Voting Village - A Panel with the Feds on Election Security
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 374 | |
| Autor | ||
| Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/50767 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
DEF CON Safe Mode248 / 374
11
35
63
70
74
86
90
98
102
103
104
105
106
107
109
110
113
114
117
119
121
122
123
124
126
127
128
130
136
137
138
142
146
151
152
153
154
159
160
161
163
165
166
167
168
169
171
177
189
214
226
231
232
239
240
246
247
250
255
256
265
267
268
269
270
271
272
274
279
280
283
289
290
336
337
344
360
362
363
364
365
367
00:00
ComputersicherheitAnalysisKraftElektronisches ForumATMAggregatzustandTaskProzess <Informatik>InformationTermPhysikalisches SystemSoftwaretestVerschiebungsoperatorFormale SpracheGruppenoperationSystem FBitrateUmwandlungsenthalpieComputerspielHypermediaHalbleiterspeicherRechter WinkelDivergente ReihePunktDienst <Informatik>MultiplikationsoperatorKategorie <Mathematik>Office-PaketElement <Gruppentheorie>KreisflächeKollaboration <Informatik>CybersexWeb SiteVererbungshierarchieWeb-SeiteMAPVerkehrsinformationDatenfeldNichtlinearer Operatort-TestExogene VariableWhiteboardDatensatzMereologieKonditionszahlTypentheorieArithmetisches MittelDatenstrukturSoundverarbeitungBereichsschätzungDigitales ZertifikatGRASS <Programm>ExpertensystemZentrische StreckungOrdnung <Mathematik>ZweiForcingZusammenhängender GraphWellenpaketTelekommunikationStandardabweichungOrtsoperatorAbstimmung <Frequenz>Arithmetische FolgeWasserdampftafelPlastikkarteStellenringSpiegelung <Mathematik>InternetworkingMatchingFigurierte ZahlMathematikVierzigBestimmtheitsmaßCASE <Informatik>Analytische FortsetzungProdukt <Mathematik>QuellcodeWorkstation <Musikinstrument>Selbst organisierendes SystemFokalpunktSystemaufrufGüte der AnpassungProgrammbibliothekBitSoftwarewartungAnalysisZählenDemoszene <Programmierung>SichtenkonzeptVirtuelle MaschineQuaderTorusWeg <Topologie>Message-PassingBildschirmfensterHilfesystemBrennen <Datenverarbeitung>HackerQuick-SortOktaederFamilie <Mathematik>Minkowski-MetrikGrundraumResultanteEntscheidungstheorieKlasse <Mathematik>AutorisierungUmsetzung <Informatik>MultiplikationMaschinenschreibenLastStochastische AbhängigkeitGarbentheorieGebäude <Mathematik>RoutingCodecEinsFreewareUnternehmensarchitekturDifferenteElektronischer ProgrammführerSoftwareentwicklerBetriebsmittelverwaltungObjekt <Kategorie>MarketinginformationssystemPerspektiveSoftwareschwachstelleEvoluteThreadWort <Informatik>Twitter <Softwareplattform>SoftwareProjektive EbeneGraphfärbungSpieltheorieGamecontrollerSystemplattformWurm <Informatik>Vollständiger VerbandEichtheorieComputersicherheitKonfiguration <Informatik>Gemeinsamer SpeicherIntegralPotenz <Mathematik>SystemzusammenbruchSchlüsselverwaltungFunktionalTrennschärfe <Statistik>COMCoxeter-GruppeOvalDatenbankAssoziativgesetzVerschlingungProxy ServerNeunzehnTeilbarkeitFacebookPhysikalische TheorieGoogolInzidenzalgebraFitnessfunktionFormation <Mathematik>Lesen <Datenverarbeitung>Quelle <Physik>EinfügungsdämpfungNatürliche ZahlBildschirmmaskeKoroutineKoordinatenRechenwerkBildgebendes VerfahrenStrömungsrichtungEndliche ModelltheorieFächer <Mathematik>MomentenproblemMetropolitan area networkZahlenbereichGesetz <Physik>BildverstehenSpezifisches VolumenDatensicherungEinfache GenauigkeitARM <Computerarchitektur>FlächeninhaltKonfigurationsdatenbankModallogikGleichgewichtspunkt <Spieltheorie>ProgrammierumgebungEinflussgrößeGeradeAbenteuerspielPhysikalischer EffektPunktspektrumLeistung <Physik>Perfekte GruppeLeistungsbewertungDivisionOffene MengeNotepad-ComputerGrenzschichtablösungProgrammfehlerEreignishorizontComputerkriminalitätLogistische VerteilungEinfach zusammenhängender RaumPlateau-ProblemSelbstrepräsentationWärmeleitfähigkeitCheat <Computerspiel>Lokales NetzKonstanteGasströmungAuthentifikationVorzeichen <Mathematik>ResolventeWellenlehreBefehl <Informatik>DatenverwaltungPasswortDynamisches SystemImplementierungEindringerkennungTopologischer VektorraumE-MailIndexberechnungPivot-OperationMaßerweiterungAutomatische HandlungsplanungSchreib-Lese-KopfRichtungSchnittmengeDickeSystemverwaltungAuswahlverfahrenComputeranimation
Transkript: Englisch(automatisch erzeugt)
00:22
Hi, I'm Bryson Bort, and thank you for joining us today with the Election Security Panel with the feds. This is a really mental occasion, bringing this many federal agencies all together on one hand. The timing is perfect. There is a huge election coming up here in the United States in 2020.
00:40
There are elections happening around the world. And I think that's a key thing for us to understand is that while this panel is talking about the U.S. federal government, how we are responding to our American election, when we look at the broader forces that are aligned against democracy in the world, that all comes down to trust in the system for the democracy to work. And those forces are working against places more than the U.S.
01:03
And so while this is going to be the U.S. government discussing this, I think citizens all over the world and hackers all over the world will be able to take something away from that. Just quick logistics. Q&A will be available through the Def Con Discord. So if you put your questions in the voting village Def Con Discord, those will make
01:23
it their way up here to me on the stage, and we will answer them as best as we can. Starting off, we have Cynthia Kaiser. Hello, I'm Cynthia Kaiser, I'm an assistant section chief with the FBI Cyber Division. And what that really means is I lead analysis among multiple threat groups for the FBI.
