Skip to main content

tv   NSA Director Discusses Cybersecurity Law  CSPAN  November 5, 2021 4:10pm-5:14pm EDT

4:10 pm
there isn't any think you can do about it. >> our ads fell off a cliff. >> it doesn't make sense to borrow money we can just walk away from it now. >> sunday 8:00 p.m. eastern on c-span sku and i. listen to q&a and all of our podcasts, c-span now cap. ♪♪ >> download c-span's new mobile app and stay up-to-date with live coverage of today's biggest event. live streams of the house and senate for key congressional hearings. white house offense and supreme court oral arguments, live interactive program "washington journal" or rehear your voices every day. c-span now has you covid. download the app free today. ♪♪ >> next, discussion on national cybersecurity with nsa director and commander of u.s. cyber command.
4:11 pm
he addressed several topics including collection security and ransomware attack. american university hosted this hour-long discussion. >> for those of you who don't know me, i've cared for cyber community data privacy practice and the total privilege to be here. i'm going to give you background director and commander and then we will get started. over the course of our discussion, i'd encourage you if you have questions, put them in the chat and i'll work them into our conversation. general serves as permitted cyber command and director of the national security institute and served since may of 2018. medic u.s. army cyber command from october 2016th until taking over this role. in minnesota, graduate st. john's university in minnesota
4:12 pm
and reserve officers training. graduate degrees in u.s. army war college, national defense intelligence college and university of southern california. he's helped command positions across all levels of the army and assignments in the united states, korea, iran and afghanistan and director of intelligence at the international security assistance force joint command in kabul, afghanistan. cyber national mission force u.s. cyber command previously connecticut company battalion and brigade served as senior intelligence at the battalion division and core level. i'm proud to say i committed considered him a mentor and total privilege to have you. welcome.
4:13 pm
>> thanks so much and thanks to american university, technology security program my good friend gary is running and also a great associate, it's nice to appear today on this. >> you wear multiple hats director of an essay commander cyber command. for our audience, could you describe what the organizations do, how they relate to one another and what role each has for our nation. >> is a great question let me begin with u.s. cyber command. u.s. cyber command is one of the combatant commands, onehe of 11 that's part of thehe departmentf defense. i work in that role for therk secretary of defense and the president. we are 11 years old and we do create things. first of all, we defined the department of defense network data and weapons systems, how
4:14 pm
big is that? i'll give you an example. 4.5 million in, 3.5 million users 600,000 mobile devices across classified and unclassified networks. the second we work closely with, federal bureau of investigation to ensure the security of the nation's cybersecurity space. we provide support to all combatant commanders so whether orba not you are deployed around the world, in europe or the pacific, it's going to come from u.s. cyber command. when we talk about the national security agency, next week wee are 59 years old, we are far from a startup but we are a global organization as you know, we are spread around the world. our focus is two-part. first of all, do foreign intelligence outside the united states, we are focused on intelligent so why are born enough, where transitioning in
4:15 pm
cyberspace for our adversaries. we are trying to gain insight. second piece, we do cybersecurity and it's part of a mission not well known. in that piece, we do two important things. first, we do all of the code making for critical lethalos weapon systems so we are dealing with coding to make sure we have assurances to communicate and acknowledge and authenticate who is using the system. the second piece, we are focused on the technical side being able to identify and eradicate threats and cybersecurity with partners like cyber command. here is the big piece that's important, most people say it's just altogether, no. we are not. we have separate authorities and funding in separate oversight and missions on both u.s. cyber
4:16 pm
command and an essay but there are two things in common. one, one person music, that's me. the second thing is, we operate in cyberspace so say i do have one person feeding both of them? if you want to get to speed and agility and unity ofni effort, that's what leads to. >> that's really helpful and lays the groundwork fore folkso appreciate the role you fit in. have is for couple of years since spring of 2018, what are your priorities in each ofes the roles and how they changed since you've stepped into r them? >> i think i would imagine most speakers you'vein talked to sayy first priority is college. when you think about one in 15 people share, we are looking for
