Skip to main content

tv   NSA Director Discusses Cybersecurity Law  CSPAN  November 2, 2021 10:43pm-11:43pm EDT

10:43 pm
their arms crossed refusing to allow the senate to function is unacceptable. ♪ ♪♪ ♪ ♪♪ ♪ ♪♪ ♪ ♪♪ >> next, a discussion on national cyber security with director and commander of u.s. cyber command, the general the address several topics including election security and read somewhere attacks and american university hosted this hour long
10:44 pm
discussion. >> for those of you who don't know me, it i chaired the community and privacy practice at mayor brandon total privilege to be here with general. [inaudible conversations]. i'm going to give you a little bit of a background about the director, commander and then we will get started we do we will i would encourage you over the course of our discussion to please put the questions in the jet i will try to work them into our conversation. now general served as the commander of u.s. cyber command and director of the national security agency and he served in that capacity since may the 2018 pretty previously commanded u.s. army cyber command from october 2016 until taking over this role predict is a native of minnesota and a graduate of st. john's university in minnesota where he received his commission for the reserve officers training corps pretty graduate degrees from u.s. army war college national defense intelligence college and
10:45 pm
university of southern california. and he has helped command and physicians across all levels of the army and the united states, korea and afghanistan. in fact his last overseas posting as a director of intelligence at the international security assistance and capitol, afghanistan in gen. paul nakasone has set commanded at the u.s. cyber command previously in his commanded the company battalion and brigade and served as a senior intelligence officer at the vitelli division at a core level and i'm proud to also say i considered him a mentor and a friend and told privilege to have you so welcome. >> thank you so much and thank you to the university the technology program that my good friends jerry is running and also my great associate in
10:46 pm
residence, this is really nice to be a peer today. >> you are multiple hats as a director of an essay commander of cyber command and for our audience can you describe what the innovations do and how they relate to one another and what role each has for our nation. >> that's a great question and let me begin with the cyber command so it is one of the combatant commands, one of 11 that is11 part of the department of defense like i work in that role for the secretary of defense and the president. nick: things, first of all we defended, the efforts the data in the weapon systems, how big is that will the me give you an example, we have about 4.5 million in points and about 3.5 million users and about 600,000 mobile devices spread
10:47 pm
across a classified and unclassified network and the second pieces that we work closely with the federal bureauu of investigation to ensure the security of the nation cyberspace. in the final thing is that we provided supported to all of our combatant commander so whether or not you deployed around the world, orrs nearly four the pacific, if you need cyber ersupport, it's going to come fm cyber command braided so that is my cyber command site and let me talk a little bit about the national security agency, next week we're 69 years 6old, with really guilty about more of aio global organization spread around the world, our t focus is to part, first of all we do foreign intelligence outside of the united states, very focused on intelligence so on a wider area or an e-mail, the transition of cyberspace, and were trying to - in the second pieces that we do cyber security i think this is by the
10:48 pm
way mission really well-known about an essay. in that casee we do early two very important things. first of all we do all of theak code making for most of the critical and lethal weapon system so think of our most lethal weapon systems were doing coding for that to make sure we have assurances to be able to communicate and acknowledge who is using our systems. the secondo pieces that were vey focused on the technical side and be able to identify and eradicate threats and cybersecurity with partners like u.s. cyber command here's the big piece that i think this is important most people think that you're just - no no no, we are not pretty were separate authorities and separate funding and we have separate oversight and separate missions on both u.s. cyber commandnd and an ess. but there are two things in
10:49 pm
common, and the second thing is we operate in cyberspace and so to say, why do you have one person leaving both of them and because the speed and agility,le that's where it leads to. >> that is really helpful and amazing and the folks to appreciate the role and for a couple of years now, the since the spring of 2018, what are your priorities and how they changed. >> so i will begin and i would imagine most of the speakers you talk to would say this as well, my first priority is talented and when you think about the national security and one of the 1500 people, 300 people this year and we are looking for top talent. we are looking for the rest of the best to come and work in the mission set base and it is so
10:50 pm
critical to our nation and so people say what you think about a lot, think about talent and what i get better talent because guesswork of the same talent that i'm trying to get, the samm talent that is being wooed by private industry in other parts of our government and this is a big issue for us and i'm sure we'll talk more about his himit but i got a lot about this in three years and i think that the way we approach it as a government, it's good and has to get better full continue to maintain this high standard of talent. it's all about readiness and i think about how we will do our missions better braided let me give you an example so i talk a little bit about nsa and a foreign intelligence mission and you can well imagine that in the morning, is really important for us how to be ensure that we understand both the intensive perhaps the capability and nsa has done this as i'm saying for almost 70 years now and they do it extremely well t but that doesn't mean we can't get better
10:51 pm
at it in the same way and cyber, we have wondered 33 different teams that operate across the globe and support many customers predict how will they g be at te peak readiness and how is it that the readiness that we are so accustomed to seeing the special operation forces, that's what i'm trying to drive the cyber command interface the last piece is partnerships. last week, no better person to talk about partnerships that hurt so much from him and watchinguc him. and his role as national cyber director in terms of how you bring the partnerships together and our partnership here in between nsa and cyber command that will be operated cyberspace, he asked me what is different for the past three years, i think it means to date operating with the private sector and operating with international partners and operatingin with academia.
