existing programs you work with. move with the mayor move with the mayor. they are doing great work. we forget we talk about mental health but also your physical health make a huge difference when you try toma work in her mental health and getting the endorphins going in so move at the mayor. there's your new ambassador move with the mayor. thank you everyone, thank you. our rates thank youse so much. this goes because her opening session. will be right back after lunch. thanks everyone. ♪ nonfiction book lovers number of podcasts for you listen to best-selling nonfiction authors influential interviewers the after words podcast and on q&a wide range in conversations

nonfiction authors and others who are making things happen. book notes plus episodes hour-long conversation regulate readilyfeature fascinating auths nonfiction books on a wide variety of topics the about books podcast takes you behind the scenes nonfiction book publishing industry insider interviews industry updates and bestsellers list find all of our podcast and when the free c-span now app or where ever you get your podcast on our website c-span.org/podcast. c-span is unfiltered view of government funded by these companies and more including comcast. comcast aspirant 1000 community centers to quit wi-fi enabled the students from low-income families can get the tools they need to be ready for anything. comcast support c-span as a

public service monk these other television providers. giving you a front row seat to democracy. former inmate gave birth while incarcerated on the mistreatment of women in prison subcommittee who gave birth to a new point on present toilet both the hearing was chaired by georgia senator jon ossoff. [background noises] ni said that commit human rights order. law will come to welcome all in particular to our witnesses. before we begin i want to take a moment to acknowledge your bravery and your courage in testifying today.

we appreciate what it takes for you to be here addressing a very difficult and personal subject in a public forum like this. i do want to advise those in attendance and those tuned in across the nation this is difficult subject matter viewer and listener discretion is advised for that reason. in february of this year's chair of the human rights subcommittee i launched an investigation into state, prison and jail conditions were pregnant and postpartum women. the subcommittee conducted site visits and s interviewed more tn a 100 formally and currently incarceratedre women, civil rigs medical providers, advocates, duals and academics. federal lawsuits and public reports from the last six years. finding what i believe to be

significant and pervasive abuse and mistreatment of pregnant and postpartum women behind bars. the subcommittee has identified more than 200 reported human rights abuses against pregnant and postpartum women at state prisons and jails nationwide. we have heard from mothers forced to give birth in prison showers, hallways aren't dirty cell floors. mothers who gave birth into toilets. after being told they were not in labor and they should quote lie down and go back to their cells.mo mothers who gave birth in their underwear after prison staff refused to help them. and told them instead quote don't have that baby. "you are not even pregnant.

in all cases we reviewed these women repeatedly requested and even begged for help. but health came too late if at all. and in several cases their babies did not survive. we heard from mothers whose infants weree immediately taken away from them. the subcommittee received numerous reports thatit generaly infants born in a facility are taken from their mothers within one day of birth. the mothers often went months and sometimes even years without knowing what happened to their children. we heard from postpartum mothers are placed in solitary confinement within days of giving birth without any medical care or mental health support. we heard from women who were shackled around their stomachs, wrists, and feet during birth.cy and

reportedly causing injuries and miscarriages. while 41 s u.s. states reportedy have laws that prohibit or restrict such shackling, the subcommittee identified apparent in at least 16 of the states. the rights of women into humane present conditions in adequate health care are recognized under the u.s. constitution eighth amendment the international covenant on civil and politicalt rights the united nations convention against torture of the nelson mandela rules and the bangkok rules among other international standards for the testimony and evidence we will hear here today, however presents a shocking and horrifying picture of pervasive abuse and mistreatment of pregnant women and american prisons and jails for the subcommittee will hear testimony from a woman who endured appalling conditions while regnant and postpartum including

weeks of solitary confinement within days of givingg birth. the subcommittee will hear testament from mother of a woman who gave birth into a prison toilet after her pleas for medical attention were ignored by prison staff. again, i want to thank you both sincerely for your courage in sharing with you and your families have experienced. we will also hear from ob/gyn physician whogy can speak to the inhumane conditions faced by pregnant incarcerated women around the country and the tragic consequences for their health and safety. this is an active and ongoing inquiry by the subcommittee. we will continue to investigate human rights violations against pregnant and postpartum women in george's prisons and jails and nationwide i like to thank my senate colleagues who have worked tirelessly to improve the conditions of our prisons and jails including chair durbin, senator booker, and senator

blumenthal. i am grateful that we have all three distinguished senators with us here this afternoon. i like to yield to chair durbin for his opening remarks. >> i do not want to postpone the actual testimony. but this is a continuing challenge. we all have the famous quote which said basically you could measure the degree of civilization the country by the way they treat people in prison. my feeling is every member of congress house and senate should visit a prison at least once every twost years. we ended passing laws to lives and institutions we should know what is actually going on. center even a real leader on this and i want to thank you. consider booker, senator blumenthal and senator klobuchar the whole democratic side of the committee has paid special attention to this issue. thank you for this hearing today. >> thank you chair durbin, senatorbi booker, chair of the

crime subcommittee for opening remarks free. >> thank you so much. i want to thank the chairman of the full committee who is here as well placement of partner in so many of these issues. it is it frustrating too because our society is turning a blind eye to the treatment of incarcerated individuals it is stunning the things that have been allowed to happen in our prisons and jails throughout our country that do not align with our values. often put us asut outliers and e developed world for how w people are treated behind bars. we are culpable complex challenges and barriers faced by pregnant and postpartum women while incarcerated. i came to this issue many years ago from honestly a place of ignorance. i've worked since has a lawsuit in prisons and have been visiting prisons regularly since then. trying to reform our system and going to jails and prisons but one day it was pointed out to me

by a woman formally incarcerated woman i had never ever in my 20 years of visiting prisons had been to a facility my visited the facility is shaken to my core. i sat down with the women who began to tell me stories that were unacceptable things like making their own tampon so they could savee money to be able to call their children when those callsre were charged usery rate. with a facility i visited strictly i will never forget the top award and looking at me when i asked her how many of the women here were survivors of sexual violence and she said 95% of thenc women are survivors of sexual violence. the united states the land of the free is home to one out of every three incarcerated women worldwide. the number of incarcerated women has increased by a staggering

585%. an issue directly compounds the fact the united states has alreadyy u has for all women the highest maternal mortality rate amongst all high incomee nation. that's worse for pregnant women and our prisons. studies show they have a higher likelihood than notnc incarcerad pregnant women of experiencing adverse maternal health outcomes like mortality and morbidity. this and the realities that exist inow our system are unacceptable. every human being, especially those in the united states should have qualityty healthcar. that right does not disappear when we go behind prison walls. this is why when i first became a senator a decade ago, i thought to move the treatment of incarcerated women who were pregnant. back in 2017 i introduce the

dignity for incarcerated women act with a group of extraordinary champions from elizabeth warren to then senator kamalala harris we thought more and secured critical in the first step act that prohibits a shackling of pregnant women in federal custody except in certain limited cases. more recently teamed up with representative presley lord underwood and alma adams who degraded justice for incarcerated moms a act. this built one center by states to follow our lead in the first step act and that the practice of shackling pregnant women once and for all. provide funding for pregnant and postpartum women who are incarcerated to access dualist mental health counseling, healthy food and nutrition education, maternal and infant bonding opportunities andni a me to support a healthy pregnancy and birth. this bill is an integral piece of the omnibus legislation i

introduce of representative warren and adam's it would address every leading cause of maternal death and the united states and make critical investments in addressing the socialri determinants of health and disparities in mental health care and outcomes. today's hearings will illustrate an painful wretched realities pregnant women in prisons are subject to grave injustices. what gives me hope is more than 80% of pregnancy related deaths are preventable and the resources to save the lives of pregnant women and the maternal health crisis help with the birth of healthy children. you cannot say in america that you are pro-life and allow the horrorsll that are going on rigt now in america's prisons to continue.. federal action is needed to ensure we treat incarcerated women with the dignity they deserve it.

action is needed to save lives. thank you, mr. chairman. >> thank you, senator booker i will now introduce our witnesses and then they will be sworn in. thank you again for joining us today this jessica is a mother and care navigator at the policing alternatives and diversion initiative. she survived pregnancy, giving birth and postpartum recovery while incarcerated and our home state of georgia. mr. karen is the mother of tiana who gave birth inside york correctional facility in connecticut. doctor carolyn is associate professor of obstetrics and gynecology at john hopkins school of medicine associate professor of health, behavior

and society at the bloomberg school of public health. a fellow at the american college of obstetricians and gynecologists. if you would all please rise and raise your right hand. do you solemnly swear the testimony about to give before the subcommittee is the truth, the whole truth and nothing but the truth to help you god? let the record reflect all witnesses answered in the affirmative you may take your a seats. when you aree ready we will begn with your opening statement a friendly reminder to the witnesses to make sure he your microphones are active when you areho speaking do not feel presd for time. we want to hear from you. when you are ready, please. okay good afternoon.

first i'd like to thank you all for allowing me this time to speak in this space. my namee is jessica drew on burger. i ambe a mother probably working at policing alternative and divergent initiative alsoor knon as pad in atlanta, georgia. in 2017nd and 18 i was pregnant while serving a five-year sentence. i was held initially at a facility with the call of the medical facility for the georgia department of corrections. those nine monthsth pregnant and prison and everything that followed was the worst experience of my entire life. they treated us like animals. i was there for nine months and saw several babies born in the hallway when i was there.

i remember women is screaming for help, and praying out loud for medical attention. all of us were scared, stressed, and vulnerable. i remember in a room buried next to mine screaming help, i am having my baby. the nurse on duty shouted down the hallway, shut up you will see a doctor in the morning. the woman ended up giving birth on the bathroom floor. sometimes people got lucky and the doctor would get there just in time to catch the baby. i remember praying god, please don't let that be me. the officers played mean tricks by nancy at 4:00 a.m. wake up you've got breakfast from waffle house. blue rushed on the same hallway only to find there wasn't any waffle house. they would laugh at our

confusion and disappointment. they also did not properly feed usrl at all. our food consisted of watered-down greens and soy patties which left us all very hungry. this food tasted awful and the cheese and bread which was the extra food we got because we were pregnant, was so bad i still cannot get the taste out of my s mouth. i was most scared the morning i was to give birth. i was told by prison staff that because i had a c-section 18 years prior, it was a georgia department ofth correction poliy that i had to have another one. even though i told them i wanted to have a vaginally birth, they told me it was not allowed. it is my strong belief the prison staff wanted me to have

eight c-section to fit my birth into their hospital transport schedule. god had other plans. i end up withh preeclampsia and had to beis rushed to hospital. this is where might trauma a tun for the worse. i was dropped off with officers i did not know at a hospital and was in a surgery room surrounded by strangers. doctors who never examined me and nurses i had never met but when i explained to t the doctoi was told i had to have eight c-section but i wanted a natural birth, the doctor said it sounded like coercion to him. my beautiful jordan was born august 15, 2018. ii had only two short hours to hold and look at my baby. that last time i would see her for a few years, three years about three years. we were separated, she was taken

to the neonatal unit. i was taken to a dark basement where they kept the incarcerated people. in the basement i was transferred from the rolling bed to a stationary bed. i had to be helped by a couple of nurses as i could not feel my legs. i wrote the nurse asking the mail sergeant to step out so she could clean mee up. and he replied i cannot do that, ma'am. she looked me in the eyes and quietly said, she said i am sorryy, and proceeded to clean y private areas while the mail sergeant watched.

the next fewew days i remember t random men lookingll every hourn the small window of the locked door. i remember seeing feet of people walking by my cage window and thinking of people only knew what was happening down here, what would they say or would they even care? i was transported to the state prison three days after giving birth i asked if i could seat my baby and tell her goodbye. the transporting officer told me it would be in my best interest not to say goodbye. they would not even provide an update on how she was doing. once i arrived i was placed in the infirmary in a room with a woman who had mercer. this made me veryy uneasy as i

had a large open wound in my abdomen. i asked for cleaning products was given a large i'm sorry i was given a thumbnail size amount of bleach and a pill cup. i was not get my property and therefore cannot shower properly. i be wearing the same underwear from the day i had gave birth and i did not have a change. i would ask for pads i was given one, it may be too if i. i must've complained too much about being unsanitary because i was told to grab myra bedding ad then i was taken to lockdown. where i was left for three weeks. i was put in solitary when my baby was only five days old.

in solitary confinement i had no medical support. the staples in my >> for my c-section had not dissolved. there is no air conditioner. hot, laying there in august trying to heal. my c-section wound became infected. i did not know how i was going to make it. to tell the truth i did not think i would. that ild would make it out of there alive. no one ever checked on my mental health postpartum. i was never screened for postpartum depression my six week checkup consisted of a doctor asking how are you? i said fine he said okay, good. one is from sent back to the general population i spent a couple of weeks in the cell where i had to sleep on the floor because i physically could not climb on the top bunk. i came home in april of 2022 and

it was clear my kids have been serving time too. they had had five homes are new three years in foster care and they were traumatized. i was desperate to stitch my family back together but finding housing, something that was necessary if i was going to give my kids outi of foster care, was a difficult with a criminal record. i mustd. have applied for over 0 apartments. i repeatedly denied before i finally purchased a home. i had a mission to get a home and get my children back. i achieved my mission. today we lived together and we are all healing. it is so clear my kids were punished along with me but they'd never been rollerskating, never learn how to ride a bike or swim. they tell me they would sit in a

room all day in foster care. no opportunities, no activities, nobody took them to the movies. i served my time but my children and i will never be fully finished with my sentence but i'm hopeful my testimony will make a difference and we might workor together on alternatives that heal instead of harm families. when you are ready. >> good afternoon everyone. thank you for the opportunity to address you today. my name is coreen i reside in connecticut.

my daughter has been incarcerated at your correctional institute in connecticut since august 2017. my daughter was around six weeks and pregnant when she entered your correctional. i stand before you today as a mother, as a grandmother to tell you about our families experience. from that moment my daughter entered your correctional, her pregnancy added a layer of fear and uncertainty to our lives. communication with her was very restricted. i was denied contact for several weeks. when i finally heard her voice, she expressed a lotan of distres and fear of being alone. she told me about times where she was denied adequate nutrition.

and medical attention. she was even threatened with solitary confinement with questions to be sent to the infirmary. that prison staff taurus church to choose between phone calls and recreation time. accrual decision for any expecting mother. as my daughter's pregnancy progress, i attended every court hearing hoping to see her and assure myself of her well-being. every time i saw her in court she looked so sick, sweating a lot, hunched over. it was heartbreaking to witness her and heavy metal shackles around her belly, ankles, that continued throughout her pregnancy. the darkest moments began in early february of 2018.

