Cybersecurity and cisas cybersecurity and infrastructure Security Acting director and we will have with us today i think hes joining a little bit later. Senator warner is the vice chair of the intelligence committee, representative will hurd whos the Ranking Member of the subcommittee on intelligence modernization and readiness and on the house intelligence committee, and representative underwood, from the subcommittee on cybersecurity, infrastructure , protections, and innovation. And i thought we would start where we just ended, which is we just heard from the cybersecurity and infrastructure cybersecurity agencys acting director from the department of Homeland Security. And the reason why we have an acting director is that the president fired the director , chris krebs. And maybe ill start with representative underwood and then turn to representative hurd, but to see what do you make of the firing of our lead cybersecurity officials. Well, thanks for having me. Hi, everybody. Really delighted to be here. I want to start by saying, i really oppose any effort to politicalize the work of our National Security departments and agencies. We were warned that our adversaries to undermine the United States and we know theyve used tools to steal intellectual property and so towards that end, i was really disturbed when director krebs was terminated essentially for doing his job. For one thing, cisas leadership should largely be commended and not punished for their work work building a strong election partnership. Concernedroadly, im about the kind of message it sends to our adversaries when a competent and under the influence lead is purged from a top security agency. And i hope that brandon wales, who you heard from, will remain in place and provide some stability until the Biden Administration names a permanent successor. And i know that mr. Wales has spoken at the summit. Hes been a great partner of ours on the Homeland Security committee, and im really confident that the hardworking employees at cisa and especially the cybersecurity workforce, i know that theyre going to continue forward. Now, we know that there is an ndaa provision establishing a fiveyear term for the director and i understand there were concerns about that in the senate. So, i believe that were going reassessing that in the next congress. But, you know, obviously the news of the last month was disturbing. Excited to work with mr. Wales and continue forward. And what about turning to you, will, you were quick to call to congratulate president elect biden and curious what you make of the firing and whether youve seen any evidence in the last month thats shaken your belief that this election was conducted in a free, fair, and secure manner . Which is up early the comments that got the former director in trouble. Well, when chris was fired, i think my comment was, he should have been thanked, not fired, for being responsible for one of the most secure elections weve ever had. Theres no evidence to suggest otherwise. And what i find interesting is i helped mike mccall create cisa and there was a lot of debates a number of years about whether we should even have an entity like cisa. And im at least glad now were having debates about the leadership of it and i think chris krebs did an amazing job of taking a new organization, that there was a lot of doubts about its effectiveness, and turning it into honestly a top, premier entity within the federal government. And to do that, you know, when the microscope was upon him. And so i think cisas important. I think mr. Wales is going to continue that tradition that chris krebs said. But ultimately, his firing was ridiculous. And congressman, youve i wont say an island, but there arent too many others from your party, including those who in the past have been very supportive of cisa, its mission, National Security, who have spoken as bluntly as you just did. Why do you think that is, and is that something that can be addressed . Well, youre going to have to ask them, but my philosophy has always been the same. I agree when i agree. I disagree when i disagree. I agreed with some of the things president obama did. I disagreed with many of the things he did. And i spoke out and ive done the same thing under this administration. And i think, as my friend lauren said in her opening remarks, we should not be politicizing the Intelligence Community or intelligence operations for when it comes to something as important as the integrity of our vote, right . And again, i think chris krebs and his team should be commended for what they did and we can even talk about jay johnson and what jay johnson did. I rememeber, i was the first person to hold a hearing on the 2016 elections before the 2016 elections happened. And i was talking about firing the kicking the Russian Ambassador out of the country and we were having debates when jay johnson said voting infrastructure was Critical Infrastructure. And everybody freaked out and was like, this is going to be, you know, the federal government taking over the elections. Its like, no, everybody, calm down. Take a deep breath. And so this is a tradition of folks that are actually in the government doing their thing, not getting a pat on the back for it. Some of them getting the boot like my friend, but in the end, this isnt you know, the people that i know that have worked in this are going to make sure theyre doing everything they can to keep america safe. And turning to you, do you agree . And going to the issue of Critical Infrastructure, right now its been discussed, cisa has been working cooperatively through without direct authority when it comes to proving election infrastructure and what is that the right balance . Should we be thinking about a change . What are your thoughts . Well, i just want