 So, in conversation with Jim, Chris English speaking here, what we thought we might do is that I'm going to give some brief remarks and then Dave and I will take questions together. It won't surprise you that the remarks that I'll provide are very consistent with what David has already rolled through. I'm reminded of that old story about how when the conspiracists in the world found out that pyramids were built at around the same time in roughly the same shape in both Egypt and the kind of Latin American regimes, they immediately assumed that it must have been an alien race that came down and kind of conveyed the information about how to build pyramids in both those places as opposed to the alternative theory which is that it just might be that if you pile up rocks any other way, they fall down. So I think you'll find that David and I have very similar views on this and I'll provide some perhaps insight from my own experience, perhaps using a slightly different lexicon, but ultimately coming to the same conclusions about what the nature of the issue is and perhaps the strategy out. I think I'd start with an anecdote of my own which is that you can remember the story about that cyber entrepreneur when asked by his chairman, how are things going? How's the business going? And he replied, in a word? Chairman said, sure, in a word. He was in a word? Good. So when the chairman thought there might be a more fulsome answer, he said how about in two words? He says, two words? Not good. It turns out both of those views about the state of cyberspace, what I would call the internet, cyberspace are right. It's still a good thing. It's still an enormously powerful engine for commerce, for private communications, for diplomatic communications, for the progress of all those things that we hold near and dear, whether it's aligned with economics, private life, diplomatic life, even command and control for industries and military. It's a huge engine of all those things. But in the same way, all of those things that constitute a lucrative asset for those who would then take advantage of those, so that stride for stride along with that promise goes a threat. And I think I agree strongly with David that the internet was built more for the first than the latter. The latter is almost an afterthought. And so my own framing of this kind of rolls in the following way, which is that first and foremost, we need to understand cyberspace for what it is. It is an extension of each and every other domain that it enables, but it has unique properties. Those unique properties must be understood in order for us to then treat the properties, the value that's stored inside of that in an appropriate way. Three come to mind. The first is that as opposed to simply reflecting through its communications things of value about other domains, cyberspace increasingly is a place where we store wealth and treasure. Many ways to describe that, but as opposed to when I got started in the business at the national security agency in about 1986, when communications that I might capture for my intelligence mission or defend for my information assurance mission, they reflected things of value that were held in other domains, increasingly those things of value are only in cyberspace. It might be the blueprint to an advanced fighter jet that the Department of Defense, you pick the country, holds as a competitive edge in their competition with other nations on the planet. It might be ones and zeros that are associated or perhaps are the only representation of your child's college savings account and a whole host of other things. The second property of cyberspace that I think makes it unique is that everything is connected to everything. You might call that the property of convergence. That's a wonderful thing when you Google yourself or something else and you find that there are 100,000 entries, but you need to at the same time remember that the 100,000 things that have just reported to you about what they know about you can touch you in ways and places and times that you might not prefer. At the same time, you can reach out and touch them. They can and often do reach out and touch you. And the third I think also referred to by David is the royal, the rate of change, which is the reality of cyberspace. It's almost impossible to achieve a static advantage in cyberspace, whether that's a competitive advantage that you prosecute in your business or whether that's a static advantage that you might know as a security advantage over an adversary. Things change every minute of every hour, every day. And it's not just the technology that changes. It's the employment of that technology. It's the operational practices of either the adversaries or your users who maddeningly make use of things that you provided to them in ways that you never imagined. That's a source of great innovation, great delight. It is also a source of security disadvantage. If your security depends upon a static advantage and static nature of compliance based standards, your heart's going to be broken on a fairly regular basis. That then leads to a conclusion then about what is it about cyberspace that is then worth protecting? What are the core issues for us about what it is we need to hold near and dear and what if we had a strategy to protect something? What would be the things you'd protect? Well, I mentioned one of those, wealth and treasure. Intellectual property or the literal wealth and treasure that's stored in cyberspace is worth protecting. We need to therefore focus time and attention on how that's stored, where that's stored, what that is so that we might then protect it. Privacy is well worth protecting. It's an inherent constitutional right for us in the United States, but it's also a common principle across our allies around the world. And that too must be protected. I might say that an implicit right that most Americans would immediately subscribe to, and I would imagine many other societies as well, is