when for two agonizing weeks i received no word from my daughter. the days that followed were chaotic and deeply distressing. the connecticut department of children and families called me and informed me that she had given birth. they asked me too meet at my home to fill out paperwork so that i could go meet my granddaughter. shortly after filing the papers i learned that my granddaughter it was in the nicu for being born premature and underweight and malnourished. when i went to the hospital they met me there so that i could meet my granddaughter. during the custody process i learned my daughter had been medically neglected and that my granddaughter was born in the

prison. not in the hospital like i thought. i was confused, i was scared, i knew my daughter was nearby because a nurse told me she had put a big red belt and my granddaughter's hair. i was relieved to know that mike granddaughter i'm sorry that might daughter solve my granddaughter. no one would tell me anything about my daughter or granddaughter. i could not see or talk to my daughter. i later learned she was shackled to the hospital bed for days post delivery. i practice it is not only inhumane but also illegal in the state of connecticut. and march of 2019 i learned for the first time the full extent of how my granddaughter was born. when my daughter initiated a lawsuit against the prison.

the lawsuit said over a year later we revealed the horrifying truth my granddaughter is not buoyed in the hospital as i had believed into a prison toilet after my daughter's desperate cries for help went on answered. on february 9, my daughter started experiencing labor symptomse., abdominal pain and discharge. medical and correctional that dismissed her pleas providing only a heating pad and instructing her to lie down for four more agonizing days. she told me she felt like a caged animal. throughout her pregnancy that pains me throughout this day. through this silent vibrate 13 my daughter began bleeding while using the toilet.

shep, called for help but nobody responded.ty security camera footage shows my daughter placed in a p t-shirt between her legs, grasping the prison walls for support as she tried to walk to breakfast. when she came back she sat on the toilet, that t-shirt was completely bloodied. she began to scream forfo help when she realized her baby was coming. nobody came. my granddaughter was born into the toilet bowl. she was unresponsive and not breathing once she was outside of my daughter's body. if not for my daughter's quick thinking and her cell mates help to pat my daughters back and get the water out of her, she would not be alive today. when prison staff finally started to arrive at their

response was so cruel and insensitive. they joked mike granddaughter took her first swim and proceeded to cut her umbilical cord inside of a dirty prison cell disregarding her dignity and well-being of both my daughter and my granddaughter. might daughter should have receive proper medical care and support her pregnancy in my granddaughter a should have been born and it safe and sanitary environment not in a prison cell. this experience left us scared and distrustful of a system that failed to protect might daughter's basic human rights. no family should endure what mine haset suffered prison willo better to ensure families are informed throughout a woman's pregnancy and to prioritize the health and well-being of mother and child. might daughter it was deprived of the medical care she desperately needed.

no human being should endure such cruelty and neglect. no mother or grandmother should feel as helpless as i have felt i urge this subcommittee to let my families ordeal served as the spark for a change in compassion in our criminal justice system. i want to thank you for allowing me too share my daughters and my granddaughters story today. thank you very much. >> thank you so much. dr. kagan your opening statement pleas for. >> good afternoon senators and thank you so much for the opportunity to speak with you today. my name is carolyn i'm a board-certified obstetrician gynecologist and phd researcher at johns hopkins school of medicine for them also fill it with the american college of obstetricians and gynecologists. i have spent the last 17 years working to understand and improve care and conditions for pregnant and postpartum incarceratededre women.

i have done so by providing care inside of a gel conducting extensive research, publishing over 80 peer-reviewed articlesse and guidance on best practices and care for this population. the views and expressing are my own and do not necessarily reflect those of johns hopkins university or johns hopkins d medicine. i got into this work when i was called to a delivery when i was a first-year ob/gyn resident doctor in training in pennsylvania. everything about the room was as usual there were iv poles, fetal heart rate monitors, and a mother about to push a baby into thehe world. bucks, one thing was different. the mom to be was shackled to the bed. nothing in my training had prepared me for this moment. since that night 20 years ago i have conducted dozens of research studies that have revealed systematic deficiencies and care for incarcerated pregnant and postpartum women as i began to provide ob/gyn care

to i county jail i try to find t how many pregnant women are incarcerated? howra many give up earth while they are in custody question are quite found it shocking there were no such statistics. this was in 2015 less than 10 years ago. so, my team at john hopkins pregnancy and prison statistics from 2016 until 201,722 state prison systems, federal bureau of prisons and the five largest jails reported monthly pregnancy outcome data to our study. we found just that one year there were 3018 admissions of pregnant patients to these facilities. over 1000 of these pregnancies ended in custody with 897 births. only extrapolate the dataa nationallyna there's nearly 5800 admissions of pregnant women to u.s. jails and prisons each year.

and peps was a one-time study. i could not include all 50 states or all 3000 plus jails. and so there it remains to date no full national account of pregnancy and birth and prisons and jails. so if we don't how my mind that women are behind bars than people think they don't exist and that people think they don't exist, that it makes it easy for prisons and jails to neglect their healthcare needs levers are tragically today. this is what my and other research has shown and what you have already heard. there are nor. mandatory standas or pregnancy care prisons and jails mustns follow. and so research has shown access to such care is variable, often substandard or absent. a server at my team conducted of all u.s. jails only 31% did routine pregnancy testing within two weeks of arrival.

jails do not test for pregnancy than they can perceive as if there are no pregnant women in custody. thistois means many pregnant patients will have time sensitive medical needs to go unaddressed. research is also documented alarming deficiencies in lifesaving care for the estimated 800000 incarcerated pregnant women with opioid use disorder. although the long-established standard of care and pregnancy of treatment with c methadone or national survey of jails only 32% provided pregnant women with access to these medications. even at facilities it does provide treatment three quarters of them forcing patients to go off medications after the baby was born. this puts mothers and babies at risk for severe harm including deadly overdose. we opioid overdose is a leading cause of maternal mortality in the united states. when it comes to the issue of shackling pregnant women it's well-established this increases

the risk of medical harms during labor and throughout pregnancy as we have heard 31 states and the district ofte columbia now have laws prohibiting the practice. however they are not always followed. in this study for departments of corrections had policies or practices that violated state law and allowed shackling. my obstetrician colleagues in states with anti- shackling laws tell me of officers shackling pregnant patients all the time in 2024 pregnant women are shackled will giving birth, putting them and their babies at risk is a profound assault on their dignity, safety, and human rights. the time is long past due to change conditions for incarcerated pregnant and postpartum women. they deserve and have the right to access comprehensive quality

medical care. we must recognize the connection between mortality maternal mortalityco crisis and incarceration we can start by collecting national scale data that links maternal health outcomes with w incarceration. without data the full scope of the problem. and their solutions. must see whatr happens or does not happen to pregnant women behind bars is a human rights issue. the time to act is now. thank you. >> thank you doctor. i want to begin with a few questions and an expression again of gratitude for sharing these incredibly traumatic and difficult personal stories with the public and theso subcommitt. did i hear you correctly that you endured solitary confinement for three weeks? after giving birth without access your infant?

>> yes, sir. that is what happened. in this room for solitaire for three weeks so many things were going through mys mind. it was so hot in there, no air conditioning for i would lay at the bottom of the door for air. obviouslyou i cannot shower properly. i did not even have my property. nobody could give me or per provide me any updates on how my daughter was doing for did she pass her hearing test? you know, is she okay? i was scared. >> you are still in the early days of healing from surgery? >> absolutely. >> you testified you were able to holdew her newborn baby for

just two hours after giving birth. he did not see her again for almost three years. is that right? >> yes, sir. i had two hours to hold and look at her. i remember thinking how pretty she was.in [laughter] like i did not s deserve her. and i carried that memory. that is what i hold onto. >> did i understand correctly from your testimony, that your granddaughter was born into a prison toilet after the prison and medical staff ignored your daughters cries for help's she went intoen labor? >> yes, sir.

prison staff ignored her foror hours, four days. that particular morning she gave birth into a bowl. she was ignored. my granddaughter was unresponsive. it was not for my daughter's quick thinking and the cellmate i don't think my granddaughter would be here. >> and your daughter and her cellmate had to resuscitate? >> yes they did my daughter did. the cellmate was behind the wall. she heard my daughter screaming for help. and my daughter did not know she was u unresponsive the cellmate was able to tell her through the wall to tap the baby and get the fluids out very. >> in the prison staff finally

arrived they ridiculed? >> it was too late when they arrived. yes- they were very un- sensitie they made jokes she took of her swim. >> after your granddaughter been born into a prison toilet that was the response? x yes there are very insensitive and made jokes about it. >> when you learned the circumstances of you were granddaughters birth, how did you react? how did that make you feel as a human being? >> it really hurts. it was painful. she actually, my first grandchild, my daughter's first child, i felt helpless to know that my daughter was scared, alone, that they ignored her. that they disregarded her.

they were very insensitive. so it really hurts me as her mother to know they treated her like this. >> a doctor, the subcommittee received dozens of reports. i want to emphasize that for my colleagues on the subcommittee. we are hearing some very powerful personal testimonies. the subcommittee has received dozens of reports from currently in formally incarcerated women they went into labor, and they were told they needed to wait sometimes for days or a week just to see a physician. that you testified access to healthcare it may be substandard or absent. i presume this means some state prisons and jails don't always have any qualified medical staff on site? >> thank you, senator for your question and yes, that is true.

many jails, especially small rural jails do not have medical on site 24/7 but those cases it's a custody officer who should always refer pregnant women with issues, such as labor, to a qualified medical provider or call 911. but that does not always happen. 2019 report from the initiative revieweded policies 50 state department of corrections. they found 24 states did not even codified that if they had pre-existingpr arrangements for where they would take pregnant women in labor. imagine that, no formal policy or protocol for where they would take a pregnant woman if she went into labor. they also found 23 state policies did not include screening and treatment for high-risk pregnancies. but, even facilities age of medical staff on site to the correctional officer a silly first point of contact. you can't just pick up the phone and call your obstetrician or

your midwife or get yourself to a hospital labor and delivery unit. correctional officers are tasked with triaging and being the gatekeeper to medical care. they are passive acting in the role of a nurse when they don't have any medical training to know when someone is having a pregnancy emergency or when they are in labor. what that looks like you have heard what that looks like is thatha someone could be neglectd either intentionally or due to the lack of knowledge of the custody staff and she delivers in herself. >> thank you doctor. chair durbin. >> after the drafting of the constitution, the decision was made that there be a bill of rights. ten provisions are so basic and fundamental to the united states are set up inal detail as part f our constitution.

the eighth of memo to the constitution provides excessive should not be required or excessive fines imposed nor cruel and unusual punishment inflicted. what if we heard today? is not cruel and unusual that god help me could not imagine. to endanger the life of a new infant, to endanger the life of the mother, doctor it seems this goes beyond physical. trying to measure the mental distress that others who are goingrg through at a time when they should be joyous bringing new life in this world. can you speak to that issue? >> thank you, senator for your question. and yes i can. 70% of incarcerated women have mental health conditions. even before they go through, if they are pregnant, the trauma of birthing behind

bars. when you add to that the trauma, the degradation, the physical harm that compounds and that can cause additional harm and psychiatric and mental health conditions as well. >> you think we are so enlightened this generation of political leaders, myself included. we speak in honest terms about mental illness and treating it, making sure health insurance covers it. being open the aspect of trauma and what it does to a person's mind. that two episodes of violence, crime, murder and much of it is traced back to trauma. these young people experience in early life. these two witnesses along with their daughter and personally took on through in their lives. her daughter was facing a

sentence in her is a well played that sentence not include trauma and mental distress and cruel punishment factors constitutional guarantee that would not happen. it is painful to even ask this question, but was your daughter put in foster care during the time you didn't see her? >> yes, sir. >> and what is her status today? >> she is home. she was with her father. she lives with him full-time. they gave him full custody was still incarcerated. >> is it customary for the children c to be put in foster care in the circumstances? >> i'm happy to answer that question senator durbin. it depends. if there is a family member who is able to care for that infant then, that is what happens. but many, many people do not

have a trusted individual who has the resources and ability to care for a newborn in that case, yes the default is to go to the foster care system. >> can you give me any rationale for the removal of an incident from a new mother so she cannot nurse her or care for her personally? >> no, i cannot. >> i cannotan either. i suppose there are some extraordinary cases with the public safety might be able to make the argument. but they would truly be extraordinary. thank you, mr. chairman. click thank you chair durbin. senator kennedy. let's thank you, mr. chairman. and thank you for calling this hearing. you were and a georgia state prison. >> yes, that is correct. i >> okay let missile a boy am i saying your name right? >> yes, sir. >> your daughter was inte the state prison question.

>> yes your correctional progress in georgia? >> georgia correctional and connecticut yes. >> well, want to thank both of you for coming. it is -- your testimony was constructive but that sounds kind of sterile when youou put t that way. it was also moving. i know these poor colleagues well. i hope will have another hearing on this subject. i would like to sit in on them and others and try to figure out how to address this problem. i've had this discussion with senator booker before.

i think we need to address the issue of solitary confinement in our prisons. we need to involve law enforcement. hoping in another hearing we willll offer the georgia state officials the chance to come in and tell us what happened here and offer constructive suggestions. i guess what i am saying is i pledge to try to sit down we'll see if we can address this problem. i'm going to have to leave and a second period i do not want you to be offended by that with got a vote going on. dr. kagan tell me your credentials again? >> i'm board certified obstetrician gynecologist i also have a doctoral degree. >> you are a professor?

so i am a professor at john hopkins university. >> in the medical school? ask the school of medicine at the school of public health. >> okay are you a chaired professor? >> i am not. >> okay. but you represent or you are a part of the johns hopkins system for. >> i am but i am not representing johns hopkins today for. >> understand some understands. well if we are going to solve this problem with got to be candid with each other. do you have a twitter account? >> think it center fair question. i fear today to talk about my expertise on reproductive health of for incarcerated women. >> is your twitter account jail care? >> thank you, senator comp that is a twitter account associated with the book that i published in 2017. i'm really here today to talk

about my expertise and reproductive health care in and pregnancy care for incarcerated women. >> on september 29 of 2018 at 3:30 three i want to read you one of your tweets, these are your words not mine. quote piper reminding us that gathering to discuss ending incarceration of women and girls. piper reminding us a gathering to discuss ending incarceration of women and girls is anecdotes to white supremacists kavanaugh show. that i read that correctly?

