A special thanks to them for this lunch sponsorship. [applause] i also want to thank them for their seven years of sponsorship and support which has been greatly, really a key reason for us being able to host this forum with the government, military and to be able to do this now for the tenth year. So thank you very much. I want to just also point, give to your anticipation, please, on your seats are fliers that describe the next years event, september 8th and 9th at the Marriott Wardman park. So that will be september 8th and 9th, 2020. We also have Corporate Executives that are interested, we have a series of quarterly Leadership Council meetings. Were in the third year of that. If you look at the flipside, youll see the corporate members include cisco, aws, booz allen hamilton, raytheon, hp, northrup, google cloud. If youre interested in that, please let us know. Id also like to recognize and express our appreciation for the Advisory Board members. Ill list those once again as theyve been very helpful. So Brett Scarborough from raytheon, dan from google cloud, general greg twohill from sex terra federal group, brad from booz allen, will ash from cisco, mark kerr and sean love from northrup gullman. So if we could all give them a round of applause, please. So just a couple logistical announcements. Im trying to keep us right on time. If youre a member of that, isc squared, you can get credit by going to Registration Desk and giving them your member number, please, and they can send you a certificate they can give you a print certificate or they can send you a digital certificate. If youre an osaka member, i gather you have to go to the portal to register for continuing education. So were flighted to part delighted to partner with those two continuing you would organizations to offer continuing education credit for those of you who would like it. So this is a very full and exciting afternoon. Im very excited about. Well have a number of, a keynote from general crall who will be introduced shortly. We then will have a number of panels, and well conclude with keynotes from the [inaudible] from israel and from [inaudible] from the National Cybersecurity center in the u. K. So weve got a full day ahead, and well then have a number of awards at the end of the day, and im very honored that well be giving a Lifetime Achievement award im announcing this now to general mike hayden who will also give final remarks to our audience. And im honored by that. So with that said, id like to now introduce greg potter. Hes the Corporate Lead executive for northrup Northrup Grumman at fort meade in aberdeen, and hell be introducing the luncheon keynote speaker. Greg . Thank you very much. Thanks, tom. Thanks to billington for putting on such a great conference. Its my honor and pleasure this afternoon to be able to introduce the keynote speaker for this afternoon. [laughter] Major General dennis crall is Deputy Principal cyber adviser. He was appointed to that role in february 2018. Major general crall is a career aviation command control officer who has commanded squadron and group level. Hes got deep cyber and operations, Information Operations background where he was the chief of the joint Cyberspace Operations center at Central Command as well as the deputy chief of their Information Operations center at Central Command. Lastly, he was the branch chief for strategic plans for Information Operations at u. S. Special operations command. If you would, please give a warm welcome to Major General dennis crall. [applause] well, ive been introduced before [inaudible] look, its my pleasure to have just a few minutes to chat with you this afternoon, and id like to split my time here to get done framing a conversation and then being available to take your questions. So i want you, im your afternoon caffeine. Youve just had lunch, ive got enough excitement for both of us, for all of us here. What id like for you to do is to take the conversation up a notch, and were going to talk about warfighting for my quick portion of it. And were going to think strategically. And the slide thats in front of you is, my staff is embarrassed about my slide. I built the slide myself, and it probably shows. Thats about as many words as i want to cover in a framing document, and i want us to think the way the department thinks and breaks down our warfighting mission in this very critical domain. And im going to use the language that comes from our National Defense strategy and the Cyber Strategy that flows from that in 2018. And this is language that our former secretary of defense used very cheerily about clearly about lethality, partnership and reform. And its a great lens by which to look at signer and a few other quick items well talk about. But i need you to remember something when we have this conversation. Theres a couple caveats. Every one of these framing ideas doesnt exist unto itself. This is all about outcomes. Gotta make sure that we pause and think about what it is were doing, why were doing it, and if it lends itself to the ultimate mission, the reason were doing it. Which means theres got to be execution the make sure that were still on track. Technology changes, we all know, at a rapid state. Its easy to Chase Technology and not the mission. Its easy to stay focused on antiquity and not adopt modernization. So theres got to be some level of balance. And we do this within a government system of funding which drives a lot of this which at times is a bit episodic. And so the challenge is balancing really those three tendencies but not to forget this is all about outcomes. And driving to an [inaudible] what makes this difference in our different in our a approach is the right emphasis and weight to what we call per sunt engagement. The items that ill talk about especially under