It is brought to you today by your cable or satellite provider. Nsa director and u. S. Cyber commander admiral Michael Rogers on the need to recruit, train and retain highly skilled cybersecurity professionals. Also hacking on the email servers. Hi, good morning, everyone. Were going to go ahead and get started in a minute, so if we can have you find your seats. Good morning. On behalf of the cyber maryland advisory board, i would like to welcome you to the sixth annual cyber maryland summit. Im david powell. Joining me is rick garetz. Cofounders and cochairs of the cyber maryland advisory board. My great pleasure to welcome the attendees, the speakers, the exhibitors, and the sponsors here to this event today. And also, our local, state, and federal Agency Leaders and policymakers and other dignitaries in the audience. Six years ago, cyber maryland started as an idea to build the Silicon Valley for cybersecurity. To unify the cyber maryland ecosystem around a common theme. To be the epicenter of cybersecurity. And six years later, looking around the room, i would say we have been successful. Wouldnt you agree . [ applause ] but the question that we always ask is, whats next . Cyber maryland has become the model for other states, and earlier today, we made an announcement about a program called cyber usa. Community of communities and cyber states which will be led by the former undersecretary for commerce, bill bond. And the first dhs secretary, tom ridge, former governor of pennsylvania. Rick . Yeah, thanks. So we wanted to kick off the session today, as everyone knows that cybersecurity is the new space race, right . What happened when the space race was going on . Countries were trying to get to the moon. Right now, we have a situation where cybersecurity does not have a zip code. It doesnt represent 21212. You know, colorado, california, and so on. So the first move was to now bring all the states together in a collaborative effort with cyber usa. And then what we wanted to do is one of the major parts of building a cyber ecosystem is building a generation, the next generation, which we call the cyber generation. We thought it would be appropriate to have a student in high school that is teaching introduce our keynote speaker. I had the pleasure of introducing emma rogers in very different sessions and conferences. Whats unique about this is about a year ago, we stood on stage at this conference with rob joyce and cathy hudson and chris alexia, nsa launched a program called the nsa day of cyber. Yesterday, we just reached 5 Million Students that signed up to start to explore their future. And as our introduction to the keynote speaker happens, this all got started here because three years ago, i was teaching a high school at dunbar, a class on technology, and i asked a bunch of students, what do you want to be when you grow up . Their answer was doctor, lawyer, ray lewis. Now what were hearing as early as last month in arkansas, california, virginia, maryland, everywhere, is doctor, lawyer, forensic analyst. Doctor, lawyer, reverse engineer. I think this Grassroots Movement has created a movement that our neighboring states are now starting to work upon and collaborate upon so we can protect the nation and create the cyber generation. So its my pleasure now to introduce a teacher of a local high school, steve morrill, and one of the students to come up to introduce emma rogers, and steve, if you guys would make your way to the stage. And i want to just make a comment about this teacher in general. This is the worlds first cyber teacher who at a High School Level has now built a program in a high school where the most popular sport on campus is cyber. Over 106 middle school, high school and college, i mean middle school and High School Students come after school from 3 00 to 7 00 under their own volition and learn, compete and he has now built this into the Cyber High School and the model. So now, high schools around the country and around the world are modeling this school on how do you give students who have the capabilities to really demonstrate cyber skills to be able to continue and grow this model across the country. So its my pleasure to introduce steve morrill, from loyola high school. Steve. [ applause ] good morning, folks. My name is steve morrill. Im director of technology and cyber science in maryland. Thank you for the opportunity to be here for the cyber maryland kons conference is near and dear to my heart. This was the inspiration five years ago to start our program. Its nice to be in a roomful of like minded folks with the same goal, educating the next cyber generation. Over the last five years, one of loyolas goals and my goal is to solve the Talent Pipeline problem from k12, higher ed and industry. We started five years ago with six students. And i thought, well, that was a fun club for a year. And now we have five years later, 106. I dont hang posters. I dont get on the morning announcements. Its all been driven by Student Interest because students in middle and high school can do more than what we may think. So this morning, were joined by several of our students. One in particular here is junior andrew staman. Hes in his second year with us. This past summer as a sophomore, i think back to my sophomore year in high school, i think i was still mowing grass in my summer. He did an internship at Health Systems in chattanooga, tennessee, where he was a member of the Internet Security team. He brought that information back to loyola and is now teaching sisco routing and switching to our students in great eight through 12. Now hes a junior. Hes already looking forward to continuing his education in college, when he graduates from us in 2018. Hes carrying a full load of a. P. Courses, plays varsity rugby and works in the cyber Science Program because