we should be meeting or exceeding all the rierm-- requirements we set forth either regulatory requirements or expectations we put on private industry, as well. the second part is critical infrastructure. so how are we protecting critical infrastructure? the majority of critical infrastructure in our nation is owned and operated by private industry. it's not run by the government. that said, the government and much of the nation is completely dependent on these services and capabilities in order for us to operate. in order for all of your businesses to operate, in order for your homes to operate, and

so what are we doing and what national capabilities can and should we bring to bear to help protect our critical infrastructure? what are the expectations we have for the owners and operators of critical infrastructure? what are we expecting them to do because this is a shared environment. call it a partnership, call it what you will, it's definitely a shared environment. third, we want to help clarify roles and responsibilities. if you're an industry and you have this happen, it's around critical infrastructure and it's more broad. if you have issues, who do i call? chris will be up in a little bit. certainly calling homeland of security is a a-- helpful. sometimes the fbi is where you want to reach out. if you're an energy provider, maybe the department of energy. so we wanted to clarify the

roles and responsibilities inside of government around critical infrastructure. the third element under pillar one is combatting cyber crime. much of the malicious cyber activity on the internet today is criminal in nature. pillar two is promoting american prosperity. so the internet has brought great opportunities for innovation, great financial gains, you know, go to silicon valley. great opportunities for americans to really be innovative and be able to create the internet that we have today.

there's a number of areas under this. the main one i want to touch on is the work force. so how do we -- because at the end of the day, all of our cyber challenges, all of our i.t. challenges are people challenges. so how do we create and build the work force for america not just for the federal government to regroup from or the department of defense or department of homeland security, but an industry we can draw from. it's not just about the work force for cyber experts or i.t. people or the people in the basement that keep things humming but you never want to talk to. it's about educating throughout the environment.

all our employees are the front line of defense. we also need our accounting and our chief financial officers and ceos and our general counsel or legal offices to understand cybersecurity, as well. because the example i use is if a ceo asks "are we safe yet." they have two choices. they can say "yes" and get fired when the first incident happens or say "no" and get fired then. it's sort of a career choice. the challenge is it's not the right question. right. the questions need to be more sophisticated and nuanced around what are we doing to enhance our cybersecurity, how are we preparing, what are we

exercising? what does our posture look like? what are we doing with our offensive capabilities. how are we working with our international partners? how are we identifying what are norms and behavior we think are acceptable in cyberspace for individuals or companies or nation states and then what are we doing to enforce them? what are we doing about it? cyber and it's not just cyber. that is a tool and we should have that tool and it's available to us but it is one element. it's one of the levers we have. it's one element of national power we can bring to bear. and it's an important one because a lot of our adversaries

can't compete with the united states on most playing fields so they choose cyber. the third one or the fourth pillar, excuse me, is advancing american influence. what are we doing from a deterrence standpoint? how are we deterring malicious actors in cyberspace? how are we working with our international partners? because this is not something we can do alone. it's not something anyone can do alone. we've got to find partners who can work with us, who are like minded, and we need to do capacity building. we need to reach out to other nations to help them develop tools and capabilities and help them be a part of this fight. so that's a pretty quick overview of the national cyber strategy. i would encourage you to read it. it's really not that long. it's pretty assessable. we really view it as a call to action. you know, to pay attention today and walk away with a couple of

things that are going to inspire you to do great things when you get back to your office. i would ask you to, you know, be aware we have a national cyber strategy, continue to be ambassadors, continue to spread the word. this is national cybersecurity awareness month. it's an opportunity for us but cybersecurity awareness is not something we need, you know, one month a year. it's something we need everyone to work on and everyone to think about every single day. so thank you for taking the time. this is a little bit of preach together choir because you guys get it. you're here. and so i would ask that you help be ambassadors of the things you hear today and things you learn and inspire others to pay attention to this important task we have ahead of us. thank you very much.

