 This panel is entitled how do we defend ourselves against the cyberwarriors of the future? So in your programs that listed Lieutenant General Bob Schmidle as the moderator, but he was unable to join us today So Peter Singer our colleague is going to play the role of both moderator and panelist Saul introduced Peter Peter is Recently hired as a professor of practice at Arizona State University also a strategist and senior fellow at New America He's been named by the Smithsonian as one of the nation's hundred leading innovators by defense news is one of the hundred most influential people Regarding defense issues and by foreign policy. He's on the hundred global thinkers list He is the author of many books that that you may know Corporate warriors the rise of the privatized military industry Children at war wired for war the robotics revolution and conflict in the 21st century Cyber security and cyber war what everyone needs to know as well as ghost fleet which is a novel and most recently his book like war Which deals with social media and its relationship to war and on conflict Thank you Dan for the Kind introduction and also putting me in this this kind of awkward role. We were joking earlier. It's a little bit like trying to be a lawyer and representing yourself or you know and so Not a great decision to do but we're gonna work with it. Fortunately, we've got some fantastic panelists to join me up here With a really great array of experiences just the quick highlights. We've got lieutenant colonel Natalie Veneta who National cyber protection team leader with us army deputy chief of research army cyber Institute And then the particular issue I think it applies here is technical director to joint task force Aries, which if you're not familiar with it was the anti-ISIS Operation online and then we've got Donald bray director of cyber initiatives at global training solutions with Raytheon Colonel us army retired and again I think one of the most relevant highlights is that he was the first commander of the US Army cyber protection Brigade So I'd like to kick us off with a question What's changing in the threat landscape? What will be the same what will be different when you're looking at cyber threats moving out to the year 2030? And we're just gonna go far side. So let's start with your car Excellent. So what's changing? I think as many people have already talked about today is this growth of a constellation of technologies Whether that's IOT artificial intelligence smart cities robotics Our research shows us that the attack plane is just gonna widen and in fact I think the conversation by 2030 is not necessarily gonna be well red versus blue Attacker versus defender It's gonna be about all the gray space the gray space that neither of them owns and that neither and that both need To be able to be successful and we're gonna be talking about the battles that are fought and won in that gray space But I think what's most important for us to consider is not what's gonna change But what's gonna stay the same and that is that the user or the human will remain our greatest vulnerability Right and I will say that is each and every one of our faults And I mean that from a scientist and a researcher perspective Those of us that develop the next generation that next cool piece of software or that next amazing hardware That's gonna change the world that race to be first to market to get the credit for doing that really cool thing and changing the World and we design for efficiency and effectiveness and then when that gets misused or that gets changed by our attackers We blame the user that user behavior. How dare they they shouldn't do that if they just didn't do that If they just didn't plug that in if they just didn't click on that link It would have been okay it is the user's fault and that is our problem because we're not designing with the human at the heart of Technology and that's what we must start to do because if we continue to do that at best We are irresponsible But at worst this is truly a flagrant foul and we should be red carded for our dangerous activities So I absolutely agree with Natalie first of the address was not going to change so cyber Criminal activity will remain the same obviously as long as there's a material gain a monetary gain We'll continue to see this furious activities on the network Additionally, I don't see any change in the death of intellectual property any time soon I adversaries see intellectual property as a way to Circumvent years of research and development as well as investments so they can level the playing field or even leap ahead in terms of technology Where I see significant changes coming forward is really our tax in the cloud we're leveraging the cloud more and more and moving more of our resources to the cloud and Cyber attacks tend to migrate to the most lucrative targets And so I can see that cloud security would be even more important come in in the near future and and thereafter Additionally, I could see more tax at the edge on the Internet of Things devices which are growing at a Huge rate in national levels on private level and commercial level And so they'll attack these devices Internet of Things devices as well as mobile I just see it being standard in 10 years for our mobile devices to come with antivirus and intrusion detection systems as Part of their basis software package loads to ensure that we can protect all our information Where is it tethered or mobile in the future? So I'd add to that in terms of what's staying the same is I the threats being hybrid a