he wants to, not because he has to. So motivation is key. So with that, im pleased to introduce you to andrew. Loyola high school student. [ applause ] thank you. I would also like to thank mr. Powell for inviting me to the maryland cyber summit this morning. As a junior in high school, as mr. Morrill said, i did an internship in chattanooga, tennessee, and i found great passion in the field within two years. It relates to everything we do every day, and it excites me the direction in which the field is heading. This morning, were joined by a man whose position as head of the National Security agency and a Central Security service, two organizations that play a crucial role in todays world. More information about admiral rogers, his career, can be found in your bio in your programs. As all of us are aware, cyber has become the next domain to defend and its a space race of my generation. With the growth of the field, unemployment is nonexistent. Under admiral rogers, im proud to say that the nsa has welcomed more interns my age than ever before. He has faced us with real world challenging issues we face, and im willing and eager to fulfill the needs of the country. By accepting interns from high school and college, i appreciate that admiral rogers has recognized and embraced that us young adults can do more than expected. Its with great honor and privilege that i welcome admiral rogers to the stage. [ applause ] thank you, andrew. Thank you very much. Is that one impressive young man or what . [ applause ] thank you very much. Imagine if you were 16 or 17 years old and somebody asked you to stand up in front of hundreds of people, cameras, to introduce a man you never met and do it in front of a whole lot of people. Andrew, thank you very, very much. I want to thank you all very much for taking time to support cyber maryland. Im here because im part of the maryland cyber ecosystem, both as the commander of the United StatesCyber Command and the director of the National Security agency. Were proud to be a part of this ecosystem. Im here today because i wanted to share a few thoughts on the challenges of cybersecurity. Also selfishly, im here today because if theres a young man or woman in the audience who is interested in challenging work in the cyber field at nsa and Cyber Command, we have great opportunities. Im interested in getting every motivated, talented young individual we can to be a part of our workforce, to help build the future, both in defending structures, networks within the United States government, but more broadly, how we as nsa and Cyber Command, small parts of a bigger team, can do our part in trying to defend our nation and help our friends and allies around the world. Because cyber is the ultimate team activity. And the 35 years i have been a commissioned officer in the United States navy, i have never been part of a mission set before in which your success and the ability to generate operational outcomes is so dependent on a broad variety of partners. That is both challenging but it also represents opportunity. And you see that in this audience today. Among you are High School Students, college students, midshipmen at the Naval Academy. People involved in academic thought, people involved in industry, people involved in the government. At the state, at the federal, and at the local level. Its our ability to harness all of these capabilities that these groups represent into an integrated team thats working on some tough problems. I think we all have to acknowledge were not where we want to be when it comes to cybersecurity. Thats reflected in the increased level of investment. Its reflected in the increased level of activities you read about and whatever your potential source of news is, whether it be print, online media, whatever. You cannot go literally hours without something popping about a major cyber challenge, somewhere, both here in the United States but globally as well, because this is not a phenomena that is restricted to a particular nation, a particular area, or a particular sector or segment. There is literally activity of concern out there in every segment of our private sector, across the u. S. Government, with our allies and friends around the world. And i suspect that that dynamic is not going to be changing in the immediate near term. So collectively, we have to step back and ask ourselves, what can we do working together to attempt to address the challenges associated with the cyber environment were dealing with today. That means information sharing is going to be critical. The government, legislation has been passed in the last 18 months, we have started an initial framework on how to do that. Within the federal government, we have taken time in the last month, under the president s direction, to outline what are the roles of the different parts of the federal government and how are we going to provide support both coordinating internally within the government and perhaps of greater importance to all of you, how are we going to apply that capability more broadly across our nation. As a part of that federal government team, im the first to acknowledge one of our objectives has got to be how can we help to simplify to our private sector friends how you interact with us. We have got to make it easier for you. And we have got to align the insights we generate to generate value for you. You need to define, what is the information you need, how do you need it, and what format, and what truly is the value to me, to you . You dont want us deciding that. We need to partner with you and understand what it is you feel you need. At the same time, we are all out there competing for the same workforce. And that challenge isnt going away. Right now, if you look at the Human Capital piece of this challenge, i would argue in some ways that its