tv Key Capitol Hill Hearings CSPAN September 16, 2015 2:00am-4:01am EDT
that was not without some concern, as you might understand in the army halls, but we're overachieving there. we took that definition of headquarters down to two star commands and above, which was more broadly based than dod or the congress. at the height of the civilian work force in this era of two conflicts of war was about 285,000. and that growth occurred not because civilians were standing around saying we want more. it was done so that we could take operational -- or generating force soldiers, those who were training, those who were in our schoolhouses, et cetera, and put them into operational positions, and we substituted civilians as they went forward. congress and senator mccain particularly have been very clear about that.
by the end of '18, we'll in the army be down to about 233,000 of civilian employees. i haven't done the exact math, but it's roughly equivalent to the percentage reduction we have in our in-strength as well. we can't do what we need to do as an army without these civilians doing it. you were very gracious in noting that, but do have to be in balance. when it comes to the operational force, you've stated it very correctly. we're challenged on all three of those legs right now, frankly. but particularly given the environment that we're seeing across the globe and the likelihood of that next unforeseen thing, which is another thing that keeps me up at night, readiness has to be our number one concern at the
moment. we've managed our developmental programs. we have set aside our major acquisition programs for major developmental programs for the 2020s and beyond not because we think that's the best thing for our soldiers, but because it's required by this fiscal reality. rather what we'd like to have from 20 years from now because we think it may be necessary in looking at developmental issues where we know we're going to need certain things, particularly for the soldier in the squad. better armored systems. better systems for operating in degraded visual environments. robotics. unmanned aerial vehicles. better energy programs to both save money, but to lighten the load on our soldiers.
diminish the number of convoys that provide an inherent danger of getting water and fuel from point a to point b. these are absolute critical things for what the enemy may look like from wherever the enemy may come from. our readiness continues to be a concern for me. our metric is somewhere -- it depends. you can get an argument in the g3 is it 60% or 70%. but right now, we're at 32%, 33% ready amongst our combat formations. while that's sustainable for a while, as i said and the former chief, if sequestration returns any meaningful budget reduction
in addition to that what we're trying to manage now or that next unforeseen of any dimension comes forward, we're in very, very bad place. i've testified should either of those occur, let alone both, somebody is going to have ask us to tell us to stop doing something. frankly, as i look at the world right now, i'm not sure what that would be, so this is a critical turning point for the army and for the department of defense. logically for the nation. while we are following very carefully what's going up on capitol hill. >> i agree. that was remarkably eloquent. i think the general made sure to make forceful and respectful comments, but come out swinging to policymakers as they prepare to think through how to fund the government beyond a series of short-term continuing
resolutions. i think he was right to do that, to lay down a bright red line in terms of how low-end strength can go and readiness and et cetera. the key to that was i think the link you made between readiness and modernization, to get soldiers better energy, technology, whether that's at the squad level. it's also about what you're providing to them. what they're droiving in, remotely piloting, what their weapons and munitions are. i don't think there's that nuanced -- i don't want to pick on the hill as a block. i think on the policy committees there is a great understanding of the challenges you're facing. >> i agree. >> but it's a segment of congress as you well know. a key statistic that surprises me every time i hear it is the
majority of congress -- and it's somewhere in the 60% range -- is new to congress since this administration. so if you were to go back, you wouldn't know the majority of the faces. you would know them because of your job but not from working there, which means the learning curve and the restarts and the educations it's more frequent. we miss the carl evans and the gene taylors. we know the old bulls who were around many years with you as well, so it is a shorter cycle in turnover and policy space, which i think it makes it more difficult for a service secretary coming on board. i think the intention is usually in the right place, but they're limited by politics and by the bca first and foremost in a lot of these situations. so putting on your politician
hat, just meaning -- if you were on the hill right now and you were still ranking member, chairman of the armed services committee, what would you hope leadership who doesn't sit on these committees, what would you hope beyond reversing sequestration, would you want them to repeal bca? what outcomes would you look for? >> look, i'm a recovering politician. i'm not sure where i left my politician's hat, but you mentioned this. we are very, very confident and comfortable with the posture of our oversight committees. the members understand the plight, understand the nuances. that's why they're on those committees, because the other members want them to be the experts. if you're talking about the leadership particularly senator reid, senator mccain,
thornberry, smith, i think they're trying to do everything they can to help other members, be that of some duration, some tenure or otherwise, to understand this. that's our challenge. if all we had to do was get our committees to act, whether it's repealing bca or some other measure, we'd be in far better shape, but that's not how this democracy works. that's been the challenge. you mentioned if you talk to any member, most members, they will give due deference to the problems we're facing. but in fairness to members -- and in part, this is a compliment to the united states military. they're not having to deal, thankfully, with a 9/11 or this is not a world war ii
environment where everybody knew some person who served. they're constituents are worried about their next paycheck, the survivability of social security. the challenge is not just for congress and the leadership, but for us. it's to try to help other members and their staffs beca e because, as you know, the staff is crucial to bringing issues to leadership. given the state we find ourselves in, we have not been as successful as we'd like to be, and we're continuing those efforts, whether it's a structured one in posture hearings or kind of an opportunity to show our stuff in ausa, which is coming up in
october, or just going to the hill every single day and trying to meet with psns, trying to meet with mlas and tell them to relates what we're facing, we're doing that. but if this were easy, we would have been past this already. >> one of my questions is on the aviation restructuring initiative. we were briefed on it by the brain children of it in the army active duty service members, the officers. it's remarkably well thought through, just terrific. i know it's been difficult to move through the system, but it's the right thing to do. it's the right thing to do whether you had money going up or down, i think, for the army. so how's it going? how is the hill reacting? what's the receptivity? do you see this moving forward?
