 Good morning everybody, glad to have you here. This is, it gives you a sense of the importance of this topic that so many people want to be here. I will say, Melissa, there are more people here than there were for you on Friday, but that was Friday afternoon, and that's, we understand, and you did a fabulous job. Thank you for laying out the framework, you know, that the administration's identifying. It was a terrific presentation. We're going to hear today from Bill Lynn. I will tell you, I have, well, I can't tell you how far back our histories go, because they twined back so, so many, many years when we worked together up on the hill. I had the privilege of working with Bill when we were in the government, when I was in the government the last time, and at that time he was, he was initially the head of PA&E and just did a terrific job and then became the comptroller and was absolutely the logical person to become the deputy secretary. I'm so glad that that's worked out. I know how broad his portfolio is, and so I'm delighted that he is personally giving time to dig into a topic this important. I think it's emblematic of how seriously the administration is now taking the question of cyber security that the deputy secretary is going to be making it a focus. And so Bill, we're delighted you're here. This is, I will tell you, this is a dangerous audience, so be careful. No, I'm teasing. This is going to be, it's a fabulous audience. I'm glad you're here. Ladies and gentlemen, the deputy secretary of defense, William J. Thanks, thanks very much, John. As John said, our history goes, goes way back. In fact, goes back to the time I was actually here at CSIS, fresh out of graduate school working on a Goldwater-Nickels study. And one of the senior members of the study was Alice Rivlin. And she brought along her best young defense analyst at the time. I wouldn't go to any meetings without him. That was John Hamlet. And then since then, I've been following John. John went to the Senate and the Senate Armed Services Committee, so I couldn't get on the full committee, but I got on Senator Kennedy's staff working on the committee. And then John went to the Pentagon and became Comptroller. As John said, I went to the Pentagon as PA&E, but when John moved to deputy secretary, I moved up to be a Comptroller following John. And then this most recent job, I'm again following John as deputy secretary of defense. So I'm looking forward to getting inducted into the South Dakota Hall of Fame, because that seems to be the only thing John's done that I haven't followed him on. So I appreciate your letter in that regard, John. John, but still at every step, you've set the standard for public service. And those of us at the department continue to rely on John as he chairs the policy board. And well, thank you, John, for your friendship, but more importantly for your leadership. More than 30 years of leadership in public service. And the rest of you at CSIS, thank you as well for your leadership. You really set the standard in bipartisan policy advice and policy direction. I come to you today on behalf of an administration that's seeking that same bipartisan problem-solving spirit. We have a president who, in one of his first acts in national security, reached across the aisle and chose the Secretary of Defense from the previous administration, the Secretary from another party. In Secretary Gates, we have a secretary who, in his long career here in Washington, has worked for eight presidents of both parties. This bipartisan approach, I believe, is the reason we've been able to use these first few months, not merely to tread water, which is the usual criticism of the new administration's early budgets and policy decisions, but really to make some of the hard decisions in the defense budget and try and start pursuing a new direction in defense. To keep our armed forces the best trained, the best equipped, the best led, military in the world, we're increasing the defense budget between fiscal nine and fiscal 10. To ensure our forces can meet today's missions, especially in Iraq and Afghanistan, we've halted any personnel reductions in the Navy and the Air Force, and we've achieved increases in the Army and the Marine Corps, and we've done that two years ahead of schedule. To give our war fighters the tools and the technologies they need when they need them, we're making major reforms. We've canceled unproven weapons systems, we're investing in weapons systems we know that work, and we've launched a series of initiatives to finally bring us true acquisition reform. And to better prepare our forces for the range of challenges they'll face, the conventional and the unconventional and the hybrid warfare that combines them both, we're making irregular warfare a regular part of America's military planning. As the president said at the Naval Academy, quote, we must overcome the full spectrum of threats. This includes the nation state and the terrorist network, the spread of deadly technologies, and the spread of hateful ideologies. 