The department of Homeland Security. Dj johnson from the fbi. Jen silk from the department of energy. Let me set the stage for you a little bit before we dive in. Over the past eight years, and someone say longer, the country has faced an alarming increase in the number of Cyber Incidents against the public and private sectors, incidents which have ranged in scale and sophistication and severity. Last week, president obama ued we are pleased to convene this group of experts to provide feedback. It is so important that we provide feedback on how best to implement this policy. It directs the department of Homeland Security in coordination with a variety of different federal agencies to submit a National CyberIncident Response plan within 180 days. We understand that a draft plan will be ready for you in september for your comments. In the meantime, we hope that you will use todays events to talk about the plan to ask questions about it to ask questions about how the writers intend to coordinate with all of you, the stakeholders. Many of you have participated in the Chamber Cyber education and Awareness Campaign and youve come to the events held around the country. We appreciate that. One question unfortunately that we still hear is far too often, is who do we call for help . Who is in charge . Where do we go if we have an attack . Were going to answer some of those questions today. The new directive map out these lines of responsibility within the federal government when responding to significant Cyber Incidents. And michaels going to define for you what significant actually means. Its important to note that the directive doesnt apply to every cyber incident intrusion vulnerability or breach and michael will explain how the directive goes into detail on each of those. We appreciate the administrations efforts to take the Lessons Learned from previous Cyber Incidents and provide the needed clarity to chart a clear path forward for interagency coordination about the roles, responsibility, whose in charge during significant Cyber Incidents. Todays discussion is an important step in bringing together government and industry. An open dialogue is the only way well be able to effectively address the increasingly sophisticated Cyber Threats facing american businesses and businesses around the globe. We look forward to a continued conversation to help shed light on the role that the federal agencies play in responding to attacks while implementing while emphasizing the importance of coordinating with victims that voluntarily report a cyber incident. This may surprise some of you but businesses genuinely want government partners in the fight against organized criminals, and groups carrying out state sponsored attacks and the Chamber Welcomes the administrations move to incorporate the new policies. New policy guidance into the exercises. Let me turn this over to michael and his colleagues. Thank you. Michael thank you. thanks, and thanks to the chamber for agreeing to host this event today and thanks to all of you for taking time out of your busy schedules to take time to talk with us. Theres no substitute for these kinds of discussions. And im really very excited to have this opportunity and very interested in the conversation. Thank you also to my colleagues from dhs, f. B. I. , the ctic, energy treasury, for being here as well. I think theyll really be able to give you a flavor for the inner agency approach that we have to take when dealing with significant Cyber Incidents. Let me just set the stage a little bit for you about how this policy fits into our larger strategic framework and then we can talk about sort of the core lmingts of the policy and then i will turn it over to my colleagues to go into more detail about their specific sections. This administration has consistently pursued three overarching strategic goals. One is how do we raise the level of Cyber Security in our public and private sectors and do that over both the short and the long term. How do we better disrupt, deter, interrupt our adversaries in cyber space. And because we know those first two things are going to fail some of the time, how do we actually get better at responding to and recovering from Cyber Incidents when they occur . And this policy, which were still getting used to the number because they dont number them until literally the president signs it so were still incorporating the number. But ppd41 fits squarely into that third pillar of getting the governments house in order. And its a president ial directive aimed at the Government Agencies to tell us how to get ourselves organized more effectively to address Cyber Incidents and specifically significant Cyber Incidents. It draws on the lessons, as ann said, that weve learned over the last eight years both from doing cyber Incident Response everything from opm to sony to the ddos attacks on our banks, to ukraine, to you name it. We drew on that experience. But also, the learning that weve done with responding to our long history of responding to terrorism incidents and our history and responding to natural disasters. And how the government uses its machinery to respond to those types of incidents. All of those lessons have been incorporated together into this ppd. So let me give you sort of the overview of the structure of what we were trying to accomplish and then we can take it from there. First and foremost, the ppd establishes a set of principles up front that we actually will apply to our response to any cyber incident. And none of these are particularly i hope none of you found them shocking. None are particularly earthshattering. They were very straightforward but we found it very important to articulate that these are the principles that were going to apply when we respond to Cyber Incidents. So this is the idea that were going to come with a unity of effort, that the government is going to bring that full weight of our machinery to bear but in a way thats actually organized. That we recognize that we have to do this in partnership both across the federal government but also with state and local partners potentially with our International Partners and with industry, with the people, for example, that are sitting around this table. We recognize that one of the things that we need to do is to focus on safeguarding the victims information and actually also treat the entity thats been affected by a cyber incident as a victim because thats what they are. And so and also to foster restoration and recovery. So the ppd then goes on to establish lines of effort and a coordination architecture for dealing with significant cyber incident. And this is an important point. That what we found is we looked out at our experience with Cyber Incidents over the past seven and a years is that for half many incidents the existing machinery, whether in f. B. I. Or d. H. S. Or energy or treasury was perfectly good at responding to your run of the mill cyber intrusions that unfortunately have become way too common but those could be handled with existing agency machinery and procedures. But where we needed additional help, where we needed an additional framework put in place, where those incidents that could not be handled through normal means, those incidents that exceeded the capacity of any Single Agency to deal with under their normal resources and normal sort of standard operating procedures. And so those we defined as significant Cyber Incidents. Those that are going to pose a measurable threat to our National Security, our foreign policy, our Public Health and safety, public confidence, all of those things. To organize our thinking in that space and to make that a little bit clearer, we developed a Cyber Security severity schemea for sort of measuring caltgriesing incidents that constitute those threats. And we actually published that severity schema with the ppd so you can have some insight and transparency into hour were thinking, Cyber Incidents within the federal government. And basically the idea is that the ppds machinery that im about to talk about that puts in place for the government is really aimed at those incidents that cross the line into the significantance category. Those that pose that unusual threat to our foreign policy, our Public Health and safety, our National Security, our National Economic security. And thats really how this ppd is designed. So theres two big parts of the architecture that i want to talk about. One of which is applying the idea of the lines of effort. One of the thing that is we realized that as we are responding to a significant cyber incident, we are going to be pursuing three lines of efforts simultaneously within the federal government. Now, that does not mean that they will all proceed exactly in lock step with each other, but all these activities are going to be going along concurrently. And this is how are we responding to the thing that was impacted by the cyber incident. Thats what we call the asset response. How are we responding to and trying to figure out who the bad guys were. Thats the