[ applause ] let us give grant another round of applause. thank you so much, grant, for kicking off the event. [ applause ] i'm thrilled to introduce our next speaker. she doesn't need a lot of introduction. i think everyone in this room knows who she is. i recently introduced her and something i want to say again. one of the things i love about our next speaker is that the fact that even though she's newer to our community, she's entrenched herself and committed to getting to know all of the players in our community, engage with all different organizations across the community, and it's really been committed to being vested and getting to know all the moving parts that will help with her mission. i have a lot of respect and love for her. she's going to be talk about modernizing federal i.t. and how

it will enhance our security and productivity. she's the federal cio in the executive office of the president. please put your hands together and give a warm welcome to suzette. >> good morning! thank you for the fantastic introduction, and part of the reason i'm thrilled to be here, i'm going to follow one thing that grant said. you're here because you get it. this is a little bit talking to not just the choir talking to the evangelists. and that's the reason that i spent so much time with the agencies and their teams. because the way we actually get things done is through the people and through people like you who are delivering on the

mission and taking on these tasks every day. and what grant also said when he and i have to scoot out later, one of the reasons is that we're spending today with the cio across all of the federal agencies focussed on the national cybersecurity strategy and what we're doing, the priorities, and how we tackle some of those things individually and more importantly, what are the things we go after together? and what are those priorities? as goldy said, i want to talk about modernization and how that relates to cybersecurity. it's a little bit of a chicken and egg kind of discussion. part of the reason i'm passionate about modernization and driving it quickly is the way that we become more secure. the way we protect our infrastructure is to have a modern infrastructure. and to not be looking at things

that were designed so many years ago the concepts of the basic concepts, like grant said, wasn't envisioned. so i would like to start with the audience participation. and especially in this darkroom where i can't see most of you. how many of you have actually read the national cyber strategy. the national cyber strategy or the d.o.d. cyber strategy. how many? how many have looked at the i.t. modernization goal and the president's management agenda. it includes all the focussed areas for cybersecurity. all right. how many of you need more coffee? i ask that because it's going to help me hit the high points. i want to get your attention around a couple of things.

we put it on paper and distributed it so you can be evangelists but that we're clear what our priorities are across all of those areas. what are our things that we're doing that we want to continue to do and for which, and, you know, i'm specifically to agencies and those inside the federal government for which agencies will be held accountable and we will report out every quarter. we're reporting more frequently along with our partners at dhs in the things we monitor. it's important every day. why is psycher part of the president's management agenda in the first goal around i.t. modernization? it's a couple of things. as we modernize the security, many of the security capabilities are built in. that's why we're pressing

aggressively to move to cloud. when you look at the threat factors. when you look at the threats and we have some agencies that are very -- that's one of the reasons we're pushing. that's an example. modern designs considers security as an integrated requirement. not an afterthought. some of the things that we're doing in cybersecurity is we're doing it around a system. not part of it. we're making significant investments in how we look at data. how we use data. how it's assessable. i'm going to talk later about how some of the policy enhancements we're doing are trying to put more security around who can get to what, why, and how that's used. our modern technical environments secure data in movement and actually help deliver on the same agenda that we're after. so it is central to how we address some of the basic walking and tackling of cyber.

and that is the president's management agenda goals and visions. it's to make them feel secure. and grant used another example i'm going to heart attack talk . i joined the federal government from one of the most highly regulated industries in the world, definitely in the united states. we have to be the examples and hold our bar to the same bar that we hold other industries to, as well. that's something i look at every day as i talk with agencies. as we continue to advance and look at the national cyber strategy, there are many things we're doing. there are many things that are new priorities and we'll be making shifts to address the priorities. i think we have to recognize

that many of the challenges actually give us new opportunities and we have to learn from these experiences. it's really been a great sign as i've watched many of the agencies embrace challenging ethical hackers. what they're saying is help me find what i'm not doing. help me improve faster. help me protect what i've been challenged to protect. in a manner that is more aggressive. maybe more creative. so as we work across the federal government to execute both the national cyber strategy and the i.t. modernization goal, my team is going to continue to adapt our approach to ensure that we're addressing the complex cyber challenges but we're also looking at what we're learning from agencies and what we're learning from others and what we're hearing from industries. this is a journey that is never done. we will continue to advance both

policies, and that's one of the things we're doing directly as well as how we measure success. so as priorities change, we're going to change how we're measuring. i'm going to hit a couple of things. specifically a couple of weeks ago we saw the national cloud smart strategy for comment. those of you it actually closes on the 24th. if you haven't taken a look at it, please do. we would love to hear your comments. we're revising other things for trusted internet connections. for how we look very closely working with dhs an how we look at high value assets and continue to make sure that we have all the right focus on keeping those secure. and one of the ones that is most interesting and challenging what we're doing with identity.

