tv Key Capitol Hill Hearings CSPAN October 29, 2014 12:00am-2:01am EDT
you are taking in your everyday life, corporate, government or individual that increasingly is becoming the norm. that is the area i look to in about 5, 10 years, that is what concerns me. we tend to focus on fixed networks. -- thoserporate-based aren't going to go away but the handheld digital is the next area of concern. >> the internet of things, the wearables. >> i consider the internet of things part of that. >> question right over here. wait until we bring you a microphone. >> i apologize, i can't see you so well. >> i hear the lights are pretty bright in your eyes. i am susan morrow.
, in themy question energy sector, we don't differentiate between physical threats and cyber threats. we drill with the assumption that they will probably do both at the same time if it is a sophisticated attack. to be frank, the military's response in its own protection seems to be focused on isolation as a tactic for dealing with the idea of the grid going down. i wonder if you could talk to that a little bit. as tempting as isolation is as a strategy for response, it also potentially makes security a lot more difficult if you have individual grids all over the place. if you could talk about isolation versus integration. >> isolation works at a tactical level for immediate short-term periods. it is not a comprehensive,
sustainable strategy. it is this idea of, i will just shut the network down. it is not that it is a bad thing at the tactical level. if you are looking at a base, an installation as opposed to an entire grid or sector. in the long run, i think the right answer for us is going to be, again, rather than isolation, how do east to -- how do we do something in a more integrated way? isolation is difficult as a strategy, particularly if you have high power requirements. we have huge power requirements so this is something that i pay a lot of attention to. power is a big concern for us because we are a huge consumer of electrical power. i agree with your fundamental premise. the challenge becomes, how can
we have a conversation about the right response strategy here? are we really comfortable with this idea of isolation? as a broader strategy, i don't think that is the best response. thank you. about -- i have heard some members ask, and likewise with the response in the question about tabletop exercises, say a business is sharing information, using a framework told or a risk management tool and they are dealing with an adversary that outstrips their abilities to keep pace. we know that there are partnerships with dhs and other agencies. when would the nsa step in? what is the policy there? argue that theld
most likely scenario is probably u.s. cyber command. one of our three missions is when directed by the president or secretary to provide capability to the critical u.s. infrastructure. , our missiono that will be to attempt to interdict the activity before it gets to that u.s. company. that is our primary strategy. that is what dod brings to this. , ifbset of our strategy is we should fail in that regard, we have also developed defensive response capabilities that we ,an deploy to partner with dhs the fbi and the private sector. it goes to tom's question. how do you mediate and mitigate? if you fail, how do you remediate? that is really the u.s. cyber command side. is what the president
requests the secretary of defense to do. there is a policy debate, a legal debate. it is why in my an initial comments i talked about this as a national security issue. viewed as a national security issue, the capabilities of dod and their application are in keeping with our broad policy and legal structure as a nation. if we view this as a private sector issue, then traditionally, do you really want dod involving themselves in this? is why i think looking at this from a national security perspective is important. there will be a discussion about the refocus on critical sectors. is it any private entity? we have defined approximately 16 segments as being critical infrastructure whose loss would have significant national security impact.
