WEBVTT 00:02.860 --> 00:04.804 I embrace aboard and thank you for 00:04.804 --> 00:06.750 joining us today with the election 00:06.750 --> 00:09.910 security panel with defense . This is a 00:09.920 --> 00:12.840 really momentous occasion bringing this 00:12.840 --> 00:15.270 many federal agencies all together . On 00:15.280 --> 00:17.340 one hand , the timing is perfect . 00:17.510 --> 00:19.732 There is a huge election coming up here 00:19.732 --> 00:21.920 in the United States in 2020 elections 00:21.920 --> 00:23.864 happening around the world . And I 00:23.864 --> 00:25.809 think that's a key thing for us to 00:25.809 --> 00:27.976 understand is that while this panel is 00:27.976 --> 00:29.864 talking about the U . S . Federal 00:29.864 --> 00:31.976 government , how we are responding to 00:31.976 --> 00:34.142 our American election , we look at the 00:34.142 --> 00:36.364 broader forces that are aligned against 00:36.364 --> 00:38.476 democracy in the world . Now it comes 00:38.476 --> 00:40.476 down to trust in the system for the 00:40.476 --> 00:42.587 democracy work , and those forces are 00:42.587 --> 00:44.864 working against places for us and some , 00:44.864 --> 00:46.976 while this is going to be the U . S . 00:46.976 --> 00:49.031 Government discussing this , I think 00:49.031 --> 00:51.253 citizens all over the world and hackers 00:51.253 --> 00:53.476 all over the world will be able to take 00:53.476 --> 00:55.476 something away from that Just quick 00:55.476 --> 00:57.587 logistics . Q and A will be available 00:57.587 --> 00:59.809 through the def con discord . So if you 00:59.809 --> 01:01.698 quit your questions in the voting 01:01.698 --> 01:03.809 village step con discord , those will 01:03.809 --> 01:05.976 make it their way up here to me on the 01:05.976 --> 01:08.200 stage and we will answer them as best 01:08.210 --> 01:10.160 as we can . Starting off , we have 01:10.160 --> 01:13.160 Cynthia Kaiser . Hello . I'm Sylvia 01:13.160 --> 01:15.160 Kaiser of an assistant second sheet 01:15.160 --> 01:18.160 with the FBI Cyber Division . And what 01:18.160 --> 01:20.880 that really means is I lied analysis 01:20.890 --> 01:24.600 among multiple groups for the FBI . 01:24.910 --> 01:28.740 That includes election threats , mostly 01:28.740 --> 01:31.570 in the side . And that's by design . I 01:31.580 --> 01:33.810 saw what happened in 2016 and I knew 01:33.820 --> 01:36.030 that there was no worlds I want to be 01:36.390 --> 01:40.280 and then working right here 01:40.680 --> 01:42.791 with people that I get to see all the 01:42.791 --> 01:46.710 time . That s o for the FBI in the 01:46.710 --> 01:48.821 election stay centered . Way to think 01:48.821 --> 01:50.766 about it is early , focused on the 01:50.766 --> 01:52.877 threat . So we work hand in hand with 01:52.877 --> 01:54.932 RG adjust counterparts , and they're 01:54.932 --> 01:56.950 really focused on the risk to the 01:56.950 --> 01:58.839 systems of communication on those 01:58.839 --> 02:01.410 systems . But when it comes to the 02:01.600 --> 02:04.250 response of incidents or looking at 02:04.260 --> 02:06.980 investigations into melodic foreign or 02:07.180 --> 02:09.180 investigations into election crimes 02:09.180 --> 02:11.236 like ballot fraud , that's where the 02:11.236 --> 02:15.080 FBI will be plays in the space . David , 02:15.080 --> 02:17.302 were you now from the National Security 02:17.302 --> 02:19.560 Agency straight to be with you today s 02:19.570 --> 02:22.030 election security leak ? Most of you 02:22.030 --> 02:24.380 are familiar with Esa's mission really 02:24.390 --> 02:26.334 divided up into two components are 02:26.334 --> 02:28.501 foreign signals intelligence mission , 02:28.501 --> 02:30.557 which is all about figuring out what 02:30.557 --> 02:32.779 the adversaries robbed . Two . And then 02:32.779 --> 02:34.946 we have the cyber security component , 02:34.946 --> 02:34.490 which is all about preventing and 02:34.490 --> 02:36.323 eradicating rats of the national 02:36.323 --> 02:38.800 security systems and figure out how we 02:38.800 --> 02:40.911 can attack bot networks in the life . 02:41.620 --> 02:43.842 Really , a lot of power from as a comes 02:43.842 --> 02:45.787 with combining transmissions . You 02:45.787 --> 02:48.009 knowing what the threat is in combining 02:48.009 --> 02:50.009 that with the technical analysis of 02:50.009 --> 02:52.120 mitigations . In order for us to be a 02:52.120 --> 02:54.287 boat , deploy those into my classified 02:54.287 --> 02:56.620 space from election security standpoint , 02:56.620 --> 02:58.453 I oversee all the activities and 02:58.453 --> 03:01.280 partnerships that s a has on election 03:01.280 --> 03:03.502 security . I also Kobe something called 03:03.502 --> 03:05.669 the Election Security Group along with 03:05.669 --> 03:07.836 your heart men . Here , we'll get into 03:07.836 --> 03:09.780 a lecture on the panel on That's a 03:09.780 --> 03:12.440 joint s a cyber man task force for 03:12.450 --> 03:14.920 protecting your watches a little bit 03:14.920 --> 03:16.809 about me and grew up in Chicago . 03:16.809 --> 03:18.976 That's one representing here , Mr Bark 03:18.976 --> 03:21.031 shirt , White Sox and I have also in 03:21.031 --> 03:22.976 the craft cocktails I supplied and 03:22.976 --> 03:24.809 typical Def Con tradition . Ah , 03:24.809 --> 03:26.976 cocktail black men . And for everybody 03:26.976 --> 03:29.031 on , I'd like to give a shout out to 03:29.031 --> 03:31.198 Johnny Carl for hosting me at Cocktail 03:31.198 --> 03:33.640 Con this Tuesday . Really great event . 03:33.650 --> 03:35.650 And a community in terms to get the 03:35.650 --> 03:37.872 info section unity together . Cocktails 03:37.872 --> 03:40.094 talk about security . I also appreciate 03:40.094 --> 03:42.039 it . Appreciate it off , folks for 03:42.039 --> 03:45.880 happens here . Hey , I'm Joe Hart . May 03:45.880 --> 03:48.047 not command the cyber National Mission 03:48.047 --> 03:49.880 Force s so far the U . S . Cyber 03:49.880 --> 03:52.660 command as day said Khalid , Theologian 03:52.660 --> 03:55.670 security group with him . And , you 03:55.670 --> 03:57.781 know , the election security group is 03:57.781 --> 03:59.948 really partnered with all the agencies 03:59.948 --> 04:02.059 you see represented here , and others 04:02.059 --> 04:04.114 in defense of the 2020 election were 04:04.114 --> 04:06.337 the part of the U . S . Government that 04:06.337 --> 04:08.226 focuses only away game . So we're 04:08.226 --> 04:10.559 looking at foreign adversaries . Russia , 04:10.559 --> 04:12.392 China , Iran . Any other foreign 04:12.392 --> 04:14.559 adversaries has attempted to interfere 04:14.559 --> 04:16.670 with our elections , were looking for 04:16.670 --> 04:18.559 them in foreign space . And we're 04:18.559 --> 04:20.726 partnered with DHS and FBI in order to 04:20.726 --> 04:22.837 ensure that we share information that 04:22.837 --> 04:24.892 we find abroad . That makes us safer 04:24.892 --> 04:27.059 here in the United States . I'm really 04:27.059 --> 04:29.226 glad to be here today looking for your 04:29.226 --> 04:31.392 questions . It was more his Turner I'm 04:31.392 --> 04:33.226 senior adviser for the executive 04:33.226 --> 04:35.059 director at the U . S . Election 04:35.059 --> 04:37.170 Assistance Commission were relatively 04:37.170 --> 04:37.140 small agency compared to the ones you 04:37.150 --> 04:39.094 heard from earlier today . But our 04:39.094 --> 04:41.570 mission is focused . We help make sure 04:41.570 --> 04:43.690 that Americans all across the country 04:43.750 --> 04:45.639 and all across the world have the 04:45.639 --> 04:47.750 ability to participate in elections . 04:47.910 --> 04:50.630 Whether they're gonna be in one of the 04:50.640 --> 04:52.940 50 states , six territories were 04:52.940 --> 04:56.020 stationed overseas . So our focus is 04:56.020 --> 04:58.131 really How do we make sure that those 04:58.131 --> 05:00.560 voters have access to the polls and 05:00.560 --> 05:02.790 that bacon boat safely securely and 05:02.790 --> 05:04.568 make sure they're both counts ? 05:07.830 --> 05:09.940 And I'm Matt Masterson . I'm the 05:09.950 --> 05:12.120 designated survivor that was held back 05:12.120 --> 05:14.342 from the federal panel . So if anything 05:14.342 --> 05:16.770 happens , uh , we can maintain federal 05:16.770 --> 05:18.826 continuity of operations on election 05:18.826 --> 05:22.270 security . I'm in a secret skiff out in 05:22.270 --> 05:24.470 the Midwest somewhere . Appreciate the 05:24.480 --> 05:27.060 voting village for inviting me and the 05:27.070 --> 05:30.360 feds to participate . So thankful Ah , 05:30.370 --> 05:33.200 to Bryson for organizing . And if , uh , 05:33.310 --> 05:35.199 I know we're going to address the 05:35.199 --> 05:37.366 question of what ? What's the greatest 05:37.366 --> 05:39.477 area progress since 2016 . Where have 05:39.477 --> 05:41.532 we improved ? I mean , the fact that 05:41.532 --> 05:43.699 you have , ah , unified federal effort 05:43.699 --> 05:46.700 working to help support state local 05:46.700 --> 05:48.756 election officials on this mission . 05:48.756 --> 05:50.811 Space , I think , speaks volumes . I 05:50.811 --> 05:53.000 work for the , uh , cyber security and 05:53.000 --> 05:55.222 infrastructure Security agency or sista 05:55.480 --> 05:57.647 the election security lead Their Prior 05:57.647 --> 05:59.869 to that I was a commissioner at the A C 05:59.869 --> 06:01.758 where Maurice now sits . Ah , And 06:01.758 --> 06:03.536 before that , I was an election 06:03.536 --> 06:05.758 official in the state of Ohio . So come 06:05.758 --> 06:05.750 from an election administration 06:05.750 --> 06:08.360 background have had to learn the 06:08.360 --> 06:10.930 intricacies of both the sista Ah , in 06:10.930 --> 06:12.763 the i c . And I'm so thankful to 06:12.763 --> 06:14.874 everyone sitting up on that stage for 06:14.874 --> 06:17.097 their patients with me and working with 06:17.097 --> 06:18.874 me and sista to make sure we're 06:18.874 --> 06:21.300 supporting the almost 8800 state local 06:21.300 --> 06:23.578 election officials across this country , 06:23.578 --> 06:25.633 let alone the private sector that we 06:25.633 --> 06:27.522 work very closely with . Ah , and 06:27.522 --> 06:29.189 members of academia and not a 06:29.189 --> 06:31.300 nonpartisan organization are focusing 06:31.300 --> 06:33.467 system eyes to get information support 06:33.467 --> 06:35.633 services , everything from penetration 06:35.633 --> 06:37.633 testing ah to routine cyber hygiene 06:37.633 --> 06:39.800 scans the incident response out to the 06:39.800 --> 06:41.967 state local election officials to help 06:41.967 --> 06:44.189 support them . Ah , and , uh , engaging 06:44.189 --> 06:46.244 with their voters . The reality is , 06:46.244 --> 06:48.467 American elections are run at the state 06:48.467 --> 06:50.522 local level . Uh , and we want to do 06:50.522 --> 06:52.689 everything we can , uh , so that those 06:52.689 --> 06:54.689 state local officials could talk to 06:54.689 --> 06:56.800 their voters about why the process is 06:56.800 --> 06:58.967 secure . Ah , and why they should have 06:58.967 --> 06:58.890 confidence that their votes counted his 06:58.900 --> 07:01.610 cast really thankful for this panel and 07:01.610 --> 07:03.721 super excited to have this discussion 07:03.721 --> 07:05.920 to that . Now that's a That's a great 07:05.920 --> 07:09.280 Segway trust . Is he 07:09.590 --> 07:11.590 to the infrastructure , right ? The 07:11.590 --> 07:13.910 process were collecting votes to 07:13.920 --> 07:15.970 determine our democracy starts with 07:15.980 --> 07:17.869 that trust , and that begins with 07:17.869 --> 07:20.091 transparency and accountability , Which 07:20.091 --> 07:22.202 is why that are so critical that have 07:22.202 --> 07:24.313 this panel here for the government to 07:24.313 --> 07:26.536 talk about . Okay , what's happened and 07:26.536 --> 07:28.702 what have you done ? So 2016 is when I 07:28.702 --> 07:30.480 think this really grew into the 07:30.480 --> 07:32.536 consciousness as a significant issue 07:32.536 --> 07:34.702 that everybody understood what exactly 07:34.702 --> 07:35.758 happened in 2016 ? 