WEBVTT 00:01.309 --> 00:03.819 First we have joining us , Miss Holly 00:04.010 --> 00:06.232 Berudi , the executive director of us , 00:06.232 --> 00:08.529 Cyber comm as executive director , 00:08.539 --> 00:10.706 Holly assists the commander in leading 00:10.706 --> 00:12.761 a Cyber mission force of over 12,000 00:12.761 --> 00:15.170 people . She has 20 years experience in 00:15.180 --> 00:17.520 cyber security and Signals Intelligence 00:17.530 --> 00:19.586 in the Department of Defense through 00:19.586 --> 00:21.752 both military and government service . 00:21.770 --> 00:24.840 Joining MS Birdie is Mr Felipe Paez 00:24.940 --> 00:27.069 Global lead Council Privacy and 00:27.079 --> 00:29.139 Information Protection and Global 00:29.149 --> 00:31.989 Privacy Officer at Ernst and Young . He 00:32.000 --> 00:34.111 is also a colonel in the Marine Corps 00:34.111 --> 00:36.529 and in his reserve capacity works with 00:36.540 --> 00:38.707 the office of the Staff Judge Advocate 00:38.707 --> 00:41.709 here at us , Cyber . We also have Miss 00:41.720 --> 00:44.409 Jeannie Re from Paul Weiss . Jeanie 00:44.419 --> 00:46.475 serves as co chair of the firm Cyber 00:46.479 --> 00:49.189 Security and data protection Practice 00:49.299 --> 00:52.930 from May 2017 to 2019 . She worked with 00:52.939 --> 00:55.161 Robert Mueller in the special counsel's 00:55.161 --> 00:56.828 office where she led the team 00:56.828 --> 00:58.772 investigating Russian cyber social 00:58.772 --> 01:01.060 media and intelligence efforts to 01:01.069 --> 01:03.729 influence the 2016 presidential 01:03.740 --> 01:06.180 election . And last but certainly not 01:06.190 --> 01:08.023 least we are joined by Mr Robert 01:08.023 --> 01:10.349 Sheldon . Rob is the director of public 01:10.360 --> 01:12.760 policy and strategy at crowd strike 01:12.769 --> 01:14.936 where he leads corporate engagement on 01:14.936 --> 01:17.190 a variety of us federal state and local 01:17.199 --> 01:19.143 government policies , programs and 01:19.143 --> 01:21.410 initiatives . If the company's election 01:21.419 --> 01:23.540 security initiatives serves as the 01:23.550 --> 01:25.940 company's representative at the J CDC 01:25.949 --> 01:28.116 that you heard Mr Well , talking about 01:28.116 --> 01:30.227 yesterday and heads the Congressional 01:30.227 --> 01:32.260 Affairs Practice and moderating our 01:32.269 --> 01:34.540 panel of distinguished guests is Mr Ben 01:34.550 --> 01:36.949 Caston , senior counsel for data 01:36.959 --> 01:40.010 protection and cybersecurity at visa . 01:40.300 --> 01:42.467 You may all remember Ben from his time 01:42.467 --> 01:46.110 with NSA O G C . Ben and uh the US 01:46.120 --> 01:48.720 cyber comm legal office legal teams uh 01:48.730 --> 01:51.220 spent time over the last few years 01:51.230 --> 01:54.010 discussing and writing about public 01:54.019 --> 01:56.075 private partnerships and how we move 01:56.075 --> 01:57.630 from information sharing to 01:57.630 --> 01:59.575 collaboration and implementing new 01:59.575 --> 02:01.686 statutory authorities . So there's no 02:01.686 --> 02:03.852 one better to moderate this panel . So 02:03.852 --> 02:06.075 Ben , I'll turn it over to you . Thanks 02:06.075 --> 02:08.186 Sarah and thank you to Colonel Hayden 02:08.186 --> 02:10.352 and the command for having us . Um The 02:10.352 --> 02:12.463 theme for this year's conference , as 02:12.463 --> 02:14.575 you've heard , I think multiple times 02:14.575 --> 02:16.797 over the last day or so is partnerships 02:16.797 --> 02:19.019 and general talked about this morning , 02:19.019 --> 02:21.075 Mr Wales talked about it yesterday . 02:21.075 --> 02:23.019 One of the most , I think critical 02:23.019 --> 02:24.963 pieces of one of the most critical 02:24.963 --> 02:26.908 kinds of partnerships in the cyber 02:26.908 --> 02:28.963 fight is that between government and 02:28.963 --> 02:30.963 industry . So I'm really excited to 02:30.963 --> 02:32.908 have this really esteemed group of 02:32.908 --> 02:34.963 experts on the panel to discuss that 02:34.963 --> 02:38.559 partnership . One of the things the 02:38.570 --> 02:40.792 national Cyber security strategy talked 02:40.792 --> 02:42.848 about was the strategic objective to 02:42.848 --> 02:45.279 scale public private partner , excuse 02:45.289 --> 02:47.289 me , public private collaboration . 02:47.289 --> 02:49.240 Noting that defending critical 02:49.250 --> 02:51.194 infrastructure against adversarial 02:51.194 --> 02:53.306 activity and other threats requires a 02:53.306 --> 02:55.361 model of cyber defense that emulates 02:55.361 --> 02:55.339 the distributed structure of the 02:55.350 --> 02:58.809 internet . So it's really about having , 02:58.820 --> 03:02.419 bringing your each industry partners , 03:02.429 --> 03:04.619 each government agency's insights and 03:04.630 --> 03:06.963 capabilities to the fight and trying to , 03:06.963 --> 03:09.130 trying to address these really complex 03:09.130 --> 03:12.669 challenges across the board . So , but 03:12.679 --> 03:14.679 this is not a new challenge . We've 03:14.679 --> 03:16.901 been talking about collaboration in the 03:16.901 --> 03:16.800 public , private partnerships in the 03:16.809 --> 03:18.970 cybersecurity community for years 03:18.979 --> 03:21.720 decades . Even so , Rob , I'd like to 03:21.729 --> 03:23.729 start with you the cyber security . 03:23.729 --> 03:26.062 We've been talking about it for decades . 03:26.062 --> 03:27.951 What's working , what's not , has 03:27.951 --> 03:30.229 anything changed in the last few years ? 03:30.229 --> 03:32.340 Sure , thank you . So I think there's 03:32.340 --> 03:34.396 been considerable progress on public 03:34.396 --> 03:36.285 private partnership over the last 03:36.285 --> 03:38.451 number of years . I think probably the 03:38.451 --> 03:41.100 signature achievement there is J CDC , 03:41.110 --> 03:43.580 although also NSC five and another 03:43.589 --> 03:45.422 number of other efforts , it was 03:45.422 --> 03:47.478 interesting for us to see in the new 03:47.478 --> 03:49.700 National Cyber security strategy , what 03:49.700 --> 03:51.478 seems to be an elevator or more 03:51.478 --> 03:53.669 prominent role for NCI JTF in terms of 03:53.679 --> 03:55.901 the roles emission sets that they'll be 03:55.901 --> 03:57.846 doing . And I think a lot of other 03:57.846 --> 04:01.080 government agencies that are especially 04:01.089 --> 04:03.256 in the critical infrastructure space , 04:03.256 --> 04:05.200 maybe their sector risk management 04:05.200 --> 04:04.820 agencies like the Department of Energy 04:04.830 --> 04:06.941 that they're going to try and enhance 04:06.941 --> 04:09.052 their collaborative efforts as well . 04:09.052 --> 04:12.050 So certainly no shortage of activity in 04:12.059 --> 04:14.369 that domain . I think what's been 04:14.380 --> 04:17.450 interesting is been like trying to 04:17.929 --> 04:21.790 track as this conversation has emerged 04:21.799 --> 04:23.966 from a place where it was really about 04:23.966 --> 04:27.220 information sharing only . And that was 04:27.230 --> 04:29.452 certainly sort of the tone or the tenor 04:29.452 --> 04:31.563 of the conversation if you go back 10 04:31.563 --> 04:33.674 years into something today , which is 04:33.674 --> 04:35.739 much more operationally focused and 04:35.750 --> 04:38.359 more robust . And in the meantime , 04:38.369 --> 04:40.425 there have been a lot of things that 04:40.425 --> 04:42.536 have changed fundamentally in how the 04:42.536 --> 04:42.279 industry works and even what we 04:42.290 --> 04:45.140 understand as a community about how 04:45.149 --> 04:47.316 cyber security can work to help defend 04:47.316 --> 04:49.260 individual enterprises or critical 04:49.260 --> 04:51.371 infrastructure sectors . And probably 04:51.371 --> 04:53.427 not quite as explicit of a rationale 04:53.427 --> 04:55.482 for just having these large programs 04:55.482 --> 04:57.670 that would share information only but 04:57.679 --> 04:59.790 trying to come up with ways where you 04:59.790 --> 05:01.679 can get more targeted information 05:02.019 --> 05:03.963 that's more operationally relevant 05:03.963 --> 05:06.075 directly to people who need it or can 05:06.075 --> 05:08.186 use it most . And I think that that's 05:08.186 --> 05:10.408 the thrust of some of the major efforts 05:10.408 --> 05:12.463 that we've seen over the last couple 05:12.463 --> 05:15.750 years . Thank you . Um So Holly Johnson 05:16.420 --> 05:18.642 at Kurt prompting this morning , talked 05:18.642 --> 05:20.753 about the uh under advisement program 05:20.753 --> 05:22.698 that the command runs . Rob talked 05:22.698 --> 05:24.809 about the move toward collaboration . 05:24.809 --> 05:27.031 The , the strategy talks about the need 05:27.031 --> 05:29.031 to scale . Could you just explain a 05:29.031 --> 05:29.019 little bit of how the command 05:29.029 --> 05:31.251 approaches this and , and how , how the 05:31.251 --> 05:33.473 under advisement program works ? Sure . 05:33.473 --> 05:35.640 Um So first before I say that , I just 05:35.640 --> 05:37.696 want to say it is really great to be 05:37.696 --> 05:39.696 here and it's really an honor to be 05:39.696 --> 05:41.529 able to sit this panel with such 05:41.529 --> 05:43.904 distinguished members and be among such 05:43.915 --> 05:45.804 talent . You know , General Nooni 05:45.804 --> 05:47.915 talked about the importance of talent 05:47.915 --> 05:50.137 and just seeing everyone in this room . 05:50.137 --> 05:52.359 And I know a lot of people are watching 05:52.359 --> 05:54.526 virtual . So it's just really an honor 05:54.526 --> 05:56.748 to be here and talk to you about this , 05:56.748 --> 05:58.971 you know , in terms of what the command 05:58.971 --> 05:58.554 is doing , I think I want to take a 05:58.565 --> 06:00.929 step back and talk about the 06:00.940 --> 06:03.162 authorities that we've been underpinned 06:03.162 --> 06:05.329 with . Right . General Nason mentioned 06:05.329 --> 06:07.496 the National Defense Authorization Act 06:07.496 --> 06:09.384 section 16 42 B which gave us the 06:09.384 --> 06:11.720 authorities . But Congress Congress has 06:11.730 --> 06:13.841 really embraced the fact that we need 06:13.841 --> 06:15.730 to engage with private sector and 06:15.730 --> 06:17.841 they've implemented a couple a number 06:17.841 --> 06:19.952 of authorities . So one was 16 42 B . 06:20.200 --> 06:22.450 The other one is 15 oh eight that came 06:22.459 --> 06:26.070 out in the F-22 N D A . And that's 06:26.079 --> 06:27.980 something that we've been able to 06:27.989 --> 06:30.211 employ to be able to scale , right ? So 06:30.211 --> 06:32.378 that allows us to be able to work much 06:32.378 --> 06:34.433 greater with private sector to share 06:34.433 --> 06:36.730 cyber threat information in a much more 06:36.739 --> 06:39.839 collaborative manner as Rob had said . 06:39.850 --> 06:42.072 And that's that's been a game changer , 06:42.072 --> 06:44.239 right ? Really being able to have that 06:44.239 --> 06:46.329 bidirectional exchange with private 06:46.339 --> 06:48.617 sector in terms of what they're seeing , 06:48.617 --> 06:50.395 what we're seeing and how do we 06:50.395 --> 06:52.561 actually exchange information back and 06:52.561 --> 06:54.672 forth to be able to mitigate mitigate 06:54.672 --> 06:56.839 the threat . So one of the things that 06:56.839 --> 06:58.895 we're doing to scale that is through 06:58.895 --> 07:01.230 our under advisement program , we call 07:01.239 --> 07:03.239 the small but mighty team of really 07:03.239 --> 07:05.220 technical experts that work with 07:05.230 --> 07:07.209 industry every day . But the other 07:07.220 --> 07:09.387 piece they do to scale it is the under 07:09.387 --> 07:11.442 advisement team . Well , it's within 07:11.442 --> 07:13.387 Cyber Command , the Cyber National 07:13.387 --> 07:15.609 Mission Force and really looking at how 07:15.609 --> 07:17.776 do we advance our mission and then all 07:17.776 --> 07:17.559 share information we're seeing with the 07:17.570 --> 07:19.737 private sector so they can address the 07:19.737 --> 07:21.848 threats . They're also closely linked 07:21.848 --> 07:24.279 in with NSA Cyber Collaboration Center . 