we're aspiring to do more with data and delivering more digital services and tools for managing identity and appropriate access become even more important. that's one of the politicians we're spending time on. i'm thrilled we have more than 500 comments coming back from probably many in this room and industry. giving perspectives on what that should look like. additionally, i'm pleased that we have lots of great tools, different ways, whether it's executive order, support from congress, other things like that that indicated the focus and the priority of cybersecurity. one of the exciting reasons i came to government is i thought the nexus was empowering. you have an administration that has a priority around

cybersecurity. you have lawmakers who are prioritizing and funding our investments, and you have agencies that are poised and have some of the best tools available and we're actually making real progress. that's the other reason i point back to the president's management agenda and ask what we're doing every quarter. we're making real progress across the agencies. i know you'll hear from chris later about some of the progress we've made with monitoring and connecting agencies into our enterprise risk management framework. and we're making lots of progress in the modernization. we still have to go faster and we have to continue the dialogue of how can we do better? are we prioritizing the right areas of risk? and advancing how we think about that risk framework. i want to close with one last point that is a critical part of the journey. as we modernize our

applications, and as we look at what our cyber journey looks like going forward, we have to make significant investments in our work force. you'll hear work force, work force, work force many times today. goldy opened up with it. we know across the industry that we don't have we don't have enough cyber professionals forecast. we can forecast there are areas where there are shortages. so we have multilayers of investments that we have to make to recruit, to retain, to reskill, and that's where for our federal employees. the other thing we have to do for our federal employees is ensure they have work force tools that they are used to. whether it's in another industry or, as they come through their educational process. if you want to be a modern cyber

hunter, you need the tools that go with that. if you want to deliver modern customer service, you need the tools to go with that. that's about what we do in our federal space. how we look more broadly across our nation and ensure that we're making investments in communities and apprenticeships and traditional colleges and in technical schools, in our early elementary education. for americans to be part of any type of work that have the significant technology

component. we did talk about earlier, you heard earlier that a lot of things when you look at the threat factors, again, that's one of those. any of you read the reports and we classify everything that we're working against. yes, there's many of the technology base but there are many that are behavior based. and behavior we address in a different way. that's also some of the focus. people, the disciplines we instill in people and the capabilities we build in people. the cyber agenda, the i.t. modernization agenda, and overall the service that we

deliver to american citizens because we want them to be confident that their data is secure. we want them to be confident in the services that are being provided, and we want them to be confident that we're using the data to drive good decisions and that's reliable, authoritative. i appreciate your investment here today. as goldy said, learn something, talk to someone new. i hope i tied together some of the things, some of the reasons of why modernization and cybersecurity are so closely knit and those conversations have to continue. i'm very excited when we have the cio counsel together because we focus on that set of priorities and ensure it's a top priority not just in the technical community but the leadership of the agencies. and the executive order this year with the relationship with the cios and the leaders of the

agencies. thank you for the opportunity. i hope everyone continues to be an evangelist and ambassador. have a fantastic day! ♪ >> let's give her another round of applause. thank you! [ applause ] that was awesome. i'm excited for our next speaker, as well. we're coming out of the gate with the best of the best, aren't we? so our next speaker is going to be talking a little bit about dhs cyber insights. he, again, knows a little something about that. he's the undersecretary for the national protection and program director at dhs. please put your hands together and give a warm welcome to

chris. [ applause ] >> thank you. good thing i have a clock up here. i have a flight to catch to new york in an hour. we are to go through this. i'm like zoolander. i can't nail a speech. i can't do it. so a year ago, i remember i was heading up to the hill or heading back from the hill from a hearing and it was the senate armed services cybersecurity committee. and i remember driving past the auditorium and seeing the sign. i'm going to be there. thank you for allowing me the