threat response. And then how does this fit in with our larger picture of whats going on and how does the larger picture of whats going on influence how were responding to those first two lines of effort. And thats what we call our intelligence and supporting activities. The ppd also recognizes that theres a fourth line of effort out there that if youre the effected entity youre going to be doing a whole lot of stuff and if the affected entity is a federal Government Agency, that federal Government Agency is going to be doing a whole lot of stuff including communicating with its workforce, communicating with stakeholders, whether its shareholders or congress. Communicating with the media, customers. Trying to just figure out how to keep revenue coming in the door, how to keep Business Operations going. And we sort of think of that as the Business Continuity line of effort. So we recognize in this structure that all of these things are going to be happening simultaneously. On the government side, the ppd assigns a lead. So d. H. S. Is the lead for the asset response in coordination with the sector specific agencies for that particular if that company happens to fall into one of the 16 Critical Infrastructure sectors. F. B. I. For the threat response. And the Cyber Threat IntelligenceIntegration Center for the intelligence and supporting activities response. And we recognize that the impacted entity is going to be leading the Business Continuity response. And so thats really the way that were framing up the lines of effort. And then within then beyond those lines of effort the ppd actually provides a coordination architecture for the government. And it really directs a couple of things or really three things that i think of. One it says that the field level make sure youre actually coordinating agencies that have people deployed in the field. Make sure that youre actually coordinating with the affected entity so that you dont have 16 different federal agencies all showing up knocking on the door saying hi were here from the federal government, were here to help. So it looks like were actually coordinated at the field level. At the national level, it really directs two things. One is it says agencies, if you participate in cyber Incident Response, you need to have a surge capacity. You need to be ready to have the ability to surge additional resources, assets into place. And we call those the enhanced coordination procedures. Make sure that you have that ready to go. And then the other thing it does at the National Sort of headquarters level, and were going to borrow this concept from the fiscal response world thanks, dad, called the ucg unified Coordination Group. Thats how were going to make sure that the activities occurring at d. H. S. , f. B. I. , energy and other places are coordinated when were actually dealing with a significant cyber incident. And then it reaffirms the role of an nsc chaired body called the Cyber Response group but the National Policy level to connect in and oversee the coordination of the response to the significant Cyber Incidents at the national level. And thats really the machinery and then i should say within that the crg is the plug into the and so then what are we going to do about this significant cyber incident more globally in the long term. Once weve identified the threat actors, if we can, what is going to be our broader response to that. And thats the responsibility of the crg to plug into the broader federal government policy process to arrive at those conclusions. So of course no president ial policy document would be complete without a list of additional things to do at the back. And that is where you see the taskings that come out of that that will be generating quite a great deal of work loord for us over the next months. But including we now have to figure out how to implement this. What does that mean . We need to work out the concept of operations for how a ucg is going to actually operate and these folks can talk about that. We have some lessons from the fiscal world but of course cyber doesnt exactly work that way so we have some new things to work out. We need to update the National CyberIncident Response plan. Thats where you come in. We need your input in particular into that. Because that is where you will be able to plug in, especially. We need to, for example, move out with the exercise programs that ann talked about. We need to update the charter for the crgs. Weve got homework assigned to even the 2346r7b rc. I wasnt successful in pushing that out. Weve got a lot of work to do ahead of us. I really think this policy has come out now because this is the right point where we have amassed enough Lesson Learned that we can actually codify a cogent policy that really reflects all of the lessons that weve learned. It still gives us enough time to finish out the implementation before this administration is done. So with that let me turn it over to some of my colleagues to step through some of their specific points. Andy, if you want to start on the asset response side. Sure. So i want to highlight that when were talking about this ppd implementation of the three lines of effort, we are talking about significant Cyber Incidents as michael noted. I will speak today about d. H. S. s role. Ill note that d. H. S. Has two organization that is participate in threat response. Thats i. C. E. , Homeland Security investigators and secret service. But i want to talk about my organization and the asset response side. Ill note though that as we do that our sector specific agencies are keep partners and we have representatives from two, department of energy and treasury, today. So they will be chiming in about their role. So i like to think about a significant cyber incident as being equivalent to an arson in the real world. If you have an arson in the real world and just the firefighter showed up you would kind of wonder who was going to catch the arsonist. Or if just the Police Showed up you would kind of like some help putting out the fire. So youve got to have both. Touf have both police and firefighters in an arson. Thats the firefighter is the role that d. H. S. And the ntic bring on the asset response side. I will note that obviously leaving the analogy somewhat both of these two threat response and asset response are really hugely fueled and empowered by the intelligence role that tanya will speak about later. But for a private sector victim, you arent going to see the intelligence role so much. You are going to see the threat and asset response. So im going to focus on those from your perspective. So you have your arson, you have a firefighter, and the police there, the threat responders as the police, if you will. What is the firefighter doing . The firefighter to leave our analogy is going to help you find the bad guy, clean up the mess, figure out what did they do to you, and what can you do to improve your security so that this doesnt happen again. And kicking off the bad guy is no small matter. It usually will take a combined effort of the threat response Intelligence Response and asset response to effectively kick the bad guy off your network. Now, in addition to helping you improve your security after the fact, part of our job is to take what we learned from helping you and distribute it to others in the private sector and government to help them protect themselves. So asset response is both about helping the victim clean up after the incident, kick the bad guy off, be more secure, but helping other people not become victims. Spreading awareness of what happens so others can defend themselves. Let me talk a little bit about the role we are playing in what i think of as tactical asset response and also Strategic Asset response. On the tactical side, weve come and help companies and we may help them remotely with things like log analysis, hard drive analysis or mallware analysis or we may help them on site, literally coming on site to remove a deeply embedded adversary. The people i hire to do that have to be both technically proficient, extraordinarily technically skilled and also have to be diplomats. I had a hard enough time hiring cyber experts as it was without asking them to be diplomats. But theyre showing up at the worst time of the victims life, helping a cio or ciso wondering if their job is on the line because of this. So they have to provide help but do so in a way that makes the victim comfortable, happy and that the victim remains in charge. The victim drives the response or the affected entity drives the response. So thats the tactical role. And im big into analogies. And in this conversation im big into mixing them. So i told you my guys are firefighters and then i made them diplomat firefighters. From the strategic, were taking a page from the playbook of fema. So at the strategic level its just like the role of fema on the asset response side here in that its helping coordinate the delivery of all that the government can do in support of the victim to help them in this significant cyber. So the lead asset response role is that high level coordinating bringing to the table making sure that the sector specific agencies like treasury or energy are there and providing their deep insight into the sector of the affected entity. And whatever other government capabilities we can bring on the asset response side to help the victim or affected entity out. Ill close by noting that michael briefly mentioned the work that he had given us. And the ppd gave us 180 days to do that work. If you cant see me, maybe the cameras i hope cant see this, im sweating bullets. 