4:17 pm
talent, the best of the best to come work in a mission set so critical to our nation the people say what you think about a lot? i think about talent and where do i get better talent? the same talent i'm trying to get is the same talent wooed by a private industry in other parts of our government. this is a big issue for us. i'm sure we'll talk more about it but i i thought a lot about this in three years and i think the way we approach as a government is good but has to get b better to continue to maintain the high standard of talent. the second piece i think about readiness how we do auditions better. ananmi example, i talked about n essay a little in foreign intelligence mission, you can imagine indications are really important to us, how do we ensure we understand the intent of an adversary, perhaps
4:18 pm
capability. nsa has done best almost every here's now and they do extremely well but that doesn't mean we can't get better at it. it's the same as cybercrime, we have 133 different teams that operate across the globe in support of many customers. how do we get them to be at the peak readiness? how is it readiness we are so accustomed to seeing, special operations forces and other ways, that's what i'm trying to drive there. the last piece is partnership. no better person to talk about partnerships, i've learned so much from him and watching him, he is now in his role as national cyber director in terms of, how do you bring partnerships together? our partnershipip here tickets between the partnership nsa and have a command but when you operate in cyberspace, he asked with different the past three
4:19 pm
years? cyberspace today means the private sector, operating with international partners, operating with academia. this is a big piece of what we need to be a able to do and contribute members to it so how do you build substantial partnerships? >> thank you for that and the topic of workforce and talent i want to cover a little later. one question that comes to mind, anybody in the field could be earning a lot more money in the private sector but what often attracts many of us is the sense of mission.. can you speak to that in your own personal experience, the motivation? >> one of the things i think he realized with age hopefully, and i have a lot of age now, the fact that there are two important things about your job, the first important thingnt is w to get up every morning and really enjoy what you do.
4:20 pm
that ties to the present mission. that's exactly what you want to be doing every day, ing get excited every day, i go into work, i'll be working with incredibly talented people or the defense of the nation about cyberspace, where trying tona figure how we get there. here's the other piece that i think is i important, who you wk for and what you work with. i've had the tremendous over three decades to work with incredible leaders across the military and civilian sectors. a lot of the resident here in national security agency, it motivates me and in terms of compensation i get, is the compensation from mission work everyday and people i get to work with and for. >> that is great to hear and i know a lot young lawyers appreciate hearing what motivates you and what could be motivatingld them. we talked a little bit about the landscape and partnerships as
4:21 pm
director of nsa and cyber command, there's a lot going on even in the last year even reading the headlines whether microsoft serve or exchange attack in ransomware, there's a lot happening out there. could you tell us from your perspective what the landscape looks like and how it's changed over time? >> let me go back to when i first started workingor cyberspe exclusively, about 2009. 2009, 2010 starting to think about cyber command and what would be in all of us, it was focused on the idea of espionage. we are concernedf about people coming into our networks and stealingge secrets. over the period of a couple of years, we started to get concerned and disruptive attacks and service attacks against wall
4:22 pm
street and being able to utilize cyberspace not only do these attacks but also moving to the information sphere in 2015 would be theco realization of office f personnel management, we lost so many records data, we started to see a trend of cyberspace from focused on espionage and disruption information and what you talk about today, if you consider what our nation has been through in the past ten months beginning with solar wind portfolio pipeline, jb us, who seemed supply chain attacks sophistication of our adversary, it's different and ian think the key piece i bring today, even in three years we've seen a
4:23 pm
