Irrigated lawns, and we had a deer herd living in downtown boulder. When the lions moved in, they were in the open space, then they discovered there was deer in town. In the lions discovered they could eat dogs and cats. That is food for them. So the lions were learning, and they have learned, that this is where they will find food. Yes, there is food up there, too, there is lots to eat in town. This is a retreat, beautifuly an a place for enrichment, enlightenment, and coming together. The people who were intended to be the audience were really what we would call the middle class. The programs were very similar. A combination of speakers of the day, also a variety of both what we might consider highbrow and lowbrow entertainment opera, classical music, and probably what wed be considered fulfill of that day. Watch all of our events from boulder on book tv, and also American History tv on cspan 3. Next, with the u. S. Is doing to prevent more cyberattacks. Then, Homeland Security jeh johnson talking about order security and counterterrorism. After that, a preview of the midterm elections with pollster charlie cook. On wednesday, Washington Post live post it representatives and independent consultants for a summit on Cyber Security. Over the next three hours, we will hear about the increasing concerns over Cyber Security and what is being done to prevent attacks. Good morning, everyone. Angst to those watching online and here in Downtown Washington thanks to those watching online and here in Downtown Washington. This is the fourth year that the post has had a Cybersecurity Conference where we bring together government, defense, state department, Homeland Security, and the Business Leaders all together to talk about cyber theft and cyber espionage. And the challenge over this years has only intensified. The u. S. Government and companies are now investing billions, many, many billions to try to secure what is valuable and what, by virtue of being connected to the internet, is vulnerable. There are a lot of bad actors. They are great hackers. What they are stealing is everything from the next generations fighter plans to a stash of credit card numbers. That is forcing on easy alliances between government and the public sector. That is one of the things we will talk about. How do secure what a company, what the government, what each of you here put on online is becoming more and more relevant, because more and more of our lives are online. Our devices are connected, our cars, our medical devices. We have a Remarkable Group of people from capitol hill, from boardrooms, from Research Labs to talk about how to make our l ives online more secure. So i encourage you to tweet questions and comments to washpostcyber. If you are in the room, you can send a question up to allison at the question desk. What a better way to start the morning than to talk to the director of darpa . The Defense Advanced Research project agency has a long line of breakthroughs. From computer networking to Stealth Technology to gps. With a 3 billion budget its mission is to prevent technological surprise to the u. S. And to create technological surprise to our enemies. But we welcome darpas director. [applause] shes now running darpa. But she has been back and forth from the government sector to the silicon valley. She has had many huge jobs in both sectors. President clinton appointed her the director of National Institute of standards and technology. She was running part of darpa as a manager in office director. She held huge jobs in the private sector. So, perhaps the woman with the coolest job in the city is going to prefix playing what darpas role is. Thank you very much, first of all, mary for the chance to be here. I think it is great to shine a light on this topic. You set about darpa a minute ag o, is correct. We were created in the wake of sputnik. We did not want to experience those kinds of surprises anymore. We like creating them instead. Thats what darpa is about. The internet is one of our babies we are very proud of, but it is a fractious teenager now. Our Mission Today is still about Breakthrough Technology for National Security. In cybersecurity, during the day, i think you will hear from people who are fighting these battles about how we keep ourselves secure. Im grateful for the work that is going on today. Our role is different. What we are asking is, what are the Technology Concepts that can fundamentally change the ground rules and give us a way to get out ahead of this explosion of talent . Give us some good news. You fund people in teams. What are they working on that will tame the unruly teenager . I will give you three examples. One of the things we are working on is how to completely reduce the attack surface so it is harder for hackers to find ways in. Including embedded systems. Ways in ways. How many ways in. A second example is we are looking at a really interesting new challenge the cyber grant challenge to find out how we could have Automated System to fight defense. I do not think we will able to keyboard ourselves on the head of the problem and throwing her people out is not going to work. So the cyber grand challenge is interesting. How much money do you get if you win . The first prize for june 2016 is 2 million. What do i have to do . 