10:52 pm
this is big piece of what we need to do a lot of contributing armembers. >> thank you and i'm dew point to turn to the topic of workforce later but question comes to mind that you and anybody in this field could be learning earning a lot more money the private sector braided but what affects us and maybern you can speak to that from yourn personal experience of the motivations. >> what are the things that i think that you realize with a totally and i have a lot of age now, is that probably really two important things about your job. the first important thing is really enjoy what you do. not trying to piece of mission, that's exactly what you want to be doingex every day, every dayi get up and am excited.
10:53 pm
i get to work with the incredibly talented people were thinking about this demand of cyberspace were trying to figure out how we get done and here's the other piece of the equation i thank you so so important. you work for an you work with. i've had the tremendous progress in that privilege for decades to work with incredible leaderscr across military and the civilian sectors read a lot of them that have been here at u.s. cyber command the national security agency. that motivates me. and in terms of the compensation not get, his from the mission i work everything a day and the get to work with i work for. >> that is really great to hear i know a lot of people appreciate what with motivates you. and he talked a little bit about this landscape and the partnerships that you form as a director of nsa the commander of cyber command. there has been a lot going on even the last year even for folks just in the headlines
10:54 pm
whether it is server exchange attacks or rent somewhere and a lot is happened out there and can you tell us from your perspective with the threats look like and how it has changed over time. >> when the first working cyberspace exclusively about 2009, and in 2010, just in that he started to think about how you do you stand up and what would you be in some is really focused on this idea of espionage braided we were very concerned about people coming into our classified networks and stealing secrets. and a couple of years, we were getting concerned about seeing these destructive tax and the service attacks against wall street and beingng able to utile the cyberspace not only do these attacks but also in getting the
10:55 pm
information spear and i think that in 2015, with the realization that of the pack in the office of personal management that m we had lost so many records and summative data. we started to see the trend of cyberspace just going from focusing on disruption in espionage and information spear what you talk about today, if you consider what our nation is been through the last ten months, microsoft accented pipeline and gbs and we have seen supply-chain attacks and it others in our adversaries, that is different. i think that the key piece that i bring today is that even three years, we have seen a tremendous effort by adversaries to come in to the medium of cyberspace and into obvious impacts.