the right of traversal, the right of access, the right to use it. We need to defend cyberspace such that it is available, given the dependence that we've achieved on it or through it. We need to make sure that it is generally available. And then finally, we can't miss the fact that there are so many things that while they're not necessarily stored in cyberspace, their resilience depends upon cyberspace. If you ask US transportation command, that's the command within the US military that gets guns, butter, people from place A to place B, from the place of manufacture to the place of consumption. They would say that 90% of their flow depends upon the resilience, the integrity of cyberspace. Because much of what they do in command and control, from ordering things at a factory and moving them through a rapid logistics system, there are no warehouses, depends upon an exquisite choreography that occurs in cyberspace. Lose confidence in cyberspace? Do you lose confidence in your flow of material? You lose great efficiencies that we have no backup for. Again, there are no warehouses. There are very few grease pencils left in the world. It's hard to back up to a manual process if you've depended so heavily upon cyberspace. As to threats to all of that, I think David, too, did a really good job. And I would simply say that if we were to keep score in the American game of soccer, remember most of those scores, break your heart at the end of 90 minutes, it's about 1 to 0. And generally, it's some bit of serendipity in between that kind of led to that result. If this was the game of soccer, we'd be at a score of about 86 to 50. And we'd be 20 minutes into the first period. Any offense will do. And there are no defenses anywhere in sight. Perhaps all the offenses are clustered around the kind of opposing goalie's goal. And that's why perhaps no one's defending our own goal. But when it's all said and done, there's a great asymmetry. There's a great disparateness between what the offense does, what those threats can do, and what the defense does. I think that's because the strategy is always lagging. While there are some good strategies, and I think David's right, they're point-focused and they're fractured almost by nature, while there are some good strategies, they're not holistic and they're not dynamic. Most of those are based upon point-focused solutions. And most of those are focused on compliance, as opposed to a dynamic defense. So the strategy might be as simple as we should make these networks more defensible. We should actually defend them. That's a surprise to most who find their networks fouled on a Monday morning, having left on Friday night. And we should bring to bear all instruments of power to enable that defense. And I say all instruments of power, as opposed to national power, we more often especially in the government where I come from, think about national power. But I say all instruments of power because individuals have a responsibility, organizations have a responsibility, sectors have a responsibility, governments plural have a responsibility, and to David's point, they must all be done in collaboration. Some of the most interesting, innovative, perhaps disastrous attacks we see increasingly are ones that are not simply staged, as David described. I think that's also a very interesting vector, but they are kind of done in a way that the actual attack occurs two, three levels upstream, such that when something arrives on your doorstep with perceptively bonafide credentials, you do what you're supposed to do, which is you check those credentials, you ensure that that person has the right to access what it is they're asking for, and you provide it to them. That's why we create the networks. That's why we create the connectivity. But it turns out when you look one or two or three levels upstream, those credentials are stolen or counterfeited or washed, and until such time as we can step back and we can take a God's eye view to the various artifacts that exist in the system, integrate them, achieve collaboration within the engineering of those networks and within the dynamic nature of how we operate those networks, our defenses will always fail. As to who, I mentioned that when I talked about what the strategy might be, its individuals, its organizations, its sectors, its governments, plural, and as to when, now would not be too soon, possibly it is too late. I would close with my own version of the four T's, being from NSA, I have to encrypt it though, it won't be T-T-T-T, but I came up with virtually the same words using kind of perhaps a synonym for each. The first word on my list is collaboration. I think if convergence is a reality in cyberspace, then integration in our engineering collaboration, the human form of integration must be a necessary response. Let's put all of our efforts together in a collaborative way in order to make this a more resilient, more defensible set of networks and to then actually defend them. My version of training is education, so that's an E for me. I think that this venue, and I give huge credit to CISIS, the reason I'm here this morning is if Jim Lewis asked me to do something, I'm biased to say yes because I think that his organization has been an enormously powerful force and a thoughtful force in terms of providing an education that then enables action. And I think then that this is a fora that we should continue in so many other ways. My version of testing is policy and law, and by policy and law I don't just mean government policy or kind of the law that we might then effect up on the hill and have the president sign, but organizations need to take some responsibility within their own house to determine what are the standards for building and operating a network. Does the CEO know the name of the CTO or the name of the CISSO? And if so, do they see that as a cost center, something that has a drag on profit or is that something that creates the very foundation that generates the