tv Key Capitol Hill Hearings CSPAN May 25, 2016 12:00am-2:01am EDT
it was very important that we did that. it was good to have some discussion with folks working on the issue of implementation, companies are starting to get used to the notion of sharing, they're getting used to the notion that if they do share them they get helpful tips back about things they should prepare for a watchword. there's more to do and we need to talk about ramping up. i do think these areas of further development of doctrine, grappling in the correct way with the privacy security balance and then getting over some of these at budgetary malpractices so that we can make the investments we need to people and systems are the next beyond information sharing that government should tackle. with that i'm i'm glad to take a few questions before i head up, we have a committee hearing in born relationship to prep for the visit, india does more military
exercises with then any other nation in the capacity for good cyber part of, if you thought about someone you would want is a cyber partner, india would be a fantastic cyber partner. there is a lot in that space. we'll be caring for that discussion in that hearing room in a matter of minutes. but jamal i'll take a few questions. [applause]. >> let me start i'm going to cheat a column my boss, because since i know this is dear to his heart, he and i fight about this all the time. >> first, that was a superb speech, thank you for doing that. let me ask rather, the hardest part we see is how do we get congress to get an integrated view on an issue that cuts across all of the committees, i think the hardest thing is we have seen efforts by different committees about the stovepipe
nature and it seems to be blocking us getting an integrated view. what can we do about that? >> that's a great question and you're going to have panelist asked them that same question to because i want to hear what they say. that is obviously an issue. we had an information sharing bill on the floor a year before but cut into it because the committees of jurisdiction were arguing with each other about what wait a minute you put it on the floor should've been us or we should work together. so the stove tight hurts us. were not not talking about just those committees. the foreign relations and the appropriations it's very critical they be involved. this is a topic that cuts across domains. it's one of the reasons why i like the warner mccall approach because it will develop, the idea of the commission i think i read this right that it's not just about encryption. were not
just trying to solve the encryption question it's more about the look at digital security questions and digital is key from other stakeholders. so if we rush in to be in about a solution because the apple fbi case has grabbed everybody's attention as we should we rush in to be in of the solution to that issue and we look at a narrow gauge will almost certainly approach it in my view in a sideload way that will not give us that integrated look that it needs. that's one of the reasons i like the warner mccall approach. >> please introduce yourself of your questions. >> hello i am david smith of the guardian. also what relationships you have in the moment with companies like apple and google, a little bit too confrontational, and do do it in a way that you can mend that and incorporate with them, and secondly if asked about would
you like to be vice president, what would you say. >> well i'm hoping nobody asked. so. so let me ask your first question. and you said if asked, i'm just so but nobody asks. on that, it is it too confrontational. senator warren says this, marks on intel and most of you know mark meyer very close we've known each other for 35 years and one of the virtues of be in the two senators from virginia as you do these committees and all do these committees will do those. he's an intel, banking and finance and i'm foreign relations budget, they put me on the aging committee, i don't know why, just recently. but marks pitch on apple commas of both sides are claiming moral superiority that is above their actual moral stature. so there is some tough rhetoric back and forth and the apple fbi case is the case that the law school professor would write.
it has all of the features that the law school professor would write for the exam. those features that make it incredibly compelling for the fbi case that there's a phone that was used by people who are actually used to buy someone carrying out an attack. it's owned by the county that said we give you permission to search it. the facts militate for the fbi's point of view but when you dig into it you really get into, even if you're strongly supported the security parameters which i am, the entire notion of get backdoors into encrypted systems that could potentially chase users to other companies to other technologies that would then end up hurting the law-enforcement effort. so there is not a come plea black hat in this. i think we should just defuse
that rhetoric and really grapple, with nuances that can change. one of the things about this area is that we are almost guaranteed in a solution that we come up with to do our best effort and then still find the world changing around us and have to revisit. again, i would go back on your question about rhetoric to the point that john asked me, that is one of the reasons i like the warner mccall approach. i think it'd stakeholders from different sides from the table is more likely to tell congress to do the important thing rather than react to one dramatic case and either miss elements are over correct. >> time for a couple more, maybe one more. >> thank you senator my name is mark i'm with the german marshall from the united states just on the other side of the circle here. my question is coming more from a transatlantic perspective, what opportunities what opportunities do you currently seek to rebuild that trust or to the bridge that goal
that exists between the united states and europe, a one on cyber security of the data security. >> honestly the trust was damaged at least spatially after the snowden publicity. some of the distrust was public-private stations by people who were aware of what was going on but, another nevertheless it's real and there's need to rebuild it. the underlying issue, the revelation that brought to bear and spotlight on this issue had to balance the security or privacy issues. we look at some of the issues differently, but i think the gap between the u.s. analysis of these and our sensitivities to the privacy of the sensitivity side and european sensibility to the extent there's a gap at i think the gap is closing quickly. obviously, and tragically
european nations have had to deal with some very difficult situations in this face of terrorist attacks and not just europe obviously, not just paris of brussels but many other places, we will know what we know about the egypt air flight. i think as more nations are seen the security versus privacy challenges in the same way that we are, i think as security issues become more equal some of that, it's not necessarily that creates a trust but it creates a shared sense of mission for getting this right. even though i cannot think we have answered the question as i mentioned earlier that nato question we still have work to do to make this a decision of when a cyber attack would trigger a defense to operation. there is work going on within nato, cyber, cyber security cooperation between nato allies in the united states, that has moved
forward in an accelerated pace, that is probably helping. sadly, the security realities of the world are probably bringing all of our sensibilities a bit closer together in terms of the urgency of answering some of these questions. >> how about one more in the side and then we have to let the senator escape. will with the gentleman here. >> i'm with the university of southern california. let's go back to the 15 person panel that is being proposed, might that be a way of addressing the stovepipe issue and might one of the outcomes be a recommendation for a joint committee of some kind of the house and senate? >> possible, so if you've heard the question, it is possible that the solution might be some sort of joint committee.
