Challenges that state governments face. This discussion was hosted by the National Governors association at its 2017 summer meeting in prove dins rhode island. They took questions from governors in attendance following their remarks. This is just over a hour. Well, i would like to welcome everyone to the great state ril rhode island. Before i get started, i would like to recognize some of the very distinguished guess its who we have with us. I would ask they pleas stand when we recognize you. I would first, as you see at this summer meeting, that first is the first time weve actually had a head of state, Prime Minister trudeau will be with us today, we have representatives from all over the globe to show the importance of the governors and dealing with International Trade and Business Development issues around the globe and we want to do direct, direct relationships with many of these countries and businesses who have come to visit us at the nga. I thank them. I want to thank china. I want to thank the ambassador from china. He and his group were here yesterday. If we can get them a great round of applause for hosting our opening lunch. And i thank Governor Hogan for his stellar introduction yesterday at the lunch and the great attributes of the great state of maryland, next to the great common wegt of virginia. I would like to reference preem year and Canadian Premiere who are here from canada with us. If you give them a great round of applause. Governors, from japan, give them a round of applause, please. Mayors from mexico, round of applause for the entire mexican delegation who have joined us here today. As we kick off this meeting, i also want to take a moment to recognize the support of many of our partners and supporters who we could not have the meeting without your support and funds our best practices and all the different initiatives of the governors. For nearly 30 years the nga has partnered with the private sector with our newly relaunched nga partners program. They help support the organization not only financially but intellectually with the sharing of best practices, as well as helping the nga stay tuned in the emergency policy trends that are happening in our individual states. A big thank you to all of our partners who are here with us today. Governors, thank them. Next i would like to wheres good r wheres our host governor. Well skip that. Ill let her as soon as she gets here, well hear from our opening governor. I would like to first of all have a adoption for a motion for the adoption of the rules of procedure for this meeting. Would anyone make the motion . Governor malloy. May i have a second . All those all those in favor say aye, all opposed say no. The motion is approved. Governors as you know under our policy process we adopt policies for two years at our winter meeting if anyone has questions regarding the policies i would ask you to see anna davis of the nga staff while youre here. I would like to announce the appointment of the following governors to the nominating committee for the 2016, 2017 nga executive id like to welcome governor sandoval who is here today. If you would give the governor a great round of applause. So, let me start off by saying first of all, buy main goal which launching my initiative which was cybersecurity was to elevate the importance of cybersecurity on every single governors agenda i wanted to highlight why cybersecurity was more than just a Information Technology issue. I wanted to show you cybersecurity is a health issue, Public Safety issue and a economic issue as well as a democracy issue. When i launched my initiative i would not have known cybersecurity would capture the National Headlines that we experienced, including last years president ial election. As you know in november, thousands of internet connected devices including security cameras that were a ocean away issued a cyber attract which brought down we saw a cyber attack that the world has never experienced before. The wanna cry ransomeware looked out users from all across the globe and made it impossible for doctors and other practitioners to access their devices. Experts today are still assessing the impact of this incident. And potentially, more worry some that we are now seeing adversaries use Cyber Attacks to attempt to influence elections not only here but in europe. Through our knew initiative, we have con seend experts from cybersecurity policy from the state government, the private sector, to Higher Education and to all the federal agencies involved to discuss this critical issue and to identify ways for all of us to meet the threat. Let me just say as it relates to virginia, in virginia we have taken very significant steps over the paftd three years to address cybersecurity for our kmn wealth for now and beyond. We have the Largest Naval base in the world, the pentagon, quantico and 27 military installations that are constant lie under skault. Last weree expanded cybersecurity apprenticeships were allowing businesses to stand up to kieb security occupations. In virginia if you come wok for the state for two years, we will pay your education to get a cybersecurity degree. Weve reeted partnerships and Educational Opportunities and scholarships around the commonwealth. I launched the cyber vets program to providing cyber training to our vets. We have 37,000 open jibe jobs, those 36,000 jobs, the starting pay is 88,000. You do not need a four year degree. It is a two year degree or less, and its imperative for all of us as governors to make sure were building that work force of the 21st century. Earlier this year we entered a strategy to make virginia a National Resource center for cybersecurity education. We have a Award Winning cybersecurity education in place. As we know as governors it requires continued till generals. We might be in great shape today but tom some cyber hacker will come up with technology to get into our system. Government is a attractive targ. We have more clegt i have data than the federal government through our drivers license, health care, medicaid programs, state tax returns, many of the cyber hackers feel the best opportunity to get that data is to come into the states because of the wealth of data that we have. It takes a commitment of all the governors to keep our families and our businesses safe. These threats do not stop at state lines. Since july, we have accomplished a lot since we he the in. We held a series of round tables focusing on the cybersecurity risks facing the health sector, institutional, weve spent significant time highlighting the opportunities cybersecurity press for all of us and the opportunities of a more connected society and a vibrant technology economy. As you know, we have held two