180 days is a pretty short timeframe to update the National CyberResponse Plan. Thats a plan where all of you have a role. So this ppd brings forth what the government will do and the roles and responsibilities of the Government Agencies and the National CyberIncident Response plan, we need to hear from you about what you can do, what you want to do, and what you need from us. So we very much need your help. 180 days is a tight timeframe. Its faster i think than any of us would like. But we also need to get it done. And it will be a document that im sure will evolve over time. So a little bit more about the National CyberResponse Plan. As michael noted were really trying to take the lessons of the physical response world, so fema is convening the drafting in may, anticipating that this would come out we invited Sector Coordinating Councils to participate in some web nars where we started essentially started the thinking on this effort. We formally kicked off in june, june 13th. And we have a writing team already composed of individuals from the Sector Coordinating Councils, others from our state, local, tribal, and territorial governments, and other private sector and Critical Infrastructure representatives. By september, we or in september we anticipate pub liring a draft for a 30 day Public Comment period. I ask each make sure you see that draft and submit comments. In november we at the end of november, we anticipate delivering to our secretary for delivery tolt white house in december and thats how were going to make that very tight 180 day timeframe. So with that, im happy to be here and talk with you about asset response. Let me pass the metaphorical microphone to dj to talk about the threat response. Its a pleasure for me to be here. I appreciate the opportunity. I really want to talk briefly about three things today. First, the f. B. I. s role with regard to ppd 41. The second thing is cyber Incident Response. And the third thing is what the private sector can expect from the f. B. I. When we show up on your doorstep. So the f. B. I. s role in ppd41. Youve heard from michael how the directive organizes the federal governments response to significant Cyber Incidents into three distinct lines of effort. Threat response, asset response, and intelligence support. I would also delineate which federal agency has the lead for each line of effort. So the bottom line up front from the f. B. I. s perspective is that it doesnt really change what the f. B. I. Does or how we do it. It does clarify who is on point in a given scenario. And it sets out a plan for how our different agencies will coordinate and interact moving forward. So lets chat a little bit about threat response. So threat response activities include essentially investigative actions related to Cyber Incidents. Collecting evidence, determining attributeion, conducting Law Enforcement activity, identifying opportunities for further investigation, intelligence collection, and disruption activities or strategies. In other words, the f. B. I. Will continue to do its business as an investigative and intelligence agency. And its activities will also inform the other lines of effort. I think thats really an important point and i want to reinforce that because what we find or uncover will be extremely important and useful to our partners both at d. H. S. And the ctic. Cyber Incident Response. We heard from ann who do you call if youre the victim of a cyber incident . The ppd directs any federal agency that first becomes aware of an incident to notify other entities to facilitate a federal response. We often say a call to one is a call to all. The f. B. I. Encourages companies who have discovered they are the victim of a cyber incident to notify which ever federal entity they feel more comfortable doing so. It could be the f. B. I. , ice, secret service, or any other federal enaltty. If a company decides to report a cyber event to the f. B. I. , of course they can call their local f. B. I. Field office, they can call the Internet Complaint Center or the ncijtf. We estimate that approximately 20 of those in the private sector who have suffered computer intrusions have turned to Law Enforcement. Im not a math wizard but what that means is about 80 are not reporting. And simply put we just have to do a better job and that is not good enough. We collectively have to get to a place where it is routine for the private and Public Sector to Work Together on these matters. We understand that a companys primary concern is to get back to normal but we need to figure out who is behind the attack. And, yes, there may be a divergeance of interest, a private enterprise might think i dont care so much who is behind the attack. I need to get past it. But our longterm interests are aligned with finding out who did it and imposing cost on those actors. Because we want to make sure companies are not victimized time and time again. So what is our strategy to change the reporting equation . Its in our response. What can you expect from the f. B. I. . We are constantly talking about why it is in the private sectors interest to tell us what is happening and at the same time prove that we will not hurt you with that information. We will treat a company the way we treat victims of other crimes. The notion is codified in the directive as one of the five Guiding Principles where it states federal government responders will safeguard details of the incident as well as privacy and Civil Liberties and sensitive private sector information. What does that mean to you . We will work hard to ensure you are not revictimized we will have dont wait until after omething bad happens. It is a long process. The first step is to get to know us, develop a radio lationship with your local field office, integrate the f. B. I. Into your Risk Assessment plan dooned it now. Dont wait until after something bad happens. Let me wrap up real quickly by thanking ann and the chamber again. I want to thank everybody on the panel and their teams for their efforts and contributions to ppd 41. Its really an important document. It took a lot of hard work and collaboration to produce it. And its got great value not only to the federal government but to the private sector as well. I look forward to answering any of your questions at the appropriate time. Thank you. Thanks. And now well turn to the third lead for the third line of effort, the ctic. Good afternoon. So let me first begin by giving you a little bit of background by the Cyber Threat IntelligenceIntegration Center and how we fit into the broader federal Cyber Community which helps inform how well be fulfilling our role in the event of a significant cyber incident. So ctic is the newest of four multiagency Intelligence Centers under the office of the director of National Intelligence or odni. As an odni center we are focused on National Security threats. We are a smallish center with a discreet mission to build understanding of foreign Cyber Threats to u. S. National interests to inform decisionmaking. If i could step back for a moment and say that in february 2015 when lisa announced the president s direction to the dni to establish ctic, she note that had there had been improvements in the policy response to significant Cyber Threats and incidents in response to the increasing number of breaches and intrusions into public and private network. Michael has referred to the crg or Cyber Response group, which is a group that conveens from across the federal Cyber Community to share and coordinate information about significant Cyber Threats and incidents. And to coordinate the governments response at the highest levels. But im sure michael would be among the first to tell you that integration of information and coordination of that sort should not only be happening at a White House Level forum. It needs to be happening at every level of the government at the working level and ften. And it needs to be happening because we all see value to it not because someone is directing us to do it. So at the time that ms. Monaco was making that announcement about the creation of ctic, we as a government were responding to and realizing the scope and scale of the breach of records in the office of Personnel Management and had in the months prior dealt with a significant state sponsored cyber attack against Sony Pictures entertainment. And even as outstanding work was being done by individual departments and agencies in response to those events there was a growing