 Welcome to DEF CON. All right. Can you guys believe what the hackers have been coming to the desert for 25 times now? Give yourselves round of applause for coming to the desert. 25 years. So I believe we're making history here. This is the first time sitting. Congressmen have been to officially, in an official capacity, as speakers at the largest hacker conference in the world. So that to me looks like some progress. We're going to do some introductions in a minute. First things first. We're going to do a little framing to explain why we were able to get these two distinguished public servants to our conference. So we've been coming here 25 years and we are not necessarily a single tribe. And a lot of the outside world thinks a hacker equals a criminal. And I think over the last few years we've been turned in that tide. And now they understand there's hacking is just a form of power. It's like magic. And we can use it for good, for ill, for any number of purposes. And one of the ways we've been trying to turn that tide is explaining why we do what we do. And we all have different motives. Not everybody in here is the same. But, you know, alliteration works. Short lists work. So we have these five P's. We basically say some people are protectors. They want to get stuff fixed. They want to make the world a safer place. Some people are puzzlers. Most of us got into this in the first place. We want to tinker. We want to take it apart. We want to put it back together. We're curious. Curiosity is our original motivation. Some of us do this because we want to win the white jacket or we want to be famous. We do it for prestige or for pride. And there's nothing wrong with that. It's allowing us to achieve great things. Some of us do this for profit or personal or professional gain. And we make a career out of it. And some of us do this for a protest. Or against some ideological cause that we care deeply about, ideally, within the bounds of the laws. So whether you're motivated by being a protector, a puzzler, a prestige, profit, or a protest, we're complicated individuals. But there's a reason you got into this in the first place. And there's a reason you stay in it. So for my part, I want to make the world a safer place. So I'm first and foremost a protector. Luckily, over the last several years, we've met several of you that feel the same. But you know, I also like hard problems, so I'm a bit of a puzzler as well. And we're going to ask these congressmen when during their intros, why did you get into public service in the first place? What's your motivation? Now, in the spirit of that, four years ago here at DEF CON, we launched Die in the Cavalry. This was the idea that could we be a voice of a reason, an ambassador, a translator? Should we bring DEF CON to D.C.? Should we try to be a voice of translating the things that we care about, specifically wherever there's issues of public safety in human life? The idea is could we shift from being a pointing finger at past failure to a helping hand towards future success? Could we stop celebrating failure and what's wrong with something? Could we look for what's right with something? And through that, we focused more on empathy and communication than we did on breaking things. And because of that, we've slowly, slowly made ourselves accessible to the public. And whether you guys knew this or not, over the last two years, there are 18 parts of the U.S. government who enthusiastically support and encourage the use of coordinated vulnerability disclosure. So not only is what you're doing not criminalized in all cases and we're slowly turning the tide on that with things like the digital money and Copyright Act exemptions, but they also see us as a vital resource in a teammate, if done right. So I think we're turning the tide and this is something I think that's worth a little bit of cheers for yourselves and for others. Now there's a long way to go. Last year was pretty hot for first-of-the-kind policy engagement on cyber security issues. Yes, I said cyber, but A, I did my friggin' shot. And B, this is the language they speak on the Hill and if we want to be effective when you're in front of them, you speak French, right? So we have to harmonize the way we speak about things. But in a legislative and executive branch alone we saw the Food and Drug Administration really tighten up things like medical advice, cyber safety. We saw the department of transportation do this. We saw commerce encourage disclosure and patching best practices. DHS, White House. And Congress themselves also asked almost presciently, they said we're concerned about cyber security risks in our healthcare, which is a sixth of our economy. So while we were all talking about information sharing in the CISA Act of 2015, they also asked for a one-year congressional task force. And in that, they wanted a diverse number of stakeholders to say how risky is connected medicine. And on June of this year, we published this. They actually made sure they wanted a voice of hackers. So I am the cavalry on a lot of the hacker community. You got to participate in this one-year long task force. We're going to say some stuff that's a little scary so we can ground this group and why we're having them here today. So of the many things we found, the punchline was that healthcare is in critical condition. And whether you can read this graphic or not, the five things on the front page of this report are essentially about 85% of our U.S. health delivery organizations lack a single qualified security person on staff. That should scare everybody. We're not a U.S. only problem. We talk with our international partners. Number two, we tend to be defending legacy XP or older in the clinical environment. So these things are well past their end of life and they're no longer supported. Number three, they tend to be over-connected to each other and reachable by the outside world. Which means that a single flaw and a single device can take out entire hospitals you saw with Hollywood Presbyterian last February. And moreover, the average device has over 1,000 known vulnerabilities. So put those together. Most of our hospitals lack a single one of you. You're defending harder to defend