 Patrick Leahy, Cyber Symposium at Norwich University, and we are participating both in person and through live stream and welcome the senator via live stream to this event. This is about 25 years in the making that we started with this activity and it really came from the Norwich University Board of Trustees that we created Cyber at Norwich. There were two critical members of the Technology Committee, Carl Grary, class of 1963, I think I got that right Carl, and General Al Gray that told us that this was an area that was important to Norwich University of Build and Develop. And so with the engagement of Senator Leahy, we've been able to create a national asset in critical infrastructure resilience, workforce development, cyber research, information dominance, and cybersecurity defense education. So thank you for joining me today for this activity. We have an incredible lineup of keynote speakers and panels addressing the latest innovations in cybersecurity and the importance of cyber education and workforce development in Vermont. We will honor Senator Patrick Leahy and reflect back on that relationship that has created this set of opportunities in this small school in the middle of Vermont. So I'd like to introduce Major General Dr. Mark Anarumo. Dr. Anarumo is a decorated military veteran scholar practitioner in the fields of terrorism, political violence, criminal justice, character development, leadership, and became the 24th president of Norwich University in June 2020, right as our pandemic started, sir. Dr. Anarumo's previous position was the director and permanent professor for the Center for Character and Leadership Development at the Air Force Academy in Colorado. Before accepting the Air Force Professorship, Colonel Anarumo is the vice commander of the 39th Air Base Wing at Insulik Air Base in Turkey. He has lived extensively overseas in Iraq, Afghanistan, Saudi Arabia, Kuwait, Kyrgyzstan, and Korea. Dr. Anarumo serves on the executive committees of the Association of Vermont Independent Colleges and the Association of Military Colleges and Schools of the United States, Amskis. Please. Thank you, sir. So good morning, everyone, and a very sincere and hearty welcome to Norwich University and United States Senator Patrick Leahy, Cyber Symposium, being held right here on our beautiful campus in Northfield, Vermont. This day-long discussion on recent innovations in cybersecurity and the importance of cyber education and workforce development in Vermont is critical to our state and our nation. Norwich University was founded in 1819 by U.S. Army Captain Alden Partridge, who was a fierce advocate for what we now know as experiential education. He believed that our school must produce graduates who are useful to society. And we maintain that belief today. Norwich is also the birthplace of the Reserve Officers' Training Corps, ROTC, and home of the citizen soldier. For 203 years, we have been educating young men and women on how to build and defend our republic. Norwich is also known for emphasizing innovation and transformation, but we always keep our vision firmly set on the future. We are a pioneer institution for cybersecurity, especially working with the National Guard, of which we have many representatives in this room, especially in cybersecurity education. We also develop training and operations and policy and manuals for both the U.S. Army and U.S. Air Force. This rich history and our devotion to future relevance is why we are here today and why we host this very critical event. And this symposium, of course, is inspired by Senator Patrick Leahy, our cyber senator. Today is an opportunity to honor him for the lifelong impact he has had upon Norwich University, the state of Vermont, and in educating and training the next generation of cyber warriors, both for the United States and for our allies. The experts that we create through programs advocated by Senator Leahy are needed now more than ever, and this need will only grow. Our increasingly complex world is interconnected by critical but highly vulnerable technological systems. Cybersecurity competency is absolutely necessary to maintain a civil and democratic society. It is now commonly understood that cyber dominance is a key component of our national security policy. Beyond national defense and strategic concerns, cyber dominance is also critical for economic vitality and for preserving our treasured way of life. We do live in a free and open society, and this means that our government has limited capabilities in intervening when businesses are attacked or threatened by foreign adversaries. Stated otherwise, when foreign adversaries attack the cyber systems of American businesses, these businesses must be prepared to defend themselves. We also now widely accept that cybersecurity issues are pervasive across all sectors, all organizations, regardless of their alignment and regardless of their size. For these reasons, Norwich University has invested heavily in cybersecurity education, but we are about to take that investment even further. Using our established position as a global leader in cyber education, Norwich will be moving very quickly into emerging areas of growing criticality. We will establish ourselves as leaders in data analytics, machine learning, artificial intelligence, and of course quantum computing. Through our very long partnership with Senator Leahy, we are establishing a center right here in Norfield, Vermont, dedicated to artificial intelligence and quantum computing. Through these programs and their integration across all of our outstanding academic program offerings, our graduates will be prepared to enter their chosen fields, not just as experts, but as leaders. In other words, they will be the useful citizens that Norwich is known to produce and that were expected to graduate. They will make a difference in their communities, their nation, and our world. So everyone in this room today and everyone joining us virtually, please accept my sincere welcome for this critical day. Thank you. So now let me please introduce some of our very special guests. And this list is very, very impressive and I ask you for that reason to please hold your applause until the very end. First it is our profound honor to host virtually Senator Patrick Leahy, the Cyber Senator. Also, Representative from Senator Bernie Sanders' office, James Paradises is here with us. Representative Peter Welch, General Gordon Sullivan, Norwich University class in 1959, former Chief of Staff of the United States Army. United States Air Force Lieutenant General Robert J. Skinner, Director of Defense Information Systems Agency and Commander of the Joint Force Headquarters DODIN. Brian McNally, Class of 1987, whose father-in-law, Carl Guerrero, is a trustee emeritus and graduate. My very special guest, Joel Charlotte, who is representing Cesar Nader of X-Core Solutions and Cyberbites Foundation, emerging partners of Norwich University. Norwich University President Emeritus, Richard Schneider. Eric Goldstein, Executive Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency. Commissioner Michael Harrington, Vermont Department of Labor. Annie Redman, Norwich Class of 1983, Deputy Assistant Secretary for Intelligence Policy and Coordination in the Bureau of Intelligence and Research. Representatives from our Sister Center of Academic Excellence at Champlain College. My dear friend and personal guest, the President of Middlebury College, Lori Patton. The State's CISO, Scott Carby. Matt McCann of the Cybersecurity and Infrastructure Security Agency. The