Go to school. That joint measure of our goal together and individual work is what so inspiring and what is aspiring when we see everybody here together at the conference. So its exciting to be here. Thank you. Thank you for the conversation today. Thank you for your service. And thank you for being on the front lines of our nation and bringing us together in this important fight. It was an honor to be with you today and thank you for the honor of joining us today. So good to be here. Good morning, everyone, i hope you are able to get caffeine in your systems, get your blood flowing. I do to cknowled good morning, every i want to knowledge all the media that has been with us for the last four days. We really appreciate all your coverage and all youve done for us. Thank you for being here. We would like to follow the fireside conversation by taking a more indepth look at the future of cyber. For our next session, 2024 and beyond, the hard road ahead, we have invited a distinguished group of experts to look at the topic or multiple lenses. Moderating the discussion will be rene nguyen, former cio nasa and our featured speaker for this conversation are dave frederick, assistant Deputy Director for china, National Security agency. Eric goldstein, executive assistant director for cybersecurity, cfd sza. Retired Lieutenant General dean fogarty. Senior executive adviser. And andrew adviser and technologies. Formally coo cia. And dave richardson, Vice President of product and Point Security lookout. Please join me in a pleasant welcoming our speakers. Wow,. I hope you have shaken off the,. Malaise of being in a conference all week and talking t good morning, everybody. Hope you shaken off the malaise of being in a conference all week. I hope youre using your devices as we are a cybersecurity conference. Thats always a good thing. The road ahead, insert it you got that at the front desk. Good morning, everybody. Its great to see you. Given the Rapid Advances in technology and the ever shifting Political Economic and environmental landscapes, the future of cyberthreat world is sure to change. This group of experts will explore how this future will likely impact cybersecurity and things to think about in order to keep up and we might go back to some of those oldfashioned human factor problems that will lie ahead in the future as they are here with us today. So, gentlemen, this is a all play so everybody gets to answer and hopefully you will sort yourselves out. If not, i will help you if it is necessary looking beyond cybersecurity, what big shifts are happening in the world that will change how we should be thinking about the Digital World and protect it . Versatile, its a pleasure to be here. With this group of professionals. I think as we look at the way ahead, i am forecasting out a little bit, the things that concern me the most, demographic shifts, particularly in the global south, lots of opportunity, but lots of challenges there. I think supply chains are increasingly becoming an issue. If you think about restrictions that we placed on transfer of technology to the prc, there will be a fortat there. I think we have had the opportunity to purchase a lot of raw material from them, things that are very vital for everything from moving to electric vehicles to building cell phones. So, no supply chains will have to be reconstituted and that will require significant hat investment. Then, i think that things we cant predict. Social, economic, political and cultural factors that are really going to drive this, but we have to watch it and i think this is where if you go back to the comments from earlier this morning and start with the other comments, the key is partnerships. It is foreign partners, inner Agency Partners within the u. S. Government, its commercial partners, its partnership with academia that give us an Early Warning and we never seemed to predict these things exactly right. But, that will be the critical aspect of getting through this. Thank you. To build on steves answer, i think one of the things that we should look at thats happening in real time is we are watching a digitally enabled army to take on an analog army. And we are seeing the digital army winning. We dont know how this will end and overwhelming force may win at the end, but there are a lot of lessons here beyond the battlefield lessons about what a 21stcentury capability can do against the clearly 20thcentury capability. Beyond us improving and becoming better, i think there is also others were paying attention to the sensing that david can take on goliath and maybe win. I think it changes the defense dynamic broadly in the National Security dynamic as people watch us unfold. Thank you. Eric. Its wonderful to be here. At such a privilege to be on the stage. If we look at the cybersecurity ecosystem, i think at this point, we can fairly say it is defined by a constantly actors who seek shared goals, shared norms in cyberspace, freedom, openness, resilience and some seek the inverse and then there is the middle and there are organizations and countries that are in many ways as yet undecided about what the future of the internet, the Global Digital commons, should look like. One of our broad challenges which apply to cybersecurity that not only cybersecurity is how do we in the United States convey that positive affirmative message of the internet of network Tech Knowledge ease as being an ecosystem that enables growth, enables prosperity, enables freedom of expression, and that cyberinsecure cybersecurity is because right now, there are two many places around the world and the issue of supply chains, where there are countries who are attempting to make inroads in entering into commercial agreements and, supplychain dominance in a way that undermines our collective global interest