but on the day today, i cannot thinking about policy the way i was at nsc were on the hill. when implementing it. we're talking about what we're doing to secure the asset. we are looking at red team reports. we are taught about working with laura and others across, talk of working with our private sector partners, trend among them pixel it is very much focused on what we are doing to reduce risk to the nation on day by day and hopefully also to drive better practices like secure by design is one of our big focus is right now. push resilience. we are doing not talking is what i would say. i don't mean that the talking. i love being at the nsc. it was a crazy time to be there. this is very different and exciting in whole different way. >> so this is a threat intel forum. let's talk about maybe get a threat update. cisa, it's charged with coordinating with industry,

critical infrastructure to identify and address current and emerging threats. what's big for you today? i know a number folks probably, probably are following the latest cyber trends. what's big for you? anything on the horizon that you maybe don't think it's getting the attention it may deserve? >> so you're listening to chris and darrin. there are two things i heard that it wanted to pick up on. kris talking about threats to critical infrastructure being very real today. this is no longer hypothetical and i'll talk a bit more about that. what darrin said about the partnership of government and among the private sector i was at symantec eight years running their government relations but also partnerships with other companies. that is a key piece of all of this. we are focusing on obviously the big four habit change, prc, russia, dprk, iran. different level of sophistication all becoming more

sophisticated, but the sad reality they don't have to be the sophisticated to be successful. that is the enduring problem. the thing that i thought about the most since i came is what you probably read about is multi-food, confirmed compromise by the prc of our critical infrastructure in a variety of sectors. ..

a generational issue but also getting back and they are so vulnerable. we cannot focus on that. >> collaboration is key. programs dedicated cyber, how are you looking to expand programs? what does it look like to you? >> we have a lot of programs to make sure they are medicating on the backend.

little bit of the busy time, we were not quite needed but russian response. we had the private sector and it

was brand-new then. i started getting calls and they wanted to talk to me about. i wanted to tell me what a disaster it was. i finally called back one who was a close friend and he had great surprise was, they were communicating and that is the work so that was the key part. you do well, we do well. what is a steady relationship?

what it means to be a partner. there's a lot there. the one thing i want to add, we set that up and halfway through books i know pretty well, where we in?

then what would it be? tell us what we are doing well, where we need to improve and help us get there. have a little time to get there.

in the context of intelligence, what is a good city state? i don't have a great answer the top, the government getting information and sharing it in the private sector in getting the information in getting value so that is the very highest level.

>> every party will be. the government to find them now so i would be that relationship as an easy one and get clearance and we knew what could share it was very easy to do. other organizations, cyclical my counterparts, we work playing

games so as a company with to reach out. >> great points did it comes up an authorization for next year. you have the guns and what you might work with. >> power in your shoes, i'd want to make sure it goes through. i'm knew enough, i can probably get away with this, when that was being considered, i did not

like it. i was worried it was authorizing and when it comes from i didn't want to put me in a worse place than i was. >> i remember having that conversation. what can we do to help you? >> brutal honesty and feedback. i don't mind being asked why being told we are not doing well. continue with the partnership and give us grace. things are very dynamic. things out like about, focus on resilience category too many

organizations prepare to have to keep their operations going. we should have a plan identifying and how we will do it. fifteen is the. we get it. a lot of times it is easy for a security professional to answer in a way they don't understand. how are we going to keep running at the computers go down? the last thing, work with us for

ways to drive security. i don't like saying the market has failed but the market has proven it is not driving by design what we need. this model was described is not so as we explore ways to get into your product, work with us and understand the why. >> not going be acronym.

the thoughts and harmonization. i have to be careful because it is close to. what i can say about that, i got the report and i was like i don't want to read this, is probably going to be boring so they did an excellent job of turning away forward but i don't think i could go to deeper except policy did an excellent job and i believe the second to address this and focus on what

we know is an issue both within the u.s. and international and really understand the environmental. >> finish were restarted so 2025 kenya 2024 -- 25. the capacity for criminal actors have national input canola core security in the collection of risk or the colonial pipeline and they have a significant

ability in our economy and new cycle. resilience is psychological. we need to understand we are going to tell people. crisis. significant public reaction.