Executive Officer of the Vermont Guard's 86th troop command, Matthew Hefner. Representatives from our Sister Senior Military Colleges, Stephanie Travis from Virginia Tech and David Jones from the Virginia Military Institute. Paul Maxwell, the Deputy Director of the Army Cyber Institute. And finally, the Vermont Guard Executive Officer, Christopher Cover. And it is now my distinct honor and pleasure to welcome our next speaker, Commissioner Michael Harrington from the Vermont Department of Labor. Michael was appointed by Governor Phil Scott as Deputy Commissioner of Labor in 2017, named Interim Labor Commissioner in 2019 and formally appointed to the role in 2020. Prior to his service to the State of Vermont, Michael served as the Economic and Community Development Director for the town of Bennington, Vermont. So ladies and gentlemen, please help me welcome Commissioner Harrington. First of all, this is way cooler than an insurance adjuster's conference, so let's just get that out of the way. I was extremely honored to be asked to fill in for the governor who couldn't be here today. I will not try to do my best impression of Governor Scott, but do know that Norwich is a beloved university of his. And as we talk about things like protecting the most vulnerable and growing Vermont's economy and making Vermont affordable and making sure that workforce is our top priority, that our institutions like Norwich are at the top of that list in terms of partners that we need to work with and want to work with. Also, I would be remiss being from Bennington if I didn't also acknowledge the fact and some of you may know this. Some who are from out of town would not know this, but the most important state holiday, which is Bennington Battle Day, which is today, and represents a battle that was held during the Revolutionary War just outside of Bennington where troops were headed towards a munitions dump in Bennington and protected by the troops and was considered one of the quintessential turning points in the Revolutionary War. So again, I'll acknowledge that because I think it plays a magnificent part in Vermont's history, but also I'll put a plug in that it should be a federal holiday, so we should add that to the list. Thank you, President Onarumo. Again, I don't know much from the technical side of cybersecurity. What I can tell you, though, is that from a practical side, and I'm going to share just a little bit about what we have dealt with at the Department of Labor, because you may be sitting here saying, why is the commissioner of labor standing in front of us at a cyber symposium? But as we all know, the pandemic of 2020 took us all by surprise. And what it did at the Department of Labor, as you can imagine, like many departments of labor across the country, is that we went from being a Department of Labor, and within Vermont our Department of Labor handles unemployment insurance. And so we went from a Department of Labor that served about 16,000 unemployment claimants a year, and in 2020, for about 10 months out of that year, we served 100,000 claimants. And you may say, well, when you're dealing with major systems, you don't really care about the – there's not a big difference between 16,000 and 100,000, but when you're dealing with a cobalt mainframe that has no technology that allows for self-service, right? So our claimants at the time were dealing with this mainframe, about a 20-year-old user interface, a four-digit PIN number that got them access into their account. Many of them, by the way, use 1111 or 1234, or even more dangerously the last four of their social security number. And so leading up to the pandemic, we had become aware, obviously, of the challenges of our system, the limited capabilities it had, and the risk that it posed not only to the state but to the public. And we're starting the process of looking at modernizing our systems, and then the pandemic hit. And the biggest bottleneck in that process was the fact – and this was, by the way, our number one prevention tool when it came to fraud, mitigation, and prevention. And that was if someone wanted to open a claim, they had to call and talk to a human. And so those were our number one prevention tools. We're interacting one-on-one with the individual. But you can imagine as tens of thousands of Romaners were displaced from their workplace, calling our call center. At one point, we had over half a million calls into our call center on one phone line on one day. And so we were completely overrun. And the first step we took was to take our application that we would fill out of all the questions that someone would need to take to be eligible and put it online. And that was one of the easiest things, the low-hanging free week we could do. But you can imagine all the downstream implications that came from that. Because what we saw was just a massive spike in fraud. And you've probably seen the headlines that have occurred across the country where the pandemic, and especially with regards to unemployment insurance, I would say was one of the largest, the largest coordinated fraud attack that this country has ever seen, resulting in hundreds of billions of dollars going into the hands of criminals. And so when we began to look at the systems that we had to create, because traditionally unemployment was one system, right? There was unemployment. Well, throughout the pandemic, the two years that we took of the federal CARES Act and recovery programs, we ended up implementing, I think, about nine systems, different systems in total. In many cases we were managing those systems using spreadsheets and human bodies and paper because the technology did not exist. And our number one priority was getting dollars out the door so that Romaners could pay for food and for rent and take care of their families. And so it definitely highlighted for us the need for enhanced cyber protection because we will eventually have a modern system. So I wanted to talk a little bit about the fact that there was limited self-service. We had no fraud team. We dealt with about one to ten cases of fraud, user identity theft and so forth, leading up to the pandemic. We're now in the tens of thousands of fraud cases a year of individuals using stolen identities to access benefits using our system. We've recently, through the support of the governor and advocating on the governor's behalf, secured through the Vermont legislature $30 million to upgrade our unemployment insurance mainframe. But what it has actually caused us to do is think about how do we balance the space between the human interaction, which has been our most valuable fraud protection and mitigation tool, and the need for automation and the risks that come with automation. And so we are looking at the difference between the human and the machine and how do we balance and find the right spot where those two can coexist, preventing user fraud and protecting Romaners. We also are using a national system that now takes every one of our claims and runs them through what's called the Integrity Data Hub. And so our national association has worked with all 54 states and territories to develop a system where all unemployment claims go through and they get scrubbed, look for redundancies, and also suspicious activity, which has been a godsend for us, but again creates the actual hardest part in that whole process is that their system doesn't connect to our 50-year-old mainframe. So needing to figure out how those two systems talk together has also been another challenge for us. But as we look to the future, I