you've had much more success with proposing this to the air force. i commend you for that. i think you learned from their mistakes smartly. how is it going and what do you see for the next 18 months in that regard? >> i appreciate you're saying it's the right thing. right or wrong -- and i think you could get a debate on the right aspect of it, is the necessary thing. i'm not sure we would have gotten to it that the point in our developmental efforts were it not for the budget constra t constrain constraints. the reality is the analysis showed us i could save us $12 billion in the life of the drawdown and operationally a billion dollars a year. we could just not continue to afford propping up the kaiawa. our combat aviation brigades are
some of our most hard pressed, and they're first out the door. we very reluctantly, but inescapably, made the decision we made. just to be sure, we've had a whole lot of outside analysis. we had formal reviews from rand and from cape at osd. not always our highest praisers, but all of them said, as you did, the hardness of this aside, it's done well. we are going forward, and the guard is meeting the requirements. we're somewhat constrained by legislative limits, but we're living with those and we think we can continue to do that. but we do need to execute this. it's simply, as i said, the
right thing to do. i understand the guards' concerns, but we've not just tried to take from them. by the way, the vast preponderance of aircraft that will be taken out of the active component versus the guard, but we recognize they have a vital role over the last 14 years operationally. and the concern that i've heard perhaps the most often is they no longer have a combat role in the air. that's just not the case. if you look at the combat support and combat missions flown in afghanistan, the vast majority weren't flown by apa e apach apaches. they were flown by blackhawks. we're prepared to give them some of our most modern blackhawks. not only does that maintain their role in combat and
forward, but it fulfills a critical need in their title 32 missions, which we believe is essential as well. we've tried to do some puts and takes to smooth this over. the guard continues to be concerned about it. i fully understand that. from the congressional perspective, we have the commission on the future of the army that's continuing its deliberations. i think it's likely -- in fact i'm sure until the commission reports back and makes some recommendations or lays out courses of action for the congress that we'll kind of stay steady state here and we'll see where that goes. >> that's a great point. i'm glad you brought up the commission. i was out in death valley recently thanks to the u.s. army. >> i've been there for six years. >> this was actually at port e t
port erwin. it was a joint forcible entry exercise. the army has not done one of those in 10, maybe 14 years. i joked we were seeing the marine corps of the army. it was all capabilities and equipment and soldiers that are the first to go in the first 72 hours. it was inner service as well with a heavy air force presence. it was truly impressive. i hope you're successful. make sure you have more washington people out there, observing. >> our new army operating concept does a couple, i think, very positive things. focuses on leader development. not trying to predict 20 years from the future, but making sure we have tomorrow's leaders who
are comfortable in the unknown who can react rationally, but it also emphasizes the joint force. you in today's era have to present multiple dilemmas to an enemy. if you're a run trione trick po that's great. if the enemy knows you have 100 mile an hour fastball, they're going to figure it out and react to it. the joint task force is essential. we're trying to continue to return to focusing on that. we want every branch of our service to be the best. if and when the need comes, to be able to operate effectively together. we haven't had the chance because of other circumstances to focus on that, so we're trying to return to that kind of basic skill set. >> i commend you on your
outreach in education. i think that's so critical for the army to expose policymakers and decision makers to seeing the army in action and getting them out of their comfort zone here inside the beltway. we're going to conclude our remarks. we're going to open up to questions. please wait for a microphone because we do have cameras here and they'll not be able to hear you. we'll call on rick first, an old friend. >> you properly said you were a public servant. i think of you as one. when you came to washington as a good government guy, that's what you were here to do. i have to tell you quite frankly after watching you in congress you didn't fix congress. it was pretty dysfunctional when you left. >> the president blames me for
leigh i leaving. >> i think you have tried to do the same thing at the pentagon, but i would say you did not tame the beast of bureaucracy in the pentagon as much as you might have wanted to do, so i'm wondering if you could tell me what you think of your performance. as you came here to washington, you tried hard to make things run. i think you were a pro worker, pro-government person at a time when i don't think most of the government, most of your party, is pro-government and pro-worker. and i wonder how you feel about that. >> softballs are over. >> good to see you again, rick. i remember when i worked in albany as a staffer the senator i worked for had a cartoon on his refrigerator in his conference room. the caption read simply, when you're up to your ass in alligators, it's sometimes hard
to forget your original intent was to drain the swamp. i went to the pentagon, i think, like most senior leaders with an agenda. we wanted to do some dramatic things in acquisition. we wanted to take some steps to professionalize and provide professional development opportunities to the civilian work force. and we've made progress there, but i've admitted previously it's nowhere near where i hoped we might be, but reality kind of slaps you in the face in these jobs. certainly from my time as secretary, when you walk in and all of a sudden you're in two theaters of war, that pretty much takes up the large share of your energy tank. and we have been working hard to meet the realities of both training, manning, equipping those soldiers to get them forward to hopefully keep them as safe as possible while
they're in that theater and get them back safely, but equally to begin to care for their families. one of the first things i found myself doing was taking our family care programs, which were $600 million, and doubling that share of the budget to 1.2 billion. i felt that was a moral obligation, frankly. there's a more basic reality here that today's soldier when they're forward doesn't need to be -- they're always going to worry about their families, but you don't want them worrying about things they shouldn't have to worry about, so we focused upon taking care of those families. and now we're seeing such things as ptsd, the aftercare for some pretty significantly wounded soldiers and how they go forward, suicides, all of those things kind of say man plans, god laughs. it would have been nice to focus
100% of the efforts on the agenda that we laid out. i'd be happy to discuss, i think, the progress we made in those areas that i outlined, but you have to deal with the wolf closest to the sled, and for us, that's been in a different direction. i guess that's more an excuse than anything else, but it's the reality that i think i've had to deal with. again, it has far less to do with me as secretary or any number of stars on anybody's shoulder, but this army today is the greatest land force the world has ever seen. for all of the very, very bright people in the pentagon in my mind that's for one simple reason. the young men and the young women of this nation continue to step forward and they're incredibly competent, skilled, dedicated, and amazing patriots.
but if i had one wish, i wish every american could see the true heart and nature of what these amazing soldiers did. i have to extend that to all the services. we're a fortunate country to have volunteers who will come forward and do this amazingly difficult stuff. >> i agree. why don't we work -- we'll work right to left. >> hello, tom. how are you? >> i'm very well. how are you? >> ask me in a minute. >> as one of the nation's or pentagon's top officials for its bio terror labs, can you explain why they have had difficulty with tracking agents like anthrax and why you ordered the moratorium days ago? >> i ordered the moratorium out of a sense of extreme caution.
while the cdc and others have stated we don't see to this point any threat to human health and safety, when you're dealing with these kinds of pathogens, i think the better policy is to err on the side of caution. we continue to examine these. you asked me a question about how this happened. i'm not prepared to say that. we've got some partial answers. all of them correctable, but i think we want to be very, very sure that we understand as completely as we can the full picture before we come out and lay out a way forward. as you know, part of the moratorium i ordered included all the labs under my executive authority to retrain, to check protocols, to check standards to make sure that the people in
various positions had the right skill sets and were doing things in the right way. this all started with a question of protocols, of the scientific basic protocols that you apply against these pathogens to make them inactive. are they actually valid. i don't know if we know the answer to that right now. these are things that are very, very complex and challenging. i don't pretend to be an expert on the science behind it, but i'm going to make darn sure that at least in so far as my responsibility goes we're taking every step possible to make sure that the public is protected and that we develop a way forward that allows us to conduct these tests, which are absolutely essential for the security of this nation and its people in a way that's as safe as humanly possible.