profit that the CEO is charged to effect? And then if that CEO feels that way, they'll take it upon themselves to describe, declare what the standards are both in compliance and in the operation of those networks followed through by complementary activities on the part of government, which can perhaps establish policies, treaties, normal behaviors between and amongst nations in this space. And then finally, with respect to technology, I would broaden that a bit to say, not just technology, but human behavior, action. There needs to be some emphasis on what are the active components that then have some properties within our system and people are perhaps the bane and the boon of any activity within cyberspace. The reason that a national security agency continues to be successful this day in the face of ubiquitous encryption and massive security protocols around the world is that the end of the day, the proof for the pudding is in implementation. It is humans after all who manage, who essentially conduct the affairs that we know as security practices and protocols. And the reason our adversaries are so enormously successful against our networks today, again, is it's the implementation that is that issue. And therefore we need to focus on the behavior of humans, not just the behavior of technology. So in closing, I would say that I agree wholeheartedly with everything that David said in terms of his framing, though our words might be somewhat different in our experience, of course, comes to this common place from different directions. I think we see the space at about the same way. It just might be that when you pile up rocks any other way, they fall down. We'd be happy to take any in all of your questions at this point. Well, I really appreciate both of you giving those very insightful remarks that I like the pyramid similarly, so really I'm gonna steal it as soon as I can. No, these are two real leaders in the field. So we have a few minutes for a few questions. Could I ask when you ask the question, stand up and identify yourself and then we'll let our two speakers take it. Go ahead, please. Organize ourselves around this concept of defense and depth. As we move forward, have you thought through what new governance models must exist to change that view? Just what you talked about, that concept of human behavior. We don't think enough about how organizational culture impacts how that implementation works. So in revisiting our governance and revisiting comms, et cetera, how would you change the way we organize to move away from that Majida line? That's a good question, although I was still trying to think about how to encrypt Chris's four T's to C-E-P-A-H or something. I was like, oh, it spells peach, so I got it, yeah. Policy. Anyways, great question and it's not an easy answer because we spend, if you look at the security industry today, it's nearly a $30 billion a year industry. And as I mentioned, 1,300 vendors in the security fields, just technology vendors alone. We've been conditioned to build defense and depth as an architectural model. And that architectural model today is so easily evaded. It's unbelievable to be here and watching that happen because we have some of the greatest cyber mines and technology personnel engaged in these activities. These are the smartest people. But when you look at all that innovation I was suggesting earlier, it's just created such an atmosphere to exploit that it's created these architectures that are now just flawed in a way we have to think about it. So we need some creativity here and we need some new ways to think about solving that problem. And certainly when you think about it, we need a way, as I think Chris suggested, of creating some policies and some technology advancements and some behavioral changes to really address that problem. And that's just about the only way we'll do it. And so I would associate myself with those remarks and then perhaps add three things. One, there needs to be accountability. And I don't mean by that negative liability. I think that we need to hold CEOs or the appropriate parties accountable for the resilience, the security, the integrity of those things that generate revenue or generate whatever the business is of that particular organization. They therefore, in the same way that they might then kind of pay a lot of attention to their finances under Sarbanes-Oxley, spend an equal amount of time to the integrity and resilience of their networks because that's not simply a commodity whose kind of fate may have an effect on their bottom line. It's a foundation for their business. And I'm not supposing that we have a Sarbanes-Oxley, but you need to have the same sort of focus. The second thing I would say that I love the analogy that David had about the Imagineau line. And I think if you think in terms of warfare, and this isn't warfare. This is a defensive strategy in a place called cyberspace. But if you really think about the Imagineau line, the solution for that in terms of militaries who ultimately were able to counter Blitzkrieg was, I think, at least composed of two things. One, maneuver as opposed to static defenses who did not move in time and therefore had strength and depth but no ability to be agile. They achieved a degree of maneuver such that they were able to outflank or counter in a very dynamic fashion. The forces are right against them. And second, a joint ability such that you could bring your various forces to bear in a hugely integrated way. Today's US military, like a lot of other militaries in the world, achieves an enormous power from the leverage that comes from the Army, Navy, Air Force Marines, even Coast Guard, joining their efforts on a joint battlefield such that the maneuver that they bring to bear has great cross leverage. And I think the collaboration and integration that was suggested in our opening remarks is a component of that. I think if we could bring all of those to bear in an integrated way, we just might have a