Helping schools. That sets an example of how we each do what we do best, but we do it together in partnership with the measure to say, every kid in america is safe when they go to school. That joint measure of our goal together and individual work is what so inspiring and what is aspiring when we see everybody here together at the conference. So its exciting to be here. Thank you. Thank you for the conversation today. Thank you for your service. And thank you for being on the front lines of our nation and bringing us together in this important fight. It was an honor to be with you today and thank you for the honor of joing us today. So good to be here. Good morning, everyone, i hope you are able to get caffeine in your systems, get your blood flowing. I do want to acknowledge all the media that has been with us the last four days. We appreciate all your coverage and everything you guys have done for us, so thank you guys for being here. We would like to follow that fireside conversation with the honorable and newberger by taking an indepth look at the future of cyber. For our next session, 2020 four and beyond, the hard road ahead, we have invited a distinguished group of experts to look at the topics through multiple listings. Moderating this discussion will be the former cio nasa. Our featured speaker for this conversation on the road ahead are dave frederick, assistant Deputy Director for china, National Security agency. Eric goldstein, executive assistant director for cybersecurity. Retired Lieutenant General steve. Senior executive advisor. Andrew, advisor, technologies, formally coo, cia. And david richardson, vp of product endpoint and security. Look out. Please join me in applause and welcoming our speakers. [applause] wow, good morning, everybody. I hope you have shaken off the malaise of being in a conference all week and talking to people in person. I hope you are using your devices as we are at a cybersecurity conference, thats always a good thing. We connected those devices and inserted the chinese rfid, correct. We got that at the front desk. Good morning, everybody and its great to see you. Given the Rapid Advances in technology in the ever shifting Political Economic and environmental landscape, the future of cyber threat world is sure to change. This group of experts will explore how this future will likely impact cybersecurity and things to think about in order to keep up. We might go back to some of those oldfashioned human problems that will lie ahead in the future as they are here with us today. So, gentlemen, this is an all play, so everybody gets to answer, and hopefully will you will sort yourselves out. If not, i will help you if necessary. Looking beyond cybersecurity, what big shifts are happening in the world that will change how we should be thinking about the Digital World and protected protect it . Who would like to start . I will just run the board. First of all, its a pleasure to be here at the conference, and then with this group of professionals. I think as we look at the way ahead, and im forecasting out a little bit, the things that concern me the most are democratic shifts, particularly in the global south. Lots of opportunity, but lots of challenges there. I think supply chains are increasingly becoming in issue. If you think about restrictions that weve placed on transferring technology to the p. R. C. , there is going to be a titfortat there. I think we have had the opportunity to purchase a lot of raw material from those. I think those are things that are very vital from things moving to electric vehicles to building self, so those supply chains are going to have to be reconstituted and that will require a significant investment as we move forward. And then, i think its really the combination of things we cant predict. Social economic, political, and factors will drive it. We have to really watch it. If you go back to and newbergers comments this morning, or you start with the comments its the key of partnerships. Its foreign partners, interagency partners within the u. S. Government, its commercial partners, its partnership with academia that gives us the year early warning. We never seem to predict these things exactly right, but that is going to be the critical aspect of getting through this. To build on to steves answer, i think one of the things that we should look up thats happening in real time as we are watching a digitally enabled army to take on an analog army, and we are seeing the digital army winning. We dont know how this is going to end and the overwhelming force may win out in the end, but i think theres a lot of lessons here beyond just the battlefield lessons about what a 21stcentury capability can do against it. Clearly a 20th century capability. Beyond us improving and becoming better, i think theres also others who are paying attention to this and see david can take on goliath and maybe win. I think it changes the defense dynamic broadly in the National Security dynamic broadly as people watch this unfold. Its wonderful to be here. Its really just a privilege to be on the stage. If we look at the cybersecurity ecosystem, i think at this point we could say it is defined by a constellation of actors who seek shared goals, share norms in cyberspace, freedom, openness, security, freedom and some entities that seek the inverse, and then theres the middle. Theres organizations and countries that are undecided about what these futures of the internet and the Global Digital comments should look like. So, one of our broad challenges, which applies to cybersecurity, but not only cybersecurity, is how do we in the United States convey that positive, affirmative message of the internet, of message technologies as being an ecosystem that enables growth, enables prosperity, enables freedom of expression, and that cybersecurity is an enabler of the affirmative positive vision, because right now there are