1 00:00:00,000 --> 00:00:02,999 I said I was going to call this "Information Sharing Is 2 00:00:02,999 --> 00:00:06,542 Broken," but I figured there would be about three or four people show 3 00:00:06,542 --> 00:00:10,792 up so I decided to make it sound a little bit more provocative. 4 00:00:11,083 --> 00:00:15,209 One of the Cardinal Rules of public speaking is never apologize. 5 00:00:15,375 --> 00:00:17,751 Well, I'm going to break that right now. 6 00:00:17,792 --> 00:00:21,999 I had a irrecoverable hardware failure last night, so we have no slides, 7 00:00:21,999 --> 00:00:26,000 so which means you only have to listen to me. 8 00:00:26,375 --> 00:00:29,250 So I'll try to be as entertaining as possible. 9 00:00:31,751 --> 00:00:35,834 I'm always a little bit anxious, but I'm also very appreciative when I'm 10 00:00:35,834 --> 00:00:38,918 talking with an audience of my peers. 11 00:00:38,999 --> 00:00:41,417 Usually many of you you can put your hand 12 00:00:41,417 --> 00:00:46,167 down now know more about some of this stuff than I do, so feel free 13 00:00:46,167 --> 00:00:49,626 to interject as we go along here. 14 00:00:50,209 --> 00:00:53,584 I don't think I'm going to break any new ground here today. 15 00:00:53,584 --> 00:00:54,999 I'm probably going to pull together 16 00:00:54,999 --> 00:00:58,999 a few things that people have thought about kind of independently, 17 00:00:58,999 --> 00:01:03,501 and what I really want to do is provoke a conversation. 18 00:01:03,918 --> 00:01:06,999 When I spoke here last year, some of you may remember I did a keynote, 19 00:01:06,999 --> 00:01:10,250 but I was a fed at the time, so I was a little bit restricted 20 00:01:10,250 --> 00:01:13,584 on what I could say and how I could say it. 21 00:01:13,999 --> 00:01:15,250 This year I'm not. 22 00:01:15,459 --> 00:01:16,999 And I'm not. 23 00:01:18,083 --> 00:01:19,542 (Applause). 24 00:01:20,792 --> 00:01:23,999 But I'm also not here to bash the government and poke anyone 25 00:01:23,999 --> 00:01:25,501 in the eye. 26 00:01:25,501 --> 00:01:29,167 I have a lot of great friends in the government, at the US CERT, 27 00:01:29,167 --> 00:01:32,083 the NCIC and the other government agencies, 28 00:01:32,083 --> 00:01:36,250 and they work very, very hard just like most of you do, a lot 29 00:01:36,250 --> 00:01:41,626 of time without a lot of the accolades that go along with that. 30 00:01:41,626 --> 00:01:43,667 So I'm not going to poke my former colleagues 31 00:01:43,667 --> 00:01:45,667 in the eye there. 32 00:01:46,375 --> 00:01:49,417 And I'm not going to get close to crossing any lines 33 00:01:49,417 --> 00:01:53,083 because I know there's people out there taking notes to poke me 34 00:01:53,083 --> 00:01:56,999 in the eye with my own words if I do cross that line, so I'm going 35 00:01:56,999 --> 00:01:58,834 to avoid that. 36 00:01:59,751 --> 00:02:02,999 When the title of my presentation was published, 37 00:02:02,999 --> 00:02:06,292 a few people called me to ask me if I wanted to talk 38 00:02:06,292 --> 00:02:08,999 about this issue now that the Snowden and 39 00:02:08,999 --> 00:02:11,999 the prison thing came up, and actually I was 40 00:02:11,999 --> 00:02:15,626 a little surprised about it because that's not what I'm 41 00:02:15,626 --> 00:02:17,542 talking about. 42 00:02:17,709 --> 00:02:21,834 In fact, it's the farthest thing from what I'm talking about. 43 00:02:22,125 --> 00:02:26,584 What I want to talk about today is the kind of defensive analysis, 44 00:02:26,584 --> 00:02:30,792 the counter measures and signatures that each of you are doing, 45 00:02:30,792 --> 00:02:33,083 developing within your own companies 46 00:02:33,083 --> 00:02:35,999 and sharing with each other every single day 47 00:02:35,999 --> 00:02:39,125 without the help of the government assisting you 48 00:02:39,125 --> 00:02:41,083 in doing that. 49 00:02:41,083 --> 00:02:44,459 I noted that's one of the roles of the government, but that's really 50 00:02:44,459 --> 00:02:48,209 the context of what I want to talk about today. 51 00:02:48,751 --> 00:02:52,667 And I'll tell you, I don't pretend to have all the answers here either. 52 00:02:52,709 --> 00:02:55,542 As I said, I want to provoke a conversation. 53 00:02:55,709 --> 00:03:00,999 And as I started putting this thing together, I canvassed a bunch 54 00:03:00,999 --> 00:03:06,209 of my colleagues and the general consensus is this is, in fact, 55 00:03:06,209 --> 00:03:10,167 a conversation that needs to happen. 56 00:03:10,167 --> 00:03:13,999 I know General Alexander said that very same thing at Black Hat 57 00:03:13,999 --> 00:03:17,999 during his keynote, but this is a different issue as far 58 00:03:17,999 --> 00:03:20,167 as I'm concerned. 59 00:03:20,209 --> 00:03:23,667 So I could ask you for a show of hands to see who 60 00:03:23,667 --> 00:03:29,083 in here thinks classified government information is of any value, and 61 00:03:29,083 --> 00:03:32,959 since probably most of you have never had access 62 00:03:32,959 --> 00:03:38,792 to or seen classified information, it wouldn't really be you wouldn't know 63 00:03:38,792 --> 00:03:42,709 if it was of any value to you or not. 64 00:03:43,501 --> 00:03:47,083 And I talked to a few of my friends, and several people asked me why 65 00:03:47,083 --> 00:03:49,125 I thought the government cyber security 66 00:03:49,125 --> 00:03:53,792 intelligence was of any value to the private sector to begin with. 67 00:03:53,999 --> 00:03:56,751 I thought that was kind of an interesting response. 68 00:03:56,751 --> 00:03:59,334 In fact, one guy said from the public sector side, 69 00:03:59,334 --> 00:04:03,334 it's probably just as valuable as it ever was. 70 00:04:03,334 --> 00:04:05,999 From the private sector side, it's probably just as useless 71 00:04:05,999 --> 00:04:07,959 as it ever was. 72 00:04:08,334 --> 00:04:10,083 Very interesting. 73 00:04:10,083 --> 00:04:11,375 So that's a great point. 