Speakers as well as an Awesome Group of participants in the room itself. Let me also welcome our viewers on cspan. Obviously they play an Important Role in Public Service and to better understand how washington does and does not work. But im going to be hyperbrief because youre going to get more than you want of me throughout the day, but im going to very quickly introduce my my partner in crime, or maybe better partner in countering crime, lenny hainesworth who is Vice President at Northrop Grumman. Northrops been a wonderful partner of gws, of our center in particular. Not only todays event, but multiple reports weve done together, and i think play a Critical Role in advancing our National Security and our national interests. So ill leave it at that. Lenny, please. Thank you. Thanks for the introduction. Good morning, everyone. On behalf of Northrop Grumman, we are just very pleased and honored to cohost todays event in partnership with gorge washington university. Frank and gwu in general have an exceptional reputation in leading rich and deep conversations about policy that will contribute to our collective ability to enhance the National Security of the United States and our allies. As we commit Cyber Security awareness month, starting next week, i cant think of a better platform or a time for all of us to get together to discuss and pursue solutions that will enable the policy objectives for robust Cyber Security. As a company and a mission partner, we are committed to delivering innovative Cyber Defense and full spectrum cyber and Intelligence Solutions to our customers across the department of defense, the interagency and Intelligence Community and the federal space. From our work, we see firsthand how the threat is growing exponentially, both here at home and abroad. To combat the growing threat, we believe that a multitiered approach is necessary to protect our national and Economic Security interests in the cyber domain. This approach integratesence hansed cyber capabilities, builtin cyber resiliency and an execution of a unified Cyber Mission with our closest domestic and international partners. In the spirit of partnership, todays event is a true collaboration between government, private industry and academia to Exchange Ideas and pursue mutually Beneficial Solutions to advance policy objectives for the u. S. And our allies. Todays panels are going to be exciting. They will focus on issues surrounding cyber deterrence and the importance of Public Private partnerships in spurring innovation on both the technological and workforce front. Later this morning, well hear from the white houses Homeland Security adviser, mr. Tom bossert. And the Deputy Director of the nsa, mr. George burns. Let me move on to introducing our first keynote speaker, congressman will hurd. Congressman hurd service on the committee of oversight and reform. He also sits on the committee on Homeland Security and as the vice chair of the border and Maritime Security subcommittee. In 2017, congressman hurd was appointed by speaker ryan to serve on the house permanent select Intelligence Committee, where he sits on the d. O. D. Intelligence and overhead architecture as well as the emerging threats subcommittees. Im sure everyone here is following the progress of the federal i. T. Moderation bill that he authored and is helping to push through and usher through congressional approval now. Congressman hurd is one of the most knowledgeable voices regarding Cyber Security in congress. Prior to being elected, he served as a Clandestine Service officer in the cia. The only current member of congress with this background that we know of. That we know of. [ laughter ] sorry. No worries. And an industry was a Senior Adviser for a Cyber Security firm. Congressman hurd, we thank you for your strong leadership on cyber and the Intelligence Committee and we look forward to hearing your perspectives today and your insights. Everyone, please join me in welcoming congressman hurd. [ applause ] well, thank you, congressman. And let me just underscore the purpose of this center is to try to shed more light than heat on complex issues facing our country. And when i think of leaders in government, both in the executive and legislative branch, i know i sleep better with you fighting the good fight on capitol hill. So as a bit of a backdrop, let me say your bar is low. Your bar is really low, though. My bar is very high. Im joking. You worked to a good friend of mine at one point. Absolutely. Hes on our board here. And i think it genuinely is important for those that legislate to understand if youre providing a menu for people to eat from, you better understand what it looks like, and i think thats really important. And i might also note your committee, the Homeland Security committee and on the House Permanent Select Committee on intelligence, youve been incredibly active as a legislator as well. So youve got a lot of members of congress who can speak to the issues, but not necessarily follow through with legislative prescriptions. So thank you on behalf of the center and all of us. So lets start with a general question. I mean, you cant turn on the tv, you cant pick up a newspaper, you cant click on a link, and be careful which links you do click on, on the net without reading and hearing about the hack du jour. Whether its equifax, you name it, every day there seems to be another one. Lets put it into perspective, not all hacks are the same, not all hackers are the same. Intentions vary, capabilities vary. Before we jump into some of your legislative initiatives, can you help us rack and stack the threat as you see it . What keeps you up at night . And what should