07:24.290 --> 07:26.401 They actually share space with them . 07:26.401 --> 07:28.623 So they sit with them to make sure that 07:28.623 --> 07:30.790 as we're learning information from the 07:30.790 --> 07:33.012 private sector that we're able to share 07:33.012 --> 07:34.957 as much as possible with our other 07:34.957 --> 07:37.234 government partners , the other pieces , 07:37.234 --> 07:39.346 they sit in chat rooms with the joint 07:39.346 --> 07:41.401 Cyber defense collaborative that has 07:41.401 --> 07:43.512 stood up . So they are seeing what is 07:43.512 --> 07:45.290 learning through that forum and 07:45.290 --> 07:47.512 engaging with industry . What that does 07:47.512 --> 07:49.555 is help us to extend the trust that 07:49.566 --> 07:51.844 each of the organizations are building . 07:51.844 --> 07:54.041 We expand the number of partners we're 07:54.052 --> 07:56.219 working with and make sure that we can 07:56.219 --> 07:58.441 each take advantage of that information 07:58.441 --> 08:01.101 to mitigate and respond to the threats 08:01.111 --> 08:03.278 and attempt to get ahead of it as much 08:03.278 --> 08:05.481 as possible , but also rapidly respond 08:05.492 --> 08:07.659 when it comes to crisis and we need to 08:07.659 --> 08:09.770 actually respond to an incident . And 08:09.770 --> 08:11.936 that has been really key in being able 08:11.936 --> 08:14.048 to scale that and we expect that will 08:14.048 --> 08:16.048 continue to grow . That's awesome . 08:16.048 --> 08:19.070 Thank you , Holly . So Felipe Jenny , 08:19.079 --> 08:21.135 I'd like to turn to you guys now and 08:21.135 --> 08:23.246 ask about the legal side , right . So 08:23.246 --> 08:25.468 Holly talked about the authorities that 08:25.468 --> 08:27.635 underlies some of the commands efforts 08:27.635 --> 08:29.746 from the private sector side . How do 08:29.746 --> 08:31.912 legal and , and privacy considerations 08:31.912 --> 08:34.135 come into play ? Sometimes , especially 08:34.135 --> 08:35.801 before 2015 or so , the legal 08:35.801 --> 08:37.690 impediments were often cited as a 08:37.690 --> 08:39.301 barrier to collaboration and 08:39.301 --> 08:41.635 information sharing . So , if you could , 08:41.635 --> 08:43.746 you just talk a little bit about from 08:43.746 --> 08:43.609 your perspective ? Are those really are 08:43.619 --> 08:47.169 those real barriers ? Um What uh has 08:47.179 --> 08:49.539 anything changed with the CIA 2015 08:49.549 --> 08:52.169 statute a few years ago ? Um Are there 08:52.179 --> 08:54.401 additional incentives that could be put 08:54.401 --> 08:56.568 into place um to change the change the 08:56.568 --> 08:58.735 game in terms of collaboration ? Um So 08:58.735 --> 09:00.846 Felipe , can we start with you ? No , 09:00.846 --> 09:02.957 please . Oh , thank you . Great to be 09:02.957 --> 09:04.846 here . Thanks very much for , for 09:04.846 --> 09:06.957 having me and uh I'm wearing a suit , 09:06.957 --> 09:08.790 but it's a good possibility that 09:08.790 --> 09:10.735 Colonel Hayden would have probably 09:10.735 --> 09:12.901 ordered me to be here anyway . So it's 09:12.901 --> 09:15.012 great to be here . Uh The perspective 09:15.012 --> 09:16.901 that I'm trying to bring today of 09:16.901 --> 09:19.729 course , is matching my civilian 09:19.739 --> 09:22.099 uniform , which is just that completely 09:22.109 --> 09:24.049 private perspective and not 09:24.059 --> 09:25.892 representative necessarily of my 09:25.892 --> 09:28.059 current or prior employers , the usual 09:28.059 --> 09:29.726 disclaimer , but more just an 09:29.726 --> 09:31.726 opportunity to give you perspective 09:31.726 --> 09:33.837 about how the private sector looks at 09:33.837 --> 09:36.003 it and it all starts really before you 09:36.003 --> 09:35.799 even get the legal considerations 09:36.109 --> 09:38.460 question of business alignment . So the 09:38.469 --> 09:40.650 way . But ultimately somebody like me 09:40.659 --> 09:42.826 is going to be the one that's going to 09:42.826 --> 09:45.450 be asked for guidance if any government 09:45.729 --> 09:48.320 comes to a multinational or even a US 09:48.330 --> 09:50.320 company and is asked , can we 09:50.330 --> 09:52.552 collaborate , what are the parameters ? 09:52.552 --> 09:56.500 So I would say , as I was talking 09:56.510 --> 09:58.677 earlier today with the panel members , 09:59.130 --> 10:01.241 there really has to be business level 10:01.241 --> 10:03.463 alignment first and foremost before you 10:03.463 --> 10:05.574 get the legal layer . And yes , there 10:05.574 --> 10:07.574 are impediments because I would say 10:07.574 --> 10:09.741 individual organizations don't operate 10:09.741 --> 10:11.797 that differently than we do as we do 10:11.797 --> 10:13.908 staff to advocate work or other legal 10:13.908 --> 10:15.574 work streams . It starts with 10:15.574 --> 10:17.908 understanding really what is the intent . 10:17.908 --> 10:20.130 In other words , what is the overlap of 10:20.130 --> 10:22.630 business intent ? Uh and then the the 10:22.640 --> 10:25.530 overlay associated with uh the business 10:25.539 --> 10:27.706 model , you know , what are you trying 10:27.706 --> 10:29.650 to achieve ? And then what are the 10:29.650 --> 10:31.872 authorities that are relevant for you ? 10:31.872 --> 10:34.095 From that corporations or organizations 10:34.095 --> 10:36.317 perspective ? You also have those legal 10:36.317 --> 10:38.372 considerations that come into play . 10:38.372 --> 10:38.349 Once you have the business alignment , 10:38.849 --> 10:40.960 constraints , restraints from a legal 10:40.960 --> 10:43.071 perspective , start to apply . And if 10:43.071 --> 10:45.127 you're a multinational , you have to 10:45.127 --> 10:47.349 look at it through the lens of not just 10:47.349 --> 10:49.405 the US law but international law and 10:49.405 --> 10:51.238 domestic law everywhere that you 10:51.238 --> 10:53.238 operate at a minimum from an optics 10:53.238 --> 10:55.349 perspective . So as you graduate from 10:55.469 --> 10:57.469 information sharing , which is very 10:57.469 --> 10:59.580 defensible , arguably necessary to be 10:59.580 --> 11:01.691 able to stand up to clients and stand 11:01.691 --> 11:03.691 up to regulators and say , hey , we 11:03.691 --> 11:06.919 collaborate with appropriate entities 11:06.929 --> 11:08.818 to help ensure that our perimeter 11:08.818 --> 11:10.707 defense is sound and well thought 11:10.707 --> 11:12.929 through . That's not so difficult . But 11:12.929 --> 11:14.985 if you want to go to a collaborative 11:14.985 --> 11:17.207 approach that suggests something that's 11:17.207 --> 11:19.540 a little more sensitive . And of course , 11:19.540 --> 11:19.419 I think you will see a kind of a 11:19.429 --> 11:21.929 spectrum and probably not too difficult 11:21.940 --> 11:24.051 to figure out you have on one side of 11:24.051 --> 11:26.051 the spectrum organizations that are 11:26.051 --> 11:27.940 very fill in the blank government 11:27.940 --> 11:30.162 centric . It could be the US , it could 11:30.162 --> 11:32.384 be Canada , it could be whatever one of 11:32.384 --> 11:34.329 our partner countries or adversary 11:34.329 --> 11:36.440 countries may or may not be supported 11:36.440 --> 11:38.607 by their contractors are going to want 11:38.607 --> 11:40.607 to support them . They want to make 11:40.607 --> 11:42.607 their clients happy or at least the 11:42.607 --> 11:44.829 segment of that company that focuses on 11:44.829 --> 11:46.884 them will do everything to make them 11:46.884 --> 11:46.599 happy whether it's advising them or 11:46.609 --> 11:48.776 collaborating with what they're seeing 11:48.776 --> 11:50.942 as they protect their own perimeters . 11:50.942 --> 11:53.109 But as you go to the other side of the 11:53.109 --> 11:52.789 spectrum , which is a full out 11:52.799 --> 11:55.150 multinational organization , there's 11:55.159 --> 11:58.640 going to be legal and policy 11:58.770 --> 12:00.992 constraints associated with how far you 12:00.992 --> 12:02.937 can go . So in the law enforcement 12:02.937 --> 12:05.030 context , information sharing will 12:05.039 --> 12:07.039 probably be very arm's length . You 12:07.039 --> 12:07.039 know , we're not going to show you 12:07.049 --> 12:09.049 stuff unless you give us a subpoena 12:09.049 --> 12:10.827 because you have to protect the 12:10.827 --> 12:12.771 interests of the organization . If 12:12.771 --> 12:15.049 you're talking about incident response , 12:15.049 --> 12:14.780 of course , you want to collaborate 12:14.789 --> 12:16.900 because it's a win , win , but you're 12:16.900 --> 12:18.900 going to want some assurances about 12:18.900 --> 12:21.011 attribution . You're going to want to 12:21.011 --> 12:20.500 make sure that you're not creating 12:20.510 --> 12:22.969 liability for the organization or have 12:22.979 --> 12:25.146 undue exposure or lose control of your 12:25.146 --> 12:27.690 own internal investigation . And then 12:27.700 --> 12:30.033 beyond that , then you come more to the , 12:30.033 --> 12:32.510 to the more typical protect , detect 12:32.520 --> 12:34.619 and respond dynamic , the compliance 12:34.630 --> 12:37.809 side . I think that's where you , where 12:37.820 --> 12:40.210 the most space for collaboration exists 12:40.219 --> 12:41.941 because in the same way that I 12:41.941 --> 12:44.840 benchmark with other big four 12:45.979 --> 12:49.140 legal teams or in my prior efforts , 12:49.559 --> 12:51.781 when I was a General Electric , I could 12:51.781 --> 12:53.892 talk to competitors on the compliance 12:53.892 --> 12:56.115 side because it's kind of vanilla , you 12:56.115 --> 12:55.630 don't have to talk about operations to 12:55.640 --> 12:58.090 talk about approaches to strengthen 12:58.140 --> 13:00.330 perimeter defense approaches , to 13:00.340 --> 13:02.739 achieve better data protection , to 13:02.750 --> 13:04.650 reconcile privacy law across 13:04.950 --> 13:07.830 jurisdictions . So it really just 13:07.840 --> 13:10.650 depends on the constraints obviously 13:10.659 --> 13:12.881 will relate directly to what is it that 13:12.881 --> 13:15.690 you want and why do you want it ? And 13:15.700 --> 13:17.922 are we giving it to you because you are 13:17.922 --> 13:19.811 our client or because you're just 13:19.811 --> 13:21.867 asking us to generally collaborate ? 