>>From around the globe. It's the cube covering Fortinet security summit brought to you by Fortinet. >>Welcome back to the cube. Lisa Martin here at the Fordham het championship security summit. Napa valley has been beautiful and gracious to us all day. We're very pleased to be here. I'm very pleased to welcome a first-timer to the cube. Rupesh Chuck Chuck Xi, VP a T and T cybersecurity and edge solutions at, at and T cybersecurity. Refresh. Welcome. >>Thank you. Thank you so much for having me, Lisa, I'm looking forward to our conversation today. >>Me too. First of all, it's we're in Napa we're outdoors. It's beautiful venue, no complaints, right? We're at a golf PGA tournament. Very exciting. Talk to me about the at and T Fordanet relationship. Give me, give me an, a good insight into the partnership. >>Sure, sure. So, as you said, you know, beautiful weather in California, Napa it's my first time. Uh, so it's kind of a new experience for me going back to your question in terms of the relationship between eight P and T and Ford in that, uh, a long lasting, you know, 10 plus years, you know, hand in hand in terms of the product, the technology, the capabilities that we are brought together in the security space for our customers. So a strategic relationship, and I'm so thrilled to be here today as a, Fordanet invited us to be part of the championship. Tommy, >>Talk to me. So your role VP of, and T cybersecurity and edge solutions, give me an, a deep dive into what's in your purview. >>Sure, sure. So I, uh, sort of, you know, run the PNL or the profit and loss center for product management for all of at and T cybersecurity and ed solutions and the whole concept behind putting the teams together is the convergence in networking and security. Um, so, you know, we are supporting the entire customer continuum, whether it's a fortune 50, the fortune 1000 to mid-market customers, to small businesses, to, you know, government agencies, you know, whether it's a local government agency or a school district or a federal agency, et cetera. And my team and I focus on bringing new product and capabilities to the marketplace, you know, working with our sales team from an enablement perspective, go to market strategy. Um, and the whole idea is about, uh, you know, winning in the marketplace, right? So delivering growth and revenue to the business, >>Competitive differentiation. So we've seen so much change in the last year and a half. I know that's an epic understatement, but we've also seen the proliferation at the edge. What are some of the challenges that you're seeing and hearing from customers where that's concerned >>As you stated, right. There's a lot happening in the edge. And sometimes the definition for edge varies when you talk with different people, uh, the way we look at it is, you know, definitely focused on the customer edge, right? So if you think about many businesses, whether I am a, a quick serve restaurant or I'm a banking Institute or a financial services or an insurance agency, or I'm a retail at et cetera, you know, lots of different branches, lots of different transformation taking place. So one way of approaching it is that when you think about the customer edge, you see a lot of virtualization, software driven, a lot of IOT endpoints, et cetera, taking place. So the cyber landscape becomes more important. Now you're connecting users, devices, capabilities, your point of sale system to a multi-cloud environment, and that, you know, encryption of that data, the speed at which it needs to happen, all of that is very important. And as we think ahead with 5g and edge compute and what that evolution revolution is going to bring, it's going to get even more excited because to me, those are kind of like in a playgrounds of innovation, but we want to do it right and keep sort of, you know, cyber and security at the core of it. So we can innovate and keep the businesses safe. >>How do you help customers to kind of navigate edge cybersecurity challenges and them not being synonymous? >>That's a great, great question. You know, every day I see, you know, different teams, different agendas, different kinds of ways of approaching things. And what I tell customers and even my own teams is that, look, we have to have a, a blueprint and architecture, a vision, you know, what are the business outcomes that we want to achieve? What the customer wants to achieve. And then start to look at that kind of technology kind of convergence that is taking place, and especially in the security and the networking space, significant momentum on the convergence and utilize that convergence to create kind of full value stack solutions that can be scaled, can be delivered. So you are not just one and done, but it's a continuous innovation and improvement. And in the security space, you need that, right. It's never going to be one and done. No >>We've seen so much change in the last year. We've seen obviously this rapid pivot to work from home that was overnight for millions and millions of people. We're still in that too. A fair amount. There's a good amount of people that are still remote, and that probably will be permanently there's. Those that are going to be hybrid threat landscape bloated. I was looking at and talking with, um, 40 guard labs and the, the nearly 11 X increase in the last 12 months in ransomware is insane. And the ransomware as a business has exploded. So security is a board level conversation for businesses I assume in any. >>Absolutely. Absolutely. I agree with you, it's a board level conversation. Security is not acknowledged the problem about picking a tool it's about, you know, the business risk and what do we need to do? Uh, you mentioned a couple of interesting stats, right? So we've seen, uh, you know, two things I'll share. One is we've seen, you know, 440 petabytes of data on the at and T network in one average business day. So 440 petabytes of data. Most people don't know what it is. So you can imagine the amount of information. So you can imagine the amount of security apparatus that you need, uh, to Tofino, protect, and defend and provide the right kind of insights. And then the other thing that VOC and along the same lines of what you were mentioning is significant, you know, ransomware, but also significant DDoSs attacks, right? So almost like, you know, we would say around 300% plus said, DDoSs mitigations that we did from last year, you know, year over year. >>So a lot of focus on texting the customer, securing the end points, the applications, the data, the network, the devices, et cetera. Uh, the other two points that I want to mention in this space, you know, again, going back to all of this is happening, right? So you have to focus on this innovation at the, at the speed of light. So, you know, artificial intelligence, machine learning, the software capabilities that are more, forward-looking have to be applied in the security space ever more than ever before, right. Needs these do, we're seeing alliances, right? We're seeing this sort of, you know, crowdsourcing going on of action on the good guys side, right? You see the national security agencies kind of leaning in saying, Hey, let's together, build this concept of a D because we're all going to be doing business. Whether it's a public to public public, to private, private, to private, all of those different entities have to work together. So having security, being a digital trust, >>Do you think that the Biden administrations fairly recent executive order catalyst of that? >>I give it, you know, the president and the, the administration, a lot of, you know, kudos for kind of, and then taking it head on and saying, look, we need to take care of this. And I think the other acknowledgement that it is not just hunting or one company or one agency, right? It's the whole ecosystem that has to come together, not just national at the global level, because we live in a hyper connected world. Right. And one of the things that you mentioned was like this hybrid work, and I was joking with somebody the other day that, and really the word is location, location, location, thinking, network security, and networking. The word is hybrid hybrid hybrid because you got a hybrid workforce, the hybrid cloud, you have a hybrid, you have a hyper-connected enterprise. So we're going to be in this sort of, you know, hybrid for quite some time are, and it has to >>Be secure and an org. And it's, you know, all the disruption of folks going to remote work and trying to get connected. One beyond video conference saying, kids are in school, spouse working, maybe kids are gaming. That's been, the conductivity alone has been a huge challenge. And Affordanet zooming a lot there with links to us, especially to help that remote environment, because we know a lot of it's going to remain, but in the spirit of transformation, you had a session today here at the security summit, talked about transformation, formation plan. We talk about that word at every event, digital transformation, right? Infrastructure transformation, it security. What context, where you talking about transformation in it today? What does it transformation plan mean for your customers? >>That's a great question because I sometimes feel, you know, overused term, right? Then you just take something and add it. It's it? Transformation, network, transformation, digital transformation. Um, but what we were talking today in, in, in the morning was more around and sort of, you know, again, going back to the network security and the transformation that the customers have to do, we hear a lot about sassy and the convergence we are seeing, you know, SD van takeoff significantly from an adoption perspective application, aware to experiences, et cetera, customers are looking at doing things like internet offload and having connectivity back into the SAS applications. Again, secure connectivity back into the SAS applications, which directly ties to their outcomes. Um, so the, the three tenants of my conversation today was, Hey, make