soldouteevents, one in boston and san jose where many of you have sent teams of officials to discuss cybersecurity issues and apply as ive said from day one, if we do a great job in virginia, but there are states that dont do anything as it relates to cybersecurity, they will reach our state through a back door through a healthcare provider, insurance provider or some other business that is doing business with both of our states. So, these summits some minimum indicated in a natural summit in june where 45 dates attended and learned about how future cyber trends and how to cues invate i have technology to many of you remember at our winter card we gave you a cyber score card that highlighted the areas where you are exceeding, areas that you could use a little more help, and areas that you need your full and immediate attention. This continues to be a useful high level tool that you and your team can utilize to track your progress. Our cyber best Practices Center how has the updated report cards for all of you. We were also joined in february by admiral rogers the commander of the u. S. Cyber con and the director of National Security agency for a off the record discussion about how the states, National Guard and the Cyber Command can Work Together. He stressed to all of us governors that we are at the forefront. That he cannot do his job as head of the National Security agency if we in the states are not doing our part. We held a joint governors senator meeting on cybersecurity priorities and challenges of the United States congress. We had a great group of governors to meet, we went up and met with the leadership of the house and senate. We have implored the congress to have a cybersecurity committee. One does not exist today in the congress, it is spread among many of the different committees, and there is jurisdictional territories where people have not wanted to give up some of their jurisdiction. We as governors call upon the congress to put together a National Committee to deal with this issue and to put funding in so we at the state level can do in our jobs. Lastly we put together 18 documents that highlighted the recommendations and best practices of the National Guard, Cybersecurity Response plans, and work force develop many. That, you can all implement in your states startic today. You all have those documents in front of you and theyre maintained at the nga cyber resource page, nga. Org, this is the package all of you have in front of you. It has all the latest data. It has when you need to do as a governor to make sure your state is up and meeting the threat of cybersecurity. What we saw last fall was only the beginning. Richard clark, who is a National Expert on cybersecurity, adviser for four president s briefed me the other day and said the actions we saw last year as it relates to russia and other nation states is only the beginning. It is only going to ramp up. And they want to ramp up by coming after that state data. So, i would say it is incumbent upon us as governors to make sure that we are doing our part to keep our states and our nation safe. Most of you have gun implementing these recommendations we say thank you. Since the launch of my initiative 30 governors have signed a executive order or legislation or announced a cybersecurity initiative. This has resulted in a dozen executive orders, 14 signed bills, and 17 initiatives. In idaho, for example, the governor is imt plementing recommendations made by his cyber body and reextent sent lie named a cybersecurity director. In new mexico, clairfied when the National Guard can be used during a cyber event. In oregon, Governor Brown signed a executive order to move all cybersecurity into one agency. Governor sandoval signed a bill to create a Cyber Defense center to lead all their cyber projects in their state. More can be done. There are now at least 34 pending bills in state lettfgt yours that you can add advocate for and push. Although these are great accomplishments we must mother complacent. Criminals will pursue vulnerabilities in our defenses that will harm our citizens steal our resources. That is my initiative little life on. Through this center, the nga staff will continue to assist your states in implement best practices and be a lasting resource for you and your staff. Before we go on to our speakers and our discussion, i do want to give a special shoutout to jeff and tim and ask them and all the folks who worked on cybersecurity, if they could stand up and you could give them a great round of applause for the great work they have done. Thank you gentlemen. And before we get to the speakers, i see that our host governor has arrive. I know she was busy doing interviews outside. But i would like to turn it over to you if you would like to give a opening statement. I want to thank governor. Im proud to say a record number, 33 governors and 1800, 1800 folks have signed up to come to this, which is by far more than three times more than weve ever had. I know its because of our great governor and the great state of rhode island. I want to thank you. I know the time and work you put into this. On behalf of the governors thank you and its great to be in rhode island. Thank you, terry. Thank you good morning for those i havent seen yet, welcome to rhode island. We are very pleased with the turnout. It has broken every record as i understand i. I want to thafrpg all of you, some of whom have traveled very far to be here. I also want to thank and acknowledge terry for his leadership on this issue. It is true that youll be leaving us as the chair, but i think you should feel great about your legacy because you started a initiative that many of us have followed. I know i did. I signed a executive order around cyber, put a task force in place, and have hired for the First Time Ever a director of cyber and Homeland Security reporting directly to me. So, i think were all doing our part. The hardest part of all of this, of course, is behavior change. And i would love to hear technology is one thing, resources, this is really about getting people to change the way they do when they log on, if they change pass words, how they do their business. And thats even harder than the technology. And so i think as we go forward, under governor sandovals leadership, anything we can do to focus on that would be helpful. Were thrilled to have everybody rhode island. Noon were having a governor only session with two important ceos. The ceo of cvs, and the ceo of igt, both very substantial companies and sponsors of this event. Thats at noon. Governors only. And id love it if all of you guys could be there. Thank you. Thank you governor. So back to the cybersecurity to add a little more context it the issue weve discussing, were