what we are developing at u.s. cyber command is to be prepared to apply capability in those 16 segments after erected by the president or secretary. >> thank you. , according toober the department of homeland security -- you may know the chamber has embarked on a outreach campaign. over the last few months, they have been going around the country. as you can imagine, very different audiences. a lot of us in washington are well-versed in the cyber framework. in phoenix or chicago, some of them hadn't heard of it. we are spreading the word on that. the question is, that is great, that is a campaign. what else do we need to do? you look at the als ice bucket challenge and how quickly that went viral. jumpstarte do to people paying attention to cyber
security? issues, what is the tipping point? what does it take when it gets so bad that we finally say, ok, enough? we have to get the legislation, put those partnerships in place. the status quo is not working for us. for whatever reason, it doesn't appear that we have reached that point across society. in no small part, because many of our citizens, it hasn't reached a true pain threshold. so someone steals your account information, steals your credit card data, charges on that card. right now, if you report this to your bank, we are not paying a price. the corporate sector is assuming liability. they are covering it. the point i think about is, once this becomes something that
impacts a broad swath of our citizens in a real manner that impacts their daily life and ability to do what they want when they want, then watch for a whole shift in the way we are talking about this. my frustration is, it shouldn't take a disaster to tell us that you can see this coming. knows that this is a significant national security issue that is not going away. it will likely only get worse. we can either deal with this now in a collaborative, professional hit ae can wait until we across the forehead. i don't like to get hit. i find that to be a painful experience. i would much rather we have a dialogue and from the dialogue to the concrete sets of how to make this real and how we can work between the private sector, government, and a broad swath of
government -- one of the comments i made is, right now we are asking the private sector to withstand the efforts of nationstates against them. that is asking a lot of the private sector. i think you have seen this reflected in what we are trying to do as a government. this is about partnerships. we have to be able to provide government capability and capacity to support the private sector. we need the private sector to provide capacity and capability to make this work. it is not either/or. for those that argue it is a , i thinkector function the reality is it is between viewpoints. we have to work this collaboratively. there is no single technology, no single source of intelligence or insight that will clearly tell us exactly what we are
seeing. it takes partnership to make this work. you have information i need and i have information that could be of value to you. >> you have not just one of the toughest jobs, you have two of the toughest jobs. cyber commander at head of the nsa. what do you think your biggest challenge is? where do you go from here with the cyber command? how can the chamber be helpful to you? >> my biggest challenge is creating a culture and building the framework for the future. on friday, united states cyber command celebrates its fourth anniversary. we are four years old as an organization. in the scheme of things, for years is not a long time. there are organizations that have a much longer history than we do. my challenge is, create that workforce, build the operational
concepts and command and control as to how to deploy it, and exercise it with our partners inside and outside the department, as to how to make this work. what you need from us, what we need from you, how to share it, what format. isn't, i givethis you everything we have. i don't want that from you and i don't think you want that from us. we can bury each other with data. putting on my intel hat, data is interesting but what i care about is insight and knowledge. i use data as a tool to get there. --a is not the and all end-all. >> we have a question here. wait for the mic to get to you please. the industry
leaders association. i will stand, sorry. >> i can't see because of the light. >> my question is, you talked about the importance of cyber information sharing. we are going to hear later about sharing legislation. one of the big criticisms by some is that these bills allow you to get the information and they would like that -- how do you get around that? >> let's have a very clear definition of what you are providing us. i don't want privacy information. it creates challenges for me. it slows me down. for this mission set, not a good thing for us. is ai like to have discussion about, what is the information we want to share with each other? what is the value that information generates? trustdea that you can't
fill in the blank, that is a recipe for disaster for us. among the things we need to address is, the controls and the oversight mechanisms. what is the role of civil liberties and privacy? what is the role of inspector general's? aboute lots of mechanisms oversight and control of information. we need to make that a part of this. i'm not interested in anybody writing a blank check for u.s. cyber command or the nsa. i bet the fbi and dhs would tell you the same thing. remember, dhs is the leader here. they are theargon, supportive commander and we are supporting them. we work through the department of homeland security. we partner with others in the federal government in addition
