Welcome everyone to George Washington university. We have an Awesome Group of panelists and participants. Let me also welcome our viewers on cspan. Obviously they play an Important Role in Public Service and better understanding how washington does and does not work. Im going to be hyper briefed because you are going to get more than you want of me throughout the day, but i will very quickly introduce my partner in crime, or maybe better partner in crime, lenny haynesworth who is Vice President from northrup, its been a wonderful partner of gw gws, of our center in particular, not only todays event but multiple reports weve done together and i think they play a Critical Role in advancing our National Security international interest. I will leave it at that. Thank you. Thanks for the introduction. The morning everyone. We are just very pleased and honored to cohost todays event, in partnership with George Washington university. Frank and gw, you have an exceptional reputation in leading rich and deep conversations about policy that will contribute to our collective ability to enhance the National Security of the United States and our allies. As we commit Cyber SecurityAwareness Month starting next week, i cant think of a better platform or time for all of us to get together to discuss and pursue solutions that will enable the policy objectives for Cyber Security. As a company and a mission partner, we are committed to delivering innovative Cyber Defense and fullspectrum cyber and Intelligence Solutions to our customers across the department of defense, the interagency and Intelligence Community and the federals space. From our work, we see firsthand how the threat is growing exponentially both here and abroad to combat the growing threat, we believe a multitier approach is necessary to protect our national and Economic Security interest. This approach integrates cyber capabilities, builtin cyber resiliency and executes the unified cyber mesh and with our closest domestic and international partners. In the spirit of partnership, todays partnership is a true collaboration between government, private industry and academia. We Exchange Ideas and pursue mutually beneficially ideas to advance policy objectives for the u. S. And our allies. Todays panels will be exciting. They will focus on issues surrounding cyber deterrence and Publicprivate Partnership with innovation on both the technological and workforce front. Later this morning we will hear from the white House Homeland Security mr. Tom bossert. And the Deputy Director of the nsa, george barron. Im sure you cant wait for us to get started so let me move on to introduce our first keynote speaker, congressman will heard. He serves on the committee of oversight and government reform and chairs the Information Technology subcommittee. He also sits on the subcommittee on Homeland Security and is the vice chair of the order and maritime subcommittee. In 2017 he was appointed by speaker ryan to serve on a House Permanent Intelligence Committee where he sits on the dod intelligence and overheard architecture as well as the emerging threat subcommittees. Im sure everyone here is following theprogress of the federal ip modernization bill that he authored and is helping to push through and usher through congressional approvals now. Congressman is one of the most knowledgeable voices regarding Cyber Security in congress. Prior to being elected, he served as a Clandestine Service officer in the cia. The only current member of congress with this background that we know of. [laughter] , and in industry he was a Senior Advisor with a security firm. We thank you for your strong leadership on cyber and the Intelligence Community and we look forward to hearing your perspective today and your insight. Everyone, please join me in welcoming congressman heard. [applause] thank you congressman. Let me just}the purpose of this is to try to shed more light on issues facing our country. I know i sleep better with you fighting the good fight on capitol hill. As a bit of a backdrop, let me say. Your bar is really low. My bar was very high and you worked for a good friend of mine. I think it generally is important that those who legislate understand, if you are providing menu, you better understand what it looks like, and i think thats really important. I might also note, your committee, the Homeland Security committee and on the House Permanent Select Committee on intelligence, you been incredibly active as a legislator as well. Youve got a lot of members of congress who can speak to the issues, but not necessarily follow through with legislative prescription. Thank you, on behalf of of all of us. Lets start with a general question. You cant turn on the tv to me cant pick up a newspaper or click on a link. Be careful which link you do click on, without reading and hearing about equifax or you name it, every day there seems to be another one. Lets try to put into perspective, not all hacks are the same, not all hackers are the same. Intentions very, capabilities very, but before we jump in to some of the legislative and congressional initiatives, can you help us rack and stack the threat as you see it, what keeps you up at night, and what should we may be pay a little less attention too, if anything. Thanks for the invitation, and thanks for helping facilitate this conversation, we still have to be worried about the nationstates. The advanced persistent threats are still at the top of the food chain and abts are what we have to ultimately defend against and that is where the federal government should be spending the bulk of their time. The theft of