Skip to main content

tv   Experts Discuss American and European Perspectives on Cybersecurity  CSPAN  October 8, 2021 9:32am-10:33am EDT

9:32 am
author of "women in white coats". at 5 p.m. democratic candidate charisse davis, and watch book tv's coverage of the 21st annual national book festival. sunday at 2 p.m. eastern on book tv. on c-span2. >> next, a discussion on cyber security from american and european perspectives in an event hosted by the center for strategic and international studies, technology and security officials talk about areas where improvement is needed in the public and private sectors. this runs an hour. >> my name is jim lewis, i work at csis and have worked on cyber security for a while. pardon me. today's agenda is we'll have opening remarks by isabella, the chair of the institute, and
9:33 am
the chair of the cyber sector program committee. we'll then be followed with a panel that has john costello, chief of staff of the national cyber director. robert khosla in the national security office and prime minister office in poland and also a partner advisor. we'll start with isabella making opening remarks for 10 minutes or so. over to you. >> thank you very much, and good morning to american friends and participants, and participants from european parts of the atlantic. it is great to be back, even only virtually and you remember when the cyber team visited for the headquarter in washington.
9:34 am
last time, so march of 2019, before the covid breakout and we had plans for putting together a joint on site event and soon will combat to those to meet each other again in the physical area. meanwhile, i'm really happy to support this important on-line exchange. i just finished the intervention, during the security things for international cyber security week. and so, that's the same discussion basically took place and the first question was what keeps madam minister communication and information awake at night. she basically said critical
9:35 am
infrastructure so we've got good copies of this today. and i think that the cooperation, and particularly the critical infrastructure, on which our security and relies is now vital. and cyber threats to critical infrastructure are growing, more sophisticated and the sector proves to be particularly vulnerable. this increasing threat is mainly driven by pix and growing aggressive posture in cyber space for multiple actors. also cyber criminals or another way around, and on the other side by advancement in the process of the digitization of everything and turning even more by progressing development
9:36 am
and instrumenttation of more and more solutions, based on the emerging adoptive technology. the interplay and interference of these technologies has been widening the case. and cyber security gap and this will only actually if we move forward full of new dependencies between physical and cyber. and the cyber has been advocating the need for enhanced cyber and digital cooperation between the trans atlantic partners and collaboration between so-called like-minded countries. i'm glad that as we speak, we can see new development supporting such approach. last week, the first meeting of u.s. trade and technology, which although it has not specifically been mentioned,
9:37 am
the security corporation, they're definitely in cyber security and very good developments. but at the same time, we can also from the white house, the process of building the cooperation which will bring together first countries to cooperation and combatting cyber crime and the first collaboration to the cryptocurrency and engaging on the issue diplomatically advancing. and the u.s. is also building a coalition of nations to advocate for invest in the technology and the supply change and it's over the advanced discussion that is we are having today and there will be, and i hope that there will be many eu countries in this
9:38 am
for the cooperation and the cyber crime and collaboration. and despite this important and good development, the corporation and cyber security of critical infrastructure, particularly between the eu and the u.s. is very much needed now. and i will concentrate on four possible dimensions of such collaborations. first is eu, us level and the private sector collaboration level and last but not least, naugo nato level. and starting with eu and even though they've focused their attention on the same type and special recognition for critical infrastructure and they also have history of cyber
9:39 am
security cooperation, in the few of many experts, this collaboration is not enough and practical. we need it's possible to develop with the u.s. government on the particular topics. maybe as an example, the development with the gathering comparisons of u.s., india, japan and australia building on longstanding collaboration and launching new and bold critical infrastructure. but bringing together the nations and the domestic and international. and another good example of
9:40 am
such collaboration, for new challenges, including cyber security cooperation for a new era, that will expand cyber security cooperation with respect to the financial sector, and engagement and -- there's a lot to be shared with eu in that respect and a lot of expertise to be shared with central and eastern europe region. and domestics-- is that it's exposed to hybrid spread, including cyber attacks and attacks of critical infrastructure, and the collaboration and best practices exchange. it can be done together with