to pick up on what he just said and that is all of this is about keeping america safe. And we know that we have many of these different Critical Infrastructure designations. Even during covid19, right, weve seen these repeated attacks on our health care infrastructure, which really had never been the center of our Critical Infrastructure conversations. We know that, yeah, it was listed and, yeah, they were included, but there wasnt energy and effort and investment, right, in building those capacities. And now, during a pandemic, were seeing some real negative repercussions, even in the headlines today about Vaccine Distribution and the cyberattacks there. I mean all of this is connected. And so when i think about cisa and all the opportunities moving forward, i see two challenges, carrying out the mission. One is budget. Their budget is limited. Two, their authorities are really pretty limited. I mean, cisas responsible with securing the networks of federal agencies, 99 federal agencies. We heard him talk about that at the end. But then theyre also, you know, with this billion dollar budget, it just doesnt cut the breadth of what theyre supposed to be doing. So, were trying to get additional funding for the agency. Were going to keep fighting to do that. But i do think that, in terms of the authorities, were going to have to just continue to work with our colleagues in congress, right . Cybersecurity work has been split across different committees in the congress. Everybody i mean, we have jurisdictional problems dont problems girl, dont start, dont start with that word jurisdiction. It has to be said. When we look at the agency, of course the agency has some challenges in asserting its own authorities and so, you know, this is going to be probably a continuing conversation, john, if were going to be candid about it. But i think that at least we have the opportunity in forums like this to raise these issues. If i could add on that. Look, i think the next step is you have cisa have authority within the. Gov space. Ok . That is where cisa was originally designed to be. Let them focus and have some of that authority on, you know, commerce, if commerce isnt doing something right. You know, that is probably the logical place where you can expand, where they have that stick, as mr. Wales was talking about. Because that was the goal was to say, hey, this was the entity thats going to help make sure you improve this. You also need to make sure that omb plays a role in it. Omb has some oversight over these areas, as well, too. And so they have to empower folks there because we got to get beyond. The question we should be talking about is how are we going to have a quantum resilient infrastructure in this country . How are we going to be able to have an infrastructure thats resilient to general Artificial Intelligence if the chinese were to lead on that . And so us talking about, you know, washington gets caught up in some of these talking about this one little thing when we forget that this is a freaking war, right . And we need to be arrayed as best we can. And were not going to have enough money to solve all of this, and it has to be in cooperation and partnership with people. And we need those folks in the senate. Senator warner just joined on. Senator warner is going to solve these problems, so its all good. Good handover to senator warner. Apparently right now, youre going to solve all of our cybersecurity problems here into the future. But welcome, tuned in a little bit late. I think both of the representatives have talked about the fact that it can be difficult getting legislation passed through congress hold it. John, its difficult to get legislation passed through congress . I mean, will and i only worked for three years on what was the lowest hanging fruit iot basic security in this realm. Thats where i was going to go. Congress just did something it rarely does it. It passed a bill, meaning a meaningful cybersecurity bill and they were referring to that. I know that you and will were the key cosponsors and intimately involved and i turn to you first on what does it do and why does it matter . First of all, i apologize for being late. Great to see congressman hurd and congresswoman underwood. On a nonrelated topic, we are deep, deep, deep into trying to see if we can actually not do something tremendously stupid again, which would be leave for the holidays and not do some level of covid relief package. So, there is a group thats working on that and we might surprise the country again in terms of getting stuff done. On iot and to me, this was an example it was thank god it happened, but oh my gosh, it should not have been this hard. We all know people within the aspen world understand, we are purchasing literally billions of oitconnected devices. We talk about 5g a lot. You need 5g to be able to bring all of the sensors and devices to their full ultization. If were going to have driverless cars, its going to be based on a lot of iot devices. Yet the surface space of all these additional devices really add another vulnerability point. So, we thought at first that maybe we could mandate across the country and, of course, we then been pulled back and said, could we at least say that if were going to use taxpayer money and the governments going to be buying these devices, they ought to have some level of security because otherwise we would be out, you know, for all the good weve tried to do with cybersecurity, just increasing our servers vulnerability exponentially by literally billions of devices and we had a pretty low standard, i would ask them to weigh in, we went to the lowest common denominator. We said, lets at least make sure its passable. Patch about. Patchable. Lets make sure just not even great cyber hygiene, but at least minimal