13:21.867 --> 13:24.089 And of course , when I say I am talking 13:24.089 --> 13:26.200 about a variety of different entities 13:26.200 --> 13:25.950 that of course have their own different 13:25.960 --> 13:28.090 flavors , political realities , 13:28.099 --> 13:30.266 functional realities , everything that 13:30.266 --> 13:33.960 comes with it . Yeah , I just wanted to 13:33.969 --> 13:36.239 underscore especially for the 13:36.250 --> 13:38.799 multinationals . You do actually have 13:38.809 --> 13:41.739 the interplay of conflict of law , 13:41.750 --> 13:45.700 local laws where what the 13:45.710 --> 13:49.039 USG collaboration looks like actually 13:49.049 --> 13:52.320 runs straight into then 13:52.580 --> 13:55.520 potentially being in violation of other 13:55.530 --> 13:58.690 local law requirements elsewhere . But 13:58.700 --> 14:00.969 then I think even looking at 14:02.169 --> 14:05.219 collateral consequences here within 14:06.140 --> 14:09.789 the US legal regime 14:09.799 --> 14:12.880 where even if there are impediments 14:12.890 --> 14:16.659 that are removed from sharing 14:16.669 --> 14:20.520 and US partnership , even for a US 14:20.530 --> 14:24.229 company where you take 14:24.400 --> 14:27.429 even something like a solar winds or 14:27.440 --> 14:30.950 other more recent examples , 14:31.609 --> 14:35.359 companies that have been victims of 14:35.479 --> 14:39.090 certain adversarial foreign 14:39.099 --> 14:42.619 nation state attacks , then face 14:42.630 --> 14:44.880 the gamut of 14:46.020 --> 14:49.969 other domestic enforcement , 14:49.979 --> 14:53.289 regulatory inquiries . Then they 14:53.299 --> 14:57.020 face the whole 14:57.030 --> 15:00.159 panoply of civil lawsuits 15:00.260 --> 15:02.929 and other 15:03.969 --> 15:07.239 state A G slash you know , 15:08.239 --> 15:12.049 the the whole the whole 15:13.400 --> 15:16.969 onslaught of collateral 15:17.250 --> 15:20.510 consequences that come with 15:21.099 --> 15:24.340 the fact that they have 15:24.349 --> 15:28.330 suffered a pretty significant cyber 15:28.340 --> 15:31.570 attack . And if 15:32.549 --> 15:36.099 they are on the front line of coming 15:36.109 --> 15:39.679 forward and being the face of one of 15:39.690 --> 15:43.030 these fairly significant incidents , 15:43.530 --> 15:46.409 then there's a real cost benefit 15:46.419 --> 15:48.252 analysis going back to a kind of 15:48.252 --> 15:50.500 business alignment about who comes 15:50.510 --> 15:52.677 forward when they come forward and how 15:52.677 --> 15:54.510 public facing they want to be on 15:54.510 --> 15:57.070 something like this . Thank you . So 15:57.080 --> 15:59.247 that's a really nice segue to the next 15:59.247 --> 16:01.358 topic . So we talked about needing to 16:01.358 --> 16:03.247 make the business case . It's not 16:03.247 --> 16:05.358 enough to remove barriers that that's 16:05.358 --> 16:07.080 an issue . You need to make an 16:07.080 --> 16:09.302 affirmative case for value . So Rob and 16:09.302 --> 16:11.524 then Holly be curious for your thoughts 16:11.524 --> 16:13.358 on what is government , what can 16:13.358 --> 16:15.358 government do to make that business 16:15.358 --> 16:17.469 case ? What unique value do we think 16:17.479 --> 16:19.257 the government can add in these 16:19.257 --> 16:21.146 collaboration in these efforts to 16:21.146 --> 16:23.257 collaborate , to make them valuable , 16:23.257 --> 16:25.257 to make the business case . To me , 16:25.257 --> 16:27.539 this is the most important question 16:27.559 --> 16:29.781 that we could all be spending more time 16:29.781 --> 16:32.003 really getting specific about . So I'll 16:32.003 --> 16:34.226 say , I think at times if you look back 16:34.226 --> 16:36.337 over that 10 year period that we were 16:36.337 --> 16:38.559 talking about earlier on in the panel , 16:38.559 --> 16:40.670 there was a tendency I think to treat 16:40.670 --> 16:42.726 information sharing as an end in its 16:42.729 --> 16:44.785 own . Right ? If we think about this 16:44.785 --> 16:46.896 from an ends ways means perspective , 16:47.280 --> 16:49.502 of course , it's good to , it's good to 16:49.502 --> 16:51.391 share information , but really it 16:51.391 --> 16:53.224 should be in support of a better 16:53.224 --> 16:55.336 outcome , both on the government side 16:55.336 --> 16:55.010 and then from a business value 16:55.020 --> 16:57.969 perspective . And I worry that at times , 16:58.900 --> 17:02.250 we just honed in so much on sharing , 17:02.260 --> 17:04.540 sharing , sharing that it got kind of 17:04.550 --> 17:07.500 disconnected from what that might do or 17:07.510 --> 17:09.454 help with . And then that makes it 17:09.454 --> 17:11.621 difficult to actually if you take that 17:11.621 --> 17:14.050 to a private sector company that's 17:14.060 --> 17:16.359 mainly focused on a bunch of private 17:16.369 --> 17:18.480 sector things , just the state of the 17:18.480 --> 17:20.709 business and things like that , that 17:20.719 --> 17:22.941 may not be very compelling . If someone 17:22.941 --> 17:26.000 needs to be persuaded that supporting 17:26.010 --> 17:28.121 an initiative like this , which could 17:28.121 --> 17:30.288 be , it could be costly to some degree 17:30.288 --> 17:32.454 or another , it could at least be time 17:32.454 --> 17:34.788 consuming , it could be legally complex . 17:34.788 --> 17:34.529 There could even be some reputational 17:34.538 --> 17:36.705 risk if things go awry and things like 17:36.705 --> 17:38.982 that . And just the idea of , you know , 17:38.982 --> 17:40.982 sharing for sharing sake may not be 17:40.982 --> 17:43.149 compelling enough to get folks who are 17:43.149 --> 17:45.205 in a decision making role over those 17:45.205 --> 17:47.729 hurdles . Um So , so then you know what 17:47.739 --> 17:49.850 you know , what can we do in terms of 17:49.850 --> 17:51.461 talking about concrete value 17:51.461 --> 17:55.319 propositions ? I think there have been 17:55.329 --> 17:58.140 a con instances where there wasn't 17:58.150 --> 18:01.449 really a logical center or focus for 18:01.459 --> 18:03.237 industry and government to come 18:03.237 --> 18:05.489 together to be able to have discrete 18:05.500 --> 18:08.050 areas of cooperation . And I think that 18:08.959 --> 18:11.015 in the case of J CDC , for example , 18:11.015 --> 18:12.939 some of the collaboration around 18:12.949 --> 18:14.893 pulling together information about 18:14.893 --> 18:17.116 vulnerable products during the log four 18:17.116 --> 18:19.060 G campaign over the past couple of 18:19.060 --> 18:21.227 years is a good example of J CDC being 18:21.229 --> 18:23.239 able to say we can , we can be that 18:23.250 --> 18:25.719 center for folks to collaborate and in 18:25.729 --> 18:27.951 so doing sort of set aside , you know , 18:27.951 --> 18:30.173 maybe some sort of competitive dynamics 18:30.173 --> 18:32.340 that might have taken place from folks 18:32.340 --> 18:32.229 that were able to contribute to that 18:32.239 --> 18:33.961 effort and then really present 18:33.961 --> 18:36.128 something out back to the community in 18:36.128 --> 18:37.739 a way that was a little more 18:37.739 --> 18:39.961 authoritative than if it just came from 18:39.961 --> 18:42.072 one vendor or one specific actor . So 18:42.072 --> 18:44.295 that's a really good example with other 18:44.295 --> 18:47.790 information sharing . I think that the 18:47.800 --> 18:50.359 initial sort of chorus around that from 18:50.369 --> 18:53.469 10 years ago , I think by the time you 18:53.479 --> 18:55.709 even got to this act of 2015 , and by 18:55.719 --> 18:58.560 the time you had actual efforts within 18:58.569 --> 19:00.680 government to facilitate the concrete 19:00.680 --> 19:02.847 sharing of information . By then , the 19:02.847 --> 19:04.958 industry had kind of changed a little 19:04.958 --> 19:07.180 bit so that people who wanted that type 19:07.180 --> 19:09.236 of information could get it in a way 19:09.236 --> 19:11.013 that was intermediate from some 19:11.013 --> 19:13.236 specific government actor and therefore 19:13.640 --> 19:15.949 was more convenient to consume either 19:15.959 --> 19:18.181 because it was integrated directly into 19:18.181 --> 19:20.348 products that organizations were using 19:20.348 --> 19:22.570 anyways or because it further distanced 19:22.570 --> 19:24.739 them from even some hint of a concern 19:24.750 --> 19:26.430 about a regulatory or legal 19:26.439 --> 19:28.606 intervention if there was a perception 19:28.606 --> 19:30.939 that they handled something incorrectly . 19:30.939 --> 19:33.106 And then therefore some of the some of 19:33.106 --> 19:36.209 the more tactical sharing or passing 19:36.219 --> 19:38.275 back and forth of indicators type of 19:38.275 --> 19:41.359 role emission was probably overtaken by 19:41.369 --> 19:43.591 events for some portion of the original 19:43.591 --> 19:45.591 consumers that were asking for that 19:45.591 --> 19:47.880 type of thing . I think that they are 19:47.890 --> 19:50.112 getting back to the question of sort of 19:50.112 --> 19:52.334 authoritative information , some of the 19:52.334 --> 19:54.334 work that this has done in terms of 19:54.334 --> 19:56.557 providing advisories and then also some 19:56.557 --> 19:58.168 of the work they had done in 19:58.168 --> 19:59.890 partnership with Cyber comm in 19:59.890 --> 20:02.369 partnership with FBI and others to put 20:02.380 --> 20:04.510 out really authoritative information 20:04.520 --> 20:06.719 that's relevant to specific ongoing 20:06.729 --> 20:09.420 threats that's always very well , very 20:09.430 --> 20:11.430 well received . In some instances , 20:11.430 --> 20:13.597 partner organizations like crowdstrike 20:13.597 --> 20:15.652 and others have contributed to those 20:15.652 --> 20:15.160 sort of things to make sure that 20:15.170 --> 20:17.337 they're timely , that's a good area of 20:17.337 --> 20:19.750 focus . And there are probably a number 20:19.760 --> 20:22.099 of others that we could develop further . 20:22.109 --> 20:23.942 But those are just a few initial 20:23.942 --> 20:25.969 thoughts . How does the government 20:25.979 --> 20:27.923 think about making sure that these 20:27.923 --> 20:30.569 collaborations are valuable and then 20:30.689 --> 20:32.578 sort of the inverse as well . The 20:32.578 --> 20:34.578 government is looking for something 20:34.578 --> 20:37.290 from these engagements . What value , 20:38.579 --> 20:40.890 what benefit to mission is government 20:40.900 --> 20:42.900 looking for from industry and these 20:42.900 --> 20:44.956 kinds of efforts ? Yes , sure . I'll 20:44.956 --> 20:47.178 start with you just to kind of build on 20:47.178 --> 20:49.289 like the making the business case . I 20:49.289 --> 20:51.233 think this comes down to these are 20:51.233 --> 20:53.178 shared threats , right ? These are 20:53.178 --> 20:55.289 shared threats to both the government 20:55.289 --> 20:57.400 and the private sector . And so being 20:57.400 --> 20:59.400 able to share our knowledge and our 20:59.400 --> 21:01.622 information and having that exchange to 21:01.622 --> 21:03.622 be able to address those threats is 21:03.622 --> 21:03.489 really important . And that's one of 21:03.500 --> 21:06.530 the things that we share as we work 21:06.540 --> 21:08.596 through our under advisement team is 21:08.596 --> 21:10.540 that when we get the information , 21:10.540 --> 21:12.596 we're going to take that information 21:12.596 --> 21:14.818 and do something with it , we might not 21:14.818 --> 21:14.160 be able to share what we're going to do 21:14.170 --> 21:16.390 with it all of the time , but we've 21:16.400 --> 21:18.622 built that trust that we're going to do 21:18.622 --> 21:20.678 something with it and we're going to 21:20.678 --> 21:22.844 work to mitigate the threat by working 21:22.844 --> 21:25.011 through partnerships or we're going to 21:25.011 --> 21:27.233 take that information and you know , if 21:27.233 --> 21:27.030 we can do something with it to impose 21:27.040 --> 21:29.239 costs on our adversaries , we're going 21:29.250 --> 21:31.250 to do that . So I think that that's 21:31.250 --> 21:33.910 just to me it's a strong business case 21:33.920 --> 21:36.087 and the fact that , you know , this is 21:36.087 --> 21:37.920 this is something we all need to 21:37.920 --> 21:40.087 collectively address to deal with it , 21:40.087 --> 21:42.309 not just from , you know , dealing with 21:42.309 --> 21:44.364 our national security . But just the 21:44.364 --> 21:46.880 cost that we incur from some of these 21:46.890 --> 21:49.640 attacks on our networks is huge . And 21:49.650 --> 21:52.699 so being able to actively defend and 21:52.709 --> 21:54.959 put in place mitigations but also 21:55.119 --> 21:58.000 degrade our adversary is really 21:58.010 --> 22:00.066 critically important . So I think in 22:00.069 --> 22:02.291 terms of , you know , what do we need , 22:02.300 --> 22:04.633 you know , in terms from the government , 22:04.633 --> 22:06.689 from private sector and I think vice 22:06.689 --> 22:08.856 versa is we need to build that trust , 22:08.856 --> 22:10.911 we need to be able to engage , can't 22:10.911 --> 22:13.569 wait till crisis , right ? That 22:13.579 --> 22:15.690 information exchange , that knowledge 22:15.690 --> 22:17.746 and that being able to talk with one 22:17.746 --> 22:19.912 another and share information is going 22:19.912 --> 22:22.079 to be really important . You know , we 22:22.079 --> 22:24.135 each have different authorities , we 22:24.135 --> 22:26.023 each have different apertures and 22:26.023 --> 22:25.599 there's reasons for that and there's 22:25.609 --> 22:27.619 good reason for that . But when you 22:27.630 --> 22:29.797 know , private sector entity is seeing 22:29.797 --> 22:32.170 foreign cyber threats in their networks , 22:32.180 --> 22:34.347 being able to get that information out 22:34.347 --> 22:36.291 to us so that we can actually take 22:36.291 --> 22:38.347 action on . It is really important . 