10:56 pm
i think that is one portion of it and i think that's an important portion of that we always have to be focused on but the other thing is that i will tell you is that we as a nation, we've not been sounding the fact that we have watched this and it's all occurred, remember this is true thousand nine, and we start to think about how to build the capacity and partner together and isis and how we get into the security of our elections in 2018, and in 2020 and how we go after and be effective at building effective partnerships to get after the rent somewhere. and then of course the executive order that the administration has worked on, this has changed dramatically in our side of the world so that i think that it's one of those things that you have to look at both sides of the coin. >> does it feel like were added to an inflection or turning point in the big picture. >> i think that's a really interesting question a good
10:57 pm
point and i i think that theli market public is much more aware today of what is going on cyberspace and we talk about it since 2010 and even in 2012 and also in 2015, and a little bit with the elections and i don't think that it is like when a good portion of the gap pipeline on the east coast is being impacted by a cyber actor, i think there is a different feel in the nation that this is tremendously important that we have to be ablee to get after. >> many people are thinking about this before now many years ago i worked on the 911 commission and one of the themes came out of that was thatf terrorism before 911 was viewed as a law enforcement problem and lareally needed to be thought ot more holistically as national security position and you have said the rain somewhere use be characterized as kind of a criminal activity in a similarti analogy but today you see this as a national security issue that our country should really
10:58 pm
search for braided was the importance of that distinction from criminal activity to national security priority and when you thinking about what would it look like. >> if we would've had thisis cht a year ago i would've probably said something like yeah, i think law enforcement, working rent somewhere and what is change of the pastors again, as i come back to the idea for adversaries in terms of sophistication and what they are doing it rent somewhere is an event that affects so many braided into your point of an inflection point, this is affecting and local level and affecting government and private and personal security and supplement talk about regular i think about it, it to the point of david has the of an impact in able to know impact our critical infrastructure, certainly has to be a national security issue. and your point then i think the
10:59 pm
next part of theoi questions wht is that mean well i think that it means that the nation brings all of this instruments of capability to bear on a problem like this and so as i look at that in one of the things that we have said is this is affecting the nation security. they're going to be in the middle of the ten we want to make sure that whatever we can do the law enforcement or the department of homeland security, we want to be the best partner. and to your point, search what is mean, it is here for us and when we search we bring our best people together we focus on singular problem, look at different and creative ways to get at that problem and we think about how to be generate insights on it and how do we share information on that and perhaps impacted to the betterment of the nation. they are one ofs those things
11:00 pm
that i think we do very very well vertically in a very focused problem likela rent somewhere. >> twenty think we can had with it's hard think about the moment when it will be over by how we live long term with this pretty. >> if this is national security issue they'll see numbers of levels that we will operate and be able to go after this. ... ... i think a lot of it is t
11:01 pm
awareness, that individual level of are you aware of it. are we taking the different s necessary steps to protect our individuals and local businesses and l local governments from wht has been a difficult issue over the last 12 months. >> you mentioned public-private cooperation so that is a good topic to turn to and critical infrastructure which as you said is the core of the national security concern and an area that is right for public-private cooperation given the critical infrastructure. maybe you could expand a little bit on how you think the public
11:02 pm
and private sector could work together in this space for the common good and what role in particular cyber command play in that. y >> the first point i would offer is about 90% of the critical infrastructure is in the private sector. within the public sector that is fact number one. we have to understand if we are going to be able to ensure, we have to have a partnership with the private sector. the other piece i would say for us here at u.s. cyber command and the agency, we are focused on two different ways of doing this. how do we enable the partners and then act? as i talk about nsa as an ability to garner foreign intelligence why don't we enable
11:03 pm
our partners and i would just perhaps one thing you said, what are we doing today and let me give you examples. january, 2010 days discuss a vulnerability on windows ten and provides that to microsoft. one of the unique things that we tookgs credit that we did that d you could say why did you do that. i'm sure there will people that will tell you you shouldn't do that. i would tell you the reason i decided to do that is the fact i think there's a certain importance that goes with our technical expertise and we stand behind something to say this is a vulnerability we at the national security agency have found. we've taken that idea and expanded it into how do we do a threat advisory? we have done a number of cyber security advisory in the fbi and dhs and during the product to say these are the activities in the tradecraft that in the
11:04 pm
issues of vulnerability this is what to select actors have done. the unclassified levels all at the unclassified level. so that is a really important piece of what we've done. let me go to the cyber commons n side. much has been talked about so in 2018, we decided to send a series of teams to different parts of the world at the invitation of our friends and allies to assist them to hunt down the networks with them and what doer we do? we were able to find a series of malware and when we found that what we did is provided to a commercial cybersecuritypi provider that spread the information to all other cybersecurity providers. think about that. you inoculated a lot of networks based upon malware that were able to find the adversaries. that is the type of work that i
11:05 pm
think we have to do to enable land to act in terms of assisting the private sector. now if i might, i know i'm a little bit long-winded let me talk about the private sector. a couple of weeks ago i was able to speak and during the solar wind intrusion the tuesday before thanksgiving he came in to say i think we have a problem here. he came into the discussion because that partnership was tight. we had worked with him and then we were able to really put the pieces of the puzzle together. that type of expertise coming forward and working with us and then talking about this intrusion i think is an example of effective public-private
11:06 pm
activity. >> it soundsis like a core them. a. >> if i might, can i make one follow-up statement because i think this is important and this is really a credit to the work that kevin and so many dead. if you are an adversary, the success is not being found. as a being able to expose something like solar wind that was able to take down what had been a very broad attack and then being able to find it and expose it so that is a loss for their adversaries and that his credit to the private sector and some of the folks that worked here and other parts of the government too expose them.
