Instant. But media, was ready. I we never slowed down. Schools and businesses when virtual and we powered a new reality. We are built to keep you ahead. Media, pport cspan is a public service, along with these other television providers, giving you a front row seat to democracy. Collection easterly is the director of cybersecurity and infrastructure security agency. She discussed how the agency is working a poster Election Security at an event hosted by the center for strategic and international studies. , and director jen easterly. Im not going to introduce because if you dont know her by now, what are you doing in the room . We will follow that with a panel with some very prominent experts. Im happy to do it, which i will moderate. But with that, i think the rules are, you guys talk, and after a while we throw you off stage. We got a lot to talk about. So great to have you here. Thank you for coming. Youve got an awful lot on your plate, and we want to do a bit of a deep dive in some of your issues and we will pull back and provide some of the strategic context for that. But between elections that are going on right now, election day next tuesday, and we still have obviously a conflict raising raging in ukraine with the risk of that expanding. Lots going on. So lets go ahead and get started. Lets start with that most urgent concern, which is around our election. Cisa has the function that our elections are meant to serve. So not just the cybersecurity of the i. T. Infrastructure, but making sure that our election is able to perform the function we look to it to perform, which is provided for the peaceful transition or retention of power. And thats cyber and physical and information cognitive peace. Talk to us a little bit about each of those elements. First of all, its great to be here with you and thank you to my friends and everybody who took the time. I think of you as the spiritual godmother of cisa and all the work you did for our operational component from a staff element in the foundational work you did as a commissioner, which really ended up elevating status, giving us more authorities and capabilities. Thank you, thank you, lovely to be here with you. Nearly on the verge of our fourth birthday. I do want to step back a little bit. Probably everybody in the audience knows, but its worth mentioning the newest agency and the federal government stood up by congress november of 2018 and the mission is to lead the National Effort to understand the reduce risk for the Critical Infrastructure cyber critical that americans rely on every hour of every day. Its how we get gas at the pump and food at the grocery store, money from the atm, power, water, all of that. Critical missions, as you well know. You alluded to 2k roles and they were in the k plan and our friends talk about it, but the first two pillars in the defense of cyberspace, americus Cyber Defense in the second Risk Reduction and resilient is about being the National Coordinator for resilience and security. We service the Sector Risk Management Agency for eight sectors in one subsector. Subsectors election for structure. We are seven days out from our midterm election. You know and Everybody Knows the federal government doesnt run elections. Is to stay local officials that are on the front lines of protecting democracy. We ensure they have the tools, resources, capabilities and information to run resilient elections. We have been working handinhand across the government with those Election Officials, with the vendor communities and im very confident that we have done everything we can to make election infrastructure secure and as resilient as possible. And we have been very clear that there is no information credible or specific to disrupt a compromise that election infrastructure. Its a more complex environment and i think weve ever experienced. You have Cyber Security threat from nations and Insider Threats from those who have institutional knowledge. Yet 4 horrible physical security concerns with threats of intimidation and harassment against Election Officials. And then of course you have disinformation and misinformation, which can be used by for an adversary to sow discord among the American People to undermine confidence in the integrity of our elections and to incite violence against Election Officials. For us who served and for those who have served, i think its really important that people understand these are not base this back room bureaucrats. They are people who are dedicated Public Servants who live in our towns and cities and communities and people who we see in the Bowling Alley and pta meetings in restaurants and church and they are dedicated Public Servants who are just trying to defend democracy, they are our neighbors, friends and relatives and they deserve our support and not just support, our admiration, respect and they deserve to be safe, they deserve to be safe. I dont know if you saw the oped that came out over the weekend. One in massachusetts, one in colorado, different parts of the political spectrum. I was so encouraged because they were coming together to say that elections securing elections is a nonpartisan at the end of the day, local Law Enforcement plays a Critical Role securing elections. 