cyber hygiene. What weve frankly found is that the highend device makers were basically ok with this. I did a call with microsoft earlier. Theyve been generally supportive. The lowend, extraordinarily cheap devices, they fought us tooth and nail, even though the cost would only be a few pennies per device. So, we ended up getting there. It took three years and a lot more effort than and frankly, it was more on the senate side of the house. It wasnt really as much the house, got to give them credit where credits due. But it does set up a process and then there were lots of intervening, you know, whos going to be taking the lead and, you know, there was all these bureaucracy. The congressman nodding on that. It probably took an extra year even once we got agreement that this is what we were going to do. What commerce was going to do, who was going to take all of the leads inside government . Is that a fair description . Or relatively fair . Senator warner, i think, you know, youre 100 right, and its even more basic. Even if you cant patch this thing, you have to have a plan that you can still defend those widgets, right . And so this was this was like the first letter of the alphabet, you know . And but we got it done and this and guess what . Legislation isnt supposed to be easy. Its not supposed to be easy to get things through this place. It was a design element of the system. But when you have smart people, robin kelly, this is her bill on the house. And senator warner, you can actually get some things done. Im excited. Were going to probably pass a National Strategy on Artificial Intelligence next week. We got it through six committees. And so there is hope and its still i think this is one of the areas, cybersecurity in general i would add the threat of the Chinese Government when it comes to Global Leadership and advanced technology is still sort of a bipartisan issue. And how do we make sure we keep these issues a bipartisan issue . And like i said, this has been a great area that ive been able to work on the last couple of years. Congratulations on a bipartisan accomplishment with the internet. As you know, we long talked about in the group at cyber and its such an important basic step to take. Let me ask, more broadly, in speaking about a theme of areas where we can work in a bipartisan nonpartisan way, what do turning it to all panelists but what did the Trump Administration get right about cybersecurity in the intersection of National Security and technology that the Biden Administration should continue, and where are there areas where the Biden Administration should do something differently . Who do you want to start . Ill start it off. I think the Trump Administration when it comes to deterrence, you have to have ability and will. And one of my frustrations with the Obama Administration was never naming and shaming some of the actors. That were involved in cyberattacks. And so i know theres general attribution versus never . Some of us indicted them. Not as much. This is after you left. So, i think the Trump Administration did a good job on that area. And i think thats something that i hope the Biden Administration continues. Look, i think the fact that cisa had the support and the strength that it did throughout its years to get to where it was, that was a positive thing that evolved over time. And im pretty sure that im pretty confident thats something that the department of Homeland Security will continue under a Biden Administration. Turn to congressman underwood and then to senator warren. Yeah, i think that theres i mean, obviously in the last four years, weve seen a threat from statesponsored agencies and actors across the globe. Huawei and zte and were going to continue to have a pretty serious standing and posture towards that end. But when i think about, you know, where we can really make a shift, theres a lot of work that we need to do to rebuild public trust in Government Agencies and democratic norms and institutions and i think that, you know, its easy to think about just like elections, when i Say Something like that. You know, kind of democracy type language. But i think it extends to the whole mission of all the agencies that interact in this cyber arena. And i think that, you know, its going to take concerted leadership and active engagement with stakeholders across the spectrum. So, not just like the expert stakeholders or private industry stakeholders, but the end user who might, you know, eventually feel the impact of this advancement that we passed and just roll their eyes instead of saying well wait, actually, lets make sure that my data and privacy are being secure. Lets make sure that somebody is looking out. Because who knows where my data is going, right . And i think that right now that theres just a lot of bitterness, right, a lot of people who are just fed up and theres just going to be a lot of work we need to do, even in this realm, with restoring Public Confidence and trust. Let me weigh in and agree with both my colleagues, maybe just state it slightly different way. I think President Trump was directionally right on china. And i was you know, i would put myself in the category of being wrong. I was part of the conventional wisdom crowd. The more you bring china in, the closer theyre going to come to us. My beef isnt with the Chinese People or chinese americans, obviously. Its with the communist party of china. But i think the implementation left a lot to be desired. It was kind of a hammer, hammer, hammer, and i think they were right, for example, to move on huawei. But because we didnt do it with any framework, when the Trump Administration moved to tiktok, there really wasnt a case made. I think we havent made the kind of efforts around standards, rules, and protocols. We need to have