Special thanks for this lunch sponsorship, and thank you for seven years of their sponsorship and support which has been greatly really a key reason for us being able to host this forum free for the government and military. And to be able to do this now for the 10th year. So thank you very much. I want to just also point to your, give your attention on your seats. There are flyers that describe the next year event, september 8th and 9th at the marriot. For Corporate Executives that are interested, a series of quarterly leadership meetings. Were in the third year of that. If you look at the flip side, youll see the corporate members include cisco, aws, raytheon, hp, google cloud and others. If youre interested in that, let us know. Id also like to recognize and express our appreciation for the Advisory Board members. Ill list those once again as theyve been very helpful. Brett scarborough from raytheon. Dan prietto from google cloud. General gregg tuhill, brad maderi. Matt berry. Dave leavy, mark ker, and shawn love. If we could give them a round of applause, please. So just a couple logistical announcements. Im trying to keep us on time. Isc squared, if youre a member of that, you can get credit by going to the Registration Desk and giving them your member number, please. And they can send you a print certificate or they can give you a print certificate or they can send you a digital certificate. If youre an osaka member, i gather you have to go to the saka portal to register for continuing education. Were delighted to partner with them to offer continuing education credit for those of you who would like it. This is a very full and exciting afternoon. Im very excited about it. Well have a number of keynote from the general crawl who just will be introduced shortly. We then will have a number of panels, and well conclude with keynotes from the ego u uno and others. We have a full day ahead. And well then have a number of awards at the end of the day, and im honored that well be giving a Lifetime Achievement award. Im announcing this now, to general mike hayden who will also give final remarks to our audience, and im honored by that. So with that said, id like to now introduce gregg potter. Hes the Corporate Lead executive at fort meade and aberdeen. Hell be introducing the lunch and keynote speaker. Gregg . Thank you very much. Thanks, tom. And thanks for billington putting on such a great conference. Its my honor and pleasure this afternoon to introduce the keynote speaker for this this afternoon. Hes a Deputy Principle and senior military adviser for Cyber Security. He is a career aviation command and control officer who has commanded the squadron in deep levels. He has deep cyber and Information Operations background where he was the chief of the joint operation at Central Command as well as the deputy chief of their Information Operation center. He was the branch chief for strategic plans for Information Operations at u. S. Special operations command. If you would, please give a warm welcome to Major General dennis kroll. Well, being introduced with music and applause before i speak is interesting. You might want to hold that. Maybe well earn some of that together. Its my pleasure to have a few minutes to chat with you this afternoon. And id like to split my time here to get done framing a conversation and then being available to take your questions. So i want you to im your afternoon caffeine. Youve just had lunch. Ive got enough excitement for both of us, for all of us here. What id like for you to do is to take the conversation up a notch and were going to talk about war fighting for my quick portion of it. And were going to think strategically, and the slide thats in front of you is my staff is embarrassed about my slide. I built this slide myself, and it probably shows. Thats about as many words as i want to cover in a framing document, and i want us to think the way that the department thinks and breaks down our War Fighting Mission in this very critical domain. Im going to use the language that comes from our National Defense strategy and the Cyber Strategy that flowed from that in 2018. This is language that our former secretary of defense used very clearly about lethality, partnership and reform. Its a great lens by which to look through cyber and a few other quick items well talk about. But i need you to remember something when we have this conversation. Theres a couple caveats. Every one of these framing ideas doesnt exist unto itself. This is all about outcomes. Youve got to make sure we pause and think about what it is were doing, why were doing it, and if it lends itself to the ultimate mission, the reason were doing it. Which means theres got to be pause points in execution to make sure that were still on track. Technology changes. We all know at a rapid state. Its easy to Chase Technology and not the mission. Its easy to stay focussed on antiquity and not adopt modernization. There has to be a level of balance. We do it within a government system of funding which drives a lot of this, which at times is a bit ep sodic. The challenge is balancing those three tendencies but not to forget this is all about outcomes and driving to an endstate. What makes this different in our approach that were looking at possibly this year than previous years is the right emphasis and weight to what we call persistent engagement. The items that ill talk about, especially under lethality really lend itself to think about is this something were doing episodically, is i stay in steady state or is this fits and starts which means you lose momentum and dont have the ability for proper exploitation of success . These are all principles that we talk about in every other domain, yet, we somehow shy away from them in this one, and its just as applicable in order to seize that advantage and to maintain the advantage throughout operations. The other piece is we talk a lot about operations in a contested environment. And ill be honest. Im not sure that we are as practiced as we need to be to be