realization that there was no single Government Entity that was responsible for producing coordinated whole of government across the Intelligence Community assessments of current Cyber Threats, of ensuring that information about those threats and incidents, moving rapidly across the government and getting to where it needed to be to inform decisionmaking. In supporting the work of both operators and policy makers with timely intelligence that they need to understand and respond to the latest Cyber Threats and ncidents. So ctic was created to provide just that role. Its specific responsibilities were outlined in the president s memorandum in february 2015, which is available on line. And the center was authorized by congress in december of 2015. So i provide this background on ctics purpose because we see our role in the new ppd41 our intelligence support role as a natural outgrowth of what our daytoday mission is, which is to integrate the governments understanding of ignificant foreign Cyber Threats to u. S. National interests, to build the picture of what we understand what our significant intelligence gaps are, the potential means for addressing those gaps, and the purpose of all that anliltic effort is to ensure that we are arming decisionmakers with the information they need to decide how to apply all of the tools and our whole of government tool kith to oonstisspate mitigate and response to those threats. I look forward to answering your questions. Thank you. Thanks. And thanks, tanya. Now, i would like to weve heard from the leads for the three lines of effort. But when were talking about a significant cyber incident theres going to be the whole of government that responsdz. Sponds. And as andy was talking about in order to do that effectively we need the deep expertise thats brought by the sector specific entities. They are expected to play a role in any Incident Response. So let me turn to jen to talk about their roles from their perspective. Thank you very much. So as the Sector Specific Agency, we really play a Critical Role in the whole of government approach in bringing unique expertise for each sector to be able to cut across all of the activities that were described today we actually contribute and participate in all three of the lines of effort, and we are ensuring that our expertise helps ensure that any response is tailored specific to that sector and that federal Decision Makers and responders understand the unique characteristics of the sector and how a particular incident may impact the broader sector. We make sure the federal response is supportive to the sectors efforts and reflect your priorities and needs as you restore operations. We maintain this expertise through daytoday coordination with the sector in our case energy sect bur this is not unique to other ssas who do the same with their own, working with them on matters of security, resilience, Incident Response and planning to be able to bring that together in the time of a significant incident. I will actually stop there to just give a chance to provide some expertise and perspective from your sector. Thanks, jen. As michael mentioned, treasury is the Sector Specific Agency responsible for coordinating the Cyber Security efforts for the Financial Sector across the u. S. Government. And we have a fourpillarred approach to our Cyber Security effort. The first is really based on adopting and promoting the adoption of best practices and baseline protections among Financial Institutions. The second is around facilitating timely sharing of information around Cyber Threats and vulnerabilities and incidents both between and among the government and the private sector. The third is deterrence function using our sanctions authority to try to deter malicious Cyber Threats and activity. Finally, relevant to this conversation, enhancing response and recovery preerings among Financial Institutions and the sector. So ppd41 was in that dwsh falls squarely in that last category of critical importance to us. We worked closely with our partners on ppd41 really driven by our core mission at pressurery, which is to promote treasury which is to promote Economic Growth and Financial Stability. The ppd recognizes that a significant cyber g pact could have broader economic implications and we at treasury are keenly focused on doing whatever we can to prevented any potential cascading of a cyber impact or cyber incident into a broader economic or Financial Stability impact. Fortunately, as we are providing this input as michael mentioned there was a rich dataset to draw from not only from some of the actual incidents that michael was talking about but for example 59 treasury for the last several years weve hosted a series of publicprivate exercises table top exercises that are focused on a significant, severe cyber attack that involved both the government partners that are here in the room and broader, Regulatory Community et cetera as well as a wide range of private sector entities, Financial Institutions of various types and sizes. And i will say that the Lessons Learned from that process, which we call the hamilton exercise series, have been very rich and theyve helped to inform the ppd effort and the input that we have given here and really support the central importance of the ppd which is really clarifying and codifying the processes by which the government coordinates on a whole of nation bases in response to Cyber Incidents. As jen was saying relative to the department of energy, i would say there are two critical elements to why the Sector Specific Agency i think is so important potentially important if its relevant in this case. One is really i think a coordinating function as was described as appropriate through the Cyber Response group or coordinated group. Treasury can pull together different constituencies. So obviously we have very deep and wellworn solid relationships with the Regulatory Community and the government and then obviously private sector institutions. And we can play a role in connecting those Financial Sector institutions both public and private to the rest of government where we also work very closely. So theres an important we can serve as a coordinating hub in that regard. As mentioned there was a knowledge function, i would say, and insight. Obviously a depth of knowledge about the sector and its institutions. So, for example, a Sector Specific Agency in this case treasury could help articulate the specific channels, for example, through which a cyber incident might affect the broader economy or the Financial System or help inform how a particular cyber attack would impact a bank differently than it might impact an exchange, for example, and help involve that particular perspective. Its really about bridging the inancial stability conversations and the Financial Stability community with the technical Incident Response resources and conversations. Thats sort of the unique role that i think the Sector Specific Agency plays in the overall process. Now, of course its important to maintain the publics confidence and trust in the Financial System. We think that ppd is an incredibly significant step in that regard and we look forward to working with many of you in the room here Financial Institutions of all types and sizes to kind of build upon the ppd to refine our response and recovery, Incident Response procedures, including by the way bridging the ppd and the National CyberIncident Response plan eventually to the private sector Response Plan which exists in the Financial Sector resident in the Financial Services information and analysis center. We call it the all hazards playbook or all hazards plan. And also bridging with the protocols that the financial Regulatory Community has in the sector. So hopefully we can take the effort forward in that regard. But thank you again and thanks to the chamber for hosting. Thank you. And just to close with one hing. We dont always clearly many of the president ial policy documents are classified. And many of them are kept close hold. But because this president ial policy would have such a wide resonance and was partially designed to answer the call that we heard from industry for greater clarity and how the federal government was organizing itself in this area, we took the unusual step of actually making this one unclassified and public. That was a very deliberate policy choice on our part to enable us to have this conversation much more effectively. So that is again one of the goals of why we actually put this policy out, publicly, even though it was really designed to instruct the federal government to do something. We wanted to be able to have that transparencey. So with that we can turn it back over to ann for questions. Thank you, everyone, that was very helpful. We have about 45 minutes or so for questions. We did gather some from the audience as well. So im going to take the liberty as the host and just kick off with the first question. Something thats very important to the chamber and our members is the cyber information