>> thank you for reciting that. i'mi really here today to talk about research in improving conditions for incarcerated pregnant women for. >> view speaking for johns hopkins we sent this out? >> i was not speaking for johns hopkins. >> i like to solve this problem. we are not going to solve it withal that kind of attitude. thank you ladies for being here. appreciate the courage to come forward today. >> yes, sir. >> thank you. >> as tempted as i am, doctor to take b debate my suggestion is weak to return to the substantive matter at hand which is the widespread use and mistreatment of pregnant and

postpartum women. those in americans prisons and jails. and i yield to senator booker. >> think it mr. chairman. there is a wide room here for bipartisan work and i am grateful for my experiences with the first step act when we came forward on these issues. and found from the white house the trump white house to the republican colleagues and others i want to particularly thank senator durbin who has been the champion of so many of these issues. under his leadership and haven'g a chance to partner with him on the first step act we were able to make some progress. but clearly we live in a nation when what goes on in our prisons is horrible. what compounds that horror is the abject lack of knowledge

that these things are going on. i am still shocked that our government which is responsible excuse me article one branch of the constitution being congress has a responsibility to provide oversight. we spent billions of dollars to incarcerate human beings but this and other lack of knowledge about what are other routine practices and our american prisons. not to mention our american prisons and p jails. and that testimony here today which i is a gut wrenching and painful and i think that witnesses for being here and read telling what a has to be trauma and your lives in that of your family. it is so urgent this truth telling happened because it shocks the moral conscience of a country that allows these practices to go on.

and here is the painful truth that we throw people into environments that re- traumatized peoplee who have ben traumatized. most of the people which are prisons and jails come out again now more harmed and more hurt than when they went in. i'm so if this is really about public safety we do things that undermine an insult the idea are prisons and jails should be places of punishment but also should be places that empower t people that when they come out they should never return. that empower people on pathways of redemption and rehabilitation. it is agreed via sleep painful

to note these details only some of which are being talked about here over what happens the most vulnerable people in our society who are survivalists of sexual trauma. who struggle with mental health issues. who have often been victimized and who often struggle with addiction. that we would put them into an environment that would so compound these problems. i cannot tell you the horrors of input into solitary confinement. most countries call what we do tour vulnerable peoplee torture to you being in the immediate hours of postpartum and being put into solitary confinement after being traumatized. not for days, but four weeks is

unconscionable that happens in this country. unconscionable what you are put through. senator durbin says it is cruel. it is a fundamentally cruel and i know doctor knows this, that all the data shows that we empower women, we facilitate their connections to theirct children, we give them not just the medical treatment but sociopsychological support that they actually have recidivism rates that crashed to the floor the bonds of their families not only are they supportive but the data showspp clearly that even their children's run in with the law go far down.

we know from evidence and research that trauma is generational. we are creating not only assaults on individual dignity of the women but we are hurting and harming families in ways that will haunt our society and those individuals directly affected. mr. chairman, i am grateful for this hearing, but i ache. every prison and jail i have gone to shows me how much we waste taxpayer dollars causing more and more harm to our society and individuals that we incarcerate and how there are obvious, obvious ways we need to be investing in the well-being of people behind bars that would empower them to be successful in their lives and empower their families this is one of the moro shameful elements of american

society all the data and evidence shows that we can do this in a better way that would make a safer and stronger as a society. i do hope that we continue to hold hearings on this because i know my colleagues on the other side of the aisle, there is no way mr. chairman that shining light on this can do anything but move us and inspire us and defined bipartisan solution so the horrors that belong in a long forgotten age should not exist in our society today i'm sorry that you had to come here, they should not be necessary and is even more painful to know the stories you told are not rare and not unusual but exist all

across the country at a rate that should shock the conscience of us all, thank you, mr. chairman. >> thank you said a broker as you may have noted in at the depart he assuredly to return go vote needed to before they closed the vote. i must say i am modern to be surrounded by my democratic colleagues and perform other duties that are expected of us and how honored i am to be surrounded by these men who are taking the care to highlight c e issues that the rest of society, women go through each and every day, thank you wall for being

here and being willing to share your painful and i would assume unbearable stories in leadership. i share senator brooker's notion about having gone inside and many jails and prisons up and down the state of california, men, women, juvenile and everything ine between. and to know that we utilize taxpayer dollars to perpetuate this kind of hell is a shameful stain on our government and you have my commitment to continue to be a supportive advocate to

end this i have a 9-year-old daughter that i come to this capital every single day to work on behalf of into make a mistake on her life i know it's impossible for any of us as my grandmother would say but for the grace of god there mighthe t be it's everything that we can do not just for her children but america's children to be able to make the kind of change that you call us to make. thank you for for being here for your leadership scholarship, advocacy and commitment for being willing to tell the story of so many and for the opportunity in these halls and the stories are valid whether they're here or not.

i had a couple of questions that i wanted to give you all the opportunity to help to educate thee american people in today's hearing and once related to a line of questioning and senator durbin to mental health and not have a line of questioning relative to strengths. i will start with missile boy, am i pronouncing that correctly. >> yes, ma'am. i have a name with peas and disease it's a struggle to get your name pronounced. thank you for being here, you talked abouto your daughter and how she was restricted with belly change, can you talk to the american people who don't understand this experience help

them to understand how this confinement impacts your daughters physical and emotional well-being. >> thank you, it's been a struggle. every time i went to the court hearing there was a door that she comes in and her feet were swollen with the shackles on them one on her belly and i felt like her mental health has gotten worse since she had my granddaughter, she even went through postpartum by herself they didn't really give her medical attention for that and

those kind of things like if she was home, i guess she tried to manage by herself on her own, our phone calls, my letters, pretty much she got through it by herself and she still struggling with a lot of mental health six years later. >> thank you. it's an unfortunate reality of so many trying to figure out ways to manage trauma on your own without the tools or support that you would otherwise have access to a hug sometimes, thank you for what you are doing to tell your families experience to make the system better for folks who might encounter it again. doctor safran, you been an advocate in the space and a

leader, the question that i had again in an effort to educate the american people who might be watching and may find this hearing on youtube a year or so later, help us to think about what kinds of policy changes are needed at the bureau of prisons and that the state and local level. i've been in all kinds and types of facilities, what kind of policy changes are needed to protect women who are incarcerated from these kinds of physical as well as mental wounds that they might encounter during childbirth and prison. >> take his editor for your question there are many opportunities for policy and practice change that could improve conditions and the well-being of a pregnant and postpartum women in prison and jails as well as their newborns. one is to find a a pathway to

require medical standards of care we heard earlier from senator durbin about the eighth amendment of unusual punishment and in fact there is a precedent for requiring prisons and jails to provide access to medical care because not to do so would be considered a violation of the eighth amendment in the supreme court case 1976 estelle versus gamble that requirement for institutions of incarceration to provide access to medical care did not come with any system of oversight and any mandatory centers into standards that prisons and jails have to follow so we need a pathway to have a set of standards, these guidelines recommended standards do exist it is just they are optional, one potential pathway to get to requiring standards and oversight is to consider changes to medicaid which

currently exclude incarcerated individuals and so-called inmate inclusion clause if we can modify that and open up funding for incarceratedce people's healthcare that could potentially come with improvements in standards of care and that includes mental health care. that is one set of policy changes that could potentially improve the quality of care. >> thank you so much doctor, prepared to turn to my colleague senator blumenthal as he is ready or i keep going or give you some time. senator blumenthal. >> thank you very much senator butler and thank you to all three of our witnesses. i'll try to avoid repeating what you may have already told us but i think this topic is so important in the problem is so prevalent that some of the

answers may actually merit repeating. we are talking here about interviews that they have conducted with 100 formally were incarcerated survivors of pregnancy in state prisons or jail where they have been deniee proper care when a prisoner saith the male prisoner briefly or suffers a concussion or cut their provided medical care often in adequate but there is a recognition that the broken leg has to be put in a cast or the cut has to be given stitches and some medical care is provided what we see with the women who

have been through pregnancy orar postpartum experience 200 document human rights abuses are simply beyond the pale in a civilized society. at least in the united states of america and there is no way that it serves the purposes of incarceration. one of those purposes as but what were talking about here is simply lack of humanity that in no way is an acceptable form of punishment in its focus on women in our investigation spans 32 states isolated or unique to one state some states do better than others, one of our witnesses is from connecticut, my state and i

want to think her for sharing your experience which i know has been equally painful and i want to thank you for talking to me earlier before this hearing and giving me some of your insight into your daughter's experience for the simple fact that the state of connecticut in denying proper care not only violated basic standards of decency but a consent order adopted previously in your litigation resulted in the settlement. an acetylene's don't necessarily acknowledge responsibility but

there is no sign of it and most important it cause connecticut to adopt a statute after your horrifying ordeal connecticut has attempted to reform the way it treats pregnant and postpartum women at your institution through legislation in the shift and who provides health services at the facility, pregnant inmates now are given counseling and information about their pregnancy and medical care including periodic monitoring and prenatal vitamins. the diet for healthy pregnancy, sanitary materials and access to qualified medical health professionals or m postpartum treatment at least that is what they are supposed to receive, that is what they are entitled to receive under law and i'm

proud to state the legislature has moved forward with those reforms as a result of your experience and frankly your advocacy. i'm here to say thank you to you and tiana and nevaeh your granddaughter. >> thank i you. >> who is about to enter first grade in new britain, congratulations to her. >> thank you so much. >> your daughter will be released this fall and perhaps as early as october and congratulations to her on completing her incarceration but my question to you, do you think these reforms are having a positive effect on the treatment of pregnant and postpartum women who are incarcerated as far as

you know in the connecticut system. >> i believe so. i haven't recently been up there but they have been on lockdown and other situation she was dealing with but i believe she made some changes, sadly we have to come to this to make some changes happen but they are getting, she is making changes in the prison as far as prenatal care and others and i hope it will be worldwide did not just connecticut. >> your granddaughter has been in your home, correct? >> yes since she was five weeks she came straight from the hospital to m my home. >> from what i can tell she has been the light of your life. >> yes definitely. >> she is a blessing.

>> probably see annae will live for a while with you when she's released along with your y granddaughter. >> she will be close. she wants to have her own place and stuff but she's going to be close in spending a lot of time with her family, it is been years. >> you have been through a lot. >> yes, sir. >> we are here not just to cry and did nouns but also to celebrate the enormous courage and strength of women like you and your daughter tiana and nevaeh even though she's only now six years old who are working your way through a real ordeal in the aftereffects of it

with showing great grace and dignity and grip which can be an example for us all in your advocacy has a special meeting today and always in connecticut. thank you so much. >> thank you, sir it means a lot. >> thank you, senator blumenthal, senator welch. >> thank you all for being here. what a wonderful mom you are. >> thank you. >> and grandmother to. it's amazing how you find deep in you to be so supportive of your daughter and your grandchild, thank you so much. >> thank you it took a lot ofot strength and courage to be here. >> it did. you have a lot of strength and a lot of courage, thank you. and i can only imagine what it means to your daughter to know the care that you are taking for her and her child, good for you. doctor i'm wondering you were

probably asked this already, don't repeat necessarily but what are the specific things that should be done to care for women that are giving birth while incarcerated and should be part of the routine and address some of the resistance that is put in the way of treating folks that will be delivering the right way. >> thank you, senator for your question. the services and care that should be provided to incarcerated pregnant women should be equivalent to the community standards of care. there are well-established guidelinesin evidence-based practices that i have been practicing for decades when it comes to caring for pregnant women, whether they are in the community or incarcerated and incarcerated pregnant women should be cared for by the same

exacte c medical standards. on top of that, which includes things like routine prenatal visits, ultrasound, laboratory test, according to established guidelines. on top of that women who are incarcerated and pregnant need additional support, additional mental health support for the trauma they are enduring whether or not their pre-existing mental health conditions because as you heard today in as we know it represents nobody more women the condition under the best of circumstances which are few and far between are still inherently traumatic. additional support is needed. some examples off those include and we heard from senator booker earlier a little bit about this providing do less support for incarcerated pregnant women during their pregnancy during childbirth in the hospital and after words, while they are in the hospital undergoing childbirth, incarcerated women

should be treated with the same dignity and respect as any woman who is giving birth, she should not under any circumstances have toto give birth in chains, thiss a marker of a barbaric society and barbaric practice that should not happen is medically unsafe that a mother and the baby and it's an affront to their dignity as well. >> thank you, by the way we are talking about giving birth, pregnancy but the medical standards should not apply across-the-board to the medical needs of folks who are incarcerated. >> absolutely the medical standard of care that would apply to non- incarcerated women absolutely apply to incarcerated women as well. >> i'm sorry i missed your testimony but you have gone through this, maybe for my benefit describe a little bit

more what you went through in what you would recommend. >> giving birth, the whole process of giving birth in prison was traumatizing, having only two short hours to hold and look at mysp new word before not seeing her for a few years later, that was tough. i was put in solitary confinement because i was worried about getting mercer from a woman that they had initially put me in the room ed for cleaning supplies in next thing i was in solitary. that experience in itself was tough, there is no access to medical care, you are the last person to get any food in the whole entire compound, by the time it gets to you it is hard as a brick or it's really, really cold. it's not well it's not good.

fostering my children in care and me getting out and having the mission to find a home, that search was difficult as well, i had to buy a house nine months post incarceration but yay i'm still healing. my daughter will be six and i am still healing. >> thank you very much for that, i yield back. >> thank you, senator welch. yous. testified in it feels like your kids were serving time alongside being punished with you. >> yes. >> can you elaborate on that. >> yes. as we have started the reunification process we've been in it for about a year and got

to know them pretty well and there sitting around the dinner table and something will trigger a memory, do you remember that time when ms. so-and-so did this to me or that to me comedy remember this and i'm like yay that was tough, mom did you know eli wasn't allowed to eat fresh food he could only eat leftovers and he had to stay in his room. it's as if my children were also doing time some of the things that they were saying are the things i experienced as well, he was being punished for being in foster care like as if he had been bad. >> as the subcommittee has found through our work investigating the conditions faced by children in foster care, those conditions do mirror intention conditions.

in group homes for example. in fact we've even seen suggestions by some senior officials in the statete of georgia to place foster children in juvenile detention facilities are adequate easement. you are incarcerated, first endure this indescribably horrific experience as as delivering mother all the while your children were also being punished. i appreciate you helping the public to understand how you are not the only one harmed by the way these situations are handled and managed. i want to focus on the fact that you testifieded prison staff tod you you were required to undergo a c-section even though you expressed your desire for vagina delivery, correct. >> yes, i wanted a natural

birth, i know that i could have a natural birth considering i had had a vbac which is vagina birth after cesarean in the early had a successful vbac so i knew what was possible as far as medical i knew it was medically possible for me to do this but i was scheduled for a cesarean and then it was placed on my credit i was also billed for as well. i don't even have control over my own body, the judge said nothing about that when he sends me to prison, there was none of that mentioned. >> you were required to undergo surgery that you did not want. >> yes, sir. >> and then you are required to payer for. >> yes, sir.

