 Test test there we go excellent good morning everybody So we had a great first day yesterday We got to hear from General Hawk commander of US cyber command and we got to hear how far cybercom has come Mature and how now we're involved invested in maturing cybercom's service-like authorities and what that means for growing our partnerships Our partnerships to set the globe with cyber security with our with our allies and partners We had a great session corporate roundtable Which I don't know what you all took away from it what I took away from it is that partnerships require trust right a conference is a good first start But trust requires building it over time with cadence Repeated contacts repeated interactions, and I hope that's what we can come away from this conference with this may be a great first start Or second start or 12th over the course of several years But what what trust really requires and partnership really requires is building on this over time repeatedly And so I'd encourage all of us to do that We got to hear about the challenge of an evolving sense of what privacy means both in the US and overseas We got to hear from some interesting speakers on that My quote of the conference is that the DeFar the Defense Federal Acquisition Regulations is beautiful There was a lot else that went on in that panel, but Cray does may be important, but the DeFar is beautiful and then we got to hear from the private sector And and learn and this is important. This is what we really want to come away with What is it that's important for us to know about the perspective of the private sector whether we're hearing it from the Starzak at Cloudflare we're hearing it from Adam Hickey or mr. Powell What are they thinking in times of competition in times of crisis and then in times of conflict and And and what does that mean for our want our desire to partner with the private sector as as general Hock talked about at the very beginning And then we you know we got to hear some hard things about about where the international Sense state the international community is going right with things like the EU and the GDPR and global competition What global competition really means for our partnership? And so how the United States if we want to partner with Companies overseas and also with our international partners how we need to understand where these other regulatory regimes are going that was yesterday Today, we have a great day today. We're gonna we're gonna hear about artificial intelligence We're gonna hear about defending critical infrastructure and key resources and partnering to do that we're gonna hear about how we partner to harmonize regulations and The you'll learn about the patchwork of regulations that all of us are facing in cyberspace And then we get to hear from our international partners and hear their perspective and then at the end we're gonna hear from the Department of Justice and how they've actually gone about as partners disrupting some threats within the United States, but first We have a special treat. So yesterday you got to hear from the commander of cyber command today I'm pleased and I'm gonna have to put vanity aside and wear my glasses or I'm gonna screw this up So our keynote speaker today is the is the principal legal advisor to the president on national cyber security strategy director Harry Coker His responsibilities include implementing the US National Cyber Security strategy Coordinating cyber defense strategies for federal and critical infrastructure Efforts to deter our adversaries and private sector engagement on cyber security and emerging technology his 40 year career of Public service began when a Navy recruiter approached him at high school in Kansas, right? Think about that. These are the moments that define your lives. Think about the moment that defined yours Little did he know that that interaction would have an outsized impact on his life And it would lead to the Naval Academy To a long career as a surface warfare officer engineering duty officer in the Navy from which he retired as commander in 2020 shortly after retiring from the Navy Director Coker entered the intelligence community where he held several senior executive positions supporting multidisciplinary efforts to fuse cyber offense cyber defense open-source collection data science and Enterprise information technology He was awarded the prestigious Don Crier award for diversity inclusion while serving on CIA's diversity inclusion council and then came to the NSA where he served as Executive director for the national security agency where again, he distinguished himself as a trailblazer on workforce development Equal employment opportunity and one leadership awards in 2023 He was nominated by President Biden to serve as the national cyber director and he assumed office in December within a few short months He's led significant efforts to implement the national cyber security strategy by consulting with our academic and legal experts To identify legal mechanisms for shifting responsibilities the manufacturers of software and technology Engaging interagency partners to harmonize cyber regulations and taking steps to build a more robust diverse and capable Cybersecurity workforce throughout our country ladies and gentlemen, please join me in giving national cyber director Harry Coker a warm welcome Sorry about that introduction y'all. I asked it just have my name mentioned But my apologies nevertheless, I'm delighted to be here today And I do appreciate the introduction Just excited to be here. You all have some challenges and we're going to lay another one on your plate Regarding the power of partnership and defending cyberspace Before I get too far into it also want to thank General Hawke and cyber command legal team for setting up such an event and then want to thank and then Acknowledge our two interns are legal interns with the office of national cyber director Captain max Junkins and in Yanni You all are keep tabs on them. You talk about growing talent. They're right there getting it done And I'm sure we'll all benefit from them in the decades to come. So thank you both And all of you are taking on a mighty big challenges So I look forward to your progress and as Colonel Hayden said The symposium summits conferences are nice. It's when the action Leads to productivity not just action but productivity that needs to follow that will all benefit. So appreciate that You mentioned the Naval Academy every time I think of my class. I make a point of mentioning that I get more and more proud of the Class in 1980 not just from the Naval Academy from surface academies first class is with women and I always reflect on on How long it took our great nation to allow women to attend service academies says summer in 1976? Greg and the first class is graduated in 1980 It took a long time, but we made the right decision and our nation is more secure because of that So I'm grateful for the class of 80 and in my classmates there Gosh, I can't help but acknowledge it quote the D-Far is beautiful. I'm I'm sorry I've missed that session, but I do have to catch up but as was mentioned prior to my most recent retirement I Served as a NSA's executive director and I saw firsthand the power of partnerships Domestics international public and private sector It was clear then and remain so now that we cannot succeed without partnerships and I'm delighted that the federal government Recognizes that we will not be successful in cybersecurity without our private sector partners So that's that's clear And as was said it all starts with trust And that trust has to continue that's an area of focus for us growing up in the military It wasn't it was more interaction than partnership we have progressed for from there and Again, we're safer because of that today One of the objectives is to challenge you all to examine the norms of Targeting civilian critical infrastructure and essentially ask you all to to work towards providing a commander's intent regarding the importance of Refining our understanding of normative and counter normative activity especially as it applies to civilian infrastructure But again, it's all about partnerships and I reflect back when I was growing up in the in the Navy Graduated in 1980 you all you all may have read about it the Iran hostage mission where we had a lot of challenges if you read probably about the invasion in Grenada in 1983 Where we did not work as well together within the US Department of Defense had led to Goldwater nickels Jointness it's about partnerships DoD got it right then we need to continue to grow from that Goldwater nickels And let the service rivalries stay on the athletic fields and not in our in our Defensive or offensive space So that's what I'll lead in from but I've had the honor of serving as a national cyber director for Just about four months now and I can tell you that the president's national cybersecurity strategy is the North Star and It has vital work that we need to To overcome the cyber challenges that our nation and in the world faces It promotes democracy free speech innovation and security and it recognizes that security has Evolved from that more traditional definition of national security when I was growing up It is incorporating economic security, which is key as well that strategy Was created and it is being implemented with a keen understanding that when it comes to cybersecurity Partnership is the key to success In fact the word partner or partnership is listed no less than 70 times in that strategy One of the pillars in that strategy That perhaps requires the most connectivity and collaboration is to work to forge international partnerships to pursue shared goals You all know there's no boundaries National boundaries when it comes to cyber security and the connection with our allies is essential again to our success And that's what we're going to focus today. How can we partner or partner together even better to strengthen? global cyber norms and ultimately better protect our nation and our allies in this increasingly digital world and And I'm glad that all I had to do is throw out the challenge as opposed to provide answers because I don't have answers said It's a hard one reminds me of just last week We hosted a software liability symposium and I talked about hard challenges We had the legal community there to get us on a solid legal foundation Which confident will be on but still it's going to be a tough Slog of numerous hills similar to the task that we're asking you all to take on so can we actually build Norms against developing access to certain Systems in civilian critical infrastructure and that question becomes even more vexing with acknowledgment that much of our infrastructure is Essentially mixed-use. I it's not strictly civilian you could take a look at those 16 critical infrastructure Sectors that are listed in PPD 21, which is in the process of being updated But a number of those 16 cross civilian and military Which makes the challenge? Even more daunting. Nevertheless, it needs to be taken on so much of the work to build these norms of Responsible state behavior Focuses on computer network attacks and we all know that our adversaries will use compromised systems for espionage on one day and then use it for effects operations the next day and distinguishing computer network Exploitation from preparatory operations for computer network attacks again is a hard problem But I know that's what that's what you all do That's what I like to do is take on hard problems Nevertheless, I am still concerned that this problem is not receiving the attention that it deserves and that we're not making The progress that our nations Deserve and now it's more relevant than ever But you know, what if there were a category of Civilian-facing systems with no espionage value where the most where the mirror presence of adversary activity Could be deemed counter normative Would such a norm be feasible? Would it be valuable? Would it be adhered to? These are the questions that we pose to you today But first I'll explore why they're so relevant and as I think most of you all know at the US intelligence Community has reported that our adversaries target our critical infrastructure for destructive attacks These adversaries are not conducting that targeting Based on military necessity or as a result of deliberate targeting processes Many of you know so well instead These are opportunistic developing access the sort of opportunistic Access development based on a target's vulnerability Rather than its strategic utility that can leave US and allies civilian critical infrastructure Networks compromise their targeting systems that are not of strategic intelligence value. I get espionage Nations do that we do read other gentlemen's mail as once it but the systems that Directly impact the communications energy or power systems That civilians are using to work socialize and increasingly run the operation of their daily lives is something that we have to take a look at Given the civilian nature of these systems It's clear that these accesses will be Useful only for attackers perhaps Those seeking to break our will by harming civilians who are not participating in conflict or Competition inflicting societal panic Is is unacceptable and in our office our team does help Coordinate the nation's efforts to defend a broad swath of critical infrastructure in partnership with CISA amongst others but that rains from systematically important financial institutions To small-town rural facilities like mine in Parsons, Kansas But across such a wide range of entities with significantly varying maturity levels We recognize that not all critical infrastructures owners and operators can make the same or sufficient investments in cyber defense. In fact The national cybersecurity strategy does call for a shift in Responsibility to defend cyberspace from those that are least capable the end users these small rural communities To those that are most capable the federal government high-tech industry partnerships but Those small communities really are defending against sophisticated actors Nation-states and you talk about an unfair fight. That's where it is So that's why that that major shift is in the strategy and it does require us and our allies to better define The activities that we cannot tolerate during competition Hopefully prior to conflict Yeah eyes wide open there is always going to be risk. There's always going to be cyber risk That's why we're here to manage risk not to avoid it but to management But there are no silver bullets and Just as we do not expect the operators of a grain silo to defend against mortar fire the agriculture Agricultural Coral sector network defenders should not be expected to go toe-to-toe With the military cyber unit especially when those bad actors are Opportunistically deploying malware to be used in a future conflict Defending critical infrastructure means prioritizing our assets and allocating the necessary resources to key systems And we cannot allow our adversaries to wantonly compromise civilian critical infrastructure This vulnerability driven target selection Enables so-called counter value operations aimed at destroying civilian assets to erode Political and popular will and we should be clear with our adversaries that vulnerability driven targeting Will not help them secure wartime objectives Nations that choose to endanger civilians in this way will surrender opportunities to de-escalate or manage conflict In fact, this is a key point in our focus on deterrence in cyberspace using every tool that the nation has as disposal We know that our adversaries attacks will not achieve their strategic objectives because we will not sit idly by If we are attacked nor should we sit idly by while they prepare and preposition for these attacks These attackers should study the lessons of counter value campaigns fought from the skies above Britain in World War two They should look to the men the women the children and the families who heroically Endured fought back and helped to win that world war. The lesson was clear Targeting civilians will only fortify their resolve and will not result in surrender Now I'd like to turn to two more recent examples of adversary Opportunistic counter value operations the hacks of eutronics devices by Iran affiliated cyber groups and the hack of small-scale Critical infrastructure assets by the People's Liberation Army. It was last winter that the Iran affiliated opportunistically exploit eutronics programmable logic controllers in the name of soaring panic Amongst the US public and the Israeli public these eutronic devices are typically installed in comparatively target-rich but cyber resource resource poor Assets in the such as the US water sector some of these critical infrastructure operators do not have frankly and sadly the budget for full-time cyber staff Let alone security specialists So while communities may not realize that their access to drinking water Depends on a device whose password is one two three four Our adversaries certainly do in February of this year or late January I joined colleagues then director NSA and commander of the U.S. Cyber Command General Nakasone FBI director Ray and CISA director Jen Easterly to testify before Congress about the intense interagency work to defend America's Critical infrastructure from activity that we believe was conducted by the Chinese PLA and What was unique about this activity was that it lacked ambiguity When when one develops access To civilian critical infrastructure assets for reasons other than financial gain or espionage Which is understanding of state secrets It's clear that the motivation is establishing persistent access for a computer network attack Such attacks are in alignment with the PLA doctor and as we testified that day Opportunistic exploitation of vulnerabilities in American critical infrastructure to hold non-combatant civilians at risk is unacceptable Now conclude today by issuing again Challenge or frankly a request to this community The American public has placed incredible trust So we're asking you all to guide the use of American cyber power and in advance. I'll thank you all for being thoughtful and Responsive on on this mission Also want to thank our our ally Partners our private sector partners that are here today together We're not only working to understand the scope of the possible, but also working every day to better understand How we can reconcile the incredible incredible power of cyber with the liberties at the core of our Democratically focused lives So I challenge you all to think of all the ways to strengthen our partnership by promoting a responsible norms of conduct Challenge you to be not only Reactive when egregious incidents occur, but also proactive and engaging the broader cyber and legal communities to think Through what types of accesses are presumptively for computer network attacks Policy makers will need to decide what norms to promote and how to affect you ate them But it is this community That that can help us understand if there are systems where because they have no espionage or direct military Value at the presence