Skip to main content

tv   NGA Holds Summer Meeting in Rhode Island  CSPAN  July 14, 2017 9:52am-11:00am EDT

9:52 am
[inaudible conversations]. >> good morning, everybody. >> good morning. >> please rise for the presentation of the colors followed by our national anthem. presenting the colors today, are the junior rotc cadets from
9:53 am
coventry high school. cadet lieutenant, jr. grade aleixa donnelly. can dead lieutenant roberts. cadet on sign, michael herd. cadet chief petty officer, jacob fernandez. performing the national anthem is 15-year-old lexi lanning from rhode island. please remain standing until the color guard exits the hall.
9:54 am
♪ oh say can you see by the dawn's early light what so proudly we hailed, at the twilight's last gleaming. who's broad stripes and bright stars ♪. ♪ through the perillous fight ♪ o'er the ramparts we watched were so gallantly sy streaming ♪ ♪ and the rocket's red glare, the bombs bursting in air ♪ ♪ gave proof through the night
9:55 am
that our flag was still there ♪ ♪ oh say does that star-spangled banner yet wave ♪ ♪ o'er the land of the free, and the home of the brave ♪ s. [applause]
9:56 am
>> i would like to welcome, everyone to the great state of rhode island and the official opening of the 2017 summer meeting of the nation's governors association. before i get started i would like to recognize some of the
9:57 am
very distinguished guests who we have with us. i would ask that they please stand when we recognize you. i would first as you will see at this summer meeting that first is the first time we've actually had a head of state, prime minister trudeau, will be with us today. in addition we have representatives from all over the globe to show the growing importance of the governors and dealing with international trade and business development issues around the globe and that we as governors want to do direct to direct relationships with many of these countries and many of these businesses who have come to visit us here at the nga. i thank them. i first want to thank china. i want to thank ambassador thai from china. he and his group were here yesterday. can we give them a great round of applause for hosting our opening lunch. [applause] i thank governor hogan for his stellar introduction yesterday at that lunch and the great
9:58 am
attributes of the great stay of maryland, next to the great commonwealth of virginia. i would also like to reference prehe mere brian gallant and canadian premier katherine wynn from canada who are here with us. if you give them a great round of applause. governor xi and governor tzou from japan. give them a round of applause please. [applause] mayor angle, from mexico, a round of applause for the entire mex delegation who have joined us here today. [applause] of the as we kick off this meeting i want to take a moment to recognize many of our partners and supporters who we could not have this meeting without your support and funds and best practices, all the different initiatives of the governors. for nearly 30 years the nga
9:59 am
partnered with the private security through our newly he relaunched nga partners program. the nga partners help the organization not only financially but intellectual, with sharing of best practices and helping the nga stay tuned in the emergency policy trends happening in our individual states. big thank you to all our partners here with us today. governors, thank them. [applause] next, would i like to, where is governor romondo? where is our host governor? well, we're going to skip that. i will let her, as soon as she gets here weil hear from our opening governor. i would like to first of all have adoption for a motion for the adoption of the rules of procedure for this meeting. would anyone make the motion. governor malloy. may have a second? all those, thank governor
10:00 am
haslem, all those in favor say aye. all opposed say nay. the motion is approved. governors as you know under our policy process we adopt policies for two years at our winter meeting. if anyone has questions regarding policies i would ask you to see anna davis at nga staff over the course of this weekend. i would like to announce the appointment of following governors to the nominating committee for the 2016-2017 nga executive -- i would like to welcome, vice-chair and governor sandoval here with us today. give the governor a great round of applause. [applause] let me start off my first main golan muching my initiative of cybersecurity, the importance of cybersecurity on every single
10:01 am
governor's end goo. i wanted to highlight cybersecurity was more than a information technology issue. i want to show you that cybersecurity is health issue, education issue, a public safety issue and an economic issue as well as a democracy issue. when i launched my initiative i didn't imagine cybersecurity would capture the national headlines through so many different events we experienced including last year's presidential election. in november 000s of init net connected devices including security cameras a ocean away used to launch a cyberattack that took down several popular web services as netflix and as well as "the new york times." this may we saw a cyberattack that the world has never experienced before. the "wannacry" ran someware, locked out users from all across the globe. made it impossible for doctors and other practitioners to access their devices. experts today are still assessing the impact of this
10:02 am
incident. and potentially more worrisome influencing elections not only here but as well as in europe. these are troubling times. yet through the new initiative, continuing commitment of all of you, we have now convened experts from cybersecurity policy, from the state government, from the private sector, to higher education and to all of the federal agencies involved to discuss this critical issue and to identify ways for all of us to meet the let me say as it relates to virginia, in virginia we've taken significant steps to address cybersecurity for the commonwealth and beyond. we are in unique position in virginia. which have the largest naval base in the world, pentagon,
10:03 am
