Very much and welcome back from lunch. If those who are in the exhibit hall, if you could begin to move back, we would greatly appreciate it. I want to give a special thanks to Northrup Grumman. So Jennifer Walsmith and chris valentino, i know, are here. If you could raise your hands . Jennifer is here and chris from Northrup Grumman, i want to give a special thanks to them for this lunch sponsorship. I also want to applause applause thank them for their seven years of sponsorship and support which has been greatly, really a key reason for us being able to host this forum with the government, military and to be able to do this now for the tenth year. So thank you very much. I want to just also point, give to your anticipation, please, on your seats are fliers that describe the next years event, september 8th and 9th at the Marriott Wardman park. So that will be september 8th and 9th, 2020. We also have Corporate Executives that are interested, we have a series of quarterly Leadership Council meetings. Were in the third year of that. If you look at the flipside, youll see the corporate members include cisco, aws, booz allen hamilton, raytheon, hp, northrup, google cloud. If youre interested in that, please let us know. Id also like to recognize and express our appreciation for the Advisory Board members. Ill list those once again as theyve been very helpful. So Brett Scarborough from raytheon, dan from google cloud, general greg twohill from sex terra federal group, brad from booz allen, will ash from cisco, mark kerr and sean love from northrup gullman. So if we could all give them a round of applause, please. So just a applause couple logistical announcements. Im trying to keep us right on time. If youre a member of that, isc squared, you can get credit by going to Registration Desk and giving them your member number, please, and they can send you a certificate they can give you a print certificate or they can send you a digital certificate. If youre an osaka member, i gather you have to go to the portal to register for continuing education. So were flighted to part delighted to partner with those two continuing you would organizations to offer continuing education credit for those of you who would like it. So this is a very full and exciting afternoon. Im very excited about. Well have a number of, a keynote from general crall who will be introduced shortly. We then will have a number of panels, and well conclude with keynotes from the from israel and from the National Cybersecurity center in the u. K, and more. So weve got a full day ahead, and well then have a number of awards at the end of the day, and im very honored that well be giving a Lifetime Achievement award im announcing this now to general mike hayden, who will also give final remarks to our audience. And im honored by that. So with that said, id like to now introduce greg potter. Hes the Corporate Lead executive for Northrup Grumman at fort meade in aberdeen, and hell be introducing the luncheon keynote speaker. Greg . Thank you very much. Thanks, tom. Thanks to billington for putting on such a great conference. Its my honor and pleasure this afternoon to be able to introduce the keynote speaker for this afternoon. Major general dennis crall is Deputy Principal cyber adviser and senior military advisor. He was appointed to that role in february 2018. Major general crall is a career aviation command control officer who has commanded squadron and group level. Hes got deep cyber and Information Operations, operations background where he was the chief of the joint Cyberspace Operations center at Central Command as well as the deputy chief of their information Operations Center at Central Command. Lastly, he was the branch chief for strategic plans for Information Operations at u. S. Special operations command. If you would, please give a warm welcome to Major General dennis crall. applause well, ive been introduced with music and its my pleasure to have just a few minutes to chat with you this afternoon, and id like to split my time here to get done framing a conversation and then being available to take your questions. So i want you to, im your afternoon caffeine. Youve just had lunch, ive got enough excitement for both of us, for all of us here. What id like for you to do is to take the conversation up a notch, and were going to talk about warfighting for my quick portion of it. And were going to think strategically. And the slide thats in front of you is, my staff is embarrassed about my slide. I built the slide myself, and it probably shows. Thats about as many words as i want to cover in a framing document, and i want us to think the way the department thinks and breaks down our warfighting mission in this very critical domain. And im going to use the language that comes from our National Defense strategy and the Cyber Strategy that flowed from that in 2018. And this is language that our former secretary of defense used very clearly about lethality, partnership and reform. And its a great lens by which to look at signer and a few other quick items well talk about. But i need you to remember something when we have this conversation. Theres a couple caveats. Every one of these framing ideas doesnt exist unto itself. This is all about outcomes. Gotta make sure that we pause and think about what it is were doing, why were doing it, and if it lends itself to the ultimate mission, the reason were doing it. Which means theres got to be pause points in execution the make sure that were still on track. Technology changes, we all know, at a rapid state. Its easy to Chase Technology and not the mission. Its easy to stay focused on antiquity and not adopt modernization. So theres got to be some level of balance. And we do this within a government system of funding which drives a lot of this which at times is a bit episodic. And so the challenge is balancing really those three tendencies but not to forget this is all about outcomes. And driving to an end state. What makes this difference in our different in our a approach is the right emphasis and weight to what we call per sunt engagement. The items that ill talk about especially underthat wouldty lethality really lend itself to think about is this something were