the greatest challenge of all. That while the technology is incredibly important to our ability to meet the needs that are associated with the challenges of cyber and cybersecurity, perhaps the greatest challenge is not the technology but its the Human Capital in all of this. How do you make users smarter so theyre making smart, intelligent, well informed decisions . Because you can have the greatest defensive strategy in the world, but if your users are making choices that undermine that security, youve made your job that much tougher. By the same token, you need an incredibly motivated and focused workforce. You not only have to have a workforce in which segments have very specified, specialized training and information in technology and cybersecurity, but as i said, we have to raise the Knowledge Level of every single individual within our structures. So the human dimension here and the ability to generate trained men and women with the right kind of background and insight is a challenge that as a nation were only beginning to come to grips with. I dont think theres any of us here in this audience that would tell you, oh, yeah, i have all the people i need with all the right skills and all the right backgrounds. Clearly are not where we need to be there. Thats one of the reasons why i like to do things like cyber maryland. Nsa and Cyber Command, we want to be part of the solution. You heard in the introduction some of the things were doing in terms of out reach to the private sector about in terms of the academic world with students. One of the things andrew mentioned was our Internship Program. Like many organizations, we have come to the conclusion that the greatest things for us is getting young men and women familiar with us at cybercommand and nsa earlier and earlier. We have a pretty aggressive internship for our organization. In fact, ive been a director at nsa for a little over two and a half years. And i can remember the first week on the job one of the things i like to do is go down, walk around, walk the halls, eat lunch in the cafeteria to talk to the work force. The first week on the job i go down stairs from my office and i stop and say hello to two young ladies. After lunch i go back to my office and i said to my team that works with me in my office, i cant believe how young were hiring people. I met two young ladies who i swear looked like they were 14, 15 years old. I got, sir, they were probably interns. I said we have interns . The thought to me, again, just starting the job was, you mean were giving security clearances to, you know, 15 and 16 year olds . Im the first to admit i was struck by this is a different world and were going to have to do things a little differently than we have historically done. I would tell you the Internship Program has among the highest returns on things we do. Over 65 of the people who intern with us end up working with us once they complete their education. Thats a great place for us to be. You see that investment not just in us. Other organizations are doing it. As a naval officer i highlight what were doing, you see midshipman here with us today. Were making cyber courses mandatory now for the Naval Academy. Cyber is foundational to the future. We are past the time where i dont need to worry about that. Thats what my i. T. Guys do. I dont have to know a thing about this. Given the challenges associated with User Behavior thats not going to work. We have cyber major, we have broken the ground or soon will, this month, on a new cyber center at the Naval Academy and were directly commissioning officers out of the Naval Academy within the cyber arena, something we had not done until a few years ago. We recognize that the world around us is changing and we realize we have to do things differently. You see that in what the secretary has done in terms of our Defense Innovation and experimentation unit out in california in Silicon Valley. Where we acknowledge as a department we have to go where the best technology and innovation resides, its outside the government, outside the department of defense. Weve got to be willing to go to the outside world and say what can we learn from you. How can we partner . What kind of capabilities and insights do you have that will generate value for us and help us in our missions to help defend the nation as well as defend our key friends and allies. Another thing that im always telling the work force at nsa and Cyber Command, the defensive side is a core aspect of our jobs. We must constantly drive for success, but at the same time we must acknowledge despite our best interest there will be times we will fail. We must be prepared to deal with failure in an aggressive way. When i started my personal time in cyber i can remember thinking to myself, the entire focus was to keep the opponent out of your network. Thats the primary driver. But after 15 years doing this in the department, ive come to the conclusion you must not only spend time focused on that, but you must acknowledge that despite your best efforts youre likely to be penetrated. Given that, what are you going to do. I would tell you as a individual that has to deal with major penetrations in networks in the department of defense. Its a different thought process, a different methodology and a different leadership style at times when im dealing with problem and the investments were trying to make, trying to forestall opponents ability to enter networks, as opposed to when we find them there. Its a great leadership challenge. It goes back to the Human Capital piece. As important as the technology is, dont forget about the importance of motivated men and women. Because without motivated men and women, i dont care what your technology is, i dont care how good your defense scheme is, how great your Network Structure is. Without motivate