74 00:04:11,375 --> 00:04:13,876 And after being in D.C. 75 00:04:13,876 --> 00:04:16,876 for the past four years, the last couple of years 76 00:04:16,876 --> 00:04:23,083 with a ringside seat in the government, I have a little theory now. 77 00:04:23,083 --> 00:04:25,876 And one of the great struggles that I had 78 00:04:25,876 --> 00:04:30,542 in being a government I'm a terrible government employee. 79 00:04:30,542 --> 00:04:33,083 I just I wasn't good at it. 80 00:04:33,501 --> 00:04:37,250 There's too many restrictions, there's too much you just can't there's 81 00:04:37,250 --> 00:04:40,292 too many boundaries about what you can say and do 82 00:04:40,292 --> 00:04:42,999 and how you say and do it. 83 00:04:43,667 --> 00:04:46,584 So my theory is this: Washington, D.C. 84 00:04:46,584 --> 00:04:51,292 occupies 61 square 61 square mile geographical footprint. 85 00:04:51,375 --> 00:04:55,999 The entire continental U.S, including Hawaii and Alaska 86 00:04:55,999 --> 00:04:59,542 is 3.51 million square miles. 87 00:04:59,542 --> 00:05:02,125 So percentage wise, D.C. 88 00:05:02,125 --> 00:05:05,209 is geographically negligible. 89 00:05:05,209 --> 00:05:06,667 Here's my theory. 90 00:05:06,667 --> 00:05:09,999 There's so much power in Washington, D.C. 91 00:05:09,999 --> 00:05:12,250 that many people think they actually know more about you 92 00:05:12,250 --> 00:05:14,999 and your business than you do. 93 00:05:14,999 --> 00:05:16,209 A lot of people in government talk 94 00:05:16,209 --> 00:05:18,667 about the private sector like it's some kind 95 00:05:18,667 --> 00:05:21,167 of third cousin from Moldova. 96 00:05:21,459 --> 00:05:24,334 Actually, I stole that line from somebody the other day. 97 00:05:24,334 --> 00:05:27,999 But it's true, people in Washington, D.C. 98 00:05:27,999 --> 00:05:29,999 talk about the private sector even though most 99 00:05:29,999 --> 00:05:33,083 of them have not worked for the private sector, and 100 00:05:33,083 --> 00:05:36,209 they don't really understand the struggles that you 101 00:05:36,209 --> 00:05:40,999 as cyber officials face every day where you actually have to meet a payroll 102 00:05:40,999 --> 00:05:46,125 and you have different responsibilities than we do in the government. 103 00:05:47,626 --> 00:05:51,292 It's a bit of a cliche, but we hear it said a lot that 85% 104 00:05:51,292 --> 00:05:55,626 of the critical infrastructure in the nation is owned and operated 105 00:05:55,626 --> 00:05:57,999 by the private sector. 106 00:05:57,999 --> 00:06:01,292 And I don't know if that's true or not, but I think for discussion purposes, 107 00:06:01,292 --> 00:06:03,375 probably close enough. 108 00:06:03,834 --> 00:06:07,125 But it's simply not logical to think the government can know 109 00:06:07,125 --> 00:06:10,834 more than know more about 85% of the private sector than those 110 00:06:10,834 --> 00:06:13,709 of you who are in the room today. 111 00:06:14,083 --> 00:06:16,083 Those of you who are working in these organizations essential 112 00:06:16,083 --> 00:06:17,542 every day. 113 00:06:17,999 --> 00:06:23,250 So as I said, no government bashing, I'm not going to I'm not going to do that. 114 00:06:23,459 --> 00:06:25,959 But I do want to give you the bottom line up front 115 00:06:25,959 --> 00:06:28,417 for you acronym word buffs. 116 00:06:28,501 --> 00:06:33,667 Bottom line up front, and for those of you that this pops your bubble, 117 00:06:33,667 --> 00:06:35,501 I apologize. 118 00:06:35,501 --> 00:06:37,334 And you can probably get up and leave and it won't hurt my 119 00:06:37,334 --> 00:06:39,125 feelings after that. 120 00:06:39,834 --> 00:06:45,083 The government is not going to come in on a big white horse and save you. 121 00:06:45,999 --> 00:06:47,999 It's not going to happen. 122 00:06:47,999 --> 00:06:50,125 The government doesn't have the resources. 123 00:06:50,584 --> 00:06:52,876 There's just no cavalry. 124 00:06:52,876 --> 00:06:56,209 By the way, as I look through the looked through the agenda, 125 00:06:56,209 --> 00:07:00,083 Nick and Josh are going to talk on Sunday morning titled 126 00:07:00,083 --> 00:07:02,626 the exact same thing. 127 00:07:02,626 --> 00:07:04,375 The cavalry isn't coming. 128 00:07:04,751 --> 00:07:06,083 I suspect they're going to talk about some 129 00:07:06,083 --> 00:07:08,999 of the same things I'm talking about today. 130 00:07:09,918 --> 00:07:13,999 The government is simply unable, at least today, to provide timely 131 00:07:13,999 --> 00:07:16,999 and actionable information when you really need it 132 00:07:16,999 --> 00:07:20,334 because the legal policy and operational restrictions 133 00:07:20,334 --> 00:07:25,626 within government are not designed to share with the private sector. 134 00:07:25,751 --> 00:07:30,083 I know that we've had this discussion, public private partnership for years 135 00:07:30,083 --> 00:07:35,709 and years, but it's not working like we hoped it would way back then. 136 00:07:35,959 --> 00:07:39,209 After working there for the last couple of years, I realize 137 00:07:39,209 --> 00:07:41,999 as much as we want it to, it's probably not going 138 00:07:41,999 --> 00:07:44,999 to work well enough in the private sector to depend 139 00:07:44,999 --> 00:07:50,125 on it consistently at least in the area of security intelligence sharing. 140 00:07:51,125 --> 00:07:53,999 The pace of innovation in the commercial sector 141 00:07:53,999 --> 00:07:56,584 is far more rapid than in the government, 142 00:07:56,584 --> 00:07:59,501 and primarily because Darwin's theory does apply 143 00:07:59,501 --> 00:08:01,918 in the private sector. 144 00:08:01,918 --> 00:08:04,999 You know, the strong and the sustainable survive and 145 00:08:04,999 --> 00:08:07,083 the weak don't. 146 00:08:07,292 --> 00:08:09,999 And the government not so much. 147 00:08:10,167 --> 00:08:13,834 In fact, there's so much growth in the private sector development 148 00:08:13,834 --> 00:08:17,999 of cyber security intelligence right now because industry realizes that it can, 149 00:08:17,999 --> 00:08:21,999 in fact, move faster in collecting and analyzing specific intelligence 150 00:08:21,999 --> 00:08:24,209 that's important to them. 151 00:08:24,626 --> 00:08:28,751 Private companies will monitor ICU channels and sites, 152 00:08:28,751 --> 00:08:31,999 like Paceman, just like the government can, 153 00:08:31,999 --> 00:08:37,334 but they can't collect and disseminate information like the government, 154 00:08:37,334 --> 00:08:41,667 and they can't weed out the chaff to meet their specific 155 00:08:41,667 --> 00:08:43,999 government needs. 