think our hopes are high in terms of being able to build a system that provides enough user access so that people can self-serve, they can submit claims, they can make adjustments to their claims, and their cases, we can match up the information they're providing and the information their employer is providing in their wage records to make sure that information is true and accurate, and we can also make sure that handshake stays secure so that as people are accessing the system, that information stays true and accurate to the person. But I will tell you that the hardest part through the whole thing was the fact that, and I don't know, I probably shouldn't ask people to raise their hand, but you can all imagine if I were to ask how many of you have received a letter in the mail sometime in the past 10 years saying, you know, a credit card company, a place where you've done business online, saw some type of data breach and your information is at risk, right? We've all been there and we probably have received multiples of those over the years. And what we found is that in this case of the pandemic is that all of that data that had been stolen over the past 10, 15 years actually was being sold at a premium on the market. And so there was very little theft of data from state systems, but it was all data that was readily available on the black market. And then that data was being used for people to impersonate true and accurate people. And so how do you catch a criminal when they look, talk, and feel just like the person they're impersonating? They have literally all the credentials, right? Social security number, most recent address, current workplace, prior workplace, copies of your driver's license. All of that information was information that was being used. And so, unfortunately, our biggest, our biggest step forward and our way to mitigate the fraud coming into our system was to take that application offline and actually at this point, because the number of claims are so small, actually have people submit claims over the phone again. And those, and you'd be surprised how many fraudsters don't actually like to talk to a human being. You know, so again, we have to find that balance because we obviously can't maintain that level of connectedness and handle the high volumes that come with our business. But again, going completely electronic and automated also creates a whole separate number of risks. So one of the things I'll mention and then I'm going to move on briefly is, you know, as you're thinking about today, again, from the technical side, I probably am not a big help although I think this information and topic area is extremely cool and plan to sit around and listen. But think about the fact that we're talking about major systems and how will they interact with the people that use them? How will they protect the public that is engaging with them? Because that is where typically the breakdown occurs. When we look at cybersecurity across Vermont, I just want to highlight the fact that I think Vermont is primed to be a key leader in the area of cybersecurity. But I also think it provides value to our residents and our businesses because being an extremely small state and extremely rural state, we also struggle with our residents and businesses understanding intuitively how to use technology to their benefit. And so we need to be thinking also about how do we inform the public and inform businesses on how to protect their most valuable assets and their money. And so, again, as we're thinking about cybersecurity across Vermont, I think there's a great opportunity for us to partner with Norwich as a state and be leaders in that area. But we also need to be thinking about the constituents and how they interact and what cybersecurity means to them. When we look across workforce, I know we think a lot about training and development and working with the organizations like Norwich and the other universities or our career and technical education centers. But at the same time, we have to think about are we creating the environment where we can build a workforce? And so when we look at cross Vermont, we, like every other state, are struggling to find workers. All of you, I'm sure, drive down the road and see the help-wanted signs or find that your favorite place to eat is operating on truncated hours or you can't access the business that you're used to accessing because they don't have the staff to keep their doors open. And so this is a challenge we see across the country. We won't be able to solve that problem with simply the people living in our state. We'll also need to look to grow our state. And so one of the key initiatives that the governor and his team are putting forward is the idea of net new workers, right? So how do we grow the workforce the way we need it to work for us as a state, for our businesses, for our residents? And that will come both from within through training and development and making sure that people who graduate from our high schools, our technical centers, our colleges and universities can go directly into work within our state but also how do we grow that from outside. And to do that, we need to invest in areas outside of education in terms of training and development. And that's why you saw the governor and the legislature take critical steps during the Recovery Act process to make sure we were making key investments in things like affordable and quality housing and making sure we were creating top-tier educational institutions and schools for our students and making sure that we're investing in infrastructure so that our neighborhoods are safe and can manage the growth of individuals and businesses because I'll tell you right now, and I don't know how many of you run into this but our biggest challenge in recruiting, even at the Department of Labor, is finding housing for those people that want to come work for us. And so we need to make critical investments in infrastructure in order to be able to grow our economy and grow our workforce. We look at a number of different things, though, in terms of growing our workforce from within, which I mentioned, things like work-based learning, on-the-job training, career pathways, credentialing, the registered apprenticeship programs that we have. So, again, as we're thinking about the future of Norwich, the future of Vermont, we are looking at different ways to educate so that we can move our students coming out of these various institutions directly into meaningful jobs. Our number one asset is our youth, and we want to make sure that as they graduate from whatever program, institution, or credential, that they can move directly into employment and stay right here in Vermont. Finally, I just want to touch on the fact that it's an incredible honor to be here at the Leahy Symposium. The senator and his family are near and dear to me and have a special place in my heart for a couple different reasons, but I want to talk what that means at the national level. So even as recently as the past month, President Biden and the U.S. Department of Labor issued a 120-day challenge to states and companies to promote and develop registered apprenticeships and cybersecurity. Here in Vermont, the Department of Labor and the governor recognize the importance of that and how that impacts as the president set across all sectors, so not just those that are dedicated in cybersecurity, but cybersecurity plays a role across all sectors and businesses for our citizens and for our democratic election system as well. We at the department and the