doing episodically . Is this something that i can stay in steady state, or is this a series of fits and starts . Which means you break continuity, lose momentum and dont have the ability for proper exploitation of success. These are all principles that we talk about in every other domain that we somehow shy away from in this one. And its just as applicable. In order to seize that advantage and to maintain that advantage throughout the operations. The other piece is we talk a lot about operations in a contested environment. And ill be honest, im not sure that we are as practiced as we need to be to be successful given the threats we believe were going to face. So im fully aware that there are those who believe we have painted our adversaries 10 feet tall and may be giving them more prowess or acumen than they deserve. But ill also tell you that there are time because we really believe that we can fight through certain things that are not well rehearsed that we may be in for a rude awakening if were not practiced and postured to succeed. So think about information contest would look like. Thin eyes. So the word that really surfaces to me the most under this category is standards. Weve talked a lot about standardsetting. We already understand what the requirements do to the acquisition cycle. Im not talking about that. This is the idea of making sure that we have common standards that we drive to and that we have an apparatus in place e to inspect what we expect, that we have adherence to those standards. Better were pretty organization as a and so when we talk about these principles, they are not esoteric, they dont sit there to be admired, they are there to be practiced, vetted, rehearsed, challenged, improved, implemented with confidence, that is where we need to be. So lets talk about these things of without early first, three sub areas under lethality that are important that i look at defining, the first one would be the idea of authorities, we have to have the right authorities to operate in the space, it doesnt matter what kind of activity we are talking about, whether we are operating i tea centric role, whether we are talking about defence or offensive operations, they are required the authorities to about peace, this persistent engagement means that authorities need to be deep enough to characterize the battlefield as, well not simply execute. We have to anticipate in that authority so that these things will be inculcated and not sprinkled on afterwards but their fourth thoughts, built in, planned for an tested as i mentioned earlier, i will be honest with you we have had a lot of help, i mean that in a good way from the administration and from congress in this area, they have loaded us up with authorities that we have not had before, its important that we utilize them and that we line up a couple other items that go along with them, so authorities would be one idea of that to try out that you have to think, about but two others have to be lined up and current with, that the other one is process, you have to have a process in place that takes advantage of the authorities that were given, if the process isnt repeatable, if it is admired and craggy here this a india of constant uphill battles in fights, im not into meeting that we should not share information on and other interested parties, but the point is that the process has to lends itself to a successful entitling outcome, not for a process to exist onto itself, anyone who was worked on the pentagon, personally and seeing the pentagon process up front knows exactly what im talking about, secretary mattis used to have a phrase back when i worked for him as general mattis, wouldnt good people mean bad process, that process wins, that process can take the most energetic, forceful, excited individual and crush them through a series of bureaucratic alaska does not lead to an outcome, so these are areas taking advantage of the authorities and give me your minds, looking at these processes within the building it outside of the building to execute operations in a timely manner, and the last piece of this is on the idea of capabilities, we have to make sure that we have the trained workforce and the equipment to perform the mission at hand, we have taken a hard look at this workforce, and in some cases i think we have taken for granted that the workforce will be available, the amount of training that is required, the recruitment, the competition of that we are under to retain individuals given that there is a lot of welsh of life the people can go, to look at looking at models align themselves to attracting and retaining the best and brightest for our mission is critical to what we do, also the capabilities and the terms of our tools, that we have, to employ these are critical as well, we have to make sure that we employee cutting edge technology, we have to make sure that we start looking at ways we can take advantage and that we do so in a timely manner and that were not looking at old technology, there is a quadrant, physical quadrant that i keep my mind for that i try to avoid, this may not work but at least we have to avoid the idea that we are paying the premium, so we have to be on board and know what to do, so if you think about lining up in, the process isnt capabilities, the next piece is the idea of partnership, we have a couple of areas that challenges them, he dug we need to make sure when we have capabilities of through practice and capabilities and relationships, as they get better we are better, it is less service for us to look at, on the challenging side with partnership if we struggle with information ship, how do we stay not just on the battlefield by the way, but as we have joined partners who sit rain next to us and information sharing gets different, we need better across demand solution and that is on the radar to solve this year how do we move information at the speed of warfare and then take you want to essentially further, how do we help safeguard our needs shins those critical secrets at the time they are throughout up through development and implementation through a supply chain and then through production and war fighting apparatus, so partnering from an execution and planning and then on