Skip to main content

tv   Key Capitol Hill Hearings  CSPAN  May 3, 2016 11:09am-1:10pm EDT

11:09 am
europe, most of the measures in terms of combating and controlling international travelers. actually we have had agreement that has been ratified just this year. we are sharing information a lot under diversity of agreements, even without agreements. for example, france has been very pushy to have on european level these of systematic chec checks, both foreign people and european people at the entrance come in and out of its own. this is something is already been done in the u.s. for years and that's something we're trying to enforce in europe now
11:10 am
and that's a big priority. they enter minister, you mentioned, is always been very pushy on this. we are having the french that is being set up and should be working before the end of the year, and the european, very much necessary, has been passed by european parliament in april. so all the tools you have in the u.s. and your enforcing and you are willing to share our tools that we are enforcing and trying to enforce in many cases, indeed in europe. it's not the only reason, it's not the only add to but it's part of the answer. and to answer for directly the question, i don't think of these tools are outdated and not working. they provide very ethically
11:11 am
response and add additional layer of security. >> staff-- one follow-up question. one question that i've had, the department of homeland security now has a peace agreement in place with dozens of countries, the numbers increased rapidly in the last few years. the question is how those agreements are being operationalized. how quickly this information get past back and forth. how detailed this information in order i should be able to derive useful information from a quick scan to talk about sort of come and they know there's a spectrum there in terms of the level of interactivity and connection in terms of those agreements. can you talk a bit about that and what the department's goal is in terms of increasing the robustness of those agreements, or looking for new types of information to sort of cover
11:12 am
within the scope of those agreements and other information sharing arrangements? >> sure. i think both pierre and i emphasize, the information sharing is vital. this is why certainly one of the key initiatives i think secretary johnson and ultimately congress of in the strengthening of the visa waiver program for a lot of these agreements of hspd-6 that on sharing terrorist identities and agreements on criminal history information have become part of history architecture of the visa waiver program. it's a condition of country being in the visa waiver program. we required and congress required essentially the accommodation of these agreements, or similar types of agreements. we should all recognize even without these agreements information is not flowing between our partners into united states. and the sharing of information with regard to terrorist identities certainly has been
11:13 am
shared through intelligence channels and all that but this is essentially formalizing this process of doing this. we are working very closely with our partners to increase information flow through the channels of these agreements. in a lot of ways, certainly part of the visa waiver program but also we're working very closely with our european partners also to europe with regard to the migration flows into your. at the threats represents your. europe and attack both share a humanitarian challenge and a humanitarian imperative to protect people in need, people are fleeing the conflict in iraq and in other places. that presents a significant screening challenge, and so we're doing our best to be very forward leaning with a urine p.m. partners and also with canada certainly to help. working government the agreements, very much focused on
11:14 am
this challenge which is the migration price and making sure information is flowing. are we where we should be with regard to the implementation of these agreements? know. i think as they say there's a difference between a strategy i think is sound but we have a lot of work to do i think to build the systems and the protocols and the legal architectural that would enable greater sharing of information from our partners but we are making progress very much and certainly with france we are making progress. >> scott, tourney do you. your company supports a lot of these efforts in the united states and you. company supports these globally. can you talk about both your role in addressing this issue but more generally the role of the private sector can play in supporting efforts by governments to prevent and disrupt terrorist travel? >> absolutely. morpho trust its secure identity
11:15 am
biometric company. we make passports and drivers licenses and biometric systems used by u.s. government and governments around the world. starting with your first comment on the name, the name recognition, the names of potential terrorists when we get involved is making that name a reality because names are fungible. you can have many of the same name is, senator ted kennedy had problems because there is a terrorist with the same name. use of biometrics to get added better answer is something that you see growing and i've seen growing, and it's been beneficial for our bottom line because of it. when i was at the senator's office i was at homeland security with seth a long time ago. secretary ridge talked about taking the hay out of the haystack to go look for the needle.
11:16 am
sleazy programs that evolved like global entry that has a biometric component and enables you to breeze through customs when you cannot come. i highly recommend it. and my company doesn't run it. precheck which the company is very involved in, taking biometric component of taking people who are not threats to a background check out of the system so you can focus on those that you do not know or potentially our threats. that's the use of technology. >> seth com, another key elemenf the system is different means to assess the risk of individuals with respect to whether they may or are more likely to pose a threat to risk oriented systems run by customs and border protection, tsa, all of which come in some cases to fly at high risk, other projects identified low or no, identify
11:17 am
individuals has no respect talk about the broader strategy to counter terrorist travel within the u.s. and how that set of issues fits in with in this discussion. discussion. >> i'm always reluctant to cite donald rumsfeld is sometimes his words are useful and i think i you think about that issue, you start with the known unknowns as he would say. and i think the key first step is operationalizing the tactical intelligence we have with regard to the people. continental, a fancy way of saying watch list and building terrorist group database, the terrorist screening center that agencies can work with come and part of the leadership of. i think that's sort of the core, accounts out of hspd-6. that's not all of it. certainly watch lists are
11:18 am
important and we share, continue to shared terrace identity information through a hspd-6 agreements but also through other means with our foreign partners to make sure we're sharing information on no one knows. the challenge comes when you think about the unknown. so the unknowns whether it's been known unknowns that are out of there. this is where i think where you getting at which is how do you identify, how to did i risk, how do you find the need and haystack? one piece at stock talk about reducing the size of the haystack by pushing the low risk people at things through the system. this is what some part about programs like global entry, precheck and other things like that. you reduced the haystack of people come through. that's true on people as well as cargo shipments as well. the next step is yes, the analytic piece of this, which is after 9/11 we created something called the national target center which is run by border
11:19 am
protections which is a national asset that works primarily what it is him what the ntc does for the most part it is not safer international air travel, that's one of the things it focusing on and it is, that's passenger information from airlines as well as passenger name record information. for bureaucrats, and analyze this information to not only identify people who are on watch list but also the identified risk patterns and linkages. think about how you would analyze whether somebody presents the risk, you are looking for, doing a link analysis are linking to someone as a potential terrorist or potential criminal, and also looking for patterns that identify potential risk where you would want to have your officers said for greater screen or something like that. so that's a crucial piece of this. now, the big difference between when the national targeting center was created 15 years ago to now, which is a source of
11:20 am
information where you can think about identifying potential risk, are much greater. 15 years ago when the national targeting center was created you were looking at api data as well as other data, third party did not have social media. this is one of the great challenges i think for the next generation, our generation of people in dhs and other places is how do you sift through the vast amounts of social media out there to identify people who could present a potential risk for traveling through the international system, gaining refugee status or asylum status or anything else? and a law professor in me would say how do you do that while protecting privacy and civil liberties? which anytime you talk about terrorist travel, talking to individuals moving to a system like this you have to think about those competing goals, and
11:21 am
in the refugee context or international obligations on humanitarian protection. that's the challenge and that's one of the great challenges as a think about not on the national targeting center in terms of international aviation but also how uscis at the state department that refugees coming to the system are applied for refugee status here. how our european partners of the with hundreds of thousands if not over 1 million migrants are coming to europe and how do you vet introduced the haystack ending our humanitarian obligation to these people are d also at the same time identify the potential risks and sit them out and make sure they don't come across our borders and to do our country. >> pierre, follow up on that your given the years experience in the work that's been done to build up these capabilities, could you talk about what capabilities are like in france and more generally within europe with some of the other dui
11:22 am
border agencies, and are there ways that china is helping, can help to sort of the less of a positive and negative that we learned in building the system? >> yes. this issue, our partnership with the our partnership with u.s. and a partnerships within europe are working quite well. the alliance with the u.s. is very effective. what i would like to say on that is just to get back made on the technology part, on the pnr part, for sure the u.s. have a lot of experience in debt because they have -- for example, we are extending this very topic with the u.s. been quite effective doing that since we decided the beginning of the year, our friendship -- first of july will be there next week to meet with this process
11:23 am
to our u.s. partner is in france. on the unknowns, because that was a very important point that kind to centcom is how do you find the ones you don't know. actually all the attackers that we have more people we knew. most of them were people that were known for traveling to syria. most of them were known for i path of radicalization, or were known to us because you had a criminal history first. so these should appear in the system and these guys should pop up when we, when they cross borders. but we have to come one thing,
11:24 am
the path to radicalization is getting much, much shorter now and john many people who are not like no one radicalized people, and the other thing is that, and realize that through a system that we have are not in our systems. i don't want to take just one minute to talk about this reporting hotline that was set up in 2014 in france, before the attack that we first heard terrorist, radicalization hotline that people can call when they suspect someone is on the verge of radicalization, if someone is on the verge of traveling to syria. what we notice, since 2014, more than 4700 people of interest
11:25 am
have been notified to this hotline. it's not the traveler. it's not the radicalized people that we know. for example, of these 4700 people, around 40% were female, and among his 40%, majority of these young women were between 18-25. these people are not known necessarily by our intelligence community. they are not like seasoned criminals. so this hotline has been very, very hopeful to identify into point out people that needed an answer, a response in terms of intelligence come in terms of the police, in terms of support, educational support or in terms of social policy.
