And so today it is important to us. We thank you for the invite. And inviting us out. So, as elaine just mentioned, we come from a background known as the National Protection and programs director. Say that ten times fast. Bonus points if you even knew what that meant. But today with a name like the u. S. Cyber security infrastructure security agency, we have that Value Proposition. We understand before we even walk in the door what the value is that were going to bring to the table. So, the name like that, while we still pass around business cards, while we still create relationships, theres still a recognition today with a name like cisa were here to help both in the Cyber Security mission and also protecting Critical Infrastructure. And that mission has changed over time as well. Today, as we move further and further away from 9 11, and that antiterrorism, post9 11 mission is gravitating towards domestic terrorism. Its gravitating towards nation state actors looking to cause damage and destruction to our Critical Infrastructure. This is an Important Mission for cisa and something we have embraced. We are our nations risk advisers. Notice i did not say risk managers, because that is your job. These are the things that you do day in and day out. You manage risk. However, it is incumbent upon us, it is on our shoulders to provide you the intelligence, the information that you need to make educated risk decisions. And we provide we pride ourselves on providing that advisory capacity. We also partner with industry. In over the last 15 years i can tell you that weve done a lot of great things that nobody knows about. So a big part of it today is providing some visibility, that Value Proposition back and foerts, that information that is now going to be in your hands to do something about when things go bump in the night, have that ability to reach out to that local protective security adviser. Reach out to cisa and have a conversation back and forth. Either in the cleared space because you have a clearance, or we tear it down below that tear line. We have that conversation about what the threat is and what are those industry best practices. What are the mitigation measures we should all be doing. We pride ourselves on having that ability to have a conversation back and forth. I think years ago some of that informationsharing just wasnt there. It was a big, black hole. Wed asked for information. Wed walk away, never to be heard rd from again. But today is an ongoing dialogue back and forth. We have information, here it is. What does it mean to you . The stakeholders in the field, the practitioners who can actually do something about it, the boots on the ground that own over 85 of all Critical Infrastructure in this country. And so now i think that conversation is a little bit more robust going back and forth. But today we are here to help manage Systemic Risk to our Critical Infrastructure and raise the security baseline with tools and resources to secure Critical Infrastructure. We do most of this through our voluntary basis. We have tabletop exercises, fullscale exercises, threat and vulnerability exercises, the ability to grant clearance, active shooter workshops, counteried workshops. Were focused on the counterusa mission as we speak. This week i was with representative joyce in pennsylvania talking about School Safety and school security. Last week i was in Salt Lake City talking to faithbased organizations about better protecting houses of worship. And today were talking about drones. Tomorrow we may be talking about some sort of reliability issue as it relates to the bulk power system or the electric grid for the United States and canada here in north america. So the portfolio is big but i can tell you theres a dedicated cadre for the people that work for Homeland Security, taking care of you, american citizens. Within cisa, we pride ourselves on the partnerships we have. We recognize that we cannot do this by ourselves. We cannot do it alone. I mentioned that private industry owns the majority of infrastructure and thats absolutely true. You also have the ability to do something about whatever mitigation, whatever threat we raise. And so we cannot do it in a vacuum. We must do whats called collective defense. And i am going to circle back on this one time at the end here. Collective defense. Where its the federal government, its our state and local partners but its also the american citizen, that when there is an issue, that we are all in this together. What impacts you s, impacts me. What impacts me could potentially impact you. So to operate in silos like we used to so many years ago, we cannot do that anymore. We are all in this together. So one of my call to actions today is to overshare threat vulnerability information. Engage local Law Enforcement, the fbi, the department of Homeland Security and have that conversation. Let us not pass around business cards when an event unfolds. Also let us not build our Crisis Response plan in the midst of crisis. Have these relationships now under blue sky conditions. And i think cisa is that conduit. It is the mechanism in which to do some of that. We have the ability to bring the right stakeholders to the table to have a very robust conversation on reliability of Critical Services. The resilience and how to best protect americans even in the face of threats like domestic terrorism. Within cisa we have broken ourselves up into ten regions looking very similar to the fema regions. I say this really to allow you the understanding that right