Started to work towards, it represented a fundamental threat toward the american way life. So he dedicated himself to preventing roosevelt from being able to enact. It contentious president ial transitions, sunday daytoday pm eastern on cspans q a. Next, remarks from mark travis, the former Deputy Director of the cybersecurity and Infrastructure Security Agency on what led to his decision to step down after the 2020 election. He also spoke about combatting disinformation domestically and abroad and Election Security during the 2020 election. Held by the aspen institute, this is about 40 minutes. Thank you so much for having me be here, and im very excited to interview matt travis, someone ive wanted to talk to a lot about cybersecurity. And weve got a lot to talk about, welcome, matt. Thank you for being here. Thanks for the invitation. I like your a spinal tap thing behind you. Its relegated to the basement since my kids are at home learning. It gets a nine on room rates are. Lets begin by talking about recent times. I want to talk about where its going and Everything Else and the walk up to the election, but, first everyone is most obviously interested, he resigned after chris krebs was fired at the cybersecurity and Infrastructure Security Agency. What do you walk us through two weeks between the election and krebss firing. What was it like to be inside csa and what you are all talking about as that time period unfolded . I will go back four weeks ago. The election was four weeks ago today. We knew that the results process would be protracted because of mailin voting. So we were kind of gaming out some of the contingencies that we wanted to be prepared for, and the first several days after the election were quiet because it was still that states hadnt really called for either candidate. When i think the ap first called for president elect biden, it wasnt really until next tuesday, before veterans day, when politico dropped a piece tuesday night about here is a Government Agency youve never heard of that is countering the president s lawyers claims about an impropriety of fraud in the election. That night, texting chris, i saw that first and i said, if this doesnt get you fired, nothing well. And his response back was essentially this might do it. The next day, reuters wrote a story saying he had told people he expected to be fired, my texting was the source of that. But this was an agency that people were aware of that had been monitoring but i have to tell you, its the youngest federal agency in the executive branch. Most people who dont work with us have probably not heard of this and are getting more attention as election day drew on. But we generally try to fly under the radar, knowing how fraught with peril this election might be because of the non traditional way the votes could potentially be tabulated and the timing of that. Were you more worried about the non traditional way because of the covid issue, or were you worried about trumps continued politicization of this issue leading up to the election. Because he had been actively doing that on twitter and other places. We try to filter out that noise. We were mostly concerned with knowing that because of the heavy mail in balloting that you would not have Election Night results. We would say as much. It will take several days of not a week before we know the winner and try to inform the electorate about the process and what to expect and not to get overly anxious about that. Obviously, as the days war on and the rhetoric coming from the president s campaign continued to kind of contradict what we saw and what we knew to be the case, we recognize that this could potentially grow. So in politico called it out, that was really the first straw. There were a number of articles in the days fourth. The next day on veterans day, when the white house called our chief of staff to inform her that the white house was going to ask for brians resignation. He was the senior director for cybersecurity who had made comments. We all went through the revetting over the summer with white house personnel, and thats bryans story to tell. We certainly facilitated the sister teen, and with operation warp speed with the Health Care Sector and vaccine suppliers. Our chief of staff asked, is that the only one, this is wednesday, veterans day, and my understanding was the answer was that that is it. We thought lets keep going. He resigned, by the way. He resigned affective that friday. He lost. Both he and janette were both just tremendous leaders of what has been the new Cybersecurity Division within six. So i think they ran a profile on chris on friday, and then the Washington PostEditorial Board on sunday, we knew that with each article we are calling attention to cisa and our rumor control website, that it may be continued difficulty in navigating a narrow path but the whole point of your rumor control and all your efforts were to publicize the safety of the election and your assessment. Hiding under a rock really isnt an option. Chris got the idea from fema. They use that in terms of Hurricane Season and getting Ground Troops out. That frankly, we expected to be used against foreign adversaries, what we saw from russia in 2016, a Disinformation Campaign of using fake personas online and putting out falsehoods, but also to educate the voters about the electoral process and then working closely with the entire election community. We wanted to show transparency in terms of, if this