quantico, 27 military installations constantly under assault. we've come a long way strengthening our systems an our policies. last year we expanded cybersecurity apprenticeships for the first time in virginia's history. we're allowing businesses to stand up, register apprenticeships for cybersecurity occupations. in virginia, if you will work for the state for two years we will pay your education to get a cybersecurity degree. we created partnerships to increase cybersecurity many employment and educational opportunities and scholarships around the commonwealth. i launched the cyber vets virginia program to provide cybersecurity training to our veterans. today in virginia we have 36,000 open cyber jobs. we have nearly 600 cyber companies. those 36,000 jobs, starting pay is $88,000. you do not need a four-year degree. it is a two-year degree or less. it is imperative for all of us as governors to make sure we're building that workforce of the
10:04 am
21st century. earlier this year virginia enter ad strategic partnership with amazon web services and virginia cyber range to make virginia a national resource center for cybersecurity education. virginia has an award-winning cybersecurity program in place. we can build on the strong foundation. as we all know as governors it requires continued diligence. we might be in great shape today, but tomorrow some new cyber hacker will come up with some latest technology to get into our system. government is a very attractive target for our cyber criminals. as you know we have collectively more data than the federal government through our drivers licenses, our health care, medicaid programs, state tax returns, many cyber hackers feel the best opportunity to get that data is come into the states because of the wealth of data that we have. it take as commitment of all governors to keep our families
10:05 am
and our businesses safe. these threats do not stop at state lines. since july, we have accomplished a lot since we met. we have held a sires of roundtables focusing on the cybersecurity risks facing the health sector, critical infrastructure, educational institutions and small businesses. we have spent significant time highlighting the opportunities, cybersecurity presents for all of us and the opportunity of a more connected society and a vibrant technology economy. as you know which held two soldout events, two regional sum is mitts, one in boston and san hoe he say where many of you sent teams of state officials to discuss pertinent cybersecurity issues and to identify, implementable goals and objectives to move our states forward. as i have said from day one, if we do a great job in virginia, but there are states that don't do anything as it relates to cybersecurity, they will reach our state through a backdoor, through a health care provider,
10:06 am
insurance provider or some other business doing business with both of our states. these summits cull minute he nated in national summit in june where proud to say 45 states attended and future cyber trends and use innovative technology to mitigate those threats. at our winter meeting many of you may recall we gave each one of you a cyber scorecard which no one saw but yourselves that highlighted areas where you are exceeding, areas that you a little help and areas that need full, immediate attention. this continues to a useful high level tool that you and your team can utilize to track your progress. we have the updated report cards for all of you. we were joined in february by admiral mike rogers, commander of u.s. cybercom, and director of the national security agency for an off the record discussion how states, national guard and
10:07 am
cyber command can work together. he stressed to all of the governors that we are at the forefront. that he can not do his job as head of national security agency if we as states are not doing our part. we held a joint governor senator meeting on cybersecurity priorities of the united states congress. we had a great group of governors to meet. governor sandoval and i went up to meet with the leadership of house and senate. we implored congress to have a cybersecurity committee. one does not exist today in the congress. it is spread among many different committees. and there is jurisdictional territories where people not wanted to give up some of their jurisdiction. we once again as governors call upon the congress to put together a national committee to deal with this issue and put funding in so we at the state level can do our jobs. lastly we put together 18 documents that highlighted recommendations and best practices of the national guard,
10:08 am
cybersecurity response plans and workforce development. that you can all implement in our states starting today. you all have those documents in front of you and they're maintained at the nga cyber resource page, this is the package that all of you have in front of you. it has all the latest data. it has what you need to do as a governor to make sure your state is up and meeting the threat of cybersecurity. what we saw last fall was only the beginning. richard clarke, who is a national expert on cybersecurity, advisor for four presidents briefed me the other day and said the actions we saw last year as it relates to russia and other nation states is only the beginning. it is only going to ramp up. and they want to ramp up by coming after that state data. so i would say incumbent upon us as governors, to make sure that we are doing our part to keep
10:09 am
our states and our nation safe. most of you have begun emly meanting these recommendations. we say thank you, since the launch of my initiative over 30 governors have now signed an executive order or legislation or announced a cybersecurity initiative. this now has resulted in a dozen executive orders, 14 signed bills and 17 initiatives. in idaho, governor otter is implementing recommendations by his cybersecurity body and recently named a state cybersecurity director. in new mexico, governor martinez signed legislation clarifying when the national guard can be used during a cyber event n oregon, governor brown signed an executive order to unify all cybersecurity efforts into one agency. lastly our incoming chair governor sandoval signed a bill to create a cyberdefense center to lead all the cyberdefense projects in their state. more can be done.