a comprehensive theory of the case. And congresswoman underwoods comments, some of that has to rely on basic trust in our institutions. I think it was a huge mistake that we didnt move on any ramifications for sloppy actors in the private sector. The fact that 160 million of our americans personal data got stolen from equifax and there was no penalty . That doesnt encourage or stimulate better behavior. They could have weighed in there. Its been interesting the administration i think its important the fact that were four years in and we dont have privacy legislation around our platforms is crazy. And, you know, weve not done anything a series of bipartisan bills, trying to make sure people knew the value of their data, or the ability to prohibit things like dark patterns. And so, the Administration Never engaged on those issues and now in the, you know, Fourth Quarter with two minutes left, has suddenly made section 230 total repeal their top issue. Thats a zigzag approach that doesnt bring the coherence, which also then breeds the trust that i think well need and have to expect because again, as lauren indicated, we dont make have the trust that americans think say when we say this stuff, that it really is going to effect our lives and were not going to say things rationally, but theyre going to be the result of a thoughtful approach and we lose our muster. The final thing is, i believe the Biden Administration and im obsessed about these technology issues, not just cyber, but 5g, ai, qualmntum, go down the list, that china is winning the battle. They have this authoritarian capitalism. They get back with the Beltandroad Initiative and unlimited financing. There is no american or any other western enterprise that can compete against that under normal capitalism rules. So, i think were going to need this alliance of the willing in the technology space, cyber being a piece of that, and thats going to look different than previous alliances. It will be i hope japan, taiwan, singapore, israel, along with some of our traditional nato partners. But thats got to be, you know, a true alliance. Its got to be value spaced and its got to require collaboration in a lot of these fields. Another question is following up on something senator warner said. So, if one of the goals for the new administration would be to ensure that theres a coherent centrally driven approach that cuts across a range of issues to try to diminish cybersecurity risk, one of the suggestions has come from the Solarium Commission to create a position that would fill that function. It seems like the National Defense authorization act, which might have been one vehicle for implementing that, looks a little less certain perhaps today than it has. So, i want to just do a quick poll through the group. What do you think of that recommendation about a National Cyber director, if not done through nda, do you have other suggestions of how to do it . And are there other key reforms from the commission that you would prioritize . And start with congresswoman underwood and move to congressman hurd and then back to senator warner. Yeah, ive got to tell you ive only been the chair for a couple of months and we havent got to that. So, im going to defer to my colleagues on the panel. John, having a centralized person focus on this, the key is who is the person, right . We can get a good one. But my fear around this particular issue is that everybody should be focused on this. We cant just have one person , you know, setting the policy. This is too big. Its moving too fast. We have to have everybody. I think removing mr. Painer out of the state department was probably a bigger hit because we need someone building those coalitions with all of our allies around the world on engaging on these norm settings and things that senator warner was talking about. So, you know, in my opinion, its six to one, half dozen of the other. I fear if you have one centralized place, it takes responsibility off of everybody else to be focused on this unless this persons going to crack the whip and make sure everybody is playing their part. So, the individual matters. I think how, you know, President Biden wants to view his National Security staff and where he wants to put someone, i think that is up to them on how to pursue this issue. And i think the, generally, that the solariums recommendations were pretty darn good. Angus briefed me on it a few weeks ago. I dont have a at the front of my head. But i kind of agree with will that this is maybe its depending upon who that person is and how much power is he or she going to have. You probably need somebody in the white house has this responsibility, but are we going to empower that person with enough tools to bring all of the public side of the house and the private side of the house kind of to bear . I dont know. And cyber is so pervasive. I had a brief yesterday from a couple folks, two days ago, from the Intel Community who was thinking about taking cyber out into the standalone and placing it back in all the various pieces of the intel world around , you know, counter espionage or counterintelligence or counterterrorism rather than funneling. So, im getting, unfortunately, a little too political answer here. Because it depends on who the person is, how much power would come with that. But i am i think wills point, if you unless you make this position very powerful, does it take away responsibility from all the various other parts of the enterprise that need to have this a high priority . If chris krebs, or his replacement, cant tell someone, take that thing, take that widget off the digital infrastructure, i think that is a more important thing that we need in order to defending digital infrastructure. Now, having someone coordinating this policy and that this