opportunity. dhs released a strategy earlier this year. there's been a whole host of others. the dhs strategy works around in identifying risks. that's an element i'll come back to a couple of times. the second is reduce vulnerabilities, the third is reduce threats. and the fourth is mitigate consequences. and the final is enable more effective cybersecurity ecosystem. what does that mean? let me tell you the way i think about dhs is to do that i like working through where we've been to get to where we are to where we're going. some of this is technical but a

lot is psychological, as well. let's go back to 1957. the russians launched "sputnik" into lower orbit beating the united states to space. not just in terms of the satellite up there but doing it quite a bit bigger than we would have done it. much heavier satellite than we were contemplating at the time. that did a couple of things. one, the realization where we had a technological advantage. what happened as a result -- we regained that technological advantage. that's technical. what was the psychological? in addition to the realization that we were, you know, weren't the big dog in the neighborhood. there was an undermining in confidence of a lot of almost

truism we had at the time. one is the geographic call business. we put the satellite in space and reach out and touch us in short order. that undermined that sanctity. fast forward to 2001 september 11. there was a highly coordinated

attack. once again we're caught in a position we were outstripped by our adversaries. it wasn't a nation state that said it was a terrorist threat. if you look back at the 9/11 commission, there was four failures. one was imagination. one was capabilities. capabilities was intelligence. we can coordinate the nation's efforts to counter attacks by terrorists. psychological impact is perhaps we're not thinking once again over here because the adversaries are using the structure against us. so the department of homeland security was established. my organization was established.

cybersecurity at the time was a small piece of the pie. and the stories i've heard in the development of the legislation was a bit of a fight on cybersecurity whether it deserved the role just in general given the understanding of the threat profile. that brings us forward to 2016. 2016 about this time last year, maybe a little bit earlier the russians attempted, in some cases, interfered with our presidential election. once again, we're in a position where we had intelligence, we're

trying to stitch together the response but we didn't have the relationships to effectively respond and defend, in particular, election infrastructure. the relationships we election officials, secretaries of state did not exist in 2016 and now. you'll hear later from that it's one of our cybersecurity experts and the election space on the panel later today. that brings us to the point of what do we do about it? so today the department of homeland security -- let me roll back one quick second. again, 2016 the election interference it was a gavel nicing moment. not just inside government but across the american people. prior to that, i think maybe, most in this room realize the significance. i think it dawned on the american people that perhaps

cybersecurity was not just intellectual property threat. it was not just cyber crime. it was not just pii. so today my organization stands on the cusp pending one last legislative action much like the department when it was stood up in 2003 to coordinate the nation's efforts to counter the terrorist threat. my organization would be responsible for leading and coordinating the nation's

efforts to defend against attacks today and secure against threats tomorrow. that's become the organizing concept. defending today and securing tomorrow. this summer we had an event in new york city. we had a host of private sector and governments. the same event the secretary announced the establishment, in effect, was an elevation of an organization. there was a degree. there was some questions about what we're trying to do here.

let's get it going. the concept here is consistent with defending today and securing tomorrow. we have to take advantage of the information and intelligence we have. as she was talking about protecting networks, getting better security partnerships within government. we have to do things to defend our networks. we also have to be thinking down the road of what the next infrastructure deployment looks

like. over the last year, we've issued a number of technical lists starti starting last summer. russian activities against critical infrastructure. we saw the targeting energy, aviation, construction, sent out a technical alert last year. followed it up with another one in the spring. it's important to realize these technical alerts are not fully by the federal government. we share it out with partners where they can light up where they see the additional information. that leads to a series of

technical alerts that build on prior work. to protect their networks in the hope ultimately that there's almost a full duplex of information sharing. we sent an alert out. what we want is get it back to us so we can build out the

campaign. that then leads into some of the activities that grant about the deterrence package. so we issued another one recently. this was a technical alert focussing on advanced persistent threat. conducting cyber espionage and intellectual property theft. using and exploiting service providers to jump in and out of customers. living off the land, scraping, bringing it back up. not just ioc and the adversary but the right conversations that organizations should be having with their service providers. their cloud providers as we