of adversary cyber activity is enough to be destabilizing and therefore inherently irresponsible This is a fraud And challenging task it may be that there's no definition to be had Or no line to be drawn that can make it clear what accesses are wholly impermissible But I can think of fewer more relevant communities to take on this hard problem than those that you all come from it and represent Cyber norms are not created in a day and they're certainly not created in a speech But I do look forward to partnering with you all as we explore this issue of Opportunistic targeting and in doing so identifying ways in which we can help keep our nation's critical infrastructure secure Thank you. Thank you very much director Coker. I was I was intrigued by what you said about The administration's work to promote partnerships on cyber norms. Do you have some more examples of the administration's work in this area? Yes, and I can start with I think it was 2021 There was there is a Chinese based Advanced persistent threat that's known by hafnium. I think it's also called silk typhoon but they they exploited Microsoft servers and part of the International partnership and going against that norm was number one publicly Attributing that that attack to that entity publicly acknowledging its affiliation with that that government and then our partners To include the the United Kingdom came out and joined in that attribution Some people call it name and shame it's it's it's more than that It's making not just the public aware, but our national international partners aware that that type of behavior is ongoing And should not be tolerated and that reminds me of former colleague who said that Russia wants to destroy us and China wants to own us and and that that guides me Every day I believe in it and you know and going down a trail of key quotes that that guide me Maya Angelo said that if a person shows you who they are believe them the first time I'm a bit more forgiving than that but if an entity shows us who they are we ought to believe it and We've been shown time and time again by our our competitors Who they are a challenge is to ensure that the American public and our international public Recognizes what's going on on that front and that we work to do something about it. That does not mean I'm against diplomacy Or trying to work together on these norms, but again the last quote I'll throw out as you know president Reagan trust but verify you know we we we have had sessions with China on cyber norms at least in 2000 September 2015 I can recall one based on the constant theft of intellectual property Those agreements were had at the highest levels of our governments But I don't know that they worked out as well as as we hoped again not going to give up on that but We we need to persist another one on the international partnerships indigenous telecommunications equipment Making that threat known to amongst our partners because it was not just the United States That made our partners aware of the the threats and connectivity of indigenous telecommunications system and and our key partners recognized that and and took action So those are just a couple of examples of the international norms Can you speak do you might speak into us about a set of the the broader partnerships that ONCD is interested in pursuing and and have How the partnerships that your office is pursuing kind of fit into our evolving cybersecurity strategy or the The cybersecurity strategy in the evolving cybersecurity posture of America. Yes. Yes Mentioned one of the shifts the two major shifts in the national cybersecurity strategy The first one again is shifting responsibility from those that are least capable capable to defend cyberspace to those that are most capable the second major shift in the national cybersecurity strategy is to incentivize long-term investment in cybersecurity and what that means is as opposed to being first to market we need To have capabilities that are secure to market secure when they get there so many of the vulnerabilities that exist in cybersecurity are there because of legacy products That are not sufficiently maintained So we are working in partnership with the software creators To try to to get them to adhere to that philosophy. Frankly, it's good for all of us You know, we've encountered private sector partners who also want Their supply chain secure. So it's not a public sector versus private sector It's a partnership and there's going to be give and take a mention that software liability symposium We're gonna work with our private sector partners to find the right touch on how to do that So partnerships are key and I'll add I touched on Sector risk management agencies those US government entities that are responsible for working with The critical sector owners and operators Most of whom are private sector But that has to be a partnership guiding each other on how to best to secure these 16 critical critical infrastructure sectors and The other part of the partnership that that really concerns me is our our state local tribal and territorial government's the SLT T's Those are again in many cases these small Under-resourced entities that are going up every day against nation-state actors It's an unfair fight and we have to do a better job at being Good partners with those SLT T's I Would be remiss if I didn't take advantage of the fact that that we have you here. You've had a fascinating career in your own right We've got as many as 250 Mostly lawyers some cybersecurity professionals some policy professionals in the audience and then of course we have Possibly several hundred a thousand online Everything from students in school and classrooms to to other interested parties Do you have some thoughts from your own background your own perspective and then your work at the White House in developing a cyber talented workforce on On what we can do to broaden and better prepare ourselves to serve the cybersecurity needs of our nation our nations in the future Yeah, I do and thank you for that Just a few data points last Thursday I was at the United States Military Academy at West Point participating in the Joint Service Academy cyber summit So that education getting to those cadets It was important. So we're there for that today. I'm glad to be here Taking in some of what you all are are teaching and then tomorrow morning. I'll be at NDU With the the pinnacle class the three stars I use that just to show from cadets to this mid-level The senior level into the the most senior folks in our department of defense all Discussing cyber. It's a never-ending journey So so it continues. I know you're retiring soon, but I hope you keep your your pulse on on cyber and continue to To help us out You make a reference to the national cyber workforce education strategy the pillars in there include the need to Inject cybersecurity in American education system. I don't know that we can start too early on that So injected early and and that means not just doing a curriculum review, but also helping the educators You can't teach you can't teach what you don't know And then we talk about the continuing educational process, but another key Component of that workforce education Strategy is to take a look at at requirements for positions Do we really need to have a four-year degree requirement for cybersecurity professionals? That's a rhetorical question. I'm gonna answer it. No, we don't and and you know, I thought we were making progress By having a requirement removed from for federal contractors on US government contracts It wasn't a requirement. It was a worse practice. It was not a requirement so we became aware of that and worked with our partners at OPM and OMB and our educating Acquisition professionals that that is not a requirement in that beautiful de farce. It's not some people have made it a Requirement in their agency or department contracts. It's not a requirement for us So we need to do that and the last thing I'll point out on this front Impacting The education curriculums actually had a conversation with General Hall last week at West Point about how we might be able to partner with accreditation bodies to to ensure that we're getting the right Touch of a cybersecurity curriculum in the academic community NSA DHS Sponsor a great program Centered for academic excellence where they do go in and help colleges and universities Shape their cybersecurity related curriculum to best teach, you know this important field I can't thank you enough for taking your valuable time to come out of your position with many responsibilities You haven't coming down and sharing your thoughts with us. Ladies and gentlemen, please join me in thanking director Coker for speaking to us this morning The ladies and gentlemen for our in-person attendees I am very happy to report that we have tea available for you and To our virtual audience and everyone else we are on break till 0 945. Thank you Gentlemen, I'm Colonel trouble Rodriguez Medellin director of U.S. Cyber Command Office of academic engagements in 2022 We launched the command's academic engagement strategy in order to deepen our partnerships with academia Cyber Command established the academic engagement network also known as the AEN Which is a team effort across the DOD cyber mission force and academia our cyber force members include the command headquarters The cyber national mission force the joint forces headquarters doting and the service cyber components The response from our nation's educational institutions has been amazing in the past two years The AEN has grown to include 121 institutions from 37 states and the District of Columbia AEN members include nine federal institutions including service for colleges the Naval postgraduate school and for the service academies Additionally our 108 non-federal institution members include 15 institutions serving underrepresented communities Cyber Command's academic engagement program has four strategic goals First engage the future workforce by inspiring a diverse group of students to pursue cyber education careers Both in military and as civilians second Increase cyber applied research and innovation by encouraging research on our hardest problems We are hosting another cyber recon effort this year which involves student researchers mentored by cyber command staff The capstone symposium will be held at the Naval Academy in Annapolis, Maryland in mid-April of this year Third expand cyber focused analytical partnerships by providing insight into adversary cyberspace strategies organizations and capabilities Fourth enrich strategic cyber dialogue by engaging faculty We challenge cyber commands concepts and refined command strategies as well as align our senior leader engagements with our academic partners As we enhance our academic partnerships the legal profession is a critical aspect to this maturing relationship That will allow us to increase intellectual rigor as we advance the nation's cyber warfare capabilities to find out more check out The AEN at cybercom.mil Greetings from us fleet cyber command My name is lieutenant commander David Lane, and I'm here to provide a brief overview of our command and what we do Fleet cyber command has responsibilities touching almost all aspects of the information domain We break these responsibilities into four overarching hats that our commander wears First as us fleet cyber command We're the Navy's service component to us cybercom and service cryptologic component to nsa css Wearing this hat we plan coordinate integrate synchronize direct and conduct full spectrum cyberspace operational activities required to ensure freedom of action Across all of the Navy's war fighting domains in and through cyberspace We also serve as the Navy's authorizing official responsible for the oversight of the DOD risk management framework Ensuring that the Navy's information systems have implemented assigned cyber security controls identified risks and implemented safeguards from design through fielding our US 10th fleet hat is our operational element and executes our mission through a task force structure similar to that used by other fleet commanders This includes ensuring command and control capabilities as well as deliverance of defensive cyber and space operations in our 10th fleet hat We also operationalize our cryptologic and sigint missions as Navspace we're the Navy service component commander to us space command and offer centralized Coordination of Navy space activities and promote better integration of space and maritime tasks ensuring maritime superiority from the seafloor to space Finally as joint force headquarters cyber Navy We are subordinate headquarters to us cybercom tasked with providing support to us indo paycom us forces Korea and us south com through this hat We exercise operational control over joint cyber mission forces and provide planning and integration support through our cyberspace Operations integrated planning elements our domain particularly in our 10th fleet hat is widespread and includes the Navy's information operations commands or nyoks and various tasks task groups assigned specific functional or geographic missions We also provide cyberspace operations Integrated planning elements embedded at the geographic combatant commands we support These elements fully integrate cyberspace operations into operational plans Ensuring timing and tempo are set by the commanders for use of cyber effects in the field Our focus day in and day out comes down to three operational objectives Ensure C2 provide maritime and space domain awareness and deliver cyber and space effects We do this through five command priorities Warfighting readiness innovation integration and partners and allies These priorities enable us to execute our mission and provide cyber and space capabilities around the globe in support of combatant command and national priorities ladies and gentlemen To our over 250 expected attendees here in person today a joint base Andrews, Maryland and to our thousands of streamers online Welcome to our first panel of day two of the US cyber command legal conference Once again, I'm Lieutenant Colonel Josh Johnson on the deputy staff judge advocate or the deputy general counsel here at US cyber command And you may have heard that artificial intelligence is a hot topic around the globe The public sector private sector in academia around the world are wrestling with the issue of artificial intelligence every single day Artificial intelligence is being used in offensive and defensive cyberspace operations There are studies being done on the existential threat of artificial intelligence And yes, even lawyers are using artificial intelligence and getting in trouble sometimes with the courts when artificial intelligence hallucinates And so our first panel today is entitled chat GPT told us we needed this panel Implementing AI while balancing risk and innovation And you may have heard the D farther defense federal acquisition regulation being described as beautiful multiple times today Surprisingly my only hope one of many hosts are today's panel is that someone says artificial intelligence is beautiful And so it is my distinct pleasure to introduce today's moderator Miss Mallory Rosso Mallory is one of our incredible law student volunteers at US cyber command She is enmeshed in all legal aspects of offensive and defensive cyberspace operations Mallory is a 3L at Georgetown University Law Center She has previous experience at the Department of Defense Office of General Counsel as well as with the FBI New York cyber division Mallory over to you Thank you all for being here today in person and online and Thank you to my panelists for being here with me. We have retired Brigadier General Patrick Houston on the end General Houston began his career as an Army lawyer Including service as the SJA of the 101st Airborne Division the JSOC US Central Command he was the commanding general of the Jag legal Center and school in Charlottesville He is a member of the FBI's task force and the American Bar Association's AI task force and sits on the board of several tech companies In the middle we have Ms. Cat Duffy Miss Duffy is the senior fellow for digital and cyberspace policy at the Council on foreign relations She has more than two decades of experience operating at the nexus of emerging tech Democratic principles corporate responsibility international humanitarian law and human rights law She's lived and worked in South Africa Cuba Columbia and Tunisia in positions with the United Nations the State Department and a range of nonprofits and think tanks And then finally next to me. We have retired Lieutenant General Mike Gruen General Gruen served over 36 years in the Marine Corps Completing his career as the director of the Joint Artificial Intelligence Center and the senior executive for AI in the DoD He previously served at the NSA overseeing computer network operations as the director of joint staff intelligence So as you heard already this morning AI is the topic of the moment Everyone's been talking about it politicians newspapers panelists yesterday and Even my 93 year old great aunt who is concerned about how AI is going to impact our next election The AI obsession seems to be driven both by optimism regarding AI's potential and fear around its risks We're going to explore both sides of AI in the next hour. So let's get started You all have unique backgrounds and relevant experience that informs your awareness of and opinions around AI Given the relentless public discourse around AI you surely encounter areas where you think the public is misinformed Missing the point too concerned or not concerned enough If you could shut down or redirect one conversation around AI What would it be and why and general Houston will start with you. Okay. Thanks Mallory I am an AI optimist and so my thought on this is that people are for the most part are too scared to use AI properly I want to share a story about AI being used in a business use context to shed some light on its potential This is one of the most successful companies in the world that many of you probably have not heard about it's an outfit called the ant group and They are an online banking company with a very fresh vision. They're their business Strategy I guess would be boiled down. Well, I would call three one zero You can submit an online bank application for a loan in three minutes Within one minute a pressing send your bank loan will be processed and if approved the loan proceeds We deposited electronically into your account and zero as in zero humans involved in typical transactions And anyone who's ever done a loan application appreciate how ambitious this was and they achieved this goal They are now wildly successful one of the largest financial institutions in the world They have they are the largest digital payment platform over two billion customers Less than ten thousand employees Success like that a process like that can only happen through the power and the magic of AI Now the reason some of you might not have heard this company is that the ant group is in China They are the financial arm of Alibaba, which is China's basically their Amazon