Previous IFPA-Fletcher Conferences
The 33rd IFPA-Fletcher Conference
on
National Security Strategy and Policy
October 16-17, 2002
The Ronald Reagan Building and International Trade Center
Washington, D.C.
Information Warfare: Challenges to Critical Infrastructure
Address by Mr. Richard Marshall, Principal Deputy Director, Critical Infrastructure Assurance Office, Department of Commerce
Pfaltzgraff: We have Richard Marshall who is Principal Deputy Director of the Critical Infrastructure Assurance Office. This office helps coordinate the development of the U.S. government’s national strategy for critical infrastructure protection. So it is with very great pleasure that I welcome Mr. Marshall as our concluding speaker on this important topic.
Marshall: As most of you know from the printed program, I am not the advertised person to speak on this particular subject. My boss, John Tritak, and you will always want to remember his name because he is absolutely phenomenal, and I am saying that not just because he is not here but because it is the absolute truth. If you ever have an opportunity to hear him testify before Congress, make sure you do it. He is masterful in discussing this subject and helping to make people understand it.
I am very lucky to have an opportunity to serve with him. I have only been with him for a little over 12 months and it has been an absolutely eye-opening experience. I would also like to thank you for letting me substitute for my boss, John, on the panel. He is involved with the transition to the Department of Homeland Security and I will go into more comments on that in a moment.
I am absolutely honored be here even though I wasn’t necessarily the first choice. One of the duties of the Deputy is to be able to step in for your boss at any given time. And we like to think of that as, from some of my Air Force colleagues say, the key to air power is flexibility. The key to success as a Deputy is to be flexible. My Navy friends will quickly correct me and say, “No, flexible is too rigid. You have to be fluid.”
I think the Marine Corps says it best when they correct both of us and say, “You have got to be ready.” And that is the central theme of my discussion this morning, you have got to be ready.
I cannot begin to tell you how thrilling it was to sit down and compose my thoughts this morning and listen to the music that was provided by the Marine Corps Band. It is very rare that at 7:30 in the morning you get an opportunity to hear, just in front of you, brass instruments play themes by W.C. Handy, Scott Joplin, and even as diverse as Dave Brubeck with “Blue Ronda a la Turk,” and then, of course, one of my favorite’s, “The Bugler’s Holiday.”
So I would like to give them a round of applause. Coupling that with the Marine’s bringing in the flags, I tell you if I were younger and more physically fit, I swear I would sign up for the Marine Corps, even though I am retired from the Air Force.
All right. Let’s move to a very serious subject. What I want to talk about a little bit is going to go back in history because most of us have a tendency to think information warfare or information operations is new. It is not. It has been around for a long, long time. Back in the days when I was lucky enough to ride in the back seat of a THUD and help direct missiles to SAM targets, that was information operations because we were using electronic signals to inflict a damage pattern on a particular target area.
But I will expand a little more on my definition of information operations in a moment. Let’s go back to Eligible Receiver ’97. Do any of you remember that? I am kind of disappointed more of you don’t because that really was a lynchpin in information operations for the United States. That was a JCS sponsored exercise that convinced military and national political leaders that information operations was not a theory; it was a reality.
You are capable of taking information off the Internet, common stuff that hackers could use, sanitize it so that you would know what kind of damage you were going to create, and take over, effectively, the communications systems of a major combatant command. Now the major combatant command that was selected to be this target of opportunity was carefully screened to make sure that they
They were, in fact, the most cyber secure combatant command in the United States. But yet in a matter of hours, a happy group of people, and I happened to be their legal advisor, the legal strategist for that whole operation that “could not be legally done.” We brought down the communications network of the targeted command. It got to the point where they sent out a message and said, “Do not use any of our communications systems because they have been taken over by the adversary.”
We took that message, and this was a guy who flunked physics three times at The Citadel, took that message, changed it, the day-time group, and sent it back out, spoofing the address so that it would look like we were the combatant targeted command and said, “It’s okay. We have identified the problem. We have cleaned it up and move out.” That’s pretty scary.
Now, there were only two instances where that cyber attack was detected. In one instance, which was subsequently documented, the individuals that detected the attack were using some very sophisticated technology and they should have detected the attack. But to underscore the theme of “Be ready,” the only person that actually detected the attack and did something about it was a Marine Corps System Administrator who said, “Something strange is happening here. I don’t understand it.” And he pulled the plug on his computer.