word that's gotten a lot of Use and we've talked about it in terms of state and non-state actors coming together. So if you think about Russian operation Russian government-sponsored operations, but utilizing criminal networks or the flip side would be North Korea state actors going after private networks, but I think we're all in moving forward We're gonna see more hybridization in different forms. So there's hybridization in terms of what we saw Starting in 2016 election, but moving forward the combination of classic This is a space where you can say classic oddly now or traditional cyber security threats Hacking into a network versus what I call the like war side hacking the people on the network So if you think about what made the operations in 2016 targeting the US election, it was breaking in stealing email But then it was distributing the information. So more hybridization of that type another increase of hybridization and you touched on this with the IOT as the internet becomes More and more about communication between devices rather than communication between people we will see more hybridization of digital and Kinetic Stuxnet style attacks. So I'm not merely stealing information from IOT I'm using it to cause physical change in the world physical damage shutdowns and the like and But the final area That we haven't seen a lot of but I think we're going to see more is the hybridization of what is real and what is fake This of course has gotten a lot of discussion around artificial intelligence and the idea of deep fakes Using AI to create hyper realistic imagery that it's hard for people to figure out So I think we're gonna see more of those style attacks moving forward. We've already seen little proto versions of it going after for example Activists gun control activists and like I think we'll see more kind of use in war Another way of putting as I was part of a do an interview recently of a fun little project of how would you take down a major American city using cyber means and There was you know the the idea of infrastructure power grid But it was also we were tossing in ideas of you would have a prominent celebrities Twitter account get hacked and then they would distribute false imagery of something going on in that city And it would cause much the same effect So you don't even have to conduct the hack if you created the terrorism side of it So let's move on to the next question If that is in terms of the threat environment, how will our defenses? How will our own organizations evolve between now and then and you can think about that as everything from What will cyber command look like in 2030 to how will businesses? Organize themselves in different ways in 2030. You can go first. Sure. I start there. So In terms of evolution, I see that I'm from a defensive perspective We have a vulnerability approach in terms of the way we defend an effort today I could see us involved into a more threat-focused approach You kind of need both but I can see the weight being more towards the threat focus For example, if the problem is protecting auto theft a vulnerability approach to that may be installing cameras Which we would call a mitigation or going to make sure that all the doors are locked Which would be a fix but if you take a threat focus approach to the same problem Then you would learn all aspects of car theft, right? You will learn who it is what it emotes What are they doing with the cars and most importantly what are the TTPs they're using what techniques are they using if you take that approach Then you'll be able to align their appropriate mitigation and actions to be the most effective in the environment Organizationally, I can see us moving towards more purpose-based cyber teams Largely today our cyber security workforce is trained individually on skills and then grouped together to apply against a particular mission I'd see more of that training being hands-on and an organization to have purpose-built organized cyber teams Based on the different threat areas we're trying to focus on Will we have the workforce in 2030 in terms of both just Bodies we know we have a labor gap in the field Some put it, you know moving forward over a million and will we have the skill set to have those kind of teams come together We have to work on the skill set and we have significant number of Activities going on that's going to help in that arena. There is a predicted cyber security workforce shortfall I think some of which can be closed with AI some of it can also be closed by getting more Females participating in that particular career field and I think both those efforts are growing will help us get there As time progress and we learn how to provide More realistic as well as innovative training I think we'll be able to bring and increase that number of the workforce and close the gap pretty rapidly So how to predict what cyber command will look like in 2030 or I'll say any any military organization I would say well as terrain changes and as we already talked about this threat landscape is going to change then the terrain We operate on is going to change so therefore the organization has to change with it and the skill sets that we need Looking for agile adaptive folks to be part of the the mix, but it's really going to come down a partnership Cyber command doesn't do what it does all alone and unafraid on a network like we don't own any networks Let's start there right so it's always been about the partnership And I think you'll see over the next decade is making stronger and smart stronger Partnerships not only