WEBVTT Kind: captions Language: en 00:00:03.680 --> 00:00:08.080 Good afternoon. I'm very sorry  that I'm not joining you in person. 00:00:08.080 --> 00:00:14.400 I was very much looking forward to being with you  in Vegas again, including to stop by QueerCon and   00:00:14.400 --> 00:00:21.040 other events, but the unprecedented situation with  respect to COVID-19 and the rising Delta variant   00:00:21.040 --> 00:00:26.320 prevents me from being there with you. I can  assure you that if I was there, in person,   00:00:26.320 --> 00:00:29.236 I wouldn't be dressed like I am now. 00:00:29.788 --> 00:00:32.243 As you know better than most, 00:00:32.243 --> 00:00:35.000 a lot has changed in the last six years. 00:00:35.000 --> 00:00:37.460 As it relates to the cybersecurity landscape, 00:00:37.460 --> 00:00:42.282 we've shifted from news headlines  about data breaches and espionage,   00:00:42.282 --> 00:00:47.680 to ransomware attacks disrupting hospitals,  schools, food suppliers, and pipelines. 00:00:48.240 --> 00:00:53.520 The assaults on companies like Colonial  Pipeline, JBS Foods, and Kaseya,   00:00:53.520 --> 00:01:00.080 not to mention interference in our elections,  have reinforced the importance of cybersecurity,   00:01:00.080 --> 00:01:05.440 of how we govern the internet, and of  why we need a free and secure cyberspace. 00:01:06.640 --> 00:01:10.160 What we face today is a need to  put the big questions of our time   00:01:10.160 --> 00:01:17.680 into perspective. In order to do so, let me take  you back, for a moment, a couple hundred years. 00:01:19.280 --> 00:01:24.560 At a time long before the world could  fathom the concept of computers,   00:01:24.560 --> 00:01:27.680 cyberspace, coding, hacking, or anything like it. 00:01:28.720 --> 00:01:34.800 Let’s turn to the early and mid-19th century, when  some of the most powerful nations on the planet   00:01:34.800 --> 00:01:38.713 engaged in what would later  be known as the “Great Game.” 00:01:39.040 --> 00:01:43.280 This was an era when the competition for  geopolitical influence pitted Great Britain   00:01:43.840 --> 00:01:48.960 against Russia and China over the question  of who would control the vast land mass   00:01:48.960 --> 00:01:53.440 of Central Asia. Who would determine  the rules of the road for trade,   00:01:53.440 --> 00:01:59.840 travel, and commerce – and whose values and  priorities would shape societies across the globe. 00:02:01.680 --> 00:02:08.640 The fight was over land. Access to land led  to control over people’s lives, health, jobs,   00:02:08.640 --> 00:02:15.680 and wellbeing. And there was a divide: between a  deeply flawed yet aspiring democracy in Britain,   00:02:16.320 --> 00:02:21.360 and the Czars and dynasties who were focused  on autocratic control over everything in their   00:02:21.360 --> 00:02:27.672 path – promoting and enforcing a closed,  disconnected, and oppressive system. 00:02:28.640 --> 00:02:33.440 We could spend countless hours discussing  the legacy of this chapter in history,   00:02:33.440 --> 00:02:39.600 what it means for us now, what has changed, and  what lessons we can and should glean from it. 00:02:40.560 --> 00:02:46.480 But here at Black Hat, I want to use this  legacy as a jumping off point to discuss   00:02:46.480 --> 00:02:53.901 another “Great Game” that is playing out before us  today and that will dramatically shape our future. 00:02:54.880 --> 00:02:58.577 Although we are no longer  fighting for control of land,   00:02:58.577 --> 00:03:02.080 we are competing for territory we cannot see. 00:03:02.080 --> 00:03:07.360 We are competing for the future of  cyberspace – one in which friends gather,   00:03:07.360 --> 00:03:15.465 colleagues communicate, businesses sell, consumers  buy, dissidents organize, horrific crimes occur,   00:03:15.465 --> 00:03:20.640 governments hear from their citizens, and  information is widely and quickly disseminated. 00:03:22.000 --> 00:03:28.240 We are competing between two visions – one  from countries like Russia, China, and Iran   00:03:28.240 --> 00:03:32.880 who want to limit access and maximize  control, and another from the United States  00:03:32.880 --> 00:03:39.120 and our allies who want to build and  protect a free, open, and secure internet. 00:03:40.800 --> 00:03:44.780 We must ultimately confront  some critical questions: 00:03:44.960 --> 00:03:49.600 Who will build, own, control, and  operate the underlying infrastructure   00:03:49.600 --> 00:03:53.840 of the internet, extending from  undersea cables to data centers? 00:03:54.560 --> 00:03:57.280 Who will shape the future of data routing? 00:03:58.000 --> 00:04:02.880 How will we protect both privacy  and security, online and offline? 00:04:03.520 --> 00:04:05.840 How will we better protect ourselves   00:04:05.840 --> 00:04:09.920 against continuously growing and  quickly evolving cyber threats? 