sure you have a clear view on the business outcomes that you want to accomplish. Now, the second was work with a trusted advisor and at and T and in many cases is providing that from a trusted advisor perspective. And third, is that going back to the one and done it is not a one and done, right? This is a, is a continuous process. So sometimes we have to be thinking about, are we doing it in a way that we will always be future ready, will be always be able to deal with the security threats that we don't even know about today. So yeah, >>You bring up the term future ready. And I hear that all the time. When you think of man, we really weren't future ready. When the pandemic struck, there was so much that wasn't there. And when I was talking with 49 earlier, I said, you know, how much, uh, has the pandemic been a, uh, a catalyst for so much innovation? I imagine it has been the same thing that >>Absolutely. And, you know, I remember, you know, early days, February, March, where we're all just trying to better understand, right? What is it going to be? And the first thing was, Hey, we're all going to work remote, is it a one week? Is it a two week thing? Right? And then if you're like the CIO or the CSO or other folks who are worried about how am I going to give the productivity tools, right. Businesses in a one customer we work with, again, tobacco innovation was said, Hey, I have 20,000 call center agents that I need to take remote. How do you deliver connectivity and security? Because that call center agent is the bloodline for that business interacting with their end customers. So I think, you know, it is accelerated what would happen over 10 years and 18 months, and it's still unknown, right? So we're still discovering the future. >>There's a, there will be more silver linings to come. I think we'll learn to pick your brain on, on sassy adoption trends. One of the things I noticed in your abstract of your session here was that according to Gardner, the convergence of networking and security into the sassy framework is the most vigorous technology trend. And coming out of 2020, seeing that that's a big description, most vigorous, >>It's a big, big description, a big statement. And, uh, we are definitely seeing it. You know, we saw some of that, uh, in the second half of last year, as the organizations were getting more organized to deal with, uh, the pandemic and the change then coming into this year, it's even more accelerated. And what I mean by that is that, you know, I look at sort of, you know, three things, right? So one is going back to the hybrid work, remote work, work from anywhere, right. So how do you continue to deliver a differentiated experience, highly secure to that workforce? Because productivity, human capital very important, right? The second is that there's a back and forth on the branch transformation. So yes, you know, restaurants are opening back up. Retailers are opening back up. So businesses are thinking about how do I do that branch transformation? And then the third is explosive business IOT. So the IOT end points, do you put into manufacturing, into airports in many industries, we continue to see that. So when you think about sassy and the framework, it's about delivering a, a framework that allows you to protect and secure all of those endpoints at scale. And I think that trend is real. I've seen customer demand, we've signed a number of deals. We're implementing them as we speak across all verticals, healthcare, retail, finance, manufacturing, transportation, government agencies, small businesses, mid-sized businesses. >>Nope, Nope. Not at all. Talk to me about, I'm curious, you've been at, at and T a long time. You've seen a lot of innovation. Talk, talk to me about your perspectives on seeing that, and then what to you think as a silver lining that has come out of the, the acceleration of the last 18 months. >>She and I, I get the question, you know, I've been with at and T long time. Right. And I still remember the day I joined at T and T labs. So it was one of my kind of dream coming out of engineering school. Every engineer wants to go work for a brand that is recognized, right. And I, I drove from Clemson, South Carolina to New Jersey Homedale and, uh, I'm still, you know, you can see I'm still having the smile on my face. So I've, you know, think innovation is key. And that's what we do at, at and T I think the ability to, um, kind of move fast, you know, I think what the pandemic has taught us is the speed, right? The speed at which we have to move the speed at which we have to collaborate the speed at which we have to deliver, uh, to agility has become, you know, the differentiator for all of us. >>And we're focusing on that. I also feel that, uh, you know, there have been times where, you know, product organizations, technology organizations, you know, we struggle with jumping this sort of S-curve right, which is, Hey, I'm holding onto something. Do I let go or not? Let go. And I think the pandemic has taught us that you have to jump the S-curve, you have to accelerate because that is where you need to be in, in a way, going back to the sassy trend, right. It is something that is real, and it's going to be there for the next three to five years. So let's get ready. >>I call that getting comfortably uncomfortable, no businesses safe if they rest on their laurels these days. I think we've learned that, speaking of speed, I wanna, I wanna get kind of your perspective on 5g, where you guys are at, and when do you think it's going to be really impactful to, you know, businesses, consumers, first responders, >>The 5g investments are happening and they will continue to happen. And if you look at what's happened with the network, what at and T has announced, you know, we've gotten a lot of kudos for whatever 5g network for our mobile network, for our wireless network. And we are starting to see that, that innovation and that innovation as we anticipated is happening for the enterprise customers first, right? So there's a lot of, you know, robotics or warehouse or equipment that needs to sort of, you know, connect at a low latency, high speed, highly secure sort of, you know, data movements, compute edge that sits next to the, to the campus, you know, delivering a very different application experience. So we're seeing that, you know, momentum, uh, I think on the consumer side, it is starting to come in and it's going to take a little bit more time as the devices and the applications catch up to what we are doing in the network. And if you think about, you know, the, the value creation that has happened on, on the mobile networks is like, if you think about companies like Uber or left, right, did not exist. And, uh, many businesses, you know, are dependent on that network. And I think, uh, it will carry on. And I think in the next year or two, we'll see firsthand the outcomes and the value that it is delivering you go to a stadium at and T stadium in Dallas, you know, 5g enabled, you know, that the experience is very different. >>I can't wait to go to a stadium again and see it came or live music. Oh, that sounds great. Rubbish. Thank you so much for joining me today, talking about what a T and T is doing with 49, the challenges that you're helping your customers combat at the edge and the importance of really being future. Ready? >>Yes. Thank you. Thank you so much. Really appreciate you having me. Thanks for 49 to invite us to be at this event. Yes. >>Thank you for refresh talk. She I'm Lisa Martin. You're watching the cube at the 40 net championship security summits.

(bright music) >> Hello, and welcome to today's session of the 2021 AWS Global Public Sector Partner Awards. I'm your host, Natalie Erlich and today we'll highlight the best cybersecurity solution. I'm very pleased to welcome our next guests. They are Tina Thorstenson executive public sector strategist at CrowdStrike and Jennifer Dvorak information security architect for the State of Arizona. Thank you so much for being with me today. >> Thanks for having us. >> Yep, thank you. >> Perfect. Well you know obviously a really wild year with COVID and it certainly pushed a lot of boundaries. Cyber security resiliency also a hot topic as ransomware really spiked up. How have you addressed this concern and really accelerated this push with COVID-19 in the backdrop? I'd love it if either one of you would just like to jump in here. >> Well, CrowdStrike was one of our initiatives for 2020 and it was significantly increased, accelerated due to COVID. So we had to roll out in a matter of weeks when we had a matter of months previously and it really provided us the visibility that we needed for folks taking their computers home. We had no way of triaging any of our incidents when the computers were at home. So rolling out CrowdStrike as quickly as possible it gave us remote access, it gave us visibility and that was huge for our organization. >> Tina, if you could weigh in on this as well, that would be terrific. >> Sure absolutely. And you know, Jen with the State of Arizona is one of our premier customers but across the board with the 2021 global threat report that we issue each year, what we saw there was a fourfold increase in the number of intrusions. So to your point about the threat activity and it's not getting better. So what CrowdStrike is on a mission to do is stop regions and protect organizations against these bad actors so that they're, that we minimize disruptions. It's really been tremendous to see and build a ecosystem from a platform approach that started with visibility on the end point that Jen was just alluding to. >> And Jennifer, I'd love to get your insight how the public sector and the private sector can work better in tandem with each other in order to protect customers and also communities against ransomware attacks and other kinds of cybersecurity threats that we've seen coming from Russia for instance. >> Certainly so our state CISO Tim Roemer, he has definitely encouraged us to make partners with