i have proposed a similar joint committee of the war power consultation act that senator mccain and i have been pitching to replace the war powers resolution of 1973 would establish a buy camera buy camera bipartisan consultation committee that would be impermanent dialogue with the executive over hotspots that could develop into needs for military action. that could certainly be a possibility in this one. i think one of the things we need to make sure is if i'm going to remember this right, think the mccall warner proposal was 15 and eight by the house, it by the senate, one by the president i'm trying to remember if there specify disciplines that need to be included. i think it is important to get that right because we want to make sure we have the full group of estate holders, privacy advocates, business leaders, academics, you want to make sure that you have the full range of expertise
around the table. but, the larger issue they are going to grapple with is not just encryption but digital security. if they would identify and i can imagine that they wouldn't stoped piping as an obstacle to digital security you would expect that they would make recommendations to help us get over stove piping. as you know it's not just an agency thing it can be a congressional concern as well. we have to think of ways to get by that. that's a good thought for what one of the charges could be. you really have a good panel coming up, these are the real experts after me, thank you for let me, kick it up. i look forward to following and getting a readout on what the panel puts on the table. i look for to continue to work with you and thank you for including me today. [applause].
>> julia siple speech by the senator. by contrast the panelists to come up we will get started with round two. >> this is an easy panel for me because some of them are old friends. i'm thinking if i introduce them the way i know them it will probably sound drawing. let me introduce people quickly will have the bios on the website. in the order there are mindless, anti-, senior director of cyber security policy with the nationals go to counsel. we have two aunties, they both have the same job which is a little confusing. before that he was a senior advisor for technology policy and policy at commerce is very effective there and hearing some other people including secretary he was a professional staff member at sci. after him we have kiersten
duncan, committee of homeland security, she is pinchhitting, for some reason the other speaker from the committee had to go to a meeting on tsa. i do not know what might've happened today out of culver secretary johnson have an emergency meeting, in any case we are grateful for you in here filling in. she handles cyber security infrastructure protection for chairman mccall, she works on cyber security in science and technology issues and most importantly for you in the room, she was at the seal of approval for the government. so so thank you very much for filling in. and yasmin sitting next to me is an old friend, his cyber security for two decades, it's hard to believe he must've started when he was six. he is currently the assistant security of cyber security and communications at dhs where he has a budget of more than 1,000,000,600 and place. that's like real money.
[laughter] he leaves the federal efforts to respond to cyber security prior to that he was also the senior director for cyber security at the white house and you probably know andy best friend that role was the executive order and critical infrastructure protection that resulted in framework. he is that rarity in the discussion of cyber security, someone with a phd in computer science. so that's very rare. finally we have tom mcclellan, director of director of national homeland security policy and governmental affairs. many of you know tom from his previous work at nga and the national governors association where he helped reorient that organization to think about cyber security. he led the the research center for state cyber security there and has worked on
issues as they relate to the state level and to cyber security for a long time. so a great panel, what, what i told them we're going to talk about -- what is it called. >> cyber security national action. >> and i have to admit when i first saw this, i thought geez that's ambitious, kinda bold to do something but as i look at it i think it might actually do something that could work. we'll we'll see, they have six months to deliver firm deadlines are usually bad but this time it might be good. what i'm going to do is we're going to go through the panel quickly and asked people what they think of it if you could
take just five minutes or so that could lead into questions from the group and a few others. quick kristen would you start. >> thank you for having me here. i appreciate it. let me begin by saying these are my words of mine alone, not representing others here. so this is an interesting endeavor, reading it over again between cyber incidents, one of the things that we're looking i'm looking forward to is the cyber response plan. at something written into law several years ago, as you're probably aware chairman mccall has taken cyber security is an issue for the last several years , when i was working on science committee had the pleasure of working with him first on the cyber enhancement act which codified the framework and the scholarship for service program, view things we've already discussed here, also cementing this of workforce issues, getting engaged with national science foundation, dhs and scholarship for service.
that same year a number of other bills passed to authorize and to put into place a workforce assessment for cyber security across dhs. and provide for more hiring at dhs to make sure that we could bring up the cyber workforce. so i think seen that we had the ability to build on a number of efforts that are ready underway. i think one of the elements is a mention is a cyber response plan. i look forward to seeing that. i think right now states, locals we had a hearing last month where a number of police officers in texas came in spoke to us and talked about some of their plans for cyber and other training opportunities that they might be aware of for cyber.