11:26 am
this tool has been, has proved very important. not only because technology is not enough and technology cannot answer all the threats that we have come and this tool, sort of the french community outreach, has been very, very hopeful in bad. >> scottthat. >> scott, you know, there have been a number of examples from the group using fraudulent documents. in some cases legitimate syrian doctordocuments but even frauduo enable people to cross borders and present them as individuals who they are not. how do we, we mean the collective we, u.s., europe, our allies, actress that aspect of the threat and the whole question of fraudulent documents? >> there is technology available
11:27 am
to determine whether a document is legitimate or not, or fraudulent. and it's just not largely deployed. that's the case of a lot of technologies that could be helpful. i see how slow things are deployed from my government days, the decision-making process is very slow. i know we are looking at deploying this type of technology here in the u.s. in airports, and we been looking at it for a decade. there's a lot of different reasons for not deploying it. i think today the reason is cybersecurity. since it is software-based. but there is technology available that could be useful in this situation. >> i think we will open up to questions now, if the people who want to jump into the conversation with the question. please identify yourself and ask a question or icy in the front row here.
11:28 am
>> -- i see in the front row here. >> my name is john gardner, h.e.w. alumnus, former naval intelligence officer but so many years ago is irrelevant. might interest is us versus others. and how this comes up in layered forms. i'm thinking about the general reluctance of the u.s. to what may anybody from syria. this is a political issue now. in europe, there's a great reluctance to bring in muslims, particularly in the case of france, say, from algeria but generally in europe from syria or other conflict areas. so one of the solutions is to pay turkey to take in a whole lot of the refugee flow.
11:29 am
so europe and the u.s. don't have to deal with it. but money only deals with a small part of the problem. the food, clothing, shelter and medicare. but there's also a culture ration, simulation issue. in exchange for this agreement, turkey is asking its citizens to have passport for access to travel within europe, which again, recently from a public point of view and maybe from a government appointed you, creates another way of security threat to so this would appear to mean that we have to put ever greater emphasis on our working with our nato ally, turkey, to find ways to help them screen the people who we are paying them to take in. and also of ways of helping them
11:30 am
to help us worry less about people coming from turkey and traveling within europe or the united states. i'm wondering how much this is on the radar, and what sorts of things do you find helpful in dealing with it? >> i'll take the first crack of the answer your from the u.s. perspective on your question, let me so we sort of the big picture on humanitarian protection can refugee protection. the united states historically has taken an enormous proportion of the world refugees in terms of the refugees that have been resettled into third countries. last year the united states took about 70,000 refugees, we settled into the tourney. the president has committed the united states taking at least
11:31 am
10,000 syrian refugees this year, in fiscal '16. and i think we are well on the path towards achieving that objective. now, two things about that. i don't think there's reluctan reluctance, i mean, certainly there is objection i think in the united states to taking syrians and others from the part of the world because of the fear of potential terrorism but i don't think that's a majority opinion. i think the united states does recognize, i mean, the syrian crisis aside, there are about 65 million refugees on the move in the world today. the highest numbers since the end of the second world war. so that is a massive migration crisis in the world today. assyrian crisis is one piece of the but also the united states also faces migration issues with regard to central america, cuba and other people in our hemisphere.
11:32 am
so we are taking large numbers of people into our country and that's a good thing for the most part as long as it is done within the rule of law, law and order. the united states as a nation of immigrants and we have a long history of taking refugees. i'm from southern california. i was around was were taking about 1 million vietnamese refugees after the southeast asian wars in the late 1970s. any of those babies in southern california are now very wealthy business owners in orange county. they are in politics. they have been very, very successful in the united states. i'm a big fan of refugee protection, bringing people in. the issues with regard to syrians though, at all refugees, is that which a security protocol. we have to work very hard to make sure that these people are, while we are committed obligations, that we manage the risk of people coming into the united states. so we do vet these people very
11:33 am
extensively, all refugees coming in, and certainly from this region, a and our intelligence community is deeply involved and it takes a long time but the united states can make the mistake, the united states is committed to the process of bringing refugees into the united states and we are also committed to working with our partners to help them as they bring in the migrant and. for instance, the united states, this is public, we are working closely with canada to help vet prime minister trudeau committed to 25,000 syrians come into can't do. the united states is working closely with our canadian friends to vet those people have before the committee canada. -- before they come into candidate. we are working close with our european friends as well as share information as they work through the migration challenges. the last thing i will say with regard to the assyrian crisis is the number two or talk about is small compared to the crisis. so you have, the country lebanon, four or 5 million
11:34 am
people of which about one quarter right now is syrian refugees. massive numbers in jordan, massive numbers of refugees in turkey. when you think about these situations, some of those people are in camps in those places that the vast majority are in the cities. they are in beirut, istanbul, places like that which, you know, it's a challenge from is a good jobs but also a stability challenge for the countries in the region which -- security and economic prosperity of europe as well as the united states and other places around the world. it's a series of challenged by the united states is committed to working through it with our partners. >> i would say france is not like afraid of welcoming him since a big part of its population is muslim, and the part of the muslim population of the french public is much bigger than in the u.s.
11:35 am
it's not being afraid of taking the muslim population. it is being very cautious about how many we can host and welcome. i see that my german friends are in the room, and in terms of welcoming, german has done an amazing job and i would ask if you want to add on that. what we have to say is protecting the european the border is not an easy task. we are not going to build a wall on the greek coast and were not going to build a wall on the other coast. the challenges are the same between your border with canada, your border with mexico where you've put so much resource. as technical resource, human
11:36 am
resource and a lot of investments. so the challenges are the same and the scale of populations that we are talking about, no comparison of possible. what europe has done with turkey is tied to build a partnership in dealing with this issue. that's the challenge. >> seth, one follow-up because you referenced the screening process for refugees. another visa that have received a lot of attention following the san bernardino attack, give a whole range of other categories for visas with which the level of screening is different than it is for refugees which is arguably the highest level of capability screening for individuals come into the united states on permanent visas. are there lessons fro from that?
11:37 am
are the decisions being pondered or underway to sort of enhance the security of other categories of visas that terrorist groups may try to exploit the come usig some the lessons of refugee screening we've developed since the bowling green case a few years ago? >> the san bernardino case raises the issue of the k-1 visa or the fiancée visa. the issue is essentially what are our processes for prevent anybody coming to the united states under a visa category? on that i would say we had to think about a few different kind of buckets to get a better one is sorely refugees. i think by any stretch of the imagination the process of the refugee coming to the united states is the most arduous. i think in terms of the number of security checks but they are the most vantage population if anybody coming to the credit, especially refugees from syria and other places like that.