to dhs. energy, wery, partner with others. u.s. cyber command, we are not the leader. the national security agency, we are not the leader. we partner with others. >> we have time for one last question. can you wait for the mic to get to you? >> politico pro cyber security. there have been reports about employees of the nsa working -- there have been some reports recently about employees of the nsa working part-time in the private sector, former employees going on to the private sector. how is that affecting morale
within the nsa? is there concern about that relationship with the private sector? >> first, we have a formal set of processes that must be applied when individuals do something in addition to their nsa duties. we review that and when circumstances change, we will say, that is not acceptable anymore. the circumstances have changed. the relationship is different. we do that on a recurring basis. for some, it is as simple as someone with a language background saying, i want to use my language on a contracting basis to increase my skills. sometimes we will say yes. sometimes we won't. in terms of the flow of partnerships and information back and fourth, i have been very public about saying for the nsa, i would like us to create a model where members of our workforce don't spend 30 or 35
years working directly for us. it is amazing, the employees that i will talk to. when i say, how long have you been with nsa, 35 years, 38 years. i just said goodbye to an employee after 50 years. technology,ate of we have got to create a world where people from nsa can leave us for a while and go work in the private sector. i would also like a world where the private sector can spend a little time with us. one of the challenges that we are dealing with, and you have seen this play out, we have talked past each other a lot. we don't understand each other. the nsa culture and experience isn't optimized to understand concerns from our i.t. and corporate partners. likewise, many of the
individuals we work with in the corporate world don't have an understanding of us. i think we should change that. i think it will produce better outcomes for both of us. thank you very much. >> thank you for your time. thank you for all that you do. the u.s. chamber of commerce looks forward to working with you and your team. we hope you will come back. >> i thank you for taking time from very busy personal and professional lives to be part of a dialogue -- it won't be just today, next week, next month -- being part of a dialogue about what we ought to do to address a foundational challenge for us as a nation and for our friends and partners all over the world. cyber does not recognize geographic boundaries. the idea that we are going to deal with this in america, i don't think that is a winning strategy. we can learn great insight
internally, but also from our partners overseas as well. it all starts with our willingness to have a dialogue with each other and a willingness to be open. of,starting from a position you are in the private sector, you are all about money, i don't know that i can trust you. or the private sector saying, you work for the government, i don't know that we can trust you. that is not going to get us where we need to be as a nation. that is not going to provide the protection that our society, the private sector, government, us as private individuals, that is not going to generate the outcomes we need. this will take all of us. it starts with an open relationship and a willingness to be transparent with each other. i thank you very much. have a great day. [applause]
>> thank you for your warm introduction and for inviting me to your annual cyber security summit. we benefit greatly from your leadership, especially in promoting the chamber of commerce's role in national security. in establishing an annual gathering focused on cyber security challenges, the chamber of commerce demonstrates commitment to keeping our nascent secure and lowering barriers for businesses to compete fairly in our global economy. the fact that this is your third annual summit is a testament to the growing magnitude of these threats and your commitment to making cyber security central to your business plans. this is an important issue. one that i know the chamber has emphasized as part of its national cyber security awareness campaign. in the campaign roundtable events, the chamber has stressed
the importance of cyber risk management and reporting cyber incidents to law enforcement. i couldn't agree with these recommendations more. today's of event, it is our opportunity to discuss how to best protect ourselves and our nation. cyber security threats affect us all. they affect our privacy, our safety, and our economic vitality. they present collective risks and disrupting them is our collective responsibility. the attackers we face range in sophistication. when it comes to nation states and terrorists, it is not fair to let the private sector face these threats alone. the government ought to help. we need to do more. at the national security division, we focus on tackling cyber threats to national security. in other words, those posed by terrorists and nationstates. later,talk a little bit,
about how we have restructured our divisions to focus on bringing all tools to bear against these threats. likewise, chamber members have an important role to play. you are living through these consequences with alarming frequency. of fortune 500 companies have been hacked. price water cooper house released a report finding that the number of detected cyber attacks in 2014 increased 48% over 2013. as fbi director james komi has noted, there are two types of companies in america, those who have been hacked and those who don't know they have been hacked. we are on notice. i would venture to say that everyone in this room has in their professional or private life been affected by a cyber security breach. at best, a minor inconvenience, a reissued credit card.