that wouldty lethality really lend itself to think about is this something were doing episodically . Is this something that i can stay in steady state, or is this a series of fits and starts . Which means you break continuity, lose momentum and dont have the ability for proper exploitation of success. These are all principles that we talk about in every other domain that we somehow shy away from in this one. And its just as applicable. In order to seize that advantage and to maintain that advantage throughout the operations. The other piece is we talk a lot about operations in a contested environment. And ill be honest, im not sure that we are as practiced as we need to be to be successful given the threats we believe were going to face. So im fully aware that there are those who believe we have painted our adversaries 10 feet tall and may be giving them more prowess or acumen than they deserve. But ill also tell you that there are time because we really believe that we can fight through certain things that are not well rehearsed that we may be in for a rude awakening if were not practiced and postured to succeed. So think about what an information contest would look like. Thin lines, red lines, very low bandwidth, the ability to prioritize information at the need of speed. One of the minimum elements a commander needs to fight. If those have not been defined, if theyre really difficult to figure out how youre going to employ that on a battlefield when you realize that its at that time under this crucible of challenge that youre not going to have a pause point. The fog of war creeps in, and everything becomes more difficult. These have to be practiced. And you have to understand what it means to your perfectly rehearsed plan when you do that in garrison, what it means to meet that plan on a battlefield. A famous boxer once said about his competition, said every man has a plan until i punch him in the face, right . You think about that. We all plan and we think about what its going to be like, and then we meet the crucible of contest. And weve got to be ready for what that looks like. And so when we talk about these principles, theyre not esoteric, theyre not things that sit out there to be admired, but theyre to be practiced, vetted, rehearsed, challenged, improved and implemented with confidence. Thats where we need to be. So lets talk about these things that are lee that wouldty first. Lethality first. Important the way i look at defining them. The first one would be the idea of authorities. Weve got to have the right authorities to operate in space. And it doesnt matter what kind of activity were talking about. Whether were operating networks, were talking more of an i. T. Centric role, whether were talking about defense or offensive operations, they require the requisite authorities in order to move at pace. This persistent engagement means those authorities need to be deep enough to characterize the battlefield as well. Not just simply execute. Youve got to anticipate in that authority realm that these things will be inculcated in plans, not sprinkled on afterwards. There are fore thoughts, built in, planned for and tested, as i mentioned earlier. Now, ill be honest with you, weve had a lot of help and mean that in a good way from this administration and congress in this area. They have loaded us up with authorities that we havent had before. Its important that we utilize it and line up a couple other items that go along with it. Thats one idea of that triad, but two others have to lined up concurrent with that. The other one is process. Youve got to have a process in place that takes advantage of the authorities that were given. If the process isnt repeatable, if its mired in quagmire, this idea of constant uphill ballots and fight battles and fights. Im not intimating that we should not share information with others and other interested parties. But the point is that the process has to lend itself to a successful and timely outcome. Not for a process that exists unto itself. Anyone whos worked in the pentagon personally and see the pentagon process up front knows exactly what im talking about. Secretary mattis used to have a phrase back when i worked for him as general mattis that when good people meet bad process, bad process wins. Bad process can take the most energetic, forceful, excitedded individual and crush them through a series of bureaucratic morass that doesnt lead to an outcome. So these are areas taking advantage of the authorities were given and working on new ones, looking at this process within the building and outside of the building to execute operations in a timely manner. And the last piece of this threelegged stool is on the idea of capabilities. Weve got to make sure that we have the Trained Work Force and the equipment to perform the mission at hand. Weve taken really a hard look at this work force, and in some cases i think weve taken it maybe for granted that the work force will be available. The amount of training thats required, the recruitment, the competition that were under to retain individuals given theres a lot of walks of life that people can go do. But looking at models that lend themself to attracting and retaining the best and brightest for our mission is critical to what we do. Also the capabilities in the terms of our tools that we have, to employ these are critical as well. We have got to make sure that we employ cutting edge technology. Weve got to make sure that when we start looking at ways we can take advantage, that we do so in a timely manner and that were not looking at Old Technology delivered too late. Theres a mythical quadrant that i keep on my board that i try and avoid, and thats the phrase of, you know, this may not work, but at least its expensive. Like, we want to avoid the idea that were