>> please join me again vice president for national security and integration center will. >> thanks for that interesting discussion, did you ever work?

who worked throughout the career? i used to think all roads lead back in one way shape or form. thank you for coming. i want to share an anecdote how we met biggest a good example how government and the private sector build a relationship so i reached out to you nine or ten months ago with a specific question and i wasn't sure what i would get back to you said coming and let's check.

working together identifying engagement and that was in formal action will. we talked about public-private direction, the bedrock is relationship and trust. cyber intelligence the emerging growth funds chamber for this

one. laying the current start the landscape. the partnership here, i want to say the scaling factor in a relationship and thinking so engage these relationships so is what makes well the theme there,

we take a little back i think you like to terms of his friends and he on so will understanding how one will work cyber there and 2008 to 2010 cyber has became the national he from the defense industrial base energy and there intellectual property

shift to find actors and their enterprises and you see the same products they've put years and years and and they are showing up and putting together the chinese military and its how the discipline occurred cyber security companies and we are on the forefront in a doesn't feel

like they can go on with business and that shift about interventional property in the first gravity and the importance to explain who is behind this and you can explain how and partner so that origin in a lot of ways the understanding would change that. neither peace was one that's going on is familiar the

beginning with it was russian military or other countries so economic and foreign intelligence in the criminal activity and grip big criminal offense. the credit card transaction and the cyber attacks i would take them 30s or a physical effect

couple different ways and they took it out work operations transactions ukraine this month november and they are the reason behind my organization. the land we are in now is populated by random attack them

through non- operative level. we have structured and then this discussion we are having. >> years ago there were reports of russian intelligence services were compromising the energy sector and hearing that the chinese for construction think that in future so when we couple that may or may not be those

actors and even if you can't attribute it the disruption. >> have showing critical infrastructure or pre-positioned access six or a larger set structure of the key to being able to respond starts with understanding gravity and that

requires an intelligent from the private sector whether the network compromised our company collecting intelligence security or enterprise product it will get into what those actors are going not only are we we have attracted over time and military operations going on in the the critical infrastructure. it's not just companies to put together intelligence offerings,

it's companies getting visibility the other types of systems people on the front lines of understanding of where these attacks are. some of these manufacturers and the devices on the edge are to understand how cyber attacks happen much access they might have that information together. we have to take it the psaki of after we understand what's going on different protections to

expose this activity for the company out of the department of treasury. seen a lot of takedown from the partnership and law enforcement across the world and the criminals to sort and the infrastructure online that they are using is for the law enforcement is so good. if you're able to take the was only to slow down the operation so the u.s. government

authorities are being put to character. >> and we support using all elements pushback create deterrence. for example -- when you look at ransomware actors for technical capabilities when i look at this and think back you have an organization on the board terrorist organization, all times we first before close here at colossal guido on the money is being moved, we don't know who's helping them the inescapably smart and they know people are one of the relationships then you look at

how do we get it? we run you allow them to collapse on their own will is there a little for that type of approach whether they are commercial or may have relationships? >> i like that you get that network the counterterrorism. one is the follow the money aspect. the change healthcare february impacted one in three americans. these are not drops in the bucket.

they are really smart and able to go on those own abilities and bring them in on these opportunities and go after. soleimani piece

>> the people typically that are moving their money, they don't like to get their hands dirty. it becomes difficult for them to travel or if they are worried that maybe if they do travel they will get arrested, that weighs on people. it also slows the gears. we are coming up on time. we have a few more minutes. but i want to ask, how can the private sector help? >> let's focus on the attacks to answer that. you're right people that talk about the money but the other piece here is the attack surface. of the most digitally connected country on the planet.

easier we are able to control, the more open and supported in the more opportunities lie for actors to get out so when you think about what that looks like, what is really concerning across-the-board, you increasingly have operators, you now have for you need to operate in physical security issues. you will want able to get out on your own to check if the alarms have, u.s. products are making smarter and making them possible how do we find the right center of gravity?

it's a good group of systems was not about operator. should that connection have been connected? is not up to the person to get out and control the water for cybersecurity. how do we push that question to the right company, manufacturer for those who are getting smarter and smarter? the legality is always in the details so many of the major attacks and operations we see start with basics and blocking

and tackling and looking at the cybersecurity advisory that came out the says name the vulnerability. it is the open systems were the big attacks come from. >> lofty policy to patty. i think that's a good what your team to think the work you're doing in the government is admirable. [laughter]

>> you going to get into our first presentation. >> personal way to start off the graphics i created so let's

start off, what is a.i.? let's start off where the bad guys right now this image is from an underground several criminal force and this person is advertising a check to bt that will write the code. we have not seen a.i. right fully functioning malware but you can use some of a.i. to

create tools and make revenue so they are going to assist with their tools. this from a russian cyber criminal way to pay someone advertising to add features adding to their os. this is a software called. it might be a fun little project

a lot of criminal abuse. it went commercial in june of 2023 and the advertisement for enclosed it in august of 2023 started with 100 euros a month and here's an image i would be to and it was for this cyber criminals are for service it's not the same asking it is

possible to do rightly a code. we'll come back and say am sorry to ask help right fingerprint for your antivirus provide an example of code i could use it? another creative way of what he a.i. to have a smart home this case u.s. and you open the front door? you explain the doors?