07:38.440 --> 07:41.450 Uh , well , uh , on the cyber side in 07:41.450 --> 07:45.200 2016 Russia compromise multiple 07:45.210 --> 07:47.630 different election networks . I that 07:47.630 --> 07:49.574 include the state network that two 07:49.574 --> 07:53.280 counties and I It's a part of that . 07:53.290 --> 07:56.570 I we possessed that they 07:57.150 --> 08:00.710 really sought to a t least enough 08:00.710 --> 08:04.500 reconnaissance against all 50 states to 08:04.500 --> 08:06.500 try to figure out where it was most 08:06.500 --> 08:08.778 vulnerable and where they could get in . 08:08.778 --> 08:10.889 Now . They didn't We don't think that 08:10.889 --> 08:12.944 had any effect on election . Have no 08:12.944 --> 08:15.111 intention that they did . And really , 08:15.620 --> 08:18.570 where they were focused on but couldn't 08:18.570 --> 08:21.860 have . But within that is obviously 08:21.870 --> 08:23.981 troubling because that's an attack on 08:23.981 --> 08:26.092 our election systems . It's attacking 08:26.092 --> 08:28.037 critical infrastructure , and it's 08:28.037 --> 08:29.981 something that now looking at that 08:29.981 --> 08:31.926 moving forward . But that's why we 08:31.926 --> 08:34.210 partnered with everybody here toe focus 08:34.210 --> 08:36.321 on How do we a hardened networks ? So 08:36.321 --> 08:39.120 that can't happen . And how do we work 08:39.120 --> 08:41.120 toe counter adversary so they don't 08:41.120 --> 08:44.640 want ? And how do we ensure that we can 08:44.860 --> 08:47.150 be as transparent as possible ? And 08:47.160 --> 08:49.493 that's included . Some various measures , 08:49.493 --> 08:52.990 like both FBI and CISA , will 08:52.990 --> 08:55.030 now tell a chief state election 08:55.030 --> 08:56.974 officials if anything happens on a 08:56.974 --> 08:58.863 local election network , that's a 08:58.863 --> 09:01.086 change from 2016 . And it's a necessary 09:01.086 --> 09:02.752 change for the transparency . 09:05.540 --> 09:07.429 Yeah , I mean , I think since you 09:07.429 --> 09:09.651 covered the cyber side pretty well from 09:09.651 --> 09:11.929 influence side of ankle spokes tragedy , 09:11.929 --> 09:14.040 the infamous Internet research agency 09:14.040 --> 09:16.262 controlled farm . So in terms of social 09:16.262 --> 09:18.484 media operations , they were conducting 09:18.484 --> 09:21.430 twice 16 and 2018 also hacking 09:21.580 --> 09:24.810 operations there are always to be very 09:24.810 --> 09:27.690 damaging when we look at in terms of 09:28.530 --> 09:32.470 kind of evolution between 2016 2018 and 09:32.470 --> 09:36.290 2020 um , you know , mostly fell to 09:36.290 --> 09:39.900 stop Russia it's 2016 . Find the 09:39.900 --> 09:42.178 elephant fried is broader . That right ? 09:42.178 --> 09:44.220 It's 2020 . We're looking at the 09:44.230 --> 09:46.286 spectrum of all of our adversaries . 09:46.286 --> 09:49.150 Russia , China , Iran , ransomware , 09:49.150 --> 09:51.830 actors off . There's more people in the 09:51.830 --> 09:55.440 game morning for each other . 09:55.520 --> 09:58.600 Influences . Chief game . Get out now . 09:58.610 --> 10:00.860 Social media does . It costs a lot of 10:00.860 --> 10:03.400 money . I tried a water you're near . 10:03.400 --> 10:07.290 It is hotline . That's so 10:07.300 --> 10:08.800 that's something we're not 10:11.290 --> 10:15.120 right for us . In 2016 . Um , 10:15.320 --> 10:17.542 election security really wasn't a party 10:17.542 --> 10:20.910 mission . It just wasn't something that 10:20.910 --> 10:23.021 we have previously focused on heavily 10:23.021 --> 10:25.630 involved in in other operations . And 10:25.640 --> 10:29.030 so , while we were focused on on other 10:29.030 --> 10:32.150 operations , Russians obviously way 10:32.150 --> 10:35.140 learned from that in 2018 between cyber 10:35.140 --> 10:37.910 com . And then it's a way formed what 10:37.910 --> 10:39.799 was called the Russia Small Group 10:39.799 --> 10:41.577 Really laser focused on Russian 10:41.577 --> 10:44.210 interference in the 2018 election . You 10:44.210 --> 10:46.432 know , for us that never stopped . So , 10:46.560 --> 10:48.616 you know , I got back to the command 10:48.616 --> 10:50.727 about a year ago . 2019 and we didn't 10:50.727 --> 10:52.949 start up . You know , this thing called 10:52.949 --> 10:55.116 the election security that was already 10:55.116 --> 10:57.282 on it . Never stopped working for from 10:57.282 --> 10:59.504 2018 way . Think we're in a much better 10:59.504 --> 11:01.616 position now . Certainly , there were 11:01.616 --> 11:05.540 in 2016 . The big change between 11:05.540 --> 11:08.960 16 to 18 out of 20 really started with 11:08.970 --> 11:11.303 the critical infrastructure designation . 11:11.303 --> 11:13.526 That allowed all these federal partners 11:13.526 --> 11:15.692 to come together in a way that we'd be 11:15.692 --> 11:17.692 able to better protect our election 11:17.692 --> 11:19.859 infrastructure . And I think that that 11:19.859 --> 11:21.803 really is the key to all of this , 11:21.803 --> 11:23.914 which is information sharing , making 11:23.914 --> 11:26.940 sure that information it shared amongst 11:26.940 --> 11:29.130 a disease but also to the state and 11:29.130 --> 11:31.352 local partners as well . The books were 11:31.352 --> 11:33.352 actually running their own networks 11:33.352 --> 11:35.463 around infrastructure , and so that's 11:35.463 --> 11:37.408 where the A C comes in . We have a 11:37.408 --> 11:37.140 relationship for building those 11:37.140 --> 11:39.362 relationships with the state and locals 11:39.362 --> 11:41.473 to make sure that they understand the 11:41.473 --> 11:43.584 information that's coming through the 11:43.584 --> 11:45.751 federal partners and that they realize 11:45.751 --> 11:47.807 that they're part of the solution to 11:47.807 --> 11:49.696 the information up to the federal 11:49.696 --> 11:51.751 partners . It's half asshole works . 11:51.751 --> 11:53.973 It's not just keeping those information 11:53.973 --> 11:56.140 notices in a silo on keeping the local 11:56.140 --> 11:58.307 level . It's a sharing up and down the 11:58.307 --> 11:59.807 back to make sure that the 11:59.807 --> 12:01.973 infrastructure is protected because it 12:01.973 --> 12:04.140 may not just be attack that happens on 12:04.140 --> 12:06.140 the single ST or single county that 12:06.140 --> 12:08.196 might be happening . Other places if 12:08.196 --> 12:10.362 we're sharing information and partners 12:10.362 --> 12:12.584 don't know that that tradition is going 12:12.584 --> 12:15.350 on . Yeah , just to build off what some 12:15.350 --> 12:17.580 of the other Panelists said . For me , 12:17.790 --> 12:20.650 the biggest change has really been that 12:20.650 --> 12:22.817 level of coordination and support with 12:22.817 --> 12:25.070 state local election officials azi many 12:25.070 --> 12:26.737 people know when the critical 12:26.737 --> 12:28.903 infrastructure designation was made in 12:28.903 --> 12:30.959 2017 . There's a lot of resistance , 12:30.959 --> 12:32.848 understandably , from state local 12:32.848 --> 12:35.150 election officials and skepticism . Ah , 12:35.150 --> 12:38.690 and we sat there on in 2018 on had 12:38.690 --> 12:40.746 relationships with all 50 states had 12:40.746 --> 12:42.801 information flowing , were deploying 12:42.801 --> 12:45.023 Albert sensors . We sit here now on the 12:45.023 --> 12:47.246 brink of 2020 . We not only have Albert 12:47.246 --> 12:49.079 sensors , so intrusion detection 12:49.079 --> 12:51.301 sensors deployed across networks in all 12:51.301 --> 12:53.523 50 states . Uh , we have a nice sac and 12:53.523 --> 12:55.857 information sharing and analysis center . 12:55.857 --> 12:57.634 We're close to 3000 state local 12:57.634 --> 12:59.468 partners receiving information , 12:59.468 --> 13:01.634 pushing information back to us . We're 13:01.634 --> 13:04.070 now deploying endpoint protection in 13:04.070 --> 13:05.737 many of the states and across 13:05.737 --> 13:07.792 localities have additional insight . 13:07.792 --> 13:10.014 But really , that ability to coordinate 13:10.014 --> 13:12.126 across the federal government to push 13:12.126 --> 13:11.670 information back down to the state 13:11.670 --> 13:14.460 locals has improved so much . The 13:14.470 --> 13:16.359 federal government , I think , is 13:16.359 --> 13:18.820 working in a way around election threat 13:18.820 --> 13:21.042 information that that I don't know that 13:21.042 --> 13:24.070 it it did around . Other issues were 13:24.070 --> 13:26.237 able now to take information and state 13:26.237 --> 13:28.060 locals or sharing all kinds of 13:28.430 --> 13:30.820 reporting with us and push it across 13:30.820 --> 13:32.876 the interagency , the folks that you 13:32.876 --> 13:35.098 see sitting up on the stage here . Ah , 13:35.098 --> 13:37.209 and then push out alerts and warnings 13:37.209 --> 13:36.850 through the I stack broadly to the 13:36.850 --> 13:39.470 community on . And that's just a 13:39.650 --> 13:41.817 function that wasn't there . Certainly 13:41.817 --> 13:43.928 in 2016 and is really being honed and 13:43.928 --> 13:46.630 improved upon from 2018 to 2020 . Ah , 13:46.630 --> 13:48.690 and that broad reach . And so that 13:48.690 --> 13:50.640 ability to really work with the 13:50.640 --> 13:52.862 election officials to understand risk . 13:52.862 --> 13:55.170 Our risk understanding is much deeper 13:55.170 --> 13:58.600 than it was 2016 or 2018 to the point 13:58.600 --> 14:01.100 where as cove it is developed and kind 14:01.100 --> 14:03.570 of changed operations within elections 14:03.870 --> 14:05.770 offices . We've been able to be 14:05.770 --> 14:07.770 responsive and understand where the 14:07.770 --> 14:09.992 risk is shifting . Ah , and try to help 14:09.992 --> 14:12.214 gear our support or information sharing 14:12.510 --> 14:14.780 toe . Understand that risk , Jeff so 14:14.780 --> 14:16.836 they could take appropriate steps to 14:16.836 --> 14:18.891 mitigate that risk and really ensure 14:18.891 --> 14:20.947 the integrity election and then turn 14:20.947 --> 14:23.058 around and messages to voters , and I 14:23.058 --> 14:22.870 think that's a theme you're gonna hear 14:22.870 --> 14:25.092 throughout this conversation . Really ? 