person is going to be involved in creating that coalition that senator warren was talking about to make sure that the standards and norms are based on our value system that lauren expertly articulated, then thats a great idea. And let me just the closest i got to kind of at least a cousin of this, is when richard burr and i, we got deeper and deeper into the 5g debate. And we were trying to get, you know, the all of the working entities from across the federal government, we convened them because nobody in the white house convened them. And it was a lot of we had congress and we had dod, nsa, 15, 16, 18 different people at this session. But, and then we converged them again six months later. They had not done anything because nobody was in charge. And so, are we going to, on cyber, really give somebody the juice to do something . We are going to need this intersection between National Security between the nsa and the nec on these issues around technology. And that may be a model thats also worth exploring. Speaking of one converging issue, and weve had some questions from the audience, and this is around the threat its different than hacking and more complex, in some ways, which is the threats of mis and myths and disinformation. What are the roles of social Media Companies in keeping us safe and monitoring and policing some of this content . I think the debate started a little bit in the arena of terrorism where its easier to define what would be impermissible, maybe harder to implement, how to keep it off of those services, but easier to define, now that its moved into a broader range of content, theres been discussion about changing section 230 of the Communications Decency act, as senator warner mentioned is a current priority. And so i wanted to open up a little bit as we think about the 117th congress, where do we think regulation is going to go in this space . What are the pros and cons to putting social Media Companies into a position where theyre regulating content . Who do you want to start . If we could only raise hands senator warner. This is one im a little obsessed about. Because i think, you know, i like to at least set the table on this with if we look at what the russians did in 2016 in our elections, what they did in the brexit vote, what they did so obviously in macrons president ial election in france , and add up all that activity, it was both cyber, hacking into information and releasing it, and then disinformation. Add their combined expenditures, on all three of those separates, its less than the cost of one new f35 airplane. So, this is both effective and wicked cheap. And so the asymmetrical value, whether its cyberattacks, misinformation, disinformation , is not going to go away. Its only going to increase, number one. Number two, we were totally caught off guard. Our Intel Community was caught off guard. The platform, the arrogance of the Platform Companies, was pretty stunning to me. And weve gotten better and folks at the nsa have gotten better. And chris krebs did a great job with our infrastructure and we maybe didnt have as much foreign disinformation, but we had plenty of domestic disinformation coming forward. So, what do we do . I would put, on a social medias social media companys two buckets, one bucket is trying to increase competition, the detour act in terms of dark patterns, thats where i let consumers know the value of their data, and theres a series of other items around that bucket. The other, on the content itself, i think section 230 maybe made sense when these were Startup Enterprises in the late 1990s and without of them as dumb pipes. Theres nothing dumb about the facebook and google algorithms that deliver news to 65 of the americans. So, the idea that the 1990s framework works in 2020, 2021, doesnt make sense to me at all. Im not all the way on full repeal. But i do think things like the social Media Companies should not be able to avoid enforcement of civil rights laws. They should not be able to avoid International Enforcement in terms of injunctive relief. The miramar troops are killing their action. I dont think even no matter how much you think about free speech, that free speech right extends to paid advertising. So, there are areas that we could look at, and then theres a whole question around speech versus amplification. You might have the right to say anything you want, crazy or dangerous, but im not sure that right should be guaranteed to have it amplified. And clearly, weve already shown with section 230 there are cracks. Weve prohibited sex trafficking, child pornography, bomb making. I think this is an area thats ripe for digital reform. Thank you. Congresswoman underwood . I just want to say a couple things. One, this has really come to the fore because of a personal grievance from the president. And i think that we just really need to sit with that when we talk about where can we go with this . Because i just dont want this conversation to be tainted as he is feeling personally affronted in this way. We just have to call it out. Ok. I hope that in the next congress, the house is going to continue its work on a range of issues. So yes, this is important. But theres so many other Relevant Technology issues, ran somware attacks, the disinformation that you started out talking about, which is huge. I have my own bill protecting public safety, disinformation act on homeland. And i hope that, again, we dont forget especially while were in the pandemic, whats going on in the Health Care Space with these differently technologies. Its just the intersections abound. And i think that, you know, with strong partners in the Biden Administration, theres a lot that were going to be able to do. But i do think that, with section 230, that we can move forward in a bipartisan way across