01:44
That includes election threats, mostly in the cyber arena. And that's by design. I saw what happened in 2016, and I knew that there was nowhere else I wanted to be than working this threat as we came up to 2020. And I'm really excited to be here with people that I get to see all the time I voice.
02:03
So for the FBI, in the election space, a good way to think about it is we're really focused on the threat. So we work hand in hand with our DHS counterparts, and they're really focused on the risk to the systems, the remediation on those systems. But when it comes to the threat response on incidents or looking at investigations
02:24
into malign foreign influence or investigations into election crimes like ballot fraud, that's where the FBI really plays in this space. David Mordino from the National Security Agency. It's great to be with you here today. I'm an NSA election security lead.
02:41
Most of you are familiar with NSA's mission, really divided up into two components. Our foreign signals intelligence mission, which is all about figuring out what the adversaries are up to. And then we have the cybersecurity component, which is all about preventing and eradicating threats to national security systems and figuring out how we can protect DOD networks and the like.
03:01
Really, a lot of power from NSA comes with combining those missions, knowing what the threat is and combining that with the technical analysis and mitigations in order for us to be able to deploy those into unclassified space. From an election security standpoint, I oversee all the activities and partnerships that NSA has on election security.
03:21
I also co-lead something called the Election Security Group, along with reader General Hartman here, which we'll get into, I'm sure, on the panel. And that's a joint NSA Cyber Command task force for protecting the elections. A little bit about me, I grew up in Chicago. That's what I'm representing here at the Miski Barks shirt, no white socks. And I'm also into craft cocktails.
03:41
I supplied in the typical DEFCON tradition, a cocktail at Black Manhattan for everybody. And I'd like to give a shout out to Johnny and Carl for hosting me at Cocktail Con this Tuesday. Really great event and a community in terms of getting the infosec community together to talk about cocktails, talk about security. So I appreciate it and I appreciate the DEFCON folks for having us here today.
04:03
Hey, I'm Joe Hartman, I command the Cyber National Mission Force. So part of U.S. Cyber Command, as Dave said, I co-lead the Election Security Group with him. And, you know, the Election Security Group is really partnered with all the agencies you see represented here and others in defense of the 2020 election.
04:22
We're the part of the U.S. government that focuses on the away game. So we are looking at foreign adversaries, Russia, China, Iran, any other foreign adversary who's attempting to interfere with our elections. We're looking for them in foreign space. And we're partnering with DHS and FBI in order to ensure that we share information that we find abroad that makes us safer here in the United States.
04:45
Really glad to be here today and looking forward to your questions. My name is Maurice Turner. I'm senior adviser for the executive director at the U.S. Election Assistance Commission. We're a relatively small agency compared to the ones you've heard from earlier today. But our mission is focused. We help make sure that Americans all across the country and all
05:03
across the world have the ability to participate in elections, whether they're going to be in one of the 50 states, six territories or stationed overseas. So our focus is really, how do we make sure that those voters have access to the polls and that they can vote safely, securely and make sure that their vote counts?
05:27
And I'm Matt Masterson. I'm the designated survivor that was held back from the federal panel. So if anything happens, we can maintain federal continuity of operations on election security. I'm in a secret skiff out in the Midwest somewhere.
05:43
I appreciate the voting village for inviting me and the feds to participate. So thankful to Bryson for organizing. And if I know we're going to address the question of what's, what's the greatest area of progress since 2016, where have we improved? I mean, the fact that you have a unified federal effort working to
06:04
help support state and local election officials on this mission space, I think speaks volumes. I work for the Cybersecurity and Infrastructure Security Agency, or CISA. I'm the election security lead there. Prior to that, I was a commissioner at the EAC where Maurice now sits.
06:20
And before that I was an election official in the state of Ohio. So I come from an election administration background. I have had to learn the intricacies of both CISA and the IC and am so thankful to everyone sitting up on that stage for their patience with me and working with me and CISA to make sure we're supporting the almost 8,800 state and local election
06:41
officials across this country, let alone the private sector that we work very closely with and members of academia and not a nonpartisan organization. Our focus at CISA is to get information support services, everything from penetration testing to routine cyber hygiene scans to incident response out to those state and local election officials to help support them and engaging with
07:03
their voters. The reality is American elections are run at the state and local level and we want to do everything we can so that those state and local officials can talk to their voters about why the process is secure and why they should have confidence that their vote was counted as cast. So really thankful for this panel and super excited to have this discussion today.
07:24
Matt, that's a great segue. Trust is key to the infrastructure, right? The process for collecting the votes to determine our democracy starts with that trust and that begins with transparency and accountability, which is why I thought it was so critical to have this panel here for the government to talk about,
07:43
okay, what's happened and what have we done? So 2016 is when I think this really grew into the consciousness as a significant issue that everybody understood. What exactly happened in 2016 and 2018? Well, on the cyber side, in 2016, Russia compromised multiple different election
08:05
networks that included a state network that included two counties. And as a part of that, we've assessed that they really sought to at least conduct reconnaissance against all 50 states to try to figure out where it was most
08:25
vulnerable and where they could get in. Now, we don't think that had any effect on election. We have no information that that did and, you know, really where they were focused on really couldn't have, but within that, it's obviously troubling because
08:42
that's an attack on our election systems. It's attacking critical infrastructure and it's something that now looking at that and moving forward, that's why we partnered with everybody here to focus on how do we, A, harden the networks so that can't happen, and how do we work to counter adversaries so they don't want to do it, and how do we ensure that we
09:03
can be as transparent as possible? And, you know, that's included some various measures like both FBI and CISA will now tell a chief state election official if anything happens on a local election network. That's a change from 2016, and it's a necessary change for the
09:20
transparency that you noted. I mean, I think Cynthia covered the cyber side pretty well. From an influence side, I think most folks are tracking the infamous internet research agency Troll Farm. So, in terms of the social media operations that they were conducting in 2016 and 2018, you know, also hack and leak operations, they're
09:42
always, you know, could be very damaging when we look at in terms of, you know, kind of evolution between 2016, 2018, and 2020. You know, it was mostly focused on Russia in 2016, but, you know, that the threat is broader than that, right?
10:01
It's, you know, for 2020, we're looking at the spectrum of all of our adversaries, Russia, China, Iran, ransomware actors, you know, there's more people in the game, and, you know, they're learning from each other, influence is the chief game to get into now with social media. It doesn't cost a lot of money.