14:25.092 --> 14:27.640 Reach in that last Ah , that last step 14:27.640 --> 14:30.200 of talking to voters about their 14:30.210 --> 14:32.860 options about how they can vote about 14:32.870 --> 14:34.814 the process And security is really 14:34.814 --> 14:37.037 critical in an environment when we know 14:37.037 --> 14:39.037 adversaries are trying to undermine 14:39.037 --> 14:41.470 confidence in the process . The part of 14:41.470 --> 14:43.640 what we've learned , which stems from 14:43.640 --> 14:45.529 the problem and a lot of what the 14:45.529 --> 14:47.029 solution and then has been 14:47.029 --> 14:48.862 investigation . This is critical 14:48.862 --> 14:50.473 infrastructure . The federal 14:50.473 --> 14:52.529 collaboration of the fact that , you 14:52.529 --> 14:54.584 know , like this happened where this 14:54.584 --> 14:54.260 isn't the first time you're all meeting 14:54.260 --> 14:58.180 each other . You're pretty Well , I was 14:58.260 --> 15:00.260 stalking a brazen earlier that I've 15:00.260 --> 15:02.450 been on panels before with people in 15:02.460 --> 15:04.627 the government who are all working the 15:04.627 --> 15:06.682 same issue . And then you're meeting 15:06.682 --> 15:06.430 the person right before the panel 15:06.430 --> 15:08.486 starts . So what ? Price had reached 15:08.486 --> 15:10.374 out ? Seven . Having been a logic 15:10.374 --> 15:12.486 theory and I asked , OK , is gonna be 15:12.486 --> 15:14.819 on it started checking off names . Okay , 15:15.110 --> 15:17.221 talk to the people multiple times for 15:17.221 --> 15:19.221 weaker , sometimes every single day 15:19.221 --> 15:21.710 today . So it really just shows like 15:21.730 --> 15:24.670 how deep the collaboration is spent a 15:24.670 --> 15:26.781 lot of time in counterterrorism . You 15:26.781 --> 15:28.948 think that's a mission that you know . 15:28.948 --> 15:30.837 It is a vision of that government 15:30.837 --> 15:33.059 rallies around by election security . I 15:33.059 --> 15:34.180 get water , 15:38.840 --> 15:40.820 right ? I mean , there's no better 15:40.820 --> 15:42.920 example that this panel is a 15:42.930 --> 15:44.950 representation of what's already 15:44.990 --> 15:46.990 happening . This panel it's not the 15:46.990 --> 15:49.212 thing that is driving it right . We are 15:49.212 --> 15:51.434 capturing a moment in time . What's the 15:51.434 --> 15:53.434 college way had tried to do this in 15:53.434 --> 15:55.601 2016 ? We would have been spending the 15:55.601 --> 15:57.546 last 30 minutes , all shaking each 15:57.546 --> 15:58.546 other so 16:01.770 --> 16:04.350 that tell us about the big glass . Not 16:04.350 --> 16:06.628 like we've never heard of these things . 16:09.730 --> 16:11.674 How information sharing isn't just 16:11.674 --> 16:13.786 sharing information , right ? But the 16:13.786 --> 16:15.730 fact that the information is being 16:15.730 --> 16:17.897 shared so that missions are being exit 16:17.897 --> 16:19.897 things are happening with , right , 16:19.897 --> 16:22.063 those risks are being assessed . Those 16:22.063 --> 16:24.063 actions are being taken . It is . I 16:24.063 --> 16:26.063 really like you phrase it right way 16:26.063 --> 16:28.341 game . I'll translate that . Everybody , 16:28.341 --> 16:30.563 actually , why don't you translate with 16:30.563 --> 16:33.060 you waiting ? So So let me translate 16:33.060 --> 16:35.227 the away game at the end . I mean , if 16:35.227 --> 16:36.782 I could just talk about the 16:36.782 --> 16:39.004 collaboration , the relationships and a 16:39.004 --> 16:41.060 good example , is like the rehearsal 16:41.060 --> 16:43.227 that we did on suit . So look , I'm in 16:43.227 --> 16:45.560 the Army has been in the Army long time , 16:45.560 --> 16:47.671 just like they spent a lot of time in 16:47.671 --> 16:49.893 the SETI fight . And , you know , a lot 16:49.893 --> 16:51.949 of times in panelled rooms in places 16:51.949 --> 16:51.820 like Afghanistan . And , you know , we 16:51.820 --> 16:54.042 operate out of these joint operations , 16:54.042 --> 16:56.080 right ? And in the joint operation 16:56.080 --> 16:58.247 centers were sitting in there . As you 16:58.247 --> 17:00.413 can imagine , we love flat screen TV's 17:00.413 --> 17:02.469 lot of flat screen TVs on the wall , 17:02.469 --> 17:04.524 and no unmanned aerial vehicles were 17:04.524 --> 17:06.469 flying around and other collection 17:06.469 --> 17:08.636 assets . All that data is being pumped 17:08.636 --> 17:10.802 into the room where you're immediately 17:10.802 --> 17:12.969 able to make sense of it and then make 17:12.969 --> 17:14.858 decisions . You know , allocating 17:14.858 --> 17:16.969 resources , send in forces doing what 17:16.969 --> 17:16.930 and , you know , super Tuesday , if you 17:16.930 --> 17:20.290 walked into the the room that we were 17:20.290 --> 17:22.401 using as a mission center , you would 17:22.401 --> 17:24.920 have seen cyber com personnel you could 17:24.920 --> 17:27.270 have seen in ESA personnel , and you 17:27.270 --> 17:29.326 would have looked in a chat room and 17:29.326 --> 17:31.270 almost every organisation that you 17:31.270 --> 17:33.381 could imagine involved in the federal 17:33.381 --> 17:35.850 government . Okay , and they are 17:35.850 --> 17:38.960 talking about in almost real time . If 17:38.960 --> 17:40.960 something goes on on state election 17:40.960 --> 17:43.127 infrastructure in North Carolina , you 17:43.127 --> 17:45.980 know there's unclassified chat going up 17:45.980 --> 17:48.890 the DHS drops it in a classified chat 17:48.900 --> 17:51.880 room . You've got analysts from ESA in 17:51.880 --> 17:54.550 cyber com and other government agencies 17:54.750 --> 17:57.400 immediately Comey hair databases and 17:57.400 --> 17:59.670 then almost instantaneously providing 17:59.680 --> 18:02.340 information back that says , Hey , this 18:02.340 --> 18:04.396 is something you should be concerned 18:04.396 --> 18:06.396 about . This is just normal traffic 18:06.396 --> 18:08.673 that we see on any day on the Internet . 18:08.673 --> 18:12.110 It looks anomalous , think also 18:12.120 --> 18:14.860 producing , you know , at the same time , 18:14.990 --> 18:17.230 I've got defense of cyber elements that 18:17.230 --> 18:19.230 are sitting in things we call whole 18:19.230 --> 18:21.341 rooms and they're waiting on a call . 18:21.341 --> 18:23.452 You know , if there is something that 18:23.452 --> 18:25.508 happens that DHS D tell , you know , 18:25.508 --> 18:27.910 they're praying they have collaborated 18:27.910 --> 18:30.077 in the past and we're ready to pick up 18:30.077 --> 18:31.966 the team . Additionally , we have 18:31.966 --> 18:34.188 elements that are that are sitting over 18:34.188 --> 18:36.188 another off centers . OK ? And they 18:36.188 --> 18:38.354 were prepared . If we see an adversary 18:38.354 --> 18:40.521 that's attempting to do something in a 18:40.521 --> 18:42.632 field , that election , you know , we 18:42.632 --> 18:42.500 have the ability to play the awakening , 18:42.940 --> 18:44.996 so we have the ability to go out and 18:44.996 --> 18:47.380 forms face . Look what's going on . We 18:47.380 --> 18:49.269 have the ability to make you stop 18:49.269 --> 18:51.400 feeling next . Really , the focus off 18:51.640 --> 18:53.807 of what I think the federal government 18:53.807 --> 18:56.780 looks like from the local and state 18:56.780 --> 18:58.740 level , all the way up through the 18:59.100 --> 19:01.211 national level , to the Department of 19:01.211 --> 19:03.156 Defense . And you know , for me is 19:03.156 --> 19:05.378 American . Honestly , that was a pretty 19:05.378 --> 19:08.950 impressive take its life 19:08.960 --> 19:10.730 turn from that . I think it is 19:10.730 --> 19:12.750 important to call out collaboration 19:12.750 --> 19:14.972 that we have a government , but I think 19:14.972 --> 19:17.660 he's other revolution that's occurred 19:17.670 --> 19:19.860 is the engagement with industry . 19:20.070 --> 19:22.570 You're right , I sure way have a lot of 19:22.580 --> 19:24.413 people . Are you working for the 19:24.413 --> 19:26.636 federal government doll in here ? And I 19:26.636 --> 19:29.590 think that's been a pager . The shift 19:29.590 --> 19:31.812 in posture we have for election scary . 19:31.860 --> 19:33.749 I mean , it's awesome when you're 19:33.749 --> 19:35.749 reading about disinformation , that 19:35.749 --> 19:37.527 being pulled out . Social media 19:37.527 --> 19:39.582 complicating is obviously the soccer 19:39.582 --> 19:41.804 security companies really focused , not 19:41.804 --> 19:43.804 election threats and trying to talk 19:43.804 --> 19:46.027 down half a series and what they're out 19:46.027 --> 19:48.027 to way . Can't wait . Can't do this 19:48.027 --> 19:50.110 mission without them . Industry help 19:50.120 --> 19:52.120 from the state state local election 19:52.120 --> 19:54.287 officials , but also start of security 19:54.287 --> 19:56.398 companies and how we can , you know , 19:56.398 --> 19:58.564 see it off each other way . Learn from 19:58.564 --> 20:00.790 what industries putting out . Hopefully 20:00.860 --> 20:02.860 we're providing value as what we're 20:02.860 --> 20:05.720 putting out so people blunders that 20:06.070 --> 20:08.292 this is something sides they have right 20:08.370 --> 20:10.990 industry has a lot better inside . This 20:10.990 --> 20:14.230 case is so Erica critical partner . 20:16.310 --> 20:18.421 I think that taking it a step further 20:18.421 --> 20:20.880 in that individual local clever , not 20:20.890 --> 20:24.310 just a big corporate or company 20:24.320 --> 20:26.542 collaboration with federal government , 20:26.542 --> 20:28.930 but of people who call in suspicious 20:28.930 --> 20:31.820 information because they were worried 20:31.820 --> 20:35.580 about it . And they called me Just call 20:35.580 --> 20:39.080 FBI that the calling of us and they 20:40.050 --> 20:42.272 are calling because they're worried and 20:42.272 --> 20:44.383 they want to do the right thing . And 20:44.383 --> 20:46.606 how's those people call majority of the 20:46.606 --> 20:48.661 information that really were able to 20:48.661 --> 20:51.220 get to state our goals since 2016 has 20:51.220 --> 20:53.442 been because people call us . They have 20:53.442 --> 20:55.442 said they were concerned about some 20:55.442 --> 20:55.140 things , looked at it and we said , 20:55.140 --> 20:57.230 You're right and we got it out . So 20:57.240 --> 20:59.296 there's there's that element of that 20:59.296 --> 21:01.018 like that corporate industry , 21:01.018 --> 21:02.962 responsibility and collaboration . 21:02.962 --> 21:04.573 There's a federal government 21:04.573 --> 21:04.260 collaboration , but there's an 21:04.270 --> 21:07.050 individual leverage to all of us that 21:07.050 --> 21:11.000 it really is working . Yep , 21:11.000 --> 21:13.167 Bryson , if I can just really quick on 21:13.167 --> 21:15.740 on that , I think Cynthia raises really 21:15.740 --> 21:17.796 good point . It's appropriate here . 