information will continue to go on and we have to be able to start thinking about authentication and what does that really mean. I think when we look at the facts, we are not going to see the impact right away. This really has to change the way we do authentication. American people do not opt in for their information to be with aqua facts or other credit agencies. Now, weve use those credit agencies so much for authentication, how do we change that. The growing area im getting concerned of is this information and while it is not Cyber Security in practice because its actually, its not technical, we have to be able to defend against it and there are technical ways we can bring ourselves from this information, track this information and thats why i think these issues should be talked about very closely. The broader problem on this is ourselves. What is a digital act of war. Everybody asked that question. Everybody thanks of it differently. We do not have an overriding policy. If north korea had launched a missile into equifax headquarters, we all know what the response would have been. Nobody knows what the response should be now, and that requires industry, government, legislators to finally work those issues out. In working with our allies, you have the talent manual, i spent some time in dystonia and there are 1. 3 million people, but the fact that there are people who have trust in their ability to defend their infrastructure, to do everything online is a pretty goo big deal and i think we can learn from that. We have quite a bit of experience given their neighbors. I think they demand their pretty good at their job. Im not one to look to the un to help solve a lot of problems but they defined acts of war. The manipulation of the utility grid is identified as an act of war. When the russians did this to the ukrainians, what was the international response. Crickets. These are some of the things, some of our responses we should they were not going to tell you. Strategic ambiguity is valuable. We also have to have these conversations on attribution. His general attribution enough . I think it is in some cases. We also have to continue to work with many countries to make sure hacking and things like that are considered criminal laws. Thats another level we need. Thats why think the work they were doing is an important tool in our tipple medic toolkit. I hope we see some changes to reinstate that. To just put a little backdrop, nationstates both engaging Commuter Network attack, pure nations that are integrating cyber into their strategy, countries that may not be yet at the capability of those but what they lack, they must make up for. Foreign terrorist organizations, is that given all your traffic work, does not warrant any concern on your end. It does work concern but also, for me, can a terrorist Organization Take down our grid, can it manipulate markets, i dont think there is evidence out there that suggest they have the capabilities to do Something Like that, but again when it comes to the digital space, i say, looking at, part of Cyber Security and where i look at it the broader, how do you engage in the cyber domain just like air land see in space. Part of it is the rules of engagement within cyberspace and when it comes to isis, their ability to leverage social media to promote a message and counter messaging is important as well. When you have people using social media, you are increasing your surface area of attack for the good guys to go in and get information. I left in 2009. Social media was not used as much it is it is. I wish i wouldve had that information to do my job because the info that i can gather from that is pretty significant. Not only is it an opportunity for us especially in the intelligence space. Im really glad you brought that up. I think its fair to say we will never defend or firewall our way out of this problem. At the end of the day, you touched on themes we will pick up in greater depth throughout the entire day, deterrence, signaling and the like, but when we think about our own capabilities, do you think we should be more transparent . Whats the good of having a doomsday machine if there is no one who knows you have it. If we have to deter, we have to demonstrate. I think theres a lot of mixed signaling. There is, but this is an ageold question and an ageold intelligence question, if you have access to intelligence, do you use it to do something, and if you use it to do something, you are going to reveal the intelligence and possibly lose the intelligence stream. Thats why its important for policymakers to make those decisions, not the practitioners. This is a decision, i think the future of Cyber Command, you will see an essay providing a perspective saying we need to preserve longterm intelligence value then you will have Cyber Command say we need to use this to put the equivalent of lead on the target and they will always be in friction. You want that tension, but its the policymaker that ultimately makes the decision on the impact, the ability to act is worth the loss of capability in the future. This is even more germane and important in cyberspace because as soon as you reveal a tool or a tactic, Everybody Knows it and it can get turned around and used against you. Exactly. That means pulling and defensive community into any of the offense of discussions and it becomes more important today than it did in the past. One thing i my}, and its not to get a draft and will move to other topics in a second, but when you look at the greatest breakthrough since 911 on the counterterrorism front, it will really was synchronization of title ten, title 