11:38 am
but certainly in terms of working through our ability to trend under a and vet other peoe and then the third is the visa waiver program which we can get into i think later. but with regard to visa categories, certainly there is a process of vetting those people and it is arduous especially with regards to certain countries and also depending on certain risk profiles. the next sort of come i mentioned this before in terms of the next sort of phase that we're looking at is a decision social media in terms of what's the relevance and use of social media in terms of how we vet people, also these applicants to also talk about the other side of the visa application, k-1 visa, is a u.s. person who petitioned spring their fiancée to the united states against the k-1 visa. often think that visas you to
11:39 am
think about to size of the equation. it's not just the foreign person is trying to come to the united states. it's also the u.s. person of the u.s. company trying to bring that person you. when you think about the screening systems including how we utilize a look at and operationalized social media, you have to instantly, all of these issues i think the first thing out of her mouth has to be security i should think about security, but pretty much the second thing out of their mouth has to be privacy, civil liberties and issues that balances exist as a think about the next phase which is the challenges that i.t. jobs in terms of how we sift through the billions of pieces of information that you think o the and social media, it's not just somebody, it's not as easy a summit on facebook seeking a k-1 visa post saying i am a terrorist on their facebook profile. it's not as simple as that. but alone sort of the issues with regard to their
11:40 am
communications throughout the world, telecommunications system and how we legally a lovely deal with privacy and civil liberties, houston. it's a tremendous i.t. challenge if you think about how we sift through the information, let alone a legal and privacy challenge of we're working through the issues. secretary johnson stood up at least within dhs something of a social media task force which i co-chaired for a while along with undersecretary frank taylor look at this very issue and now we focus on and in the beginning focus was on refugee vetting as well as on k-1 visas in light of the san bernardino case. it is a challenge but we are working to improve our security with regard to all of these categories, not just k-1 visas. >> i think we have time for one more question from the floor, over there.
11:41 am
>> thank you. i'm also a fellow here at the center and i the question on information sharing. rightly so this is the a lot of enthusiasm sharing information about the bad actors that we want to stop crossing borders. but it doesn't seem as if there same degree of enthusiasm about she information about the known traveler publish but i would the global entry program has really limited interoperability with other known traveler systems. the french system on immigration limited interoperability what are some of the obstacles sharing information about unknown travelers and making that haystack a lot smaller? >> difficult question is the for me. so very nice. [laughter] >> i will jump in at the end.
11:42 am
>> just the issues, bears trust, and when you think about sharing information, about non-terrorists or suspected terrorists or people that we have a need to investigate, it gets much more easy. for the other, phishing part of information and for others, i would not be as pessimistic as you say. first of all, as i mentioned and were exchanging a lot of -- to share information on travelers. there is this program from the dhs understand, i think it is five advisors, so giving and processing information on
11:43 am
travelers at the airport in paris. and we are really working on having, for example, global entry, that's one of our priorities. even if we have issues in terms of protecting the data, protecting the privacy of protecting information. because sharing information for global entry means also that we have to share personal data in terms of criminal history, in terms of very, very sensitive data or so that's an issue, even if it takes time, that's one of our priorities. and we are trying to share that data necessary to, as you say, process the travelers much more quickly and in a secure way. >> i think, just to a covert briefly as much as brevity can be possible with me, i think
11:44 am
what pierre is exactly right. i wouldn't underestimate the amount of information we share with regard to people. and as pierre mentioned, the chance of a relationship includes the way of actual officers on the ground in certain airports in europe through the immigration advisory program as well as certain places where you we afford preclearance like in shannon, in ireland, the places where you go through the airport and when you write in the united states, you've already cleared immigration and customs. we are working very closely with say the french police as well as the airlines on travelers before they get on planes. so there's that. the other thing i will mention with regard to global entry, global entry, it's a very important program not only certain from the second point of view from the reducing production of haystack but also from an economic point of view in terms of how low-risk travelers move to our system.
11:45 am
it started as h this program but it is quickly becoming an international program as we think about. one important thing from u.s. perspective think that was a project terrorist travelers usually have to think about, someone asked a couple weeks ago is a border secured? and my answer was, the lawyer in me, the question is secure to what? secure as to terrorism from a u.s. perspective is not a u.s. border secured issue. it is partially that it is a hemispheric issue, an issue where we working with mexico, canada and other places. we think about global entry, one of the crucial things were working with our canadian, our mexican partners is to try to develop a north american trusted traveler network where we should think about people coming to north america, not just think about people coming into the united states.
11:46 am
thinking about people coming to north america. we share lots of this mesh with our mexican partners and canadian partners on people coming to north america so we work together on common -- common target potential's. as well as working through with panama and other countries in our hemisphere. so we think of a global entry, think about global entry also as a growing more internationally focused program where we are working close with a partners to share these programs together. with the common goal of facilitating movement of low-risk traveled through the global transportation system. >> with that we will wrap up this panel. we have a great session right after this before lunch break, but this is an important issue for the center and an important issue for countries that are working together to fight the threat of terrorism. so join me for thinking our panel, and for a great discussion. [applause]
11:47 am
>> the next panel will start without going to a break. [inaudible conversations] >> thank you. i'm sure many of you have their stomachs grumbling, i can promise you this is worth the wait. you literally cannot ask for a better panel to discuss counterterrorism and the titans we have here with us today. i mean, you have their bios and
11:48 am
handout i will not spend a whole lot of time laying that outcome other than to say these three have been integral in our national security efforts for many years, in our catechism efforts, and i think are three of the most patriotic, hard-working americans on these issues. notably cofer black who is director the counterterrorism center at the central intelligence agency. he was before baking paper euro, he was head of sct at the state department to own a diplomatic mission. but he brought all the intelligence and use of intelligence experience to the counterterrorism portfolio. matt olsen was the director of the national counterterrorism center, recently joined up with keith alexander in the private sector. prior to that was the general counsel of the national security
11:49 am
agency. as you all know, nctc plays a critical function in understanding the analytical components as well as a bit of a esop mission what they have some operational planning functions as well. and i think it's there to say since the stand about nctc, the rich picture of that our government in the agency has is so much richer, given some other function. and last and certainly not least is an old co-conspirator, friend, mentor, juan zarate who was deputy national security advisor. he was also the first assistant secretary of treasury i first met juan, focus on counterterrorism and terror finance issues. he was a pioneer on some of these issues and i think plays a significant role in forming the only for cbs but for others as well. delighted to the three of you. i thought we would star with
11:50 am
cofer just because sunday was the fifth anniversary of the successful takedown of osama bin laden in abbottabad. ding dong the witch is dead at the threat lives on. so i would be curious, cofer, looking to where we were five years ago to in your insight government to where we are today, how is this not similar, how is it different, and what should we be thinking about? and what lessons can we really gleaned from the many years, the scar tissue, blood, sweat and tears we put into this fight? >> thank you very much, frank. it's a real pleasure to be on this panel. when you look an audience like this come you all watch tv, read and write. you're very familiar, very well informed, very educate on these issues. i think the only thing that i always have to offer is some of the observations i had from the experience of doing it real-time
11:51 am