things. They're over-connected to each other and reachable by the outside world. A single flaw and a single device took out patient care at Hollywood Presbyterian hospital and the average device may give us 1,000 chances to do it. We've done amazing things over the last 25 years, but we need more of you to help us solve these wicked problems. In the sense of urgency as we were publishing this report back to Congress, WannaCry took out 65 hospitals in a single day in the UK. That was 20% of their national capacity. You know people died from degraded and delayed patient care. So I want to call out to the best of you as we reach out to the best of them. And in the spirit of that, I think we've proven the model can work over the last four years bringing DEFCON back to DC. In fact, some of us have actually quit our day jobs and moved into think tanks like the Atlantic Council and whatnot. And now we've brought part of DC here to DEFCON in a way that hasn't been done before and I am honored and humbled that we have two sitting members of our democratic process here. So please, I'll introduce them in a moment, but let's give it a huge round of applause for these two pioneers. We're gonna try to keep an eye on the hashtag and what not. DC to DEFCON First, Representative Jim Langevin he will give his own intro but I was really excited to work with him as the chair and founder, co-chair of the Cyber Caucus in the House of Representatives. And also Representative Herd of Texas who also a very strong and leading and informed voice on cybersecurity issues and I'll let them tell their origin stories, but please gentlemen weave in which of the motivations do you carry to public service? So, you first Representative Langevin. All right, well thank you very much Josh for the introduction, for the invitation to join you today and I want to thank both you and DEFCON and we also recognize BO and the Atlantic Council for everything you did to make our visit here possible and let me just say to the security researchers community thank you all for what you do and I know that collaboratively together we're gonna make a difference in this field and we're gonna make the internet much more secure than it is today and we're gonna do it together so I thank you for that I know it's a challenging environment for sure, a dynamic one but I find it really an amazing topic to work on I am thrilled to be here with my colleague Will Hurd, Will and I serve on the Homeland Security Committee together and let it be recognized here that I can tell you bipartisanship is not dead on the hill there are pockets of it that still exist and guys like Will and I hopefully are helping to set an example and helping to raise the bar so that you can show that by working together that's how we truly get things done so it's great to be here with my colleague so you can clap for that so just brief you a little bit about myself so I am congressman from the second district in Rhode Island I'm in my ninth term in congress and I sit on both the senior member of the House Armed Services Committee and a founding member and senior member of the Homeland Security Committee and all of that work I specialize in cybersecurity and the ranking member on the emerging threats and capability subcommittee on Armed Services and we have primary jurisdiction over NSA and U.S. Cyber Command and on the Homeland Security Committee I sit on the subcommittee on cybersecurity and infrastructure protection but I have to tell you I kind of fell into this world of being involved in cybersecurity when I was the chairman of the subcommittee on emerging threats cybersecurity and science and technology and originally I thought we were going to be focusing mainly on the emerging threats part of the responsibility which is to look at all the the most serious threats to the face of the country such as chemical, biological, radiological and nuclear threats to America and our allies and then one day my staff director came in to me on the subcommittee and said boss you've got to get a briefing on this thing called the Aurora threat found discovered by two researchers at Idaho National Labs where they found a vulnerability into a critical infrastructure through a skater attack and hence everyone now knows that as the Aurora threat but I was riveted by the video that showed how a generator operating normally all of a sudden because of a malicious code that was remotely inserted caused this generator to spin up out of control and then basically shake itself apart and that was just a small example of what could happen to to our electric grid and potentially shutting down a whole portion of our country's electric grid if very successful widespread skater attack wherever to be carried out so that is how my interest in cyber began and just to close out from there we were asked Mike McCall and I my co-founder and co-chair of the cybersecurity caucus Mike now chairs the full Homeland Security Committee but he's been a great again bipartisan partner in this effort to enhance our cybersecurity he and I were asked to be co-chairs of a national commission the CSIS commission on cybersecurity for the 44th presidency which became the foundational document for President Obama as he charted the nation's cybersecurity blueprint and plan going forward and then we also you know co-founded the cybersecurity caucus and when we originally started this field I have to tell you we got a lot of funny looks Mike and I we felt like kind of lone voices in the wilderness and people did not understand what we were so worked up about they get it now times have certainly changed but we still have a lot of work to do clearly the way the awareness has been raised but now we've got to continue to work together to close the vulnerabilities so that is just briefly probably went on too long sorry but that's my introduction to the cybersecurity challenges the nation faces and we've continued work in progress but I've been really gratified to know that there are people like you in the security research community who are doing important work discovering vulnerabilities and I'm hoping that we continue to forge stronger partnerships to help to do something about it when we find those