18th century piracy and 21st century cyber threats. It's that last challenge that brings me here today. Although standing in front of this crowd, I'm reminded of the old story of an individual who passed and went up to heaven and he had been, had a defining experience in his life had been surviving a flood. Whatever he was asked to speak, that's what he spoke about. So when he gets to heaven, St. Peter says, well, looking good for your admission, but you're going to have to make a speech to the rest of the team up here. Says, no problem, I'll talk about my experience in the flood. St. Peter said, well, that's fine, but recognize no will be in the audience. I noticed all the arcs parked out in front and I know I've got a lot of knowers when it comes to cybersecurity in this audience. Many of you have been dealing with this issue for years in government, in industry, in academia. So I won't presume to educate this audience. But I do believe today's an opportunity to deepen our understanding of this issue. Because in recent months, we've taken new steps to meet the challenge. Starting with Jim Lewis and the CSIS Commission on Cybersecurity issued a report in last December. I think that's become the touchstone document as people have looked this year at the new challenges of cybersecurity, I want to commend Jim, you and your team for that terrific effort. In April, a panel of the National Academy of Sciences issued a draft report on cyber threats and how we might respond. More recently, the President just completed his 60 day review coming into office of the Cybersecurity Arena. And I want to recognize Melissa Hathaway for leading us through that difficult interagency thicket and bringing out a really solid report that's I think going to set the agenda for President Obama's term on terms of how he deals with cybersecurity and securing America's digital infrastructure. Each of these efforts offered a broad range of recommendations. But there was one recommendation that they all shared. The need for greater public awareness of the cyber threat to our country and how we can protect ourselves. So today I want to speak about what this challenge means for the Department of Defense. I want to be very clear about this, even though at risk state in the obvious, I'm the Deputy Secretary of Defense. I'm here to focus on how the Department of Defense protects and defends the defense and military computer networks. What we're facing, what we've done so far, what we're doing today, and what we need to think about going forward. Just like our national dependence, there's simply no exaggerating our military dependence on our information networks. The command and control of our forces, the intelligence and logistics upon which they depend. The weapons technologies we develop and field, they all depend on our computer systems and networks. Indeed, our 21st century military simply cannot function without them. Not surprisingly, our networks, some 15,000 of them, including some 7 million computers, IT devices, laptops, servers, all make for attempting target. But this is not an emerging threat. This is not some future threat. The cyber threat is here today, it is here now. In fact, the cyber threat to the Department of Defense represents an unprecedented challenge to our national security by virtue of its source, its speed, and its scope. There's the source, the power to disrupt and destroy once the sole province of nations now also rests with small groups and individuals. From terrorist groups to organized crime, from hacker activists to teenage hackers, from industrial spies to foreign intelligence services. We know that foreign governments are developing offensive cyber capabilities, and that more than 100 foreign intelligence organizations are trying to hack into US networks. We know as Director of National Intelligence Dennis Blair stated that both Russia and China have the capability to disrupt elements of the nation's information infrastructure. We know that organized criminal groups and individual hackers are building global networks of compromised computers, botnets, and zombies. And then selling or renting them to the highest bidder, in essence, becoming 21st century cyber mercenaries. We know that terrorist groups are active on thousands of websites, and that Al Qaeda and other terrorist groups have expressed their desire to unleash coordinated cyber attacks on the United States. Next, there's the speed of the threat. As I believe John Hamre noted, when he was Deputy Secretary, in the 18th and 19th century, he faced a threat where ships cross the ocean in days. In World War II, aircraft could cross the ocean in hours. In the Cold War, missiles could do it in minutes, and now today, cyber attacks can strike in milliseconds. Such speed has profound implications for how we protect the department's networks. If attacked in milliseconds, we can't take days to organize and coordinate our defenses. Where our networks were to be disrupted or damaged, we'd need to respond rapidly at network speed. Before, the networks could become compromised and ongoing operations of the lives of our military are threatened. In short, we have to be just as fast or faster than those who would do us harm. Finally, there's the scope of the threat. Instead of simply keeping adversaries out of our homeland, we have to prevent large scale cyber attacks inside the homeland. Inside the networks, consider the main targets which loosely mirror the three domains, dotmil.gov and .com. First, dotmil. We face attacks, as I've said, on military and defense networks, perhaps with the intent to disrupt military