paying premiums for outdated technologies. Weve got to be more responsive to onboard and use whats available. Think about lining up the authorities, the process and the capabilities, how critical that is to the lethality rubric that ive got in front of you. The next piece is the idea of partnership. We have a couple areas that challenge us here as well. On the good side, we know that partners many of our partners have unique authorities and capabilities we dont have. And we want to make sure that we take advantage of those. We want to make sure that we build their prowess and capabilities up through our practiced relationships. And as they get better, were better. Its less threat surface for us to look at. On the challenging side, however, with partnerships we still struggle with information sharing. How do we Exchange Information in a timely manner . Not just on the battlefield, by the way, as we have joint and Coalition Partners right next to us. In fact sharing gets more anytime information sharing gets more difficult. How do we move information at the speed of warfare and then take the it one extension further to our Defense Industrial base . How do we help safeguard our nations most critical secret ss at the time theyre thought of, through supply chain and eventually for the introduction in our warfighting apparatus. So partnering from the idea of Mission Execution and planning and then on the side of insuring that were able to share information with a common level of protection is critical for us. All of these have varying efforts that are ongoing in the building today and serve, again, that framework that i just described. The last piece, and ill tell you its one of the most critical because it involves the level of trust. Trust of the taxpayer, trust of our government of and keeping that trust and not breaking faith with our work force. And our war fighters. We need reform. Some of this reform is going at pace if, which is pretty respectable, and others may be at pace that needs to be picked up and made better. So what do we mean by reform . This is the idea of scarce resources being applied in the most consistent, meaningful and thoughtful ways. Gone are the days for everyone doing whats right in their own eyes. So the word that really surfaces to me the most under this category is standards. Weve talked a lot about standardsetting. We already understand what the requirements do to the acquisition cycle. Im not talking about that. This is the idea of making sure that we have common standards that we drive to and that we have an apparatus in place e to inspect what we expect, that we have adherence to those standards. Better were pretty organization as a result. This perform has to be deep, all the way through the lowest level looking at the workforce all the way up to the most extreme strategic waste that we palm action and activity. We have got to look across the department to make sure we do not have unnecessarily redundancies, there was a time in the information environment when it was new, when we use terms like operations, military operation, that we went to congress and asked for money on a new frontier. It is always been practice but this was a scale and embraced by the department and there was a time without money flew a bit too freely. And we cannot always account for how this was spent and we cannot always look at measures of effectiveness, we had a lot of measures of performance but not to provide the so what of money we were given and what was a permissive friendly giving environment turned into a very challenging environment to demonstrate a level of sufficiency and rebuild trust. I will tell you i think were probably not too far off in some of the realms within cyber of we are not careful. People want to help us, our leadership wants to help empower us in this area but we have to be very good stores on how the money is spent. You have to have something to show for, datadriven, really show the level of effectiveness for how we commit these measures. So every single day, we wake up in the office and the relationship with the chief Information Officer to be pushed with the relationships with our services, components, et cetera could not be closer and we think in these three terms, because the National Defense strategy tells us to think this way in her Cyber Strategy demand we think this way in the reveal are framed of partnership and reform. Strategic thoughts . A way to share a broad picture in less than ten minutes with you, i stand ready to take what will be your challenging questions that i can answer and i look forward to answering. Thank you. [applause] i dont know what the rules are, youre right in front of me with your hand up. [inaudible question] thats a great question, for those who cannot hear, this is about how the dd a d response to cybersecurity. And one of the safest, i would agree with that mpca could maybe unsatisfied with the answer they would get since that pulls outside of our primary work goals but not outside of the responsibility. I will say this, the answer will not be as detailed as you would like, there are challenges, similar challenges to how we share information and who owns a burden to responsibly in the liability if information is shared and solutions provided. These are not easy questions to answer, i dont pretend they have been solved at our level. I promise you this year they received more attention than i personally witnessed and there are fickle choices in the road ahead for the department to make. I dont know what the balance is personally and where the leadership will side but if you think about this, how much should the department do, and how much of the solutions are on the part of those who own data. I will say this, no matter what the answer lies there is one thing that is very clear, we