But it's still a tremendous success story that reflects the power and the potential of AI So many people just hear the headline or see the headline of the Tesla crash or the story Josh Just mentioned of lawyers being sanctioned for improperly using AI what I'm here to say is there are risks I get that you can't just go sprinkling AI pixie dust and everything and it's wonderful You have to understand the risks and take active steps to mitigate them, but once you do it's incredibly Powerful, so I say be bold be brave use AI responsibly and you will get incredible results. It's a superpower I have so many answers to this question I would say I Think the where I get most frustrated is people thinking that because We are dealing with a greater popular understanding and greater popular access to a powerful to one component of a powerful technology that We are trying to solve new problems We are not trying to solve new problems We need to acknowledge that we have an emerging technology that dramatically speeds up and scales Long-standing problems and so those things that we haven't come to grips with those things that we haven't figured out how to address Are going to get bigger faster And exceed the societal guardrails that we've put in for governance and for risk mitigation By the same token. I think there's a lot of opportunities here where to your point There are incredible opportunities and it requires a re-examination of the fundamentals and of thinking about where the fundamentals Haven't changed and so I tend to think that people center AI in the conversation And I think overwhelmingly we should be re-centering the fundamentals and then thinking about how different aspects of AI may Be shifting those in this moment in a way where we want to course correct or we want to create more space Hey, good morning everybody. Thanks for thanks for coming You know, one of the things that really bothers me I don't know why the they sent the terminator when they did, you know, like like I think the timing was very poor and I You know after working the joint artificial intelligence center for a number of years I developed an index and it's when how old you were when you actually saw the terminator movie and then and then How that influenced your perception of AI because I think you know There was there's an initial wave of artificial general intelligence, you know, we're seeking, you know Comparative peer intelligence. There was the terminator There was the mantra that we were all going to be turned into paperclips, you know for optimization of resources across the planet by the machines I Like that killer robots initiative or that narrative I think has really set us back and you think well, how can that be well one of the one of the Developments behind this is there is there are Organizations funded in the measures of like hundreds of millions of dollars approaching billions of dollars to create an anti AI narrative It's the effective altruism crowd. It's the future of life initiative But there are billionaires dropping hundreds of millions of dollars into the airwaves to drive a narrative about artificial intelligence And I think that really distracts from it's it's really tragic because it distracts from this enormous capability This potential that we have at our fingertips It is it is all about Transformation and and I the word transform is so important here. We have to think about Transformation. What does that mean? Transform the form changes. This is not some magical power. This is not some, you know, independent will This is changing the way we do our businesses and our functions, right? This is incredibly It's it's the most incredible opportunity. We've had and it hasn't started overnight I mean this started with kind of computer revolution in the 1980s all the way through Internet, you know, you know More mature software cloud services, etc So but this is a voyage to very practical solutions to some of our most pressing problems and what that really manifests in Then is our national security competitiveness for example or our economic competitiveness as a nation Think about the productivity gains that artificial intelligence offers to industries and then think about well How does the United States pay its national debt? How do we pay social security? How do we gain the productivity and the resources and the ability to do that? Artificial intelligence is the answer. It's something that's with us now It's not it's not hypothetical. It's not fantastical It's an extraordinarily practical way for us to increase our productivity in not just our economic activities But across all of our all of our lives Now you can I ask a question actually just for the people in the room apologies to those who are online? But for the people in the room who here has played around with a generative AI tool in their personal capacity just See that's great and a much higher proportion than I normally see and who here has to has to play around or engage with AI tools for work How many of you check the weather? Everybody raise your hand Okay, it's here. It's been here for a really long time. It's literally how we do weather forecasting. So It's it's already in all of our systems now the way you're gonna think about generative AI is maybe a little bit different But I just wanted to get a read on that. That's helpful. Thank you Like I should confess that I have never seen the Terminator, so I've explained a lot now. I've never made it through the whole thing. I think I've only seen pockets of it on TV So I heard a lot of optimism from you guys going down the line on that question But Ms. Duffy in in your opinion, where is the law least prepared to address AI related risks and challenges? I mean, I think the answer is where is the law prepared? But it goes back to it goes back to this question of fundamentals, right? And I know this because I religiously throw money at the New York bar association, so I never have to take that test again So that I can I can say that I'm a lawyer I think One of the you know my first paid gig in this space was drafting Goldman Sachs's Y2K due diligence record right, so I like to say that I was part of the original hype cycle and and And at that time the really cutting-edge questions in the law were around whether or not you could email a contract and That would legally count as delivery in the same way as it did if you faxed it Right, and it was the law trying to adapt to what does an email mean? Versus what does a fax mean? Technologically, what are the differences? Is there a meaningful shift in delivery? Right and If you need to fax something these days like thoughts and prayers y'all it's hard to find a fax machine and so I think that one of the biggest challenges is going to be How we interpret the existing laws that we have and what the and what the process is for doing that So that we can incorporate new technologies into our understanding of those laws So where do we need to actually update laws? If you think about this in terms of let's say the humanitarian law, right? I think a really good example of cyber mercenaries. How do you think about? You know, how do we think about mercenaries generally in international humanitarian law? And then how do you think about mercenaries that are sitting in that are being paid by one government to sit Within the boundary within the borders of another government to conduct a cyber attack or a nation-state level attack If not directly done by the nation-state but sponsored by the nation-state on a third government like where where does that sit in our existing construct of of Humanitarian law and I would say that at the moment we're not actually prepared to grapple with that and so I think Going back to the fundamentals though of like what is the spirit of the law Underlying our procurement forms. What is the spirit underlying human in the loop, right? These are the questions that we're really going to have to ask and answer and Where I get worried for the lawyers right now Especially in the in the but the military in the NatSex space is that the lawyers are going to be seen as a Root to getting what you want or as as blocking what you want and so I worry that for the attorneys there is going to be a lot of pressure in the coming years to Figure out a way like figure out the loophole, you know make it like a lot of close reading Right a lot of well. There's not clear precedent against this so Sure and then on the other hand, I think there's also a real risk of overcorrecting and saying like because it's absolute It's not absolutely and abundantly clear that this is legal We can't move forward and so it's going to be really hard. I think to lawyer Effectively in this space because it's hard to understand what the The collateral risks might be of any decision that you are going to make because we're still really learning how this technology is going to live in the world That humans in the in the loop Construct there. We're constantly hearing that AI has an accountability problem in the context of warfare There's a lot of talk about humans in the loop in the private sector. There's conversation around, you know, the black box That is AI How can we address these concerns and this question is for whoever wants it? And I want to add that I'm particularly interested in whether you think that we can come up with a framework that addresses Accountability concerns broadly or if we're going to be stuck and you know dealing with these on an ad hoc basis or sector by sector Stab at this and just say that I generally believe that our existing legal framework is sufficient to address the issues You know, I'm I think this I'm from San Francisco and in the streets of San Francisco All over our driverless cars and just imagine yourself as a lawyer Sitting in your office and you have a new client wheels into your office one day and says I was walking Through a crosswalk Struck by a car. I'm paralyzed and I need you to help me through this and you say, okay Did the driver what do you know about the driver? Did the driver have insurance and the person says it was one of the driverless taxis It's driving around town and would you just say? Oh, no driver. You're out of luck. Sorry out of my office No, of course not there are existing frameworks for responsibility and accountability where you can look at okay Who what's the company that employed this vehicle? You can follow the chain go through all sorts of other things to get to the right answer Here, it's a little different different It's a little nuance and you have to work your way through it But you're all extremely capable attorneys who can use existing frameworks for the most part to solve these problems There's one exception to that that we're really struggling with right now in especially in the generative AI world And it's an intellectual property issue about the use of training data and the in the copyright limits of it being used to train J&I really interesting It's certainly stresses and exceeds my intellectual capability in terms of of where of how the existing framework is going to be used to solve That problem, but I think just the general rule of existing frameworks being enough is how I come down on it All right Well, I can't set up here talking about AI with two retired generals and not talk about an AI enabled warfare So I'm general grew in a AI's role in warfare is complex Where do you see the most promise for AI on the battlefield and where do you think we'll face the greatest challenges? Great. Thank you. I just I think just like in the you know in the financial world and the rest of the world you know, there are There are a lot of things that we need to think about in the mill in military application now So I think AI is going to be an extraordinary tool for the good But there is extraordinary risk also when you have this conversation about okay Well, how do you manage that risk? And I think you know it starts with like law of arm conflict It starts with like what are the values and the ethics that we bring to our war fighting? And then how do we build our technical constructs so that we can do those things more effectively? And I think things like you know that that are that are sort of unadulterated goods, you know Things like a shared situational awareness, right things like you know automated Artificial intelligence recognition of you know threat actors or threat targets or threat systems So so you have you know, you have okay great, you know, we have today You know commercial imagery that's you know that that is subjected to AI and you start to pull out Like all of the artifacts of the scene there were three airplanes at that field yesterday There's only two today. Where did that other one go? That's a nuclear bomber. That's something we should pay attention to the Chinese fleet has sorted out of out of Harbor They've used this formation So we should be thinking about if we have to you know interact with that force here So we can do all of this stuff is doing it's you know already being is happening today so the very simple once again like like you know adding Automation to process Accelerate your ability to now have your fingertips on the on the Information environment so you know what's happening in the battlefield around you and then artificial intelligence can then help you start to Start to imagine like okay. Here's the situation. We understand it now. What things might we be able to do? Hey human have you thought about you know the Addressing the threat this way or that way, but all of this has to has to be tied to a Value structure an ethical structure, and you know all of you are very familiar with that ethical structure I mean you're already in the trench trying to tell somebody can I shoot that or not? Now think about and it's too simple to say something like human in the loop I hear human in the loop all the time and that that doesn't make any sense to me what loop, right? so so now you're you know a unit commander, you know down somewhere and The the higher headquarters AI algorithms are pushing known targets to you Do you have the authority to execute on those targets? You've never seen that thing You have no you know you have no firsthand knowledge of that target. What is the what are the rules for you to engage that target? Right, so so you know now you're developing your own objectives you identify Things that are you know in your battle space for example, okay? Now how does your higher headquarters address that decision-making process? so you have like these nested layers of Information that are that are flowing so if higher headquarters pushes you a target you assume that target is good, right? Because the AI at higher higher headquarters said it was good. Maybe it's not what if it's not what is your what is your? Responsibility now to validate a target that you've gotten from an algorithm from another layer of the headquarters You see like the complexity that goes into now the decision-making process, so AI is is going to be great at giving us good information to base decisions on But we're going to have to develop the processes by which we make those decisions on What authorities with what level of lethality with what level of trust across the force, you know from top to bottom? Those are the things you know on the you know for the for the dirty boots crowd That's that's the stuff that you're gonna have to have to deal with today. It's pretty simple We you know we de-conflict by by geometry right like okay? You have everything, you know east of that line, so it's your call you you make whatever call You're going to make east of that line. It's not going to be that way anymore We're going to have a comprehensive perception of the battle space and the things in it And so now how do we make proper decisions executed legally? You know based on shared information. That's that's a whole new paradigm. I think for the force And if I can just add on that I think then how you consider what your what your organizational structures are and what your approach is to Helping people learn So that they are truly they truly understand the decision that they're making right there's going to have to be a real Cultural openness to allowing people to say I didn't understand this Why was it doing X? Why was it doing Y? I feel like this is making recommendations that don't make sense right like one of the things that I That I think maybe challenging with military culture is how hierarchical it is and so Making sure that there are essentially outlets where it is it is shame or reprisal free for people at multiple levels To say hey, oh like this doesn't feel right, right? Like like how do you listen to someone's gut? This sounds really like woo-woo, but truly like how do you how do you? Create channels or spaces where somebody who is really using it in the weeds on a daily basis Can really flag like I think something is off here or this isn't making sense Or it keeps suggesting a or b and that doesn't that doesn't feel values aligned with me, right? Or it doesn't feel right because There are so many builds that are going to have one intended impact and then Misfire and this is a very non-military application, but I'm sure a lot of you saw that when Google rolled out Gemini a Bunch of testers were doing it we're using the the tool and they were generating all sorts of images of racially diverse Nazis Well, the Nazis were racially diverse because Google had put so much Google's team had put so much work into inclusion And making sure that images wouldn't be biased that now you had all of these images coming up of Nazis being like like very realistic-looking Nazis of every single race it was just a universal movement and And and that's not what anybody wanted to happen, right like now they were not going for racially inclusive Nazism and so That's a very like non-military quotidian example But I think it is a pretty good example of how in correcting for one thing They also then created a real risk For another thing that wasn't values aligned and it's people from the outside of the company once that was released Using it and testing it who found that and spotted it and brought it up. So thinking about how we How we how we create space as these different tools roll out and these different implementations roll out for people to raise risks or ethical concerns Safely like for themselves for their careers. I think it's gonna be really important and and that may already exist in spades I'm not sure I'll just add on to and say that I completely agree with your assessment general of the potential for Increased, I would say situational awareness and AI's ability to just just help and I think that's a good thing So I believe that will cut help cut through the fog of war. It could help reduce mistakes misunderstanding civilian casualties it can make a very In an inhumane function called war less inhumane perhaps and that's a good thing We all we all would agree that I do think the other side of the coin is the risk that you noted about the speed of warfare dramatically increasing and it's it can only be countered or Outpacing your competition through leveraging the same AI tools and a dependency on that at that