administration have accepted that challenge and have started working with private sector companies, the agency of commerce and community development, and best in the nation's cybersecurity programs to develop those right here in our own backyard. To make sure that Vermont is a leader in the cybersecurity workforce. Again, as I mentioned, we have a number of different businesses that have taken up the opportunity to create internships and registered apprenticeships here in Vermont, and we'll be working with them to make sure that they have the cybersecurity registered apprenticeship programs at their fingertips so that we can meet this challenge from the federal government and make sure we're successful in that venture of growing our cybersecurity workforce. On a personal note for the senator, my earliest memory of Senator Leahy was the fact that at an early age of probably five, I had the opportunity to meet my idol, which was Christopher Reeves, Superman, and who doesn't at the age of five want to meet a superhero. And I have a great photo of my father, who was a long-time news reporter in Bennington, Vermont, and a good friend of the senator. And I have a great photo of Christopher Reeves bending down and shaking my hand as a five-year-old with my father and the senator standing next to us. So I'll always remember the senator as the person who introduced me to Superman. But I think for all of us here, we can just take a moment and appreciate the impact that the senator has had on our state and each of our lives. I see some of our young folks here today who will never probably truly understand the impacts that the senator has had on the state in which you live, on your educational opportunities, and whatever comes next in your life. Chances are his fingerprint is on it. And so I'd like to just take a moment and give an applause to Senator Leahy for all his great work. I'll leave you with one thought, and that is just remember that the best systems, the best processes, the best protocols are only as good as the people who use them. Likewise, you can have well-trained and informed people who are probably going to be your most effective cybersecurity tool. And that's why we're here today. So thank you very much. Thank you, Commissioner Harrington. I would point out that it was, as a Rutland County boy, it was the successful strategic withdrawal that took place in Hubbardton completely on Vermont soil that allowed the setup for the Beddington Battle Day further down. So it just has a little point there. And that would be, you know, we could make a really long weekend being July 7th, you know, possibly. So I'd like to introduce today Lieutenant General Robert Skinner from the United States Air Force. Lieutenant General Skinner is the director of the Defense Information Systems Agency and the commander of the Joint Forces Headquarters Department of Defense Information Network at Fort Meade, Maryland. As director of the Defense Information Systems Agency, Lieutenant General Skinner manages a global network and leads nearly 19,000 service members, civilians, and contractors who plan, develop, deliver, and interoperable command and control capabilities to defend enterprise infrastructure in more than 42 countries. Additionally, as commander of the Joint Forces Headquarters Department of Defense Information Network, Doden, he is in charge of leading the unified action across DOD to secure, operate, and defend the network. He leads the establishment of Doden priorities and directs the threat-informed actions through formal planning and future operational initiatives, as well as the command and control and unified network operations, cybersecurity actions, and defense operations of DOD. Thank you. Thanks, Phil. I appreciate the opportunity. And there's something always refreshing about running along the river in 60-degree weather up in the Northeast, which we were able to do today. And so thank you for the opportunity. Commissioner Harrington, great words. We were talking as kind of, I'll say, a brother-in-arms as we're talking about the 50-year-old system with cobalt, because I got an update yesterday from our team on our ordering system for a lot of the services that we provide. And that ordering system was actually put in at the start of Autoden, which those who are very mature know when Autoden was around, and that's about 50 years ago. So we are in the same boat in a lot of instances. So we'd love to talk to you afterwards and compare notes. I would say a big shout-out to Senator Leahy, right? I think if nothing else, Senator Leahy was talking about cybersecurity before cybersecurity was cool. And that says something, because that was really at the start of truly trying to really understand and define the importance of cybersecurity. And I think today, more than any time, all the work that he's been able to do, all the work that has actually come out of Vermont and out of Norwich is really paying dividends as we think about all the different sectors and the cybersecurity efforts that are going on each and every day. The other thing I was thinking about this morning as I was talking to Dr. Hamilton, if nothing else occurs today, it will be a success for me because we were able to make a connection because we have an intern program and we need students. She has students and she needs an intern program. So I think there is a perfect marriage there and so I look forward to working with you, Dr. Hamilton, as we move forward. You know, this is the first time I've been to Norwich in about a decade. And I will tell you, it's been way too long. When I was the 688th Information Operations Wing Commander at the time, now a cyberspace wing, the 229th Cyberspace Operations Squadron was underneath our wing and so I was able to get up here for a day. And those who've seen me on LinkedIn until about two months ago would notice there was a sign of Norwich University and me standing right next to it as the wing commander. I've gotten so much grief over the years because I've gone a little bit past Colonel and they keep saying, why can't you update your LinkedIn profile? And so about two months ago I did realizing I probably should have waited about three months until after I had this discussion. But I will tell you, it's an honor to be here today to talk a little bit about things that are going on within the Department of Defense as well as within the agency and within the Joint First Secretary of Zodem. Now, as the President was introducing me, if you take nothing else from that, it's that I have two bosses. Those two bosses are driven and my head is spinning every single day as we're trying to both provide as well as secure, operate, and defend this thing that we call the doden. And think about the doden for a second. 