 All right, we are going to get started here. So it is my great pleasure to introduce Anthony Fronte from FTI, a man of many accomplishments. And we will start chatting here, and I'll ask some starter questions, but I hope that all of you will have questions to ask Anthony as well. We can have a discussion of many relevant, timely, and challenging policy and legal questions that Anthony has encountered during his multifaceted long career in security. So with that, if I may, I'll ask you to, if you'd be so kind, share us your, share us the story of your career, how you got involved in security, what you wanted to do when you grew up, and how you ended up before us in your current role. Great, yeah. So thanks for having me here today, and thanks for joining. It's good to see some old friends in the audience. I always love coming to Black Hat and DEF CON for exactly that reason, it feels like a reunion. But the question was, how did I start my career? And believe it or not, I've been working in security, specifically cyber security, for 30 years. And many in the audience, especially those in the front row, are going to look at me and say, how is that even possible? 30 years in security. I started when I was 10. I started hacking computers, 10 years old in my living room, after my folks purchased an Apple 2C Plus. Many of you are in the audience smiling and laughing because you all know the Apple 2C Plus now sits in the Smithsonian Museum in Washington, D.C. It's quite a dinosaur. Anyway, I started when I was 10 and continued as a hobbyist through college. When I graduated, I started working in private practice as an ethical hacker at a big fore consulting firm. Loved what I did, worked with a bunch of like-minded individuals. We got paid to break into corporations. Unfortunately, I was living and working in New York City at that time and had experienced firsthand the effects of September 11th, 2001. And it really changed my outlook on life and some of my motivations. So I actually went back to work shortly after 9-11 and quit my job and went back to school to get a master's degree in computer science and then joined the FBI. I was pretty passionate about the national security mission and supporting the United States in that capacity. So I quit my job in private practice, joined the FBI, and they sent me shortly after that they sent me down to Quantico, Virginia where I was at New Agents Training. Graduated from New Agents Training down in Quantico and they sent me right back to New York City where I worked as a cyber security special agent investigating all cyber matters related to national security. I was hunting terrorists online and spies online, quite an opportunity for me. As you can appreciate, it was extremely fascinating work. Proud to say that in my nine years as a field agent in New York City, I worked thousands of incidents, some major breaches, major compromise at NASDAQ in 2010, for example, and then also some really small breaches. But safe to say, definitely had my fair share of security incidents in New York City and loved every minute of it. In 2013, I promoted, I went to FBI headquarters in Washington, DC where I served as the chief of staff for FBI Cyber Division, overseeing administratively and operationally all matters within the division, supporting the assistant director. That was a fascinating time. Was able to live through and help navigate some of the most significant breaches or incidents of our time during that period from 2013 to 2015. Notable one was the destructive malware attack at Sony Pictures Entertainment. And then I would say, I was very proud that in 2015, leadership at the FBI promoted me again and sent me over to the White House to serve in the Obama administration as an apolitical appointee. I was detailed as an FBI special agent to the National Security Council where I worked as the director for Cyber Incident Response. And many people say, you know, what was your job? I was very fortunate. My role on the National Security Council was I worked on a team of cyber security practitioners. And my role was to choreograph U.S. government response efforts to any significant cyber event that affected U.S. interests, foreign or domestic. So as you can appreciate, it was a very busy time. And one of the reasons why I'm here today is because during my time in the National Security Council, I and a few colleagues led the preparedness and response efforts leading into the 2016 U.S. presidential election specific to cyber security. I'm happy to talk about that. It's a very relevant topic, especially as we go into the 2020 U.S. presidential election. And I can assure you the threats that we faced then and continue to face today are indeed real. And it's something that we should take very seriously. So that said, you know, happy to have a conversation. Welcome audience participation. So if I may, I'll ask to follow up on the point that you just raised. What can you tell us about the mindset, the approach, the analysis that happened around combating the Russian interference threats that were happening and continue to happen in 2016? So from my optics on the National Security Council and within the U.S. government, there was really, I would say, a two-pronged approach. There was the massive coordinated misinformation campaign, right, the influence operations, which have serious effects. And then there was also the very tactical probing