speed can get very dangerous Very quickly. We've seen a flash crashes of the stock market when they're using algorithmic trading tools You know, we don't want to have flash wars that escalate out of control for the same reason So we have to be aware of these risks goes back to what we talked about at the beginning Understand these risks and figure out ways to mitigate them But you have to get in there mean you have to understand what's happening understand the techniques the tools And be familiar with it before you can really take active steps to mitigate it Because I could I if you don't mind because I think this is an important one And I probably should have started with us So I'd been in the judge at the Jake for a year and change and whatever we got a new deputy secretary of defense, right? New administration came in new DSD. So I was like so excited, right? Like I'm gonna tell her all of the cool stuff We got you know, we got algorithms for this. We built these you know autonomous platforms We've done all these things so I go out to talk to the depths like death and You know, I start, you know giving her this the pitch, right? Like oh, man You're gonna be so happy like look how far we are and she she like puts her hand up Literally, it's like, you know, uh, don't tell me about any of your technology Tell me about the ethical framework and responsible responsible architecture that we're going to build for all of our AI applications and I was thrilled by that answer, right because because that is exactly the core I mean all of our first efforts were how do you employ art? How do you build and employ artificial intelligence responsibly? How do you ensure that you're going to meet law of armed conflict? How are you going to define moral agency when humans are interacting with machines? What are what is the law or what is the policy for automation for like one of the things that we you know That we got across the wire was the Like the special policy. It's 20,000 dot zero nine take a look at it actually because it's pretty good and it's about About autonomy what's legal and what's not legal for the Department of Defense if you are talking about autonomous weapons There is a whole kabuki dance of Organizations that you have to go through that have to approve Processes that you need to execute. I mean the US has been is way out in front here in articulating those legal and ethical boundaries and not just you know Not just statements of you know, we care but but statements of no no no You're gonna do this before you're allowed to do that right like we've got that in in a really good place and we've now Franchise that to like 40 different countries under many of you probably saw the press release like 40 different military Organizations like came together globally to talk about like okay What kind of like baseline are we going to establish and all of that was premised on the stuff that the United States had Done and then that was we we one of the things that we built in the Jake was the AI Pfd the AI partnership for defense where we would Virtually like bring together large groups different nations and we would talk through Accountability Responsibility in autonomy and so like there's a good framework for that in the Department of Defense today It's great to hear and nicely segues to another question. I had Miss Duffy, how can existing legal frameworks adapt to accommodate rapid advancements in AI while allowing room for innovation and protection of individual rights? I mean, I think what I just said goes to part of it, right? So I Don't know if you all have Heard this phrase But one of the phrases that someone from the IC told me which stuck with me Was when they were talking about the privacy and civil liberties officers, right? And just the people who own like the human rights mandate or like the civil liberties mandate inside They said, you know, it depends on if you're if you're using the mushroom doctrine and I was like, what is the mushroom doctrine and they were like Barium and shit and keep them in the dark and That was a disturbing thing to hear and so I Think you know, one of the things that's really interesting to me about like like three thousand and nine is Folks inside I think feel very good and proud about it as they should it is also an entirely opaque process To anyone who was outside and so in order to trust that it is a good or solid or ethical process You must trust that doD is inherently ethical and Solid and I would say very respectfully that is by no means a uniform Feeling outside of the military when looking at the military, right? And so when we think about the processes that have been built internally But then in order to vouch for them to people who are external as experts on ethical considerations on rights considerations on how these Technologies are emerging in the world and what best practices are when that process is so opaque We also do what we leave a bunch of expertise on the table And we also I think actually lose an ability to create trust and to build more trust by being a little less opaque About what that decision-making process looks like what falls inside of which parameters and that's just a very that's a calibrated decision one has to make in terms of what needs to remain classified and secure and what doesn't But but that's something that I hear a lot from that sort of external privacy and civil liberties space is that They don't that there's no way of verifying it right. There's no way of verifying those claims Externally and so it makes it challenging so I think considering what exactly needs to be classified and quiet Versus what can actually be held loudly and proudly outside in terms of like these are our red lines and by the way, they're going to be real and and these truly are the ethical considerations and then honestly you guys it Always procurement everything's procurement at the end of the day I feel like Like if you you can have the best intentions in the world and if your procurement laws won't allow it Right won't allow you like you can't get through the procurement processes with the speed that you need And I think like the defense innovation unit has done really fascinating work I think DOD has done amazing work on thinking through how it can change procurement processes But there's going to be so much like devil in the details in terms of rolling out Different different reforms or different transformational approaches where you're gonna you're this is where lawyers are I think you're gonna shine because they're gonna have to get real in the weeds About are you saying the D far is or is not beautiful? Well, yeah Yeah, so I'm like this and you're gonna see this across the USG I think DOD is gonna be quite ahead in this regard But but those like like really understanding where we're gonna change nuts and bolts of existing laws To open things up. I think is also going to be like critically critically important Thanks for that. So I'm gonna Shift to talking about partnerships since that is the theme of the conference and we're gonna be opening up to audience questions shortly So general Houston you've spoken in the past about how industry partnerships are vital for the US's AI development in the era of great Power competition in your experience. What does this partnership look like? No, thanks again Mallory I think what Kat just said about trust Being so important is really the heart of the partnerships. That was the lesson yesterday I think it's a it's a timeless lesson and super important I would say from my perspective there are two different viewpoints on the partnership And I'll to really get to them I'll have to explain a paradigm shift and how technology is developed the old 20th century model where it was basically the US Department of Defense the US government was driving the development of technology think the space race Nuclear technology GPS the internet all driven by government development and then later migrated into commercial use The current 21st century model is almost the exact opposite the vast majority of technology that's being developed out there is being developed primarily for the commercial sector and is then being brought over into The military for use the military will go shopping and pick out what it needs This has called for a dramatic change to our acquisition process To that beautiful d4 that's out there and and so what I would say from the standpoint The viewpoint of how these partnerships are working from the established companies the big defense contractors and the big technology Companies that are also defense contractors. It's going well the processes these old processes still work From the standpoint of a lot of technology startups, which is where a huge portion of technologies coming from it's not going as well I will I will commend the entire Pentagon on its efforts to do outreach and have new programs Diu softworks aftworks Army futures command all have incredible programs to help these startups get into the system But I will tell you from this from the standpoint of these startups. It's very daunting It's very scary and a lot of them are just scared off and don't want to go down that road because it's still too hard for I think we need to do better Anything to add? Yeah, just a little bit just tangential, but but it's still is still there and this is like why why can't we like? Implement artificial intelligence as effectively as everybody else, you know outside the defense ecosystem And so and the the far and the de far and all the other kind of you know Obstacles are there and we're all very familiar with all of that The sort of like the the specialized D. I use and those special organizations that now create sparks are useful But the the challenge to implementation of artificial intelligence across the Department of Defense is a vitamin I deficiency vitamin I Imagination right we we the Department of Defense Because of sort of like the industrial age legacy that the department has in its acquisition Doesn't imagine how functions could be made better how You know data and decision processes could be integrated and so the Department of Defense the Implementation journey usually starts with something like this the chief and naval operations or pick another service chief says hey I want some of that AI stuff, you know give me a bucket full no No, give me two buckets full right and so so the so we have this demand signal that sort of like hey Hurry up and give me some tech Give me some AI and that's the exact wrong approach Imagination is Functional communities that imagine like hey, how could my war fighting function be better? How could I do artillery much more effectively? What should that process look like? What what is my process for getting ammo? What is my process for getting targets? What is my process for de-conflicting process process process? Artificial intelligence implementation in the department needs to be focused on process Change how do we change our processes? It's not about the tech the tech is a useful Component but it's about process and so so many times, you know You hear the well the Silicon Valley guys are gonna come in from California and they're gonna solve this for us They can't they don't know how war fighting works You know how war fighting works and your communities know how war fighting works start with that Then start to bring in the technology to start Identifying processes that could be made better what data could better inform processes, etc. You get the point Warfighters people in uniform have such a critical role in the technical evolution This is not about somebody building some platforms and dropping them, you know in the parking lot outside your You know outside your headquarters. No, no, no, no, no. This is all about you. This is all about thinking You know service members at any grade That's how you have to approach this vitamin. I right think about that Can I double down on this because so often and for so many years? Technological expertise is the thing that has been championed as like the necessary critical missing hard skill. I Overwhelmingly think that's not the case. I overwhelmingly think that deep understanding of a system and an ability to maneuver and navigate and make change within that system Which is something that tends to get acquired over years and years and years of practice I think that is actually a more critical hard skill and that You need to pair that with someone who can then fuel imagination by really helping That that person with that hard school hard skill understand the possibilities that exist outside of their domain of expertise So understand what AI could offer understand how it's shifting But I think overwhelmingly we lionized the people who have a specific form of technological expertise over those who have a deep deep deep understanding of the system or the society or the space in which which would be underpinning essentially that tech and so I think there's all sorts of and the other thing that's gonna be really interesting here Right is with this with the technology this transformative. We're gonna see different talents and different skill sets Pop up that are gonna be more important than they would have been before like if you're so my dad's best friend Went to a whiskey tea was a real good drinker and he went some from Kentucky And he went to like a whiskey tasting at Seagrams when he was in his 20s or just a tasting in general Turned out he just was really good at tasting whiskey And he just tasted some more and he tasted some more and the people who are the tour guides were like hold on like try this Well now try this that man ended up a master taster for Seagrams because he like went on this tour And he just happened to be naturally very good at it This goes back a little bit to my point around opening spaces for people to be able to sort of pop up or raise their hand or point to something because different types of thinkers different more creative approaches if you don't have a culture that's gonna give a lot of space for that to just sort of Be flagged. I think you're gonna have to you're gonna want to think about ways that you make that safe For people to do because you are gonna get You're gonna get really interesting ideas or people who just grok it in a way that you weren't expecting Kind of out of nowhere here So that's the other thing that I think lawyers can actually play a really interesting role. How do you create those spaces? Right so that you don't have so that people have the opportunity to get out for a minute Like go work in like take the people who are great at the system Send them out to work in the private sector for a year or two if you can to get a better understanding of where The technology is moving and bring them back in as opposed to just bringing somebody in from the private sector and being like transfer Your whiz bangerie, please That's great. Thank you for that All right now. We'll open it up to the audience for for questions Good morning. Thank you panel members captain Lodge of it from the 704th military intelligence brigade Acknowledging that AI will enhance battlefield situational awareness. How do you predict AI advancement in the more technologically and economically Advanced nations over less advanced nations in that respect will impact Battlefield and civilian military casualties. Do you envision that? Organizations will be created to level the playing field or how do you envision society will deal with that impact for? Deal with the impact with those advantages or disadvantages and potential mass casualties Could you maybe just the first part of your question just Annunciate that a little bit, please Sir given that certain countries have more means to enhance AI and technologies and their militaries How will that impact the battlefield and what do you envision we as a society will do to level that playing field? So so I'll start if you want So I think one of the things you know obviously look at Ukraine is kind of like the foot You know that's what everybody's that's the first thing out of everybody's mouth And I think that there's some validity to that when you talk about now with The ability now to you know to be aware of your environment to be aware of where the threats are To know where your enemy isn't where the vulnerabilities are now that becomes much more easy to identify You know through technology so like how do you then? How do you build up? You know the systems to counter and so and and you know the enemy is doing the same thing at the same time So you look at Ukraine in Russia, you know the court what that has that what has evolved to is it's not just about You know a weapon system. It's not just about you know patriots It's not just about you know an armored vehicle and a Russian convoy. It's about System versus system and so you know it's true like in Russia Ukraine Through an industrial lens, you know, it is about how fast can you build new equipment? It's just as true in the technological environment right where how fast can you think better and maybe operate quicker or build, you know new capabilities to you know to either counter somebody's capabilities or to You know preempt, you know the perfect example the classic example is like the Ukrainians You know sinking the bet the most of the Black Sea fleet, right? Not because they had some fantastic weapons capability, but they had the innovation though I'd venom the vitamin I for like how do you? Maybe take advantage of the situation in ways that people are not paying attention So it becomes much less of an industrial, you know the the contest of You know industrial systems that's still a significant component, but like how fast can you innovate with new technology? On top of that I think is is kind of the primary skill for you know people who are you know assessing warfare today With that and I the only thing I'll add to it is that war is not so much about being good or great But more about being at least a little bit better and faster than your adversary And it's that competition aspect of it that that keeps you going and keeps you successful here Well, I will say kind of going back to what what the other general said about The development of these AI principles and using this responsibly when I was working in the Pentagon Early on in the development of these responsible AI principles We were working with industry to try to develop them and we got beat to the punch The Chinese government released their responsible AI principles before we did and to To make it even a little bit more embarrassing. They were quite good They were impressive they must have hired some PR firm there's something from somewhere to get these they got them out fast a Great PR coup now that said no one ever believes that they're going to follow them to the same extent that we will But that's the challenge that we we face we you know I think you're alluding to this in your question about you know Some more capable people in this world will have these AI capabilities others will have will not Nevertheless, we have to use it and we have to use it effectively We have to win and we have to win by playing by the rules That's just who we