as a unit have to do better at securing our data. There is no argument there. There are things and solutions in place from basic hygiene to Good Practice to the movement of information and safeguarding it through 0 information there were two course. In a flat surface to comfort heating the process or image highland that is unnecessary. So probably not the detailed answer you would expect because that is still yet to be solved in the department. Another question over here. Other questions . If you could take a mik mike wel come down for you. The previous question could be something to do with 171, is out falling under your domain . Not my domain but it certainly is an area we are involved in and that has secretarial interest so yes, it does, enforcing the standard and contract, we have ans provides a lot of the information, theres been a lot of informal contracting language. So yes its an interest area line but primarily in the pca when you look at reform and focus on implementation of the strategy and owners. It is clearly a part of the solution. And one that is been in active this year. Jason miller federal news network. You mention capabilities in authorities and congress from the ministration and you said that in a positive way, we do offer a look into what a couple standout that you argue that should be used or planning to use and why theyre important . [crowd boos] in this environment i cannot. Unfortunately. Is not a matter of will its a matter of classification. So i will say this, i have not overstated the empowerment aspect of that but a lot are used for submissions that would not be appropriate to discuss. I will provide you a consolation. I hate to send you away emptyhanded. If i look at what the department is headed next for organization, reform and potentially different authorities, i would share the Information Operations as we know traditionally, i looked into a crystal ball and i would share that is probably an area of resurgence and how we look and how we execute and what authorities and rules are in place and what capabilities need to exist, how we build war fighters and equipment sent for the information space. That is coming. And it is coming quickly. Given the memo from the dod, do support the initiative to turn up ib pp to adopt a single stack to reduce the overall tax factor . That is an easy question for me too answer. I support his decision. I fully supported, i think i understand where youre going, there were alternatives considered but yes i support the chief Information Officers approach. I think that is the last question. Thank you very much for coming to be our speaker and our keynote. Were honored to have user. Thank you. [applause] ladies and gentlemen please welcome back the master of ceremony edward the second u. S. Navy retired thank you. We were great Panel Following up on this about apply chain cybersecurity is near and dear to our hearts. The moderator is john check, the senior director of Cyber Protection solutions intelligence information and services. Thank you for monitoring the panel. Joining us on the stage is a director of the National RiskManagement Center of the Homeland Security and beyond Marion Deputy chief for United States air force, and not very, cheap operating officer. Thank you. I would think the leaking team for hosting this event, a great opportunity to highlight key issues, without will jump in to securing the supply chain. One of the aspects are entering all parts are incentivized operably. The risks and costs of rewards of doing business are equally shared and understood. I would like to start with you, what are the things that each hp is doing to incentivized your supply change in the customers. Thank you and thank you for the opportunity to be here. I was thinking about this panel and taken it through mentally what we do and what others in the industry due to to secure the supply chain and a lot of it comes back to fundamentals. That has been a theme that we heard this weekend and one thing i think about our supply standard. And we sure that with her supply base and we have them go through a rigorous process and we do audits and all sorts of things and when you look at it, start to design and Development Lifecycle and you can go down the stack from their the supply chain. Through disposal. A manufacturers you have software, provisioning, logistics and traffic and as you spam through the and think how do we manage that while or less than well and starts with what questions are we asking and no one starts from a Vantage Point and profession, its a journey in something will we have done for a long time. The intersection between physical supply chain and what weve done for many years in the cyber supply chain in any ict product that we are talking about, ip enabled logic firing components, you have to mind both, the supply chain is been static and you drag a bucket apart to point a to point b and check a box, it is not the case anymore, their persistent supply change in data beacons. I think thats a lot of the conversation for us going back to the Supplier Trust and of course the triage of suppliers, people who make plastic and screws right be slightly different et cetera and we hold those people quite close, in fact the contribution from those partners is paramount to the joint success. In terms of incentive, thats the overall framework and were pretty outcome specific. We left the market decide, either were successful in this tremendous upside or the alternative. I will ask you, what instances would you like to be implemented to drive behaviors . Lets start with the idea that information itself and better information about risk is an incentive. I start with the area and taking setbacks and were talking about businesses in the supply chain, i believe all the incentive in the world exist