our private vendors. So that's one of his strategic initiatives and we really want partners in the private sector. We want folks that are going to come alongside us and help us with our security goals. And CrowdStrike has been one of those vendors. We don't want to just spend money and then the vendor runaway, we want somebody that's going to be with us every step of the way. We've had some incidents this past year and CrowdStrike was the first team to alert us because it was a different agency or a different part of our organization that we don't typically work with a lot. And that was really helpful because we were able to act quickly and address the issues that arose. So just having somebody that's looking out for your best interests and being a true partner is what we're really looking for. And that's the only way that we can circumvent these ransomware attacks. >> And Tina I'd love it if you'd weigh in as well. How do you see your role in this effort to protect the public evolving now in 2021? >> So I love that question and especially with the role of my role brand new in COVID interestingly enough, to create this bi-directional executive alignment with our customers and our internal teams and overall at CrowdStrike our goal, as I said is to stop breaches and it's really to bring, to minimize the frustration that comes sometimes with rolling out security tools. I've been at this a long time and tools like CrowdStrike are really game changers for security teams that are really about protecting organizations. And essentially what we do is we brought a single platform where when it, when the, when our software is deployed to an organization across their laptops, desktops, server and cloud infrastructure, we were born in the cloud kind of before it was cool and now we serve more than 11,000 customers. And that threat activity goes to a single AWS instance where we look across all of the threat activity. And then when we see activity in one area, we can protect all of our customers. That's the power of the cloud. >> Perfect and I'd love Jennifer's insights here too. What steps are you taking now to keep the public protected and the state cyber ready? >> And I like Tina's point about being born in the cloud. So State of Arizona is a cloud first state. We are also looking for solutions in the cloud, and I think by leveraging cloud solutions, we're able to be more nimble. We're able to pivot our approach to security and address anything that comes up more quickly. So being cloud first, even though it's, it wasn't embraced initially, I think that it's something that we've been driving towards and looking for more partners that support that cloud first initiative that we have. >> And Tina what's top of mind? What are some of the key initiatives that your team and teams are going to be focused on in the years ahead? What's the next phase for cybersecurity? >> Great question and we've talked quite a bit about the end point but where we're headed and really where we've invested heavily the last couple of years and we'll continue moving forward is now that we have, we've brought this game-changing visibility to our security teams on the end point of each one of the systems in their environment where we've expanded the platform to now include cloud services like I mentioned. Now include indicators of misconfigurations which are so detrimental to teams working in a hybrid cloud environment. And then we've also moved into the identity protection space. And essentially what we're doing there is the same thing we've been doing to protect workloads coming from desktops and laptops across the country and around the world and moved to a model where we're also in a zero trust principles way looking for threat activity coming in through identities, through people logging into these systems and doing the same real-time continuous monitoring and taking proactive action to protect organizations where we see malicious activity. >> Terrific, well, in light of COVID-19, we saw a big spike in ransomware and I'd love to hear specifically from Tina why do we need trusted partners rather than software vendors in this fight? >> You know, it's so important to get out in front of all of the adversaries and most recently that we've seen huge growth in the e-crime actors that are taking advantage of the tools that are unfortunately in the market today, sometimes even free that allow them to hold organizations hostage. And the reason that's so important to partner with organizations and companies like CrowdStrike, is that we've been thinking ahead and we are designed in a way to stop an individual, a breach or adversary attack from occurring but we've been watching how their adversary works and now we can see their activity very early on before they have a chance to gain a foothold in an organization's server or laptop or even a phone or a tablet. And really what we're doing is we're providing protection so that it doesn't even need to move to an analyst to do further review. We just stop it right at the gate before it causes harm. And the reason that this is so important probably is obvious, but we're about making sure that the organizations like the State of Arizona can continue on their business and without these kinds of disruptions. So we haven't designed against one particular adversary but we really designed an approach that works across them all because we've been watching so closely how they move through environments for years. And we use the power of artificial intelligence delivered from the cloud to protect against all things including ransomware. >> Right it's really an evolving process. You constantly have to be vigilant for the next threat. Now I'd love to hear how you see things change with your tech partners and providers at the moment. >> So from a CrowdStrike perspective, we aim to be absolutely the best in class for the products and services that we provide whether that's your products that you can purchase like our endpoint solutions or whether that's services like our 24/7 threat hunting teams or Falcon Complete Teams that basically serve as an extension of an organization's team. But it's absolutely critical that we move this direction and not try to be the best at everything and instead partner. So we have extensive partnerships with Zscaler and Proofpoint and so many others, Okta. I mean the list goes on and on with now hundreds. And we also have a CrowdStrike store. So once you're a customer we've reduced the friction to taking on and trying out new modules, either from us or new options that maybe you haven't considered before from our trusted partners, much like the AWS marketplace we've got the CrowdStrike store and it's a growing set of partnerships where we build those integrations. So, my prior life I was the CISO for Arizona State University most recently. And we spend an awful lot of time integrating these solutions in a CrowdStrike. We're about building those integrations so that the teams within the organizations that can get on to doing innovative things within their space, rather than having to spend all their time tying these technologies together. >> Yeah now shifting to Jennifer late last year we learned that suspected Russian hackers broke into the US government agencies including a county in Arizona. So what measures has the State of Arizona put in place now to ensure that something like that won't happen again or that at least the state is very vigilant and ready to protect citizens and the government against these threats? >> We're definitely partnering with products like or vendors like CrowdStrike. That's what we, we're looking to extend those partnerships. And not only that we're developing our information sharing program across state, local and territorial governments. So we're looking to partner with the cities, the counties. Cybersecurity is a team sport. Cybersecurity is, it takes everyone. It takes the whole state working together. And that's one of the things that we've been trying to build. So working in conjunction with the state fusion center, the Arizona Counter Terrorism Information Center, we've been working to do more indicators of compromise sharing, any intelligence that we've been gathering from these counties that maybe did have an incident or a breach. We want to make sure that the information is disseminated to everyone so that we can be stronger and protect against it. Additionally, we we're always looking for grants that we can extend so that we're able to extend our products that we use to some of the smaller cities and towns and counties so that they can leverage some of the same technologies like CrowdStrike in their environments at a fraction of the cost or paid for by a grant. >> Terrific, well, Tina how does your experience as a CrowdStrike customer now come into play in your current role? >> Well, how's it come into play? Well, I think that it makes it really easy for me to be a liaison internally and help internal teams understand what it's like to sit as a CISO or as a CIO or deputy CIO. And to understand the kinds of challenges that these teams are (indistinct) these leaders of these teams are facing as they're moving forward with their innovation agenda while making sure to make sure that they're gaining those operational efficiencies that are so important today and wowing their customers all the while, right? So I think really what I bring to it is that level of experience to make sure that the voices of our customers are heard internally and that we continue to build products and services that make sense for the needs of our customers additional capabilities. Like we just released Falcon X Recon is an example of one of our newer capabilities where we're basically looking at their deep and dark web activity and bringing that together in the single platform, single event console that we've leveraged for years now. And in highlighting that activity many, in many cases, pre breach. So before you'd ever see it hit your, in your organization's operational environment, we would