What are we doing to protect god and from a planned protection, are you on schedule. So that is a big thing that came out in cyberspring activity that basically cios i was on the boat for reporting literally on a daily basis. Taking a look at who has a day of an tiny qquebec and why. What assets today have been why do they have it . Making sure folks that dont need it dont have it. So by telling scott and others if we need to address this in a timely fashion. Again, the third area dealt with the factor of authentication and accelerating now. Another one dealt with making sure if he does have a cbm in place as well as accelerating einstein. So the metrics that were put in place were in support of not only the program, but also the areas of priority identified as critical cybersecurity areas to address part of closing the loop. The third area is communication. Communications from a machine perspective making sure it is made available to departments and agencies through price breaks as well as information that is through the einstein program. Another element in regard to communication along that line is also the activity being put in place across the departmental agency. Double play two roles one is allowing the agency to see what is on their network do you have a visual perspective of that. A prioritization of those issues to distribute your security resource, but also translator in across the entire government to push down from a federal dashboard to the Agency Dashboard for Risk Management awareness so that you are aware as an agency. Doesnt matter if youre in an agency of people or in an agency like da. You are aware this is traipsing across the government should be doing something about it. So then its coming forward from a federal standpoint down to the Agency Dashboard. Those are some of the machine sharing this. What is also interesting is basically that people interact. What we saw as part of the activity of the cyberstream activity occurring is much more communication going on between the system, the cio. What is going on there and the cio needs to be aware because its also an increase communication when your deputy secretaries made on a monthly basis and basically become more responsible for cybersecurity, they want to be aware of what is happening in their environment. The point where one of the additional methods we did put in place to the agency for critical reliability, when you are putting out a directive, and they wouldnt real happy about that. We actually had to secretaries called jeff johnson, our secretary and say thank you. Thank you are putting this out. A really fourstar awareness and the communications. The communication between cios in regard to impact because the issue with their hands behind their back and responsibilities they had, the dialogue is opening up to a point we will see. Communication is supported. One other area we also emphasize supporting agencies on his permission when you put the security capacity in place, often times they say this is starting to implement the job. I dont understand why you are doing that. So bringing that awareness is a key element we are involved with because cybersecurity is everyones responsibility. Especially when we talk about how everybody felt interconnected. There is a conversation icon at the tail end earlier in regard to the federal government. How many interactions there are between state and local government. I was the cio for new york for 20 years. The interactions between state and federal government to increase more and more activities between federal government. So one in regard to addressing this is also making sure on the stateside they also have access to a similar type of capability and programs. So the cdm program leverage the epa and theres other activities involved directly with the state local support and activities. So we look at it from a good of how you address the internet of things and the interconnectivity of 3 of the program would provide Going Forward and the metrics and how we are mentoring success and how we are encouraging that access and basically the communication. So that is the approach put in place. I just want to provide you a perspective of the key elements in each of those areas. We are working with agencies to be able to provide that type of support. With that, there are questions at the end. More questions at the end. As the folks are thinking about the internet of things that i mentioned early on we live in a world where target got hacked through an air conditioning system for god sakes. And so we hear about are they going to attack us through our toaster. How do you begin to deal with the world possibility and how do you do some Risk Management around that . A key element they are his understanding what is happening on your network. That is really the first emphasis we put in place. What is the hardware . Because the level of awareness is all over the place. So now you are aware of what is going on there and then you look at the policy of how to ensure you keep aware and then you take a look at the issue coming through and regretting not in a timely fashion. You know, part of that is when we look at all of the different typos and activities outside the federal government. That is where we need to take a look at what are the policies that occurred and basically, how do we want to have that conductivity or not. The information in regard to threats, what is happening is a key element involved with the federal government. At one time, those people that only were at the operations level. Now the awareness is all the way to the death threat level. When we talk about the agency taking a look at what is occurring and what are those threats, they have it up to the bubble and have that understanding. They have the full range of people involved in regard to addressing those. Many more questions. Stick around for a couple minutes to join the roundtable. We look at some of those. Let me bring up [inaudible] [applause] the associate director of cyberphysical Assistance Program with the standard and Technology Focus for a while now. The last time, we were we are happy to have you back. Thank you. [inaudible] thank