operations. As Secretary Gates has said publicly, our defense networks are constantly under attack. They are probed thousands of times a day. They are scanned millions of times a day, and the frequency and sophistication of attacks are increasing exponentially. As the President acknowledged last month, we experienced one of the most significant attacks on our military networks last year. Several thousand computers were infected by malicious software, forcing our troops and defense personnel to give up their external memory devices and thumb drives, changing the way they use computers every day. Fortunately, cyber attacks on our military networks have not cost any lives, not yet. But they are costing an increasing amount of money. In a recent six month period alone last year, the Defense Department spent more than $100 million defending its networks. Guided by last year's comprehensive national cybersecurity initiative, the department is spending billions annually in a proactive effort to protect and defend our networks. Second.gov, here we face attacks on civilian government networks, perhaps to slow our response in a crisis. We see the risk every day, with federal networks being breached thousands of times. We have seen the networks of foreign governments such as Estonia and Kyrgyzstan crippled by denial of service attacks. And during last year's Russian invasion of Georgia, we saw cyber attacks shut down Georgia's government and commercial websites. A military attack alongside cyber attacks, the very definition of hybrid warfare. Third, and most broadly, dot com. These include attacks on our privately owned critical infrastructure, transportation, telecommunications, power, and financial grids on which our national security and the economy depend. Already cyber attacks have taken down powered grids in other country, knocking the lights out in multiple cities. Likewise, attacks are on the rise against our defense contractors. Who face cyber espionage from foreign governments, competitors, and criminals. Indeed, major aerospace weapons platforms have experienced intrusions that have compromised unclassified but sensitive technical information. For all these reasons, the president last month called the cyber threat quote, one of the most serious economic and national security challenges we face as a nation. So what are we doing to confront this challenge at the Department of Defense? The American people and our men in uniform should know, men and women in uniform should know this. Starting a large part with John Hamrey's efforts in the late 1990s, the department has built strong, layered, and robust cyber defenses. The department has formally recognized cyberspace for what it is, a domain, similar to land, sea, air, and space. A domain that we depend upon and need to protect. Just as we need freedom of navigation of the seas, we need freedom of movement online. Just as we protect the front gate at military bases, we must protect the back doors, the systems, and networks that our adversaries seek to exploit. This is not some expansion or extension of our mission at the Department of Defense. On the contrary, it is keeping with our defined and historic mission to protect and defend our national security and to protect the lives of our men and women in uniform. So the Department of Defense will defend its computer networks. We will protect this domain. Just as the president is called protecting the nation's networks a national security priority, protecting our defense networks is a defense priority. To this end, the Office of the Secretary of Defense, our Undersecretaries of Policy, Intelligence, and the Chief Information Officer provide the civilian oversight of our cybersecurity policy. The National Military Strategy for Cyberspace Operation, developed by the Chairman of the Joint Chiefs of Staff, lays out our strategy of ensuring our cybersecurity. And the military services, each have organized themselves accordingly. The Army has created the Network Enterprise Technology Command in Arizona. The Navy has created the Naval Network Warfare Command in Norfolk. And soon the 24th Air Force Base most likely at Lackland Air Force Base in Texas is being stood up. And day to day responsibility for operating and defending our defense networks rests with the US Strategic Command, STRATCOM. In this mission, STRATCOM receives critical support from the National Security Agency and from the Defense Information Systems Agency. Two organizations that have long been responsible for building, operating, and protecting the department's information systems. And to ensure the sensitive defense information on the unclassified networks of our industry partners, we're proceeding with our Defense Industrial Base Initiative, the DIB. We're working more closely than ever before with our defense contractors. Sharing critical information on the latest cyber threats and vulnerabilities. Reporting incidents quicker and moving faster to respond and recover from attacks as we did with the recent Conficer worm. Together, these efforts are why the CSIS report found that along with the intelligence community, the Defense Department is the best prepared agency when it comes to cyber defenses. That said, we need to do better. In his remarks last month, the President warned that as a government and as a country, we