Thank you.
Just following up on the two real-world examples you listed, assuming that this legislation was in place and, with this amendment, the SIA was required, what would that mean in those two examples? You can choose one for the sake of committee discussion, but it's potentially 18 months. Is that correct? What specifically would this do in those real world examples? Is it just a time delay or are there other regulatory processes that would essentially make this legislation...? What's the point of it if, after 18 months, you're dealing with ransomware or a cyber-attack? At that point, I think this becomes obsolete.