Now a lot of people would say, “Well, hell, the adversaries won because that was a self-initiated denial of service.” But what that Marine did by pulling the plug on his computer was to protect a lot of computers down stream. Because when you are doing computer attacks what you are relying on is taking advantage of known vulnerabilities, you are also taking advantage of known connections.
You and I are friends in this particular scenario. If I pass a message on to you and you say, “Well, it is from my trusted friend Rich,” you pass it to another one of your friends. Your friends don’t know me but they know you, so they think it is okay.
Immediately after ER ’97, a special team was sent around to everyone that was attacked and said, “Here are your vulnerabilities. Here’s what you need to lock up those systems. Here’s what you need to do to be ready.”
Very few people did it because they didn’t appreciate the threat. They did not appreciate the vulnerability. You can focus on the threat but you need to focus on your vulnerabilities. That is your weak point. And that came to pass a few months later. There was a lot of unusual activity that was detected at Air Force installations on their ASIMS (network intrusion) detection systems in front of their computers. And said again, “Something strange is happening here. And it looks like it is coming from Iraq.”
Now, the timing was very significant because we were involved in a major military build-up to have another Middle East test range exercise. And I don’t say that lightly but I just try to put that in perspective. There was concern at the highest national levels that maybe the Iraqi government was attacking our military systems prior to the build-up. That’s a rather daunting thing.
Now, the happy ending of the story, if there is one, is the fact that there were two kids in northern California, socially challenged teenagers that were detected as having implemented most of these attacks. But the scary thing is they were controlled, they were encouraged, by an individual in a country in the Middle East, in Israel, who was hailed as a national hero for identifying a lot of these problems. A tight and tense situation—
Now let me give you my definition of information warfare and it is kind of
broad and kind of narrow as well: “the managed application of technology
to bring about controlled, disruptive impact on an adversaries ability to use
technology.” Note I did not say to use his technology but to use technology.
Al Qaeda used our technology against us. Let me give you a couple of examples
of that because I think this definition is broad enough to cover heat blast
and fragmentation effects and it is also narrow enough to cover cyber attacks.
Recall if you will, a few months ago, when there was a Hazmat incident in Baltimore.
A lot of telecommunications lines were affected underground. I mean, it was
more than just lids blowing off of sewers in Baltimore. A lot of telecommunication
grids were blocked and broken because what we did not appreciate fully is that
a lot of telecommunication nets go along with our lines of communication.
They go along with our railroads. They go along with our highways. You just drive up and down the streets and you will see telecommunications lines either above you or in the ground if you try to chop one up. That had a very interesting effect. We expected telecommunications up and down the east coast to be bad. But we did not really appreciate the fact that there were telecommunication disruptions in California that were directly linked to this incident and as far away as Africa, directly linked to this incident.
And I use the term Africa because it shows the interconnectivity of our telecommunications and that is why it is so important to have a controlled effect rather than have to wrestle with the doctrine of unattended consequences.
Now let me give another example as well. This occurred right after Eligible Receiver ’97. Eligible Receiver ’97 had no impact on this. This was a completely isolated event. Many of you, I am sure, will remember it.
It occurred about four years ago. A telecommunications satellite went off orbit. You couldn’t use your credit cards at point of sale, gas stations, couldn’t buy whatever you were trying to buy. The very next day I was at an ABA conference here in Washington, D.C. where we were going to talk about Eligible Receiver ’97 to the national security group associated with the American Bar Association.
With us in that room when we were talking about what happened last night in the controlled confusion was the legal counsel of that particular organization who said, “The satellite did not go off orbit. If there had been a problem, I would have been paged.” And he was dead serious about that. Consider yourself paged today. This is reality. This is not theory.
All right. What do we mean by the components of the nation’s critical infrastructure. Let me back up just a little bit. I am in the Office of Critical Infrastructure Assurance. It is a lot of words, which will mean more to you a little bit later. At one time we were in the Department of Defense. Subsequently, we moved to the Department of Commerce because there was a realization that 85 to 90% of the United States critical infrastructure is owned by the private sector.
The private sector does not like to talk to the Department of Defense. But they feel more comfortable talking to the Department of Commerce. So you establish a venue, a channel of communication, shared communication, a culture of communication so that you can help accomplish your mission of mission continuity. We are in the Department of Commerce under the Bureau of Industry and Security and I think that is very meaningful.