>> right here. >> thank you. sebastian springer with inside defense. i wonder if you could talk about acquisition broadly and two specific portfolios that have unanswered questions in them. the one being the next generation ground combat vehicle and the other being air and missile defense. where are you leaving things and what's next in those areas? >> this is kind of like writing my own obituary. when i first arrived at the pentagon, it was no secret, certainly from my time on capitol hill, that army acquisition was not performing where it needed to be. so one of the first things i did was order a report that famously became known as decker wagner.
i think it's important to note that wasn't a gao study. it wasn't sbo. it was us looking at us. and while it came in and told us things separately that we knew, it was shocking to see it all in one report. and just a piece of the findings from 1990 to 2010 22 failed army major developmental programs which cost the taxpayers about $30 billion. you didn't have to be an analyst to know, boy, we have to do better. and so we kind of looked at how did we get to that place. there as there are these complex matters -- the army had a habit
of investing in developmental programs requirements on things that are unlikely and never did field. so those programs just weren't able to come forward, so we tried to rein in our requirements programs. after i arrived, the rfp came out with over 1,000 must-haves telling the potential bidder, you've got to give us all of these things. to everybody's credit, we kind of looked at that and said, that doesn't look like a lesson learned to us. it looks like a repeated lesson, so we went back and scrubbed that down to under 200 of absolutely essential things. we allowed contractors to trade off requirements against other capabilities, et cetera, et cetera. we understand that sometimes good enough is good enough, and we also recognize the affordable way in the future was to build
something that you could add on to and adopt to new realities of the day may be. i won't tell you we've turned that 180 degrees, but in the last five years most of our developmental programs were on time and on budget. the reality we've had to do with, sebastian as you mentioned, is available monies to continue them whether it was through budget cut or whether it was because we go into a continuing resolution that doesn't allow you enough oftentimes to reconfigure your needs within a program. we decided ground combat vehicle, for example, to put that aside. gsb and despite urban legends to the contrary, it was on time and it was on budget. it became unaffordable in the near term. we kind of put that aside. we are examining technologies
and advancements that were developed to that point to see what we can do to maintain those and pick that up in 2023 or so because we absolutely need a new generation of infantry fighting vehicle. and then reinvest those savings from what we were going to spend there on our other ground combat fleet on our bradleys and our abrams and such. that's, again, a political -- excuse me a monetary necessity, not a failing program. the way forward depends on the money that lies ahead of us. we're challenged as well in missile defense. when you go and talk to partner nations, one of the first things i ask about are patriots. they're the most deployed or
amongst the most deployed units in the united states army. while we're trying to go with missile segment enhance that, too, becomes a money issue. so what you were able to do in large measure in every aspect of the military is what you're funded to do, so we'll see. >> quickly, we'll go over here and work our way back this way. >> george nicholson. you talked about the acquisition requirements process. lessons learned. the replacement for a helicopter coming out of vietnam was the lockheed. built, flown, cancelled. >> that was in that period. >> over the last two years, the next replacement was the arh but bell. built, flown, cancelled. have the lessons learned from
those three been put in to the new process the army is using? >> thank you for digging those up. sadly, i can name others not just in the aerial fleet, but in some of our developmental programs as well. look, we didn't sit down and analyze virtually every one of those programs. i'm sure somebody has that sitting on the shelf somewhere. but by and large what we have found in terms of our procedures is an overreliance on undeveloped immature technologies of unreasonable requirements and always trying to get the very next best thing. kelsey grammer did a movie called "pentagon wars."
probably not totally unreal in terms of how developmental programs have been approached in the past. i think in one instance they were putting a porthole into the bradley. we're doing better there. i can't tell you had we done the things now that we failed to do back in the comanche period that would have been fielded. but we're not doing any major developmental programs until the 2020s are behind us. one of those proverbial outyears. everything is going to be great in the outyear. woel see we'll see if that comes to fruition. that's a budgetary issue, not a failure of our developmental people.
stay tuned. >> hi, sir. i'm jim from the atlantic council. i'm going to ask you not about equipment, but organization, if i could. back in the 1940s, the united states developed nuclear weapons. tactical nuclear weapons anticipate then soviets developed nuclear weapons and the army thought we need to reorganize because we're afraid nuclear weapons are going to be coming our way on the battlefield so the plan was something we called the pentomic division. it was an attempt, i think, by the army to deal with -- deal with the offset strategy coming back at you. then in the 70s and 80s precision weapons. i think the u.s. military got really good at military got goot sending towards enemies. i think this is why the deputy secretary talking about a third off sets and worried about it
coming back the other way. coming at american forces, potentially. this is why you think a lot about missile defense. if the army tried -- if a lot of ground forces thought and tactical weapons, as an organizational challenge, is there an organizational challenge for land forces in the future? do we need to rethink organization? or do we need to double down so that we don't need to. what do you think? >> well, look. we've got a lot of very, very bright people who think about a lot of different things. the third off set is one of those things that's under discussion now. i'm a fundamentalist when it comes to the warfare. what i worry about the third offset is that it somehow d so n
denigrades. so, baseline, we're always going to need an army, in spite of discussions about sanitizing war and fighting it from robots at 30,000 feet. and, to your point, sure, we future cast all of this stuff. for us, that work is done in a variety of sources. they look at that and you combine that with the commander oakland. the way walters nichols is going to combat now is that there's responsibility areas. they look at the challenges, they're supposed to both today and tomorrow and how to best address those. there's that coordination. i can't tell you how that's going to come out right now,
again. we're meeting more -- me, day-to-day, we're meeting with the board administrator. but i don't stay up at night wo riing about we're not thinking about something. we're always thinking about those kind of things and the fact that you're tracking the third offset strategy would show that this is an active process. i can't tell you how that's going to come out.
