tv Communicators with Representative Will Hurd CSPAN July 17, 2017 1:19pm-1:52pm EDT
think there are two things very important that will have long-lasting, good consequences for the united states that can be summarized in four words. his two nominees to the supreme court. >> the second of our two-part interview with david garo. mr. garo talks about his book rising star, the making of barack obama which covers president obama's life up to his winning the presidency. >> i think the point to emphasize is that over the course of his presidency, there were scores of people in illinois who had known him in years earlier, who would deeply disappointed with the trajectory of the obama presidency and disappointed in two ways. number one, disappointed that barack forgot most of the people who were essential to
his political right. >> sunday night at 87 on c-span q&a. >> congressmen will heard is a republican from texas, he is chair of the information technology subcommittee. he is a former cyber security analyst and a former cia agent and he is our guest this week on the communicators congressmen heard, you have a bill that has passed the house that deals with information technology in the federal government. what is it? >> is called the modernizing government technology act. what it does is actually quite simple. if a cio, chief information officer in the federal government saves money by doing something like transitioning to the cloud, they are able to use the money they save for up for three years in a working capital fund. why is that important?
the federal government is spending $90 billion. year on purchasing it goods and services in 75% of that is on old, outdated legacy systems. we need to be using a taxpayer dollar wiser. by being able to have the authority to introduce new technology, that will help their defend our digital infrastructure and help make these agencies more efficient. >> is it possible to standardize how the government purchases information technology? >> i think we could standardize the process. we should be thinking about outcomes. we should be giving the authority to the cio. one of the problems you have in the federal government is the person usually buying the
service is not the person that using the service. that creates a disconnect. that's why you have procurement officers that don't have experience in the technology that they are trying to purchas purchase, and that's when you create problems. we have problems where the cio doesn't report directly to the agency had or the deputy agency head. that just doesn't fly in the private sector. private-sector ceo recognize that your it group is not just a cost center, it's an entity that can help drive innovation, it can help improve your bottom line and we need the federal government to start thinking that way. these are some basic things that smart people are trying to bring to the federal government that ensure that we
have the federal government being innovative and how they defend our digital infrastructure and how they provide services. >> so it's past the house. what's the pushback in the senate back the senate usually takes its time, and i feel good that we will get this piece of legislation through the senate. they are running a fine tooth comb over it. we had a deal with the cbo score last year when we tried to get this done and we don't have those same problems so i feel confident. i think this is something the administration is interested in seeing happen, this is something that industry wants to see happen, and so i think this is an example of a simple piece of legislation that is going to have tectonic impact on how the federal government is able to provide services. >> joining our conversation as
tim start, cyber security reporter for politico. >> the senator have voiced some objections to the act. they haven't exactly committed to moving it yet to the committee that will have the primary jurisdiction. have you talked to either of those sponsors or have you heard from the other side trying to alleviate concerns. >> we've talked for senate sponsors. we are trying to get ron johnson's committee to mark this up fairly soon and we will have conversations over the next few weeks about that topic. some of the concerns that the appropriators are bringing forth, some of the same concerns that we talked through, before we even introduce the current form of legislation so again, i think this is something that we will
get through some of these concerns, there might need to be a tweak or two, but i feel good that we can get this done because again, when i was an undercover officer in the cia chasing terrace and back alleys, i was thinking about running for congress and it procurement was not one of the issues i was thinking about. when i got here, i realized when you change the way the federal government operates, you change outcomes. that's the kind of innovation we need to see in the federal government. this is something, not too many things past the house of the significance, with support of the majority leader, the minority whip, and this is something i think we will get the right momentum in the senate and bring us across the finish line and onto the president's desk.