11:07 pm
>> that is an interesting point. and you know a lot of the exposure to campaigns that are out there. a pessimist might say another thing is happening and we've now uncovered it, but to your point, exposure and attribution and calling the adversaries can be viewed and should be viewed as a success. to the point of were you trying to drive the agency and command that is able to do that. for the ability for so much of the cybersecurity against this kind of malware i think we have to take that into account in terms of the equation as well.
11:08 pm
>> can you tell a little bit about what these efforts are and what they are about? you asked me what has changed. when i came to the agency, one of the things that was pointed out to me was the necessity to get the ideas outside of the agency into the agency and the command. so, to work in partnership with of the maryland innovation security institute is a place where we bring together both our developers and the private sector to talk about the most pressing problems. so if we took up at the zero
11:09 pm
trust architectures and identity management or how is the best way to architect the networks of the future it's done in a place where you park your car and walked inside at the door and have a discussion it's a little bit different than coming to the headquarters where you are not going to be able to park your car and walk in the door and have a discussion. that's the same idea that really kind of motivated us to think about the cyberspace collaboration center. we wanted to have a place we could bring private industry and other partners to have a conversation whether it's in person or virtually to be able to do this because again if you're thinking about cybersecurity and so much of the talent and so much of the work being done is also being done on the private sector we certainly don't have the monopoly on that and what we found is that working at the cyberspace
11:10 pm
collaboration center our focus is the defense industrial base, the critical infrastructure that is fine-tuned to provide capabilities to the department of defense. we work with them day and night to get information will also share information. that is the whole invaluable piece. >> you referred to the folks on the outside it feels like an in penetrable classified environments. these sound like to be able to have these sortt of discussions to my mind it seems unimaginable can you talk about the challenges of breaking through that a sense of secrecy to
11:11 pm
facilitate something like this? >> i think what you are speaking of is how do you change culture in terms of what is transpiring in the environment. it's a team effort most of us knew as we were operating in cyberspace for a number f of yes the government didn't have an a monopoly or great ideas here and we saw so much being done on the private sector. we came to the realization pretty quickly that if we are going to be effective in being able to work with a series of partners, we had to have this kind of capability. it's not easy and we had a lot of discussions but to both of the agency and the command to get these things done and we've learned a lot from it. if you think about what is the private sector think about us
11:12 pm
one of the things they believe about us is there's a couple of valuable things. we bring the insight of the foreign intelligence. the insight of the foreign intelligence, that is the secret sauce that really is in the collaboration center. second we bring huge talent whether it's on cyber command oo the nsa side, being able to talk to someone that has that level of expertise with the variations of malware, pretty powerful. and the last thing at the greater appreciation i think our focus of getting to an outcome is as strong as anyone, anyplace, anywhere. a. >> i have a question from the audience related to what we are talking about and i'm going to read it to you.
