability we have seen exposed. On that vulnerability could cause negative down stream impact for today, they could not make contact with the bolder peace of infrastructure on the internet. But again we do not have the authority to compel that company to make a change. But today we cannot even talk to them. We believe still that the voluntary approach that they operated is the best one. There are significant challenges with trying to implement regulations in a dynamic space as labor security. We believe the work we have done and things like elections prove that if we work in Close Partnership and provide good Value Added Services we can have positive impact even involuntary way. Im a try to squeeze into her three more minutes in a few minutes we have here. You have to be one of the longestservings employees and all of dhs. I knew came to the department in 2005. You also presumably the latest agency had any federal government. Its been now a little over two weeks now. She look ahead to the next couple of years of growth, what are you going to be looking for from the Biden Administration in terms of where this needs to go and where your help helping to grow . We heard former Deputy Director on tuesday at the summit say he thanks there should be a three billiondollar your agency. Its about half that size right now. Ive written about the size of the agencies were out large personnel wise is about the size of the security staff of j. P. Morgan. So its a pretty small agency right now. Im curious, what you going to be looking for from the next administration . Sure. As you said about the agency for 15 years. I might take a look at longer perspective on what it would take to build, develop, auteur put his full potential might be in the future. Ive no doubt that one day it will be a three billiondollar agency just cant say today or what fiscal year that will fully manifest in. That being said i think there are number of areas that it asked to start looking at to be prepared for future rural Political Leadership. And to provide them with some key decision points on important parts of our work. Including things like the support we provide to federal agencies to secure the. Gov. We have been operating off of legacy architecture for a long time. I believe its time, given the changes in how the federal government, the it architecture involves on that is going to take some new thinking. Thats going to take a radical departure from our legacy programs. We dont have the answer today but we have pieces of the answer. The next Political Leadership team and when we present them heres a roadmap of how to evolve our capability to be where they are. I think we can replicate that on a number of topics including disinformation that we discussed and things like her information sharing architecture we put in place over the past decade. Theres a lot of areas where we need to make substantial changes to how we do business. I think those are going to be some of the important discussions i went out the next political leader. Let me ask one final question about how the government structured cyber responsibilities are right now. One of the major recommendations coming out of the cyber space earlier this year was the idea of creating and reinstalling at the white house a National Cyber director. A position the Trump Administration effectively did away with. The Security Group picked up and endorsed that recommendation in its report yesterday about a cyber agenda for the new administration. And i am curious with the idea of a National Crop agency type director. Would that be useful to you . That would be something that would be helpful at the table these conversations . Six oh garrett i think the official Administration Position has not been to support a National Cyber director. That being said, obviously that issue still being debated within congress. He could very well have a recommendation coming out of the National Defense authorization act. Recreating the position. Its ready to work in partnership the National Cyber director at the white house. Likely had during the beginning part of this administration during the administration. It would be what would be the scope of that authority . And do they have the right degree of oversight, overall aspect of the Cyber Mission to come together . Then theres a lot of ways it could be structured. Where it might not be sufficient to advance the whole of u. S. Government like Cyber Mission. I think the devil is going to be in the details. That will be the direction coming out of both congress this year as well as the potential administration. Select thank you so much from the sunday news programs, a look at the timeline at the Coronavirus Vaccine from administrative officials and what some are saying about a covid relief package. The package being worked on right now is about 900 billion right now. Do you expect it to be passed
vimarsana.com © 2020. All Rights Reserved.