these jurisdictional issues that will and i touched on earlier to reach consensus on a proposal to hold Companies Accountable and incentivize them to address, like, actually dangerous content thats proliferating online. However, i think that the incentives to get there just, you know, may not always present themselves the way that they have this week because of the president s engagement. So, its really i mean, its my hope that we really are serious and thoughtful about this in the next congress. I dont know that that will happen. Before President Trump started beating his chest on this issue, the far left and the far right were kind of in agreement of wanting to do something on section on 230 even though it was for the exact opposite reason. And i think now the political life is no longer aligned. Its a horseshoe. And the edges are closer to each other. And this is definitely going to be an issue on in the next congress thats going to be looked at from a lot of different ways. But is twitter amplifying someones speech different than somebody going on yelp and saying the pad thai at this restaurant was a little runny, right . So, even the nuance within the various platforms and what should be covered is important. And whats even more difficult and i think disinformation is one of the most Dangerous Things thats happening in our country right now because are we in a postfact world, right . And that trust that has been eroded, that lauren talked about earlier, part of that trust has been eroded because of people reading and consuming disinformation. Now, theres some basic stuff. We all learned, as kids, dont get into a car with a stranger, asterisk, unless its like uber and lyft. Right . Why are we sharing information with people that we have no clue who they are. So on some of these platforms, if you cant authenticate the user, should that user be able to talk to anybody, right, unless its within your close d network . To look at smart regulations here, youre going to have to have people you cant have a onesizefitsall all and the governments role is going to be limited. Because how can you Say Something is fact or fiction . Somebody criticizing a vote that i take on a piece of legislation, is that fact or fiction when they abuse that or misinterpret that . And the last thing i would say, and john, you led into this question. Countering violent extremism. We know how to deal with disinformation in the terrorism content, right . But in this case, when its directed at by americans against americans, right, this is a form of covert action. And covert actions the responsibility of the Intelligence Community. So, the entities that know how to deal with disinformation shouldnt and cant be involved in this topic. So, who should be leading on this issue . Who should be driving the conversation . We need the Public Sector, we need academia, we need the media to step up. Because the trust is not just theres not a lack of trust just up and down the stack in government. Its also the lack of trust in traditional media. And its a lack of trust in other institutions. So, all these folks have to come together and figure out how we rebuild that trust with the american people. And john, can i add one more thing here, both what lauren and will said i agree with. This is an area, you know, our inability to come with any rational regulation for the Platform Companies, even as basic as privacy, is i think the Platform Companies got so big, so arrogant and they thought, oh, great, we can take advantage of the dysfunction and candidly, the ignorance of a lot of the members of congress and just push regulation. So instead of our country leading on this, we got the europeans, california going with its privacy variation. Youve got the christchurch call on content. I think youre starting to see and i see it as basic facebook on Something Like data portability. Theyre all in now because i think theyre starting to realize they got what they wished, no regulation. By the time we come back and regulate, the type of regulation is going to be much, much more serious than what it wouldve been a year ago, two years ago, five years ago. And john look, private sector is leading in entrepreneurship and creativity. We have to have the Public Sector to advance as well because the only way that the American Economy is going to be able to compete with Stateowned Enterprises in china is if the Public Sector and the private sectors are actually working together. By the way, we have to loop our allies into this also. So, this is where we have to get this right. And look, it starts with the breach law, a national breach law. It starts with privacy because i think the next question that were going to be seeing a lot is, is your attention an extractable resource . Right . That opens up another can of worms. But we have to remember when were having these debates, were in the middle of a freaking race. And the a communist government is able to array all of their resources in one direction and potentially get to a point quicker. And so this is the this has two b in the back of our heads. Back of ourthe heads. We have to deal with these issues now because we want our belief in individual rights and protecting minority rights and human rights. We want that to be what the global standard is. And we know how the Chinese Communist party is trying to expert their knowhow and their tactics to other authoritarian regimes. Final well said. And final round of questions before we wrap up. I think senator warner touched on it when he talked about the ignoreds of congress. And, will, i know youve talked about that, as well. And its not just a problem with congress, right . Its with board of directors, senior officials. Its a newer area. And maybe the last lightning round for all three of you, because