EVENT TRANSCRIPT: Directions for the next National Cyber Security Strategy
DATE: 3pm, 24 January 2021
VENUE: Online
SPEAKERS: Erika Lewis, Dr Hugo Rosemont, Dr Joe Devanny, Dr Danny Steed
EVENT MODERATOR: Dr Danny Steed
Danny Steed 00:02
Good afternoon, ladies and gentlemen, thank you so much for joining us this afternoon here at the Henry Jackson Society. And the first events for what is now the Centre for Cyber Security and Online Threats. This is our very first event. So thank you so much for taking the time. My name is Danny Steed I am research fellow here in cyber security and intelligence building this brand new centre, what we’re really hoping to do not just today, but with the centre, this being the first of many, many events that we’re going to be doing is build a centre that is really going to be policy focused, nurturing the public private debate and really coming up with some pretty imaginative debate threads but also policy options for where we want, where we want to go and really informing this. Hence why we picked this session right away the future directions for the National Cyber Security Strategy. This is the year we are due to end the current cycle of the strategy and begin a new one. So it’s a really natural fit to try and get some different perspectives going on. And we’ve assembled a really great panel of guests here today representing governments, private industry, and academia in Erika from DCMS so I have Hugo from Amazon Web Services. And joining us as soon as he finishes his class at King’s College London will be Joe in incoming on here. So Erika Lewis is Director for cybersecurity and digital identity at DCMS. Hugo Rosemont is the defence National Security Policy Manager for Amazon Web Services. And Joe Devanny is a lecturer in the war studies departments at King’s College London. The format that we’re going to do is we’re going to get remarks from each guest in turn up to 10 minutes. So forgive me both if I have to be a little draconian on timings. The first half of this session will be on the records and will be posted to YouTube. After the events. The second half of our q&a session will be off the record. Our Facebook Live stream will end and it won’t be uploaded to YouTube. But please do get those questions coming in via the chat channel throughout as and when you hear from the speakers. My colleague Sean and I will be triage during these for when we do get to the do get to the q&a session. So Erika, really I just I don’t want to belabour introductions at all. I really want to get into the meat of this. I’ve been waiting weeks to kick off my own events panel. So could we start with you please and getting this DCMS view on where you see cybersecurity strategy going?
Erika Lewis 02:56
Well, Thank you very much. I’m Erika Lewis. I’m the Director for cybersecurity and digital identity at the Department for digital Culture, Media and Sport. And it’s a real pleasure to be here with you today. I didn’t realise it was your first so even even more pleasure to be here for your first session like this. And I want to thank Danny, and the Henry Jackson society for organising the event. And I’m actually here because I’m really looking forward to hearing your views too. And the views of the other panel members on what the future of the government’s work on cyber security should look like. But I sort of introduced me as somebody who can tell us about the future of cybersecurity and in the questions I will try and answer some of those things for you. But But in terms of an introduction, I actually thought it would be good if I outlined the role of DCMS in relation to the delivery of the current strategy. We’re actually working on the new strategy with the Cabinet Office. And we are hopeful that it will be ready for consultation in the spring, but I can’t go into very clear details on what that new strategy will look like. Yeah. Okay, so for the past five years, DCMS has had three main responsibilities for cybersecurity within the UK government. We support the growth of the UK cyber security sector. In that we’re creating and supporting jobs. We look at the regulatory regulatory environment for cybersecurity and how the UK can best use regulations as an incentive to encourage industry to invest well in cybersecurity measures. And we work to address the cyber skills gap that we’re all facing. And we do this by improving school age digital skills by providing better retraining opportunities for adults and by laying foundations for a cybersecurity threat. more of that later. Within this broad remit at DCMS we’ve led on a range of cybersecurity policies and programmes of national strategic importance. The first one I want to introduce you to is our work that is as exemplified by secure by design, we’ve been trying to ensure that the technology that citizens and businesses use is as as innately safe as possible. cybersecurity is best rooted in technology. And DCMS is looking at the security of the tech that we already use, as well as trying to ensure that new technologies are safe to I don’t need to tell this group about the exponential growth of connected devices, which we call the Internet of Things. But what is clear is that all too often these devices don’t meet security standards. And as a result, these devices can be targeted and exploited to build malicious botnets. DC mass has put the UK at the forefront of IoT security standards. We’re really proud that in 2018, we published the code of practice for consumer IoT security. And last year was published a global industry standard on IoT security, which was building on the principles established in our code of practice. And we really feel that by raising the bar for IoT security, we lower the risk of connected devices being exploited for malicious purposes. Looking ahead, DCMS is beginning to explore how smart cities can drive growth and innovation, connectivity and automation offers opportunities to create more efficient infrastructure and empower people. But these systems create networks of base