>> required by the state? >> yes,y sir the department of corrections in georgia the department of corrections. the subcommitte received other reports and we've been looking at this for just a few months and this is a relatively small team so the fact that we have received seven other reports from formerly incarcerated women that they were also told by prison staff that they were required to undergo a c-section suggest that the problem in this phenomenon is much more widespread. is it medically sound? to require incarcerated pregnant women to undergo a c-section? >> no, sir, thank you for your question into elaborate, having a routine policy whether it's a medical policy or custody policy to require women to have a

c-section is their mode of delivery is medically unsound, the best medical practice is that this should be a decision that is between the patient and her obstetrician or their midwife, their caregiver based on their circumstances and if someone has no medical indication for a c-section, a vagina birth is the preferred option, it is the safest option as was the case who has already had a vagina birth center cesarean section. it is not a sound evidence-based or safe policy to routinely schedule c-sections we make a lot of jails are using contracts arrangements for medical services, correct? >> yes. >> what is more lucrative from a billing standpoint agile delivery or a c-section? >> my expertise is not necessarilyst in billing but mar surgery does cost more money

than a vagina birth. >> it may be worth looking into whether there are corrupt financial incentives in some cases that are driving these facilities which control the course of treatment for patients in their caree and invasive and potentially more complicated surgery. we have identified more than 100 reports nationwide that pregnant and postpartum women in jails were medically neglected, you testified when your daughter started to experience labor symptoms including abdominal pain and discharge in medical and prison staff repeatedly dismissed her concerns giving her heating pad, telling her to lie down. as a mother how did it make you feel to learn that that h is how your daughter had been treated entering labor. >> thank you for the question.

it was hard being that i kind of talked to her on the phone like mostly all the time before all this took place. i think there is no word to explain how i felt as a mother, this is my first grandbaby i became a grandmother while my daughter was in prison and it should've been something and she should've been born of the hospital. she should have been born in a safe environment and not an unsanitary place and notch with double. i don't think getting mother

would want to hear that her granddaughter or grandson was born in it with double. it was very painful to know that they disregarded my daughter's dignity and well-being and it hurts a lot to this day. >> doctor safran, i presume that giving someone a heating pad and sending them back to their prison cell to lie down is not the standard of care for a pregnant woman entering labor. >> no, sir it is not. especially in the case of her daughter, sounds like she was preterm and the signs and symptoms of preterm labor can be very subtle, cramping, light bleeding, changing your vegetal discharge, very subtle and they require urgent attention from a qualified provider. and not a heating pad.

>> you described how after youou gave birth a male sergeant refused to leave your hospital room and watched while a nurse took care of you. >> yes. >> how did that experience impact you at the time and now. >> i still remember his eyes. i was in shock when he refused to leave the room. i was paralyzed from the waist down and i had been in surgery, nothing about me even showed any past violent behaviors or anything like that. my dignity was taken down to the knees of vulnerability.

it's like i was not a real person the way he was just looking at us i still remember to this day like it was yesterday. nobody should ever have to go through that ever. >> i want to thank from the bottom of my heart or panel today. in doctor safran were grateful for your expertise and the precision in the research and evidence-based information that you shared with us today i hope you won't mind if i extend my deepest gratitude to ms. berger and ms. lavoie for speaking today in public in front of the nation on something so deeply

painful and personal for you. before i wrap up and summarize what i think that we learned in where we go from here, i would just like to offer each of you the opportunity if you desire to say anything you want to share with the senate, with the public in the nation about what you've been through and what do you think this country needs to do to change for the better. we will begin with you. >> first as i described earlier being in the basement and looking at the caged window wondering if anybody cared i think what you've done here today and how you brought the other members of the senate here to listen and actually show that they care is a great start. i never thought i would be here speaking with you and one with

woman is giving birth, even though the paper says she is an incarceratedar woman, morally kw that she is a mother, she is a sister, she is a daughter, she is more than a number and should be treated as such. i did this today for the women behind the walls who are still actively going through things that we describe here today. and our country needs to be better. it should be better. i was promised better.

thank you. >> thankha you, ms. lavoie. >> thank you. i just want to say before i give my last statement. it is harder to know that my daughter went through this. in sitting here next to someone that experiences emotionally, no family, no mother should go throughh this, they did not receive medical care, my daughter did not receive medical

care, they were ignored, treated like animals and i would even say an animal because i have a cat and not even cats give birth by themselves like the way my daughter did like an animal like somebody just disregarded her, no family should endure this, no mother should endure this kind of pain, they were ignored their human rights were not protected, their dignity was taken, no children should be borne in the toilet bowl and i want to thank you and everyone that is here todayt because it shows that there is hope for change in the prison could be better and that no family has to deal with this

kind of pain. we just got to do better. i hope this makes things better and sparks for a change. i just want to say i think everyone this year that is listening and watching and that is going to watch down the line that no matter you been behind bars, you should have the same medical treatment as if they were home and they should have the same rights and they should protect their basic human rights, they should not be treated like this, we need to do better in the prison system. >> thank you and i haven't been able to get out of my mind the

part of the story that you sharedd with us just after you delivered after your surgery and you are taken down into the basement into a caged room, subjected to indignity and you told us how you were sitting there, laying there wondering if anybody knew that this is how human beings are treated in america and whether anyone would care and how alone you must have felt in a moment ago you said you were felt betrayed and you were promised better than this. right now as we sit here in this woodpaneled chamber there are

women in prison wards laboring, bleeding, calling for help right as we speak facing the same kind of inhumanity and neglect that you did. happening in jails across this country with taxpayer dollars, it makes you think about how the united states goes arounde the world lecturing other nations on human rights but how can we hear what we w heard today and except that even basic human rights are being protected in our society. i will say doctor safran despite the strange moment earlier with my colleague and i think there is potential for bipartisanship

but it takes the courage of this testimony for politicians who may not naturally be sympathetic to hear from people who have been through this kind of thing and what it means to be beyond numbers, that is why it's so powerful what you'vee done toda. there will be hundreds of thousands or millions of people across the country who will see tonight your testimony and understand better what is being done with their money in their name, supposedly consistent with our constitution but clearly it is not. this will not be the end of the subcommittee engagement as we continue, thank you all so much for being here, the hearing record will remain open for one week f for statements to be submitted into the record, questions for the record may be submitted by senators by 5:00 p.m. on wednesday august 7

and the hearing is adjourned.

no one should.

[inaudible] [inaudible] will will will.

>> since 1979 in partnership with the cable industry c-span has of the walls of congress from the house and senate floors to congressional hearings, party briefings and committee meetings, c-span gives you a front row seat of how issues are debated in deciding with no commentary, no interruptions and completely unfiltered. c-span your unfiltered view of government. >> saturday american history tv historic convention speeches watch notable remarks by presidential nominee and other political figures from the past several decades, this saturday will you will with the party losing the 1988 democratic presidential nomination the governor. >> when we divide all we cannot, we must find common ground for

theible and development and change and grow. >> rkwo-story convention speeches saturday at 7:00 p.m. easternnmerican history tv on c-span2 andatch c-span life campaign 2024 coverage of the democratic national convention august 19 thrgh the 22nd and you can watch a republican national convention anytime on her website. >> the u.s. chamber of commerce held a conversation on cybersecurity address in washington, d.c., participants included federal government officials from the fbi and energy department as well as private sector industry executiveses, this runs a little over two hours and 20 minutes. >> thank you, good morning, welcome, look at that, light

switch looked that's great. good morning, everyone and welcome to the chamber i am the vice president here for the cyber policy, i would like to welcome all of you to the intelligence forum and delighted partner again to put it on in this peter's second year that i think we have done it, second or third year we integrate partnership trend over the years, we reallyer appreciate darren in the entire a team tod. that might conclude my morning and welcoming remarks, chris would you like to kick us off? >> thank you. >> thank you for the introduction, as many of you know vince is a workhorse here on a lot of issues and a lot of areas and conspiring within working over the years to pull thisis together in its various

forms have been great, we had a fantastic event last year and just like you the room was packed we had a great series of speakers in rebuilding on that this year my name is chris roberti and i lead the cyberspace and national security policy division at the u.s. chamberu. of commerce and we are thrilled to be working together with cara softball in presenting this threat intelligence quorum. we have a fantastic group of speakers today who were on the front lines of american cyber defense we are proud to welcome jeff green executive assistant director for cybersecurity at the cybersecurity and infrastructure security agency this is one of his first public engagements welcome to jeff, the intelligence community cyber executive and director of the cyber threat intelligence integration center many of us know it as seen tick within the

office of and untrue director of national intelligence, the director officer security and emergency response of the u.s. to permit ofrg energy. in cynthia kaiser deputy assistant director for policy intelligence and engagement at the federal bureau of investigations. joining them will be a private sector great group of private sector cybersecurity leaders including pat florida america cybersecurity vice president and snyder electric north america, senior threat researcher at trend micro and john clay vice president for threat intelligence at drop micro together this group represents of the top minds in cyber threat intelligence collectionik and integration critical of researcher protection, public-private cyber threat sharing coronation as well as cybercrime mitigation and lawyb enforcement. i am eager to hear what each of these groups and individuals have to say and share on emerging cybersecurity threats for the federal government,

businesses and critical infrastructure as well as how the federal government and private sector can better collaborate on cyber intelligence threat sharing and action. it goes without saying that the topics we discussed are timely and important current and emerging cyber threats. out of american digital and critical of her structure are no longer hypothetical, they are active in their being tested and refined constantly. therefore our activities need to be tested and refined equally actively and currently. in the past it seems like adversaries were able to operate in a relatively uncontested environment. i believe this is changing and it must continue to do so, the u.s. government has been publicly and we hear notas so publicly taking action against adversaries and lay the groundworkrs for private collaboration and cyber threat intelligence hearing and coronation. i highlight the release of national security memorandum 22 earlierhl this year. as a step to modernize the concepts but you can have

actions, the key is to take the words on the page enter them into action the private sector is motivated and mobilized and stands ready to meet the challenge. in hot emerging conference of the american business community possesses a tremendous ability to assist the u.s. government and the foreign allies and cyber defense threat intelligence and action. many of you know what i'm talking about in many of you are part of the activities by leveraging partnerships with the private sector through deliberate and thoughtful coordination no cyber threats insurmountable, thank you again for joining us, before we get started i'm going to turn it over to vice president federal at trend micro who is a central partner in this for opening remarks as well. darren over to you. >> at the risk of not being an echo chamber i think i'm going to make this fairly short, thank you very much to the chamber of

commerce were hosting the event today, debated outstanding partner of trend micro over the years, thank you to care soft for sponsoring breakfast and coffee and being part of this as well, very important that we are all working together, i would like to thank there are potentially people that we compete without a day-to-day basis in the room today because cybersecurity is all of us, were not competing against each other we need to work together on this. thank you in particular to dion williams and our team who put this together with the chamber and carrots off i like to call her out individually because the amount of work she has done for this and the entire team in unison with her. today is an important day, those of you that are familiar with trend micro i was speaking to someone earlier who recognize this as an antivirus company on the consumer side we were that and are in some areas of the

world right now we are global cybersecurity firm the largest vulnerability in threat research in the world and what we do we work closely with law enforcement and areas of the government today, things you might not be as aware of having a chat with you with the end of my commercial right now but most importantly i'm really excited about the panel of speakers thap we have when we started talking about putting this together this year we were thinking we didn't run intelligence last year it became obvious that we should do almost a every year because this is anus evolving issue that expands beyond it into ot andit very happy to have pat florida with us among others to talk about the infrastructure side of security which we know critical infrastructure is critical for a reason. happy too explore that side as

well. it's going to be a good day, matthew i think you're kicking things off, we look forward to that, looking forward to today and i will stop now, please come on up. [applause] room. >> a quick test. we are good. alright let's get the big news out of the way. as chris mentioned this is your first public event in the executive assistant director for cybersecurity at the known you for a long time, probably a dozen years. among your positions, you've been at the aspen institute and

the national center cyber center of the in cco e and symantec in the house and senate homeland security committee and your recently at the nsc as chief cyber response and policy. one thing i was going to ask you and you can clarify anything i might've just mentioned. you were at the nsc, paint a picture in a nutshell what is the similarity mab difference between the two roles as you noted w. >> i thought you were going to ask me why i can't keep a job. hearing that i am likee wow. the nsc generally should be coordination, oversight, storing, and either were setting policies and when i'm talking to eric it was possible eric was my predecessor and i know he was amazing and didn't great job at

the agency will. he was saying was really operational, i didn't understand what he met but on the day-to-day i'm not thinking about policy the wayod i was at nsc or on the hill, we are implementing and talking about what were doing to secure this in what team reports in working with laura and other in working with her private sector partners among them. very much get done to reduce risk to the nation on the day by day enjoy better practices and secure by design is whatever big focuses and we are doing not talking and i don't mean that to demean the talking, i love being at the nsc it was a crazy time to be there, this is very different and exciting and a whole different way. >> this is a threat intel form, let's talk about a threat

update. susa is charged with coordinating industry critical infrastructure to identify and address current emerging threats, what is big for you today and no number of folks ara probably following the latest cyber trends in what is big for you anything on the horizon you don't think is getting the attention that it may deserve? >> if you're listening to chris in darren two things i heard i wanted to pick up on, chris talking about with the critical infrastructure being very real today this is no longer hypothetical talking a little bit more about that in what darren said the partnership of the government and among the private sector i was at semantics for eight years with theer government relations and also partnerships other companies and that is the key piece of all of this, refocusing

the big for having change prc, dprk, i ran in different levels of sophistication all becoming more sophisticated but the sad reality they don't have to be the sophisticated to beo successful that is the enduring problem in the thing i thought about the most sense i came in and we read about multi-food confirmed compromised by the prc of our critical infrastructure in a variety of sectors. i think that's getting plenty of attention but i'm going to answer your question that is something that we need to ensure continues to get attention in what worries me and starts feeling like the flavor of the day in the something new we need to talk about and worry about but if you look at the reporting that we put out in the organization has put out and the hearing that director easterly and director wray in the general

that is how government and congress should work a sober way that they reflected on what is happening with shared information to the public this is a generational problem in a generational issue and on the one hand protection, it is also hitting back to so secure by nine and it's so vulnerable and living off the land is so effective. we cannot lose focus on that. . . . >> collaboration is key. programs dedicated cyber, how are you looking to expand programs? what does it look like to you?