were doing another hearing today at 10:00 a.m. to build on that was state and local issue. i think that response plan will help prepare all around. >> great. thank you. andy. >> so the president announced the plan in the budget rollouts, it looked at within seven years of effort by the administration to reserve cyber expenses, disrupt activity in cyberspace and enhancer incident response capability. i thought i would spend a few moments of focus on under the banter of race national defenses, two pieces, one is providing tools for the private sector and help them raise their defenses, second is the federal government and cyber security, i want to focus a minute on that
because it's really important and be it does not give nearly the attention that it deserves on floor such as this. last but not least i senator cain did an excellent job looking at issues that were thinking about from a federal cyber security perspective and also the president asked the commission on enhancing national cyber as well. on the federal side of this is where the connection to information sharing becomes clear, as you know this threat poses unique challenges many of the targets are in the private sector, be it financial information, health health information, and that means that combating this threat requires collaboration both in the private sector and with the government. with respect to information sharing, i'm a slave from sharing has been a priority for
this administration initially focused on governmental sharing, and out of the c&c i work. password to december of last year and a cyber security bill, it passed this surreal elisa deeply involved beta versions that allowed the hill and the rockefeller legislation for those of you who remembered in 2013 or thereabouts. since then, and this is another point passing the bill is just a step in the process to building our capabilities to both share information with the private sector but also receive information so that we can better understand the threat environment in terms of support with the private sector and
other entities. we can get into this and a little more detail but were focused right now on capability called automated indicated sharing also known as the portal response for those are familiar with that phrase. we are finalizing clear and transparent guidelines that accompany individuals on how to share information through the port, the first draft of these came out months ago and andy's team is done a tremendous tribe of getting these materials finalize for public release and published a congress that month. so i will leave it to andy to talk and elaborate on that. maybe offer a few observations of how this debate on sharing has evolved at least in the six or so years that i've been involved. so we go back to 2011, 2012, i
perceive at least the reaction from the q&a a widespread sentiments in the industry that info sharing, but only we could share more information with each other and the government could share classified information with us will be able to defend ourselves adequately from a full spectrum of cyber security threats. today i think that coexist in some quarters but i think it's much finer appreciation in the ecosystem, that that effective use of shared information has numerous dependencies. for example you have to know your network. it's a basic thing but if you don't know your network how can you possibly put information to use. i was lead night to know how to deploy information. you have to know which information to focus on and which is simply noise. so today it seems to me that the main barriers to information sharing are perceived as these
liability issues, obviously the legislation helps clear many of those away. so now were left with barriers such as business, things like the cost the maturity of a risk management program to be able to use information in a productive way. i think were really see in this and i think this'll be a challenge that we all need to work on both the government and her friends in the private sector is trust. entities won't share information if they don't trust that they'll use it responsibly, use it for the purposes that both sides agree to the information will be protected from unauthorized use. so the big question on my mind is what can the government do to
further build trust among the private sector that sharing information with the governments is worthwhile important endeavor in what i turn to andy, jim if you don't mind me following up on. >> so yeah that'll save me some comments. will do. >> so i think it is useful to highlight where we are on the automated indicator of sharing because as the other andy pointed out were like a twin act here. and the nab. we actually started this work in 2012. we are very smart people in my team, one of them is in the audience, we said we're going to need to share indicators in an automated way. there's no way that we get the volume of information we need from the government to the private sector
.. again unless we can standardize and automate this. so we had to have standards. dhs led the development of two standards those two standards are what have enabled us to implement the legislation today. we started that work in 2012. we handed the standards over to a standards body oasis last year, normal industry is now taking them forward. in 2014 we took the standards and we said we needed to pilot it so we work to the financial services sector and set up a pilot for sharing indicators back and forth. it and forth. it was very successful. so successful the one-off company to productize and sell the product, the outcome of this pilot. then of course we worked with congress and the folks in this room to bring about the legislation. i really think the congress for cyber security act of 2015. the private sector company gave liability protection for sharing the information with the government. we formally certified our system live on march 16, since then we
have gotten about 30 companies, federal agencies, agencies, state local governments, part of that system for growing by hampel accompanies every week. we've shared thousands of indicators today but obviously where in the early stages of that system but it is working, it is five, people are receiving value from it already. what i would say is my charges to you it the audience is that the only way we collectively succeed with this system is that if we all put information in and take advantage of information that's in it. so my message when i'm talking to companies is that we built it we've given you tools we've asked for, i need you to join a chair back with us. so that is really the next stage of where we are on the automated indicated sharing efforts. a brief comment, a lot of people are confused about dhs role government. the analogy i've settled on is that i think with diverse ever
cyber incident has been arson in the world real world. then you want a firebrand be there and the cops there. we. we are the firefighters in that scenario. law-enforcement has is hugely important role, fbi, secret service, and all the other federal law-enforcement, but you also want to firefighter there who is concerned with, let's put up the fire and let's hope you rebuild this building so it's more resistant to fire in the future. so we had this the future. so we had this role at dhs and vibrant cyber response where we help victims, whether their companies of the government find the bag resident network, kick them off their network and rebuilt to be more secure. we are not law-enforcement although that is an important role. our only customer is the victim and our job is to make and our job is to make them more resistant to future attacks. as part of that of a former firefighter and my team and he said how much time you spend fighting fires and he said if you rounded it it would be about 0%. i said okay what's your goal and
their goal is not to be fires in the first place. the messes same thing with dhs. so in addition to doing incident response we share information, and we propagate best practices to help companies and government agencies not have instances in the first place. this automated indicator sharing is a key part of that. it sharing information to prevent things from happening in the first place. >> great. so csi is, please thank you for being here has been a longtime senior but we go back a long ways. i'm i'm the private sector guy here and i work for a company and we work do incidents response. we also do services, the big move to argue to field the challenges with work shortages and so forth. i'm also a late addition to the panel so i'm gonna focus a
little bit but also some of the challenges with respect to information sharing. so it will help understand my perspective, i've spent 16 years years working on the state level with governors working on cyber security. also it was integral with the development on the development of the joint action plan so i come from a state policy background with some of this overlaid view of what the threat environment looks like. i have a four opening comments with respect to seat up in the information sharing. the first is, in general the traditional approach that we got in this country and elsewhere really is not working all that well. i think we really need to rethink our posture, we need to rethink our capabilities and i think the information sharing bill is a step in the right direction.
you have to keep in mind that the f series are radically every day, every hour. so it's just like hygiene. it's still important but we have to get more active and more proactive. we have to get out the network and begin to hunt. i i think some of the steps that we have seen in some of the bills in the past will help get there but not getting us there all the way. i i think there's a big step to get out there. it's a proactive defense. >> ..
transit capabilities. civic the third thing to mention is about privacy and in this context is in the expectation of privacy but as companies begin to contribute of the arrangements that are out there with the privacy or the fair use of information and lastly information sharing is not enough is a step in the right direction there are inherits challenges of the more information that is out
there so the question is it has to be actual so how do you pull all those indicators to turn something in into something that is actionable? with respect to information in sharing sometimes they know you are sharing in they will change their tactics or techniques or procedures not in and of itself isn't a component but we've recently announced the launch of the informational and sharing network so we could value that notion of sharing about what is next?