are culturally as a society We are want to leverage this technology to its advantage others will be playing not by the rules And it will put us at a competitive disadvantage. We still have to play by the rules and what still win Hi, Ruben Rudolph dev com army dev com For the panel I suppose I did hear the key statement there about procurement is everything and and Be fair. I have a t-shirt that says procurement wizard I'm a bit of a nerd. Oh, well, I do too. That's great, but the The idea is well to the panel Already seeing artificial intelligence What does the panel think about? in procurement there are we can put out an RFP and and response is generated a lot quicker or it's more possible to Respond to a request for proposal for a contract a lot faster Also on the on the uptake side Evaluating this thing we have source election. We have you know our beautiful far and de far process That for all these sort of sorts of things What do you not just Forget the technological end of it, but what do you think of the ethical end of of having? computer writing it computers Artificial intelligence helping evaluate what the other artificial intelligence came up with and do you see that in the future and How do you how does that strike you? I'll say my my first my first thoughts are that I'm exceedingly glad that That dr. Plum came in yesterday as the chief digital and AI officer coming in as being as having been under secretary Or deputy under secretary for acquisition I think it's really great to have someone in that role who has both expertise in the technology in the technological sector But also deep expertise in what acquisitions and management Looks like because that you're gonna need that sort of dual thinking in a in a role where you're helping guide stuff like AI innovation in terms of In terms of procurement to me. It's honestly It's a huge open question in my book I I don't understand in a space that is moving as quickly as this one at least with regards to generative AI applications You know you've gotten more or less a very a very small collection of foundational models That these systems are being built off of and then you've got a and then it's gonna be a stack Right and it's gonna be one vendor who does one thing and there's gonna be another vendor who takes another and they're gonna do A smaller application of that there's gonna be a smaller application of that And so I think you're gonna like I feel like what we're gonna end up with is a sort of in order for it to For a system to be able to be sold to DoD, right or to be sold even to the USG You're gonna end up with a stack that kind of looks like this We've got these very broad foundational models And then you have like okay and like and this check and this check and this form and this whatever right You potentially Winnow out building that stack takes time And you potentially winnow out accidentally a lot of the most interesting or cutting-edge Applications of what's happening. You know if you were looking at GPT for six months ago Well clawed three has completely overtaken that in the in the model space, right? So if you if you look at your vendor market, do you even are you clear on what foundational models? They're being built off of are they built off of an open model? Are they built off of a closed model? If so, like what does that what does that look like at what like where your vector protections? How is that going to be like organized and I think to your point on IP? It's not just I be it's like the whole liability stack like who who gets sued is a giant question in my mind right now in terms of at what level of the build has someone is someone contractually Obligated because a lot of this is like a licensing model on top of a licensing model on top of a licensing model So I don't this is a terrible answer but I think Ensuring that there are Ensuring that there are procurement mechanisms that allow for at the very least The rapid bringing in of Different types of companies different types of models different types of approaches very fast security clearance processes For example like much faster security clearance processes to allow people to come in get some information and do a prototype You won't you won't be able to see a prototype unless they have access to some of the information that's going to be gated So I think considering how you do work How you think about the elements of procurement around with the workflow that goes into procurement I think maybe less about like reviewing the applications Right and more again just going back to basic the processes or what's going to kill What's going to kill things? So how do we get more nimble with procurement process? Maybe yeah? I love the idea of using AI to tackle any mundane tasks that would free up humans for higher-level tasks There was a Boston consulting group study last year that looked across a variety of industries of people that were using Chat GPT or other generative AI tools and they found that across those industries you workers at all levels who are given access To a generative AI tool and just a little bit of training on average increase their productivity by 25% So like if you could push a button and get 25% boost in cognitive ability or 25% increase in Productivity like who would say no to that and if you could be doing more rewarding tasks than the the Dole drudgery of you know flipping through file boxes. Why not let an AI test? I advised a founder of a company about six months ago who's trying to do very very similar tasks create a tool for startups to Answer and respond to government RFPs And I also talked to another To compare a founders from a huge established one the largest AI contract companies out there And they said they want nothing to do with government contracting that the return is not there and it's just too difficult They did not see the deforestation beautiful clearly but but I love the idea of taking the task of Writing a proposal and giving the at least the initial draft of that to an AI tool or even like the web dev Government portal like how many coding hours right how many how much time how many software engineering hours or dollars are Going to an actual software engineer sitting there and running basic updates to like the portal for procurement Right like a lot of that actually it's very low-level coding like actually very easy easily replaced In which case then you free up that software engineers brain To go do things that make more sense or are more innovative or interesting That the other ways of thinking about it, but All right, we have time for one more Good morning. Lieutenant Colonel buzio 335 single command China has declared its commitment to be the global leader in robotics and artificial intelligence by 2030 Is it your opinion that China is on path to succeed by 2030 if not sooner? and What are the consequences for the United States and by extension our partner nations throughout the world if China becomes that global leader in AI and robotics Will we not become economically dependent and militarily inferior to China? Yes, they are on path with what the possible exception of chip manufacturing and the consequences would be devastating and Devastating in through the lens of like quantum and quantum communications quantum computing. They are they're We're right way ahead of us in quantum They the Chinese Communist Party, you know Here's the thing if you're developing if you want to if you're an AI developer and you want to and you're part of the Chinese Communist Party and you want to monitor a billion people and you can build an AI infrastructure to collect data and monitor a billion people and You're really good at that like how hard is that to like then monitor like the US Navy? What do we have like 300 ships or something? You know 335 or something like that so so here So, you know here you go like they've taken the massive data environments that they have and they've turned that into data Capability for internal control It is a fair question Can they actually be as nimble if they're doing things outside of sort of like that very narrow parameter? I think I think you know for example what gives there's a lot of reason for hope here Right so like I'm not a doom and gloom China guy because on their their Demographics is destiny and their demographic trajectory is horrific for them. They have About a quarter of their people are migrant laborers that don't really have social services and real jobs, etc They have now think about like from an information perspective, you know our our industry our AI industry Flourishes because we we work in the information space we share information We make information more easily easy to get to we integrate information of components. The Chinese Communist Party doesn't do that Behind the Great Firewall they Significantly restrict the activities of every company and they also significantly restrict and monitor the interactions of of their citizens on the internet like that is not Like that is like grown mushrooms, right? Like if you really want to flower and explode into like a really successful society across the board It's more than just You know monitoring the citizens and monitoring the companies to make sure that they comply with the CCP's Directives, this is I think this is something that will hold them back significantly I think the the innovation in our Information society even as you like crazy as it is, you know, especially over the next you know The next nine months are gonna be insane like like I would take that over a very closed Data restricted environment where you know, you have monitors AI monitors for to make sure you don't say something like democracy or Tiananmen Square or you know what I mean like like that That there's a there's a difference in the way our systems operate that I think is to our advantage They do have advantages though and their ability to focus on something and get something accomplished They are by far for example the world leaders in like publishing AI, you know educational You know university papers for example like they publish by far and they're really good They're not only they not only lead in quantity, but they lead in quality But they their system holds them back right like the Sorry, I'll just to just to keep going like like US graduates 4,000 or 4 million no 40,000 to 400,000 graduates from college every year. I think it's 40,000 40 40 or 400,000 the The Chinese the China graduates 4,000 STEM graduates every year right so like they have Or I'm sorry. I've got the wrong number there But but but it's an order of magnitude Greater for STEM graduates, but the STEM graduates are being pushed into factory jobs because the infrastructure in China is really still focused on Manufacturing and so this is why you hear about Chinese kids lying flat is because here they have STEM degrees Here's they have all kinds of capability, but the system there does not allow them to To take advantage of their education and they're they're very bitter about that So so even if you can look at you know data points that China has a really good technical this and a very good technical that There are some like underpinning vulnerabilities that hold them back from from really succeeding at scale and I would just add on this I think that one of the keys to preventing that from happening and preventing preventing China from being the global leader on AI is having defense back Loudly and vociferously how important development and diplomacy are going to be in this arena to prevent that from happening because China has done an excellent job of co-opting the global narrative around digital transformation they ate our lunch on Connectivity right all of Africa's basically wired by Huawei, right? You know a Chinese company would like it is the contractor for Zambia and its facial recognition technology And so I also think the way that we consider the way that we think about bilateral assistance probably needs to shift Dramatically there is a hunger From global majority countries or some people say global south all over right but lower and middle income countries There is a hunger to use this technology to get on this technology quickly They do not want to be left behind the way that they felt they were left behind When it came to internet infrastructure and internet connectivity China's the one who stepped up and got people connected We didn't right and that's that's 10 to 15 years of goodwill Lost where we absolutely could have been ahead of the curve right now when we think about AI systems China is going to follow the exact same development model that it's followed with digital Belt Road initiative Which is to go into these countries and to say we're going to be able to do it cheaper We're going to be able to do it faster Oh, and by the way, there's no limitations on what you want to do with it like what you want to do with it is your business because digital sovereignty right and our companies American companies or even Western European companies Canadian companies that could Compete for those same contracts that could compete for that same work are going to be more expensive Right because China is subsidizing its countries and we're companies and we're not subsidizing ours And so I think we're going to have to think a lot about what it means for country after country after country to turn over its national data to a Chinese company So that it can get on board with AI and using it for citizen services and for its own analysis at its own digital transformation Because we know that while the US government doesn't have access to all the data from the US companies We know that the Chinese government will be able to access whatever data it wants from the Chinese companies And so I think this is where we have to be really smart about leaning into our soft power also our soft power in terms of Bringing in talent, right? I've served it so many as you know, many of us have I've served it So many diplomatic missions around the world and lived in so many countries Everybody would rather come to the American party Truly just at a baseline that's where people would rather hang out I think it's the same way with talent in general people would rather be in America It's a more interesting free space to build And to learn and it's a freer culture But that means we have to really lean into our soft power as opposed to thinking about this purely through the lens of sort of geopolitical hard power China has the opposite immigration problem All right Mallory Michael sir cat Patrick sir, thank you so much for that deeply insightful wide-ranging and frankly entertaining panel We were able to cover driverless cars AI and the targeting cycle on the battlefield intellectual property and liability The importance of process the need for illegal policy and ethical framework for AI and then once again We confirmed the criticality of the acquisition and procurement process And that that far in the D-Far can be beautiful And finally I discovered that our next upskilling event for our legal office will likely include the showing of the movie Terminator for our younger attorneys So thank you so much for our distinguished panel, please join me in a round of applause All right ladies and gentlemen. We are on break until 11 o'clock Eastern Standard Time. Hello. My name is Mallory Ross. Oh I'm a third-year law student at Georgetown University Law Center. Hi I'm Elisa Savanius, and I'm a third-year law student at Harvard Law School We're here to share about our experiences as law students with the US Cyber Command Office of the staff judge advocate The US Cybercom student volunteer program provides an opportunity for highly competitive law students who have an interest in cyber security And US national security to work alongside US cybercom attorneys and a variety of cyber and national security law related matters While earning semester credits towards graduation Law student volunteers have the unique opportunity to be exposed to cutting-edge legal issues affecting US national security interests across the globe The invitation for applications is published during the fall semester on the US cybercom website Applications are accepted between January 3rd and 31st Qualified applicants must be able to obtain a top-secret security clearance and should demonstrate strong legal research Writing and oral presentation skills as well as have an interest in cyber security and US national security While the student volunteer program is unpaid students can earn course credits toward graduation while gaining invaluable professional experience I specifically went to law school with the goal of becoming a cyber and national security lawyer So it doesn't really get better than an externship with US cyber command The attorneys are collaborative and involve us in all aspects of their practice We tackle complicated legal issues and have planned a series of meet and greets across the interagency Exposing us to the work of other federal agencies I definitely didn't have didn't expect to have the opportunity to review a cyber effects mission as part of the national security law team I'm obtaining real-world experience that I know is going to be invaluable as I launched my career in national security As a bonus you get a clearance and develop professional contacts. I Applied for US cybercom's law student volunteer program because it offers an opportunity to gain hands-on experience and work on some of today's most Cutting-edge legal issues our day-to-day work involves conducting legal research and writing under the supervision of the attorneys here at Fort Meade Whether it's helping to draft a legal opinion Reviewing legislative proposals or attending legal engagements with partners. This experience has been incredible Working with them I have learned a lot about how highly effective attorneys approach complex questions at the intersection of technology and national security Their feedback has allowed me to sharpen and expand my legal skill set This experience has been a highlight of law school giving me the chance to be part of an incredible team and mission If you are a law student who is interested in pursuing a career in cyber law and US national security We encourage you to visit the US cybercom website and apply next time Hello, do you often find yourself pondering big questions? Such as what can I do with my life after working for the government as a civilian employee or military member? Are you contemplating retirement or separation from service? Have potential employers asked you if you have a post-government employment letter that they want you to submit with your job application? If so, you need a post-government employment briefing Have you recently received a gift from a foreign entity or personage? Do you know if you can keep it? Find out with an ethics review Have you been invited to speak at an event sponsored by a non-federal entity? Do you know that you can do it in either your official capacity or your personal capacity? Have you been offered free travel? Come to us to find out if it's legally permissible for you to accept that or not Is your spouse trying to launch a reality TV career and wants you to participate? Do