detect it through that service. So, I think it's those, all those things combined. >> Terrific well, CrowdStrike won a number of key accolades this year, and I was curious, Tina what you attribute to this huge success. >> Well, I have to tell you that I've been in the security space for far too long. And what I can say is that until CrowdStrike came along, there wasn't a solution, a security solution that we could get software running on an end point that wasn't just frustrating across the board. There were conflicts with other software running or the software would work great for one platform but it wouldn't work for the other. So we really have this new approach. And I think that that's what's made us, in fact I'm sure it's certainly what made me a wildly happy customer is that staff, faculty, employees, if we hadn't told them the software was being rolled out, they wouldn't have even noticed. You know it doesn't impact the machines and it's really provided this amazing experience and bringing all that with 150 different adversary groups that we track and we take that on for the customers and just bring visibility for the immediate things they need to take action on. I think those are all of the things that got us to this point in building out this platform is going to be really amazing to see in the years to come as we expand across other areas within the security space, either developing our own or really driving partnerships to make it easier for our customers. >> Yeah, terrific. Well, I pulled up the stat here for us to examine because I think it's really important for our viewers to understand just how important cybersecurity is and how it's going to be even more important for customers and for the private citizens and public citizens. According to Cybersecurity Ventures, cyber crime costs will grow by 15% per year reaching 10.5 trillion by 2025. That's just in about four years. And not only that, cyber crime will become the third largest economy in the world after the United States and China. So, I mean, it's really terrific that you're stepping up. You know just if you could both, perhaps Jennifer can go first and then Tina, what are the key lessons that you have for even the federal government to take a more proactive stance against these threats? >> Well, I think it's clear that this is a very lucrative venture, business venture. It's treated like a business venture by these criminal actors and they have a formula and it works. So I don't see that it's going to be changing anytime soon. And it's also not something that is highly sophisticated, highly technical. It's very easy. It's very much phishing, you know, users clicking on emails and vulnerabilities and environments. It's really a very easy formula that they continue to repeat. So I think until the federal government has more ways to recoup some of these ransomware payments, or we're able to stop some of these ransomware as a service products from being used, I think it's going to continue. So we're defenders so we need to make sure that we're ready for anything that comes and using products that keep us safe is really the best way and training our users. >> Terrific and Tina? >> Thank you. So we are so passionate about making sure that our customers can sleep better at night. When it comes down to tips it really comes back to the basics in many regards but the basics are sometimes really hard to do. So they sound simple, but they aren't so easy to do. And it's basics like making sure your systems are patched. Every organization has just a growing number of devices and pieces of software and infrastructure and all of those things need to be patched nearly immediately to stay out in front of today's adversaries. And Jen's right, Some are sophisticated, some are not but the reality is if we leave those windows open, we will have adversaries, oh, you know walk into our house if you will. So the basics like that also making sure that you have great backups, right? So if you do run into an instance of a ransomware where your systems are locked that you have the ability to recover quickly, being proactive and making sure that you have the partnership arrangement ahead of time is a third really important thing to do. Many organizations now have IRR retainers that they, incident response retainers that you can use proactively in years where you don't find yourself on your heels in a reactive situation but then it's there when you need it. Sometimes it's hard to find great services when there are the flood of ransomware attacks like we've seen in recent months. And then lastly, and I should have started with this 'cause it's the most important part, train your people. It's so important to make sure that security is just a culture, a part of the culture, just like you lock your car and you lock your house. Making sure that you're thinking about those things that will help keep you safe and your organization safe. >> Really excellent points. Thank you both so much for your insights. That was Tina Thorstenson executive public sector strategist at CrowdStrike, as well as Jennifer Dvorak, information security architect for the State of Arizona. Again, really appreciate your insights. This was a fantastic conversation with you. And that's all for the 2021 AWS Global Public Sector Partner Awards or in this session of that. I'm your host Natalie Erlich and see you very soon. (bright music)

>> Narrator: From around the globe. It's theCUBE covering space in cybersecurity symposium 2020 hosted by Cal Poly. >> Hello, everyone. Welcome to the space and cybersecurity symposium, 2020 hosted by Cal Poly where the intersection of space and security are coming together. I'm John Furrier, your host with theCUBE here in California. I want to welcome our featured guest, Lieutenant General, John F. Thompson with the United States Space Force approach to cybersecurity. That's the topic of this session. And of course he's the commander of the space and missile system center in Los Angeles Air Force Base. Also heading up Space Force. General, thank you for coming on. I really appreciate to you kicking this off. Welcome to the symposium. >> Hey, so thank you very much, John, for that very kind introduction. Also very much thank you to Cal Poly for this opportunity to speak to this audience today. Also a special shout out to one of the organizers, Dustin Debrun, for all of his work, helping get us to this point. Ladies and gentlemen as a John mentioned, I'm JT Thompson. I lead the 6,000 men and women of the United States Space Force's Space and Missile System Center, which is headquartered here at Los Angeles Air Force Base and El Segundo. If you're not quite sure where that's at, it's about a mile and a half from LAX. This is our main operating location, but we do have a number of other operating locations around the country. We're about 500 people at Kirtland Air Force Base in Albuquerque, New Mexico, and an about another 500 people on the front range of the Rockies between Colorado Springs and Denver plus a smattering of other much smaller operating locations nationwide. We're responsible for acquiring, developing and sustaining the United States Space Force's, critical space assets. That includes the satellites in the space layer and also on the ground layer our ground segments to operate those satellites. And we also are in charge of procuring launch services for the US Space Force and a number of our critical mission partners across the Department of Defense and the intelligence community. Just as a couple of examples of some of the things we do, if you're unfamiliar with our work we developed and currently sustain the 31 satellite GPS constellation that satellite constellation, while originally intended to help with global navigation, those GPS signals have provided trillions of dollars in unanticipated value to the global economy over the past three decades. GPS is everywhere. I think everybody realizes that. Agriculture, banking, the stock market, the airline industry, separate and distinct navigation systems. It's really pervasive across both capabilities for our Department of Defense and capabilities for our economy and individuals, billions of individuals across our country and the planet. Some of the other work we do for instance, in the communications sector, secure communications satellites that we designed and build that link America's sons and daughters serving in the military around the world and really enable real time support and comms for our deployed forces. And those of our allies. We also acquire infrared missile warning satellites that monitor the planet for missile launches that provide advanced warning to the US Homeland and to our allies in case some of those missile launches are nefarious. On a note, that's probably a lot closer to home, maybe a lot closer to home than many of us want to think about here in the state of California. In 2018, SMC jumped through a bunch of red tape and bureaucracy to partner with the US Forest Service during two of the largest wildfires in the state's history, the Camp and Woolsey fires in Northern California. As those fires spread out of control, we created processes on the fly to share data from our missile warning satellites. Those are satellites that are systems that are purpose built to see heat sources from thousands of miles above the planet. And we collaborated with the US Forest Service so that firefighters on the ground could track those fires more in real time and better forecast fires and where they were spreading, thereby saving lives and property by identifying hotspots and flareups for firefighters. That data that we were able to working with our contractors pass to the US Forest Service and authorities here in California, was passed in less than an hour as it was collected to get it into the hands of the emergency responders, the first responders as quickly as possible and doing that in an hour greatly surpassed what was available from some of the other assets in the airborne and ground-based fire spotters. It was