honored we have three great speakers and i appreciate them coming. Matt spens is a partner at adegreesen horowitz. Raytheon company, the Vice President of raytheon. These speakers are here to provide a window into the future of cyber secure, what it will mean for your states and how we can take advantage of the tremendous opportunities in this sector. Id like to turn it over to matt. Matt, the floor is yours. Thank you very much. Thank you for the invitation to speak about cybersecurity. In particular for your initiative in raising this issue to the governors in this area. By way of background, im a partner of the Venture Capital flirm, we invest in new and exciting and emerging technologies, everything from Artificial Intelligence to drones to Financial Technology to Health Technology to Companies Like airbnb and lyft and cybersecurity companies, like tanium where chris is at and other companies we look to have some of the most exciting technologies which have a huge impact on the work you are doing. I spent time in National Security positions in the obama administration. I was at the white house at the National Security council, where i spent hundreds of hours in the white house situation room dealing with everything from the planning of the operation against oe sauma bin lauden to trade issues to cybersecurity issues which were some of the most is serious and significant that pervaded nearly everything we talked about. I spent time as Deputy Assistant secretary of defense dealing with some of those issues from the defense perspective. I say that by way of framing to take two different perspectives to open up what we think about some of the cybersecurity issues. From the situation room to the board room of what companies and states face every day. And where things are going, i want to say two things that may seem a little counterintuitive. If the question is where is cybersecurity going in the next five to ten years, part of the question is to look back ten years. It was ten years ago last month that the iphone came out as a product. Something that is fundamentally changed the way we think about come mers and other types of things. But if you look back, the conversation about cybersecurity has not changed very much over the last five years. We still talk very much about the upcoming pearl harbor of a cyber attack. We talk about the threat. But actually what has happened that needs to change has not changed very much. The fundamental issue is not actually one of technology, as governor but is one of Human Behavior. It is doing some of the basic work of hygiene and good Health Related to cybersecurity and changing behaviors that leave us all vulnerable. Thats where governors and Political Leadership comes in. The second thing i want to say is there is tremendous opportunities were not necessarily paying attention to. When i was at the Defense Department, i headed up working middle east policy. Its possible to hear about the threats until you want to go home and take a nap and not worry about whats going on. What we dont spend time talking about as much is what the opportunities are. And i would say as we think about the threats of cybersecurity, a critical part of the conversation is not to talk about the enormous opportunities here. The internet, Artificial Intelligence, driverless cars, the enormous amount of connectedness we have create vulnerabilities, we need to think about and coordinate and stop from hurting us. But at the same time the very innovation that drives those technologies drives our economy. And when we think about the roles of governors and regulation is to come up with the right balance to encolonel that innovation, enturj the technologies that create threats but use it to drive our economy to help us address and mitigate some of the Cyber Threats were dealing with today. Thank you governor, its really great to be here with leaders across the country addressing a issue thats so important to us. The work the National Governors association has started over the past five years and been accelerated by the governors leadership is straeng thenning our governments cyber resiliency. Raytheon is a company many of you know we have employees in 46 of the 50 states. I oversee the raytheons interrogated defense system, raid ars, air and missile defense, airy time, we have a Strong Manufacturing base. In many base raytheon looks like a lot of companies in our states and we are is cyber company. Foreus it started with protecting our own products, our own networks on which Sensitive Data resides. We took it to our customers. Weve spent billions of dollars in tech noj. I would argue that every business is a cyber company. Every company that replies on networks, computers, devices, sensors, data base as, manufacturing, automation and intellectual property you want to protect. The unique thing about the cyber domain is now dynamic it is. The tech landscape is changing nt threatscape is always changing and rapidly advancing. The work you started here is a beginning for each of you. Cyber is a issue thats here to stay along with education, health care, jobs, and Public Safety, as it touches all of those. Cybersecurity has changed dramatically in less than a decade from a it issue protecting networks and intellectual property to protecting our way of life. When everything is connected, everything is vulnerable. As a result we see cybersecurity even for commercial companies as a National Security issue. Multiple times over the past year weve been reminded by Cyber Attacks that theyre easily launched, far reaching, have Global Implications and thats the challenge. The cyber threat has become more sophisticated as nation states and cyber criminals invest foreresources in cyber atacts because the return on their investment is so great. Theres no doubt the you probably know state schools with Important Research work something done are important targets. Let me take you through a simple example. A professor working at one of your Research Universities doing something in high powered lasers. Clearly engineer, probably a gadget guy like me, got one of those neat Garage Door Openers that you can control with wifi, you can close the dodger door if your kids forget. Bought it five or six years ago, the circuit cards probably didnt come from the United States, theres been no firm ware updates in the last ten years, controls it from his iphone and now theres a instant gateway. Now youre on someones iphone, access to bank records, medical records, and probably Remote Access to his Research Work that hes doing at the university. Now youve just turned something simple from a gadget bought five or six years ago, connect today is a iphone, now its a National Security issue. If a