156 00:08:43,999 --> 00:08:48,667 The government is a huge bureaucracy, and that's probably not a big surprise 157 00:08:48,667 --> 00:08:50,584 to many of you. 158 00:08:51,417 --> 00:08:53,250 It was one of those things that when I went 159 00:08:53,250 --> 00:08:55,584 into government I thought I could change it, and some 160 00:08:55,584 --> 00:08:58,083 of my friends told me I was foolish. 161 00:08:58,334 --> 00:08:59,459 They were right. 162 00:09:01,083 --> 00:09:04,626 So there are a lot of reasons I think why getting any 163 00:09:04,626 --> 00:09:08,999 timely decisions are possible, and lawyers being one of the factors, 164 00:09:08,999 --> 00:09:13,751 sorry about that, I just met a lawyer a few minutes ago. 165 00:09:15,999 --> 00:09:20,626 But they needing to get approval before making important decisions 166 00:09:20,626 --> 00:09:23,334 I think trumps everything. 167 00:09:25,792 --> 00:09:29,876 They're leaving, I already bummed them out. 168 00:09:29,876 --> 00:09:31,667 It's a fact lost on bureaucratic organization, 169 00:09:31,667 --> 00:09:35,501 but in our business there simply isn't time to get everyone's approval 170 00:09:35,501 --> 00:09:37,959 before making a decision. 171 00:09:38,542 --> 00:09:42,876 This will make my some of some of my attorney friends mad at me, 172 00:09:42,876 --> 00:09:45,626 but I find government lawyers, not always, 173 00:09:45,626 --> 00:09:50,125 there are some good attorneys out there, but they are incredibly risk 174 00:09:50,125 --> 00:09:54,459 averse, and they don't understand cyber security. 175 00:09:54,459 --> 00:09:57,375 And that makes it a challenge for us in the operational trenches 176 00:09:57,375 --> 00:09:59,209 to do our jobs. 177 00:09:59,876 --> 00:10:02,125 I know that they don't understand it 178 00:10:02,125 --> 00:10:06,292 because I've seen the look on their face sometimes when I give 179 00:10:06,292 --> 00:10:11,959 them my look and I'm like, I can't believe you're making me do this. 180 00:10:12,876 --> 00:10:15,999 But anyway some of you know Shawn Henry, Shawn 181 00:10:15,999 --> 00:10:21,876 is he's out of the government now, too, he was spent a career in the FBI. 182 00:10:21,876 --> 00:10:23,999 Shawn was interviewed a few weeks ago and he said 183 00:10:23,999 --> 00:10:27,959 as a private citizen and taxpayer it's frightening. 184 00:10:27,959 --> 00:10:31,709 We sit here, more than six years later, arguably in a worst place than we were 185 00:10:31,709 --> 00:10:34,999 before, and we're still talking about voluntary guidelines 186 00:10:34,999 --> 00:10:37,626 and studying vulnerabilities. 187 00:10:37,626 --> 00:10:39,959 So I think the time has passed for that. 188 00:10:39,999 --> 00:10:45,000 What is the value of cyber security and intelligence? 189 00:10:45,417 --> 00:10:47,959 I've been thinking about this for a long time. 190 00:10:49,250 --> 00:10:53,626 When I was with NERC, I read about things classified 191 00:10:53,626 --> 00:10:58,834 about the electric utility industry, but the people who needed 192 00:10:58,834 --> 00:11:02,501 to know it didn't have security clearance, so 193 00:11:02,501 --> 00:11:05,999 the value was useless to them. 194 00:11:07,999 --> 00:11:11,334 And even when they did get briefed on classified information, 195 00:11:11,334 --> 00:11:15,083 it was usually information that they said they already knew about, 196 00:11:15,083 --> 00:11:18,584 so the value, the timeliness of the government information was 197 00:11:18,584 --> 00:11:20,999 always behind the curve. 198 00:11:21,334 --> 00:11:26,125 But there continues to be a mystique to classified information. 199 00:11:26,125 --> 00:11:29,792 People feel like they're not getting it, they're missing something. 200 00:11:29,792 --> 00:11:33,417 But when they do get it, I think they're usually disappointed. 201 00:11:33,501 --> 00:11:38,999 My CEO, he actually had a top secret SCI clearance. 202 00:11:39,167 --> 00:11:44,083 After the second time he got a brief, he's like, why am I doing this? 203 00:11:44,083 --> 00:11:45,667 I'm not learning anything new. 204 00:11:45,667 --> 00:11:46,292 And this is an absolute waste of time for me to go go 205 00:11:46,292 --> 00:11:48,083 through these briefs. 206 00:11:49,501 --> 00:11:53,417 I think it's not necessarily unusual for the kind of information that 207 00:11:53,417 --> 00:11:57,250 the government does provide to the private sector. 208 00:11:58,417 --> 00:12:03,417 When I saw started at VHS in November of 2011, the first thing 209 00:12:03,417 --> 00:12:07,375 the first document I read was by Carnegie Mellon, 210 00:12:07,375 --> 00:12:12,417 who documented the defense industrial based pilot. 211 00:12:12,459 --> 00:12:14,667 I think probably some of you have seen that or read it 212 00:12:14,667 --> 00:12:16,501 or heard about it. 213 00:12:16,501 --> 00:12:18,542 But anyway, the DIB pilot classified measures 214 00:12:18,542 --> 00:12:21,959 and signatures to certain defense related private sector 215 00:12:21,959 --> 00:12:25,542 companies, and there were about 20 companies that participated 216 00:12:25,542 --> 00:12:27,959 in that pilot program. 217 00:12:28,292 --> 00:12:30,959 The report wasn't flattering. 218 00:12:30,999 --> 00:12:34,667 And even though there were, I think, some rational explanations for why, 219 00:12:34,667 --> 00:12:37,667 it makes my case here today, so I'm going to use some 220 00:12:37,667 --> 00:12:40,125 of the numbers a little bit. 221 00:12:40,459 --> 00:12:45,083 Of all the incidents during the period of the DIB pilot, about five months, 222 00:12:45,083 --> 00:12:49,626 only about 4% of those signatures and counter measures were unique 223 00:12:49,626 --> 00:12:52,083 to the private sector. 224 00:12:52,459 --> 00:12:54,999 Let me say it again. 