based sensors that are owned by a plethora of actors. We don’t know enough yet about how secure these systems are. The sensors are a collect vast rafts of data. And again, these data are held by different actors, local authorities, health authorities, etc. Again, we don’t know yet about how to ensure this data is properly secured. So we’re moving to look at this next. Secondly, we’ve been working to increase cyber resilience across the economy. This work involves measuring the ability of organisations in the UK to access and mitigate cyber risks, and respond and recover from incidence. we undertake measurement of the success of this work through research like the cyber breaches survey, and based on this understanding, we then evaluate how DCMS can best use incentives and regulations to increase resilience. As an example, we’ve explored how cyber insurance affects the way organisations approach cyber security, the insurance market may be able to incentivize incentivize organisations to invest in their own cybersecurity in return for lower insurance premiums. The effectiveness of this market is of interest to us and something that we’re engaging with. But as much as cybersecurity is linked to technology, resilience can not be achieved with technology alone, and appropriately skilled workforce that can create and implement cybersecurity products and services is critical to the wider economy. We want there to be many interested and skilled people joining the cybersecurity profession. The CMS is responsible for policies and programmes feeding the UK cyber skills pipeline. Our activities in this space span from youth to adults, for youth and in initiatives like cyber first and cyber discovery, inform and inspire young people to engage with cybersecurity in their education and pursue careers in the field. Since 2015, over 150,000 children in the UK have taken part in these programmes. It’s really quite impressive. The successes we will build on going into the next delivery year. In the adult space. The CMS has set up a UK cybersecurity Council. This independent body is governed by industry for industry, and will formalise many aspects of the cybersecurity profession. People looking to enter cybersecurity careers often lack guidance in terms of entry points and career pathways. The cybersecurity council will produce this guidance and clarify the qualification landscape including some chartered status for cyber professionals in the future. Running rolling throughout all the DCMS cyber skills work is a critical focus on diversity. We know that the cybersecurity workforce is under represented by women and people from different communities. We also know that the lack of diversity contributes to a cyber skills shortage by encouraging more under representative individuals. As you cybersecurity careers, we will foster a more effective and resilient workforce. We’ve also been being building on the strength of the cyber sector itself. Our latest cyber sectorial analysis research published last week indicates that there are 1483 very very precise cybersecurity firms in the UK, which is an a really impressive increase of 21% on the previous year. The sector is also thriving, generating 8.9 billion in annual revenue and contributing 4 billion to GVA. Going forward DCMS intends to build on the success of the cyber security sector. from our past experience in supporting innovators and entrepreneurs, we know that programmes like startup boot camps and accelerators foster growth in this sector. In addition to serving the UK market, we want to support companies looking to export their cybersecurity products and services, showcasing the world leading solutions produced in the UK. We’re also really pleased that the cyber sector has shown resilience in the face of challenges presented to us over the past year by the covid 19 pandemic. While many people and businesses have faced difficulties over the past year or so the circumstances of COVID-19 have also presented opportunities. homeworking has become more prevalent, a reliance on technology and connectivity has brought cybersecurity to the attention of many, many businesses. Although we can’t comment for certain on these trends, we’re confident that the cyber sector will continue to play an important role in the UK is recovery from the pandemic and help us to build back better. Finally, we’re looking to ensure cyber businesses thrive in all parts of the UK. We know that historically the cyber sector has grown around pockets in the southeast and Gloucestershire. But the sectoral analysis Research also shows that negative cybersecurity companies exist or parts of the UK and we’re committed to harnessing this excellent to drive across youth UK growth. DCMS is working to ensure that the whole country benefits from cybersecurity and my team is engaging with local enterprise partnerships to understand regional cybersecurity capabilities needs and how we can best support them. On a broader level DCMS has announced the creation of a Manchester hub. And this departmental precedence outside London puts us closer to areas of the country where many important cybersecurity initiative initiatives are being developed. In spreading our reach. We also seek to work closely with the devolved administration’s in Scotland, Wales and Northern Ireland, in policy areas like skills which are decentralised and these are often opportunities for us to share knowledge and best practice. So just to wrap up, and next, National Cybersecurity strategy comes at a time of opportunity for cyber, I think the covid 19 pandemic has accelerated technology uptake, our mission in DCMS will remain to lower the cybersecurity risks of technology, while increasing cyber resilience of businesses and growing the cyber sector throughout the UK. To achieve this, we look forward to working with you and with partners across government and industry and in the wider cyber community. So Danny, I hope that’s been useful as a as an introduction, and I’m looking forward to taking questions.