21:17.796 --> 21:20.320 Just the fact that there's now a guide 21:20.480 --> 21:22.147 for coordinated vulnerability 21:22.147 --> 21:24.147 disclosure for state local election 21:24.147 --> 21:26.313 officials in 2016 . As a member of the 21:26.313 --> 21:28.424 election community , I could tell you 21:28.424 --> 21:30.647 that was that was not a known commodity 21:30.647 --> 21:32.480 or something that they were even 21:32.480 --> 21:34.647 considering . And now we're progressed 21:34.647 --> 21:36.647 where folks like Jack Cable , who I 21:36.647 --> 21:38.313 know is on before , have bill 21:38.313 --> 21:40.536 relationships with election officials , 21:40.536 --> 21:42.424 help them understand the value of 21:42.424 --> 21:44.591 vulnerability , disclosure and working 21:44.591 --> 21:46.647 Ah Teoh with independent researchers 21:46.647 --> 21:48.702 and security experts . In that way , 21:48.702 --> 21:50.813 the fact that private industry within 21:50.813 --> 21:53.091 the elections community is rolling out , 21:53.091 --> 21:55.258 ah , vulnerability disclosure policies 21:55.258 --> 21:57.480 and engaging in that conversation , not 21:57.480 --> 21:59.702 something that was going on in 2016 and 21:59.702 --> 22:01.480 so that the multiple avenues of 22:01.480 --> 22:03.258 information multiple avenues of 22:03.258 --> 22:05.424 collaboration are really encouraging . 22:05.424 --> 22:07.536 I think we have , ah , ways to go . I 22:07.536 --> 22:09.258 think there's lots of room for 22:09.258 --> 22:09.070 improvement , certainly on the federal 22:09.070 --> 22:11.430 side , to help coordinate on that a 22:11.430 --> 22:13.763 state local level , increasing capacity , 22:13.763 --> 22:15.819 the ability , the intake and resolve 22:15.819 --> 22:18.152 and mitigate those vulnerabilities . Ah , 22:18.152 --> 22:20.420 but it's a drastic improvement from 22:20.430 --> 22:22.597 from where we were even four years ago 22:22.597 --> 22:24.070 and really speaks to the 22:24.070 --> 22:26.292 professionalism of state local election 22:26.292 --> 22:28.730 officials in particular , uh , who care 22:28.730 --> 22:30.619 deeply about the security of this 22:30.619 --> 22:32.674 process in their systems and want to 22:32.674 --> 22:34.841 find ways to improve and talk to their 22:34.841 --> 22:37.063 voters about the steps they've taken to 22:37.063 --> 22:39.890 secure it have . This industry in this 22:39.890 --> 22:42.110 community has really matured very 22:42.110 --> 22:44.332 quickly compared to some others . And I 22:44.332 --> 22:47.060 think it's part due to events like this 22:47.060 --> 22:49.227 like that where researchers are coming 22:49.227 --> 22:51.393 together talking about you know what's 22:51.393 --> 22:53.671 going on , where their vulnerabilities , 22:53.671 --> 22:55.616 what are some ways we can fix that 22:55.616 --> 22:57.782 taking a look at other industries like 22:57.782 --> 23:00.060 telecoms , aviation , things like that , 23:00.060 --> 23:02.282 getting those best practices out of the 23:02.282 --> 23:04.393 way kind of quickly . And as Matt was 23:04.393 --> 23:06.671 saying , it's because individuals care . 23:06.671 --> 23:08.893 And I think that's probably the biggest 23:08.893 --> 23:10.949 part this that I want people to take 23:10.949 --> 23:12.893 away from . This is that elections 23:12.893 --> 23:15.060 happen in communities . I think that's 23:15.060 --> 23:15.040 really what it comes down to is 23:15.040 --> 23:17.207 everyone gets a sense of how important 23:17.207 --> 23:19.373 is that at the very local level , Then 23:19.373 --> 23:21.690 all that builds up to build a sense of 23:21.700 --> 23:23.950 national urgency importance about the 23:23.950 --> 23:27.800 issue and to see the election officials 23:27.800 --> 23:30.490 really get on board with this idea that 23:30.500 --> 23:32.722 they are part of the defense network to 23:32.722 --> 23:34.430 make sure that we don't have 23:34.560 --> 23:37.180 interference of playing , you know , in 23:37.180 --> 23:39.550 our elections and to see them . You get 23:39.560 --> 23:42.170 educated on the issues and really try 23:42.170 --> 23:44.690 to convey their own sense of confidence 23:44.700 --> 23:46.700 and their systems because they know 23:46.700 --> 23:48.756 what goes into running an election . 23:48.756 --> 23:50.978 It's not all just about cybersecurity . 23:50.978 --> 23:53.200 There are administrative tasks thinking 23:53.200 --> 23:55.422 todo their other task that some of them 23:55.422 --> 23:57.422 or even responsible for and so they 23:57.422 --> 23:59.644 care deeply about elections . They want 23:59.644 --> 24:01.700 to make sure that everyone who votes 24:01.700 --> 24:03.811 has level of confidence that they can 24:03.811 --> 24:05.756 feel when they go into the polling 24:05.756 --> 24:07.589 place or when they mail in their 24:07.589 --> 24:09.811 ballots . So follow questions . So it's 24:09.811 --> 24:12.760 Maurice and Matt Mr Type . This falls 24:13.060 --> 24:16.360 from a question from the Internet . On 24:16.380 --> 24:18.710 it is we're talking to a very unique 24:18.720 --> 24:21.110 fights today , right ? They are 24:21.110 --> 24:22.888 citizens of the world . They're 24:22.888 --> 24:25.110 American citizens . But their packers , 24:25.110 --> 24:28.240 right ? This is the immune system of 24:28.250 --> 24:30.472 the Internet that's there to figure out 24:30.472 --> 24:32.583 what we're expecting , gives things . 24:32.583 --> 24:34.750 They're doing it today in the voting . 24:34.890 --> 24:37.112 They're doing it on the technology . We 24:37.112 --> 24:39.279 talked about industry involved that we 24:39.279 --> 24:41.446 have individuals willing to take their 24:41.446 --> 24:43.612 times actually did into the technology 24:43.612 --> 24:45.834 itself , understand what works and what 24:45.834 --> 24:48.001 doesn't , because that gives us better 24:48.001 --> 24:49.946 trust and that technical education 24:49.946 --> 24:52.112 system . And so the full question here 24:52.112 --> 24:54.370 is , when would we start potential and 24:54.370 --> 24:56.592 should have a prerequisite for entrance 24:57.390 --> 25:00.490 to the PTSD certification process that 25:00.490 --> 25:02.434 election system vendors adopt good 25:02.434 --> 25:04.570 vulnerability disclosure policies has 25:04.570 --> 25:07.120 called out today , so make them widely 25:07.120 --> 25:09.120 available for penetration testing . 25:10.610 --> 25:13.220 I'll take that since the sea is in 25:13.220 --> 25:15.109 charge of the development and the 25:15.109 --> 25:17.690 approval of the BBS key . So those air 25:17.700 --> 25:20.880 guidelines that are used by states on 25:20.890 --> 25:22.930 and it directs the manufacturers to 25:22.930 --> 25:24.930 meet certain requirements that they 25:24.930 --> 25:26.986 built their systems in a way that is 25:26.986 --> 25:29.240 accessible , insecure and usable . And 25:29.240 --> 25:31.250 so I think the idea of a voluntary 25:31.250 --> 25:34.070 disclosure policy being part of that 25:34.290 --> 25:36.410 would really just be the codification 25:36.410 --> 25:38.630 of industry best practices . Now 25:38.770 --> 25:40.910 manufacturers know that they're in 25:40.910 --> 25:44.390 competition to help bring a better 25:44.390 --> 25:47.630 level of security to these systems that 25:47.630 --> 25:49.574 are in use . And so I think that's 25:49.574 --> 25:51.519 already happening . We've seen the 25:51.519 --> 25:53.519 fruits of that labor already didn't 25:53.519 --> 25:56.080 need to come from a federal agency to 25:56.130 --> 25:58.280 help the process along . 25:59.600 --> 26:01.780 So to answer your question , it's 26:01.780 --> 26:04.710 already happening . And so as the 26:04.720 --> 26:06.887 industry continues to mature , I think 26:06.887 --> 26:08.498 that we'll see more and more 26:08.498 --> 26:10.609 wonderfully disclosure policies . And 26:10.609 --> 26:12.831 I'm hoping that you folks out there get 26:12.831 --> 26:14.998 interested in this sector and actually 26:14.998 --> 26:17.109 use them . You find that legal way of 26:17.109 --> 26:19.220 record of doing the research and then 26:19.220 --> 26:21.276 reporting and responsibility to make 26:21.276 --> 26:20.990 sure that the problems actually get 26:21.000 --> 26:23.330 fixed . This isn't about a big bug 26:23.330 --> 26:25.441 bounding that you're going after this 26:25.441 --> 26:27.719 isn't about trying to embarrass anyone . 26:27.719 --> 26:29.497 This is about strengthening our 26:29.497 --> 26:31.052 democracy literally through 26:31.052 --> 26:33.590 strengthening our systems . Bryson , 26:33.590 --> 26:36.470 just just add a little bit . Maurice Ah 26:36.480 --> 26:38.647 really tackled the meat of the issue , 26:38.647 --> 26:40.950 but I agree . I mean , we have had 26:41.520 --> 26:43.780 several vendors election system vendors 26:43.780 --> 26:45.836 come through our penetration testing 26:45.930 --> 26:47.930 process . What we call our critical 26:47.930 --> 26:50.620 product evaluation process . Uh , up in 26:50.770 --> 26:52.910 Idaho , uh , we have seen the private 26:52.910 --> 26:55.077 sector embrace that Now we're starting 26:55.077 --> 26:57.132 to see , I think , the fruits of the 26:57.132 --> 26:58.966 work of , of not just the voting 26:58.966 --> 27:01.077 village . Ah , but the private sector 27:01.077 --> 27:03.188 companies to understand the value and 27:03.188 --> 27:05.188 frankly , the marketplace dictating 27:05.188 --> 27:07.354 that that improved security Ah , steps 27:07.354 --> 27:09.354 towards coordinated vulnerability . 27:09.354 --> 27:11.410 Disclosure processes are going to be 27:11.410 --> 27:13.632 good for business . Ah , and that's why 27:13.632 --> 27:15.799 you see a reflection in progress being 27:15.799 --> 27:18.190 made . The private sector is hearing 27:18.450 --> 27:20.650 from customers is responding , and I 27:20.650 --> 27:23.590 think we'll continue to see progress 27:23.590 --> 27:26.360 made on that level . I think one step 27:26.360 --> 27:28.304 we need to take and I know the A C 27:28.304 --> 27:30.471 takes this very seriously , and states 27:30.471 --> 27:32.527 need to be thinking about it , too . 27:32.527 --> 27:34.860 But to the extent it involves equipment , 27:34.860 --> 27:34.780 whether he pulled books are voting 27:34.780 --> 27:37.002 systems that they certify , you have to 27:37.002 --> 27:39.310 be ready to respond and adjust 27:39.320 --> 27:43.040 certification , quickly , adapt to 27:43.050 --> 27:45.272 those type of processes . So I think we 27:45.272 --> 27:47.494 have a maturing to do sort of in the ah 27:47.670 --> 27:50.690 ah , bureaucratic lane to make sure 27:50.690 --> 27:52.857 that we can support the private sector 27:52.857 --> 27:55.180 as they're changing and evolving and 27:55.190 --> 27:59.090 accepting . Ah , this approach that we 27:59.090 --> 28:01.110 support them , ah , in our 28:01.110 --> 28:03.180 certification processes and the way 28:03.180 --> 28:04.847 that systems need to be field 28:08.000 --> 28:10.460 so that all ties back to that . What is 28:10.460 --> 28:13.320 the threat China , Iran ? Russia had 28:13.330 --> 28:15.810 mentioned . How are they a threat ? 