>> wow you please share with us one of the trips that impressed you the most about the men and women who voluntarily choose to put their lives in harm's way and we're at the cloth of this nation so that we might be free? >> yeah. we had a combat half a mile away from the village. and we went into the outpost. and i met with the command leadership for this whole area.
they were it. they had spent recent weeks. and they're like cement walls. thereafter doing that, they worked with the supposed elders and got them to agree to work with our side, not accept the taliban out of coercive concern or any other reasons, had developed the local militia and taught them how to be effective militia. all at that level of command. and, as i said, normally, you'd
have a couple of stars running around in generations passed doing this kind of stuff. and to see those kind of young people, it's just breath tarking. the other thing, we were transiting through launch. we were visiting troops while our crew was getting rest. and the soldier had just been brought in. he had lost one arm. he was intubated. they said you can go ahead and talk to him, even though he's conscious, we don't think he'll
understand you. so i had been in there and whispered how proud we were of him and what a great american he was and pressed coin into the the one hand that he had left. and that soldier, intubated, saluted. i was amazed. >> i can't think of a better way to end than honoring the requisite soldiers that you represent and their families. there couldn't be any better response on which we could conclude our day's discussion. so we wish you well, sir. we know you're not off the job yet. as the second longest serving secretary in the army, you're in it until your successor is confirmed. i want you to know how grateful we are in this room for the
hours toiling away. >> thank you. it's been an honor. thank you. [ applause ] the second republican presidential debate of the 2016 campaign is tomorrow night. former oklahoma senator tom colburn. he'll also talk about his call for a convention of states to, as he sees it, reign in the local power of federal government. and then, general connolly. and, later, adam keiper joins us
to talk about human cloning. you can join the conversation on facebook and twitter. >> epa administrator testifies wednesday at a senate environment and public works committee hearing. they're examining the august hazardous waste spill caused by an epa clean-up team. live,10:00 a.m. eastern here on c-span3. >> this sunday night on q&a, washington post national political reporter robert kanstadt on the 2016 presidential campaign. and the similarities between donald trump and ross perot. >> the themes are really overlapping. perot has a distinct personality. the celebrity factor was not there with the same way it
drives people and attracts people to trump. they throw themselves at trump for autograph and picture. there's a power that perot didn't have. but, being outside of the republican party, the republican party's relationship has been rocky this year. i broke the story that preibus called trump a month ago and said can you ton it down on immigration. he did not tone it down. now trump has signed this pledge. but who know what is the pledge is worth? it's a political document. we can see what happens this year with perot happened with trump. trump is, if anything, unpredictable. he could easily run as an independent regardless of this pledge. >> sunday night on c-span3 q&a. >> next, officials from the justice department outline some of their cybersecurity concerns including the impact of encrimination. this event is two hours.
interview and then we'll go to a great panel with ciar rag from the department of justice. just a quick bit on passcode. we launched in february of this year. we bring some of the biggest issues facing the internet. if you were here this morning, you'll agree this is one of them. we hope you'll come to more of them, especially in october where we have a full slate of them here in d.c. we hope you'll listen to our podcast. subscribe to our newsletter.
this is clearly an issue where it seems like there's this immovable force about national needs and law enforcement being -- i'm sorry, immovable object, unstoppable forceover technology and business. we're here to figure out how to move this ahead. how to move this discussion passed what seems like the past. so let me welcome in brett hanson from dell. bret is the executive director of dell data security.
is your mic on? sounds good. >> it's on. >> it's on. >> um-hmm. >> is it going? >> good, good. >> you guys provide a sweet of conduct. little devices, cloud, everything in between. channel functions in the software industry. so we've had, in this town, we're very aware of big breeches recently. can you talk a little bit about mallware tactics? >> well, like you said, the number has certainly increased as well as the effectiveness of this. what is often overlooked, at
almost every one of these major breeches, it comes down to individual. the end users, people like ourselves, are the focal point of the attacks. the reason why, technology can do a lot of great things. we can do a lot of improvements. as long as there's a human being at the end point, that's where the target is. they're the one who is are going to be curious and click on the picture of the pretty kitten and want to find out more about how to buy that. >> it has to be more thoughtful than empowering users. raise the fact that they're going to have multiple devicesment let's do so in a way
that allows me to manage -- and that's if they step up. that's a change in the strategy that we need to itch leapt. >> so, given that, how do you get them? >> there's going to be a combination. cyber security contains lots of different parts. j there's not one silver bullet. i think that's important for everyone to understand. there isn't a silver bullet. it's going to require -- it's going to require advanced policy and advances in education. however, we're seeing a lot of really strong advances in the last few years. indefinite user security is increased significantly.
and that's providing new technology with access today that and networks to better protect. so in the mobile work force, obviously, nations that do that and still stay secure. is that a viable approach? >> it leads the combination above policy. and it needs to be involving the employees thems to make sure that they're in. but for too long you think about data at the end point. pcs, mobile devices, public clouds. that's more of an after thought.
their approaches are containerized. they're going to keep all the untrusted data, your browser and e-mail attaches in a sand box arena that sprats it from your work flow. so, yes, the challenge is significant. yes, we are challenged nearby. there's a lot of companies out there that employees can utilize. >> let's just pause there. any question frs the audience? anyone like to jump in here?
>> if you had a greater ability of data, what would that change? is there that opportunity on the horizon? better visibility around your data forthcoming? >> so, answer the first part of the question is if you had better visibility or data? absolutely. if you take that to the physical world, companies know where their physical assets are.
so sf you're able to understand where my data is going, you should be able to detect if a breech has occurred. companies have to be thinking about their data as an asset. encrypting it. ensmuring that there's true access control. and mitigating risks going forward. >> one last one, millenials in the workplace.
trying to be regressive and say i'm going to lock you down certainly will work for a select number of organizations. so we need to be thinking about, again, how do i protect the assets and data itself? but that's where we need to go. i think there's a question. >> hold on just one second. we'll get you a mic here. we want everyone on c-span to hear you, too. >> hi, i'll put my coffee down. i have a question. i took my child on a disney
baltic cruise. and i actually had to get a dod-compliant wipe on my come pulter. and now i don't want to restore my come pulter. a lot of that data, i don't need. just information that we don't want out. there are people carrying around stuff. their laptops. and i carry two laptops. but when i got that dod wipe, i felt so refreshed.