225 00:12:55,083 --> 00:12:58,626 4% included information that the private sector DIB companies did 226 00:12:58,626 --> 00:13:00,918 not already know about. 227 00:13:00,918 --> 00:13:04,083 Now, to be fair, I think the expectations weren't established 228 00:13:04,083 --> 00:13:08,667 appropriately to begin with, and the program was getting better 229 00:13:08,667 --> 00:13:13,918 toward the end, but the bottom line is that the private sector found very 230 00:13:13,918 --> 00:13:18,876 little value in the information that the government was providing back 231 00:13:18,876 --> 00:13:22,292 certainly not enough value for them to spend money 232 00:13:22,292 --> 00:13:25,834 to continue participating in that. 233 00:13:27,834 --> 00:13:32,083 And if you think about some of the other private sector reporting, 234 00:13:32,083 --> 00:13:35,751 some of the things some of the public things we've seen 235 00:13:35,751 --> 00:13:40,501 about over the past couple of years the tracking gross netting reporting, 236 00:13:40,501 --> 00:13:43,584 I think it was 2009, the McAfee shading report, 237 00:13:43,584 --> 00:13:47,626 the Luckycat report put out, and MSAPN report. 238 00:13:52,959 --> 00:13:55,918 It was where actually the DNS Corps flood, 239 00:13:55,918 --> 00:13:59,999 the government eventually got involved in it. 240 00:13:59,999 --> 00:14:02,999 Most of the initial work done on those was done 241 00:14:02,999 --> 00:14:05,999 by the private sector. 242 00:14:10,292 --> 00:14:15,125 And then the annual reports by Verizon, Semantic and McAfee, 243 00:14:15,125 --> 00:14:20,999 which have a good accumulation of information those organizations have 244 00:14:20,999 --> 00:14:23,959 seen over the past year. 245 00:14:24,375 --> 00:14:27,334 Anyone remember the Conflicker Working Program? 246 00:14:28,334 --> 00:14:31,999 Some of you were probably part of the Conflicker Working Group. 247 00:14:32,918 --> 00:14:34,999 That was coordination and collaboration 248 00:14:34,999 --> 00:14:38,083 by the private sector to develop something really important 249 00:14:38,083 --> 00:14:39,999 and really useful. 250 00:14:40,167 --> 00:14:44,209 And these guys and gals actually spent time and spent money 251 00:14:44,209 --> 00:14:48,999 out of their own pockets to help everybody, to help the nation; 252 00:14:48,999 --> 00:14:53,834 and despite Herculean efforts to get the government involved, 253 00:14:53,834 --> 00:14:56,918 they did that on their own. 254 00:14:56,918 --> 00:14:58,876 That was a private sector initiative. 255 00:14:59,584 --> 00:15:04,751 If you haven't read Mark Bowden's book, it's called "Worm," titled "Worm," 256 00:15:04,751 --> 00:15:07,334 it walks through the entire Conflicker 257 00:15:07,334 --> 00:15:09,459 Cabal incidents. 258 00:15:09,999 --> 00:15:12,751 This was in the private sector. 259 00:15:14,334 --> 00:15:18,083 You can agree or disagree with some of these reports. 260 00:15:18,876 --> 00:15:21,999 I don't agree with everything that's in some of these reports that were put 261 00:15:21,999 --> 00:15:24,417 out over the last couple of years, but the bottom line 262 00:15:24,417 --> 00:15:26,999 is they were developed without the government involvement; 263 00:15:26,999 --> 00:15:29,876 they were developed in the private sector. 264 00:15:30,999 --> 00:15:34,667 I think one interesting thing that came out of that was they had 265 00:15:34,667 --> 00:15:37,751 the unintentional consequence of forcing the government 266 00:15:37,751 --> 00:15:41,459 to actually acknowledge some of the nation's state actors that were 267 00:15:41,459 --> 00:15:44,250 involved in some of these events. 268 00:15:44,250 --> 00:15:46,083 That was one of the things when I was 269 00:15:46,083 --> 00:15:50,667 the Deputy Undersecretary at DHS, as I traveled around the country 270 00:15:50,667 --> 00:15:55,459 and met with different companies, the almost continuous theme I got was 271 00:15:55,459 --> 00:15:58,083 why isn't the government doing something 272 00:15:58,083 --> 00:15:59,999 about this? 273 00:15:59,999 --> 00:16:02,999 And not really part of this discussion today, 274 00:16:02,999 --> 00:16:06,751 but I can tell you one of the biggest discussions we had 275 00:16:06,751 --> 00:16:09,542 on a continuing basis at the highest levels 276 00:16:09,542 --> 00:16:14,167 of the federal government is what is the role of the federal government 277 00:16:14,167 --> 00:16:17,751 in some of these events and some of these activities, 278 00:16:17,751 --> 00:16:21,709 especially where nation states were involved. 279 00:16:21,999 --> 00:16:25,334 So I think it's a legitimate question to ask, does the U.S. 280 00:16:25,334 --> 00:16:26,999 Government have a greater U.S. 281 00:16:26,999 --> 00:16:29,999 intelligence gathering capacity than the private sector? 282 00:16:29,999 --> 00:16:31,083 And I think it depends. 283 00:16:31,125 --> 00:16:34,626 It depends on the value of the cyber security information, 284 00:16:34,626 --> 00:16:37,999 because it seems to be an increasingly small subset 285 00:16:37,999 --> 00:16:41,250 of information potentially available to identify 286 00:16:41,250 --> 00:16:44,209 the source and understand a tact methodology 287 00:16:44,209 --> 00:16:47,250 and adversaries' capabilities. 288 00:16:47,459 --> 00:16:50,250 This brings us to what I think is probably one 289 00:16:50,250 --> 00:16:53,918 of the most important problems with government information 290 00:16:53,918 --> 00:16:56,709 and that's overclassification. 291 00:16:57,083 --> 00:17:02,167 Anyone in here that has has had access to classified information I think has 292 00:17:02,167 --> 00:17:07,083 thought this from time to time, that the information you're seeing 293 00:17:07,083 --> 00:17:12,751 is the same has a classified sticker on it, is the same information you saw 294 00:17:12,751 --> 00:17:14,999 on CNN yesterday. 295 00:17:15,999 --> 00:17:20,501 And this is really a big problem for us for a whole lot of reasons. 