at worst, devastation to your company's reputation, loss of companies trust and injury to your bottom line. steps, itking proper is a question of when, not if, a major breach will occur. with that, we will come to questions about whether you did enough to protect your company, your customers and your information. ahead to theght of day when you will have to face your customers, your employees, your board and your shareholders? when you have to notify them that someone has infiltrated your company and stolen your most valuable information? if that day was today, could you tell them that you have done everything in your power to protect your company's future? how do you warn them of the risks? would you be able to say that you have minimized the damage? do you have a plan? it is a pretty daunting
scenario. it is knows a prize that surveys of general councils around the country identified cyber security as the number one issue on their mind today. surveys also show that over one order of fortune 500 companies -- a quarter of fortune 500 companies don't have a response to cyber intrusions. this is risky business and we know that we will never achieve impenetrable defenses. but you can take steps to mitigate the risk, protect yourselves and your companies, and the cyber security of the united states. we have identified four essential components of cyber risk management. first, equip and educate yourself. make sure you have a comprehensive and comprehensible cyber incident response plan and review it. i have spoken with many ceos and general councils who say they have not reviewed or cannot
decipher their company's plan. we must do better. uite risk c-s management decisions and you can't manage corporate risk if you don't understand it. make sure your plan addresses who, what and when. who is involved and who needs to be notified in the event of a major breach? what will be exposed? when will you notify clients, law enforcement and the public? second, know that your business contacts create risk. malicious actors can exploit outside vendors. no matter how resilient you think your defenses may be, you need to worry about those that you do business with. consider guidelines to govern third-party access to your network and ensure that your contracts require vendors to adopt appropriate cyber security practices. third, protect your bottom line. companies are increasingly
considering cyber insurance and you should consider how this may fit into your risk management strategy. cyber insurance may offer financial protection and incentivize companies. finally, do not go it alone. some of our attackers are linked to military budgets and resources. when they are, it is not a fair fight to take on alone. we must work together. working with us can be one more component of your risk management strategy. as more breaches are publicly acknowledged, the public will ask how quickly and effectively you responded. as leaders, you will have to answer to board members, shareholders, and the public. you will want to say you did everything you could to mitigate your financial loss, your bottom line and your financial reputation depending on it. we can help. we can provide information to protect your networks and we may
be able to take action to disrupt and deter attackers. you are on the front lines of these battles. we are with you. we are committed to working with you to protect your networks, identify perpetrators, disrupt their efforts, and hold them accountable. among our top priorities. at the national security division, we appointed new senior leadership to strengthen our capacity to protect our national assets from cyber attacks and economic espionage. thereated and trained national security cyber specialist networks to focus on combating cyber threats to national security. these are specially trained prosecutors in every u.s. attorneys office across the country. evidence andw the facts where they lead. from a lone hacker working in
obscurity to an organized crime syndicate in russia, even a uniformed member of the chinese andtary, indictments prosecutions are a public and we proveway to which our allegations. as attorney general holder said in may, enough is enough. we are aware of no nation that publicly states that theft of information for commercial gain is acceptable. that is because it is not. nevertheless, in the shadows of their flags, some may encourage and support corporate theft for the profit of state owned enterprises. we continue to denounce those actions. we won't stop until the crimes stop. a core part of the government response must be disruption and deterrence. in order to raise the cost to the people who commit these that's and deter others from the
actions. the criminal justice system is just one tool. in addition to prosecution, we are working with key government partners to explore how to apply designations, sanctions, trade pressure and other options to confront new cyber challenges. these changes will help us fulfill our collective responsibility and help us work with you. we rely on cooperation from the ofvate sector to bring many these cases, from identifying the malware, to pinpointing the locations of servers, to assisting victims in removing the malicious software from their computers. one example, last spring's , aedown of game over zeus big success for our colleagues in the criminal division. this takedown would not have been possible without close