10:21
You try to wander your narratives online through different media outlets. So, that's something we're laser focused on for 2020 as well. Yeah, Bryce, I think for us, you know, in 2016, election security really wasn't a priority mission for the Department of Defense, it just wasn't something that we had previously focused on, heavily involved in other operations.
10:44
And so, while we were focused on other operations, and Russians obviously focused on our elections, we learned from that in 2018, between Cybercom and NSA, we formed what was called the Russia small group, really laser focused on Russian interference in the 2018
11:02
election, you know, and for us, that never stopped. And so, you know, I got back to the command about a year ago of 2019, and we didn't start up, you know, this thing called the election security group that was already working, and it never stopped working from 2018, and we think we're in a much better position now, certainly than we were in 2016 or 2018.
11:23
The big change from 2016 to 2018 and now into 2020, really started with the critical infrastructure designation that allowed all these federal partners to come together in a way that we'd be able to better protect our election infrastructure. And I think that that really is the key to all of this, which
11:40
is information sharing, making sure that information is shared amongst agencies, but also to the state and local partners as well. The folks are actually running their own networks, their own infrastructure, and so that's where EAC comes in. We have relationships, we're building those relationships with the state and locals to make sure that they understand the information that's
12:01
coming to them from their federal partners, and that they've realized that they're part of the solution too, you know, feeding that information up to the federal partners is how this all works. It's not just keeping those information notices in a silo and keeping them at the local level. It's sharing up and down the stack to make sure that the infrastructure is protected because it may not just be an attack that
12:22
happens on a single state or a single county, that might be happening other places. And if we're not sharing information, then the partners don't know that that coordination needs going on. Yeah, just to build off on what some of the other panelists have said, for me, the biggest change has really been that level of coordination and support with state and
12:42
local election officials. As many people know, when the critical infrastructure designation was made in 2017, there was a lot of resistance, understandably, from state and local election officials and skepticism. And we sat there in 2018 and had relationships with all 50 states, had information flowing.
13:01
We're deploying Albert sensors. We sit here now on the brink of 2020. We not only have Albert sensors, so intrusion detection sensors deployed across networks in all 50 states. We have an ISAC, an information sharing and analysis center with close to 3,000 state and local partners receiving information, pushing information back to us.
13:20
We're now deploying endpoint protection in many of the states and across localities to have additional insight. But really, that ability to coordinate across the federal government and push information back down to the state and locals has improved so much. The federal government, I think, is working in a way around election threat information that I don't know that it did around other issues.
13:43
We are able now to take information and state locals are sharing all kinds of reporting with us and push it across the interagency, the folks that you see sitting up on the stage here, and then push out alerts and warnings through the ISAC broadly to the community. And that's just a function that wasn't there certainly in 2016
14:01
and is really being honed and improved upon from 2018 to 2020 and that broad reach. And so that ability to really work with the election officials to understand risk, our risk understanding is much deeper than it was 2016 or 2018 to the point where as COVID has developed and kind of changed operations within elections
14:23
offices, we've been able to be responsive and understand where the risk is shifting and try to help gear our support, our information sharing to understand that risk shift so that they can take appropriate steps to mitigate that risk and really ensure the integrity of the election, and then turn around and message it to voters. And I think that's a theme you're going to hear throughout
14:42
this conversation, really reach in that last step of talking to voters about their options, about how they can vote, about the process and security is really critical in an environment when we know adversaries are trying to undermine competence in the process. So part of what we've learned, which stems from the
15:03
problem and a lot of what the solution has been, the designation of this as critical infrastructure, the federal collaboration, I mean, the fact that panel can like this happen where this isn't the first time you're all meeting each other. You all know each other pretty well, right? I was talking to Bryson earlier that I've been on panels before with people from the government who are all working
15:23
the same issue, and then you're meeting the person right before the panel starts. So when Bryson reached out and said, we're going to have a panel on election security, and I asked, okay, who's going to be on it? And he started ticking off names. And I'm like, okay, I talk to these people multiple times per week or sometimes every single day or multiple times a day. So it really just shows like how deep the collaboration is.
15:43
I spent a lot of time in counterterrorism. You think that's a mission that, you know, and it is a mission that the government rallies around, but election security, I get exploded out of the water in terms of how much we all talk to each other. Right. I mean, there's no better example that this panel is a
16:02
representation of what's already happening. This panel is not the thing that is driving it, right? We are capturing a moment in time of what's been accomplished. If we had tried to do this in 2016, we would have been spending the last 30 minutes all shaking each other and like, so what do you do? What exactly is that?
16:22
Tell us about the Midwest, Matt. Like we've never heard of these things. Oh, sorry. That was a shit. Okay. How information sharing isn't just sharing information, right? But the fact that the information is being shared so that missions are being executed, things are happening with them, right? Those risks are being assessed.
16:40
Those actions are being taken. And that is, I really liked the way you phrased the show, right? We're playing the away game. I'll translate that for everybody. No, actually, why don't you translate with the away game? Yeah. So let me translate the away game at the end. I mean, if I could just talk about the collaboration, the relationships, and, you know, a good example is like the rehearsal that we did on Super Tuesday.
17:00
And so, look, I'm in the army. I've been in the army a long time, just like Dave. You know, I spent a lot of time in the CT fight and, you know, a lot of times in panel rooms and places like Afghanistan. And, you know, we operate out of these joint operations centers, right? And in the joint operation centers, we're sitting in there, as you can imagine, we love flat screen TVs, a lot of flat screen TVs on the wall.
17:20
And it's, you know, unmanned aerial vehicles are flying around and other collection assets. All that data is being pumped into the room where you're immediately able to make sense of it and then make decisions, you know, allocating resources, sending forces, doing what? And, you know, Super Tuesday, if you walked into the room that we were using as a mission center, you know, you
17:41
would have seen cybercom personnel, you would have seen NSA personnel, and you would have looked in a chat room. And almost every organization that you could imagine involved in the federal government is in a chat room, okay? And they are talking about in almost real time, if something goes on on state election infrastructure in North Carolina,
18:02
you know, there is an unclassified chat going up to DHS, who drops it in a classified chat room, you've analysts from NSA and cybercom and other government agencies immediately combing their databases, and then almost instantaneously providing information back that says,
18:21
Hey, this is something you should be concerned about. Or this is just normal traffic that we see on any day on the internet. It looks anomalous because we're paying a lot more attention to it right now because there's a distinct on Super Tuesday going on. You know, at the same time, I've got defensive cyber elements that are sitting in things we call war rooms, and they are waiting on a call, you know, if there is something
18:41
that happens that DHS needs help with, you know, they are trained, they have collaborated in the past, and we're ready to kick up a team out. Additionally, we have elements that are that are sitting over another op centers, okay, and they are prepared. If we see an adversary that's attempting to do something interfere with that election, you know, we have the
19:00
ability to play the away game. And so we have the ability to go out in foreign space and look at what you're doing. And we have the ability to make yourself feel better. And that's really the focus of of what I think the federal government looks like from the local and state level all the way up through the the national level to the Department of Defense.