vulnerabilities and as I said I know that we're going to be able to do this together Will's been a great partner in this effort and I'm pleased to again share the stage with him but I want to thank you for your invitation and it's not going to be with you today, thank you Which P are you Jim? Put the list back up I'm the one that fixes things It's definitely not prestige right? Yeah When you have a 9% job approval rating That's not prestige Anyways Not us individually back home obviously but as a body as a body Am I too far away from this? How do we get that echo out? Anyone? Pull it back This way Again Thanks for having us here This is my second time to DEF CON and I always take a lot away from the interactions that we have especially on the sidelines of many of these events and I appreciate the Atlantic Council for making this happen and getting us I'm out here to Las Vegas Let me see a show of hands if this is your first DEF CON Wow A lot of noobs How many has been here over 5 years? Over 10 We got any of the originals? No, no originals What, DT ain't here? DT didn't want to come They're all in duty You just came here because you drank too much Last night you need someone cold to hang out? Anyone? Okay, I appreciate that I appreciate the honesty I'm from San Antonio, born and raised A lot of San There you go When I was in high school I had the opportunity to take an internship at the Southwest Research Institute I had a female engineer that exposed me Female engineers exposed me to robotics and is the reason that I first got interested in computer science and I studied it at Texas A&M and yeah, whoop, giga maggies it's our year, it's our year I'll watch out Alabama and so also if you need a Turbo Pascal or Fortran Programmer let me know I still know a few things and I I had the opportunity when I graduated I went into the CIA I was a case officer I did two years in Washington DC at what I used to call the Super Secret CIA training facility called The Farm now it's on Google Maps and two years in India, two years in Pakistan two years in New York City, a year and a half in Afghanistan where I managed all of our undercover operations so I was the dude in the back alleys at four o'clock in the morning collecting intelligence on threats to our homeland and I also had a brief member of Congress had I met a guy like Jim I probably would have stayed in the CIA I unfortunately had not been exposed to Jim and Mike McCall and Ted Lu from California folks that really understand the issues that they're talking about and so I was frustrated with the caliber of our elected officials and so I ran for Congress in 2010 and I lost um why does that always get a laugh? I still don't understand that um and I lost a runoff by 700 votes and it's not a lot of votes it's even worse after you've been to the grocery store for the two months afterwards when people came up to the House of Campaign and um like I lost they're like oh shucks we forgot to to vote you know I literally ran into 740 people uh like that um but it gave me an opportunity to work for a company called Crumpton Group boutique consulting firm and I helped Matt DeVoe with and build Fusion X and so if you don't like anything that I do see Matt DeVoe um he everything I've learned in this about this industry I've learned from I've learned from DeVoe he's been a good friend and so understanding penetration testing technical vulnerability assessment things like that understanding the talent that's outside of the government um understanding the threat that individuals and companies are faced it was a great experience and to be able to leverage that when I got in Congress and so 14 I ran again um nobody everybody thought I was crazy uh nobody thought the black dude would win in a Hispanic district I represent a 71% Hispanic district and it's been an opportunity to work on issues like cyber security and that means in Washington DC it actually means information sharing um we should have passed the Cyber Security Act of 2015 10 years ago um but we finally we finally got something done um we look focused on privacy and you know I said yes I don't know which crypto war we're on right now um but we should be strengthening encryption not weakening it um our civil liberties are not burdens they are the things that make our country great and we we can chase bad guys we can defend our digital infrastructure and we can protect our civil liberties all at the same time it's hard and one of the things that I have to that that Jim and I have to do when we educate our colleagues is to let them know that um guess what we really know such thing as an impenetrable device you know come out to DEF CON if you don't believe us and so we have to get to a point where we can do security and protect privacy at the same time and this conversation is to go back and forth right this is always the topic of backdoors and encryption is always going to be out there and you're going to have to continue to fight those um fight that back and having the support of folks like y'all is really important to do that and I will say everybody knows now what OPM stands for right uh as Lindsey Graham says mucho bad you know um it's that brought a consciousness to this issue that everybody understands the importance of educating our digital infrastructure and our colleagues understand that but they don't always necessarily understand the nuance and that's why you know we try to educate that's why having y'all is important you know many of our colleagues um think that direct messaging on twitter is the dark web you know um it's like well no it's a little more complicated than that um but there is a topic and so um I always get nervous when someone says oh I'm an expert on anything let alone cybersecurity especially being in a room with folks like y'all but coming out here helps you know prevent our knowledge base from getting stale so I appreciate y'all have been everybody's been super nice to both of us I think everybody's a little worried that we might have gotten attacked or something um but it really is it really y'all have welcomed us with open arms and your willingness to help us understand the big issues and the small issues and I'm looking forward to talking