Well. Good morning, everyone, i hope you are able to get caffeine i ys good morning, everyone. Ms,t i do want to acknowledge all of the media that has been with us for the last four days, we really appreciate all of your coverage and everything you guys have done for us so thank you guys for being here. Moderating this discussion will be renie nguyen, former cio of nasa. Our featured speaker for this conversation on the road ahead are dave frederick, assistant w director for china, National Security agency. Everett goldstein, executive director for Cyber Security, retired Lieutenant General steven fogarty. Senior executive advisor, luda allen, and her marketers, advisor of cardio technologies, formerly ceo cia and dave richardson, vp of product endpoint security, lookout. Please join me in applause in welcoming our speakers. Wow good morning, everybody. I hope you have shaken off the glaze of being here all week and finally being able to talk to people. We are in a Cyber Security conference. That is always a good thing, right . So, good morning, everybody. It is great to see you. Given the Rapid Advances in technology and the ever shifting Political Economic and environmental landscape, the future of cyber threat world is sure to change. This group of experts will explore how this feature will likely impact Cyber Security and things to think about in order to keep up and we might go back to some of those Old Fashioned human factor problems that will lie ahead in the future as they are here with us, today. So gentlemen, everybody gets to answer. Hopefully, you will sort yourself out and if not, i will help you if it is necessary. Looking beyond Cyber Security, what big shifts are happening in the world that will change how we should be thinking about the Digital World and protect it . Who would like to start . I will just run the board. First of all, it is a pleasure to be here at the conference with this group of professionals. I think as we look at the way ahead, i am forecasting out a little bit. The things that concern me the most, democratic shifts, particularly in the global south, loss of opportunity but lots of challenges. I think supply chains are increasingly becoming an issue. If you think about restrictions that we place on transfer of technology to the prc, there is going to be a fortat and i think we have had the opportunity to purchase a lot of raw material from them. Things that are very vital for everything from moving to electric vehicles to building cell phones. So those supply chains are going to have to be reconstituted. That is going to require a significant investment as we move forward. And then i think that the combination of things we cannot predict, social economic political and cultural factors that are really going to drive this but we have to watch it. And i think this is where you go back to and newbergers comments earlier this morning. The key is partnerships. So it is foreign partners, interagency partners within the Us Government, commercial partners, partnership with academia that give us early warning. We never seem to predict these things exactly right but that is going to be the critical aspect of getting through this. Thank you andy . To steves answer, i think one of the things that we should look at what is happening in sort of realtime is we are watching a digitally enabled army take on an analog army. And we are seeing the digital army, we dont know how this is going to end. The overwhelming force they went out in the end that i think theres a lot of lessons here beyond battlefield lesson about what a 21stcentury capability can do against clearly a 20th century capability. And beyond us improving and becoming better, i think there are others who are paying attention to this and seeing that david can take on goliath and maybe win. And so i think it pertains to the defense thing and the National Security dynamic as people watch this unfold. It is wonderful to be here. It is a privilege to be on this stage. If we look at the Cyber Security ecosystem, i think at this point, we can fairly say it is defined by a constellation of actors who seek, share goals, share norms and cyberspace. And some entities that seek the inverse. And then there is the middle. And that there are organizations and countries that are as yet undecided about what the future of the internet, the Global Digital comments should look like and so one of our broad challenges that apply to Cyber Security but not only Cyber Security is how we in the United States can create a positive and affirmative message of technologies as being an ecosystem that enables growth, enables prosperity, enables freedom of expression and the Cyber Security is the enabler of that affirmative vision because there are two main places around the world and we mentioned the issue of supply chain where there are countries attempting to make inroads in entering into commercial agreements, and to supply chain dominance at a way that undermines the collective global entrance and seeking a world where Democratic Values are the norm and are enabled by security scale and it is up to all of us in this community to convey Cyber Security not only as they approach protection but as that positive vision to advance the value that we all see . He represents the Critical Infrastructure agency. I think those were important remarks. Based on the interconnectedness and the electricity and clean water. It is great to be back. When i was here last year, i was the executive director and now a new role focused on china. Eric and i did not coordinate on our comments but i really want to build out on a few key points that he made and starting with the focus on the prc, we