Skip to main content

tv   Experts Discuss American and European Perspectives on Cybersecurity  CSPAN  October 20, 2021 10:08pm-11:09pm EDT

10:08 pm
next, a discussion on cybersecurity from american and european perspectives, at a event hosted by the center and strategic international studies, officials discuss -- this runs an hour. >> i work at sea if s and i've worked at cybersecurity for a while. pardon me. today's agenda we'll have opening remarks, from isabella,
10:09 pm
chair of the institute and chair of the cyberattack program committee. this will then be followed that has john costello, chief of staff at the national cyber director. robert kosla, director in the prime minister's office in poland cybersecurity office. and sebastian burgemejster at bw advisory. we will start with opening remarks for ten minutes or so. izabela, over to you. >> thank you. good morning to american friends and [inaudible] . it is good to be back to the u.s.. you may remember when the cybersec visited in washington last time.
10:10 pm
in march 2019, before the call of covid-19, we had some plans to put together a joint onsite events. i hope that his soon will come back and that we can meet each other again in a physical area. meanwhile, i am really happy to support this online exchange. i just finished prevention international cybersecurity week in singapore. the same discussion basically took place. the first question was, what keeps the minister [inaudible] awake at night? and he said protection of
10:11 pm
critical infrastructure. so we have very good topics to discuss today. and i think that the cooperation on cybersecurity management on security of critical infrastructure, on which are security and prosperity is now vital, is vital to the spread of -- their growing more sophisticated and critical infrastructure is particularly vulnerable. this is a geopolitical issue and cyberspace has multiple actors. nation state actors but also cybercriminals. and on the other side by advancements in the process and soon to be the implementation
10:12 pm
of more and more pollution on emerging injustice technologies. these technologies have been widening cybersecurity and we will move forward into legitimate [inaudible] . the cybersec has been advocating the need for enhanced cybersecurity cooperation and collaboration between like-minded countries. i am glad that as we speak we can -- last week, the eu trace and technology [inaudible] , which has not specifically
10:13 pm
mention cybersecurity mentions. impacting cybersecurity. a very good development. [inaudible] [inaudible] but the process of building the cooperation, which brings together 30 countries, and cooperations improving collaboration. and cryptocurrency engaging on these issues is now advancing. the u.s. is also building a coalition of nations to advocate for technology and to better secure supply chains. it is over this discussion we are having today. and there will be -- and i hope that there will be many eu countries in this
10:14 pm
cooperation on cyber crime and law enforcement collaboration. despite this important and good development, the cooperation on cybersecurity is such that [inaudible] and the u.s. is very much now. i will concentrate on for possible dimensions of such collaboration. the first is au, u.s., private sector collaboration level. and last but not least, made a level. the u.s. has [inaudible] recognition and they also have
10:15 pm
history of cybersecurity. and this collaboration is not practical. we need, as much as possible, to develop cooperation between eu and u.s. countries. as an example, the development could gather comprehensive u.s. media, and australia. building a long-standing collaboration on cybersecurity allowing new efforts to -- the resilience again cyber threats. by doing this together, the nation's drive domestic and international -- . another specific example of
10:16 pm
such an enhanced collaboration was a month ago with u.s. declaration on the partnership for challenges including cybersecurity cooperation for a new agreement cybersecurity corporation with respect to the financial sector military engagement and capacity. there's a lot of expertise to be said and it is a lot of expertise to be shared with europe region. the message from the central eastern european region, is that first it is also fiber attacks -- their collaboration and the
10:17 pm
specific initiative. it can be good done together with the u.s., and the strategic partner of this important region. the aim should read build resilience and security of the infrastructure. -- in the future. since the, development of structure there is a hands collaboration and inside cybersecurity. [inaudible] couple of recommendations on in the region. many of them are related to -- . then, the private sector role
10:18 pm
in terms of collaboration to protect and to -- hear let's concentrate a bit more on the forum the forum has become a place where we innovate and create solutions against adversarial action. last year the -- established from the polish minister of digital affairs. it is gathering today more than 14 cybersecurity -- cutting edge solutions for security of systems. and since involvement of the private sector is crucial for cybersecurity, for the creation of cybersecurity framework and critical infrastructure, there
10:19 pm
is potential for the neutral beneficial collaboration between american and foolish as well as european companies in this case of critical infrastructure protection. last but not least, another platform of cooperation, i've critical infrastructure is now nato. -- ally collaboration including increasing infrastructure -- is security. the military using civilian infrastructure including -- asset from networks and efficient transport of troops and equipment, --
10:20 pm
significant element in our resilience and nato's defense as well as its capacity to build. nato should also manage -- and opportunity of emerging technology computing in active critical infrastructure so -- north that land take and innovation from framework of collaboration which you can develop. -- [inaudible] operative will maintain and enhance the security of communication information
10:21 pm