Danny Steed 12:55
Indeed, Thank you so much, Erika, it’s it really is interested like how big the scope is that DCMS alone is even just one department seeks to cover wherever we’re talking about business diversity, business resilience across the country. But then of course, the skills agenda throughout and that the onus on secure by design, you really do start to scratch the surface of how deep and wide the problem here is. Hugo just before we turn to you just obviously want to welcome Joe and Joe we I did go at pains to everybody to let let them all know you were just wrapping up a class as well. No doubt probably your third or fourth of the day. So just welcome here for Joe Devanny from King’s College London. But to give you a few moments to catch your breath. No doubt. We’re going to go to Hugo next. So Hugo, please your thoughts from the Amazon Web Services perspective.
Hugo Rosemont 13:56
Thanks so much. And good afternoon, everybody. And thank you to fellow panellists also for the opportunity to participate this afternoon. And Daniel, particularly for your first event, it’s a great honour and all best wishes for the new centre. So offering the industry perspective, if I may, or at least certainly that that from AWS, I’d like to focus a short set of remarks on building on the success and I think we can say it as the success of the 2016 to 21 National Cyber Security Strategy. The opportunity now is for the formation of the next strategy to to develop an even deeper public private cooperation on cybersecurity. And Erika touched on that to certain extent, and I’d like to sort of raise two principal areas where I think we can we can drive this particularly in respect to the private sectors contribution to driving cybersecurity innovation, the technologies the solutions and the wider approaches that can be adopted. And secondly, Of course industries own role in enhancing its own resilience across the economy. And I think these are the two key areas and roles that the private sector have has to play a little bit on on context on the public private cooperation, as I see it. Erika touched briefly on on the DCMS, cyber sectoral analysis there an I think that is a growing sector. And very noted, interesting to note in your report there, Erika, the growth of 7% of that sector over the past 12 months? Well, you know, sadly, in the current economic circumstances, not that many service sectors who might be growing at such a rate. So I think this is a strength of the UK economy. And of course, you’d expect to hear hear me say this. But, of course, we’d like to think that cloud is very much part of that cloud technology and associated technologies. And last year, we were commissioned to report for example, to show how AWS contributed to generating 8.7 billion in the economy also. And I think Eric has point on cyber security exports is key here as well for the UK and as as the basis for international cooperation. I think another element I’d like to highlight for the discussion, really, Joe is around the role of private sector, obviously, in tackling online harms, and driving cybersecurity itself. From our perspective, we obviously have two principal roles in that regard, there’s the role of AWS must play in in its own security arrangements, its own security, as a corporate as any business across the economy, but also the cloud technologies and services that we can provide to customers across public private sectors, into charities, for instance, on supporting the missions of others, for tackling online harms, for example, the work that we do for the International Centre for Missing and Exploited Children, and advanced cloud technologies and associated tools, I think, can play a role in in addressing some of these online harms, which might not always be the lens through which the technology sector is seen in this very important debate that we have ahead of us. A few highlights on this on the first strategy before I off because three points really on future directions. If I may Danny, of the current strategy, I think, you know, numerous structures have been set up, I think the UK Government has been certainly seen as a global leader in setting up some of the new structures. The cybersecurity information sharing partnership is an important information exchange between government and industry. And I won’t embarrass our our moderator for declaring his own hand in the formation of that. But that is an important intelligence sharing initiative between the public private sector to foster collaboration around information sharing. And if recent incidents are shared the centre thing that is at least a very important element that we need to continue to focus on, if not the only. The second, I would like to raise this is the new model, that is the National Cybersecurity Centre itself as a structure of collaboration between the public and private sectors really, and has put that that element as a core focus, and I think I think that really is a key development in the UK cyber landscape, I think an underreported element of its of its activities or work it’s been doing, and it’s in engaging the wider economy, beyond sort of critical national infrastructure sectors like defence, or transport, for example, and into sort of sectors such as retail, and now into manufacturing in the wider charter sector, I think more can be done to broaden further still the engagement that the ncsc and others have with the private sector. And that’s certainly an innovative model, and one that we should be proud of is the UK. And then lastly, and Eric and I certainly focused on this and fully fully support her messages on Innovation and Skills that was definitely put at the