across to the military and DOD, but across all of it The whole of government approach and with partnerships with public and private industry because that's the only way that it's going to work I will say it's it's got the hard mission of trying to figure out from an HR perspective as we briefly alluded to the training or Workforce shortfall is finding that right person in the right place in the right work role to be applied at the appropriate time So that way we can achieve mission success And I think that's something we struggled not only in DOD, but in the larger larger society is trying to figure that out in this space So I'll add in two things one is an organization that I Hope we would have but we don't have right now, but that I'd hope we'd have in 2030 Is the idea of a civilian cyber security core? Essentially, we have active duty. We have reserves. We have private sector. We don't have anything in the middle The way we do in other domains for example in the maritime domain. We have the Coast Guard auxiliary in the Air domain we have the civil air patrol entities that are ways to pull in civilians to help out and everything from training Wargaming emergency response you name it and I use these examples Showing how we have the legal structure to do it in the United States We just haven't created something like that in cyber security Estonia has a version of this called the cyber defense league I'd love us to have something like that which would be a way of going after some of these gaps To be a little bit more provocative in 2030 I would much rather us have a Cyber force as a new service than the absurdity of a space force If you're thinking about as an entire new service if you are going to create one that builds on everything from having a unique Role operational missing very different culture Why would you do a space version before you would do a cyber version given that the cyber one's already operational? So I'd rather us be having a debate on that Rather than a space force That's me saying it so that you're not put in a thank you I appreciate that but to pull on that thread for a second about you know It's the civilian workforce coming in like I think one of the most difficult things We have as a military vice in the business world is that I recruit kids that are 18 That's what I'm looking for and if someone decides instead to start their life out in industry and does amazing things And then they want to give back to their country and they just want to come on sabbatical for a couple years But they're 35. I say no, thank you You might be the world's genius, but you can't join me Because your age matters and I think if we could somehow Relook the talent management perspective and the HR perspective to allow people to come in and out of the military Right, so maybe you're 18 and you want to join the military and we'll give you some training You'll learn some skills and then you want to go out in industry or you want to go to academia But you want to come back in there should be a path to let you back in I mean all for joining the National Guard and reserves and that's an amazing decision And those are very important aspects of the military But I want to bring you back on active duty for a few years And where can how can I bring you back in the structure and allow you to come in and out? And not have this traditional you have to come in at 18 or 21 and you will serve 20 years And then you can retire and then you can have your second career How do we change it so that you can come in and out and have multiple careers along the same path and what I hope For is a mechanism that's not just measured in years how you're it's that I need people for three weeks because City government of Atlanta is under a ransomware attack, so I don't need them to join the army for a year I just need that skill set for three weeks people to volunteer But you know our security vetted and the like this actually leads to and I'm gonna because this is in your space completely In terms of your professional role How do we what is what is the type of training needs? Right now For this scenario of 2030 what that 18 year old What should they be trained up on so that they are the best cyber warrior for the United States circa 2030? So there's a number of skill sets but first let's talk about the training environment So not join the army 35 years ago I was required to take individual marksmanship skill training So I learned my individual weapons and I went to the range and qualified annually So we need something similar to that in cyber right? We have to have an environment where the cyber professionals and workforce in and outside of DOD Can train on their particular skills now? DoD is making efforts in that space in terms of developing the persisted cyber training environment Which should be in its initial operating capabilities in the next 12 months, right? But we need to expand it beyond that right we have to have a realistic place for that workforce to train From the skill sets we absolutely have to be able to move from just situational awareness to Striving to situation understanding we have to understand the environment So we need skills that help us do that in terms of data analytics And we also need software development agile software developers as well as cyber analysts who can look at Mauer analysis packet analysis net analysis thread analysis all of those help you understand your environment And only then can you take appropriate action you can take action in the absence of that But it wouldn't be as effective as you truly