you want to find out what you can do to support them without losing your job IRL? Do you inexplicably have enough energy to pursue off-duty employment? Find out your parameters before accepting an additional job Do you per chance aspire to emulate a dragon and have a horde of gold and challenge coins? Ensure that you're handling those coins correctly with an ethics review Are you handling multi-billion dollar contracts and just happen to be inspired to invest in the stock market? Pump the brakes on that investment and discuss it with your friendly neighborhood ethics attorney first Do contractors try to slide into your DMs to reach out to you to try to arrange meetings to educate you about their latest developments Do you know what to say? We do Does using the appropriate appropriated funds appropriately cause you consternation or stomach upset? Does ORF make you itch? You're in good company talk to your ethics advisor about how to and if you can Fund that tea party that you're planning Failure to loop your ethics advisor in for review may cause severe side effects including job loss attorney's fees fines loss of pay Sanctions in jail time Ladies and gentlemen welcome back. I am very excited to introduce our next panel Earlier this morning. We heard from the National Cyber Director. Mr. Harry Coker, Jr Highlight the importance of the civilian critical infrastructure sectors whether it's securing our ports our Communication systems the energy sector or power systems We are at a vital stage of needing to defend our critical infrastructure To do so we must partner That leads me to our next panel working together to protect critical infrastructure in the digital age I am thrilled to introduce our next moderator here Mr. Corey Simpson who is the CEO of the Institute for critical infrastructure technology and CEO and founder of grace-based strategies He also previously served for many years on active duty as an army judge advocate and still serves in a reserve capacity He is a dear friend and fellow West Virginian Corey over to you. Thank you This we there we go there we go It's great to be with everyone. Thank you for having me back This is a fantastic panel and I'm excited to dig in before I do that just a little bit about the Institute of critical infrastructure technology ICIT a non-profit non-partisan think tank dedicated to improving the security and resilience of infrastructure that provides for people's foundational needs ICIT takes no institutional positions on policy matters and rather than advocate ICIT is dedicated to being a resource for critical infrastructure Technology and the communities dedicated to making both more secure and resilient It's great to be here with such a Fantastic and phenomenally qualified panel to talk about this important topic I'm joined by three extraordinary leaders who currently lead and have led organizations vital to our nation and securing and defending its critical infrastructure They and or their staffs have each separately and on multiple occasions Asked that I keep their introductions short. So I'm going to respect that but to my right We have assistant director Mona Harrington Center we have miss Edna Conway and then of course Everybody in the room should know the scene of math commander general mallock With that let's dig in so critical infrastructure is the infrastructure critical to sustaining human life It's evolved as we've evolved thousands of years ago aqueducts and canals Today, it's not just roads and ports satellites pipelines webs of fiber that connect and bind us all everyone in the audience and listening in today realizes relies on critical infrastructure It brings us clean water. It heats our home. It powers our devices enables communications with loved ones and it makes global transportation possible To a would-be adversary Doing a carver analysis. It's critical. It's accessible We heard from the national cyber director this morning that many of the small And rural utilities are target rich and defense poor and as Into a near-peer rival. We heard a little bit about Particularly with China and as they look they compete with us with what primarily a belt and road initiative Which is a critical infrastructure initiative that's global To the u.s. Military leader or policymaker critical infrastructure is what enables force generation nuclear deterrence power projection and military mobile and military mobility to the small town mayor Critical infrastructure is whatever her community tells her it is that day Can consist of repairing potholes to fixing bridges To perhaps responding to an attack on a water facility from an Iranian actor The range is vast and no matter how you look at it. There's one thing that's certain Critical infrastructure takes a lot of folks to build it maintain it secure it and defend it And that's why this conference and the theme of it the power of partnerships is so important specifically in this space And now I'm excited to dig in and with that I'm hoping that we can start with With you general Malik and you could tell us a little bit about the CNMF and its role as it relates to critical infrastructure Can you hear me? All right, Cory. Thanks for Hosting this panel And also I would just want to say from the heart, you know to the legal community You all are unsung heroes as we think about maneuver warfare as we think about protecting civil civil liberty civil liberty and privacy You know, we don't give you enough credit But in order to accelerate in this space and as we talk about critical infrastructure There is no more important group of folks than our legal profession So I thank you now for what you do and I thank you for what you are going to do as technology evolves And you help us think through how we do this and hold and continue to be who we are as a nation and making making sure that we remain True to our values as as the United States I am so I was at the National Security Agency for about two and a half years and That I thought, you know, that was the pinnacle of the career the best job I'd ever had in my Marine Corps career every job is a best job but but that was that one was really good and you know, I was devastated at the idea of leaving NSA and I got this job at the Cyber National Mission Force and I tell you Every day I show up. It's with a smile and a happy heart. I've got a team whose Understands the mission which is to protect the nation be the nation's 911 force for cyber We have a just cause, right? And our our remit is to be like the Marine Corps ready when the nation's released ready And so we've got the best cyber operators and support folks that the nation has to offer And so what we have seen is a growth in the requirement For us not only to be forward engaged with our allies and partners to be able to see and Understand what our adversaries are doing but to be able to be poised to have The the capability to act and so we do that with partners We do that and and you're gonna hear some of the the great work that we're doing together to be able to get after Our nation's adversaries But I will tell you We are really really serious about Understanding the challenge and so what we are finding is that you know the US government understands a part of You know what our adversaries is doing and the partnership piece gets really really important and that as we work with industry Because they also have intelligence apertures. That's a partnership. That's really critical Inside the US government as we work with CISA FBI The rest of the in the IC community and frankly as you think about new partnerships with Treasury Those are going to be really really important as we move forward So it's a whole of government whole of nation partners and allies approach for and for the cyber national mission force to be able to be You know defend the nation From militant cyber actors and cyberspace but also to be able to impose cost with our partners and allies when we're called on to do so and then Assistant director Harrington, could you please tell us a little bit about the organization that you lead in its role in the critical infrastructure space? My test I think that worked fine It's so good to be here with all of you today really really excited to address the group on such a critical topic So again, my name is Mona Harrington I serve as the assistant director of the National Risk Management Center for those of you who are not familiar with that That's within the cyber security infrastructure security agency and essentially our mission is to defend against Cyber security and all hazards and reduce risk and build resilience in critical infrastructure For those of you who may not be aware We've got 16 critical infrastructure sectors and the National Risk Management Center is charged with building resilience But also providing actionable analysis to enable our critical infrastructure partners and our critical infrastructure partners consist of Agency partners, but also the private sector. So at the National Risk Management Center We have a number of initiatives where gaps have been identified and there are challenge areas in reducing risk or Emerging technologies that we need to really research and start leaning forward as the general said and really come up with Solutions on both educating and providing best practices, but foreseeing those emerging risks So the National Risk Management Center invests a lot of time into building these critical partnerships working across CISA to provide Actionable information and analysis that can be utilized and we work across the federal government and sector risk management agencies were defined in Presidential policy Directive 21 Which talks about these 16 critical infrastructure sectors and the importance of defending and reducing risk But but also sector risk management agencies were identified in that PPD 21 that give us Authorities and the definition of what critical infrastructure is that really allows us to operate in an environment where we are truly partnering regularly and identifying what those gaps are and Leaning forward to reduce that risk on a number of initiatives Happy to get a little more into that later and discuss some of the Projects that we're working on and what and what we're doing to reduce risk to critical infrastructure Thank you, and miss Conway you've worked In and helped lead some of the world's largest companies And it have advised global and national leaders in technology how to develop it secure it defend it And everything that that incorporates from linchpin technologies to defending supply chains You bring a private sector perspective here today, and we'd like to just kind of Get that perspective understanding that the private sector from sometimes a public sector Characterization we think of it monolithic and it's not it's very diverse. It was a diverse set of activities So maybe I'll just turn it over to you for opening thoughts and how you want to Frame critical infrastructures. Do you think about it from a private sector? Yes No Okay, great. Sorry. I'm from Brooklyn. We just talk we don't use microphones So Look, I think we are at a pivotal time Where I defy somebody to describe something maybe a paperclip that isn't critical infrastructure We have connected so many things via the wonders of digital technology and for the record I do not believe the D Fars are beautiful But I think we now have a body in large part due to some of the organization that comes from the 16 critical infrastructures that you heard Mona refer to But what we have is a network of interconnected private sector groups who understand in all honesty We in large part deliver that capability to the citizens of the United States of America And if we don't understand that we're doing that in partnership with the government then we've missed the boat At the end of the day. That's why we exist We all have mission statements, but so many of us have within our hearts quite frankly a Dedication to the people of this nation and when you think about it in that way what it means is your building technology with the mindset of both commercial and Defense utilization particularly when so Cory was very good about not telling you Because I'm ancient my bio is very very long But I just retired as the chief security and risk officer from Microsoft's cloud business I mean before that I was the chief security officer for Cisco's global value chain When I think about that That means that I'm embedded everywhere, right? What I was doing was not only capable of Taking down critical infrastructure, but also enabling it to be richer Swifter and deliver more to our citizens So I think that's the mindset that we have to have and I have a very clear bias Despite the 16 sectors. I believe that IT is Something that pervades everything in today's digital age and it doesn't mean that the other sectors are less important It just means quite frankly. We are beholden and have an obligation to them as well And I think that that leads really well into this this next point is Overwhelmingly critical infrastructure is owned and operated by the private sector No matter the percentage and no matter the sector which of the 16 that statement holds true So it actually in this space partnerships isn't like a nice to have or we would be better If it's an absolute necessity, we just have to work together public and private sectors with the common good of Building defending maintaining protecting our critical infrastructure And so with that context same question for for each of you How do you approach collaborative efforts, you know visa, you know from public to private? and then how do you Relationships require time commitment resource commitment. How do you think about? prioritizing From your different organizations where you invest your time your resources in building relationships from your organization to other organizations and Mona or Director Harrington If if you can maybe kick that one off Absolutely Corey that is so Incredibly critical right the cyber security infrastructure security agency cannot effectively mitigate risk with the owners and operators Owning over 80% of critical infrastructure that being the private sector. We absolutely have to engage them there are also agencies that have equities and have a special expertise and mission that Understand those equities better than we can and we want to enable and we want to reduce risk and it's really an effort that Requires collaboration. It's not a nice to have it's a must to have we really can't succeed without that SZA in particular has Just within the NRMC. I'll talk a little bit about what we have set up for some of these critical partnerships for example ICT supply chain huge risk area. We have a special task force. We've got Private sector partners that sit on that task force We've got a number of working groups and my good friend here Edna sits on that ICT supply chain task force So that's a good example of private sector partnerships And how critical it is to hear from them because they are providing the service or the good or the product And are coming from private sector entities that a lot of times have systemic importance if disrupted Can have debilitating cascading impacts throughout critical infrastructure What are those dependencies and figuring out how they're interconnected and how to build resilience is The really critical important information that's coming from our private sector partners We have a view and a lens in the NRMC one of those lenses that we look at to identify the risk our National critical functions. We've identified 55 national critical functions Mapping and aligning those to figure out how to build that resilience and ensure That our critical infrastructure continues to operate by working with the private sector and understanding what they have in place The current and post-incident how quickly can you bounce back? But also what are you putting in place to mitigate risk so that it doesn't happen in the first place? another working group I'm a part of is the swarm space weather and We just have a lot of different partnerships at SZA like the JC DC that consists of many private sector companies that come together and Think through how to deal with challenges in the critical infrastructure community and like I said earlier Identifying where those gaps are so that we're prioritizing our resources and working with the private sector in a way Where we're really valuing their feedback Because a lot of times this is just volunteer work on their part and so they're assisting and part of that greater good I see Edna smiling because she's done a lot of volunteer work for SZA and Continues to do that and it's those relationships and building that trust so that you're incentivizing the private sector to both show up and Have a voice at that table so that we truly can work together and Build resilience and you're not exchanging business cards during an emergency that that that's just not ideal for anyone Edna, what are you? What do you have to say to that? Look, I think I think partnership is key. I think that government has a unique role Let's not forget. We have the privilege of living in a democracy when you live in a democracy It means inevitably that private sector participants are at the end of the day also trying to make money and When you keep that in the forefront of your mind What a partnership allows to happen is the convening of folks who are and I love marketing I've never been in it, but what the word that they always come up with is co-operatation. I'm like that is not a word We are competitors and so there are things you may not share Directly with a competitor, but when you're striving to achieve a goal in a government convened Public-private partnership you have the capacity to bring to bear What I believe is the truth, which is? 96% I'm a big data person 96% of what we do in the sectors and as competitors is the same There are differentiators and they are pretty fantastic my opinion though. That's where the beauty lies Not in the D Fars. You guys gave me that line. I'm just gonna keep hitting it home but I do think that there's a unique Opportunity that only government can bring to the table and I'll give you an example. I have the privilege of working still with your former agency and Someone from the comm sector and I were talking the other day And I was talking with somebody from your former agency last night And what we were discussing is and we'll talk a little bit About some of my deep-seated fears right now after but this one came from the comm sector Which is what happens if the core goes down? How quickly can we get it back up? And I said are they inviting anybody from the IT sector and the answer was no We're gonna keep it just to the comms folks for now. I Looked at that and I said you realize that what's in the core For the communication sector is information technology, right? And there's an opportunity where a government agency can pull in that duality and have a more meaningful and rich conversation all right, so Why have I not met you before I don't know, but I'm so glad you're in my life. Why we do these events ma'am so so Edna said a couple of things that I'd like to just go back to