really instrumental in fighting those fires and stopping their spread. We've continued that involvement in recent years, using multiple systems to support firefighters across the Western US this fall, as they battled numerous wildfires that unfortunately continue. Working together with the US Forest Service and with other partners we'd like to think that we've made a difference here, but there's still a lot more work to go. And I think that we should always be asking ourselves what else can space data be used for and how can we more rapidly get that space data to stakeholders so that they can use it for purposes of good, if you will. How else can we protect our nation? How else can we protect our friends and allies? I think a major component of the discussion that we will have throughout this conference is that the space landscape has changed rapidly and continues to change rapidly. Just over the past few years, John and I were talking before we went live here and 80 nations now have space programs. Nearly 80 space faring nations on the planet. If you just look at one mission area that the Department of Defense is interested in, and that's small launch, there are currently over 100 different small launch companies within the US industrial base vying for commercial DoD and civil payload capabilities, mostly to lower earth orbit. It's truly a remarkable time. If you factor in those things like artificial intelligence and machine learning, where we're revolutionizing really, the ways that we generate process and use data. It's really remarkable. In 2016, so if you think about this four years ago, NASA estimated that there were 28 terabytes of information transiting their space network each day. And that was four years ago. Obviously we've got a lot of desire to work with a lot of the people in the audience in this conference, we need to work with big thinkers, like many of you to answer questions on how best we apply data analytics to extract value and meaning from that data. We need new generations of thinkers to help apply cutting edge theories of data mining, cyber behaviorism, and Internet of Things 2.0, it's just truly a remarkable time to be in the space business and the cyber aspects of the space business are truly, truly daunting and important to all of us. Integrating cyber security into our space systems, both commercial and government is a mandate. it's no longer just a nice to have as the US Space Force and Department of the Air Force leadership has said many times over the past couple of years, space is becoming congested and contested. And that contested aspect means that we've got to focus on cyber security in the same way that the banking industry and cyber commerce focus on cybersecurity day in and day out. The value of the data and services provided is really directly tied to the integrity and availability of that data and services from the space layer, from the ground control segments associated with it. And this value is not just military, it's also economic and it's not just American, it's also a value for the entire world, particularly our allies, as we all depend upon space and space systems. Your neighbors and friends here in California that are employed at the space and missile system center work with network defenders. We work with our commercial contractors and our systems developers, our international allies and partners to try and build as secure and resilient systems as we can from the ground up that keep the global comments of space free and open for exploration and for commerce as John and I were talking earlier, before we came online, there's an aspect of cybersecurity for space systems, especially for some of our legacy systems, that's more, how do we bolt this on? Cause we fielded those space systems a number of years ago, and the challenges of cybersecurity in the space domain have grown. So we have a part that we have to worry about, bolting it on, but then we have to worry about building it in as we field new systems and build in a flexibility that realizes that the cyber threat or the cybersecurity landscape will evolve over time. It's not just going to be stagnant. There will always be new vulnerabilities and new threat vectors that we all have to look at. Look, as Secretary Barrett, who is our secretary of the air force likes to say most Americans use space before they have their first cup of coffee in the morning. The American way of life really depends on space. And as part of the United States Space Force, we work with defense leaders, our Congress joint, and international military teammates and industry to ensure American leadership in space. I really thank you for this opportunity to address the audience today, John, and thanks so much to Cal Poly for letting me be one of the speakers at this event. I've really looked forward to this for several months. And so with that, I look forward to your questions as we kind of move along here. >> General, thank you very much for those awesome introductory statement. For the folks watching on the stream, Brigadier General Carthan's going to be in the chat, answering any questions, feel free to chat away. He's the vice commander of Space and Missile System Center, he'll be available. A couple of comments from your keynote before I get to my questions. Cause it just jumped into my head. You mentioned the benefits of say space with the fires in California. We're living that here. That's really realtime. That's a benefit. You also mentioned the ability for more people launching payloads into space. I'm only imagined Moore's law smaller, faster, cheaper applies to rockets too. So I'm imagining you have the benefits of space and you have now more potential objects flying out sanctioned and maybe unsanctioned. So is it going to be more rules around that? This is an interesting question cause it's exciting Space Force, but for all the good there is potentially bad out there. >> Yeah. So John, I think the basics of your question is as space becomes more congested and contested, is there a need for more international norms of how satellites fly in space? What kind of basic features satellites have to perhaps de orbit themselves? What kind of basic protections should all satellites be afforded as part of a peaceful global commons of space? I think those are all fantastic questions. And I know that US and many allied policy makers are looking very, very hard at those kinds of questions in terms of what are the norms of behavior and how we field, and field as the military term. But how we populate using civil or commercial terms that space layer at different altitudes, lower earth orbit, mid earth orbit, geosynchronous earth orbit, different kinds of orbits, what the kind of mission areas we accomplished from space. That's all things that need to be definitely taken into account as the place gets a little bit, not a little bit as the place gets increasingly more popular day in and day out. >> I'm super excited for Space Force. I know that a new generation of young folks are really interested in it's an emerging, changing great space. The focus here at this conference is space and cybersecurity, the intersection. I'd like to get your thoughts on the approach that a space force is taking to cybersecurity and how it impacts our national goals here in the United States. >> Yeah. So that's a great question John, let me talk about it in two basic ways. At number one is an and I know some people in the audience, this might make them a little bit uncomfortable, but I have to talk about the threat. And then relative to that threat, I really have to talk about the importance of cyber and specifically cyber security, as it relates to that threat. The threats that we face really represented a new era of warfare and that new era of warfare involves both space and cyber. We've seen a lot of action in recent months from certain countries, notably China and Russia that have threatened what I referred to earlier as the peaceful global commons of space. For example, it threw many unclassified sources and media sources. Everybody should understand that the Russians have been testing on orbit anti-satellite capabilities. It's been very clear if you were following just the week before last, the Department of Defense released its 2020 military and security developments involving the People's Republic of China. And it was very clear that China is developing ASATs, electronic jammers, directed energy weapons, and most relevant to today's discussion, offensive cyber capabilities. There are kinetic threats that are very, very easy to see, but a cyber attack against a critical command and control site or against a particular spacecraft could be just as devastating to the system and our war fighters in the case of GPS and important to note that that GPS system also impacts many civilians who are dependent on those systems from a first response perspective and emergency services, a cyber attack against a ground control site could cause operators to lose control of a spacecraft or an attacker could feed spoofed data to assist them to mislead operators so that they sent emergency services personnel to the wrong address. Attacks on spacecraft on orbit, whether directly via a network intrusion or enabled through malware introduced during the system's production while we're building the satellite can cripple or corrupt the data. Denial-of-service type attacks on our global networks obviously would disrupt our data flow and interfere with ongoing operations and satellite control. If GPS went down, I hesitate to say it this way, cause we might elicit some screams from the audience. But if GPS went down a Starbucks, wouldn't be able to handle your mobile order, Uber drivers wouldn't be able to find you. And Domino's certainly wouldn't be able to get there in 30 minutes or less. So with a little bit of tongue in cheek there from a military operations perspective, it's dead serious. We have become accustomed in the commercial world to threats like ransomware and malware. And those things