>> we we have a lot of programs that are effective. we need to make sure they're all communicating on the backend that you in the private sector know who you could come too. more importantly you know to the nsa you go to the fbi we are going to share that information. it should not be looking to the rolodex to figure out who to call. there is been a dramatic improvement in that on the backend and hopefully sing that on the front end from the premier collaboration form. we are holding an open house. pretty early on i'll tell a quick story. i was at the white house at the end of 2021. i was leading the defensive side efforts a little bit of a busy time. the russians had not yet invaded we were quite worried and very public about russian response.

in the middle of that it happened. we overworked security folks the private sector per with overworked government folks. we had to deal with that. it was brand-new then. i started getting calls from friends in the private sector i'd get text we come out of the skiff they wanted to talk to me. i assumed they wanted to tell me what a disaster it was. thinking that i don't have time i finally called back one who was a close friend heat related with great surprise in his h voe this is been great to they stood up these channels we are communicating. we really have added value. the calls i was getting this is actually working for those a great place to start. but to some degree that was easy part responding to an incident

is what you do well, what we do well. what we are working on what's his steady-state relationship a steady-state relationship mean? how does it differ between different partners? how can we explain to you all on a bumper sticker or one sentence but it means your partner but we cannot explain it is going to be hard for us to understand what we're driving toward. >> a lot there. the one thing i want to add on ensuring one of the first things i asked for was a with the full briefing. we set that up and went in the room and about halfway through i looked or the folks i know pretty well why are we in a skiff? the reality is there's so little information we are not sharing on that and other issues. want to think about where to

improve, that frankly is not one of them. we have pushed out the information. you look at the hearing, look at cyber security advisory we put out. so that type of information, that type of sharing we've reached it. other so we have to improve but we reach a pretty good level. >> so, glad you expand on that. the open house you mentioned but does the open house what would that look like? >> what would industry be able to do with anything? >> out expanded out. i do not want to define it down to one engagement. from my perspective it is tell us what we are doing well. tell us where we need to improve and help us get there. give us the grace to have little time to get there because we are juggling a lot of balls.

but, i can say it was easy to understand what the steady-state relationship meant. it has not been clear for others. so for me it is providing feedback formal or informal about what we're doing and how to improve. >> steady-state in the context of threat intelligence, what is a good steady state look like to you? what do you aspire to get to? >> and going to play the new guy card on that one. i do not have a great answer that's when things owing to find out. at the very wave tops its us and that government getting information that is useful and timely in assuring it as appropriate internally. it is you the private sector

getting that information back to trusting you can give us the information and getting value from the time. that is of the very highest level this easy to say it's harder to operationalize. >> may be, what is one difficulty? it's harder to operationalize. once one thing at point if you can? >> every partners going to be different. really, really far board in terms of we don't how to define it now. i went in view of that relationship a fairly easy one. a lot of lawyers involved. and on the phone then npd went without needing to clear that my lawyers.y

other organization be more risk averse my counterparts and say a rehearing x, y, z we were playing games with the threat information. at the company situated where we are able to reach out. other countries are more risk averse. that is where think the cyber information sharing act comes in. candidly i don't think any of you need that to share information. we shared a lot of information from semantic before. but if that makes it easier for organizations to share, that gives you some comfort breath that give seat lawyers to sign off that is why it is there to remove obstacles. >> you made a great point spray spreadthat comes up for reauthorization next year. have you given that thought in terms of what you might want? >> absently no thought about what we might want. if i were in your shoes what i would want is to make sure it

goes through cleanly. my concern i'm fully taking off my sister had i'm doing enough and pride get away with this. when that was being considered by at symantec did not like it. i was worried it was authorizing something we were already able to do. when it comes up i did not want someone to attach strings to something and put me as a private sector company a worse shoes that i was. >> i remember having that conversation actually. >> are both got a few minutes what can we do to help you? >> brutal honesty and feedback. those of you who know me i don't mind being asked why. i do not mind being told what we are not doing well. so that is .1. continue with the partnership. as i said earlier give us some grace as we are working this house. i'll insult a new agency but we are relatively new and things are very dynamic.

things i like you all to think about, focus on resiliency. i run cyber security directorate this is not squarely in our lane. i worry too many organizations are not prepared how to keep their core operations going about a call your worst digital deck should all have a plan we should have a plan identifying where the key things and how are we going to do it? that's as much of your going to get a complete defense to cyber attack. it's also something boards can understand. fifteen years goest or talk about the 2009 and 10 the refrain then was how do we get to pay attention was paying attention a lot of times of the asked question it's easy for security professional intentionally or otherwise and potentially or otherwise transferred away the board does not understand. board members can ask a question

how are going to keep running if the computers go down? this should beng able to ask tht they should build understand that but that's a key resilience. thee last thing i would say is work with us as we explore ways to drives security. i do not like the saying the market has failed because i thinkk the market does not succeed or fail it does what it does the market is permanent does not drive the basement of security by design i think at this point we need to acknowledge voluntary model we have tried just is not working is not driving security we probably would not be in this room. as we are exploring ways to make it easier for you all to get security into your customers are get into your products work with us on it as opposed to you might not like the headline but take the time to talk to us and understand the why it may bring find a way to come up with something to work together on. i should say don't do policy legislation anymore. >> only tap your thinking on one

thing. we were talking about forgive me for not knowing the acronym off the top of my head on harmonization. i tend to think cyber regulation is more like a kaleidoscope your thoughts on the effort? >> i have to be careful comment. i'm pretty sure is closed. actually know it is closed. what i can say about that report is as at the aspen institute i got the report and my first reaction is really pretty boring and it's not going to be effective. it was both interesting and i thought that excellent job of identifying issues and charting the way forward. i don't think i can go deeper except to say dhs policy did an

excellent job or his inter- agency in the private sector identifying how we can address this.. and tell you something we are focused on we know is an issue. both within the u.s. and internationally as well many if not all have international businesses. we understand were part of a globalre environment. click select may be finished or restarted for the remainder of 2025 and looking at excuse me the remainder of 2024 and looking into 25, the cyber threat intel picture you mentioned, what else anything we haven't thought about? i'm sure you're all thinking about this but the capacity for criminal actors to have national economic or national security impact the collection of risk the systemic risk. look at the cdk were going back

the colonial pipeline. criminalel actors can inadvertently or otherwise have a significant ability or have a significant ability to impact our economy, our news cycles. that's why circle back to resilience. the resilience is also psychological. we need to understand going to tell becomes armor circle back on myself. zero trust concept is breach if we assume that we have to assume compromise. mentally we have to understand part of the fight we are in there are going to be some compromises mentor role with that and make ourselves a vulnerable target when we have significant public reactions to what are unfortunately fairly common events. we help ourselves by rolling

with it and being both physically and psychologically resilience. chocolates finish there. everyone would join me in thanking jeff green i would appreciate it. thanks, jeff. >> thank you for having me. [background noises] >> thanks very much jeff, thank you matthew please join me again welcoming vice president for national security policy and margo cyber executive director od and i cyber threat intelligence integration center for next fireside chat. please join me on the stage. [applause] >> thank you again, vince. matthew and jeff, thanks for

that very interesting discussion. to do everus work there? you didn't let me ask the audience to make a show of hands who worked throughout their career? okay this totally blows my mind i struck out completely. i used to think all t roads and cyber lead back to semantic and one way, shape, or form. it seems like everybody started there. anyway thank you for coming. before we get started i just want to share a little anecdote as well on how you and i met it is a good example of how government and thehe private sector need to work together to build relationships and trust. so i reached out to you nine or 10 months ago, maybe a year with a very specific question that one of our members was asking. i was not sure what i would get back if it would be sorry, cannot talk to you.

you said listen, why don't you come in and let's chat. i came to your office we sat down and had a very nice discussion with similar backgrounds that allowed us over time to start working together identifying projects were you were looking for engage with the private sector we were looking engagement for members with the government. that translated into some informal actions and some formal actions. we talk about public private sector collaboration the hallmark of theck bedrock of tht is relationships and trust. so let's get to you. your office is responsible for analyzing and integrating cyber intelligence. intelligence community and federal government can mitigate cyber threats. a unique perspective you get to see a lot of things that others and may be more narrow areas don't see.

worse of the current and emerging threats you are seeing? how is your office integrated this threat intelligence? >> thanks chris and thanks to the chamber for holding this event this morning. jeff did a fantastic job laying out some of the emerging trends i'll get to your question, chris, and a second and look at the laden of the threat landscape. to your point on the reality of partnerships here just want to say scaling factor but he said that a few different times in a few different ways today but the ability to scale a relationship with the private sector with commercial intelligence and security firms is a key part of how we work with the chamber music jack and others has been instrumental innd making that partnership clean, easy, find the right folks out here so that we can engage in really specific cultivated relationships to get the right intelligence into the government. that is what makes it meaningful as well the relationship in

itself is best to see the requirements that gets what we need to address. all right, teach to the threat picture and the theme of our foreign forum today let me take a step back you asked for current threats. i think the way you want to see that landscape that jeff teased a little bit in terms of disruption against critical infrastructure, when you take a step back to the early 2000's. come with many time machine for second we can kind of appreciate the moment we are in right now. i think a lot of us cut our teeth in understanding how cyber threats focus on stealing intellectual property and state secrets. when you think back to 2008 -- 2010 when cyber threats became a national security question an issue. part of the focus was on how

u.s. companies from the defense industrial base to green energy, to steel production, were getting their intellectual property stolen in terabytes and insort of a huge intellectual property shift to chinese actors to chinese military actors who were taken that intellectual property and then feeding it into its state owned enterprises.ou we would see the same sorts of products american companies had put yearsuc and years of r&d decades in some cases of rmd into the network facsimile showing up in a chinese military parade or cheaper version of a solar panel. i'm putting together that story of why a knock off woodland and a chinese military parade is putting together that whole story is how the threat intelligence discipline really emerged within the government on the private side. cyber security companies we are on the forefront of the

firefights from a network security standpoint where it went a big company had a problem in the it department they would raise their hand and say this is just not feeling something i can't reset the password and go on with business. you got to do something. that sort of shifts the thinking about intellectual property theft crown jewels of corporate america and other global companies getting stolen is the first taste of that gravity going to pose. the importance of threat intelligence to explainin who is behind this and what is happening. on like in the more physical domains you could understand who, what, when, where, how, why by looking at the event. in cyber to get the intelligence to put together that picture is harder, right? that's kind of the origin in a lot of ways on how i see the

early understanding of how threat intelligence would paint the picture of cyber threat. the other piece was one that is been going on and nationstates have been familiar with since the beginning of nationstates which is espionage. whether it was the russian military going after state secrets, u.s. or other countries basically taking spying online. intellectual property theft we had foreign intelligence threat and then we also had the criminal activity for old-timers nobody home depot breach and the target breach these big criminal events were cyber threat actors, nonstate entities, criminal groups would go in and monetize credit card transactions, sell data on the dark web. see you had three different pieces of threat picture. over the years we get glimpses into the disruptive and the cyber attacks would take a

company to their knees operationally. or have a physical effect there cyber attack those disrupted attacks go to rid their heads on a couple different ways that took out some of the irenic capability of the nuclear program they will remember in 2019 basically wiped out port operations and transactions in ukraine on your grading constitution day this month in 2017. and they will remember in the impetus for the north koreans or take out the network birth to go figure out they were disruptive and when our new sphere of cyber activity maybe i'll stop there

the lands we are now by ransom or attacks that are taking companies down to bare bones if not non- operative level before they pay the ransom. went russian activity that's taking on critical infrastructure we can speak to as well. then there is chinese pre-positioning via the discussion we have been having under their ability to attackk critical infrastructure. >> projects thank you. one of the things we over years ago there were reports of a russian intelligence services tools on or at least compromising u.s. critical infrastructurein specifically energy sectorrg but mostly for intelligence purposes. now we are hearing with the chinese it is potentially more towards disruption. using that either now or

sometime in the future. so when you couple that with groups like ransom or actors which may or may not be state sponsored or may be the relationships are loose shall we say. how does the u.s. government look at disrupting those actors went even if you can attribute it, and might be hard to find them, chase them or get the cooperation you may need in third countries. so how do you look at that disruption ideas set? given that we are now. >> how do you respond to actors who are able to make the effects you are alluding to is go after have a position access to logistics or a larger set of critical infrastructure

operators. the key to being able to respond to starts with understanding the gravity of these attacks. that intelligence picture almost always use intelligence peace in the private sector. whether that's compromised by a threat actor. it's a victim who has that access. or, whether it is a company that is collecting intelligence because of the security enterprise products that they have they will get visibility into at this threat actors are doing. so, from the government community standpoint not only are we using the classified sourcing that we have to track these groups over time. to track intelligence services military operations had been going after these different victims. we also frequently rely on very much depend on the critical infrastructure intelligence we

are getting out of the cyber security. it is not just companies who put together intelligence offerings. it's also companies getting visibility into these victims of e ofyp the types of systems they put into place system integrators, engineering companies, people who are really on the front lines of understanding where these attacks are. i know we have schneider talking later it's on this other industrial control system manufacturers. frequently the device is sitting there on the real edge of the attack surface are the places we are going to have incredible intelligence value to understand how a cyber attack can happen or how access is cyber after they be used. supposing thatha information together. to get more into your point what does that mean for disruption? we have to take this to the people are really attacking us,

right? after we truly understand the nature of what is going on, you have to live an imperfect intelligence environment with the best. then we are using a variety of different techniques to expose these actors activity. whether that is for sanctions. whether throughhe designations,n the policy side of the house but that's happening at a pretty rapid speed of the department of treasury. or throwing sand in the gears. here's what i mean by that you've seen a lot of takedown from the fbi in partnership with a lot of other law enforcement entities across the world against ransom or actors is group of criminals were able to take ransom and extort u.s. hospitals, u.s. schools, in the infrastructure online they are using to do this is where a lot of that law enforcement effort has been focused. if you are able to take down the site and the tools online that

these guys are using your able to slow down and throw friction into their operation. u.s. government authorities are being put to bear after we understandch. >> is a chamber we support using all elements of statecraft to push back and post consequence and hopefully create some deterrence. i would ask, what are your thoughts? it's a little on the operational side. when you look at ransom or actors you are tired most of the technical capabilities of the u.s. government to take down cyber. but when i look at this and think back to my previous life you have an organization whether it is organized crime group or a terrorist organization a lot of times when we first confront to those we are a little bit at a loss we do not know who the people are we don't have the the monies being moved. we don't know who is helping

them. but over time the analyst get really smart and they start to know who people are, where the relationships? what are relationships of convenience? what are relationships of ideology? then you look at how to get at these people? do we run sources do you compromise the network by penetrating them and allowing them to sort of collapse on their own? without giving away anything you shouldn't is there a role for that type of approach to ransom ware gangs whether those are purely commercial herb may be those who have relationships with state actors? >> i like you get at the kind of network thought process behind some of these groups and mapping onto the counterterrorism work that has been highly successful in the government for years. one of the key pieces of that is followed the money aspect. especially with rent somewhere attacks the changehe healthcare attack back end of february the

impacted one in three americann prescriptions it was 22 million-dollar ransom payment these are not drop in the bucket. how we are able to track that money which is so frequently almost always in crypto currency. help we are able to get threat finance is a really critical piece of that. i think that is an area as well or we look to the private sector who is really skilled in understanding not just have the block chain is playing out but thinking through new mechanisms on this very decentralized finance place to be able to consider what is the best way to map out networks and knowing the money is what's fueling the relationships the criminals are not sitting here in the same way that military organizations are with hierarchies and clarity of command and a sense of target over time these are opportunistic. they are really smart able to go and take vulnerabilities and