19:20
And, you know, for me as American, honestly, that was a pretty impressive experience. Take a slight turn from that. I think it is important to call out the collaboration that we have in the government. But I think the other evolution that's occurred is the engagement with industry here, right?
19:40
I'm sure we have a lot of people who are, you know, working for the federal government down in here. And I think that's been a major component of the shift and posture we have for election security. I mean, it's awesome when you're reading about disinformation networks being pulled out from social media companies, obviously, the cybersecurity companies really focused on election threats and trying to hunt
20:01
down, you know, adversaries and what they're up to. You know, we can't, we can't do this mission without them and without industry help from state and state and local election officials, but also the cybersecurity companies and how we can, you know, feed off each other. We learn from what industry is putting out. Hopefully, you know, we're providing value
20:21
and what we're putting out. So people can leverage that in the systems and insights they have, right? Industry has a lot better insights than the government does in a lot of these cases. So they're a critical partner in this relationship. And I think that taking that a step further, even that individual level collaboration, you know, not just a big
20:41
corporate or a company collaboration with the federal government, but people who call in suspicious information because they they're worried about it. And they call DHS, they call FBI, they call any of us and they are calling because they're worried and they
21:01
want to do the right thing. And because those people call the majority of the information that really we're able to get to state and local since 2016, it's been because people called us. They've said they were concerned about some things. We looked at it and we said, you're right. And we got it out to everybody. So there's this element of that, like that corporate industry responsibility and collaboration.
21:21
There's the federal government collaboration, but there's that individual collaboration too with all of us that it really is working well together. Yep. Bryson, if I can just really quick on, on that, I think Cynthia raises a really good point and it's appropriate here, just the fact that there's now a guide for coordinated vulnerability disclosure for state and local
21:42
election officials in 2016, as a member of the election community, I could tell you that was, that was not a known commodity or something that they were even considering. And now we're progressed where folks like Jack Cable, who I know was on before have built relationships with election officials, help them understand the value of vulnerability disclosure and working to with independent
22:04
researchers and security experts in that way. The fact that private industry within the elections community is rolling out vulnerability disclosure policies and engaging in that conversation, not something that was going on in 2016. And so the multiple avenues of information, the multiple
22:21
avenues of collaboration are really encouraging. I think we have a ways to go. I think there's lots of room for improvement, certainly on the federal side to help coordinate on that at the state and local level, increasing capacity, the ability to intake and resolve and mitigate those vulnerabilities. But it's a drastic improvement from from where we
22:40
were even four years ago and really speaks to the professionalism of state and local election officials in particular, who care deeply about the security of this process and their systems and want to find ways to improve and talk to their voters about the steps they've taken to secure it. This industry and this community has really matured
23:01
very quickly compared to some others. And I think it's part due to events like this, like DEFCON, where researchers are coming together, talking about what's going on, where are their vulnerabilities? What are some ways we can fix it? Taking a look at other industries like telecoms, aviation, things like that, and getting those best practices out of the way kind of quickly.
23:22
And as Matt was saying, it's because individuals care. And I think that that's probably the biggest part of this that I want people to take away from this is that elections happen in communities. I think that's really what it comes down to, is everyone gets a sense of how important it is at the very local level. And then all that builds up to build a sense of national urgency and importance
23:43
about the issue and to see the election officials really get on board with this idea that they are part of the defense network to make sure that we don't have interference playing in our elections and to see them get educated on the issues and really try to convey their own sense
24:03
of confidence in their systems because they know what goes into running an election. It's not all just about cybersecurity. There are administrative tasks they need to do. There are other tasks that some of them are even responsible for. And so they care deeply about elections. They want to make sure that everyone who votes has level of confidence that they can
24:22
feel when they go into the polling place or when they mail in their ballot. So follow up questions to Maurice and to Matt. This follows from a question from Neil McBurnet. And it is we're talking to a very unique audience today. Right. They are citizens of the world.
24:42
They're American citizens, but they're hackers. Right. This is the immune system of the Internet that's there to figure out what works best. Here's the thing. They're they're doing it today in the voting village. They're doing it on the technology. We talked about industry involvement. We have individuals willing to take their time to actually dig into the technology itself to
25:03
understand what works and what doesn't, because that gives us better trust in that technical implementation of the system. And so the full question here is, when would we start potentially potentially having a prerequisite for entrance to the BBSG certification process that election system vendors adopt good vulnerability
25:22
disclosure policies as called out today? So make them widely available for penetration testing. I'll take that since the EAC is in charge of the development and the approval of the BBSG. So those are guidelines that are used by states and it directs the manufacturers to meet
25:42
certain requirements so that they build their systems in a way that is accessible and secure and usable. And so I think the idea of a vulnerability disclosure policy being part of that would really just be the codification of industry best practices. Now that manufacturers know that they are in
26:00
competition to help bring a better level of security to these systems that are in use. And so I think that that's already happening. We've seen the fruits of that labor already. It didn't need to come from a federal agency to help the process along. So to answer Neil's question, it's already
26:21
happening. And so as the industry continues to mature, I think that we'll see more and more vulnerability disclosure policies. And I'm hoping that you folks out there get interested in this sector and actually use them, find that legal way of doing the research and then reporting it responsibly to make sure that the problems actually get fixed.