tremendous effort by adversaries to come into the medium of cyberspace and impact us but it's one portion. that's an important portion we have to be focused on but the other thing we haven't been static as a nation either about the fact that we have watched this and has occurred, 2009, we stand up towe u.s. cyber command and think about how we build capacity and how do we partner get oregon targets like isis, how do we get into security elections in 2018o and 2020, hw do we go after and be effective building effective partnerships to get afterps ransomware? then executive order administration has worked on, it's changed dramatically on our side as a well one of those this you have to look at both sides of the coin. >> does it feel like we are out
4:24 pm
of turn, big picture? >> i think it's an interesting question. the american public is much more aware of what's going on in cyberspace. when we talk about cyberspace 2010 and even 2012ab or 15 and with the elections, i don't think 2 it's like when a good portion of the gas pipeline on the east coast is impacted by cyber actor, i think there's a different feel in the nation that it's tremendously important we have to be able to get after. >> definitely has many people's consciousness who weren't thinking about it before. many years ago i worked on the 9/11 issue that our
4:25 pm
country should really search for. what's the importance of that distinction of criminal activity to national security priority and thinking of a surge, what would it look like? >> if we were to have -- if we had this chap a year ago, i probably would have said something like i think law enforcement has on hand, working ransomware and what's changed over the past year, i come back to this idea of adversaries in terms of sophistication and what they are doing, ransomware is an event that affects so many, this is affecting the local level in government, is affecting private sector and national security so when i talk about ransomware and think about it, if it has
4:26 pm
impact, if it's able to impact our critical infrastructure and certainly has to be a national security issue. to what you are saying, so what does that mean? i think it means nation brings all of its instruments of capability tons their on problem like this so as i look at that in one of the things we've said if it's affecting the nation's security, nsa and u.s. cyber command will be in the middle and we want to make sure whatever we can do to assist law enforcement or the department of homeland security, we want to be the best partner. what does surge means? here for us when we search, we bring our best people togethere and focus on a singular problem, we look at different creative ways to get at the problem, but think about how we generate insights on and share
4:27 pm
information on fact, how we perhaps impact back to the betterment of the nation. surgeons are one of those things i think we do very well here, particularly on a focused problem liketi ransomware. >> if you had a vision, where you think -- i have lots of plans to say is this ever going to be over? i imagine a moment when it's over but how do you think we live long term with this? >> if this is national security, there will be a a number of different levels we will operate in and be able to go after this. there is going to be a policy level in terms of what we need to do and national security council is working very hard developing the right policies we have to develop both within the united states are adversaries. i think in the middle, there's a
4:28 pm
huge effort between public and how we talk and communicate better with private industry? how do we work with private industry coming back to us? one of the responsibilities of what we need to provide as public sector to the private industry and what is a private industry have to provide to the public sector? the last part, i think a lot of it is about awareness, individual levels of are you aware? retaking necessary steps to protect our individuals and local businesses and local governments from what has been a difficult issue the past 12 months? >> you mentioned public private corporations, maybe that is a good place to turn to and critical infrastructure which is at the core of national security concern and it seems like an
4:29 pm
area over public-private cooperation given critical infrastructure is owned by the private sector, maybe you could expand a little bit on how you think public and private sector could work together in this space for our common good and r what role the public sector and particularly in sa cyber command plays in that and what you would like to see from the private sector. >> you hit the first part, about 90% of our critical infrastructure is in the private sector so within the public sector, i think that's fact number one. we have to understand if we are going to be able to enjoy defense of the critical infrastructure, a partnership with the private sector and the other piece i would say for us here at u.s. cyber command and national security agency, we are focused on two different ways. how do we enable our partners and at? and able, what does that mean?