90 teams have signed up. What we are in the process of doing is building a basically cyber warfare in the boxed. A new operating system. It is going to be like capture the flag at defcon, except we are creating a league of their own for machines to fight it out. I would have to create a robot. Right. A set of programs. The whole goal is that what . Instead of human error about detecting viruses, it will be automated . Yeah. Humans, the key point is we need to get to a point where we can do detection in machines. The attacks are happening in microseconds. So today really all we can do is patch and pay and keep throwing him and said the problem. We are looking for a fundamentally different way to get faster than the pace of the growth of the threat. This challenge. Who are the people who sign up . We have been excited with the people who have signed up. We have got this enormous range of talents. We got some very eyepopping names. Tell us some eyepoppers. I do not know if that list is public. All the more reason. Tell us. My big opportunity. I will tell you where the website is. Whatever is out is whats public. Big silicon brains. Are they kids . When you look across the 90, youll find people that are all of the above. Youll find some superstars that are big academic names, people from companies, people in the hacker community. In addition to this, again, i think people are looking to darpa. You have come up with some huge things like gps. This is the unit that some of your other allstar things, the touch screen. If you look at your smart phone, it is chockfull of technologies we helped start. Some of the materials in your touch phone, the chip that sends the radio wave to the cell tower. Siri started as a project. That was groundwork that we did, and private investment came behind it. Can you talk to siri and tell it to secure the networks . If you could tell it that, you should not sleep easy. We are going to go to some audience questions to see what they have on their minds. In general, again, i think when you see how we are going to secure a network, by the end of this year, the u. N. Says 3 billion people will be online. Because of the internet of things, machines talking to machines, there are 10 billion objects. This is just getting harder and harder to feel we have privacy but also we are not going to be robbed, whether it is trade secrets or credit cards. So what is the big answer . What is the big thing youre looking for . Unfortunately, there is not is going to be a silver bullet. Again, there are pieces of this that we think and become tractable. The internet of things. Dod. Every one of our military systems has a computer or many computers. We are living the internet of things with these embedded systems. One of our programs is finding ways to build software that is unhackable for specified security properties. What that means is that theres a mathematical proof that this particular function cannot be hacked from a pathway that was not intended. So that is not going to solve the entire problem, but especially for embedded systems that might have a more manageable, a more modest number unhackable for specified of lines of code, that is tractable through this method. That is an example of reducing that attack surface, making it harder for people to come in. How do you keep the bad guys from getting unhackable software . Lets start by making sure we are secure. Isnt a lot of the Defense Departments mission to be offensive . We are getting inundated by russia and china, but we are also out there offensively. I would hope you will get into policy questions around offensive cyber. Take a slightly different direction. One of the other problems i think we are seeing is just the vastness of the Information Space of the internet environment. We love it. We use it. It is also a place where bad actors hide what they are doing. Another one of our programs is designed to find those kinds of Hidden Networks. How do you do that . Start by creating a different way to look at this information environment. A simple example a project we have been doing working with lawenforcement. Our thesis was we might be able to find a way to find Hidden Networks that would reveal a pattern that relates to Human Trafficking. We started working with lawenforcement. Learned that their use of that Information Space, how they explore that Information Space, is exactly the way you or i would do a search with google. It is a single threaded walk. By the way, it feels like Search Engines are indexing everything, but in fact they are only indexing a very small fraction of the total Public Information out there. Theyre indexing what is optimized for advertising revenue. But they are not going to get all the material that might be of interest to Law Enforcement. Our tools build deep cores through the web to look for these hidden patterns. The first project we did, we were able to find a set of phone numbers that were very heavily linked to each other in back page ads where a lot of the sex trade is advertised. We provided those numbers to lawenforcement. We gave them 600 numbers. We do not know anything about these numbers but they are linked to each other. Law enforcement found in that list 466 numbers that tied to criminal violation. They also found numbers that tied to Fund Transfers in the region around north korea. They are working on finding Human Trafficking networks. Again, we did not give them a smoking gun, but we gave them a powerful way to start grappling with this the sheer scale of the information. When you look at the cyber universe, what percentage of it is a hidden blackmarket criminal activity . I dont think we even know. There is a huge amount of the internet that is not indexed. Its not readily available through the way we think about accessing it with search. Now, a lot of that is completely the mind. All the legal and fruitful ways we use the internet. That is one of the great mysteries. Information is so vast that we do not even know. Do you have a guess, 10 . I dont know. I have seen reports that a very significant fraction of Network Traffic now is bot nets. Those could be benign bot nets, just automated