22:38.347 --> 22:40.569 And when we're seeing something that is 22:40.569 --> 22:42.800 impacting private sector where they can 22:42.810 --> 22:45.032 do something with it , we should do the 22:45.032 --> 22:47.199 same thing . And so I think we need to 22:47.199 --> 22:49.143 collectively work to build more of 22:49.143 --> 22:51.579 those relationships early on , not wait 22:51.589 --> 22:53.811 until crisis because then we're already 22:53.811 --> 22:55.922 too late and we're in catch up mode . 22:57.329 --> 22:59.107 So we've talked a lot about the 22:59.107 --> 23:00.662 importance of collaboration 23:00.662 --> 23:02.885 historically , that was all voluntary , 23:02.885 --> 23:05.051 right ? That was building the business 23:05.051 --> 23:07.218 case on either side , making sure that 23:07.218 --> 23:09.273 there was a value proposition . Both 23:09.273 --> 23:11.440 Congress and the administration have . 23:11.440 --> 23:13.496 I think at least taken some steps to 23:13.496 --> 23:15.551 imposing more mandatory requirements 23:15.551 --> 23:17.662 whether on information sharing in the 23:17.662 --> 23:19.440 context of C C and cyber incent 23:19.440 --> 23:21.551 reporting for critical infrastructure 23:21.551 --> 23:23.385 or the administration's strategy 23:23.385 --> 23:25.273 referencing , the need to enhance 23:25.273 --> 23:27.218 regulation and putting more of the 23:27.218 --> 23:29.949 burden on the strategy framed it those 23:29.959 --> 23:32.119 most able to bear it . So Gina , I'm 23:32.130 --> 23:34.469 curious for your thoughts . Do any of 23:34.479 --> 23:36.368 these moves toward requiring more 23:36.368 --> 23:39.300 mandatory sharing or enhanced 23:39.310 --> 23:41.420 regulation impact the willingness of 23:41.430 --> 23:43.541 industry to collaborate voluntarily ? 23:43.541 --> 23:45.708 Are there other considerations there ? 23:45.839 --> 23:47.950 Yeah , I think , I think first of all 23:47.950 --> 23:50.061 though , um before , before answering 23:50.061 --> 23:53.930 that , uh just wanna say thank you to 23:53.939 --> 23:56.500 everybody in the room for their service . 23:56.510 --> 23:58.099 Um uh 24:00.589 --> 24:04.260 What what folks have done particularly 24:04.270 --> 24:06.180 from , from 24:07.869 --> 24:11.180 2016 has been 24:11.189 --> 24:14.290 extraordinary and particularly from 24:15.329 --> 24:18.829 2018 forward has been extraordinary in 24:18.839 --> 24:21.709 this room . And for those of us who now 24:21.719 --> 24:24.719 sit blissfully on the outside and only 24:24.729 --> 24:28.310 read in the papers and 24:28.369 --> 24:31.069 live in relative 24:32.030 --> 24:36.020 ignorance and bliss . Thank 24:36.030 --> 24:39.219 you for your service because it is nice 24:39.229 --> 24:42.290 to know that we are in your 24:42.300 --> 24:46.060 hands and it's the fact 24:46.069 --> 24:48.290 that the authorities are 24:48.430 --> 24:52.310 expanding and that and that 24:52.319 --> 24:56.020 the the the work is 24:56.030 --> 25:00.000 accelerating and that and 25:00.010 --> 25:03.060 that the priorities are there 25:03.380 --> 25:07.300 on Cyber Command is is 25:07.310 --> 25:10.400 reassuring and that there is a painful 25:10.410 --> 25:13.469 awareness that there is a need for 25:13.670 --> 25:16.910 this kind of collaboration because of 25:17.239 --> 25:20.319 the fact that there are blind spots in 25:20.390 --> 25:23.530 light of the fact that we have the 25:23.890 --> 25:27.459 structures that we have uh because 25:27.469 --> 25:29.670 there are blind spots uh given the way 25:29.680 --> 25:32.739 that we are uh organized . Um with that 25:32.750 --> 25:36.390 said , uh uh I think that um 25:37.510 --> 25:40.640 the reality is , is that , 25:41.890 --> 25:45.270 you know , where there's just a mandate 25:45.280 --> 25:48.979 that says , you know , companies must 25:49.359 --> 25:52.900 disclose , just incentivizes . Um a lot 25:52.910 --> 25:54.619 of uh 25:57.079 --> 26:00.280 high paid lawyers and business folks to 26:00.290 --> 26:04.209 figure out ways to comply to the 26:04.219 --> 26:06.250 letter , but not always the spirit 26:06.260 --> 26:08.329 because you know , it goes back , I 26:08.339 --> 26:11.349 think to this point that there really 26:11.359 --> 26:15.189 does need to be alignment in , in 26:15.199 --> 26:17.930 those disclosures and 26:18.910 --> 26:21.880 where there is this push pull 26:21.890 --> 26:25.839 everywhere else , right ? Where there 26:25.849 --> 26:28.016 isn't that alignment , it becomes very 26:28.016 --> 26:31.510 difficult to get what is intended 26:31.520 --> 26:33.969 behind those laws , which is more 26:33.979 --> 26:37.160 fulsome disclosure when there 26:37.170 --> 26:40.400 isn't a , you know , a much more 26:42.670 --> 26:45.640 360 around , you know , what's really 26:45.650 --> 26:49.119 intended there . Your thoughts 26:49.130 --> 26:51.297 especially , I'm curious from a global 26:51.297 --> 26:53.352 perspective , the US is not alone in 26:53.352 --> 26:55.074 making this move toward a more 26:55.074 --> 26:57.186 mandatory regime . Yeah , I think you 26:57.186 --> 26:59.186 see more and more countries whether 26:59.186 --> 27:01.241 it's because they're expanding their 27:01.241 --> 27:03.250 base of laws associated with data 27:03.260 --> 27:05.371 transmission , data protection , data 27:05.371 --> 27:07.538 localization . All of those touch upon 27:07.920 --> 27:09.753 whether and how you want to have 27:09.753 --> 27:11.479 visibility beyond just setting 27:11.489 --> 27:13.711 standards to what is actually happening 27:13.711 --> 27:15.933 kind of the radar . If you will I think 27:16.079 --> 27:19.900 the challenge is that for the 27:19.910 --> 27:23.380 operational implications of something 27:23.390 --> 27:25.640 that doesn't have the , what I think is 27:25.650 --> 27:28.869 a carefully tuned degree of materiality 27:28.880 --> 27:31.047 associated with what it is that you're 27:31.047 --> 27:34.119 required to , to show is I think really 27:34.130 --> 27:36.186 the key to kind of resolve if you're 27:36.186 --> 27:38.297 going to design something like that , 27:38.297 --> 27:40.519 it has to be with industry input to try 27:40.519 --> 27:42.630 to really get the benefit of whatever 27:42.630 --> 27:44.852 information makes sense while providing 27:44.852 --> 27:47.019 some degree of appropriate operational 27:47.019 --> 27:49.186 reality and protection , right ? So no 27:49.186 --> 27:51.019 organization is going to want to 27:51.019 --> 27:53.186 increase its liability profile through 27:53.186 --> 27:55.297 the sharing . But also you don't want 27:55.297 --> 27:57.019 to create a rule that captures 27:57.019 --> 27:59.170 essentially white noise , right ? You 27:59.180 --> 28:01.236 want to make it valuable information 28:01.260 --> 28:04.270 and material enough so that you're not 28:04.280 --> 28:06.391 essentially asking for something that 28:06.391 --> 28:08.391 is unrealistic or just difficult to 28:08.391 --> 28:10.359 define . So there are multiple 28:10.369 --> 28:12.959 jurisdictions that have provided 28:12.969 --> 28:16.439 challenges like that recently . And the 28:16.449 --> 28:20.150 reality is if unless you mount a 28:20.160 --> 28:22.719 team that is that does nothing but that 28:22.729 --> 28:25.729 type of reporting 24 7 , you're not 28:25.739 --> 28:27.850 going to be able to comply with those 28:27.850 --> 28:29.906 things . And even if you do comply , 28:29.906 --> 28:31.572 the value proposition of that 28:31.572 --> 28:33.517 information is almost negligible , 28:33.517 --> 28:35.683 right ? So if you want , for example , 28:35.683 --> 28:37.739 a reporting scheme that requires any 28:37.739 --> 28:39.961 penetration attempts to be reported , I 28:39.961 --> 28:42.183 mean , organizations like the ones that 28:42.189 --> 28:44.133 I worked out in my career , we get 28:44.133 --> 28:47.489 millions penetration attempts over 28:47.500 --> 28:50.790 time of one form or another . So you 28:50.800 --> 28:52.967 have to really define what do you mean 28:52.967 --> 28:55.078 by penetration attempt , an attempted 28:55.078 --> 28:56.859 one or a successful one or one 28:56.869 --> 28:59.036 involving this quantum of data or this 28:59.036 --> 29:01.147 type of data ? How comfortable are we 29:01.147 --> 29:04.040 with even addressing whether and how 29:04.050 --> 29:06.217 that data is sensitive to us ? From an 29:06.217 --> 29:08.217 IP perspective , from a client data 29:08.217 --> 29:10.161 perspective , from a personal data 29:10.161 --> 29:12.328 perspective , all these things have to 29:12.328 --> 29:14.494 be taken into account . And so I would 29:14.494 --> 29:13.689 say that that's where the public 29:13.699 --> 29:17.030 private partnership has to be heavily 29:17.040 --> 29:19.207 represented in the legislative process 29:19.207 --> 29:21.151 to make sure that you don't design 29:21.151 --> 29:23.151 something that's either not fit for 29:23.151 --> 29:25.500 purpose or , or just really difficult 29:25.510 --> 29:29.369 or just unfair from an enforcement 29:29.380 --> 29:32.449 perspective . That that's , that's a 29:32.459 --> 29:34.626 very interesting perspective . I think 29:34.626 --> 29:36.459 it's important to keep in mind , 29:36.459 --> 29:38.681 especially when you have , I think John 29:38.681 --> 29:40.681 talked this morning and yesterday , 29:40.681 --> 29:42.681 there was a lot of discussion about 29:42.681 --> 29:42.500 sort of the big companies playing an 29:42.510 --> 29:44.232 outsized role in a lot of this 29:44.232 --> 29:45.954 collaboration . A lot of those 29:45.954 --> 29:48.010 companies are companies that work in 29:48.010 --> 29:50.010 many jurisdictions . So building on 29:50.010 --> 29:52.819 that sort of global perspective , you 29:52.880 --> 29:54.991 know , we have representatives from a 29:54.991 --> 29:57.047 lot of international partners in the 29:57.047 --> 29:59.213 room and obviously the command and the 29:59.213 --> 30:01.269 agency work with partners around the 30:01.269 --> 30:03.380 globe . So I was just curious how the 30:03.380 --> 30:05.436 command thinks about partnering both 30:05.436 --> 30:07.491 with international governments , but 30:07.491 --> 30:09.658 also with the industry and how you can 30:09.658 --> 30:11.769 bring those two together . Sure , you 30:11.769 --> 30:13.602 know , and I think General Noxon 30:13.602 --> 30:15.824 actually mentioned this in his comments 30:15.824 --> 30:17.991 in terms of some of the partnerships , 30:17.991 --> 30:19.547 we were able to see between 30:19.547 --> 30:21.547 international partners , with Cyber 30:21.547 --> 30:23.713 Command and with industry in Ukraine . 30:23.713 --> 30:26.160 And that was hugely successful and we 30:26.359 --> 30:27.970 are consistently looking for 30:27.970 --> 30:30.859 opportunities . So I can't , I don't 30:30.869 --> 30:33.479 think a day goes by that doesn't say 30:33.489 --> 30:35.599 partnerships , partnerships and that 30:35.609 --> 30:38.219 extends across so many different areas 30:38.229 --> 30:41.930 in terms of industry interagency , 30:41.939 --> 30:45.040 international partners , academia . 