the side of ensuring that we are able to share information with a common level of protection is critical for us, all of these heavy varying efforts that are ongoing in the building today and so serve again that framework that i just described, the last piece and ill tell you its one of the most critical because it involves a little of trust, trust with the taxpayer and transfer their government and keeping that trusted not breaking faith with our work force, we need reform, so on this reform is going out apiece it is pretty respectable and others may be and apiece it needs to be picked up and made better, so what we mean by reform, this is the idea of scarce resources being applied and the most consistent, meaningful, and thoughtful ways, gone are the days where everyone who is doing whats right in their own eyes, so what really services to me, is standards, we have talked a lot about standards, you already understand of what requirements are needed and im not talking about this, this is the idea of making sure that we have communist endurance that we drive to, that we have an apparatus in place to inspect on what we expect, that we have adhere to those standards, nothing is more frustrating than publishing a set of standards are not following them and not even knowing the you are not following, but the idea of following through with the expectation that you have the level adherents and compliance and commitment of those means that we are a better war fighting organization as a result, of this reform has to be deep, all the way to the lowest level those are looking at the workforce all the way up to the strategic ways that we go towards actions and activities, on we have to look across the department to make sure that we dont have a necessary redundancies, you know there was a time and the information and environment where it was new. When we use terms like Information Operations, montreal preparations, those types of, things that we went to congress and we asked for money, on kind of this new frontier, its always been practice but this was embraced by the parliament and there was a time when that money flow to freely and we couldnt always account for how it was spent and we couldnt effectiveness, we had a lot of measures of performance but not to provide the so what of money we were given and what was a permissive friendly giving environment turned into a very challenging environment to demonstrate a level of sufficiency and rebuild trust. I will tell you i think were probably not too far off in some of the realms within cyber if we are not careful. People want to help us, our leadership wants to help empower us in this area but we have to be very good stewards on how the money is spent. You have to have something to show for, datadriven, really show the level of effectiveness for how we commit these measures. So every single day, we wake up in the Cyber Advisors office and the relationship with the chief Information Officer to be pushed with the relationships with our services, components, et cetera could not be closer and we think in these three terms, because the National Defense strategy tells us to think this way in our Cyber Strategy demand we think this way in the reveal are framed of partnership and reform. Strategic thoughts . A way to share a broad picture in less than ten minutes with you, i stand ready to take what will be your challenging questions that i can answer and i look forward to answering. Thank you. applause i dont know what the rules are, youre right in front of me with your hand up. inaudible thats a great question, for those who cannot hear, this is about how the dd a d response to cybersecurity. And one of the statements, i would agree with that mpca could maybe unsatisfied with the answer they would get since that pulls outside of our primary work goals but not outside of the responsibility. I will say this, the answer will not be as detailed as you would like, there are challenges, seminal challenges to how we share information and who owns the burden to responsibly in the liability if information is shared and solutions provided. These are not easy questions to answer, i dont pretend they have been solved at our level. I promise you this year they received more attention than i personally witnessed and there are really difficult choices in the road ahead for the department to make. I dont know what the balance is personally and where the leadership will side but if you think about this, how much should the department do, and how much of the solutions are on the part of those who own for example, data. I will say this, no matter what the answer lies there is one thing that is very clear, we as a unit have to do better at securing our data. There is no argument there. There are things and solutions in place from basic hygiene to Good Practice to the movement of information and safeguarding it through 0 information there were two course. In a flat surface to comfort heating the process or image highland that is unnecessary. So probably not the detailed answer you would expect because that is still yet to be solved in the department. Another question over here. Other questions . If you could take a mike we will come down for you. The previous question could be something to do with 171, is out falling under your domain . Not my domain but it certainly is an area we are involved in and that has secretarial interest so yes, it does, enforcing the standard and contract, we have ans provides a lot of the information, theres been a lot of reform in contracting language. So yes its an interest area line but primarily in the pca when you look at reform and focus on implementation of the strategy and owners. It is clearly a part of the solution. And one that has been in enacted this year. Jason miller federal news network. You mention capabilities in authorities and congress from the ministration and you said that in a positive way, we do offer a look into what a couple of them that standout that you argue that should be used or planning to use and why theyre important . In this environment i cannot. Unfortunately. Is not a matter of will its a matter of classification. So i will say this, i have not overstated the empowerment aspect of that but a lot