28:16.000 --> 28:18.167 What are they doing ? And are they the 28:18.167 --> 28:20.222 only threat that we would be worried 28:20.222 --> 28:23.900 about ? So I'll start with that one up , 28:24.070 --> 28:26.237 I would say those are the mean friends 28:26.237 --> 28:28.403 were facing again . I think Ransomware 28:28.403 --> 28:30.403 is like one of those wild cards out 28:30.403 --> 28:34.380 there that should be fielded by anyone . 28:35.010 --> 28:36.450 Theory critical actors . 28:39.250 --> 28:43.230 That s o Russia . I think in terms 28:43.230 --> 28:45.530 up in evolution what we've seen , we 28:45.530 --> 28:47.863 talked about the research agency . What ? 28:47.863 --> 28:49.697 They did it kind of social media 28:49.697 --> 28:52.970 accounts , troll farms in terms of 2020 28:52.980 --> 28:55.890 shift seen a ship or words used proxies . 28:56.150 --> 28:58.720 I got such amazing intermediaries gonna 28:58.730 --> 29:00.841 remember in a technology crowd . Sort 29:00.841 --> 29:04.180 of saying Rockies , So , you know , 29:04.950 --> 29:07.810 using again I mentioned before 29:07.810 --> 29:09.866 laundering information through other 29:09.866 --> 29:13.340 individuals into the media space IRA 29:13.350 --> 29:16.470 seen seeing death ship tactics . They 29:16.470 --> 29:19.060 had set up something in Africa I got in 29:19.070 --> 29:22.060 terms of trying having people . They're 29:22.060 --> 29:24.170 trying to put stuff online . Most 29:24.180 --> 29:26.790 things about socially divisive issues 29:27.600 --> 29:31.570 using covert , absolutely spot sites 29:31.820 --> 29:33.987 to feel that get their narrative out . 29:34.190 --> 29:36.468 So those that's kind of a shift attack , 29:36.468 --> 29:39.060 it seems Russia side , China I think 29:39.060 --> 29:42.160 you scale is something that 29:42.840 --> 29:45.007 has been matched in terms of them is a 29:45.007 --> 29:47.118 fried balls of a cyber standpoint and 29:47.390 --> 29:49.112 from an influence standpoint , 29:49.112 --> 29:51.223 certainly on insolence is very active 29:51.223 --> 29:53.480 in their regions . Want 29:55.130 --> 29:57.297 becoming potentially more aggressive , 29:57.297 --> 30:00.040 U S . Bases , something that monitor 30:00.600 --> 30:03.160 prepare for but you know , inside for 30:03.170 --> 30:05.790 China cyber threat . You know , they're 30:05.790 --> 30:07.901 a little bit different in terms . Off 30:07.901 --> 30:10.160 scale rats with targets . They right 30:10.710 --> 30:13.770 Every U S . Citizen is targeting China . 30:13.780 --> 30:17.480 Just big data ki i I there sitting , 30:17.490 --> 30:20.360 collecting , obviously everyone's i d 30:20.360 --> 30:22.530 threat on the sides of standard 30:22.530 --> 30:25.370 intelligence type targets . So I think 30:25.370 --> 30:27.640 that's that's that your heart that , 30:27.650 --> 30:29.817 you know , I ran just getting into the 30:29.817 --> 30:31.983 game to write in terms of trying to do 30:34.580 --> 30:36.247 according to what the other . 30:39.690 --> 30:42.750 Yeah . So you know Russia . You know 30:42.750 --> 30:44.806 what ? All for everyone . You should 30:44.806 --> 30:46.861 read the work that came out from the 30:46.861 --> 30:48.972 State Department couple days ago . 77 30:48.972 --> 30:51.139 pages , you know , call the pillars of 30:51.139 --> 30:53.390 disinformation about various sites 30:53.390 --> 30:55.723 operated by Russian . Just ask yourself , 30:55.723 --> 30:58.640 you know why in Russia , you know a 30:58.650 --> 31:00.594 country where a few people read or 31:00.594 --> 31:02.372 write English , you know , they 31:02.372 --> 31:04.594 continue to put out a tremendous amount 31:04.594 --> 31:07.870 of English language news on these on 31:07.870 --> 31:10.037 these French news outlets , you know , 31:10.037 --> 31:12.092 that really involved divisive issues 31:12.092 --> 31:15.390 that us face . So , you know , again , 31:15.390 --> 31:17.501 a tremendous amount of platforms that 31:17.790 --> 31:20.950 that the Russians investing CNN ran a 31:20.960 --> 31:24.510 great news expose in April of 2020 31:24.840 --> 31:28.070 about the organization that Dave 31:28.840 --> 31:32.470 they reference . So 80 trolls and Ghana , 31:32.480 --> 31:35.540 led by God himself . Wired is who grew 31:35.540 --> 31:39.440 up in Ghana educated in Russia on and 31:39.450 --> 31:41.617 appears to have been on the payroll of 31:41.617 --> 31:43.617 the production network . So again , 31:43.617 --> 31:45.728 it's about a seven minute watch . CNN 31:45.728 --> 31:47.783 did a fantastic job , and that could 31:47.783 --> 31:50.670 just provide you some insight into what 31:50.670 --> 31:52.670 the Russians were doing there . And 31:52.670 --> 31:54.614 then , you know what we talk about 31:54.614 --> 31:56.726 private industry , you know , whether 31:56.726 --> 31:58.781 it's Facebook , Google , Microsoft , 31:58.781 --> 32:01.003 you know you there . Dozens of articles 32:01.003 --> 32:03.059 about how these technology companies 32:03.059 --> 32:05.281 have identified this malicious behavior 32:05.281 --> 32:07.930 on their on their platforms that they 32:07.930 --> 32:10.097 were able to link back to the nation . 32:10.097 --> 32:12.430 State adversaries Russia , China , Iran . 32:12.430 --> 32:14.597 So , you know , I would tell everybody 32:14.597 --> 32:16.541 there's a ton , a ton of stuff out 32:16.541 --> 32:18.486 there . You know , when we put the 32:18.486 --> 32:20.708 cyber com then I say we want we want to 32:20.708 --> 32:22.763 focus on that classified cyber box . 32:22.763 --> 32:22.760 But I'll tell you , there is a 32:22.770 --> 32:24.937 tremendous amount of great information 32:24.937 --> 32:27.310 already out there on the Internet . A 32:27.310 --> 32:29.590 lot of insight , you know , as a 32:29.600 --> 32:32.320 Cynthia talked about . You know , we 32:32.330 --> 32:34.980 you know , the U S government for you 32:35.250 --> 32:37.640 experts that are out there you know if 32:37.640 --> 32:39.970 you see suspicious activity , Healthy 32:39.970 --> 32:42.850 hs tell the FBI you know , we the 32:42.860 --> 32:45.082 government will do something about it . 32:45.082 --> 32:47.249 You know , if it's a domestic threat , 32:47.249 --> 32:49.360 those organizations will address it . 32:49.360 --> 32:51.582 If it's a foreign threat , they'll tell 32:51.582 --> 32:51.440 us . And I don't mean no . Tell us , 32:51.440 --> 32:53.496 like , six months from now , they'll 32:53.496 --> 32:55.662 tell us that day . Don't tell us early 32:55.662 --> 32:57.884 the next morning . You know , we had an 32:57.884 --> 32:59.884 incident the other night that , you 32:59.884 --> 33:01.996 know , I heard at 1 42 in the morning 33:02.090 --> 33:03.979 and , you know , about six in the 33:03.979 --> 33:06.201 morning . We had cyber teams looking at 33:06.201 --> 33:08.312 the activity . And so again , for you 33:08.312 --> 33:10.534 experts out there , you know , uh , you 33:10.534 --> 33:12.479 know better than anybody else . If 33:12.479 --> 33:14.590 something is weird is going on on the 33:14.590 --> 33:16.812 Internet on , I would just ask , get it 33:16.812 --> 33:19.330 to share that way The government and I 33:19.330 --> 33:21.510 say to just for about a cyber aspect , 33:21.520 --> 33:23.420 because there were a lot of anger 33:26.450 --> 33:28.920 leveraging trust relationships . I know 33:29.130 --> 33:32.400 it's contacting right , so some of 33:32.400 --> 33:34.289 these networks that they might be 33:34.289 --> 33:36.456 interested in are very well defended , 33:36.456 --> 33:38.789 just like beauty , right ? But you know , 33:38.789 --> 33:40.900 cos sometimes outsource the marketing 33:40.900 --> 33:43.122 department's . There's other other soft 33:43.122 --> 33:45.289 targets out there . Think takes . That 33:45.289 --> 33:47.400 could be lucrative even from an Intel 33:47.400 --> 33:49.456 destructive . You know , thanks . Do 33:49.456 --> 33:51.511 policy work for our politicians have 33:51.511 --> 33:53.844 contacts with officials . So , you know , 33:53.844 --> 33:55.789 sometimes going outside bull's eye 33:56.630 --> 33:58.519 again . A lot of a lot of this is 33:58.519 --> 34:00.574 compensating , explaining publicly . 34:00.574 --> 34:03.220 Don't see these bastards sprayings your 34:03.230 --> 34:05.880 fishing , you name it . They're they're 34:05.880 --> 34:08.102 using showdown with these groups week . 34:08.102 --> 34:10.324 They're they're using those tools , get 34:10.324 --> 34:13.800 access that is inside a bullseye 34:13.810 --> 34:15.990 leverage that leverage in Macau number 34:15.990 --> 34:18.320 connection getting a target going out 34:19.150 --> 34:21.372 of an important point that that sort of 34:21.372 --> 34:24.550 a parting isn't stuff . It was from 34:26.910 --> 34:30.390 spearfishing for looking for those 34:33.680 --> 34:37.000 more That's been continuing apace and 34:37.010 --> 34:39.232 we were talking a lot of incidents even 34:39.232 --> 34:42.410 right now on and the good news with all 34:42.410 --> 34:44.680 those incidents is we have any 34:44.990 --> 34:48.310 widespread attacks from those . But 34:48.650 --> 34:51.040 it's interesting because that tracking 34:51.040 --> 34:54.320 lot of incidents can feel scary , but 34:54.320 --> 34:56.710 it also it gives me a lot of 34:59.040 --> 35:01.207 it makes me feel better almost because 35:01.207 --> 35:04.120 I know that we're detecting And , uh , 35:05.940 --> 35:07.829 that means we have a lot of false 35:07.829 --> 35:09.773 positives that we follow up on . I 35:09.773 --> 35:11.884 travel back then , not knowing things 35:11.884 --> 35:13.718 were out there But it also means 35:13.718 --> 35:15.829 beautiful or a picture . And you know 35:15.829 --> 35:18.162 that Fulham picture , as Dave mentioned , 35:18.162 --> 35:21.370 is cycle for most and not just 35:21.370 --> 35:24.250 ransomware . Other types of 35:26.650 --> 35:28.730 incidents as well and an actor swell 35:28.730 --> 35:30.980 and way really have to be on guard , 35:30.980 --> 35:33.091 not just if it's coming from Russia , 35:33.091 --> 35:35.540 China , Iran , a host of other groups 35:35.540 --> 35:37.940 but a threat to its election network 35:37.950 --> 35:41.170 for a campaign that is a friend and way 35:41.170 --> 35:44.070 need toe be ableto flexible in 35:44.070 --> 35:47.390 addressing that , and I getting in 35:47.390 --> 35:49.446 front of that head on so that we can 35:49.540 --> 35:52.010 make sure that come Election Day . 35:52.020 --> 35:54.298 We're not dealing with a lot of pop up , 35:54.298 --> 35:56.409 for instance , spending a lot of time 35:56.409 --> 35:59.270 trying to grow . Yeah , I think that 35:59.280 --> 36:01.950 that's this cyber and cyber threats and 36:02.240 --> 36:04.462 threats , and it is a dangerous space . 36:04.462 --> 36:07.950 We know about actively intact , 36:08.940 --> 36:12.550 potentially populism opinions . 