and pivot from the conversation about Inside the department and the government is we have business systems and we have national security systems We have we have moved beyond that now Based on what Edna told you about the work. She did at Microsoft and Cisco These systems are now more and more national security systems because they have national security data They have our government data They have our the data of our citizens and so they're very very important and the loss of those systems or capability whether their IT or OT can present grave danger to our citizenry and so the power of private part, you know, public-private partnership and You know government-private public partnership. I mean because it is how do we begin to move at the speed of trust and If we were to act like a team Right, if we were to operate like a team we could outmaneuver any adversary our our strategic advantage is the apertures that Edna talked about that the You know that industry has right and so we think about what the government terms of how we look at these Quarters and state back malicious cyber actors as they look at our critical infrastructure. I'll give you an example There's a lot of Conversation right now about volt typhoon and that is the Microsoft identified Actor that's you know back by nation-state China targeting our critical infrastructure The work that goes on right now across the US government with partnerships Not just with partners an industry not just Microsoft to get after this is extremely important and that is the model that we're gonna have to have going forward and so Gone is the world where we you know We know intelligence that we see from our exquisite apertures We're in the world now where we're trying to as quickly as we can Find what we know about what the adversary is doing to target critical infrastructure Share it quickly and then across the entire ecosystem figure out who has Authorities what we're trying to do is empower folks who have the ability to act but it has to be stitched together in In a in a in a way where we achieve Outsize outcomes and as we're acting not just inside the United States, but globally with partners We can't do that without our lawyers I can't do that you know to be able to do a defensive operation or You know if required a cyber effects operation without thinking about the impacts globally I need lawyers to be able to help me think about how we do that And I think that's you know working with partners and allies not just doing a military effect But how do I bring in you know the SMEs from you know, whether it's Cisco Microsoft whomever We have begun that journey though with an organization that we have called under advisement And that is embedded with the national security agency The cyber security collaboration center those we have a number of companies that you know We we work with and in order to enable us to accelerate so Again, you know to the point that Mona made we have to be able to operate at the speed and trust You don't do it on the day of crisis how I invest in partnerships. It's it's all of them all-comers Right, whether you're a small company building an exquisite thing That you know And and those are the things that we're going to have to discover What is that small company building that exquisite thing that has impacts that if you take that small company down It has impacts across the you know the national ecosystem. So when you talk about prioritizing partners It's all of them and we've got to do the analysis to go the systems analysis to figure out How we prioritize them but again, you know, it's it's investing in in all of them. I think it's tough But you know, that's why we are creating acolytes across the u.s. Government And you know if Mona has a partnership and Mona and I Have trust then I think you can operate on shared trust That's fantastic. And I know that I can Um At least speak for a lot in the room the lawyers we we're not great at mass sometimes and we've had uh 16 Sectors 55 critical functions. I'm going to try to whittle that down to a more palatable number for us Let's let's talk about three. So there's a framework three core components to critical infrastructure digital physical inhuman and They're each inter interwoven In many different complexities and we try to peel them apart We have phenomenal leaders sitting in front of us right now and I want to talk to you about the human element Of critical infrastructure and how you think about people in your organizations the organizations that you have led But also about people in the larger critical infrastructure space I'll turn it over to you. Absolutely So I think the human element is you know, a really important aspect for the type of work that we do at the national risk management center Um, obviously federal government agency hard to compete with the private sector Um in terms of salary and things like that, but our folks are incredibly passionate about what they do Because they want to move the needle and they want to make a difference and they know how important it is To move that needle and how complex it is to stay ahead of our adversaries And to lean forward and to make a difference every day and they don't always know what they're walking into So, you know Cory just you know thinking through this I think number one We have an incredible director at SZA and she puts her people first And so we've got a a a culture within SZA that really helps folks be passionate about what they're doing And are committed our workforce is invested in in a number of ways Um from training to a good work home balance to all kinds of incentives required to for them to have um A healthy mind and and a good and good morale and continue to try to move the needle on such a You know in some days a nascent effort not something you get up and do every single day You just don't always know what you're walking into and what problem you have to solve Um, I also want to answer this question by talking a little bit about how important it is To build trust and that human element That we've heard from everybody on here today It's not just your internal workforce We talked about how critical those partnerships are and how we can't move the needle without those private sector partners And of course partners across the federal government as well And so building trust and having you know very authentic approach Um with what needs to happen and being able to provide Good return on investment when you are building partnerships with folks So they feel like their time is valued and that you are working towards a cohesive effort to build resilience in critical infrastructure I mean in the end of the day. I think kori opened up with You know critical infrastructures our lights are on we have power We can put gas in our cars. We can go to the grocery store and The supply chain is working and we could find things on the shelves. And so these are all very human element Things that we're trying to protect every day and build resilience in just the core of the underpinnings that americans rely on every day I can have all the technology in the world but people are The the engine that drives that technology And so as I let me just give you an exemplar as I think about you know crypto And as I the crypto currencies that the the malicious cyber actor or steel when they ran somewhere critical infrastructure I need to have the people with the capability To help me think through how do we They I want them to think dark thoughts, you know imagine the unimaginable not have a failure of imagination I want people to be able to do that as we think about how we use artificial artificial intelligence That's where my I need lawyers You know and folks in the cyberspace to understand how the adversary is operationalizing um artificial intelligence To to impact our nation's citizenry, but also how do we use it for good? Right additionally, we also need to think about how we use the same technologies that the adversary whatever it is That's coming down the path. I want our guys to be able to think our people To be able to help us think about how to give the nation options and get left of the threat and so That is for me We will have all the technologies in the world But an unless I invest we invest in enabling The folks that work for us to actuate their personal and professional Desires, I think that we're going to be stymied because we can't give them money I mean we cannot compete with the private sector But what we can give them is a mission that they get liquored up about coming to work I mean, I don't drink. I mean like fired up fired up about coming to work every day Um and and and there is like this passion to be able to you know Impose cost on the adversary and protect our nation That is where we are right there are strategic advantage advantage There are superpower and we have a fiduciary responsibility to make sure that you know We create a climate and culture which enables them to You know do right for the nation, but also what they want to do personally and professionally Can you tell me a little bit passionate about this? So I'm going to say three fundamental things that I think are really important Um I think we heard about the importance of recognizing the human element from the individual's perspective I want to remind everybody that when you're building and utilizing technology Including if they had come and checked with me, I would not have named it artificial intelligence I would have named it enhancing intelligence. The intelligence comes from us The carbon-based units Technology is here to assist us if you approach it with that mindset that is a human factor That actually permeates everything that you do in the development life cycle I mean if any of you have used any products Some of them might have been from my former companies And you just sit there some days and say boy if somebody had come to me I would have told them not to do the GUI this way Um That is a mindset that is the human element. The second thing is Lawyers play a unique role and they don't always have to be in the legal team So I haven't practiced law in 24 years and my approach is probably Threefold it's always from a mechanical engineering perspective. How does it work? It's always from what are the legal ramifications and what are the complexities that I have to deal with And am I building it in a way that's going to enable people To facile and swiftly navigate through those complexities And I think the last piece is Is anybody thinking holistically because I've found that really talented people who I've Too had the privilege of being exposed to Are deep and rich in their field and sometimes you just want to slap them on the upside of the head and say Could you look up for a minute because you know, you're at the physician's office Your right arm has been cut off. You're bleeding from your neck But you're actually there for a GI issue and they're like wow you look great Holistic thinking comes from humans Because we live in a holistic environment So those three things to me are different lens on the human element. It doesn't mean I don't care about people My maiden name is Pozoni. So no, I don't know Maria Christina. But Sony if you want a good lasagna My house is always open Thank you. Um, and on this it's I would be remiss if I didn't bring up I'm sitting on stage with three Females nationally recognized leaders and we have a workforce shortage in the technology space and the critical infrastructure space And we need to make it more inclusive to all folks How do we think about doing that and what advice would you have for doing that specifically as it relates to women? All right, I'll start that one Get him young I go to I go to grammar schools. I'm getting before the hormones kick in I think it's really important And I think I mean, it's just it's remember that human element. These are realities that we need to deal with right? and I I think that There's an opportunity to I will tell you, you know, we had the Barbie movie this year, right? I don't know how many of you saw it. I hesitated for quite a while pretty intriguing comments and Quite frankly the the director happens to be from columbia university My alma mater and that was pretty cool But it made me think back to What are we doing? When we're around young people To give them exposure to the full breath of what they might deploy their unique talents toward Right. I got Barbies I'll tell you what I did with them I ripped off their body parts so that I could build things because the guy next door the little kid next door He had a an erector set and it had a pop rivet gun And I wanted it so badly But I got Barbies and I had wonderful parents who loved me But the reality is that exposure Is absolutely essential and I've seen a number of things going on where we give folks that kind of exposure Both the folks who are the parents The children and let them bring it into high school The one thing that I don't love and I don't know if I'm alone. I may be we've focused so much on STEM We have special STEM programs How many of you know an engineer who cannot speak well or write well? I'm married to one He speaks much better now But I do think That this holistic view get folks young give them a panoply of what's available And let them rip And then watch who has a natural proclivity So that you find that young girl who's taken apart the Barbie parts and find an erector set for her Do I anything to add to that either I think you know I have so much to say on this topic. So I will try and keep it brief But you know Edna to your point. I was just at my alma mater last month And I was lecturing and talking to young women across campus in Rochester and you know, it was it was an incredible time because These women have an opportunity to get into STEM fields and we're really excited about it But was what was more interesting was talking to those that are not in those fields and just getting feedback from 18 and 19 year olds on Why it's not an attractive field to them and taking questions from them on that and you know This is just a very recent experience and some of them said I don't think I'll ever have the work home balance that I need. I want to have kids I don't want to be a doctor. I don't want to be an engineer I don't want to be in cybersecurity anything that could take me away from that and I think that that Feedback that I heard is very real and it's also a challenge and I think both universities and organizations have to be incredibly thoughtful and intentional about how they deliver that message and that story to recruit Women in these fields because that really shouldn't be the deterrent if you have a smart young lady that's interested in a STEM field and can really make a difference and bring that diversity and that perspective to the table But she's deterred because she's concerned that she can't Have that balance that she needs to be an adequate wife or an adequate mother That that's a challenge and I'll also say just having You know a cyber and a cbr on background myself I was blessed that I grew up in a family that encouraged that field from a young age. There was never a day Where I thought that that was something that was just for boys And so I really credit my parents for that but in speaking with young ladies Whether they're girl scouts or talking at universities or just this is a topic. I'm very passionate about I've really come to realize over time that there has to be a very intentional thoughtful approach whether you're an organization that wants to increase your stats or whether you're a university Or other organizations in the community like the girl scouts and others that can really Tell women that yes, you can do this And those opportunities are there should that be what you want to pursue Hey, Cory. Thanks for the question Um, I think, you know, my colleagues have done a really good job talking about The opportunities and the things that we need to do to enable women I would pivot to be able to think about as I think about diversity in the organization It's about women. It's about gender. It's about race. It's about also You know folks That have different gender roles now, right? Um, and so How do I create artifacts in my organization and my behavior, which Encourage people to think it's okay to be a part of the organization And if you, you know, have personal professional issues, we will catch you, right? And so I think we're doing there's a ton of work to be done in all the areas, but I as I think through, you know Hispanic represented representation when I think about, you know In this space, right? Where Blacks others there's a lot to be done and I think about changing gender roles Men are staying home more Right Folks have aging parents I really really want to be mindful of not losing that kind of talent when I think about diversity Because it's all comers. I want to marry my engineers and my cyber folks with my guy That's a really really good philosophical or philosopher or strategist That's what happens when you integrate philosophy and strategy. It's you get a whatever that word was But but I need people to be able to think help me think like edna said Not only about delivering the tech, but strategically where are we going? Right to be able to either get after an adversary or building a capability to get after an adversary in the moment Finite moment and as you think about game theory of warfare infinitely, what are we going to do, right? So diversity in the workforce for me, it's it's It's it's bigger than gender race It's about a whole plopony of things that we've just got to be really really deliberate about and we're getting after it And it it also takes emboldening people and encouraging I'll I'll One of the things that's going on in the cyber mission force right now. That's really powerful. It's there's a small group of people That come together I think we do this once a month where they bring a topic of their own And I get to listen on the back end and then they give me five minutes You know whether it's aging parents whether it's gender whether it's right, you know All these things that I I couldn't it's organic Right. So how do we create these creative things in your organization that encourage people? These are the artifacts that I'm talking about of your environment that that says it's okay to be here, right? So that's that's what I have to offer That's thank you. Um, and I I want to I want to take the opportunity to pivot and um I get get in maybe one last question and we'll Open it up to the larger audience here, but when it comes the this morning we had um The national cyber director opened up and he the challenge to the room was to think about cyber norms in the context of critical infrastructure and specifically about Placing disruptive capability for things that have no espionage value They're being placed there purely for disruptive purposes civilian infrastructure We've known for a long time director ray has been very vocal recently both nationally Open at congress and then internationally At munich in talking about some of the threats that we have on our critical infrastructure Each of you have seen this for a number of years over a