10:10 am
there are at least 34 pending bills in state legislatures that you can all help advocate for and push through so that it can land on your desk to sign. although these are great accomplishments, we must never ever, become complacent. criminals and foreign adversaries will continue to pursue vulnerabilities in our defenses that will harm our citizens, cripple our critical infrastructure and steal our resources. that is why my initiative will live on through the nga resource is noter for state cybersecurity that i have been privileged to co-chair with governor snyder. through this center the nga staff will continue to assist your states and implement best practices and be a lasting resource for you and your staff. before we go on to our speakers and our discussion, i do want to give a special shoutout to jeff and tim and ask them and all the folks who worked on cybersecurity if they could stand up, if you could give them
10:11 am
a great round of applause for the great work that they have done. [applause] thank you. charles: gentlemen. before we get to the speakers i see our host governor has arrived. she was busy doing interviews outside. i would like to turn it over to you and give an opening statement. i want to thank governor raimondo hosting this beautiful state. record number about, 33 governors and 1800, 1800 phonings signed up to come to this which is by far more than three times more than we ever have had. i know it is because of our great governor and the great state of rhode island. i do want to thank, i know time and work you put into this gina. on behalf of all the governors. it is great to be in rhode island. >> thank you, terry. [applause] thank you, good morning. for those of you who i haven't seen yet, welcome to road
10:12 am
island. we're pleased with the turnout. it has broken every record. i want to thank all of you. some who traveled very far to be here. i appreciate that. i also want to thank and acknowledge terry for his leadership on this issue. it is true that you will be leaving us as the chair but i think you should feel great about your legacy because you started an initiative that many of us have followed. i know i did. i signed an executive order around cyber to put a task force in place and have hired for the first time ever a director of cyber and homeland security reporting directly to me. so, i think we're all doing our part. the hardest part of all of this is behavior change. i would love to hear, technology is one thing. resources are one thing. this is really about getting people to change the way they do, when they log on, if they change passwords, how they do their business.
10:13 am
and that is even harder than it has been with the technology. so i think as we go forward under governor sandoval's leadership anything we can do to focus on that would be helpful but we're thrilled to have everybody in rhode island. i want to make a quick plug at noon. we're having a governors onlily session with two important ceos, the ceo of cvs, larry muir low, and ceo of igt. both substantial companies and sponsors of this event. that is at noon, governors only. i would love it if all you guys could be there, thank you. >> thank you, governor. back to cybersecurity to add more context to the issue we are discussing. we're honored to have three great speakers i appreciate them coming here today. matt spence, is partner at andreessen horowitz, chris
10:14 am
bream, chief technology officer and wes cramer from the raytheon company. vice president of raytheon integrated defense systems. these distinguished speakers are here to provide a window into the future of cybersecurity. what it will mean for our states and take advantage of the tremendous opportunities in this sector. i would like to turn it over to matt. matt, the floor is yours. >> thank you, very much. governor mcauliffe, thank you for invitation to speak about cybersecurity, in particular for your initiative raising this issue to the governors in this area. by way of background i'm a partner at venture capital firm andreessen horowitz. we're a venture capital firm that invests in new, exciting emerging technologies. everything from artificial intelligence, to drones, to financial technology, to health technology, to companies like air bn and b and lyft and huge
10:15 am
companies like where chris is at and other companies we look to have the most exciting technologies which have a huge impact on the work that all of you are doing. before i was in an addressen horowitz i spent time in national security positions at obama administration. i was in the white house at the national security council where i spent hundreds of house in the white house situation room, dealing with everything of the planning of the operation against osama bin laden and to trade issues, to increasingly cybersecurity issues you which really were some of the serious and significant which pervaded nearly everything that we talked about. i then spent time as deputy assistant secretary of defense dealing with some of those issues from the defense perspective. so i would say that by way of framing to take two different perspectives to open up about what we think about some of the cybersecurity issues. both from the situation room to in a sense the boardroom what companies and states face every day. and where things are going, i
10:16 am
want to say two things that may seem a little counter intuitive. if the question is, where is cybersecurity going the next five to 10 years, part of the question is to look back 10 years. it was 10 years ago last month that the iphone came out as a product, something that has fundamentally changed the way we think about commerce and we think about other types of things. but if you actually look back, the conversation about cybersecurity has not changed very much over the last five years. we still talk very much about the upcoming pearl harbor of a cyberattack. we talk enormously about the threat, but actually what has happened, what needs to change has not changed very much. the fundamental issue is not actually one of technology as governor raimondo said, but fundamentally one of human behavior. it is doing basic work of hygiene and good health related to cybersecurity and changing behaviors that leave us all vulnerable and that is
10:17 am
particular where governors and political leadership comes in. the second thing i want to say there is actually are tremendous opportunities we're not necessarily paying attention to. when i was at the defense adopt i headed up working on middle east policy and one thing that is very easy to do talk all about the threats, and you hear about the threats and you basically want to go home take a nap not worry about what is going on. what we don't spend time talking about as much what the opportunities are. i would say as we think about the threats of cybersecurity, a critical part of the conversation is not to talk about the enormous opportunities here. the internet of things, artificial intelligence, driverless cars, the enormous amount of connectedness that we have do create vulnerabilities that we need to be thinking about, how to coordinate and stop from hurting us, but at the same time the very innovation that drives those technologies is critical to driving our
10:18 am
economy. as we think about what the role of governors and regulation are to do it, it is come up with the right balance to continue to encourage that innovation and encourage the type of technologies which do create threats but continue to use that to drive our economy and try to turn to technology to help us address and mitigate some of the cyber threats that we're dealing with today. >> thank you, governor mcauliffe. it is really great to be here with leaders across the country addressing an issue so important to us. the work of the national governors association has started over past five years and it has been accelerated by governor mcauliffe's leadership is strengthening our nation's cyber resiliency. raytheon is a company that many of you know. we have employees in 46 of the 50 states. i oversee raytheon's intigrated defense systems business.