successful given the threats we believe were going to face. Now, im fully aware that there are those who believe weve given our ill also tell you that there are times because we really believe that we can fight through certain things but are not well rehearsed that we may be in for a rude awakening if were not practiced and postured to succeed. So think about what information contest would look like thin lines, red lines, low bandwidth. The ability to prioritize information at the need of speed. What are the minimum elements a commander needs to fight . If those have not been defined, it would be difficult to figure out how youre going to employ that on a battle field when you realize that its at that time under this crucible of challenge that youre not going to have a pause point, the fog of war creeps in and everything becomes more difficult. These have to be practiced. And you have to understand what it means to your perfectly rehearsed plan when you do that in garrison, what it means to meet that plan on a battle field. A famous boxer once said about his competition that every man has a plan until i punch him in the face. Right . You think about that. We all plan and we think about what its going to be like, and then we meet the krus billion of contest, and weve got to be ready for what that looks like. When we talk about these principals, theyre not e soar theic. Theyre there to be practiced, vetted, rehearsed, challenges, improved and implemented with confidence. Thats where we need to be. Lets talk about these things under lethality first. Three sub areas important the way i look at defining them. The first one would be the idea of authorities. Weve got to of to right authorities to operate in the space. And it doesnt matter what kind of activity were talking about. Whether were operating networks, talking more it centric role, whether were talking about defense, or offensive operations. They require the requisite authorities in order to move at pace. This persistent engagement means the authorities need to be deep enough to character rise the battle field as well. Not to simply execute. Youve got to anticipate in that authority realm that these things would be in plans. Not sprinkled in after, but for forethoughts built in, planned for, and tested as ive mentioned earlier. Ill be honest with you, weve had a lot of help, and i mean that in a good way from the administration and from congress in this area. They have loaded us up with authorities that we havent had before. Its important that we utilize them. And that we line up a couple other items that go along with that. So authorities would be one idea of that triad that you have to think about, be two others have to be lined up concurrent with that. The other one is process. Youve got to have a process in place that takes advantage of the authorities that were given. If the process isnt repeatable, if its mired in quagmire, the idea of constant uphill battles and fights. Im not saying we shouldnt share information with other parties. The point is the process has to lend itself to a successful and timely outcome. Not for a process that exists unto itself. Anyone who has worked in the pentagon personally and seeing the pentagon process up front knows exactly what im talking about. Secretary mattis used to have a phrase back when i worked for him as general mattis, that when good people meet bad process, bad process wins. Bad process can take the most energetic, forcible, excited individual and crush them through a series of things that dont lead to an outcome. These are areas taking advantage of the authorities were given and working on new ones, looking at this process inside and outside the building to execute operations in a timely manner, and the last piece of this three legged stool is on the idea of capabilities. Weve got a make sure that we have the Trained Work Force and the equipment to perform the mission at hand. Weve taken a hard look at this work force. And in some cases, i think weve taken it maybe for granted that the work force will be available. The amount of training thats required. The recruitment. The competition that were under to retain individuals given theres a lot of walks of life that people can go do. Looking at models that lend itself to attracting and retaining the best and brighter for our mission is critical to what we do. Also the capabilities in the terms of the tools we have to employ these are critical as well. Weve got to make sure that we employ cutting edge technology. Weve got to make sure that when we start looking at ways we can take advantage that we do so in a timely manner. And that were not looking at Old Technology delivered too late. Theres a quadrant that i have. Its a mythical quadrant that i keep on my board that i try to avoid. Thats the phrase of this may not work, but at least its expensi expensive. Right . We want to avoid the idea that were paying at premiums for outdated technology. Weve got to be more responsive to on board and use whats available. If you think about lining up the authorities, the process, and the capabilities, how critical that is to the lethality rubric. The next piece is the idea of partnership. We have a couple areas that challenge us here as well. On the good side we know many of our partners have unique capabilities we dont have. We want to make sure that we take advantage of those. We want to make sure that we build their prowes and capabilities up through our practiced relationships. And as they get better, were better. Its less threat surface for us to look at. On the challenging side, however, with partnerships, we still struggle with information sharing. How do we Exchange Information at n a timely moanner . As we have joint and Coalition Partners that stand next to us and information sharing gets difficult, we need better cross domain solutions. How do we move information at the speed of warfare and take it to our Defense Industrial base . How do we help safeguard our nations most critical secrets . At the time theyre thought of through