50 where you saw the joint Operations Command when you string them up, when you string them along and when you take them out. I think there is some history that rather than relearn the hard way, we can apply. I wrote a piece with a few friends of mine so i think there is something there that can actually get the two entities, theres always going to be complex, but they have to come together to have concerted impact. And we should be perfecting that right now today in eastern ukraine. The russians, this is where Electronic Warfare and disinformation come together. The russians have been able to convince some people there is a separatist movement. It is a russian invasion of a sovereign nation. They annexed crimea which is in the southern part of ukraine. They invaded eastern ukraine. They have 920 tanks and they are using the latest and greatest. We should be testing our latest and greatest and we should be doing that to support our ally the ukraine. This is a real opportunity where we should be testing some of our capabilities and were not doing it to the level of where we should. One of the questions ive been asking is who is the cyber. Theyre here, theyre looking for me. So that is where, that should be the pointy end of the spear. Let me go back to something before we move on, when we talk about what are the biggest issues and what keeps me up at night, what keeps me up at night is actually quantum computing. Quantum computing is closer, it will be here soon. I know Vladimir Putin said whoever gets ai first, no, this will be decided by who gets to quantum computing first and in real broad application. That will change how we do things and us and our allies should be focused on this. Canada has some really interesting things going on, of course here in the u. S. , and this is something that the only way we will achieve. The first is industry and government working together. And we did a major report last year looking at proactive steps companies can take. What makes cyber different is they are on the front lines of this war. How Many Companies went into business thinking they have to defend themselves against Foreign Intelligence Services who, by the way, are not only bringing cyber but all source intelligence. But also, dont be a victim. Most of the major attacks weve seen are not zero day attacks. They are, if youre patching your network, if youre doing proper credentialing committee would solve these problems. So utilizing good digital System Hygiene is where we should go and the government is some of the biggest violators and thats why we spent so much time trying to shine a light on that problem prevent that from happening again, that were following some of the most basic activities, and guess what, a lot of my work is focused. [inaudible] but the military is just as bad. The cloud is not new technology. The cloud is secure. You can secure the cloud. We should be transitioning to this as quickly as possible and by dragging our feet and those who are responsible, guess what. Get up to speed on it. Thats why it procurement is so important because i will make sure our chief Information Officers across the government have the tools they need in order to modernize and make sure they are defending our Digital Infrastructure and providing the service they are supposed to be providing to the american people. It is still two thirds of all attacks are due to fishing expeditions. The fissures are getting more sophisticated in doing intel. Thank you for raising that. When i quickly introduced in the very beginning, youve been legislatively incredibly active and in both hats youre wearing, that is just rich with legislative prescription, im not sure if theyve all been followed up on capitol hill, but tell me, in particular about your it modernization. So two things, thanks for those comments, but its also Homeland Security mccall, that are intimately involved on this. When john was the chairman that looked at foreign fighters that produced interesting legislatio legislation, theres a lot of folks that are intimately involved and you also talk about reform. Its smart government that i like to call it. Now we will go to conference and make sure we keep that language and hopefully get that conference version passed before the middle of december and theres one more tool for cios to use. The omb an American Invasion office have been intimately involved in this process. They have ideas on how they want to implement it in my against view is that cios are not prepared. As soon as this goes in, that is where many of the families who are watching here today can be helpful in watching them through three could vantage. One thing i will be doing on the subcommittee, we do a scorecard which is evolving to a digital hygiene scorecard. One thing we will start keeping track of is the working Capital Funds for modernization. I think that is if youre taking advantage then guess what, the culture of modernization in your organization and i think that is one more metric we should be looking at for our various agencies. Some agencies will be able to take advantage of this, others will not. That was the reason for having working Capital Funds because they should be 20 different experiments going on in how we modernize. Im excited about this, i always joke, ive been in almost 50 parades in my two and half years in congress. Have never seen a sign that says it procurement. Its really exciting to be able to see this come to fruition soon. No one resolved patching them either because they were on to the latest and greatest. San antonio on one end, el paso on the other, one of the safest largest citie