>> there's another information technology law that you paid close attention too. you've held a number of hearings on how agencies are doing in implementing some of those reforms, even very recently where some of the agencies are downward turns and they said this could be attributed to the trumpet ministration policies and hiring it officials. you agree with that assessment? how do you think they're doing overall. >> one of the things we score, and we really score four or five different principles. one of the things we score is data center consolidation. not every agency needs to run its own data center. many of the agencies have dozens, if not hundreds of data centers. we have been trying to force the consolidation of these data centers or move into the
cloud. the government operates under a cloud first policy and not everyone is following through on that. some of the pushback that we got from the agencies was that just consolidating data centers wasn't indicative enough of some of the changes they made. they asked to take into account optimization, and that's basically how much of the servers are they using at a certain time. are they using them to the best of their capability. we said sure, if that's what you think is a more fair way of doing this. so half of it is optimization and half of its whether you consolidated datacenter and when you do this, multiple scores went down except for two. that is one of the issues that cause these pressures where we made the change based on the input and from these agencies. i think it's about half of the
agencies don't have a permanent cio. this is a problem, it's something that needs to be rectified getting a federal cio is a high priority because the role that that person plays, but this is a problem that has existed for multiple administrations, and you just can't point to one as being the problem. >> i want to talk to about broader cyber security issues if i could. we saw the big global outbreak of the want to cry iran somewhere people's computers were held hostage by cyber attackers. we are now seeing a new attack that surfacing in the news, what is going on. is this the wave of the future? is this what we should look to happen and how do we come by this. >> the want to cry is a good example of before it really
hit the uk and broader europe, months before that you saw a number of hospitals in california dealing with this issue of iran somewhere. i think you saw hospitals across the country reviewing their digital hygiene and what they needed to do. i think that's why you didn't see it have the impact in the united states that some expected, but yes, the number of attacks that are digital infrastructure, and i'm talking broadly, it will only increase. the more interconnected our economy and our society gets, the number of connected devices that we will see in a couple years as a number so big that it's mind-boggling. we have to be prepared to think about cyber security and we also need to make sure the
federal government in the private sector is actually working together to defend our digital infrastructure. that's everything from following good cyber hygiene. you have to patch your software. you have to have a strong password which is over 14 characters and most importantly, your employees and individuals, you can't click on stuff in e-mails that comes from someone who's not in your address book. these are some of the basics and deals with 80% of the problems we see. when it comes to and a pt, an advanced persistent threat, this is the toughest, smartest folks. we've got to be working and sharing information between the federal government and the private sector. >> the attack on opm a while back, how sophisticated was that? >> actually wasn't very sophisticated.
in the cyber security industry you have to call a zero day exploit her or zero day attack. that's something that has never been seen before and it's something that takes advantage of a vulnerability that is not known. the attackers used existing vulnerabilities that have been known to the cyber security community for some time and they were able to use that to escalate their privileges once they got onto a network that allowed them to rummage through the system. i think opm, the fact that most americans know what opm is, is an indication of how cyber security is coming to a forefront. i represent a big part of south and west texas. 820 miles of the border and
i've done 400 events in the past two plus years. i always get a question about cyber security. this is something most americans are concerned about, especially as we become a more interconnected society. >> one of the ways americans are getting a taste of cyber security over the past year was what happened with the election. they concluded the russians hacked some democratic targets. i want to get your impression on what could be done to secure the elections, as far as the infrastructure itself and if there's things that should be done that are being done. i know earlier you suggested the ambassador should be recalled. >> months before the election, i was calling for, at a minimum the russian ambassador to be kicked out of the country.
i thought that was a minimum response to an attempt to manipulate our election. it was very clear that the russian intelligence was trying to influence our election, but they did not manipulate any of the vote tabulation machines. after the election, on my committee, we held a hearing looking at the threat to our vote tallying machines. it's really hard to manipulate the ones and zeros when it comes to counting votes, but we should never stop and this is something that our secretary of state's have to be focused on. they should be reaching out to the department of homeland security for additional resources if they need that. there are some states that have systems or vote tabulating machines that are too old, they should be out of service. we need to find a way to
replace that. i think that will be additional monies. we saw that after the 2000 election was some of the funds that were available for states to get access to this kind of information. again, this is an example of the hack that was used to getting to the democratic national committee and the campaign committee. they were able to get access because someone clicked on the wrong information. the question is what should the response have been at that time, and, we have to think broader about this. we have a number of folks that are chasing terrorists and we kept our country safe, since 911 and we know how too do counterterrorism, but what is a national strategy when it comes to counter covert
influence? a covert influence or action campaign. this is something we need to think about not just within government but within broader society because guess what, the russians are common again. they've been trying to use asymmetrical warfare, they been using asymmetrical warfare for the past couple of decades and in eastern europe they tried to use it in our last election so we have to be prepared for 2018 when i think they will try to do it again. how do we harden our infrastructure, but also how do we counter this covert influence. these are some of the conversations we should be having about this threat and how to deal with it. >> to be clear, when you are talking about additional funds for making these voting machines safer, were you thinking federal funds are due have a ballpark of how much this should cost for how much should be allocated? >> i'm not clear on the amount that was allocated back in
2000, but there is an existing program that would ultimately need appropriations and i think the conversations are going on to see if now is the time to do that again. >> when you talk about $90 billion being spent annually by the federal government on information technology, does that include cyber security? >> it does. that is a big number. i think that money should be spent more efficiently in one of the frustrations that i have is that some of the things we need to be doing are not difficult. it was last year that agencies want using two factor authentication in in order to get access to parts of the networks. that is a basic thing that people should be following. something simple like knowing all the software that's on your network.