back in the day and but that sort of felt like and what perspectives you come away with. if you look at the fifth anniversary of killing osama bin laden, i guess when i heard this, what particularly interest in what i was thinking about it was that great journey, sort of the unite united states united n the field of counterterrorism, from when i started in essentially the middle of my career and the cia overseas collecting intelligence on terrorists, as well as in my final tours in khartoum, surviving an assassination plot against me. coming back to washington essential being the head of the counterterrorism center, and conducting essentially intelligence collection operations. we did very little action if you put aside some selective renditions, which in those times were few and far between. seem very bad people are going to get on the street again who
11:52 am
deserve to be in jail for life deficit in the process with a move to a place where they had warrants for arrest. so i've be happy to defend a lease that part of the. as you matriculate your time, there was an attraction to taking action to defend the united states, but there was still significant eyes towards collection. this repeatedly continued throughout virtually all of my time. despite what others say since the orders came to me and my people. i can tell you our mission was to collect intelligence and to capture people, generally not to kill people. as you go through this adequate political imaginations of time what -- situation, decisions made come a lot of boarding pass. some of you may have read some of the recent literature, watched some documentaries but
11:53 am
it's like a beauty. it's an eye of the beholder, you know? what is a crisis to me as a professional counterterrorist may not be to one of our elected political leaders or people in the white house u.s. so many other things to thin think abou. aikido despite our best efforts we never really got through so the pursuit of intelligence, the desire to warn was foremost. when you get to 9/11, even to this day there are memorials and it pains me to watch these planes fly into the towers. it's like a nightmare around all day thing. some days i just turned it all off. is too disturbing for me. backing away from that moment on, our whole country changed its orientation. initially there was a period of real denial, since people had never even heard of these people, al-qaeda, or the hurt about it and been warned that they essentially didn't believe
11:54 am
it, sort of point of taking action. develop plans, those plans have not been initiated, and in crises, most societies will turn to those who are the most prepared. so that turned out to be the central intelligence agency. the fbi i is great but you need a predicate. they are law enforcement agency to the state department has no one to negotiate with. the military has no war plans because it was considered a law enforcement issue. so anyway, so essential to central intelligence agency was a nervous of structure that helped the government proceed into afghanistan and to conduct other activities. but also bought time which is probably the most important thing. so for our government to decide how was going to respond as we marched form that point on. it was clear pursued and relentlessness. i think that type of conduct of
11:55 am
our affairs continued unabated right up to the point where osama bin laden was keep chilled and continues to this day. it's very challenging for the people who do this for the living. -- was killed. they had a level of consistency to achieve the objective or i know some of the stories have come out. i suspect when the whole story comes out it will go down as one of the greatest spy stories ever. it was certainly against the odds edited a tremendous, had a tremendous impact. but this is one man, one man that had to be rendered to justice come if you will. but in the process of this time, we have seen al-qaeda who, before 9/11, if you think the american government was slow to react, it was actually leading in the world compared to other governments, international governments are they were light years ahead of everybody else. most of the times i would be going overseas to try to convince intelligence services
11:56 am
that al-qaeda did exist. basically it was blown off. i don't write about because of some i don't want a lot of people to read. that's the reality. americans, you jammed up this thing to make money. unbelievable. 9/11, everyone who came to jesus about like that. that looks like we told those americans. so anyway, off they go. a look at the situation we are in now despite all this money, all these targets to all these great americans working with our international partners which is our secret sauce. we really got into the -- many times after these guys, yet the problem continue to exist. in the green room we're talking, a layman just watching tv, are we doing better or are we doing worse? seems like every week it's good, it's bad, it's good, it's bad, vertigo. are we doing well or not?
11:57 am
but there is, the target set seems to have increased dramatically and our two gentleman here who have been in the service former recently that i had the country to set it up for them. in my time it was denial, and then 9/11 was emergency response. initially with those that were plugged in and have warning about this, they are coming and making really, conducting quite uncivilized behavior at briefings. we've got to get going, let's go. it's those people again. then you have, that they really start taking a. not only our own capabilities but working with international partners, moving on tremendous counterterrorism success which i will defer to my colleagues on the panel, which had been seriously i think effort by sectarian problems. a lot of countries particularly
11:58 am
in the middle east do not have any loyalty of their population. you've got religious strides, other factors that rarely play into this equation. and were holding its own. i will end on this. went i went into the central intelligence agency it was the cold war, the russians, nuclear annihilation. >> they are back. >> i know. another great job. but i thought if we just worked hard enough, if we just lay out the long enough, if we take the body bags overseas to protect the american people, i didn't believe that some of all of this would be over. you can scrap the military, and then the shock of life is your own son who is a senior at 9/11, four years later after college as an army officer airborne ranger in the afghan mountains fighting every day, you know? what happened? one of the things from my time from the past bringing forward. it ain't over until it's over and it ain't over until they
11:59 am
kill you or you die of natural causes. until then, you know, this process goes on. it's always going to be something. for now this is one of the big thinks of something. i'm happy to be here and now you get the real answer from the guys who served with more contemporary views. >> thank you, cofer. i just want to underscore one point because i think it is lost and hopefully doesn't get lost long-term from a planning perspective. it's the idea that you had to converge different communities, in this case largely title x and title 50 committees. i used to joke, bad joke before 9/11, strengthen of our strength in the long? it was about collection. it wasn't about operations. and our ability to absorb all of that was you had limited capabilities. so i'm not sure we could have pulled off what we were able to five years ago in the aftermath of 9/11 not because the intent was it there but because the
12:00 pm
authorities come the capabilities and speed ip jumping. absolutely not. when you look at the force that we had in the cia, the people working al-qaeda globally, we had half as many people as the 9/11 commission had staff. .. did an exceptionally good job, highly motivated, watching the firemen, policemen, highly motivated but no duck, we could never have dreamed of replicating what the united states was able to do. it is the envy of the world but they could not have done that,
12:01 pm
truly unbelievable. i think we have made tremendous progress. we were a sailing ship and now a nuclear carrier battle group. >> perfect segue. looking at where we were five years ago and how much we did come both enigmatically -- analytically and operationally to try to shape the environment to protect and preserve our interests and our people, how is it different today? is it that the world has changed? everything is going open source? everything is on and apps as opposed to a hierarchical system, tell me what matters, what are the issues that matter differentiating al qaeda and they were going a little decentralized with their
12:02 pm
franchises during the demise of osama bin laden but a little more hierarchical. tell us what the differences are and the pros and cons in terms of what we were facing 5 years ago and what we are facing today. >> thanks to you for being here, great opportunity to have this conversation with my esteemed colleagues. i am in a pretty good position to begin to talk about this because in my time at the national counterterrorism center coincided with this five year anniversary i joined the director in august 2011 a few months after the osama bin laden raid, i was chief lawyer where my role the day of the raid was prepared in case something went terribly wrong to serve in that role, don't destroy documents, keep cool, you will be my role in case things go poorly, what
12:03 pm
happens when it hits the fan? that was may 2011. in august i was in position not to be a lawyer somewhat thankfully and i served until the end of 2014 so i saw what i think is picking up on continued evolution of the threat. in 2011 we were still quite focused on al qaeda and al qaeda before and plotting that we were tracking coming out of the thought a in that timeframe, and the franchises, most particularly al qaeda and the raid on the peninsula which demonstrates intent and a degree of capability to take down an airplane bound for the united states on christmas day of 2009 so that was the primary focus
12:04 pm
for in ctc and broader counterterrorism communities from the analytic standpoint. i do think over my time, three years in office, we saw that really changed as the threat diversified in terms of a number of jihadist groups we were tracking. it expanded geographically so we were not as focused on south asia and a few pockets of the middle east, we saw the threat in terms of the groups and the people we were tracking expand across the middle east and east and north africa from somalia across mali. then we saw these groups and the threat they pose adapt.