bring them intoo exploitable opportunities and really brazenly hold out. so that money peace is where a double down. >> that's a good point the people typically moving the money do not was get there eight hands are dirty and do not want their life's inconvenience of it becomes difficult for them to travel or if they are worried maybe if they do travel they will get arrested and extradited somewhere. that weighs on people request a deterrent at a human level. that also slows the gears you're talking. we are coming up on time we've got a few more minutes but i wanted to ask how can the private sector help? let's start there. let's focus on the attack to answer that. so you are right on focusing on the people we talked about the money. but the other piece here is the u.s. attack surface. and when you think about this we

have one the most digitally connected and digitally exposed country on the planet. the smarter our grids and get, the easier we are able to control different systems remotely. the more open and the more porous and the more opportunities lie for threat actors to get at and hold u.s. assets, right? when you think about what that really looks like let me go to a couple water attacks we have seen over the last year here that event really concerning across the board. you increasingly have operators who tough environments to work in. stay tuned were operating a water plant you know how important you need to operate a physical security issues. you're going to want to be able to get on your phone and check the tank level check if the alarm is gone off over the four or five water districts you need to look at. increasingly our products get to that u.s. products are making those grits smarter they're

making the operations possible. but, how do we find the right center of gravity push points and who can help secure those systems so it's not up to the operator on the edge to figure out pete reese set the default password is just required the reset that password. should that connection had been encrypted the engineer put the system together figuring out how to make this so it is a secure connection it's not up to the person assemble the lawn get the logset out of the dammit control the water to cybersecurity on top of it. how do we push that cybersecurity question to the right company, manufacturer or professionalr up the chain so we could really secure systems at scale that are getting smarter and smarter. maybe it's a little bit of a wonky answer. i think the reality is in the detail. this much and as interesting as it is to talk about threat

actors the bad guys bind cyber security attacks the reality is so many of the attacks we see start with the basic were not adhered to. the basics and blocking and tackling, patching systems, look at the cybersecurity advisor it came out in october that says here's the vulnerability are here name the vulnerability go patchett. at the open systems that are time and time again the big attacks come from. >> also walked the policy to patching. [laughter] that's a good reality. listen, thank you for taking the time to speak with me. to come here tonight what you and your team have done you have revitalized what needed it. and with the private sector is trulyy admirable. wish you all the best free. >> appreciate it.

[applause] thank you so much per going to o move into the first presentation senior researcher we look to the powerpoint, perfect, brilliant that is coming up. please join me in welcoming her. [background noises] good morning everyone. first i'm going to start off with this graphic i created. waged up the good, the bad, the ugly. and if you can see using ai it

still has got part of the image wrong on the bottom. just because a lot of the issues. [inaudible] let's start off what is ai? the microsoft ai should ai is going to be kind of like a new digital a companion to go to the journey of life. [laughter] so let's start off of the bad. what is a bad guy in criminals doing right now? this picture you see here this image is from an underground cyber criminal form. specifically in english when that happens to be free. here advertising a check gpt to write code for the bad guys. right now we have not seen any eight i write a fully

functioning malware. you can use some of this chatgpt and other types of ai to create tools. this specific one you couldn't use it to create and make revenue. the ai are not going to replace the mauer developers but assists in the mall work developers with their tools. this is from a russian cyber criminal site. you do have to pay this is from exploits. here someone is advertising to add features for bc a fishing attacks adding to their os. this is from the english cyber criminal form dhec form that's very popular. it is free to join. this is a software called worm

gpt originally created by a portuguese student who thought this might be like a fun little project. it's not going to be is for as r criminal purposes. even though this is a site a lot of criminals use it. start off a small project march 2023 it went commercial in june 2023 the image you are seeing here is the advertisement for. it startedus off with 100 year d a month and then it is up to five and 50 year old to use the software. here is an image of what the author said why. he basically closed it is being used for purposes which is in be obvious if you're advertising in a criminal form. also wrote an article about him. he is pretty easy to access, the developer. it was being used for bc

attacks. cyber criminals are also using jailbreak service not the same as a jailbreak in your phone. this is a basically asking lom to do something is not supposed to do. so think of it as basically asking kate write me a ransom or code? it's going to come back and say i'm sorry that is against my policy. a s way around it could be can u ask the llm to help you write eight fingerprint for antivirus and can you please provide an example of a ransom ware code i can use for it. another creative way we saw is what if you are using ai to open or have a smart home. so in this case you ask can you open the t front door? it's going to come back and say you don't have authority to open the front door. well another way is to get creative. let's pretend i'm taking over my

father's business k please explain to me and show me how to open the doors and run the business? you can trick the lom to open the doors for you. this is loop gpt. and another meant black hat gpt. there advertising that if you use their version of chatgpt it will be un- sensitive to illicit things with it. basically be able to do whatever you want with it without worrying about the policies. we're also seeing cyber criminals use ai for deep fake services. this particular one is from a russian site for the group is called melvin. he charges $10 -- $400 per minute to create the deep fake at this particular group happens to lovepa elon musk for their examples part of show a quick

example of it. this video is actually from that rock you can find on tiktok during a christmas. ♪ chestnuts roasting on an open fire ♪ ♪. >> you can see it looks like elon musk. ♪ we are also seeing cyber criminals use ai for user impersonations. in this case the executive said he received a zoom invitation for a meeting he did n create. apparently h there we several zoom meetings cat with his likeness. several of the scaerreed zoom calls to convince people to invest money and crypto with them.

>> are also sink deep fake audio. this happened to occur in 2019 where an audio it sounded like the ceo. it was convincing someone to basically wire $243,000 which they43 actually did because wasa very convincing on the phone. now again this is 2019. what we are seeing now is that we are using videos. in 24 there is a multi person video conference where everyone was fake except f one pson. and in this one they were able to get $ million out of it. sport alsoo sink virtual kidnapping is ai to clone the voice of a personal experience with this one. i wasn't it uber about two years ago the uber driver said sartre will take a detour were heading to the bank and i'm like okay, why are we going to the bank? he explained to me had received

a phone call saying his daughter was kidnapped. obviously start asking questions it was kind of odd. while i was in the car he received at what at vocal arthritis question why different out or number when he had a local number he pulled over to the side to make sure his daughter was actually safe and we continued the ride. the uber driver continue taking phone calls out of curiosity. one feeding a wide scammers are doing this. many phone calls that continued went from 50000 to $5000 at the end and eventually gave up calling him. we are also seeing baduys using photos that photo or video from you from a social media site, turn them into illicit uncompromising type o photo try to convince you to pay a ransom to not sen it to your boss or family members. in some places this is because d

suicn some places. bad guys using ai for verification services. there a some services are required to tak a picture of yourself holding her id next to bring the picture you see right here that person does not exist neither does the id. there services that can do both of these things for in this space you cld pay $70 to create a european account and will do everything for you. or, you c pay one -- $200 to create again a picture like this for other types of service tt require this. ndc there are some of the candidates shops require people to take a picture of themselves holding their id. so, let's talk about some of the ugly things. let's talk about first some of the ridiculous ideas that

existed and then we will get more into some of the threats. this happens to be a toilet created. the idea was that everyone has a unique print. like i said stanford scientist actually created this this was supposed to be to determine if you had any type of diseases. each had their own print you can determine who is using the toilet in your household. so you can imagine having a camera there consulate all times. it was a ridiculous idea. another one was human ai patent 241 million-dollar investment project that did not go well. i didn't work like people expected. it's ridiculous to her a pin and replace your phone. the idea was going to cost about $699 with 24-dollar a month fee.

it just had really bad reviews and did not work. even at $241 million was poured into this project. some of the ai threats. one of them is ai has a new foundational system interface. think about osb and personal assistance or being able to do anything you wanted to do for you instead of typing and using your keyboard or your mouth. some one could target ai at this case. the foundation model a letter open source which is a great it sounds like a great idea. but at the same time you can get a supply chain threat so much of the lenox when we had in april or the settlement come in, change some coat it takes a while for people to find out it's been a root kit installed or other things in there. within the digital fishing this picture you're looking at

robotics in japan where he actually created his own robot that looks just like him. and has all of his mannerisms. would be ai that you can teach your mannerisms, your life, how you write be able to use it to target people if your friends know you like to put smiley faces at the end or have some type of jokes, when they see the spearfish attack and be more convincing than summit spear phishing attacks that it misspelled words, there just aren't really quickly you automatically know it is fake. so, another threat will be digital system. what if in the future we had wih multiple digital systems helping you out. think about like a travel agent working with your bank. you have two digital systems talking to each other the threat would be in the middle what if you could attack one of these be able to compromise them?

obviously is using disinformation using ai for this.. we arty know we can create videos. we can creat audio be able to influence different countries and things like politics and elections coming up. let's talk about some that good things about ai. againld we talk about digital systems. they will eventually help people with disabilities and help people who just don't have time to do things. won't be able to save our time and like iai help people out. right now it's also helping track climatete change. ai is being used to track i thin ice and some of the climate changes. we are also using a ai to protet diversity. set up bothering mountain lions were able to use ai to detect

their faces. we are already seeing this individualized education. consider taking the course everyone takes what if it could change depending on how you learn? think about you want to be a challenge it could be faster, different content. or if y you are one that needs more tutoring this could help you out. we are also seeing ai help content creators. that's is like a a great idea. anyone could create video or tax and use ai for this. however you will never get something you need the artistic soul to quit something really gy good in the future. we are also synced ai being used for medical improvement in this case protein. it takes a phd student fort --

five years for one protein is about 200 mail and proteins out there. google had an ai project for this it took one year to discover 200 mail and proteins. so in conclusion, what is so good about ai? one of the good things is going to bring change were pouring so much money into this, there's going to be a lot of rapid changes andnd hopefully it wille in the future positive. thank you. [applause] >> wonderful, thank you so much for that was fascinating. moving on tour next panel discussion i'm delighted to welcome the director of the office of cybersecurity. energy security and emergency response of the u.s. department of energy.

pat ford is the americas cybersecurity vice president and schneider north america. of cybersecurity services right in the middle everyone's got a microphone. we are off and running. >> great, thank you very much. could everyone here is okay? yes you not ai bots you're alive? the conversation really interesting what occurred to meet during it, is anyone here know anyone who's a little nervous about ai may be scared if that's going to impact their job? maybe it's going to take their job? do you think if the cyber criminals are worried how ai might take their job away? it's very much about the opportunities that are going to be there. which is a little scary for us but there's a lot of things we all need to do to kind of be

able to counter that. super excited to have this conversation. and pat, thank you guys for taking the time. one of the things howitt to talk a little bit about us whenever r we talk about cyber threats it's opted in my experience to critical infrastructure. what are the threats to critical infrastructure quest recorded think about critical infrastructure and jeff green could talk about the 16 sectors they have identified to work with. but out a foundational level water and energy are kind up at the very bottom of the pyramid because if you've ever been at your house and your power isou t if it were this week you'll be very frustrated to not have air conditioning. i think it is even worse.

clearwater is out. but we are seeing -- we have seen threats and targeting against the energy sector for years. search elite with the russian en war in ukraine. you talk about actual disruption.de there are preparations taking place in that space. everyone here knows the majority of our energy e sector is using tools created by the private sector generated by the private sector. the government it's got a unique role here. i would like for you to talk a little bit about your role in your organization because i always have to look. the office of cybersecurity, energy security are three interesting and yet slightly distinct areas. typically people think of you as

the cyber office. it's actually broader than that. can you talk a little bit about your office and how your role to help add security to the space? >> absolutely. first of all thank you to the chamber for hosting this event. it really was a great list of speakers. glad to hear lure was here and jeff was here and they will hear more later on from the fbi and others. it's really important conversation right now and is important for the reasons of threat intelligence the name of this form. also from the energy sector as you alluded to the sector is changing rapidly. of all of these sectors is that not one of the most critical, of assam by a spring at the department of energy, but the reality is without energy you do not have an economy per without energy you do i hope the social security that in a chewed on the other 15 sectors. let's critical in a way that's

unlike other sectors except maybe water. so i could not agree more with that. that's where our office comes in. my office stops cybersecurity energy and emergency response and yes no it's a very long faintly shorten it to color so caesar. our focus is the security and resilience of u.s. energy systems from all hazards cyber is in our name so we spent a lot of time on cyber i'm sure we'll get to that the second but were at risks we are also looking at physical threats to energy infrastructure. solar flares we sell it as a couple weeks ago it's taking all hazards approach the victim energy my role as the sector risk management energy is i just want to ensure we have electricity or homes we have gasoline we have petroleum products available at what we needd them to power our homes. to power businesses.