9:41 am
the u.s. as the strategic partner of this important region. and the aim should be to build resilience and the security of the infrastructure in the region. the one which is now being deployed or planning to be deployed in the future. and this is at best, the development of energy transport and the infrastructure, there's a need to enhance collaboration and the first response inside the security. and with this report which presented a couple of recommendations and what is needed in that respect in the region, and many of them are linked to critical infrastructure on the work site. and then the private sector role in terms of collaboration
9:42 am
to protect and critical infrastructure. and here concentrate a bit more on poland. because poland has become a place where we integrate and solutions to works and systems against adversarial actions. and last year, the cluster that supports from the poe lesh minister of foreign affairs pan polish minister of apairs and it's gathering more important cyber security components, including components working on solutions for security of industrial circumstance or open -- and since involvement of the private sector is crucial for cyber security and the creation of cyber security for critical
9:43 am
infrastructure, i can see the mutually beneficial collaboration between america and polish, as well as european companies in the fields of critical infrastructure protection. and last but not least, another platform of cooperation, critical infrastructure between european countries and the partners is now nato. and this particular field of allies collaboration, including increasing resilience of infrastructure within the concept of preparedness search for our shared security. and the military using civilian infrastructure, including assets from airports and networks, and efficient transport of equipment, and preparedness come to be seen as
9:44 am
a significant amount of -- advisory factor in nato's joint defense as well as its capacity building. and within nato well manage both, there is opportunities emerge, of emerging technology, like quantum computing for critical infrastructure, protection and this can be done, and so the north atlantic and innovation frame works of collaboration which are being developed. and from nato-- nato and allies in the risk factor will maintain and enhance the critical infrastructure. supply trains and communication information networks, including
9:45 am
5-b. to sum up, we should aim starting between the u.s. and the eu to share critical infrastructures and confidents for mutual benefits. ap maybe what president joe biden said on october 1stment he said the whole of nation to come from cyber threat, the first place that he's committed to maintaining the u.s. critical infrastructure against cyber attacks. so i will paraphrase that in a way that this is the whole of like-minded, and allies efforts. and we need to work together to increase the perception of our critical assets, which is that infrastructure of the first place. thank you so much and i'm
9:46 am
looking forward to the discussion and then practical steps to enhonest this cooperation between european countries and u.s. government. thank you so much. >> thank you izabela, that was great and perfect timing too, we're going to our panel of experts, john costello and robert, what i'll do, i'm going to ask them questions, they can respond briefly, i hope and we'll have a conversation about this and critical infrastructure. and maybe help the audience. maybe each of you can give your views, when we say resilience, what does it mean? what does it mean critical infrastructure. john, do you want to start? >> certainly, jim, thank you for having me, and it's my
9:47 am
first speaking engagement in my new position, a newly established position in the u.s. government and certainly happy to talk about us and the cooperation when it comes to critical infrastructure protection. resiliency to me is composed of 0 number of different components. i'd say at the baseline, it's the eco system to begin with, whether it's the technical components of that eco system or whether it's the functional components of the eco system. one meaning the technologies in which they rely to underpin them and second, how different services an and different functions interact and causing cascading failure in banking system or communication. i would say more broadly, resiliency of any of these systems to quickly respond and
9:48 am
rebound and continue functionally in some method and by some means regardless of a disruption or regardless of destruction of perfectly resilient system, would be one that resists disruption or destruction or with security perspective, but ultimately one that can quickly functionality in some form in the event of destruction or disruption. >> great. thank you. robert, let me ask you the same question. when you think about it from your position in the chancellery, what is resilience? >> thank you very much for this question, i cannot address the resilience through cyber security aspect. of course the resilience is one of the streak goals covered in our initial cyber security strategy that was adopted by the council of ministers in 2019 and should be implemented on to 2024.