26:41
This isn't about a big bug bounty that you're going after. This isn't about trying to embarrass anyone. This is about strengthening our democracy literally through strengthening our systems. Yeah, Bryson, just to just add a little bit, Maurice really tackled the meat of the issue, but I agree. I mean, we have had several vendors, election
27:02
system vendors come through our penetration testing process, what we call our critical product evaluation process up in Idaho. We have seen the private sector embrace that. Now we're starting to see, I think, the fruits of the work of not just the voting village, but the private sector companies to understand the value
27:21
and frankly, the marketplace dictating that improved security steps towards coordinated vulnerability disclosure processes are going to be good for business. And that's why you see a reflection and progress being made. The private sector is hearing from customers, is responding, and I think will
27:41
continue to see progress made on that level. I think one step we need to take, and I know the EAC takes this very seriously and states need to be thinking about it, too. But to the extent it involves equipment, whether e-poll books or voting systems that they certify, you have to be ready to respond and adjust certification, quickly adapt to to those
28:03
type of processes. So I think we have a maturing to do sort of in the bureaucratic lane to make sure that we can support the private sector as they're changing and evolving and accepting this approach that we support them in our certification processes and the way
28:22
that systems need to be fielded. So that all ties back to that, what is the threat? China, Iran, Russia have been mentioned. How are they a threat? What are they doing? And are they the only threat that we need to be worried about?
28:42
I'll start with that one. I would say those are the main threats we're facing. Again, I think ransomware is like one of those wildcards out there that could be wielded by anyone, in theory, criminal actors, etc. So they could probably say more to that. So for
29:01
Russia, I think in terms of an evolution, what we've seen, we talked about the internet research agency, what they did and kind of social media accounts and the troll farms. In terms of 2020, we've seen a shift more towards use of proxies. I guess I should maybe say intermediaries when we're in a technology crowd instead of saying proxies. So, you
29:23
know, using, again, I mentioned before, laundering information through other individuals into the media space, the IRA, seeing that shift tactics, they had set up something in Africa and Ghana in terms of trying to, you having people there trying to put stuff
29:42
online, posting things about socially divisive issues, using covert influence websites to be able to get their narrative out. So those that's kind of a shift of tactic we've seen from Russia's side. China, I think, you know, scale is is something that is a bit unmatched in
30:03
terms of them as a threat, both from a cyber standpoint, and from an influence standpoint, certainly on influence, they've very active in their region, Taiwan, Hong Kong, then becoming potentially more aggressive in the US space is something that we need to monitor and be prepared
30:20
for. But you know, in cyber for the China cyber threat, you know, they're a little bit different in terms of scale and the breadth of the targets they go after, right? Like every US citizen is a target of China just because of the big data, PII that they're interested in collecting, you know, obviously, everyone's my IP threat, besides just the standard
30:42
intelligence type targets. So I think that sets that uniquely apart. And then you know, I ran just getting into the game too, right in terms of them trying to do social media influence and learning from what the other adversaries are doing. Yeah, so, you know, Russia, you know, I
31:02
would offer everyone you should read the report that came out from the State Department a couple days ago, 77 pages, you know, called the pillars of disinformation about the various sites operated by Russian, just ask yourself, you know, why in Russia, you know, a country where few people read or write English, you know, do they continue to
31:22
put out a tremendous amount of English language news on these on these French news outlets, you know, that really involved divisive issues that are US faced. And so, you know, again, a tremendous amount of platforms that, that the Russians invest in CNN ran a
31:40
great news expose in April of 2020, about organization that Dave, Dave reference. So 18 trolls in Ghana, led by a guy named Seth wire to who grew up in Ghana, educated in Russia, and, and appears to have been on the payroll of the production network.
32:01
So, again, it's about a seven minute watch CNN did a fantastic job. And, and that can just provide you some insight and in the in what the Russians are doing there. And then, you know, when we talk about private industry, you know, whether it's Facebook, Google, Microsoft, you know, you there are dozens of articles about how these technology
32:20
companies have identified this malicious behavior on their on their platforms that they're able to link back to the nation state adversaries Russia, China and Iran. So, you know, I would I would tell everybody that there's a ton of a ton of stuff out there. You know, I know when we talk to cyber comm NSA, we want, you know, we want to focus on that classified cyber box. But, but
32:41
I'll tell you, there's a tremendous amount of great information already out there on the internet, that can provide you a lot of insight. You know, as Cynthia talked about, you know, we, you know, the US government, you know, for you, experts that are out there, you know, if you see suspicious activity, tell DHS, tell
33:00
the FBI, you know, we the government will do something about it. You know, if it's a domestic threat, those organizations will address it. If it's a foreign threat, they'll tell us and I don't mean they'll tell us like six months from now, they'll tell us that day, they'll tell us early the next morning. You know, we had an incident the other night that, you know, occurred at 142 in the
33:20
morning. And you know, about six o'clock in the morning, we had cyber teams looking at the activity. And so, again, for you experts out there, you know, you know better than anybody else, if something is weird is going on on the internet. And I would just ask you to share that and we the government will take action. And I'd say to just from a cyber
33:40
aspect, because I know we're talking to a lot of the hackers community, you know, leveraging trust relationships, I you know, it's a common technique, right? So, you know, some of these networks that they might be interested in are very well defended, just like the community, right. But, you know, companies sometimes outsource the marketing departments, there's other other soft targets out
34:02
there, think tanks, that could be lucrative, even from an Intel perspective, you know, think tanks do policy work for, for politicians, they have contacts with elected officials. So, you know, sometimes going outside fullside. And again, a lot of a lot of this is common techniques exploiting publicly known CVEs, you know, password
34:21
spraying, spear phishing, you name it, you know, they're, they're using Shona, they're using burps, we, they're, they're using those tools, they can get access to a network that maybe isn't inside the bullseye, leverage that leverage an account, leverage a network connection to get into the targets are going out. I think that's an important point that that type of
34:41
targeting hasn't really stopped from 2016. So spear phishing, or looking for those networks that might be connected to the targets that more desire, that's been continuing pace. And I mean, we're tracking a lot of incidents even right now. And
35:00
the good news with all those incidents is we haven't really seen any widespread impacts from those. But it's interesting because tracking a lot of incidents can feel scary, but it also gives me a lot of, it makes me feel better almost because I know that we're
35:21
acting over tremor. And that means we have a lot of false positives that we follow up on. I would rather that than not knowing things are out there. But it also needs to be a fuller picture. And you know, part of that fuller picture, as Dave mentioned, is on cyber criminals and not just
35:41