300 million Internet Protocol addresses is what we are responsible for. Now, if you think, well, is that a lot? Is that not a lot? That is the third largest in the world. The first one is the United States, which, oh, by the way, I say, we take credit for the United States being number one because we are a big part of that. Number two is China and number three is the Department of Defense. Each one of those addresses is a potential vector and a potential cybersecurity vulnerability that we have to address each and every day. So that is a huge responsibility. In DISA, we actually drive the secure operating and we drive the, how do we provide support? We have the Internet Access Points, which are the 10 key points that go out to the rest of the Internet that DISA is responsible for operating and securing. Joining for us today is doden, which is a component of U.S. Cyber Command, falls under the U.S. Cyber Command and DISA falls under the DoD, Chief Information Officer. And one mission, I would tell you, can't be ahead of the other because they are both symbiotic of the things that we have to do on a day-to-day basis. The doden is a federated environment. We've broken up the doden in 45 different areas. We call it a federated republic and each one of those federated republics are responsible for their portion. So think of the United States, same difference. Each one of the states is responsible for a certain portion, but they also have the federal government who is providing support. That's the same thing within this, is each of the different, I'll say, doden area of operations is responsible for their certain portion and JFHU doden is overarching to ensure that we have a foundation of success as we look at cybersecurity. This includes an infrastructure of 15,000 unclassified and classified networks and cloud environments around the world. The doden terrain includes all-enabled devices such as cell phones, laptops, weapons systems and the information collected, stored and disseminated and managed for on-demand access by warfighters, policymakers and all support personnel. As the DISA director, my role is to ensure the security of our cyber domain so the current and future warfighters can confidently navigate the cyber terrain anywhere, anytime. This is customers' mission-essential functions require reliable and agile IT solutions each and every day. A tall order when you consider that every day, we process petabytes of data and support, operate and defend the doden core enterprise services I mentioned earlier. So how do we do it? The President mentioned we have personnel in 37 distinct locations. We have approximately 19,000 individuals and about a $13 billion budget. We are in 25 states, the District of Columbia, one U.S. territory and seven countries. Well, this may sound like a lot to some as we transition defense agencies and combatant commands and others to the thing we call the DOD net. We're going to be in over 400 different locations at the time of that completion. Throughout our cyber security efforts, the highest priority in my eyes is command and control. Regardless of location, there is nothing more important than the ability of our senior leaders to securely communicate with warfighters and business partners each and every day. The President and Joe Nakasone have said several times that cyber is a team sport. I couldn't agree more. Unfortunately, our adversaries see this thing the same way and are very good at working together, sharing information and when exploited can have devastating effects. Teaming up is a critical area of competition and those of you here today are a key part of that effort. We must do better and through our focus on transparency, understanding and collaboration and I think we will through events like this. The threat and risk landscape are massive and complex, increasing both size and complexity each and every day. I think that's nothing new to everyone here. Analysts predicts a 15% annual increase in cyber crime related costs that by 2025 is projected to be over $10 trillion. As a result, the role of information security analysts and other cyber related career fields have jumped to the top of the in-demand jobs list according to online business projections. Industries around the world benefit from the critical work of information security analysts and because the scope of the threat is growing and no organization is immune, the demand for cyber and IT professionals continues to grow exponentially. Today, there's an estimated 3.5 million cybersecurity positions open worldwide. In 2010, there were an estimated 9 million unique malware strains on the open web and in 2020, there were almost 140 million. We're far above that now. If that's not exponential growth, I don't know what is. As cyber threats become more pervasive, our mission to connect, protect and preserve the warfighter has never been more vital. Recently, we've seen major cyber attacks on critical infrastructures. I think everyone remembers the colonial pipeline. And while they originally started off as DDoS and just kind of trying to prevent access, this is really getting after the heart and minds of our country because it affects the supply pipeline, which affects each and every one of us. This is how these are continuing to grow from what was a nuisance to now getting after the confidence of our nation. In Russia's war against Ukraine, we're seeing how the fight in cyber is inextricably linked to all conflicts and all levels. We see increase in ransomware, activism and disinformation in every sector every day. Those military cyber actors are carried out by both state and non-state actors. There are dozens and dozens of non-state actors who are participating in the current conflict over in Europe. As long as we have the Internet, we will always have cyber threats. Therefore, persistent engagement remains critical across the cyber domain. We must continually work to understand the adversary, degrade their capabilities and combat their attacks. That engagement happens with partners, both internationally and at home. Through continued innovation and combined efforts like the commodification of capabilities, economies of scale, the rise of the Internet of Things, improvements to AI and moves to the cloud, all of which are here to stay. We can stay ahead of these threats and combat them head on. Adversaries see cyber as a way to increase their power, degrade the power of others and gain strategic advantage while operating below the level of armed conflict. Money and reputation are absolutely forms of power. We've seen major campaigns from China against Taiwan, Russia aggression against Ukraine, Russian interference in our elections, disinformation, malware, fraud and outright theft from North Korea. And the list goes on. We've seen adversaries increase the scope, scale and sophistication of their operations. To combat that, we're calling for bold leadership and innovative solutions. We're asking for active, not passive operations. We're asking for everyone to take cybersecurity to the level above just shielding our systems. Today's leadership will need speed, agility and the community of effort to stay ahead of the threats and safeguard our economy, critical infrastructure, electoral processes, intellectual property and personally identifiable information. We need to hunt within our networks, not just put up shields. We need to maneuver our networks harder and more complex for the adversary and the criminals. We can work more closely because cyber is a team effort and U.S. Cyber Command has experienced great success operating against foreign adversaries, especially through partnerships abroad. We've held the largest multinational cyber exercise in the world last year with Cyber Command's Cyber Flag 21. Bilateral and multilateral exercises and hunt operations aimed at strengthening our allies across the globe, specifically in Europe and Asia Pacific regions, have also been conducted. During the 2018 and 2020 elections, foreign interference was significantly less than when compared in the 2016 elections. Proof we can combat adversaries effectively in the information space. As you know, we're not alone in our partner pursuit to safeguard the cyber domain. My colleagues at the Cyber Security Infrastructure Security Agency, which you'll hear from later today, the Department of Homeland Security and the FBI