Thank you for the conversation today, thank you for your service, and thank you for being on the front lines of our nation and bringing us together in this important fight. It was an honor to be up here with you today. Thank you for the audience for engaging as well. A to be here. Thank you. Good morning everyone. I hope you guys are able to get your blood flowing. I do want to acknowledge all the media that has been with us for the last four days. We appreciate all your coverage and everything you guys have done for us, so thank you for being here. We would like to follow that fireside conversation with the honorable newberger by taking a more indepth look at the future of cyber. For our next session, 2024 and beyond, the hard road ahead, we have invited a distinguished group of experts to look at the topics through multiple lenses. Moderating this discussion will be renee when, former cio nasa our featured speaker for this conversation on the road ahead are dave frederick, assistant Deputy Director for china, National Security agency. Eric goldstein, executive assistant director for cybersecurity csds is a retired Lieutenant General steve fogarty, Senior Executive adviser, ruth allen, andrew market, adviser of Cardio Technology formerly c. O. O. Cia and dave richardson, vp of product and point insecurity. Look out. These join me and applause and welcoming our speakers. Wow,. I good morning, everybody. We hope you have shaken up the malaise of being a conference all week and talking to people in person. We hope that has worked for you. We hope youre using your devices as we are at a cybersecurity conference. That is always a good thing. You connected those and inserted the chinese rfid, correct . You got that at the front desk. Super. Good morning, everybody. It is great to see you. So given the Rapid Advances in technology and the ever shifting Political Economic and environmental landscapes, the future of cyber threat world is sure to change. This group of experts will explore how the future will likely impact cybersecurity and things to think about in order to keep up and we might go back to some of those oldfashioned human factor problems that will lie ahead in the future as they are here with us today. So gentlemen, this is all play where everybody gets to answer and hopefully you will sort your selves out, if not, i will help you if seri. So looking beyond cybersecurity, what big shifts are happening in the world that will change how we should be thinking about the digital world, and protect it . Who would like to start. I will just run the board here. Thank you. First of all, it is a pleasure to be here at the conference and then with this group of professionals. I think as we look at the way ahead, i am forecasting out a little bit, the things that concerned me the most, democratic shifts, particularly in the global south, loss of opportunity, loss of challenges, i think supply chains are increasingly becoming an issue. If you think about restrictions that we placed on transferring technology to the prc, there is going to be a for tat and i think you know, we have had the opportunity to purchase a lot of raw material from them, or things that are very vital for everything from moving to electric vehicles to building cell phones. So those supply chains are going to have to be reconstituted and that is going to require no significant investment as we move forward. So i think that it is really the combination of things we cannot predict, social economic political and cultural factors that are really going to try this, but we have to watch it, and i think this is where if you go back to newbergers comments this morning if you start, the key is partnerships. So it is foreign partners interagency partners within the u. S. Government, commercial partners, it is partnership with academia that give us at least Early Warning for these things. We never seem to predict these things exactly right, but that is going to be the critical aspects of getting through this. Thank you. Andy . To fill out steves answer, i think one of the things that we should look at what is happening in real time as we are watching a digitally enabled army take on an analog army, and we are seeing the digital army winning, we dont know how this will end, and overwhelming force may win out at the end, but i think there is a lot of lessons here beyond just valid field lessons about what a 21stcentury capability can do against clearly a 20th century capability, and you know, beyond us improving and becoming better, i think there is also others paying attention to this and seeing that david can take on goliath and maybe when, and so i think it changes the defense dynamic broadly, the National Security dynamic as people watch this unfold. Great. Thank you. It is wonderful to be here. It is a privilege to be on this stage. If we look at the cybersecurity ecosystem, i think we can fairly say it is defined by a constellation of actors who seek shared goals, shared norms and cyberspace, freedom opened to security resilience and some entities that seek the inverse and then there is the middle and theres organizations and countries that are in many ways as yet undecided about what the future of the internet, of the Global Digital comments should look like him and so one of our broader challenges which applies to cybersecurity, but not only is how do we in the u. S. Convey that positive affirmative message of the internet of Network Technologies as being an ecosystem that enables growth, enables prosperity, enables freedom of expression and that cybersecurity is an enabler of that affirmative positive vision because right now there are too many places around the world and he mentioned the issue of supply chains, where there are countries attempting to make inroads into entering into commercial agreements, entering into supplychain dominance in a way that undermines our collective global interest in seeking a world where small