sharing act that was passed as you know last year. So i guess the question really focuses on how will the private sector be protected from regulators using the information in the formation of regulations and rule making that we got through that we had a lot of Liability Protections and going through the ppd we didnt see mention of that. Can you address that. Sure. So i mean, obviously the ppd has to operate within the statutory framework that exists. And so all of the statutory protections that would come through information shared through any of those programs would still remain. But i think andy can talk to that in more detail. Sure. I think its important to distinguish in this case between an incident and an indicator. So an incident you will hear another analogy, i told you im full of analogies. An incident is somebody broke into my house. An indicater is somebody knocked on my door and when i answered they said wrong door and went away and i thought that was kind of strange. I know they dont live in the neighborhood. Heres a description of the person. Thats an indicater. An equivalent of be on the lookout. This is a sign of suspicious behavior. The Congress Passed legislation this past december of 2015 giving private Sector CompaniesLiability Protection for sharing indicators to be on the lookout information with each other so youre protected if you share with an isac or an isal, information sharing organization, and also protection if you share with the d. H. S. Through the automated information sharing portal. We then share it with the rest of the government. So the indicators are the be on the lookout, an equivalent of a malicious or pfhisin. We will likely find indicators that we can push out to rivate Sector Companies to further protect them. Now, those could be protected if submitted by the company under this portal. But we also have another statutory regime which is designed to protect you in an incident. So the Cyber Security legislation passed in december is about protecting indicators. Since the Homeland Security act in the early 2000s, d. H. S. Has also had a regime that protects companies from freedom of information act requests, from disclosure in civil litigation. It means d. H. S. Cant share this information with a regulater. So if we go on sites, we apply that statutory protection or if we help you in another way, we apply that statutory protection and whatever you share with us cannot be shared with a regulater. Now, i want to be clear, its not a safe harbor. If you have to tell your regulator about an incident, the fact that you told d. H. S. Does not mean that you have to tell you regulater. Whatever you owe your regulator is between you. But if you share it with d. H. S. We cannot share it with that regulator. Questions, comments. Theres two microphones at the back. For those not at the table with the mics. I have plenty here. She asks tough questions so please, somebody. Ive got a list. Im going to keep plowing ahead then. Ok. This next one kind of gets more specific about the schema. This one is should nonCritical Infrastructure private Sector Organizations expect that a level 3 attack will trigger new requirements for them to deliver information to the federal government . So i think the short answer o that is no. I think the schemaa is really, its not connected to a Regulatory Regime or anything along those lines. Its really to help us do a couple of things. One is actually to have some degree of internal consistency about how we were thinking bout Cyber Incidents. And for us in particularly andy in his role in d. H. S. And david and others at the f. B. I. , for us to be able to look at it from a holistic standpoint and say wait a minute, everybody is rating this as a 3 but we sure dont seem to be acting like it. Is that really right . Or everybody is running around with their hair on fire but we ated it as a 1. So make sure that the responses are actually calibrated correctly. Or to also enable crop agency calibration. So that we get to a common understanding of the pictures so we dont have one agency operating off of a base of information thats not common across the government. So i really think that its the reason we made this public is we want again in the interest of transparency, for people to understand how we were thinking about what constituted something that was a significant cyber incident. There is still a great deal of the art of the judgment in this. And i dont think that we can reduce this to a quantitative algorithm. Certainly not at this point. None of the significant Cyber Incidents that weve dealt with in the federal government have been the same. Theyve all been different. Now, maybe my sec sser will be able to say weve dealt with this kind of incident before but we have not found ourselves in that position with any of our significant Cyber Incidents. Theyve all been highly different. Thank you. Another thing that, as we talk to our folks around the country, the people today in this room i think a lot of them are interested in the Financial Sectors here, we have a great representative people who kind of live and breathe Cyber Security. Cspans covering this and were tweeting and covering this live. So folks watching this, this is new to them. They dont live and breathe Cyber Security. Were trying to socialize the yber framework. How can we explain this to them if theyre not a Critical Infrastructure does this ppd affect them . Does this mean anything to them . Do they have to change their behaviors or rornting in the most basic terms for folks out there . Ill get perspective from my other colleagues. But i think the answer is the ppd is actually on the significance scale ising a nostic as to well, thats not right. It is not wholly dependent on whether youre a Critical Infrastructure company. I think that the that is a factor in how we consider the consequences. Because if you look at it its about consequences, about the impact on National Security, the impact on foreign policy, the impact on Public Health and safety. Now, its easier to draw those connections when youre talking about something that is Critical Infrastructure. Oh on the other hand, it is entirely possible to have a significant cyber incident occur in an entity that is not Critical Infrastructure. So i think that is entirely possible. I think as david said, i think we want to encourage more companies, more entities, more organizations to come forward when they feel like theyve had a cyber particularly if they think theyve had a significant cyber incident. Because thats the only way that we can help and the only way that we can actually gain a greater understanding of whats actually happening to us. I dont know if any of the other folks if i could just add in the Financial Services sector, because of the high degree of interconnectedness in the Financial Sector, defining what a Critical Institution is is sometimes not the most straightforward thing because a Small Institution that could be interconnected into the Broader Network could actually pose some risk to the broader system because of those interconnections. So what we would hope is that the ppd encourages all institutions to really take a hard look at their Incident Response procedures and policies and put what we need to talk about is putting a playbook in place and the ppd provides a framework or a guide post to do that. Of course that playbook should be proportional to the risks that that institution not only faces itself but the risk that is the institution poses to the system as a whole. So its important that it be proportional so this is not like a one size fits all type of thing where even Small Institutions feel like oh my god ive got to go expend a lot of resources to respond to this. But its important that hopefully what weve done here is encourage all types of institutions in the Financial Sector at least to take response seriously. And i would jump in, so first dont worry about whether or not youre Critical Infrastructure. I have found that to be an entirely not certainly not a fun conversation and its not helpful. You as a company should worry about protecting yourself against Cyber Threats. Let us worry about whether we define you as Critical Infrastructure. Second, build the relationships now. And this is the point dj made. With both the local and federal Law Enforcement agencies that you will want to have if you do ave a cyber incident. And one of the points that ppd i dont care which agency you build the relationship with, build a relationship. Let us coordinate ourselves on the back end but build your relationship now. I would argue from an asset response perspective, to footnote on what he said. Sign up to get alerts from the government. You can get on the d. H. S. Web page. The f. B. I. Also has alerts so you will find out broadly whats going on. If you have an incident please call. Thats all you really need to know. We have more things to help you be secure in the background but around the incident have a plan, build relationships in advance, and call if you have a