cooperation. thehe fbi put it, it was largest fusion of law enforcement and industry partner cooperation ever undertaken in support of an fbi cyber operation. it crossed international boundaries. it affected hundreds of thousands of users. we recognize that one of the best ways to protect the nation is to support you in your efforts. that is why in 2013, federal agents informed over 3000 companies that their computer systems were hacked. they are working to provide additional information about the who and how of the attacks. every day, the fbi works with companies targeted by malicious .ctivity we are not limited to how ping
used solely in the aftermath of intrusion. nor do we see our role as only a collector of information. we also share sensitive information with you so you can defend against attacks in real time. in the past year alone, the fbi presented over three dozen classified sector-specific briefings to companies like yours. the information that we share with you may enhance your ability to detect future intrusions. your engagement with law enforcement can help us connect the dots between your breach and a broader threat. we may be able to help identify what was stolen from you, locate the perpetrator, and in certain cases, disrupt planned attacks or mitigate the effects of past intrusions. given the importance of this cooperation, the department of justice is committed to lowering the barriers of shared information through expensive one-on-one meetings with
in-house legal teams. we learned what you perceive to be as legal hurdles to cooperation and we are working to address them. lawsarified that certain and antitrust statutes are not impediments to sharing information with the government. we understand that trust on both sides is it essential to voluntary reporting. trade secrets, details of networks, and personally identifiable information -- bottom line, we can help you manage your risk and you can help keep our nation safe. the 9/11 commission concluded recently in its 10-year anniversary report that we are at september 10 levels in terms of cyber preparedness. they warned that history may be repeating itself in the cyber realm. we must band together to keep
that from happening. we want to arm ourselves for the threats of today but also prepare ourselves for that which we can see coming. if you just think about the tools that cyber criminals use, the intrusion software affecting millions of computers, when used by criminal actors, these tools are generally used for financial gain. it doesn't take much imagination to imagine that these tools can be used to disrupt or destroy. terrorists have stated they want to exploit cyber security vulnerability to harm our way of life. al qaeda has announced intent to conduct cyber attacks against civilians. the department of homeland security recently confirmed it is investigating cyber security flaws in medical devices and hospital equipment that could be exploited to injure or kill a
patient. the threats are real. we know that terrorists have the intent to acquire these capabilities. if they succeed in acquiring them, they won't hesitate to deploy them. it is a race against time and one with high-stakes consequences. gaps thato looking at may exist in authorities. many of our laws were not written with cyberspace in mind. they don't necessarily contemplate extraterritorial crimes. they don't facilitate multijurisdictional investigations. they don't empower us to bring authorities to bear swiftly and effectively. we are committed to working with the relevant lawmakers who support modernizing these laws. new legislation in several areas including information sharing is needed. byant to conclude my remarks
discussing the changing perceptions of being hacked. among consumers and industry, there is a growing understanding that companies are going to get breached. that doesn't mean we turn the other way. there is a downside to taking an ostrich approach. consumers expect companies will adopt industry standards for security. when these intrusions happen, consumers expect companies to respond promptly, acknowledge the intrusion publicly, and cooperate with law enforcement to communicate -- to mitigate the damage. the chamber of commerce is positioned to drive corporate change, to ensure that companies and partners treat cyber breaches as more than a technical problem, to recognize that security operations are not insulated from business operations, and discuss with your boards, employees and industries, the importance of cyber security risk management.
as we face evermore threats in the threats aren't letting up and neither should we. thank you very much for inviting me. i look forward to taking questions. >> questions for mr. carl and? >> my name is mike sark. i have a radio show that concentrates on climate change. ngos that a lot of don't trust the government. and they see the government partnering with the private sector, you nervous. -- with the private sector, they get nervous.