cyber war were to come its going to come across commercially owned ways. We believe companies and states must see their presence in the cyber domain through a National Security lens. This will as we rely pore heavily on on artificial we kreetded force point a Cybersecurity Company to take the technology that we developed for the defense and Intelligence Community for the private sector. States have a major role to play in developing our work force, strengthening the resiliency of our work force. I look forward to continuing the discussion. Good morning. Thank you governor for the opportunity to speak and governor for hosting us here. I am particularly excited to have the opportunity, i actually start the my career in the Public Sector. I worked for a local government, i was virginia borne, bred and raised. Proud of that. After i worked for a little bit in the Public Sector, i had a opportunity to see the kind of challenges that the Public Sector is facing. I work at tanium after spending a few years as facebook. Tanium is a company that works in the fortune 500, including 12 of the top 15 banks. The governor medicationed about Human Behavior. That resonates with me because i want to talk a little bit about the Human Behavior of the governors that are surrounded here, the people at these tables 6789 one of the things that i worry about from a security perspective is fatigue. Right . You hear it all the time. Theres a lot of fare, uncertainty, doubt, the sky a falling, west mentioned going to take a nap after hearing about it. I hear the opportunity of us to get resigned. There was another attack on ukraine and the official government twitter account at which time add a cartoon of a dog a house on fire, they were resigned to that fact. I certainly respect the fact they could handle that with such comedy, i compose, but at the same time its tough to see a situation where we would become that resigned and as governors thats not the way we do things. I have sat and watched as a constituent and a Interested Party what all you governors have done in health care, infrastructure, energy, education, in a number of other areas, and youre really leading the way. I think you all know that. Whats interesting about that is many of the initiatives that you all are undertaking are filled with technology, its throughout. Youre making things more connected, help make your constituents lives are improved. Security is going to be a important part of what makes that successful. We will always have challenges in the security space. Over time with the things you guys are leading on, its going to be a scale issue. How do you handle the number of connected devices, the things that give your constituents the things theyre looking for the. The key is to consider security throughout the life cycle. There are two things you can focus on. One is to use your convening problem, bring together the public and private sector, have them figure out ways to Work Together and solve some of the problems. Then i think really focus on ushering a new world or new set of expectations. You have a number of powers around how you purchase and including security in the way you do acquisitions. You can really drive things. You can change the agenda for the private sector if you need to and certainly youre driving the agenda for the Public Sector. Im really excited to be here and have a opportunity to talk about the challenges and thank you very much for the time. Thank you. Now well move to questions. But before we do, obviously a big part of cybersecurity is making sure that we have a work force to deal with and make sure that we are actually moving forward on building that work force for the 21st century. Governor hutch i son, this morning, he and i kicked off a coding event for young girls who are here today, it was a spectacular event, and it really comes down to the teachers. And i am honored today that we have a very special teacher with us today. Her name is sidney cavy, shes a human tease teacher in massachusetts. She teaches history, government, but transforms those classes into authentic lessons to prepare forestudents for the future. In april of this year, sidney was named the National Teacher of the year for the United States of america. Not only is that honor, but tonight she will be throwing out the first pitch. If we want to go with her today to see the boston red socks, shell be throwing that pitch out. If we can recognize and thank sidney for being with us here today. Thank you, sidney. What we did this morning, that was something very special the nga did today. Thank you mr. Chairman and i want to applaud you for your leadership on this issue, just the awareness of it for the governors is critically important, as well as the pledge that we have made to do more on siep security. And im glad you mentioned the girls who code initiative. This morning. Theyre working right now as we speak on their different projects. And well hear more about them later. But in arkansas, you mentioned the work force. And it really ties in as part of our initiative, it is to prepare teachers to teach Computer Science, stem education, to encourage the students to take it. Weve had enormous success in that. We mandated to have offered in every school, weve retrained teachers. Sort of a complimentary side of coding is the cybersecurity. And we have, for the first time, conducted a Risk Assessment in arkansas on the Cyber Threats. We have looked at a coordinating agency, our department of Information Services to coordinate that response cape ibltd. Were doing the work force side of it. But if wes or one of the could just speak to the relationship between coding and Computer Science being taught, and cybersecurity and the education that relates to it. How do those fit together . Are they complimentary, does it need to be a distinct focus or can it be a similar focus. Governor, i think thats a, you know, its a key thing in thinking about going forward. You know, the cyber threat advances so rapidly. And is changing so quickly, that it isnt something that we can afford to always be in a reactive mode about. I would even argue, although its important to increase our cyber work force across the nation, at the end of the day were probably not going to be able to outhire the threat. This is why it becomes more important, what you talk about is developing cyber resistant or cyber Resilient Networks to be built into all of the software, all of the coding. So back to your point it becomes one of the key things is about designing a cyber resilient architect chur. Thats, one, to repel attacks, but it may be, i think this is important for states and anything with national securities, hospitals, is that you have to be able to operate through