10:19 am
this includes radars, air and missile defense systems, command-and-control systems, maritime systems. we have a strong manufacturing base. many ways raytheon looks like a lot of companies in your states and we're a cyber company. for raytheon cyber investments started with protecting our own products, our own networks which sensitive data he reside. then it was natural to take those lessons to our customers. for the past decade we've invested billions of dollars into -- in developing disruptive technologies for network defenders of the warfighters. in fact i would argue that every business is a cyber company. every company that relies on networks, computers, devices, sensors, databases, manufacturing automation and intellectual property that you want to protect. the unique about the cyber domain is how dynamic it is. the techlandscape is constantly
10:20 am
changing, the user landscape is changing and the threatscape is always changing and rapidly advancing. so the work you started here at the national governors association is just a beginning for each of you. cyber is an issue that is here to stay along with education, health care, jobs and public safety as it touches all of those. cybersecurity has changed dramatically in less than a decade. from an i.t. issue protecting networks, intellectual property, to actually protecting our very way of life. when everything is connected everything is vulnerable. as a result we see cybersecurity even for commercial companies as a national security issue. multiple times over the past year we have been reminded by cyber attacks that they're easily launched, they are far-reaching, they have global implications and that's really the challenge. the cyber threat has become more sophisticated as nation states
10:21 am
and cyber criminals invest more resources in cyber attacks because the return on their investment is so great. there is no doubt that the cyber domain is now a contested domain. for states with large research universities you probably know this rather well as state schools with important research work being done are important targets. and so let me take you through a simple example, a professor working at one of your research universities doing something in high-powered lasers. clearly engineer, problemly a gadget guy like me. invests recall doter of technology, got one of unique garage openers with wi-fi. you can close it no matter where you are in the world. five or six years ago the circuit cards didn't come from the united states. there has been no firmware updates last six years. controls it from his iphone. now there is instant gateway.
10:22 am
once you're on someone's iphone, access to bank records, access to medical records, more importantly in this case, probably remote access to research work that he is doing at the university. now you have just turned something simple from a gadget bought five or six years ago, connected through an iphone, it is now a national security issue. so it is fair to say if a cyber war were to come, it will come across commercially-owned networks and threaten commercially-owned infrastructure. we believe companies and states must see their presence in the cyber domain through a national security lens. this will become even more important as we rely more heavily on automation, artificial intelligence and the internet of things forever day devices. that is why raytheon created force point, a commercial cybersecurity company, to take the technologies that we develop for the defense and intelligence community to the commercial sector. the work you're doing here is important and should continue.
10:23 am
states have a major role to play developing our workforce, strengthening resiliency of critical services, making our nation safer. so i look forward to continuing the discussion here this morning. thank you. >> good morning, thank you, governor mcauliffe for opportunity to speak and governor raimondo for hosting us here. i'm excited for having this opportunity, sitting with a bunch of governors i actually started my career in the public sector. i worked with a local government. virginia born, bred an raised pretty proud of that as well. after i worked in the public sector i had the opportunity to see the kind of challenges that the public sector is facing i worked at tanium after working number of years at facebook. they work with fortune 500 and 12 of the top 15 large banks. governor talked about human
10:24 am
behavior and importance of human behavior when it comes to security. that resonates in part because i want to talk about human behavior of governors surrounded here, people at these tables. one of the things i worry about from a security perspective is fatigue. you hear it all the time. there is lot of fear, uncertainty and doubt. the sky is falling. wes mentioning taking a nap after hearing about this. what i worry about the opportunity to us to get resigned. i saw the other day another attack on the ukraine. the official government twitter account of the ukraine tweeted a cartoon of a dog in a flaming house, had a caption, this is fine. everything was on fire. they were under attack, they were having series of issue, and they are resigned to that. i certainly respect to the fact they could handle that with such comedy i suppose but at the same time it is tough to see a situation where we would become that resigned and certainly as governors that is not the way we do things. i have sat and watched as
10:25 am
constituent and interested part, what all you governors have done in health care, infrastructures, in energy, in education, number of other areas. you're really leading the way. i think you all know that. what is interesting about that is many of the initiatives that you all are undertaking are filled with technology. there is technology throughout. you're making things more connected. you're putting in devices everywhere, to make sure your constituents lives are improved. that is really important. security will be a really important part of what makes that successful, right? we will have number of challenges. we'll have challenges in the security space, over time with things you guys are leading on, it is going to be a scale issue. how do you handle the gigantic number of connected device, things you give your constituents that they are looking for? the key is making sure you're considering security throughout all the life cycle of the technology you're using. there are two things you all can focus on when you're thinking about this. one, user convening power. bring together the public and
10:26 am
private sector the have them discuss, figure out ways they can work together to solve some of these problems. i think really focus on ushering a new world and expectations. you have a number of powers including how you purchase, and including security the way you do requisition or excuse me, acquisition. you can change the agenda for the private sector if you need, certainly you're driving agenda for the public sector. i'm really excited to be here. i'm looking for an opportunity to talk about the challenges. thank you very much for your time. >> now we'll move to questions but before we do, obviously a big part of cybersecurity is making sure that we have a workforce to deal with and make sure that we are actually moving forward on building that workforce of the 21st century. along those lines, governor hutchinson this morning, he and i kicked off a coding event for young girls who are here today.