operation that the Russian government partook in. And, you know, it's very easy to confuse one or the other. But I think it's really important to understand that both were taking place in real time. And the effects of both operations were definitely significant and quite possibly still ongoing today. So you mentioned that you got your start in security very early. Can you tell us about some of the adventures, your earliest adventures and whether you were ahead of your time and always stayed perfectly in line with what would be the standards today of slightly transgressive conduct? Or were you more experimental as many people were? Yeah, I was definitely experimental and really just super curious about security. I mean, when I started, the internet in your home didn't even exist. I remember when we finally did get the internet and at home it was very significant day, right? When I first started, it was just programming. You know, I started writing my first programs at 10 years old. And in addition to writing my own, I started to look at other people's code and try to break their code. But it was all curiosity, looking to push the limits. I did a few times throughout my career discover certain things where I would present them to senior folks and they would say, oh, wait, show me that again. How did you do that? And of course, anyone who's ever hacked a computer knows it's a very rewarding moment. You feel very proud and I'm proud to say that I felt proud at those times. But it just continued. And I will say that I don't regret it for one minute, of course. When I did quit my job in private practice, enjoying the US government and really helping the United States combat these threats online, I don't regret it for a minute, of course. It was extremely rewarding. And I'm proud to say that myself and my colleagues in the FBI made a considerable impact on these fronts, specifically with respect to terrorism and intelligence operations. So DOJ is currently proposing innovative ways of potentially building out engagement with workforce development and keeping kids on the non-intrusion side of the line. Do you have any thoughts about how to encourage building talent while still staying out of legal trouble as the computer front abuse act exists today? Yeah, no, absolutely. I'm glad DOJ is taking that stance. When I was in the US government, I was beating that drum for many years. And unfortunately, I was dismissed for many years. But I do think government leaders are finally realizing that they need to really work with private sector to continue to develop this workforce. The cybersecurity workforce, as you all know, is extremely lacking. There is just not enough really good talent to staff the roles that are needed, whether it's in the government or in private practice. So I think it's smart for governments around the world to establish programs with private practice entities, maybe develop a sabbatical program. Two years of private practice employees can go work for the US government or the government and their home government. And vice versa, I think there not only will be a knowledge exchange, a very beneficial knowledge exchange, but there will also be the ability to train, cross train in different industries, private versus public. But then also keep people fresh, keep people on their toes, let people peek behind the curtain, working for the US government, and realize, OK, this is what it's all about. Then go back to private practice. And vice versa, I definitely think it would be extremely beneficial. And I think you would see less of a brain drain in the government or in private practice. So you mentioned working on the NASDAQ investigation. What were some of the challenges that you experienced in conducting that investigation and the context of a market integrity-driven compromise that presented different concerns that other kinds of compromises that you had dealt with before? Or was it functionally the same from this perspective? I hate to say it, having worked, again, having worked thousands of these, not only in the capacity of the US government, but also in private practice, these incidents really have a, first of all, no two incidents are alike, but they do have common themes. And while NASDAQ did, in 2010, experience an incident, it's not unique to NASDAQ. It's happening every single day. I think the latest statistic I read was, in 2019, right now, every day two organizations are experiencing a significant incident, two, two a day. So that's pretty significant. So we certainly don't want to pick on any single one organization or highlight them as being deficient, because this is an evolving threat. And it can happen very quickly, very easily. These systems are designed to allow organizations to operate more efficiently, more effectively, globally. And to use a very overly used term, you're strong as your weakest link. And some of these organizations experience that firsthand. Is it your sense that financial services and market makers and other key players in financial infrastructure learned from the NASDAQ compromise and did a more aggressive, self-reflective exercise around not being the next NASDAQ, or what's your sense of the evolution of NASDAQ? And again, I wouldn't even single out NASDAQ. I think financial services in particular, they're constantly learning from their peers, not only in financial services, but across all sectors. They're