accelerate. we talk about the work on the networks. just yesterday was the anniversary of the operational direct as we issued on e-mail security and web security and team work. in my view, it's one of the most significant directives we issued. it was recognition of a direct threat and risk management posture across the federal government but we also recognize chief information security officers take alerts issued or operational directives issued by the federal government and dhs, in particular, and they use those to make organizational

decisions. we recognize that. we talk about the critical infrastructure partnership and what we're doing there. and the last thing, this is the space where i see we have the most opportunity in front of us now. particularly as we make this shift into the cybersecurity and infrastructure security agency. the brits do this well. i spent some time in london over the summer and was taken by how they communicate. how effectively bureaucratically with the general public. that's the space that i think dhs and my organization has in front of us. it's not necessarily it isn't part. but it's to get to that small and medium size. they don't necessarily have the full capabilities of the larger organizations.

so if we can communicate clearly at home, we'll be able to get that, as well. before i wrap up, one more reminder dhs is in the lead. we're not seeing activity now. it's closed on the direct election hacking. election infrastructure we're not seeing anything now along the lines of 2016. we're less than three weeks out, what does it mean? i have a paranoid dispositions anyway. so i continue to work through what can we do? i don't want to have another failure of intelligence. i don't want to have another failure of imagination. we're working aggressively right now with our partners and state and locals to work through what could an adversary do in a lead up to the midterm elections?

yes, the midterm is the big game. we've been working around the clock for over a year now with our state and local partners. we made significant progress. i have confidence that this election will be significantly more secure. most importantly more resilient than 2016. what can you do? go home today, check your voter registration. check to make sure you know where you're registered to vote, the precinct you'll vote at. make sure you understand the identifications requirements. know your rights as a voter. something always goes wrong on election day, whether it's weather, a car hitting a light pole and knocking out power to a precinct. something bad happens. election directors are risk managers. they have plans in place. make sure you know your rights. including provisional ballots.

if you have questions about elections, go to the secretary of state and the chief election officials office. validate, verify, go to the source. so with that, i got to catch a plane. thank you very much. >> let's give chris another round of applause. thank you so much.

>> i'm excited to announce our next presenter. give a warm welcome to eric. [ applause ] good morning. thank you for having me here. thank you for the opportunity. my name is eric and i've been with amazon for just shy of 11 years now. in my time, i've seen amazon ad aws double in size. i've watched the company evolve through massive scare and i learned things how scale systems interact. when i say scale, this is central to everything we do at

amazon. as an example here, say you've created something and it has a failure rate of one in a billion. most engineers would be proud to produce that. but at aws, we have quite a few services whose request rate is in excess of 1 trillion a year. that's a thousand times as large, which means that you're going to see about three failures a day. as a result of our scale, problems that most engineers would be able to ignore become common failures at amazon. we have larger technical challenges because of the scale. as an example here, most of these services, most of the servers at amazon -- so one of the jobs we have is to take it

and make it run. surely they have written the tools to solve the problem for us. when you have a small installation and one server you get the to be and plug it in and you have a running server. then you get to a hundred servers and you need to scale out the server or maybe you're in multiple sites now. your investment has gone up. you're around a thousand servers. you'll see weird failures.

you shift to investing in team of builders. so rather than accepting the software with the interfaces that it has as given to you and dealing with it, you own the problem deeper. but it is a fascinating problem because you're operating at scale and the period failures are happening. rather than a configuration file, our server is linked to our purchasing system so when it comes in, it figures out what that server should be. what kind of hardware it is.