the one that is fact that advertising user version, it will be on center and do whatever you want with it. we see cyber criminals you it a.i. and this one is from a russian site. ten dollars to $400 this particular group close elon musk

you can see it really does look like elon musk. we also see cyber criminals use i -- ai for impsotions. he said he received a zoom invitaonor a meeting he did not create. apparently there were several zo meetings created with his likeliness and several scammers created these om calls to convince people to invest money in crypto with him. so we are also seeing deepfake audio. this occurred in 2019 where an audio sounded like the ceo and

was convincing someone to wire $243,000, which they did. it was very convincing on the phone. this is from 2019 and what we see now is we are using videos and in 2024 there is a mul person video conference wher everyone was fake except one person. in this one, they were able to get $25 million out of it. we are also seeing virtual kidnappi using ai to clown -- clone the voice. i have a personal experience with this. i was in uber two years ago when the uber said we are taking a detour, we are headed to the bank. he explained he had received a phone call saying his daughter was kidnapped. i started asking questions because it was odd. while i was in the car he

received a what's up phone call and i started asking why is it from a foreign number when you have a local number, we pulled over to the side to make sure his daughter was actually safe and then continued the ride but the uber driver continued taking phone calls out of curiosity because he wanted to know why scammers were doing this. during the phone call that continued, they went from $50,000 to $5,000 at the end and then eventually gave up calling. we also see bad guys using photos or videos of you from social media site and tu them to elicit or compromising type os and then try to convince you to p ranm to not send it to your boss or family members. in some places this has caused suicide in some cases. create verification services.

there are services that require yourself holding your id nex you. the picture you see right here, this person does not exist and neither does the id and there are services that can do these things for you. you can pay $70 to create a financed european account and they can do evng for you or you can pay $100, 2lars to create a picture like this for other type of services that quire this. in d.c., there are some cannabis shopshat require people to take pictures of themselves holding their id. let's talk about some of the ugly things. some ridiculous ideas that existed and then we will get more into the threat's this happens to be a toilet that

stanford created. the idea is that everyone has a unique angle print and this was supposed to determine if you had any type of diseases and because we each have our own prince you can determine who was using the toilet in your household. you can imagine having a camera there. a ridiculous idea. another was the human ai pin. the project did not work like people expected and it was ridiculous to wear a pin and placed your phone, the idea that it would cost $699 with a $24 per month fee and it had really bad reviews and did not work even though $241 million was poured into the project.

one ai threat is it has a new foundational system interface. think about your os being your personal assistant and do anything you want for you typing or using your keyboard or mouse. someone could target your os ai in this case. another threat is the foundation model. a lot of l.a. times are foundation but you can get a supply chain threat similar to the one in april where someone can come in and change some code and it will take a while for people to find out. then there is the threat of twin spearfishing. this is a robotics professor in japan where he created a robot that looks just like him and has

all his mannerisms so the idea of additional twin is ai you could teach your mannerisms, your life, and be able to use it to target people so if your friends know you like to put smiley faces at the end though you have some type of jokes, when they see the spearfishing attack it would be more convincing than some we see now that you automatically know are fake. another threat would be a digital assistant. what if in the future we have multiple it digital assistants helping you out. like a travel agent working with your bank. that is two digital assistants talking to each other. what if you could attack one and compromise? then one is disinformation using ai for this. we already know we can create

videos and audio and be able to influence different countries and things like politics and elections. so let's talk about some of the good things about ai. we can talk about digital assistants, they will eventually help people with disabilities and people who do not have time to do things. it will be able to save our and help people out. it is also helping track climate change. ai is being used to track for nice -- thin ice and some climate change. we are using it to protect wild diversity so instead of bothering mountain lions we are able to use ai to detect their faces. we are already seeing this an individualized education.

instead of taking a course everyone takes, what if it change depending on how you learn? think about a course that if you want to be challenged it could be faster, it could generate different content or if you need more tutoring, this could help you. we are also seeing ai help content creators. it sounds like a great idea of anyone can create video and music or text and use ai for. but you will never get something as iconic as the picture you see because you still need that artistic soul to create sothing really good in the future. we also see ai used for medical improvement. this is proteins. it takes a ph students 45 years to discover one protein and there ar about 200 million proteinsut there. google had an ai projects of

this and it took one year to discover the 200 million proteins. in conclusion, what is the good about ai, it will bring change. we are pouring so much money into this and there will be a lot of change and hopefully it will all be in the future of positive. thank you. [applause] >> wonderful. thank you so much, that was fascinating. moving on to the next panel discussion, the director of office of cyber security and emergency response of the u.s. department of energy, pat ford that cybersecurity vice president for schneider north america and grant schreiter,