are not as prepared as we should be. The same is true of the Department of Defense. That is why cyber security is a central focus of the ongoing quadrennial defense review. And that is why we need a doctrine to govern how we protect cyber spaces or domain, how our forces are designed and trained to protect our networks. The QDR will assess our current capabilities against this requirement and make recommendations for the future. But before even completing the QDR, we're pursuing a number of initiatives. These fall into three areas, culture, capabilities, and command. First, building a culture that makes cybersecurity a priority. We need a cadre of cyber experts who are trained and equipped with the latest technologies to protect and defend our systems. Yet today, our military schools only graduate about 80 of these experts per year. So our budget for fiscal year 2010 includes funding to more than triple the number of experts we graduate to 250 per year. More broadly in the department, there are an estimated 90,000 personnel engaged in administering, monitoring, and defending our 15,000 networks, but most are not formally certified in information assurance and cyber security. So we're proceeding with the training and certification program to build a truly world class cyber force. And across the entire department, we're improving cybersecurity training, awareness, and accountability for the more than 3 million military and civilian personnel who log on to military networks every day. Because as General Kevin Shilton of StratCom has said, every network computer is on the front line. Everyone who logs on is a cyber defender first. Second, we're improving our capabilities. Before we ever deployed our weapon systems into the field, we have subjected them to extensive tests and evaluations. Before we ever send our troops into battle, we test their skills and tactics on training ranges. Yet we have no such equivalent in cyber security. So DARPA, which helped invent the internet decades ago, is leading our effort to build a national cyber range. In effect, a model of the internet. This will allow us to engage in real world simulations and develop, test, and field new leap ahead capabilities for cyber security. As we build these capabilities, I would suggest that we must resist the temptation and the false comfort of trying to retreat behind a fortress of firewalls. Today's cyber threats are organic and are constantly evolving. Our cyber defenses must do the same. We can't afford a digital version of the Maginot line. That static trench defense of World War II that the French assumed would work in, excuse me, static trench defense of World War I that the French assumed would work in World War II. Instead, we need to remember the lessons of maneuver warfare from the Second World War to Operation Iraqi Freedom. Where new tactics and technologies allowed nimble and agile forces to outmaneuver their adversary. The third area in which we're taking action is command. Despite our progress at the department, we need to be even better at detecting and defending against cyber attacks. We need to do it faster at network speed. We need more people assigned and trained for this mission. And we need to end the jousting and jockeying within the department for personnel, for resources, for authority that has often prevented a more coordinated and effective response to the cyber threat. As you have no doubt heard, we are considering the creation of a new command. Subordinate unified command under STRATCOM to lead, integrate, and better coordinate the day-to-day defense and protection of our defense networks. As of today, Secretary Gates has not made the final decision on this command. But what I can tell you is this, such a command would not represent the militarization of cyberspace. It would in no way be about the Defense Department trying to take over the government's cyber security efforts. On the contrary, such a command would not be responsible for the security of civilian computer networks outside the Defense Department. Its mission would be to protect and defend our defense and military networks, .mil. Responsibility for protecting federal civilian networks would remain with the Department of Homeland Security. Likewise, responsibility for protecting private sector networks would remain with the private sector. Like other commands, a new command would be responsive to congressional oversight, would operate within all applicable laws, executive orders, and regulations. What the President said last month of cyber security efforts across the government applies equally to our efforts at the Department of Defense. We can and we will protect our national security and uphold our civil liberties. At the same time, we're not mindful of the challenges ahead. We've marked the 100th anniversary of military aviation, but by comparison this year marks only the 20th anniversary of the World Wide Web. And as I've described in many ways, as a country, as a government, we're still in the early stages of getting organized. Indeed, how we ensure our cyber security in the decades ahead will depend on how we answer key questions. For example, within the Department of Defense, what are the rules of the road? With the CSIS report noted, there are a whole host of questions that we face. How can we deter and prevent