you, everyone. Good morning. Exert being here. Thank you for listening to the presentation i have. I work as director of cyberphysical Assistance Programs and for those who may not know, the department of commerce is the u. S. Federal agency that works on measurement scientists. Its one of those institutions and federal government and science and engineering, specifically things and comparability but those things. So how many of you have heard about something called the cyberphysical system. Raise your hand. Very few. I didnt do my job in promoting my title. Theres a lot for you guys to learn today. So im going to talk about ioc and at the same time that is really iot on steroid, i had tea with more focus and system control. With more robustness and resilience. Think of any basic critical systems. They are part of it as well, but at the same time the college assistant and needs a lot more science and engineering to make sure they are safe and secure. So this is kind of my definition. Any talk i know you guys all know what it is. The definition is really to correlate at the bottom the sensors, chips, but you can kind of touch. There is a communication layer. Wifi, longrange communication. Everything that can connect to is the hardware. A lot of people think that is what it is. That is not absolutely correct. For more layers have more important in the system. On top of that, there is a software. Potentially it collects data appeared by the way, they dont have a lot of value. They have information from the federal data and when the information is extracted, thats what we call it. So that is what the Data Analytics player does. On top of that the most important layer of service. So all this information, what are we going to do with it. It does not do that much good for us. You have to take action. The action could be humane interaction and data. So you can look at all of this application, transportation, health care. Those are really the factors that youve always seen and said he is really the Playing Field you can see the applications provide real benefits. So from the smart city is, they pretty much categorize parts of the layers. What is missing is the human factor, but the application is in there. You cannot do anything without the human factor. So opportunities we talk about really the question bear is what is the real benefit. We can collect all of this data. Unless we take action, somebody has to take action and that is where it comes in. It is very fragmented, just like the ioc system, meaning every city literally does their own thing. It is not to scale. It is not business because they cannot resale. So important pieces to replicability, scalability, we need to find those models to really catalyze the deployment of iot. When i say catalyze come you cannot just pump money into it. You have to have some goal or direction. You have to find the right model that can create to bill benefits. Without the real benefits, whatever you want to call it when not be sustainable and that is the theme that i have in my programming presentation. I want to go back. So instead of each city doing their own thing, why dont we bring in multiple cities in multiple to lg innovators including companies and universities and help them pick the issues that create a real benefit to us. Cities know what their problem is. They just dont know how to solve the problem in a manner that is viable and sustainable. A lot of them when they are solving problems. They have the real problem that they feel. So we want them to group with the specific topic and then address those problems. So how you program twice starts around the september timeframe and culminates in the june timeframe and we bring the partners and we bring in all the different players and help them to find the problem. Again, its a repco, scalable and sustainable path of benefits. In the process airbag partners like nsf and private sector partners like the corporations listed here. About 250 corporations and organizations participated to address the issues using the iot and others. We had about 50 participate. Its really provider showing their solutions. Its not any different than a trade show. So we had about 50 cities around the world including chicago and san francisco. Also i dont know if you heard about this,. And israel, and tanisha allcaps are together for their common problem. They came to the conclusion to be replicated. I will give you a few examples. We had 54 teams composed of 450 organizations. First of all, the top left this link and i say, a couple other companies which is now google has invested in some of the partners here a Pretty Simple concept. Its not really used these days. The huge wifi hotspot is a free wifi wifi access to citizens and then generated revenue. They are being about 700 million revenue for the next 10 years. That is where the sustainability is because you generate revenue. Virtually every city you had the scalability and its not just one block. You can cover the whole. They have battlefields without putting the ambulance of field. So now being without the commercial sector, typically the application right now is when you have a lot of ties and just come to the bus station and. So why dont these go to the house where he picked them up instead of the hospital. So that is the point right now. They are doing a bunch of stuff. The City Initiative is the path participating, they proactively bring in these different solutions. Several other cities on the important question is, each fully modern station that is a professional grade concept to 6000. You dont have a 6000 station. So you need lower costs. A good mass answers can have a lot more in the process. So the culmination of the program have been june 1st at the museum as you can see. We have the museum and presentation stages for more than 50 plus governments. We are lucky to have high profiles and also the transportation and also at nsf. We had about 1500 attendees and more than 50 media outlet. So picture yourself [inaudible] so we are planning the next challenge. But this is not the end. We know this model works. The cities are looking for solutions than Companies Looking for the issues they