Democratic Values are the norm and are enabled by security and resilience and it is up to all of us in this community to convey cybersecurity not only as an approach to protection, but as a positive vision to advance the values in the future that we all seek. Thank you. He represents the Critical Infrastructure security agency. So those were important remarks. Based on the interconnect events and dependency on electricity and clean water, anyway, dave. It is great to be back. But i was here last year i was in Cyber Command, executive director and now i am in a focus on china. Eric and i did not coordinate on comments, but i want to build out on some key points he made, and starting with this focus on the prc, we really ss that the prc and competition between prc and the u. S. And our partners, it is going to be the defining issue for the next generation, and what we are seeing happened today with the prc is they are exporting a digital governance model designed to support authoritarianism and increase their global influence, and so i think that is an area our partners will have to work hard at to counter and provide some positive options, especially in the south and other regions. Another area i think competition between the u. S. And piercy is going to be critically important is in technology standards. The China Technology is the main battlefield based on some of their official statements, and we have got to work closely, in close cooperation with our foreign partners to effectively engage in standards for the basis of telecommunication cybersecurity standards, we need to be thinking about the emerging issues of standards related to a. I. And other emerging technologies. Excellent points about china. We are sort of in a trade route of sorts with them and what does that mean or supply chains that we are also accustomed to having on the less expensive side and what does that mean and how do you make shifts . We are talking about a huge Economic Impact both on the Positive Side and negative side as well. Very thoughtful remarks. Thank you. I went to build on what you were talking about around a. I. I think there has been a lot of discussion on the ready around a. I. , but that is essentially lowering the skullcap for both good actors and bad actors. It becomes so simple these days to generate compelling automated attacks, whether that be phishing websites, those kinds of things, or sophisticated exploit chains and those kinds of things. You know, that used to be something that required highly skilled individuals to be put in a dedicated effort. These days you can buy a kit online, you can buy things online easily, but it is becoming even simpler than that with the rise of Artificial Intelligence. The flipside is this is a tool that can be used for good, that can be used for sorting through massive amounts of data to find the anomalies and things like that. Something that needs to be embraced by organizations as it was mentioned earlier, an attacker only needs to be right ones, and that offender, as a defender you need to be right all the time in order to successfully defend your organization. So i think Artificial Intelligence is one, the other i would say is post quantum encryption, you know, if you got a world, five years away or 40 years away or a month away, who knows these days, there will be a world where encrypted stores will all be given enough time and money and everything can be broken. Organizations need to think about where your data lives and who has access to it, even if it is encrypted because they have a clock on that. Someday somebody will be able to get access to that data. Thank you. When we were in the green room preparing and you had mentioned there is an important on our ability out there right now that perhaps our audience may benefit from hearing about. So if you have not seen the news, late last night, citizen labs sent out a better ability disclosure around a new exploit chains found in the wild called last pass, and it affects pretty much every apple device, and this is a pretty scary exploit chains, so basically what can happen is someone can send you what is called a pass file, which is basically like your boarding pass or your light or Something Like that, and your phone automatically parcels that when it arrives to generate an image could generate a pretty thumbnail and the act of parsing that can exploit your device remotely. So you could receive this from an unknown number, you dont even have to open it, you dont have to see it, you dont have to know it even happened and then your device can become compromised currently reflected with pegasus and this is exploited in the wild. Apple put out a patch last night for all apple devices, so iphones, ipads and more. You should get that update as soon as possible. It is very very important, and these are the modern kinds of threats that exist these days where your phone can be in your pocket, you can get a text and it is now compromised and the attacker, they delete the text message, delete the notification, you dont even know it happened and then somebody is living in your phone, somebody is watching everything happening. Thank you so much and remember, a friend is not going to send you tickets to taylor swift. Just keep that straight. That is also, this is audience participation. Not until are done in 27 minutes. Right . Dont do that update. Pay attention. We are talking about beyond that now. Exactly. There seems to be an emerging conflict between developing technologies focused on decentralization and traditional political and economic entities wanting to Leverage Technology for control. How does this play out chemic steve, get us started. So i think this is nothing new, it is not emerging, it is a constant i think for all of us, particularly those who have been on the government side and went the government side, and bennett now that i flipped over to the commercial side, it is an interesting viewpoint in which