extremely well-funded, they're regulated, they have responsibilities being in the industry. So they're constantly learning every single day. I think what we're seeing now is more and more organizations are experiencing these types of incidents, and not because it's a fault of their own, but just because it's a result of the threat constantly evolving and people having different types of motivations, whether it's personal data, financial information, sabotage, to name a few. So you also mentioned the Sony compromise. And so that presents perhaps a different kind of model of the motivations in particular that you were talking about. Can you give us a little flavor for what was happening in the Sony situation as you were investigating it? Yeah, so Sony Pictures Entertainment was a very significant matter. Really for two purposes. One, because it was a nation-state actor, North Korea, to be specific. And I would have said four or five years ago if someone said that North Korea was going to be one of the top four cyber threats in the world, I would have probably laughed it off thinking how, but they really are. And many don't know this, but North Korea affected the breach or the destructive attack at Sony Pictures Entertainment with a Windows 95 machine. And I'm sure many of you won't be surprised to know that it was an unlicensed version of Windows 95. So my point is, one was the fact that North Korea affected this destructive malware attack. The other learning factor of the destructive malware attack at Sony Pictures Entertainment is just the effects on an organization. Like many people think, okay, the computer systems were down, what does that mean? Employees at Sony went to work that day and they went to badge in and the gate to the parking lot wouldn't go up. It wouldn't open, so they had to manually raise it and go in, then they parked. Then they couldn't badge into doors because the key card readers didn't work. Then they went to their desk and couldn't get on their systems. So what did most employees do? What I would do is say, let's go get a cup of coffee. They walked to the cafeteria, got a cup of coffee and went to pay and they said, the systems are down. You can't pay, so cash only. Well, I don't have cash. Well, you know, pay me tomorrow. And this continued through the end of the week. Friday was pay day. People showed up for work and said, you didn't pay me, to accounting. Accounting looked at them and said, well, who are you? They said, I've worked here for 20 years. They say, I'm sorry, we have no record of you. Our systems are down. So these are real effects of a destructive malware attack like that and it was a real wake up call in the security industry with respect to, one, don't underestimate your adversary or the global stage of adversaries that could exist. And two, of course, from a security perspective, we all know, and I'm sure everyone in this room can appreciate, there's no silver bullet. We're never gonna be able to prevent an incident from occurring, but what we wanna aim to do is prevent incidents from being large incidents. If you're gonna get hit with ransomware, have it hit two or three machines, not two or three hundred machines or two or three thousand machines. So keep incidents small. So that's just an example of the real life effects that took place on the studio a lot of Sony Pictures Entertainment. So in light of what you saw in that case of Sony, does it worry you that we're building a whole society and a whole global economy driven by a high degree of inter-reliance on systems that are vulnerable to similar compromise potentials? Of course. Yeah, of course, it worries me every single day. That's why I'm in the industry working very hard with governments, the United States government, foreign governments, practitioners like everyone in this room, no single person or no single government can do it alone, right? We'd be naive to think that. And I think I can say this, having been a formerly US government employee that the US government now is realizing that, hey, we have unique skills and access, but we can't do it alone. We have to rely on private sector practitioners because they are equally as skilled and have great access and sometimes better access than the government and together we're just gonna be that much stronger. So in light of that need for future cooperation and the challenges we face, where do you see the future of security going? What are your sort of top two or three threats that you see looming on the horizon the next five years and what would you advise us to be on the lookout for or most actively trying to mitigate to make sure that we don't turn into one big Sony pictures? Yeah, yeah. So it's a good point and actually it starts to what you said earlier, this continued growth of interdependencies on these systems. You know, it's funny. I gave you a quick snapshot of my background. One thing I forgot was that for 14 years I taught undergraduate and graduate level computer science courses at Fordham University and every semester I would start my course and challenge my students and say, name one aspect of your life that does not involve a computer network and the students would scratch their heads and they'd raise their hand and say, I came to class and I'd say, no, the subway you took is controlled by a computer network. Someone would say, well, I drove my car and I'd say, no, the street lights are