heart of 2016-2021 strategy. We all know, I think, probably that there’s lots more work to do to foster the level of skills and opportunities for people at all stages of their career to enter into cyber security. And our decades points and just say that, that that applies equally to cloud based technologies in coding as well. So we we do have to continue to focus this future directions. Danny, in closing three points I’d like to raise I think the strategy should cover how it is that we’re going to move forward on driving industry engagement around supply chain resilience, to include perhaps engaging non traditional partners to a greater extent than we’ve done hitherto. And, and noting and again, you might expect me to say this, the inherent security benefits of cloud technology and how that can bring some benefits to ramping up at scale, the sort of resilience that we’re looking for. And if you think that’s just AWS saying and certainly with the logo, but twining my head Have you might be forgiven for thinking that, then I’d point you towards the National Cybersecurity centres and working papers on this, and also the Ministry of Defence. Its defence digital, who produced material on this, this topic. Secondly, and I think I would like to open a discussion because as Erika has has covered, there is going to be a year of cybersecurity regulation. There are a number of bills and legislative and policy agendas on the government’s agenda. And I think that is such an opportunity perhaps to drive greater government coordination insofar as it engages industry on these matters. We have the data strategy, we have the online harms bill, we have the NIST updated regulations just over Christmas, and the telecom security bill, I think the ask from industry has got to be how can we work with government and vice versa to ensure that the UK maintains its competitive edge in cybersecurity, and that this doesn’t become a hindrance to innovation and development. And last but not least, and as I noted, this centre in particular will adopt very much and you do Danny, a sort of international outlook, I would like to flag up I think the opportunity for the UK in particular, to develop further still international leadership role. And the opportunity for international coordination, including insofar as it engages with industry on as Erika has rightly expressed the development of standards on on technologies on capabilities. And with the integrated review, coming up with a cybersecurity strategy also, in due course, there’s a real opportunity, I think, for deeper public private partnership at both the domestic and the international level, too. So I’ll leave it at that. Thank you.
Danny Steed 21:55
Thank you so much. Absolutely. I mean, it’s it’s such a big arena on this in such a big time of not necessarily flux. But like you say, Erika, the opportunities, and the balancing act between so many pieces of legislation coming through and how we shape that environment, particularly for new bearing in mind the sensitivities for business and how they operate, maintain market competition. So Joe, bringing in your views as as a scholar now, please, by all means, join the discussion.
Joe Devanny 22:34
Thanks very much, Danny. And yeah, my apologies again, or sort of pop up publicly on the record, this time for late arrival, sort of the the compound impact of my schedule today and my computer’s inability to quickly shift between video calling apps without threatening to self destruct. But yeah, so far, so good touch something that looks a bit like wood. So I, yeah, thanks very much, again, for inviting me. I think this is a really worthwhile discussion to have. And it’s great to sort of follow the two other panellists Erika and Hugo. I agree with everything that I’ve heard. And, and I suspect I probably would have agreed with everything I didn’t hear in the beginning of Erika’s presentation, sort of very, very sadly missed, but everyone else didn’t, which is great. Where would I start sort of evaluating where we’ve got to and you know, over a decade now of different National Cybersecurity strategies, I say that there’s a lot of good things, a lot of which, you know, have already been identified. So I won’t repeat those in in any detail. But I’d say even the process of producing the national strategies themselves, was a good discipline to go through a good exercise in public communication. And, you know, it’s worth reflecting, I guess, on what a national security strategy a National Cybersecurity strategy is, and what it isn’t. And that’s important to sort of caveat, if it hasn’t already been done, or I guess, explicitly or implicitly that, you know, public strategy document isn’t the totality of any nation strategy on anything. And that extends to you know, UK cybersecurity strategy, and all of the different sub strategies and sectoral strategies that sort of hang off it. But, you know, it’s, it’s worth evaluating them on their own merits, you know, and in terms of, you know, what they do, what they’re intended to do the different audiences that they’re intended to reach. So in as an exercise in sort of public strategic communication, I think it’s been really encouraging and a really impressive, you know as Hugo said, I think it’s, you know, something that other countries certainly have looked at, across that period, things that the UK has been doing, the way it’s been communicating about cybersecurity. And unquestionably, you know, cybersecurity comes across as a much higher, UK National governmental priority now than today. 