What is going to happen to us very soon, and if you get my business card you want to keep it as a collector’s item, because we are being moved to the Department of Homeland Security. And I think that is extremely important that we be moved to the Department of Homeland Security. The President did not ask my advice. But if he had asked me I certainly would have given him that advice. And that is where my boss is today, working on the transition for the Department of Homeland Security.
That represents a significant paradigm shift from national security, which has been primarily federally focused, to homeland security, which requires teamwork. It requires constant communication and teamwork and cooperation between the federal government, state and local governments, the private sector and the private citizen. The private citizen, we the people, that is from the Preamble to the Constitution.
Now what do I mean by the critical infrastructures? It is the stuff that we rely on every single day, planes, trains, banks, medical facilities, cops, the whole bit. But it is a little broader because it also includes food supply, also includes telecommunications. And the scary thing, and the challenge, is to make sure that these things are ready, that they are reliable, and provide continuity of services.
When we turn on our lights in the morning we expect to see light bulbs glow, we don’t expect to have a black out. We cannot preclude disruptions. There are going to be some. So we have to be prepared for the contingency so that when they do occur, that they are limited in scope, of short duration, easily recoverable, and we can get back online.
Now to complicate matters further each of these critical infrastructures, and compare them to vital organs if you would, in the human body, are connected, and increasingly connected with a growing network of inter-dependency, a growing network that connects all of these together.
Compare it, if you would, to the digital nervous system, or a nervous system in the human body. All of these things are connected together. Therefore, a vulnerability accepted by one, is potentially shared by all. So in the case of my mother who is 84 years old, when she gets a computer virus in her computer, she is an “Netizen,” she is very active on the computer, she gets very upset when she finds out there is a virus in her computer that could affect communications nationally.
So she runs Windows NT. How many of you run a very secure system in your own home environment? Do you have a firewall in place? Do you have virus detection? If my 84-year mother can do it, then you can do it as well. A vulnerability in the home computer may translate to a vulnerability in the Department of Defense. All right, primary threats to the critical infrastructure, they are physical and they are also cyber.
You do not have to be a rocket scientist to understand how to attack a computer. It is very easy to download packets and programs from the computer to attack systems and bring them down, little weapons of mass disruption, as it were. It is not that difficult to do. You can be a script-kitty. The issue is not who is doing it. The issue is the ultimate effect of what is taking place.
You don’t care whether it is a script-kitty or whether it is a nation-state or whether it is just some teenager out on a lark. It is very important to take the appropriate safeguards. Now, let me give a couple of scary examples, and these are “what ifs” for the moment. All of us remember 9/11. But how many of us remember 9/17? Nobody remembers 9/17. Nine-seventeen is important because that is when we detected the NIMDA virus. The NIMDS virus went from nowhere to national in a business day.
It affected over 187 thousand computers that we know of now. We don’t know the extent of the full financial damages, but most estimates come in at over $3 billion, with a “b,” dollars. So coupled with the horrific events of 9/11, you have got service disruptions in the financial community that are caused not only by the physical attack and the cutting of telephone lines in the World Trade Center, but you also have issues associated with, “Who is coming into my computer? Who is taking control of my computer? And what is causing this problem?”
Going back to my 84-year old mother, one of the concerns she had was that the NIMDA virus was in her computer. Her computer was taken as a zombie and used in other areas. We had a warning two months before that, July and August, Code Red, Code Red one, Code Red two, named after the soft drink Code Red. That also went from nowhere to national in a short business day.
Estimates of the damage: over $3 billion dollars. Now one of the basic things of economy is you spend money once. That is $6 billion dollars that was spent that could have been used, perhaps, in a more productive methodology today. That is the theme. That is what I want you to take home. That is what I want you to work on. But this is not just a think piece. Here is your homework assignment. How many of you have read the National Security Strategy to Protect Cyber Space?
And don’t be embarrassed is you haven’t because it is not the most intriguing document to read. I want you to go to my web site, www.ciao. This is a crass commercialism, so this is why I am here to tout my stuff, www.ciao, C, I, A, O. Here is the easy way to remember ciao, ciao as in, “Hello, I am from the federal government, I am here to help you.”