attacks? Deterrence is predicated on the assumption that you know the identity of your adversary. But that is rarely the case in cyberspace, where it is so easy for an attacker to hide their identity. Beyond the military, how do we organize government as a whole? The President will name a cyber security coordinator at the White House to coordinate efforts across the government. As I've said, the Department of Homeland Security will remain the lead for protecting federal civilian networks. And yet, given the imperative of defending government networks, it would be inefficient, indeed irresponsible, to not somehow leverage the unrivaled technical expertise and talent that resides at the National Security Agency. Which has so much experience protecting our national security systems. What we must do, of course, is to apply that expertise in a way that upholds and respects our civil liberties. Beyond our own government, how do we cooperate internationally? Many of the cyber attacks on US networks originate overseas. Botnet attacks involve computers all over the world. How we protect and defend ourselves in this global environment raises complex questions of national sovereignty and international law. And no single government would be able to confront these complexities alone. Finally, beyond government, how do we partner with industry? Neither government nor the private sector can solve our cyber security challenges alone. Government needs industry, which owns and operates most of the nation's information infrastructure. The private sector needs government, the government to establish coherent, effective, and transparent laws and regulations. Yet the difficulties of forging genuine public-private partnerships in this area are well known. Fundamentally, it comes down to trust. Industry needs to trust government to protect its proprietary information. Government needs to trust industry to protect its classified information on threats and vulnerabilities. Meanwhile, more adversaries are targeting our systems, more networks are being breached, and more information is being compromised. The Defense Industrial Base Initiative I mentioned is one model of a new approach. Our government and industry come together to share information and strengthen our cyber defenses. There are other models, and I would say to all of you here today, from industry, from academia, we need you to help us find the right model so that we can forge real partnerships of trust and cooperation that protect our security and our prosperity. Because that in the end will be the only way that we'll meet the challenge, with partnerships of trust, the best minds in government and industry and academia here in the US and around the world working together. That is General Keith Alexander of the NSA, as noted, was how the Allies broke Sherman's encryption during World War II. That, as John Henry knows from personal experience, was how we avoided the potential catastrophe posed by Y2K. And that is the spirit that we're committed to at the Department of Defense. Working together, we can bring real cyber security to cyberspace. We can and we will protect our national security and our civil liberties without compromising either. Thank you very much for your attention. Let me thank the Deputy Secretary first of all for really an excellent speech, and I know some of us in the room. You were talking about people, I don't know if I want to be Noah, but the line about maneuver warfare versus the Magina line, I think was exactly right, and thinking what that means in cyberspace is crucial but also difficult. But with that, let's see if we have some questions. We have a few minutes. Go ahead, the green shirt, please. Yeah, please. Could you identify yourself here? Dane Folger with Agation Week. Working from the premise that a good defense is a good offense. Do we have a functional system now to get approval for electronic attack? Does that process change in wartime or military emergency? And how are you going to come up with a tactical decision system that's going to be fast enough to get inside the bad guy's outer loop? Well, one of the reasons we're looking at a cyber command as a subunified command of the strategic command is to unify all aspects of cyber defense. So that you don't separate out offense, defense, intelligence, so that all of the various aspects work together. And the kinds of questions that you're asking are exactly the ones that this subunified command would address if assuming that it's set up in the near future. The answer is what I said. Next question, we have one in the back. Tony Capacio with Bloomberg News. What initiatives are you taking to force better reporting by defense companies that have been intruded on with sensitive but unclassified information? Is there any proposed D-FARs regulation to stiffen compliance and potential penalties if they don't report in a timely manner? As I said, I think that the best way forward here is a partnership between the defense industry and the department where we're mutually sharing information. And that gives the kind of information that you just talked about and where we give information about the threats as we see them. I'm not aware of any regulations to put that into effect. As I said, we've set up this defense, the Dib. There's some other industry groups. I think cooperation