programs that go out and do something on the network. Malware. Or they could be malignant. We know a lot of it is machine generated right now, which tells you something about scale. We will go to allison for audience questions. You hear me . You talked a little bit about patching and praying. Can you talk about the process being made unclean sake technology, the idea of rebuilding the internet with security in mind . I think patching and praying does work. It is the best thing we have got. We must keep doing it. We think we have got to get beyond it. It is a losing game. One of the questions we asked was if we did have a clean slate, how would you rebuild systems to make them more secure . One of the ideas was inspired by biology where one of the reasons the human race has survived plagues and ebola and other Infectious Disease partly because under the skin there is a lot of diversity among individuals. So one attack cannot wipe out the entire human race. Similarly, we are now finding ways of building complex Network Information systems where under the hood each one is different. It changes the economics for the attacker. Instead of one attack that can wipe out everyththing, its not that exciting for the attacker. The hard part is how do you not make that Assistance Administration nightmare. How to have Things Diverse under the hood but be able to be maintained seamlessly is where the challenge lies. That is an example of bringing the methodologies back to the workspace. Go ahead. One more . Darpa being created in the wake of sputnik. I think one of the hardest challenges about cyber is were trying to wrangle this problem while the information explosion is continuing. You talk about 3 billion people on the internet. 7 billion on the planet. We still have more to go. As we move to the internet of things, there will be more and more elements connected into our information universe. The moon shot for cybersecurity is to find techniques that scale faster than this explosion of information. Again, i do not think it is going to be a silver bullet, but a combination of these fundamental advances. Has the potential to get us to a place where not where we never have a problem, but where it is manageable. When do you think that will happen . When will this unease, that we are under attack every single day . When will people feel more security . I think it will happen in pieces. It is already happening. Our most particle systems get the most focused attention. Whether within dod or more throughout our economy. Gradually, i think well will achieve this greater state of cybersecurity. I do not want to be glib. I think this is technically challenging and it is challenging from a practical and policy perspective. So that is the work that is ahead of us. Their has been a lot of talk lately that it is time, the internet is of age. Its a a teenager. There needs to be some kind of global body of regulation standards that would issue an Early Warning system. What do you think . Is it time to create some kind of body that has some kind of standards . Now we know there are certain countries that are really off the grid. Thats true. I do not know the answer to that. I think people know a lot more about the policy aspects. The one thing i would just think about when you go down that path is to recognized how dynamic and fluid the situation is. Because the power of of Information Technology and the reason we put up with all these problems is that it is phenomenally capable for all the things that change how we live and work and how we create National Security. You do not want to cut any of that capability off in the process of building this underpinning for cybersecurity so the Defense Department in general, and your outfit has a lot of priorities, a lot of big issues. Right now the hot when you are working out is staying in front of Infectious Disease. Tell us, how does securing the internet and cybersecurity rank in priority . It is one of many efforts at darpa. I think of it as a foundational piece. A couple of other major things were doing. One is about finding ways to wrangle biology and turn it into useful technology. One example is work we are doing to outpace the spread of Infectious Disease. A problem that has a lot of resemblance with cybersecurity threats. Those in biology, those are problems recently cannot wrangle without using the power of the data and new information tools. If we do not have that security and that trust in systems, we will not be able to solve this other really different class we heard from the head of the cia and the head of the fbi that there is nothing that with jamming capability and hacking capability, you can take down Critical Infrastructure. You can do an enormous amount of physical damage and the theft and intellectual property. I guess im trying to figure out if we are hearing from one part of the government that it is such a big threat. So, now, like the big brains in here who are working on it, how hard are they working on it . Pretty darn hard. Dont worry. Lets be clear. National security is a, theres not a single problem that if we solve it, the country can sleep easy. Yes, it is an incredibly critical problem, but it is not the only problem. I think it is important to keep that in mind. I think its foundational and we are going to have to deal with it because of all of the other National Security challenges if we are going to build a new generation of complex military systems that can overpower a future pure adversary. That is critically important. It also relies on cybersecurity capabilities. I think theyre linked. I think you have to be clear that any of these issues that we deal with, cybersecurity is a piece. And break through. When we do hear