4:30 pm
as i talk about an sas inability to guard foreign intelligence and provide technical expertise on cybersecurity, why don't we enable partners with it? i would perhaps amend one thing you said, what are we doing today? january 2010, nsa discovered a significant vulnerability in windows ten. provide that to microsoft in ont of the really unique things we took credit that we get that and you say why did you do that? i'm sure people are saying you shouldn't do that. i would tell you the reason i decided to do that is i think there is a certain importanceni that goes with technical expertise when we stand behind something and say it's a vulnerability with the national security agency have found. we've taken the idea and expanded into, how to reduce the advisory? we've done a number of cybersecurity advisories, fbi
4:31 pm
and dhs in a product to say these are the activities and what the chinese has done in their top 25 issues with vulnerability or this is what russian actors have done, all of the unclassified levels, all at the unclassified level so i think it's an important piece of what we have done, let me go to the eircom side. much has been talked about in operations 72018, we decided to spend a series of teams to different parts of the world out the invitation our friends and allies to assist in networks and what do we do? we were able to find malware and when we found the malware, we provided a commercial cybersecurity rapidly spread information to all other
4:32 pm
cybersecurity. you're just inoculated a lot ofi networks to find adversaries. that is the type of work we have to do to enable and act in terms of assisting the private sector. i know this is long winded but let me talk about the private sector. a couple weeks ago i was able to speak with kevin at his conference and we highlighted the fact that during the solar wind, the tuesday before next given, he came b and to say i think we have a problem here. he came in to the discussion because the partnership was tight. he knew exactly what we could do and would work with them and we were able put the pieces of the puzzle together. some ofk that expertise coming forward in working with us and
4:33 pm
much to kevin's credit, going public talking about this. it's an example of effective public-private activity. >> thank you and it looks like collaboration, whether it's the products on the government or the public-private collaboration, there are a number --ta >> can i make a follow-up statement? i think this is really important and i think it is a credit to the work kevin and so many did. if you are an adversary, the success being an adversary is not. being able to expose something like solaro wind could take don a very broad attack so many sectors and being able to find and expose it, that's a loss for
4:34 pm
our adversary and it credit to the private sector and the folks here at nsa and other parts of the government. >> that's really interesting i think we read a lot about exposures of campaigns after in a pessimist might say no, another thing is happening and we've now uncovered usa exposure and attribution and calling adversaries out can be viewed and should be viewed as a success. >> we always want to be left to that, that's where we need to be. where are you trying to drive the agency in command? want to be that ready and able to do that but i think we also have to put in perspective as well so when you're able to uncover that and an ability to inoculate so much of our
4:35 pm
cybersecurity against this type of malware, i think we have to take that into account as well. >> one team is a theme of collaboration, there are centers relatively new nsa and cyber command, cybersecurity collaboration center, there is something called dream force, could you tell the audience a little bit about what theul efforts are and what it's about? >> i think it's -- you asked previously what's changed in three years? and i came to the agency and command and 2018, one thing that was pointed out to me from a necessity to get the ideas outside of the agency and command into the agency and command so dream port as it for example, u.s. cyber, working in partnership with security institute, it is a place where
4:36 pm
we bring together both our developers and private sector to talk about our most pressing problems. if we talk about architectures from identity management or how is the best way to architect the networks of the future? done in an place like greenport where he walked inside the door and have a discussion, it's a little different and perhaps primitive headquarters or you are not going to be able to park your car just have a discussion that is the same idea that motivated us to think about the cyberspace collaboration center for nsa. he wanted a place we can brief bring private entity and people from academia and other partners have a conversation, whether in person or virtually to do this because again, if you think about cybersecurity and so much talent the work being done is
4:37 pm
being done in the privatenl sector, we don't have a monopoly on that. what we found is working at the cyberspace collaboration center, less than two years old, our focus is defense industrial base portion of critical infrastructure find tune to provide capabilities in the department of defense. we have over 100 partners from working with them day and night to do two things. first of all, get information but also share information. that is the invaluable piece having centers like this to have public-private partnerships. >> you referred to the ease of meeting with people, clearly driving your car and having a building and for folks on the outside nsa and cyber command feels like impenetrable classified environment. these centers have strides forward to have these
4:38 pm
discussions to my mind, it seems unimaginable even a few years ago with the challenges of breaking through a sense of secrecy at nsa facilitating something like this? >> i think what you're speaking of his culture. how do you change culture in terms of what is transpiring in the environment? it's a team effort, we were operating in cyberspace for a number of years that the government didn't have thet monopoly on great ideas and we saw so much being done on the private sector. we came to the realization quickly that if we are going to be effective being able to work with a series of partners, we had to have this capability. it's not easy, we had a lot of discussions but at the end of the day, i give credit to the leaders here at the agency and command to move to get a these things done and we have learned
4:39 pm
a lot. if you think about what is the private sector thinking of us that's an interesting question. one of the things i think theyel believe about us, there are a couple of valuable things. one, we bring the insight of foreign intelligence. the inside of foreign intelligence, that's the secret sauce cyberspace collaboration center. second, we bring huge talent whether or not on cyber talent or an o essay, being careful to talk to someone who has that level of expertise that looks at the department of art network or variations of malware, pretty powerful. the last thing, at the greater appreciation i think our focus on getting to an outcome is strong as anyone, anyplace,
4:40 pm
anywhere. >> i have a question from the audience a little related to what we are talking about, i'm going to read it to you. traditionally, intelligence community successes also mostly guarded so how do you approachgu this challenge figuring out how it can be when it succeeds in uncovering adversaries? similar how you think of the balance between the attribution space and being transparent with the public. >> i think that's an excellent question first of all. our agency has changed the past several years, first of all, i will tell you no doubt within anyone in the nation are fundamental commitment to civil liberties and privacy and fourth amendment is rock solid.