understood the landscape So absolutely yes, and so I was working in a recent problem space on a problem And I almost had to go back to my middle school skills And by that I mean I first learned computer programming learning for Tran and cobalt in middle school And I won't say the system that I was operating on to do a hunt Actually had those on it, but it was darn close And what I realized at that point is there is no way to figure out what I need to train someone in 2030 to be able to do because each and every mission I go on today is let alone a completely different skill set a different Technology a different language a different something on it So to have this checklist of five thousand things everyone needs to be good at for the next mission to be prepared It's never gonna happen So I would say what is important is having a workforce with a strong Educational foundation so that they can be able to adapt to find people that are inquisitive and to cherish that inquisitiveness To look for creative and critical thinking and problem-solvers the folks that see a challenge and jump for it and that are continuous Learners continuous training is very important But that are continuous learners along the way And I said that is what the workforce has got to be for us to be able to get to what this panel is talking about How do we defeat our cyber adversaries in the year 2030 and this is not a new thing, right? So if we think back in history Poland in the interwar period was stuck between a rock and a hard place of two countries that they were not gonna be able to Go toe-to-toe against from a military perspective. They had to outthink their adversary So when enigma was there is the greatest thing than mathematics Case in point. I'm a mathematician, so I get excited about math, right? So like you had enigma with this amazing math that was put into an electrical mechanical device and they're like This is the be all end all no one will break this tech It is the thing and what Poland realizes that they had to and they had to do it by out thinking and outsmarting And so the Polish Cipher Bureau brought together mathematicians and Grandchastmasters and puzzle silvers and said figure out how we outthink this figure out how we outsmart this Because the consequence if they couldn't would have been devastating a loss of their way of life their culture their country their families And so they had this impetus to outthink and outsmart their adversary And I think that's a long reason why the allies won and we have our freedoms We have today and so well, I would never hope we would get to that point I will just say in 2030. We don't need a million person cyber army that's well trained I need the freedom to be able to outthink the adversary instead And to follow on with that so I think it's absolutely critical that we train on some skills But it's hard to predict what they are So it's really important to have that adapting environment is available all the time All right And so it's not evolutionary to train a workforce in any industry But it would be revolutionary to have a persistent environment That's accessible any time any place in the world that our cyber workforce can go in there and train on whatever The latest skills are so that environment has to be agile enough to keep pace with the changes Because the cyber environment constantly changes so be hard to say what those skillsets would be But you lay out the ecosystem and infrastructure and make it agile then you position yourself to be better Prepared for 2030 so I'm gonna do what panelists often do to moderators at moderators hate But I'm doing it to myself Which is I'm gonna kind of answer the question but take it in a different direction Which is what I'd love to see is we've you've made great points about the cyber workforce is a reframing of this issue across whole of society whether it is more traditional cyber skillsets if we're speaking about a Naval surface warfare officer to an army aviator They will need a particular they will need an understanding of this battle space to do do their job effectively The same thing if we're thinking about the civilian side It is not just to see so that needs to understand this the CEO Marketing and again whether we're talking about a fortune 500 company or a mid-sized business They will be making decisions relevant to cyber security in some situations They will be making decisions more important than the cyber leader is But we could also broaden it to I think there's a dire need inside the United States for digital literacy Not just sort of cyber skill sets, but how do you navigate online particularly when we think about the way that we are all targeted online? if our Kids but also our baby boomers who are seven times more likely to spread fake news than any other generation if they understood How to navigate online they would protect themselves as consumers they would be better consumers they would Have an impact on disease rates when you think about the spread of anti-vaxxers It would also they would be better citizens not only in terms of making better decisions relevant to elections It would also have national security relevance and protecting from foreign government disinformation campaigns So I'd love to see digital literacy taught and again It's not just something in schools. It needs to be popping up on social media platforms. You name it So let's let's jump to another area There's been a lot of discussion of What's called cyber moon shots? Are there any emerging technologies that you think might totally alter the space in