really assess the prc and the competition between the prc and the United States and our partners, it is going to be the defining issue for our generation and what we are seeing happened today with the prc, they are exploring a digital model designed to support authoritarianism and to increase the global influence so i think that is an area where our partners will have to work hard at to counter and provide some positive options especially in the global south and other regions. Another area where i think the competition is going to be critically important is technology standards. The technology is the main battlefield, the official statement and we got to work very closely in close cooperation with our foreign partners to effectively engage in standards. Cyber Security Standards but we need to be thinking about emerging issues in Artificial Intelligence and other emerging technologies. We are sort of in a trade war of sorts with china and what does that mean for the supply chain that we are also accustomed to having on the lessexpensive side so we are talking about a huge Economic Impact both on the Positive Side and the negative side. Very thoughtful remarks. I want to build on what we were talking about. Obviously, there has been a lot of discussion around Artificial Intelligence. That is essentially lowering the skill gap. It become so simple these days to generate compelling automated attacks whether that is fishing websites and those kinds of things or sophisticated , those kinds of things where that used to be something that required a highly skilled individual to be put into a very dedicated effort. You can buy online very easily but it is becoming even simpler than that with the rise of Artificial Intelligence. The flipside, this is also a tool that can be used for good, can be used for sorting through massive amounts of data, something that needs to be embraced by organizations. As it was mentioned earlier, an attacker only needs to be right once and the defender, you have to be right all the time in order to successfully defend your organization. Artificial intelligence, that is a big one. The other when i would say close quantum inscription. Whether you think about a world that is four years away or five years away, a month away. There will be encrypted data stores given enough time and money. Every source can be broken. The Organization Needs to think about where the data lives and who has access to it even if it is encrypted because there is a clock on that and someday, someone will be able to get access to that data. We are preparing and you had mentioned there was probably a pretty important vulnerability out there that our audience may benefit from hearing about. If you have not seen the news late last night, citizens lab sent out a vulnerability disclosure around called blast past and it affects pretty much every apple device out there. And this is a pretty scary exploit. What can happen is someone can send you through imessage what is called a pass kit file which is basically like your boarding pass, for your flight later or Something Like that. And your phone automatically parses that when it arrives to generate an image and the act can exploit your device remotely. So you could receive an iphone message from an unknown number. You dont even have to open it, see it, know that it happened and your device can become compromised remotely and infected with advanced spirals like pegasus and this is found in the wild. Apple put out a patch last night for all apple devices. You should get that updated as soon as possible. These other modern threats that exist these days. And it is now compromised and the attacker deletes the text message and dilutes the notification and you dont even know what happened. Somebody has been living in your phone, watching everything that is happening in their. Thank you so much. And remember, a friend is not going to send your tickets to taylor swift. So just keep that straight. This is audience participation. Not until we are done in 27 minutes and 47 seconds. Dont do the update. Pay attention to these guys. There seems to be an emerging conflict between developing Technology Focused on decentralization and traditional political and economic entities wanting to Leverage Technology for control. How does this play out . Steve . This is nothing new. This is a constant. Particularly for those who have been on the government side, have worked the government side. Have flipped to the commercial side, it is actually a very interesting viewpoint. What you realize is youre working toward the same thing but the value systems of the value change may be a little different. But i think a lot of people would look at, web three block chain. So that becomes this popular discussion and i kind of follow on the molly white viewpoint which is it is a bunch of scammers, a bunch of hucksters, people that are out there and what is the Value Proposition . And so, that is one example of where you can be. I think there are other examples. You said ai. Certainly, ai, generative ai. Quantum either computing for power or encryption. So the technologies will come and go. I think you said it very well. In 2018, the issues, the concerns they were facing, they are not the same ones that they are facing today and part of that is change in technology. So where i am at on this right now, that tension can be useful. And i think it is not just government, not just big business. The little guy out there, there are a variety of factors well beyond the technology and sometimes, you can jump right into the technology. I think it is important to look at some of those other factors. There are social factors, economic factors, political