i would really like one formula. >> i will say that there's an opportunity around data of what you're creating and what you're putting in the marketplace. the whole concept of creating data that if it's launched into cyber space and can be used against you is something that we should be aware of. it is a growing need to be thoughtful of what am i putting out there? >> any questions? sure, one right here. go ahead. >> how about pronlsing
technologies and the appeal of them. how do you prevent or break the psychology of companies wanting to invest and then becoming so reliant that they don't continue to invest in new ones. it seems to be a common trap. what can your do to break that psychology? >> that's good news for me. i think enr education is actually foremost. there is at this stage, a lot of excitement in the marketplace around cyber security. and i talked to customers, large and small every day, about how to improve their cyber security. what i stress to them is this is not a sprint. this is a marathon. this is going to take time. and then, to be really effective with cyber security, you need to stop thinking it as a -- as an end goal of itsds own and start
to bring it as part of your business goals and your business objectives. so as you're considering where your business is going, you need to be thinking about cyber security. as an example. i was talking to a company that is increasingly out-sourcing the production. that is creating opportunities to be more efficient. however, it's also creating new risk, as they're having to put more of their i.p into the hands of their partners. there need to be cyber security strategy. i think that's the change that we need to help drive. rather than getting caught and just embracing it and being done, it's how does the technology enable you business strategy and so much is cyber security strategy, as well. that ae that's a change in the mind set, but it's absolutely critical.
>> so my question is the solution that is you've focused on, the end users, the devices and how do we sort of secure those items. at a communications network level. what can be done there on that front to ensure cyber security? >> my name is andy from g data software. you mentioned the end user's perspective. other than a slap on the wrist or you're fired, how do you manage accountability. what is your idea? >> network management.
>> i obviously work for dell. we do have a big focus around the end user security. i think that's been a neglected part of the security environm t environment. security security,as i mentioned earlier, is all about solutions. it's the ability of different pieces to talk to each other. so as i'm collecting information around the attacks and the threat service at the end point, my threat is going to enhance its security and vice versa. increasely wharks you're going to see are these different assets starting to communicate with one another and through that communication, be more e fiblgtive in terms of both addressing threats as well as being proactive and permitting them in the first place. that's a journey we're working on. del has a great asset which we work very closely with.
so we're going to be taking those steps ourselves to really further integrate the two offerings to in realtime to make them more effective as a team. both offered as a team together. second question, accountability. that's a tough question to answer. there's a lot of different discussions about how to encourage work force. . a lot of what i've seen successful is the care and approa approach. >> thinking about how they can be safe. those who go a certain amount of time about how to reach a violation, either receive an award or recognition. there's also those companies focused on a shachling approach. using a little bit of, okay, john's been reached five time ins the last month. john, you're a bad guy. and that's obviously a little more draconian. it's probably in the car rot and
stick approach. but, certainly, at this stage, there is a low-level appreciation for work force employee acountability. i think the carrot is a great way to go. notify worker who is's doing well. give kudos. acknowledge the fact that. affecting data and addressing to protect or advance persistent threats. we're going to need to be much more effective in the long haul. >> thank you, director. thanks for coming. [ applause ]
so, first, we have amy hess. she is the executive assistant director of the f.b.i. science and technology branch. criminal justice operational technology divisions and the f.b.i. lab. she'll keep a few remarks and get to questions and i do want to get to audience questions, as well. >> great, thank you, sir. appreciate the invitation to talk about this very important topic this morning. so the f.b.i. really used the going dark issue as having been a concern for us for a number of years.
it's well beyond encrimination. it basically summarizes the issue we have with the proliferation of technology over the years. and how that might be impacting our ability to do our job. our ability to get information, evidence or leads in criminal investigations or national security investigations. and so as we see this proliferation of technology, we see that case accelerating. and, so, to that point, we have actually been more and more vocal about the issues we're seeing, the concerns we're having, the challenges that we're encountering with respected to be able to do our job. so, as i said, the going dark problem is more than just encrimination. when we're going dark, we're referring to encrimination for, example, data in motion. data that's transported across networks. realtime electronic surveillance that we must do in the course of our investigations.
we also view it as a challenge with encrimination on data at rest. stored data. we also view it as a challenge when it comes to mobility. so people will bounce back and forth between, for example, cellular service, wifi service back and forth. and that presents a challenge to us, adds well. and then anonimty is another challenge. and then, in addition to that, we see, for example, foreign companies. that presents a challenge to us. we see a challenge where it will
disappear as soon as you send a message. and that presents a challenge to us. all of those things factor in to what we refer to as the going dark problem. at the same time, the nafgs we used to keep in our homes are more and more on our electronic devices. and the same goes for bad guys. in trying to prevent those threats from happening or to bring those people to justice.
that's where we live as a society. we also have the foreign intelligence surveillance act. it does the same thing with national security investigations. search warrants. all of those orders signed by a judge that enables us to get access or at least authorizes us to get access. unfortunately, unable to execute more and more because of increasing problems and issue. not proposing a solution to that. from the government's pore spektive, we really need the companies to try to come up with
a solution. to try to build the most secure systems. yet, at the same and present an ord i with the search warnt or signed by a judge that we're able to get the information that we're seeking. the evidence, the data in readable texts. to start, let's go with encrimination. so strong, they say the company itself can't get access to the data. let's distill what we're talking about. that's actually a back door.
this is a bimt-in weakness. what is the problem as the f.b.i. views it and the proposals that have been flying around washington. >> sure. >> i think the ability for us to prevent an attack or to bring someone to justice, that's the piece that's at issue. and for the encrimination piece of the discussion that we've been having, the issue comes down to whether or not the
company is talking about realtime communications or stored communications, data at rest, it comes down to being able to access that. so in order to access that information, the question is how are we able to do that in the most secure way. i think starting with the premise that in the society we currently live in, currently to be able to get that information for some other consumer-based need.
at the same time, the question comes down to whether or not the government should be proposing those type of solutions. they're able to build build in some type of accessibility. >> what is the specific problem. what happens in that process that is holdsing up law enforcement from getting that app? >>. >> sure, when it comes today that at rest, we see the issue and we've presented a number of examples in the past. be i'll start with a passive example. for example, we had a case
involving a child pornographer who eventually was communicating with individuals. based on a photograph, question got access to that person's iphone. and then that investigation led us to eventually identify additional victims that that person had molested. all of these individuals, these children, were under the age of 8 years old.