4:41 pm
we have oversight that we take extremely seriously. we need to be able to share, it does begin with the idea, is this going to have a positive impact on the security of the nation? that's where i begin with it. a number of different factors playing into, methods and what is it that might be the second best time to thinking about how much will this be theis bettermt of the nation? is an easy way to say that, much more complex process as it plays out. >> survey national cyber
4:42 pm
director serving as the director and other nsa in the ecosystem and newburgh as a deputy national security advisor tell us how it interacts with the national cyber director flux and other components? >> we are proud of chris and jen and and from was all worked with them for many years so for those positions in the leadership what we are doing in cyber space is great credit not only to them but also our agency and the work was done for many years. this could not have been a better choice in terms of the national cyber director based on the work of the commission we right now bringing together mane different players and how we defend the nation, cyberspace and thought process, order
4:43 pm
unique advantages each element of the government brings we have the department of defense clearly are closely working with both our role in national security agency and cyber command. chris has done a great job in the several months he's been in there to bring together players of how we do this as we look at the vulnerabilities our nation's take. she has both a responsibility for 16 sectors of critical infrastructure, and now with joint cyber collaborative development programming, a program she's put together and partnerships with the privatewi sector, it ties closely with cybersecurity director and beingng able to hae continual conversations with
4:44 pm
folks here, it's been incredibly powerful. i had another piece we didn't mention but it's important and that's the fbi. under the direction of chris, we worked closely with the fbi beginning really with the elections. the power of what they do and a series of different offices and being able to bring their talent and capabilities together and what we're doing, it's proven to be effective. >> thank you. i'm going to ask a little bit about this that you asked about but before i do, i could ask about this. i know you are involved in the cyber command and now you're at the head of cyber command, could you tell us about your cyber command for our audience? >> in the spring of 2009 and march, chris call out of my
4:45 pm
office and asked that i come to talk with him. little did i know in march 2009 when he was talking about was putting together an idea, became known as u.s. cyber command. between my self and tj quite a retired admiral and major general, who worked for about 13 months in particular the stuff that was and became cyber command. >> that's fantastic. it's a success and you get to live without success. could you tell us what this is at nsa, what is its role in why did you look to saint about. >> the national security agency
4:46 pm
has two missions, one is foreign intelligence and the other is cybersecurity. in 2018, one of the a things i came to the realization as we lost our way in cybersecurity and one of the things i wanted to do was reinvigorate myvi thought would be incredibly important mission for our agency in the future. the best way i knew how was to put one person in charge and the mission to make sure they are successful moving forward. in the fall, it's a leadershipct of and newburgh. as we move forward, there are two different elements the director responsible, one plus the prevention piece that gets back to making -- this is the encryption mission they've had for so many years and does so
4:47 pm
well. the other piece is a new piece, eradicate peace. people set eradicate people said eradicate? i suggest. we want to impact, the word eradicate was the second piece of what cybersecurity is e responsible for so how do we look at an adversary number of different friendships and capabilities and be able to get after them hopefully being able to eradicate that. >> be this is a quick time to relate a question from the audience, it's this eradicate question. what are cyber command doing to go after ransomware to help eradicate that. >> i think the first is generating insights. one thing we learned here
4:48 pm
particularly in elections security, you have to know the adversary better than the adversary sometimes knows themselves. where the actors? where they operating from? or other capabilities? the second piece, how do we bring more partners into was a difficult mission? again, if you're looking to have an impact on outcome against ransomware, you need partners beyond cyber command, how does the private sector brings this? how do we get dhs closely aligned with what we are doing and in collaboration so rapidly? what we have found is speed matters. speed and agility matters when you give adversaries like this so that's what we have focused on and i will tell you we continue to work extremely hard because as quickly as we are