i don't know that he or anyone else in the federal government investigated. i am not sure about the repercussions. ngos really thick in the community working against climate change. when we consider the full weight of the government and private ,ector standing on our backs what i would like to know is, have you considered how the federal government might reassure all americans that it is working to protect everyone and not protecting members of the chamber of commerce from things like this happening? let me say, absolutely, we are dedicated to defending all americans, private consumers, private companies or nonprofit organizations. thatve seen too often nonprofit organizations are
targeted for cyber it attacks by nationstate ever terry's -- adversaries or criminal groups. i encourage those who have suffered a breach to work with law enforcement as the victim of a crime as they would in any other circumstance. work andbe happy to are working on cases like that all across the country. >> other questions on today's topic? >> politico pro cyber security. you have spoken in the past around the indictments of the , the approachals to the problems -- in those remarks, it was promised, this is not the end. what are the types of circumstances that will lead to more aggressive movements by the
u.s. government against nationstate hacking? what is the threshold for us to see more of the tools in the toolbox being deployed? , when itk for too long came to nationstate actors, there was a lot of good work being done on the intelligence side to figure out who they were and what was going on. but for too long on the criminal side, they weren't working day in and day out to sea whether or not it involved an actor that we could bring appropriate criminal charges. network we started the and had prosecutors trained all throughout the country on both how to handle the bits and bytes and complexities of electronic evidence, and how to deal with sensitive sources and methods, the expertise that prosecutors can bring to bear in national
security cases. people are looking at the cases in that manner and the fbi is sharing intelligence with those prosecutors, a case will be brought. we proved that was the case by bringing the case against the five members of the people's liberation army earlier this spring. cases, see additional because the crime continues of stealing economic information. at the same time, we need to ,ork with our partners developing sanctions from the department of treasury, entity , bringing suits to make sure that we leave no tools in the toolbox. we bring everything to bear. those who of the day, would steal information from hard-working american businesses and customers decide it is not worth the risk of getting
caught. >> american express, thank you for coming today. my question is, could you shed your perspective on the impact of the latest botnet takedowns that have taken place in partnership with law enforcement as well as the private sector community to affect that? >> i will refer once again to game over zeus. that is an example of a takedown where several things were happening at once. you needed action inside the united states to disrupt the command and control servers and keep them from sending commands to the botnet. you needed the cooperation of foreign partners because many of the servers were in foreign countries, so that they would simultaneously take action. could, you extent we need to find attribution of the
bad actors responsible and work to bring them to justice. that collaborative action that took place with the u.s. government, foreign governments, and the help of the private sector, was able to disable and remediate the hundreds of thousands of computers that had the infected malware. that is the type of action that cannot take place without the help of the private sector. the private sector was essential in terms of the speed with which we were able to remediate the damage. that is what bob anderson referred to when he referred to the new normal. >> thank you for coming. jerry irvine. excuse me. can you go over some of the damages you have with obtaining
digital evidence? [clears throat] i'm sorry. in the metropolitan area, there are very few organizations with the exception of local fbi that have the ability to even gather the information, much less to maintain it and keep it secure. what are some of the challenges you are having, having that information around the country? >> it is definitely a challenge. that towe have proven those that think they can hide behind the keyboard, they can't. there are cases where we can have attribution. thenow the person involved, name, what they look like and who they are. that is a difficult case in part because of the difficulties of gathering electronic evidence. that is true domestically, let alone outside the reach of our
borders, which requires close cooperation with our foreign partners. i think we have come a long way in that regard. we need to go further. we need to continue to work on developing those relationships with our foreign partners to make sure they have parallel statutes on their books to allow us to lawfully acquire electronic evidence. >> thank you very much, john, for coming here today. we appreciate the good work of you and your team. >> thank you. i look forward to working closely with the chamber of commerce and your members on this joint threat. thank you. [applause] >> ok, can everyone hear me ok?
chamber'scome to the third annual cyber security summit. thank you both for joining us. we are going to introduce you both and talk about the bill itself and go from there and perhaps take some questions from the audience. let me introduce our speakers. so glad to have you here. california senior senator dianne feinstein has built a reputation as an independent voice working with democrats and republicans to find some common sense solutions to the problems facing california and the nation. since her election in 1982, senator feinstein has worked to build a significant record of legislative accomplishments which includes helping strafing -- strengthen security here and abroad, combating violence and protecting natural resources in california and across the
country. assumedfeinstein chairmanship of the senate select committee on intelligence where she oversees 16 intelligence agencies. she was the first female senator to hold that position. it is also my pleasure to introduce the honorable saxby chambliss. in 2008, saxby chambliss was elected to serve a second term in the united states senate. magazine calls him a highly visible, well-respected presence in washington and says he has a reputation as an affable but straight talking lawmaker. they also named senator chambliss georgian of the year. his leadership on national security and intelligence matters during his tenure earned him an appointment to the senate select committee on intelligence where he has served as vice chairman since 2011.