9:49 am
resiliency, one of the two goals. first of all, it's a resiliency, and again, this is related to cyber security. the cyber attacks and we're talking about how to avoid the disruptions of critical information infrastructures, my focus on this and my major concern about infrastructure itself. and the second is, of course, increased information protection. talking about resilience, this is the way, how the country should focus on the maintenance and also continues-- continues ability of critical service. so, we reefer directly at the national area, and in the european countries. we are focusing on how to protect potential services. so essential services, of course, you may ask how they
9:50 am
refer to critical services and critical infrastructure. what i see, actually, that resilience becomes more and more important right now, also, in this relationship and connection between critical infrastructure and critical digital services. so, resiliency is about both. it's about how to maintain, how to keep -- how to protect infrastructure and how to protect services around the infrastructure. >> great. thank you. sebastian, you work with a lot of companies. what's your perspective on this. >> and thank you, jim, for the question. and i prefer to use the different words than resilience. i think from my perspective, it's better fragile than only resilience because the answer fragile used the way -- after
9:51 am
the incidents, the companies could adapt to the new situation and easily, quite easily the capabilities to responsibility to every major incident. of course, in today's interconnected world, there is no such things like linear thinking and linear incidents. that's why, what i see in-- when i'm working with my clients, i see interconnection between a lot of suppliers, vendors, partners and the resilience also based on the complete security of the eco system that it's connected to this one client or to the
9:52 am
country or to the system itself. that's why i'm looking at it so that from the protection and also adaptation to the new risk or press. >> thank you. and those are all good answers, but it raises a question and we have this program will be rebroadcast to a larger audience. let me ask you, what is critical infrastructure in the digital age? is it expanded beyond our old understanding of electricity and banks and a few things? what is critical infrastructure now, how do you define it? on, do you want to start again? >> i can give you the textbook answer. and the functions on which national security and public health and safety rely, which
9:53 am
is the straight up policy and textbook definition. robert sort of hit on it. it's really the critical services that underwin the functioning of society and the separate, but certainly functioning, crit tal functions of the state as well. and that's where we get into national security systems and things that underpin the military. i did see your point that the idea of what critical infrastructure is has expanded over time given, largely due to the fact that it's interrelated on technology. the original sort of definition of critical infrastructure and concept sort of originated in the late 90's, we were talking about stripped services and telecommunications and cyber
9:54 am
related services is part of that. as this is a technical strategy that underpins, everything. it's something that requires its own attention, and something that is substantively and in the degree looked at on its own. and they have a job in how they categorize the infrastructure rather than having the categories of critical infrastructure. and we're getting to a place where we're looking at the critical infrastructure, and things like energy, water, et cetera, and lifeline sectors, if you will, with the separate and distinct from the cyber critical infrastructure and the information and countries that have a number of ways how they describe it that are the telecommunications infrastructure and then the suite of technologies, developing and manufacturing
9:55 am
services that constitute the eco system and overall, we're finding that as society has thrown more dependent on technology it increased how they've been disrupted. and critical as services have gotten more and more into our daily lives and we're dependent on them, it goes without saying that they've become more critical and that's the sort of footprint or the area has expanded for sure. >> robert. do you want to take this one up, please? >> i think if we will follow the definitions that's been quite resently discounts on the eu member states with the proposal and the council on resilience of critical entities. i think it's quite obvious that we're looking at the infrastructure that jonathan
9:56 am
had essential services and those of course, are the services that are essential for the maintenance of vital services for society and economic activities and then referring to infrastructure itself. this is actually the assets system or the part of it which is really necessary for essential services. so this is the definitions the way that we approach it and i like this approach because from the legacy and approach, when we look on the infrastructure and we look in our minds and our services, i think this is a good direction. >> great, thank you. sebastian. >> thank you, and i think robert kept a lot of interesting points, especially that right now, the development
9:57 am
of the definition of a critical infrastructure goes into the critical system because the infrastructure could be in the cloud and right now, we could not sometimes define what is critical infrastructure. if the hospital have hit all infrastructure in the clouds, what is the critical infrastructure? so the cloud service provider will be critical infrastructure right now, he will be part of the critical service, but his infrastructure of course for this service will be critical, but for other services could be not critical. so, that's why i like the idea going from the infrastructure to the service because the service is based on the infrastructure and we have to protect the services and then
9:58 am
because of that, we'll protect the infrastructure. >> great. thank you. and sebastian. let me pick up on something you said earlier. you used the word fragile and i kind of like that word although it's a bit disconcerting. having done this for a while, i'd say that some sectors are in much better shape than a year ago, i don't know ifle' agree, but we have some crucial responsibilities. can we get where are the critical infrastructures and where is the risk? for the general audience, what's your 50,000 foot view of where we are and how we're doing? john, do you want to start with that one? . >> certainly, thanks, jim. i think in certain sectors we're doing quite well and the finance sector, i think, is doing really well.