4:49 pm
moving, adversaries are losing moving as well. >> that ties nicely into another question, then speed. unlike other military domains, it moves faster and you spoke about readiness earlier, could you speak about how the mindset needs to be adjusted and mobilization needs to happen when it comes to cybersecurity as opposed to other traditionalo military domains? >> let me give you a story here because i think the story is important to illustrate perhaps as the question is alluded to promote this idea of new thought. in the fall of 2020, we worked very closely with connecticutna national guard. in fact, the connecticut national guard was working with u.s. cyber command through capability we call cyber nine
4:50 pm
minor, unclassified capability to provide information back andd forth to both activities or threats you might be seen. identifying ransomware rapidly, they were rapidly able to bring us information to u.s. cyber command, then working in partnership and all credit to the connecticut national guard, able to obviate a threat to public school system and a significant portion of connecticut, this is the fall of 2020 as kids are getting ready to go back to school, for me, and 2018 when someone says what speed? i probably would not have thought things like that. speed is an example of cyber program where capability is so quickly able to identify working inbl partnership and capable people being able to address it. >> thank you. i will turn questions to the
4:51 pm
audience but first i want to return to the question of the workforce something we discussed earlier. what efforts are done to develop cyber workforce? are there things you think we could behi doing better from a government perspective? >> let me from the lower portion and work back. someone says explained to me about the ecosystem of talent management, the commanding agency, i would say something like this. we do a tremendous job being able to recruit people. we do not have a shortfall trying to find people who want to come work with us or for us. then we do equally good job in training these people. the second i would say, it's more difficult in terms of trying tof retain someone and i'll come back to that in a second but here is the area we
4:52 pm
are struggling with right now but i think we have to address, how do you allow them to retrain your? retain, rejoin. if you leave the government sector, if you leave and go to the private sector, coming back to work at our command, it's difficult not something that's easily done a long time. how do we do that more quickly? how do we encourage people who are not like me and spent three decades in the military but want to leave and perhaps at one time want to come back? i want them back and want them to come back rapidly and have all the insight of what they have done in the private sector to come back do what they want in our mission space. something we have to get after and i think we will do something that is a challenge. let me comeis back to the first part. what really matters r your? i heard bill mcraven recently
4:53 pm
talk about what's the greatest national security threat to the nation? you'd think he could name many things but he said k-12 education. interesting. i was thinking to myself, one o, the things we've worked very hard it is to develop cyber generation the national science foundation to across the country, be able to encourage young people science technology engineering and mathematics, a great place you want to be part of and opportunities are unlimited. it's this idea i think that this is the answer, we need to be able to encourage people that learning is coolil and the idean a place like cyber command or an hs or whatever it is, it's this population of the folks we need in the future, we see the
4:54 pm
numbers now, we are short 400,000 folks that could be working our sector in public and private. and this is one when we are interested in one way to help generate interest. >> well i have a ton of questions from the audience, we will post a few of them to you in the time we have. the first has to do with congress and big picture. are there things you would like to see from congress when it comes to cybersecurity? are husky with authority or others? i would just ask you, how do you view bipartisan issues dynamic when it comes to cybersecurity? really washington is a partisan polarized place, cybersecurity may be one area that lends itself to cooperation.