My 16-year old daughter thought it was crazy for me to go to work for CIAO, she said, “Why do you want to work for a dog food company?” I mean it just immediately reduced my life to so much kibbles and bits. Now, CIAO is an easy way for you to remember what our acronym is, Critical Infrastructure Assurance Office.
Go to the web site and there are a number of hypertexts, or hot links that will take you to the National Strategy. I commend you to read it. I commend you to criticize it. You have an opportunity to contribute to this strategy and send in your answers, send in your solutions, between now and the 18th of November. And you, too, can make a difference.
Thank you very much.
Pfaltzgraff: And I might add that that grand prize is that motorcycle out there. Well, thank you very much for this outstanding concluding presentation.
Questions and Answers (please refer to pp.10-13 in particular)
Hess: I am Pam Hess. I am the Pentagon correspondent for United Press International. I have questions for Dr. Younger and Mr. Marshall. Dr. Younger, could you elaborate a little on the chemicals that you are particularly concerned about. Are they in private control and what steps are you all taking to secure them, if any? And Mr. Marshall, could you talk about your move to Homeland Security. What special measures you all will be taking? I assume it gives you a little more power to do things. One of things that has been repeatedly recommended is a national red team for ferreting out computer vulnerabilities before they are actually exposed by hackers.
Pfaltzgraff: Before they answer those questions, let me ask others from the audience if they have questions and we will kind of bundle these questions all together for the panel. So who would be next? Yes, please. Microphone is right behind you there.
Tighe: Gene Tighe from Rockwell. I wanted to ask for the rest of that web site that Mr. Marshall suggested. I think it is dot.gov.
Marshall: Oh, I’m sorry. Dot gov, yes.
Tighe: And were involved at all with Linda Franklin’s work at the FBI?
Pfaltzgraff: We will get to that and fine, that will be part of his answer. Next. Other questions? Who else would like to intervene with a question? Yes? In the back row here.
Group Captain Okanlawon, Embassy of Nigeria. My question is to the last speaker on information warfare. Don’t you think that the United States is over-relying on computer systems for its protection? Are is some back-ups as far as using the old methods. This is food for thought.
Pfaltzgraff: We have another question, I believe, back here.
Guy: Yes, Major Guy. This is for Dr. Shultz. Going back to the pre-emption-- Won’t that work into the hands of terrorists by polarizing moderate Muslims to actively oppose U.S. on the nation-state level? Is that going to further close the doors to U.S. interests, strain future coalitions?
Pfaltzgraff: One more question, if we have time for that. Any one else? Yes. Right over here. Yes, this young lady.
Kaufman: Yes, I would like to ask you about—
Pfaltzgraff: Please identify yourself.
Kaufman: Paula Kaufman from IEEE Spectrum magazine. I’d like to ask Mr. Younger about some of the cave burrowing weapon systems that are under development and if they are effective against chem-bio facilities that we might come in contact with should we go into Iraq. Thank you.
Pfaltzgraff: Okay. I think, unless there is a burning need on the part of anyone to ask one more question, we don’t have a whole lot of time. Therefore I would like to begin with Mr. Marshall since you had some questions asked of you and then work our way across the table, giving everybody on the panel an opportunity for a final comment. So, please, Richard.
Marshall: I will start off my first comment, with no comment. The reason for that, I am sure you can appreciate. It would be premature for me to comment on the Department of Homeland Security since Congress has not as yet had an opportunity to work through all of those issues. Second reason for avoiding the question is I depend on my government salary for my economic well being as does my wife, my ex-wife, her boyfriend and my two kids.
Now, and I am not completely trying to duck your question. I am trying to give you honest answers, which is kind of a character flaw I have as a lawyer. That is a joke. You are supposed to laugh. You raise the issue of red teaming identifying vulnerabilities. I don’t want to comment on the particular portion of the strategy because I think it has been eliminated or downplayed a bit. I think people put too much emphasis on red teams to try to identify vulnerabilities.
Red teams are very good at finding one hole in your fence and making your life miserable. What you need to worry about are all of the potential holes in your fences.
I know for a fact that some of those teams were being used in the various sectors, financial sector, for example, being one of them. It is more important, however, to have what I talked about earlier, a culture of common communications, cooperative communication, where the private sector and the public sector can sit down together and share vulnerabilities and share solutions without worrying about Freedom of Information Acts both at the national level and the state level and also worrying about anti-trust issues.