happens, this is what it means, if this happens, dont be alarmed. That was the purpose of that rumor control. To get Accurate Information . Yes. When the president was tweeting out before and saying things publicly, it was a lot on twitter, but a lot of places, at rallies, did that worry you . That they were doing things counter to what was on your website . We took the stance that we did not need, it was our role not to fact check the candidates. We were going to stay out of that political process, and the candidates and the media can hold that to account or others. But once the election had been conducted, and the electoral process of canvassing and counting and certifying was put in place, then we felt it was our role to be articulating the ground truth on what these process sees entailed, and what security protections had been built into these systems. To answer your question, it was not helpful, but we kind of expected that. Probably not to the extent in volume and how long it continued, but just to continue the week, monday was very quiet, and two weeks ago, tuesday was also pretty quiet. It was business as usual at cisa. People probably dont realize that we are not just a cyber domain. All 16 sectors, we have an Emergency Communications role. We have a lot going on. It was business as usual. And then on tuesday night, about 6 00, the Washington Examiner put out a story that cited some white House Stories making jokes about chriss hair. We were giving him grief about that. 7 15 or so is when chris called me. And they say wait a minute. He said he fired me on twitter. So he was not called . He was not called . He was not called. He learned. Chris keeps an eye on twitter regardless of whats going on. I think he did see it himself when it came across. I did not. And i asked him. I said i can go with you and he said stay behind and finish the fight with the team. Finish offense day and get it done. We will talk later. It was probably a 45 second phone call. The staff said we need to start putting in place an all hands message to the workforce and let them know what we need to do. In the middle of that, call acting secretary wolf and called me, and so i jumped off from our chief. This is charitable . Yes. He said i know you probably heard the news about chris. I said i have. He said me too. He said, no, they are not asking for your resignation, but they do not want you running cessna. Thats a paraphrasing sentiment. But you were next in line. I was. The secretary had signed and even updated it a few weeks ago. Now to his credit, he had not been consulted on this, so he is kind of caught surprised by the white house decision on this. He said let me see if i can fix this. So for about 90 minutes i sat there waiting and he was working with the white house personal and others to see if he could get this turned around. He called me back a few minutes later and said he could not. I was told i had to leave. Then that was that. It was a pretty frenetic tuesday evening and its still an experience i treasure, being the Deputy Director of cisa. We were proud about what we were able to accomplish. Were you surprised at this level of politicization . I was. There was a charade surreal nature to it and seeing chris being fired all over the news. We are a component of a department. When my resignation hit the press, i think don lemon broke into his broadcast and announced my name and in what bizarre world does the Deputy Director so it was odd that an agency was new and relatively unknown getting this kind of attention. In a way, i think it helped our profile because we were trying to let our people know all that we were doing. Our agency is entirely based on partnerships. So you need people to know the resources that cisa has and the things we can do to help and the programs we can offer. What about the people on the ground there and working within the agency . It was very dramatic what happened with chris and you and brian. How do people within the agency, so how many people to this point . About 2200. Right, working on all kinds of issues. How are they impacted . We enjoyed some real stability for the most part during this administration. They might not have known you were there. Yeah, that is true. The workforce i dont think ever saw this coming. To criticize credit, i think he was playing in his head at how this could unfold. Thats one of the reasons we wanted to bring Brendan Wales and created this executive director position. So there was brandon has a tremendous career. We did that just over the summer. I think they were very my resignation, in fact i was told at the end of the week that i had to unwind for some things. So i was in the office wednesday, thursday and friday. You cant really expect this to leave in january anyway. One of the things you tweeted was that it must stay nonpartisan. Protect that, god gave us a conscience, use it. That was your messaging. That was my farewell message to the staff and workforce. I did not want to use an internal email. What i meant by that is i think chris and i were of the same mind in this of the getgo. We are not a Law Enforcement authority and we are really the only agency that is completely reliant on a partnership model. I had one Regulatory Authority over the chemical industry. Everything else is a voluntary partnership model. If you go to the airport and want to get on the plane, you have to work with tsa whether you like it or not. No one has to work with cisa. Yet we have a mission to