Combining intelligence, r d, and operations and combining them with policy and partner building. So without any further adu over to you sir. Thank you. So just to get you into the atmosphe atmosphere. Yes, so we have big competition in this conference today. Were competing with national phenomena, with this who doesnt recognize this is dorian, just climbing its way up from florida after the bahamas, i hope far enough from here. But national phenomenas are a disruption to the main thing that were here, and another thing that may look like things that we need to take care of more relevant than a hurricane is the measles. So we came over to talk about cyber, so why im talking about measles . Measles is a highly contagious and very infectious disease, and we thought that most of the population thats at risk are two kinds. Those who are not immune, and those with a weak immune system. Now, we thought that it sounds like measles, like kind of pronunciati pronunciation, but its not funny. It kills a lot, and erupts an outbreak even in these days as we can see more and more in the news around the globe. We thought we e rad karadicatedk in the 60s but its still here. Why . Because of the two populations, those with the weak immune systems and those who are not immune, and this brings us so cyber. With e newe need a vavaccine. The need for vaccine goes for biology, for contagious diseases like measles and all kinds of things. If we take a look at the World Economic forum main threat s, their annual report they issue it in january, and you can focus, zoom in. The most global risks, the biggest and most dangerous risks are here. Cyber is only number five, but its number one man made. Now we talk about measles. We talk about hurricanes. This is man made, and its growing louder and faster and in fact, i got this morning an email from the World Economic forum asking me for the next years survey. I fear that its going to raise from the fifth place to even higher. So we have cyber crime. Cyber crime, the numbers are fantastic, more than 2 trillion only this year, and its climbing and raising up. I think its already six years now that the number, the amount of money stolen by cyber is larger than all the rest, different measures, physical measures et cetera and it keeps rising. Why . Because money is actually data. That we attribute value to. So if we take a look ten years ago, now its still popular to do the ten years challenge, although we have some new challenges. Critical infrastructures, after me youre going to hear chris krebs, dealing with Critical Infrastructure. Those still deal with this, yes, ten years ago black and white in cyber terms really, but still deal with the traditional, if you can call something in cyber traditional, Critical Infrastructure. We have trains. We have energy, oil, transportatio transportation, health care and others, but today, and its in a growing volume. We deal with much more Critical Infrastructure, which is Peoples Trust. The problem the Peoples Trust is much more vulnerable and much easier to undermine. When we talk about Peoples Trust, its very e louis sielusi dont need to mention here in washington, d. C. What happened three years ago and what would have happened unless the usg, the u. S. Government prepared for the midterm elections in the democratic society. We have elections in a couple of weeks, all democracies will face the same threats. All also with the financial system, its not about stealing money. Its about undermining all of our trust in the system, and its governance, its health care, its everything, and the problem is were getting more and more vulnerable as the mankind is going more and more digitalized, more and more dependent on web and dependent on Peoples Trust. The problem the bad guys. Bad guys from cyber crime groups to terrorists, terror groups, to rogue states. Well talk about iran and others, they all understand and realize that were getting more and more vulnerable, and they dont. Theyre less dependent on digital. Theyre less dependent on Peoples Trust, and they realize that we are. And this asymmetry is one of the biggest problems, but its not everything. The middle east unfortunately is kind of a magnet for all the many kind of troubles, also good things, but in our case, the cyber thing, its a magnet for Cyber Attacks and it mainly comes from a specific actor. I cant state it here. Its no secret no longer at all, its iran, and its not me saying. Other Intelligence Companies that say that. In fact if you watch some leakages coming out from the iran cyber squads, someone leaks it out, and you see a big operation that is aiming not only to israel, not only to moderate arab states but to the u. S. , to the west. This is one of the problems but not all. And another threat is that the attack services. Well, ten years ago we had emails. We even had gmail, so that was ten years ago. Today, well, too many attack surfaces. If we take a look, and i dont have the time, although its interesting to all of them, but when we talk about cyber, its no longer computer. Its about space, we just heard about the Civil Aviation things. Its much more difficult because its rf, frequencies, gps and spoofing, et cetera. One thing you should bear in mind, a. I. Becoming the new buzz word, the new thing, and rightfully. Its sfwrinteresting. The abuse of technology as ancient as mankind. Since the beginning of technology we developed the help ourselves, and the same goes with computers, cyber, a. I. In this case you can see and you can google adversarial a. I. , probably youll land on examples of kids play, photo recognition algorithms and turning it from the panda bear or school bus