36:13.900 --> 36:16.430 But no way . We're just talking before 36:16.430 --> 36:18.540 this panel . I think it turns up 36:20.140 --> 36:22.370 using influence have made people 36:22.650 --> 36:25.530 distrust either electoral outcome , so 36:25.530 --> 36:28.750 you could have a ransomware incident in 36:28.750 --> 36:31.110 a local level that actually doesn't 36:31.110 --> 36:34.810 even impact like the elections 36:35.010 --> 36:38.240 county or any of that someone could 36:38.240 --> 36:40.296 that spin an influence campaign that 36:40.296 --> 36:42.650 gets reported to make you think it has 36:42.660 --> 36:44.716 had an impact and that knocks . Russ 36:45.000 --> 36:46.944 results , right ? So that's one of 36:46.944 --> 36:49.222 those things that I think is worrisome , 36:49.240 --> 36:51.018 even if the cyberattack doesn't 36:51.018 --> 36:53.000 actually have to have a measurable 36:53.300 --> 36:56.640 impact conflict . If you want to vote 36:56.650 --> 36:59.630 tallies , it's . But if something 36:59.640 --> 37:01.640 people take that , try to stand off 37:01.640 --> 37:03.190 information operations . 37:07.200 --> 37:09.520 That point , let's like drive home is 37:09.520 --> 37:12.920 that it's not just about you know what 37:12.920 --> 37:15.142 actually happened . Word votes actually 37:15.142 --> 37:17.364 change . That's incredibly difficult to 37:17.364 --> 37:19.642 do at scale . Wait , it's undetectable . 37:19.642 --> 37:21.642 But if you can put that message out 37:21.642 --> 37:23.698 there that causes people to question 37:23.698 --> 37:23.520 and in their local election officials 37:23.530 --> 37:25.752 picks up that phone call and they don't 37:25.752 --> 37:27.863 have a good response , for that could 37:27.863 --> 37:29.974 be just the imaging eyes . That's why 37:29.974 --> 37:32.197 Eddie A . C . We feel so strongly about 37:32.197 --> 37:33.974 making sure that local election 37:33.974 --> 37:35.863 officials have the tools have the 37:35.863 --> 37:38.030 training they need to partner with the 37:38.030 --> 37:40.086 Center for Tech in Civic Life . Taxi 37:40.086 --> 37:39.980 provide that basics intermediary , 37:40.720 --> 37:42.770 intermediate level of cybersecurity 37:42.770 --> 37:44.937 training so that they understand , you 37:44.937 --> 37:47.048 know , why is it important ? Have two 37:47.048 --> 37:49.103 factor authentication ? What does it 37:49.103 --> 37:51.048 mean to actually have a password ? 37:51.048 --> 37:50.490 Managers were not reusing your 37:50.500 --> 37:53.560 passports basics that most books that 37:53.560 --> 37:55.727 are watching us right now are thinking 37:56.140 --> 37:58.240 anybody not know how to do that ? I 37:58.290 --> 38:00.234 have never been taught that if you 38:00.234 --> 38:02.401 don't have understanding of the impact 38:02.401 --> 38:04.401 of that , then it might be too much 38:04.401 --> 38:06.623 work . But once you understand how much 38:06.623 --> 38:08.734 bad stuff that actually prevent , you 38:08.734 --> 38:10.568 recognize it's actually not that 38:10.568 --> 38:12.679 difficult . Sex is pretty easy to use 38:12.679 --> 38:14.790 it . If you are familiar with tools , 38:14.790 --> 38:17.012 and then it gives you the confidence to 38:17.012 --> 38:19.346 stand up and say , You know what ? Yeah , 38:19.346 --> 38:18.420 we heard about the Ransomware , or 38:18.420 --> 38:20.531 maybe we got hit with some ransomware 38:20.531 --> 38:22.864 but you know , the town down the street . 38:22.864 --> 38:25.031 But we're ready . These are the things 38:25.031 --> 38:26.920 that we're doing . Russell . It's 38:26.920 --> 38:26.810 another thing to talk about . Here is 38:26.810 --> 38:28.810 some of the big things , high level 38:28.810 --> 38:30.977 things that we're doing to be prepared 38:30.977 --> 38:33.199 so that if we do get a phishing email , 38:33.199 --> 38:35.310 you know how to spot it . We know how 38:35.310 --> 38:37.477 to stop it . We can recover from those 38:37.477 --> 38:39.532 back ups that we actually do get hit 38:39.532 --> 38:39.200 with it . And so I think that's why 38:39.200 --> 38:41.380 it's so important that the local 38:41.380 --> 38:43.213 election officials I have little 38:43.213 --> 38:45.436 confidence thinking , then reflect back 38:45.436 --> 38:47.436 on to their voters when it comes to 38:47.436 --> 38:50.510 elections . Yeah , just just real quick 38:50.510 --> 38:52.740 on that . Maurice raises some really 38:52.740 --> 38:54.851 good points . And it's why we spent a 38:54.851 --> 38:57.073 lot of time insist on something we call 38:57.073 --> 38:58.907 the Last Mile project , which is 38:58.907 --> 39:00.907 literally a poster project offering 39:00.907 --> 39:03.120 both risk assessment and then 39:03.130 --> 39:06.230 mitigation advice to the local level . 39:06.240 --> 39:08.160 Almost 6000 local jurisdictions 39:08.760 --> 39:10.593 specific to their state in their 39:10.593 --> 39:12.816 jurisdictions so that they can not only 39:12.816 --> 39:14.816 take the steps , whether it's multi 39:14.816 --> 39:16.982 factor authentication or penetration , 39:16.982 --> 39:19.149 testing or fishing campaign resilience 39:19.149 --> 39:21.260 or creating incident response plans , 39:21.260 --> 39:23.482 which we really focused on but then can 39:23.482 --> 39:25.704 go and talk to their voters . And we've 39:25.704 --> 39:27.871 seen some cool approaches to this . We 39:27.871 --> 39:29.871 saw one state , the state of Iowa , 39:29.871 --> 39:32.093 take their posters after the state fair 39:32.093 --> 39:34.093 so that they could talk to their to 39:34.093 --> 39:33.990 their voters directly about steps they 39:33.990 --> 39:36.212 were taking . We saw the state of Rhode 39:36.212 --> 39:38.434 Island work with their libraries to put 39:38.434 --> 39:40.546 it up in the library system that they 39:40.546 --> 39:42.379 could talk to voters through the 39:42.379 --> 39:44.490 library's about this and in the end . 39:44.490 --> 39:46.712 And you know , I think they've raises a 39:46.712 --> 39:48.546 really important point . There's 39:48.546 --> 39:50.323 resilience to cyber intrusion , 39:50.323 --> 39:52.434 resilience and the ability to recover 39:52.434 --> 39:54.546 from incidents . But then there's the 39:54.546 --> 39:56.879 resilience that we need to install . Uh , 39:56.879 --> 39:59.046 in talking to the American voter way , 39:59.046 --> 40:01.046 need voters that they're prepared , 40:01.046 --> 40:03.212 right ? That understand the registry . 40:03.212 --> 40:05.434 Am I registered ? What's on my ballot ? 40:05.434 --> 40:05.070 What are my voting options , 40:05.070 --> 40:07.550 particularly amongst Cove . It s so 40:07.550 --> 40:09.606 that they can have confidence on how 40:09.606 --> 40:11.717 they're going to engage the process . 40:11.717 --> 40:13.883 We need ah , voter , that is patient . 40:13.883 --> 40:16.050 That understands that perhaps election 40:16.050 --> 40:18.272 night results won't be is complete eyes 40:18.272 --> 40:19.939 what we're used to in a given 40:19.939 --> 40:22.106 jurisdiction in that ah , the accuracy 40:22.106 --> 40:22.040 of the vote count is the most important 40:22.040 --> 40:24.400 thing regardless of the time it takes 40:24.570 --> 40:26.681 Ah , and then we need ah , voter that 40:26.681 --> 40:29.630 participates that engages , we need ah , 40:29.640 --> 40:32.800 you know , 250,000 arm or whole workers 40:32.800 --> 40:34.967 across this country in preparation for 40:34.967 --> 40:37.189 November in the midst of covert when we 40:37.189 --> 40:39.210 have a poll workers that , uh , you 40:39.210 --> 40:41.432 know , we're gonna be unwilling to work 40:41.432 --> 40:43.543 either because their age or high risk 40:43.543 --> 40:45.766 nature . Ah , and , uh so having people 40:45.766 --> 40:47.932 engaged in participating the rally for 40:47.932 --> 40:50.099 the for those folks that are listening 40:50.099 --> 40:50.030 no one told me anyone would be 40:50.030 --> 40:52.252 listening to this . So now I'm a little 40:52.252 --> 40:54.419 worried , but anyone that is listening 40:54.419 --> 40:56.530 go sign up to be a poll worker if you 40:56.530 --> 40:58.641 want to understand the process . Matt 40:58.641 --> 41:00.530 Place hits this every time . He's 41:00.530 --> 41:02.641 exactly right . If you have questions 41:02.641 --> 41:04.752 if you have concerns . If you want to 41:04.752 --> 41:06.919 help secure the process , start off by 41:06.919 --> 41:09.030 being an election worker . You're not 41:09.030 --> 41:11.141 gonna get turned down . We need you . 41:11.141 --> 41:13.141 Ah , and it's the best way to learn 41:13.141 --> 41:15.086 where the resiliency exists in the 41:15.086 --> 41:14.790 process where improvements could be 41:14.790 --> 41:17.012 made . Ah , in order to get involved if 41:17.012 --> 41:19.012 you can't be a poll worker , if you 41:19.012 --> 41:21.012 can't take on that risk , there are 41:21.012 --> 41:23.012 opportunities to watch pre election 41:23.012 --> 41:25.123 testing of systems . We run elections 41:25.123 --> 41:26.790 at the local level so you can 41:26.790 --> 41:29.012 participate directly with those who run 41:29.012 --> 41:31.179 the process . So go get your questions 41:31.179 --> 41:31.160 answered , go engage with them and see 41:31.160 --> 41:33.493 what kind of support they're in need of , 41:33.493 --> 41:35.438 in particular serving his election 41:35.438 --> 41:37.604 worker . It really is the best path to 41:37.604 --> 41:39.660 doing this and the best way to learn 41:39.660 --> 41:41.993 the process . But if we can have voters , 41:41.993 --> 41:44.271 the voters are last line of resilience . 41:44.271 --> 41:46.327 Is director Krebs says . They're the 41:46.327 --> 41:48.160 ones that that can really ensure 41:48.160 --> 41:50.160 responsive resilience , a resilient 41:50.160 --> 41:52.104 process when attempts to undermine 41:52.104 --> 41:54.970 confidence or there . There is no such 41:54.970 --> 41:57.090 thing as a secure system , right ? We 41:57.090 --> 41:59.257 never hit a plateau where it's like up 41:59.257 --> 42:01.790 for good . We cannot back home to take 42:01.790 --> 42:04.340 the next year off . So quick question 42:04.350 --> 42:07.830 from a lot of interested 42:08.250 --> 42:10.417 citizens who want to get involved ties 42:10.417 --> 42:12.639 to the fact around . OK , so you talked 42:12.639 --> 42:14.639 about detection being a key part of 42:14.639 --> 42:16.861 that system where exactly they supposed 42:16.861 --> 42:19.194 to go figure out where to say something ? 42:20.000 --> 42:22.000 Well , you can go to your local FBI 42:22.000 --> 42:25.940 field office . You could go on Teoh FBI 42:25.950 --> 42:29.270 backup and find out contacts or eye 42:29.920 --> 42:32.590 contact our FBI . So I watched directly 42:33.650 --> 42:36.690 and you could go to multiple other 42:36.690 --> 42:38.634 agencies as well , because what we 42:38.634 --> 42:40.857 really said is call the ones felt all , 42:40.950 --> 42:44.720 and that's how I we are ensuring that 42:44.720 --> 42:47.490 there's that information sharing across . 