Thank you, Mr. Chair. I'll try to be as brief as possible.
I'm not trying to argue that if you secure your data centre in the interior that you're set and you can go home and sleep. That's not what I'm saying. There has to be a security stack of investments.
In the case of an advanced adversary, who knows that if they penetrate the secretary of defense, or the president or the CEO of an organization, that person has to have very clear...for any individual there has to be some security capability that secures the user at the perimeter—multifactor authentication, firewalls, all of that.
The argument I was making is that if they break past multifactor authentication or encryption, and they make their way in, if they find a low-value server, then if you have invested to secure the interior of your data centre, you're going to be able to limit damage quite significantly compared to if you haven't. If you haven't done it, forget it. They're going to be able to own any application in your enterprise. If you have done it, you might lose x and y data, you might lose x and y servers, but you'd be able to manage that cost, unless it's the president or the secretary of defense, or whoever it is who's been hacked. If it's a lower-level person, the damage will be less.