long period of time What is it that keeps you awake at night when it comes to critical infrastructure? What fears do you have and monaltern over to you? very well I will say the volume and sophistication Of the cyber attacks um, I think we've seen in the last few years The number of attacks against critical infrastructure have really grown But they haven't just grown. They're also, you know, there's ransomware as a service. There's there's ways to launch these attacks and not have Extensive expertise to do it given the tools that are out there now So the sophistication the volume the ability to launch these attacks and not really even have that traditional Hacker skill set or even be a developer and be able to launch these attacks They've just grown to be more sophisticated and and more difficult to track down and quite frankly Stop so and detect in the first place. And so that is um, a very You know scary thing when you're trying to protect critical infrastructure every day and lean forward and be ahead of Nation states that that especially don't necessarily have our best interest in In potentially attacking our critical infrastructure entities from from my perspective I think I like Can you hear me? Okay From my perspective. Yeah, we're I'm also sleeping well Because we've got a really phenomenal Team on on this problem But to underscore something that that both Mona and Edna highlighted um The people piece had the barrier to entry is low now anybody can get into this game and so Having people with the right mindset to think about when we build and deliver technology you have to think about What does it how can we use it for good? But how can others exploit the technology right because defense has a value in and of itself Right and so the work that we are going to need to do going forward is you know You know this idea of assumed breach is real But how do we pivot Our nation and our thinking to go what does what do we do differently? If the landscape has changed and so that's that's a ton of work. We've got to do but but what What I think we have to work hard on is the people Getting the right people with the right mindset to be able to help us think both How do we exploit the technology for good for our nation? But also if used inappropriately How do we deliver and get after rapidly? you know the the Pursuing these adversaries the other piece is resilience Right, there is a resilience piece of this that hey if you assume breach You've got to have the backup capability to know that the adversary is there But you can have that infrastructure if You know, I've got resilience and this is a Industry discussion that we will need to have right because how do you think about your corporate reputation? If you cannot provide resilience for critical infrastructure like hospitals and banking etc Again, those are core to our democracy. We operate at the speed of trust And if you we allow nation state actors to undermine our confidence and trust in those those systems I mean again, how do we partner? Which is the theme of this conversation to be able to you know pivot the nation to think differently About the space that we're in. I think that's the work. We've got to do going forward I think about three things and I don't sleep that well but When you have led your life focused on resilience and evaluating risk and building things with The mindset of how can it be used? How can it be turned on me? How can it fail? um I think today i'm focused on these three one systemic catastrophic cloud failure from a cyber attack We have three hyperscalers that have 67 percent of our cloud capability It's a little bit lower than what we saw with tsmc and we're fixing that with regard to the production of chips But it's still an issue and those folks care deeply about delivery to their customer base It doesn't mean there isn't something we should be doing more And I think some of it is educating the users of that technology on how they can be prepared to utilize it in a resilient way It's the first thing The second thing that keeps me up and that i'm talking about in a number of places is The fact that I don't think we have yet figured out how to both algorithmically and via policy Build accuracy into the vetting of the data that's consumed by ai engines and models So that the fidelity of the output of the analysis which can which can bring speed and productivity to us Is actually not leading us to take the wrong path Um, and I've seen some remarkable examples of that most recently in one of the I sit on quite a few corporate boards That's that's the second thing that I think we have to tackle together The third thing is actually how do we mine something that I believe sits right now within the united states uniquely I'm a baby boomer. There are quite a few of us who are still around And vital People say what are you doing now that you know, you retired? I'm like, what did you think I was going to like sit around and watch tv and eat bonbons? Did you? No The answer is we want to be involved and how do we tap that capability? And we're not doing it and we're losing vast amounts of depth of knowledge So tapping into some of that dare I say it We'll call it mature seasoned. Let's just call it what it is older folks Who have wisdom? Some of us are heart bleeds for this nation And we may not have gotten the chance to do that earlier in our careers But we damn well want to do it now tap into it It's fan. Thank you. This is um I I am struck with one of the things that is not a critical infrastructure, but we've heard echoed multiple times Um here today is that we move at the speed of trust trust is what defines Um relationships trust is what is sort of the bedrock that makes you know partnership possible Um And that's that's something that events like this are just so important. So again. Thank you To everybody here today Into the cyber command team for making this possible and I open it up to the audience for for questions Hi, so we're talking about trust and partnerships within the government and private sector and In the context of supply chain one thing that comes to my mind is the federal acquisition security council And how that was kind of an effort to build partnerships across government and with industry So my first question is Is it working on the government side? Are people actually sharing supply chain information? Like icd 731 existed a long time before the FASC and people weren't sharing that information Are they now? And then the second is can industry expect increased transparency with regard to FASC decision making And so in the context of supply chain The FASC makes decisions about exclusion or removal With regard to things in the ictu supply chain They don't make the decision they make a recommendation But you know the d and i d o d and d h s make that decision But so first is the information sharing working on the government side and to can industry expect increased transparency from the FASC To answer your first question. I believe it is working And you know the national risk management center does provide analysis to support that interagency group That works on FASC related activities As far as industry and sharing and transparency I Just being very forthcoming. I don't know the answer to that. It might be a good legal question for somebody in this room I think there are different Authorities that govern what can and can't happen. Um, and I think there are aspects of this that are classified, so I really couldn't answer that it would probably be Specific to The case or what the question is as far as the transparency of data Sorry, could I ask a follow-up really quick? So, um, what about the FASC process? So how y'all will make decisions? I mean, could that be made public? Definitely something that an attorney would need to answer Apologize can't give you more on that I could address Your question about sharing Just based on my experience of the last two and a half years at the national security agency and now on the cybercom side You're probably familiar with the cyber security collaboration center And that is I mean when we started this two and a half years ago We had probably 10 partners were up to a thousand Plus partners industry partners were And and our objective both NSA and cybercom is to you know, take what we know Right and share it at the unclassified level Broadly with these cyber security advisories that we Co-seal with not only our allies, but sysa I want to make sure I don't go on too long Sysa fbi and others right and so you'll you'll be seeing if you go to nsa.gov Um, or even on on sysa's homepage all these public advisories out there The intent there is to be able to as quickly as we know it share what we know to enable folks to act As so the other processes are the defer to my colleague, but I can my colleagues But I'll that's what I know about what we're doing given the authorities that we have to be able to enable that sharing regardless of You know, whether it's supply chain or critical infrastructure or you know, wherever it is it applies And Edna I um, I would ask from my My understanding and some of the complexities with supply chains Some of it is proprietary and so there's a there's a complexity in that was sharing from the private sector Could you maybe talk a little bit about some of that complexity? So yeah, I I think people who have great supply chains think they're a differentiator, right? Um And they are indeed The reality however is that I'm going to go back to we live in democracy and in fact one of the early Work groups that came out of the supply chain risk management task force I had the privilege of uh co-chairing and that was an information sharing work group And what we concluded after a good amount of time are looking about where the information lies Is sometimes the private sector believes there's this this magic barrel of secret information That if only we had it it's the private sector and the government holds It would allow us to void all risk. That is delusional Um and classified information doesn't really work like that given some of the remarkable segmentation and bifurcation needs However, what we did conclude is there's a tremendous amount of information residing within the private sector We don't share it as well as we should For a number of reasons and we've had we have isaks. We have sector coordinating councils. God, we have a law called sissa We're still not sharing. You know why we live in a democracy and when we share information we can be sued We can be sued for a whole number of things including a dig out to the legal beagle way back when right definition Intentional interference with economic advantage one of my favorite ones when I was practicing law breach of contract So until we have a safe harbor law speaking of we had some folks who were talking about the before us A little bit of the change in the laws. We have a great framework here in the united states Can we have a safe harbor law that allows for that kind of information sharing? I'm not going to tell you about the super secret sauce of exactly how I built the right polynomial expressions and the logic of chips Which I think is a differentiator still to this day but I can tell you that Provider x has poor solder and it's led to tin whiskering. That's not classified That's not defensive. That's intelligence. That's a wheel Because when that it system and the infrastructure that relies on it breaks because you have tin whiskering guess what? That's meaningful and it's protecting all of us. It's defensive in advance And if you remember that old, you know game we used to play when we were kids of You'd whisper and you tell somebody something and by the time you tell everybody that you know when you trust Right the speed of trust It's a heck of a lot faster when that speed is enabled By real meaningful information exchange that's protected from retribution and happens at the national scale Major general mollock miss conway miss herrington quarry. Thank you So much to our steam panelists for highlighting The vital importance of building protecting and maintaining our critical infrastructure and for the inspiring discussion How we begin to move at the speed of trust begins with people and certainly emphasizes the significance of the power of partnerships As a mother of two young children Thank you for your wisdom and advice for our younger generation and miss conway I for one will take you up on your offer and join you for lasagna Please give a round of applause To our virtual audience, we will be back at 13 30 For our in-person audience. We have an optional lunch session at third. Excuse me at 12 20 Cryptocurrency 101 and also there are two food trucks outside same two otherwise. We will see you at 13 30 Hello, my name is major alex holtsclaw and i'm joined here by captain ray messias We are legal advisors with the u.s cyber commands office of the staff judge advocate We want to share with you what makes working at this office unique challenging rewarding And why you should consider joining the do d cyberspace operations legal community The united states along with many other countries around the world maintains an international law applies to cyberspace The dod at large is committed to ensuring that cyber operations are conducted not only in accordance with international law But with domestic law and policy as well The law however remains very much unsettled in the cyber domain The role of military cyber practitioners is to interpret and apply an evolving regime in real time Offering careful consideration of international law domestic authorities and policy implications And their impact on national and international security It is not uncommon for cyberspace operations legal practitioners to advise commanders and decision makers on questions of sovereignty constitutional principles domestic criminal law Fiscal law and even the law of armed conflict For example, the prohibition against the use or threat of force during peacetime is generally well understood in the physical domain In the cyber domain applying treaty and customary international law becomes more challenging where cyber malicious activities Are conducted below the use of force and where the identity of the threat actor may not be clear Due to the low barrier to entry state and non-state actors including criminal organizations and violent extremist organizations Are acquiring sophisticated cyber capabilities at an alarming rate Using this technology to target critical infrastructure financial institutions media platforms and elections Cyber threat actors employ cyberspace to undermine democratic values while advancing their malicious goals Events in the news demonstrate these issues are not mere hypotheticals or academic exercises. They are a present reality Cyber legal practitioners enable the united states to maintain and extend our technological advantages in the cyber domain through development and acquisition of capabilities and talent needed to thwart malicious cyber actors today And stay ahead of future threats Legal advisors perform a vital role in assisting commanders with making informed risk-based decisions To ensure that our response to malicious cyber activities complies with applicable law and policy We also help decision makers develop meaningful relationships with other federal agencies international allies and partners and the private sector To ensure that all stakeholders are working together to defend against foreign and domestic cyber threats Experience in the operational environment national security law intellectual property and contracts are all directly applicable to the do d cyberspace operations legal practice By encouraging respect for the rule of law and reinforcing norms of responsible state cyber behavior As well as acquiring the necessary capabilities to maintain and extend our technological advantage Cyber law practitioners can ensure that the united states in its allies and partners Are positioned to defend shared interests in the rapidly evolving strategic environment We look forward to continuing this conversation through our practice and through the thoughtful dialogue here at the us cyber calm legal conference We encourage you to join us in the cutting-edge legal practice of cyberspace operations On behalf of coast guard cyber command i'm pleased to have this opportunity to provide insight into coast guard cyber command's office of the staff judge advocate First established as an independent operational command in 2018 Coast Guard cyber command has rapidly grown and expanded its operational footprint and capabilities to support coast guard missions and national security interests CG cybers legal team has grown with it both in the number of attorneys assigned and in the scope of their practice As both a military service and a law enforcement and regulatory agency the coast guard is uniquely positioned to address cyber threats A core component of our mission is to help protect the marine transportation system And the 5.4 trillion in economic activity that it supports On a daily basis coast guard cyber commands maritime cyber readiness branch and cyber protection teams Are working with maritime industry partners to assess networks for vulnerabilities and to respond to cyber incidents In the last year our three cyber protection teams carried out 30 assessment hunt or incident respond missions on critical infrastructure Those teams are supported by lawyers who ensure sensitive and proprietary information is protected While cyber threat information is shared with key stakeholders Coast Guard cyber command is also the primary defender of the enterprise mission platform Which includes all u.s coast guard technology from cyber threats The coast guard's history of cooperation with allies partners provides a template for advancing our shared interests in cyberspace Our legal team works in close coordination with department of homeland security programmatic offices The department of defense fbi other federal state local government partners and foreign allies to defend our critical infrastructure And leverage our shared expertise to protect u.s interests Through strategic arrangement arrangements and relationships maritime authorities and institutions are developing cyber incident response capabilities alongside Established all hazard responses cg cybers lawyers are actively engaged in these efforts Analyzing authorities assessing risk and crafting solutions that will form the plans and policies for addressing evolving threats As advisors for a new and evolving operational command coast guard cyber command judge advocates regularly address issues of first impression Our analysis supports critical operational needs by assessing constitutional statutory and regulatory applications But our operations also require constant engagement on issues ranging from administrative law information law military justice ethics fiscal law and international law cg cybers legal office is developing the workforce and talent that will keep pace with challenges and opportunities of the future It's an exciting time to be in the coast guard and a part of the enterprise that will shape the way we secure our digital ecosystem