12:05 pm
and they adapted. and they adopted to our strength so we are increasingly adept in ways that you described, understanding the threat from a collection standpoint being better postured, and from a hardening standpoint from homeland security and national security standpoint we were better at protecting ourselves against the type of plotting al qaeda had been pursuing, the catastrophic spectacular attacks so what we saw is groups attack, and adopt smaller scale easier to pull off attacks and in some ways most concerning how they communicate so they were no longer communicating, this was pre-ed snowden, but then a market drop off in our ability to collect communications as they adapt to what we provided
12:06 pm
them, the playbook on how we collect intelligence from the surveillance standpoint. >> to focus the attention where we are today and say isis is the manifestation of all these changes, it has adapted most effectively to defenses, and the safe haven that was created to the confidence of syria and iraq and has been able to recruit thousands of people and expanded further, and places like libya. when terrorist groups have the ability to have a sanctuary, turn to plot and take care of
12:07 pm
that. in terms of directed attacks in brussels and paris, and san bernardino. >> a couple points to get to one, perfect set up that wasn't intentional, to get to the policy prescriptions as well. and his affiliates, and at the end of the day they were small numbers. when you look at isis, to attract thousands including many from the west, many more from eupe, al qaeda and its affiliates, in yemen or the fata region, they played under governed spaces. in this case isis has
12:08 pm
territories and targets. i would be curious from a policy standpoint, what lessons can we glean from al qaeda and we were doing very cutting edge thinking, go after the finances, part of the equation. what tools do we need today and how do we stack that? how do we prioritize it and at the end of the day a lot of the effect and success, we had the bad guys looking over the shoulders, are we looking over their shoulders enough today? >> thanks for inviting me, i am honored to be here with you. i don't think they are worried enough. in 2016 versus 2011 or 2004-2005, there isn't a sense
12:09 pm
of constancy of pressure, disruption in what has become a series of terrorist archipelagos, and al qaeda affiliates have time and space and resources to think about not just local agenda but also outward planning. the european attacks were a wake-up call to everybody that the thought in washington that the islamic state was focused on the local, focused on building the caliphate. that would distract them from their outward focus and what intelligence has uncovered, the attacks themselves have manifested to include san bernardino, these are groups that were still outward focused, intent on using foreign fighters and able to train and redirect and grow innovative in their methodologies to attack the
12:10 pm
heart of western europe. and when osama bin laden was killed, a lot of discussions in that period, there are those who argue openly the counterterrorism community would go the way of soviet allah just, now they are both back. the reality is the threat has morphed not just in the way described but a sophisticated way. one is ideology, this is a movement that has been able to regenerate and resurrect the idea that the islamic caliphate is a reality and able to resurrect the very idea of being part of this caliphate. you see not just in the middle east or north africa but even in
12:11 pm
places like southeast asia, north america, where we thought we had squelched a lot of these movements and the ideology itself is reanimating. the very notion of a caliphate, the territory that was held and reshaping of borders reformed the idea of the ideology, not just isis today but the isis of tomorrow. that is one problem. the second is what you alluded to. we used to worry about safe havens of old like the hindu kush or the jungle, this is real territory. these are real urban environments. they control real resources and real populations. mosul, second largest city in iraq, imagine that. in the hands of isis for more than two years, three years now.
12:12 pm
access to people, access to labs, access to universities, access to money and money service businesses so it changes the complexion of the terrorist landscape when talking about disruption not just of terrorist safe havens, but where you have real urban environments and that is where you get into the political problems, how do you carpet bomb the second largest city, what do you do, and creates challenges for us policymakers in terms of disruption and capabilities whether it is things like the tools to deal with terrorist financing, very different. >> one point you raised, you and i have had many discussions,
12:13 pm
looking at violent extremism, not to paraphrase bill clinton, it is the economy, stupid, but it is the ideology. what more can we, should we, that is that the missing dimension of counterterrorism statecraft. we need to use military instruments, we need to use all sorts of instruments but we never fully used this instrument was what can it look like? you are leading a major effort, what should we be thinking about? >> a few different things. before i answer that question, i want to make the point there is a convergence between physical dimensions and ideology and and -- the reality is they are highly dependent on each other. from an ideological perspective part of the allure of isis, the
12:14 pm
vast majority, and videos demonstrating this is a group that can govern, the third dimension trying to govern in a real way showing they can police the streets of mosul, that they can interact with children, that is the ideology. the fact that they changed borders and withstand pressure to maintain territory, we shouldn't lose track of physical manifestation of the ideology, physical ways to impact. there has been discounting the ideological dimension over time. part of it has been a very good instinct to not overgeneralize the problem. you have to be careful about the
12:15 pm
lexicon, that instinct has drawn a retreat from people in dealing with the ideology. in theology to define what it means to be a muslim. that ideology is come to the islamic state because it is the only place where you can be a real muslim in the 21 stupid century. and some operatives elsewhere. it is a challenge to them. a vote of no confidence, to react quite viciously to some of those. there are things we can do, this is animating a counter movement that actually not only counters the ideology, undermines the
12:16 pm
opportunity, but what it means to be a muslim in the 21 stupid century. this is the identity of a whole new generation and explains why you see a lot of women recruits not just to be potentially operating but mothers and these operatives bringing families, there is a new generation to this. to redefine what this means, there has to be more work done on issues of government. when it prayed on lack of governance, sectarianism, the inability to fulfill the dreams that arab spring has fallen by the wayside in that regard. the third is we have to find ways of identifying our allies in this space because we do have allies whether it is the kurds or liberal bloggers in
12:17 pm
bangladesh, have allies in this space to defend them, promoting them and scaling their efforts because they are out there, the clerics, we have to figure out ways of reinforcing them. one final point. there are manifestations of this ideology controlling territory, and how the ideology, we talked about this, operates in conflict, many in places controlled by extremist groups because the vaccination teams are being harassed or killed or isolated by extremists who don't believe in the need for it, they think it is a cia plot or another venture. where you have polio outbreaks,
12:18 pm
hotspots, i want to be where the ideology, and women's rights or health issues and an area of innovation. >> i am sure you would agree the role of victims, dreams, opportunities lost, that is very powerful, you don't want to exploit, literally to know every time you see a martyr, should have the face of the victims so every time isil is trying to glamorize someone there should be the face of the real consequences, women, children, innocent people die. how would you respond today?
12:19 pm
we know we need to keep the pressure on the adversary, that is a given. the flipside is we can't kill and capture our way to success. >> my wife told my mother to answer that one. >> glad you took our thoughts. >> my response, they think of me, i have never been a big advocate of conventional us military forces in situations like this. my vision of the best years of conventional military ground forces, what i don't want is young men and women stuck in situations where the gang was shot, and leadership and
12:20 pm
responsibilities, semblance of -- there are other alternatives, the action is a good combination, and can be done. there are missed opportunities. if only i had been there, the same story, and the best thing to do the hindsight, i think we really have to look at things like libya, we have enough of a problem without creating more of them, the question is which administration is motivated in the situation, geopolitically in
12:21 pm
america's interest, what is morally correct and we can go for the rest of our lives, a different view of things. neither view is correct. qaddafi was terrible, and the response that resulted in being torn apart. places like iraq, i really do think simplistically americans had better start being more like the british were at the height of their empire. you have to be careful what
12:22 pm
tools you, in the inordinate time i spent in the situation room i don't recall a lot of thinking about consequences down the road, unintended consequences, spend more time looking at that. for the long-term. what is good for the united states is good for our allies and take a bit of a lighter touch, military advisers, my revolutionary war, god bless the french, they didn't send their military observers over here to give us liberty. they came to see if continental lists could stand up to the british infantry and when they did, we could slam the brits but
12:23 pm
good with these boys, there you go. >> washington university. >> let's look a little more like what is in it for us? and one of the platforms of trump, kind of like america first. there is an element of what is in our interests, what is the easiest best way to do it for the long-term, sustainable and every problem does not say captain black going with getting a shot at. we have the nuclear issues against prime enemies, peers, this is just me but i don't think the iraqis need f-16s, if we relentlessly look at how to
12:24 pm
do these things in a sustained way and keep the amount of blood and treasure at a minimum and realize many of these issues are going to go on for the rest of our lives in some fashion, why the white house would turn to the cia for covert action, did you ever wonder? if president jimmy carter to be president goes this is pretty cool, and whatever else one can do, whether an issue is way gone, take a look, what can you do, the problem is we have been successful enough often enough that they keep coming back but if you look at the measure of success they solved it. a piece of this country,
12:25 pm
marginally was good enough. i would like to think more like that. and in world war ii, and the tanks of gone by. that time is over. >> can you pick up on that? and then generalized, before he became president, used to say in preparation for battle i found plans to be useless but indispensable and the planning function is different from executing, looking at those second or third order effects, you set up the hardest question, how do we define success? what are the measurements of effectiveness to insurer, we get
12:26 pm
it from a technical standpoint, but not dealing with hierarchical adversaries in the same sort of way when you decapitate the head, not that he would not have his demise or effect on isil, i think it would but how do we start defining success? what are the benchmarks? then allow time for two quick questions for the audience. you have a hard one. >> it is a very hard question. as the french showering flowers. we could somehow re-create that. >> only hire people. >> may be hollywood. >> it is not something we are going to see in the terrorism fight and the reality is we will be doing this for a long time. that is how we start to think
12:27 pm