have had just as great success with partnerships and community of effort at home and abroad. When we come across malware, adversary activities, or new TTPs, we have multiple methods of sharing that information seamlessly across the community, which then gets to each of the states. Something I know many of the leaders and practitioners in this room have been doing for quite some time now. When discussing cybersecurity improvements, Senator Leahy said that it must remain vitally important in every aspect of our lives. I couldn't agree more. Whether you're working as a first responder or in the local government, educating the workforce on cybersecurity must happen for entry level, journeymen, and leaders alike. By staying ahead of the threat streams through innovative approaches, we allow our institutions to deliver necessary services without interruptions from groups bent on delivering chaos. This to me is where Norwich University, as part of the National Cyber Security Preparedness Consortium, is a prime player. The focus on educating our first responders and local governments on cybersecurity so they can respond at a moment's notice, at any time and any place, is a very powerful and critical mission. Throughout the most technologically advanced organizations I've been a part of, one thing I found to be true is that our strength lies within the people representing the organization, not the technology and not the processes. Like everyone in this room, you are the ones who make the difference. We must continue to invest in our workforce by building talent through education, experience, mentorship, and development. Being bold and transformative takes commitment from leaders to accept risk and accept discomfort. Too many times I've seen we are too risk-averse and we have to change that to be effective. Being bold and transformative takes commitment from leaders to accept risk. Oh, I already said that, sorry. Together we can shape tomorrow's cyber operators and leaders today. At this NJFHQ Doden, we have taken a hard look at the capabilities and solutions we have and we provide as well as the organizational structure and processes that deliver those solutions to our mission partners. One outcome has been a transformation of our organizational design to streamline our information flow and increase efficiency and effectiveness as we move forward. We have this term we call institutional silliness. You all know it. You've been a part of an organization. It's that policy, it's that guidance, it's that thing that just, it's out there that is inhibiting our workforce from being the best of themselves. It's inhibiting them, it's inhibiting us to unleash that talent. I would ask each of the senior leaders in here, each of the members here, if you know or you see that organizational silliness, tamp it out. Because that's really where organizational design comes into play. Because we want this workforce today which I will tell you, this workforce today is much better than when I came in, I won't say how long ago, but it was a very long time ago. I would not have been as successful as I am today with the workforce coming in today. And so we've got to make sure that we can unleash this talent and you unleash that talent through some technology but it's really about organizational design and enabling them. We have major efforts underway to build a zero trust architecture we call ThunderDome, which is a truly transformational way of looking at how we route and secure our data within the Department of Defense Information Networks. We're working on cloud computing, cross domain solution, and other advancements for edge nodes to name a few. I appreciate the power of our shared insight through partnership and I thank you for this opportunity to discuss current trends in the world of cyber security. In my eyes at the end of the day, cyber security is not about security. It's about posture and it's about readiness. How ready are you and how ready are we? I would offer we have to harmonize three key things to be cyber-postured and cyber-ready. The first one as I mentioned is organizational design. The second one is the technology. How do we enable the technology? But the third and most important is how do we unleash that talent that we have each and every day? If we can harmonize those, then we're ready. If not, we are not. So I look forward to your questions. Thank you. Thank you again for being here and thank you for those great comments. I have a question about talent management. You talk about unleashing talent, but how was the Department of Defense especially attracting and retaining talent, especially with the cost differential for how we pay that talent? Yes, so I would tell you today the Department we are still in an industrial aged personnel environment. We're transitioning, but we're just not there. The Department will never compete against industry when it comes to dollars. Right? We just can't. Especially as we talked. I mean there's millions and millions of unfilled positions in the market. So what we've got to do is we've got to look at a variety of factors. The first one as I mentioned earlier, organizational design. We've got to have an organization that people want to come work for. Right? We have to have some incentives. Right? Pay can't be dirt cheap. So we have to have some incentives whether it's through bonuses, whether it's through retention pay. But the bigger thing to me is the mission. Right? We have a mission that most people cannot do. We have missions that people cannot do in industry. They cannot do in academia. And so it's the lure of that mission also. And it's also it's serving others. Right? The ability to serve others is also a trait. So kind of putting all those together is what we're trying to do. And as I talked with Dr. Hamilton, right, it's how do we develop a cleaner pipeline from academia to the Department of Defense. And I would say this is the most important agency. From an internship standpoint, I may be a little biased. But we're always looking for that talent. So I think bringing all those things together is really what we have to have from a value proposition standpoint. And not have 50-year-old systems that we're relying on for the personnel systems. Yes, sir? In an unclass environment. Yeah. So I would say I spent 16 months in Indo-Paycom and I'll tell you that was one of the best assignments I've ever had. Not just for the snorkeling and the hiking and stuff on Oahu throughout the Pacific. But it really gives you an appreciation for what China is doing throughout the theater. Right? There is a rules-based order today that we are all comfortable with. May not be perfect, but we are comfortable with. They are trying to upend that. And they're trying to upend that through nefarious ways. And so the partnerships to me is really where it comes into play. We have to continue engaging persistently engaging with our partners each and every day to combat what what China is doing. I will tell you and you're not seeing half of what they are doing in relation to being, I'll say, nefarious and trying to upset this rules-based order. And so that's why we are, while things are happening in Europe, we still can't forget about the strategic threat that remains with China. And as we saw with Speaker of the House's trip to Taiwan, it's a very interesting and dynamic environment that we have to keep an eye on each and every day, which is why our national defense strategy continues to focus on them as the strategic threat. That's about all I can say in a class environment. Yes, sir. I will