10:27 am
it was spectacular event and it really comes down to the teachers. and i'm honored today we have very special teacher with us today. her name is sydney chafee. she is humanities teacher at academy public charter school in massachusetts. she teaches history, government, but she transforms those classes into authentic lessons to prepare her students for the future. happy to announce that in april of this year, sydney was named the national teacher of the year for the united states of america. not only does she have that honor, but tonight she will be throwing out the first pitch, if we want to go with her today to see the boston red sox. she will be throwing that pitch out. we want to thank sydney for being here with us today. [applause] thank you, sydney.
10:28 am
>> we mentioned what we did this morning, that was something very special the nga did today. >> thank you, mr. chairman. i want to applaud you for your leadership on this issue. just the awareness of it for the governors is critically important as well as the pledge that we have made to do more in the area of cybersecurity. and i'm glad you mentioned the girls who code initiative this morning. they're working right now as we speak on their different projects. we'll hear more about them later but, you know, in arkansas you mentioned the workforce and it really ties in as part of our initiative, it is to prepare teachers to teach computer science, stem education, encourage the students to take it. we have had enormous success in that. we mandated it be offered in every school. we have rao trained teachers. sort of a flip side or
10:29 am
complimentary side of coding is cybersecurity. we have for the first time conducted a risk assessment in arkansas on the cyber threats. we have looked at a coordinating agency, our department of information services, to coordinate that response capability. we're trying the workforce side of it, but if wes or one of the, one could speak to the relationship between coding and computer science being taught, and cybersecurity, and the education that relates to it. how do those fit together? are they complimentary? does it need to be a distinct focus or can be a, can it be a similar focus? >> governor, i think that's a, it is a key thing in thinking about going forward, and you know, the cyber threat advances so rapidly and is changing so quickly, that it isn't something
10:30 am
at that we can afford to always be in a reactive mode about and i would even argue although it is important to increase our cyber workforce across the nation, at the end of the day we're probably not going to be able to outhire the threat, right? so this is why it becomes even more important than what you talk about, talking about developing cyber resistant or cyber resilient networks. put be cyber resiliency built into all of the software and coding. back to your point it really becomes one of the key things about designing a cyber resilient architecture. for many reasons that is one to repel attacks, but it also may be in especially, i think this is important for states and anything with national security, hospital, as governor mentioned, you have to be able to operate through a cyberattack. . .
10:31 am
because we know that no matter how good our firewalls will be, there's always going to be a possibility that someone gets inside the networks or there will always be the threat of insider threat. what we measure is that amount of time that an attack is persistent inside our network. i would much rather have 100 penetrations for one minute than one penetration for 100 minutes. we look at that average dwell time and that's the metric we report to our board of directors. >> let me also mention an
10:32 am
announcement that he want me to make today at the institute, i know many states competed for the scholarships and i am proud announced today their chosen the seven states. the winners of the collaboration and building the workforce of the 21st century for cybersecurity, the seven states virginia, rhode island, the veda, ally, michigan, iowa and delaware have now been chosen. within those seven states the top 102 bridges but in program will each be given a $1500 scholarship to study cybersecurity and they will then go on to be able to access over $500,000 wort$500,000 with the . let's give the institute a great round of applause for building that workforce in the 21st century. [applause] >> i just want to comment briefly. personal a lot to think all of you to take the time to come
10:33 am
here and matt i want to thank you for your service. he played in the different roles to bring that experience down to her entrepreneurial community. colorado, we have our own national cybersecurity senator burr we stood up a couple years ago. we had an old defense contractor who had left a large building 103,000 square foot building. we got the legislature to fund the rehab of the building and were trying to find ways to build bridges between, one is making sure elected officials and by that i mean not just governors and mayors and city council members, county commissioners have the education to deal with cybersecurity, not just, they don't need to know how to code obviously picked they need do how to allocate resources and assess threats. if anybody is bored on november first through the third where doing a class down at the
10:34 am
broadmoor with the national cybersecurity sent on just these issues, of how to in a day and half make sure people are competent to understand the deep level and an awful lot to governor mcauliffe and your initiatives, want to appreciate that as well. i wanted to ask matt and other guests as well, when you look at so much of what we're doing is about cybersecurity comes out of our defense department government and we see great concentrations of cybersecurity entrepreneurship built around places where those investments by the department of defense or department of homeland security as well our maker how to begin to accelerate the transferral of the research that's coming out of research institutions and make sure that also is translating into businesses and jobs that are going to be the ones that help keep us safe? >> i think this circles back to
10:35 am
the education, i've been lucky a successful thus far in my career. career. a large part of it because i been able to throw myself by fellows who are way smarter than either i do it has been successful doesn't make sure you people involved. we talked a little bit about how you can educate individuals to help make them more effective in this space. we talked about girls who code and starting early and building and not only just technology but security into the curriculums. an example i like to bring up from time to time, governor ivey, you will appreciate this, the university of alabama at birmingham has a strong forensic program that's a place where we found a number of candidates when i was working a few years ago. to be honest i without a thought that would be play should be able to source candidates. i start thinking place like stanford, mit, but what thi thew was an opportunity to people together the right people to do