welcome to the stage right in the middle. everyone has a microphone. we are off and running. thank you, gentlemen. >> thank you very much. can everyone hear us? you are not ai bots? ok. i found that conversation really interesting on what occurred to me during it, did anyone here know anyone who was a little nervous about ai, scared of how it will impact their job or take their job? do you think any cyber criminals are worried about how ai might take their job away? certainly i think for them it is about the opportunities that will be there, which i think is a little scary for us but there are a lot of things we need to do to try to be able to counter that. super excited to have this conversation. joined here with my fellow

panelists, thank you guys for taking the time. one of the things i want to talk a little bit about is whenever we talk about threats and cyber threats, it often comes back to critical infrastructure. what are the threats to critical infrastructure? when i think about critical infrastructure, we can talk about the 16 sectors identified, but not a foundational level, water and energy to meet are at the bottom of the pyramid because if you have ever been in your house and your power is out , if it was this week he would be very frustrated do not have air conditioning. i think it is even worse but more rare that your water is out. we have seen threats and targeting against the energy sector for years. certainly with the russian war

in ukraine we have seen, laura talked about we have seen actual disruption. we have reasons to believe there are preparations taking place in that space and as i think everyone here knows, tmajority s owned and operated by the private sector. using tools created by the private sector and generated by the private sector so the government has a unique role here and i would like you to talk a little bit about your role and your organization, because i always have to look. energy office of the cybersecurity, energy security, and emergency response which are three interesting yet slightly distinct areas. people think of you as the cyber office but it is broader than that. if you can talk a little about your office and how you are working with industry on what your role is to help add

security to the space. >> absolutely and first of all, thank you to the chamber for hosting us. it really was a great list of speakers, glad to hear laura and jeff were here and you will hear more later on by fbi and others so it is a really important conversation right now and important for the reasons of intelligence, but also from the energy sector as you alluded to, the sector has changed rapidly. of all the sectors, not only is it one of the most critical, i am biased obviously but the reality is without energy, you do not have an economy. without energy, you do not have national security or the other 15 sectors so it is critical in a way that is unlike other sectors except maybe water. so i could not agree more with that. that is where our office comes in. my office, cybersecurity, energy

security, and cyber emergency response, it's a long name so we shorten it to caesar. we spend a lot of time on cyber. we also look at climate-based risk and physical threats to energy infrastructure. solar flares which we just saw in the news a few weeks ago. we take the all hazards approach to think about energy and at the end of the day my role as the sector risk management agency for energy, i just want to ensure we have electricity in our homes and gasoline and petroleum products available when we need them to power our homes and businesses. at the end of the day, that is what i am concerned about. whether it is the result of a cyber attack, or a physical attack on a pump station, we have to make sure we have

hardened infrastructure in light of the growing risks to that sector and that is what we are focused on. we do it through policies and research development and we also respond during an emergency like we did for the colombian -- colonial pipeline cyber ransom attack. that is what we are squarely focused on in the department of energy, working with other departments and also our colleagues at dhs, cisa, fbi, intelligence community and the important partnership with the private sector, a critical partnership we've had for years. we did it because of hurricane response on wildfire response and we built those strong relationships and i think what helps us as we are not a regulator. we have an independent regulatory agency that is separate from us. so sectors partner with us to a address these emerging risks.

>> and the private sector, you are equally focused on resiliency both internally and for your customers. how does that resonate with you and how have you seen the department of energy office working with private >> i don't think this is unique to schneider. we are happy to partner -- and thank you to the chamber for having me today. especially the energy sector, we have some of the most mature organizations we work with. the customers, the energy sector, dealing with the energy -- transmission energy generation. the energy sector is probably the most mature out of all the critical infrastructure. when they challenge us, we

partner and they challenge us, it is a gift. us and our customers notify a product isn't operating. there is that trust back and forth we need to develop. >> obviously, that partnership is critical. jeff green talked about -- and darren -- this is a team sport. is needing to work together. we are talking about threats, what you see that is uniquely

targeting the energy sector? in the organization has a role. ... >> we have to make sure we are

tackling the greatest risks. what are we seeing? the reality is we are continuing to see very basic cyber threats from pro-russian activist activity. we are seeing ransomware activity, particularly the under resourced companies. the small companies that are electric utilities or water systems even. we continue to see a lot of the small companies being challenged because they don't have the resources to protect our networks. that is maybe where our role in government to provide those resources, that funding so we can get it up to a higher level than the ransomware actors. we are not asking for them to be tackling a china. at a minimum, if this is where they have gone, we need those same companies to go here. at least there. >> at least be able to defend

against the basics. >> exactly. that is default passwords. multifactor authentication -- that is some of the basics. we are still seeing the smaller resource companies. we are also seeing nascent state g nationstate. that is from the p.r.c. where we are seeing significant, sagged -- sophisticated targeting and energy is one of those pieces of infrastructure. that havoc targeting is not necessarily your default passwords. it is not even your malware. it is so sophisticated that it is knowing the engineering of how systems are designed and manipulating normal functions to be able to get in and out of systems.