say it's a larger role. We could have a discussion on what I call the IT bingo words, right? You can talk about blockchain, you can talk about Zero Trust, you can talk about AI, you can talk about ML. It's almost like an IT bingo game. But at the end of the day, it's all about how do we continue to ensure that we know what's going on in our systems and our networks. That we know who is operating in from and or through those networks. And so it's a lot of these different principles that all come together that I would offer is really about Zero Trust, right? Blockchain is a part of that because that gives you a true audit capability in understanding what is happening within your system. If you talk about identity credentialing and access management, ICAM, that gives out the identity of the individuals who are either operating on and in or through. You have comply to connect, which is focused on limiting the systems and or the people who are able to get on a network if their hygiene or their cyber posture or cyber readiness is up to full speed. And so I think all that actually comes together. The Department of Defense, I would say, is on the initial stages of a long journey when it comes to incorporating those type of technologies as well as Zero Trust. If you talk to Google, for example, they will tell you they've been on a Zero Trust journey, for example, for 10 years. They're not done. And they say that they're far away from being done. And so we as a department and whether it's the state level from a government standpoint, whether it's at the federal level or whether it's the Department of Defense or other federal agencies, this is a long journey. But it starts today and it starts with what we've done but it also offers, it starts with every single individual being a cyber jet eye in my eyes. Every single individual has to understand the implications of cyber on their mission, on their day-to-day lives. Because if they're not securing their information, if they're not up to speed when it comes to what hacktivist, what cyber criminals, what adversaries are trying to do on a day-to-day basis, all the social engineering that continues, all the email phishing campaigns, we will never get to because all it takes is one individual and or one vulnerability to be exploited. And so I think things like blockchain and other technologies help limit the effects and or the implications of those vulnerabilities. Danny, it's your question. I've been on the stage with no questions before so I'm going to keep it going. Oh, I find. It's doing great on time. Since we're producers of the talent that you need to be successful, are you getting what you need from higher education for a workforce and anticipating the answers probably know what could we do better? Yes. I would say the number one thing that I want from higher education is critical thinking. This is a complex environment. And we need to have individuals who are critical thinkers because what you think you know usually when you get out in an environment it's not what you actually thought. And so the training that you've had before and the education that you've had before from a technology standpoint probably isn't going to be what you thought it was. And so if we can have critical thinkers as a core component of every single syllabus, every single program, to me that's the most important thing. Second thing that I would offer is understanding how to campaign and or to operationally plan things. Realizing that when planning meets reality things are going to change. But if you can't have a good understanding strategically of how to plan things, then you will have difficulty in this space. Doesn't mean you don't need flexibility, agility and other things. Third thing I would say is the technology piece. Right? So a lot of people flip the technology first. I would offer that's the third piece of this because technology is becoming I'll say a lot simpler to be able to leverage. The final piece I would say as we talk about critical thinking. If you have the ability to take the complex and make it simple, that's a home run in my eyes. There's still a lot of individuals who don't understand the technology and who don't understand the power of the technology and for people to be able to kind of bring that down to bring it to the appropriate level so that others who haven't been who haven't been part of the technology, then that's a winner in my eyes. Hey General Chris Mitchner from the University of North Georgia. I would tell you that the university is somewhat struggling with the loss of young men and women into industry vice service back into the government and you talked about the pipeline process. How do you see that going further so that there is an ROI for these scholarships and things because we suffer with me reaching out to somebody and saying for just our location, NSAG Army Cyber, hey I need mentors to students. And it gets into a gray area of I've had people not be able to give them based on credentialing, based on years in education, those types of things. So how do you see how would you enable us to be able to entice those young men and women back into the federal government side? Yes, so that's a tough question, right? So first and foremost whether we can get individuals and students on full time or guard, reserve I'm all in on all that, right? Being citizens who serve to me is very powerful no matter how that is. I will tell you in today's environment it's going to continue to be hard but I would offer we as senior leaders need to take the time to help mentor and to take time to be more engaged with our academic institutions as we go forward. We could on a day to day basis spend all of our time focused on the mission. But I will tell you it's the people who enable that mission and we've got to find the time. That's how I would offer the ability for us to spend more time with individuals like you with your students to help highlight and showcase the value proposition of what the department and the federal government can bring to the fight. Again as we talked earlier we're never going to compete from a monetary standpoint but there may be other things across the board that as a full package would be able to better entice them but a lot of it also is personal experience and us being able to sit down with students down with others and kind of walk through what our personal experience was because I would tell you a lot of individuals in academia in the senior leader positions have served in some form or fashion so I think there's a combination of those in academia senior leaders who have that experience being able to share that but also those who are currently on active duty too. So we are accepting questions at cybersymposium at norwich.edu for those on the live stream. I'm Johannes Meyer. I'm a student here at Norwich University. I want to ask how you would think open sourcing some more and declassifying more DOD tools might help in the future. For example the reverse engineering tool Ghidra really helped with the community with the cybersecurity community in general and I believe that maybe open sourcing more tools in the future will also attract more talent. Yes, I would tell you I'm all in on whatever we can securely understand that will enable our mission and bring more talent. I know we are doing some things with open source and we are leveraging some tools probably not as much as we could or should so I'm all in on if that helps bring talent then we just have to make sure because we have national security systems there's a approval process