but without that information, we might not be able to do that. we have homicide investigation where an individual is shot and killed answering the door. now there's no one to serve the warrant on. the police were unable to access to try to find clues as to who might have been responsible for her murder. >> so how big of a scale it shall what's the scale at this point. you have a new york district attorney who's saying that, in 80% of the cases, involving iphones running ios 8, law enforcement was unable to access that data.
free, to get a wiretap, it's a very prolonged, dlib rat process. so in order to do that, not to mention the level of f.b.i. headquarters authorities that we have to go through. an ajoent is not going to pursue all of those things. we have that same problem when it comes to, obviously, what we're seeing across the board. we are seeing an increasing problem. we need to do better at capturing the data. obviously, things like the
annual wiretap report kind of presents the problem. our investigators aren't going to pursue something that's that. >> there are some who say that there's actually more law enforcement available than ever before. that law enforcement, for instance, could collect met data which includes telephone recorders and location data. but aren't these tools enough? >> that's a great question. i think that, personally, i've had discussions with all of the f.b.i. field offices to have enough knowledge of how we investigate and, of course, having been in those field offices myself, and having investigated a number of different violations, agents will always try to get the information they need.
so they're going to try everything possible. in some cases, if we're stymied by the inability to get information in, really, the most effective way of being able to directly access a device or access of realtime communication, we're going to try to find a way around it. sometimes the problem is if we can get to it, we'll have lots of examples where we could have got the information if we had the capableties.
>> what about creting teams to break into the data once it's been collected. >> certainly, that's an issue too consider to discuss. we need to prove to a judge that we have exhausted all lesser means. to me, hacking sounds like a pretty intrusive means to be able to get the information. but on top of that, if they change that device, or if they upgrade to the latest upgrading system, they decide they don't like that anymore, it's very fragile. it may not be timely.
>> yeah, especially for the state and locals. we have a lot of really, really smart technologists who can help think through these problems and challenges. we communicate with our law enforcement partners on a daily basis. but the problem is, fechb we might be able to solve a specific problem, even though it might take us a while to get there, the state or local police departments may never be able to have that luxury to have those types of people employed or available to them to be able to do the same thing. >> so tim cook, earlier this summer, said that he's a ceo of apple. and he said if you put a key under the mat for the cops, a particularer can find it, too.
>> i'm worried about security risks in general. the f.b.i. supporting strong encrimination. clearly, we also have the remit for when it comes to bringing people to justice. that includes cyber threats. at the same time, how do we get the evidence we need when served with a warrant, signed by a neutral judge, to a company. to try to come up with the best, most secure motion to do that.
>> you bring up a good point. both the government and the private sector encrimination is seen as the best practice. so do you see the -- how do you see the relationship between what you're asking for and the need to protect data. do you see that at all? >> certainly, to protect people's communications. i any that goes back to just our first premise. we want people to be secure in those systems, for all the reasons i previously stated. but we also want to be able to get to the information with a warrant. when we do that, how do we get information that we need, but, yet, make sure that nobody else or at least people who build
these systems can make it as secure as possible so that it limbs -- there will always be a risk. and i will readily admit that. there will always be a risk when someone other than the sender and the receiver can get that information. at the same time, how can we minimize that risk? >> what are your relationships like with skoourt secretary. if they can modify it someway, it can hurt them. >> yeah, and we talk to the companies all of the time. matter of fact, we have conversations to try to figure out the best way to get the information that we need in the course of an investigation.
certainly, why they're conce concerned, and, clearly, they have legitimate concerns. y glvrjts if we build this capableblety in, how do we minimize that risk? it is a concern to them. at the same time, what we've been trying to do is to balance the discussion to say here are the two things at play. and what is the american public confidentble with when it comes to either going far perhaps one way or too far perhaps the other way when it comes to being able to access data presenting some risk inherent with that. >> and do you think if there is some kind of channelled access data as other countries are going to want the same thing that the u.s. government is wanting now? >> i think that's always a concern. that's part of our constant, daily discussions. we've had a lot of conversations with other countries, who
clearly want that information. our allies in other countries certainly have the same concerns concern and they want access to that data. the question is how do you differentiate what presents good human rights records are and country that is perhaps don't have those good human rights records, for example. and then, at the same time, if your u.s. companies, what are the obligations versus the. you have to give other countries nanding that access if they do and if this policy goes into effect. and let's say you'll like to have similar access for china. and are you sympathetic that this might put them in more of a political or diplomatic role. >> i think it's a very political discussion.
the question is how might we enable law enforcement to do its job. they want to try to do their job, too. that is a huge policy discussion. how are we able to limit that? that brings up how we might see ourselves in the future. by doing business in this country, does that mean that you're subject to certain rules and laws? >> are you concerned if they do, they can affect people's overall ability to communicate securely? >> sure. i think any country with poor
human rights records that's why we have the laws in place that protects from that. but that is certainly a concern. and, again, it goes back to the policy discussion about how are we able to discern between countries with poor human rights records and countries who don't have thattish sue. and who will be subject to what laws. >> i do just want to ask you one more question. you mentioned how the number of devices is overshrill increasing. so walk me through what is happening now as you're investigating a terrorist.
>> what we're seeing is mr and more individuals associated with isil. to be able to recruit individuals. who will use open social media platforms. but after seeing that that person might be more receptive, they'll try to move them to other platforms that we are unable to access. so what we see there is this going dark issue. how do we get passed that? if it doesn't work, what would? maybe physical surveillance.
the problem is, kwhiel we're trying to figure that out, obviously, we're wasting time. and we're using more resources to get that information, which may never come to fruition. and so our concern and our fear and what keeps us up at night, you may not know who's communicating in that fashion. we don't know how many more people were there. >> i do want to turn it over to the audience for questions. remember to say your name and where you're from. >> i just wanted to get you're views particularly to what's out and how easy it's been for making android users to use this kind of encryptic space.