11:13 pm
traditionally the community successes are also the most closely guarded secret so hows o you approach thisce figuring out transparent they can be when it succeeds in the cyber operation. so how you think of the balance between secrecy and the cyber attribution space and being transparent with the public and partners. >> first of all that is in excellent question. if the agency has changed over the past several years. i think first of all iowa to tell you no doubt within anywhere in the nation that our fundamental commitment to civil liberties and privacy and the fourth amendment is rocksolid and something that we swear an oath to and that we trained to and have oversight to into that
11:14 pm
we take extremely seriously. n what is it that we need to be able to share does begin with the idea of is this going to be able to have a positive impact on the security of the nation. atthat's where i begin with it. certainly a number of different factors play into that whether it is the sources of methods that might be the second but it does kind of come down for me to think about is this going to be to the betterment of the security of the nation. so itis is an easy way of saying that about a much more complex problem asou it plays out. >> i'm sure that you are living it every day. earlier we talked about serving as a national cyber director and he obviously is an alum having previously served as deputy directordi and as the deputy
11:15 pm
national security advisor can you tell us how the msa interacts with the office and even some of these other components in the executive branch? >> we are intensely proud of chris and jeff. we've worked with them for many years and so to be named to nsthose positions that are in te releadership of what we are doig in cyberspace is a great credit to them and the agency and the work we've done that for many years. chris couldn't have been a better choice based upon his work on the commission and right now being able to bring together so many different players and how we defend the nation and cyberspace into the thought process of the unique competitive elements. so at the department of defense,
11:16 pm
we clearly are very closely working with chris at the role of the security agency and cyber command. chris has done a great job and the several months that he's been in there to start to bring together the key players of how do we do this as we take a look at the vulnerabilitieser that te nation has today. >> this both the responsibility for the critical infrastructure and defending the .gov and the collaborative development program that she's put together under the partnership with thehi private sector that ties a very veryclosely with the cybersecury directorate and being able to have the continual conversations where we have folks has been incredibly powerful. i would add another piece but it's really important and that's
11:17 pm
the fbi so under the direction we've worked very closely with the fbi beginning with elections but the power of what they do in the series of different field offices has proven to be very effective. >> i'm going to ask about the cybersecurity directorate.nd i know that you were involved in the standing up of the cyber command and now that you are at the head of cyber command can you tell us about your role helping to set up cyber command for the audience? >> in the spring of 2009 and march, chris english called out of my office and asked that i come up to talk with him. little did i know in marchle of 2009 what he was talking about isto putting together an idea to
11:18 pm
stand up to this command said between myself and the retired admiral we worked for about 13 months to put together the construct. it is obviously a success.e let me ask a little bit about the cybersecurity directorate. can you tell us what that is and why did you look to stand it up? >> the national security agency has two missions. one is foreign intelligence into the other is cybersecurity. when i arrived, one of the
11:19 pm
things that i came to the realization is that we had lost a little bit of our way in cybersecurity and one of the things i wanted to do is reinvigorate what i thought would be important going into the future. at the best way that i knew how to do that is put one person in charge to give them the resourcesso and also the mission to make sure they were successful moving forward. so, in f the fall of 2019, we stood up the cybersecurity directorate under the leadership and from then we decided to different elements the director was going to be responsible for. the other piece was a new peace and that is the eradicate.
11:20 pm
what we want to be is not reporting on threats. we want to impact, to get to the outcomes against those threats from us of the word eradicate is the second piece of what they foare responsible for. so again, how do we look at andi adversary and a number of different partnerships and authorities ands, capabilities o be able to get after them and hopefully to eradicate that to the nation. >> may be this is a good time to relate to the audience. >> certainly i think the first piece is generating inside. one of the things we have learned here particularly in the security is you have to know the adversary but the adversaries sometimes knows themselves. who aree the actors, what is the
11:21 pm
tradecraft, where are they operating from, what are their capabilities. thenbi the second piece how do e bring more partners into a difficult mission so if you are looking to have an impact against ran somewhere you need partners beyond nsa and cyber command. how does the private sector play into this and how can we get dhs closely aligned with what we are doing and being able to work this into collaboration so rapidly. what we found is that speed matters. we continue to work that extremely hard because as quickly as we are moving, the adversary is moving as well. a. >> that tiesni nicely into anotr question about the speed as a
11:22 pm
threat. unlike some other domains, and you spoke about the readiness earlier, can you speak a little bit about how when one mindset needs to be adjusted and mobilization needs to happen differently when itt comes to cybersecurity as some other. >> let me give you a story here because i think the story is important to illustrate. perhaps is the question has eluded to thisal idea of newl thoughts. in the fall of 2020, we worked very closely with the connecticut national guard working with u.s. cyber command and a capability of the cyber capability to provide information back and forth about activities or threats that you might be seeing debate
11:23 pm
identifying ran somewhere rapidly they were able to bring us to search and then working in partnership to the public school system and a significant portion of connecticut. the capability has been quickly identified working in partnership and then some capable people being able to address it. what efforts are being done are
11:24 pm
there things you think we could be doing better from a government perspective? let me start from the latter portion and then work backwards. we do a tremendous job of being able to recruit people. then we do an equally good job in being able to treat these people. the second is more difficult in icterms of trying to maintain someone. but here's the area that we are struggling with that we've got to address and that is how do we allow them to rejoin you.