in seeking a world where small Democratic Values are the norm and are enabled by security and resilience at scale and it is up to all of us in this community to convey cybersecurity not only as an approach to protection, but as a positive vision to advance the values in the future that we seek. Just be he represents a Critical Infrastructure so, those are important remarks. Based on the interconnectedness and dependency on, lets say, electricity and clean water. Anyway, dave. Its great to be back. When i was here last year, i was in cybercommittees executive director and i am in a new role as the assistant debbie director. Eric and i did not coordinate on our comments, but i want to build up on some key points he made. Starting with this focus on the prc. We really assess that the prc and the competition between the prc and the United States and allies will be the defining issue for the next generation. What we are seeing happened today with the prc is that they are exporting Digital Government model designs to improve and support authoritarianism and increase their global influence. I think that is an area in the u. S. And our partners will have to work very hard at to counter and provide positive options especially in the global south and other regions. Another area where i think competition between the United States and prc will be critically important is intactnology standards. We have to work closely in close cooperation with our Form Partners to effectively engage in standards both for the base of Telecommunications Standards that we are focusing on today but we need to think about emerging issues and standards related to Artificial Intelligence and other emerging technologies. We are sort of innate trade war of sorts with them and what does that mean for supplychain that we are also accustomed to having on the less expensive side and what does that mean and how do you make shifts. We are talking about a huge Economic Impact both on the Positive Side and on the negative side as well. Very thoughtful remarks. I want to build on what you are talking around Artificial Intelligence. There has been a lot of discussion already around Artificial Intelligence, but that is essentially lowering the skill gap are both good actors and bad actors. It becomes so simple these days to generate compelling automated attacks whether that be phishing emails or fishing websites but sophisticated exploit chains and those kinds of things. Where that used to be something that required highly skilled individuals to be put in a very dedicated effort. These days, you can buy a phishing kit online. Its even simpler than that with the rise of Artificial Intelligence but there is a flipside as well. Its a tool that can be used for good and used for sorting through massive amounts of data and finding anomalies and things like that. Something that needs to be embraced by organizations, as it was mentioned earlier, an attacker only needs to be right once and the defender, you need to be right all the time. In order to successfully defend your organization. I think Artificial Intelligence is a big one. The other big one is post quantum encryption. If you think about a world that is five years away or a month away, who knows these days, there will be a world where encrypted data stores will all be given enough time and enough money and can be broken so organizations did you think about where your data lives and who has access to it even if it is encrypted. Because there is a clock on that and someday someone will be able to get access to that data. Excellent. Thank you for that. We were in the green room preparing, you mentioned that theres a pretty important vulnerability out there right now that perhaps our audience might benefit from hearing about. Sure. Absolutely. If you havent seen the news, late last night, citizen lab sent out a vulnerability disclosure around a new exploit chains in the wild called blass pass. Its a affecting all apple device out there and this is a pretty scary exploit chains so basically what can happen if someone can send you through i message whats called a pass kit file which is basically like your boarding pass for your flight later or Something Like that. And your phone automatically parses that when it arrives to generate an image in a pretty thumbnail and the act of parsing that can exploit your device. Remotely. So, you could receive and item from an unknown number, you dont even have to look at it or open it, or see it, or know that even happen, and then your device can become compromised remotely and infected with advanced spyware like pegasus. This is found in the wild apple put out a patch last night for all apple devices and iphones, ipads, et cetera, and you should get that update as soon as possible. Its very, very important. And these are the modern kinds of threats that exist these days where your phone can be in your pocket and you can get a text message and it is not compromised and the attacker, first thing they do is delete that text message and notification and you dont even know what happened. Somebody is living in your phone and watching everything thats happening in there. Thank you so much for that. Also, remember, a friend is not going to send you tickets to taylor swift. Just keep that straight. That is also audience participation. Make a note, not until we are done in 27 40. Pay attention to these guys. They are talking beyond now. All right. There seems to be an emerging conflict between developing technologies focused on decentralization and traditional political and economic entities. Wanting to Leverage Technology for control. How does this play out . Steve, why dont you get us started. Absolutely. This is nothing new and not emerging. It is a constant, i think, for all of us. Particularly those working or have been on the government side and have worked the government side and now that i flipped over to the commercial side, its a very interesting viewpoint. What you realizes you are working towards the same thing. But the value systems and value chains might be different. So, you think about what i think a lot of people would look at is web 3. 