have unfortunately become commonplace in commercial terrestrial networks and computer systems. However, what we're seeing is that our adversaries with the increased competition in space these same techniques are being retooled, if you will, to use against our national security space systems day in and day out. As I said, during my opening remarks on the importance of cyber, the value of these systems is directly tied to their integrity. If commanders in the field, firefighters in California or baristas in Starbucks, can't trust the data they're receiving, then that really harms their decision making capabilities. One of the big trends we've recently seen is the move towards proliferated LEO constellations, obviously Space X's Starlink on the commercial side and on the military side, the work that DARPA and my organization SMC are doing on Blackjack and Casino, as well as some space transport layer constellation work that the space development agency is designing are all really, really important types of mesh network systems that will revolutionaries how we plan and field war fighting systems and commercial communications and internet providing systems. But they're also heavily reliant on cybersecurity. We've got to make sure that they are secured to avoid an accident or international damage. Loss of control of these constellations really could be catastrophic from both a mission perspective or from a satellites tumbling out of low earth orbit perspective. Another trend is introductions in artificial intelligence and machine learning, onboard spacecraft are at the edge. Our satellites are really not so much hardware systems with a little software anymore in the commercial sector and in the defense sector, they're basically flying boxes full of software. And we need to ensure that data that we're getting out of those flying boxes full of software are helping us base our decisions on accurate data and algorithms, governing the right actions and that those systems are impervious to the extent possible to nefarious modifications. So in summation, cybersecurity is a vital element of everything in our national security space goals. And I would argue for our national goals, writ large, including economic and information dimensions, the Space Force leadership at all levels from some of the brand new second lieutenants that general Raymond swore in to the space force this morning, ceremonially from the air force associations, airspace and cyberspace conference to the various highest levels, General Raymond, General DT Thompson, myself, and a number of other senior leaders in this enterprise. We've got to make sure that we're all working together to keep cyber security at the forefront of our space systems cause they absolutely depend on it. >> You mentioned hardware, software threats, opportunities, challenges. I want to ask you because you got me thinking of the minute they're around infrastructure. We've heard critical infrastructure, grids here on earth. You're talking about critical infrastructure, a redefinition of what critical infrastructure is, an extension of what we have. So I'd love to get your thoughts about Space Force's view of that critical infrastructure vis-a-vis the threat vectors, because the term threat vectors has been kicked around in the cyberspace. Oh you have threat vectors. They're always increasing the surface area. If the surface area is from space, it's an unlimited service area. So you got different vectors. So you've got new critical infrastructure developing real time, really fast. And you got an expanded threat vector landscape. Putting that in perspective for the folks that aren't really inside the ropes on these critical issues. How would you explain this and how would you talk about those two things? >> So I tell you, just like, I'm sure people in the security side or the cybersecurity side of the business in the banking industry feel, they feel like it's all possible threat vectors represent a dramatic and protect potentially existential threat to all of the dollars that they have in the banking system, to the financial sector. On the Department of Defense side, we've got to have sort of the same mindset. That threat vector from, to, and through space against critical space systems, ground segments, the launch enterprise, or transportation to orbit and the various different domains within space itself. Like I mentioned before, LEO, MEO and GEO based satellites with different orbits, all of the different mission areas that are accomplished from space that I mentioned earlier, some that I did mention like a weather tactical or wide band communications, various new features of space control. All of those are things that we have to worry about from a cyber security threat perspective. And it's a daunting challenge right now. >> Yeah, that's awesome. And one of the things we've been falling on the hardware side on the ground is the supply chain. We've seen, malware being, really put in a really obscure hardware. Who manufactures it? Is it being outsourced? Obviously government has restrictions, but with the private sector, you mentioned China and the US kind of working together across these peaceful areas. But you got to look at the supply chain. How does the supply chain in the security aspect impact the mission of the US space Force? >> Yeah. Yeah. So how about another, just in terms of an example, another kind of California based historical example. The very first US Satellite, Explorer 1, was built by the jet propulsion laboratory folks, not far from here in El Segundo, up in Pasadena, that satellite, when it was first built in the late 50s weighing a little bit, over 30 pounds. And I'm sure that each and every part was custom made and definitely made by US companies. Fast forward to today. The global supply chain is so tightly coupled, and frankly many industries are so specialized, almost specialized regionally around the planet. We focus every day to guarantee the integrity of every component that we put in our space systems is absolutely critical to the operations of those satellites and we're dependent upon them, but it becomes more difficult and more difficult to understand the heritage, if you will, of some of the parts that are used, the thousands of parts that are used in some of our satellites that are literally school bus sized. The space industry, especially national security space sector is relatively small compared to other commercial industries. And we're moving towards using more and more parts from non US companies. Cybersecurity and cyber awareness have to be baked in from the beginning if we're going to be using parts that maybe we don't necessarily understand 100% like an Explorer one, the lineage of that particular part. The environmental difficulties in space are well known. The radiation environment, the temperature extremes, the vacuum, those require specialized component. And the US military is not the only customer in that space. In fact, we're definitely not the dominant customer in space anymore. All those factors require us along with our other government partners and many different commercial space organizations to keep a very close eye on our supply chains, from a quality perspective, a security perspective and availability. There's open source reporting on supply training intrusions from many different breaches of commercial retailers to the infectious spread of compromised patches, if you will. And our adversaries are aware of these techniques. As I mentioned earlier, with other forms of attack, considering our supply chains and development networks really becomes fair game for our adversaries. So we have to take that threat seriously. Between the government and industry sectors here in the US. We're also working with our industry partners to enact stronger defenses and assess our own vulnerabilities. Last fall, we completed an extensive review of all of our major contracts here at Space and Missile System Center to determine the levels of cyber security requirements we've implemented across our portfolio. And it sounds really kind of businessy geeky, if you will. Hey, we looked at our contracts to make sure that we had the right clauses in our contracts to address cybersecurity as dynamically as we possibly could. And so we found ourselves having to add new language to our contracts, to require system developers, to implement some more advanced protective measures in this evolving cyber security environment. So that data handling and supply chain protections from contract inception to launch and operations were taken into account. Cyber security really is a key performance parameter for us now. Performance of the system, It's as important as cost, it's as important as schedule, because if we deliver the perfect system on time and on cost, it can perform that missile warning or that communications mission perfectly, but it's not cyber secure. If it's doesn't have cyber protections built into it, or the ability to implement mitigations against cyber threats, then we've essentially fielded a shoe box in space that doesn't do the CA the war fighter or the nation any good. Supply chain risk management is a major challenge for us. We're doing a lot to coordinate with our industry partners. We're all facing it head on to try and build secure and trusted components that keep our confidence as leaders, firefighters, and baristas as the case may be. But it is a challenge. And we're trying to rise to that challenge. >> This is so exciting this new area, because it really touches everything. Talk about geeking out on the tech, the hardware, the systems but also you put your kind of MBA hat on you go, what's the ROI of extra development and how things get built. Because the always the exciting thing for space geeks is like, if you're building cool stuff, it's exciting, but you still have to build. And cybersecurity has proven that security has to be baked in from the beginning and be thought as a system architecture. So you're still building things, which means you got to