chance. And I do believe that this realm is defensible. I think we would have a very fair chance in order to defend it. Stand up. Defense, mainly Mr. Englis. How relevant is the division that we have now between title 10 and title 50 to your ability to do your job and do these lines need to be redrawn? So I'm going to assume that what you mean is that kind of in the realm of computer offense, computer network offense, OK. So title 10, title 50, come from a time and place. For those of you who aren't kind of close to that, and if you aren't, you live happy lives. Comes from a time and place when we essentially had very discrete places where we did the various functions that we might today call computer network defense, computer network exploitation, computer network attack. So in my business, for example, NSA has always had a breaking codes and a making codes component. But in the early days, even when I came to NSA 25 years ago, those were two physically different places. We broke codes in one place and made codes in another. When I came in in 1986, the Soviet Union was the principal adversary of the United States. They made, operated their own networks or what constituted networks in those days. And we made and operated our own networks. And so there was a very distinct separation between the authorities you would then bring to bear in those respective areas. I think what you talk about more currently is whether the distinction between title 10 and title 50. We practice title 50 in terms of my intelligence mission. The US Cyber Command practices title 10 when they defend networks or went on order they would attack networks. Are those distinctions, so they continue to be important? Those distinctions are not helpful if they talk about different places, but they are helpful if they talk about the effect that you intend to bring to bear. And so I think we need to hold on to the distinction between the effects. We need to know at any moment in time what is our intended effect, what's the intended consequence outcome of a particular action. But we need to make sure that there is increased synergy between and amongst the forces we would bring to bear in the same way that I talked about how do you counter, right, Blitzkrieg. You have to do that through a jointness and through a sense of maneuver. So I kind of would answer on both sides to say that I want to retain the distinction between what my authorities are so that I know that at any moment in time I'm doing what I'm authorized and no more. But I want to have a join between those so that they can actually aid and abet one another in useful and thoughtful ways. Dave, you're on the end stack in similar bodies. Do you ever run into title 10, title 50 issues? Or what do you think about it? Well, certainly from the private sector's viewpoint, we have similar challenges as Chris was just describing, where we sort of have the elements of constantly trying to break the code, obviously, because the attackers are trying to look for new ways to crack in. We have research teams constantly on the defense trying to figure out how to solve these problems. And what's really interesting is we now have vendors who are on offense, too, in the private sector. And ones that have built new malware kits, have designed new kits. And it's interesting to watch the private sector have that same title 10, title 50 try elements being built today. The commercial world now is creating and capitalism is helping to create both offense and defense in the cyber arena. So we're seeing similar things emerging. And I think that's going to continue to be a trend as we move forward globally. Siobhan, I'm calling their names and they don't do anything. Oh, sorry. Hi, Siobhan Gorman with the Wall Street Journal. I was wondering, particularly for Mr. Inglis, but both of you, if it's possible, kind of following on the first question, to give a little bit fuller explanation of your assessment of kind of the current defensive capabilities and sort of what the limitations are and what your concerns are in that realm. So I think I would associate my remarks with what David had to say, which is that I think that the defense, by and large, is increasingly aware of its vulnerabilities. The threats are right against it, but not yet joined up kind of integrated or collaborative enough across the multiple parties that must combine their efforts in order to prevail against those threats. I think within the private sector, there isn't yet enough information sharing that is agile enough or timely enough in order to counter the effects that increasingly are quite agile and very resilient against them. And there's increased sharing between the private sector and the US government, but that hasn't yet, I think, achieved full effect. I think that there are still some inherent limitations between that. The policy that was signed out by the president earlier this year took, I think, a very useful step in the direction of encouraging information sharing between the private sector and the government and vice versa. I think legislation that is considered on the Hill would take a further step and certainly provide some incentives in reducing the liability for information sharing. We need to, at the same time, ensure, though, that we do not incur upon privacy and civil liberties, and so it needs to be done exactly right. But increasingly, what we see is that information sharing must be done in something approaching real time, because that's the nature of the threats arrayed against us, and that the integration between the various activities we would bring to bear, private sector, private organizations, individual efforts, and governmental efforts have to be applied as a collaborative effort, again, in real time. David? I would echo what Chris says, but also add the following. I mean, when you think about defense today, and I had a lot of these products at McAfee and other companies were very similar. Most companies and most entities set up an