11:25 pm
coming back it is difficult. it's not something that we've eaeasily done and it takes a log time. how do we do that more quickly andpe encourage people that perhaps want to leave or come back. i want them to have the insights of what they've done on the private sector to come back to be able to do what they want to do in our mission space. that's something we have to get after anna we well but it's something that to your last point is a challenge. let me come back to the first point. what matters here, i've heard admiral bill mcraven talk about what is the greatest national security threat to the nation. you would think that he could name many different things but
11:26 pm
what he said his k-12 education. interesting. and i was thinking to myself one of the things we worked very hard is to develop the cyber generation with the national science foundation and others across the country to encourage young people that science and mathematics is a great place that you want to be part of and the opportunities are unlimited. it's this idea that gets to the point that this is the answer we need to be able to encourage people that the idea that you have a future and a place like cyber command or nsa or dhs or whatever it is, it's this population. we are short 400,000 that could be working in the sector today
11:27 pm
across all different phases. a. >> i have aro ton of questions from the audience but i want to pose a few with them to you. the first has to do with congress. are there things you would like to see when it comes to cybersecurity is the specific question and i would ask how do you view the bipartisan issue dynamic when it comes to cybersecurity. it may be one of those things that lends itself so i welcome your thoughts on both topics. to those in the policy framework
11:28 pm
of what thewi nation needs wheri see it as an operational leader at both cyber command are some of the work that has been done on the side of the service committee on intelligence to generate new capabilities for us like the cyber accepted service to hire people much more rapidly those have been very beneficial to what we've done. it is an issue that everyone ha focused on and everyone agrees that this is a critical piece. not only from the perspective of leading the national security agency about what we are doing about it in terms of my role as the commander and a lot of interest on the hill and other places on cybersecurity. without getting into the
11:29 pm
specifics of your view of the particular norms from the operational leader, do you think there are any rules of the road out there when it comes to foreignct threat actors or havee not set any guardrails at least operationally. >> we have norms that we abide by and obviously we abide by the laws and the rules of how we operate. i think that one of the things we certainly have learned in the past several years is persistent and engagement and the ability to continue to operate against the adversaries is an important way which they understand what is truly important to us so i think the work we have done in the events like securing the
11:30 pm
elections has been very important. >> about the defense department strategy can you explain that for us in the audience and that way of thinking? >> the department of defense released the cybersecurity strategy and one of the elements was this idea of defendant forward. how do we operate outside to identify the threats to ensure perhaps they didn't come to the homeland and from that idea of the outside of the united states, here at the cyber command we developed the idea of persistent engagement and the persistent engagement is two things. the ability to enable our partners and also to act so whether they are international partners, whether they are interagency partners, whether they are industry partners.
11:31 pm
by an adversary that is coming to the united states that is the idea of engagement and being able i to ensure that we are operating within the construct of the motions. getting your thoughts on the value and the sort of operational goal and how you think we are doing in terms of deterring the foreign threat actors from taking more than we are seeing these days. d
11:32 pm
>> i think we are still learning about how we apply to the detergents and one of the things the secretary talks about is the series of partners and domains and how we operate in a way that is different to be able to impact the adversaries. we've done that now in the operations and i think that for us one of the things i've learned in operating in cyber is that it needs to be continuous and in operationo that is ongog whether it is to build resilience were operating to give greater insight. it's something that you don't just stop in five weeks, five months, two years decided you will startrt operating again. it's different in terms of what we need to be doing and we are
11:33 pm
always active. it feels like from the outside we've made a lot of progress. if we could describe what it looks like. a. >> in 2018 as we were getting ready for the midterm elections, one of the things we had done his look back and say what are the adversaries doing in previous elections and what was the tradecraft they might do and what are the things they were successful at and what were the vulnerabilities. one of the realizations we came to his we need a strong series of partnerships.
