challenge of these ransomware attacks. the need for information sharing between private companies and the federal government in a way that can be really uncomfortable for private companies, of course, on some level what this comes down to is whose job is it to try to make this stop because it's coming more and more and more. what do you think? >> well, kate, i think it's -- the answer is all the above. a company's private entities certainly have a responsibility to do all they can in a defensive way to defend against and to be prepared if they are struck by a ransomware demand. and to be resilient to recover, keep their data separate, do table tops exercises and all that sort of thing. so i think it's perfectly legitimate for a hearing, the members of congress to ask about what defensive measures that colonial pipeline had