Agenda and bios of her speakers are available at aspen institute. Org. I would like to thank them for helping organize these conversations and let us talk with a great and diverse set of speakers today along with acknowledging the American Association for their additional support. Im here now for the next 30 minutes with Brandon Wales sampras charity Infrastructure Security Agency for what i hope its going to be a fascinating conversation about the election, about the covid pandemic, about the state of cybersecurity and infrastructures charity and Critical Infrastructure across the country. Brandon thanks so much for joining us today. Thank you so much for the presentati but im very happy to be here toalk about important the important work that our agency is doing. Today is december 3. It is hard to believe exactly a month ago on november we were sitting down as the country to wah the first Election Results roll in. Feelsike we as a country with about 25 years in the last nth and i would imagine for you this is feltomehow even longer than that. I want to start off today by taking youack three weeks ago on ers day afterhe election. You put out statement that i want to quote three lines from. The november 3 election was the most securen American History and thes no evidence that any Voting System deleted or lost votes,hanged votes or was in any way compromise. We know there are many unfounded claims and opportunities for misinformation about a process of our election. We can assure you that we have e utmost confidence in security and integrity of our elections and you shod too. My question is we have seen a lot of court cases over the three weeks since that statement came out or there any reason in your mind anything that u have seen for anything that you have heard tt would cause you to change that Statement Today garrett the agency stands by the statement that was issued at the beginning of november but i want to give a ltle bit of context to at prefers the ball thetatement was issued alone was a statement that wa issued i the higher election securi community the people up and woing over the past three and a half years to impve the security of our election infrastrture. Folks on the Election Assistance Commission and the federal election and commission the secretary of state state election tractors and the mpanies that provide the equipment. Secondly a lot of the claims that are out there have to do with Election Fraud which is beyond the scope of the work we do he at cisa in the work we have been focused on building. Election fraud is the purview of the department of justice and state and local authorities that have the responsibility for investigating and prosecuting that and the attorney general has been on record talking about his views on the scale of Election Fraud during this election while recognizing that they are continuing to investige potential claims of fraud. As of right now we dont have specific evidence of systems being compromised but we continue to wk with our state and local officials. If they have concerns where o phonecall away from assisting themnd helping them. But i think there has been misconstrued data. Thereve been no problems with the electn and it is fraudfree and thats just not the case. We do believe that it was external interference which is our mandate and we are proud of the work we did to get thatut point. I want to stayith the elections foa minute longer to talk a little bit abo the web site that was launched in the runup to the election. Tell us a ttle bit about wha the agency is goals and hopes were for the web site and what ssons you feel like you have learned out of how that web site has been used and the mission that is fulfled over the last couple of weeks. We put that web site up the week before the election partially in response to activity were saying from the iranian government associated with spoofed voter intimidation emails and we thought it wasn important way for us to put out Accurate Information abo the security of the voting infrastructure that feign adversaries were attempting to undermine peoples confence in that voting of the structure and since that time we have ntinued to highlight keep parts of the process and talk about the security and resilience measures that were either always in place within those systems where we have put inlace over the past 3. 5 years to give us greater content. We are putting out very broad information abo how the system is normally operate the safeguards in place and providing information where people can get more detaed information. You will notice that our web site is nothe same as factcheckg done by media organizations which can be extremely specific. The claims that are made in spific locations that have unique circumstances where talking more broadly about people theverall safeguards that are in place for that continues to be important to educate the American Public about how the sysms work and why they should have confidence in why they should whether should be a high bar for proving that the system has been compromised. You have kept theeb site going through the Georgia Election or is ts something where this is a web sit target at the president ia race is an easy and now winding down . What i told their staff is our Election Security in mission is to protect the 2020th and will continue until all the elections are complete. We will keep issuing rumor control entries as we think the situation warrants it and where we think we n have an impact and we will do that through e end of the cycle which hopefully will happen sometimen early january. I would