0. Or web 3. Block chain. So, that becomes as popular discussion and i fall along the molly white viewpoint which is its a bunch of scammers, a bunch of hucksters, budget people that are out there and what is the Value Proposition . So, that is one example of where you can be i think there are other examples, use of a. I. Generative a. I. Quantum, either computing for power or for encryption to protect encryption. So, you have the Tech Knowledge ease that will come and go. I think they said it very well. In 2018, the issues and concerns they were facing are not the same ones they are facing today. Part of that is change and technology. So, where i am at on this right now is that tension can be useful and i think it is not just government, not just big business, and the little guy that are out there. There are a variety of factors well beyond the technology. Sometimes we jump into the technology and i think its important to look at some of the other fact years. There are social factors, there are economic factors, there are political factors. There are cultural factors. The discussions we are having in the u. S. Where you might have in the european union, you might have in another place in the world may be very different than the discussion you will have in china. Or in russia. So, this tension between freedom and oversight or compliance or regulation actually, i think, is very valuable. You will have some people who are pushing the limits and sometimes they get themselves in trouble quickly. They always either one to look for someone to bail them out, or there is another group that are rapidly exploiting gaps in regulation and oversight and compliance. So, there is a role for both the government to be involved in this space, a role on the commercial side and certainly there will be a very loud political, increasingly more political role in this. So, i think where we have to be at the end of this is, again, clear communication, very Good Partnership between the people deploying the Tech Knowledge ease and the government the technologies and the government and i think it is getting expertise to understand the technologies, understanding the effects and most relaxing most recently you think about the release of chatgpt and it created this firestorm and i am sure the Big Companies pulling the capabilities didnt foresee that visceral reaction was going to be. I know the government is still trying to sort out that we what is the role of government in this space. So, the question i think, tension is always going to be there and that is actually okay, thats what im saying. Thank you, c. Eric. We are in the middle of what is an interesting and dangerous period. I characterize it as both a deepening and broadening of cybersecurity risk. On the broadening, weve been talking for a while about the democratization of the cyberthreat manifested tangibly by the ransomware ecosystem. Where youre able to rent without any training and launch attacks on victims of your choosing and even leverage brokers to get access to victims in order to execute your malicious intent. If we combine an ecosystem of that nature with the increasing ubiquity of regenerative ia, we are further reducing the floor to launch damaging intrusions and democratizing the availability to actors who have malicious intent but no capability. Now, all you need is the intent and a little bit of money. Combine that with what we also see which is the deepening of some of our apex adversaries and the advisory that we released on prc living off the land which is extraordinarily challenging trend line and now instead of using traditional malware and commandandcontrol infrastructure detectable by the cybersecurity tools we all know and love, it will not work anymore for actors using these techniques. You need to understand the activity on your network to such a granular degree that you can detect anomalies that indicate that adversaries are using legitimate tools, Network Management tools used by your administrators, but for malicious intent and to gain and sustain persistence. If we see this at an intersection, democratization and advancing sophistication, what does that mean . We would it means in the first instance, a focus on resilience and the fact that our goal is detect, prevent, respond in every context, we will never succeed because we will never keep every adversary out of every Network Every time. What we can do is make the investment to me to make sure when our adversaries gain access, we ideally find them quickly but limit their ability to cause harm on american organizations and the american people. That is a bit of a cultural shift because it takes us outside of the traditional cybersecurity box and becomes more of a business issue and Business Continuity issue, but that is where we need to be. What we encourage is we are a little bit preaching to the converted but lets try to get out into the broader world and speak with the Business Community so the Resilience Community of how we can join these disciplines and make the investments before they are needed. Thank you so much. How about you, dave. Im so, the i think the part i would reinforce, kind of really off of erics point is an area, a trend that has been very positive is the relationship, the partnership between government and private sector. I think there is still a lot of room to get better, but when i reflect back on when i first came out of the intelligent side of nsa and started focusing on cyberand c