30:45.489 --> 30:48.869 And I think it's what we try to achieve 30:48.880 --> 30:51.290 is how do we not only build those 30:51.300 --> 30:53.078 partnerships with each of those 30:53.078 --> 30:55.189 entities , but then how do we look at 30:55.189 --> 30:57.411 bringing those together and sharing the 30:57.411 --> 30:57.000 knowledge and figuring out where we can 30:57.010 --> 31:00.439 benefit ? So one example is when we 31:00.449 --> 31:02.449 send out our hunt forward teams and 31:02.449 --> 31:04.338 general mentioned this during his 31:04.338 --> 31:06.505 keynote , right , we send , you know , 31:06.630 --> 31:09.540 a team of experts , cyber defense 31:09.550 --> 31:11.772 experts out to partner nations at their 31:11.772 --> 31:13.994 invitation so that we can hunt on those 31:14.000 --> 31:16.111 networks and look for malicious cyber 31:16.111 --> 31:18.444 activities from our foreign adversaries . 31:18.444 --> 31:20.556 So one of the things we're able to do 31:20.556 --> 31:22.722 from that is find their malware , find 31:22.722 --> 31:24.611 their TTP . And then we take that 31:24.611 --> 31:26.667 information and we don't necessarily 31:26.667 --> 31:28.778 attribute it to that partner nation , 31:28.778 --> 31:30.833 whether we , where they are not , is 31:30.833 --> 31:32.889 all dependent on whether the partner 31:32.889 --> 31:35.056 nation is comfortable with it . But we 31:35.056 --> 31:37.222 will take those that malware and we'll 31:37.222 --> 31:39.389 put it into systems like virus total , 31:39.389 --> 31:41.167 right ? And that is an industry 31:41.167 --> 31:43.278 standard , everyone can get access to 31:43.278 --> 31:44.889 it , they can then take that 31:44.889 --> 31:44.714 information and put in place 31:44.724 --> 31:47.175 mitigations against those capabilities . 31:47.185 --> 31:49.185 And so that's one way we're able to 31:49.185 --> 31:51.241 bring all that together , you know , 31:51.241 --> 31:53.463 our purpose to go out there is one to , 31:53.463 --> 31:55.129 to find information about our 31:55.129 --> 31:57.074 adversaries , the TTP that they're 31:57.074 --> 31:59.241 using , that are presenting threats to 31:59.241 --> 32:01.185 us and also to share that with the 32:01.185 --> 32:01.109 partner nation . But how do we actually 32:01.119 --> 32:03.063 share that with the industry ? The 32:03.063 --> 32:05.230 other piece is a lot of when our teams 32:05.230 --> 32:07.452 go out to those partner networks , they 32:07.452 --> 32:09.675 have to actually do some studying ahead 32:09.675 --> 32:11.897 of time . What are we actually seeing ? 32:11.897 --> 32:14.020 What , what do we expect to find in 32:14.030 --> 32:16.030 that network ? And not only do they 32:16.030 --> 32:18.252 work closely with the national security 32:18.252 --> 32:20.086 agency to understand what is the 32:20.086 --> 32:22.141 intelligence picture , but we try to 32:22.141 --> 32:24.252 understand where is industry and what 32:24.252 --> 32:23.974 does industry know so that we can tie 32:23.984 --> 32:26.206 that in and really make sure that we're 32:26.206 --> 32:28.373 finding our techniques about how do we 32:28.373 --> 32:30.484 find our adversaries ? So all of that 32:30.484 --> 32:32.262 ties together and is critically 32:32.262 --> 32:34.262 important to bringing the knowledge 32:34.262 --> 32:36.428 together . Everyone has . Thanks Rob , 32:36.428 --> 32:38.317 curious for your thoughts from an 32:38.317 --> 32:40.262 industry perspective . Yeah . So a 32:40.262 --> 32:42.780 couple things . So one on just to 32:42.790 --> 32:45.329 underscore the point answer that Felipe 32:45.339 --> 32:47.310 made a moment ago , we're in a 32:47.319 --> 32:50.160 fortunate place in that . I think 32:50.170 --> 32:52.170 there's there was not a ton of lead 32:52.170 --> 32:54.337 time in terms of like when the law was 32:54.337 --> 32:56.579 being written , but at least Congress 32:57.869 --> 33:00.660 allowed to have an open period where 33:00.670 --> 33:02.837 they could engage with industry to get 33:02.837 --> 33:05.059 comments during the rule making process 33:05.059 --> 33:07.114 of folks like crowd strike and other 33:07.114 --> 33:06.969 people in the industry that had a point 33:06.979 --> 33:09.257 of view on what was going to be useful , 33:09.257 --> 33:12.060 had the opportunity to make that case 33:12.069 --> 33:14.125 directly to them . And it's going to 33:14.125 --> 33:16.180 take a little while for them to sort 33:16.180 --> 33:15.959 through all that and articulate the 33:15.969 --> 33:18.025 final rule . The thing that we would 33:18.030 --> 33:20.197 just , we all hope and this is true of 33:20.197 --> 33:22.363 folks at C as well is just that they , 33:22.363 --> 33:24.530 you know , that they end up being able 33:24.530 --> 33:26.308 to take that information and do 33:26.308 --> 33:28.030 something constructive with it 33:28.030 --> 33:30.197 ultimately to be able to help increase 33:30.197 --> 33:32.339 the security posture of individual 33:32.349 --> 33:34.182 targeted critical infrastructure 33:34.182 --> 33:36.209 entities , for example . So keeping 33:36.219 --> 33:38.969 that , keeping that in mind just like 33:39.280 --> 33:41.449 understanding that from time to time , 33:41.459 --> 33:44.420 the legal and regulatory construct that 33:44.430 --> 33:46.652 we operate in is going to change and it 33:46.652 --> 33:48.597 is going to increase candidly just 33:48.597 --> 33:50.597 based on what people's interests in 33:50.597 --> 33:53.020 meeting this threat . It just hope 33:53.030 --> 33:56.390 hopefully those things end up actually 33:56.400 --> 33:59.219 providing concrete material value . And 33:59.229 --> 34:01.007 then understanding that in some 34:01.007 --> 34:04.770 instances , if there's too much vigor 34:04.780 --> 34:07.002 about articulating new versions of some 34:07.002 --> 34:08.836 of these things , whether that's 34:08.836 --> 34:10.891 domestically , if you have different 34:10.891 --> 34:12.947 agencies that are advancing rules at 34:12.947 --> 34:14.947 the same time or obligations at the 34:14.947 --> 34:17.002 same time , you may end up with some 34:17.002 --> 34:19.169 duplication , you may end up with some 34:19.169 --> 34:21.391 gaps , overlaps or just a higher burden 34:21.391 --> 34:21.229 for folks that really by the time they 34:21.239 --> 34:23.239 need to fill out one of these , you 34:23.239 --> 34:25.461 know , these forms or make one of these 34:25.461 --> 34:27.683 submissions are having the worst day of 34:27.683 --> 34:27.189 their year in some instances , the 34:27.199 --> 34:31.179 worst day of their lives and something 34:31.189 --> 34:33.300 that we can all try and do is to make 34:33.300 --> 34:35.522 sure that folks in that space can focus 34:35.522 --> 34:37.633 on mediation first and then hopefully 34:37.633 --> 34:39.745 get to whatever they are obligated to 34:39.745 --> 34:39.080 get to based on what sector they're in 34:39.090 --> 34:41.368 and what jurisdictions they operate in . 34:41.368 --> 34:43.534 So from an international perspective , 34:43.534 --> 34:45.534 same thing , a lot of companies are 34:45.534 --> 34:47.534 global . It's difficult enough from 34:47.534 --> 34:49.969 time to time to operate within the the 34:49.979 --> 34:51.909 50 plus states in different 34:51.919 --> 34:54.030 jurisdictions that we have here . But 34:54.030 --> 34:55.863 for folks that have to deal with 34:55.863 --> 34:57.863 international regulators and things 34:57.863 --> 35:00.197 like that , that's an additional burden . 35:00.197 --> 35:02.252 Hopefully folks are approaching this 35:02.252 --> 35:04.475 sort of thing deliberately , we're in a 35:04.475 --> 35:04.290 privileged place in the United States 35:04.300 --> 35:06.411 and that other folks pay attention to 35:06.411 --> 35:08.633 what we do . So I think it's especially 35:08.633 --> 35:10.689 incumbent upon us if we want to make 35:10.689 --> 35:12.856 things easier for us , businesses that 35:12.856 --> 35:14.744 are international , international 35:14.744 --> 35:16.800 businesses that fill important roles 35:16.800 --> 35:18.911 here in the United States that we are 35:18.911 --> 35:21.133 deliberate about how we construct those 35:21.133 --> 35:23.300 obligations . Because sure enough , we 35:23.300 --> 35:25.522 will find different versions of them in 35:25.522 --> 35:27.689 other countries before long . Thanks . 35:27.689 --> 35:29.911 So before we open up to questions , I'd 35:29.911 --> 35:32.133 like to ask one final question to the , 35:32.133 --> 35:34.244 to the whole panel , John talked this 35:34.244 --> 35:37.010 morning about 2021 the exciting year 35:37.020 --> 35:39.929 that that was from a perspective for 35:39.989 --> 35:43.090 solar winds , pipeline G BS . 35:44.120 --> 35:45.953 And then we had the , you know , 35:45.953 --> 35:48.120 Russian expansion of their invasion of 35:48.120 --> 35:50.287 Ukraine and the importance of industry 35:50.287 --> 35:52.620 collaboration in addressing that threat . 35:52.620 --> 35:54.731 Um So I'd be just curious for each uh 35:54.731 --> 35:56.842 panelists thoughts on what lessons if 35:56.842 --> 35:58.953 any have we learned , should we learn 35:58.953 --> 36:00.953 from from that year in the , in the 36:00.953 --> 36:03.120 last couple of years ? Um Jen , can we 36:03.120 --> 36:04.760 start with you ? Oh , 36:07.219 --> 36:11.100 um I think 36:11.110 --> 36:14.959 it's about um how it's a problem 36:14.969 --> 36:18.050 of the commons and that really 36:18.820 --> 36:22.260 about making sure that really 36:22.270 --> 36:26.139 everybody understands that cyber is a 36:26.149 --> 36:29.939 collective back to your point that 36:29.949 --> 36:33.439 we really all actually need to be 36:33.449 --> 36:36.649 invested and incentivized to contribute 36:36.979 --> 36:40.699 and do our fair share . And I'm not 36:40.709 --> 36:42.600 sure that any of us have actually 36:42.610 --> 36:45.290 really fully taken that on board . 36:48.929 --> 36:51.570 So I think I'd offer two things . One 36:51.580 --> 36:54.689 is , I love the mantra . Cyber security 36:54.699 --> 36:57.010 is national security , right ? We've 36:57.020 --> 36:58.909 talked a lot about cyber security 36:58.909 --> 37:01.129 threats . We've talked , you know , we 37:01.139 --> 37:03.139 often talked about them as if , you 37:03.139 --> 37:05.139 know , hey , there's a new threat , 37:05.139 --> 37:07.028 there was a new incident with the 37:07.028 --> 37:09.028 network , how do we respond ? But I 37:09.028 --> 37:11.250 don't think we really talked about what 37:11.250 --> 37:13.083 that meant . And so I think when 37:13.083 --> 37:15.361 colonial pipeline happened , even then , 37:15.361 --> 37:17.250 you know , before then looking at 37:17.250 --> 37:19.250 criminal actors and what ransomware 37:19.250 --> 37:21.639 could do to our national security you 37:21.649 --> 37:23.816 know , our critical infrastructure and 37:23.816 --> 37:25.760 key resources , I think that was a 37:25.760 --> 37:27.982 moment that we really , as a nation , I 37:27.982 --> 37:30.149 think , fully understood and even as a 37:30.149 --> 37:32.479 government understood how significant 37:32.550 --> 37:34.820 cyber threats were and that it wasn't 37:34.830 --> 37:37.790 just contained to well funded nations , 37:37.800 --> 37:40.399 to adversaries . Right . That is , it 37:40.409 --> 37:42.659 can expand to for profit , criminal 37:42.669 --> 37:45.199 organizations who can attack our 37:45.209 --> 37:47.760 networks and affect our way of life . 