>> looking at these that would leap out to me with that debate we have been having since 2012 and that is ancient history seems like forever so we found our assurance and the interesting look with budget hand minutes services we don't have time to get them all but a want to see what the panelists thought. budget is always a good one in washington with 18 of -- the 80 billion additional dollars.
>> anybody want to take a firsthand? >> the one key element is the proposal that we offered last month for the modernization fund we really can separate cybersecurity at the end of the day we don't do that but to support reliable i teetoo serve to our customers. and dad is shorthand we have a long list of legacy that is put across. in the systems were not
built with cybersecurity in mind. and it is more cost-effective from a budget perspective especially with legacy in five years and is cheaper to replace it today into rapid in bubble wrap but to basically a identified the systems that they have to be eligible to replaced so the doctor mentioned the congressional and go and to the way we do
the cybersecurity budgeting that has that same congressional jurisdictional challenge that is more strategic thereof was discussed meaning one of the goals was to encourage him push it incentivized because they are more efficient from a cost perspective or from the cybersecurity perspective the challenge of that right now with the i.t. budget is authorized and appropriated and how to get to that problem. so asking the president cybercommission to look into.
>> and bin to finally see the government stop using windows 2000. [laughter] >> the reason kobolds. [laughter] did you hear that? they are still using cobal. [laughter] the i.t. modernization fund. they're running a legacy i.t. system it cost a lot of money to keep a running back congresses and reluctant to give me money to buy anything you want me to run the old thing bin replace it in that does not work when you replace the big systems it cost a lot of money to run the old one. now the idea hopefully with
savings for that period of time that is obviously the approximation. that intended to bridge that with the i.t. file and is with the current budget to give a long to build the new system. that is a pretty novel approach from a budgetary perspective but it is a huge improvement the leeway to replace these legacy systems to run the old even as we build the new. >> from my perspective and how that was implemented. but also the growth and
strengthening of feinstein the we have not talked a lot about and to arrive the tools that are readily available. bin to make sure those tools are flexible and dynamic internal stagnant. to grow in the implemented it to be accessible within the federal government. >> that one of the things my role is to educate states policymakers.
it is it we go biphenyls but you by infrastructure. and with that overall i.t. budget is set to a 3% but there are reasons for that. the question for budgeting raises awareness and as you buy these things or develop them. the perception is howard you leveraged to the development and implementation. the idea of the industrial base through several
security. and how do look at that at a very different way with the relationship between locals and hierarchy? >> let me start by saying in a lot of fuss with opm in to-do's cybersecurity and against then you have the people's liberation army. it is easier to say they and to do. here are the applications that are running.
it to wells will manage services? even commercial contractors? to talk about minister misses the level stress at this point the word f. >> but to answer your question is it another agency or dhl us? and that's a minimum to approaches from a dynamic perspective with a wave of a magic want by the witch is
the most common ways for bad guys in there and you will go a long way toward reducing tax burdens. it and to have that centralized provision for other agencies. by the one closest to my heart is a diagnostics and mitigation in program that is partially accelerated and that is the way of the insight to their network so that is the perimeter protection in it is three things.
a new approach to acquisitions and governments and capabilities. if they need security tools we will buy them security tools but not how. we brought together all of these agencies and this is a common problem. they have to tie those together. into have a coherent picture and that is the acquisition approach to help us run the acquisition will have grouped agencies into buckets every agency gets a different suite of tools.
but also having they integrated outcome. of how the risk to be managed across the federal government. because they get dramatically cheaper with the integrated roll it is a win for everybody involved. >> so to go back to that notion where a minister of this can be most useful so those who are working in an agency of those 400,000 times we have been hit today
what is the most important? maybe one or 2 percent ahead if you can help them with those capabilities to say i have 400,000 but only to our important then to contextualize. wide is that go along across the world? >> to see that outcome would be very interested. >> does anybody have a question? go-ahead. >> is there any effort going
on from the federal government or the association instead of doing discreet individual systems? >> that might be a cloud question. there is a few the answers. the government putting place the program of the program to make it easier for the government to use cloud services and the idea it is that agency does its own security assessment. is that sufficiently secure? do you really want 20 agencies testing the same?
that i will use this that you provide in the cloud it doesn't make sense for all these agencies to test it. i will test it wants but look at those outcomes to make a different decision may be deficient but they will not read do the test 20 times there is a way to mccloud services available. is that perfect? of course, not but udc agencies taking a vintage me on the intelligence community side to use commercial technologies on civilian government in through this process they get more efficient. >> where is the data held?
i think clouding is coming more and more land is dependent on the state of how they need to protect that information and where it is stored. >> how does the federal government managed cybersecurity? to private-sector best practice how does the federal government stack up? it now seems to be different from what agencies are doing >> one key difference is the government severs security is centralized even for those that are barely
autonomous with the oversight that is significant we're still fairly distributed in the government with the legislation that was passed to strengthen the department level but comparatively speaking we're still distributive from the government's perspective. >> i don't think we are that different from very large private sector enterprises that our large scale better not technology companies they're often ahead of us that is probably a few years behind the private sector but they are not dissimilar in their approach to.
>> in with those remedial players. in this gets back to the government's point in there are budget issues are that we talked about earlier coming into play. and that is a real challenge the city's unique to the federal government. so i always caution against the federal government with the private sector.
but annelida is apples and oranges but maybe oranges and mandarins. [laughter] >> there is no way in hell i will compare with him sitting right next to me. [laughter] >> we do risk falling behind but that budget you cannot go below that amount absolutely. >> and the degree will come to the infection point for the private sector we're moving hand are years away from that. until there is more parity.
not every data system has the same value to weigh on how much the dollars are spent for risk of. >> when the president thinks of himself as the ceo of the federal enterprise to be interested at his ability to manage and. we will see if it works. any other questions? >> i have the question on china is headed states was about to put a sanction on china, and recently with
government on many issues. and is one that ought to keep happening. >> i will say one positive thing after the agreement looks like russia is getting more attention. >> we know that cyberinformation has value i have the business models to manage cybersecurity. i am wondering what is the business incentive to share with the government?