>> and do you think some of the terrorist groups are taking advantage of the technology. >> i do think those who pose a threat to us are taking advantage. but they know and it's been well publicized as to what communication methods we were able to access. i can't speak to specific capableties or companies. but at the same time, we do see that in the course of our regular investigations chlts we do see those type of investigations, as well. yes, it is a concern. >> in the front? >>. >> how would you address --
sorry, alyss sarks, wait for the mike? >> my name is alyssa vhavinsky. i wrote an article. how would you respond to the concerns raised by alex damos that special keys how do we grant them only to the united states and also to our other corporate friends. we do business in china and russia. clooerly it's against national security interests. >> i washt to clarify again, one size fits all solution. the government is not promoting a folding key that will be the
solution for all companies. that's why i think it would be up to each individual provider to come up with what is the most secure solution for them that still achieves the end result. which is just to get usdatdata. with that said, the larger part of the discussion is how do we make sure that u.s. companies, and u.s. data a, subject to do that type of access. same time, considering what other countries may ask for, how do you factor it in to the larger policy discussion. it's a source of going debate. >> yes? >> it's not here and now. when and when do you foresee that larger conversation taking place? >> about the access issues? >> about the larger policy
question that you reference ad. >> there's daily discussions going on about that type of thing. we are concerned about it. certainly is here in washington, we had a number of discussions, with a number of different agencies. while we don't have the answers, discussions are occurring. >> usa today, congressman, having experience on the incryption issue, would you like to see them get involved with the issue or would that do more harm than good? >> the discussions we have been having, is that we want to bring the jobs to the fore.
to also, not take it off the table. i think that right now the, the idea and our goal is to ensure everybody understands what is at stake. for risks on both sides. and the equities on both sides. and so, currently, that is our goal without declaring whether or not we are seeking or pursuing or need that additional legislation. >> you said that you talk to the companies daily about the best ways to get information and the fbi has been talking about it for a year and you keep saying that you want to have this discussion out there to the forefront, and if you are talking to the companies, daily, i'm wondering, your opinion to reaction that you get from the companies, when you say that you need to be able to get around their incryption? >> the answer is, it depends. it depends on the company.
clearly. some companies, some companies may not are have, some are not subject to mandates. they don't have to build in the, those, that type of access. they have, of course, most companies want to help. they want to stop a threat or bring somebody to justice. but if they are not mandated to do it, the question comes down to a, do they need to take the resources and divert them to build in access? or at the same time, do we have companies that really would not be part of their market plan to do that? and even if they want to cooperate, it could take years to be able to build in some type of access.
so, all of those dynamics are built in, most companies will try to help us with whatever information we can provide. it may not be the, the -- really the solution we are looking for. >> any other questions? yes. right here. then we will go to -- yes. >> russell shea i'm a law student here in d.c., my question is about, in the context of law enforcement cooperation, in a scenario where data may be stored, physically outside of the united states, the, some tech companies argue that the government should pursue the data through mutual legal assistance treaties. are you going to comment on the process, and what it's like, and things that need to be updated or reformed, what is the approach to this issue? >> clearly, we have challenges with the ability to get
information on a timely fashion. sometimes there's processes, and they may take months. if not years. to get the information, sometimes they are just in effective. sometimes they are effective. but, that seems to be, you know, more on the rarity side. so, i do think that this presents that challenge for us. as to if it's u.s. data, in the course of a u.s. investigation. and we are talking u.s. data, in furtherence to a u.s. investigation in pursuing a signing of a warrant by a judge, what is the appetite of the american public to say, that company had to provide the information. that's the debate we are having at the moment. to find out what is the right balance. and how do we get that information. what is the right mechanism to get that information. >> um, so, in the third or
fourth row here? >> hi, dave, from politico. so, chinese fir firms, there's concerns that the chinese authorities can access the communications you are transmitting. if it's aapparent that u.s. firms are offering the same ability to u.s. authorities. whether or not the chinese or other parties can access them, what affect do you think it will have on the u.s. technology industry? >> again, it's a great question. it's, you know, how do we, we have an investigation with the u.s. company data. strictly limit ourselves to it being about u.s. investigations and what the u.s. needs access
to. and the question comes up, other countries want the a access. so when you have a uk that has that need in the course of a law enforcement investigation, versus another country, that we may not have the same type of relationship or same type of, again, human rights record or whatever it might be, with respect to what they are going to do with that type of information. that is the larger policy discussion. and how do we think about that? do we, at this point, again, i think that we knee to have that more open discussion, what's the right solution? we don't have that solution right now. we don't have the right solution for what should be mandated, should it even be mandated? are we comfortable in the place we are in now, where the pendulum has swung so far post sn
snowden that we are seeing from a law enforcement perspective, seeing society as a whole go to a place where more and more people are going to be above the law. and if that's the case, are we comfortable with that as a society? that's the larger question. and then the second question, what do we do about it? if we are not comfortable. >> okay. and we have time for, i think, a few more questions. >> hi, i'm with the intercept. i'm curious in the fbi is concerned, if the companies,you got them to agree to a backdoor or build in capability, are you concerned that other companies may lead, darker companies, criminal entities and provide the end to end incryption and it will primarily be the american user loses out and criminals will find access to these things. >> really, the experience that
we have had is that if companies can build in a such a way, again, i go back to the, it should not be the government pro posing the solutions. the companies know their systems better than anybody. in our ability, the requirements should come from the government, and that is what we are trying to accomplish. but the companies should be able to build in the most secure systems. to build the most secure systems. to do that. with that said, i think you, yeah, the very tech satisfiy peop -- tech savy people are going to figure out how to take advantage of anything. and that clearly happens on a regular basis today. how do we protect against that? again, to say that, i think service providers today are 100% secure is a little bit of a misconception as well. and when we are moving toward
this world, how do we identify the best way to really attribute those types of attacks, or those types of, i guess, protections, if i will, but they are not, the perspective, that the hackers, the criminal element may be trying to try ing to move people toward and we have to root out and identify those individuals. i'm thinking in my head about, you mow, one of theç conversations we have on a regular basis is, with respect to access, historic communications. for example, a communication device like a smartphone, people ask us on a regular basis, yeah, that person backs up to the cloud. the problem with that, what we have found in the investigation is that most people don't do it regularly. and don't do it on a regular basis. they may not do it at all. you clearly turn that
feature off. and we see in the course of investigations that the tech savvy criminal can find out if automatic back ups are occurring. or if that reason is being diverted in some way off of a particular device. and so, we have to be able to, i think account for that in the course of the investigations as well. >> and, last question? >> from a friend of the fbi, of the aclu, i will paraphrase, the question is, does the fbi use incryption in classified e-mails sent over the internet and other organizations and how can the fbi engage this conversation with tech companies if they