terms of the type of investment? We're looking at for these cyber moonshot programs So and in some ways, I think we've already made progress towards a cyber moonshot our recognition and declaration of the cyber is a warfighting The main and making it an equal with air and sea air and maritime and space and land I think was our step in the right direction and it led to the stand-up of the cyber mission force All right, but also I think technologies like artificial intelligence and quantum computing Quantum computing would help us in the future I see artificial intelligence continue to morph and mature over time if you look at it from a framework of Reserve then decide and act I think it's already helping us a lot with seeing ourselves in particular in cyber hygiene Helping us with observation of the cyber environment as we go forward over the next 10 years I can see artificial intelligence up in us with more of the decision-making and actions All right, and so we're looking forward to those type of technologies Assisting in the cyber moonshot going forward in cyber speed. It's king All right The speed is kind of what you're looking for in all aspects of cyber And I think quantum computing the competition of computing power will allow that particular Technologies to help us in all parts of cyber from developing cyber capabilities to defensive posture To cyber hygiene it could actually be a game-changer to help us move forward towards that particular cyber moonshot So I cringe a little when I hear the word cyber put against in front of any other word, right? Because we have connotations of what the moonshot was right the moonshot was us picking this impossibly hard problem Bring together the the smartest minds of the nation and all the resources to bear to prove to the world That we've still had it that we were a technological superpower and we could send a man to the moon And when's how long has that been when's the last time we sent someone to the moon like by 2030? I hope we're we've gone back to the moon right but in cyber. That's not gonna work like it's not a one-shot success We're good. We can wait 20 years and do it again, right? It has to be a daily continual thing So I cringe a little on the cyber moonshot to turn it the question a little bit what I care more about is us spending Time resources wicked smart people and resources to think about another cyber in front of a horrible term Cybers of cyber weapons of mass destruction, right? So got it from a NATO perspective a weapon of mass destruction would never have cyber But what does it look like if cyber is overlaid on our current understanding of weapons of mass destruction? And what if by 2030 we're at a point that maybe we were closer to this? I would rather a start thinking today about all the lessons We learned over 30 or 40 years of development of other weapons of mass destruction How we define them how we find them how they're built how we defend the nation in the globe against it How we come up to this global consensus of that's just a step too far for anyone How do we start doing that conversation today in the digital domain before we get to the point where someone actually launches one, right? Because that's what it took the last time was actually to demonstrate to the world that someone would do that I want to start the conversation now So I would prefer to have a conversation in general instead of a cyber moonshotted Cyber so I would supreme weapon. Yeah, I was gonna add in Right before I say this this is a panel that's gone so far and In my mind you can see why it's a rich discussion because no one said the word cyber 9-eleven or cyber Pearl Harbor That's how you tell the difference between serious and not serious in this space I Would I would I'm not a fan of the moonshot Conception because it implies a particular Destination that you get to a victory that you've achieved and Cyberspace is not like that. It's more like a state and then second It's not a great parallel because of the adversarial nature of it. No one was shooting at the Apollo Mission and changing tactics as they go, but then finally The real challenge here and this actually connects to what you brought him in AI is that the adversaries often Ourselves so AI holds the potential to I agree change this space offering up a lot of ways of kind of tilting the offense defense balance to the defenders advantage, but it's only so if Our AI is information sharing in a smoother way Then how we information share right now AI basically sort of you know lives off of data The defender AI should be advantage because they're able to share in a way that attackers aren't but that's a policy question Whether you're talking about inside US government or public private partnerships. So let's real quick last question one sentence answers What does the US get most wrong on cyber security? So I have to say that we are rare Defenses posture, but we don't have this The skills and the techniques in place to observe them with enough fidelity to be able to detect when something's wrong Or when there's unauthorized activity, it takes way too long. It goes back to Me as a young soldier been told that obstacles are only obstacles if they're covered by fire And a lot of our protective systems don't have any firepower, right? And so we have to move forward and I think data analytics and artificial intelligence can help us do that Cyber is not separate That's where we kind of Did not go so smoothly from a military perspective in my personal opinion. We set cyber up as something separate It's techie its intelligence