problem. Not to be left out but speaking from the perspective you raised of maybe the cspan viewer. I think its important to know and to follow on what michael said about the effort made to make this ppd unclassified and available to the public. Which is that while we within the federal government and within the Intelligence Community do deal with very sophisticated cyber adversaries, the reality is they dont often need to use incredibly sophisticated means in order to be able to access and intrude upon networks and those may be networks of individuals who work on an entity that theyre trying to target. Or it may be networks of the entity or organization itself. So to the extent that this ppd helps raise awareness more broadly about the types of activity we all face, when we use connected networks and to raise awareness of basic cyber high hie jean that can be employed. I wont even try to approach andys facility with analogies but i think as the f. B. I. Directer said if someone were to try to intrude on your house and you didnt recognize them you wouldnt open the door. And yet we are so quick to click on an email from someone without so much as a millisecond stopping and thinking about it. So general awareness i think will be a useful bye product of this. Thanks. Just as a reminder if youre going to ask a question, just identify yourself. Good afternoon. First thank you to each of you not just for being here today but for your service. So i think its great that the ppd is issued and that theres significant effort for the government to get better organized with how to deal with this. I would like to raise maybe three points in the form of question and requests, perhaps, for followup. So some of the people in the room here today, including me, were involved in the original effort to develop a National CyberIncident Response plan in 008 and 2009. One of the gaps that occurred at that interim state was the lack of followup to create operational playbooks that would actually deal with Different Levels of escalation should we have an event that had national consequence. So the first question is how are what is our thinking right now about the followup, the short time line to develop this update that were trying to get out by the end of the year . I think its going to be important for us to follow that up with the actual operational playbooks that talk about the integration at various levels of escalation. Thats one. The second is one of the challenges weve had for a long time and i dont see it addressed yet and hopefully youll share some thinking about that. If not let us know how we can Work Together to do that. But its oftentimes confusing to the private sector. Many times if an event happens heres a lot of calls from groups at the federal level, state level, regulatory level, many times asking the very same question and sometimes in different parts of an organization. So it creates a lot of confusion and inefficiency. So how will we try and address the issues of how the various Government Agencies fit together so as an example, the various organizations, various groups. How will that be coordinated with the private sector piece . Not just in the interagency but with the owner and operater community. How will we get better visibility and coordination around that. And then the third piece, just as a form of followup is its also important for us to continue to Work Together clabtively on detection, prevention, and mitigation. So what sour thinksing about how were going to continue to take that effort to the next level and hopefully reduce the need for response and recovery . And again thank you all for being here today. Thanks for those questions. Im going to take sort of the last two and im going to kick the first one over to andy. And then also let other folks chime in. I think actually going in everse order. I think one is andy talked about a. I. S. Globally, we are trying to build a much better icture. Think of it, andys colleague over at d. H. S. And i often talk about the weather map concept for cyber space. How is it that we do what weve done for weather in cyber space. How is it that we integrate across what you see, what we see, what our partners globally see to build a common picture of what might be what is happening now and therefore allow some prediction about what might happen in the future. That will allow us to get ahead of the bad guys, to some degree. So that is an important part of it. Another parted is the work that weve been trying to do to raise the level of Cyber Security in our Critical Infrastructure and focusing on those sectors. How is it that we create the right incentive structure for companies to invest in their Cyber Security in a riskbased ay. Thats what the Cyber Security framework is all about. And then theres a lot of the stuff that and you heard talked about this. We are putting in place the toolbox, building a bigger toolbox and stalking it with additional tools to disrupt the bad guys in a much more tailored effective way across the board. Now, the truth is that most of the time youre not going to see most of that. Occasionally that will be public, diplomatic actions. Occasionally we will do attribution. But a lot of times thats going to happen behind the scenes or may result in Law Enforcement action, indictments. It might result in sanctions. It might result in technical operation that is if we do them right no one will ever see. And intentionally so. And so its enabling the government to actually have and the policy makers to have that full broad set of tools to tailer it to the incident, to the adversaries so that we do a better job of countering what theyre trying to do to us in cyber space, whether talking about cyber criminals, activists, or nation states, and how we deal with those. I think the ill turn it over to some of the folks up here to talk about. I think youre absolutely right and that has been in terms of how we actually interact with the private sector. That is one of the reasons why we have tried to employ the unified Coordination Group concept. And i will let both andy and d. J. Talk about that because that is a key way that were going to try to organize the government interaction with the private sector so that we have that crossvisibility that says, so who is going out to talk to the victim and how are they going to do it . Maybe we dont want all 16 of us showing up all at once. And getting that level of coordination together. And also, the concept enables us to bring the private sector in to some of those conversations. We cant do that all the time in every circumstance but certainly the intention to incorporate the private sector into that construct. So let me ask andy and d. J. To comment further on that. So in my previous life i was special agent in charge out in San Francisco and i heard that all the time in the valley, companies in the valley were etting pinged on a consistent bachese by multiple primarily federal agencyings on a regular basis. And it was very frustrating for them. So what we internally decided to do in the f. B. I. Is we stood up an office of private sector to try and wrap our hands around the issue internally first before we looked at it from a whole of government approach. So were looking at how the f. B. I. Is approaching companies and trying to reduce the duplication of contacts with them. So we stood that office up at f. B. I. Headquarters. And then in the field office, one of the thing that is were trying to do is or what we have done is stand up a private sector engagement squad. So all of the contact i shouldnt say all. Most of the contacts with the private sector are being oordinated from that one particular squad. And weve seen over time a reduction in terms of the redundancy of contact by the f. B. I. Out in the valley. So thats a good thing. Theres plenty of work, more work to be done not only internally with the f. B. I. But within the federal government as well. And as michael mentioned the ucg is another step in that direction to try and come up with a better solution to alleviate the pain. Ill just highlight that one of the benefits is to designate internally who is going to be talking to the affected enaltty and then share the information with the other Government Agencies. So its a source for the government to collect information rather than everybody trying to hit the affected entity at once. You also asked about a followup to create operational playbooks. One of the consequences of the short time frame to complete this is unquestionably it will not be all the work. So there will definitely be some work that we have to push off or follow up. Thats good and bad. Thats good because well bring something to a conclusion and put a bow on it and be done. Its bad because obviously the work wont be complete. I dont know yet whether we have a plan for specifically to produce operational playbooks. I think that makes sense and youre involved so lets talk about that. Thats intuitively appeals to me. I would add one thing on the detect prevent and mitigate just so folks now