factors. Cultural factors. If discussions we are having in the u. S. Or that you might have in the european union, you might have in other places in the world may be very different than the discussion you are going to have in china or in russia. And so, this tension between freedom and oversight or compliance or regulation actually, i think, is very valuable. Because some people are going to be pushing the limits and sometimes they get themselves in trouble very quickly. They always either want to look for someone to build them out or there is another group that are exploiting gaps in regulation and oversight in compliance. So there is a role for both the government to be involved in this space, there is a role on the commercial side. And certainly, there is going to be a very round, increasingly more political role in this. And so, i think where we have to be at the end of this, clear communication, very Good Partnership between people deploying the technologies, the government who can provide some oversight. I think the challenge frankly for the government is getting expertise to understand the technologies, understanding the second and third order effects. Most recently, chat and some of the other ai language models just create this firestorm. And i am sure in the big companies, they probably did not receive with that reaction, that visceral reaction was going to be. And the government is still trying to swear out, what is the role of government in this space. And so, the question outcome, tension is always going to be there and that is actually okay is what i am saying. Eric . We are in the middle of an interesting and dangerous period in the cyber Threat Landscape and i characterize as a deepening and a broadening of Cyber Security risk. And the broadening, we are talking about the democratization of Cyber Capabilities manifested most tangibly by the ransomware system where you are able to rent functionally rent structure without any training and launch attacks on victims of your choosing and even leveraging access brokers to gain access to victims in order to execute malicious intent. If we combine an ecosystem of that nature with increasing ubiquity of generative ai, we are further reducing the floor to launch damaging intrusions. We are further democratizing the availability, capabilities to actors who have malicious intent but no capability. Now, really all you need is the intent and a little bit of money. Combine with what we also see which is the deepening maturation and sophistication of some of our adversaries and i will call out the advisory released on prc living off the land techniques which is extraordinarily challenging trendline where instead of using traditional malware, traditional infrastructure that is detectable by these Cyber Security tools that we all know and love, that is not going to work anymore. And you actually need to understand the activity on your network to such a greater degree that you can detect anomaly that indicates adversaries using legitimate tools, Network Management tools by your administrators but from malicious intent and to gain. You see this as an intersection, democratization and advancing. What does that mean . It is a focus on resilience. The fact that if our goal is to respond in every context, we will never succeed because we are never going to keep every adversary out of every Network Every time. What we can do is make investments to make sure that whenever adversaries gain access, we limit their ability to cause harm on American Organization and the american people. That is a bit of a cultural shift because it takes us out of the box and becomes much more of a business issue and Business Continuity issue but that is where we need to be. What we encourage, we are little bit preaching to the converted but lets try to get out into the broader world and speak with the Business Community about how we can join these disciplines and make investments. Thank you so much, eric. How about you, dave . I think the part i would reinforce, one is a trend that has been very positive is the relationship, the partnership between the government and the private sector. I think there is still a lot of room to get better but when i kind of reflect back and when i first came out of the intelligence side, focusing on cyber and Cyber Security around 2016 timeframe, it isnt improved so much. Continuing to work on that, the private sector with Cyber Security and with government support, i think it is going to be critical to deal with these trend. The other piece i would like to way through, how do we have an effective conversation with Business Leaders about investment size Cyber Security. There is the risk of folks pulling back on investments so how can Cyber Security community have an effective conversation about risk . Make sure we are not too much in the mode where we are trying to make the case and trying to keep the foot on the gas in terms of deeper improvements to network and hygiene. The resiliency through zero trust. Recognizing that this is ofttimes the call center. How do we get for that . I dont live in that world. I dont envy the folks that have to make those cases. I do think the work like we are doing in the government with the advisories is helpful in the sense that we are trying to communicate some of these risks to broad audiences. We are not just keeping advice in the family anymore and i see that is a major chain across the interagency and with our foreign partners. It has been very positive for the whole community. I just want to remind folks as we talk about our external threats, you might want to think your internal threat and the more complex environments these are, your