acquire things, you got to acquire parts, you got acquire build software and sustain it. How is security impacting the acquisition and the sustainment of these systems for space? >> Yeah. From initial development, through planning for the acquisition, design, development, our production fielding and sustainment, it impacts all aspects of the life cycle, John. We simply, especially from the concept of baking in cybersecurity, we can't wait until something is built and then try and figure out how to make it cyber secure. So we've moved way further towards working side by side with our system developers to strengthen cybersecurity from the very beginning of a systems development, cyber security, and the resilience associated with it really have to be treated as a key system attribute. As I mentioned earlier, equivalent with data rates or other metrics of performance. We like to talk in the space world about mission assurance and mission assurance has always sort of taken us as we technically geek out. Mission assurance has always taken us to the will this system work in space. Can it work in a vacuum? Can it work in as it transfers through the Van Allen radiation belt or through the Southern hemisphere's electromagnetic anomaly? Will it work out in space? And now from a resiliency perspective, yeah, it has to work in space. It's got to be functional in space, but it's also got to be resistant to these cybersecurity threats. It's not just, I think a General D.T Thompson quoted this term. It's not just widget assurance anymore. It's mission assurance. How does that satellite operator that ground control segment operate while under attack? So let me break your question a little bit, just for purposes of discussion into really two parts, cybersecurity, for systems that are new and cybersecurity for systems that are in sustainment are kind of old and legacy. Obviously there's cyber vulnerabilities that threatened both, and we really have to employ different strategies for defensive of each one. For new systems. We're desperately trying to implement across the Department of Defense and particularly in the space world, a kind of a dev sec ops methodology and practice to delivering software faster and with greater security for our space systems. Here at SMC, we have a program called enterprise ground services, which is a toolkit, basically a collection of tools for common command and control of different satellite systems, EGS as we call it has an integrated suite for defensive cyber capabilities. Network operators can use these tools to gain unprecedented insight to data flows and to monitor space network traffic for anomalies or other potential indicators of a bad behavior, malicious behavior, if you will, it's rudimentary at this point, but because we're using DevSecOps and that incremental development approach, as we scale it, it just becomes more and more capable. Every product increment that we feel. Here at LA Air Force Base, we have the United Space Force's West Coast Software Factory, which we've dubbed the Kobayashi Maru. They're using those agile DevOps software development practices to deliver a space awareness software to the combined space operations center. Affectionately called the CSpock that CSpock is just on the road from Cal Poly there in San Luis Obispo at Vandenberg Air Force Base. They've so securely linked the sea Spock with other space operation centers around the planet, our allies, Australia, Canada, and the UK. We're partnering with all of them to enable secure and enhanced combined space operations. So lots of new stuff going on as we bake in new development capabilities for our space systems. But as I mentioned earlier, we've got large constellations of satellites on orbit right now. Some of them are well in excess of a decade or more or old on orbit. And so the design aspects of those satellites are several decades old. But we still have to worry about them cause they're critical to our space capabilities. We've been working with an air force material command organization called CROWS, which stands for the Cyber Resiliency Office for Weapon Systems to assess all of those legacy platforms from a cyber security perspective and develop defensive strategies and potential hardware and software upgrades to those systems to better enable them to live through this increasingly cybersecurity concerned era that we currently live in. Our industry partners have been critical to both of those different avenues. Both new systems and legacy systems. We're working closely with them to defend and upgrade national assets and develop the capabilities to do similar with new national assets coming online. The vulnerabilities of our space systems really kind of threatened the way we've done business in the past, both militarily and in the case of GPS economically. The impacts of that cybersecurity risk are clear in our acquisition and sustainment processes, but I've got to tell you, as the threat vectors change, as the vulnerabilities change, we've got to be nimble enough, agile enough, to be able to bounce back and forth. We can't just say, many people in the audience are probably familiar with the RMF or the Risk Management Framework approach to reviewing the cyber security of a system. We can't have program managers and engineers just accomplish an RMF on a system. And then, hey, high five, we're all good. It's a journey, not a destination, that's cybersecurity. And it's a constant battle rhythm through our weapon systems lifecycle, not just a single event. >> I want to get to this commercial business needs and your needs on the next question. But before I go there, you mentioned agile. And I see that clearly because when you have accelerated innovation cycles, you've got to be faster. And we saw this in the computer industry, mainframes, mini computers, and then we started getting beyond maybe when the internet hit and PCs came out, you saw the big enterprises, the banks and government start to work with startups. And it used to be a joke in the entrepreneurial circles is that, there's no way if you are a startup you're ever going to get a contract with a big business enterprise. Now that used to be for public sector and certainly for you guys. So as you see startups out there and there's acquisition involved, I'm sure would love to have a contract with Space Force. There's an ROI calculation where if it's in space and you have a sustainment view and it's software, you might have a new kind of business model that could be attractive to startups. Could you share your thoughts on the folks who want to be a supplier to you, whether they're a startup or an existing business that wants to be agile, but they might not be that big company. >> John, that's a fantastic question. We're desperately trying to reach out to those new space advocates, to those startups, to those what we sometimes refer to, within the Department of Defense, those non traditional defense contractors. A couple of things just for thinking purposes on some of the things that we're trying to highlight. Three years ago, we created here at Space and Missile System Center, the Space Enterprise Consortium to provide a platform, a contractual vehicle, really to enable us to rapidly prototype, development of space systems and to collaborate between the US Space Force, traditional defense contractors, non traditional vendors like startups, and even some academic institutions. SPEC, as we call it, Space Enterprise Consortium uses a specialized contracting tool to get contracts awarded quickly. Many in the audience may be familiar with other transaction agreements. And that's what SPEC is based on. And so far in just three years, SPEC has awarded 75 different prototyping contracts worth over $800 million with a 36% reduction in time to award. And because it's a consortium based competition for these kinds of prototyping efforts, the barrier to entry for small and nontraditional, for startups, even for academic institutions to be able to compete for these kinds of prototyping has really lowered. These types of partnerships that we've been working through on spec have really helped us work with smaller companies who might not have the background or expertise in dealing with the government or in working with cyber security for their systems, both our developmental systems and the systems that they're designing and trying to build. We want to provide ways for companies large and small to partner together in support kind of mutually beneficial relationships between all. Recently at the Annual Air Force Association conference that I mentioned earlier, I moderated a panel with several space industry leaders, all from big traditional defense contractors, by the way. And they all stressed the importance of building bridges and partnerships between major contractors in the defense industry and new entrance. And that helps us capture the benefits of speed and agility that come with small companies and startups, as well as the expertise and specialized skill sets of some of those larger contractors that we rely on day in and day out. Advanced cyber security protections and utilization of secure facilities are just a couple of things that I think we could be prioritizing more so in those collaborations. As I mentioned earlier, the SPEC has been very successful in awarding a number of different prototyping contracts and large dollar values. And it's just going to get better. There's over 400 members of the space enterprise consortium, 80% of them are non traditional kinds of vendors. And we just love working with them. Another thing that many people in the audience may be familiar with in terms of our outreach to innovators, if you will, and innovators that include cyber security experts is our space pitch day events. So we held our first event last November in San Francisco, where we awarded over a two day period about $46 million to 30 different companies that had potentially game changing ideas. These were phase two small business innovative research efforts that we awarded