controlled by a computer network. So you get where I'm going with this. The point is that every single thing we do even 15 years ago is controlled by a computer network and to your point, it's only going to continue to grow and become integrated more and more into our lives. Smart home technology, voice assistant technologies. I mean, all these things are great, right? And I work with my clients every single day. I love these tools and I think we should embrace them for their conveniences, for their comforts. The only thing I tell my clients is, let's do it safely, right? Let's embrace IoT, let's just do it safely, right? I'm sure everyone got here via airplane or car, right? Came to Vegas. If I told you, you could come here on a really fast airplane, right? That would shave hours off your commute. You would say, oh, that's great. I want to ride that airplane. But then I'd say, oh, by the way, it's not very safe. Most people would back away and say, I'll go the old way and spend a few extra hours in the plane. My point is, is that the more and more as our world becomes interconnected, this is great opportunity, opportunity to grow, generate more revenue, become more efficient. We just want to do it safely. That's my biggest worry. I'd say to put it in a nutshell, it is IoT. People ask me all the time, what is the biggest thing that keeps you up all night? Up all night. Some people say, oh, an attack on our power grid, right? That's an effect. The power going out is an effect of the attack. What's gonna cause that attack? I think, in my opinion, is this emergence of IoT devices. I think the latest statistic is every day 5.5 million devices come online, right? There's gonna be 50 billion devices by 2025 or 2020. Astronomical numbers and all those devices are little machines that can be compromised and used in a massive, large-scale attack. A lot of people don't know, I was at the White House at the time, but in late October, before the 2016 US presidential election, the internet went down three times. It was late October. It was about 10 days before the election. The internet went down as the public knows it, right? Anybody who's skilled in the industry knows that the internet didn't go down, just major service was compromised at a single technology company. DNS had gone down, right? It was exploited. So I'm at the White House, and as far as the world knows, or the US government knows, in general public knows, the internet's down. So I get the phone call, what's going on? I call the FBI, DHS, Department of Homeland Security, Department of Defense, the NSA, nobody knows. All we know is that DNS on the internet in the United States, large regions of the United States is down. And you're talking major websites, Twitter, Amazon, some of you may recall as I tell the story. So I didn't know what was going on. I do know that myself and probably a thousand other of my colleagues throughout the US government were working very hard and were laser focused in our preparedness and response efforts leading into the 2016 presidential election, laser focused. And now the internet's out 10 days before the election, we didn't know what was going on. So it happened once, we didn't know. Comes back online, everything's fine for a few hours, it happens again. So now we're starting to get nervous. Now the West Wing at the White House is saying we want hourly updates, what is going on? Still nobody knows throughout the US government. To make matters worse, the New York Times publishes a breaking news alert. Russia is testing their capabilities to knock out the internet on election day. Now listen carefully to what I just said, testing their capabilities to knock out the internet on election day. That right there was one of the many fears that we were concerned with on election day. In our preparedness and response efforts, we were focused on the availability of US citizens to go to polling stations and vote, cast their ballot, tally those ballots and then report those results to the network, to the networks. So when you went home at the end of the day, you could watch election night results come in in real time. That was a major concern because the internet is heavily used for the reportability of election night results. So we were extremely concerned and as everyone knows in computer security, if you're really good, you're not gonna do it just once. You're not gonna step up to the plate and just do it once, you're gonna practice. So we were really concerned. We were significantly concerned. Fortunately, the FBI was on the case and working very hard. The FBI tracked it to a major technology company in New England and they dispatched local field agents to the organization within a few hours and those agents worked with the technology company who immediately threw their hands in the air and said, we know we can't stop it. Come to find out there was a vulnerability in their infrastructure that had been exploited and it was indeed knocking out DNS for large swaths of companies that relied on this organization effectively appearing that the internet was down. The internet was not down as we all know. So the FBI worked with the company, with the Department of Homeland Security, with others in the intelligence community to fix this vulnerability and to prevent it from happening again. So of course, the FBI immediately launched an investigation and wouldn't you know that that vulnerability