and collaboration is increasing and we're hoping that we can build on that foundation to have a full and frank exchange. And that people will feel confident that the proprietary information won't be compromised and that the government can feel confident that classified information won't be disseminated outside of classified channels. I can't think of it, it's possible, but I can't think of it. Certainly not in the last few months can I think of any examples of whether it happened before. I don't know, I think this is an evolving area. It's possible it's happened before. I think people have to step into this, into this collaboration, but I think it's going quite well right now. Can we have two up in the front? Yeah, I can create an Institute for Foreign Policy Analysis. Mr. Secretary, I wonder if you'd elaborate on the international aspects of this. Are we maybe using alliances like NATO and the USRK and US Japan alliances as a vehicle? Or is there a need, because all of us are facing this problem, to look at it in a bigger way and hopefully if we can bring some sort of structure together for cyber security, maybe even including a country like China? You're absolutely right. The international component, as I probably alluded to too briefly in the prepared remarks, is a critical element of this. There are, I think, some nascent international organizations. There's a cyber crime focus in Europe that's made progress. Some progress is being made on some standards, but I think it's still episodic. And there needs to be, I think, a more coherent and structured effort. And that's one of the things in pursuit of the recommendations out of the President's 60-day review, I'm sure will be one of the major thrusts. Is it mostly coming from the government in military? Because I indicated one of the new things about this world is the difficulty of attribution. So that you can trace it back to places in China, but it is difficult to attribute the who and who is behind it. And I think that's where we are with those kinds of attacks. We traced it back, some of the attacks we've traced back to China, but we are not at this point able to attribute, whether it's a private, a public, whether it's military intelligence, industry, or criminal. Hi, Mr. Secretary, nice to see you again. Mitzi Wertham, I'm with the Sobrowski Institute at the Naval Postgraduate School, and I run the Energy Conversation. I want to ask about gaming. I mean, the Navy has done war gaming for decades. And as you think about how you're going to do this, are you going to start expanding gaming as a way to get people to think beyond first, second, and third order consequences? Yes, in particular in the quadrennial defense review, we've got three types of activities that all involve war game and scenario playing. One are just the kind of conventional military scenarios that we've added a cyber component to those so that we understand what the implications of Georgia and other harbingers of what we think the future might bring. Second, we have a red team that's led by Andy Marshall, the Director of Net Assessment at the Pentagon, and Jim Mattis, who's the commander of Force Command, General Jim Mattis. And they are doing a red team analysis of those same scenarios, and they have an even heavier emphasis on cyber scenarios. And then we've asked some of our cyber experts in the department to just think about some standalone cyber scenarios. We're taking the cyber threat very seriously as one of the several focuses of the quadrennial defense review, and we're trying to come at it from every angle. Good morning, Secretary Max Kakis from Federal News Radio. I'm wondering if you could expand on something you said, sir, that the, you said that the Defense Secretary, Mr. Gates, is still refining some of his thoughts about where he wants to go with this. Could you expand on that a little bit? And also, do you anticipate a need for any sort of legislative help from Capitol Hill to get this done? As I said, the Secretary is evaluating proposals. The joint staff is still working out the details of how this command would work and what the reporting relationships are. The, in terms of legislation, this is a sub-unified command of an existing unified command, so you wouldn't need legislation for that. You would need the commander of the cyber command if we create that, would be subject to Senate confirmation, however. So Congress would be involved in that way. And of course, we wouldn't do this in a vacuum. We will consult actively with Congress before we move forward on this. And then the fellow right-front. Al Pesin from VLA. Can you give us some insight into U.S. offensive cyber operations? You talk almost exclusively about defense. What is DOD doing to take this fight to U.S. adversaries around the world? Well, I'm not going to really be able to go beyond the Aviation Week response, which is the emphasis of the setting up this sub-unified command is to unify all aspects of our cyber capabilities, so that we're able to act in a single fashion in an appropriate military way with the appropriate controls and civilian oversight. And I really can't go beyond that kind of answer. We have two more, and that'll be it. How about if we, since the Aviation Week I mentioned, we'll give you a second try. Thank you. Companies like BAE Systems, for