not everybody's good enough to get into it We started doing cyber for cyber sake and that's not right Cyber is just one other component one other effect that we can put into a commander's kit bag to use to achieve the mission And how he or she it chooses to employ it to be able to get to mission success And so in the future what we have to understand a lot better is that sometimes cyber and by that mess Message cyber command might be the main effort and sometimes the supporting effort within the military and more importantly as a whole of Government sometimes cyber might be the main effort But sometimes you a cyber command and all of its subordinates will be a supporting effort to some other aspect of the whole of government approach My one sentence is it took the United States 15 years to come up with a new cyber security strategy and it included nothing about Social media influence operations that have proven to be as or a greater threat to the United States Okay, so let's on that happy note Open it up to the questions first hand was right here Wait for Mike because there's people online Sydney Friedberg breaking defense a point you raised particularly colonel is about the importance of actually being able to bring in outside talent And you said even maybe for a few weeks rather than for you know 20 years Of course, we just Last week had the announcement of the director of defense of the service Chris Lynch is leaving and you know I'm curious what you think you know you've said about this is important in principle But you know looking at where a financial service stands and us digital service broadly and other initiatives to sort of shake up Allow more lateral hiring lateral commissions One of the specific things we actually are doing to get that flow back and forth and one of the things we actually could be doing Without just taking a bomb to the entire personnel system, which is awfully tempting Great question. So I can't exactly answer it because I don't know specifically what the United States Army and more importantly DoD is currently doing I can say from my foxhole What is important is that the military is the largest bureaucracy in the world? Could you imagine an organization of a one and a half million people and trying to get the red tape cut to make Things work DDS and its various offshoots have been a tremendous game changer to demonstrate to the world that this is important Figuring out how to bring in outsiders in with their skill set and expertise in order to solve specific problems They've had made great success and we need to continue to build on this, but not as something separate Right, we need to integrate this into the entire workforce so that it's not just you have to be cool enough for school To make the cut to join the DDS. I want it to be an option for you to come in to the rest of the force also And so to widen the doors Greater to allow more people the opportunity to come in and not make everyone's have to be such a cool cat Which Chris Lynch absolutely is and it's gonna be a darn shame to see him leave I want to crystallize his question for you because you've been on both sides of it. What is One approach that the corporate world has in terms of this that you would like to see brought over into how The military does these assignments. I think in the corporate world We do allow that maximum flexibility to move in and out of different divisions as well as different Corporations and come back and so as much like what was described there kind of happens on a pretty regular basis Also understand that in the army and some other services. They are doing some direct commissioning programs And I think an army all the way through the level of 06 and so to attract the top talent into the services They still have to work on how they can allow them to do sabbaticals and come in and out and how to Have a ready and trained force in the whole of nation that can come to our Defenses for a particular mission. And so I think a lot of the ebb and flow in and out of the corporation kind of exists today Okay, it's giving another chance It's right there Hi there bring them back to a mark logic We talked about deterrence, but given our operational security surrounding our cyber capabilities How do you advertise to an opponent? Your deterrent capabilities without revealing them in a way that we've been sheltering so far I think it's a whole of government approach just because you have an issue in cyber You don't have to respond in cyber We use all the instruments of power and so how you formulate your particular interns plan for that issue Just depends on what's the best approach at that particular moment So I don't think is you have to tell how you can detour them in cyber They haven't ready and trained forces readiness is the biggest deterrent that we can probably demonstrate I would add in maybe a core challenge in terms of overall US strategy here is the assumption that a strong cyber offense yields cyber deterrence There is no doubt among adversary actors that we have a high quality cyber offense capability Now there may be some question around the particulars of it, but you know one of the things that Your old organizations have a lot to be mad at Edward Snowden about but he did reveal that there is high quality Capability there, but that did not yield cyber deterrence, right? And instead it goes back to actually something that was in the discussion whether it was with the the CNO or Around the the Arctic security. I believe we would gain greater deterrence Through a resilient structure or sometimes