more about some of those big strategy things that we have to get right before we're able to do some of the some of the small things so thank y'all. Alright your friendly reminder I put out a twitter poll it's got probably 20 minutes left maybe 10 on which topics I should prioritize amongst Marai, Botnets WannaCry, Hitting Hospitals Power Impacts or Wasanar Export Controls that may affect our ability to do our jobs internationally so please vote I'm going to keep an eye on it for one of our last questions so um yesterday we had a pretty full lineup these guys are very robust in their ability to take in information we had a lot of briefings yesterday we took them on a walking tour of many of the villages down stairs we saw what auto hacking village, lockpick village IOT, industrial controls the voting machine hacking the kids, roots hackers so um I know you're both pretty savvy on cybersecurity but what really stood out what was your biggest surprise and what kind of things might you be able to act upon when you get back to DC if you want to continue this cooperation what was I the things that I was surprised by is the voting machines and the fact that what all 24 got dismantled in less than six hours that is a huge problem we have to ensure that the American people can trust their vote tabulating process and now the machine is just one step in that process but I think the work that has been done out here is important educating the secretaries of state all across the country as well as the election administrators the people that are tasked with doing this and a lot of times you know I have a county that's the second least populated county in the United States of America 95 people in the entire county I've met 72 of them and and they don't have a cybersecurity professional to help them manage that process and so figuring out how the states and these election commissioners election administrators understand the risk and vulnerabilities is important so that was important things that we can take away I'm interested in doing a hearing on the five points the five points when it comes to connected cars it is an area that I think we have to have a little bit more conversation around because I want to ensure that we don't create overly burdensome regulatory environment around some of these issues and I think connected cars is the subsection of IOT that most members can get their heads around but it's such a broader conversation and how do we prevent I don't want the government to get in the way I want the government to be able to facilitate and to allow entrepreneurship to grow but we all know we have to bake in security let's not make the same mistakes that we've made in the creation of the internet let's not make those same mistakes when it comes to IOT and those are and learning about TLS 1.3 and y'all's opinion on that y'all's opinion on what is the future of quantum computing and how quickly is that going to get here on some kind of commercial scale and how do you defend against quantum computing these conversations are going to lead me to hold hearings on many of these topics in the subcommittee that I chair excellent, thank you so the thing that surprised me the most so when I, well you know many of you have seen me riding around and I used an I-Bot wheelchair to get around and I can pop it up on two wheels same inventor as a Segway scooter Dean came on a brilliant inventor the thing that surprised me the most is that when I went into the car hacking room of my system and started driving me around so I did wonder if it was going to happen and it actually it's a sophisticated piece of technology I don't pretend to understand all the magic but I know it has six gyroscopes that keep it balanced and I did put it down on four wheels just in case but it all he's here for four more hours by the way so I think I suppose it surprised me the most that didn't happen but it's a good thing but I have to say that I too was a surprised and though not shocked by the election voting systems and how easily those systems could be compromised and hacked I knew that they were the electronic voting systems are potentially vulnerable and certainly I've heard the reports how easy it was was an eye-opener so I was a former secretary of state as well and before that I served for six years in the Rhode Island General Assembly as a state rep and I actually chaired a special legislative commission on purchasing the voting equipment and the one thing although I love technology and I was impressed by the the DRE equipment, the touch screen I could never get past the fear the concern that what happened if everything went south and the data was lost how do you ever recreate that election or prove to verify how people voted is actually how the vote turned out and so we consequently wind up recommending to this to the legislature that when we choose to vote equipment that it should be optical scan so you can have the best of the old and the new technology but you have to have the paper ballot as the ultimate audit trail so that's what we wound up doing and I was able to to get new optical scan voting equipment of the state when I became secretary of state but to see go in the room and talk to the professors and the researchers who set up the room and who set up the the challenge and to hear how easily the systems were compromised was certainly disturbing and an eye opener and certainly gives me pause as we go back to DC now and I'm part of a task force to look at at elections and this is certainly going to be a primary topic of conversation. The other thing I'll just say and finally the one thing that really impressed me is how the hacker community wants to be proactive both identifying and closing vulnerabilities in our cyber ecosystem so I look forward to those growing those opportunities and making sure that we have a way to have a vulnerability disclosure process at each of the government agencies I think it's something that's long overdue and that's something that I hope to work with you all on. On that last point Jim and I want to add I told the story yesterday some reporter asked me are you out here to get all these hackers civically engaged and I was like what are you talking about