37:47.770 --> 37:49.989 Right . I mean , that impacted our gas 37:50.000 --> 37:52.222 supply on the east coast . Right . That 37:52.222 --> 37:54.444 was a really big deal . So I think that 37:54.444 --> 37:56.780 really drove home that cyber security 37:56.790 --> 37:58.901 is national security and that we need 37:58.901 --> 38:00.568 to make sure that we're doing 38:00.568 --> 38:02.623 everything that we can . And I think 38:02.623 --> 38:05.270 that is tied in with the other mantra 38:05.280 --> 38:07.600 of cyber as a team sport , right ? We 38:07.610 --> 38:09.666 all have different visibilities . We 38:09.666 --> 38:12.909 all have different authorities and we 38:12.919 --> 38:15.030 need to make sure that we are sharing 38:15.030 --> 38:16.975 that while making sure that we are 38:16.975 --> 38:19.086 adhering to all of our law policies , 38:19.086 --> 38:21.197 which are really important to us that 38:21.197 --> 38:23.141 we are protecting civil rights and 38:23.141 --> 38:25.030 privacy and we are not that we're 38:25.030 --> 38:27.635 maintaining the trust , but that we are 38:27.655 --> 38:29.711 sharing and partnering to the extent 38:29.711 --> 38:31.766 possible to be able to address those 38:31.766 --> 38:33.766 threats from adversaries so that we 38:33.766 --> 38:35.933 better protect our national security . 38:36.000 --> 38:39.889 I go about , yeah , thanks . Uh Lots 38:39.899 --> 38:42.209 of thoughts swirling based on 38:42.219 --> 38:45.370 everything that's been covered . I 38:45.399 --> 38:47.566 certainly agree with all of it and I'm 38:47.566 --> 38:49.677 trying to add something just a little 38:49.677 --> 38:51.843 different as opposed to repeating it . 38:51.843 --> 38:54.121 I think the organizational perspective , 38:54.121 --> 38:56.121 from a private point of view really 38:56.121 --> 38:58.455 just comes down to defining adversaries . 38:58.455 --> 39:00.899 Um Usually it's not that private 39:00.909 --> 39:03.076 organizations don't care about knowing 39:03.076 --> 39:04.853 whether or not they came from , 39:04.853 --> 39:07.076 something came from an adversary of the 39:07.076 --> 39:09.242 US . It's relevant because you have to 39:09.242 --> 39:11.131 understand your adversary , their 39:11.131 --> 39:13.242 motivations , their capabilities . So 39:13.242 --> 39:15.465 there is a need to understand where the 39:15.465 --> 39:17.687 threat comes from , but it's not from a 39:17.687 --> 39:19.687 political perspective , it's from a 39:19.687 --> 39:21.853 functional perspective . So if there's 39:21.853 --> 39:24.076 a teenager down the street that somehow 39:24.076 --> 39:26.242 has the same or similar capabilities , 39:26.242 --> 39:28.409 just because they're a genius compared 39:28.409 --> 39:28.149 to a nation state , it's not going to 39:28.159 --> 39:30.250 matter to the private entity , they 39:30.260 --> 39:32.371 just want to protect against either . 39:32.371 --> 39:33.982 And ultimately , I think the 39:33.982 --> 39:37.419 partnership is has to take into account 39:37.429 --> 39:39.651 that what you want to do is you want to 39:39.651 --> 39:42.969 raise the state of the art . But it has 39:42.979 --> 39:44.868 the challenge is how do you do it 39:44.868 --> 39:47.090 collectively ? Because you have to kind 39:47.090 --> 39:49.146 of go in with the , with the kind of 39:49.146 --> 39:50.979 open understanding that the more 39:50.979 --> 39:53.257 collaboration and partnership you have , 39:53.257 --> 39:55.423 the more you're going to contribute to 39:55.423 --> 39:57.646 the state of the art across the board . 39:57.646 --> 39:59.868 So the arms race kind of continues . So 39:59.868 --> 40:02.035 if we were a collaborative , trying to 40:02.035 --> 40:01.290 improve , for example , security 40:01.300 --> 40:03.467 against shoplifting against stores , I 40:03.467 --> 40:05.356 think we would all be agreeing to 40:05.356 --> 40:08.120 collaborate across the spectrum as it 40:08.129 --> 40:10.340 relates to better sensors or a I 40:10.350 --> 40:12.350 associated with knowing when it's a 40:12.350 --> 40:14.406 false positive or things like that . 40:14.406 --> 40:17.520 But how willing is the US to share that 40:17.530 --> 40:20.280 technology from a political perspective 40:20.290 --> 40:22.750 and from a defense perspective as it 40:22.760 --> 40:24.871 relates to national defense ? I think 40:24.871 --> 40:27.739 that's a tough one to reconcile in that . 40:28.379 --> 40:30.601 Partners on the private side are really 40:30.601 --> 40:32.823 just focused on the technical defense . 40:32.823 --> 40:34.935 They're not focused on the motivation 40:34.935 --> 40:36.935 behind the threat itself , just the 40:36.935 --> 40:40.090 threat . And in order to help reconcile 40:40.100 --> 40:42.260 this , there's also a critical point 40:42.270 --> 40:45.719 made by Holly , which is that there is 40:45.729 --> 40:48.500 a perception that the US favors 40:48.510 --> 40:51.110 protection at the cost of personal 40:51.120 --> 40:53.739 freedoms , accurate or accurate , that 40:53.750 --> 40:55.639 optic is out there floating . And 40:55.649 --> 40:57.909 perhaps some of it is a post 9 11 40:57.919 --> 40:59.770 dynamic . More recently , the 40:59.780 --> 41:01.947 development in 2021 was a follow up of 41:01.947 --> 41:04.169 the European courts decision . And then 41:04.169 --> 41:07.260 the two which essentially was 41:08.000 --> 41:10.399 pointing the flashlight at whether or 41:10.409 --> 41:14.290 not appropriate protections for non 41:14.300 --> 41:17.159 us persons were being observed by us , 41:17.169 --> 41:19.679 intelligence agencies communities , 41:19.689 --> 41:22.770 what have you ? So I think that tying 41:22.780 --> 41:25.060 back to the question of what can we do 41:25.070 --> 41:27.120 from a legislative perspective , I 41:27.129 --> 41:29.407 think the development of a privacy law , 41:29.407 --> 41:31.629 a national privacy law really helped to 41:31.629 --> 41:33.851 coordinate all of this because it would 41:33.851 --> 41:36.018 help set parameters , help standards , 41:36.018 --> 41:37.740 help us with the optics , with 41:38.389 --> 41:40.570 stakeholders and others who are 41:40.580 --> 41:43.510 wondering whether or not we are doing 41:43.520 --> 41:45.631 smart perimeter defense and elevating 41:45.631 --> 41:47.742 the state of the art . But not at the 41:47.742 --> 41:49.798 cost of , of privacy protections and 41:49.798 --> 41:51.899 reconciling all that will be really 41:51.909 --> 41:53.742 critical . And I think without a 41:53.742 --> 41:55.742 national privacy law , it just gets 41:55.742 --> 41:58.969 that much harder . Thanks . So I worry 41:58.979 --> 42:01.146 sometimes that as a policy community , 42:02.310 --> 42:05.050 we've gotten very good at walking . 42:05.090 --> 42:07.312 We've gotten very good at chewing gum . 42:07.312 --> 42:09.534 Sometimes it's tricky to do both at the 42:09.534 --> 42:11.757 same time . And after the year that was 42:11.757 --> 42:13.646 2021 which , you know , which you 42:13.646 --> 42:15.701 characterized , I worry that we took 42:15.701 --> 42:17.812 one primary lesson from that and that 42:17.812 --> 42:20.449 is like , wow , things would be , you 42:20.500 --> 42:22.722 know , things were really bad and could 42:22.722 --> 42:24.889 have been much worse with the colonial 42:24.889 --> 42:26.611 pipeline incident . And that's 42:26.611 --> 42:28.778 definitely true . People will remember 42:28.778 --> 42:30.833 the imagery of people waiting at gas 42:30.833 --> 42:33.056 stations and things like that . But the 42:33.056 --> 42:35.111 other , if you think about it , that 42:35.111 --> 42:37.000 was one primary victim and it was 42:37.000 --> 42:39.000 during a campaign where there was a 42:39.000 --> 42:41.000 bunch of ongoing ransomware . But I 42:41.000 --> 42:43.111 feel like a lot of the things that we 42:43.111 --> 42:45.222 as a policy community have been up to 42:45.222 --> 42:45.030 after that have been responsive to that 42:45.040 --> 42:46.873 sort of like there is a critical 42:46.873 --> 42:49.207 infrastructure entity that has impacted . 42:49.207 --> 42:51.429 What do we do about that ? Like sort of 42:51.429 --> 42:53.484 questions that meanwhile , the other 42:53.484 --> 42:55.707 campaigns , if you think about it , the 42:55.707 --> 42:57.596 Microsoft exchange hack , tens of 42:57.596 --> 43:01.120 thousands of victims , right ? The log 43:01.129 --> 43:03.520 four j somewhat later , tens of 43:03.530 --> 43:06.729 thousands of victims , the cellar 43:06.739 --> 43:08.870 particle campaign that attacked solar 43:08.879 --> 43:11.046 winds , tens of thousands of victims . 43:11.360 --> 43:13.416 And more recently , just the three C 43:13.416 --> 43:15.638 supply chain attack that was , that was 43:15.638 --> 43:17.638 disclosed a couple of weeks ago and 43:17.638 --> 43:19.638 Crouch strike did some work on this 43:19.638 --> 43:22.169 600,000 victims that potentially could 43:22.179 --> 43:24.401 have been affected by that supply chain 43:24.401 --> 43:26.623 attack . And I worry that when we're in 43:26.623 --> 43:28.679 the zone where we're talking about , 43:28.679 --> 43:31.350 you know , having having victim or 43:31.360 --> 43:33.693 having victim entities fill out reports , 43:33.693 --> 43:36.379 which is definitely important to meet 43:36.409 --> 43:38.830 challenges like the colonial pipeline 43:38.840 --> 43:42.209 type attack or other things that don't 43:42.219 --> 43:44.275 contemplate scenarios where you have 43:44.275 --> 43:46.229 tens of thousands of victims are 43:46.459 --> 43:48.681 potentially going to fall short of that 43:48.681 --> 43:50.800 next major attack . So to me the 43:50.810 --> 43:53.143 question , we should be focused on very , 43:53.149 --> 43:55.260 very specifically in addition to some 43:55.260 --> 43:58.020 of the incident reporting type thing is 43:58.030 --> 44:00.520 like , what are we going to do when 44:00.790 --> 44:03.639 some adversary has used a supply chain 44:03.649 --> 44:07.030 attack or some other means to deploy 44:07.040 --> 44:09.040 ransomware or something else across 44:10.520 --> 44:12.853 that wide of a victim set at that scale . 44:13.419 --> 44:15.475 And I think that there has been some 44:15.475 --> 44:17.419 interesting and important work and 44:17.419 --> 44:19.308 thought from the policy community 44:19.308 --> 44:21.086 around being able to elevate to 44:21.086 --> 44:23.141 identify and elevate security around 44:23.141 --> 44:25.252 systemically important entities . And 44:25.252 --> 44:27.475 the sort of name of that policy sort of 44:27.475 --> 44:29.586 discourse area has changed or evolved 44:29.586 --> 44:31.419 somewhat over time . But there's 44:31.419 --> 44:33.475 clearly some thought going into that 44:33.475 --> 44:35.697 from folks in government . This is true 44:35.697 --> 44:37.863 in the executive branch at and true in 44:37.863 --> 44:39.975 the Congress as well . And from folks 44:39.975 --> 44:41.975 in the private sector . But I think 44:41.975 --> 44:44.197 that one main take away one obvious one 44:44.197 --> 44:46.141 is that we just need to expand the 44:46.141 --> 44:48.909 national incident response capacity 44:48.919 --> 44:50.863 that exists in the United States . 