at the end of the date that is what i'm worried about present but it's a physical attack on the substation. we need too make sure we have hardened infrastructure and light of the growing risks to that sector that is a refocus on widgets or policies we do the research and development. we also do respond with the colonial pipeline. it's a building in the security. have to respond to all that other a stuff. from the department of energy work with the department but also work another college at dhs. fbi the intelligence community and one of our most important partnerships in the private sector that's a critical partnership we have had for many years. it predates even side but we did it because of the hurricane response we did it because of wealth our response. we built the strong relationships as were not a regulator. we have an independent

regulatory agency that is separate from us and that has benefited us because it wants a partner. with the emerging risks of the. >> the private sector you are equally focused for internally for schneider electric and your customers which are a lot of constituents i would call it. how does that resonate with you and how have you seen the department of energy office sort of working with privatein secto. >> this is not unique. he not the only critical infrastructure but were all happy to partner again and thank you to the chamber for having me here today. we are some of the most auteur organizations we work with. the customers, the energy sector, dealing with the energy transmission energy generation,

the energy sector is probably the most auteur out of all the critical infrastructure project finance and others. when they challenge us it is a gift. and we get better. so improve our products we learn more earlier part of the agreements with our customers is they have to notify us when they see something. when a product is not operating. there's the trust backti and foh to enhance the ecosystem from the government and private sector. toxic rates. i think obviously that partnership is critical. chuck greene talked about and darren from trend this is keep when we talk about cybersecurity people needing to work together. we are here today talking about

threats. what are you guys sing for threats that are uniquely targeting or if they are uniquely targeting thein energy sector? what do you guys do about it? maybe talk a little to the process. we have sister who has a role your organization has a role. private industry has a role. how do you see this all coming together? >> it's a great question. before you jump into threats the undersigned complexity of the u.s. energy system is important. there is over 3000 electric utilities in the united states unlike other countries there might just be a handful some of the state owned less of the case united states we have 3000 primarily privately owned utilities and thousands of oil and natural gas entities looking at the entire natural gas supply chain. downstream, midstream, upstream, all of that. it's a very complex energy

sector. there's no silver bullet there is no solution to keep up all the threats. we have to take a risk-based approach permits to make sure we are tackling the greatest risks but when we sing in terms of some of those threats? the reality is were still continuing to see very basic cyber threats from pro- russian activity. we are seeing a ransom ware activity that continues to challenge particularly the under resourced companies. those small companies that are electric utilities or water systems even. still continuing to see a lot of the small companies being challenged because they do not have the resources to really protect their networks. >> we're not asking for them to be tackle ago china or anything but at a minimum, if this is

where the ransomware has gone, we need them to go here and here. >> exactly. that's simple stuff. default pas words. that's what we should be doing in our personal lives. multifactor authentication, that's just some of the basics. we still are seeing some of the smaller underresource companies, on the other hand, we are also seeing nation state targeting such as activity that was highlighted by the fbi director and others and that is, you know from the prc where we are seeing really significant sophisticated targeting of critical infrastructure and energy isuc certainly one of those piece of infrastructure and that type of targeting is not necessarily yourty fault passwords. that's more sophisticated. that's not even malware by the way. that's what we think of sophisticated actors. it's so sophisticated that it is

knowing the engineering of how systems are designed and manipulating normal functions to be able to get in and out of systems, that's the level of sophistication that's where we are looking at the entire gamut of threats. for smaller utilities is getting them to the basics and we want to work with them on sophisticated threats that are targeting energy systems so that we can really work with them in collaboration to detect them, to address those threats and build those systems with security. >> and pat, what are you, you know, as you mentioned earlier you've got a relationship with your customers where they have

to inform you of threats that they are seeing. you clearly are able to gather and have interesting perspective of what is happening around the globe, how are you seeing cyber threats to the energy sector evolve over time. is it more the people that just haven't done their patching that they need to do that laura talked about earlier or is it sophisticated or is it kind of spread across that spectrum? >> i'd say it's spread across the entire spectrum. they went after oil and gas safety systems. it's one off the most security vices out there and they were able to get into it. it took six years to prosecute them but we worked with u.s. government to do that and was nation state actors doing that,

the other side of that is the valium of threats. i call it -- i think one of the greatest concerns i have is volume is so great and, you know, weeding through that and finding that need until the hay stack, you don't need to be a nation state actor to cause a lot of damage. you can be a novist at, this get lucky. our worst security days, they are getting lucky, they're not. i can give you examples of that. the threat actor doesn't have to be overly sophisticated, they can be but they can cause a lot of damage and take -- and destroy the confidence of customers and their vendors and i think that's the greatest damage, besides the financial,

you can always calculate that but it's the confidence and the trust between customers and vendors and the ecosystem of companies that are working together, can't calculate that. >> well, it seems like the -- just the volume and a number of attacks that we're seeing, the kind of basic tools help the adversary scale and they don't necessarily need the tools that are at the pentical, when you talk about eroding, whether it's on industry -- >> i will give you a quick plug here. you talk about transparency and trust. to me that's the most vital thing that anybody in this room can do and that is discussions and trusts with your venders and

your customers before an event happens. obviously we work with the government, we work with all the governments to have that trust and build that because i -- i can tell you, we no secret, subsidiaries back in january, i spoke to over 120 personally customers more than once by the way, ransomware events and i gave a briefing at the beginning of the discussion because they were calling and asking for meetings, i gave a briefing in the beginning. it's a five-minute briefing, ten-minute briefing. day three briefing was less informed than day ten but i started, i started each call with a briefing and at end of the call, 90% of the same they said, you know, to one has ever been that transparent before and i said i'm giving you briefing that i never get because i hope you take this back and give me a briefing when i call that's very

similar b and because i want you to be prepared. part of sharing information with the government is so that we can prevent other people from becoming victims so that you can do your work, the fbi can do their work ando when we have incidents and i work with the fbi. i'm'm u.s., i'm the america, i can't say how relationship is exactly over the world but when i talk to law enforcement and they say not everybody calls us, it's like whatt do you mean not everybody calls us? i help start the cyber division. i started other programs there. it's disappointing that not as much information is getting back to the people that can actually to something about it because i can't dog anything about the private industry but you can, you can help protect the other operators inct the critical infrastructure and it's more than just energy because you share widely with sisa, so that's our giveback. that's what our obligation, i

think, is as corporate citizens right after that attack and didn't go back and say we'll tell you what happened. you went up and said how the attackers and nation state attackers got into the system and we cannot only help the rest of the industrial community system going with that and you're very transparent and i know from talking to a lot of big elect and i know talking to electric utilities, they appreciate it. so it wasn't, i think, the thing i appreciate about that it's no longer a hey, like, being attacked again by a nation

state. oh, i can't talk to anybody because it's going hurt my reputation, it's going hurt your reputation if you don't talk about i. listen, this is, we need to improve our cybersecurity defenses. you were out front the actually talk about cybersecurity principles. you actually had some of that stuff on your site. that's what we are trying to get to, as a community we all need to do more of that. it's going to be good not only for my vantage point but also good for business. >> one second. the more mature the organization are and betterhe security cultu, the more they are willing to do that. it start with the executives. it start with a legal team that understands the issues and understands that -- i was going to use and by the later on but mike tyson has said everybody

has a plan until you can punch in the face. i'm getting tired of getting punched in the face. and so doing things proactively helping people become proactive is vital to being part of that echo. >> right, and i think -- i want to get to your principles in a second. i want to ask one more question. we are happy to take audience questions, i want to take questions from the audience as well. we talk about transparency and sharing information, can you talk a little even more granular, like what type of more information is most helpful. information sharing is such an easy policy to throw out but what type of information to be able protect the next victim from being victimized? >> so it is broad. it can be how did an adversary

get into a system so we can better understand how to maybe design the system differently to prevent that from happening in the future. it's looking at what do they collect about your system, what kind of data do they have about your system and why they enflust that data. it's the entire gamut of potential cyber-attacks and dependent on the situation. i think thehe key is when we've had sneider but also other manufacturers come to us and say hey, we are tracking this activity on oury system, we want to work with you all to conduct the forensics and better understand, that's always the question that knowing your background it's always like how do they get in. that's the hardest one. always the hardest -- >> that's like the first thing everyone asks. it's the hardest one. but if we can collectively start to look at how did they get in

and then what did they do after they got in and are they still on your system, it's really understanding the kill chain and seeing to what point did they get to and where do they go from there and are they still there and what have they collected and so it's really, it's really a lot of different pieces that we will want to look into and when we hear about an incident from snyder, we will do pull in our fbi colleagues, pull our dhs colleagues, they all bring their own expertise. we have expertise of energy systems. that makes it a really good model of fbi has law enforcement capabilities, we bring energy expertise. that works really well when we do it together. >> how does that information get out back to industry? you with the fbi on it.

not looking to out information and going to pick it up and attacking our system and that's not helpful. how do we do it in a way and we don't know adversaries know about it and it's always a balancing act and we need to get information out and take advantage and it's about it and learning about vulnerability and going for this one and enough information out and going to continue to work towards the patch that's never easy in ot environments and this is a conversation that we like to have.

we'll work with the manufacturer to disclose on that on vulnerability disclosure. and >> helpful for you and manufacturer and owner operator and there's some things that we talk about what to do in the personal lives around passwords and security and there's a lot of security features and a lot of tools that may or may not be

that's the developer >> it's the program going to have the test product and critical infrastructure of the energy sector and we learn more about the product and we get to going for things with the lab going to understand where they're coming from and the point is take it and take the equipment and the software with it andit's the

sharing of information.

the question is given the threats and environment, how do we shorten my mind between things coming in or being reported or being shared and they can prepare. once it's exploited once, the other actors will learn about it.

>> that's any problem with the actors and the threat actors today are different than the threat actors 20 years ago. >> the moral ones. >> there's no consciousness and going for that and i view this analogy and might be something wrong with it pretty quick. there's a consequence and deterrence and the one thing and depth between resident and can reward has gotten greater over the years for the threat actors. i can't buy another tool or get intelligence any faster and reduce that threat. there's two ways of doing it and take away the threat surface. working on devices that are

successful to the internet and doing this program globally and it's in the united states being very successful working persistently and identifying who the actors are and notifying them, hey, you've got this piece of equipment. based on internet, you might want to remediate. that program is underway and other side is i heart christine mention and mentioning in the previous deterrence. the minds that can learn to exploit that and have no conscious to their benefit and up against a really tough adversary and doesn't even

include the nation state actors and that's the offices that we're after them and we'ring working with law enforcement and the senses guidelines need to be changed in my view. 55 million victims is that part of the calculation anymore. it should be. the dollar cost asks needs a consequence for that. that's my view and soap box for that, but we've got to do more in deterrence.

one thing we released is proactive vulnerability and disclosures and management and we have to take a step with and it sector for a very long time has had vulnerability management and is it perfect? it's never perfect but it is pretty mature. that's what we need to do and how we're thinking about the typhoons is it can't just be to build our system and it's going to ensure they operation and

engineer our system and engineer backgrounds and power systems there and i was together to design engineering systems and d substations and adversary won't think they have impact they think. we need to be doing a lot more in a lot of different areas. talk a bit about those and target audience for that is and what you want them to do with it. >> totally. so we have been working on this

for well over a decade and not amusing to us and helping the ukrainians after the 2015, 2016 cyber attack. we went there with our colleagues to help them really do the forensics back then when russia first had started doing cyber attacks on their electric grid and taking out power because of that distribution one year and we had the program and understanding the complex ot cyber threat and so how do we raise the bar and lots of good standards and there's frame work and a lot of good stuff out there. how do we set expectations commonly set in terms of comply

chain security. in partnership with our manufacturers to say some of these manufacturers like snyder are leading in this space and how do we bring the rest of the community along and we work really hard to actually set supply chain security principles and the interesting thing that came through the process is the question of who does this supply to and certainly snyder ceos and other ceos and semens all publicly -- siemens coming out saying that's great and that's only half of the story. the only half is being secure by design but by operation much the operation of the role of owners and operate torrs and so while we're doing a lot of work of manufacturers to really think about how do you instill these principles into the business practices and design processes.

>> endorsement and and offer as opportunity of engagement between the suppliers and there's a relationship that has to be established and it's a two way street. opening the transparency and i love the transparency and trust portions of your principles because it's foundational to security if you ask me.

that relationship we can do with enhancement. no one is going to confuse me for a regulatory dream and we're out there and it's going to contuse me and not sitting on that but i'll tell you about partnerships and tell you about trust. i will tell you about preparedness and about being effective as a leader.

>> the fact of voluntary nation and we haven't gotten to where we need to be and this administration has certainly they also done, you've got principles and we have it's going with this and a retail requirement and certainly raising awareness and what we wanted to do and working together and all working

together and going with these and from outside perspectives and and >> this is from a tremendous line and thinking about secure by design. background and partnership we have and really wanted to focus in and looking at the supply chain and going for this and it's going if that and it's going to point to other thins that companies will do and 66443 and many factors are global

manufacturers and thinking about in the united states and globally and so we're working we are working with the g7 who are thinking about adopting this initiative and working with them as well. you're right, we have to work broadlyy and you have to start o connect the dots and say intentionally, how does this align to existing standards, but the reality is and that's where you're seeing push from government across the board we are still in the crawl phase. that is the reality. we are now starting to see a little bit of a sea change where more companies are starting to do secure by design but for a long time that was not the case, so we still are very much in the infancy of trying to really lift up everybody to do more and so all of us focusing on the secured design of software

suppliers, all of it is important and where he should be striving to align our efforts and how this effort addresses this piece and this piece, this focus, so we should absolutely be doing that but i can assure you that we as u.s. government are really allll thinking about secure by design really together and we are actually partner to go release a paper i think in a couple of weeks or months, i am looking at my colleague over there how we can work on cybersecurity informed engineering fits in the cie. that's going to be coming out in a few weeks and a few months but we are working on that. >> great, and i think the more consistency that, you know, both just the u.s. government and the international work is certainly

helpful. we've got a couple of minutes. i think u we've got time for mae one or two more questions. buss word of ai, can you share in terms of your perspective, the impact the good, the bad that you're seeing with ai in the informing sector? >> that's a great question. that's a comprehensive look at risks and i talk about it as a high level. number one, do i think there's tremendous benefit for ai particularly in the energy system. the reason i say that the energy sector is exploding, solar, electric vehicles, we are using a lot of cloud infrastructure to operate all of that. we are seeing a lot of more market players coming in and to be able to ensure that our

electric grid continues to be the most reliable electric grids across the world we are going to need ai to make sure we can dispatch energy from here to there and make sure that we can time it all properly and so ai can really be a force multiplier making us do that all of that more efficiently and a lot more reliably and really building that resilience with that said, as we all know ai can also be manipulative. it can be used for nefarious not only to poison language models but also be used to conduct more sophisticated cyber-attacks. my take on is it we have to be focused on that and that's the security portion of what my officef is focused on but i work with my other colleagues in the department of energy who are using to making sure it's beneficial. we have to do it together. let's do it with eyes wide open g

from security mindset that takes into account where ai is today and we're going for the future. >> anything on how you're going to the opportunity side. the president using it and going for the security perspective and responding sooner back to early stages and going for the good

side and we haven't seen all the bad and i hope we don't. i hope we're able to win that battle because that's a big battle. >> it's not going away. >> not going to go away. >> we'll have to deal with it. >> get business cards before you leave. next time, we're all in this together. this is the community. >> not just your business card. >> i don't have any on me so you're not getting any. going for the government and the citizens of the world are better

because of and he shall the critical power and it's engrained in the cyber people in the organization and it's engrained in the professionals and in the engineers that are designing and my ask for this community is we really need to be talking to everybody and making join me for thanking or guests for being here today. >> one more, two more sessions

before lunch so hang on, you're almost there. delighted to welcome deputy assistant director for cyber policy and fbi cyber division and john clay, vice president for trend intelligence at trend micro to the last fire side. >> assisting victims and experiencing something but also preventing others from bye bye bying victims in the future and that includes imposing costs on

cyber adversaries so they aren't able to conduct these malicious attacks. you're in charge of investigating all of the cyber-attacks and intrusions against the u.s. especially we already heard about critical infrastructure being targeted and information about china being critical infrastructure. what does the faa learned from the incident and some of the other nation state intrusion that is have happened that maybe the folks could understand a little bit better about what's going on there. >> you know, we've always been tracking targeting critical of infrastructure and really ransomware actors as well who want to hold hostage networks that we require to do our daily lives including saving lives, however, what we have seen

recently is more success at least, more incidents of targeting the operational technology networks of these critical infrastructure and we are looking low-level, people who haven't changed their default passwords from 1111 or the like and they want to get onto to say look what i did, falsely claim that they were able to do more. now, i think that's more on the progression activist side. we have seen iranian actors do that as well in the last year.

what is interesting and we have done technical deployment too, what we have really seen there is a tool, living off the land, they are using the tools that it's hard to tell that they are there in the first place and getting in primarily through, you know, a few different mechanisms. but what's been different about these actors how they are able to move lat rally across the systems and identify and get that there was one connection there that enabled them to be able to two to their level to do maintain and the like and the chinese actors are able to

actually find that and do that. >> i've been talking about the motive of education, instead of monetary or espionage, it's educating yourselves and how to get into ot networks, you see the adversaries, they get in, they do some things and figure out what they can do and what they can access and leave and wipe out their track, it gets difficult for a lot of these ot and critical infrastructure organizations to understand if somebody is in there or not. well, i think first in several cases where we have deployed very expensive end point monitoring or other types of tools on the system that somebody had maybe left the company and then no one had the

password to or log-in and they weren't being monitored appropriately and seen in certain cases if you were using tools and maintaining consistency that is able to say this doesn't look like, it may not look right, so it's taken us teams of experts to take the data and learn from the incidents and actually say was this and that's what i mean by there's a few companies, several agencies that have that expertise necessary and suspect it if you can't figure it out bringing people with expertise really help to drill down what is happening because these actors are so sophisticate and we want to be able to be there for victims and help them, directing them to a good-private sector company or working with us directly.