are used for the missions that would not be appropriate to discuss. I will provide you a consolation. I hate to send you away emptyhanded. If i looked at what the department is headed next for organization, reform and potentially different authorities, i would share with you the Information Operations as we know traditionally, i looked into a crystal ball and i would share that is probably an area of resurgence and how we look and how we execute and what authorities and rules are in place and what capabilities need to exist, how we build war fighters and equipment sets for the information space. That is coming. And it is coming quickly. Given the memo from the dod, do you support the initiative to turn up ib pp to adopt a single stack to reduce the overall tax factor . That is an easy question for me too answer. I support his decision. I fully support it, i think i understand where youre going, there were alternatives considered but yes i support the chief Information Officers approach. I think that is the last question. Thank you very much for coming to be our speaker and our keynote. We are honored to have you sir. Thank you. applause ladies and gentlemen please welcome back the master of ceremony edward the second u. S. Navy retired thank you. We were great Panel Following up on this about apply chain cybersecurity is near and dear to our hearts. The moderator is john check, the senior director of Cyber Protection solutions intelligence information and services. Thank you for monitoring the panel. Joining us on the stage is a director of the National RiskManagement Center of the Homeland Security and beyond Marion Deputy chief for United States air force, and not very, cheap operating officer. Thank you. I would think the leaking team for hosting this event, a great opportunity to highlight key issues, without will jump in to securing the supply chain. One of the aspects are entering all parts are incentivized operably. The risks and costs and rewards of doing business are equally shared and understood. I would like to start with you, what are the things that hp is doing to incentivized your supply change in the customers. Thank you and thank you for the opportunity to be here. I was thinking about this panel and taken it through mentally what we do and what others in the industry do to secure the supply chain and a lot of it comes back to fundamentals. That has been a theme that we heard this weekend and one thing i think about our supplier standard. And we sure that with her supply base and we have them go through a rigorous process and we do audits and all sorts of things and when you look at it, it starts with design and Development Lifecycle and you can go down the stack from their the supply chain. Through disposal. A manufacturers you have software, provisioning, logistics and traffic and as you spam through the and think how do we manage that well or less than well and starts with what questions are we asking and no one starts from a Vantage Point and profession, its a journey in something will we have done for a long time. The intersection between physical supply chain and what weve done for many years and the cyber supply chain in any ict product that we are talking about, ip enabled logic firing components, you have to mind both, the supply chain is been static and you drag a bucket apart to point a to point b and check a box, it is not the case anymore, they are persistent supply chains and data beacons. I think thats a lot of the conversation for us going back to the Supplier Trust and of course the triage of suppliers, people who make plastic and screws right be slightly different et cetera and we hold those people quite close, in fact the technical contribution from those partners is paramount to the joint success. In terms of incentives, thats the overall framework and were pretty outcome specific. We left the market decide, either were successful in this tremendous upside or the alternative. I will ask you, what instances would you like to be implemented to drive behaviors . Lets start with the idea that information itself and better information about risk is an incentive. I start with that area and taking setbacks and we are talking about businesses in the supply chain, i believe all the incentive in the world exist for a business to make sure that something doesnt happen will have the operations and could affect the bottom line. And you get the information assymmetrys and how many steps they take to protect the supply chain with more information with risk and what could go wrong as we talk about the questions of intentional efforts to do things against product, hardware products. What can the government do to create a better information environment that will help businesses take advantage of things early have. Second order incentives, there has to be an expectation that if you are selling something that youre part of the supply chain for something important that you take the stuff seriously. This is supply chain in the smaller performers, that incentive is proliferating after but lets make sure its there with ago and start with information and go to basic contractual procurement and we can have an interesting conversation if there is still a gap of the National Security concern through business. I think we talk about the partnerships lets get with all the incentives right early on and accept that they have similar and only if the government intervenes with a gap of National Security. What types of incentives would you like to see from the dod . Looking at it from a manufacturer setting for merced its an acquisition. One of the things in the acquisition process to incentivize the right behavior, the industry will build it for us. So taking the standards of what is going on right now and working that into the security is a cost schedule performance. In providing some level of racial or investment, how we give them credit and acquisition process. That is probably the biggest piece of buying not building. I definitely believe if we put it in the right structure is this is will come but we also have to take a view of that is a win is too much. Just like in regular security hugo put horse blankets on but we have to figure out the threshold to manage the