now in your backyard, where you reside, we have protective security advisers that are there to help you. Theyre in the field. Though eat, breathe and sleep with you. They know the local politics. They know the local economy. They know the local crime stats. They know what you guys care about in your backyard. If you dont know who your protective security adviser is today, i strongly recommend reaching out, figuring out who that person is and we can provide that information to you today. So that you can have a relationship tomorrow. When youre looking for a threat and vulnerability assessment, youre looking for an exercise, looking for clearance, youre looking for someone to walk aboard your property and point out maybe gaps, point out some opportunities for improvement, understand where that enemy avenue of approach might be during an active shooter scenario. We have that ability today. We want to provide it to you today. Oh, by the way, its absolutely free. Its already bought and paid for. Since coming to cisa, my proe priorities have been pretty consistent. Like i mentioned before, weve done a lot of great things that nobody knows about, but we also chased shiny lures from time to time. Does anyone know what thats like . Really its boiling down to priorities. What is going to stop Systemic Risks, what is going to drive risks to the lowest common denominator, what are the industry best practices everyone should be doing to protect Critical Infrastructure, including houses of worship, including schools. Theres a lot of translation between a lot of sectors and the National Critical functions as to how best protect at a very foundational and fundamental level. Really one of my chief priorities is to best protect soft targets and crowded places. Now, we have seen over the last two weeks this on full display in the media. The garlic festival in california, dayton, ohio, and, of course, el paso, texas. Today we have the ability to engage the local community, provide some of these resources to become harder targets. Become a resource and provide subject matter expertise to some of those organizations or venues that dont have that Strong Security apparatus that you would see at an airport or nfl stadium. Today we have these resources to bring to bear to best protect all of us. I have three kids that go to school. High school one high schooler and two middle schoolers. And so you Better Believe that im very passionate about the issue of School Safety and school security. Our protective security adviser since the parkland shooting, which killed 17 kids down in florida, we have been we have been to over 1,185 schools across the country. And that sounds like a lot until you realize theres 130,000 schools in this country. So its coming to events like this where i can find that force multiplier, where i can say to a group of esteemed executives, we have resources. We have the ability to become better. We have subject matter expertise. Take these resources, go out in the community and talk about them. If you see something, Say Something. Run, hide, fight. Today if youre looking for an active shooter workshop, if youre looking for any kind of service, you can immediately go to dhs. Gov hometownsecurity. Now, i really hate just pointing to a reb site, but on that particular website, is the resources, the guidelines, the white papers, the videos today to become a harder target. So whether you are an outdoor venue, whether you are a concert organizer, whether you are organizing the next 5k, 10k, marathon, road race on the streets of Northern Virginia or elsewhere, we have the ability to prevent active shooter, help prevent vehicle ramming, fire as a weapon. These kind of things that dont necessarily fit that antiterrorism mission from just 15 years ago. But this is where we are. This is where we have gravitated towards and this is where the department of Homeland Security is focusing at this very moment. I talk a little about School Safety and just this week i was up in pennsylvania, did a number of panels with local congressmen up there and really talking about and engaging the school issue with administrator, students, chiefs of police, the county sheriffs, et cetera. And today we no longer can afford to put our head in the sand and say, wow, i hope this doesnt happen here. Instead i think the mantra should be, if it can happen there, it can happen here. And we better be ready for it. Now, not to scare anyone, not to advocate that were going to build fortresses around schools, but there are some very basic things we should be doing today. Many of which are absolutely free. Have a response and Recovery Plan and exercise that plan. Exercising it absolutely critical. Being a former Law Enforcement officer, i can tell you firsthand that we do not magically become better during a time of crisis. We always default to what it is that weve seen, the things that we know, how weve been trained and what we have exercised in the past. This is why Law Enforcement, why the military trains every single day. So that when crises happens, when an event happens, it becomes like second nature. We knew exactly what to do. Now, never, ever fall in love with your plan because it never goes like you want, but have the basic understandings of what to do during an active shooter. What to do during a crisis event. A couple of major emerging issues i see for industry that i want to relate to you today, and i will at some point, i promise, Start Talking about droeps, the convergence between Cyber Security, physical security and