architecture, a defense architecture, that is very deep, and it's very comprehensive to watch. If you studied the architectures of the critical infrastructure security models today, you'd be amazed at what's deployed. The problem is that nearly every point of defense that they've created, the exact same engine is sitting in that defense. So what I was alluding to earlier is sort of that marginal line was created at the firewall, sits an antivirus solution, looking for and scanning for files, at the intrusion detection or prevention layer, exact same thing, signatures built to look for known attacks at the email level, the web level, the host level, the cloud level, almost everything's the same. The difference is at one layer it might be a McAfee or a Symantec or a Trend Micro or a Kaspersky or a Sophos, but the engines are identical. They're all signature-based solutions. They all have a blacklist that block known bad files. If you don't know about the known bad file, your entire defense architecture is easily defeated. So today's attacks are coming in in totally new ways. They're coming in through applications, through executables, they're coming down in stages, and the pattern-matching blacklisting model is somewhat defenseless against that architecture. And that's what's created this sort of perfect storm that I alluded to. So we need new ways to look for these exploits. We need new ways of technology to study this, and that's why I alluded to virtual machines, detonation chambers to test the holistic view of an application, study it over time, but do it at line speeds of the network. It's critical that we evolve that model because we'll be sitting here three years from now if we'd be exact same known blacklist kind of model at every egress point, the defense architecture will stay where it is, which is hugely dislocated from the offense. Hi, Brooks Dahlsburg from PWC. I have a question that comes from Dave's comment about the growing market in offensive as well as defensive tools. Do you all see a prospect of corporations hitting back at the people who are attacking them, and what would you see as the implications of that? I'd also like to offer speculation that maybe if Imagine No Line had used more pyramid architecture, it would have been more successful. Thank you. You know, I'm not sure I could comment frankly on striking back, but certainly at times we think that that's a necessary solution. I mean, watching what we see today with all the theft and all the elements of crime that's out there, we need an enforcement model that is eradicating the bad behavior somehow, some way, and it kind of goes back to some policy and some teamwork and some collaboration capabilities, but if we don't interlock the law enforcement elements and the defense elements, we're never gonna solve this. So we need a way of striking back. Do we strike back in cyber ways? Maybe, maybe not, but we need a cooperation. We need a cross-border cooperation to eradicate these bad actors and these bad elements, and that might require diplomatic relations. That might mean law enforcement interactions across the world, but somehow, some way, we've gotta put an end to that and we need to do that. So I think it's an interesting question. I think that at the end of the day that we need to do more than simply kind of take the slings and arrows that come our way, kind of go into a fetal crouch and kind of be better and better about taking arrows in stronger and stronger armor plate. That said, we do not want to encourage vigilantism. There are many instruments of power, private sector and public sector power that I think could equip themselves quite well in this. They've not yet been exhausted, whether that's the standard realm of deterrence, which is that you increase resilience, you increase the possibility of attribution, you then set up the possibility that the consequences you can bring to bear using those standard instruments might then be more effective, and those might be criminal prosecution, public shaming, might be financial sanctions if it's a nation state that's doing something to you or criminal organization. But I think we need to exhaust those traditional instruments that we use to essentially effect consequences upon those who would do damage to our societies or our private sector organizations before we contemplate the dangerous possibility that we might somehow implicitly or explicitly kind of encourage vigilantism. I don't think that we'd be well served by it. I think we have time for one more. Good morning, Andrea. Ashelal Issa with Reuters. I had a question for you that has to do with this kind of problem of NSA being involved and the question about whether in some ways the fact that there's concerns about privacy, whether that's hindering your ability from the government side and what the perspective is from the private sector side in terms of that dual heading with General Alexander being both head of NSA and cybercom and whether you think that there's sort of an institutional problem in moving forward to do the kind of creative innovative solutions that you're talking about. So the question, and I'll repeat that for those who didn't hear it, if I kind of take liberties with the question, please shake your head vigorously, was whether there are some inherent issues with the fact that NSA as an intelligence organization is also involved in defensive issues, trying to bring resilience and integrity and defensive properties to networks. Is that a fair characterization? I would say that cognitive dissonance has been with NSA forever. We've always been an organization that at the same time we broke codes, made codes because underpinning each of those are common disciplines and it's very important for us to then contribute the fullness of our experience to both aspects of our mission set. There need to be controls in place to make sure that we're doing it exactly right and that there is not any equivocation taken on either of those mission