And let me add just one other point, because I think this is important to remember as well. Many people are very quick to point the fickle finger of fate toward Washington’s direction, Washington state in this particular case, rather than Washington in particular, and Microsoft and saying they are the bane of all of our evils. Well, that is not necessarily the case.
Microsoft has done, and I am not shilling for Microsoft, this is my own professional and personal opinion. They have done a phenomenal job in trying to identify and correct vulnerabilities. And I think, obviously, that is due in large part to Bill Gates, but there are two other individuals that certainly deserve a lot of accolades for that. One is Howard Schmidt, who is now working for Dick Clarke on the President’s Critical Infrastructure Protection Board.
The other person, a personal friend and really quite a good guy, is Scott Charney. He used to be with the Department of Justice, and they are pushing this concept called Trusted Computing. I have heard Scott’s presentation many, many times. They really are trying to make a difference. The critical thing is to let your system administrators correct those vulnerabilities.
Now, I know it is very important that we have connectivity and that things work, but if you don’t correct those vulnerabilities and give them time to apply the patches, you are not going to have connectivity. And if you don’t have connectivity, you are not able to perform your mission. If you are not able to perform your mission, you are not ready. Thank you.
Pfaltzgraff: Thank you very much, Richard. Now Dr. Younger, Steve, would you want to answer those questions that were put to you?
Younger: Well, there was a question about what type of chemicals I worry about most and, actually, there is not a specific chemical. But you can think of the kinds of things that we move about the country, chlorine, for water purification and phosgene for plastics manufacture and micro-electronics, hydrochloric acid and a variety of other things. And I won’t focus on a specific one.
In terms of what are we doing about it, this is a hard problem because you are trying to reduce the threat while maintaining the economic productivity of the country. You don’t want the terrorists to win by shutting down the economy. So we are working with the Office of Homeland Security and Transportation Security Administration, Coast Guard, Customs, and we are also working with industry because industry understands the problem as well as anyone. They do it everyday.
So, what are the solutions that will improve security but at the same time, allow productivity to continue? It is a hard problem. There probably is not an ultimate solution set, but progress is being made. The second question concerned tunnel burrowing weapons and I am not entirely sure what a tunnel-burrowing weapon is. There are a variety of advanced weapons designs, some of which have been fielded and some of which are in development.
But I believe that we are entering a particularly fast-moving period of new weapon development for special applications. And the reason for that is that, until relatively recently, a weapon consisted of a quantity of high explosives put in a case that was delivered with some accuracy. Now we expect weapons to be delivered with great accuracy. And I think in the future we will begin to expect them to have tailored effects.
So, for example, in the thermobaric weapon that was delivered to Afghanistan, it was designed to produce a prolonged pressure and high temperature pulse in a confined space. There are other types of weapons fills that can be used to produce high pressure at low temperature, high temperature at low pressures or other effects, which are tailored to specific military applications.
And I also believe that we are moving into a capability to deliver such weapons not in a period of a decade or even a period of many years, but in a period of 30 to 180 days.
Pfaltzgraff: Thank you very much, Steve. Now, Paul Wilkinson for concluding comments.
Wilkinson: Could I just particularly comment on a question that was asked in the first session? I am aware we are running out of time but it has come up again in this session and that is the question of pre-emption. I do believe that when you are dealing with terrorist movements, sub-state organizations, it is essential to have the flexibility, beg your pardon, fluidity, to attack, to go over to the offensive to interdict, to use military force where that is informed by good intelligence about terrorist intentions and plans or whereabouts.
But I think as a very general doctrine, I think Dr. Henry Kissinger was right to make the comment that, as he saw it, it was not a doctrine which was necessarily compatible with U.S. National Security in the wider sense. In other words, if you elevate it into a doctrine in terms of inter-state relations, it can be used by other states to justify their pre-emptive action even though those pre-emptive actions could be seen by ourselves as an attack on the legitimate rights and the very survival, perhaps, of another state with which we are allied.
So I think we need to be very cautious about elevating this into a general axiom of foreign policy. We need, in my view, to establish what Eugene Rostow once called a managed peace. In other words, to work with a concert of the major powers, which is precisely what President Bush and the leaders of the coalition against terrorism have been embarked upon. And that managed peace requires a degree of consultation, a degree of basic agreement about principles and the approach.