raise the basic security across 16 infrastructures, and in addition to the federal stability executive branch. So we have to make sure that people want to work with us. If we are starting to play partisan politics with security. The First Principles that the government should be doing is protecting those systems and activities that enable our economy and provide security, the drive the american way of life, that is what we are protecting at cisa. Thats not a political issue. You can have legitimate political differences on a range of issues within the Homeland Security portfolio. Immigration is just one. I have yet to see a partisan issue within securing americas infrastructure that warrants politicizing what we do. What were hearing from the Trump Campaign was in effect politicizing the security of a subsector infrastructure, namely the election system. Weve worked hard to establish that bipartisan, really nonpartisan reputation. We were close to a number of governors, from democrat states and republican states. Governor doocy, governor lee modern can etiquette, the wind, a whole bunch of folks. Governors that were really cyber savvy. If they think we are playing games then we lose our credibility. Yet, here you are. There is only one of the things that you do, which is Election Security, and here it has become politicized. Let me go backwards a little bit in terms of you do not think there was a horror movie idea, that a call was coming from within the white house actually. I think one of the unexpected parts of the election was that it actually went pretty smoothly. We did not see major cyberattacks or attempts at foreign interference. Obviously, mr. Cribs called it just another tuesday on the internet. Why was it . Were we wrong analyzing the degree of the foreign threat . Were there other things that they were doing or was it that we were paying attention this time as opposed to 2016 . Kara, i think the lessons we learned for 2016 is that we have the threat landscape. You also have known vulnerabilities. But we try to focus on in the past three years is shore up those vulnerabilities in working with the thousands of election jurisdictions in this country to offer them and partner them to ensure one, as youve heard chris say, and stall paper ballot backups. We have 80 of states in 2016, almost 95 of the vote was backed up by paper ballot last month. So its that Capacity Building of trying to shore up the vulnerabilities, whether its in the Voter Registration databases, working with the election infrastructure as well, and just working with the campaigns and making sure that they are email protections and all the good cyber hygiene they need to be employing as well as the political parties. It was a full court press to do all of that. In 2018 during the midterms, we did not see a lot of activity. There were some proactive measures that this government took. I think that may have had an effect on the 2020 election day. But on election day, without getting into anything classified, there were attempts. We were very proud of the fact that a number of states batted them down, that they had those protections in place. We partnered with these secretaries of state and Election Officials to have, we call them ice time monitors, on their network. We had intrusion detection on wet was trying to hit their networks. We were better prepared. I was wondering why the adversaries did not do as much. Where these attempts foreign or domestic . I wont get into that here. Lets just say the intrusion attempts and other types of mischief on election day and this was an all team effort. We were the coordinator of all this. We certainly have an Election Team whos working with folks. You look at what the fbi did, and they say, we had d. O. D. Personal helping us as well. The states governors have all been very adamant there was no interlock election interference or fraud. Its unusual statements by them given how close they have been to the trump administration. They call the as they see it. We spent all this time and effort with the funds that Congress Gave us. Congress was extremely supportive of our Election Security mission. I think that money was put to good use. If the president had one, i suspect chris would have been paraded down pennsylvania avenue and pointing to him saying it was a legitimate election. But it cuts both ways. The president did not win reelection, but the security was what it was. One of the things you pushed for was the rumor control. Not just the foreign interference, but the uses of our own u. S. Companies for domestic disinformation is much more complicated. Lets talk about rumor control and why you took it on. Obviously, its not just incursions, security incursions, abuse of technologies and things like that, but its actual just words and ways to influence people. Talk a little bit about that and what role do you see the social Media Companies having in combatting disinformation . Theyve sort of done a stutter step towards some action. I think low bar is the word i think of most of the time. Let me go back to when i came into cisa, which was early 2018. The 2016 election were still fresh and everyones mind. Right then, the next target was protecting the 2018 midterms. I got Great Partnership from the major platforms. We worked closely with them and other government agencies. I think they recognized their systems were used for purposes they did not always anticipate they would be used in an election. Ultimately, we