that is the level of sophistication that it has gone to. you don't have to drop malware we can detect physically. if you cannot detect it, you might not be able to see the adversary. being able to get in there quietly, get in there and come back out, that is the level of sophistication. for the reality, it is focused on getting them to the basics for some of the larger memorial critical companies like our partners at schneider. we want to work with them on the sophisticated threats that are targeting energy systems so we can really work with them in collaboration to detect them and address those threats and build the systems and security. >> what do you -- as you mentioned earlier, you have a relationship with some of your customers where they have to inform you of threats. you clearly are able to gather

and have an interesting perspective of what's happening around the globe. how are you seeing energy threats evolve? more people that have not done their patching or is it sophisticated? or spread across that spectrum? >> they take the effort and learn a device and for instance with try ton back in 2017 when they went out to oil and gas safety systems and they one of the most secured devices out there and we worked with the u.s. government to do that. the other side of that is the volume of threats.

the collegiums great and don't need to be a nation state actor to cause a i lot of damage. you can be a novice and get lucky because it's our worst security days are getting lucky and we are not. the threat actor has not to be over sophisticated but they can caught a lot of damage and destroy the confidence of customers and their vendors. think that's the greatest advantage and typically beside finances, you can always al cue late that and confidence and trust between customers and vendors and ecosystem of companies working together.

can't calculate that. >> what can we do weather on industry or things that the government can do to help from the trust standpoint? >> i'll give you a quick plug and one thing i like about your new principles and talking about transparency and trust. to me that's the most vital thing anybody in the room can do. that is it was a ransomware

seventh i gave a briefing at the beginning and they were calling asking for discussions and gave a briefings and 5 minute briefing or 10 minute briefing and day three briefing was a bit more informed or less informed than day ten. i said, i'm giving you the briefing i never get and take this back and it's very similar and be you can do your work and

fbi can do their work and we have incidents and i work with the fbi, i'm u.s. and i'm the americas and i don't play our relationship exactly all over the world and when i talk to law enforcement and not everybody calls us and in that case, it's the background. going for them back to the people that can do something about it. i can't do anything about the private insurance. but you can help protect the other operate torrs and the critical infrastructure and more than energy and sharing a wide belief of system. that's our give back and obligation of what we consider.

right after that attack and didn't go back and say we'll tell you what happened. you went up and said how the attackers and nation state attackers got into the system and we cannot only help the rest of the industrial community system going with that and you're very transparent and i know from talking to a lot of big electric utilities, oil and natural gas companies, they appreciate it.

>> you had stuff on your site for a long time and how you think cybersecurity and as a community, we all need to do more. jot more mature the organizations are and the better security culture they have, the more they're gone that be willing to do that. starting with executives and starts with them to understand that he was sharing him in the face.

>> talk a little more granular and that type of information and going with what type of information are you looking for to be able to help prevent the next victim and so it's broad and adversary going with them. and looking at it's the entire

gamut of potential fiber attacks and it's the situation to look at when we had snyder but other manufacturers come to us proactively and say we're tracting in activity and always the hardest ones to note.

they all bring their own expertise and we bring our own and that make it is a good model on the capability system and it's looking at cybersecurity firm and a broad critical infrastructure and bring in energy expertise. if it's not snyder, how do they become aware if not reported to you with the fbi on it.

not looking to out information and going to pick it up and attacking our system and that's not helpful. how do we do it in a way and we don't know adversaries know about it and it's always a balancing act and we need to get information out and take advantage and it's about it and learning about vulnerability and going for this one and enough information out and going to continue to work towards the patch that's never easy in ot environments and this is a conversation that we like to have.

we'll work with the manufacturer to disclose on that on vulnerability disclosure. and >> helpful for you and manufacturer and owner operator and there's some things that we talk about what to do in the personal lives around passwords and security and there's a lot of security features and a lot of tools that may or may not be that's the developer >> it's the

program going to have the test product and critical infrastructure of the energy sector and we learn more about the product and we get to going for things with the lab going to understand where they're coming from and the point is take it and take the equipment and the software with it andit's the

sharing of information.

the question is given the threats and environment, how do we shorten my mind between things coming in or being reported or being shared and they can prepare. once it's exploited once, the other actors will learn about it. >> that's any problem with the actors and the threat actors today are different than the threat actors 20 years ago. >> the moral ones.