risk at the right level. That will be the hardest part of the incentive. Today the biggest incentive is a stick or bat or club, we all know that does not work very well longterm and does not create the right behaviors on the manufacturing side. The biggest risk is how do you understand and determine its applicability in an acquisition . Sometimes a problem of what happens, we put businesses out there that work again security and requiring too much then people not wanting to be in the market and not take advantage. Who is doing this well today . Anybody that you think is getting the incentive rights right in getting us where we need to get to . Ill make an aspirational statement, i think coming from a place of manufacturing and managing our supply base, where i think the Industrial Base might fall short in the management of third and fourth order nodes in the supply chain and how can we cascade that effectively but efficiently at the same time, i believe there is an opportunity or sweet spot to look at the dod acquisition, where we can put a smart baseline and achieve that and iterate against that. It is a journey but theres things we ought to be doing already but the benefit is, not only do we reflect through our own internal process but we can look up and down the chain and have some level of visibility and illumination upanddown and more confident when were representing our extended supply chain we have ground to stand on on. I think that the best thing we have going for spray is not a perfect system but far better than what we have today. That is the first step, i think we are at the information stage right now, how do we understand a company and the relationships in the acquisitions and second and third party and first you have to know the environment and im not sure we are there with the right tools yet. We have great under great efforts in the navy system. But we have to get that passed that level and we know we have a problem and fix it. Lets move on to the publicprivate partnership. You talk that is a very hot topic and we know to make that two collaboration in building the trust in the person you collaborate with to listen what theyre saying if they differently about how your approaching different tasks. Maybe if you can highlight the work that youre doing around the Risk Management initiative and how those things are progressing. One of my favorite topics because of Critical Infrastructure security and partnerships, when we established the National RiskManagement Center one of the models we are trying to do is operation eyes the private partnerships that we had established through the department over the last 15 years i got everyone to the table, starting to share information and talk about solutions but lets actually go further towards operation enjoin capability and working with more intensity to gather and so that is what we are trying to do in terms of the work we are doing particularly with the icy tea, risk and supply chain task force, the one that we had a pair of 60 representatives ngo duties on the task force, all the federal members essentially that were on the Acquisition Security Council and then representatives of the i. T. Sector, and the courting council in communication centers, and we had associations that represent or some of the smaller players and represent small businesses, so what we have the 16 people who are forming the task force to work this issue fulltime, to make policy recommendations, to make process improvement recommendations, to better help us understand the threat and then the risk and to talk through where there is possibility for joined Capabilities Solutions such for around information sharing where its not just about the Legal Framework but its actually developing, thinking of how to develop linkages, so that is why we are using the task force to do, it is a true partnership, its nice to have 60 people around the table working the problem, occasionally you have to get into smaller groups around that, and that is an example of what we were able to do via that task force, the department was asked to provide recommendations to the secretary of commerce where to apply emergency Rule Making Authority in restrictions of the ig supply, chain we could go out and study this as a government to try to understand it but you know what its a lot easier to pass the companies, the people who know their supply chains and work the business, asked them how they work, develop a framework and what are the most important elements around a supply chain. I dont think effectively, so theres two elements in my, answer one gives us a better answer to the question, we actually have better sources of information because people closer will give you this advice and second we make recommendations on something that may be critical or less and policy implications we can talk to industry about what would happen if you put more requirements around this, what will be the Business Impact . What would be the security impact . You can start to balance the conversation with what the real world impact is of what the government does. We are talking about securing things that are privately owned, it has been part of the equation. So matt i know youve been heavily engaged on this and can you talk about whats been working . I would start by extending my congratulations for the leadership and the team, i think they have wrangled a lot of people in a number of workgroups which is no small feat, the area that i am personally focused on his around incentivizing purchases via oh am, and authorized in distribution, what i was very encouraged by was number one the level of engagement from industry and from Public Partners through that process and how quickly we move from discussing in admiring to what are some practical recommendations to pick up . I think back in the june in july timeframe we sent some draft proposals up and so personally i think the process was well worth the investment and im looking forward to see that come out in the fold Task Force Report and i think there is tremendous opportunity there to see it and acquisition and so on. So bell from your point of view maybe expand on whats working in where else would you like to highlight the recognition for taking