Emergency Management is here. Weve been talking about this for the last ten years now. And i think a lot of industry organizations have started to move in this direction but today we are seeing a hybrid style attack Threat Landscape. Where what you might see on the cyber side has physical security impacts. What you might attack or focus on on the physical Security Side has a Cyber Security impact. And so for us to say, yeah, you know, we meet with Cyber Security every other tuesday, were good, is no longer good enough. Today these issues, the attack methodologies, the scenarios playing out in real time are converged. Theyre here. And so many of us have cctv systems aboard some of our Critical Infrastructure back at our corporate campus, wherever you might work. Those are ipbased. Many of us have Access Control systems that are internetfacing. And so let us know have our physical Security Protective measures, be that enemy avenue of approach from a cyber perspective, getting into on you corporate system and, heaven forbid, getting into corporate systems. Insider threat. Im already seeing the heads nod up and down. Right now today we have folks that work within our companies, within Critical Infrastructure that has the Institutional Knowledge as to how to bring you to your knees. They know where the crown jewels are. They have keys to the kingdom. They know that, hey, i dont need to push that button, but if i push this button or i pull this lever or destroy that piece of infrastructure, the house of cards starts to deteriorate, it starts to fall. Maybe its a substation engineer that knows exactly what electric components are critical to your grid system. Maybe its somebody who has access to your server room that can do some sort of significant physical or Cyber Security damage. Maybe its somebody who knows what to shoot out in the field that will elicit and start cascading effects where things start to lean on each other and things start to become destroyed off a destroying piece of infrastructure. Having an Insider Threat program today is incredibly important. If im advising anyone on where to invest your next incremental dollar on security, it is the Insider Threat. Knowing what data is leaving your system. Up with day we all want to be a consultant in here. We retire and we go off to do bigger and better things. Many times those consultants before they leave their proprietary jobs will push information out. Maybe its proprietary information. Maybe its trade secrets. Maybe its customer data. Maybe its credit card information. Maybe its key contacts that you as a Company Really want to retain because you dont want it going to a competitor. Do you have the understanding of what information is leaving your system and going elsewhere to somebody elses gmail, going overseas, going to a competitor, et cetera. And same from an Access Control system. Do we have the technology in place that will flag us when somebody might be probing our system. Somebody might be trying to gain access that shouldnt have that access. Quick little example is if your company is stationed right here in washington, d. C. , and two hours south down to richmond on a sunday afternoon at 4 00, somebodys trying to badge into a facility down there that they dont have access to, and lets just say the technology worked, access denied. But is that technology flagging you . Hey, something is going on here. This person should not be trying to gain access two hours away to this piece of Critical Infrastructure. Why . So, things are always Crystal Clear in the rearview mirror. But do we have the technology in place to understand what puzzle pieces are happening around us so we can put a complete picture together . Lastly on this particular topic, that pathway to violence, do we have a program in place that identifies, highlights and provides the help needed for people that have become radicalized, that are becoming violent. And are your cyber folks talking to your physical folks . Maybe on the physical side weave had a Domestic Violence episode. We had somebody Say Something very violent to say coworker. Is that information getting back to the cyber folks that can see the fact that they are looking at radicalized material . That theyre looking at hate groups on line. Can we put all of these puzzle pieces together to identify an insider . Finally on drones. Its hard to recall life before the internet. In fact, most of our kids will never experience an unconnected world. Today our Critical Infrastructure relies on web enailed technology to operate efficiently. That includes our trains, financial system, water systems, the power grid, even the teleconference calls we get on just about every single day. All of these activities require something that is webenabled. Sometimes we decide were going to add a webenabled and internetfacing device to our system that might be a drone. We need to be very, very cognizant, very, very sensitive to what it is we are attaching to our corporate systems at all times. In terms of drone threats. Ill put this into two specific buckets. The first bucket is, chinese manufactured drones. If you are operating a chinesemanufactured drone, you are introducing and incurring potential risk into your system. We have seen this firsthand. This is not the boogie man. We have seen this with our own eyes. We have seen and engaged Critical Infrastructure that is struggling with this particular issue. What do we do about it . A couple months ago cisa pushed out an alert to industry to talk about this specific issue. No