>> there's no consciousness and going for that and i view this analogy and might be something wrong with it pretty quick. there's a consequence and deterrence and the one thing and depth between resident and can reward has gotten greater over the years for the threat actors. i can't buy another tool or get intelligence any faster and reduce that threat. there's two ways of doing it and take away the threat surface. working on devices that are successful to the internet and

doing this program globally and it's in the united states being very successful working persistently and identifying who the actors are and notifying them, hey, you've got this piece of equipment. based on internet, you might want to remediate. that program is underway and other side is i heart christine mention and mentioning in the previous deterrence. the minds that can learn to exploit that and have no conscious to their benefit and up against a really tough adversary and doesn't even include the nation state actors and that's the offices that

we're after them and we'ring working with law enforcement and the senses guidelines need to be changed in my view. 55 million victims is that part of the calculation anymore. it should be. the dollar cost asks needs a consequence for that. that's my view and soap box for that, but we've got to do more in deterrence. one thing we released is

proactive vulnerability and disclosures and management and we have to take a step with and it sector for a very long time has had vulnerability management and is it perfect? it's never perfect but it is pretty mature. that's what we need to do and how we're thinking about the typhoons is it can't just be to build our system and it's going to ensure they operation and engineer our system and engineer backgrounds and power systems there and i was together to design engineering systems and d

substations and adversary won't think they have impact they think. we need to be doing a lot more in a lot of different areas. talk a bit about those and target audience for that is and what you want them to do with it. >> totally. so we have been working on this for well over a decade and not amusing to us and helping the ukrainians after the 2015, 2016 cyber attack. we went there with our

colleagues to help them really do the forensics back then when russia first had started doing cyber attacks on their electric grid and taking out power because of that distribution one year and we had the program and understanding the complex ot cyber threat and so how do we raise the bar and lots of good standards and there's frame work and a lot of good stuff out there. how do we set expectations commonly set in terms of comply chain security. in partnership with our manufacturers to say some of these manufacturers like snyder are leading in this space and

how do we bring the rest of the community along and we work really hard to actually set supply chain security principles and the interesting thing that came through the process is the question of who does this supply to and certainly snyder ceos and other ceos and semens all publicly -- siemens coming out saying that's great and that's only half of the story. the only half is being secure by design but by operation much the operation of the role of owners and operate torrs and so while we're doing a lot of work of manufacturers to really think about how do you instill these principles into the business practices and design processes.

>> endorsement and and offer as opportunity of engagement between the suppliers and there's a relationship that has to be established and it's a two way street. opening the transparency and i love the transparency and trust portions of your principles because it's foundational to security if you ask me. that relationship we can do with enhancement.

no one is going to confuse me for a regulatory dream and we're out there and it's going to contuse me and not sitting on that but i'll tell you about partnerships and tell you about trust. i will tell you about preparedness and about being effective as a leader.

>> the fact of voluntary nation and we haven't gotten to where we need to be and this administration has certainly they also done, you've got principles and we have it's going with this and a retail requirement and certainly raising awareness and what we wanted to do and working together and all working together and going with these and from outside perspectives and and >> this is from a

tremendous line and thinking about secure by design. background and partnership we have and really wanted to focus in and looking at the supply chain and going for this and it's going if that and it's going to point to other thins that companies will do and 66443 and many factors are global manufacturers and thinking about in the united states and globally and so we're working

and thinking about this and think broadly and you have to start to connect the dots and you have to say very intentionally this is the line for this and there's going on there and secure by design and secure by operation and for a long time, that was not the case. we're trying to lift up everybody to do more and foy customerring on more and design software and end users and going to keep all of it really important right now and we

certainly this coming from the focus on the line and we should be doing that and it's all really thinking about the secure by design and really together and rap sheet partnering with this to release a paper in a couple of weeks and the consistency and both u.s. government and going one or two more questions.

>> hi, the artificial intelligence going for the impact of the good and bad you're seeing with ai and energy space. very good question. artificial intelligence risks and benefits. we're seeing more market players coming in and to be able to ensure that our electric grid in the united states continues to be a reliable electric grid across the world and we'll need ai to make sure we can dispatch

energy from here to there and ai can be used for nefarious purposes and poison large models and conduct more sophisticated cyber attacks and my take is we have to be focused orthian and the security portion of the office is focused on and i work with my other colleagues in department of energy and making more sticking together and do it with eyes wide open and speaking

from security mindset that takes into account where ai is today and we're going for the future. >> anything on how you're going to the opportunity side. the president using it and going for the security perspective and responding sooner back to early stages and going for the good side and we haven't seen all the bad and i hope we don't.

i hope we're able to win that battle because that's a big battle. >> it's not going away. >> not going to go away. >> we'll have to deal with it. >> get business cards before you leave. next time, we're all in this together. this is the community. >> not just your business card. >> i don't have any on me so you're not getting any. going for the government and the citizens of the world are better because of and he shall the

critical power and it's engrained in the cyber people in the organization and it's engrained in the professionals and in the engineers that are designing and my ask for this community is we really need to be talking to everybody and making join me for thanking or guests for being here today. >> one more, two more sessions before lunch so hang on, you're almost there. delighted to welcome deputy assistant director for cyber

policy and fbi cyber division and john clay, vice president for trend intelligence at trend micro to the last fire side. >> assisting victims and experiencing something but also preventing others from bye bye bying victims in the future and that includes imposing costs on cyber adversaries so they aren't able to conduct these malicious attacks.