00:04:11.440 --> 00:04:16.880 Every day, the Department of Homeland Security  tackles these issues – which are not limited   00:04:16.880 --> 00:04:21.840 to the “Great Game” that exists between  democratic and authoritarian governments,   00:04:21.840 --> 00:04:27.920 as they also include the relationship between  government and private sector entities. 00:04:27.920 --> 00:04:31.864 The role we play in this space  may surprise many of you. 00:04:32.640 --> 00:04:35.600 Take the U.S. Secret Service,  which is part of our Department   00:04:35.600 --> 00:04:38.720 and responsible not only for  protecting the President,   00:04:38.720 --> 00:04:44.602 but also actively fighting ransomware and  a range of other cyber-enabled crimes. 00:04:44.960 --> 00:04:50.270 Or look at TSA, best known for protecting airport  security as so many of us know, that maintains regulatory authority over 00:04:50.270 --> 00:04:54.370 that maintains regulatory authority over pipelines, 00:04:54.370 --> 00:04:58.560 which we leveraged following  the Colonial Pipeline ransomware attack   00:04:58.560 --> 00:05:03.600 to take urgent and critical measures to better  protect against immediate cyber threats. 00:05:04.480 --> 00:05:09.440 Or consider the Coast Guard, which saves  thousands of lives at sea every year,   00:05:09.440 --> 00:05:14.873 and also protects the maritime  transportation system against cyber threats. 00:05:15.280 --> 00:05:21.840 And last, look at the Department’s Cybersecurity and Infrastructure Security Agency, or CISA   00:05:21.840 --> 00:05:27.015 as it is commonly known, which is the federal  government’s quarterback on cybersecurity.   00:05:27.440 --> 00:05:33.760 CISA reinforces our cyber resilience and equips critical infrastructure owners and operators,   00:05:33.760 --> 00:05:41.217 cities and states, businesses and organizations  of all sizes, and even hospitals and schools,   00:05:41.217 --> 00:05:44.350 with the tools to defend against cyberattacks. 00:05:45.520 --> 00:05:51.600 Earlier today you heard from Jen Easterly, CISA’s  new Director, who talked about her journey from   00:05:51.600 --> 00:05:58.640 mastering the Rubik’s Cube as a child to attending  West Point, serving in Iraq and at Fort Meade,   00:05:58.640 --> 00:06:03.440 working as a senior leader at Morgan Stanley, and now serving at DHS   00:06:03.440 --> 00:06:08.565 to help us confront some of the most urgent  challenges currently facing our country. 00:06:09.440 --> 00:06:14.240 Jen exemplifies the impressive talent  we have brought together at DHS   00:06:14.240 --> 00:06:17.162 to work on cybersecurity and resilience. 00:06:17.920 --> 00:06:22.880 I am particularly excited about the  new Joint Cyber Defense Collaborative   00:06:22.880 --> 00:06:27.760 that CISA is launching to unite stakeholders  from across the federal government and the   00:06:27.760 --> 00:06:34.264 private sector around a whole-of-nation  approach to cyber defense operations. 00:06:34.560 --> 00:06:39.840 I have said before that the  Department of Homeland Security, DHS, 00:06:39.840 --> 00:06:46.720 is fundamentally a department of partnerships.  This Collaborative is just one of many efforts   00:06:46.720 --> 00:06:51.680 underway designed to leverage our  partners to keep our communities safe. 00:06:53.200 --> 00:06:59.360 We're really hard at work and we have no illusions  about the road ahead. There is nothing simple   00:06:59.360 --> 00:07:04.960 about the cybersecurity challenges we face,  and we need your help to get this right.   00:07:05.520 --> 00:07:12.541 We need your expertise to inform our policies  and the future of our critical mission. 00:07:13.840 --> 00:07:17.360 We invite you to share your views with us.   00:07:17.360 --> 00:07:25.120 We will not shy away from the most complex matters  before us. In fact, we invite a fierce debate. 00:07:25.120 --> 00:07:27.187 Take, for example, data routing. 00:07:27.840 --> 00:07:31.925 There are open-ended questions  we simply cannot ignore: 00:07:32.080 --> 00:07:36.240 Who will protect data as it  travels around the world? 00:07:36.240 --> 00:07:40.000 Should the United States government  take a more proactive role   00:07:40.000 --> 00:07:45.440 in shaping data flows – or do we leave that responsibility to the private sector? 00:07:46.000 --> 00:07:51.920 How can we ensure that American technology enterprises remain at the heart of the 00:07:51.920 --> 00:07:59.119 internet’s infrastructure across every layer, from the edge to the center, as we move forward? 00:07:59.119 --> 00:08:06.232 How will we set the rules? How will we balance the United States and our allies’ priorities 00:08:06.232 --> 00:08:11.840 to create more openness, connectivity, and freedom, while autocratic regimes 00:08:11.840 --> 00:08:19.113 like Russia and China are laying claim to greater control with zero transparency or accountability? 00:08:20.080 --> 00:08:24.800 These debates are necessary.  The search for smart solutions   00:08:24.800 --> 00:08:31.519 is essential. And the demand for balanced,  principled policies is unquestioned. 