we maybe pay a little less attention to, if anything . So, thanks for the invitation and thanks for, you know, helping to facilitate this conversation. And i would say we still have to be worried about the nation states, right . The advanced persistent threats are still at the top of the food chain and apts are what we ultimately have to defend against and that is where the federal government should be spending the bulk of their time. And so the theft of information, that is going continue to go on and we have to be able to start, you know, thinking about authentication and what does that really mean. I think when we look at equifax, the equifax brief, were not going to see the impacts right away. This really is changing has to change the way we do authentication. And the American People did not opt in for their information to be with equifax or, you know, any of the other credit agencies, and so now, you know, weve used those weve used the credit agencies so much for authentication, how do we change that . But the growing area im getting concerned with is disinformation. And while it is not Cyber Security in practice because its actually not, you know, taking its not technical. We have to be able to defend against it and there are technical ways that we can inculcate ourselves from disinformation, track disinformation and thats why i think these two issues should be should be talked about very closely. But the broader problem on this is ourselves. What is a digital act of war . Mmmhmm. Everybody asks that question. Everybody thinks of it differently. We do not have an overriding policy. If north korea had launched a missile into equifax headquarters, we all know how what the response would have been. Right . So we have nobody knows what the response should be now. And that requires that requires industry, that requires government, that requires legislators to finally work those issues out. Now, there are and working that with our allies. You have the talon manual, ive spent some time in estonia recently, and, yes, theyre only 1. 3 million people, but, you know, the fact that they their people have trust in their abilities to defend their infrastructure, do everything online, is a pretty big deal, and i think we can learn from that. Got a lot of experience, given their neighbors. So i think that demands they be pretty good at their jobs. Absolutely. Look, im not one to look to the u. N. To help solve, you know, a lot of problems, but if you look at the u. N. Defines acts of war, and, you know, the manipulation of a utility grid or an impact on a countrys electricity is identified as an act of war. So when the russians, you know, did this to the ukrainians, what was the International Response . Exactly. Crickets. Exactly. And so these are some of the things, and i also believe not only defining what is an act of war, we should be defining what is our responses to some of those acts of wars. Some of our responses we should say, were not going to tell you. Right . Strategic ambiguity is valuable and we also have to have these conversations around on attribution. Is general attribution enough . I think it is in some cases. Weve also got to continue to work with our many countries to make sure that hacking and things of that nature are considered criminal laws. And that is another level we need. Thats why i think the work that mr. Painter was doing at the state department was important, that that coordinator for Cyber Security is an important tool in our diplomatic tool kit and i hope we see some changes at the state department to reinstate that. Well, thank you. Just to put a little backdrop to that. So nation states, both engage in computer neck work attack and computer neck work exploit. Pure nations that are into their strategy, russia, china, countries that may not be yet at the capability of those, but what they lack in capability, they make up for with intent. North korea, iran. Then foreign terrorist organizations, given all your terrific work, does that warrant any concern on your end . It does warrant concern, but also so for me, can a terrorist Organization Take down our grid . Can a terrorist organization, you know, manipulate markets . I dont think there is evidence out there that suggests they have the capabilities to do Something Like that, but, again, when it comes to the digital space, you know, and i say, you know, it looking at i think part of Cyber Security and where i look at it is a broader of how do you engage in the cyber domain, you know . Cyber space is domain just like air, land sea and space. So part of it is the rules of engagement within cyberspace. And when it comes to when it comes to ill use isis specifically, their ability to leverage social media to promote a message. So countermessaging important as well. And when you have people using social media, guess what, youre increasing your surface area of attack for the good guys to go in and get information. Absolutely. I left the cia in 2009. And so social media was not used as much as it is. Shoot, i wish i would have been able to have that information to do my job because, you know, the info that i could gather from that is pretty significant. So not only is you know, its an opportunity for us when we go on the offense, especially in the intelligence space. Now, im really glad you brought that up because i think its fair to say well never defend our way our firewall our way out of this problem alone. At the end of the day, you touched on themes were going to pick up in greater depth throughout the entire day, such as deterrence, such as signaling and the like, but when we think about our own capabilities, do you think we ought to be a little more