for a business to make sure that something doesnt happen will have the operations and could affect the bottom line. And you get the information is symmetrys and how many steps they take to protect the supply chain with more information with risk and what could go wrong as we talk about the questions of intentional efforts to do things against product, hardware products. What can the government do to create a better information environment that will help businesses take advantage of things early have. Second order incentives, there has to be an expectation that if you are selling something that youre part of the supply chain for something important that you take the stuff seriously. This is supply chain in the smaller performers, that incentive is proliferating after but lets make sure its there with ago and start with information and go to basic contractual procurement and we can have an interesting conversation if there is still a gap of the National Security concern through business. I think we talk about the partnerships lets get with all the incentives right early on and accepted that they have similar and only if the government intervenes with a gap of National Security. What types of incentives would you like to see from the dod . Looking at it from a manufacturer setting for merced its an acquisition. One of the things in the acquisition process to incentivized the right behavior, the industry will build it for us. So taking the standards of what is going on right now and working into the security is a cost schedule performance. In providing some level of racial or investment, how we give them credit and acquisition process. That is probably the biggest piece of bite and upbuilding. I definitely believe if we put it in the right structure is this is will come but we also have to take a view of that is a win is too much. Just like in regular security hugo put horse blankets on but we have to figure out the threshold to manage the risk of the right level. That will be the hardest part of the incentive. Today the biggest incentive is a stick or bat or club, we know that does not work very well longterm and does not create the right behaviors on the manufacturing side. The biggest risk is how do you understand and determine its applicable the and action . Sometimes a problem of what happens, we put businesses out there that work again security and requiring too much then people not wanting to be in the market and not take advantage. Who is doing this well today . Anybody that you think is getting the incentive right rign getting us where we need to get to . All make an aspirational statement, i think coming from a place of manufacturing and managing our supply base, where i think the Industrial Base might fall short in the management of third and fourth order notes in the supply chain and how can we cascade that effectively but efficiently at the same time, i believe there is an opportunity or sweet spot to look at the dod acquisition, where we can put a smart baseline and achieve that and iterate against that. It is a journey but theres things we ought to be doing already but the benefit, not only do we reflect throne internal process but we can look up and down the chain and have some level of visibility and illumination upanddown and more confident when were representing our extended supply chain we have ground to stand on. I think that the best thing we have going for spray is not a perfect system but far better than what we have today. That is the first step, i think breath information stage right now, how do we understand a company and the relationships in the acquisitions in second and third party and first you have to know the environment and im not sure what the right way to go is. We have great under great efforts in the navy system. But we have to get that passed that level and we know we have a problem after six. Lets move on to the publicprivate partnership. You talk that is a very hot topic and we know to make that two collaboration in building the trust in the person you collaborate with to listen what theyre saying if they differently about how your purging different tasks. Maybe if you can highlight the work that youre doing around the Risk Management initiative and how those things are progressing. One of my favorite topics. We established last year and one of what were trying to do is operationalize the Public Partnership that we had established over the last o 15 years which got everyone to the table to share information and talk about revolution, lets go further and talk about capability and with more intensity together so thats what were trying to do at large in terms of the worker during with the supply chain, thats a task force that their 60 representatives, all the federal members that are Security Council and represented to the it sector in the communication sector, we have most of the big it players in association that represents the smaller players but we have a 60 people forming a task force to work this issue fulltime and make policy recommendation and make process improvement recommendation to better help with understanding the threat and the risk and to talk through Capability Solutions of information sharing and just getting the legal and protected framework right but developing and thinking through. That is what were using the task force to do it is a plum true Pc Partnership and is nice to have 60 people around working it to as an example of what we were able to do via the task force, the department was asked to provide recommendation to the secretary of commerce on where to apply Emergency Authority around restrictions and supply chain. We can go out and we can study this as a government to understand the supply chain. But its a lot easier to ask the companies who know their supply chains and worked the business