10:36 am
education coul. ultimately what's really important as an agent is starting early, getting people the money with technology, making sure they understand how they connect to cybersecurity and being come having to think and change the behavior. those are the real keys and this set of people can really help all of the centers in the things that are merging so we can keep up with the way these things are evolving. >> i think i would add to that, governor hickenlooper you're asking exactly the right question. how do you bridge that the fighter talking about between what you did in the private sector what happens in the defense and other parts. as i think about it this may seem counterintuitive but we spent a lot of time with technology policy and cybersecurity focusing on congress or the white house but our view is the most important technology policy makers are sitting around this table. they are the governors. really when you look at the things that really matter is governors and mayors working at these issues. and a very practical way there two things to really bridge the
10:37 am
divide that are not particularly sexy but are hugely important. how the government buys and how the government hides. what i mean by that is the cybersecurity problems are incredibly hard. they are evolving quickly and the best thing our country offers is have amazing technology, amazing entrepreneurs which are anticipating the threats, looking for them and find ways to do that. the problem is it is incredibly hard for these entrepreneurs and innovators to sell the government. processes take too long, procurement is long and extensive. there are great companies like tanium and others we look at to have great ideas and are looking to go in, and really needs to find a way to be able to purchase in a way that it were expedited and sell the great things. there are ways to do great things in partnership with great companies like raytheon and others but also to make sure that when you find a great company and a great idea allow
10:38 am
the government to be a good customer. the second issue is hiring and that is not just training and coding which is critical that when you're done that, find which allow those great people to come and work for your government. you are working on incredibly important and interesting issues, and i know that the phase know when you're as good in the private sector but that's not the issue. there are a novice mission driven people who are desperate to come and serve for the government and it is so so hard. when i was in the defense department i probably talked to ten people a week or eager to come and work for the government work longer hours for less pay but for a mission he cared about. our answer was i'm sorry there's no website, there's a easy way to bring you in. and when i walked out of the pentagon and ashes could issue is most concerned about was not isis and it was not iran, and was not serious but whether we
10:39 am
were equipped in our government to open the door to the most talented people to come work for us. that is an enormously huge challenge which those you around this table have enormous powers to do something about. and for that it's heartening that you provide us to talk about this and it's a huge privilege because part of what that is, this gets your question, is how to have a conversation between innovation and the most important policymakers. one thing we do is have that conversation between which would talk about. governor mcauliffe does the same. if you have you been arrested and coming to the main street of silicon valley in january or february perhaps when it's beautiful out there but in all honesty would love to host you
10:40 am
not me or other folks but you talk to some of the people who are really inventing the greatest edges of the future who are eager to talk about partnership, about what their talk knowledge is can do to help solve incredibly vesting issues you're dealing with. cybersecurity, infrastructure, homelessness, healthcare. and two of the conversation the bridge is what i think is still an enormous divide between what is happening in technology innovation entrepreneurship and what problems need to be solved in the types of regulation opportunity and great thinking that is all about this room. >> governor come just as a quick follow-up, the basic business model that ray counters but together with our commercial division called force point is to take those defense great cyber solutions that we employed in our products around the world with the intelligence services and with the various branches of the military and to be able to as the foot rapidly advances essentially work through the
10:41 am
process of deciding which ones of those cannot be commercially available, moving got over to our commercial part of the company and then selling them as a commercial package as a separate package that a small business, a bank, a government, state government, a university can purchase into provide a constantly updated cyber protection package. >> i'll add one thing an apologist for extinct this out bubut i think the other opportunity you have is if you wire great engineers you will start writing code that was also problems for the state governments. when i was at facebook one of the things we focus on was giving back because we had a lot of real privilege to have great set of software engineers so we would open source a number different tools. that's an opportunity also for states to track the talent you are looking for. this is coming, sink you will support the mission and when you're done you will be able to give the software back and help
10:42 am
whether it's other states, other companies would have you. you build his reputation about what you're doing. states are a unique position because of the role to do exactly that. >> governor meet? >> thank you, mr. chairman. thanks for your leadership on this. great panel and a great discussion. my question is, it seems we occasionally read in the papers that city or town or a state has been attacked by ransomware, then the next day you hear of another state. i question is i know for example, the council of governments have been working on this, states have been working on this, nga has been working on this but i would be interested in hearing the panel opinion on is there a better way for us to share information? it seems difficult when we have federal government, state comes, local governments and then yet the private sector competing against one another but it we had an opportunity to learn from one another, to warn one another
10:43 am