90 or even 10 years ago. And that’s, that’s right. It’s sort of prudential. But it’s good that that it is really clearly communicated that there is that elevated level of priority and sort of a menu of different strands of work sort of hanging under underneath it right from that sort of the first sort of pre coalition government iteration of cybersecurity strategy, which will those sort of much shorter and more top level, I think that the eight workflows or work streams that they identified, were in a pretty sensible statement of the problem. And pretty consistent with the direction of travel that sort of came later in 2011, and 2016. So I think all of that was good, the specific institutional developments, you know, the National Cybersecurity centre, definitely a good thing, both in terms of, again, that sort of public statement of taking it seriously, you know, moving into a sort of a higher profile role, even when it was just essentially continuing the work of precursors sort of, you know, bodies across a number of different strands of its work. I mean, that was a really positive thing. And, you know, we could talk about other things like the active cyber defence programme, which I think, again, is another sort of very positive development, that you could see a number of ways in which it could go on to be an even more positive development and future. So, you know, lots of good things. And then I suppose, again, actually, to sort of reiterate, from, from what I did here in Erika’s presentation, you know, plenty of things that probably fall into the category of very positive, but maybe, you know, sort of less headline grabbing sort of under the radar stuff in terms of capacity development or investment in, you know, developing the profession, in research in education, you know, all of that really positive. So, you’re having prefaced with a sort of alignment and uniformity sort of very positive sort of summary of remarks, I’d sort of go on to make, I suppose a few points that I headline under sort of governance organisation, and then very briefly at the end, sort of priorities in governance, I think it’s fair to say that there are a lot of ministerial positions that have a lot of different sort of Penny packets of cyber related responsibilities in their portfolios. I think to some extent, that’s inevitable, because you could never, or should never, I think, want to try to create a sort of a National Cyber department encompassing all of the different aspects of cyber, because I think, although that would be intellectually tidy on a piece of paper, that wouldn’t be a sensible thing to start to try to do. And it wouldn’t do justice to the fact that there are lots of different cyber dimensions that are relevant to the workings of lots of different agencies and departments. So I think that would be the wrong way to go. And it’s good, that that hasn’t been the way that the, you know, the direction of travel. Having said that, I think there are probably some useful incremental things that could potentially be looked at as a way of streamlining those ministerial responsibilities. So you build up sort of more, sort of weightier cyber portfolios for ministers. And the model that I sort of point to is, you know, what happened in dividend, the ICO before the two emerged, where you had an increasingly large number of joint ministers, that that had portfolios that sort of spanned the different departments, they were, you know, essentially working to both departments priorities, and I think that sort of thing in the cyber landscape might be quite a healthy thing to look at, especially where there’s clear alignment between some of those departmental priorities. So having, you know, joint ministers, pursuing the more security related or defence related aspects of cyber across, you know, the, the obvious kind of candidate and, you know, departments of state, whether it’s the home office, the Ministry of Defence, the Foreign Office, that could be looked at, you know, there’s also that extra element of coordination. You know, it’s one thing to streamline those portfolios, it’s another to actually get, you know, those ministers to work effectively together. And they’re, you know, you could look at, you know, precisely in your take the opportunity of having a new national security adviser say, Stephen Lovegrove to say, well, let’s look at how things have worked over the last 10 years, the different ways in which they’ve worked, the different models that we’ve tried to do coordination, you know, between ministers, but also, you know, with officials as well. So something like a sort of a regularly meeting, ministerial committee to deal with cyber strategy, not just in the run up to the publication of a strategy, the development of it, or looking specifically at the sort of indicators of whether it’s being implemented or not, but something a bit more broader and a bit deeper than that, that has continuity between the publication dates of the different strategies, which would I think, be really healthy, and I may just be suggesting something that already happens. It’s just not publicised as well as it might be, in which case great and it would be really easy to sort of pop you know, talk more publicly about The reality of that coherence. So, you know, whichever it is, I think that that would be positive. Now and then similarly on the sort of an official side. Again, I know that the two sort of situations aren’t exactly similar, but I think there are some similarities. If you look to the US and the Biden administration, and some of the new sort of senior cyber related appointments that they’ve made, you know, a new Deputy National Security Advisor for cyber and emerging technology, you know, might it be a good example, for there to be relevantly similar, senior Cabinet Office official