be curious if you could talk a littlbit about, this i the first election, the first psidential election that the system has a existed for agency it was two years old last month i think on november 16. Happy birthday and i wonder as you look ahead now what lessons youve had going through this president ial election both in terms of looking at future elections and the Election Security mission but also what if you learned from the security effort as it applies tohe Critical Infrastructure role specifically . Its for areas and i will try to do them quickly. First is t degree of partnershi that we are able to build an the election Infrastructure Community and it was incredible, extremely broad relationship extremely and adjusted inounties and election vendors and those lationships were essential in allowing us to execute a broader range that 70s. We were able to dive into that sector and understand how it operated posing it as it critical fction and lookingn those functions in decide what operational work understood and applied security practices around those. Third is a relationship inside the federal government where we hadnformation sharing that has been second to none in my 15 year histo of working at the department. Information being shad between the Intelligence Committee are national security, Cyber Command and our fbi. Early word has allowed us to take qck action get official information passat back to our colleagues in the ielligence community r them to get the Additional Information where th had insights and access and that cycle allowed us to get aheadnd to hunt for activity more quickly and allowed the intelligencedriven which it should have always been. Those are the things we are applying to our cybersecurity workn understanding in an area where we may not have the amount of leadership focus attention like we did across the entire u. S. Government how do we coinue to get as much progress made on our mission . The in and the fourth is, this is frankly an area wherwe will have to continue to work more oadly with disinformation, what is the appropriate role for the federal government in countering this information where cane might not be able to make a real difference and how do we rely upon other voices and empower the right people who encountered disinformation and misinformation is being pushed out there . I want to say with that last point for a second because its a good question. One of the this that was unique and somewhat unexpected was the way this disinformation. Its not something government traditionally did in past elections four years ago when we saw the russian attack on the president ial election and there was n capability inside the federal government a all to combat this information i wonder particularly around the question from the vy heated and fraught election information environmt over the next couple of months presumably a very heated and fraught information environment around the Covid Vaccine and the efficac and the effectiveness of the vaccine and the treatments that are be going to rolled up by t federal government. Do you think theres a continuing role in combating disinformation and misinformation aroun the vaccine . To take on big issues like this in t public sphere. I see a couple o points. First is, i think we roll this out based upon things we wer seeing out there. And partially in response iranian government activity. But we were actuallyaking some lessons from work done by others. For example fema often had control of nature disasters to dispel minformation out there related to the incident the aide that they operate a rumor control operated so i think fax bir rsus myth related to covid ring the covid19 pandemic. That being said, more broadly i think thi is going to be an issue for Political Leadership to look at. I dont think the u. S. Governmentas yet cracked the code on the best way of countering disinformation. And as iointed out the federal government may not always be the best option, the right trusted voice on these kinds ofhallenging divisive issues. And certainly im not sure the cybersecity agency can be a trted voice when things like vaccine safety. There are other peoplen the government her better nditioned to provide Accurate Information to the American Public so that they have confidence in the decisions tha are made to approve for example vaccines for public use. It does have and you have been playing throughout this year very active rol in the program of operation work speed. Thus few hours iluding this morning about foreign actors, north korea and otherwise attackg the intellectual property of the Healthcare Companies involved in vaccine development. What can you tell us about the threat that you are sing line to theompanies involved in the supply chains involved in the development of the vaccine . Sure should be no surprise to thin the Cybersecurity Issue that from the very beginning of the pandemic, foreign nations were targeting Vaccine Research and delopment efforts across the country. Using a variety of mechanisms to gather information. We are seeing that continue to this very day. Is one of the reasons why there is a clo partnership between cirencester, the nsa, e fbi with the department of defense and hhs with operation work speed to he as much cybersecurity support to the entities involved i that effort. I think in part based o things like what was released this morning by ibm thathere is more we need to d to push deer and further into these supply chains. Not just accompanied behind the vaccine but the comnies are going to be essential to get this vaccine from manufacturing, through