ransomware, other types of incidents as well and actors as well. And we really have to be on guard, not just if it's coming from Russia or China or Iran or a host of other groups, but a threat to a election network or a campaign network is a threat. And we
36:00
need to be able to be really flexible in addressing that and getting in front of that head on so that we can make sure that come election day, we're not dealing with a lot of pop-up threats and we're spending a lot of time trying to figure out really what happened. Yeah, I think that the nexus of cyber and the cyber threats
36:21
and influence threats is a dangerous space. I mean, we know about hack and leak and impact, potentially the voter populace and their opinions. But, you know, we were just talking before this panel, I think, in terms of using influence to make people
36:41
distrust either the electoral outcome. So you could have a ransomware incident in a local network that actually doesn't even impact the elections counting or any of that, but someone could then spin an influence campaign when that gets reported to make people
37:01
think it has had an impact and then not trust the results, right? So then that's one of those things that I think is worrisome, even if the cyber attack doesn't actually have a measurable impact in terms of the conduct of the election or voting tallies. But, you know, if someone's able to take that and then try to spin off
37:21
that information, you know, operations campaign, that's something to be aware of. That point I'd just like to drive home is that it's not just about, you know, what actually happened, where votes actually changed. That's incredibly difficult to do at scale in a way that's undetectable. But if you can put that message out there
37:40
that causes people to question, and then their local election official picks up that phone call and they don't have a good response for it, that can be just as damaging. So that's why at EAC we feel so strongly about making sure that local election officials have the tools, have the training that they need. So we've partnered with the Center for Tech and Civic Life to actually provide that basic intermediary, intermediate
38:00
level of cybersecurity training, so that they understand, you know, why is it important to have two-factor authentication? You know, what does it mean to actually have a password manager so you're not reusing your passwords? These are all basics that most folks that are watching us right now are thinking, how can anybody not know how to do that? So if you've never been taught that, or if you don't have an understanding of the impact of that, then it
38:22
might be too much work. But once you understand how much bad stuff that can actually prevent you recognize, it's actually not that difficult. It's actually pretty easy to use it if you are familiar with the tools. And then it gives you the confidence to stand up and say, you know what? Yeah, we heard about the ransomware, or maybe we got hit with some ransomware, but you know,
38:40
the town down the street, but we're ready. These are the things that we're doing. We're also doing some other things we're not going to talk about, but here's some of the big things, high level things that we're doing to be prepared so that if we do get a phishing email, we know how to spot it. We know how to stop it. We can recover from those backups if we actually do get hit with it. And so I think that's why it's so important that the local
39:01
election officials have a level of confidence that they can then reflect back on to their voters when it comes to elections. Yeah, just, just real quick on that. Maurice raises some really good points and it's why we spent a lot of time at CISA on something we call the last mile project, which is literally a poster project, offering both risk
39:21
assessment and then mitigation advice to the local level, almost 6,000 local jurisdictions, specific to their state and their jurisdiction so that they can not only take the steps, whether it's multifactor authentication or penetration testing or phishing campaign resilience or creating incident response plans, which we really
39:40
focused on, but then can go and talk to their voters. And we've seen some cool approaches to this. We saw one state, the state of Iowa, take their posters out to the state fair so that they could talk to their, to their voters directly about steps that they were taking. We saw the state of Rhode Island work with their libraries to put it up in the library system so that they could talk to voters through the libraries about
40:01
this. And in the end, you know, I think Dave raises a really important point. There's resilience to, to cyber intrusion resilience and the ability to recover from incidents. But then there's the resilience that we need to install in talking to the American voter. You know, we, we need voters that, that are prepared, right? That, that understand
40:20
their registry. Am I registered? What's on my ballot? What are my voting options, particularly amongst COVID so that they can have confidence on how they're going to engage the process. We need a voter that is patient, that understands that perhaps election night results won't be as complete as what we're used to in a given jurisdiction. And that the accuracy of the vote count
40:40
is the most important thing regardless of the time it takes. And then we need a voter that participates, that engages. We need, you know, 250,000 or more poll workers across this country in preparation for November in the midst of COVID when we have poll workers that, you know, are going to be unwilling to work either because
41:00
their age or high risk nature. And, and so having people engaged in participating in the rally for the, for those folks that, that are listening, no one told me anyone would be listening to this. So now I'm a little worried, but anyone that is listening, go sign up to be a poll worker. If you want to understand the process, Matt Blaise hits this every time. And he's exactly right. If you have questions, if you have
41:21
concerns, if you want to help secure the process, start off by being an election worker. You're not going to get turned down. We need you. And it's the best way to learn where the resiliency exists in the process where improvements can be made in order to get involved. If you can't be a poll worker, if you can't take on that risk, there are opportunities to watch pre-election testing of
41:41
systems. We run elections at the local level, so you can participate directly with those who run the process. So go get your questions answered, go engage with them and see what kind of support they're in need of, in particular, serving as election worker. It really is the best path to doing this and the best way to learn the process. But if we can have voters, the voters
42:01
are our last line of resilience, as Director Krebs says, they're the ones that can really ensure responsive resilience, a resilient process when attempts to undermine confidence are there. There is no such thing as a secure system, right? We never hit a plateau where it's like, oh, we're good, we can all pack up, go home and take the
42:21
next year off. So quick question from a lot of interested citizens who want to get involved ties to the fact around, okay, so you talked about detection being a key part of that secure system. Where exactly are they supposed to go to figure out where to say something? Well, you can go to
42:40
your local FBI field office. You can go on to FBI.gov and find out contacts or contact our FBI side watch directly. And you can go to multiple other agencies as well, because what we've really said is a call to ones called all. And
43:00
that's how we are ensuring that there's that kind of information sharing across the board here. So there was, sorry, go on. Yeah, I was just going to say, Cynthia is exactly right. You know, we, first of all, if you, if you know something within your community, engaging directly with the, the
43:21
local election officials really critical to help understand, did you actually find something or, or is this something they're aware of otherwise? The second part is engaging with your state officials. They're prepared to take it on. They're the ones that know the process, know their systems, can, can talk to the vendors if it's a vendor issue. And then the ISAC exists for
43:40
exactly this reason as well. There's, there's an avenue. And it happens fairly commonly that if you report to the election infrastructure, information sharing analysis center or directly into CISA, we now have the points of contacts that we didn't have in 2016 to be able to get valuable information to state local election officials so that they can take action on something