9:59 am
energy sector is getting there. and overall, they're doing well. they're putting a lot of attention into it. the oil and natural gas sector and the transportation sector rit large. i think it's had a little bit of a wake-up call this year and they're starting to make progress and their corporate leadership are paying attention and regulators are paying attention as well. if we're looking at the sector model in general, i think that water is one that's going to require a lot of attention and one that's particularly pernicious one, just simply by how it is governed. there's no ferq for water. not saying there should bement this is largely hospitaled by state -- this is largely by states municipalities and that's resilient and we have something
10:00 am
similar with election infrastructure. and the content that guides voter confidence and behavior. and the election infrastructure, i think, is doing better. i think 2016 for a certainty. that it's been -- gotten a lot of attention from congress and from the administration. ... of the biggest vulnerabilities we have is simply the technology and the services we use. there has been a lot of attention and work towards creating more secure services and more secure products over time to create some type of transparency for consumers so they can spend their money w so they can spend their money where security will go the furthest but we can't get around the fact the security burden is still being passed to critical infrastructure owners and operators that doo not have the
10:01 am
capital, the know-how, or the capacity to take on and properly manage that securityge burden. that's some of the biggest tensions i think the u.s. and eu have to deal with from the government's perspective. there's no getting around that. the systems we use are still vulnerable. that may be an extension of just endemic to technology space. i don't think anyone would argue but it's something we do need to manage. last point added to want to take too much time from my colleagues here is just understanding risk itself has gotten far harder over thes. last few decades. as things have gotten more interconnected, as technology has become moreit suffuse with everything. it's getting harder and harder to understand how functions and services interact and how they can potentially cause cascading failures are how they can be
10:02 am
passing risk on to others. unfortunately, for governments everywhere, adversaries are figuring out how that works before the defenders are, for a variety of reasons which is why i think a lot of times would you do with resilience critical infrastructure protection in general it tends to look reactionary.ea we can diagnose that and interrogate that but it's often because we don't realize there is a particular pathway of scaled the threat or scaled risk until it materializes in some real way. that in and of itself beyond what sectors vulnerable, not is it in during vulnerability. know good folks at cisa and folks across the government are trying to get better answers on. so i yield my time. >> thank you, mr. chairman. robert, i saw you nodding your head. what is your view onsa this question? identifying interdepena
10:03 am
nd the impact on other sectors. we identified seven major sectors. after many years of implementation, and our observations across european countries, it is quite clear, but it is not a full list right now. we missed a few sectors like the telecommunications sector. the way the european union designed the system, silos covering different sectors without even operational awareness of what is going on in a specific sector and what is the impact of a sector on another sector? this is how we try to fill the gap, to close this and have the
10:04 am
interdependence identified. the goal is to identify what is the dependency and how we implemented this on a national level. one practice from our polish implementation is development of a nationwide system, called the national cybersecurity platform, this system collects information from all cybersecurity systems. it improves situational awareness and we incorporated dynamic and static risk assessment tools. we can dynamically see that the attack against a banking sector or any other sector was not an impact against another sector. this fragility, the way we
10:05 am
should map it with the impact, and we should map it with the new approach to define additional category of entity. until now, we talked about essential entity, so operators of essential services being essential entities. we extended this list and we talked about imposed identities. so to fill the gap and identify other sectors and subsectors for media and social media. this is something that i believe is an ongoing process which we share our experiences from europe and the u.s. to develop and design the most effective [indiscernible] >> social media was on my list. you don't have to answer. does that count as a critical
10:06 am
infrastructure? i think some people would say yes. more important was the point you brought up about interdependency. one of the problems with the old approach was silos. i have advised some big companies. you need electricity, water, other things -- it was a telecom company -- for them to deliver their service, so interdependency among critical infrastructures is probably a point worth exploring. sebastian, let me get your take. >> thank you. what is my experience cooperating with critical infrastructure companies, critical services companies. what i see, first of all, the difference of maturity. the financial system, energy sector, and financial sector is much more mature than transport