about threats that it happened, because if my state gets hacked and then two days later by the same scheme another state gets hacked, we have an opportunity perhaps to do a better job and share perhaps through a national ellipsis or something to prevent us from different states or communities or companies suffering the same sort of scheme. i guess my first, matt, your opinion on that. are we doing a good job, and to come is a opportunity to do better in sharing information and help learn from one another to protect one another? >> governor, that's a great question and there are efforts like this to have this conversation around the table about cybersecurity which is an important first step but the reality is we are not ready and we're not doing enough to share information. part of the reason for that is any would wait it's the wrong
10:44 am
thing to say the word cybersecurity. we talk about that and you talk about cyber but those specialize and talk about security. it's security which permeates everything. there is physical security. there's threats from cyber entries. there are other pieces and they're all very much related. the reason why that's an important point to keep in mind is when you are sharing information think about it not something in a particular bucket. something that permeates a whole range of things. your constituents and voters are not thinking of the department of homeland security or the department of defense or and local government or state government dealing with things. they just know they don't want fraud to have bigger they don't want things are sensitive they keep a iphone to get elsewhere. they don't want the al all the treatment is an amazing opportunities of technologies that they buy create a lot of new windows and doors that a cyber burglar can break into. a big part right now is to have
10:45 am
better coordination mechanisms both between jurisdictions because i could because the nature, there will always be things overlapping but we need to do much more of that. the second piece is to increase trust and collaboration between the private sector and government to do this. we spent a lot of time talking about bringing washington to technology sector together but it's even more the state capitals to do much of this. if i was thinking about an agenda about what can happen at the regulatory government level, find a way to quickly share information and do it better is truly the key. we are living in a world right now which is very much of the pre-9/11 intelligence community area. we have heard the many, many stories about different intelligence groups knew something and it was a really out of elwell or anything some wanted to do that with left assimilable. we just cannot modernize a system -- ill well. it's time to take the next have to find ways to take a step
10:46 am
forward to modernize that an better show that type of information. >> one question for chris and one for matt. chris, tanium is one th of the fastest-growing cyber companies right now in the world, maybe like to share a bit on what the market signals are telling you and why and what probably are trying to solve and how your protein why people find it so attractive. and format, i know andreessen horowitz not only invests -- looks at places where the next thing is coming and what do you think it's a big unsolved problem and was the next tanium can you come from that you are looking for? >> of course i'm happy to talk about the technology, and my role. really the thing we're tackling something a midget a little bit earlier which is really scale. it's very hard to manage these massive networks and only getting bigger.
10:47 am
i read something the other day there about 8.4 billion devices that are connected right now and it's up i think like 31%. that's going to just grow tremendously over the years. one of the things we as a company did was try and say okay, we can't do that than traditional way. what's another approach to start and a massive scale? that is what drove the innovation and that's what helps our technology succeed. what's interesting for me as i think about all of the initiatives helping by commission the constituents can being able, the growth of devices, people talk a lot about the internet of things for whatever definition they have for that but at the end of the day all of those are devices that are interconnected in some way, shape, or form and able to share data back and forth. what we focus on as being able to scale to that size. that's what's made a successful because we recognize that was coming at a don't see that changing anytime soon. >> governor, that's really
10:48 am
interesting question innocence one of favorite parts about my job is would look at what's coming down next. there are two things right now. on the secret he thought which really is exciting is there are threats we might now be thinking about an that we need to be defending against. one example is when you call someone on the phone, you soon summon knows that your voice, but how do you really know? for example, there's one company we are investing in that traps a need -- works and integrity of voice when you're speaking as someone does its actual you. so that's one. the other piece and this relates a little bit too cybersecurity about some of the most exciting areas of innovation is artificial intelligence and was called machine learning. a lot of the things that would seem to be ten or 20 years in the future are happening pretty closely here which have a lot of implications for things that
10:49 am
governors are doing. artificial intelligence without recently, commissioned to write articles based out of the last olympics. artificial intelligence has spent time trying to write music or write speeches. there is a company that merges a lot of interesting health technology plus artificial intelligence to take a huge amount of data regenerate from our apple watch to provide better health outcomes. there's a company called cardiogram that analyzes your heartbeat from the apple watch can takes all the data and can predict a heart attack after them the best cardiologist at the best medical schools in the united states. those types of things are interesting to take technology and data to make your population healthier which can produce a whole range of things. what i get most excited about, i talked about opportunity before, other types of things doing things that are not even ten
10:50 am
years in the future. they are accusing the future even happening right now and they're really cool things that are been able to happen. >> anymore questions? >> i know it's a constant challenge to make sure that we provide funding for technology in state governments. a battle we have to fight. one of the things that often falls by the wayside is cybersecurity, the continuous monitoring and assessment and training that you need to do. do you have a recommended percentage of an i.t. budget for state that should be spent on cybersecurity? >> it's a great question and i think that gets to the issue is, for a while it became cliché to say you will be have come everyone will be habit.
