mandia, welcome back to "mad money. >> thank you for having me, jim. appreciate it. >> kevin heck is it possible this hack, this solar winds hack which for all we know is still ongoing has just kind of dropped from view there might have been hundreds of people who were hacking us, correct? >> yeah, i think so. but when you look at the landscape right now, jim, i've never seen anything like it. i started responding to breaches 25 years ago this week alone we're still responding to the remnants of the solar winds breach and by the way, that's an ongoing campaign the group that hacked and put an implant in solar winds they're not going away they've been hacking us for 10 to 20 years. they're going to be doing it the next 10 to 20 years. but you referred to in your opening statement about four zero day exploits, meaning exploits that have no patch, came out this week alone in microsoft's exchange server, the e-mail server. that went undetected for potentially a couple months. so there are a lot of major campaigns in cyberspace right now that are being very successful hacking amer

i think kevin mandia put it will with. i do think that this will strengthen the process that's used to build and vet software. but i would still say the message to the consumers of america should be clear. you are far safer if you update your software. it's a little bit like thinking -- well, it's sort of -- one seat belt may have a defect but you should still put on your seatbelt. you're going to be far safer every day if you update your software. ms. kelly: thank you so much. and thank you to all the witnesses and i yield back the balance of my time. >> thank you, congresswoman kelly. next i'd like to recognize the gentlelady from tennessee, congresswoman har-- harshbarger. you're on the clock. mrs. harshbarger: thank you, mr. chairman. i guess i just have a statement first and then i'll go into a question. since we don't know how the malicious code was inserted into the software updates, which is unbelievable, as several of you said that the u.s. government needs a national strategy to strengthen how we share threat int

kevin, can you elaborate? mr. mandia: i think mr. smith got it right. if it is not confidential threat intelligence sharing, people will be worried about liabilities to it. whether you did everything right on security or everything wrong, everybody trivia security program is somewhat [indiscernible] and hiking the supply chain was the blitzkrieg around the imaginary line in the states. we will broaden the line. we will get better every single day, but it whether somebody deserves to be compromised or not, however people interpret that, it takes time to figure out what you lost. that confidentiality of the threat intelligence data sharing is critical. rep. cammack: thank you. i have one minute remaining. real quickly, what specific supply chain vulnerability should be addressed to limit exposure to these threats that we are seeing in cyberspace? total free-for-all. go for it. mr. ramakrishna: i would be happy to start on this one. we are in a unique position to apply learning to the broader industry. we have defined some very specific things that may be