with cash on the spot. We're planning on holding our second space pitch day in the spring of 2021. We're planning on doing it right here in Los Angeles, COVID-19 environment permitting. And we think that these are fantastic venues for identifying and working with high-speed startups, and small businesses who are interested in really, truly partnering with the US Air Force. It's, as I said before, it's a really exciting time to be a part of this business. And working with the innovation economy is something that the Department of Defense really needs to do in that the innovation that we used to think was ours. That 80% of the industrial base innovation that came from the Department of Defense, the script has been flipped there. And so now more than 70%, particularly in space innovation comes from the commercial sector, not from the defense business itself. And so that's a tsunami of investment and a tsunami of a capability. And I need to figure out how to get my surfboard out and ride it, you know what I mean? >> Yeah, It's one of those things where the script has been flipped, but it's exciting because it's impacting everything. When you're talking about systems architecture? You're talking about software, you're talking about a business model. You're talking about dev sec opsx from a technical perspective, but now you have a business model innovation. All the theaters are exploding in innovation, technical, business, personnel. This brings up the workforce challenge. You've got the cyber needs for the US Space Force, It's probably great ROI model for new kinds of software development that could be priced into contracts. That's a entrepreneurial innovation, you've got the business model theater, you've got the personnel. How does the industry adopt and change? You guys are clearly driving this. How does the industry adjust to you? >> Yeah. So I think a great way to answer that question is to just talk about the kind of people that we're trying to prioritize in the US Space Force from an acquisition perspective, and in this particular case from a cybersecurity perspective. As I mentioned earlier, it's the most exciting time to be in space programs, really since the days of Apollo. Just to put it in terms that maybe have an impact with the audience. From 1957 until today, approximately 9,000 satellites have been launched from the various space varying countries around the planet. Less than 2000 of those 9,000 are still up on orbit and operational. And yet in the new space regime players like Space X have plans to launch, 12,000 satellites for some of their constellations alone. It really is a remarkable time in terms of innovation and fielding of space capabilities and all of those space capabilities, whether they're commercial, civil, or defense are going to require appropriate cybersecurity protections. It's just a really exciting time to be working in stuff like this. And so folks like the folks in this audience who have a passion about space and a passion about cybersecurity are just the kind of people that we want to work with. Cause we need to make sure our systems are secure and resilient. We need folks that have technical and computing expertise, engineering skills to be able to design cyber secure systems that can detect and mitigate attacks. But we also, as you alluded to, we need people that have that business and business acumen, human networking background, so that we can launch the startups and work with the non traditional businesses. Help to bring them on board help, to secure both their data and our data and make sure our processes and systems are free as much as possible from attack. For preparation, for audience members who are young and maybe thinking about getting into this trade space, you got to be smart on digital networking. You got to understand basic internet protocols, concepts, programming languages, database design. Learn what you can for penetration or vulnerability testing and a risk assessment. I will tell you this, and I don't think he will, I know he will not mind me telling you this, but you got to be a lifelong learner and so two years ago, I'm at home evening and I get a phone call on my cell phone and it's my boss, the commander of Air Force Space command, General, J. Raymond, who is now currently the Chief of Space Operations. And he is on temporary duty, flying overseas. He lands where he's going and first thing he does when he lands is he calls me and he goes JT, while I was traveling, I noticed that there were eBooks available on the commercial airliner I was traveling on and there was an ebook on something called scrumming and agile DevSecOps. And I read it, have you read it? And I said, no, sir. But if you tell me what the title of the book is, I will read it. And so I got to go to my staff meeting, the very next week, the next time we had a staff meeting and tell everybody in the staff meeting, hey, if the four star and the three star can read the book about scrumming, then I'm pretty sure all of you around this table and all our lieutenants and our captains our GS13s, All of our government employees can get smart on the scrumming development process. And interestingly as another side, I had a telephone call with him last year during the holidays, where he was trying to take some leave. And I said, sir, what are you up to today? Are you making eggnog for the event tonight or whatever. And the Chief of Space Operations told me no, I'm trying to teach myself Python. I'm at lesson two, and it's not going so well, but I'm going to figure this out. And so that kind of thing, if the chief of staff or the Chief of Space Operations can prioritize scrumming and Python language and innovation in his daily schedule, then we're definitely looking for other people who can do that. And we'll just say, lower levels of rank throughout our entire space force enterprise. Look, we don't need people that can code a satellite from scratch, but we need to know, we need to have people that have a basic grasp of the programming basics and cybersecurity requirements. And that can turn those things into meaningful actions, obviously in the space domain, things like basic physics and orbital mechanics are also important spaces, not an intuitive domain. So under understanding how things survive on orbit is really critical to making the right design and operational decisions. And I know there's probably a lot, because of this conference. I know there's probably a whole lot of high speed cybersecurity experts out in the audience. And I need those people in the US Space Force. The country is counting on it, but I wouldn't discount having people that are just cyber aware or cyber savvy. I have contracting officers and logisticians and program managers, and they don't have to be high end cybersecurity experts, but they have to be aware enough about it to be able to implement cyber security protections into our space systems. So the skill set is really, really broad. Our adversaries are pouring billions of dollars into designing and fielding offensive and destructive space, cybersecurity weapons. They repeatedly shown really a blatant disregard of safety and international norms for good behavior on orbit. And the cyber security aspects of our space systems is really a key battleground going forward so that we can maintain that. As I mentioned before, peaceful global comments of space, we really need all hands on deck. If you're interested in helping in uniform, if you're interested in helping, not in uniform, but as a government employee, a commercial or civil employee to help us make cyber security more important or more able to be developed for our space systems. And we'd really love to work with you or have you on the team to build that safe and secure future for our space systems. >> Lieutenant General John Thompson, great insight. Thank you for sharing all that awesome stories too, and motivation for the young next generation. The United States Space Force approach to cybersecurity. Really amazing talk, thank you for your time. Final parting question is, as you look out and you have your magic wand, what's your view for the next few years in terms of things that we could accomplish? It's a super exciting time. What do you hope for? >> So first of all, John, thanks to you and thanks to Cal Poly for the invitation and thanks to everybody for their interest in cybersecurity, especially as it relates to space systems, that's here at the conference. There's a quote, and I'll read it here from Bernard Schriever, who was the founder, if you will, a legend in a DoD space, the founder of the Western development division, which was a predecessor organization to Space and Missile System Center, General Schriever, I think captures the essence of how we see the next couple of years. "The world has an ample supply of people "who can always come up with a dozen good reasons "why new ideas will not work and should not be tried, "but the people who produce progress are breed apart. "They have the imagination, "the courage and the persistence to find solutions." And so I think if you're hoping that the next few years of space innovation and cybersecurity innovation are going to be upon a pony ride at the County fair, then perhaps you should look for another line of work, because I think the next few years in space and cybersecurity innovation are going to be more like a rodeo and a very dynamic rodeo as it goes. It is an awesome privilege to be part of this ecosystem. It's really an honor for me to be able to play some small role in the space ecosystem and trying to improve it while I'm trying to improve the chances of the United States of America in a space war fighting environment. And so I thank all of you for participating today and for this little bit of time that you've allowed me to share with you. Thank you. >> Sir, thank you for your leadership and thank you for the time for this awesome event, Space and Cyber Cybersecurity Symposium 2020, I'm John Furrier on behalf of Cal Poly, thanks for watching. (mellow music)