Creative craigslist and craig new market. About the role of the private sector and Civil Society in u. S. Cybersecurity. This is part of an Atlantic Council discussion on the biden administrations recently released National Cyber security strategy. Its about half an hour. Thank you so much. My name is graham brook, i am the Vice President of Technology Programs here at the Atlantic Council. For those of you on our online audience, thank you so much for remaining tuned in. For those of you, just a note to our online audience that the inperson audience is getting appropriately hydrated and or caffeinated for this conversation, what we are going to kick it off right now. My role at the Atlantic Councils that weve walked the walk that all of the professionals that you just saw up on the stage are. Weve consolidated all of the programs, we do defense tech and Cyber Security and Information Technology security into one program. My role is to somewhat coordinate or be responsive to all of our folks here. I am so very excited to be joined by a man who needs no introduction, craig, of craigslist. And other philanthropic endeavors. Were gonna skip all of the kind of fluff. You are all here for the last conversation, so will skip the recap and drive straight into one really core components of what we heard in the National Cyber strategy which was public and private partnership. Craig, you led any number of efforts in supporting and activating in pushing along to do a little bit more and the latest a cyber Civil Defense. How do you see that effort . What are they doing . What happens next with them . Well, of course like everyone else im obsessed with cisa. But aside from that ive been reflecting a lot including in this conversation, what is the origin of all of this . Why am i doing it . My parents live through world war ii. Back then, everyone was expected to play a role if they could. Everyone was expected to be a patriot. There was all of this greatest generation thing. Nowadays, sometimes those terms are used by people who mean it or who are just being bull shut operators. Ive decided that i should assume that responsibility as an individual. I guess i should be a for real patriot. That means doing what i can to bring a lot of people together in Civil Society, nonprofits, civilians, to play their role in all of this. You know . That means organizing warm organizing getting teams together through the people that i work with, a lot of whom are still in this room. And to Work Together to do a lot of the things from the grassroots up. To do a lot of things that government sometimes cannot do. To actually protect us all as a country because we are a country at war much like in world war ii. We all need to play a role just like people did in world war ii. So, that is what im doing. That is what im pushing. It is my job to follow through, as im putting my money where my mouth is and so far ive committed to 100 million in those efforts, connecting people that need to be connected. Ive not done anything like that of connecting one group to cisa which i obsessed with, that hasnt happened for 20 minutes now. So, just pulling all of these people together has already happened with the help of people here, my intention is that i am not a whats going on, on the civilian level, i want to be able to tell you that i know a guy. You certainly do know a guy. I can confirm on record that craig, youre probably one of the quickest responders to emails in connecting across the space that ive ever had the pleasure of working with. One thing that stuck out in the conversation about the National Cyber strategy was this emphasis on the two major shifts. One, shifting from individual risk and responsibility to systemic responsibility for overall cyber risk. How do we create more resilient systemic lee across the space and this shift in long term investment. You walk the walk on both those things, so i guess my specific question there is, where can things like cyber Civil Defense organizations play a role in designing and helping implements, not only implementing things but creating the ideas and implementing things like labels for Technology Devices are testing programs. Things like that . Well, people can get educated in these matters. They can begin demanding that products be secured by design. The deal is that in this ongoing war we have to realize that a lot of our products we use home are internetconnected and possibly but im not that worried about my coffee maker, but any cars that i buy in the future are going to be an internetconnected device. I want to manufacturer of that car to exercise in Due Diligence to do their best to design and so that it is secure. You can only ask what is reasonable, they should make a good faith attempt to do that. Then they should make a good faith attempt to test it. And then consumer organizations like consumer ports could actually do some additional testing and slap on that car or coffee maker, lets call it, a cyber nutrition label which will say, hey, this device was tested in good faith in a reasonable way and passed. The idea is that is one path which im already funding through consumer reports. Theres other ones going on. For example, you know, Corporate Social Responsibility has to catch up with cyber shoulder defense. The idea is that these Corporate Social Responsibility groups need to start telling shareholders that there are a risk in terms of liability if companies dont make at least a good faith attempt at securing their stuff. So, that pressure is already started to happen through social responsibility groups, but maybe more importantly through the Insurance Community because of liability. Right. When i worked at the white house the cyber team was rapidly growing and whenever they wrote talking points or public remarks for an engagement that we are going to go do or Something Like that, the white house speech writers would always get us into trouble whenever we use the term cyber hygiene. They said it, thats not a term that people are going to latch onto as connotations. Lets talk about resilience. But were really talking about labels that create more resilience or cyber hygiene in the space . But the other part of that major shift in the National Cyber strategy that they just published is this element of long term investment. The United States government created long term generational investments in expertise in this space reviewing the authorities and partnerships in this space. And you want a personal level have made a number of long Term Investments in this space and in creating more resilience. So, how do you view the next lets take the frame of love trey your potential successor of support in this space. How do you view the investment that leads to what happens next . Theres a lot to unpack there. The theme is that what i am doing is trying to help and protect the people who help and protect our country. That includes a lot of organizations in cybersecurity. Theres a long list im trying to help out that includes the girl scouts. That includes girl security and groups like vets and tech. Their deal is that they train veterinarians and military spouses for jobs and careers in cybersecurity. We owe a lot to veterans and people dont often know how much we owe to military families. Its time to walk that walk. In terms of what im trying to do in terms of my succession, right now, i can put my money where my mouth is. Starting to increase my investment in nonprofit and civilian level cybersecurity. To 100 million. I have, but i do worry that i, at my age, im living in a bottle of time. I need to plan for what will happen so that i can go well beyond this 100 million to help protect the country. One plan is just to finish uploading to a hologram craig, but otherwise im trying to put my affairs in order so that the effort just keeps going on and keeps going on. I used to say that it was customer service, although it only as long as i live. And then its over. But now hologram craig will take care of that for me. Who knows . With generative artificial intelligence, the hologram craig might have some very specific language patterns that directly match what youre saying right now. I am comforted in that i started studying that kind of a. I. Sporadically, literally, 50 years ago this year. Well ahead of the curve as per usual. I guess the followup question to that is, where would you like to see other investment in this space . If you were advising other philanthropists or giving them work with Civil Society as you say that work with the people that are supporting the defenders in the space to steal a term as director easterly said, to defend america. Where would you like to see others investor time and resources . There are Resource Groups they dont fall into any category neatly. There is one group that i work with heavily and fund. What they do is scan the entire network looking for crime scenes that may even have been undetected. They go ahead and look for these, they collect evidence, they work with Law Enforcement both in the u. S. And through the world, and they are really successful in terms of treating bad actors both cybercriminals and actual spies. They have treated them to handcuffs and vacations where they can be away from all of that. This group, which i want to call for the moment ces i internet were going to leave this, but you can watch it in its entirety at cspan. Org. As we take you live to capitol hill, the u. S. Forest service and the interior department are testifying on the federal response to escalating wildfires before the Senate Energy and National Resources committee. Youre watching live coverage on cspan 3