what success might look like, i go back to my time in office. i would not talk in a setting like this about being engaged from a counterterrorism perspective or risk management, but at the end of the day these types of attacks, and the talking points is a government official but in reality what we are engaged in when it comes to counterterrorism? even though we understand the expectation is 100% effectiveness, no terrorist attack in the united states is acceptable you cannot stop -- on a scale of san bernardino and i am concerned, more sophisticated than what we saw in san
12:28 pm
bernardino. we can discount that risk. that is not an answer to your question. it is a long-term problem. what we would see his slow destruction, the capability, groups like al qaeda and isis and we are seeing that, there are promising points in both groups that we made some inroads that make a difference in diminishing the threat to us but what we see is what pop up in other manifestations because the traditions that give rise to the terrorist group whether it is lack of evidence, young men, that ideology, engaged in a consistent effort to bring all the tools we talk about from the
12:29 pm
military to countermessaging on this problem and my hope is captain black is ready to retire. general black. that it doesn't repeat. the threat is so diminished. >> not just the united states but their allies but it really is trust. perhaps there is additional thinking. ultimately the adversary rocked the way from its own ideological bankruptcy. there are things we can do to facilitate that because it is ideologically bankrupt and when you look at organized crime, what really took down, they lost trust in their own family members. they could care less if the guy
12:30 pm
on the outside is against them but when they lose trust in themselves, i would be curious what does success look like and i promise we are a little bit over our time, a bit of time to allow for a couple more questions. >> superquick, when i was at the white house, we are talking about classified, denmark or success, tracked it in imaginative form. and markers of success moving forward, the inability of a terrorist movement to have strategic impact on us interest abroad, that includes our allies, the ability of us allies, contained and diminish manifestations. to this question, an environment that is hostile to the embedding
12:31 pm
of this ideology that allows it to resurrect, if it is not the problem, that has to be a mark of success and the idea of the american dream and american unity and strength and university, one final quick point, matt's point about risk is important because we have to be careful, we are a resilient country, we don't want to overreach, sometimes it plays -- on the other hand when we talk about things like that is essential risk, the defining factor whether we take a threat seriously or not we run the risk of distorting the nature of the problem and its ability to adapt to threats that become major problems, strategically to our allies and in the next form of the threat. we have to be careful, not
12:32 pm
overhyping it but also not undervaluing its strategic impact. >> they base their actions on our actions. i am reminded of a far side cartoon, dinosaurs sitting around, and we think about the catastrophic bad day which we are factoring in and have events below that that are really bad days and we have to stop the series of bad days, we will go to this one. >> great conversation. a former dhs infrastructure nypd, senior fellow, i want to pull this on a couple statements
12:33 pm
you made with regard to the safe haven, so given this threat environment, morphing adversary, and current capabilities and intend, considering they had the ability to operate in a safe haven where there are resources, i would say potential, what is your concern about existential threat, to european partners, because of this intent and safe haven capability. >> thank you for your years of service. the very real threat that they could grow more innovative in wmd, talk about wmd, the reality
12:34 pm
is they have a unit devoted on the chemical side, don't know what is happening on the bio side, we have seen the surveillance that happened around the nuclear facility. i grew up as a counterterrorism guy in the pre-9/11 days, got trained to assume the worst. from a ct perspective, wmd, and time in space and opportunities to experiment in labs, that is a real issue. the second is a series of strategic attacks, you don't have to huge body counts but if they paralyze europe, and strategic implications, and
12:35 pm
kurdish areas and syrian rebels in the south that are secular, we have to be careful we managed to support our allies that allow them to take the fight on because absent them who is going to be left to guard the gates. >> i might note, this may be a tactic, there are places in europe where the authorities have not been able to engage in any sort of way that they arguably have 2. i think our european allies are uping their game dramatically but their baseline, a lot of them thought it was an american problem but that is not the case. we have time for one more question. >> thank you. i would be curious to hear from you and understand whether you know of any of the international
12:36 pm
muslim communities that are out there, fighting, keeping their young people from being recruited by isis. who is doing that most successfully? who is taking back the sectors and reintegrating them into their societies most successfully? >> to give you a quick answer the uae has taken a leadership role hosting a center that is committed to committing violent extremism, saudi's at least in my time at the white house did a fair job taking foreign fighters who were regretting their moves, used in rehabilitation programs, the singaporean government and the muslim community have the gold standard and rehabilitation programs, radicalized individuals to reintegrate them, put the community around them so they have support when they return to society, civil society
12:37 pm
groups, artists, musicians that are doing a lot of work, and bloggers, to attack the ideology. it is not at scale, funding these things, it requires 1000 flowers approach, flood the field with these efforts and find ways to provide innovative venture capital to interesting and successful models. we don't have that yet and we have got to get there. >> i would agree in terms of resources, there is a lot of activity and a lot of ideas under resources around the world and a very different but analogous sort of effort by the united states where there has been some pilot activities in cities like boston and los angeles and minneapolis to look for best practices across the
12:38 pm
board of countermessaging to work with people who were radicalized. but it is going to require a long time, more resources going forward. >> let me -- >> the pro-plaps from dover know what they are talking about. >> these really are the titans, thank you for your service but also your insight today and join me in thanking you for joining us. [inaudible conversations] >> a quick lunch break. >> 1:15. [inaudible conversations]
12:39 pm
[inaudible conversations] >> and this conference on national security will be continuing for the rest of the afternoon today at 1:15 p.m. eastern time. after the lunch break we will take you back to george washington university on c-span2. from the afternoon events, welcome remarks, and the third panel of the day, how to best organize the department of homeland security, while they are breaking for lunch we will look at remarks from earlier today in the conference, you will find all of today's panels online at the c-span video library but here's a look back at some of the earlier conference. >> what i thought i would do was jump into questions, make sure we save time for the audience to
12:40 pm
engage in the q and a. i thought we would start with you since the president recently concluded that there was a need for a commission to examine cybersecurity issues. obviously the scale and scope is quite broad. what are the priorities you guys are looking at? what is it you hope to accomplish, and what is it you hope to accomplish in a relatively short time? >> the short order of time as i said work to our benefit. the marathon within the sprint, the sprint within the marathon. it requires a lot of effort. the end result is the report that will be delivered to the president on december 1st. the key as the president outlined as the commission has repeated is this is not intended to be a document of president obama's administration, it is intended to be a document that
12:41 pm
looks forward, the new administration used as a transition document on cyber and the general strategy approach to this is looking at the digital economy and looking at the role of the government and the private sector in the digital economy. how these two elements and entities work together, and what they can do in order to do to look at a digital economy, three, ten years down the road. the way i would define what we are looking at is set forth in december a short-term practical recommendation, as soon as that is done, to actually be used and implemented immediately for ways that help and secure what we are going to do as well has long-term ambitious recommendation so we ensure innovation is a part of it and when we look at different themes
12:42 pm
that are possible, how we do that is measured by taking best practices, lessons learned, what we are working with right now is looking at models for how to draft recommendations and it is a combination of what is other, best practices, lessons learned and an opportunity for things that are working but don't have a lot of visibility and raise a platform and visibility on the national level and most importantly, very importantly, the innovation on these initiatives and efforts, puts forth digital economy that we are looking at three, five, ten years down the road. >> why don't we go to you in terms of what is working, what is not, shed some light on where the end kicked fit into public-private partnership
12:43 pm
initiatives and then we will turn to general hoover and hear from the private sector. >> i should begin by noting cybersecurity is a team sport, it could be a law enforcement agency that has to identify our adversaries, we have the military defending dot networks combating adversaries and cyberspace, my adversary, to actively protect federal civilian agencies and help the private sector and help state and local governments that protect themselves. with that we are pushing forward very urgently a few lines of effort the first of which is the cybersecurity act, last december. as part of that act our national cyber security center was established as us government intervention -- enter -- information sharing her between government and private sector. past march are secretary
12:44 pm
certified our capability to share information in real-time within government and private sector is operational. we need to build a base of companies and agencies participating in this agency. last december, really removed a lot of disincentives that were stymieing sharing over the private sector, the possibility of civil liability for exceptions etc.. we now feel the disincentives have been wiped away by this new act. now you can figure out the positive incentives, how do we in the government so added value for cybersecurity information sharing but see benefits to their security and bottom-line to participate. i also note the cybersecurity commission, a significant role in promulgating best practices across the nation and figuring
12:45 pm
out how companies should best evaluate the relative cyber security posture and measure progress and our foundational document for that is in this cybersecurity framework but we want to figure out how companies use the cybersecurity framework to invest in targeted measures that show measurable quantifiable reduction for cybersecurity risk. >> if we are focusing for the private sector in these two key areas, how to demonstrate private-sector value of automated cybersecurity threat information sharing and how to promulgate and measure the effectiveness of best practices being adopted across the private sector. >> when you think of the national guard they embody the citizen soldier. we can look back to major crises
12:46 pm
and recognize the guard ways in mitigating the consequences of these attacks but where do we see the national guard fitting into our overall cyber security equation and what more can or should companies and local authorities -- >> a couple things. the days of putting a lot of money into cyber to build a wall are over. the firewalls, and the federal government plays millions or billions of dollars on building a wall and only one person on our side of the wall does something really stupid to take down the system. we think about cyber and what cyber means, however you are looking at it, and the public/private partnership.