42:49.800 --> 42:53.430 So there was that . Yeah , I was just 42:53.430 --> 42:56.310 gonna say Cynthia's exactly right . You 42:56.310 --> 42:58.532 know , we first of all , if you know of 42:58.532 --> 43:00.310 something within your community 43:00.310 --> 43:02.143 engaging directly with the local 43:02.143 --> 43:04.366 election officials , really critical to 43:04.366 --> 43:06.477 help understand did you actually find 43:06.477 --> 43:08.588 something or eyes ? Something they're 43:08.588 --> 43:10.910 aware of ? Otherwise , Uh , the second 43:10.910 --> 43:12.743 part is engaging with your state 43:12.743 --> 43:14.966 officials . They're prepared to take it 43:14.966 --> 43:16.966 on . They're the ones that know the 43:16.966 --> 43:19.077 process . Know their systems can talk 43:19.077 --> 43:21.188 to the vendors if it's a vendor issue 43:21.188 --> 43:23.132 on and then the I sacking this for 43:23.132 --> 43:25.354 exactly this reason is , Well , there's 43:25.354 --> 43:27.521 an avenue . Ah , and it happens fairly 43:27.521 --> 43:27.390 commonly that if you report to the 43:27.390 --> 43:29.501 Election Infrastructure , Information 43:29.501 --> 43:31.501 Sharing Analysis Center or directly 43:31.501 --> 43:33.723 into system uh , we now have the points 43:33.723 --> 43:35.890 of contact that we didn't have in 2016 43:35.890 --> 43:38.057 to be able to get valuable information 43:38.057 --> 43:40.057 to state . Local election officials 43:40.057 --> 43:41.779 said they could take action on 43:41.779 --> 43:43.779 something that's identified so that 43:43.779 --> 43:45.779 there are avenues again . The state 43:45.779 --> 43:48.001 local officials know their systems that 43:48.001 --> 43:50.112 best prepared to mitigate a problem . 43:50.112 --> 43:52.279 But if you're not finding success that 43:52.279 --> 43:54.250 route that the ice axis FBI field 43:54.250 --> 43:56.680 office are available to help you get 43:56.680 --> 43:58.847 there . Ah , and understandably , some 43:58.847 --> 44:00.847 folks may not want to go out of the 44:00.847 --> 44:02.958 federal government , which is why the 44:02.958 --> 44:02.760 ICE Act really offers a nice , safe 44:02.760 --> 44:05.660 place to begin that reporting offer up 44:05.670 --> 44:07.726 the A C as well . You consider email 44:07.726 --> 44:09.614 the security at the a c dot gov . 44:09.614 --> 44:11.670 Obviously , we have connections with 44:11.670 --> 44:13.726 all manufacturers . If you're having 44:13.726 --> 44:15.781 trouble with particular manufacturer 44:15.781 --> 44:15.680 having trouble with particular agency , 44:15.680 --> 44:17.791 every local official , or just not in 44:17.791 --> 44:19.958 the response you want , we're happy to 44:19.958 --> 44:22.540 help facilitate that conversation . And 44:22.550 --> 44:24.772 just from a cyber constant , one of the 44:24.772 --> 44:26.772 big changes for us is you know , we 44:26.772 --> 44:28.772 historically had been focused , you 44:28.772 --> 44:30.939 know , working inside skips and one of 44:30.939 --> 44:32.772 the things we've really done and 44:32.772 --> 44:34.828 supported 2020 years . You know , we 44:34.828 --> 44:36.772 have organizations now that living 44:36.772 --> 44:38.883 outside skills there on Nipper Net or 44:38.883 --> 44:40.828 unclassified Internet , you know , 44:40.828 --> 44:42.717 they're in slack channels there , 44:42.717 --> 44:44.939 talking to the FBI . They're talking to 44:44.939 --> 44:47.106 be a jest . They're talking to private 44:47.106 --> 44:49.328 industry partners in there , you know , 44:49.328 --> 44:51.494 they're living in that same eco system 44:51.494 --> 44:53.606 that many of hopes that are listening 44:53.606 --> 44:55.661 to this presentation . Or so we have 44:55.661 --> 44:57.606 really tried toe adapt some of our 44:57.606 --> 44:59.939 behaviors . So we're able to , you know , 44:59.939 --> 45:02.050 in real time , flat rate our partners 45:02.050 --> 45:04.050 across government , you know , on a 45:04.050 --> 45:06.217 little different time scheduled in the 45:06.217 --> 45:08.272 traditional military one . Because I 45:08.272 --> 45:10.494 know most of you are probably not up at 45:10.494 --> 45:13.020 5 30 in the morning . Just like so , 45:13.030 --> 45:14.919 Bill Vanina , the director of the 45:14.919 --> 45:17.030 National Counterintelligence Security 45:17.030 --> 45:18.919 Center , just recently put out an 45:18.919 --> 45:21.086 official statement today talking about 45:21.086 --> 45:23.141 the very threat that work here . But 45:23.490 --> 45:25.712 all the threats were basically laid out 45:25.712 --> 45:28.046 in an equal manner . Would you say that ? 45:28.046 --> 45:30.101 That's equal ? What would you say is 45:30.101 --> 45:33.260 the biggest life ? I don't think we 45:33.260 --> 45:35.427 need to take any of the threats , like 45:35.690 --> 45:38.090 right ? I think statement in terms of 45:38.100 --> 45:41.150 what you saw out there , it lays out 45:41.470 --> 45:44.110 out . Each adversary is approaching 45:44.400 --> 45:48.010 problems . Certainly . Russia , China , 45:48.010 --> 45:51.960 Randy , they all have attending the 45:51.960 --> 45:55.950 audio activities . Maybe 45:55.960 --> 45:58.071 your unanswered , your best interests 45:58.071 --> 46:01.590 here . So , um , you know , I don't 46:01.590 --> 46:03.800 think I would say like one is scarier 46:03.800 --> 46:07.190 than the other per se . Certainly 46:07.880 --> 46:09.930 some of these adversaries are more 46:09.930 --> 46:12.290 experienced at this in terms about time 46:12.880 --> 46:16.160 they've been working doing 46:16.160 --> 46:19.830 operations . But , you know , from our 46:19.830 --> 46:21.941 perspective , you know , I care about 46:21.941 --> 46:23.941 all those threats . I take them all 46:23.941 --> 46:26.850 seriously because I guess I'm not some 46:26.850 --> 46:28.961 of the stuff . It's very cheap to get 46:28.961 --> 46:32.870 into , so I wouldn't 46:32.880 --> 46:36.070 do a value judgment this first . I 46:36.080 --> 46:38.302 couldn't agree more on that and I think 46:38.302 --> 46:40.413 that it's really important . Remember 46:40.413 --> 46:43.360 that Are great pictures always informed 46:43.370 --> 46:47.080 by collect what we know 46:47.090 --> 46:50.700 And you know we don't have pictures and 46:51.020 --> 46:53.242 how we really have to approach all this 46:53.242 --> 46:56.230 is what could be the effect from 46:56.350 --> 46:58.700 various grills . What could happen 46:58.700 --> 47:01.790 closer September October ? Because it 47:01.800 --> 47:05.340 still is a few months away and way . We 47:05.340 --> 47:07.173 need to be prepared for a lot of 47:07.173 --> 47:09.451 different things happening within that , 47:09.451 --> 47:12.550 and I foot stop again . You know , it 47:12.560 --> 47:15.290 doesn't just after the big three b I 47:16.830 --> 47:20.750 other non state actors , I or criminal 47:20.750 --> 47:23.750 groups in the light that are going toe 47:23.760 --> 47:26.000 undermined people's confidence in our 47:26.440 --> 47:28.800 system . And really , if you ask me , 47:28.810 --> 47:31.130 the biggest threat is it's these 47:31.140 --> 47:35.110 constant from or equals campaigns that 47:35.270 --> 47:38.060 are going to make people feel there 47:38.060 --> 47:40.227 must happen in our system . And that , 47:41.860 --> 47:43.804 and that's really near your eyes . 47:46.480 --> 47:48.480 Hey , Price . And just real quick . 47:48.480 --> 47:50.702 Everyone in the bedroom actually has to 47:50.702 --> 47:52.758 take a drink cause the Fed said foot 47:52.758 --> 47:54.924 stomp . So that's actually one sip for 47:54.924 --> 47:57.930 everyone in the bedroom . Thanks , 47:59.320 --> 48:01.820 but here I can't help but feel like 48:01.830 --> 48:04.163 you're cheating the system a little bit . 48:04.163 --> 48:06.274 Uh , if you don't have a drink . I've 48:06.274 --> 48:08.330 been drink . I've been drinking this 48:08.330 --> 48:10.497 whole panel . Don't worry , I'm good . 48:12.470 --> 48:14.526 Hey , put up or shut up . Shows your 48:14.526 --> 48:17.380 drink . It's in a water bottle . But 48:19.930 --> 48:21.930 so we're coming close to our end of 48:21.930 --> 48:24.650 time . So I want to ask you a final 48:25.080 --> 48:27.310 back questions to each of you . 48:29.000 --> 48:30.111 Have about a minute 48:33.610 --> 48:36.360 you get not Internet connected . Want 48:36.810 --> 48:38.730 magic wand ? Wait , What did you 48:38.740 --> 48:42.090 someone that The magic it is ? Yes . 48:42.100 --> 48:44.211 That is how it is wireless but wire . 48:45.330 --> 48:48.710 And one thing happens for your agency . 48:50.770 --> 48:52.770 I don't know . This isn't reality , 48:52.770 --> 48:54.992 right ? This isn't Oh , if only I could 48:54.992 --> 48:57.103 get $20 million to claim that this is 48:57.103 --> 48:59.840 what do you wish they process ? How did 48:59.840 --> 49:03.490 that ? Okay , so 2020 is almost Britain . 49:04.600 --> 49:07.220 Yellen , ballots start . People start 49:07.220 --> 49:10.200 story start happening . 2024 is our 49:10.200 --> 49:13.640 next . What is one good thing ? And one 49:13.640 --> 49:15.862 thing we really need to worry about the 49:15.862 --> 49:19.800 future . See , I feel like I 49:20.220 --> 49:22.690 do the shortstop . Right . Next . I , 49:22.700 --> 49:25.130 um I like you the most . Okay , 49:27.970 --> 49:31.390 I So I thinking about 49:32.130 --> 49:35.450 I how what I really wish we had more 49:35.460 --> 49:38.910 off is I wish we had 49:39.280 --> 49:43.080 more people right now with the 49:44.070 --> 49:47.200 settler skill set that he could hire 49:47.760 --> 49:50.650 quickly and get him on on so that we 49:50.650 --> 49:53.880 could . I just expand our scope and 49:53.880 --> 49:56.200 scale on speed in which we're 49:56.200 --> 49:58.311 addressing threats . And I think that 49:58.311 --> 50:00.256 that goes towards you know , we're 50:00.256 --> 50:02.478 putting so much about the haves against 50:02.478 --> 50:04.700 election , and I feel really good about 50:04.700 --> 50:06.756 where we're at on it . But what does 50:06.756 --> 50:09.470 that work that you know that the words 50:09.470 --> 50:11.820 mean ? And I'd like us to know that we 50:11.830 --> 50:15.490 have people coming to us , 50:15.500 --> 50:17.500 that I want to do the right thing , 50:17.910 --> 50:20.490 that I want to protect America and have 50:20.500 --> 50:23.250 those skills . Siri Teoh 50:25.950 --> 50:27.600 as it was 2024 . Whatever . 50:29.400 --> 50:32.450 So I hope we keep guys collaboration 50:32.460 --> 50:35.170 and the focus alive . I know in my 50:35.180 --> 50:37.347 remarks I get a real quick overview of 50:37.347 --> 50:39.513 what the bad guys that you know . Part 50:39.513 --> 50:42.420 of it is part of that . It was not a 50:42.420 --> 50:44.198 cyber investigations looking at 50:44.198 --> 50:46.309 influence Side who developed the Ford 50:46.309 --> 50:50.030 Influence Task Force . And that 50:50.090 --> 50:52.312 effort , I think , has really helped us 50:52.312 --> 50:54.900 focus . I'm It's not just a cyber issue . 50:54.910 --> 50:57.430 It's not just a criminal Justin 50:57.430 --> 50:59.597 influence if you like , see how it all 50:59.597 --> 51:01.597 works together internal getting the 51:01.597 --> 51:05.460 China crime people and looking at it 51:05.460 --> 51:09.430 as I want it , that's new 51:10.500 --> 51:14.060 with really consider that station in 51:14.170 --> 51:17.680 life moving forward . I think that 51:20.260 --> 51:22.538 yeah , that's Do you know your visions ? 51:22.538 --> 51:26.330 Yes , Spectrum of of a few years . So 51:26.790 --> 51:30.570 but yeah , and I hope we all stay in 51:30.570 --> 51:32.420 touch after way . 