sets. But NSA by virtue of experience and by virtue of what it sees on a daily basis understands a great deal about the nature of threats in the realm of cyberspace and can make contributions in its information assurance role to both the creation of more resilient networks and ultimately to the understanding of operational threats in real time, such that if provided to those who then build, operate, defend our nation's networks or for that matter coalition networks would put them in a better place such that they might then have a better prospect for having defensible networks or networks that they actually succeed in defending. And so that's the proposition. That's what NSA is trying to do, mindful that it needs to make sure that it is completely faithful to the authorities that it has exercising nothing more right than those authorities. And that's why General Alexander as the commander of US Cyber Command and the National Security Agency at once tries to affect the synergy between those two as opposed to considering that that's perhaps a tension. There is no tension in terms of the mission outcomes though there is some kind of distinction between the effects that we might bring to bear. David. Yeah, I would just further on, at least from the private sector, I've been very encouraged and very pleased with the progress that we've been making between private and public in the interlock and General Alexander and Chris have led just an amazing effort to reach out to the private sector and collaborate effectively together. And it's been a great process, obviously. And we've been able to create an environment where we can share amongst each other as best as we can. But privacy still is a large element of challenge for security companies, especially public security companies that trade on public markets that are governed by the SEC and governed by Sir Bain's Oxley, HIPAA and other types of legislations that are out there. We don't often have safe harbors around privacy, companies that are breach, companies that have a large amount of information that could be useful in forensics investigations around who the adversary is or what the attack was around is a delicate balance for security companies because today the way the attacks go down is they're often embedded in documents or embedded in applications. And a lot of times this has very important private information about a company. It could be about their financials, it could be about their engineering drawings, it could be just about anything, patents. And so we have to receive that as a security company and yet we're under strict NDAs and other types of disclosure requirements around that privacy element. So we could do a little bit more here. I think it's important. The executive order is a step in that direction, the president's order. I think we've got some capabilities to work together with critical infrastructure to do more. I'm encouraged by the progress and I would continue to try to urge us to collaborate as Chris said and to create some more team working around that area, particularly around privacy related to security and breaches. Thank you. Let me push that one just a little bit, Dave. You've glued a lot of companies together. And so it's inappropriate a lot of times to compare corporate experience with government experience. But if you were looking at the federal enterprise, not just Cyber Command and NSA, the federal enterprise for cybersecurity, what kind of recommendations would you give? Wow. You can talk about pyramids. Yeah, talk about pyramids. Can I go back to the imaginary defense? No, again, we're seeing a lot of capabilities that I think the US Cyber Command has put forth that allows us to unify a lot of the intelligence communities, defense networks, the architectures that are there, which is exactly what you alluded to in the security world where we're unifying our architectures are trying to do that. That's critical. I mean, as we look across how to defend the networks, the better we are at being able to have visibility, continuous monitoring of those networks, some of the legislation of FISMA and others that allow us to be able to monitor those networks, defend those networks, and do it across a complete command is extraordinarily a positive direction. And if you go back just a few years, we didn't have those architectures in place, so we've moved much in the right direction. But if you go back to the state levels, or you go to, I was just visiting the state of California last week in Sacramento, 160 agencies, 160 different networks, 160 different CISOs, completely, lack of collaboration would be an understatement there. So you can really see the need for bringing this together and unifying this in order to defend because it's much easier to attack 160 separate networks with 160 different architectures with no availability and no monitoring capability across that. So this is needed at every level of government, in my opinion, to defend their network and is needed in the private sector too. Chris, maybe we'll give you the last word. You've been doing this for a long time. You wanna, what do you wanna say about it? I mean, 20 years ago, people couldn't spell cybersecurity. So we're in better shape. Where are we now? I think that might be my tagline, which is this is very encouraging to see the diversity of the organizations, the people, the backgrounds in this room, and to see the level of interest in this. And so we need to then capitalize on that and create the integrated architectures technology and the collaboration that is essential for us to essentially push back on the threats that constitute a threat to something that is better, it's good, right? It's a generally better thing than the threats that are arrayed against it. And so the choice is, do we give up on this or do we kind of continue to defend the things, the equities that we have in this space? I think it's clearly gotta be that. Thank you. Please join me in thanking our two speakers. Thank you.