and asked them how the supply chain works and develop a framework in the elements around the supply chain. I dont think effectively, one it gives us a better answer to the question and we have better source of information because the people who are closer and secondly we make recommendations on critical or less critical that may help policy application and we can talk to the industry and what happens if you put more restrictions or more requirements around this, what would be the business impact, the security impact and balance it of what the real world impact of what the government does. When you are talking about securing things that are privately owned the have to be part of the bipartisanship. Matt i know you been heavily engaged can you provide thoughts of what is working . I would start by extending my congratulations for the leadership, bob and the team have wrangled a lot of people in a number of workgroups, the area that im personally focusing is around incentivizing purchases via oem and authorized distribution and what i was very encouraged by early on, the level of engagement from industry and Public Partners through the process and how quickly we move from discussing and admiring practical recommendations to pick up and i think back in june, july timeframe we sent some draft proposals up and personally i think the process was well worth the investment in them looking forward to see that come out in the full Task Force Report and i think theres tremendous opportunity to see acquisition with the foreign into one. So the point of view may be depending on whats working. What also government would like to highlight that deserves recognition for taking on this initiative and trying to drive the scarce supply chain Public Partnership. One from a Material Command the does all the acquisition, that partnership to have the financial discussion and the partner in discussion and the honest feedback about who the partners are, even forecasted mergers and acquisitions, we dont think are enough ahead so theres a lot of work on the Research Side and applicable decomposing in making the strategic discussions with those companies to understand the Risk Management. You dont get rid of supply chain, you manage a better and i think thats the first thing craig in the operational level for us is a thing called enterprise itv, a Service Initiative of how to use capabilities and think differently about the security model, were putting this to test everyday and dhs is working the macro links but this is award a contract to work through the supply chain piece from how we run defender networks to the supply chain piece of that. That is kicking off in the next 30 days. In the macro policy, how is a bubbling down to prelargescale force. We will stick with you around 0 trust. The vulnerability and landscape certainly in the supply chain and a lot of time here supply have different appetites anyhow. That is concern with the supply chain risk and those types of things. How can we apply a 0 trust methodology tour supply chain to build the security income we desire . Originally from san antonio and for the most part my joke is every car in san antonio could be stolen, dont come in with that. Supply chain is no different, you cannot secure the entire supply chain so you have to infer there is a risk that is real the anytime can come in your front door. This is where traditional it and cyber comes in the model has done undergone. Had he fundamentally flipped the model to say i dont or cant trust everything and its actually thinking typically the most important thing about your trust one i will protect, how will i encrypt it and how will i think of things different. The largescale manufacturing that narrows and the supply process, they look at it bolted on in which he argued was wrong or you could say they recognize they cannot control that somewhat to mechanisms at the end. Other manufacturers might be able to do it from india and might have a different process. As etn, i dont fundamentally trust the network ohio encrypt the service and the data and they look at it differently. That is going back to enterprise as a service, how do we flip the paradigm to use concepts like 0 trust, encrypted, different ways to scan and remediate hardware, get those concept to land top versus the blue under believing everything will be secured. We cannot afford all the work that we need to make the hole. So realize youre insecure and look at the problem different. Use things like layered security and prioritization of risk, so that any failure you can minimize the consequence of failure. So we are not out out their places that you have to apply a higher standard in one of the areas that we were working on is a security and we want to push up and were working with state and local government the security of demanding more from more trust within that and that will help out throughout the process and the result themselves. So i think we can agree 0 trust does not happen overnight, establishing that type of environment. Maybe you can touch on recommendation or best practice that we can used to get started with. One taking a step back, 0 trust as umbrella, definitely socially i think its important to acknowledge the benefit of being able to shift a workforce. If you engage in a cost solution or migrate, what are you enabling your team to do. However, some people confuse over the Operational Management risk. It does not eliminate the risk, it shifts it and the question is are you safeguarding everything to indepth or layered defense and are you doing that holistically or shifting a problem set . We do can take an attack and they will come, and we will be breached, what happens. Can we detect it best, can we sell thelen if you can you reduced the functional tax base, and you can then migrate the