10:07 am
sector or health sector. in poland, for example, but the adversaries, i don't think they will attack one hospital. they will focus on the most critical systems. it will focus on the energy sector or the financial sector or any other sector or companies which is major -- which has major impacts on the state level. i understand why the maturity is different. but i also see almost in every sector that the companies do not really manage [indiscernible]
10:08 am
so the supply chain attack will be quite easy to do from the adversary point of view. even sometimes they do not understand that there is only two or three suppliers. in one sector, for the critical software. like ics software for the software for the hospital and so on. i think it is also very important from the systemic point of view to understand that the attack for this service provider will have much more impact than attacking one or two bang -- two companies. the attacker will focus on the
10:09 am
companies that will have much more impact on other companies, on the federal and state level. >> great, thank you. since you all it up in some way, one of the debates here was the balance between mandatory requirements for security and critical infrastructure and remaining in a voluntary approach. the example that help start this was the colonial pipeline's, the fuel company was under voluntary standards developed by the government and some people came away from that saying our voluntary standards enough? maybe we can reframe the question by asking how do we best incentivize the private sector? i will put a caveat. i've been doing this about 10 years.
10:10 am
if you say some of the words like information sharing or something, then we will press a buzzer. let's talk about how you incentivize the private sector. isabella, i know you are still on the line, so if you ever want to jump in, do so. john, what are the best incentives? regulation is an incentive, but not necessarily the best. john? >> i think that it's a really good question. that is the question governments have to wrestle with. i don't think critical infrastructures and monolith. a
10:11 am
10:12 am
i'm not going to pick on you but a mature sector like water versus an incredibly mature sector like financial sector which has the benefits of sufficient capital to invest in cybersecurity as well as the risk being externalized through financial loss through like
10:13 am
fraud. so how do we -- i know that's not a satisfying answer but i agree with you, i agree with you if something u.s. government but overall we've hit the limits cross number of sectors on a voluntary approach can achieve. >> thank you. robert, what's the situation in poland when it comes to voluntary mandatory? >> we went towards voluntary approach for many years and we know very well that doesn't work. we have the situation around colonial pipeline in u.s. so we had immediate call with other colleagues from dhs and showed how we approach cyber situation. talking about -- of course
10:14 am
valid. first we start with -- if it doesn't work then of course the penalties are needed. you can find also starting from data protections. of course to move to mandatory approach you need to provide the right guidance. you need to provide, not just only penalize and you cannot only request or then follow compliance if there's not enough support. so talking about voluntary, first we had some approach like u.s. so development, development i government and industry and recommendations, technical special documents, special publications like myst mac. we develop -- many documents right now for cloud computing
10:15 am
project talk about -- i think the major incentive for public sector is to really start to collaborate and act like public sector. it doesn't solve private sector. what we observe it was usually declarations, declarations about -- there's nothing behind. i know what i'm talking about because first i work for the polish government and one of the global companies and aching back to work again with the government. i know both sides. what i was missing working in the business and commercial side was only declarations from the government. there was no private sector. in many cases there been a lot of answers for questions asked by government already developed in the industry. answers were not used by the government because sometimes the corruption and objectives and so
10:16 am
on. what is quite important is to mix and really benefits from all industry developed. i can tell you in 2019 in poland we introduce program called cybersecurity cooperation program. it's about five major areas where we started to cooperate with industry. it's about increase have security awareness comes a building education program together with industry, based on materials developed by industry specific product. it's about identification of vulnerabilities and threats and sharing those by industry. the question is how government is using this. the third was about security. configurations, baselines had use them across public sector both baseline developed based on
10:17 am