network 5g. so we should aim at building strategic partners between the u.s. and the eu to share expertise and competence for mutual benefit. maybe i can also at the process white presidential biden said on october 1st, he said the whole of nation to confirm private firms, he has committed to -- for the security critical infrastructure against cyberattacks. so i will preface in a way that this is the whole of like-minded countries and ally efforts. we need to work together to increase the protection of our critical assets. the infrastructure of the -- . i thank you so much and i'm
10:22 pm
looking forward to the discussion and practical steps to enhance this operation between european and western governments. thank you so much. >> thank you isabella that was perfect timing to. now we need to go to our panel of experts sebastian burke my sister, john costello and robert kosla. what i will do is they can ask some questions and they can answer. we will have a discussion about cybersecurity and critical infrastructure. let me start one that might help the audience a little bit but maybe each of you could give your views on when we say resilience why did is we mean? >> john do you want to start. >> sure, first of all thanks for having me it is my first speaking engagement in my
10:23 pm
position as chief of staff for the office of cyber director. a newly established position in the u.s. government. we have to talk about -- when it comes to critical infrastructure to me it is -- number of different components i think the bases security of many of the systems to whether that's the technical components of that ecosystem, or the functional components of that ecosystem, meaning the technologies on which they rely and understand and the second is how different services interact. our way to go down, banking systems, communication, i think more broadly the resiliency is the ability of any of these systems to quickly respond and
10:24 pm
rebound and continue functionality in some method by some means. we regardless of the disruption, regardless of the destruction of perfectly resilient system would be one that resists disruption or disruption from the security perspective. also one that can very quickly continue functionality and some foreign in the event of destruction or disruption. >> thank you. robert let me ask you the same question, when you think about it from your position i'm in the -- what is resilience? >> thank you very much for this question actually i can address through cybersecurity aspect, of course resilience is one of the strategic -- strategies developed by the council -- in 2019. so resiliency is one of two
10:25 pm
roles, hurst of all it's the resiliency again this is related to cybersecurity we are talking about how to avoid disruption of critical information infrastructure. my major concern about the infrastructure, and the second is the increased capability for information protection. we are talking about resilience, this is the way how the country on the maintenance and also continues and the ability of critical services. that's why when we refer directly at the national level for implementing them, and the european council, we are focusing on how to protect the essential services. essential services of course you may refer to critical
10:26 pm
services, and how do you referred to critical services. when i see actually that is resilient become more and more involved right now also in this relationship between critical infrastructure and critical digital services. it's about how to maintain how to protect infrastructure, and how to protect services in the infrastructure. >> thank you. >> you work with a lot of companies, what's your perspective on this? >> thank you for the question. i prefer to use the different wards than resilience, i think from my perspective it is better to use fragile, then resilience because the anti-fragile use the way after
10:27 pm
the event could adapt to the new situation and to easily, quite easily, build the capabilities to respond to every major event. of course in today's interconnected world, there is no such thing linear incidents. that is why what i see in, when i work with my clients, i see interconnection between a lot of suppliers, vendors, partners, and the resilience or antifa agile also bank on the security of the ecosystem that it is connected to the one client or
10:28 pm
to the country, or the system itself. that is why i am looking at it from the protection and also adaptation into the new situation and to the new risk or a threat. >> thank you. those are all good answers, but it raises the question, and we have this program will be re-broadcast, let me ask you what is critical infrastructure in the digital age? is it expanded beyond our old understanding of you no electricity, banks? what is critical infrastructure now, how do we define? john do you want to start? >> the textbook answer the system's assets and functions on which national up, public health and safety rely.
10:29 pm
which is the straight-up policy and textbook definition. you know robert, in his opening remarks critical infrastructure is really the -- underpins the functioning of society. in a separate but important critical function of the state as well, that's a related to national security systems. to your point the idea of critical infrastructure is having expanded overtime given, largely due to the fact that there is an inter related unconnected technology. if we definition of concept originated in the late 90s, we were talking about critical services and telecommunications and cyber related services were
10:30 pm
a part of that. as this has become a technical strata that underpins everything, it has become something separate, something that requires its own attention, something that is in a degree that is being looked at anna simon. the european union i think there's an interesting job and how they categorize critical infrastructure rather than having categories of infrastructure. and i think. energy water etc lifeline so require special attention from a cyber critical structure and much as i think number of describe it. the telecommunications infrastructure, and the soup of technology development in.