>> you need to separate those said to have a business model or cyberthreat information it is a lot of value so a few are the eppley corporation you're still learning valuable things every day in indicator sharing system switching the lens to the cybersecurity in congress will have an opinion on this as well what i hear from them as they realize the indicators will become monetized. talk about the it address from the malicious computer
they are becoming pretty widely known but the business value is not as much as the indicators themselves but the perpetual information with the cybersecurity even as we more broadly disseminate so those business models are shifting and that is how we are reaching the goal of profit sharing. >> so not all indicators will be prioritized. >> 20 or 30 different countries tens of thousands of and points to gather intelligence and information and frankly we hold our
clientele that we don't share information about particular clients. so when that indicator is pushed out so there is a value to be a value in this. with the defense industrial base. higher education in the state government and that ngos with their intrinsic value. with the connecticut response. if there were a sensation under attack then the big
green will be there. there are a lot of instances of those substations and universities are under attack it is organized criminal. it always will be day is just to respond soon the company's that have a very important need of what the fed does got will not be ubiquitous for every need that for every single state. >> inside cybersecurity he mentioned with the information sharing revenue those participated in pope waivers under the new law
and in addition to a just said it would we advise the guidance with sharing with non federal entities? >> yes just by sharing you receive a liability protection the act of sharing is protected under the cybersecurity act but as we were talking earlier so for all the deadlines in the legislation were very aggressive people or working very late hours but the next deadline was first to publish the initial draft so we're on track to meet those deadlines either now or shortly to have a workshop
on june 9th to go over where we are to show final drafts and the listener feedback i do expect us to meet that deadline to finalize documents. i think we were pretty close on the mark from what i heard from industry there are very clear and helpful but the biggest feedback actually they want the documents to cover the topic we didn't intend or expected to cover the liability protections for sharing with each other we got outside of that scope but we will address that says is a holder to get more information on that. >> we're going back and forth right now but we have
shared these documents we have published them listening to comments and other industry groups hit it will be in early june. >> do we have one more question? >> good morning. thanks for that interesting presentation i have a question to put into a global perspective with the question of alliances as the senator talked-about new forces as a natural ally partner with the separate defense framework so how much progress has been made or how much work has been done to this effort so i am
wondering if congress has looked at. >> with the cybersecurity act they do talk about cooperation. we were definitely thinking about this in the coble conversation and the ideas and the relationship of the cybersecurity act. >> i will ask the question that nobody has what about the congressional agenda? what is next what would you like congress to do? >> we are continuing to do some oversight without those
deadlines that are ahead of us june 15 there are a handful of additional documents for guidelines of policy of privacy for more oversight we are considering this implementation from the industry perspective is and the committee is very engaged in the hillside cybersecurity act. and i see the chairman is the leader with senator warner. so obviously that is called
digital security savate will continue to be at the forefront for us as well outside of the normal oversight duties. >> pass of president's budget request. [laughter] >> i would say in terms of what congress should do they should continue to look at the whole approach of the role of vhs and states in lowe's getaway to build the addition isn't just bed center because settled think that will work the anything they should do is look at how they support a state and locals with the dollar's pushed out through those esoteric means. >> making a proposal for
authorizing legislation for congress in terms of her own organizational structure and from a managerial perspective that creates enormous uncertainty so we need closure there. also the budget is make or break the department of defense has guidance from my civilian perspective pretty steady in good funding what they're trying to do with cybercommand relatively speaking not a lot of funding into government cybersecurity if we're going to be serious we have to put the dollars there it will not magically happen without those resources it is truly a make or break a budget for that. >> we're looking at the progress of what has been
substantial from congress and the bush administration one of the next things that need to be done of the issues that you have heard thinking about governance or services over things we didn't talk about like authentication to figaro the role of dod. this helps to move the ball forward. [applause] [inaudible conversations]
run year. >> welcome, everybody. today we will discuss how the washington metro system is going a. >> wheel called the hearing to order to discuss but washington regis is to address safety in reliability issues. to here are important to all members because we have constituents who come in to make sure that they should be able to move safely and efficiently. federal government hasas invested billions in the metro but the system is not reliable as a template by well-documented safety issues investigations from the '80s and '90s have a common refrain of lack of communication that its writers and workers our risk we're focusing on having a system to change from the
new general manager talking but his commitment to improve safety to in the backlog we will watch toft ensure that talk turns into action they're playing an important role of the direct safety oversight and the fta is here to share level due to perot safety and reliability in the metro it cannot buy a safety colter they have to take action on responsibility to provide safe transit in the nation's capital and be held accountable to those thatm are finding them mevacor word to a very frank discussion i will yield the rest of my time to theoffer congresswoman. >> i would offer extended opening statements for thehe
record that when the generalnsie manager terminated 20 managers in seven were considered senior we know this is the beginning of a new era of accountability we will voice support for you in the section we need to find new ways to run the rail we're pleased to see a new board members are more and focused and transportation and management experience according to the fda data to measure real cost runs 120% or 150% higher that is why i appreciate that he recently