into whatever they want because its easy to fool them. If you reverse engineer, if you understand the basis of the a. I. Algorit algorithm. Its much less funnier when you remember that Autonomous Vehicles thats going to be all over the prailace in a couple o very short years, Autonomous Vehicles use the same algorithm to identify whether its a road, pedestrians or other cars. Now its much more serious and remember the measles. So in israel we defined cyber in a wider definition. We deal with all of that, and we dont have any privilege to know one tech surface or the other. Last but not least is remembering the nature of cyber weapons, unlike kinetic warheads or kinetic weapons. It sploeexplodes, if not it get wrinkled. The bad guys cannot take the warheads and send it back to the good guys. In cyber they can because its in code, words, letters written by human beings, so they do that, but its not enough because it leaks all the time because its cold, unlike Nuclear Material god for bid only in hollywood movies crazy terror groups. Why is it important . Its important to remember in our intelligence assessments when we are in decisionmaking process, we usually say about this big state, rogue state or others, they have air force. They have navy, they have missiles, but theyre more de r deterred. They are more responsible. They have constraints. The terror groups, theyre crazy. In israel we have hamas. They decide immediately to launch missiles over tel aviv, they do that, but they dont have air force. They dont have submarines and strategic weapons, but they do have Strategic Cyber weapons because they got hit by all they got from leaks outside the web. So they dont develop it. They dont have nsa, but they get their hands on because this is the nature of it, and thats a big difference from all the traditional weapons that we know. So i can talk for hours. I dont have the time, about new trends, new ttps, new things targeted ransomware, things that we discussed here in this great two days. But its a very lovely day here in washington, d. C. We need to remember and to be vigilant that its all this w l vectors and others that bring us to the gloomy conclusion winter is still coming. We havent seen the worst yet. What we should do about it . The antidotes in this case, the israeli antidotes. The first and most important things of course, mission is securing cyberspace. Second, and this is unique to the israeli model, you see that and one of the examples of that well come to it later is what you see on my right. On your left the innovation arena of the israeli companies, well get to that. This two goes together. We have arrows until recently, just almost two years ago we converged all the different entities into one, all the fingers into one strong fist that we call the National Cyber directorate, and the importance is to have one agency that can supervise. We have military, we have police, we have other agencies but one agency that reports directly to the israeli Prime Minister deals with cyber. Unfortunately, i dont see enough equivalence all around the globe, although the u. S. And many countries got the idea and also have the same solutions. This is critical. Something more critical, strategy. This is our strategy very simple, three layer strategy, the first one we call robust, preventative medicine like washing hands. The second is understanding and this is important to realize theres no Hermetic Solutions to cyber. Whoever tried to sell you that, kick him out of your office. Eventually were all going to get sick. So how fast we detect, how early stage we detect the how early detect the disease. How fast can we remove it and how strong are we to keep on our feet at the end that is the resilience. And lasts but not least is national defense. Its people against people. We need to treat them as alike. In this case the last example a couple months ago after hamas launched missiles and try to use cyber techniques against israel they went to the cyber squad in gaza you can see how accurate and how surgical it is , only the two floors above it are intact. No one was harmed because there was lots of warning before and thats how we still act in gaza. The hackers ran away , but not far enough. Enough to seize their computers and blasted into 1000 pieces. This is something that works. I strongly recommend not being afraid of using whatever is needed against attackers. This is something that we do not do directly. We have other forces but we are involved in prioritizing and pointing out the targets and etc. Time is running out. We have some National Solutions i will give one or two short examples. The first is the cybernet. Its a social media that connects trusted members of the israeli private and public sector. They are all connected. Very heavily secured they can all interface and interact in equal share information. This is a platform it is so successful that we got israeli members to connect solutions directly to their systems. I had a stomach ache before i did that but we send it directly to their systems another example is defacement. Every year we have a major attack around the globe. Its critical, remember Peoples Trust in such a volume i got tired of that and we developed a National Solution scanning all the major websites which is a couple hundred thousand and it detects it the moment it happens. Its a basic ai to see that something is changing in this manner. We see a rate of success. Last her before we had that we had these and numbers of attacks. You can see 19 a drop this year. No success for the bad guys just using a basic technique most of the victims didnt even know they were victims because we n to identify