distribution, that last mile to the american people. So we are doing everythin we can to raise awareness in that mmunity. Provide additional cybersecurity deep into that supply chain. And ultimately our goal is to secure that supply chain. That no effort by foreign nation has the possibility of trusting this Critical Healthcare delivery. How has the partnership that youave been trying to develo through operation or warp speed change your way of thinking about the role with critical infraructure factors. I dont think its cnge how we think about our role. I ink it is certainly shown that we need to have deeper relationships inside critical sectors before the Major Incidentappens. I think our biggest challenge early on ding the covid pandemic as we were not able to as quickly as we wanted get the companies we saw at highes risk, the facilities, the hospitals, others upon our cybersecurity sysms because we did not have eugh relationships with the rht people in the right places. So one of the key things i ha asked the head of our Stakeholder Engagement division is, we do a lot more stoctaking about where our relationships are acros all of the Critical Infrastructure sectors. Becaus we do not know where the next issue is goi to be thats going to require us to surge our efforts into that area. And do we have the right relationship at the right time fors to get our services being fully utilized. That is where the key lessons weveaken out of this procs. Bout by the way some of the same lessons effectively. Theyre starting to try to push back againsthe russian packed. Wonder look at the flure of imagination with dhs to realize the lessons now the failure of imagination. From the healthce sectors thats needed. What are you sort of thinkin about in terms of where we mit see something were not prepared for right nowhreat wise . When you look across the nation the cyber teats what you thinks the thing we are not preparedor next i dont know that i could give that answer if iould predict a Major Incident tt maybe wouldnt have it. That being said it think partly the challenge is the big difference bween elections in healthcare with electionse had no relationship with the relation community. It was not on the sector framework investing time and energy for it healtare will be different fm the very beginning. We had relationships of they were not at the right level. Too actually make aifference during one of those critical times. So it is less about two we have no relationship in these critical areas. Whetr its in the electric power space or critical manufacturing or elsewhere. We have the right relationship . N we talk to the rht Decision Maker if theres a surging issue like a pandemic and get them to authorize some action to get them to authorize some partnership in relationip with the u. S. Government quickly whe we see a potential problem. So its more thinking about is e relationship that we have maybe to their stock at his particularompanies that sufficient for what we may need to do andngage with that company in the future . I think a lot of cases with covid we are in a really bad day that when relationship is not sufficient. We need to have multiple levels and whenou do a whole lot more t engage with those companies and to build the deh and strength of those relationships soe can take action more quickly. Im going to over simplify very complex displayed over the last couple of years. This is primarily what ill call a care agency. Theres not lot we are able to matter to do the things w want them to beoing. Administrative subpoenas, other subpoena power, as you look back over the pandemic, do feel there are authories that could have, would have help you navige this pandemic more smoothly . Soon i can think you raise the admistrative subpoena question has been a top priority during the past year. We are hopeful that if we get a natnal Defense Authorization act that the auority will be captured in there. Bu even in that case its more crots than sticks print that allows us to g information from ifp unae nibble ip address that we are seeingut in cyberspace. Allo us to connect that to an individual company we can go talk to. We still do not have any sticks against that company. The showing of their involuntary way aing them to close this vulnerability we haveeen exposed. On that vulnerability could cause negative down stream impact for today, they could not make contact with the bolder peace of infrastructure on the internet. But again we do not have the authority to compel that company to make a change. But today we cannot even talk to them. We believe still that the voluntary approach that they operated is the best one. There are signicant chalnges with trying to implement regulations in a dynamic space as labor security. We believe the work we have done and things like elections prove that if we work in Close Partnership and provi good vae added services we can haveositive impact even involuntary way. Im try to squeeze into her tee more minutes in a few minutes weave here. You have to be one of the longestservings employees d all of dhs. I knew came to the department in 2005. U also presumably the latest agen had any federal government. Its been now a lite over two weeks now. She look ahead to the next couple of years of growth, what are you going t be looking for from the Biden Administration in terms of where this needs to go and whe your help helping to grow . We heard former Deputy Director on tuesday at the summit say he thanks there should be a three billiondoll your agency. Its about half that size right now. Ve written about the size of