There are bound to be some differences of emphasis. There are different capabilities
among the allies. But in my view that is the way forward for dealing with such
serious problems as those posed by the Al Qaeda network. If we are going to
get the maximum cooperation to hold the multi-national coalition together,
let us work together and let us find agreed ways to deal with the threats from
states which aid and abet terrorists or which pose a rogue-state threat for
the well-being of the international community.
Far more powerful to work through that framework than unilaterally even in
the case of a superpower with the resources of the United States-- That is
my own, very European view, but I hope you find it ...(inaudible).
Pfaltzgraff: And now Richard Shultz. Dick.
Shultz: Well, let me answer the question that was asked, the assumption sometimes is the more we act the fewer allies we’ll have. Now, let’s think about that in the case of Afghanistan. We acted and what we found is that rather than fewer allies, we got more and some that were actually very difficult before we acted. For example, Sudan, Yemen, and Pakistan.
So our actions had the effect of not lessening allies, but adding groups and states to support us. So, those-- And those who were cooperative, like the Pakis, prior to 9/11 were very uncooperative, especially with the terrorists in question. So, there is nothing-- It is not written down that the more we act the fewer allies you will have. It is how you act. Now, that said, it may well be that our actions, use of force, because that if really what we are talking about, might lose us some allies.
But the alternative is probably not a good one, especially in dealing with an outfit like Al Qaeda from all we know about it. I want to have just one more, one other thought on pre-emption. The concept of pre-emption is premised on the right of self-defense. And this has a long tradition in just war theory. One has the right of self-defense and especially against someone who has attacked you who has attacked those who you are allied with who has a manifest intent to do that in the future, who is actively preparing for it, and seeks to magnify the lethality of their attack.
Now it is often said that if we operate under pre-emption, that would give
China a green light to attack Taiwan. But it seems to me that they don’t
meet the criteria for pre-emption. In other words, they have not been attacked
by Taiwan, and it is clear that Taiwan does not have the manifest intent to
attack them in the future. Taiwan is not actively planning such operations.
And Taiwan does not seek-- And therefore, obviously, if they are not planning
operations, they don’t seek to magnify the lethality of their attack.
Therefore this argument seems to me to be a bit of a canard.
Pfaltzgraff: Finally, a brief concluding comment from Steve Emerson before we wrap this session up.
Emerson: In looking at the entire problem we face, and I don’t pretend to be a strategic analyst, what I can help contribute in terms of the problem that we face is how we look at intelligence and the use of intelligence for purposes of protecting ourselves.
We could have the best intelligence in the world but, to the extent that we can’t marry it up, connect the dots, use value added information, I note that even after the incredible amount of material coming out of Afghanistan, collected by the CIA and the Defense Department, there still has been an inability to properly diffuse the intelligence to law enforcement agencies in the United States.
We were recently contacted by one law enforcement agency asking about the name of a certain group that had been picked up on an NGO list in Afghanistan of NGOs that were considered to be Al Qaeda fronts. The list had been picked up in December. The name had only been disseminated to this law enforcement agency in the last three weeks. And we were asked to identify where they were in the United States and all I did was look it up on Google and found it within 10 seconds.
And it struck me that as we go through this catharsis of the 9/11 hearings and as we look at the strategic threats in the future, the most, I think, pressing area that really needs to be totally revamped is the comprehensive collection of intelligence, the issue of value-added connections of dots, and the use of the intelligence to pinpoint where our threats are coming from.
You know, in Israel, there is a very interesting, and I will just briefly state it-- When they arrest somebody who is involved in a terrorist attack, within 30 minutes there is a helicopter aloof ready to go into that area where there is a potential terrorist plotting a suicide bombing. And they just move very quickly. We need to have that ability to seamlessly compose our intelligence, connect the dots, and pass it along to different inter-agencies, and use it strategically.
Pfaltzgraff: Thank you very much. Intelligence, of course, is very much on our afternoon agenda, after lunch. I would like on behalf of the organizers and co-sponsors to express a great debt of gratitude to each of the members of this panel for outstanding presentations. You have helped us to understand more fully the threats and challenges that face us. You provide the necessary basis for the subsequent sessions of this conference.
And I thank the audience for its questions and for listening so intently at all of the discussion that we have had here this morning.