296 00:17:20,626 --> 00:17:24,501 But primarily, you know, information is classified primarily 297 00:17:24,501 --> 00:17:27,751 for two reasons: One, to protect the source where 298 00:17:27,751 --> 00:17:31,417 the information came from; two, to protect the method how 299 00:17:31,417 --> 00:17:35,083 the government obtained that information. 300 00:17:35,083 --> 00:17:39,334 Most security officials, I certainly know when I was a CSO, 301 00:17:39,334 --> 00:17:42,083 I didn't care about that. 302 00:17:42,083 --> 00:17:43,709 All I cared about was the information of value 303 00:17:43,709 --> 00:17:47,918 to me and could help me protect my systems and my networks. 304 00:17:48,709 --> 00:17:53,999 So I think the government has to get better about taking that kind 305 00:17:53,999 --> 00:17:59,999 of truly classified information and and declassifying sanitizing it so it's 306 00:17:59,999 --> 00:18:03,334 of value to the private sector. 307 00:18:04,626 --> 00:18:07,999 I'm not saying there isn't any value in any classified information, 308 00:18:07,999 --> 00:18:10,167 because there is, obviously, and government 309 00:18:10,167 --> 00:18:12,959 is rightly responsible for that. 310 00:18:12,959 --> 00:18:15,417 It's just that once the information does become classified 311 00:18:15,417 --> 00:18:17,999 it becomes harder to share, and the vast majority 312 00:18:17,999 --> 00:18:22,792 of threat intelligence we need can be found in the open source anyway. 313 00:18:23,751 --> 00:18:26,999 I have a CSO friend who isn't a U.S. 314 00:18:26,999 --> 00:18:30,083 citizen, and his CEO is not a U.S. 315 00:18:30,083 --> 00:18:31,667 citizen, but he happens to be the CSO 316 00:18:31,667 --> 00:18:36,999 at a very large critical infrastructure company here in the U.S. 317 00:18:36,999 --> 00:18:39,083 with a pretty big footprint and actually responsible 318 00:18:39,083 --> 00:18:42,083 for pretty large chunk of something very important 319 00:18:42,083 --> 00:18:43,999 to the nation. 320 00:18:44,918 --> 00:18:46,918 But he can't get any classified information, 321 00:18:46,918 --> 00:18:49,999 and his CEO can't get any classified information. 322 00:18:50,167 --> 00:18:53,250 You can see how that would be a really big problem. 323 00:18:54,918 --> 00:18:58,999 Most people don't know this, actually, and I didn't know it until I worked 324 00:18:58,999 --> 00:19:01,083 at NERC, but the U.S. 325 00:19:01,083 --> 00:19:03,959 gets a lot of our electricity from Canada. 326 00:19:03,999 --> 00:19:06,999 In fact, you know, the lights in here are probably being powered 327 00:19:06,999 --> 00:19:09,542 by electricity generated in Canada five minutes five 328 00:19:09,542 --> 00:19:11,083 seconds ago. 329 00:19:12,501 --> 00:19:15,584 You can see there's a problem there as well. 330 00:19:15,999 --> 00:19:18,209 While we work with the Canadian utilities on a lot 331 00:19:18,209 --> 00:19:21,999 of things, we don't work with them on sharing cyber security threat 332 00:19:21,999 --> 00:19:25,626 information because they're they don't have U.S. 333 00:19:25,626 --> 00:19:29,501 Government security clearances so we can't share that kind of information. 334 00:19:29,501 --> 00:19:30,834 And that's a big problem. 335 00:19:31,459 --> 00:19:35,417 Worked with another story, when I was at NERC, I worked 336 00:19:35,417 --> 00:19:37,876 with a CSO, and we had discovered 337 00:19:37,876 --> 00:19:41,667 a pretty big vulnerability in his company, the source 338 00:19:41,667 --> 00:19:44,999 of it was classified information. 339 00:19:45,125 --> 00:19:49,584 When he when he briefed his CEO and his CFO on it, needed funding, 340 00:19:49,584 --> 00:19:54,959 out of cycle funding to fix the problem, he couldn't tell him the source 341 00:19:54,959 --> 00:19:57,083 of the why he needed the money 342 00:19:57,083 --> 00:20:00,999 because it was classified information. 343 00:20:00,999 --> 00:20:03,542 So it's pretty tough to go to your CFO with your hand 344 00:20:03,542 --> 00:20:07,459 out and hoping that your good looks and smile are going to get him 345 00:20:07,459 --> 00:20:09,751 to write you a check. 346 00:20:12,834 --> 00:20:15,459 Some of you probably are aware of the executive order that was signed 347 00:20:15,459 --> 00:20:18,000 by the president in February of this year. 348 00:20:18,167 --> 00:20:21,751 It has three a number of things, but has three primary components 349 00:20:21,751 --> 00:20:24,334 related to information sharing. 350 00:20:24,334 --> 00:20:27,709 One is a provision for expedited security clearances; 351 00:20:27,709 --> 00:20:31,751 two is a increase in the volume, timeliness and quality 352 00:20:31,751 --> 00:20:36,751 of the cyber threat information that DHS and the government provides 353 00:20:36,751 --> 00:20:39,876 to the private sector; and the third thing 354 00:20:39,876 --> 00:20:44,209 is private sector access to the DHS classified enhanced cyber 355 00:20:44,209 --> 00:20:46,542 security program. 356 00:20:46,876 --> 00:20:49,167 The enhanced the ECS program is a avenue that 357 00:20:49,167 --> 00:20:52,000 the government shares classified information 358 00:20:52,000 --> 00:20:56,125 with certain critical infrastructure companies. 359 00:20:56,417 --> 00:21:00,626 So these are noble goals, I think, as laid out in the executive order, 360 00:21:00,626 --> 00:21:03,083 but I don't think there's any way to scale 361 00:21:03,083 --> 00:21:06,250 by providing any more security funds. 362 00:21:06,334 --> 00:21:08,792 You can't there simply is not enough manpower 363 00:21:08,792 --> 00:21:11,083 and enough money to provide security clearances 364 00:21:11,083 --> 00:21:14,999 to all the people in the nation and all the critical infrastructures that 365 00:21:14,999 --> 00:21:16,501 need them. 366 00:21:17,918 --> 00:21:22,125 I don't think you can even get close to it, so I this is something that was 367 00:21:22,125 --> 00:21:25,125 in the executive order that I think is a noble goal 368 00:21:25,125 --> 00:21:28,999 but probably not going to be not very realistic. 369 00:21:29,999 --> 00:21:32,999 And to bring up the Snowden thing again, 370 00:21:32,999 --> 00:21:36,999 you know in the post Snowden world, getting clearances 371 00:21:36,999 --> 00:21:42,626 to nongovernment employees is going to be a lot more difficult. 