outside of the Incident Response base, my organization is dedicated to helping you run more secure companies and organizations. And we have four lines of effort by which we do that. We help organizations adopt best practices and we focus on the nist Cyber Security framework. We share information. You heard about the automated indicater sharing program today. We have other ways of sharing information including the u. S. Web page where you can sign up for alerts. We do Incident Response. We talked about that. And then we work to improve the security of the entire eco system. And thats through things Like University education programs, efforts to help Companies Develop software more securely, working with the Insurance Industry to help the Insurance Industry better understand cyber risk and having sectors build Risk Assessment. So we do a lot of work on that best practices detect prevent and mitigate front. If any company is interested, please come up to me afterwards. If youre on cspan reach out to us at d. H. S. Gov. I want to note that ctic will never call you. But thats actually for good reason. So even apart from the specific ppd were talking about, it was purposefully scoped not to have a specific outreach and liaison role to the private sector, to state and local Law Enforcement or foreign liaison thats because my colleagues here at this table already have very welldefined roles and relationships with those partners. And it would be a poor use of resources and would only add confusion to have ctic try to jump into those lanes as well. What we do have is the responsibility that specifically called out in the president s memo which is to support the other Cyber Centers departments and agencies here who do have those relationships and to provide them the intelligence they need and to help them whether its maybe downgrading or helping to get information that they could then share with their partners. The agency that works very closely at least with the subset of private industry, we have three dimensions of our work that really get at the questions and concerns that you raised, bob. One is partnering directly with industry closely. This is to work on playbook both as industry organizes themselves together and as we at the federal government do. And where we find ways to connect those two and bridge them together. Its also about communication and not just about the federal government communicating with the state and local entities as well as the private sector and publicprivate information sharing. But its also about public messaging in a significant incident and what needs to get out and how do we get that out as quickly as possible, get the right information out both to help restore operations but also to restore confidence in an incident. The third piece the second piece is supporting innovation the department of energy has 17 national labs. These resources are not just the Energy Sector but across all private industry and government. And we support work there both in partnership with private sector and academia to be able to provide capabilities to respond to an incident, to reduce the likelihood of incidents, as well as reduce the impact for when incidents do occur in infrastructure. On the third piece of course exercising our plan, making sure the work we put together actually would work at various scenarios and we can reduce issues like multiple lines of communication coming through and how we make that as efficient as possible through practice. Thanks. Robert. Thank you very much. Thank you all for being here today. I know weve had this conversation before but im curious as to your perspectives. And that is its probably a major effort it is a major effort to create the crossagency, across the federal government landscape coordination. But one of the issues and concerns for our industry and i think its the case for a lot of other sectors that are regulated at both the federal and state level, is the level of coordination that will exist with state entities so if we look at a state, for example, you can have the governors office, Homeland Security adviser, Emergency Management office, Public Service commission, on and on, and as you add more states and more entities into the permutations from an Incident Response perspective it can become overwhelming and possiblic. So the question is have you given some thought to how to maybe engage governors or some people at the state level so that there is a model or similarity across the states and single point of contact that affected entities can work with when theyre dealing with a major Cyber Response . I think thats a really great question and observation both. We have worked with states on that and they do have a single designated cyber entity. It is not the same position in different states. But i do think theres more work to be done. And frankly, i think thats work that we can take to a certain level but ultimately states are going to make their own decisions and you u may have observed that states do not always want the federal governments advice. I dont understand why not. I love my advice. So i think thats also something while we will work with that with states i encourage you to reach out to states as well. They need to hear it. They ultimately want to be responsive from you so they need to hear thats a concern and something u you want. I think the chamber can help in that regard as well. Theres a group called the Homeland Security consortium that our chairman actually tom ridge started years ago and currently the chamber is the only private Sector Organization that sits on that group. I know following the development of this has sent it out to its members which include Homeland Security advisers, Emergency ManagersPublic Health as well. But i think your point is well taken and well bring that back to trina who runs that as well. My question is on the dfar on the defense side cyber Incident Reporting requirements. I know from the industry point of view its really not clear what happens, whose responsible once the report is made and theres a group of us in industry trying to work with d. O. D. To make that a better process. But i wanted your point of view on when this is reported to d. O. D. Is there sharing across the agency or does it depend on the severity of the incident . So i think the some of that is still a work in progress inside. But i think one of the commitments that we have made and one of the realizations we have had going through this process of getting this policy out the door is getting our machinery right and getting our backend machinery right should be our problem, not yours. We should figure out how to navigate the crazy federal bureaucracy. That shouldnt be your problem to figure out how to plug in the right way. So what you heard d. J. Mention was one of the commitments that we have made to this policy is that we are going to be sharing the threat information that comes in. We are going to be making sure that no matter where you plug in to the federal government if its a significant cyber incident were going to be responding with the right pieces of the federal government that need to respond. In the case of a company thats going to inevitably involve the defense department. Because of their role as the sector lead for that. But were going to bring the right pieces to bear on a oordinated basis. And i think thats the commitment that we are making to get our own house more effectively in order. I think a lot of it is going to be very dependent on the particular circumstances and sort of how a particular incident fits into the broader scheme of things, because the other thing hat i wanted to emphasize is that our schemea does not contemplate a single incident but also a basket of incidents, a group of incidents that any one of which by themselves might not be significant. But for example just to take the Defense Industrial base for a second. It if we actually started seeing and you started reporting to us all of you simultaneously reporting a similar intrusion, that might tell us that something really big is going on. And that the response needs to be more than just what dc3, for example, could mount and that it requires much more engagement of all the folks here to make sure that were not actually missing something thats in fact much bigger. And so its that kind of context that is really important and that we are commiting to doing on the back end. Thanks, ann. Thank you to all of you for all your hard work. I just wanted to amplify some of the comments that were made from maybe a practical perspective here. We are a Critical Infrastructure company. Weve been involved working with just about everybody at the table for the last several years and we appreciate those relationships. I think to the point andy was making a little bit earlier about building the relationships earlier and better and communicating are extremely important. We see ppd41 as another step in the right direction. Were looking forward to participating in that. And i wanted to add that one of the thing that is