51:34.650 --> 51:36.761 You don't stay in touch them the next 51:36.761 --> 51:40.380 panel before I think 51:40.380 --> 51:43.140 that the wand answer is pretty easy for 51:43.140 --> 51:45.740 me . Perfect insight and necessary 51:45.740 --> 51:47.851 attention . Operations is obviously I 51:47.980 --> 51:50.950 think you're not supposed to say 51:50.950 --> 51:55.320 Teoh . 51:59.420 --> 52:01.690 Oh , hitting a little bit out since his 52:01.690 --> 52:04.460 point , going back a bit to accommodate 52:04.460 --> 52:06.627 me before working counterterrorism . A 52:06.627 --> 52:08.793 lot of fighting the last war , right ? 52:09.210 --> 52:11.500 Someone tries that love playing with 52:11.500 --> 52:13.444 printer cartridges like government 52:13.444 --> 52:15.778 swarms that figure out how to stop that . 52:15.778 --> 52:19.000 Then the officer , You know the same 52:19.000 --> 52:22.190 thing you're seeing adversaries of all 52:22.430 --> 52:26.250 we've seen adversaries come in . So 52:26.260 --> 52:28.316 there's always don't worry about you 52:28.316 --> 52:30.490 know what , you don't know . But what 52:30.490 --> 52:33.260 I'm confident in is that we are 52:33.270 --> 52:35.437 position a lot better position now for 52:35.437 --> 52:37.492 agility in terms of responding these 52:37.492 --> 52:39.900 rest because of the systems we set out 52:39.910 --> 52:42.200 the partnerships have . That is 52:42.200 --> 52:44.650 certainly something for 2024 we didn't 52:44.650 --> 52:47.710 get building on and not who's excited 52:47.710 --> 52:49.821 it when problems come up , you know , 52:49.910 --> 52:51.910 not making sure this remains a boat 52:51.910 --> 52:53.854 because I think the def con voting 52:53.854 --> 52:56.021 village is very important to keep this 52:56.021 --> 52:58.243 running . People's health from Dennis a 52:58.243 --> 53:00.610 specifically way , Have a much we're 53:00.610 --> 53:02.980 investing off or in a white damn brand 53:03.170 --> 53:05.890 white , half grand . Excuse me , but it 53:05.900 --> 53:08.380 s a cyber Twitter account . Follow it . 53:08.390 --> 53:10.612 You're gonna see more good stuff coming 53:10.612 --> 53:12.540 out of that . But you continue to 53:12.580 --> 53:14.524 develop on . That's the incredible 53:14.524 --> 53:18.310 thing . I can tell you how 53:18.310 --> 53:20.680 excited something people were in our 53:20.680 --> 53:22.870 building . Likely saying this . 53:22.870 --> 53:25.280 Substrate advisory on the g r u 53:26.470 --> 53:28.790 vulnerability . Seeing you know it , 53:28.790 --> 53:30.846 least five different soccer security 53:30.846 --> 53:33.080 felonies take that information , did it 53:33.080 --> 53:35.136 on the indicators in their and their 53:35.136 --> 53:37.136 own data sets , figuring out things 53:37.136 --> 53:40.840 that you getting about to uncover more 53:41.990 --> 53:44.990 adversary operation so that not people 53:44.990 --> 53:48.570 excited building . And that's something 53:48.580 --> 53:50.802 you want to do more of it ahead against 53:50.802 --> 53:52.802 sitting on that partnership in that 53:52.802 --> 53:54.780 dynamic about using each other's 53:54.780 --> 53:57.560 information and building that security 53:57.560 --> 53:59.671 of the enterprise raising all those . 53:59.671 --> 54:01.449 It sounds kind of Pollyannish . 54:04.930 --> 54:07.330 Hey , Bryce . Bucket wave A magic wand . 54:07.340 --> 54:09.396 I would leave it , and then we would 54:09.396 --> 54:12.150 get killed 19 under control . You know , 54:12.150 --> 54:14.317 I just got to tell you , there's great 54:14.317 --> 54:16.539 collaboration , but we could do so much 54:16.539 --> 54:18.594 more . We could do so much more with 54:18.594 --> 54:20.817 our partners here . We could do so much 54:20.817 --> 54:23.500 more overseas if you could get the 54:23.510 --> 54:25.732 pendant that controlled . So , please , 54:25.732 --> 54:27.843 where you're basking helps the second 54:27.843 --> 54:30.177 piece , you know , where do we see this ? 54:30.177 --> 54:32.288 In 2024 ? You do get past questions , 54:32.288 --> 54:34.454 but I get the answer you want . So you 54:34.454 --> 54:37.640 know , I would rather focus on 2020 20 54:37.640 --> 54:39.751 is not a foregone conclusion . We can 54:39.751 --> 54:42.060 have a safe , secure , but bullets , 54:42.630 --> 54:44.920 you know , as as an American people we 54:44.920 --> 54:47.142 need to mobilize . You know , there are 54:47.142 --> 54:48.587 thousands of smart people 54:49.020 --> 54:51.131 extraordinarily technically capable , 54:51.131 --> 54:53.298 that are watching things session right 54:53.298 --> 54:55.710 now . Please will work at the polling 54:55.710 --> 54:58.650 stations . Please talk DHS , please 54:59.140 --> 55:02.630 talk to the FBI again . You know , we 55:02.630 --> 55:04.574 are all ends . We got down . Since 55:04.574 --> 55:06.686 people are going to work every day in 55:06.686 --> 55:08.852 order to support safe , secure vitamin 55:08.852 --> 55:10.830 election . And Alan just ask for 55:10.960 --> 55:14.890 everybody . Everybody 55:14.890 --> 55:16.890 appreciate that . There's a greater 55:16.890 --> 55:19.057 sense of where we all are in the world 55:19.057 --> 55:21.279 today . If I could wait my match one on 55:21.279 --> 55:23.501 the A C . I said that we would be doing 55:23.501 --> 55:26.220 better to get TVBS G 55:27.340 --> 55:29.940 more , more flexible and faster 55:29.940 --> 55:32.740 responding to this idea that if we 55:32.740 --> 55:34.962 could get you researchers interested in 55:34.962 --> 55:37.073 election of the structure and several 55:37.073 --> 55:38.629 vulnerabilities report them 55:38.629 --> 55:40.407 responsibility , and we get the 55:40.407 --> 55:42.629 manufacturers to patch and get those at 55:42.629 --> 55:44.840 midfield on much fast turnaround . I 55:44.850 --> 55:46.950 really , I think , get a much better 55:46.950 --> 55:49.117 position . We're working toward that . 55:49.117 --> 55:51.172 It's still a process . Yeah , I take 55:51.172 --> 55:53.394 some time . I think we can get there by 55:53.394 --> 55:56.050 2024 just to recognize that federal 55:56.050 --> 55:58.161 elections over two years . But locals 55:58.161 --> 56:00.383 are running elections every few weeks , 56:00.383 --> 56:02.890 and so there's a bigger stake at play 56:02.900 --> 56:05.067 because every election that's run is a 56:05.067 --> 56:06.844 chance to show that we could do 56:06.844 --> 56:08.900 democracy , right ? We're gonna keep 56:08.900 --> 56:11.122 doing it and it's done very well . Most 56:11.122 --> 56:13.289 of the time . It's just this few times 56:13.289 --> 56:15.511 for this will stick ups way , have some 56:15.511 --> 56:17.511 trouble and it starts to erode that 56:17.511 --> 56:19.456 confidence so better we get at hit 56:19.456 --> 56:21.511 those patches . Much better articles 56:21.511 --> 56:25.330 this more . Yeah . So the magic wand . 56:25.330 --> 56:27.620 I got two answers . I think on I had 56:27.620 --> 56:29.953 the advantage of time , which is useful . 56:30.100 --> 56:33.360 The first is if there was a way for 56:33.360 --> 56:37.110 sista Teoh . Ah , push out . Ah , 56:37.120 --> 56:39.342 service agreements or whatever the case 56:39.342 --> 56:41.680 may be too . Upgrade election systems . 56:41.690 --> 56:43.801 Not just voting systems were motion . 56:43.801 --> 56:46.360 The focus goes , but election systems 56:46.360 --> 56:48.138 including workstations , off of 56:48.138 --> 56:50.600 outdated on supported , uh , software . 56:50.670 --> 56:52.781 Uh , I I absolutely want to do that . 56:52.790 --> 56:54.901 Ah , you know , it's not just windows 56:54.901 --> 56:57.234 seven we're talking older on , you know , 56:57.234 --> 56:59.290 It's not that the the local election 56:59.290 --> 57:01.512 officials or state officials don't want 57:01.512 --> 57:03.623 to upgrade uh , that they lack either 57:03.623 --> 57:05.790 that the eye t supporter resource is , 57:05.790 --> 57:05.770 And I'd love to be able to give that to 57:05.770 --> 57:08.570 them . The second is getting to 100% 57:08.570 --> 57:11.270 audit ability across the nation on 57:11.270 --> 57:13.381 having efficient , effective audits . 57:13.381 --> 57:16.600 For 2020 we're gonna be upwards of 92 57:16.600 --> 57:19.090 plus percent of honorable records . But 57:19.090 --> 57:21.257 we need a good , efficient , effective 57:21.257 --> 57:23.790 audits . Teoh that are transparent . I 57:23.800 --> 57:25.578 mean , Neil McBurnett asked the 57:25.578 --> 57:27.689 question earlier . He's making it his 57:27.689 --> 57:29.856 mission in life to get to this , and I 57:29.856 --> 57:31.800 so appreciate it . If we can if we 57:31.800 --> 57:31.600 could provide that public , that 57:31.600 --> 57:33.878 transparent auditing process efficient , 57:33.878 --> 57:36.920 effective , I think it would be real 57:37.180 --> 57:39.320 success . Looking forward , there's 57:39.320 --> 57:41.209 something in elections called the 57:41.209 --> 57:43.209 Election wall , where you literally 57:43.209 --> 57:45.376 lack the ability to look past the next 57:45.376 --> 57:47.487 election . You try and you don't even 57:47.487 --> 57:49.709 know what life looks like beyond that . 57:49.709 --> 57:52.360 But if I had to to really ah , you know , 57:52.360 --> 57:54.860 push myself through that it would be 57:55.120 --> 57:57.064 increasing the amount of support . 57:57.064 --> 57:59.231 Resource is Ah , and I don't just mean 57:59.231 --> 58:01.398 money to state local officials to help 58:01.398 --> 58:03.453 them meaningfully manage the risk to 58:03.453 --> 58:05.520 their systems . Ah , and really take 58:05.520 --> 58:07.687 some of the innovative steps that they 58:07.687 --> 58:09.631 want to take . Ah , that they that 58:09.631 --> 58:11.853 they're unable to , either because of a 58:11.853 --> 58:13.964 lack of I support a resource ing that 58:13.964 --> 58:15.909 otherwise would allow them Teoh to 58:15.909 --> 58:17.909 serve voters . And then finally , I 58:17.909 --> 58:20.131 know I'm cheating . Ah , but but a more 58:20.131 --> 58:22.187 resilient American public , a deeper 58:22.187 --> 58:24.298 understanding of how elections work . 58:24.298 --> 58:26.520 Ah , deeper understanding of what their 58:26.520 --> 58:29.360 options are , how ballots , uh , reach 58:29.360 --> 58:31.527 them or how they can interact with the 58:31.527 --> 58:34.220 process . And then , uh , how we reach 58:34.220 --> 58:36.890 our final certified elections again 58:36.890 --> 58:39.090 that that prepared patient and 58:39.090 --> 58:41.312 participating voters everything . As we 58:41.312 --> 58:45.010 look at 2020 I feel the same way . 58:45.020 --> 58:47.187 That as well . It's organized . You're 58:47.187 --> 58:49.298 deft . Can't look past this weekend . 58:51.000 --> 58:53.190 Thank you to all the Panelists for 58:53.320 --> 58:57.040 sharing at this age is 58:58.100 --> 59:00.322 a lot better understanding the level of 59:00.322 --> 59:02.250 cooperation , transparency on the 59:02.260 --> 59:04.260 fallibility and the improvement and 59:04.260 --> 59:06.470 very much before . But what we do we 59:06.470 --> 59:08.880 are all citizens on our voices should 59:08.890 --> 59:12.190 be heard . Thank you . 59:13.090 --> 59:13.400 Thanks .