can address. The next challenge will come soon and the focus this time will be more on the measurable and quantifiable internet. Lets say we can reduce the traffic. How can you reduce . Can you show them, can you prove it . It is a real Business Model happening. And then all of this is a lot easier for them what the real hard data. Deployment, deployment, deployment. Having a pilot until it comes out of the lab as scalable and replicable and sustainable, so also we will work on the architecture because a lot of people think if they have some sort of common understanding. So i will stop here. Theres some more information over there and ill be happy to take any questions. In the next phase of this because youve been through a lot of phases. Any lessons youve learned from the Smart Cities Program so far . What is your big take away . The big takeaways this. The market is huge and everybodys trying to solve the problem on a local scale and we need to Work Together in creating the collaboration of the Public Private partnership. The reason is because the iot by definition is technology. Transportation, energy and water have to also Work Together to achieve from the program. Its not that im ignoring the people. We have one more and then we will come back and have a whole conversation about this. Thank you so much. I had it right here. Peter robbins is the Cybersecurity Solutions lead for the go public sector. There you are. Hello, good morning. So as they mentioned, i am the last speaker before a town hall session. So i have the distinct opportunity to kind of summed things up and to leave you guys with some good thought on where you can go forward with the internet of things. So i would like to start by talking about and this really does some things up, that there are really three things you can gauge when you Start Talking about the internet of things. One is you can do things more efficiently. You can gain the Operational Efficiency and hopefully save some money. You can create new things with the technology sadistic here you can create new things to your citizens and customers will be happy with and will like and then you can improve the quality of the delivery you are giving. So if you look at all the benefits of the internet of things, if you summed them up, you get the result. Sorry, i will go back. So when we think about the internet of things, the industry and government we think about industrial control. We think about lighting. We think about parking and those are all very good and things that can save us money and efficiency, but our users are thinking other things. Our users are taking about smart from, smart toaster and to our users, as has become very and especially when you talk about the new workforce and trainer businesses and government to younger generations coming in with the increasing notion all of these things are going to work. In fact, they surveyed 14 to 29yearolds and they asked them, i cannot imagine life without. The answer was mobile phone was 97 . And the car was very important in my generation and becoming less important and most of the survey is the current partners only 43 . So it is very. And of course all of these devices are growing. We have seen over the years that it is growing back in 2009 with had the Inflection Point where there is at least one device on the internet for every person in the world. By 2020, we estimate 50 million devices on the internet and its starting to look like that number may be too conservative. Adoption of the internet of things in things on the internet has grown faster than any other technology that has come a has come along in our lifetime or previous lifetimes. So with that comes the challenge. We have all of these devices out there and by doing that, there are more places the bad guys can attack. Theres more devices and not only more devices, but more places you have to worry about. There are a lot different ways you can find a weakness in pecan. When you add that to the endpoints being created, essentially in the Consumer World are not really designed with security builtin. So they are oftentimes designed to get to market very quickly. You know, they want to beat their competition with the next new greatest device. They want to keep it low cost so it can be adopted by more people. There is a censor out there that is about the size of my thumbnail that is about 2 that includes internet and may be the amount of moisture in the field. So they are very good and they are designed that way without security builtin, oftentimes using code that comes from open source and so there is some problems there as well as the hardware as simple as possible may not have all of the security builtin that we need. So when you start adding all of this together, it becomes very complex and the people who are trying to keep the data secure, it becomes a problem. The big question out there is you have all of this stuff, how are you going to orchestrate and control . You have this one time where you say i will lead again, or know im going to block it. That doesnt work anymore. And in addition over the years theres been all these great new technologies that of introduced to go after these threats. So our big organizations have tons of security devices in their data center that dont talk to each other, get fragmented, are too much to manage. At cisco we are talking about a new paradigm when we talk about what are you going to do before an attack, what are you going to do during an attack on what he going to do after an attack. So before, you want to know everything that is in your environment. Surveys, the products out there, mark talked about cdm, the diagnostics mitigation, thats a first step. Theres also controlling who can get where in a network. They should not be able to access pointofsale data. So you not just allowing access to your enterprise with username and password. Its my username, password, javier connecting, where they are connecting from, what time of day it is and what their title is. So you want to segregate access to all of the things on your network. All of this is done before. During an attack you want to block as best you can. There are many tech