they already are and the feedback and what shall I do for society is incredibly important and we got to make sure that we can continue to build upon that relationship so I think we want to try to come back as often as we can and we'd love to see you all up in DC as well. So I knew yesterday we had them in a small room for two hours of completely unvetted questions and exchanges it was amazing it was magical I wish we had two hours now we're at about the T-minus 15 minutes mark. Really quickly what's an example we want examples of positive and negative or effective proactive or reactive forms of engagement for the hacker community and I remember over lunch you were talking about a good example of the risk of Vasanar can you quickly explain an example of how hackers helped you do your job and preserve US interest? Sure so this is something that I tackled pretty aggressively with my team once that we became aware of the problem and again it was the research community, the tech community that came to me and made us aware of what was I'm sure done with good intentions missed the mark Vasanar trying to use a Cold War legacy agreement to prevent duals technologies from falling into the wrong hands when you try to apply that to software and to prevention of transferring intrusion control software that it missed the mark it didn't work and here you had the Department of Commerce that was charged with promulgating the rules and regulations of how it's going to work during the common period the research community really stepped up the tech community really stepped up and made robust comments and I can tell you I took those comments and these challenges and stuff that you brought to me and with 124 of my colleagues was able to organize a letter to the Obama administration to really ask them to change course of these controls that now we're making some progress and getting those controls clarified but it wouldn't have happened without the engagement of the technology community I just want to underscore never underestimate the value that you bring to the table in advising policy makers about what's going to work and what's not going to work and do to change course to close vulnerabilities there are 435 members of Congress in the House 100 members of the United States Senate we all have varied interests we all have things we say specializing and you have a small group of us myself and Will and Mike McCall Dutch Ruppersberger we have Mac Thornberry that really gets cyber and we've made it a primary focus of what we do and then you've got the next level down of members who recognize it's important but it's not maybe per se their thing but they want to know more about it they want to be up to speed on it and then you have a significant number that it's not their thing maybe it's never going to be their thing but they still need good advice and people coming forward to advise them in their staff so I just wanted to close by saying never underestimate the value that you can bring to the table in helping to educate members and staff about what the best policies are and what's going to work and what's not going to work and again never assume that we're that we know all the thousands of bills that are introduced in Congress each year it's not possible so if you hear something or you become aware of a bill or idea we know about be proactive about it and engage and I just in closing I just ask you just rhetorically how many of you have ever made an appointment with your member of Congress or their staff or written email or made a phone call I would just ask you to be proactive because you can't have an impact and we want you to be engaged thank you an important point in that story as well is that the process around this worked the feedback that commerce was getting instigated some congressional hearings that we focus and one of your own ended up going into the negotiating room in Europe to try to fix this multilateral agreement and so I think this is a great example of how the right engagement of really smart people fix a problem now we're not completely there yet because we haven't signed the new agreement but I think we're going to try to sort that out in December so it's an example of how the wheels of the process worked let's hear it for Katie Missouri because she was the one that helped Katie Mo okay I want a picture when you walk in with all these stuffy diplomats and your pink hair and make sure you get that picture next time now that wasn't a good you know Karen Elizari says that hackers are the immune system of the internet we're the so we flocked to a dangerous threat to the way we do our jobs and security in this particular case but on some of these we want to get in front of them so for our part where we it looks like the Twitter poll was a pretty tight race here the winner was concerns over our power utilities infrastructure so in the US and other countries these are designated critical infrastructure and are very very important but they're often privately owned and operated and often quite exposed it's a pretty close vote with also Mariah's effect on taking out the internet for a day these low cost low hygiene devices there's so many of them now with the internet of everything and then also the Wanakrai type possible outages where it's just too easy for these things we tend to summarize these at the Atlanta council that our over dependence on undependable things is exposing us to accidents and adversaries that could be a national security level event instead of us flocking to maybe go you know stop bad vasinar what's what are the appropriate mechanisms or most effective mechanisms for us to proactively engage with members with their staffs with committees it's a bit of a confusing and nebulous thing for us if you could give us some succinct advice of where to get started or what's worked to date for us bringing topics so that we don't wait for hospital outages so I would go back to what I touched on just a few minutes ago don't wait till something comes to your attention to start engaging with your members of commerce and staff introduce yourselves ahead of time get to know let them get to know you and develop a report open up a dialogue so that you're very established