4:55 pm
>> in terms of policy, like cybr accepted service that allows us to hire peoplepl more rapidly, b welcome those, they have been beneficial to what we've done. in terms of cybersecurity, yes. there's no doubt, the issue everyone is focused on and everyone agrees it's a critical piece so in my role, i see it as being able to not only report from the perspective of leading national security agency but what we are doing about it in terms of command as u.s. cyber,
4:56 pm
a lot of interest on the hill and other places on cybersecurity. >> another question has to do with international roles without getting in to specifics norms, as an operational leader, do you think there are any rules in cyberspace when it comes to foreign threat actors or have we not set any guardrails are using operationally people willing to do almost anything else? >> i can speak from where i sit as commander in u.s. cyber command, we clearly have norms we abide by, obviously we abide by the laws and rules how we operate. one of the things we have certainly learned the past several years is persistentnt engagement, operating cyberspace, is an important way upon which adversaries
4:57 pm
understand what's truly important to us so i i think thv work we've done in securing elections is important. >> mentioned persistent engagement and another session about the defense department forward strategy, maybe you could explain that to be honest and that way t of thinking. >> in 2018, the department of defense released cybersecurity strategy and one of the elements was this idea of defined forward. how do we operate outside of the united states at the department to identify and counteract effect to ensure the thrust, perhaps they did not come to the homeland. from that idea operating outside the united statesd,, we are developed the idea of persistent engagement. persistent engagement two things, the ability to enable partners and also to add.
4:58 pm
enable partners, whether or not they are international partners or interagency partners, whether or not they are industry partners and the ability to act. sending four teams and disrupt the infrastructure of an attack by an adversary coming to the united states, that's the idea of persistent engagement and ensure we are operating within the construct of what the department said the mission. >> and q. another question is about deterrence generally and the question is getting your thoughts on the value in cyber space and how you think we are doing in terms of threat actors and even more than we are seeing in this a space.
4:59 pm
>> i begin with the topic of deterrence, deterrence in cyber space, they are different. obviously very unique things in their own right. i talkhi about the domain of cyberspace, we are still learning how we apply deterrenca and one thing secretary of defense talked about, how do we use a series of partners and domains, how we operate in a way thatat is different to impact adversaries? we've done that now in different operations. for us, one of the things i'veer learned operating in cyber space needs to be continuous, and operation that's always ongoing whether or not you operate through resuming its or to give greater insights, it's something
5:00 pm
you don't just stop and then in five weeks or months or two years decide you start operating again. it's a different domain in terms of what we need to do. >> thank you. i have a question about election security. ... as we were getting ready for the midterm elections, one of the things we had done is we looked back and said what are our adversaries doing in previous and what was the trade craft to be successful in what were their vulnerabilities? one of the realization we came to safely assist if we asked and
5:01 pm
20 team we need a strong partnership in the first partnership we neededbe was between nsa and cyber commanded nasa genesis of the group. again this idea of bringing together the mid-agency in the command under one leadership to be able to get after what was at the time we thought of very very , very very dangerous election on coming and we had success in the things we learned in 20188 was that we had success not because u.s. cyber command and the nsa were together but we have partners with the fbi and international partners. we were focused on one thread in 2018 so i think t the follow-on question is what changed in 2020? or partnerships got bigger. it was not only just nsa cyber command fbi says the rate was broader partnerships within the federal locall and state government in a partnership with academia being able to work with a series of gooder subject mattr
5:02 pm
to go after after the thread of the big thing is other bad actors that were operating in so again having that ability to work in partnership having that ability to understand the threat and the ability to act i thought was instrumental in every success we had. >> and a few questions related to the fema partnership and one has to do with the international partners and if you could speak to what have we learned from our international partnerships and where do you see that continuing?su >> certainly we learned a lot from the partnerships and whether or not it's a small group of partners or whether or not a broader partner like nato one of the first things that we learned is there is talent everywhere so when you go to a series of different countries whether in europe or in the pacificac the first lesson thate have learned is that it isn't
5:03 pm
just in the united states. the second thing is we really have a series of insights that we garner from our partners to work in specific parts of the world. we learned this in our counterterrorism effort against isis operating with different form partners they were seeing different variants of isis and it from parts of the world. that provided us an insider perspective they text do what we didn't have so again i think the cybersecurity piece was the second thing the understanding of the threat that we didn't have and then the third piece is the strength in numbers, tremendous strength in numbers so when you, are looking at an adversary whether or not it's impacting them or whether it'ser ransomware it's always better to have more than less partners with respect to the numbers
5:04 pm
here. >> thank you. they are several questions about the partnership in the private sector and maybe i will narrow down to one question which ise that there was one thing you could ask for from thefo private sector unless the cybersecurity issue with the government what would be the one thing you'd want to make sure a lot of lawyers and others would take away? >> they are tremendous partnerships that we need to develop with cyberspace collaboration center and jc d.c. and other major elements working in the private sector. this partnership is about reached organizations like that that's what will give the strength of this is where we will have an impact. this is where we want to be able to get the scope and scale in terms of our defense industrial base. thousands of members of the defense industrial base being able to get to the scope and
5:05 pm
scale and to be able to work with key partners that have the ability to touch so many. we want that same ability to make sure we feel the same way it jc d.c. so again the major partners being able to work with their subs and others on the critical pieces that get us to success here. >> having spoken with you and chris and jen over the last several weeks there's definitely in my mind a shift of schematic information sharing as well as more operationally oriented collaboration. you referred to the jc d.c. at dhs are some the collaboration happening is that a fair way to think about it? is that an effort among government partners to move forward for information sharing?