it's called deterrence by denial. It's where adversaries don't just fear Retaliation in the same way you hit me I hit you directly back the same way, but rather you don't hit me because you know, it's not going to work I will shake it off. I will bounce back quickly. We as a nation do not have very good resilience when it comes to Overall national cybersecurity, but then when you also think about individual networks within corporations or military organizations Resilience is going to be far more effective to their success then whether it's a corporate side the ability to hack back or whether it's military side the ability to Hit an adversary back. It's making sure that the the network itself is resilient Let's get time. We've got time for a couple more So anyone else yeah back there in the corner I'm curious to know your thoughts on as the Industrial leaders have changed from in World War two manufacturing into information systems like Facebook and Google How can we first prevent? How can we leverage control as a as a government over those industries if we enter into a major Near-peer conflict like we did during World War two and maybe even turn those attack vectors into Offensive opportunities So I don't think as a government we need to control industry nor specifically those industries or any other industries I think the key is is that if we're concerned about what the next war is going to look like and we're operating in that gray space It's resiliency so in the terms of my generation deterrence By by resiliency in the words a chub thump a womba I get knocked down, but I get up again, and that's where we need to be give you the millennial version Taylor Swift shake it off. There we go done. We've spoken to the masses That's where we need to be from a cybersecurity perspective if we can get industry resilient if we can get that critical infrastructure and key Resources resilience against any kind of attack cyber digital information Operations any of that that's going to make a stronger posture for all of us and better Defend the nation and protect our way of life from any adversary out there Yeah, I have to agree. It's not about control. It's really about those partnerships all the time Not just when there's a particular attack you have to build those relationships every day and in that resilient structure Jim motor. I'm a retired Marine, and I'm afraid of cyber reason never free why I Think it's inevitable that the resiliency That's required Corporate-wide It's got to happen They all have security people. They're gonna have to have sharp cyber of people and Another thought I had with that regard was since Cyber is going to be so persuasive Pervasive excuse me. Why couldn't there be an organization like the FBI? that had regional responsibilities in Here and there's where you could pluck off your people for a three-week break or whatever it is that you needed And they would be forced to stay up to so I'm gonna frame that around Is there a need for missing organizations whether it's there has been proposed the idea of creating a Department of cybersecurity What what is there an organization that's missing here? I'm not sure I would say from my point of view that there's an organization missing I'm gonna say we do a really crappy job of communicating and collaborating right now across the whole of government and more importantly than Communicating with industry and I think if we could fix that we don't need to include a craft any more new Organizations or anything else, but it's this ability to actually communicate and collaborate I think would set us up for success. Yeah, I agree We have enough organization is really to sharing and situation understanding I do like the concept of creating a civilian cybersecurity Type component ensure that throughout all of our society from national government to everyday citizen that I'm cybersecurity is on the forefront, but from a government perspective I don't see any new organizations that are required. We just have to better Optimize the ones that we have so my response to this is I don't think we need a entire new cabinet department I think cyber issues connect through so many other areas that it wouldn't make sense. We do however Need to restore At least the position that happened that was within the National Security Council that's been taken away It's really odd to downgrade cyber security at this time. Actually in my mind. It should have been elevated Second, I think there's a need for potential traditional cybersecurity organizations like information sharing ISACs that we have for Cyber threats like APT's where intelligence community law enforcement and private sector can share Information about threats in a kind of non-public way. We have that for APT's from China or Iran We don't have that mechanism for disinformation campaigns Whether it's from Russia or something else and then finally I think there's a need for some kind of parallel to the National Traffic Safety Board, which is a after there is an air accident In a non liability framework Investigators come in try and figure out what happened and share information as rapidly as possible You can still have lawsuits afterwards, but you have that kind of immediate aspect We don't have a neat parallel to that in cybersecurity, and I think there's some utility for that So that hits our worst have the the red flashing light This has been in my mind a really great conversation. We hit everything from You know pop music to Yeah to Emergent cyber threats quantum AI you name it. So please join me in a round of applause