at dhs dont want to be the arbiters of truth. So it was not really for us to say that this persona is some guy insane petersburg. Its for them to determine with the violation of their service. I dont think cisa has a role in that. We did not want to take the mantle of having to point out whats fake. I think thats a good rule for government. We aimed to ground truth about the election infrastructure and how elections are conducted. We felt very confident. That was our role to talk about the competence during the election. Heres the platform thing used to make people less confident. Now that you are not in cisa, what is the role of the government in dealing with that if someone, who is the president of the united states, his spewing lies on any of these platforms . Is there a role of government to do that or do you just let it happen . So i am not one that is a small government republican. Generally, my sensibility is not for more regulation. I dont necessarily like the way that the platforms have applied some of the qualifiers. Its tough. Its a challenge to try to maintain consistency in that. But we ultimately try to do at cisa is to empower the public, to know your sources and to be a more enlightened citizen. Media literacy is what youre talking about. Exactly. We had a whole Campaign Last year about pineapple on pizza which was to educate the American Public about how foreign actors could take any issue and use it to divide any divide americans with allies and just sowing discord. We used the harmless analogy of some people like pineapple on pizza and some people dont. It showed the trade craft, the tactics and techniques that russia would use to try to divide america. I think the onus is on americans. If youre going to be a consumer of content and the media, its incumbent upon us to know what the sources are. Obviously in this day and age, what seems to be legitimizing media is often not and that is trouble. I heard that from a lot of people. This is a quantum level of difference between a billboard or even a tv ad or a newspaper or anything else. Because its been flooded at you and being very specifically targeted. Its very difficult in the way its hidden and confusing and the mass amount of it. Lets say you suddenly became head of facebook or twitter, either one. You talked about those designations they put on, which is so confusing. This is disputed, instead of saying this is a lie. They do not seem to want to go that far. How far would you go in that regard, because we are going to have to rely on these private companies owned by people who can who have no accountability. Its a hard problem. I would still lean my personal views of not letting 100 flowers bloom necessarily, but letting speech prevail. Letting enlightened people point out where there are falsehoods and disinformation. I think we need more people in the sensible center to do that, both in government and media and public life. I general inclination is not towards more suppression of the speech. Even if its not coming from the government, but even the platforms themselves. So you think its adequate to say it is disputed . I dont know what that means, actually. Its a non sentence sentence. Yeah, it does not really work for me. Because here you are at cisa saying this is the truth and this is the information. They could easily point to that and say this is untrue. Is that too far . Is that suppression to say ally is not true . Its a fine line and its tough to figure out where youre going to draw it. We felt comfortable and confident that we could speak with authority on what the facts are in terms of how elections work and with the election jurisdictions do, when the technology does. We never saw ourselves, and i know youre not asking this question, to be moderating people speech online. But its going to be a problem that is not going to go away. As we become more and more beholden to online communications, its going to be an even tougher challenge in the next election. These soft threats versus our threats. Can you assess the difference between soft threats, which i think are much more significant, then the hard threats . Talk about the difference. Ion talk about where we need too in terms of what we need to focus on. In many ways, stepping back for the election, we looked at three lanes. Theres protecting election infrastructure, working with the voting companies. There is working with the parties and making sure emails are protected so we dont have another dnc hack. Then theres the admit the disinformation piece. It is a hybrid threat where you have both foreign actors who are looking to undermine western democracies. As you alluded to, theres obviously voices from within this country, as we see the continuing polarization, are going to use the same tactics and techniques to do the same thing, which is to sow discord. And i dont have a good answer for that. When you think about the threats to the machines, theres also been attacks on the dominion machines. Just today, the head of dominion wrote about Death Threats and others. Some thought chris should be executed, which i think is really reprehensible. What how do you deal with that when you are in that system and you want to be reasonable . Im not loss amount a loss of words for how absurd and offensive those comments are. One, i have to think that violates some type of code of professional conduct at the d. C. Bar. I know chris responded on the today show. But to quote george costanza, what happened