90 of threats are reported to Election Officials. That is absolutely critical and i am super encouraged by that. I am hopeful that is emblematic of the relationship with Law Enforcement across the board. You know our physicals security mission, we have advisers who do physicals security assessments. We spent the last several weeks doing nationwide training on how to deescalate situations. It is a really difficult physicals security and environment. On disinformation, i want to correct the record, it was something about whether we said adversarial nations were going to have influence. That was not true at all. In fact, we are concerned about russia, iran and china trying to influence our elections. There was reporting from mandiant last week about this. If you think about adversaries that are trying to sow discord and undermine integrity in our elections. And so, we are very concerned about this as i know you personally are. I want to be very clear about whats this cisas role is. We are not a Law Enforcement agency. We dont work with platforms, it is their terms of service. I want to be very clear about this. We do not censor information. Securing elections is a nonpartisan activity. Quite frankly, as someone who has worked in democratic and republican administrations, someone who has served the American People my whole life, sworn to defend the constitution of the United States and the first amendment, i want to be clear, we do not censor anything. Social media platforms do, then use does, it is entirely their decision. We do three things. We make sure people understand the tactics around disinformation. And that americans understand how to build resilience against it. How to recognize and investigate it, questioning it, not amplifying it. What does that do . It is election literacy. You talk a lot about Civics Education, it is election literacy. Elections are super complicated. And most important, we amplify the trusted voices of state and local elections officials, the people to go to if you have any questions about how voting works, go to your state and local Election Officials. Great websites, they have frequently asked questions, their own mythbusters, fact versus fiction they have created, they are the best source. I have been talking to Election Officials the past several months, they have come to me about the integrity of the vote, they are concerned about physicals disinformation, and they asked me to give a message to the American People and to the media. There are going to be errors and glitches, that happens in every election. Thats why there are multiple layers of security controls and resilience built into the system. And so, to the media i really would like to ask for everybodys health because these things are going to happen. Someone will forget their key to the polling place, a waterpipe will burst, these are not nefarious. It is super important that folks get the word on how elections work. As you know, elections are not over when the polling places close. There is so much work to be done to ensure there is reconciliation, accounting of provisional ballots, let terry votes, canvassing at the state, county and local level, sometimes it takes days and sometimes weeks to certify elections. We all need to be patient, let the machinery of democracy work. We are all in this together. Elections are the golden thread woven through the fabric of our democracy and if that unravels, our republic is at risk. So we all need to come together to protect what is most sacred. Seven days out, i am very passionate about making sure americans can vote and have confidence that the vote they cast is counted. Again, im grateful for everything you have done to set us up in this place where we can do that mission handinhand with Election Officials, thanks for letting me get that up but i think its so important. Its absolutely vital. That was a terrific explanation of the way cisa fits in to what is a National Effort here led by state and local officials as you say. Particularly the points about combating disinformation, so important because were seeing reports that our adversaries are stepping in and amplifying and creating their own disinformation around things as fundamental as the time, place and manner of voting. Putting out disinformation that there are no absentee ballots being accepted this year. Some classic kinds of things about polling places being closed, election day being moved, all of these kinds of disinformation that is designed to get people to not exercise their right to vote. To dampen turnout, to create a even more fertile field for disinformation after the fact about illegitimacy of the election process. It does particularly in this highly charged partisan environment. The potential for even more violence. So glad that you are there and leading the tremendous men and women. And i think it is very indicative of the very operational role that cisa. You and i have talked about this event, when i was leading the National Protection and programs directorate, that was always a terrible name. We were considered a headquarters component, and part of our big push was not just to change the name, but to be recognized for the operational component we already were at that time. Most folks dont have any sense really of why thats important, what is the difference therebetween being considered a headquarters or a component, and really being recognized as a operational resource for all our stakeholders within the government and across the country. But you have really taken that transition from headquarters to operational component that we fought so hard for and really taken it to a new level, with the operational work you are doing around elections all across the country. With the operational work you are doing with the private sector, really making great strides. And one of the most obvious examples is the jcdc. So i wanted to give you a minute to talk about the joint cyber collaborative, that came about right about the time [indiscernible] and we saw mr. Brutons putins decision to march into ukraine and take over a sovereign country. I want to hear a little bit about the jcdc, i would love to hear how we are doing on shields up, and questions about how