00:08:32.240 --> 00:08:37.520 At the Department of Homeland Security,  we are dedicating considerable time,   00:08:37.520 --> 00:08:42.240 energy, and resources to carefully think  through these complicated questions.   00:08:43.040 --> 00:08:49.889 And alongside our counterparts worldwide and  in the private sector, we work to solve them.   00:08:50.560 --> 00:08:57.440 We would benefit from your expertise and  we invite you to join the conversation. 00:08:57.440 --> 00:09:02.546 We cannot ignore an essential  truth: we are all in this together. 00:09:02.960 --> 00:09:08.240 We must also acknowledge what we all know,  which is that full agreement on every issue   00:09:08.240 --> 00:09:13.440 is impossible, and unanimity cannot  be the measure of success or progress. 00:09:14.160 --> 00:09:20.720 The fact is, the strength of our democracy,  the promotion of a free and open internet,   00:09:20.720 --> 00:09:27.280 the fairness of our economies, and the security  of our communities is a shared responsibility   00:09:27.280 --> 00:09:30.880 that is more timely and more  relevant than ever before. 00:09:32.640 --> 00:09:36.720 These ideals apply to what  is happening in cyber space;   00:09:36.720 --> 00:09:42.080 what is transpiring on the internet;  and how we govern the digital sphere   00:09:42.080 --> 00:09:49.840 where so much engagement, activism, advocacy,  education, and economic activity occur today. 00:09:50.800 --> 00:09:54.880 The “Great Game” is playing  out in cyber space right now. 00:09:54.880 --> 00:09:58.880 I know that all of you love to work  on tough problems. You are compelled   00:09:58.880 --> 00:10:05.445 to solve seemingly unsolvable puzzles. So,  here’s the bottom line: we need your help. 00:10:05.920 --> 00:10:11.280 We cannot answer these questions alone and  we want you to join us in addressing them. 00:10:11.280 --> 00:10:14.160 There are two immediate ways you can get involved. 00:10:14.160 --> 00:10:20.880 First, come work with us at the Department  of Homeland Security. Join our team   00:10:20.880 --> 00:10:25.120 of cybersecurity experts at  CISA and the rest of DHS.   00:10:25.120 --> 00:10:31.920 Lead the charge on the inside and help  us tackle growing challenges head on. 00:10:31.920 --> 00:10:34.764 I am proud to announce that  we will launch our new  00:10:34.764 --> 00:10:40.080 Cyber Talent Management System in short order.  This initiative – which is the product   00:10:41.440 --> 00:10:46.400 of a law enacted seven years ago – will  give us more flexibility to hire the very   00:10:46.400 --> 00:10:51.440 best cyber talent and ensure we can compete  more effectively with the private sector. 00:10:51.440 --> 00:10:55.600 It has taken too long to get here, but  we are proud to have gotten this hiring   00:10:55.600 --> 00:11:02.400 effort over the finish line. Developing a  top-tier, diverse cybersecurity workforce   00:11:02.400 --> 00:11:09.680 will remain a priority for DHS and the federal  government under the Biden-Harris Administration.  00:11:09.680 --> 00:11:14.467 I cannot overstate the pride 00:11:14.467 --> 00:11:17.075 and sense of profound self-fulfillment 00:11:17.075 --> 00:11:20.000 one will have in joining our team. 00:11:20.480 --> 00:11:24.800 You can really do a lot here with us. 00:11:24.800 --> 00:11:28.400 Second, if you are not interested  in working with us, you can help   00:11:28.400 --> 00:11:31.790 bridge the gap between the hacker  community and the federal government.   00:11:32.320 --> 00:11:36.640 As our partners and experts in the field,  you can be our defenders of a free,   00:11:36.640 --> 00:11:43.734 open, and secure internet, and you can help  inspire the next generation of cyber talent too. 00:11:44.160 --> 00:11:49.680 Just a couple days ago, we kicked off a  new partnership with Girl Scouts of the USA   00:11:49.680 --> 00:11:55.280 to provide girls with the tools and resources  to learn more about cybersecurity and become   00:11:55.280 --> 00:11:59.863 active ambassadors for related best  practices in their communities. 00:11:59.863 --> 00:12:05.280 We are increasing access to the field  of cybersecurity across every level.   00:12:05.280 --> 00:12:12.000 We seek to draw on every ounce of talent and  maximize the incredible potential that exists   00:12:12.000 --> 00:12:17.680 in communities across our country.  We want every voice at the table. 00:12:17.680 --> 00:12:25.760 We need your creativity, your ideas, your  boldness, and your willingness to push limits.   00:12:25.760 --> 00:12:31.168 We need you to help us navigate a  path that has not yet been mapped. 00:12:31.440 --> 00:12:36.080 What’s at stake here is nothing less  than the future of the Internet,   00:12:36.080 --> 00:12:41.353 the future of our economic and national  security, and the future of our country. 00:12:42.480 --> 00:12:46.800 So let’s keep this conversation  going. To protect our neighbors,   00:12:46.800 --> 00:12:53.920 our networks, our families, our rights,  and ourselves, we have to work together. 00:12:53.920 --> 00:12:57.143 Let’s do it, and thanks very much.