10:31 pm
overall i think we are finding that society is depending on technology and this has increased the vulnerability through which society can be disrupted. so i services have gotten more and more into our daily lives, and we are dependent on them, it goes without saying that they have become more critical. and so the area has expanded for sure. >> great, robert. do you want to take this one up? >> i think if we follow the definition that has been quite recently discussed among eu member states, under discussion with the proposal for the directive of the european parliament and the council on resilience of critical entities, i think it is quite obvious right now that we are shifting our focus from the classic infrastructure that yang has
10:32 pm
mentioned into essential services. essential services involve services that are essential for the maintenance of vital services for society and economic activities. and then referring to infrastructure itself, it is the system or the part of it which is really necessary to run those essential services. this is the way we approach it. i like this approach because the legacy approach, when we look at infrastructure, we look, in our minds and our focus on services -- i think this is a good direction. >> great. thank you. sebastian burgemejster? >> thank you. i think robert has a lot of interesting points.
10:33 pm
especially right now, the development of the definition of critical infrastructure goes into critical systems. because the infrastructure could be in the cloud. and right now we could not sometimes define what is critical infrastructure? infrastructure in the cloud, if it is all there, what is the critical infrastructure? so a cloud service provider could be critical infrastructure right now. it will be part of the critical service but this infrastructure, of course, for this can service, would be critical, but for other services could be not critical. so that's why i like the idea of going from the infrastructure to the service. because the services based on the infrastructure. and we have to protect the
10:34 pm
services and then, because of, that we will protect the infrastructure. >> great, thank you. let me pick on something he said earlier, sebastian burgemejster. you use the word fragile. i kind of like that word although it is a bit disconcerting. having done that for a while, i would say that some sectors are in much better shape than they were a decade ago. john, i don't know if you agree. but we still have some crucial vulnerabilities. could each of you give a status report? where are we on critical infrastructure? we are ease the fragility and where is the risk? >> i know it is a complicated question but for a general audience, but what is your 50,000 foot view of where we are and how we are doing? john, do you want to start? >> thanks, jim. i think we are doing quite well in certain sectors. the finance sector is doing
10:35 pm
well, broadly. the energy sector is getting there. overall they are doing well. they are putting a lot of attention to it. the natural gas and transportation sector writ large, they have had a bit of a wake up call this year. they are starting to make progress. you're ceos in corporate leadership are paying attention, regulators are to. but looking at the sector model, and general, i think water will require a lot of attention. it is one that is particularly pernicious, just simply by how it is governed. there is no [inaudible] for water. i think there should be. it is largely operate by municipalities. and as for the ability to disrupt large-scale across the country, that system is in hand inherently federated. we have something similar in
10:36 pm
election security. which is not a security structure itself but rather the content that guides confidence and behavior. the election infrastructure, i think, is doing better. i think that has gone a lot of attention from congress and the administration. i think as a general matter, one of the biggest vulnerabilities that we have is the vulnerability and services that we use. i definitely think there has been a lot of attention in creating more secure services and more secure products overtime. and to create some type of transparency for consumer so that they can spend their money. but we cannot get around the fact that we are getting past critical infrastructure owners and operators that do not have
10:37 pm
the capital, the know-how or the capacity to take on and properly manage that security. i think that is some of the biggest tensions. you and us, the eu and u.s. have to deal with this. they are still vulnerable. that may be an extension of just endemic to technology spaces itself. but it is something we do need to manage. the last point, i don't want to take up too much time for my colleagues here -- my last point is just understanding risk itself has gotten far, far better over the last few decades. it has got more connected as technology has become more suffused with everything. it is getting harder and harder to understand how functions and services interact. and how they potentially cause cascading failures. or how they can be passing risk
10:38 pm
on to others. and unfortunately, i think for government everywhere, we are figuring out how that works before the defenders are for a variety of reasons. this is why a lot of governments are dealing with cybersecurity and resilience in critical infrastructure protection in general. it tends to look reactionary. we can diagnose that, interrogate that a little bit. but it is often because we don't realize that there is a particular pathway of scaled threat to a scaled risk. and it materializes in some way. leon what sectors are vulnerable or not, there is enduring vulnerability, i know folks across the government who are trying to get better answers on this. so i yield my time. >> thank you, mister chairman. robert, i saw you nodding your head at various points. what is your view on this question? >> yeah, i agree with john.