practicing private sector. how we work with industry to help, prepare specific service and products for evaluation cybersecurity. the fifth one and very important incentives from private sector are more than welcome about how to promote in the legislation to resiliency for more security. running this program in poland with very good practice developed come best practices developed and you can -- the companies present in working in poland and present in this program what the value they see coming from this real partnership. thank you. >> thank you. before we turn to sebastian were getting a few questions in the chat. most of them focus on cooperation transatlantic cooperation, the role of data and how things are making, how
10:18 am
to strengthen u.s.-eu collaboration. after we hear from sebastian about voluntary versus mandatory, we will turn to those aspects. sebastian, if you want to close this out how to incentivize the privaten sector. >> first of all, the private sector incentivize themselves. it's the cybersecurity. it's connected to the business. this is easy. it's really connected to the business, the private sector will invest money to be cyber secure. create some requirementt after that, they have to be penalties. the penalties are similar to the gdp our idea. -- gdpr idea.
10:19 am
of course, on the others, i.t. and others comply, so the idea of complying with requirement, it is not the same as security, our cybersecurity of the company. after the requirements and i.t. compliance, they have to become -- and there has to be some external verification, external only from the government or third parties to verify if those requirements are met not only on paper but in the real situation. i saw a lot of companies that have a lot of paper procedures but at the technical level, they
10:20 am
are completely not secure. of course, first of all, we are trying to create a baseline, some baseline mandatory requirements and penalties, but we have to check if it is a false positive or negative. >> thank you, one of my tests for any recommendations able make, how would we implement and often were -- and operationalize it? if you can come up with something, cybersecurity is good and we should advance a come a great idea, but how do we do that? let me turn to some of the collaborative and international aspects of this. one of the things that came up in isabella's remarks is how do we strengthen the u.s.-eu collaboration on cybersecurity
10:21 am
to get the nations more or less on the same page when it comes to resilience. john, do you want to start again? >> i think engagement is the number one thing we are doing. the biden administration certainly is doing that and trying to advance that. as we learned the role of nato, one thing i think we need to make sure of is the u.s. and its involvement in nato and allied countries have a common framework for sharing threat information. there is much we can learn from the europeans, specifically in the disinformation space. europeans have been dealing with this for decades, and we know effects this can have on resilience and public confidence. certainly a major issue. i think cooperation is
10:22 am
essential, especially with eu and individual countries asserts, and we want to make sure you are strong and that respect. legal et al. shades -- attaches, we need to strengthen on that. as we continue to be vulnerable in this space and threat actors everywhere continue to get more sophisticated, we are seeing the asymmetry of cyber capabilities rise into the disruptive power of cyber criminals. colonial pipeline is an excellent example of that. i think it is a common concern for the european union and united states. before we move on, i wanted to circle back around to the voluntary piece. did not mean to overstate the mandatory aspect. i think voluntary information
10:23 am
sharing and voluntary public-private cooperation is the foundation that needs to be maintained. much like robert said, that the prerequisite, that we start from. overall, accountability is what we need to be trying to reach, and maybe that is accountability and the negative sense, making sure companies are doing their right thing, but also in the positive sense. the u.s. government and governments everywhere are rewarding the type of behavior we would like to see in the sectors and entities that are doing it appropriately. i wanted to double tap that . >> robert, let me ask about u.s.-european collaboration and what would you do? >> i think we already have cooperation. there are some economic interests from both sides. most discussions around cloud
10:24 am
computing and service providers, certification for the providers and our argument is we should not forget about the transatlantic relationship with the u.s.. so the polish position is we should not develop -- of a providers and not trust outside the eu, because of course we have transatlantic security. but at least talking about e.u., i would refer to what was achieved by eu-u.s. trade and technology council and during the first meeting, the declaration that was signed on the 29th of september, quite a fresh document. it is a document of 10 working groups, and they will cover
10:25 am
things like the secure supply chain. of course, investment screening and information and communications technology and services, competitiveness. some regulations and i believe outcomes from these working groups came from a good foundation for close cooperation. talking about cooperation itself, i think it is a case-by-case basis as well. so we were just talking about colonial pipeline, but there have been many other situations where the polish team worked with others delivering information on how to mitigate the vulnerability on the prince driver's-side -- driver software vulnerability. how to solve this problem even when the solution from microsoft was not published yet.