372 00:21:44,334 --> 00:21:46,834 The second one, increasing the amount 373 00:21:46,834 --> 00:21:50,626 of information provided back to the private sector, I think 374 00:21:50,626 --> 00:21:54,876 will have limited impact getting the handfuls of companies again, 375 00:21:54,876 --> 00:21:57,834 the scale of this is critical getting handfuls 376 00:21:57,834 --> 00:22:00,584 of the companies the classified information 377 00:22:00,584 --> 00:22:03,834 is not going to solve the problem. 378 00:22:04,083 --> 00:22:06,167 That's some of the bad news. 379 00:22:06,542 --> 00:22:10,999 I always like to wrap things up, talk about some positive things. 380 00:22:11,083 --> 00:22:14,876 And there are some positive things going on. 381 00:22:15,083 --> 00:22:18,999 Sometimes you look at something and it looks bad and the end result 382 00:22:18,999 --> 00:22:21,083 of it is not so bad. 383 00:22:22,083 --> 00:22:27,167 For the past year most of you know the banking and finance industry have 384 00:22:27,167 --> 00:22:31,167 been going through these events, and they have been very, 385 00:22:31,167 --> 00:22:35,375 very challenging for many of the banks and many of the ISBs 386 00:22:35,375 --> 00:22:38,999 and they have spent a ton of money combating these 387 00:22:38,999 --> 00:22:41,626 and preparing for these. 388 00:22:41,792 --> 00:22:46,999 But a couple good things happened out of it. 389 00:22:47,334 --> 00:22:51,167 The first was I actually saw CSOs from these large banks 390 00:22:51,167 --> 00:22:56,209 and large companies sitting together in a room talking about how 391 00:22:56,209 --> 00:22:59,083 to address this problem. 392 00:22:59,083 --> 00:23:01,083 And I can tell you, two years ago you couldn't have got 393 00:23:01,083 --> 00:23:02,834 all these people in the room talking 394 00:23:02,834 --> 00:23:04,959 about issues like this. 395 00:23:05,250 --> 00:23:10,542 I had a talk with one CISO at a very large bank, and she said, yeah, 396 00:23:10,542 --> 00:23:14,626 this is an absolute nightmare for us, but it was good 397 00:23:14,626 --> 00:23:19,167 because it does have we have we have really opened the lines 398 00:23:19,167 --> 00:23:22,542 of communications across this entire sector 399 00:23:22,542 --> 00:23:26,542 in ways that never would have happened. 400 00:23:26,542 --> 00:23:29,459 And so there's a lot of information sharing happening now 401 00:23:29,459 --> 00:23:33,626 on things other than the D DOS related events. 402 00:23:33,959 --> 00:23:36,292 That's really, I think, helped the banking and finance industry 403 00:23:36,292 --> 00:23:37,999 an awful lot. 404 00:23:39,751 --> 00:23:43,083 So we need more of that kind of collaboration. 405 00:23:43,083 --> 00:23:45,083 There's an old military saying that cohesion 406 00:23:45,083 --> 00:23:48,209 is a combat multiplier, and we need more cohesion 407 00:23:48,209 --> 00:23:50,751 across the board and across all sectors 408 00:23:50,751 --> 00:23:53,167 to build a relationships both within and 409 00:23:53,167 --> 00:23:56,709 across industries so when cyber threats do surprise us, 410 00:23:56,709 --> 00:24:00,667 we can pull together the right kinds of teams more quickly than 411 00:24:00,667 --> 00:24:02,999 the well meaning but far too complex 412 00:24:02,999 --> 00:24:05,083 federal government. 413 00:24:05,083 --> 00:24:08,667 Sometimes it actually does take a crisis to get us to work together. 414 00:24:08,876 --> 00:24:10,999 I'm sure a few of you work are involved 415 00:24:10,999 --> 00:24:13,999 with the development of some of the information exchange 416 00:24:13,999 --> 00:24:18,709 frameworks, I want to talk about three of them very, very briefly. 417 00:24:18,792 --> 00:24:21,999 The TAXII program, Trusted Automated Exchange 418 00:24:21,999 --> 00:24:26,792 of Indicator Information, being run out of Mitre, but it's really 419 00:24:26,792 --> 00:24:32,417 an open source operation, a lot of people are involved with this. 420 00:24:32,417 --> 00:24:34,250 And TAXII is an open source collaborative 421 00:24:34,250 --> 00:24:37,999 community development initiative working to define protocols 422 00:24:37,999 --> 00:24:43,459 and messages that allow the sharing of actual cyber threat information. 423 00:24:43,918 --> 00:24:45,999 What TAXII does is give organizations improved 424 00:24:45,999 --> 00:24:49,459 situational awareness about emerging threats and then allows 425 00:24:49,459 --> 00:24:53,083 them to share whatever information they choose with the partners 426 00:24:53,083 --> 00:24:55,375 they choose to do so. 427 00:24:55,999 --> 00:24:59,584 You also have the main DIN 3 open framework, 428 00:24:59,584 --> 00:25:04,999 Incident Object Description Exchange Format, or IODEF. 429 00:25:06,584 --> 00:25:11,999 It allows you to chart and categorize intrusion based 430 00:25:11,999 --> 00:25:18,501 on indicators that can be used to track down attackers. 431 00:25:18,501 --> 00:25:22,626 And the ITF program defines data representation that provides 432 00:25:22,626 --> 00:25:27,459 a framework for sharing information about threats. 433 00:25:27,999 --> 00:25:31,999 I suspect that there are quite a few involved in the development 434 00:25:31,999 --> 00:25:35,792 of those development frameworks, and I think it's, you know, 435 00:25:35,792 --> 00:25:39,501 an indication of Darwin's theory again, one of them will end 436 00:25:39,501 --> 00:25:44,999 up being a standard at some point and the other the others will go away. 437 00:25:46,083 --> 00:25:47,876 There's also the information sharing 438 00:25:47,876 --> 00:25:49,999 and analysis centers, and I know there's some 439 00:25:49,999 --> 00:25:52,334 of you involve with the ISACs. 440 00:25:52,834 --> 00:25:55,834 ISACs were established by President Clinton back in 1986. 441 00:25:58,999 --> 00:26:03,250 They established these ISAC, there was no funding that went 442 00:26:03,250 --> 00:26:07,751 along with that, and so they kind of struggled over the years 443 00:26:07,751 --> 00:26:11,459 to mature and gain relevancy, but there are a couple 444 00:26:11,459 --> 00:26:15,999 of the different sectors where the ISACs I think are being very 445 00:26:15,999 --> 00:26:18,751 valuable, and they provide that forum 446 00:26:18,751 --> 00:26:21,959 for the change of information. 