federal government, when you buy software, you buy a certain number of licenses. if you don't know how many licenses are being used, if you're using less than you're paying for, you're wasting mone money, and if you don't know what software is being used you can't keep that software patched. it's not vulnerable to some of the latest attacks. these are some of the basic things that requires leadership. a lot of our problems are not technical challenges. it's making sure we have the right leadership in place in order to have the discipline to see the organization do things like basic digital hygiene. >> is their resistance to changing how they procure and how to use software. >> absolutely. one of the things we saw that tim brought up earlier is for trying to get the cios the authority over everything on
their network. as a member of the oversight committee, if i'm going to shine my flashlight on problems, and i want to hold someone accountable, they need to have the authority to do everything they need to do in order to thin that network. cios weren't having clear authority over everything they were able to purchase to defend that network. we want to push the power to the chief information officers. guess what. they're starting to get friction from cfos so we started having, we started doing hearings and we want them to answer the questions together. there's always going to be an inertia in the culture with some of these big agencies, but that's why congress is so important and or oversight role, if we continue to shine a light on that and put pressure and let them know
that we will continue to follow these issues. >> one of the causes you've advocated for to improve cyber security is the creation of a cyber security national guard. can you talk about why you think that's a helpful idea. also, have you finalized the mechanics of it and when would you introduce legislation. >> thank you for asking. here's the problem. the federal government will never be able to compete with talent in the private sector. we need to recognize that and accept that. the idea was cyber national guard is best. if you are in high school and you want to go to college and study, we will find you scholarships to go to college. when you graduate you have to come work for the federal government. not at nasa or dod but at the department of interior or the census bureau or social security. you will do that for the same
amount of time that you got the scholarship for. when you finish that time and you work in the private sector, the private sector will loan you back to the government for the proverbial one weekend a month or let's say ten days a quarter where this will improve the cross colonization of ideas between the public and private sector. we have a dearth of positions, justin texas of my home state, and 2015 there were 40000 computing jobs that went unfilled. the average salary was $89000. that year texas only produced 2100 computer scienc scientist. you don't have to be a map major to figure out the problem. we have a similar problem in government. the gao did a report and said i think it's 50000 jobs,
excuse me, it's 10000 jobs unfilled within the it space across the federal government. we've got to make sure we are focused on growing people into those jobs and we need our sons and daughters and nieces and nephews to go into this industry because that's what will protect us in the future and we've got to make sure they're prepared for jobs that don't exist today. >> you have a timetable for introducing that legislation. >> i want to get mdt put the bed. we are working on trying to put pencil to paper so i don't have an exact timeframe but you will be one of the first to know. >> he talked about moving the government to the cloud and that's the default position. are there extra security issues with that?