then themselves are not operating at a high level of technical sophistication and how do you feel the federal government is doing in general to raise themselves up in the conversation, to say, yes, we are doing our own good cyber hygiene? >> we need our information incrypted and protected the same way as the american consumer and companies do in the country. clearly, you have seen as a result of the recent hacks, we continue to focus on that. i will not talk about the type encryption that is employed on one level. we as a government, need the to do a better job of it. and it comes back to my original point. we support strong encryption, as i said several times today. we need to protect data and
communications and conversations. but, the challenge for us is again, just to tee up the issue, what is the american public's appetite if we go to 100% secure systems that nobody can access, ever. are we comfortable with that? even with, in the course of an authorizationed investigation, in the course of trying protect public safety or in order to prevent an attack. are we comfortable with that? that's the underlying question. >> that's a great place to end on. ha for joining us. thank you. applause
. we've just had a conversation about the law enforcement, in the incryption debate and now we will put in he other views in the conversation. we have next to me, one of the leading cyptographers, he is employed in the university of pennsylvania. we have john calas, he is working with silent circle. and we are keeran braj, thanks to joining me, and we will again, have questions, and then he we will open up to the audience for your questions as as well. >> just to start, why don't we, i have a question for each of you, actually. what do you see as the benefit to society to have a strong incryption, do you see it out weighing or falling secondary to
getting a access to that data? >> it's easy to frame it, it's between national security and law enforcement on one side and privacy and strong protection on the other side. everybody participating in the debate for the last two decades, easily falls in to this. it's a question of having encryption and decreasing our ability as a nation to prevent crime by having weaker
encryption, we are both on the same side for wanting to prevent and stop crimes and for wanting to make the country more robust against national security threats. unfortunately, it's a battle we are wilosing. i would love to stop having the debate and get back to work. >> john, what do you think? >> i think he has brought up the central issue, it's a policy question. and it really is a policy question. it's not a technology question. those of us in business are already international. my company has a swiss company, we are not a u.s. company. and we know that the threats come from the countries where they don't have good human rights. and we don't have a technical way to make it so that we can provide access to the good guys and not the bad guys.
and under certain circumstances where it's hard to know what is going on. they were saying repeatedly, it's extraordinarily hard to get a warrant. that what they need are mechanisms that can go beyond getting a warrant and would just let them get the data. that is a policy issue of what gets protected from a legal aspect of it. and we are in a situation where we are forced to build our devices in countries that are not particularly always friendly. and yet, we have to be immune from blackmail the from them. if they decide that people in friendly countries have done something like not hand their data over because they have just happened to be in that country, how do we handle it? what is the policy of us juggling 170 plus countries and
deciding who has filed what paperwork. >> what are your thoughts? >> i think we have to start with the shared values that we have. ensuring public safety and strong national security and strong to do it. and we do it with our commitment to rule of law. it helps the freedom of expression and data a security and our i.t. security and that's why, the department, the fbi, and just the administration supports strong encryption and i think the rubber hits the road for us when we design systems that use the strong encryption to the point that it's warrant proof. that means the system is designed so only the end users can access the information. so, i think, when we think of what the share values are, we have to figure out how to design
systems that maximizes public safety and national security interests and our cybersecurity interests as well. that's what we talk about in the conversations and key badebates we are talking about. >> matt, you are a veteran of what is known as the crypto wars, they were earlier battles that went on in the 1990s. how are the debates now compared to the debates back then? >> yeah, it's been a long time, and we keep fighting the lot of the same battles. i think the main difference between you know, this discussion can, in the 1990s and today is that in the 1990s, a lot of this was, hypothetical, we were saying things like, you know, this internet thing is going to be important some day. and we are depending on computers, and we are depending on this, this computerized network infrastructure for a big
part of our daily lives and we have to be secure really soon, and that's really important. i'm not sure i believe that it was going to be as important as ultimately it became. every part of our daily life depends on a secure network infrastructure on being able to secure end points. you know, this is so integrated in our daily lives, we cannot identify where. i think the stakes have gone up since is the last time around. >> you were also the one who discovered a flaw in the u.s. government's encr ayption syste. as technology is more in every day life, do you feel it's possible from a technical perspective now, to create a solution like the ones this the
national security officials are proposing? >> it's often framed as well, we have solved so many really hard technical problems. look at all the wonderful things we have done. surely, if we can put a man on the moon. we can design a secure back door encyption system, unfortunately, it's not so simple, when i hear the, if we can put a man on the moon, we do this. i am hearing it as if we say, if we can put on a moon, surely we can put a man on the sun isun. you know, this is a hard problem and it's not even a new problem. ultimately, we are talking about a set of requirements that somewhere along the line involves making a relatively simple problem, encryption between two parties who know each other and only they can get
access. it's a simple problem. turning that in to a very complex problem. and securing systems with complex requirements and building systems of that level of interaction in a way that works reliablely and as we intend them to do. it has been a problem that has been around since the beginning of software and computing. we don't know how to solve it. >> you don't think it's technically possible to do it and have systems be secure? >> a shorter version of my answer is no. >> do you think it's true, that it's impossible to do it? >> when we look at what companies are doing today, we see there are large companies, for example, in the commercial e-mail providers, where are they use strong encryption to protect
the e-mails, and for their own business purposes they have to be able to access the underlying can tent and th content. one of the reasons is to serve you advertisements, but it's also to operate the security software. so the information is generally protected with strong en encryption, the company itself will have access to their information. we see companies now that have the balance, they have strong protection and security for their data and have access to it, it's difficult when we hear, it's technically impossible to
do it. so, again, i think we have to have that discussion about, you know, do we want to really encourage situations where, you are building systems that are warrant proof that provide zones for criminal activity, or do we want to have a larger discussion that said, we want to do it today as well. >> there's not one proposal, technical or otherwise pro he oppos -- proposed by the u.s. government, why is that? do you think the u.s. government will put forward something more concrete? >> i think the reason you do not see a single solution. it does not make sense given the industry. each company knows the system so much better than the government does, or frankly anybody else does. when we think about it, it's about how does a company respond to a warrant or court order,
they are in the best place to figure it out. it does not make sense for them to have a golden key. in that situation, it does not really make sense, it's what is much better and frankly, i think all of us agree that the government needs to go to the company with the court order and the company provides the information. with see ing debates where they are saying that the government is wanting access to that information. >> you do not necessariily thil the government having a role in that? >> the main point for the government, the congress and the american people have given the government certain authorities.