10:39 pm
we identify into dependencies between different sectors. and the potential impact on other sectors. based on direct implementation we identify seven major sectors. of course after many years of organizational directives, and across european countries, it is quite clear that it is not the fullest right now. what's more, sectors like communication -- the way that the european union design the system is actually full of [inaudible] covering different sectors. and without knowing what is going on in the specific sector, and how it impacts one sector and how that sector impacts another sector. we really have the into
10:40 pm
dependencies we identified four national cyber security systems. because this is how it goes. and we identify what the dependencies are. this is how we implemented on a national level. [inaudible] [inaudible] innovation, development of the systems. and cyber security systems, right now it is a system that collects information from all national cyber security systems. and it improves, technically, all the situational awareness. what's more, we incorporate the dynamics and risk assessment tools. so we can dynamically see that an attack against the banking sector are the energy sector, what is the potential impact on other sectors? and these are the most critical resources.
10:41 pm
so this fragility, we should map the impact with a new approach. this has been done by poland, to assign additional entities. so until now, we talked about essential entities. so services being essential. we extended this and we talk right now about important entities. and fill the gap and identify other sectors ends up sectors, for instance, media. would our essential media? and what is the impact of them on other sectors? so this is something i believe that should be a ongoing process. in from the u.s. to develop and design the most effective paths. >> social media was on my list. i was going to ask you all. you don't have to answer. does it count as a critical
10:42 pm
infrastructure? i think some people would say yes. more importantly, before i turn to sebastian burgemejster, on into dependency, i don't think we realize the problems with these being siloed. i've spoken to electronic large companies, need water, electricity. the telecoms needs that to develop their services. so interdependency among critical infrastructures is probably a point with exploring. but sebastian burgemejster, let me get your take. >> thank you. and what is my experience cooperating with critical infrastructure companies or critical services companies? when i would say, first of all, is that the difference is maturity. the financial system, energy, the energy sector and financial sectors are much more mature
10:43 pm
than, for example, the transport sector or the health sector. in poland, for example, i don't think they will attack one hospital. the adversaries will focus on more critical systems. so they will focus on the energy sector or the financial sector. or any other sector or companies which are major, which have major impacts on the state level. so i understand why maturity is different. but i also see in almost every sector is that the companies do not really manage so that a
10:44 pm
supply chain attack will be quite easy from the adversary point of view. they even sometimes do not understand that there is only two or three suppliers in one sector for the critical software. like i cs software, or software for managing cost details and so on. i think it is important from a systemic point of view to understand that the attack not on just one hospital but on a service provider will accept much more impacts then attacking one or two companies. this it is a case for a multi
10:45 pm
vendor attack. the attack will focus on the companies that have much more impact on other companies. on the federal and state level. >> great, thank you. so since you all brought it up in some way, one of the debates here is the balance between mandatory requirements versus security and critical infrastructure. and a voluntary approach. an example to help start this with is colonial pipeline. the gas or fuel company, it weighs under voluntary standards now. and some people came away from that with voluntary standards. maybe we can rephrase the question a little bit by asking, how do we best incentivize the private sector. and i will just put a caveat in here. i have been doing this for about ten years.