whether or not we expect it on the network and all the things that happen from there. and you continue to have this probe and inefficiency and the reason this is critical is that building servers isn't what we do for a living. it's an impediment to our mission. and the core realization for me was rather than having engineers handling problems something breaks, you fix it. something breaks you fix it. you have a ticket cue and make sure you have the ticket cue. you send it to the builders and

they go and they make the problem not happen. they eliminate entire classes of problems. software doesn't have regressions unless you have new bugs, which we don't recommend. so the net result is rather than investing in line with the scale of your challenge, you get to invest in line with the derivative of the scale of your challenge. and that's a huge enabler. and this is not worth a lot of investment. it's not worth it for them to invest a team of builders. there's problems. there are challenges scattered across the industry. and they're all there. and it's going to invest a lot. you have a lot of small investments. a lot of small investments don't add up to a large investment. what we can do is factor out the

parts of the technical problems that are identical and coalesce them into one large service. and send a team of builders in to fix it. let's talk about a couple of examples of this as we've seen at amazon. this is a picture of a vpc, a virtual private cloud. it's a virtual network that aws offers to the customers. many of our customers need internet access in order to accomplish their mission. you're worried about bad actors. what are you going to do? so we have this challenge at

scale for all of our customers and it enables to invest and last year reinvent our conference in las vegas launch amazon guard tv. it's a 100% api driven defection system. -- detection system. and the getting started experience is magical. i work for aws. i'm supposed to tell your our services are awesome and you should take this all with a grain of salt but getting started experience for duty is incredible. it's a couple of clicks. you should dtry it out. there's a free trial. and the reason that we have it

we've been able to send so many teams of builders to solve problems for us. we have all data durable record of customer interactions with apis. vpc flow logs which is bite accurate unsampled net flow for every host in every v pc. we have our dnc logs. every customer using our vpc/dns infrastructure we have logging for every host. it's part of the underlying network infrastructure. we don't have the challenges traditional networks have. we have this brand of switch or firm ware, it's all vpc, all api driven and we can consistently and uniformly enable this data collection. that's raw data. these things customers can use them but you have to be able to use them. we built guard duet and to do

that we needed another team of builders. we needed a team of machine learning experts and security analysts who spend all day, every day, going in and coming up with new destructions for our customers and improving the detections we already have. this is a massive investment. it is far more than amazon could have afforded to spend on this problem before we had aws. now that we have aws and the cloud and all of these customers who bring their challenges to us, we've been able to centralize this problem and spend more on it han amazon was able to. in all honesty, guard duty is better than the internal tools we've built for ourselves over the years and we are actively in the process of turning off our internal tools in favor of guard duty. i'm very excited about this. this is a sample screen of the guard duty console. this is a customer having an artificially bad day, just so we can show all sofrtsz findings.

hopefully if you turn on guard duty your screen does not look like this. again, skmts entire effort that the customer put in to getting all of this value was a couple clicks and then wait for network behavior to trigger. so the scale here has enabled us to do amazing things, not just for ourselves but our customers. another example is internet of things security. i'm sure we've all read the news stories about light bulbs and things like that, an so the whole idea behind iot you have these things scattered across the world, may be light bulbs, thermostats, tractor, industrial robots. not all iot are customer based. the important thing is the internet, it has to be taking commands from some service over some network. the goal is not to just have this thing connected. you will have application using

that data, people that are making decisions based on that data, and for me the most sobering thing about iot is the fact that changes happen in the real world. i'm a software guy. like i turn ones into zeros and skis to ones and the fact that software i write is coupled to changes in the real world is sobering. what happens if by some means a malicious joins this network. you're going to feed bad data to the applications, to the people, but most importantly cause bad changes to happen in the real world. it may be simple economic loss. you buy too much fuel or your lights won't turn on or it may be something worse like an assembly line shuts down for weeks. we took the decision that if you're going to connect to the aws/iot service you will use good transport outlier security.

good, mot were tls. this was the right decision from a security perspective. setting a high bar and holding the industry to it. it's a challenging business decision because these things are made with the cheapest device possible and that's entirely reasonable. where you want to reduce your bill of materials cost to deliver to your customer at the lowest price, and so often these chips wouldn't have the horsepower, the hardware to do lts in timely fashion. this is something that your web browser does in the blink of an eye and you don't notice it happening. the other problem that we had was that the software stacks that these builders are building with, don't include these protocols. they're stripped down for the tiny micro controllers and who wants tls? the hardware can't support it. why would i have the software for it? again, we gathered together to diffuse technical challenges and