10:26 am
and of course random against u.s. infrastructure, we share this on a daily basis. just a few weeks ago we had another random discussion. and we are working right now on ransomware, because it is not so important to analyze the artifacts, but the most important is to recover the critical service. our polish team recovers operation after the tactic, hospital infrastructure, regional and local and regional governments. also helping others to recover after ransomware attack's. -- attacks. creating and defending economic goals and a discussion with the
10:27 am
eu-u.s. technology council, this is a good driver for cooperation. >> thank you, that's a very valuable point on ransomware. we have about four minutes left. as usual, we've gotten a flood of questions. some of which we have covered. sebastian, your views on u.s.-eu cooperation? >> i think what is important in all cooperation on the political level, it is also trying to involve the private sector. there is a big difference from the point of view from every administration and the people who are really in the business. the involvement from the private sector is really crucial for the success of the corporation.
10:28 am
this is one thing. the other thing is i think what is also important, to create the same or similar standards or understanding of certification standards on the eu and u.s. side. from the private sector perspective, creating different kind of certification standards in eu or u.s. will be a difficulty, because sometimes you need to be certified in eu for some standard, nus for a different standard, and so on. so the same or similar standards or even creating -- on a national level will help is this to provide services across the
10:29 am
globe. >> thank you. we need to remember, and all of you have touched on the point of maturity. the internet itself was only commercialized 26 years ago. if you were going to measure the point where we switched from being a desktop ornament to being a crucial part of our everyday lives, it might even be not even a decade ago. this is a very new problem. we talked about three things that might help. we talked about vehicles for cooperation both nationally and internationally, we talked about incentives, particularly for the private sector and how it lends voluntary and mandatory measures. we've also highlighted that while everyone is doing quite well, we are better than we were a decade ago, there is still room to improve. we did not get a chance to talk a lot about nato. only one person brought up
10:30 am
russia. that was on my to do list, i was not sure. but foreign actors as the source of threat. these are good topics perhaps for a later discussion. let me think sebastian, robert, john and isabella for what i think it's been a useful discussion. isabella, final thoughts? >> the final thought would be we should follow up on the policy brief, and some concrete actions and proposals along with companies. i think we should put this thought on paper and make it happen, so that is not for me, really interesting and good for that. thank you.
10:31 am
>> great job, everyone >> thank you. >> c-span is your unfiltered view of government. we are funded by these television companies and more including charter communications. >> rock band is a force for empowerment and that's why charter has invested billions building infrastructure, upgrading technology, and opportunity in communities big and small. charter is connecting us. >> charter communications supports c-span is a public service along with these other television providers giving you a front row seat to democracy. >> saturday night former president donald trump speaks at a rally held at the iowa state fairgrounds in the state capital of des moines. he won the state if i were in 2020 and is considered a top
10:32 am
contender for the 2024 gop presidential nomination. live coverage at 8 p.m. eastern on c-span, , online also watch full coverage on our new video out c-span now. >> download c-span's new mobile app and stay up-to-date with live video coverage of today's biggest political events from life streams of the house and senate floor and key congressional hearings. the white house event and supreme court oral arguments. even our live interactive program "washington journal" where we hear your voices every day. c-span now has you covered. download the app for free today. >> education secretary miguel cardona and health and human services secretary xavier becerra testified on schools reopening during the covid-19 pandemic at a senate health, education, labor and pensions committee hearing. send it from both sides of


info Stream Only

Uploaded by TV Archive on