>> going to have more incidents of targeting the operational technology low level cyber

actors who are looking across the internet and trying to find something. they can target. people that haven't changed default passwords from 11111 or the like and they want to get onto those types of those machines so they can say they got onto them.

it's really a roxy tool as well as tools that are native to windows environment and i'll unpack that just a bit. these actors are how they're able to move laterally across the system and identify and actually get onto network that even the >> a motive of

education and monetary and espionage, it's educating yourself how to get into ot net works and seeing these adversaries and get 24 and do things and figure out what they can do and access and leave and wipe all their tracks and gets very difficult for a lot of these ot and critical infrastructure organizations to understand if somebody is in there or not. what do you think they should be looking at in terms of maybe identifying going for them to be expensive end point monitoring or other type of tools on the system that somebody has left the company. and log in and it weren't being monitored it appropriately and

they're going to say this doesn't look right and it hay not look right. it's taken us teams of intense experts several agencies that have that necessary and if you expect to not figure it out. bringing in people with that expertise really helped drill down what's happening and these are so sophisticated and we want to be able to be there for victims and going to direct them to a line of work and managing them. going for years and it's going

to force the takedown and lab hosts that are fishing as a service and this is the a lot of collaboration that has to be there and keep things safe and what's the fbi doing to promote lab rich and collaborative environment. collaboration and receive and give information and keeping networks safe and giving more cyber differents is there's so much more intelligence sitting in the private sector and not something we're getting from the sensitive sources. then there's the other side of either assisting victims or preventing earlier points and really what that looks like is

avictim might deploy tech any cam team on site if we're invited to look across the network impactful focus on one because we'll get to the other and being able to share information as quickly as we can and as many as much as we can and put into useful information out in the public and not able to help predict others and in

the future and working through private sectors and taking all that in and putting out in a period offed a veer vise reigns leadings and also some really interesting we have a group in huntsville and they're in the download and they're with some of their trafficking on the flow and then everybody gets together and reviews it and not getting to the fbi or one company with each other. not necessarily something that

can go across the whole u.s. and that's okay. there's other things that works well in other agencies well and making sure we're helping to educate and each other >> yeah, one of the big ones is if it's an organization that gets breached or has ran some ware and agency contact numbers and

we'll go out to the company and give those de-crip torrs and there's others where there's numbers and we have to 34567 those number withs the number that might be on a ransom note or something else on a system and we can't do that without somebody cometology us and matching that up. we've provided companies over 900 encryptors. >> the healthcare industry and financial industry and saw colonial pipeline and seeps there's a shift towards more disruptive attacks.

in nations that we are going after. making it harder and more for cyber adversaries and going for the actors either on a temporary or more permanent basis and both of those are important. and a temporary and we go and conduct an operation that takes down adversaries infrastructure and they're using to save their operations from.

chinese have gotten under those and using those and going three or four months and it's three or four months of release. that's three or four months of victim -- of companies not being victimized and targeted and we get to continue to do those types of operations over and over again and has a really great impact. in addition, i think people would be surprised at how often we're able to put cyber criminals in jail cells. going for the rest and it's going to be proactive about the

encryptors taken down infrastructure in the private sector ask across the inner agency and having that outside impact is there anything >> it's in a way to conduct elections or campaign structures and the side and organizations can do and limbed from hi end and for that,

providing information and ensuring that we have certain operational plans and that is going for that and flat configuration across the nation and i would say it's very consist with what we've seen in most past election cycles and we've been transparent about that and put it out for the public in the form of reports and that's including election offices or offices and you mighe same types of phishing or the like that other -- and actually probably to a lesser extent that other offices experience and nation state side seeing in s

the past with the threats. or the threat of minimal low level types of compromises being taken and lied about in the infrastructure and working elections for many, many years and election officials are some of the very best and they're ensuring they're communicating with us and talking with us so i think what we've always promised is we can't say they'll be the most secure or what we can say and promise transparency and what we see ensuring that we're protecting and working with entities that may be experiencing things.

generative ai being used by actor asks it's really interesting and right now in my -- it's my belief that service security benefits of ai are outwaying any threats from adversaries and that doesn't mean we're not looking at ask adversaries aren't using that and in particular, probably be more efficient and having business process gains. ability to check code and error and the like. deep fake site, what's really important for everybody to take away is that we do see cyber criminals using these to either socially enengineer companies or going for the type of efforts and fraud.