youve all taken the time to study and become experts in this area. What do you do to get the basic knowledge into the hands of policymakers and to key Corporate Leaders so that they understand the risks well enough to assess them like they would in other areas or, in your case, to legislate . Well, what im hearing from all of you on the Homeland Security subcommittee on Cyber Infrastructure protection innovation. I want to know what people think and where we should be going. And you can reach out. My staff is on here. Ill just give out her email because she loves that. Chelsea. Blink email. House. Gov. Hit us up. We want to continue to engage with experts to keep america safe. Thanks for having me. John, ill let the senator close this out. We also we need to be able to pay Congress Needs to pay its staff more because we want to make sure that we have some, some real pipe hitters on all of these relevant committees. And we need to make sure that when were Training Staff and, like, i want more staffers that have a Computer Science background and a minor in Political Science, or a Political Science major with a minor and Data Analytics coming up and not only working for the Homeland Security subcommittee, but also at sister at cisa. Or they have had some experience in the private sector, as well. So creating that crosspollinatization, and i have a state department fellow whos amazing, right . Lets get some of these people that have that experience and get them into the government for two or three years and then they get out and create that back and forth. But we need to focus on educating individual members and ill be honest. Ill be surprised at how these members have recognized the problem. But we need some hardhitting staff that understand these issues. Very rarely hear the retiring guys calling for higher salaries for staff. Hey, i voted for it before i voted for it before. [laughter] and what he also just did was you gave us a little compliment there in three years of what shouldve been a nobrainer getting an io tbill. We worked on the national breach law, as well and that was one that should have been done six years ago when many of us started working. So i agree, we need input. I do think we need more expertise that we can draw on a regular basis. I think some of this will happen just this week. More and more newer members come republicanmocrat and republican,crat and that are more agerelated and i think if well have accountability theres got to be some penalties for failure to meet the minimum standards. I still go back to equifax. The fact that they took a short term bump in the stock price. The ceo kind of resigned in shame. But there was no penalty paid. You know, a year later, it was just built into the cost of doing business and sloppy cyber hygiene. If there is not some penalty on that, and im not sure whether its purely a liability standard im not sure i know but theres got to be some cost of not doing the right thing. And we need to put some of those rules in place and Industry Needs to realize that it has to be a much higher prayiority than it is to date. We will end on that note. Thank you to all of our three panelists for not just important topics, but i think it will be the defining topics of our time. And on that note, we wrap up our threeday cyber summit. We hope well be back next year in person. Thanks to some of your efforts, senator warner was just outlining so that we can meet with all of you. But i want to thank fire eye, intel, and proof point for making this weeks Virtual Summit a success and helping us host more than 45 speakers this week from across the government, the private sector, and academia. Wed like to have vector and the American Gas Association for their additional support. And if you missed sessions, please go to aspencybersummit. Org. Aspencybersummit. Org to view earlier days and sessions. I know ive had a lot of people to see the recording and its at cybersummit. Org. Thank you again for watching and be safe. [captions Copyright National cable satellite corp. 2020] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. Visit ncicap. Org] cspans washington journal. Every day, we take your calls live on the air on the news of the day. And well discuss policy issues that impact you. Coming up friday morning, well talk about the house vote on the act that would decriminalize marijuana with political. And then politico. And then the future of the Democratic Party and the priorities of the coalition in the new congress. And then California Republican congressman Tom Mcclintock discusses decriminalizing marijuana on the federal level. Watching cspans washington journal live at 7 00 eastern friday morning and be sure to join the discussion with your phone calls, facebook comments, text, and tweets. Coming up live on friday, the house returns at 9 00 a. M. For a debate on the marijuana decriminalization bill. Thats 9 00 a. M. Eastern on cspan. At 2 45 p. M. , former president barack obama at a Virtual Campaign rally for georgias Democratic Senate candidates, both facing runoff elections on january 5. On cspan2 at 8 30 a. M. , former House Speaker john boehner, former new york congressman john kelly, and former transportation secretary Rodney Slater look at the key decisions in the transition from a trump to a bidenion administration. And House Speaker nancy pelosi holds her Weekly Briefing with supporters. Youre watching cspan, your unfiltered view of government, created by americas Television Companies as a public service, and brought to you today by your television provider. Company pharmaceutical advisors discussed the distribution of covid19 vaccines. This panel was part of the 2020 aspen cyber summit. Now im pleased to introduce speaking, who will be with the fbi Deputy Assistant director, j j chief ima