the agencies were out large personl wise is about the size of the security staff o j. P. Morgan. So its a pretty small agency right n. Im curious, what you goingo be looking for from the next administration . Sure. As you said about the agency for 15 yrs. I might take a look at longe perspective on what it would take to build, develop, auteur put his full potential might be in the future. Ve no doubt that one day it will be a three billiondollar agency just cant say today or what fisca year that will fully manifest in. That bng said i think there are number of areas that it asked to start looking at to be prered for future rural Political Leadership. And to provide them with some key decision points on important parts of our work. Including things like the support we provide to federal agencies to secure the. Gov. We have been operating off of legacy ahitecture for a long time. I believe its time, given the changes in how the federal government, the it architecture involves on that is going to take some new thinki. Thats going to take a radical departure from our legacy programs. We dont have the answer today but we have pies of the answer. The next Political Leadership team and when we present them heres a roadmap of how to evolve our capability to be where they are. I think we can replicate that on a number of topics including disinrmation that we discussed and things like her information sharing architecture we put in place over the past decade. Theres a lot of areas where we need to make substantial anges to how we do business. I think those are going to be some of the important discussions i went out the next pitical leader. Let me ask one final question about how the government structured cyber responsibilities are right now. One of the major recommendations coming out of the cyber space earlier this year was the idea of creating and reinstalling at t white house a National Cyber director. A pition the Trump Administration effectively did away with. The Security Group picked up and endord that recommendation in its report yesterday about a cyber agenda for t new administration. And i am curious with t idea of a National Crop agency type director. Would that be useful to you . That would be somethi that would be helpful at the table these conversations . Six oh garrett i think the official administration positionas not been to support a National Cyber director. That being said, obviously that issue still being debat within congress. He could very wel have a recommendati coming out of the national Defense Authorization act. Recreatg the position. Its ready to work in partnership the National Cyber director at the white house. Likely had during the beginning part of this administration during the administration. Itould be what would be the scope that authori . And do they have the right degree of oversight, overall aspect of the Cyber Mission to come togher . Then theres aot of ways it could be structured. Where itight not be sufficient to advance the whole of u. S. Government like Cyber Mission i think the devil is going to be in the details. That will behe direction coming out of both congress this year as well as the potential administration. Select thank you so much for joining us. Rick really appreciate it, thanks a lot. Cspan washington journal, everyday we take yr calls live on air on the news o the day. We will discuss policy issues that impact you. Coming up friday morning will talk about the planned housebt on the more act which will driminalize marijuana. And then Florida Democratic congressman stepnie murphy on the future of the Democratic Party and the priories of the Blue Dog Coalition in the new congress. And the California Republican congressman mcclintock discusses decriminalize marijuana at the federal level. In other news of the day. Watch cspan washington journal live at seven eastern friday morning. And be sure to join the discussion with your pne calls, facebook comics, texts and tweets. Tv on cspan2 top nonfiction books and authors every weekend. Coming up this weekend saturday at 8 15 p. M. Eastern coverage of the 71st annual National Book award. Sunday, live at noon eastern on indepth, a conversation with author and chair of africanamerican studies at princeton university. Hes the author of several books including begin again, James Baldwin america. Democracy in black and uncommon faith. Rick here we are in this moment. After electing the first black president 2008 the country responded by what Voter Suppression loss . Voter id laws . The tea party the vitriol the tea party. And then we elected donald trump. We are at a crossroads. Who are we going to be . At the heart of dollars but a moral question. Would we take ourselves to be . Joi the conversation with your calls, tweets, text and facebook messages. 9 00 p. M. Eastern National Revi correspondent Kevin Williamson on the politics in everyday life of white workingclass americans and appalachian pretties interviewed by cnn contributor. Watch book tv on cspan2. Your wating cspan2 the unfiltered view of government. As a public service. Brought to today by your television provider. Now illinois senator Tammy Duckworth takes a discussion on u. S. Alliances in the indo pacific region. In future relations under the Biden Administration. A panel look at chinas impact on the region and steps the u. S. Should take for relations there. This runs an hour ten minutes. My name is lindsey ford. And i want to welcome you to todays conversation on the indo pacific in the future of u. S. Alliance in the region. Im a fellow here in
comparemela.com © 2020. All Rights Reserved.