was exploited by the Mirai Botnet? Or I'll familiar with the Mirai Botnet, it leveraged IoT devices. So if you have a DVR at home or an IP camera or smart TV, you may have been involved in this large-scale attack 10 days before the U.S. presidential election that was briefed to the President of the United States every hour on the hour, okay? What many don't know is that the way this attack was facilitated was because there were two, I believe the FBI has made an announcement on this but this vulnerability was exploited by the Mirai Botnet at the hands of two teenage kids who didn't realize what they had done. They had downloaded this code and executed it and they didn't realize what they were doing until after the FBI had investigated and knocked on their door. So I guess my point is, it's a long way of telling is a long story and a long way of answering my fear is the emergence of IoT devices coming online every single day and the lack of security baked into those devices and the lack of appreciation by organizations to really fully appreciate their effects. Okay, with that we will open it up to the audience for questions. And please do come up to the mic so that we can hear you well. Hi, I just had a question. Is there an incentive for any political group in the government right now to turn away the help from a foreign government that's trying to influence in their direction? Aside from being the ethical thing to do is to turn away that. But is there any incentive for them not to accept that? Incentive for? For to try to stop the influence campaigns that are benefiting them to stay in power. I mean, of course there's constantly intelligence, counterintelligence operations that are taking place every single day in the government and any sorts of foreign influence operations are being watched very closely. To try to stop it if it's helping them stay in power. Is there sanction? Is there sanction? I mean, I'm not the authority on this. I can just say from my experience in the US government there are protocols in place and how to respond to any sort of approach or influence that may take place. I actually have two questions. So you said you were worried about IoT but as everything moved into the cloud do you think there are more security and privacy concern in that sense for your client? Yeah, so the cloud is a great question. It's another great example of just the migration of data. What the cloud does is it opens up the attack surface. You have the availability of this infrastructure 24-7. I do think there's this misunderstanding with organizations that think they take their data and they migrated to a cloud-based infrastructure and then they no longer have a responsibility for that. Of course, that's not the case and organizations should think about it with respect to third-party risk, right? Just because you put it in a cloud infrastructure doesn't mean that you don't have a responsibility to protect that data, whatever it may be. That data could be personal consumer data of your clients. It could be the operations of your operations themselves. I mean, so there is that responsibility that doesn't go away. But then do you see it surpass IoT like cloud security or privacy? No, I don't see it surpassing IoT and this is just my opinion. I see IoT as the greatest threat just because it's just so many devices coming online every single day. So I would see it as also a security concern but something that can most definitely be managed. I see. And then the next one is, because you mentioned about 2016 presidential election, can you elaborate on what are some of the steps you guys take for protecting voters' privacy? Because you mentioned fraud is the focus and threat but what about privacy? Privacy of... Like voters' privacy. Voters, yeah. I mean, that's a really interesting question because the reason why it's so interesting is because of course as we all know or may know, elections are run by the states, by the states themselves. So the states have ultimate authority over how they run their elections. And of course, when I was in the government and we were laser focused on this topic, at no point did we wish to interfere with that. What we wanted to do was just inform the states with the threat, right? Cyber security is about risk management. If you don't know the risks, you can't protect against them, right? You don't know what you don't know. And so what we did was we went on a massive campaign to educate states and county officials about the risks. Now, do I still think it's important, back to your question about protecting user information? Absolutely. And I think states, based on my conversations, not only as a government employee, but then also as a private citizen in private practice, I've spent the last two and a half years meeting with dozens and dozens of state election officials. They are very focused on this topic and working very hard to protect their infrastructure and their user data. The only thing I would say, and this is really for citizens to understand and appreciate, and if anyone's gonna change it, it's gonna be the American people, is that a lot of this voter information is publicly available. For a small fee, you can go to City Hall and buy it. So it's just something to consider. Thank you. Yeah, thank you. Hi, are people in your position whose job it is to kind of defend America's networks, empowered legally and technologically to do