44:00
that's identified. So that there are avenues, again, the state and local officials know their systems. They're the best prepared, uh, to mitigate a problem. Uh, but if you're not finding success, that route that the ISAC, CISA, FBI field office, uh, are available to, to help you get there. Uh, and understandably, some folks may not want to go, uh, to the federal government,
44:20
which is why the ISAC really offers a nice safe place to, to begin that reporting. I'll offer up EAC as well. Uh, you can send an email to security at EAC.gov. Um, obviously we have connections with all the manufacturers. If you're having trouble with a particular manufacturer or having trouble with a particular agency or your local official or just not in the response you want, uh, we're happy to help facilitate that conversation. And just
44:42
from a cyber constant point, one of the big changes for us is, you know, we historically had been focused, you know, working inside skips. And one of the things that we've really done in support of 2020 is, you know, we have organizations now that live outside skips. They're on nimbernet or unclassified internet. You know, they're in slack channels. They're
45:01
talking to FBI. They're talking to DHS. They're talking to private industry partners. And they're, uh, you know, they're living in that same ecosystem that many of the folks that are, uh, that are listening to this presentation are. And so we have really tried to adapt some of our behavior. So we're able to, you know, in real time, collaborate with our partners across
45:20
government, uh, you know, on a, on a little different time scheduled in will be a traditional military one because I know most of you are probably not up at five 30 in the morning. So, uh, bill Ebenina, the director of the national counter intelligence security center, uh, just recently put out an official statement today, talking about the very threat that we're
45:40
covering here, but all of the threats were basically laid out in an equal manner. Would you say the threats are equal? Which one would you say is the biggest and why? I don't think we need to take any of the threats like, right. Uh, I think the statement in terms of what, uh, you saw how they're at lays out, uh, how
46:01
each adversary is approaching the problem. Certainly, um, you know, Russia, China, Iran, they, they all have, uh, the intent and they, they all do activities, um, you know, that they think are advancing their best interests here. So, um, you know, I
46:20
don't think I would say like one is scarier than the other per se. Um, certainly, um, some of these adversaries are a bit more experienced at this in terms of the amount of time they've been, uh, working, you know, doing operations, but, uh, you know, from our perspective, you know, I care about all
46:41
those threats. I take them all seriously because, um, you know, again, some of this stuff is very cheap to get into and to execute. So, uh, you know, I, I wouldn't do a value judgment. I couldn't agree more on that. And I think that it's really important to remember that, um, our threat
47:01
picture is always informed by, you know, what we collect, what we know, and we know we don't have the perfect pictures and hits too. And what we, how we really have to approach all of this is what could be the effect from these various groups, what could happen closer to September, October, because, you know, it
47:21
still is a few months away and, uh, we need to be prepared for a lot of different things happening within that. And, uh, you know, I mean, uh, in a footstep again, you know, it doesn't just have to be the big three. It can be, uh, uh, other non-state actors, uh, or, uh, criminal groups and
47:41
the like that, um, are going to undermine people's confidence in our, uh, system. And really, if you ask me what the biggest threat is, it's these kind of constant drumbeat of, uh, or influence campaigns that are going to make people, uh, feel like they're less confident in our system. And that could be people who are less. And that's
48:02
really where, you know, I stand up at night. Hey, Bryson, just real quick. Uh, everyone in the fed room actually has to take a drink because the fed said foot stomp. Uh, so that's actually one sip, uh, for everyone in the fed room. I can't help but
48:21
feel like you're cheating the system a little bit. Um, if you don't have a drink, I've been drink. I've been drinking this whole panel. Don't worry. I'm good. Hey, put up or shut up. Show us your drink. It's in a water bottle, but it's back up. Uh, so we're, we're coming close to our end
48:41
of time. So I want to ask a final sort of grab back questions to each of you. Um, and you have about a minute to respond. Uh, so you'll have people, but, um, you get a non-internet connected wand magic wand that you can wave. What is your one watching one? Is that, is that the magic? It is. Yes.
49:01
That is how it is wireless, but wired. Uh, and with this back one, you can have one thing happen for your agency. Don't don't, this isn't reality, right? This isn't, Oh, if only I could get that $20 million to fund that. This is what do you wish from a process perspective, tied to that debt is okay. So
49:21
2020 is almost written. The VLM ballots start in a month. People start voting. Those start happening. 2024 is our next big one. What is one good thing and one thing we really need to worry about in the future in 2024? See, I feel like I include the short star
49:40
being right next to you. I, um, I like you the most. Okay. Okay. Uh, so, uh, thinking about, uh, how, what I really wish we had more of is, um, I wish we had more people right
50:00
now with, uh, the, um, cyber skillset that we could, uh, hire quickly and get them on, um, so that we could, uh, just expand our scope and scale, uh, and, uh, speed at which we're addressing threats. And I think that that goes towards, you know, we're putting so much of what we have against
50:21
the election. And I feel really good about where we're at on it. But what does that take away from some of the other, you know, did that delay other work and that, you know, that, that worries me. And I'd like us to know that we have the, that, um, the people coming to us that, um, want to do the right thing, um, that, uh, want to protect America and that, and have those
50:40
skills necessary to be able to, uh, uh, help us in that as it looks towards 2024, what I want to keep. Um, so, um, I hope we keep the collaboration and the focus alive. Uh, you know, kind of been in my opening remarks, I gave a real quick overview of what the FBI does, but, you know, part of it is, uh, part of that,
51:00
you know, focused on cyber investigations, looking at influence. I, we developed the foreign influence task force and, um, that effort, I think has really helped us focus on, it's not just a cyber issue. It's not just a criminal issue. It's not just an influence issue, like seeing how it all works together, internal getting the China
51:21
people to talk to the Russian people, talk to the cyber crime people and, and looking at it as a one threat, that's new, uh, within the federal government to really consider, uh, in that space. And I want to kind of keep that, uh, moving forward. I think that, um, yeah,
51:40
that's okay. All your questions, you asked like a spectrum of, of a few of them here. So, um, but, but yeah, and I, you know, I hope we all, we all, uh, stay in touch after we, uh, put this in our rear view mirror. If you don't stay in touch, then the next panel is going to be more awkward. I think the, the, the
52:01
one answer is pretty easy for me. Um, you know, perfect insight and adversary intent and operations is obviously a great thing to have. You're not supposed to say that you don't have that. Um, so I mean, cause that's just going to inform hitting a
52:20
little bit on Cynthia's point and going back a bit to accommodate me before in terms of working counter-terrorism, a lot of times you're fighting the last war, right? You know, someone tries to blow up a plane with printer cartridges, like the government swarms to figure out how to stop that. Then the adversary moves on. Um, you know, the same thing here, we've seen adversaries, you
52:41
know, evolve. We've seen a few adversaries come in. Um, so there's always, you know, worry about, you know, what you don't know, but what I'm confident in is that we are positioned a lot better positioned now for agility in terms of responding to these threats because of the systems we've set up, the partnerships we have.