that still has to be maintained to ensure the right security level and protection levels. Thank you. Yes ma'am. Thank you so much. I'm Lori Patton president of middlebury and I know that your remit is more around defense but one of the things just to follow up on the last three questions that I have is I think that we have a pipeline in education that it seems to me we need to do is think about internet integrity and ethics and basic understanding of what internet citizenship looks like and I'm wondering if you are thinking about that as part of a defense strategy as well we seem to understand as we look at our students coming in that in a way that is all about being good citizens so I'd love your thoughts about that as well. Yes so we have you know like there's ethical hacking out there there's ethical AI I don't from my standpoint I've not heard much on the ethical citizenship of the internet I think that's something to look into. The question is going to be who follows and who doesn't right at the end of the day it's those who don't follow are the ones that we're concerned with and usually that's part of a criminal and or adversary less likely from I'll say a US based and or a department of defense base. Every single individual when they get a device from the government has a use agreement that says you will use this system properly if you're an administrator or you have elevated privileges you have additional training that talks about what doesn't necessarily ethical it says here's are the do's and don'ts from an administrator standpoint and so I think there's parts to that but there's not really a program of sorts. Good morning general Henry Collier I am the director of cybersecurity and computer technology at the college of graduate and continuing studies. I am also a cyber warrant in the army reserves. So my question is regarding barriers you mentioned barriers and tamping barriers out. There are a lot of barriers that exist for students graduating from all of the senior military colleges or any university and going into military service as far as the training requirements that they face and those same barriers exist with the army reserve and national guard soldiers because the requirements for PME are significant as a warrant they want me to go to Fort Gordon for four months to learn something that I have been teaching for 13 years kind of silly considering I have a Ph.D. in cybersecurity I'm like the only one in the army reserves right? How do we as the military and as universities push through those barriers that we're facing and we know those barriers a lot of times are coming down from trade off because that's their whole existence. How do we get through that because so far I don't see a whole lot of results getting through that. What is your take on that sir? Persistent engagement. I've been doing that for a while I have the command of the army reserves on it but I'm not certain there is an easy way with that and I said it funny persistently engaging to really look at things differently and that's what I would say all of our active duty training a lot of our PME which in some instances we are but how do we think differently about how to have reciprocity for experience versus a certification or a piece of paper or a and that's what we're really trying to do even within the Air Force it's just slow sledding to me there's not really an easy way it's just this is hard work persistently engaging and really kind of using use cases and examples to kind of show this is not just equivalent this is greater than equivalent because the principle is that you're teaching or want me to go to I'm actually teaching them and so I think the one-to-one comparison is the easiest way to I'll say is probably the most effective way to get after that. Thank you sir and having individuals like you who are very open minded and understand this value at your position I think is a significant effort in trying to improve this for the future generations through the DOD Cyber Institutes and if you want to send me an email with some specifics I have a Chief Foreign Officer 5 who I stick all my hard problems with I can have him work it Thank you sir. Anything else? Oh yes sir Hey good morning General Brad Everman with Spotlight Labs also just for reference about 3,000 hours flying F-16 so that we talk about perspective what I just heard you say that was interesting was talking about for professional military education bringing in experiences or other things that you do throughout your career that almost smells like a continuum of service where you move into the military through a reserve or guard or even active duty then industry and then back and forth so pull that thread for a second when we look at you know the SECF has said we look at China because China China is what we talk about these days anything in Indo-Paycom or other parts of the world the way they select their students and the way they educate their students is different from the way we educate them in the United States so what's your take on our position as far as education goes the way we educate our citizens and our military members compared to China and India and others so what's your take on one our educational process and how we do it and are we strategically positioned where we need to be in relation to them with how we educate and if not what do we do to fix it yeah good question I will say I love our education system at least at the higher levels that doesn't mean it's perfect and I would offer the education system that I've been watching and seeing is actually transforming in certain spots Norwich University is a perfect example right and so to me it's less about the structure of an individual curriculum program it's the individuals together that are learning even more than what's being taught that's what we have to continue I think that's less in the Indo-Pacific theater with China and Indian stuff remember they're sending a bunch of their students over to the United States to learn better right and I think it's that as I offered you know the critical thinking piece is important but it's the camaraderie from a student standpoint and it's the learning after hours it's the learning that's less about the actual what the teacher is instructing now that doesn't mean that the teacher instructing is important right because that is where the principles are kind of thrown out there and then if students have questions then they come back to me it's that flexibility I would offer we have to continue to get better right I would still offer I would pit our education system especially at the higher levels against them anytime but that doesn't mean that we can rest on our laurels which is why I kind of talked about the critical thinking and things like that that we really have to get together I don't know that quite answered your question but it's that's a hard problem at the end of the day sir so if I heard you you think we do still maintain the advantage of educating specifically on the tech front and we're still there we haven't lost that strategic advantage I don't think we've lost that strategic advantage the one thing I think that we have a significant issue with is numbers right I think from a number standpoint but I would still take the innovation that the United States does on a day-to-day basis over any country there's ways to catch up which we've seen that other countries are doing by stealing intellectual property and other things but I would still put our innovation above anybody else's thank you sir thank you general Skinner for your comments