we talk about, a company the size of ours, is we have the capacity to communicate and the relationships to get things where they need to be. And weve been in a good position over the last several years as a result of that. But we continue to want to mphasize that the small, mediumsized businesses, the suppliers that we work with along the way who might be listening today really need to join in this effort because they tend to be the areas that need the help and i know we work closely with our suppliers and talk to them but that type of communication relationship is just as important. Weve been involved in the Service Security information sharing collaboration program. Thats helped us. Weve been involved in the nist development, the isac development were involved in right now with oil and gas, working with our Leadership Team here at the chamber of commerce. Long story short, people need to get engaged, communicate, and take advantage of these programs. That will help everybody. Youve gone to great pains both in the ppd and today to explain the mechanisms. Great initiative. We all want to assume noble intent. But human perhaps bureaucratic nay might in fact will ask the question. But if nobody is in charge then nobody is in charge. So im not going to go there. Have you thought about metrics or assessment mechanisms that you would use once we go through that first big Incident Response at level 3 or above to determine the way we organize his particular framework . Is it effective enough . Sure. So i would actually argue that again a lot of this policy grew out of our experiences with the significant incidents that we have experienced over the last particularly four years. One of the things that is true about cyber is it doesnt really respect boundries very well. And the other thing thats true on the federal size is that no one agency has all the expertise we need to bring to bear. And so we actually very deliberatively made the choice that we could not simply say that one particular agency was in charge of cyber Incident Response. That we needed the capacity and capability across all the different agencies in those lines of effort. So thats why we divided the work very carefully into those lines of effort and put a lead in charge of those a lead coordinating agency in charbling of those lines of effort. But we didnt try to merge all of those lines of effort into one place. Now, i am also the first one, some members of my staff are here and they know that one of my frequent sayings is that no plan ever survives First Contact with the enemy. So i am very well aware that we will almost undoubtedably discover that we did not get some things entirely right in how we did the layout. Thats why we created specifically the ability for example to update the ucg con opt. Thats why theres some builtin timelines for updating some of the policies and procedures that will flow from this ppd. I believe that we have created a framework that will stand the test of time. But the underlying documents underneath it, those will have to be updated as we learn things. As i mentioned earlier, none of the incidents that weve dealt with that ended up in treating as significant Cyber Incidents have been exactly the same. If you would have told me when i was interviewing for this job that i would eventually have to brief the president on a foreign nation state attacking a u. S. Entertainment company because of a comedy i would have told you you were crazy. But thats exactly what i had to do because the circumstances demanded it. So i think that we have tried to accommodate as brods a concept as we can broad as concept as we can within the ppd structure and i think its a very flexible structure that will enable us to adjust to whatever the demands are of the particular incident that were dealing with. But i am sure that the bad guys will test our levels of creativity. Because thats just kind of the nature of cyber space. And i think that we will try to learn and continue learning from the both significant and non not significant incidents that we face and incorporate those Lessons Learned. Just like we do in the physical world with natural disasters and just like we do with our Counter Terrorism response. We have time for a couple more questions if there are any. Yes. Go ahead. Thank you for the opportunity. When chinas president made a state visit to the United States last september he pledged to president obama that china will crack down on the criminal activities in the cyber space. So im wondering if you can give us an update where things are. Because weve seen conflicting reports on that. Is there a reduction or increase of cyber intrusion from china since then . I also understand that the United States and china are incorporating in this field as well, Cyber Security working group, what kind of things are the two countries ncorporating . And i also wonder whether the tension on the south china seas between the two countries has somehow impacted this kind of cooperation. Sure. So thanks. I think theres no question that the relationship that we have with china is one of the most important. Youve heard the president say that. Its also one of the most complex that we have with any other country. And that there are plenty of areas of tension and disagreement. There are also areas where we cooperate. And all of that is within a very large geopolitical context hat you can never escape. But we did reach some historic commitments last september between the u. S. And china, and we have been focused very much on implementing those commitments. I believe that we have seen some shift in behavior but thats something that we and other folks besides me have talked about that in public, but i think its something that we are continuing to track and pay very close attention to. And im sure that this is an issue that will continue to need to be addressed in the bilateral relationship going forward. Im sure it will come up when the president meets with this fall. I think that we are trying to continue to work on areas where we can cooperate, particularly in the Law Enforcement domain and in sertto sert cooperation and we have made some progress on that. Weve agreed as the commitments called for for moving forward on how to establish a Communication Channels to head off potentially esclatri tensions in the bilateral between our two countries if that were to occur. And weve agreed to continue the highlevel dialogue between d. H. S. And dodge and the ministry of public d. O. J. And the ministry of Public Security with china. December is the target were shooting for here in washington, d. C. So were continuing to try to build that level of ooperation. Is there a shift in behavior, can you be a little more specific . What kind of shift . Unfortunately thats not something i can be specific about. I think its just something this is an area that we continue to pay close attention to and fully implementing the commitments is really important. Thank you. Well, that was a terrific briefing. We appreciate that. As michael said, many, many of the directives are classified and 41 is not. I appreciate that. I know your team and everyone here spent a lot of time and effort into this directive and we appreciate that. I want to add too, just on behalf of the u. S. Chamber and our members, we appreciate the partnership that weve had over the past eight years with you all. Its really been tremendous, particularly in Cyber Security. So thank you for that and your leadership as well, michael. I appreciate that. Folks, i also just want to say that we are having a Cyber Security summit, our annual summit here at the chamber in september, 26. Well have a reception. And 27 will be the fullday event. Many of the people you heard from today will be there as well as luminaries such as general hayden, and others. More to come if youre interested in learning where and what the u. S. Chamber of commerce is doing next on sirer security. You can go to our website, Cyber Security advocacy. Com. So thank you for being here. Appreciate it. Thank you very much. National captioning institute] cable satellite corp. 2016] captioning performed by the national captioning institute, which is responsible for its caption contents and accuracy. Isit ncicap. Org on saturday jill stine was officially nominated to be the green partys president ial nominee at its convention in houston. She also was the green Party President ial nominee in the 2012 election. She was introduced by her Vice President tial running mate. This is just under an hour. This is just under an hour. Are you ready to make history . H . [inaudible] i am so honored to be with you this afternoon. It has been a tremendous experience the last couple of days. Before i get into my remarks, please allow me to thank my dear sister. I want you to understand something. She talks about human rights and the role that i played. When they write the history of the evolution of the Human Rights Movement in this country, front and center will be my dear sister, believe me. [applause] i have to ad i