- For folks not familiar with it, can you tell us a bit about the report, its intent, and how it came about?

- Some may be asking, what's the big deal, its just software. Can you help explain the pertinent risk we face with increasingly seeing physical systems, infrastructure and society run on software?

- The report makes some key recommendations to fortify the resilience of the Nation's critical infrastructure, can you talk about those a bit?

- It's often discussed how much of the critical infrastructure is privately owned and operated, is that true, and if so, what challenges does that pose?

- Do you see this as something that will be increasingly regulated, and if so, how do we balance regulations with some of the constraints and limitations of the critical infrastructure operators and organizations such as financial, expertise and so on?

- One thing I noticed is the emphasize on industry, board, CEO and executive accountability. We're seeing a similar trend with recent SEC rules for publicly traded companies as well as CISA's Secure-by-Design publication and public comments, about leadership and executives taking more accountability for secure outcomes. Do you feel this is a major gap, and if so, how do we ensure the message doesn't get diminished from leadership across middle management, and staff?