at Deputy National Security Adviser sort of level, who has cyber as a bigger percentage, or maybe their sole portfolio, because there probably is enough work for someone to do as, as their whole job at the centre of government to look at strategy and coordination across all of the different bits of cyber. And so, you know, in terms of Central coordination, that might be something that that that might be worth looking at. I mean, one of the ways that I might try to sort of justify thinking that that might be a good idea, would be looking at things like the the National Audit offices sort of reports on the different iterations of the National Cyber strategy, and, you know, some of the slightly guided or sort of, you know, comments that they’ve made about implementation, maybe not having been as successful at times as they would have liked or the government itself would have liked, and maybe looking at some of those mechanisms of coordination and management and implementation might be one way of, of improving that, you know, a different point on on organisation or operations, would be looking at offensive cyber, and where that fits into wider National Cyber strategy. I think there are perfectly reasonable reasons why none of the national strategy documents 2016 2011 have talked a lot about offensive cyber, but it’s clearly relevant. And, you know, there needs to be, you know, some work done there on, you know, making sure that it is as integrated as possible with wider, you know, cyber strategy, whether that’s on, you know, Workforce Strategy, or, you know, operationally maybe the integrated review, I guess we could be what, two weeks away from from from finally reading that, maybe that goes into more detail, but I think probably that’s not likely, if it if it looks more like it’s precursor documents, then they’re not. But as long as that is being thought about, because I think the National Cyber force, you know, it is an interesting new development. new announcement has really ambitious growth, ambitions of you know, going to 3000 personnel in the next 10 years. I think that’s interesting, I think there are a number of different ways that you could maybe try to deliver that growth, and actually, the different choices you make about that would actually have a significant impact on the sort of organisation, it was the sort of operations that it that it conducted. And similarly, in terms of trying to have a coherent approach to cyber workforce strategy across the different strands of the, you know, the cyber strategy, so that you’re not you’re your plans to grow the offensive cyber mission aren’t detrimental to your plans to grow in, you know, cyber espionage, cyber defence, cyber security. So to the extent that it’s possible to have a really coherent cross government sort of holds a system approach to that, I think that would be a really good idea for all of those different institutional actors to coordinate with each other. Not least, because they’re all I guess, competing for scarce, you know, digital talent, and then finally, on priorities and staying with offensive cyber, I just say, you know, reading through the announcements and thinking about what a UK offensive cyber capability might look like, there are a number of different missions that were sort of stated as being possibly under its remit. But I think there are, there are clearly choices there. Even if you had, you know, 3000 you know, personnel, which I think would still be less than half of the current size of us Cyber Command, you’d still be forced to make prioritisation decisions on which of those was the higher priority. And you know, which missions that you were conducting or which capabilities you were developing in order to be able to conduct those missions. So things like, you know, what is your balance between, you know, the prioritisation of countering serious crime? You know, that was a good report, you know, published this week by by rusi, making some, you know, pretty sensible to me kind of incremental recommendations for how to improve, you know, the, the UK sort of effort against online fraud, for example. So, you know, what would a more coherent, higher, prioritise more highly prioritised government effort to counter ransomware? For example, you know, what would that look like, operationally, what might it look at look like from the perspective of new regulation or legislation? And I think, you know, that’s one way that defensive cyber could go, but it would go a different way, if you know, 80% of its work was on countering, you know, hostile state actors. Rather than 80% on cybercrime admitting that there may be will be a sort of a blurring of the line somewhere between those categories and sort of do the percentage isn’t the issue. It’s more the balance between the operational priorities and the capability development priorities. And that will really determine what the reality of having that capability and using it looks like over the next 10 years. So there lots of issues there under the sort of the rubric of governance organisation operations priorities, that I think are things to look at, you know, over the next the cycle of the next strategy and the strategy after that.
Danny Steed 35:38
Wonderful, Joe, thank you so much. Yes, it’s always very healthy getting that I always try and use the phrase myself that critical friends perspective just at a different viewpoints, whether it’s coming from industry, academia, we’ve had questions rolling in, please do keep them coming in just while I shamelessly exploited the chair and begin q&a myself. This is the point where we’re going to be ending the live stream and now going to our off the record section.