44:50.863 --> 44:52.975 Because if you were trying to find an 44:52.975 --> 44:55.086 instant response provider during that 44:55.086 --> 44:57.197 rolling set of campaigns in 2021 2022 44:57.197 --> 44:59.030 I'll tell you it was very , very 44:59.030 --> 44:59.020 difficult for folks that didn't already 44:59.030 --> 45:02.024 have a provider retained . Folks 45:02.034 --> 45:04.385 couldn't bail themselves out . So how 45:04.395 --> 45:06.395 do we expand that ? You know , that 45:06.395 --> 45:08.339 that incident response capacity is 45:08.339 --> 45:10.284 something that I think is a really 45:10.284 --> 45:12.506 critically important area for us all to 45:12.506 --> 45:14.562 consider and then there's a bunch of 45:14.562 --> 45:14.544 other implications as well . Some of 45:14.554 --> 45:16.665 this goes back to just do you have an 45:16.665 --> 45:18.939 authoritative , you know , plan that 45:18.949 --> 45:20.949 can be spun up and that people know 45:20.949 --> 45:22.949 where to coordinate and things like 45:22.949 --> 45:25.116 that . And I think that J CDC has done 45:25.116 --> 45:27.227 some really important work on that in 45:27.227 --> 45:26.909 the time since those incidents . So 45:26.969 --> 45:29.191 this is not to say that there's been no 45:29.419 --> 45:31.641 progress or folks aren't thinking about 45:31.641 --> 45:33.641 it . It's just that I would like to 45:33.641 --> 45:35.752 encourage us all as a community to be 45:35.752 --> 45:37.975 more ambitious in terms of how we think 45:37.975 --> 45:37.639 about the magnitude of the problems 45:37.649 --> 45:39.871 that we might find ourselves in at some 45:39.871 --> 45:42.038 point . Right . Thank you all for your 45:42.038 --> 45:44.149 insights . Um Now I'd like to open up 45:44.149 --> 45:46.093 to questions from the audience . I 45:46.093 --> 45:48.205 think we've got about 14 minutes left 45:48.620 --> 45:52.129 any questions , Gary 45:53.830 --> 45:55.886 uh great discussion . Thank you . Um 45:57.489 --> 45:59.711 And I asked this question of , of Chris 45:59.711 --> 46:03.010 Inglis the other day um who gave a very 46:03.020 --> 46:05.131 good answer , but I'm gonna put it up 46:05.131 --> 46:07.298 to the panel , the tension that , that 46:07.298 --> 46:09.520 you've been talking about . Obviously , 46:09.520 --> 46:08.600 it's a tension that's been out there 46:08.610 --> 46:10.939 for a while between collaborations , 46:10.949 --> 46:12.919 information sharing , potential 46:12.929 --> 46:15.080 collateral impacts of doing that for 46:15.090 --> 46:17.368 the , the , the private sector company , 46:17.479 --> 46:20.139 the recent national cybersecurity 46:20.149 --> 46:23.959 strategy again continues in 46:23.969 --> 46:26.136 sort of one of its pillars , the focus 46:26.136 --> 46:28.120 on the need for public , private 46:28.129 --> 46:31.399 collaboration and cooperation . Um One 46:31.409 --> 46:34.070 of the bigger shifts in that strategy 46:34.080 --> 46:36.302 though is in one of its other pillars , 46:36.302 --> 46:38.580 the question of accountability , right ? 46:38.580 --> 46:40.747 And pushing more toward regulation and 46:40.747 --> 46:43.060 accountability . Do you see tension in 46:43.070 --> 46:45.500 that within the strategy strategy 46:45.510 --> 46:48.209 itself ? Um And , and how would you 46:48.219 --> 46:50.429 think about working through that the 46:50.439 --> 46:52.272 same tension ? But now it's been 46:52.272 --> 46:55.689 elevated into the strategy and I wanna 46:55.699 --> 46:59.439 take that one . Sure . 46:59.449 --> 47:02.939 So um so yeah , so I , I 47:02.949 --> 47:06.600 um I think it's been remarkable to 47:06.610 --> 47:10.600 see the growth of folks interacted 47:10.610 --> 47:13.750 with DHS during the N P P D days to 47:13.760 --> 47:16.110 sort of observe the the capacity the 47:16.120 --> 47:18.600 vigor at which that organization works , 47:18.610 --> 47:20.721 the contributions that they've made , 47:20.721 --> 47:22.999 the profile that , that they've gained . 47:22.999 --> 47:26.439 And I , so we should all acknowledge 47:26.449 --> 47:28.616 that and say that is a very good thing 47:28.620 --> 47:30.731 and that we need to protect that . So 47:30.731 --> 47:33.179 like when I engage with folks who are 47:33.739 --> 47:36.060 lawmakers or their staffs , like on 47:36.070 --> 47:38.126 this topic set , I encourage them to 47:38.126 --> 47:40.237 think really , really carefully about 47:40.237 --> 47:42.181 making sure that Cisa remains that 47:42.181 --> 47:44.403 premier most hospitable place to engage 47:44.403 --> 47:46.514 voluntarily because things like J CDC 47:46.514 --> 47:48.514 do operate on that basis . So there 47:48.514 --> 47:50.626 have been instances over time where , 47:50.626 --> 47:52.792 you know , I think folks have wrestled 47:52.792 --> 47:54.903 or how did they get the balance right 47:54.903 --> 47:54.739 between providing new investigative 47:54.750 --> 47:56.972 authorities , like when they were given 47:56.972 --> 47:59.083 subpoena power and things like that . 47:59.083 --> 48:02.409 And then because Cisa itself or DHS 48:02.419 --> 48:04.475 more broadly , I should say , is the 48:04.475 --> 48:06.697 sector risk management agency for a lot 48:06.697 --> 48:08.752 of critical infrastructure sectors , 48:08.752 --> 48:08.520 there is still potentially that tension 48:08.800 --> 48:11.179 and where that tension exists , I would 48:11.189 --> 48:14.290 encourage people to optimize for , you 48:14.300 --> 48:16.209 know , keeping a more hospitable 48:16.219 --> 48:18.441 context so that people can share things 48:18.441 --> 48:20.608 voluntarily . Because from my point of 48:20.608 --> 48:22.719 view , just having been in some tough 48:22.719 --> 48:24.663 conversations with folks that were 48:24.663 --> 48:26.552 going through that bad day that I 48:26.552 --> 48:28.775 referenced earlier , it just seems like 48:28.775 --> 48:31.330 that's a lot to sort of trade away for 48:32.389 --> 48:34.556 hope that a regulatory entity will get 48:34.556 --> 48:36.722 you the same or a better outcome . And 48:36.722 --> 48:38.889 that's not to say that there should be 48:38.889 --> 48:41.000 no , you know , there should be no um 48:41.000 --> 48:43.222 you know , like additional requirements 48:43.229 --> 48:45.689 or obligations for folks that do find 48:45.699 --> 48:47.921 themselves regulated . It's just to say 48:47.921 --> 48:49.866 that we should be careful about in 48:49.866 --> 48:52.459 particular the role that plays in that 48:52.469 --> 48:56.110 I think other questions . 48:58.199 --> 49:01.169 Sure . But if I uh major field . I'm 49:01.179 --> 49:04.060 from uh three M F uh Marine Exed Force . 49:04.070 --> 49:06.181 I have uh maybe a kind of new to that 49:06.181 --> 49:08.292 question . Uh So some of the comments 49:08.292 --> 49:10.459 we've heard yesterday and today talk a 49:10.459 --> 49:12.403 lot about uh this balancing effort 49:12.403 --> 49:12.379 between uh maybe facilitating 49:12.389 --> 49:14.611 partnerships . So things like the Cyber 49:14.611 --> 49:16.667 Collaboration Center , um you know , 49:16.667 --> 49:18.889 authorizing authorization for increased 49:18.889 --> 49:21.000 sharing and , and things like uh safe 49:21.000 --> 49:22.722 harbor provisions for mandated 49:22.722 --> 49:24.833 reporting and balancing those against 49:24.833 --> 49:26.945 the uh the business concerns . Things 49:26.945 --> 49:26.770 like exposure to litigation that you 49:26.780 --> 49:29.120 referenced cost of compliance and cross 49:29.540 --> 49:31.679 jurisdictional conflicts in the , in 49:31.689 --> 49:34.209 the various regimes , potential harm to 49:34.219 --> 49:37.860 goodwill and brand value . Um I guess 49:37.870 --> 49:40.409 what I'm looking for is , is the 49:40.419 --> 49:42.530 comment that we hear a lot and that I 49:42.530 --> 49:44.586 think everybody in the panel seem to 49:44.586 --> 49:46.752 agree with is that we need to increase 49:46.752 --> 49:48.641 trust and build trust , trust and 49:48.641 --> 49:50.752 alignment between the business sector 49:50.752 --> 49:50.719 and the government , government . And 49:50.729 --> 49:52.840 I'm wondering if you have thoughts on 49:52.899 --> 49:55.121 implied in that statement is that there 49:55.121 --> 49:57.121 is a trust deficit or there is some 49:57.121 --> 49:59.177 misalignment between the interests . 49:59.179 --> 50:01.290 And I'm wondering if there's anything 50:01.290 --> 50:01.120 in particular that you feel is 50:01.129 --> 50:02.989 contributing to that deficit or 50:03.000 --> 50:05.222 something that should go away ? Is it a 50:05.222 --> 50:07.389 push in the strategy towards increased 50:07.389 --> 50:09.500 regulation or is there something else 50:09.500 --> 50:11.167 that you think that you could 50:11.167 --> 50:13.167 specifically do that would decrease 50:13.167 --> 50:15.333 that deficit between the US government 50:15.333 --> 50:18.570 and private sector ? I guess you could 50:18.580 --> 50:20.858 take a crack at that one to start with . 50:22.590 --> 50:24.812 And again , these are my personal views 50:24.812 --> 50:26.923 but to the extent that you're looking 50:26.923 --> 50:29.146 for a sense of whether or not there's a 50:29.146 --> 50:31.368 trust deficit against and somebody like 50:31.368 --> 50:33.312 me might be the one who's asked to 50:33.312 --> 50:35.368 screen whether or not we're going to 50:35.368 --> 50:37.368 collaborate . And in what way um it 50:37.368 --> 50:40.439 really just comes down to , I would say , 50:40.449 --> 50:42.949 not so much trust , but just 50:44.080 --> 50:46.302 what is it that we're dealing with here 50:46.302 --> 50:48.524 is , do we have to do this because it's 50:48.524 --> 50:50.691 required ? So that's more compliance . 50:50.691 --> 50:52.913 The trust doesn't really come into play 50:52.913 --> 50:55.247 in another . And if it's not compliance , 50:55.247 --> 50:57.358 that means it's optional . And so are 50:57.358 --> 50:59.524 the interests of the fill in the blank 50:59.524 --> 51:01.247 organization best served by us 51:01.250 --> 51:03.709 providing information or collaborating . 51:03.719 --> 51:06.510 However , that's defined , I think the 51:06.520 --> 51:08.939 trust is defined at that moment for 51:08.949 --> 51:11.399 that issue in the instance that we're 51:11.409 --> 51:13.631 talking about it . I don't think it's a 51:13.631 --> 51:15.465 broad proposition . I think it's 51:15.465 --> 51:17.576 specific to who's being asked and the 51:17.576 --> 51:19.687 information that's being sought . And 51:19.687 --> 51:21.853 again , the nature of the organization 51:21.853 --> 51:23.965 because the interests , for example , 51:23.965 --> 51:26.131 of a heavy defense contractor are much 51:26.131 --> 51:28.298 more likely to be kind of by default , 51:28.379 --> 51:30.435 a trust relationship . But if you're 51:30.435 --> 51:32.979 asking for example , a US company that 51:32.989 --> 51:34.878 does multinational operations and 51:34.878 --> 51:36.933 you're saying , and you want them to 51:36.933 --> 51:39.045 trust you with whether or not they've 51:39.045 --> 51:40.767 seen something in their system 51:40.767 --> 51:42.933 associated with their local office and 51:42.933 --> 51:45.045 fill in the blank country that's much 51:45.045 --> 51:47.100 dicier because there's going to be a 51:47.100 --> 51:49.267 sensitivity associated with whether or 51:49.267 --> 51:48.370 not you're going to be viewed as an 51:48.379 --> 51:50.157 agent of the government in some 51:50.157 --> 51:52.268 inappropriate way or that crosses the 51:52.268 --> 51:54.500 line . So I , at least from what I've 51:54.510 --> 51:56.566 seen in my career , it's not so much 51:56.566 --> 51:58.566 that there's a trust deficit , it's 51:58.566 --> 52:01.239 really just more before you even get 52:01.250 --> 52:03.959 the trust . It's what's required here 52:03.969 --> 52:06.025 in the interests of the organization 52:06.169 --> 52:08.280 and that's where you fall back to all 52:08.280 --> 52:10.550 the situational piece . So incident 52:10.560 --> 52:12.782 response , usually that comes down to , 52:12.782 --> 52:14.727 from my point of view is , are you 52:14.727 --> 52:16.671 giving up control of your incident 52:16.671 --> 52:18.838 response ? Are you giving up privilege 52:18.838 --> 52:21.330 on your forensic reports associated 52:21.340 --> 52:23.340 with what's happened or what didn't 52:23.340 --> 52:25.507 happen if you involve the government ? 