a cyber attack. And maybe its in a degraded mode, but you have to be able to operate through. We cant afford Emergency Services or medical services to be shut down during a cyber attack. And were never going to be able to repel or avoid 100 of those. Its how do we operate through that. Foreraytheon, weve moved away, we dont report on the number of attacks we have. The metric we report to our board of directors is dwell time. We know no matter how good our fire walls will be, theyll be a possibility that someone gets inside the network or there will always be the threat of a insider threat. So what we measure is that amount of time that a attack is persistent inside our network. And i would much rather have 100 penetrations for a minute than one penetration for 100 minutes. We look at that average dwell time. Thats the metric we report to our board of directors. Let me also mention a announcement that they want me to make today that the signs institute, i know many states competed for these scholarships and theyve chosen the second states the the seven states, virginia, rhode island, nevada, hachlt, michigan, delaware, within those seven states, the top hundred dollar will each be given a 1,500 scholarship to study cybersecurity and they will go on to be able to access over 500,000 worth of scholarships. Lets give the Sans Institute a great round of applause for building that work force for the 21st century. I want today comment briefly, first thank you for taking the time to come here, matt, spens, i want to thank you for your service, youve played a number of different roles to bring that experience to our we had a old trw defense contractor who had left a large building, 140,000 square foot building, we get the legislature to fund the rehab of that building. Were trying to find ways to build bridges between the well one is making sure that elected officials, by that i mean not just governors but mayors and city council members, county commissioners, had the education to deal with cybersecurity not just in not just they dont need to know how to code, obviously, they need to have how to allocate resources and assess threats. We were doing a class, if anybodys were doing a class on the broad moer on just these issues, how to, in a day and a half, make sure people are confident to understand at a deep level, and we oe a lot to governor mac olive and your initiative here. When you look at so much of what were doing is around cybersecurity comes out of our Defense Department in aur government we see great cons trugss of cybersecurity entrepreneurship built around those investments by the department of defense and Homeland Security, how do we accelerate the transferral of research so it is translating into businesses and jobs that are ultimately going to be the ones, i think, that help keep us safe . I think this really circles back to that education. Ive been lucky ive been successful thusfar in my career because ive been able to surround myself by people way smarter than i am, which im sure everyone whos been successful does. We talked a little about how you can educate individuals to help make them, you know, more effective in this space. We talked about girls who code and starting early and building in not only technology but certainly security into their curriculums there. A example i like to bring up, governor ivy, i think youll appreciate this one, the university of l obaalabama has strong forensics program. I would not have thought uab would be a place you would find the candidates. I think of the stanfords and mits of the world. But what they saw was a opportunity and they pulled together the right people. I think ultimately whats really important, as i mentioned, starting early, getting people familiar with the technology, making sure that they understand how it connects to cybersecurity and having them think and change their behavior. Those are the real keys. Then you have a set of people who can help all of us understand the things that are emerging so you can keep up with the way these things are evolving. Governor i think youre asking the right question. How do you bridge that divide between what youre doing in the private sector and the government parts. This may we spend a lot of time with Cyber Technology focusing on congress or the white house. Hour view is the most Important Technology makers are sitting around this table, the governors. Really, when you look at the things that really matter, it is governors and mayors working at these issues. In a very practical way. There are two things to bridge the divide that arent sexy but important. It is how the government buys and hires. What i mean by that, these cybersecurity problems are incredibly hard. Theyre evoluming vehiclely. The best thing our government offers Amazing Technology and entrepreneurs. The problem is it is hard for these entrepreneurs and innovators to cell to governments. Process he is take too long. Procurement is long and extensive. There are great Companies Like tanium and others who we look at who have great ideas and are looking to go in and it really needs to find a way to be able to purchase in a way thats more expedited and sell their great things. There are ways to do and partner with raytheon and others but to make sure when you find a Great Company and idea, allow the government to be a good customer. The second issue a hiring. And that is not just training and coding, which of course is critical, but when you have done that, find a way to allow those great people to come in and work for your governments. You are working on incredibly important and interesting issues. And i know that the pay is nowhere as near good in the private sector, but there are Mission Driven people desperate to serve in the government and it is so hard. When i was at the defense at the present time i probably talked to ten people a week, eager to work for the government, longer hours for less pay but for a mission they cared about. And our answer was theres no website, theres no easy way to bring you in. And when i walked out of the pentagon, the National Security issue i was most concerned about was not isis or iran, and it was not syria, but was whether that we were equipped in our government to open the door to the most talented people to come and work for us. I think that is a enormously huge challenge which those of you around this table have enormous power to do something about. And for that, i its heart evening that youve invited us to talk about this and its a huge privilege because i think part of that is, is really having a conversation between innovation and the most important policy makers here. And one thing that we try to do at our firm is have that conversation between what youre doing, talk