447 00:26:21,959 --> 00:26:25,417 Certainly financial services, the information technology, ISAC, 448 00:26:25,417 --> 00:26:29,999 the defense industrial based ISAC, electricity, telecommunications, 449 00:26:29,999 --> 00:26:33,709 I think those are more of the secure ISAC. 450 00:26:33,999 --> 00:26:41,083 Some of the critical infrastructure ISAC, they're pretty immature. 451 00:26:41,584 --> 00:26:45,959 That's not a criticism, it's the fact they haven't had a lot 452 00:26:45,959 --> 00:26:49,999 of resources devoted to them over the years. 453 00:26:51,876 --> 00:26:54,999 Next thing I want to talk about is the "invitation only" 454 00:26:54,999 --> 00:26:57,709 or "you're not invited" clubs. 455 00:26:57,959 --> 00:27:01,125 And I put that in the abstract, and I've talked, you know, some 456 00:27:01,125 --> 00:27:05,751 of you have probably participated in these over the years. 457 00:27:05,999 --> 00:27:08,834 And they typically spring up in response 458 00:27:08,834 --> 00:27:12,209 to a specific threat like Conflicker. 459 00:27:12,709 --> 00:27:15,999 But they're really effective in tackling problems. 460 00:27:15,999 --> 00:27:19,334 And they're harder to get involved in, and I've actually tried to ask 461 00:27:19,334 --> 00:27:23,999 to be involved in a couple of them, and they typically say no, you're not 462 00:27:23,999 --> 00:27:27,083 the right kind of guy that we need. 463 00:27:27,083 --> 00:27:32,083 They actually want technical people that can help solve problems. 464 00:27:32,083 --> 00:27:34,167 So I bring this up because you may not have been 465 00:27:34,167 --> 00:27:38,083 invited to one of these, but if you have the right kind of skills, 466 00:27:38,083 --> 00:27:40,999 and people who know you are involved with these, 467 00:27:40,999 --> 00:27:44,959 you'll eventually get asked to participate in them. 468 00:27:45,292 --> 00:27:47,083 And actually, probably not telling you anything you 469 00:27:47,083 --> 00:27:50,083 don't know, they're pretty tough to get into. 470 00:27:50,083 --> 00:27:52,083 You usually have to have two or three people to vouch for you 471 00:27:52,083 --> 00:27:54,999 to get invited to one of these groups. 472 00:27:55,250 --> 00:28:01,999 DT and Antwan and I were talking about it a couple days ago. 473 00:28:02,792 --> 00:28:07,250 The BCBU issue is ripe that you're the kind 474 00:28:07,250 --> 00:28:11,999 of group that cannot get together. 475 00:28:12,250 --> 00:28:18,626 Start putting some pressure on the vendors to solve this issue. 476 00:28:18,626 --> 00:28:21,999 This is not a hard problem, but we can't do it. 477 00:28:22,501 --> 00:28:25,999 The manufacturers, the router manufacturers really need 478 00:28:25,999 --> 00:28:29,334 to pick up the ball and work on this. 479 00:28:29,334 --> 00:28:32,250 And it seems to me it's a really good opportunity 480 00:28:32,250 --> 00:28:36,999 for somebody to say, okay, let's start a our own group and work 481 00:28:36,999 --> 00:28:39,542 on solving this thing. 482 00:28:41,250 --> 00:28:42,999 So there's also a couple of things that I think 483 00:28:42,999 --> 00:28:44,959 the government can do. 484 00:28:45,542 --> 00:28:48,999 You know, they're going to continue to develop classified information, 485 00:28:48,999 --> 00:28:50,999 and that's their job. 486 00:28:50,999 --> 00:28:53,209 You know, the Department of Defense has the role 487 00:28:53,209 --> 00:28:56,626 of looking outside the continental United States, 488 00:28:56,626 --> 00:29:01,542 looking outside of our borders at threats against the U.S. 489 00:29:01,542 --> 00:29:03,999 And that's you know, that's their natural role and they're very, 490 00:29:03,999 --> 00:29:06,083 very good at doing that. 491 00:29:06,209 --> 00:29:09,999 But I think there's things that they can do that we 492 00:29:09,999 --> 00:29:15,501 as private companies can can benefit from a bit more. 493 00:29:15,501 --> 00:29:18,125 And one of those things is research and development. 494 00:29:18,125 --> 00:29:19,501 You know, the government has been 495 00:29:19,501 --> 00:29:25,209 over the years been really, really good at doing good research. 496 00:29:25,209 --> 00:29:28,375 And that has kind of changed a little bit over the past few years 497 00:29:28,375 --> 00:29:30,501 with some of the budget issues going 498 00:29:30,501 --> 00:29:33,083 on in the federal government. 499 00:29:33,292 --> 00:29:37,999 One of the first things that tends to go away, first thing that tends 500 00:29:37,999 --> 00:29:40,626 to go away is training. 501 00:29:40,626 --> 00:29:43,459 The second thing that tends to go away is R and D money. 502 00:29:44,125 --> 00:29:46,709 But the government does fund and develops 503 00:29:46,709 --> 00:29:50,250 an incredible I think advanced technology in some of our labs 504 00:29:50,250 --> 00:29:53,417 and some of our other facilities around the country, 505 00:29:53,417 --> 00:29:56,876 but I think we need more money for that. 506 00:29:56,876 --> 00:29:58,083 And we need more money for the kind 507 00:29:58,083 --> 00:30:02,250 of creative and competitive startup companies, 90% of whom are going 508 00:30:02,250 --> 00:30:05,876 to fail at some point, but you know what? 509 00:30:05,876 --> 00:30:08,167 The 10% that do make it, there's value and there's richness 510 00:30:08,167 --> 00:30:12,709 in that that the government and the nation can benefit from. 511 00:30:12,999 --> 00:30:18,083 One of the other things associated with R and D is technology transfer. 512 00:30:18,999 --> 00:30:21,751 Probably be astonishing to most people in here 513 00:30:21,751 --> 00:30:25,000 to know how much great technology is sitting on the shelf 514 00:30:25,000 --> 00:30:29,167 because the government hasn't figured out how to take that technology 515 00:30:29,167 --> 00:30:32,501 and transfer it to the private sector. 