10:51 am
if you say that to a corporate board they say what am i supposed to do without? avatar going to happen i'd thought of my head under the covers. when you're a company much like if your state you are getting a resource constrained environment. you don't have the luxury to spend an unlimited amount of money on the fast problems you have. they key is thinking about prioritization. there are two ways to think about prioritization as you think about that. one is to prioritize your types of assets and what is critical and critical infrastructure. but the other piece is to think about prioritizing information. this may seem counterintuitive. we spent a lot of time thinking about the perimeter of security and that is to stop someone from getting into your house. you could lock the doors and put bars on the windows but there are a lot of cracks and a lot of ways to get into your house. what shouldn't have is wan whatu get in your house, you get everything.
10:52 am
you get the best jewelry, you can walk out anything you want. if we think about it we innocence treat a lot of our information a that are networksf three much the same. if you're in the government, when i was in the white house with different wires of information, unclassified information, confidential information, thanks marcus secret, things marked as top secret and then your level of security clearance even about that which has the most sensitive ways to help our government gathers intelligence. should just because you work at the white house you don't get access to all that information. just because you up and walked in the door you can't do everything. even because you have a security clearance you don't get all that. if you think about prioritizing i.t. budgets in these types of things, part of it is ranking and denniston what happens when someone is in your network, what are the crown jewels and what are the things you don't want to get out but are less important,, taking a more strategic approach rather than assuming once someone isn't everything bad
10:53 am
will happen. >> i'd like to offer a couple of other thoughts on that, and that is some of the basic things that you can start with that really don't cost much it would have to be viewed as a percentage of the budget towards a cybersecurity is the first question is does every state have a chief information officer that reports directly to the governor, and as that cio have a seat at the table in most all decisions, especially any purchasing decision. as i mentioned earlier a lot of it is about thinking about the architecture of the system. as different universities, hospitals, any state things, thinking about is the architecture design to be cyber resilient and do you have some standards around things like penetration or multifactor authentication. i think there's a lot of opportunities where the cyber resiliency can be built in the
10:54 am
systems and it's not at an additional cost to gets about thinking about an overall architecture and having some a designated as that cyber czar that has oversight and influence into state-level decisions about what i.t. systems are procured and what the requirements are levied on those. >> governor, i can't say i have a direct answer for you. i don't have a great percentage. i really wish that i did but at the end of the day i'm actually a pre-simplistic i tried to back the basics and do the simple thinthings right. when you think about the ways you allocate budgets, yo you're often think about what's the most important thing and then targeting hitting those things and well. so from one of the things i've seen certainly is challenges where organizations are really trying to use this cutting edge thing for the latest interesting things they heard about or read about, when really as wes
10:55 am
alluded to it gets back to basics and about spending and focusing on those basics. for example, at trenton one of the things we see is will go in environment and say hey, you want user technology? wwe'll show you how it works. first, where's all your information to read this list or the set of systems and we go in and refine anywhere from 12-20% more systems than expected. even don't have it you exactly what you've got and you're not focused on first saw the that fundamental problem with a limited budget you have, then there's a significant challenge. you stack onto that the idea that you have limited budgets and limited number of people to solve these problems for you. you want to make sure you make the best use of this people and this can expect to something i'm beginning to sound a little like a broken record, scale.
10:56 am
>> first of all let's give a round of applause to matt, wes and kristen thanked them for the great leadership here today. [applause] as we close this out let me remind you that everybody has this packet. i would also like to recognize government id, our newest member here from the great state of alabama. give her a great round of applause. [applause] >> thank you so much. anything you would like to say, governor? >> we are just proud to be here. we are eager to get to know each one of you and yes, we are on top of cyber activity in alabama as well. but i'm grateful to be a look forward to working with you. >> thank you very much you all have this booklet. it's got one page and it front and back so you can pull up one specific.
10:57 am
it is costly going to be updated by our cyber team. i would ask you to take this back with you, give it to your team, make sure you bring in your adjunct general, your national guard, for cio, to jolting. as a governor i would call and put it into your office in your copper trim and make sure they have this so they know what they have to do. it is critical that you bring your national guard in early and make sure they're part of this process in your state. i also want to thank the governors for, we have sited compact year from meet the threat. we are 38 states. i thank those governments have signed signed on to this compact. we will not have a continuous dialogue as a go forward as i said this is an evolving space. everyday there something you ass a relates to cybersecurity. our team and the private sector folks i want to thank them for helping us stay up-to-date and a do what you think the corporate sponsors who have funded this initiative fix on behalf of the national governors association i want to think all the folks who have been part of this process
10:58 am
and now i will adjourn our first session and we'll see you in little bit this afternoon. thank you very much. [applause] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations]
10:59 am
[inaudible conversations] [inaudible conversations] [inaudible conversations]


info Stream Only

Uploaded by TV Archive on