said he is not asking forissues money but focused on addressing the issues of to restructure metro ando restructure the labor negotiations and find ways to get better i am concerned there is a clause in the current agreement the authority shot contract out our subcontract work normally performed by a theuthoe employees to result in a doesff for transfer or demotion doesn't prevent metro from having the of flexibility of the cost savings to have the best people at the best place to do the work i have talked with the new general manager about these issues in businesses to do this work to tell us they can do little lower cost than what we currently pay and our costs are well ahead i also want to see how we use newe
technology to document the work being done technology that can save money and increase transparency in the already in use around the country i hope we can explore that more than real looking into having hearings on that we want to find the most cost efficient systems to save taxpayers money and address the disturbing report on the news last night about rape that occurred last month in broad daylight at 10:00 in the morning clearly and i hear this all the time concerns about basic personal safety people have approached me and my own station in this is unacceptable also ang concern it was not immediately named known so i
appreciate talking about a new era of transparency in to find better ways to save money but to appreciate you talk about putting more people on the front lines in the station and that is one of the many reasons of to be on the "frontline" protecting customers andle. constituents. >> i think the chairman for this important hearing and his hard work eyelet ford from hearing from theon for h witnesses today. >> thank you very much mr. chairman i appreciate the sharing and the fact we're having it today shows how important this is to the region but also to the
federal government itself we're locked into this together and a lot off problems together i stress the uniqueness of know whether mattress system across the united states responds to three differentther jurisdictions that is ar built-in structural problem reas that we could somehow get over it is there. faugh and there are issues
to offload in the state track plan of the general manager will help to do that.held up some of metro's bonds are held up inexcusably on top of all other issues it had a financial crisis of how ity would apply for federal clearance that is something that has to be worked out quickly the looks like there w has ben the necessary prope actions taken but the federal transit administration has not -- responded appropriately but we do expect the agency to respond in kind mr. chairman i'm anxious to hear the testimony i appreciate what the testimony that has been prepared today and how much that means to the region and
i thank them for coming asommite well as damage to rethink the witnesses for being here today in the entire house delegation there represents the area is an important issue to them but it is for all of us as millions of people coming to washington d.c. every year from fellow citizens and people all round the world mission be the crown jewel they get more money per capita but they also spend more money than any system in we need to bring those intoalignm alignment the safety has to be paramount in for over 50 get
years it has benefited from federal support so this iset important to the entirete nation together right also 40 percent of the rush-hour riders federal employers -- employees are given a subsidy so those that we work with every day to help us operate the government depend on the system to be safe and reliable but despite that investment that record has deteriorated because i believe it has not switched the responsibility to operating and maintaining a system that is a cultural change at metro and i am pleased the new ceo is doing that the federal transit administration has taken
over that authority and we can talk about that oversight that is needed to be done because metro cannot do that appropriately secretary fox has given one year to step up to the plate to do what is necessary on oversight and last year we passed the fastback to strengthen the safety oversight authority to give five years of increasedd funding for citizens of america contributing to the system there should be the crown jewel and it is not the new ceo is here today and his record as the manager to make things run in the proper way and his strong statements has woken
people up for strong management and cultural change so i will come my colleagues of a ford to hearing from them on this issue i yield back. >> it is sad we're here under these circumstances the getting to the bottom line congress has neglected to make sufficient investment in infrastructure everywhere in the country to build out more transit and that is going on here potentially the most congested traffic region in the united states of america and then to maintain the legacy system think congress is not willing to be an equal partner.
$84 billion backlog nationally to bring transeven up yes the fastback will give us a little more money and that is good but the amount of money there we will never get a state of good repair me to stop treading water as the average annual level required to eliminate the backlog is $18.5 billion per year that does not sound too good it is pretty embarrassing with a capital of the free world the greatest we are killing people on the transit system with a combination of budgetary pressures and management issues i think we
will make progress on those management issues but what about the money? we cannot ignore the need for additional investment by voted against the recovery act because going into infrastructure investment 4%? cities like chicago pulled projects off the shelf and had them completed in 30 days they could have spent 20 times as much money foror those projects waiting to happen that our critical for the safety and security of their riders in the efficiency of the system we cannot ignore the 1,000-pound gorilla in the room we're not putting up the money we need to be ape good partner we don't help with operations and we just
walk away from that in that is why we're here today dodges aid is a management issue are they spend more money yes but this is not a unique circumstance what is happening here is getting attention but is happening in every major legacy system today in the cities that want to give new transit options would have to choose m with the bus with a million miles breaking down everyday in the brakes don't work we shouldn't have to make those choices united states of america can afford to do both to help them rebuild maintain and build new options that'll take a new attitude of congress i have offered many ways of highway funding options we were nothe malowed to vote on one
inngle amendment corruption many were offered includinggt.st bipartisan we pretended in fact, we took money from the tsa to pay for that bill and now people are standing space at the airport. we will shuffle things around and tell nothing works an accord to the hearing. >> we have two panels today representing the fifth district of maryland senator why're and also representing the sixth district basket and is consent to a full statement be included in the record.