you realize that you are working toward the same thing, but the value systems, value chains may be different, so you think about what i think a lot of people would look at is like web three blockchain, so you know, that becomes this popular discussion, and i call on the molly white viewpoint, which is it is a bunch of scammers, you have a bunch of people that are out there you know, what is the Value Proposition . So that is one example of where you can be. I think there are other examples. Use of a. I. , generative a. I. Quantum committees are competing for power or for encryption to protect encryption. So if a technology will come and go, i think he said it well, the issues, the concerns they were facing, they are not the same ones they are facing today. Part of that is change in technology. So where i am at on this right now is that tension can be useful and i think it is not just government, not just big business and the little guys there are a variety of factors well beyond the technology, so we got right into the technology. I think it is important to look at some of those other factors are so they are social factors. There are economic errors, there are political factors that there are cultural factors. The discussions we are having in the u. S. , or you might have in the european union, you might have in other places of the world may be very different than the discussion you are going to have in china or russia. So this tension between you know, freedom and oversight or compliance or regulation actually, i think is very valuable because you are going to have some people pushing the limits and sometimes they get themselves in trouble. Very quickly, and they always either want to look for someone to bail them out or there is another group that are rapidly exploiting gaps in regulation and oversight and compliance. So there is a role for both the government to be involved in this space mother is a role on the commercial side and certainly there is going to be a very loud political, increasingly more clinical role in this. So i think where we have to be at the end of this is you know, again, clear communication, very Good Partnership between the people deploying the technologies, the government, it can provide some oversight. I think the other challenge for the government is getting expertise to understand the Technology Understanding third order facts. You think most recently the chat cbt and some of the other a. I. Language models just created this firestorm and i am sure the Big Companies deploying the capabilities, they probably did not receive what that reaction, that this world reaction was going to be, and the government is still trying to sort out exactly what is the role of government in this space, so the question has to protect the outcome. Yeah. Tensions are always going to be there and that is okay is what i am saying. Good. Thank you. We are in the middle of an interesting and dangerous. In the cyber Threat Landscape. I characterize that as a deep thing and broadening of Cyber Security risk and on the broadening, we have been talking about the democratization of cyber the capabilities manifested tangibly by the ecosystem where you are able to have the structure without any training and launch attacks on the rooms of your choosing and even access brokers to gain access to victims in order to execute the malicious intent. If we combine an ecosystem of that nature with the increasing ubiquity of generative a. I. , we are further reducing the floor to launch damaging intrusions, we are democratizing the availability to actors who have malicious intent, but no capability. Now, all you need is the intent and probably money. Combine that with what we also see, which is the deepening of sophistication of some of our apex adversaries, and i will call out the advisory that our partners released living off the land techniques, which is extraordinary and challenging when instead of using tradition or malware of the structure that is detectable by these Cyber Security tools that we all know and love, that is not going to work anymore for actors using these techniques and you need to understand the activity on your network to such a granular degree that you can detect anomalies that indicate an adversary is using legitimate tools, Network Management tools used by administrators for malicious intent and to gain. If we see this as an intersection, democratization of capability and advancing sophistication, what does that mean . This is a focus on resilience, the fact that if our goal is detect, prevent, respond in every context that we are never going to succeed because we are never going to keep every adversary of every Network Every time. What we can do is make the investments today to make sure when our adversaries gain access, we elect them quickly but we limit their ability to cause harm on the american people. That is a bit of a cultural shift because it takes us outside of the conditional cybersecurity i. T. Box and it becomes much more of a business issue and a Business Continuity issue, but that is where we need to be. What we would encourage his we are preaching to the converted, but lets try to get out into the broader world and speak with the Business Community and the Resilience Community about how we can join these disciplines and make the needed investments before they are needed. Thank you so much. Excuse me for a second. Dave. Right. So a lot to recover here. I think the parts i would reinforce kind of really bending off of erics points, one is a trend that has been positive is the relationship the partnership between government and private sector. There is still a lot of room to get better, but when i reflect back on it first came out of the intelligence side of things and started focusing on cyber and Cyber Security around 2016, it has improved so much, and continuing to work on that, continuing to align the work of private sector firms with government support, i th