example, are working on developing systems for the non-experts so that they can take cyber attack to the tactical level. Is your area of interest in finally working that capability down to the company level, the Italian level? I think that our cyber networks go all the way down to the company and the platoon and indeed the individual level as they go forward. So we certainly want to have all of the full suite of capabilities run up and down the force. So absolutely, yes. Okay, we have one in the middle there. Mr. Secretary. Do you think that there's a, it appears to me that there's not, it's not as easy in the cyber world to break out the demarcation between .mil.gov and .com as it is in the conventional world. Do you think that that's progressing in some fashion that's making progress? Well, I'm not quite sure. It's easy to break out who's on what network. Yeah, no, I get that. But I think there's a defense aspect to someone doing something inside the world offensively in .com or .gov. And so it's a fairly porous relationship between those three, much more so than in other aspects of the conventional warfare. So it isn't, I know you were very clear to say that DOD is going to worry about .mil. But I think that there is some shared responsibility for all three agencies across all three segments. I'm wondering what you're doing when that is. Well, that's absolutely right. And with regard to the .gov, I mean the principal responsibility for the .gov networks remains with the Homeland Security Department. And as we do with other domestic agencies, whether with man-made disasters or natural disasters, we provide military support to civilian authorities. In that context, we provide support to Homeland Security, trying to help them with capabilities we might have that would help them accomplish their mission. But it's the Homeland Security Department that's the lead agency. And with regard to the .com, it's the private sector that's the lead. And as in answer to Tony Capasio's question, I talked about the partnerships that we're developing, the exchange of information. But that's the principal role of the Department of Defense is in that area, not in terms of actually going out and protecting .com. One more. And before we go to that question, let me make two requests. I'm fine. Can you hear me, everyone? I'll just yell. First, given the size of the audience, when we get through with the questions, it will take a couple more. Would you mind please remaining in your seat so that the Deputy Secretary can make his escape? That would be, we would really appreciate it if you would do that. The second thing, Marin, I don't know if you want to stand up and talk about your event, but we're having another event tomorrow looking at Northcom. It's at 10 o'clock. Do you want to say anything? Sure. General Rednort, Northcom, Oman, Defense, 10 o'clock. Thank you. We had a question in the front. I need your mic. Jeff, fine, Defense Staley. You talked about speed and how fast the response is going to have to be, but the acquisition process takes a long time. Are you going to have to re-examine how you acquire IT and maybe look for changes in the DOD 5000 to do this? We're certainly going to have to examine how we acquire IT and to make sure that we're in a position to acquire the tools and the kinds of software and the firewalls, the various things that get to the maneuver warfare I talked about. Whether it gets you to a 5000 rewrite, we're not there at this point. We're trying to figure out how to be agile within existing authorities. Hi, Siobhan Gorman with the Wall Street Journal. Just one follow-up on a couple of the questions that have been asked. In terms of new statements saying that this isn't the militarization of cyberspace and that DOD is just providing support to agencies like Homeland Security, I'm just wondering, given that DOD sort of vastly outnumbers DHS, and you were talking about numbers at 90,000, I know that not all those people are obviously working directly on cyber defense, but how is it that you are going to kind of put forward this delicate balance? You were kind of saying that there would be a balance that would be struck, but how are you going to manage that level of support without kind of overtaking those efforts, given that DOD really is where the capability is? Well, that's what I was going with. I think we do need to take advantage of DOD's capabilities. We do need to do it in the way you suggest in that we have to be conscious that DOD's role here is a supporting role. It's not a primary role. And one of the reasons I think the President set up the 60-day review was to work on building the Homeland Security and the other domestic capabilities so that they will be able to fully absorb the responsibilities of protecting our U.S. domestic networks, protect the prickly, starting with the .gov, and then work with industry on the key areas, finance, transportation, energy, communications. But that role does fall to Homeland Security. The cyber coordinator that the President will set up will be coordinating that effort. And I think that one of the principal outputs of that 60-day review will be a strengthening of domestic capabilities. Okay. Well, with that, let me remind you if you could just keep your seats for a minute. And second, could you join me in thanking the President?