>> mr. hoyer he may proceed. >> into the chairman of theing i committee by nobody wouldt call this the crown jewel today it clearly and must me for all the reasons the chairman mentioned we used to call america's subway because constituents in this room use this system. i appreciate the opportunity to share my input on for robust investment and i safety standards this is of critical importance natalie washington d.c. but the functioning of the federal government for national defense and homeland's security both civilian and military rely on the metro to get to offices and dutyderal stations my district is foreign to 62,000 employees
in many are located here many depend on the track to get to work to serve thellions o american people metro is a crucial tool for those visitors that come to the nation's capital each year. that is the premise that underlines the federal focus i join the rest of the region delegation last general manager that you have spoken positively to discuss the new state track plan that addresses the efforts to improve thehe safety that we spoke on a more broader basis than simply the fast-tracklong program their recent incidents of fire in being
shut down for diagnostic inspections brings the number of critical repairs to ensure that the writers are safe with the system it is the result of past failures of long-term maintenance and upgrades before they are prodded we need to make sure the tracks that these new modern cars run on are up to date as well reliability is a concern for residents that is home to commuter served by all metro lines i am disappointed that mr. neece to implement the state track plan in the first place but it is necessary we should not be in this situation where the entire line may beab
shut down for maintenance and the predictability has been undermined but i am very impressed with his m leadership and determination to take the steps necessary to put metro back on course so all in our region can be proud we have a way to go before we get to that point but it is encouraging was really committed to put passenger safety first in the near and long term i hope the subcommittee in they full committee will support investment in safety and service so the state track plan will be as successful as possible and as quickly as possible congress has a responsibility to make sure the mattress system which we call america's subway can
well served the american citizens as well thank you to the ranking member for advocacy on behalf ofro an federal and alludes to ride it and i want to assure you mr. chairman and mr. schuster the washingtonn metropolitan delegation is united with its determination to ensure working with you that america's subway is a subway system second to none.nd congressman? >> chairman and ranking members thank you for having us here today and delighted to join with my colleagues i service the ranking member of the operation of the oversight reform committee
of which held its own hearings in the wake of the tragedy the challengesween the facing metro are significant and welcome collaboration to ensure robust oversight or management of federal dollars in insurance to federal safety standards if. spent the last 22 years working in metro as part of the board of supervisors morris chairman improving the local subsidy for the past eight years i work with you and your colleagues on this committee to secure the $150 million commitment for metro's safety improvements matched dollar for dollar for virginia and washington d.c. and maryland no one is more disheartened with the unacceptable and unsustainable state affairs and to start recommending this committee for your
efforts to create a comprehensive framework for all of the nation's transit systems as the ntsb has highlighted metro's current local safety issue is nothing more than a paper tiger without the proper resources to provide effective oversight ourur partners are working together to stand up to a new commission that will enforce the new standards but until then the secretary fox has appointed the of fda as the interim oversight agency of ally respectfully to disagree deferring to the ntsb recommendation of the more robust safety standardset i share the ultimate goal to address shocking lack of
safety culture into the end of welcome the opportunity to explore further the authority to better match not only oversight but enforcement to address the urgent safety recommendationfr the new general manager has indicated he will explore for what standards they can apply on their own regardless of what style there using they deserve to know they're being protected by the enforceable federal standards what we're witnessing today with metro is the result of a decade's mr.g march of mediocrity and dysfunction writers arein confronted with nearly daily service interruptions or safety delays including today including smoking the tunnel better schering the
riders away recent incidents led the general manager to take care unprecedented step to shatter the didn't retire system for 24 hours in march and earlier this month to stations were closed during evening rush hour in aggressive proposal of the single track to shut down portions for days at a time t to convince three years'one worth of deferredd maintenance into one year this will present significant challenges to writers federal employees account for 40% of allwork, writers so we call on all federal agencies to push flexible work schedules during this time of course, ahe chair cannot focus only on repairs as al
complete system wide change of culture is necessary safety and personal actions d should suburb as a shot across the about the peas and other problems that can be fixed overnight the face a monumental task to be apa full funding partner in this effort and i welcome the opportunity to explore options to includehat operations subsidies the federal government is the only member that does not pay any sheriff operating subsidies then refile the tree a dedicated source of revenue separate but equally important investments workical to future success metro has ben the single greatest achievement regionally and the single
biggest disappointment working together we can restore it to the place of prominence that held in setting the standard across the nation to give riders a world-class service they so sorely deserve.nd m >> representative delaney? >> 20 think that chair to give me the opportunity to i discuss metro today something that is important to my constituents to use the system on a daily basis for everyone that lives in the national capital regionn and to all visitors clearly metro is in crisis with significant deficienciesgnose th arouse safety and reliability and customer service and financial management is to diagnose the problems there are several causes the first
discussed metro reports to four jurisdictions this monster makes it difficultthat s for metro to get funding and oversight that is optimal of the scale second by anyunfund measure that has been underfunded lacking reliable source of funding that creates uncertainty in makes their situation moreen pronounced in clearly has been mismanaged for several decades if you look back decisions whether strategic or tactical clearly poorgic decisions were made when to exclude the current general manager because i share his off to a good start and we should be supportive but another issue is gets to the comments about culture that
metro clearly has had a deficient culture relatingve to priorities the race is a governance question so whatt is happening with the board or board of directors and management of metro?rs because as i have been on the board of high performing onn, sets profits governance matters a because that has the correct mission and goals to recruit management and hold them accountable if it'll live up to the goals to make changes in a secure funding the enterprise needs and they do that by making people believe they're running the place right this is a significant question right now with a 16 person board for are appointed by the jurisdiction currently no standards for food they can
be i thank you said you can which is a certain things you cannot legislate goodad of governance bayou to make sure we have the best people at the table making theseeraise decisions instead of elected officials who were given a spot because they raised a lot of money for elected office i have tried to put forth a framework for the jurisdictions to be required as part of the appointment process to certify the numbers they're pointing experts in either finance or management in transit or safety this will put people with more qualificationsis t around the board and encourage longer-term thinking because my sense is they will have moreheir
experience and will nott think of their own unique e interest of theirhich jurisdictions but the whole enterprise which is a real fiduciary should do such a talk about those specific things in addition to more funding in supporting the management there are important things we can do and i applaud secretary fox who is taking a step in this direction who changed the board and put a people who clearly have the expertise in safety the we're like to exe people around the tablee with financial and management in real transitam in experience to create the right mission and hold them accountable and overtime we can change the culture of metro i appreciate the
opportunity. >> with that i will dismiss the first panel in bring up the second. [inaudible conversations] >> of the second panel is coming up will ask the statement that the memberrecord. represents a jurisdiction in his region be admitted to a record and track tarascan is consent to correct the record and have a church that shows federal funding of as opposed to other agencies receiving 19 percent of its budget for federal constitution in what is the average the fair's cover
32 percent of its budget with the industry averagesithout 23% and i ask this be entered into the record as well. >> without objection so ordered. >> to allow local the second panel the general manager of the transit authority and the acting administrator in the chair of the planningi woula board and ask unanimous consent of false statements be included without objection so ordered please wit your comments at five minutes in with that we will start with you.