10:46 pm
so if you say some of the information sharing or something, then we will press the buzzer. so let's talk about how you incentivize the private sector. isabella, i know you are still on. so if you ever want to jump in please go. john, one of the best incentives. regulation is an incentive that is not necessary? that's a really good question i think that is the question that in my opinion i don't think we can critical infrastructure is not. a number of critical infrastructures are -- lack of financial sector at least is has numerous regulatory overseers, and has a number of regulations. my sense is that for a number of sectors reached the limit of
10:47 pm
voluntary standards, voluntary public private collaboration can establish. i think we, u.s. needs to explore what mandatory requirements look like in certain circumstances, i know congress is currently considering a number of measures at least when it comes to in my mind a bare bones requirement. it goes without saying a few i -- in the government in the particular threat what's going to follow on after that is the question what you're doing about it, how do you go back in an instant like that in the future it also benefits obviously to be able to share that information across a number of critical infrastructure communities that are targeted. -- we get down about critical infrastructure protection
10:48 pm
something on the electric industry. i think those have been affective to some degree. i know that i don't think anyone has -- checklist approach. i don't think i have fault on the matter but i think it's something the u.s. government is looking at, congresses continuously considering. how do we spread that balance, and more importantly how do we thread that balance with respect to the maturity of each -- . not to pick on water by a very mature sector like water, versus an incredibly mature sector like the financial sector which has the benefit of sufficient capital to invest in cybersecurity as well as the risk being externalized and a
10:49 pm
financial lost through -- . how do we realize and i know it's not a particularly status buying answer, but i agree with you. it's something that the u.s. government needs to -- . we have hit the limits from former sectors of what purely voluntary approach can achieve. >> great, thank you. robert, what's the situation in poland when it comes to voluntary? >> so we went of course first, for many years, we know that the government effectively. we -- observed the development of the pipeline in the u.s. we had immediately call with the hsn situation. [inaudible] of course the active balance so
10:50 pm
if it doesn't work then the resignation starting from data protection through other regulation. of course the you need to provide the right guidance. you need to provide support. you need to -- cannot only request the compliance. there is not enough in the approach. talking about voluntary, first we adapt senior approach like the u.s., development by government standards regulation technical documents and publications. we have to develop the type of cybersecurity that we publish in many documents right now covering cybersecurity
10:51 pm
requirements. you have to -- i think the major incentive for public sector is to really start to collaborate and act with public sector with private sector. because what we are talking about, this release the declaration, declarations about publishing and there was nothing behind. i know what i'm talking about because first i worked for the polish government 15 years, and one of these global companies and i came back to work again with the government. a lot of time what i would reading for the bigger -- while the declarations from the government there was no real will to work with the private sector, in many cases they have been a lot of unanswered questions by the government. but will the answer is not be used by the government because sometimes corruption, objective.
10:52 pm
i think it is quite important is to listen, what's in the development and i can tell you 2019 in poland we introduce a program called psych your security corporation program. it's about five areas where we started to cooperate with industries. we have 14 companies right now, and another five in the pipeline. it's about cybersecurity awareness and education program. material developed by the industry for specific services and specific products. second, it's about identification of threats, and sharing of those threats with the industry. how government is using this. the third, is about security baseline. so baseline how to use them, in the public that there. baseline on that practice from
10:53 pm
the private sector. the fourth, as about evaluation certification and how we work with industry to have, and prepare critical services and products for evaluation inside the security. -- [inaudible] private tech are more than welcome. it's about how to promote integrated solutions to improve resiliency and more secure. so one of the programs and poland we have really good practice to develop, but that practice you cannot -- working in poland and what is the value they see from coming from this. thank you. >> thank you. let me know before we turn to sebastian, we're getting a few questions in the chat. most of them focus on cooperation, transatlantic
10:54 pm
cooperation. how things are working? how the collaboration is working? so after we hear from sebastian about -- we will turn to those aspects, sébastien, if you want to close this out on how? >> first of all the private sector incentivize themselves, it's the cybersecurity it's connected to the business. it's easy, this is easy, it's really connected to the business the private sector will inject money to be cybersecurity. if not, we have to create some mandatory requirements but after that they have to be some penalty. the penalty, similar to the gdpr idea. so it has to be very high
10:55 pm
penalty for not complying with those requirements. of course, of the how other side, i see in compliance. it's not the same as the security, or cybersecurity of the company. so after the requirements and i.t. compliance, or oh t and i.t. as complaints, they have to become external. let's think government, or third parties, to verify if those requirements are met not only on the paper, but in the real situation. so a lot of companies that have a lot of paper for seizures, but at the technical level they
10:56 pm
are not completely not secure. of course first of all, we are trying to create some baseline, some baseline mandatory requirements after which there are penalties. but we have to check if it is, false positive or, false negative. >> thank you. whatever new recommendations that people can make, how could we implement it and operationalize day? if you can come up with recommendations as well, cybersecurity is good and we should all advance. great idea, tell me what you actually want to do? >> since you brought of gop gdp are let me bring up the collaborative an international some aspects to this is how do we strengthen u.s. eu collaboration on cybersecurity?