turn it into one problem and sent in teams of builders. last year at reinvent we were able to announce free artos, a real-time operating system, designed for interconnecting embedded devices with the cloud. this is available and you can use it with aws and it works great. it's available for free to anyone building internet of things devices. now we've got the free artos and this whole stack of software and services that work well together, and it makes it easier for device builders to build. it makes it easier for them to deliver whatever it is they need to deliver to their end customers to accomplish their mission. by the way, it also makes it more secure, easier to patch, easier to manage, all of theses additional benefits come. so because it makes their lives easier they're demanding support for the stack from the hardware manufacturers. we're starting to see a new generation of embedded systems

on chip devices that have crypto offload and accelerators to do internet of things securely at the right price points because the industry now has something to point to say, this what is i want to use. they may not want to use it for the security benefits, but if they're going to use it, they're going to get the security benefits. to tie this all together, as you grow you get to turn similar problems into the same problem. you get to factor out the pieces of all of these challenges that are the same and build them into a service, and that enables you to scale. when you can scale, that means you have to spend more, and typically spending more is a bad thing. you want to reduce your investment and make sure you're spending as much of your resources as possible. for us our engineers are our most constrained resource, especially our security engineers. it is hard to find talented, trained security talent, and so we go to great lengths to make

sure we get the most out of them that we can. that's where the teams of builders come in. when you hit that knee in the graph, your staff becomes disproportionately effective. you're getting more per engineer invested before. so this enables us to raise the tide across the industry. our customers are getting better service directly from us, but even people that aren't amazon's customers, even people that aren't customers of any of the large cloud providers benefiting from scale are seeing better hardware for iot, better options for building software. an example of how the industry cap follow to build securely. as i sit here and watch amazon and aws continue be to scale, i don't do so with trepidation. i'm excited for the next level of scale, the next order of magnitude, because it means more problems will hit the graph and it's going to enable us to do more interesting things for our customers.

thank you. [ applause ] ♪ let's give eric another round of applause. thank you, eric. i would like to welcome our next conversation, we're going to have a conversation on the cyber workforce. this is a big issue. one of the things that i think that we found at the news group is regardless of the conversations we have, whether they're federal -- >> cyber scoop is hosting a day-long conference with experts expected to address security and trends and live coverage will continue at 1:15 eastern and watch on-line at c-span.org and listen with the free c-span radio app.

while congress is on break for the midterm elections next month we're showing american history tv in proime time and tonight a conference on the american west hosted by the aspen institute. talking about the expansion after the louisiana purchase. kick carson and the impact westward expansion had on the civil war and slavery. american history tv in prime time begins at 8:00 p.m. eastern. on c-span this evening, 19 days before the midterm elections, pennsylvania congressman scott perry debates his democratic rival george scott. live coverage of the 10th congressional district debate gets underway at 7:00 eastern. on c-span 2 tonight, president trump campaigns in montana for republican senate candidate matt rosendale. watch live come on c-span 2,

on-line and with the free cnn radio app. the c-span network, your source for campaign 2018. this weekend, on american history tv on c-span 3, saturday at 10:00 p.m. eastern on "real america" the 1968 broadcast, "the nixon answer, southern town hall." >> i do not believe that nuclear bombs or nuclear weapons should be used in vietnam. i do not think they're necessary to be used in vietnam. i think nuclear weapons should be reserved only for what we hope will never come which i think great diplomacy and it will have to be great diplomacy that can't avoid, a confrontation with a nuclear power. >> sunday, we'll tour the baseball americana exhibit at the library of congress which include's baseball's magna carta, pre-civil war documents that spell out rules and organizations of the game. and at 8:00, on the presidency,

former president george w. bush, cokie roberts and friends, reflect on the life of former first lady barbara bush. >> she had this motto that you're going to be judged about the success of your life by your relationships with your family, your friends, your co-workers, and people you meet along the way. >> watch on american history tv, this weekend on c-span 3. up next, military officials discuss u.s. navy operations and combat readiness at the center for strategic and international studies. this is just over an hour. >> good morning, everyone. i'm kathleen hicks and direct the international security program here at csic and we're pleased to have you joining