>> if you talk to some folks who are resisting the movement, they think there is. they think they can do a better job of defending a database and someone who does this every second of the day. this is why we have a cloud for strategy within the federal government, and we should be transitioning into the cloud. some people act like the cloud is new technology, it's not. some folks think it's an emerging technology. it has emerged. this is something that can save us money and improve security. the federal government is always going to have a role in defending infrastructure, whether it's a server somewhere were working on the cloud and that's where we should spend our time, not being resistant to an innovation like the cloud. >> did you find it helpful during the obama administration to have a
federal cio in place. >> absolutely. i think tony scott did a fantastic job. one of the great things about cyber security is that this is a nonpartisan issue. we worked very closely with tony scott, i am sure we will work closely with the new federal ci cio, this is a topic that is very important to them. when this administration came in on the transition team, they were talking about why were cios not reporting directly to agency heads, why in some agencies for their 14 people with the title of cio so this issue of efficiency and having result drilling operations is something that is important for this administration as well. >> congressman one of the few major pieces of legislation that i've gotten signed into law is the information sharing act from 2015. you've talked recently about some shortcomings you've seen
with the information sharing is happening between the private sector and government. how do you fix those problems? >> you have to make sure you figure out what the private sector is needing. we also have to understand the talent that we have in the private sector at the federal government and what they could be leveraging. i was say in the financial services industry, those folks know where the next level of malware will come from. so let's take those assumptions and turn them into collection priorities and asked them to get that information on what the hackers are up to and get that back in the hands of our american companies to defend themselves and defend all of our information. the fact that the framework is there and the fact that we are
able to start having this conversation from the fact that the department of homeland security has been established as the bellybutton of interaction between the government and the private sector are all important things, and now we have to stay focused on improving the relationship and getting the right information in the right hands. when you do that, you will keep bad guys on the run and away from our system. >> finally, congressman heard, prior to starting this interview we were chatting on who is up on these issues and the site yourself, he named some other members and the trend was they were all younger members. does the leadership understand these issues as well as maybe some of the younger members who grew up with that. >> they do. kevin mccarthy, the majority leader, he is running this innovation initiative. i think he has been the key to getting a lot of these legislation pieces off the
house floor because he understands that and is committed to innovation. steve scalise, who is doing well has a computer science background as well. he understands these issues. but, i think all of us, our information can get stale. i will say most of my colleagues recognize the importance of cyber security and the need to be focused on this and that's why think a lot of them take time to understand these complicated issues. >> will is the chair of the oversight and government reform subcommittee on information technology. thank you for your time. >> thank you. >> tim stark, what did you learn. >> he someone i've heard talk about these issues a fair amount. i expected some of his answers. is he a go to person for reporter or for somebody you want to talk to about what congress is doing. >> absolutely. he's right that congressman
mccarthy is advancing these issues, but as we were discussing, some of them are the newer members like congressman ratcliff is also a young first term, second term member. ted lou is a second term. >> he is always going to have something thoughtful will are these bipartisan issues in the most part. [inaudible] people are throwing these issues at each other a little harder. there's been some democrats writing pointed letters about trump's own cyber security on his phone at marlborough. it's gotten a little more bipartisan.
we've seen the public-private partnership that everybody talks about as the way to do it to keep it regulation free, but i wonder if there's more major attack and whether you'd see more calls for regulation and it would become even more partisan. >> what's the pushback you've been hearing about the modernizing government technology act. >> it does have a price tag attached, that is key because there is a segment of it that authorizes funding. the earlier bill authorized something in the order of 30 billion and this one is more like 300 million. they've scaled it back significantly which has helped but it still has money attached and some lawmakers don't want to throw anymore money at this. i think some are of the mind that some of the problems are
not that big of problems and can be done without legislation. >> thank you. >> at 3:00 p.m. eastern, the u.s. senate is expected to consider president drums nominee for defense secretary. patrick shanahan is a boeing executive responsible for manufacturing operations. the house will be back at two eastern. members will consider a bill that oversees and regulates the washington metro. later, bills related to gas pipeline construction. see the house live on c-span and the senate here on c-span2. tomorrow the senate foreign relations committee will consider the nomination of ms. gingrich. she is the wife of the former speaker newt gingrich.
both nominees will testify during our live coverage tomorrow on c-span three. >> sunday on q&a. >> when we look at president obama's domestic legacy, i think there are two things that are very important that will have long-lasting, good consequences for the united states that can be summarized in four words. his two nominees to the supreme court. >> the second of our two-part interview with biographer david garo. he talks about his book rising star, the making of barack obama which covers president obama's life up to his winning the presidency. >> i think the point to emphasize here is that over the course of his presidency, there were scores and scores
of people in illinois who had known him in years earlier who would deeply disappointed with the trajectory of the obama presidency and disappointed in two ways. number one, disappointed that he forgot many of the people who were essential to his political rise. >> boeing senior vice president patrick shanahan testified before the senate armed services committee about his nomination to be deputy defense secretary. he answered questions about improving the process and prioritizing defense innovations. he also assured the committee he would divest all ties to the boeing company. [inaudible conversns