on this initiative for trying to drive the secure supply chain. There is two fronts and one from a command and that partnership with industry that had the financial discussions and have the partnering discussions and then no getting honest feedback about who their partners are and even forecast mergers and acquisitions are a lot of those and nuances we dont think far enough ahead and so there is been a lot of work in the Research Side of that and also taking our weapon systems and decomposing and making a strategic discussions with those companies to understand more of the risks because again it is a Risk Management in you dont get rid of supply chain you just try to manage a better so i think thats the first thing and the tactical operational level for us is we are with this thing enterprise a tee and an initiative to see how we use committed of capabilities and how we think of winning of the Security Model and so we are putting this to test every day and dhs is working and this is the tactical level contract, work through the supply chain piece, both operationally from how we run and defend our networks to all the supply chain type piece of, that that is just kicking off here in the next 30 days so we will be following that and its a key want to see you have the micro policy and how its actually boiling down and implementation of large contracts force. Well we will give it to one of the favorite topics, and the zero trust, you know the Threat Landscape and vulnerabilities, certainly in supply chain and a lot of time there is a Risk Appetite its different than what you have and not as concerned with the supply chain risk in those type of things, how can we apply a zero trust to a supply change and maybe help build that security until that we desire. So urgently from san antonio and i joke every car in san antonio can be stolen you cant keep it from being stolen so dont come in with, that supply chain is no, different you cant completely secure the entire supply chains you have to infer that there is a risk that is real that any time someone can come into your front door, this is where the wall guard and comes in, that model has gone with cloud and modal and signal the supply, chain how do you flip the models to say well i dont intrinsically or i cant intrinsically trust everything, its not just a buzzword its actually thinking differently which is most important about zero trust in what am i going to encrypted and protracted think of things different, there is certainly largescale manufacture that nose in their supply process that they dont have supply, chain so they look on it molten on the, end well they say what are the mechanisms on the, end other manufacturers may be able to do it they have a different process but zte and, just like some sailor manufacturers, i dont trust the manufacturers to ottawa encrypt the application and service indeed on look at the problem differently, so thats going back to enterprise 80 as a service how do we flip the paradigm to use come steps like zero trust and different waves tuesday underneath the hardware and look at those concepts to stay on top whether i dont know, we cant afford all that we need to make that whole, so realize youre in secure and look at the problem and affront. You have anything to add to . That you know i think zero trust is in the phrase that i use a lot, i think about security, and understanding our network in privatization risk and then having resilience in place, so you can minimize the consequences to failure, so we are not out saying that there is a simple solution here but there are places that you have to apply a higher standard and one of those areas for example that we have been working on his round elections unity, we want to push, up and we are working with state and local governments, the security and components there that you are demanding more trust within that and that is going to help out throughout the process, because that is the place where trust ends up mattering to the results themselves. So do you think we can agree that zero trust doesnt happen overnight, establishing that type of environment, so maybe you can touch on some recommendations or best practices that we can use to get started with. Certainly, so one it is taking a step back, zero trust as an umbrella, definitely east definition only i think it is important to acknowledge the benefit to shift a workforce thinking of things, but maybe its not the sweet, spot so if you engage in a Cloud Solution or migraine what are you enabling your team to do, whatever sometimes he will confuse that with Operational Management of risk, it doesnt eliminate the risk, it shifts the risk and so the question is, are you safeguarding everything and to and, layered defence, indepth, or are you doing that holistic lee or you just shifting a problem set. I think just thinking through zero trust doesnt mean a wild west and it is a matter whats on the network, matters critically and so from our islands we think about and points as a horizontal and what do we do in order to make sure those things are locked down, but ideally that they are resilient, so when you can take an attack and i will come and we will be reached, what happens . Can we detect it best, can we self heal, and if you can you have reduced the functional attacks space and then you can migrate the focus the organization of this attack to hire valued activity, that is a lot of what we are focused on. All right, thanks. Anything you would like to. Ad lets move on to our call to, action with the conference this week, it has been a great discussion and i will make sure that we provide something, broom to admiring this and some actionable steps, i will start with you, bob. So give us one a short term recommendation and one forward thinking recommendation of how we can start attacking this. Hopefully we are, a speak about this and hopefully i dont any hidden recommendations, but emphasize that we do spend time and i think that we are in a moment of Real Progress, i think creating a greater information sharing environment around supply chain risks is something that we are in a moment where we can really make some progress at, so much of the information sharing discussion has been around indicators