to shame . For mr. Digenova, why is there no shame for this kind of language . Hes a small man with a small mind and a bad mustache. Its unfortunate the attacks on chris, or anyone. Have you felt under threat . This is an area that is not well known, as you said. You started two years ago just to put out basic information and work with all the different players. Have you felt under threat . I have not. Im also not in the same public view. The deputy is kind of the one running the agency day today while chris is leading us. I wont speak for him, but obviously the comments last night are troubling. We certainly never expected cisa, its mission and its people, to be under attack like this. I hope it ends soon. I hope mr. Digenova takes back those words and apologizes and realizes the hot lights of the studio got to him. I doubt it. Im sorry to say that. I think they doubled down on these things and get worst constantly. When you created this two years ago, one of the things was to bring more tech people into government and to work on these things. Tech now intersects with everything. Can we talk a little bit about bringing tech into government in a more significant way . I know through the Obama Administration and bush administration, this has been talked about, but it still seems to separate. Do you look at it that way or do you feel as if the government has more experience to realize the tech should be at the center part of this . No, theres work to be done. Let me clarify that chris and i took what the congress and President Trump gave us and built cisa. But really the credit goes to people like mike mccaul from texas, senator ron johnson, but also the Obama Administration who tried to get this started. Suzanne spalding and her team prior to cisa really started it. The notion that we dont have enough tech people in government, and obviously we need to get more texas heavy in terms of getting to the cloud. We need to get away from departments having their own servers and own networks and going to the cloud. Congress gave us some hiring authorities to bring in talented Technology Workers at a lower level to pay the more, because right now the best coder out of caltech is going to come in as a gps nine because she does not have experience. The regime that will be in place next year will be able to pay her more and get her into government. The other thing is we need a tech infusion at the state and local level. When we look at the problem sets of ransomware. Would i would hear about the u. S. Conference of mayors and governors is that we really need more i. T. Modernization for our cities and states. When you look at some of the operating systems, they are still running windows seven. That capitalization for tech is not there. We talked about the next infrastructure bill and im sure the roads in the tunnels and the bridges need work, but if that does not include a technological component for capital reinvestment internet works and i. T. Systems of cities and states, then we will be missing an opportunity. Why does it not happen from your perspective . I think generally, ceos and sees those are not always their constituencies are not have not been around as long. Thats not to take away from any of these important issues, fun when we talk about finite budgets and fiscal austerity, its not going to be at the top of your list. When you look at where the risk is now shifting, and thats one of the things that cisa we try to pride ourselves on, to be an adviser to america. When you look at what ransomware has done to a number of large cities. It attacks the school system, health care, its not that you cant just pay your parking tickets online. Its taking down real major infrastructure but using daily life. As we reassess where risk resides, i think the case is then pretty apparent that more investment needs to go into technology from government. Yeah. Windows seven makes me nervous. We have some questions from the audience. I will read them. This is from mary. Based on your experience at cisa, which industries or fields are most susceptible to cyber intrusions. Weve seen how hospitals are general vulnerable, about schools . Lets try to keep these answers quick so i can get as many questions as possible. You see the risk shift since the pandemic started. You see the Health Care Sector and Hospital Networks under more attack than we would previously see before that. It was the Energy Sector and financial sector. These are better funded though and better protected than others. I think it also depends on the threat actor. If you are a ransom or criminal, youre going after the weak links, places that you know dont necessarily have modern i. T. Systems or defenses. School systems in places like that. If you look at nation state actors, they will be trying to steal intellectual property in those kinds of things. Right, okay. A question from matt. Are you concerned that donald trump and his Campaign Associates will use the data theyve gathered to target citizens with this in more this informative information to their advantage . I see no evidence that they are changing course. Thats a big that yes, i think. Correct . Yeah, i see no reason to think they are going to stop. Do you know, this is from eric, do you know how involved trump personally was in your ousting . I believe the president was aware of chris, but i dont believe the president was aware. What they did was put a piece of paper in front of him that he signed that overruled the