53:01
Um, that is certainly something for 2024, we need to keep building on, um, and not losing sight of it. You know, when new problems come up, you know, not making sure this remains a focus. I think the DEFCON voting village is very important to keep this running. We need people's help from NSA specifically. Uh, you know, we have a much, we're investing
53:20
a lot more in the white hat brand, the white hat brand, excuse me. Um, but, you know, NSA cyber Twitter account, please go follow it. You're going to see more good stuff coming out of that. Um, but, you know, continuing to build upon that's going to be a critical thing we're going to invest in moving forward. Um, I can't tell you how excited some of the people were in our building,
53:40
like late May, the cybersecurity advisory on the GRU, uh, on the mail vulnerability, seeing, you know, at least, you know, five different cybersecurity companies take that information, pivot, pivot on the indicators in there and their own data sets, figuring out new things that you didn't even know about, um, you know, to, to uncover more, uh, uh,
54:01
public, uh, adversary operation. So, you know, that, that got people excited with building and, um, that's something we do want to do more of. And I had, again, just sitting on that critical partnership and that dynamic of us, uh, you know, using each other's information and building, you know, that security of the enterprise, raising all votes. And it sounds kind of Pollyannaish, but I
54:20
think it's really, really important. Hey, Bryce, if I could wave a magic wand, I would wave it and, and we would get COVID-19 under control. Um, you know, I just got to tell you there's great collaboration, but we could do so much more. You know, we could do so much more with our partners here. Uh, we could do so much more overseas. Um, if we
54:42
could get, uh, the pandemic under control. And so please wear your mask and help us do that for the second piece, you know, where do we see this in 2024? You do get asked the questions, but I get to answer the question I want. So, you know, I would rather focus on 2020, right? 2020 is not a foregone conclusion. We can have a safe, secure, incredible
55:01
election. You know, as a, as an American people, we need to mobilize, you know, there are thousands of smart people, uh, extraordinarily technically capable that are watching, uh, this session right now. Please go work at the polling stations. Please talk to DHS. Please talk to, talk to the FBI. Um, again, you
55:21
know, we are all in, we've got thousands of people that are going to work every day in order to support a safe, secure, incredible election. And, uh, and I would just ask for everybody's help. I like your magical answer. I really appreciate that. It was a greater sense of where we all are in the world today. Um, if I could wave my, my magic wand on EAC,
55:41
I'd say that we would, we would be doing better to get the VBSG, uh, more, more flexible and faster responding. Uh, so this idea that if we can get you researchers interested in election infrastructure and discover those vulnerabilities, report them responsibly, and then we can get the manufacturers to patch
56:01
and get those out in the field, uh, and much faster turnaround. I'd really, uh, I think it'd be a much better position. We're working toward that. It's still a process. Um, you know, that takes some time, but I think we can get there by 2024. And just to recognize that the federal elections are over two years, but locals are running elections every few weeks. And so there's
56:20
a bigger stake at play because every election that's run is a chance to show that we can do democracy, right? We're going to keep doing it. Um, and it's done very well most of the time. It's just those few times where there's those hiccups, um, you know, that we have some trouble and it starts to erode that confidence. So the better we can get at hitting those patches, uh, much better off the whole system.
56:42
Yeah. So the magic one, I got two answers, I think, and I had the advantage of time, uh, which is useful. Uh, the first, the first is, uh, if there was a way for, for just, uh, to, to, uh, push out, uh, service agreements or whatever the case may be to upgrade, uh, election
57:00
systems, not just voting systems where most of the, uh, focus goes, but, uh, election systems, including workstations off of outdated and unsupported, uh, software. Uh, I absolutely want to do that. Uh, you know, it's not just windows seven, we're talking older. Uh, and we, you know, it's not that the, the local election officials or state officials don't want to upgrade, uh,
57:21
it's that, uh, they lack either the, the IT support or resources. And I'd love to be able to give that to them. Uh, the second is, uh, getting to a hundred percent auditability, uh, across the nation, uh, and having efficient, effective audits, uh, for 2020. Uh, we're going to be, uh, upwards of 92 plus percent, uh, of audible records, but we need, uh, good efficient, effective audits, uh, to, to,
57:42
that are transparent. Uh, I mean, Neil McBurnet asked a question earlier. He's making it his mission in life, uh, to get to this. And I so appreciate it. If we can, if we can provide that public, that transparent auditing process efficient and effective, uh, I think, uh, it would be a real, uh, success, uh, looking forward, uh, there's something in elections called the election
58:00
wall, where you literally lack the ability to look past the next election. You try and you don't even know what life looks like, uh, beyond that. But if I had to, to really, uh, you know, push myself through that, uh, it would be, uh, increasing the amount of support resources. Uh, and I don't just mean money, uh, to state local officials to help
58:20
them meaningfully, uh, manage the risks to their systems, uh, and really take some of the innovative steps that they want to take, uh, that they, that they're unable to, uh, either because of a lack of, uh, IT support or resourcing, uh, that otherwise would allow them to, uh, to, to serve voters. And then finally, I know I'm cheating, uh, but, but, uh, a more resilient American public, a
58:41
deeper understanding of how elections work, uh, deeper understanding of what their, their options are, how, how ballots, uh, uh, reach them, uh, or how they can interact with the process and, and then, uh, how, uh, we reach our, our final certified, uh, elections. Again, that, that, uh, prepared patient and participating voters, everything as we look
59:00
at 2020. I feel that the same way that as a village organizer for DefCon that I can't look past this weekend. Um, so thank you to all of the panelists for, uh, sharing what your organization is doing. I have to say it is, uh, you feel a lot better understanding the collaboration, the
59:20
transparency on the fallibility and the improvement, and very much looking forward to what we can do. We are all citizens and our voices should be heard. Thank you. Thank you. Thank you. Thanks.