that job? And if not, what are your top one or two wish list items for what you need to do a better job? So, can we back up a little bit on your question? People in my position empower to protect America's networks. I mean, we have the full resources available at my organization when our clients retain us to help them defend their networks. Absolutely. I wouldn't lie. I would love to have more technical staff. And I think there are many in my position that would love to meet and hire more technical people. But like I said earlier, that's a challenge that private industry and the public sector is facing right now. I do think in my current capacity, I absolutely have the resources I need. I know that I can work with private organizations to help them defend their networks. I also know that I can pick up the phone and call not only the United States government, but foreign governments and request assistance and we'll get it and have done so over the last two and a half years. I would say that that is a product of me having been on the government side and knowing that there are a lot of willing and able people in government and in private practice who wanna help, right? We all wanna do the right thing, right? They want to help and it's just a matter of knowing that you can reach out and call them and you will get that help. That's why, again, back to probably 25 minutes ago when I said this sabbatical program, this exchange between public and private sector would be extremely beneficial because I think if we did it officially, there'd be a lot of people in the government who could go out to private practice experience, exactly as you said, defending networks and helping organizations defend against threats from the private practice perspective which is totally different than serving as a government employee and of course vice versa. So speaking of your time back with the FBI, you said you coordinated some of the response efforts when nation states or others were attacking U.S. infrastructure, right? So given some of the new policies about defend forward and preemptive defense type stuff coming out of Department of Defense, since this is an ethics conversation, how do you feel about how that direction is going? It's no longer about just defending and protecting, it's, well, we need to take the first step to defend ourselves. That's a great question. I'm glad you asked it. And I've actually gone on the record on this. I've published some thought leadership and actually I think it can be extremely risky. And I think the U.S. government needs to, in my opinion, I think the U.S. government needs to slow down and think long and hard about this topic because what happened at Sony is a great example, okay? The North Korea felt threatened by the United States and they attacked a private organization, okay? Sony didn't get any restitution or any support from North Korea, right? They couldn't sue them. Yes, there were sanctions and those sanctions are being felt, trust me. But Sony is a private organization. So I just think it's very risky. I think there needs to be a lot of thought put to it and I think rather than be forward-leaning and offense first, there should be some very serious confidence-building measure discussions taking place, some normalization of standards of behavior because I think that will be extremely beneficial in building trust and confidence between nations. And we need to be careful because if we do take an offensive approach first, we need to be prepared if our adversaries strike back, are we prepared? And I don't know if we've really thought about that. Just to follow up on that. How do we not get into the problem we have now with nuclear weapons where we're just this mutually assured discussion of all of our technology, right? I mean, that's exactly the thought leadership I published on this to actually compare to what we're going through right now in the cyberspace to the Cuban Missile Crisis. We need to de-escalate, slow down, confidence-building measures, establish this mutual trust, these rules of the road, what is on limits, off limits and have those discussions. I would say it's disappointing that the entire unit at the State Department was dissolved. It's disappointing that there haven't been significant investments in this space in the US government, particularly in the administration, but I haven't been there in two and a half years and there could be other things going on behind the scenes. So I just want to be clear that I'm not really informed with respect to that other than what you all are seeing in the news as well. But at four o'clock, the person who, in theory, knows what's going on is going to be here, so I encourage everyone to stick around for four o'clock and ask Josh Steinman. Oh, yes, that is exactly the person you want to talk to. Other questions? No other questions, Thomas? I'll give you one more. All right, ask one, really? Sure. All right, so I'll give you an example. You and I had known each other about 10 years now. I knew you were an agent. He actually, when he started the ICCS conference with Fordham, he was building out that whole program, which was actually great for the students. So, from your time in the bureau to going to FTI, all the social media disinformation campaigns, have you ever seen it happen, not towards government but on companies using the same types of bots and technologies? Yes, yeah. I would