focus of the organization that this data to a higher valued activity. There is a lot of what we are focused on. Anything you like death. Lets move on to our call to action theme conferences week. Spent a great discussion on make sure that we provide some actual steps here. I will start with bob. Give us one shortterm recommendation. Maybe one forward thinking recommendation of how we can start attacking this. Hopefully we are. I speak about this and hopefully dont have a hidden recommendation but emphasizing some things we do spend time but i think we can learn a moment of Real Progress. I think creating a greater information sharing environment and supply chain is something that we are in a moment where we can really make some progress. So much of the information sharing has been run indicators and Network Defense but i think combining with collection of information that may be sensitive Business Information theres a lot more data to really do believe we were working hard information in the hands to folks that can make decisions that dont have to be tied to procurement officials. They have had the training and the knowhow to take advantage of the information. So i think we are in a moment with the information we can make some Real Progress and joy information sharing. While its security system. For investment in it and round places scaling the solutions and the big places can put in place down deeper into supply chain. Less vulnerability. Will print. Serve the strategic one and it should be quick but a son would be quick. We put security is one of the parameters. No kidding implement that weve been talking about it for a couple of years now at least with seriousness. No kidding implying security as part of performance equations. This got me strategic initiati initiative. The more tactical loophole, getting these and flipping the switch on and all of those things about how we assess security and actually using true assessing and remediation tools. Something bad will happen even if we have perfect supply chains there will be bad things happen our networks. So how do you get to true i think were getting well just turned it over the last time of true Continuous Monitoring understanding of your environment is it what is your a digital one. What is look like was not there. Some loophole of agility. So, why we were breached. The point where somebody does to you. How fast do you detect and react. So those were the tactical and weve got to attack cmc when he acquisition instead of model. Models actually think industry will react will believe that. Keep talking about is that we havent made the switch. Personally think we lack the right of return on investment. Maybe goes back to that analogy if you have ten doors open air force base we only have money to close three of them, some people i think acquisition will assist mining name plus three. Thats actually valid argument. If seven are still why didnt even spend the money in three. Maybe i go to another target. So think having that understanding of an investment. I actually have the return from security investment. I dont think weve done in the Community Site understand what that means. How you put some dollars value equation behind. That your perspective. Bill now with the immediate one in my mind. The apposition feast or symmetry work dhs contest course is the ton of great work coming out of nest. 800 series. 160 and then 0193 around from work. All of those things are phenomenal but they dont make it into acquisition. It just simply doesnt matter because you have a human being is evaluating different factors in deciding the calculus so fara struggle that weve had. I think this spoke my will to the point. Nearterm her to whats next. Interesting kind of a provocative thought from yesterday. Fred schneider was asked who keeps you up at night. When he said one word china. Sitting for my sake said, its a very interesting question. Because china is simultaneously very important market. State comparator and an adversary. Im wearing this public and private conversation unless we have strategic clarity around by objectives unless we can send unified signals back and forth to each other you could also will Care Developments you see people realigning supply chains in a reactive sense. What happens when and if that goes away people people read did nominate back in china to chase lacrosse. Is that a Strategic Policy execution are we reacting. What is right answer there. It is the difficult question but just to take itself if we had a directive. That said we are simply not going to build logic very devices are source them from that geography, that tends to set up a very different incentive but im not sure industry would get there myself. I think this kind of conversation is critical and especially with happening in the world today. Its quite important and all wrap with one other related thing. There is a little thing going on right now this fourth industrial revolution. Essentially at 12 trillion dollar jumble with manufacturing Global Manufacturing base so you think about digital manufacturing three d prints and other enabling technologies. Rectally at the cusp of time when we can realign supply chains to be more regional and secure at lower costs with the capability that is coming online. I think we should think long and hard about that as an opportunity because i can assure you other nationstates are investing heavily in that area. My question would be what are we doing domestically to seize our quote unfair share of that opportunity. And i think is probably a really right conversation for another time. I really appreciate the panel today. Great job and we had a good discussion. Often a lot of opportunities of things that people can look at to consider how secure it is with the supply chain. So thank you. [applause]