about what some entrepreneurs are doing. I look around the table and the governor has made a trip to Silicon Valley and visited our office, governor mcauliffe and if any of you would be interested in coming to the mean streets of Silicon Valley in january or february, we would love to host you, not, you know, to meet with me or other folks but to talk with some of the people who are really inventing the greatest ideas of the future, who are eager to talk to you about partnership, about what their technologies can do to help solve the incredibly vexing issues that youre dealing with, cybersecurity, infrastructure, homelessness, health care, and have a conversation that really bridges what i think unfortunately is a pretty enormous divide between what is happening between technology and entrepreneur and what problems need to be solved and the type of regulatory opportunities and great thinking that is all around this room. Governor has a quick followup, the basic Business Model raytheon but together with our commercial division, force point, is to take the defense grade Cyber Solutions we employ, around the world, with the intelligence service, work through the process of deciding which ones of those can be commercially available, moving that over to our Commercial Point of the company, and selling that as a commercial package as a cyber package that a small business, bank, a safety government, a university can purchase to provide a constantly updated Cyber Protection package. Ill add one thing quickly. The other opportunity you have is youre, you know, as you hire great engineers, youre going to write code that solves problems for the state governments. When i was at facebook, one of the things we focused on was giving back, because we had a lot of real privilege to have a great set of software engineers, we would open source a number of different tools. Thats a opportunity also for states to attract the talent that youre looking for. This is coming to someone saying listen youre bowing to be able to support the mission and when youre done, youre going to be able to give the software back and help, whether its other states, companies, what have you, and you build this reputation around what youre doing, states are in a unique position because of their role to do exactly that. Officgovernor immediat my question is, it seems that we occasion lie read in the papers that a city or town or states been attacked say by ransomeware. And then the next day you hear it in another state. My question is, i know, for example, the council of governors has been working on this, states have been working on this, ngas been working on this, but i would be interested in hearing the panels opinion on, is there a better way for us to share information . It seems difficult when we have the federal government, the states government, local government, then the private sector, you know, competing against one another. But if we had a opportunity to learn from one another, to warn one another about threats that have happened, it because if my state gets hacked and then two days later by the same scheme another state gets hacked, we have a opportunity, perhaps, to do a better job and share perhaps through a, you know, National Alert system or something to prevent us from different states or communities or companies suffering the same sort of scheme. My first, maybe matt your opinion on that, are we doing a good job, is there opportunity in the future to do better in sharing information and help learn from one another to protect one another. Governor thats a great question. And there are efforts like this to have this conversation around the table about cybersecurity which is a important first step. But the reality is were not ready. And we are not doing enough to share information. Part of the reason for that is in a weird way its actually the wrong way to say cybersecurity. We talk about that and cyber, but those are actually specialized in this talk about security. Its actually security which per me its everything. Thats physical security, threats from cyber entries, other pieces very much related. The reason why thats a important point to keep in mind is when youre sharing information, thinking about its not something in a particular bucket, its something that permeates a whole range of things. Your con constituents and voters arent thinking of the department of Homeland Security or defense or a local government or state government. They just know that they dont want fraud to happen, they dont want things that are very sensitive that they keep in their iphone to get elsewhere, and they dont want the tremendous opportunity of technologies they buy create a lot of new windows and doors that some cyber burglar can break into. I think a big part is to have better coordination mechanisms both between jurisdictions, between the nate of cybersecurity there will always be things overlapping, but we need to do much more of that. But then the second piece is to increase trust and collaboration between the private sector and government to do this. We spend a lot of time talking about bringing washington the Technology Sector together. But its even more at the state kpals to do much of this. If i was thinking about a agenda what can happen at the regulatory and government level, finding ways regulatory level, finding a way to share information is really key. We are living in a world which is very much of the pre9 11 Intelligence Community era. We have heard many, many stories about different Intelligence Groups knew something, and it wasnt really out of ill will or anything anyone wanted to do that we left ourselves vulnerable. We just cannot modernize our system. Now it is time for us to take the next step to find ways to take a step forward to modernize that and better share that type of information. Governor berman. One question for chris and one for matt. Chris, opinion is one of the Fastest GrowingCyber Companies in the world. Maybe you would like to share a little bit on what the market signals are telling you and what problem youre trying to solve and how you are approaching it . For matt, i know not only do you invest in things, but you look at places strategically where the next thing is coming. Where is the next thing going to come from that it is looking for . Of course im happy to talk about the technology. Thats kind of my role. Really the thing we are tapping is something i mentioned a little earlier, which is really scale. You know, it is very hard to manage massive networks, and theyre only getting bigger. I think i read something the other day, there are about 8. 