. >> he shut it down's but the problem was only a matter of months later he becomes omd director under the trump administration and completely reverses his opinion. i got into it with him in a budget committee hearing where i somehow made national news when i said the obvious that this budget is alive because the numbers in no way added up and yet here's a guy who was thsaying one thing about the importance of the debt a few months earlier and completely abandons that idea a matter of months later and i think that's peincredibly disturbing and it's part of what turns people off the politics, particularly part of what's turning young people off to the republican party of late based on them saying i don't always love mom or dad but whatever's going on in washington is so opposite of what they're trying to do with me that i'm out. the movement is whether it's working moms are young people, losing vital chunks to its team if you will based on people like jordan or mulvaney or others. saying one thing one moment and doing something completely opposite the next. >> we're back to the situatio

omd put out a zero trust strategy and we followed it up with a model that we issued and put it up for comment. what comments on -- we want comments on everything that we do and we want feedback because this is about community and there is a huge amount of experts out there. we did that and put out a cloud technical reference architecture. if there are two things we are saying is moved into the cloud and substantiate these principles that allow us to be better, safer, more secure throughout the full network, so a lot of work done there and a lot of expertise we are tapping into. a lot of this is being worked with our teammates at nift and new teammates at the national cyber director office. the other good thing in the order, it is all about software supply chains, right? we saw with solar winds, but that is not isolated. we have been looking at supply chain attacks, and even at morgan stanley we were very focused on securing the supply chain and ensuring all of our vendors were vetted and secure. we could spend $1 billion at a big bank, but we are only as secure as our weakest link, an

need to take that seriously and invest in cybersecurity and give some of those authorities between omd and mcd and make that more explicit. finally, we need to move from this compliance and box-checking to true operational risk management. i think instantiating all of that in fsma reform will be incredibly important and helpful for our role. finally, i do think the cyber incident notification legislation is incredibly important to establish our ability to receive reports and then share them agilely and rapidly with the rest of the community so we can raise the baseline on the cyber ecosystem. and i'm sure, as i progress in this job, i may have some more things to come back to you on, senator. >> in addition to your deep experience in the army, you've also worked in the financial services sector. how resilient and robust do you believe that sector's cybersecurity is, and what changes, either within the industry or at the regulatory level, need to be made to protect our markets from what could be a devastating cyberattack that could lead to a financial crisis or a significant economic da