in the middle of the night before it was a scene and we were able to correct it a couple thoughts about echo system, here we have some great examples. This is a funding of a 4 billion. The Global Investment goes to israel it basically is based on new capital and academic research. In israel we focus on the capital. This is how it looked eight years ago when the first building opened. Six years ago you can see it looks like this. Now it is three buildings that are all operational and occupied. And the fourth is about to be opened in coming months. This is for anyone who hasnt seen it come over and see with your eyes. Even when you see the buildings besides the ones from a couple of years ago. And do not forget to visit we hope you will come and visit the israeli invention center, you can find them on the east coast of the United States. We deal with the different things, i will skip that. We are opening a small transportation. Two simple examples of what we do. We opened a direct line, and it begins with one. Polices 010. We did 911 and the opposite. Its a 119. Every civilian can call 24 7 and ask for assistance and we can send out a Response Team and assist in whatever we can do. We are controlled use center , remember the measles it behaves like a epidemic. This element can give us an essential of the first signals of an outbreak. Cyber epidemic that is about to outbreak and then we can identify patient zero , and contain it. This is the first one the second is a proactive scanning the web in the dark web to find exploits and then immediately going out and affixing them we find the exposed channels in this year took us 14 days to locate the channels and 90 of them were fixed. Last but not least, the international cooperation. In this case its Important Message to sum it up. Not a Single Agency in a single country can move the cyber successfully by itself. We need to partner up. Thats the nature of the web. These are a couple of countries that we work with. Some of them dont have as much is israel then we face some problems. One thing i want to mention was organizations like you see here. We just met with the American Development bank and we have a Great Program with him. Its a great audience here that speaks for partnerships. You can approach her, and the embassy and we are more than willing to partner. Remember we need to be immunized and Work Together and then we can eradicate the epidemic. Thank you very much. Is thank you very much yigal unna for that wonderful keynote and coming to share your insights. We are honored. Ladies and gentlemen, general Michael Hayden its a great honor to have you back and a great honor to introduce our final two speakers. Christopher krebs known to all is a great friend and is the director of the Cyber SecurityInfrastructure Agency at the department of Homeland Security we are delighted to have him speak it is my honor and privilege to introduce to you Christopher Krebs. Good afternoon im in that an enviable position between Ciaran Martin and the end of the day. I want to thank tom for having me here again. Its a great event i have a bit of a history with tom and i have spoken at his events but i remember a few years ago when i was in another role of handling a speaker request for the billington conference. I wasnt sure what it is and i needed to do a Little Research before making recommendations on whether or not to say yes or no. So i researched the event, and the founder Thomas Billington. And i was like who is this guy . Are we talking about dynamite kid, the anchor of the british bulldogs . I said who is Thomas Billington it turns out that Thomas Billington has a special talent in pulling off a meaningful Cyber Security events that bring together impressive array and variety of people. Todays event and last years event, and the prior nine years demonstrate that he plays a key role in driving the conversation in washington, d. C. And across the globe. If you take a look at yigal unna and hear globally. As that is for you. When i was thinking about what i wanted to say i had a couple of options a couple weeks ago down in Auburn University i released the Cyber Security strategic intent ive been making final tweaks and it was burning a hole in my pocket my thought do i wait for toms event or do i get it out of the way so that i can bore meaningfully talk about what this intent means. So i brought it out in auburn. I had an opportunity to lay out what this is and what Cyber SecurityInfrastructure Agency means what are vision and philosophy and priorities are today and in the out years the most meaningful part of the intent for me boils down to three different buckets. The first are the five principles of an agency. How will we execute our mission and then the goals that we will attempt to achieve. And then the five operational priorities that drive the majority of efforts. Going back to the five principles. First and foremost we have a Statutory Authority to lead the nations Critical Infrastructure protection efforts. But we do not lead alone we lead in a collaborative manner. Is working with the Cyber Security director at the nsa. Its working with karen evans at the department of energy. Alone we will fail and together we will succeed. And that is the ethos of the agency. The second piece we have to be results driven. We have to focus on a demand signal and identify the requirements that we are seeking to achieve. We do not do that alone that goes back to that collaborative. We have to work with stakeholders to identify precisely what they need address. The risk they need managed to build those coalitions. We are said to do it in a way that is a scalable. Im going to talk