and things around Network Defence but i think combining understanding and supply chain risk an understanding collection of information that might be sensitive, there is a lot more data out there to really do this and putting that information together that is something we are working hard as a federal government to do and getting that information into the hands of folks who cant make decisions related to this and it has to be tied to the idea that if officials have the security incentive and training to take information, so i think we are in a moment where we can make some Real Progress and join information sharing right now, i think longer term, it is securing down the cyber ecosystem, incentivizing more investment in 90 around certain places and scaling the solutions and now that the places can put it deeper in that supply chain so there is less this in the process. Bell . I will start with the strategic, one i think it should be quake, but its probably not gonna be, quick and ill go back to how do we put security as one of the parameters, no kidding implement that weve been talking about it for a couple of years now and at least with seriousness so no kidding and implying this as part of the equation, that has to be the strategic initiative, and at the more technical level, you know getting these, flipping the switch on the processes in all the things on how we assess what security isnt actually using true assessing in a mediation tools on this, something battle happened even if we have a perfect supply chain theres gonna be something bad happens on our network so our process is how we are getting two true, and i think we are getting their wow of troops to newest and understanding what does rate look like, what is a look like when its not there so that you can act with some level of agility,. In this world that there will be a point where youre breached, someone does something nefarious to you so the best thing to do is how fast you can detect and react, so you have to attack in the acquisition a santa model that is put in, i think it will react well but we have to get over that hump we keep talking about it but we havent made the switch yet. What do you think the real barrier is there . We lack the real threat to return on investment discussion, and goes back to the analogy of if you have to him doors open on an air force base but you only have money to close three of, them there are some people in the acquisition world that why did you close three . Its about argument if seven are still up and then why did you even spend the money on three, maybe you couldve had another target, so i think having the understanding that when you make i think the information we have done on the community, acquisition side or the information side, understands how that works, putting a dollar value on that. Matt your perspective. Bill and nailed the immediate one in my mind which is the acquisition piece, there are so much gray work, dhs is youre force, just a ton of great work, the 800 syria and resiliency and all those things are phenomenal, but they dont make it into acquisition, its simply just doesnt matter and you have a human being who is evaluating these different factors and if it is not in the calculus it is now part of the answer, that is the struggle that we, had a so i think it goes well to that point, i think we will shift to whats next, the provocative thought from yesterday that shatter was asked why keep them up at night and he said one word, china, so sitting where i sit its a very interesting question because china is simultaneously a very important market, nation state competitor and an adversary, when we are in this Public Private conversation, unless we have strategic a clarity around objective and unless we can ascend unified signals back and forth to each other, you have all kinds of things going on, i wont go off in the weeds here but just with the tariff developments, you see people realigning supply chains in the reactive sense, what happens when a fact goes away, people really denominated back in china to chase low cost, is at a Strategic Policy execution or are we reacting, what is the right at answer . Its a difficult question but just to take a step, if we had a directive that said we are simply not going to build logic bearing devices or source them from the geography that tends to set up a very different incentive that im not sure industry would get there by itself, so i think this kind of conversation is critical and especially with what is happening in the world today, it is quite important. I will wrap with a related, thing theres a thing going on right, now for the industrial revolution, essentially a 12 trillion dollar job with the Global Manufacturing base, so you think about digital manufacturing, 3d, brands other enabling technologies, we are actually at the cusp of a time when we can a realign supply chains to be more regional in secure at lower cost with the capability that it is coming online. I think we should, think long and hard about that as an opportunity because i can ensure you other nations states are investing heavily in that area and my question would be, what are we doing domestically to seize our quote, and fair share of that opportunity and i think that is probably a really ripe conversation maybe for another thing. Well thanks, i really appreciate the panel today, a great job, we had a good discussion and i think we have a lot of opportunities that people can look at to secure their supply, chain so thank you. applause George Papadopoulos explains his view of the investigation into russia and the 2016 president ial campaign, he served 12 days in prison for lying to the fbi during the investigation, he has written a book about his experience, mr. Papadopoulos spoke to an audience in West Palm Beach florida. applause , well, this is wonderful, is this thing on . Lets get this thing on, can you hear me . Perfect, perfect, you know i walked in with one of these big, i dont know what you call, them the satchels, the big speech i was gonna do, im going away again because when you are with friends and family that is what you do. I wasnt going to sit here and were you all with a 20 to 25 minutes well rehearsed speech because that is not my