11:34 pm
bringing together the best ofth the agency under one leader to be able to get after what was at the time we thought a very dangerous election and we had success.on we are focused on one threat and i think to follow the question is what changed in 2020, the partnerships got bigger. it was not only just nsa, cyber command come fbi. it was brought partnerships within the federal, local and state government and partnerships with academia being able to use with a series of good subject matter experts that understood the threat and other threat actors that were operating. having that ability to work andn
11:35 pm
partnerships and having that ability tode understand the thrt and the ability to act i thought was at instrumental in having success. >> questions related to theis theme of partnership and one has to do with international partners and if you can speak to what have we learned from the international partnerships and where you see thatat succeeding. a. >> we learn a lot from our international partnerships. whether or not it's a small group of partners or a broad set of partners, one of the things we learned is that there's everywhere so when you go to the series of different countries whether it's europe or the pacific, the first lesson that we have learned is it isn't just here in the united states. the second thing is we have a series of insights that we
11:36 pm
garner from the partners in very specific parts of the world. we learned this in our counterterrorism efforts in isis, operating with different partners that we see variance they provided us an inside perspective to the threat that we just didn't have. the second thing is that localized understanding of the breadth that we didn't have. and the third piece is the tremendous strength in numbers. when you look at an adversary whether or not it is ran somewhere, always better to have more than less partners and there is strength in numbers. >> i will boil it down to one question if there's one thing you could ask for on the private
11:37 pm
sector, one way to take the mantle on the cybersecurity side with the government what would be one thing you would want to make sure a lot of the private sector lawyers and others listening with takeaway? partnershipsdous we need to develop with the collaboration center with the industrial base and other major elements in the private sector, this partnership reached organizations like that is what is going to give us strength. this is where we are going to have the impact and where we want to be able to get the scope and scale. in terms of the defense industrial base, there are tens of thousands of members in the industrial base. being able to get the scope and scale list to be able to work with of the key partners that have the ability to touch so many. we want that same ability and i'm sure they feel the same.
11:38 pm
so again being able to have those major partners and work with others are the critical pieces that i think get us to success. a. >> having spoken with you and chris over the last several weeks, definitely a shift from information sharing to the collaboration. or some of the collaboration happening in the centers you've referred to. is that a fair concerted way to think about it to try to move forward from the old school days of just information sharing? >> i don't think we are going to information and share our way out of the problems that we see today. we have to think new and innovatively about how we are going to do things.
11:39 pm
one of the things we might be able to provide, whether it is being able to do the scanning broadly against a series of different industry partners or others that might be able to rapidly identify malware what is it that we might be able to do in terms of our domain name services so they are not impacted these are services i think we have seen in other erpartners and allies do that he been able to be so effective. i think that is moving from awareness to action and that is the key piece that i think we want to be at. >> we are very mindful of your times of just one last question which is cybersecurity is often thought of as we read in the paper but from your perspective, are you optimistic and what is the best possibility in your mind about having some positives in the future in the
11:40 pm
cybersecurity fight? >> i am an optimist and i see a couple things. first i see a definite momentum. you talked about the inflection point earlier. i think there's an inflection point, not only awareness but actions taking place. executive orders, new organizations with leadership in a focus of being able to out reach the private sector. we found a success in ran somewhere. these are all good indicators that we will give awareness to action and i think action while it's not been perhaps as robust as all of us would like, it is a momentum that i i find very heartening and i think the last piece is that when i leave the store and walk outside back to my office, i'm going to pass a number of different offices that people are committed and working on a friday afternoon to be able
11:41 pm
to get to success. and fbi and other places within the government. i am an optimist and i do look forward to the future. a. >> that is a really positive note. given everything you have on your plate, we can't thank you enough for taking the time to speak with the audience. , i will turn the floor over to you if there's anything that you would like to see included. >> first of all, thank you and thank you to the great opportunity to have a discussion certainly with someone that i've worked with and have a tremendous amount of respect for for years. but i would also tell you thatt as we get ready to end cybersecurity awareness month before the end of the month, one of my great hopes for the future is that cybersecurity awareness becomes cybersecurity action. and i think that is the key
11:42 pm
piece thatat we as a nation are moving towards and i look forward too having that discussion in the future. thank you very much. >> to the audience, have a wonderful weekend. >> thank you, sir.


info Stream Only

Uploaded by TV Archive on