52:25.507 --> 52:27.729 What are the parameters associated with 52:27.729 --> 52:29.951 that ? And so I don't think it's really 52:29.951 --> 52:32.062 so much a question of trusting the US 52:32.062 --> 52:34.173 government as opposed to just being , 52:34.173 --> 52:36.340 whether or not you want people outside 52:36.340 --> 52:38.396 of your perimeter , whoever it is to 52:38.396 --> 52:41.469 see what's going on and how comfortable 52:41.479 --> 52:43.535 you feel with it . I think generally 52:43.535 --> 52:46.199 speaking from a US contractor 52:46.209 --> 52:48.899 perspective , there's , there's a 52:48.909 --> 52:52.469 general , there's a general 52:52.479 --> 52:54.590 trust associated with just wanting to 52:54.590 --> 52:56.701 be good corporate citizens in general 52:56.701 --> 52:58.812 and whatever country you're based out 52:58.812 --> 53:00.979 of you , of course , want to be a good 53:00.979 --> 53:03.201 corporate citizen for the government of 53:03.201 --> 53:05.312 that country . So I don't necessarily 53:05.312 --> 53:04.840 think there's a trust deficit . I think 53:04.850 --> 53:06.899 it's just more kind of a procedural 53:06.909 --> 53:10.669 tactical thing I wanna add on because 53:10.679 --> 53:13.929 even if you , um , have 53:13.939 --> 53:16.750 developed a trust 53:16.760 --> 53:19.959 relationship because you've invested 53:19.969 --> 53:23.469 the time and the effort with 53:25.070 --> 53:29.060 the private company in the space 53:29.879 --> 53:32.889 that you've needed to , 53:35.229 --> 53:38.560 it turns out that the US government 53:38.570 --> 53:42.239 is itself patchwork , right ? And so 53:42.250 --> 53:45.280 you can't speak for the 53:45.290 --> 53:48.810 agency across the river or down the 53:48.820 --> 53:51.879 street , right ? And so you can't speak 53:51.889 --> 53:54.959 for the enforcement agencies that have 53:54.979 --> 53:58.830 different priorities or uh 53:59.070 --> 54:02.590 or mission , right ? And uh 54:02.639 --> 54:06.100 and uh have different 54:06.110 --> 54:09.540 incentive structures and so can't 54:10.030 --> 54:11.949 speak to write their enforcement 54:11.959 --> 54:15.889 priorities . Um And so even 54:15.899 --> 54:19.169 though you may not 54:19.459 --> 54:23.199 insist on trying to get at the 54:23.209 --> 54:26.449 forensic report or poke and product 54:26.459 --> 54:30.389 privilege and re victimize 54:30.399 --> 54:33.989 the victim about all the ways in which 54:34.000 --> 54:36.580 you are not prioritizing their 54:36.590 --> 54:37.909 sensitivities . 54:40.750 --> 54:44.270 The agency down the street , right is 54:44.280 --> 54:47.199 coming in and undoing all the time and 54:47.209 --> 54:50.649 effort you spent developing that trust , 54:51.080 --> 54:52.969 you know , and then complicate it 54:52.969 --> 54:55.040 tenfold because there are other 54:55.050 --> 54:57.272 agencies that then want to get into the 54:57.272 --> 54:59.550 mix , right ? And then complicate that . 54:59.550 --> 55:01.929 If you've got a multinational and so on 55:01.939 --> 55:05.389 and so forth , it gets , it gets really 55:05.399 --> 55:08.379 difficult for the said company really 55:08.389 --> 55:11.989 quickly . I'll just add one thing 55:12.000 --> 55:14.909 because I know I hit on trust a lot . I 55:14.919 --> 55:17.550 think from a government standpoint , 55:17.560 --> 55:20.229 from a cyber standpoint , the thing 55:20.239 --> 55:22.295 that we're doing is making sure that 55:22.295 --> 55:24.350 we're talking about it . We're being 55:24.350 --> 55:26.517 transparent about what we're doing and 55:26.517 --> 55:28.909 why we're engaging and what the value 55:28.919 --> 55:31.086 is . And I think that's where it opens 55:31.086 --> 55:33.141 up , you know , conversation . And I 55:33.141 --> 55:35.308 think part of it goes into , goes back 55:35.308 --> 55:37.530 to the business case . What's the value 55:37.530 --> 55:39.752 proposition we are ? You know , we hear 55:39.752 --> 55:42.030 all the time , you know , a lot of the , 55:42.030 --> 55:44.252 the the private sector companies , they 55:44.252 --> 55:44.120 may be small . So how many people do 55:44.129 --> 55:46.185 they engage with ? Right . And , and 55:46.185 --> 55:48.407 how , how much capacity do they have to 55:48.407 --> 55:50.573 talk ? Right . And so that goes with , 55:50.573 --> 55:52.796 you know , what's the value proposition 55:52.796 --> 55:54.629 for them ? But it also goes into 55:54.629 --> 55:56.407 building the trust that we as a 55:56.407 --> 55:58.573 government are working together on the 55:58.573 --> 56:00.685 back end , right ? So that if they're 56:00.685 --> 56:02.907 working with one particular entity such 56:02.907 --> 56:05.018 as J CDC , that we as Cyber command , 56:05.018 --> 56:07.240 our under advisement team is plugged in 56:07.240 --> 56:08.907 with J CDC and exchanging the 56:08.907 --> 56:11.073 information . So they're not having to 56:11.073 --> 56:13.129 stand up an entirely new information 56:13.129 --> 56:15.462 exchange with another government entity . 56:15.462 --> 56:15.330 And the same thing goes with national 56:15.340 --> 56:17.344 security , the Cyber Collaboration 56:17.354 --> 56:19.521 Center , that's why we're connecting , 56:19.521 --> 56:21.687 connected into there . So I think just 56:21.687 --> 56:23.854 in terms of engendering trust , it's a 56:23.854 --> 56:25.465 little bit of , are we being 56:25.465 --> 56:27.410 responsible in the way that we are 56:27.410 --> 56:29.576 engaging with the private sector ? Are 56:29.576 --> 56:29.544 we being responsible in the way that 56:29.554 --> 56:31.776 we're managing and acting on the data ? 56:31.776 --> 56:33.887 And are we being responsible in terms 56:33.887 --> 56:36.054 of how we're sharing that , you know , 56:36.054 --> 56:38.276 within , within the government agencies 56:38.276 --> 56:40.745 that can take action on that 56:40.754 --> 56:43.219 information . Can I have one piece 56:43.229 --> 56:45.340 quickly ? I would encourage everybody 56:45.340 --> 56:48.070 to think about how can you strengthen 56:48.080 --> 56:50.570 trust where it exists organically , 56:50.580 --> 56:53.330 rather than trying to , you know , make 56:53.340 --> 56:55.610 the entire economy , trust the entire 56:55.620 --> 56:58.360 government . And the reason for that is 56:58.370 --> 57:01.280 that it's actually , it's , it's 57:01.290 --> 57:03.729 actually easier for a lot of people 57:03.739 --> 57:05.961 that we work with in the private sector 57:05.961 --> 57:07.961 to think about us being the sort of 57:07.961 --> 57:09.961 like us as a cyber security company 57:09.961 --> 57:12.072 that they have elected to work with , 57:12.072 --> 57:12.000 to intermediate some of their 57:12.010 --> 57:14.232 interactions with folks in government . 57:14.232 --> 57:16.454 We never stop anybody from talking with 57:16.454 --> 57:18.399 government to be clear . And we're 57:18.399 --> 57:20.454 happy to facilitate connections when 57:20.454 --> 57:20.000 folks in particular in the government 57:20.010 --> 57:22.189 ask for , ask for those . But in some 57:22.199 --> 57:24.280 instances , they may not have the 57:24.290 --> 57:27.840 capacity as a matter of time or as a 57:27.850 --> 57:30.017 sort of technical matter to be able to 57:30.017 --> 57:32.017 have that type of conversation . If 57:32.017 --> 57:34.017 there's an incident with someone in 57:34.017 --> 57:36.128 government that we might be able to . 57:36.128 --> 57:37.961 And it's not just cyber security 57:37.961 --> 57:40.183 companies that can serve in that role , 57:40.183 --> 57:40.179 it could be platform providers , it 57:40.189 --> 57:42.467 could be major cloud service providers , 57:42.467 --> 57:44.689 it could be some other type of hardware 57:44.689 --> 57:44.659 provider or something like that , but 57:44.860 --> 57:48.179 we should not assess the 57:49.729 --> 57:52.909 the quality of some of these sharing or 57:52.919 --> 57:55.086 collaborative environments by how many 57:55.086 --> 57:57.086 members are in it . To me that that 57:57.086 --> 57:59.141 would be misleading . It's like what 57:59.141 --> 58:01.197 are , what are the outcomes that you 58:01.197 --> 58:03.308 can get from that collaboration . And 58:03.308 --> 58:04.919 if it is easy for folks that 58:04.919 --> 58:07.141 participate in it , that can be sort of 58:07.141 --> 58:09.363 key nodes that can help facilitate more 58:09.363 --> 58:13.340 visibility because people trust them to 58:13.350 --> 58:15.572 intermediate information , then I think 58:15.572 --> 58:17.794 that we ought to as a community embrace 58:17.794 --> 58:20.679 that . All right , thank you that time . 58:21.030 --> 58:23.197 Yes . So that's perfect timing . Um So 58:23.197 --> 58:25.800 thank you so much for participating . 58:25.810 --> 58:27.977 Uh excellent remarks from all of you . 58:27.977 --> 58:30.330 It's certainly stuff that we can take 58:30.340 --> 58:32.451 with us and incorporate back into our 58:32.451 --> 58:34.879 practice and how we kind of continue to 58:34.889 --> 58:37.056 work the collaboration spectrum . So , 58:37.056 --> 58:40.959 thank you again and uh the team is 58:40.969 --> 58:44.489 on a break until 11 15 . So please be 58:44.500 --> 58:46.580 back in your seats prior to 11 15 . 58:46.610 --> 58:47.610 Thank you . 58:50.370 --> 58:50.959 Um 58:54.659 --> 58:57.939 Wonderful meeting you . Hello . Do you 58:57.949 --> 59:00.120 often find yourself pondering big 59:00.129 --> 59:02.959 questions such as what can I do with my 59:02.969 --> 59:05.080 life after working for the government 59:05.080 --> 59:07.025 as a civilian employee or military 59:07.025 --> 59:08.747 member ? Are you contemplating 59:08.747 --> 59:10.969 retirement or separation from service ? 59:10.969 --> 59:13.250 Have potential employers asked you if 59:13.260 --> 59:15.371 you have a post government employment 59:15.371 --> 59:17.371 letter that they want you to submit 59:17.371 --> 59:19.482 with your job application ? If so you 59:19.482 --> 59:21.371 need a post government employment 59:21.371 --> 59:23.593 briefing ? Have you recently received a 59:23.593 --> 59:25.927 gift from a foreign entity or personage ? 59:26.100 --> 59:29.399 Do you know if you can keep it find out 59:29.409 --> 59:31.889 with an ethics review ? Have you been 59:31.899 --> 59:34.066 invited to speak at an event sponsored 59:34.066 --> 59:36.370 by a non federal entity ? Do you know 59:36.379 --> 59:38.268 that you can do it in either your 59:38.268 --> 59:40.212 official capacity or your personal 59:40.212 --> 59:42.323 capacity . Have you been offered free 59:42.323 --> 59:44.546 travel , come to us to find out if it's 59:44.546 --> 59:46.657 legally permissible for you to accept 59:46.657 --> 59:49.090 that or not ? Is your spouse trying to 59:49.100 --> 59:51.270 launch a reality TV career and wants 59:51.280 --> 59:53.449 you to participate ? Do you want to 59:53.459 --> 59:55.459 find out what you can do to support 59:55.459 --> 59:57.719 them without losing your job ? I R L ? 59:58.620 --> 01:00:00.787 Do you inexplicably have enough energy 01:00:00.787 --> 01:00:02.842 to pursue off duty employment , find 01:00:02.842 --> 01:00:05.064 out your parameters before accepting an 01:00:05.070 --> 01:00:07.919 additional job . Do you perchance 01:00:07.929 --> 01:00:10.040 aspire to emulate a dragon and have a 01:00:10.040 --> 01:00:12.580 horde of gold and challenge coins 01:00:12.989 --> 01:00:15.211 ensure that you're handling those coins 01:00:15.211 --> 01:00:17.399 correctly with an ethics review . Are 01:00:17.409 --> 01:00:19.298 you handling multi billion dollar 01:00:19.298 --> 01:00:21.076 contracts and just happen to be 01:00:21.076 --> 01:00:23.353 inspired to invest in the stock market ? 01:00:23.469 --> 01:00:25.636 Pump the brakes on that investment and 01:00:25.636 --> 01:00:27.302 discuss it with your friendly 01:00:27.302 --> 01:00:29.469 neighborhood ethics attorney . First , 01:00:29.469 --> 01:00:32.280 do contractors try to slide into your D 01:00:32.290 --> 01:00:34.510 MS to reach out to you to try to 01:00:34.520 --> 01:00:36.850 arrange meetings , to educate you about 01:00:36.860 --> 01:00:39.082 their latest developments . Do you know 01:00:39.082 --> 01:00:42.239 what to say we do ? Does using the 01:00:42.250 --> 01:00:44.030 appropriate appropriated funds 01:00:44.040 --> 01:00:46.790 appropriately ? Cause you consternation 01:00:46.800 --> 01:00:50.610 or stomach upset does or make you 01:00:50.620 --> 01:00:53.560 itch ? You're in good company . Talk to 01:00:53.570 --> 01:00:55.979 your ethics advisor about how to and if 01:00:55.989 --> 01:00:58.429 you can fund that tea party that you 01:00:58.439 --> 01:00:59.070 are planning .