too many places around the world, and the general managed just mentioned the issue of supply chain, there are countries attempting to make in roads and entering into commercial agreements, entering into supply chain dominance in a way that undermines our collective global interest in seeking a world where small d Democratic Values are the norm and are enabled by security and resilience at scale, and its up to all of us in this community to convey cybersecurity, not only as an approach to protection, but as a positive vision to advance the values in the future that we all seek. Just to remind folks, he represents the Critical Infrastructure journey, so those were important remarks. Based on the dependency of lets say, electricity and clean water. Anyway, dave. Dave its great to be back. When i was here last year, i was in Cyber Command is the executive director, now Prime Minister a new role as the assistant Deputy Director focused on china. Erica and i did not coordinate on our comments, but i want to build out on key points that he made, but starting with this focus on the p. R. C. , we really assess that the prc and the competition between the prc and the United States and our allies and partners will be the issue for the next generation. And what we are seeing happen today with the p. R. C. Is, they are exporting a digital governance model designed to improve sashes support authoritarianism and support the global inflow. That something our u. S. Partners will have to work very hard at the counter and provide some positive options, especially the global south and other regions. Another area where i think the competition between the new United States would be important as technology standards. China sees technology as the main battlefield based on some of their official statements, and weve got to work very closely in close cooperation with our foreign partners to effectively engage in standards. Those of the base, telecommunication and Cyber Security standards that we are focused on today. But we need to be focused on the emerging issues of Artificial Intelligence and other emerging technologies. Glaxos are excellent points about china where we arent in a trade war with them, and what does that mean for supply chains that we are also accustomed to having on the lessexpensive side, what does that mean and how do you make shifts. We are talking about a huge economic impact, both on the Positive Side and may be on the negative side as well. Many thoughtful remarks, thank you for that. I want to build on what youre talking about around Artificial Intelligence. Obviously there has been a lot of discussion here already around Artificial Intelligence, but that is essentially lowering the skill gap for good actors and bad actors, great, it become so simple these days to generate compelling, automated attacks, whether it be fishing emails, phishing websites, those types of things or sophisticated xplay chains or those kinds of things. Where that used to be something that required highly skilled individual to be put in a very dedicated effort. These days you can buy fish and get it online. You can buy these things online very easily, but its becoming even simpler than that with the rise of Artificial Intelligence. But theres the flip side of it, this is also a tool that could be used for good, that could be used for sorting through massive amounts of data, find the anomalies and things like that. Something that needs to be embraced by organization, as it was mentioned earlier, in attacker only needs to be right ones, and the defender, you need to be right all the time in order to successfully defend your organization. So i think Artificial Intelligence is a big one. The other one, i would say is post quantum encryption. If you get better world whether thats five days away, 40 years away or a month away, who knows these days, there will be a world where encrypted data stores will all be given enough time and enough money event of encrypted data that could be broken. Organizations need to think about where your data lives, who has access to it, even if its encrypted because theres a clock on that. Someday somebody will be able to get access to that data. When we were in the green room preparing here, and that you had mentioned theres a pretty important vulnerability thats out there right now that perhaps our audience may benefit from hearing about. Absolutely. If you havent seen the news late last night, citizen lab send out a vulnerability disclosure around a new exploit chain found in the wild. It affects pretty much every apple device out there. And this is a pretty scary exploit of basically what can happen. Someone can send you, through i message, what whats called a file thats like your boarding pass. Your flight later, or Something Like that. And your phone automatically parses that when it arrives, to generate an image, generate a pretty thumbnail, and the act of parsing that can export your device remotely. So you could receive an item from an unknown number, you dont even have to look at it, you dont have to see it or know that it even happened. Then your device can become compromised remotely and infected with advanced spyware like pegasus. They put out a patch last night for all apple devices so iphones, ipads, imax, etc. , you should get that updated soon as possible. Its very, very important, and these are the modern kinds of threats that exists the stays where your phone can be in your pocket, you can get a text message and its now compromise, and the attacker, first thing they do, delete the text message, delete the notification, you dont even know at happened. Somebody is living in your phone, somebody is watching everything thats happening in there. Thank you so much for that dr. Also remember, a friend is not going to send you tickets to taylor swift. So just keep that straight. And that is, also this is audience participation, make a note, not