4 billion devices connected right now, and thats up i think 31 . Thats going to grow tremendously over the years. One of the things we as a company did was try to say, okay, well, you know, we cant sort of do it in a traditional way. What is another approach we can use, sort of handling the massive scale of these environments. Thats what drove the innovation, thats what helps our technology succeed. What is interesting for me as i think about it and i think about, you know, all of the initiatives that are helping as i mentioned constituents do great things through technology, the growth of devices, people talk a lot about the internet of things, for, you know, whatever definition they have for that. But at the end of the day, all of those are devices interconnected in some way, shape or form and able to share data back and forth. What we focused on being able to scale for that size. Thats what has made the whole because we recognized that was coming and i dont see it changing any time soon. Governor, thats a really interesting question in one of the favorite parts about my job is we look at what is coming down next. There are two things right now. On the security front what is really exciting is there are threats that we might not be thinking about that we need to be defending against. You know, one for example is when you call someone on a phone, if you assume that someone know thats your voice, youre there, but how do you really know . For example, theres one company where were investing called pindrop security that works on the integrity of your voice to make sure that when youre speak that someone knows it is actually you, would use it as a variety of identity. Thats one. The other piece, and this relates a little bit to cybersecurity, about some of the most exciting areas of innovation is Artificial Intelligence and what is called machine learning. So a lot of the things that actually would seem to be ten or 20 years in the future are actually happening pretty closely here, which have a lot of implications for things that governors are doing. So, for example, Artificial Intelligence, without, you know, recently was actually commissioned to actually write articles based out of the last olympics. Artificial intelligence has spent time actually trying to write music or write speeches. You know, there is a company that actually merges a lot of interesting Health Technology plus Artificial Intelligence to take the huge amount of data we generate from our apple watch to provide better biohealth. Theres a Company Called cardiogram that analyzes your part beat from the apple watch, takes the data and can predict a heart attack faster than the best cardiologist at the best medical schools in the United States. Those times of things are interesting, to take technology and data to make your population healthier, which can produce a whole range of things. I guess what i get most excited about, i talked about opportunities before, are the opportunities for these types of things that are doing things theyre not even 10 years in the future. Theyre a few years in the future, or even theyre happening right now and theyre really cool things that have been able to happen. Anymore questions . I know it is a constant challenge to make sure that we provide funding for technology in state government, it is a battle we have to fight. But one of the things that often falls by the wayside is fiber security, the Continuous Monitoring and assessments and training you need to do. Do you have a recommended percentage of the i. T. Budget for a state that should be spent on cybersecurity . It is a great question and i think gets to the issue. For a while it became cliche to say, youre going to be hack, youre going to be hacked, everyone is going to be hacked. If you say that to a corporate board, they say, okay, what am i supposed to do with that . You know, if it is all going to happen, i just want to put my head under the covers. When youre a company or much like your state, you are dealing in a resourceconstrained environment. You dont have the luxury to spend an unlimited amount of money on the massive problems that you have. So the key is really thinking about prioritization. I think there are two ways to think about prioritization as you think about that. One is to prioritize your types of assets and what really is critical and critical infrastructure, but the other piece is actually to think about prioritizing information. This may seem counterintuitive. We spend a lot of time thinking about the perimeter of security, and that is to stop someone from getting into your house. All right. So you can lock the doors and put bars on the windows, but there are a lot of cracks and a lot of ways to get into your house. What shouldnt happen is once you get in your house, you get everything. You get the best jewelry, you can walk out with anything you want. If we think about it, we in a sense treat a lot of our information thats on our networks very much the same. You know, if youre in the government when i was at the white house we had different layers of information. You have unclassified information, you have confidential information, you have things marked as secret, you have things marked as top secret, and then you have a level of security clearance even above that which has the most sensitive ways about how our government gathers intelligence. So just because you work at the white house, you dont get access to all of that information. You know, just because you happen to walk in the door, you cant do everything. Even just because you have a security clearance, you dont get all of that. So if you think about prioritizing i. T. Budgets and these types of things, part is thinking about ranking and understanding what happens when someone is in your network, what are really the crown jewels and what are the things that you really dont want to get out but are sort of less important, and taking just a more strategic approach rather than saying once someone gets in everything bad is going to happen. Governor, i would like to offer just a couple of other thoughts on that. That is, you know, some of the basic things that you can start with that really, you know, dont cost much and wouldnt have to be viewed as a percentage of the budget storts cybersecurity is, you know, the first question is does every state have a chief Information Officer that reports directly to the governor, and does that cio have a seat at the table in most all decisions, especially any purchasing decision. Because as i mentioned earlier, a lot of this is about thinking about the architecture of your system. So as different universities, hospitals, any staterun thing, thinking about is the architecture designed to be cyber resilient and do you have some standards around things like medication or multifactor authentication. So i think that theres a