sustainable is that over the long term. What parts of that are operational tempo that cannot be sustained indefinitely . What are things that have come out of the shields up collaborative effort that you hope will be enduring . Such a great question. The commission, that was one of your recommendations that got put into law with the 2021 ndaa, i i think you call this the joint cyber planning office. When i heard it, i thought that doesnt sound very good. It is the worst acronym. So um, jcpo, when i read the legislation about them it was about much more than planning, it was about how do we bring together all the Cyber Operations into a coherent way. We thought jcdc, but also because it is more indicative of the fact that it is about collaboration at the end of the day. I spent most of my career in the army and Intelligence Community at the white house where you could argue that the federal government has monopoly power. In Cyber Security, we are partnered. In particular, when you have a mission to protect Critical Infrastructure and you dont own the vast majority of it and you are not a regulatory agency, by and large you need to develop really robust partnerships, so i love the fact that the jcdc early on allowed us to create a platform to bring together partners so that fbi, cyber calms, department of justice, secret service on one platform to work with the private sector. The first thing we did which paid a lot of dividends was gave the vulnerability, then we developed what we call the alliance, which are the 20 to 25 Biggest Technology companies in the world, the Backbone Infrastructure for cybersecurity vendors, why because everything is a Technology Company these days. Critical infrastructure is protected by technology and these are the companies that have the most visibility into what is happening in terms of suspicious activity on our infrastructure. That has been terrific to work together, to share this information these companies, i in h in a wait that we could collaborate in the field office once a month. We brought together agencies, partners, separate ones for energy and finance because of concerns about possible russian attacks were retaliation. In terms of developing trusted realtime responses, transparent partnerships with the private sector, its the same thing id say about elections. Great, come learn, be transparent, we want to be transparent, responsive and add value. If we are not providing information that doesnt add value to the centers, then what were doing is not making a difference. We have gotten a lot of great feedback from all of our partners. At shields up, we wanted to have almost a tagline everybody could remember, shields up comes from star trek. But the idea was we need to be prepared for this threat, be prepared to share pieces of information that can help us proactively get ahead of that threat, then reduce risk and mitigate it. We have gone tremendous feedback from all of our partners, and big credit to the Intel Community that worked hard to make sure we could provide as much strategic warning as possible, and tactical warning so everybody could be prepared. And mitigations anybody can take up, whether you are a small business, a ceo, empower your systems. Whether you are a member of the american public, update your software, use password keeper, clicking on suspicious links, all the things we talked about during Cybersecurity Awareness month. It has been a real rallying cry, we got great feedback from all a sayinground all around. I worry about Mental Health in the workforce. A lot of people working very hard. We need a way, you know as a part of the advisory committee, to calibrate that better in terms of regions and sectors. That is what we are working on with a National Cybersecurity alert system, so we can be more clear about the levels of urgency. I would say given what is happening in russia, ukraine, some of the rhetoric coming out of russia, its not the time to put our shields down. We need to be prepared for potential activity, disruptive activity. Going back to our point on elections, they want to have disruption. They want to so discord. Fate love the partisan rank for rancor, they love tearing apart america. So we need to up our game, reduce our risk, create resilience and be prepared for the full range of cyber threats, technology, weather events, terrorist threats and things that sow discord. As ben affleck says hassle campaign, im really looking forward its been a really successful campaign, im looking forward to growing the team. At the end of the day, the point i would make is its a partnership platform. Our role is just as important as our fbi partners, our interstate and cyber calm partners, treasury, energy. It is about bringing together government and business in a coherent way. Thats what i love what christine was doing as National Cyber director, the other innovation out of the commission, hes been such a that was partner creating curve here its coherence, and great teamwork across the government. Now we have our cyber ambassador. Great team but a lot of hard work to do. You start to look at a National Cyber alert, and trying to learn lessons from terrorism advisories, from colorcoded to more nuanced. But one of the challenges in that environment was i remembered seeing at so many meetings within the department, about how to articulate the current posture, and when can you ever joint back down . Draw it back down . Euphoric on the same thing in the cyber context, with shields up now is not the time to draw down. You will always see something happening, so it seems to me one of the Biggest Challenges is to find ways to take a stepped up operational tempo that risks burnout, and work with that collaborative to say how do