that report that trust if you will and so when something comes to your attention that is serious and needs to get their attention right away you already have a point of contact you don't have to go searching for who that person is that you just went through there is a lack of a proper strategy on how to deal with it and so let's start with let's start with doing something to industrial controls within the utility group so it was three years ago two years ago this was no longer a philosophical exercise the Russians did it in the Ukraine if you look at the UN the UN says there's certain things that are an act of war it is fooling with somebody's grid is an act of war according to the UN what was the response to the Russians when they did that nothing the sanctions that were put in and the sanctions that we just strengthened in the house this week was not because of that and so if you don't articulate what a response is going to be to a certain red line that's a form of deterrent and so what should an actual response be in that case and there's all kinds of conversations around it but there's not an accepted policy at the NSC that would ultimately drive this now folks in Congress we can be shining light on this and talk through these issues it's the homeland security committee it's the which we're on it's the oversight and government reform committee where I chair a subcommittee there it's energy and commerce and it's also science and technology but homeland and OGR are two of the ones that do the bulk of some of this of some of this work and so it's important to educate us the individual members of Congress but we also need y'all sitting down with some of the staff that populate these committees sitting down with GAO GAO is basically the inspector general of the entire government and then every department has IGs as well but these are the folks that are looking at kind of the holes in policy the holes in in tactics techniques and procedures when it comes to defending digital infrastructure so that we need to help we need to be talking about what's the strategy so then we can start talking about the tactics and how we should be responding to what and this is another problem when it comes along with disinformation the Russians are trying to erode trust in our institutions period end of story how do we deal we do not have a counter covert influence strategy and many of y'all in this room can help and have dealt and have operated in some of these communities that we could be leveraging intelligence from and talking about so we don't have a strategy there so that's something that I'm concerned with because guess what we're going to see this in 2018 and it's not just the Russians we know other nation states have tried to do this and based on what was demonstrated in the last 48 hours we got to tighten up some of these voting machines as well so all of this stuff is connected and nobody has the right answer but talking to folks that live and breathe this is important so committee staff is important the legislative director wherever y'all live you're a member of congress you should know the district director you should know the legislative director for your member those are two people that drive the policies of those offices and who on their staff is the point person that deals with the research community issues in particular and I just want to say something else just to underscore what Will had said what the Russians did was outrageous and they are going to keep doing it particularly if they're not hit hard enough if they don't get stronger of sanctions or the messages clear enough that we're not going to tolerate that kind of interference and undermining our pose of our democracy and we have to look at this holistically and say that as a nation state we have a whole suite of options that we can draw from to retaliate to make the point that we're not going to accept that kind of interference with our elections and we need to make it very clear going forward alright we're reaching the end here boy I wish we had three hours for this so as we face these challenges they're not going to slow down I think while we were here one of the victims of not petia it was Merck in the pharmaceutical industry admitted that material impact on the production of several of their drugs this is designated critical infrastructure unrestrained time remunitions got outside its intended target and affected US critical infrastructure these are the types of companies that make our pandemic vaccines and shots in case we have a national emergency so as I look across this room I see a lot of raw talent and I know in general we're loathed to regulate we're loathed to work with government we in general like the come as you are do as you please type zeitgeist I know a lot of the things we see come on the news or on the hill might have some rough edges as things get very very real and as the consequences of failure get very very high I really encourage you to see that you're outreaching a hand and trying and when they publish something or they ask a question and look for what's right in it and cultivate that we're really really good at what's wrong with something but I think we're at the stage now where we have to make that outstretched hand and go that extra mile and meet in the middle if we're going to rise to meet these challenges together so I see what we've done here maybe as a coal or a little ember a little bit of heat and light we can either snuff it out or we can foster it and grow it into a real vibrant collaboration here we have now brought DC defcon I'm trying to make it happen so we can bring more of defcon at DC perhaps we could turn this into a regular thing maybe a cyber caucus in the summer here maybe a cyber caucus in DC around schmuckon just saying but if you like this when we said four years ago the cavalry isn't coming it meant it fell to you it wasn't to be depressed it falls to you so if we see something missing in the world we got to put it there I hope this is I respect and admire every single person in this room I respect and admire our colleagues in DC this has got to be the beginning we've been amazing for 25 years who are we going to be for the next 25 thank you