development and eventually for the introduction in our war fighting apparatus. So partnering from the idea of Mission Execution and planning and then on the side of ensuring that were able to share information with a common level of protection is critical for us. All of these have varying efforts that are ongoing in the building today and serve again that framework i just described. The last piece, and its one of the most critical. It involves a level of trust. Trust with the taxpayer. Trust with our government. And keeping that trust and not breaking faith with our work force. And our war fighters. We need reform. Some of this reform is going at pace which is pretty respectable, and others may be at pace that needs to be picked up and made better. So what do we mean by reform . This is the idea of scarce resources being applied in the most consistent, meaningful, and thoughtful ways. Gone are the days for everyone doing whats right in their own eyes. The word that really surfaces to me the most under this category is standards. Weve talked a lot about standards setting. We already understand what requirements do to the acquisition cycle. This is the idea of making sure that we have common standards that we drive to. And that we have an apparatus in place to inspect what we expect. That we have adherence to the standards. Nothing is more frustrating than publishing a set of standards and not following them and not even knowing that youre not following them. But the idea of following through with the expectation that we have a level of adherence and compliance and commitment to those means were a better war fighting organization as a result. This reform has to be deep. All the way through the lowest level when we start looking at our work force all the way up to the most strategic ways we plan for actions and activities. Weve got to look across the department to make sure we dont have unnecessary redundanciered. You know, there was a time in the information environment when it was new. When we used terms like Information Operations, military information, support informations, those types of things. We went to congress and we asked for money on kind of this new frontier for us at scale. Its always been practiced, but this was at scale, and embraced by the department. There was a time where that money, i believe, flowed a bit too freely. And we couldnt always account for how it was spent. We couldnt always look at measures of effectiveness. We had a lot of measures of performance, but we couldnt provide the so what to the money we were given and what was really a permissive, friendly, giving environment turned into a very challenged environment to demonstrate a level of sufficiency and to rebuild trust. Ill tell you that i think that were probably not too far off be in some of the realms within cyber if were not careful. People want to help us. Our leadership wants to help empower us in this area, but we have to be very, very good stewards on how the money is spent. It has to be data driven and really show the level of effectiveness for how we commit these treasures. So every single day we wake up in the principle cyber advisers office. Our relationship with the chief Information Officer couldnt be closer. The relationships that we have with our services, components, chiefs, et cetera, couldnt be closer. And we think in these three terms. Because the National Defense strategy tells us to think this way, and our Cyber Strategy demands we think this way, and the posture review which reveals the gaps that we have are framed in that rubric of lethality, partnership, and reform. Strategic thoughts . A way to kind of share a broad picture in less than ten minutes with you . And i stand ready to take what i imagine will be your challenging questions where i can answer, i look forward to answering them. Thank you. [ applause ] i dont know the rules but youre in front of me with a hand up. [ inaudible question ] outside the wire, as it were, if those guys were being hacked, who are you going to call . Thats a great question. For those who couldnt hear, this was really about how the dod responds to calls from the Defense Industrial base for a challenge they may have for Cyber Security. And one of the statements that were made, well, certainly they wouldnt call kral. I would agree with that. They may be unsatisfied with the answer since that particular mission set literally falls outside of our primary work roles but not outside the area of responsibility for department. The answer will not be as detailed as you may like, but there are challenges. Some challenges to how we share information, what information we can share, and who owns the burden of responsibility. Who owns the liability if information is shared or solutions are provided and those compromises still take place . These are not easy questions to answer. I dont pretend they have been solved at our level, but i promise you this year theyve received more attention than ive personally witnessed. And there are really probably some difficult choices in the road ahead for the department to make. I dont know what the balance is personally, and i dont know where the leadership will side on that, but if you think about that, how much should the department do, how much can the department provide and how much of the solutions are really on the part of those who own, for example, data . I will say this. No matter what that answer lies, theres one thing thats very clear. We as a unit, have to do better at securing our data. Theres no argument there. There are things and solutions in place from either basic hygiene to Good Practice to movement of information and safeguarding it that there is zero disagreement that were too porous, and we have a threat surface that lends itself to complicating the process and challenge in a way thats unnecessary. Probably not the detailed answer you would expect because that is still yet to be solved in the d. General, you have another question over here. No . Other questions . If you could take a mic, well come down