12:47 pm
and think about risk management, the guard in a unique position through citizen soldiers, as part of that, we are fielding cyberprotection teams in all of the fema regions, both on the army and air side we should have those teams in place, these units are in active duty status under the control of the governors and all 50, in the district of columbia and territories that are available, we are there to augment the dod mission and army cyber command, but more important there is an asset that is unique and as we move forward and think about the future for cyber and how do we do that in partnership, the guard has unique capability. >> i want to pick up on a couple
12:48 pm
points in a little bit, but how many companies went into business thinking they had to defend themselves against foreign intelligence services, nationstate threats, how do we translate the nouns into the verbs? what about the companies you represent to try to make this real, and is it about consequences or perpetrator actor, what are your thoughts? >> a bunch of things general hoover said that i want to pick up on, you heard the word partnership over and over, that is the way we are looking at this. to your point, we can't do this alone, we don't have intelligence gathering capabilities, we don't have law enforcement, we don't have a national security mandate but we are a target. what we look at in terms of partnership, there is a northbound partner, government and industry working together and privileged to serve as secretary for the coordinating council which just yesterday
12:49 pm
brought 30 plus ceos together with government officials three times a year, doing a great job, to actually do things that advance the cause of security, deploying tools and technology the government has, the government has pretty cool toys, we want those on our systems, improving sharing of information making sure the right people are getting the right information at the right time. i talk about north/self-government industry, east/west is important as well. we the electric sector because everything runs on us are often looked at as the most critical of the critical. we don't have water, can't generate steam or cool our systems, don't have tele communications, can't operate, transportation or pipelines, can't move our fuel. there are a lot of ways to impact the electrical grid short of attacking the electric grid. find east/with partnerships. the last part, proven technology, information sharing partnerships, response and
12:50 pm
recovery. so much we can't firewall without this, you build a higher while they will build a higher letter, you want to make the adversary build the letter but we understand security is not just protecting and defending but respond and recover. what can we be doing today to make sure that bad day because it is coming is not catastrophic? how do we manage the risk, how do we put the risk, how do we ensure we have a short outage as opposed to something more catastrophic? >> i don't want to end or belabor this point because if everything is critical, if we had 16 designated critical infrastructures does that mean nothing is critical? how do we actually get to the point where we rack and stack, prioritize, the energy and electric, it is the most critical because without the lights we would not be able to
12:51 pm
be here today, how do we start thinking about that? >> there genuinely are, there are lifeline sectors, strategically valuable infrastructure sectors, knock it down to 5, energy broadly, electricity, transportation, water, finance, innovation. there is a lot of wisdom in that recommendation. i will say three sectors, this is not a knock on any of the others but they have been subjective attacks for so long, electric financing and communications and because of counterparts that i have i can say in each of the sectors those partnerships are developing at a really rapid rate to the benefit of security of each of those sectors. >> looking at interdependency between various infrastructures, looking at it from a private-sector perspective, by very definition you have to
12:52 pm
provide holistic responses. where do you see things playing out today, where do you see your greatest focus in terms of meeting clients needs? >> from a personal perspective on the private sector on the public-sector side, the real issue is in the midmarket. in other words, midsize companies on down need help, they don't have the resources, the assets. my company's privilege to work for the department of homeland security to monitor, critical assets and mid to small sized companies that are important, utility companies, small banks, county government and so on, what we typically find is within four hours they are in the door intoning the keys to the kingdom. the soft underbelly concept is the truth, if you look at where the most risk is that exists out there the big companies have the
12:53 pm
assets, the resources, the funding, eight of the top ten banks work effectively with the government, the intel sector with the department of defense, classified information wanting to be brought to the private sector, the real issue from what i see as relates to public/private is the public-sector is trying to work out risk associated with the midtier companies out there and can't keep up so the program we have is we work on behalf of dhs and we are not able to go after the list of energy companies that need our help to scan because we got to wait for some supervision to support us to go out on the field so what i have always thought is if you look at the overall risk where the public-sector assists the private sector in the mid tier and instead of assuming one individual from the government can supervise contractors in the private sector to go take care
12:54 pm
of their own there needs to be some type of innovation meaning there are not enough folks with enough talent to do the job of keeping watch over critical infrastructure so if it is the national guard leveraging the assets that are in the field, i think that would do a great service to this country, if you look at who you attack, it doesn't take much to figure out you go after the easy ones that are plugged into the big ones before you know we have a bigger problem. >> we have seen incident after incident after incident highlighting precisely that concern, if i were to rack and stack the critical infrastructure, financing and banking is at the top. >> local banks are the folks that control money, you have bank of america, they have the resources but not everybody banks there so community banks that own a lot of assets, brokerage houses that manage
12:55 pm
billions of dollars on a daily basis have basically no infrastructure in place and no support to do anything. they worry about the audit they are not adequately protected and that is where the program is helpful. there are a lot more folks that need help, the resource issue is getting the cavalry out there to support it. if you were to ask me the one point i was hoping to make today from public/private perspective the big teams, the high-level financial sector, the energy sector, they do a good a job as you expect in terms of information sharing. if someone has a problem there doesn't seem to be an issue picking up the phone and calling their counterpart on the other side but for the midmarket forget it. there is a very vulnerable exposure in this country and whether it is dhs or the national guard i believe there
12:56 pm
needs to be a step up effort to support them and they are begging for it. >> even the most critical of our sectors, credentials, compromised or central bank, it is getting down to that supply chain third-party vendor and many others. >> it is as secure as they come. i have been in this industry 20 years. it is a hard target to get and they got it. at the end of the day the mantra is if they want you they will get you. that is what happened there and at the end of the day it wasn't a technology issue. it was someone making a phone call that didn't get received and went ahead without an approval that cause the whole mess. >> scott raises an interesting point when we look at cybersecurity and initiatives, we often think large companies, we also think where the resources are but any successful effort if you look at the framework and our intent with the commission, look at small
12:57 pm
and medium and large businesses. when you talk about supply chain and in general where critical infrastructure resides, it doesn't always reside at the largest level and if you are a small water company in the middle of the country you are critical, more critical than a lot of big companies at that point which is another reason we were having a conversation earlier why the national guard is a tremendous resource for the citizen soldier to look at how the day job with the government, we have the access point around education, awareness and knowledge, we could be utilizing a lot more effectively when we are talking about where our cyberefforts are going to be in the private sector. >> the other thing is not only private-sector but the public-sector we see quite a bit, small agencies and departments as well so whether it is the term of the day in terms of certifying the private sector can support the security
12:58 pm
service model is very common in the private sector. what it comes down to is the staff, just as receptive to doing it. there might be midsize companies in the private sector use the government's help at a minimum to tell them where their problems are. what i have encountered personally is there is a need for the smaller agencies within the government to consider looking at the private sector to help manage their security. you have some certifying products to ensure whoever the managed care service provider is can ensure they meet standards necessary to support the government. something the feds ought to consider and big folks have what they need. smaller folks are trying to do what they can and the private sector might be helpful in that regard as well. >> i am not sure even the big folks have exactly what they
12:59 pm
need. >> i take all your points and i think there is another level we are missing that goes back to my opening comment about what is cyber and cyber is whatever you see it as when you think of the elephant, everybody has a different view what the elephant is to describe it and another segment out there may be many of you in the audience are just like me who lost your data from opm. cyber, to the individual at home on their computer working on their bank information got hacked or their private email got hacked it is an issue for them as well and that is why when you think about this cyberdefense or active cyberdefense it has to be a partnership and has to be a whole government approach and has to involve the private sector because we are all in this together and all facing the same thing and we take it back
1:00 pm
to the guard, we have airmen and soldiers who in their day jobs do cyber for a living and when they go for their drill weekend they put a uniform on we think they are pretty uniquely qualified to partner in state status to support the governor so also support dod and army cyber and air cyber in the mission but it is a huge whole government pro book -- public-private partnership but down to the individual sitting at the computer at home whose online banking or using a smart appliance that all of a sudden starts talking to you on their cell phone when you walk into their house and think about that, that is what cyber is about. ..