5:06 pm
>> i don't think we will information share way out of this today.. we have to think innovatively about how we are going to do it. one of things we might be able to provide whether or not being able to do scanning broadly against a series of different industry partners or whether or not others might be able to rapidly identify malware what is that we might be able to do in terms of w our services in order to be able to ensure they are not impacted? a >> yes are all services i thinkc we have seen other foreign partners and allies to that are more effective. i think that will move us from awareness to action and that's the key piece i think everyone wants. >> thank you. we are very thankful for your time and i want to pose one last question which is cybersecurity is often a lot of doom and gloom and while relieving reading the papers but from your perspective are you optimistic and what's
5:07 pm
the best possibility in your mind about having positives in the future in the cybersecurity fight?t? >> i am in optimist and they see a couple of things. first of all you talk about an inflection point earlier. i think there's adam election point not only for awareness that action is taking place and organizations with new leadership and a focus on being able to reach the private sector. we have had successes and election security and ransomware. these are good indicators that we move our where an is the action and im think action whie it has not been perhaps as robust as all of us would like it's a moment some that i find very heartening. >> e the last piece is when i
5:08 pm
leave the store and walk outside and walked back to my office i'm going to pass a number of different offices that people are committed and working on a friday afternoon just to be able to. get to success. that's the spirit of what's being done at nsa and cyber command and other places within our government so i'm an optimist and i look forward to the future. >> on that positive note given everything you have on your plate we can't thank you enough for taking your time to speak to the audience and a huge thank you to au and is there anything you'd like to same closing? >> rajesh thank you. this hasha been a great opportunity to have the discussion and certainly someone that i've worked with and are a tremendous amount of respect for many years but i would also tell you as we get ready to end cybersecurity awareness month with two more days before the
5:09 pm
end of the month cybersecurity awareness becomes cybersecurity action and a key piece is moving towards andd i look forward to having that discussion in the future and thank you very much. >> yankees sir and thanks to our audience. have a wonderful weekend. thank you.
5:10 pm
most people care about their community. how long this is the peak dashed committee supported because people want to get their news for you people say oh we lot not worth the dollar and that's how you sustain a democracy.
5:11 pm
>> there was this dramatic spike in it was unbelievable. we did the numbers the best we could. >> storm lake is the hottest spot in the country. >> it's a successful time and there's nothing you can do about it. they make it doesn't make a lot of sense to go and borrow money when we could just walk away from it now.
5:12 pm
the forgotten classic of presidential writing. the new authorized expanded division of the coolidge autobiography has just been published by isi books. editors amity shlaes and matt been hard quote the introduction is saying it is a great advantage to a president and a major source of safety to the country for him to know that he is not a great man. we asked amity shlaes to give us some background about the coolidge autobiography which was originally published in may of 1929, 92 years ago.
5:13 pm
>> please take your seats.


info Stream Only

Uploaded by TV Archive on