Jenn Easterly

The Log4j vulnerability is the most serious vulnerability that I've seen in my decades-long career. Everyone should assume that they are exposed and vulnerable

Now, this vulnerability became public last week when everyone found out about it, but it actually dates back to 2013 when this flaw was introduced into open source software that was then copied in millions of other places and has now sort of gone viral in a software sense.

And to your point on Ukraine, I would just comment that I think we all need to recognize that the defense of Ukraine is the deterrence of China. China is watching very closely whether we end up just giving up on Ukraine because it sends a message to what our political will would be in the event of an invasion or a blockade of Taiwan.

But I think if you go to what the Chinese themselves have said, what is in their doctrine, it's pretty clear that the strategy is about... holding U.S. critical infrastructure at risk in order to deter our ability to marshal military might and citizen will. So this is really about inducing societal panic and chaos

And that would be the result of water systems being polluted or inaccessible, transportation lines being derailed, communication systems being severed, pipelines exploding.