succession order. So i dont expect the president to be aware. So you are and i dont know that guy person. Are you in favor, this is are you in favor of Digital Credentials for future elections . By when will National Online voting they rolling in . Online voting are not towards i want to see together. The integrity of the election system should be paper based. It works. Another talk about bitcoin and essentially going to a electronic protection, but i think thats way off in the future. Stio okay, the mailin ballot already upset people, although unnecessarily. Patrick, no question, i just wanted to say that National TechnologySecurity Coalition is grateful to chris, matt and brian. Mary, she already asked this one. What is next for matt travis and chris krebs . Will they remain involved in some fashion in cisa . When you go back during the Biden Administration . What will also happen to the agency under biden . I was a political appointee, so im a private citizen now. Im assessing what is next for me and taking a bit of a break. I think for cisa and the Biden Administration, i hope they continue to put on a growth trajectory. I want to say that congress has been very supportive of cisa. I think it needs to be a three billion Dollar Agency at the minimum. Right now the budget is 1. 7. You look at our expanding mission set. I hope biden continues to help cisa grow to reach full operational capability. Do you think its possible for a Government Agency to combat disinformation that comes from elected officials within the united states, or is it politically sensitive best left to Civil Society and social media platforms . If yes, how do we have government respond to foreign implication of domestically originated disinformation without stepping into the muck . That is what happened. There was a lot of domestic information that are amplified by foreign players. Yeah, that just has orwellian overtones for my liking. I really dont like it when the government is the arbiter of truth when it comes to just basic speech. Okay. I kevin and westbrook. Silence in the face of inaccurate disputed information can be construed as implicitly supporting such information. How should confusion be addressed . I think i would go back to what i said before. Its not just one person on these platform, its the rest of us on there as well. We can counter argue and point out where things are false. I just think its up to our society to do a better job of policing ourselves. All right. Just two more. Nick. Even if you cant provide details of election day interference, can you describe how significant the attempts were . No. Okay. [laughs] thats easy. Big, small, little. Last one from maurice. Can state and local Election Officials keep up with security requirements without consistent federal funding . I think there needs to be a priority. I know there has been federal funding from congress through the Election Assistance Commission and all the services that cisa provides. So i think that model has worked. Listen, its a National Critical function that we are able to conduct elections. If we are not putting our money there, and the whole thing, you know, there is bigger trouble that will happen. Last question. You trust and confidence in the u. S. Election system is very important to the rest of the world. The disinformation really emboldened dictators in africa and across the world. This is absolutely true. Who is the biggest threat to the u. S. . That is my final question here. From a cybersecurity perspective, it is still the big four. Russia, china, north korea and iran. They all have their sort of focus areas of what they do and why they do it. No one else is even close. No one is even close. And domestically . Cyber criminals in terms of the ransomware, we dont really assess domestic threats from a cyber perspective. It is all ones and zeroes. Okay. Matt, thank you so much. Thank you so much for your service. Its important to have these voices of truth and just accuracy. Lets not even use that loaded word anymore, truth. Accurate information is really valuable to the continued robustness of our democracy. Thank you so much. Thank you aspen for all the questions. Sorry we could not get to all of them. Weeknights this month, we are featuring American History tv programs to preview whats available every weekend on cspan 3. Tonight, two bestselling offers on how they use Historical Research in their work. Watch beginning at 8 pm eastern, and enjoy American History tv every weekend on cspan three. American history tv on cspan three, exploring the people and events that tell the american story every weekend. Coming up this weekend, saturday at 10 pm eastern on real america, as Health Officials prepare to roll out a vaccine against the coronavirus, we take you back in time with five archival films about vaccines and the fight against disease. On sunday at 6 pm eastern on american artifacts, tour new york citys Lower East SideTenement Museum with reconstructed dwellings that show how immigrant families coped with poverty and crowded conditions in the 19th and early 20th centuries. At 6 30 pm, a look at president ial leadership during the cold war with historian william hitchcock. Also the author of the age of eisenhower, america and the world in the 19 fifties. Then at 9 pm, a u. S. Constitutional debate hosted by the Colonial Williamsburg foundation featuring a reenactment from Founding FathersJames Madison and george mason on issues from the bill of rights to sly