transparent . What good is having a doomsday machine if no one knows you got it . In reality, if we deter, we have to demonstration. Dont you think there is a lot of mixed signaling going on. It has benefits on occasion but not zblaulz there is, but this is an age old question and an age old intelligence question. If you have access to intelligence, do you use it, and if you use it to do something, youre going to reveal the intelligence and possibly lose the intelligence stream. Yep. And thats why i think its important for policymakers to be making those decisions not the practitioners. So this is a decision if, you know, and i think the future of Cyber Command at the nsa, youre going to see the nsa providing a perspective and saying, hey, we need to preserve longterm intelligence value. Then youre going to have Cyber Command say we need to use this to put, you know, the equivalent of lead on the target and theyre going to always be in friction. Theres always going to be at loggerheads. Which is good. You want that tension. But it is the policymaker that ultimately makes a decision on the the impact, the ability is act is worth the loss of the capability in the future. And this is even more germane and important in cyberspace because as soon as you reveal a tool or a tactic, Everybody Knows it, and guess what, its probably going to get turned around and used against you. Exactly. And that means pulling in the defensive community into any of the offensive discussions becomes more important today than it did in the past. Right. And one thing i might underscore, and its not to get adrift, and well move to other topics in a second, but when you look at the greatest, i would argue breakthrough since 9 11 on the counterterrorism front, it really was the synchronization of titles x and titles 50 when you string them along and when do you take them out . And i think there is some history there that we can rather than relearn the hard way, we can apply. I wrote a piece on the cyber jsoc with a few friends of mine. I think there is something there that can actually get the two entities there is always going to be conflict, but they have to come together to have concerted impact. And we should be perfecting that right now today in eastern ukraine. Thank you. The russians, look, you know, this is where Electronic Warfare and disinformation come together. The russians have been able to get convince some people that there is a separatist movement in eastern ukraine. Its not a separatist movement. It is a russian invasion of a sovereign nation. They annexed crimea, which is in the southern part of ukraine. They invaded eastern ukraine. They have 920 tanks there and they are utilizing the latest and greatest in Electronic Warfare and we should be countering that. We should be testing our latest and greatest counterElectronic Warfare activity and we should be doing that to support our ally ukraine. And so this is a real opportunity where we should be testing some of our capabilities, and were not doing it to the level of where we should. And one of the questions ive been asking is, who is the cyber jsoc . I was like, you know, i thought maybe that was russian tv over there. Theyre here. Theyre looking for me. They are. So, yeah, trust me, im aware. And so so that is where that is that should be the pointy end of the spear. And let me go back to something before we move on. When we talk about what are the biggest issues and what keeps me up at night. What keeps me up at night is actually quantum computing. Quantum computing is closer is going to be here sooner. I know i love you because were doing a lot of work its going to be here sooner than we expect. I know vladimir putin, i think he said, you know, whoever whoever gets a. I. First, no. It is going to be decided by who gets to quantum computing first. In real broad applications. And that is going to change how we do things. And we us and our allies should be focused on this. Canada has some really interesting things going on. Of course here in the u. S. And this is something that the only way were going to achieve the being the first here is industry and government working together. And academia working together as well. And we did a major report last year on active defense, looking at proactive steps companies can take because we cant simply blame the victim. And what makes cyber different is theyre on the front lines of this war. I mean, how Many Companies went into business thinking they have to defend themselves against foreign intelligence services, who, by the way, are not only bringing cyber to the fight, but all sorts of intelligence. But also dont be a victim. Right . Most of the major attacks weve seen are not zero day attacks. They are if youre patching your network, if youre doing proper ve credentialing, you would solve these problems. Utilizing good System Hygiene is where we should go. And the government is some of the biggest violators of these principles. And thats why ive actually spent so much time trying to shine a light on that problem, is to make sure that prevent the opm from happening again. That were following some of the most basic of activities. And guess what . Most a lot of my work is focused on the dotgov space, but the Intelligence Community and the military are just as bad. The you know, look, the cloud is not new technology. And the cloud is secure. You can secure the cloud. We should be transitioning to this as quickly as possible. And by dragging our feet and if we have folks in that are responsible for this that dont understand it, well, guess what, get up to speed on is it because and thats why i. T. Procurement is so important because i want to make sure