he is a strong advocate for improved information sharing and intelligence gathering abilities. that is a topic we are going to get into here. thank you both for joining us. i was just sharing with senator feinstein our propaganda, if you will. we are big fans of the cyber information sharing act. why did you put this legislation forward? what does it do? >> i will begin. first of all, thank you. it is my understanding that the chamber is prepared to support this legislation. that is very important. if i can speak for the vice chairman and myself, for our whole committee. on a personal level, the gentleman on my left, what a great pleasure it is to work with you. we put out a number of intelligence authorization bills. ladies and gentlemen, one of the things i have learned in public
life, in a two-party system, to get something done, compromise is not a bad word. if we sit down and i try to share something that i know with senator chambliss, either i have to give or he has to give, or we find a mutual road to go down. found that to be a very productive way of producing for the people of this country. had mr.er when we mendez before our intelligence committee and he gave us a classified briefing on what was happening in the united states with respect to cyber attacks. then, the director of the fbi said, there is one thing common about this. 90% either know they have been attacked -- the other 10% may
not, but they have been attacked. almost every big american company today has been attacked. the question is, how serious and by whom and how much? it is fair to estimate that the cost to the economy and business isn't estimated -- is estimated in the trillions of dollars. it is very serious. we started on this with a different bill. we put that built together, it went to the floor, and it got 56 votes. we needed 60 votes. it only got one republican vote. do aey was to go back and bipartisan bill. that is essentially what the vice chairman and i have done. we put together a bipartisan bill. it was put out by the committee by a vote of 12-3. it awaits action on the floor of
the senate. there are a couple groups that don't like this or don't like that. we have been prepared, and look forward to receiving their comments. grannis is here today, our staff director. and jack from the minority side as well. wante open, but we do not to produce something that cannot get a vote. entire have done is an voluntary system. it essentially moves to let company do three things. the monitor networks, to identify cyber indicators, to use countermeasures to protect against cyber threats, and third, to share and receive information with each other and with federal, state and local governments. companies who use the
authorities to monitor and share information are provided full liability protection for doing withinong as they do so the bill's parameters. those parameters are pretty clearly spelled out. the bill has a number of protections to make sure personal information is protected and make sure the government doesn't use information for any purpose other than cyber security. finally, the bill requires the director of national intelligence to put in place a process of sharing information on cyber threats in the government's hands with the private sector. so we believe we have a good bill. we are thankful for the support that your organization has provided. we understand the financial services networks support it,
but let me say one thing, we will not have a bill -- i have tried to get this bill on the floor and so far have not had success -- until communities like yourself take a good look at it, agree with it, come forward and say, do it and do it now. states are too big to let this languish anymore. >> thank you very much for having us here today. thanks to the chamber on two accounts. number one, what i have found around the country and around the world, and around my state, i talk about cyber security. ago, six or eight months if i was at a rotary club and said this is the most important thing to deal with, everybody's eyes would glaze over. you can't see what is happening
out there. you can't really feel it. except now people are starting to understand that this is serious, that it has huge not just consequences to the united states but to me personally. what you are doing today is helping educate people about this. i am very thankful for that. secondly, i ran into a former dni last thursday. we had a cyber security conference in georgia. former director mike mcconnell was there and we were talking about the bill. he said, where does the steamer -- the chamber stand? i said the chamber is fully behind this. he said, your chances just improved significantly. thanks for your willingness to let us have a chance to dialogue with you on this. i want to echo what diane said.