lot of opportunity where the cyber resiliency can be bit in to systems and it is not at an additional cost. It is about thinking about an overall architecture and having someone designated as that cyber czar who has oversight and influence into state level decisions about what i. T. Systems are procured and what the requirements are levied on those. You know, governor, i cant say i have the direct answer for you. I dont have a great percentage, i really wish that i did. But at the end of the day im actually a pretty simplistic guy and trying to do the simple things right. I think when you think about the way that you allocate budgets, youre often thinking about, hey, what is the most important thing and really targeting getting those things done well. So for me, you know, one of the things i have seen certainly is challenges where, you know, organizations are really trying to use this cutting edge thing or the latest interesting thing that they heard about or read about, when really as what is sort of alluded to gets back to basic and about spending and focusing on those basics. For example, one of the things we see oftentimes is we will go into an environment and say, hey, do you want to use our technology, we will go in and show you how it works, you can play around with it a little bit. First, you know, where are all well, we have a list or a set of systems, and then we go in and find, i dont know, anywhere from 12 to 20 more systems than they expected. You dont have a view of exactly what youve got and youre not focusing on first solving that fundamental problem with tlim i thinked budget that you have. Then theres a significant challenge there. Then you stack on to that the idea that, you know, you have limited budgets and limited number of people to solve these problems for you. So you want to make sure you make the best use of those people. Again, i think it connects back to something im beginning to sound a little like a broken record on, which is scale. How do you scale not only the technology but your people. Use them as effectively as you can so they can get the fundamental problems solved effectively as well. Okay. Let me first of all, lets give a round of applause to matt, les and chris. Thank them for their great leadership here today. [ applause ] as we close the opening session, let me remind you that everybody has this packet. I would also like to recognize governor ivory, our newest member here from the great state of alabama. Give her a great round of applause. [ applause ] thank you so much. Anything you would like to say, governor . We are just glad to be here. We are eager to get to know each one of you and, yes, we are on top of cyber activity in alabama as well. But im grateful to be here and look forward to working with you. Thank you very much. So you all have this booklet. It has one pagers in it, front and back. You can pull out one specific. It is constantly updated by our cyber team. I would ask you to take this packet and give it to your team, make sure you bring in your adjunct general, make sure you bring in your National Guard, your cio, get your whole team. As a governor i would call everybody into your office, into your conference room, make sure they have this so they know what they have to do. It is critical that you bring your National Guard in early to make sure theres the sharing of information and theyre part of the process in your state. I also want to thank the governors for we have signed a compact here for meet the threat. We have 38 states. I thank those governors who signed on to this compact. We will now have a continuous dialogue as we go forward. As i say, this is an evolving space. Every day there is something new as it relates to cybersecurity. Our team and the private sector folks here, i want to thank them for help using stay uptodate. I want to thank the corporate sponsors who funded this initiative. On behalf of the National Governors association i want to thank all of the folks that have been part of this process. Now i will adjourn our first session and we will see you a little bit this afternoon. Thank you very much. [ applause ] join us saturday when President Trump will deliver remarks at the commissioning of the jerrold r. Ford in norfolk, virginia. The uss jerrold r. Ford is the first of a new class of Nuclear Powered aircraft carrier. Our live coverage begins saturday at 10 00 a. M. Eastern on cspan. Sunday on q a when we look at president obamas domestic legacy, i think there are two things that are very important that will have long lasting good consequences for the United States that can be summarized in four words. His two nominees to the supreme court. The second of our twopart interview with Pulitzer Prize winner david darrow. He talks about ridesing star the making of president obama which covers his life up to winning the presidency. I think the point to emphasize is over the course of baracks presidency there were scores and scores of people in illinois who had known him in years earlier who were deeply disappointed with the trajectory of the obama presidency, and disappointed in two ways. Number one, disappointed with barack forgot the people many of the people, most of the people who were essential to his political rise. Sunday night at 8 00 eastern on cspans q a. And i think one of the hugest problems in capitalism today is the insane ceo pay. We can get into later how it became insane, but it is harming the companies that use it. It is harming the employees. It is terrible for the economy. It is one of the principle problems of increasing economic equality in this country. Saturday at 7 00 p. M. On book tv, steven clifford, former ceo of king broadcasting company, talks about his book the ceo pay machine. Sunday at 1 30 p. M. Eastern, dr. Willie parker, a christian and Abortion Provider talks about his book, lifes work, a moral argument for choice. So we pushed back on the morbidity of abortion. We pushed back on the claim that it is dangerous. We havent made the case that women have and people who are making decisions about reproduction, a process that occurs in their body, that it is within their agency as human beings to make those for more of this weekend schedule go to booktv. Org. Next, members of the Lgbt Community discuss their personal experiences in the fight for Marriage Equality and transgender rights. Participants include a couple who became colitigants in a case that led to the legalization of same sex marriage in the state of california. The twohour event was hosted by George Washington university in washington d. C. Earlier this month. Welcome to our fifth annual lgbt health forum. This is actually a very, very special one for us, and were doing a number of wonderful things