>> good morning they confer the opportunity to testify today on metro i thought i'll summarize quickly libraries since i joined foryi the agency talking what we're up against and wrap up with concluding remarksnagemen libraries are safety in fiscal management is important to think about the physical nature behalf to recognize a two track growth system represents a lot of challenges for maintenance issue cannot maintain without impacting customer's and on top of that decade's of delayed maintenance and underfunding that creates
issues and on top of that an aging fleet and is important to recognize mr. is the bus system with 600,000 people per day then we have a much better fleet and basic infrastructure that does need to be fixed on that as well with the agency is i a have heard an echo here is a thck of safety that permeates thrall front-line employees a lack of accountability on the management and also the systems put in place the lack of source for this system facing a writer ship declined self-inflicted but
also the changing demographics the way that real trouble up paratransit is increasing demand me to think how we provide that service to that part of the committee crime was mentioned as a concern unfortunately we had some terrible incidents recently with passengers andart employees and also terrorism is that the back of my mindd to make sure we're doing ourer part so water we doing with the customer accountability cuso report with an outline to increase performance and customer service portion i did release the real maintenance plan called state track lead a more holistic iran and transparent process i have
been working very closely with the manufacturer of the cars that is callous saki748 with 100 in service 748 are ordered edison is to get to those to the point where i'm comfortable will increasean the delivery of the cars. bro the us is maintained well wewe will continue him broker some third-party vendors for some better services service culture is safety is with meat that is the most important thing that we do i've come out with reinforcements for that so now we have track inspectors people who have the ability to understand who can shut down the system at any time and that was not the case in the past a new
officer that i brought in early this month. the police on monitoring the system every day and adding new resources there to the terrorism task force in the good news is the system is our culture in this region the business community is p behind it my job is to perform in a better then we will deal with other issuesha into the future with fiscal management will be my focus in the near term as to dealal with larger issues going forward with that i will answer your questions this, .
>> chairman and members of the committee we shouldtr expect a minimum bet yet we have fallen short in recent years the results is not only delay and disruption but injury and fatality our goal is to make sure we restore safety and reliability for employees we are conducting on the groundrity inspections conducting improvements that we must make to exercise the authority provided the first authorized fda to oversee the public transportation systems and the fastback to strengthen the ability to w
set national standards and enforce them over the past four years we have worked with transit industry stakeholders to develop those regulations that our effective enforceable and adaptable were state agency oversight agencies don't exist or fail congress gave the statutory authority to step in where we are today as secretary fox made clear the fta direct oversight is temporary virginia and maryland and the district of columbia and the scent of the new agency fully functioning comply with federal requirements incapable of providing effective oversight nonetheless since we have assumed oversight we can work to get results making steady progress to address
the initial safety manager inspection last year endeavors banded -- responded to the operations control center although the investigation of the findings from the safety in april looking at three key areas overrun and track integrity soundtrack was taken at a service immediately to make repairsen -- repairs and defects have been faxed in addition to order those corrections we have conducted a review of applications to ensure federal funds are used to redress both recommendations but the most troubling is the fact has failed to create an enduring culture a safety i'd like to talk
about a recent exam paul onexpl may 5th and insulator exploded alongside the platform at the southwest asian although our investigation is ongoing the preliminary information and shows the response was slow and inadequate operational convenience was prioritized above safety natalie did they fail to notify the fda but the only response team waited hours only after a cursory inspection and service was resumed only later when another fire occurred the track was taken out of service and addressed judgment and breaches of safety protocol is unacceptable safety must come before service as a result we issued a safety directive requiring them to
take immediate action before operations to make a fire and and smoke risk and conduct a safety standards and we have verified they have taken steps and to his credit the general manager has ben responsive to our concerns and demonstrated a commitment to safety but the agency has a difficult task ahead along with the infrastructure everyy. employee must make a personal commitment to safety we're working with our colleagues to help restore the safety and reliability. >> mr. chairman am sure the transportation and plannin
board a vessel served as the number of the alexandriaia city council the board is federally designated for theit national capital region responsible for continuing corporate cooperative process including 22 jurisdictions hour by to thank the ranking member to appear today from observations to have more detailed testimony but first how critical mattresses to our mobility and prosperity and its importance to the s largest employee and the efforts under way to help improve safety and service reliability to be the world class system that serves last year provided 710,000 rail trips to a million jobs were the half are located within 1/2 mile radius of
the stations and stops 77 are in 59 regional activity centers 86% of the new office construction is occurring within one-quarter mile metro help host to tie the region together also shaping future patterns to accommodate an additional 1. 5 million people in jobs over the next 30 years. already one of five0 accommodate extraordinary special events like 1. 1 million rail trips re during 2009 and helps the government do business it represents 43% or 40 percent of the federal work force ond use the system 315
buildings are located within 1/2 mile and it is policy to locate future federal policy near the metro the government has recognized its importance and its financial contributions with the state of good repairt funding it is very important this program be retained as it is critical to undertaking in completing repair work that is magnified by the fact that washington d.c. is the most the important national capital in the world with our a new visitors come from around the country and around the world their impression as a whole is shaped by their experience of the metro system.it this region deserves our world class system it quickly gained a reputation and we need to restore that.
we'll acknowledge it is facing significant challenges with reliabilityty. improving the safety andcommitme reliability is the number-one priority of thiss region has the full attention and commitment and we're pleased the federal transit administration has been an active partner. a . . riders. there is more work to be done and our region has to come together to work on it. one additional and important resource to address the challenges is the need for funding reform. i believe metro is the only major rail transit system in the country that doesn't have a dedicated source of funding. i believe that lack of dedicated funding has