1:01 pm
this group prioritize where we are to be thinking from the capability standpoint and also from a likelihood standpoint and then a little bit on the ttp's or the tactics techniques and procedures. we seem to be chasing ran somewhere, we seem to be chasing the dos that distributed in-house service. issues seem to come into flavor and out of labor but if we were to actually start looking at the threat actors and some of the cpps they are engaged in how would we reconcile that? >> from the point of view of the h come on really interesting characteristic of most of the major cyber security breaches from otm on down over the past several years is those adversaries have actually exploited known vulnerabilities and very commonly ttp's in order to
1:02 pm
actually reach the organization and exfiltration or degrade data.even ran somewhere, the way it ran somewhere is infecting its host computer is through the same kind of vectors we've been seeing malware deployed for years so at dhs, we are seeking a generally threat active agnostic approach because what we've seen is even our most sophisticated adversaries are still breaking in using the most ample and common issues. they are exploiting unpatched software operating systems, there exploiting users who click on fishing emails. there exploiting unauthorized privileges for privileged users and so at dhs what we are trying to evangelize is if organizations deal with the basic blocking and tackling of cyber security, that's going to force our adversaries to invest in more complicated attacks and if we can devote our cyber security human capital to combating
1:03 pm
those sophisticated attacks and just deal with the rest by doing basic cyber security hygiene, that will put us in a much better place. >> direct i want to pull on that because i think you are spot on. at the end of the day at the time of the breach in most cases you don't have the attribution or the smoking seaboard we are looking for so you don't know behind that clicky if you are dealing with a nationstate or criminal or disgruntled employee or someone with an ax to grind of one sort or another. but if we can get to the point where we devote limited resources that the government has to the high end correct spectrum, everything else below that domain in the private sector, we can probably calibrate our efforts a little better. do you see that happening anytime soon? >> it is certainly the direction we are trying to go in and we're going in that direction in two ways. first of all, those in the private sector, we have been and continue to focus on the infrastructure that could lead to either is go manifestation or significant degradation of security or national economy. certainly we are trying to
1:04 pm
segregate those assets and systems that could lead to the most military effects but of course as scott noted, the inherent interconnections and interdependencies of within sectors make it very challenging. so we now need to go really the sub asset and subsystem level and understand what are the vulnerabilities internal to a critical infrastructure that could lead to these effects. within government. we need a new approach to how we prioritize our cyber security intervention. in the past we've taken an agency by agency approach and treated each agency relatively equally. where now transitioning to a new approach as promulgated by the president national action plan where we are focusing on the highest value data sets systems, assets within government that if degraded, the otm database being one example that if the grated would lead especially severe consequences.
1:05 pm
we are doing this because as scott noted correctly, the cyber security capacity of chs or any given organization is inherently finite so we have to find focused on the most significant consequences for and in so doing, we will at least reduce the likelihood ofthose most significant or catastrophic events from happening , i would go with you in a second but this gets too many conversations we had in the past in terms of actor consequence, in fact but let's use this also as an opportunity to and lighten some folks on some of the lessons learned in the ukraine. no state actor worth their salt is going to spend the money footprints back to the kremlin for example but they are using proxies to engage in this sort of activity. how should we be thinking about this? a couple of things because i want to, both eric and general huber had good points and it's rare you get government and industry
1:06 pm
sitting on the same state effectively finishing each other's sentences. these are the kinds of issues . >> i'm certain of that. >> need to be more provocative. general huber talked about this eloquently. what does it look like? and sure, i care about this this side attacks. my company certainly do not like the reputation risk or friendly what happens to their customers if credit card data or personal data is breached. we fight to prevent that from happening just like every other business in the united states is doing. what i'm focusing on both on the sector coordinating council and just with my day job on behalf of the industry is looking at the operational technical side attacks so the elephant to me looks like those things that are cyber incidents that have physical implications and one of the conclusions we came to although i am glad that cyber over the last decade has gotten everybody's attention because of security of critical infrastructure is important and can be done from a keyboard across an ocean. really what we are looking at is, you are never going to
1:07 pm
have cyber attack that doesn't have a physical implication. you're never going to have a physical attack that doesn't have a cyber implications so i look at it a lot more holistic leak and in those 24, 72 hours following an incident like in the ukraine, you may just not know so so much of what we have to do during fog of war is understand the implications, power is out. respond, how do we respond to that? now to bring it into what happened in ukraine, look, people wanted to make the ukraine incident, this was an eye-opening experience for the north american electric industry. it was not an eye-opening experience. we knew that this is the kind of incidents that could happen and had been preparing for many years. that's not to say we are going to take this incident and learn some really good lessons from it. but it was not some moment where oh, i didn't know that could happen. we absolutely did and we been
1:08 pm
preparing accordingly. i think the biggest thing we have learned out of that is ukraine had some benefits that we may want to start to apply here in the united states but they also got some drawbacks. they have a much safer grid than we had here in the united states. we do have mandatory and enforceable standards to the point where eric was making, those sort of nuisance attacks are the kind of things the electric grid in the united states, north america is particularly good at obligating. what they had in ukraine is the ability to operate manually. we've had this rust automation over the course of the last 15 years or so. on some level level almost blind to the security risk we are creating. there's a paradox here. it is good we have automation and he gives us better situational awareness but it also increases the attack
1:09 pm
surface. are there things we can do today to go back to my original point, are there things we can do today to be able to operate manually? in the event of an incident? to go to a degraded state simply to keep the power running, understanding it's going to be in a less efficient way. those are the kind of big decisions that we are taking as a sector and in partnership with the government to begin to planning for those incidents that could have an impact or a longer-term on the grid. the second thing we are doing and again, this is an experience coming out of the ukraine, we have a filter of mutual assistance. you seen it all over the country. when there is a weather event, you got bucket trucks and cruise all over the country on the affected area. can we learn some lessons from our mutual systems culture in the cyberspace and in fact we are building out a cyber mutual assistance regime

5 Views

info Stream Only

Uploaded by TV Archive on