516 00:30:32,999 --> 00:30:36,417 It's actually heart breaking when you think about the some of the billions 517 00:30:36,417 --> 00:30:39,125 of dollars that have been spent on some of this, and 518 00:30:39,125 --> 00:30:41,501 they haven't figured out how to get it back 519 00:30:41,501 --> 00:30:43,999 out into the public domain. 520 00:30:45,334 --> 00:30:48,417 I think that they could sponsor more training. 521 00:30:48,417 --> 00:30:52,751 This is one of the biggest issues I think facing the nation, certainly 522 00:30:52,751 --> 00:30:56,999 in the security arena right now, is the lack of talented 523 00:30:56,999 --> 00:30:59,292 and trained people. 524 00:30:59,918 --> 00:31:02,083 Part of my job at DHS was traveling 525 00:31:02,083 --> 00:31:05,792 around the country and talking with not only companies 526 00:31:05,792 --> 00:31:09,999 but talking with higher education and even high school, and one 527 00:31:09,999 --> 00:31:13,209 of the the almost constant constant mantras I heard 528 00:31:13,209 --> 00:31:17,083 from the private sector was they don't have enough people, 529 00:31:17,083 --> 00:31:20,834 they don't have enough qualified people. 530 00:31:20,834 --> 00:31:21,584 And I could ask everybody in this room 531 00:31:21,584 --> 00:31:23,125 to raise your hand right now if you have 532 00:31:23,125 --> 00:31:25,334 all of the qualified people you need in your company, 533 00:31:25,334 --> 00:31:29,083 and there wouldn't be very many hands in there, I can tell you that. 534 00:31:29,083 --> 00:31:31,834 I don't know if anyone had the chance to walk the floor, 535 00:31:31,834 --> 00:31:35,083 the vendor floor at Black Hat the past couple of days, 536 00:31:35,083 --> 00:31:39,250 but something I had never seen before, there were help wanted signs 537 00:31:39,250 --> 00:31:42,292 in many of the booths over there. 538 00:31:43,959 --> 00:31:45,876 This is a big deal. 539 00:31:45,876 --> 00:31:49,959 We do not have enough qualified people either in the government or 540 00:31:49,959 --> 00:31:52,584 in the private sector. 541 00:31:52,584 --> 00:31:55,375 And the government is starting to feel the pain a lot more 542 00:31:55,375 --> 00:31:58,501 because because of the budget issues, you know, and 543 00:31:58,501 --> 00:32:01,542 the sequestration issues, and the furlough issues, 544 00:32:01,542 --> 00:32:05,959 and I think government employees are waking up on days now saying why am 545 00:32:05,959 --> 00:32:07,999 I doing this again? 546 00:32:08,876 --> 00:32:09,999 Thanks. 547 00:32:09,999 --> 00:32:13,542 Why am I why am I busting my ass every day working 14 hours 548 00:32:13,542 --> 00:32:17,999 and you're going to furlough me and dock me 20% of my pay, 549 00:32:17,999 --> 00:32:22,375 when I can go and work in the private sector? 550 00:32:22,626 --> 00:32:27,542 It's I'm sure it's not lost on this crowd, but if you have any skills 551 00:32:27,542 --> 00:32:32,250 at all in this business, you can get a job anywhere. 552 00:32:32,375 --> 00:32:34,999 So I really do think that this is something 553 00:32:34,999 --> 00:32:37,959 the government could take a leadership role 554 00:32:37,959 --> 00:32:40,959 in and provide more training. 555 00:32:41,459 --> 00:32:48,083 And certainly not just in cyber security, in the intelligence analysis roles. 556 00:32:48,250 --> 00:32:51,918 It's a huge, huge gap and we really do need 557 00:32:51,918 --> 00:32:54,083 to address that. 558 00:32:54,083 --> 00:32:57,125 So I do one of the other things I think is funding of the ISACs. 559 00:32:57,125 --> 00:32:59,792 I think the government should take that. 560 00:32:59,792 --> 00:33:02,542 We have 16 defined critical infrastructures now. 561 00:33:02,542 --> 00:33:04,834 The government needs to fund the ISAC. 562 00:33:05,083 --> 00:33:08,083 It's the source of the information sharing among these 563 00:33:08,083 --> 00:33:12,792 critical infrastructure sectors and right now they're very haphazardly 564 00:33:12,792 --> 00:33:16,999 operated and very haphazardly funded and the government could take 565 00:33:16,999 --> 00:33:18,999 a role in that. 566 00:33:19,999 --> 00:33:22,999 To wrap up I would like to state the obvious. 567 00:33:22,999 --> 00:33:26,292 The government is going to have the resources to look outward 568 00:33:26,292 --> 00:33:31,584 to the threats, but you can't depend on getting the information to save you. 569 00:33:32,334 --> 00:33:36,083 The security threat information is up to us. 570 00:33:36,083 --> 00:33:39,999 Some forward leaning organizations, many of you here today, I'm sure, 571 00:33:39,999 --> 00:33:42,999 have already begun, and there are dozens of startups 572 00:33:42,999 --> 00:33:46,999 up there that focus on cyber security threat analysis. 573 00:33:47,334 --> 00:33:50,542 I probably talk at least to one company a week now where 574 00:33:50,542 --> 00:33:54,834 they are doing cyber security intelligence development and trying 575 00:33:54,834 --> 00:33:58,334 to find an avenue to get that back both into the public 576 00:33:58,334 --> 00:34:00,959 and the private sector. 577 00:34:02,083 --> 00:34:05,999 So remember my bottom line up front, the government is not going 578 00:34:05,999 --> 00:34:10,999 to be sliding in a cloud of smoke to save you when you have an event. 579 00:34:10,999 --> 00:34:12,999 You have to depend on yourself. 580 00:34:12,999 --> 00:34:15,292 The government just simply does not have the resources, is not going 581 00:34:15,292 --> 00:34:17,999 to have the resources to do that. 582 00:34:17,999 --> 00:34:20,667 So conversations are occurring about these issues and others, 583 00:34:20,667 --> 00:34:22,584 but unless the government figures it 584 00:34:22,584 --> 00:34:26,125 out pretty soon, I'm afraid that a lot of companies, including many 585 00:34:26,125 --> 00:34:30,584 of those that are already participating in classified cyber security intelligence 586 00:34:30,584 --> 00:34:33,417 sharing program will simply decide not to participate 587 00:34:33,417 --> 00:34:35,999 at all because it's too hard. 588 00:34:36,417 --> 00:34:37,584 And that'd be a shame. 589 00:34:38,083 --> 00:34:39,999 Thank you very much. 590 00:34:39,999 --> 00:34:40,999 (Applause).