now, not until were done in 20 minutes and 40 seconds, dont do that update, Pay Attention to these guys. They are talking about beyond now. Exactly. There seems to be an emerging conflict between developing technologies focused on decentralization and traditional comp traditional political and Economic Industries wanting to Leverage Technology for control. How does this play out . Steve, why dont you get us started. Steve this is nothing new, its not emerging. For those who are working or have been on the government side and worked the government side. And now the commercial side, its actually a very interesting viewpoint. And we have to realize, you are working toward the same thing, but the value systems, the value chains may be a little different. If you think about, what i think a lot of people look at is, web three. Oh, or web three blockchain. So, that becomes this popular discussion and i kinda fall on the molly white viewpoint, which is, its a bunch of scammers, a bunch people that are out there, and whats the value proposition, so, thats one example of where you could be, so i think there are other examples for use of ai. Certainly generative ai. Quantum, computing for power or for encryption to protect encryption. In the Technology Come and go, i think it was said very well, in 2018, the issues, the concerns they were facing, they are not the same ones they are facing today. Part of that is a change in technology. So, where im at on this right now, that tension can be useful. I think its not just government, its not just big business and the little guys that are out there, there are a variety of factors well beyond the technology. Sometimes we jump right into the technology. I think its important to look at the other factors. They are social factors. There are economic factors. There are political factors. There are cultural factors. Either discussions we are having in the u. S. Or you might have in the european union, you might have in another place of the world may be very different than the discussion you may have in china or in russia. So, this tension between freedom and oversight, or compliance, or regulation actually, i think, is very valuable. You will have some people that will be pushing the limits, and sometimes they get themselves in trouble very, very quickly. They always either want to look for someone to bail them out, or there is another group that is exploiting gaps in regulation and oversight and compliance. So, theres a role for both the government to be involved in this space. Theres a role on the commercial side, and certainly, theres going to be a very allowed actually, increasingly more political role in this. I think where we have to be at the end of this is clear communication, very Good Partnership between the people who are deploying the technologies. The government who can provide some oversight. I think the other challenge, frankly, for the government, is getting expertise to understand the technologies, understand the effects. You think most recently the deployment of chatgpt and some of the other ai language models just creates this firestorm. Im sure the Big Companies that are deploying the capabilities, they probably did not foresee what that reaction, that visceral reaction was going to be. I know the government is still trying to sort out what is the role in this space. So, the question predicts the outcome, . 10 always going to be there, and thats actually ok, is what im saying. Thank you, steve. We are in the middle of a really interesting and dangerous time in the cyber Threat Landscape. What i characterizes both a deepening and a broadening of cybersecurity. On the broadening, we talked for a while about the democratization of the abilities manifested most tangibly as a Service Ecosystem where you are able to rent the infrastructure without any training and launch attacks on victims of your choosing and access in order to execute your malicious intent. If we combine an ecosystem of that nature with the increasing ubiquity of generative ai, we are further reducing the floor to launch damaging intrusions, we are further democratizing the availability of the abilities to actors who have malicious intent, but no capability. All you need is the intent and probably a little bit of might. Combine that with what we also see as the deepening of sophistication of some of our apex to adversaries and i will call out to this context the advisory that our partners released on our p. R. C. Web techniques, which is extraordinary challenging where we now use traditional malware untraditional control that is detectable by the cybersecurity tools that we all know and love. That wont work anymore for actors using these techniques. And you actually need to understand the activity on your network to such a degree that you can detect anomalies that indicate the adversaries using legitimate tools, Network Management tools used by the administrators, but malicious intent to gain. We see this at an intersection, democratization of capability and advancing in sophistication, what is that mean . In the first instance, a focus on resilience. The fact that our goal is detect, prevent, respond in every context. We are never going to succeed because we are never going to keep every adversary out of every Network Every time. We can do is make the investments today to make sure that when our adversaries gain access, we ideally evict them quickly but limit their ability to cause harm on the American People that it is a cultural shift because it takes us outside of the traditional cybersecurity i. T. Box, and it becomes much more of a issue than a continuity issue and thats much more where we need to be. What we would encourage is, we are preaching to the converted, but thats try to get out into the broader world and speak with the business community, the Resilience Community about how we can make these investments before they are neede