definitely say that the internet introduces a whole new level of a whole new ability to affect information much larger scope and scales than we ever even imagined. What happened leading into the 2016 US presidential election was not new. That's not a new technique. A misinformation campaign is not new. What was new that we experienced in the government was at that scope and scale and had those sort of effects. Okay? That was truly the weaponization of information. That's really what it was. And unfortunately, it had effects. Those effects are extremely hard to prove, right? Because you're talking about people who maybe were presented with information and then it changed the way they were thinking. So it's really hard to prove, but it definitely was taking place. And the fact that it was happening at such a large scope and scale was a new level. So now in private practice, having experienced that firsthand and witnessing that, I now know what it looks like and I'm seeing it now in private practice, unfortunately. Right? One of the things, one of the lessons learned from the 2016 US presidential election and the preparedness and response efforts, and people ask me all the time, what are some of the lessons learned? I say it's that it happened and it can be done again and now it can be repeated and now it's not gonna be just Russia. It's gonna be Iran, North Korea, China, Russia, other adversaries that know it can be done. The playbook has been written. There have been some successes. So now others may be motivated to do it. That's of course in the nation-state world. The other reality is that private organizations have seen that it can be done. And now there, I've seen it firsthand, some of the same techniques are being deployed against private companies, against their competitors. So it's a real threat, weaponizing of information. I talk about IoT, we talked about the cloud infrastructure and the risks there. I would also say another very serious threat on the horizon is the weaponization of information. Theft of information, releasing it, unauthorized disclosure, deep fakes, just taking real information and either manipulating it or just releasing it. It can be damaging enough. I talk to my clients all the time and they say, well, that's why we pick up the phone and have telephone conversations. And I said, well, bad news. You're using voice over IP. It rides on the same backbone that your email rides on. And the facial expressions of my clients change because they don't realize that. So now we have to go back to just pulling someone aside and having an in-person conversation. It's definitely something to consider. Good question. Well, I've seen it because you already know what I've done with Fox about Fox. So I've seen where people are using it for penny stock manipulation, misinformation and companies when they're trying to play them. So post it on bullet boards, all this bad information, watch the stock go down, do a buy, and there's nothing really you can do about it. It's hard to prove. Unfortunately, the only thing you can do is dox the eye and push it when you find out the real information you're doing. You know, going back to the question earlier about just the escalation and offense first, it's something to consider, especially if you're gonna stick around and continue this discussion is, I don't think you'd be wrong to ask our government officials, okay, if that's the policy that you wanna take, that's the policy position you wanna take, what happens when adversaries respond and it affects private companies, right? What happens if a major electrical company is shut down and electricity is out in an entire state and for days or weeks, right? And people say, wow, that's scary, you know, that's never happened. I say, actually it has happened twice. It's happened in Ukraine twice, right? Three days before Christmas, it was cold. Power was out for a few days, you know, and you can ask government officials who responded to that. There was actually videos where the operator's screens, their mouse was moving and they weren't touching it. They took out their phones and recorded it. So my point is, is that if you're gonna continue down this road and it's a really good question because I think there needs to be given some considerable thought to exactly that, what happens if our adversaries respond and they compromise or take down private sector organizations? Will they receive any support from the government, right? And I don't mean the free assessments from the Department of Homeland Security. You know, I mean some significant support, right? MERSC is a great example. They fell victim to Pechen on Pecha. And I think the latest public statistics were, you know, they've invested over $300 million, right? If that happens here in the United States, will organizations get any support? So it's just something to consider and I think it's a great question and I think it deserves some more poking. The United Commission for Six Months. So you're losing out on things like needles when you need insulin, all that other type of stuff that the small little things you don't think about. And on that insulin-related note, it's the perfect note to close on because our next talk will be with the FDA. But I want to thank Anthony Ferrante very much for a fascinating hour with us and encourage all of you to take a sticker on your way out to thank you for joining us. Thank you.