doing a deep fake and it's going to contact employees and you're getting the information necessary to conduct an intrusion and more often wire this money here or there. it's not evident if your boss calls on a video call and making sure that you're protected and your companies are protected is a new avenue for us. any last last thought s? >> no relationship with the sbil office and get the phone number

of person you might call in your phone and talk to them and you might need con the conversation. >> cynthia, thank you very much for taking time out of your very busy day. everybody thank, cynthia. [ applause ]. >> thanks, john. thanks, cynthia. really appreciate you being here with us this morning. for our last presentation, delighted to welcome david technical strategist for federal sector for our closing keynote. welcome.

going for the security deal and trend micro and sort of to press the need for a shift and not so much just a bunch of data base and going for them and getting actionable threat and one thing to tell someone your house is -- a room in your house is on fire and a big hose to help put it out. very different to say there's someone walking down the street with a torch that's a flame and headed towards your place and give that kind of preemptive information so that companies could take action against those threats well in advance.

but the fastest way to find out is through threaten intelligence and since this time last year, i have very little staff and so many things that i have to get them to do and being time to get through all these things and they don't have the necessary skill sets and they have to even manage these complex or confusing products you're trying to sell them and they have complex and confusing products and don't need more of that. they need more service and they need more personal touch.

that ask has been very consist and happy to report that trend micro has listened and we've shifted our focus from mostly selling an elaborate product to more of a service model and our coo recently stated that this is the way we are going to go that cybersecurity services specifically threatening intelligence are really going to be the shift that we need to help our customers in a new way and to prevent these kinds of threats. and it goes to answer the same kinds of questions that we've been asked to help with, which is who's coming after me? why are they interested in what i have? what are they after? what we heard a lot talk about vulnerability today and what are the vulnerables that they're

taking advantage of where very well evidence of infection pastramid yet and not done and what differences do i need to put up to help me prevent these kinds of ait cans and what -- attacks and look for and help me defend. now there's a lot of ways that agencies and different entity haves gone about this and one of the more popular is trying to get as many threat feeds as they can. collect from different sours and integrate them in and could be a very taxing job all on its own and full-time position to try and organize all of those feeds and understood what's in each of them, where is there overlap? where's there are duplication and why trend mike crow in this

space is very simple and interesting that we have this capability and have sort of been in a shadows with it for a long time. if there is a core capability in a trend micro and this is it. it's almost 40 years at this point for intelligence going to have the global ability and going for the edis and calling to be familiar pontoon competition and global researchers from around the world come in and demonstrate their exploits of vulnerabilities. we do the responsible thing and we tell the affected vendor and four monarchies to come up with a patch or maybe you do nothing but after that four months clock runs out, we're going to publicly disclose this vulnerability.

... just to tell you what's going on college and brought this moment can get through myself we will

that assess you api and we will stop and include things most needed typically understand why there is targeted and leading to show up. one of the new vulnerabilities

euros you because. which actors are waiting use? they actually targeting me? as long a large uptick a lot of the infrastructure of being attack. how do i defend myself? should i be looking for? likely are they to exploit flex exposed to the world which i shouldn't have done and connecting those back so there

is a clear and where the lights are coming on, he want to be far left as possible. the information about the actor files in their industry they are targeting and what tools they use and what you might stop the as potential signs in their? being able to a search for more ability and malware, all of those things to help so that there is a brand-new threat, the first thing is to put that on their any indicators that it is running around.

bring in the a.i. and there is new a.i. capability and the website and pull out the url and any ioc's and using a.i. that is positive to help so that is a quick update where we are. i want to mention we have an a.i. summit at the event that i want to hammer home a lot of what you heard today private that i may be at the same table

is karen from start but i don't see her husband -- her. we both like you see you have to figure out a way so our platform to bolster flushes take advantage of solutions and help the customer a better way so we can push permission a competitor so this is what it's all about getting together and talking to each other and figuring out a way to collaborate.

not believe that bringing out the best in each other our customers real threats of settling against each other, the threat coming in that there is one more thing -- sorry, i just always wanted to do that but there is one thing so with this from we have a unique challenge which is our sovereignty moving

everything on premise and capability on purpose and everything had using software think so push forward initiative were sorrowing and private, this is going to be hugely ripple for customers that need to sit on premise and other requirements heill and we are bringing the entire ecosystem and everybody

else so i encourage you if that is of interest and i will close with that message again industry is to the weapons show up, have ability to talk collaborate and protect customers. there is plenty of business for everyone had but if we want to ensure the world will continue for our children and children thank you. but lack got hacked day.

the ground for a while. really appreciate it. if you got back