10:57 pm
at some point to get the like-minded nations more or less john do you want to start again. ? >> yes so i think engagement, the engagement is the number one thing that we are doing. the biden administration is certainly doing that and trying to -- assure where the role of nato. one thing we need to make sure of is that u.s. involvement in nato ally countries have a sort of framework for sharing threat information. as much as we can learn from the u.s., specifically on this information, europeans have been dealing with russian disinformation for decades. we know that can have effects on resilience, and on public confidence. that is certainly a major issue. both the u.s. and eu individual
10:58 pm
member countries serve, have to continue to make sure they are strong in that respect. with legal attachés from the cybercrime element, we need to continue to strive for it on the. what we have seen over the last few years is, as we continue to be vulnerable in the space, their community gets more sophisticated. we see the asymmetry of cyber and the destructive power of cyber criminals. according to the pipeline is -- i think it's a common concern that european union in the united states. before we move on i want to circle back around to the -- overstate the mandatory aspect. i think voluntary information
10:59 pm
sharing and voluntary cooperation is the foundation that needs to be maintained. robert, said that -- overall accountability is what we need to be trying to reach. maybe that's accountability in a negative sense, making sure that companies are doing -- in the u.s. government and government everywhere, are some ways -- the type of behavior that we would like to see in the sector they are doing appropriately. so to circle back, but i wanted to -- that. >> great. robert, let me ask you about this question. you ask about european collaboration, what would you do? >> we already have collaboration, some economic interests both from the eu side and the u.s. side. the most confirmation of cloud
11:00 pm
computing in cloud service providers. certification for the closers providers and the argument is of course we should not forget about strategic relationships with the u.s.. so at least the point is we should not develop -- providers like chance hurting the you and the not outside of the eu. in this case of course we are losing american security measures. but talking about eu i would refer to was achieved by eu, u.s., trade. i'm during the first meeting in saint petersburg the declaration was signed on the 29th of september, so just quite fresh document. i document of ten working groups and cover circular
11:01 pm
supply chain for us. and of course information technology and security services. some regulations and -- i believe in outcomes for these working groups can create a good foundation for close cooperation. but talking about cooperation, i think it is a case by case basis as well. we talk about colonial pipeline but there are many other situations where the polish team worked with dhs on information on how to mitigate the drivers for microsoft. we share the first analogies and the proposal on the problem, even when the information from microsoft was not published
11:02 pm
yet. another stories that there were attacks on infrastructure in the u.s.. we share information on a daily basis. just weeks ago we had discussions with our dhs colleagues. and we are working on this because it is not so important to analyze the artifacts and capture the evidence, but it is to recover the critical service. that is why we share all of this and how the polish team recovers operations after there are attacks against hospital, regional governments and their infrastructure. and we also work with colleagues from ireland to recover infrastructure. so i think creative creating understanding on economic goals and starting discussions on
11:03 pm
working groups on the technology council with the eu, this is a good practice to develop cooperation. >> thank you, robert. that's a very valuable point. we have about four minutes left. as usual, in these events we have gotten a lot of questions, some of which we have covered. but sebastian burgemejster, your views on u.s., eu cooperation. >> i think it is important for all cooperation on the political level. also, trying to involve the private sector. because there is a big difference from the point of view of administration and the people who are really in the business. so the involvement of the private sector, it is really crucial for the success of the
11:04 pm
cooperation. i think that is also important is creating the same or similar certifications. or understandings of certification standards on the eu and u.s. side. from the private sector perspective, creating different kinds of certification standards in the eu or the u.s. will be the difficulty for providing business. because sometimes you need to be certified in the eu for some standards. and in the u.s. for different standards. and so on. so yielding the same or similar standards or even creating the gap analyses on a national level will help business to provide their services across
11:05 pm
the globe. >> thank you. we need to remember, and all of you have touched on the point of maturity -- the internet itself was only commercialized 26 years ago. and if you are going to measure the point where we switched it from being a desktop ornament to it being a crucial part of our allies, it may not even be a decade ago. so this is a very new problem. we have talked about three things that may help. we have talked about vehicles for cooperation, both nationally and internationally. we have talked about incentives, particularly for the private sector. mandatory measures. we have also highlighted the point that while everyone is doing quite well, and we have better than we were a decade ago, we still have room to improve. we didn't get a chance to talk a lot about nato.
11:06 pm
we talked about foreign actors as a source of threat. this is a good topic, as are others, for a later discussion. let me thank sebastian burgemejster, izabela albrycht, and john for what has been a very useful discussion. izabela, any final thoughts? >> the final thought would be that we should follow up on those policy briefs. and then some concrete action proposals together with john costello and companies and sebastian burgemejster. so i think we should put these thoughts on paper and make it happen. that's from me. thank you, it was really interesting. food for thought.
11:07 pm
thank you. >> great, great job, thanks to everyone, and everyone enjoy the rest of their day. thank you. >> thank, you thank you. >> thank you, bye. thank you.
11:08 pm
next, health experts testify on the impact of covid-19 on children. it took questions on health issues related to obesity,
11:09 pm
isolation and


info Stream Only

Uploaded by TV Archive on