>> what's the fbi doing to promote collaborative and more collaborative environments out there to help the people out here. it's such a multitrack effort where there are service security companies in the state that is really are holders of intelligence. we have flexably and not something that we will get from our sensitive sources but then there's the other side on either

assisting victims or preventing others from becoming a victim to my first place and to my earlier point and within that really assisting a team, try to find what is going on or notify about intrusion, we have notified u.s. companies over 10,000 of chinese intrusions over the last few years. that happens with a lot of frequency especially co2 collection. i'm going focus in on one because we will get to the other in a little bit but being able to share information and put it intoto usable information that's out in the public, it's not even

just one-on-one, it's just so important for us to be able to help prevent others from becoming victims in the future and i think that takes shape in two ways, it's learning about what we've learned either through working with private sectors or collection through going to a site and taking all that information and then putting out in a service security advisory but there's also some really interesting what i will call almost crowd-sourced analysis that's going on between the u.s. government and private industry where one example is we had work with companies and then everybody review and looks at it and information to the fbi and

each other. it's knot necessarily we are going to be go across. that's okay. other nations like that. really work well in terms of being able to ensure that we are helping educate across stakeholder environments. >> and the people there, right, because that'll help in the long term, i would imagine, right? >> yeah, so i think that's important for several aspects, you have contact information early and you've not trying to find the fbi's contact information in the middle of a crisis is incredibly helpful because you'll know what to expect before we get to any type of issue and we will be able to share more information proactively but being able to

engage after has host of great benefits to include the fbi oftentimes through our proactive operations against ransomware actors. there's been some operations where we have access to the decrypters and we can see exactly who the victim might be. at those point we will proactive i will go out to the company and give those decrypters but there's others where it's just numbers and we have to match those numbers with the number that might be on a ransom note on a system and we can't do that without somebody coming to us and matching that up but we've had a lot of success in this. in fact, in the last few years we've been able to provide companies over 900 decrypters. >> that's awesome, awesome to hear. last thing that we want to get into a little bit is obviously we've seen lots of intrusions

against our health care industry, financial industry, we saw i control -- colonial pipelines, what's fbi doing to maybe be more proactive against our adversaries that obviously are in nations that sometimes we have struggle going after? in 2020 the fbi overhaul strategy to making it harder and more painful for our cyber adversaries to succeed and that taking away key services or hitting it where it hurts, their wallets, and so we have been able to put together and conduct multiple operations and have and disrupted actors either on a temporary or more permanent basis and i think those are more important. on the temporary when we go and conduct an information that takes down an adversary's

infrastructure that they're using to stage their operations, lots and lots end of life routers, the chinese have gotten under those and they are using that the conduct activities. when we are able to cut off access 3 to 4 months, that's 3 or 4 months of relief to victims, that's 3 or 4 months of companies not being victimized, not being targeted and then we get to continue toe do those types of operations over and over again that has this really great impact. in addition, people would be surprised at how often we are able to put cyber criminals in jail, tune of a hundreds a year.

and think to sum all of that up, doing sequenceor operations, not justo fbi, be proactive, taking down infrastructure and working with our partners those in the private sector and across the interagency to have that outsize impact so we can really ensure that our adversaries are not capable of or thinking twice of targeting u.s. companies. >> we still have a few minutes. what the fbi is doing right now to help ensure our election this november is safe and secure? my purview on that is limited to ensuring either what we call election infrastructure so technical ways that we conduct elections or campaign

infrastructure, candidates, et cetera, are safe from cyber adversaries and that's where we are limited into from my end. i think what we can say we are committed as we have been actively warning, notifying, providing information and ensuringg that we have certain operational plans against adversaries we know might be considering these types of activities to be able to make it harder for them to succeed and that includes partnerships with election officials across the nation. from what we are seeing, i would say that it's very consistent with what we've seen in multiple past election cycles and we've been able to be transparent about that, put that information out in the form of report.

really seeing, you know, what we've seen in the past and what we warn election officials about is the threat from either -- ransomware or compromisesthat adversaries to make it seem there's a broader, trying to undermine confidence in our election infrastructure, but, you know, i've been working elections for many, many years and i just have to say election officials across the nation are some of the best you'll work with and are so committed ensuring that the security is in place and that they're communicating with us, talking with us and so i think, you know, what we've always promised is we can't say it's going to be the most secure but we can say and promise transparency in what we see in ensuring that we are

protecting and working with any entities that may be experiencing. >> yeah, i think the manufacturing and equipment if they do equipment by design model we would be much more effective there. we were talking earlier about deep fakes and where that is going. >> it's really interesting, because right now it's my belief that benefits of ai are outweighing any threats from adversaries. that doesn't mean we are looking -- doesn't mean our adversaries aren't using them. in particular probably to be more efficient, business process gains check code and errors and alike. what's really important for everybody to take away is we do see cyber criminals using deep

fakes to either socially engineer companies or to attempting efforts, deep fake of a ceo and contacting employees. you are getting the information conducting intrusion but more importantly, why this money there, that's at a micro scale, right, of this technology that's interesting because it's something that we have to w be cognizant of. making sure that your company is protected is aew new avenue for us, a new frontier and i think ensuring we are tracking on and transparent is important. >> i fully agree i think actually on the good side ai is being used more effectively right now than the adversaries. any just last thoughts as we

wrap up here? reiterating if you don't have relationship with fieldho offic, talk to them about what you might need and just continue the conversation with us so we can prevent potential incidents in the future. >> great, thanks. cynthia, thank you very much for taking time out of your day. i know that you're very busy. everybody, let's thank cynthia for today. [applause] >> thanks, john, thanks cynthia.

>> so i sing in a rock band so i'm very sensitive to where the microphone is and your ability to hear me. last year i stood on this very stage and talked to you about where threat intelligence was and particularly with micro and sort of presst the need for a shift in how we thought about threat intelligence not so much database information to our customers but actually getting into more threat intelligence. it's one thing to tell someone your house -- a room in your house is on fire, here is a big hose to help put it out. very different to say there's someone walking down the street with a torch that's a flame and headed towards your place and to give that kind of preemptive

information so that companies can take actions of those threats well in advance. why, very simply because the easiest way to find out if you're being targeted is after a breach. but the fastest way to find out is through threat intelligence and since this time last year i've had the privilege of speaking to many different agencies, public sectors entities, governments from all around the world and the ask is very much consistent and the same in terms of the services that they require. the threat intelligence. i have very little staff. i have so many things that i have to give them to, do they don't have the time to get through all of these things. they don't have the necessary skill sets perhaps to even manage the complex and confusing products that you're trying to sell them. they already have complex and confusing products, they don't

need more of that. they need more service, personal touch, they need the kind of people who are going watch the store for them and help them figure out who is coming after me, why, et cetera. i'm happy to report that trend micro has listened and we very much have shifted our focus from mostly selling and elaborate products to more of a service model. ouren coo has recently stated tt this isng the way we are going o go, that cybersecurity services specifically threatha intelligence, that's going to be the shift to help our customers in a new way and to prevent these kinds of threats. it goes to answer these same kinds of questions that we've been asked to help with which is

who is coming after me, why are they interested in what i have, what are they after. what are the vulnerabilities that they are taking advantage of? am i misconfigured? what haven't i don't? what defenses i do i need to put up to help me prevent these kinds of attacks, what should i be looking for and what can you do to help me defend. now there are a lot of ways agencies have gone about this and the more popular to get as many threat fees as they can, collect them from different sources, integrate them in. that can be a taxing job, full-time position to try to organize all of those feats and understand what is in each one of them and where is the overlap, where is the

duplication and can lead to false positives, a lot of noise so a lot of help is needed there as well to understand the risk and to get the most out of those feeds. micro in this space is very simple but it's interesting that we had this capability and have sort of been in the shadows with it for a long time if there is a core capability at trend micro this is it, threat intelligence, threat research having the global visibility that we do and things like the zero day initiativer, zdi, global researchers around the globe come in and demonstrate their exploits of vulnerabilities we do the responsible thing. we tell the affected vendor you

have four months come up with a patch or maybe you do nothing but after thehe four-month clock runs out we are going to publicly disclose this vulnerability. .. .. .. in the meantime, we have a 70 plus day average window, where we have already protected customers from this vulnerability because we have purchased it and we figured out how to test against it. that program, and you will see different competitions around the world, that is a great

source for us to get up on her abilities and protect our customers more proactively. you heard john appearance while discussing about our partnerships with law enforcement which continue and help us with the capability of taking down criminal rings. i will run through this very quickly just to tell you what is going on. as of this moment, you can get threat intelligence feed, this is probably the first time in a lot of years where we have opened it up. we are including that access via api. the fourth quarter this year will be enhancing that and will include the region, all the information that is needed to specifically, for our customers to specifically understand why they are being targeted, who is coming after them, where they need to show up and we will use

standards to miss subscriptions and all those kinds of things, open c ti to make sure that everyone can get access to it. this is just a couple of examples that we will run through real quick. we have a new landing page inside of our cyber security platform vision one. that is the landing page for intelligence giving all the news , what threats are emerging in what we are seeing. we want to make sure that as soon as we know about something it is right in front of you on the glass for you to take a look at. who are the threat actors, what are the new vulnerabilities that we are seeing and how are they being used. which actors are exploiting these vulnerabilities. are they actually targeting me if i am in a specific infrastructure or transportation we are seeing a very large up taken maritime attacks. i think you are seeing that in the news. a lot of the ports in

infrastructure being attacked now. how do i defend myself? what should i be looking for? if i am looking at the infection chain, at what point should i see something and what exactly should that be? how likely are they to exploit something that already found vulnerable. maybe have a misconfiguration. maybe i've exposed in amazon bucket to the world which i should not have done. things like that. also connecting those right back and mapping them to techniques and procedures. so there's a clear understanding of the infection chain. where the lights are coming on here. you want to be as far as the left as possible. a very large base of information about actor profiles. what is their industry that they are targeting. what do they use? what tools do they use?

what executables might you spot in your environment as possible signs that they are in there. being able to do a search by a vulnerability id, by a minor tactic or id, malware name, tool name, all of those kinds of things to help determine if there is something. even run a suite in your environment. if there's a brand-new threat the first thing we want to do is put that right on the glass so you can do a sweep and see if there are any indicators in your environment that this threat is running around. we are using standards to bring in the ai theme here. there iss also a new ai capability where you can take maybe your favorite brett intelligent fees website and we will actually scrape that site and pull out urls and the other informationve in their and any c and envelope that into your

threat feed as well. this is one of the uses of the ai that is actually positive to help out with threat intelligence. that is aam quick update about where we are. i do want to mention that if you are attending we have an ai summit. that will be a great event. this really, i just want to hammer home a lot of what you've heard today. i've heard a consistent theme and that is the criticality for public and private partnership. that i may be sitting at the same table as my friend karen from crowd strike, but i do not see her as a competitor. i see her as a partner. our customers are coming to us and saying, i don't care if you are a competitor to this particular company. my problem is the people that are trying to come in and steal my data. you guys have to figure out a

way to get along. that isal why think you are seeg a lot of third-party integration that is coming into our platform to try to bolster our customer security postures and take advantage of other solutions and help them, help the customer in a better way. if we can push some information to a competitor to help him take action, that will be good for everybody. this is what it is all about these days. it is about getting together, talking to each other, showing up and figuring out a way to collaborate. not compete, but bringing out the besth in each other to protect our customers from the real threat which is not us battling against each other. it is the threat actors coming in. >> there is one more thing. >> sorry, i just always wanted to do that. [laughter] but there is one more thing. and, so, with this platform, the

cyber security platform that we have put together, we have a very unique challenge in the public sector which is most of our customersrs have to remain n premise. so many of these technologies reach out to the cloud car you have to be willing to put a solution in your environment. we cannot do that for government agencies and public sector clients who have to stay on pram or maybe they have an air gap environment. so, what if we could take that cyber security platform and ensure data sovereignty by moving everything on premise. so an xdr capability that is on premise. everything is self-contained. in fact it is containerized. so that you could run it your self in your private cloud. using container software. well, that exists.

so, this is the first time that we have pushed forth with this initiative which is actuay available today. this is the vision one platform. it is being replicated as an on premise containerized offering called vision one for sovereign and private cloud. this is going to be hugely critical for customers that need to stay on premise, that may be aircraft or have other requirements. they cannot have a hosted solution. we are bringing the entire ecosystem along with the third-party integration and everything else on premise. i encourage you if that is of interest of you to find us and talk to us afterwards. i will disclose with that message again. this is a very, very critical time. in the cyber security industry. it is a time for us all to put

down the weapons, come to gather , showbu up, have a beer with each other and talk about ways that we can truly work together to collaborate and protect our customers. there is plenty of business out there for everyone to be had. if we want to ensure the world will continue for our children and our children's children, then we have to get together. thank you. [applause] >> awesome. thank you. they -- thank you to jack. we have lunch in the back. help yourselves, network, mingle , hang around for a while. swap business cards. thank you very much. really appreciate your time. thanks again. [applause]

[inaudible conversations] >> american history tv. saturdays on c-span2. exploring the people and events that tell the american story. at 3:30 p.m. eastern vanderbilt university professor on the rise of public polling on political issues. from the 19th century to modern times. at 4:30 p.m. eastern, july 4 celebration featuring the reading of the declaration of the independence by actors portraying historical character -- characters get benjamin franklin and thomas jefferson hosted by the national archives. watch american historyv series stic if -- historic convention series. this week founder jesse jackson spoke at the 1988