you will think this is a mutual admiration and it is. she and i have had a great working relationship. democrats andat republicans can kick their political hats at the door now and then and do what is best for the country. and i have done that on a number of issues. i am so glad to have her in the foxhole when we are fighting these battles, whether in the airwaves are on the ground. she has been a great leader and a great friend in the process. summit acyber security couple years ago. there were competing factions that didn't allow that will to generate more than 56 votes. after that, i did we were involved in the process, but actually we were fighting each other on the bill, but we both knew the importance of the issue.
when that bill went down, she and i sat down together and said, this is foolish. we know how important the issue is. we have to come up with a bill that is bipartisan, that we can get the majority of our committee to agree on. it is not easy. in these times, on capitol hill, seeing bipartisanship is somewhat of an anomaly. i did make the right kind of compromises on positions without compromising our principles to come together on this bill. it received a 12-3 vote coming out of the committee. you don't see many 12-3 votes coming out of any committee on the senate side these days. that was going into the election. , number one, were to make sure we had a bill that was going to provide john and
our other law enforcement and government agencies the tools they need to make sure they are able to detect intrusions into any system, public or private, and make sure they have the ability to share that in a public to private standpoint as well as a private to a private standpoint. if we don't do that, we are not accomplishing anything. we want to do that in a voluntary system. if we mandate to the private sector, you will do this this way, there is always going to be pushed back. with the level of trust that exists today between the public sector and private sector, we knew that our chances of success long-term were not going to be very good. what we did was go to your company's, go to the private sector, and say, we want your ideas.
we want you to help us start on the ground floor. let's build this building called a cyber security bill. we did that and we have been able to incorporate good ideas from the public sector, the i think wetor, and have accomplished what we set out to do. secondly, it is imperative that we incorporate strong privacy measures in this bill. we can't allow someone's personal information to be shared on a wholesale basis. we agreed on that and we think we have, with good language -- up with good language to ensure that does not happen. it is important that we put language in this bill that allows flexibility. this is not a short-term project. this is long-term. with the way technology changes in the world of cyber on virtually an hourly basis, we
want to make sure that 10 years from now, that there is flexibility in the legislative language that allows the public and private sectors to make necessary changes to adjust to what technology comes forward in the intervening time frame. again, another key aspect of this is to ensure that there is liability protection given to the private sector. we think we have done that in the right way. we think the private sector, those folks who were involved in it, as well as i hope all of you will read the bill. you will be like the folks in the private sector and you will have some comfort in knowing that in the corporate boardroom, people are going to say, wow, if we share this information with our competitor, we are going to have protection and be able to
do this and do this in a way without the fear of liability from outside sources. i am pleased about this bill. has a lot dianne more influence on senator reid then i do but i have implored one piecef there is of legislation that needs to be completed between now and the end of the year, this is it. if we don't do it this year, i fear it will be at least another year before it rises back to the level it is now. aree wait another year, we really risking the economy of the united states. i am very hopeful that when we get back here in a couple weeks, that senator reid is going to agree with us. anne and i are joined at the
hip on this. we are going to be together. amendmenty has an that makes the bill better, we are ok. it is a bill that tries to send a political message of some sort. i do hope that we get the bill on the floor. the senate work in the way the senate historically has worked. thank you. >> thank you, senator. protections, i will tell you that the cyber commander is very big on information sharing as well. he said the same thing you did. he doesn't want personal identifiable information. think that information sharing -- we talked earlier, this is something we have been talking about for a decade. what are our chances with this bill?
do you think we have a chance? >> i do think we have a chance. i think it depends on people in this room and rooms like it throughout america. i look back three years and both saxby and i sat down in the chamber then when you had some concerns about the bill, and it was really useful. i think i went to 3 or four big meetings and generally came to understand what those concerns were. i think those have been remedied in this bill. this bill is in the sun, the moon and the stars. it isn't a regulatory guideline how to. it's a voluntary bill. it allows the voluntary sharing of information with each other or the government, with immunity, from lawsuits essentially. and i think that's critical. it's a first step bill. it's the first thing we need to do. now, here's my worry.
saxby, if we don't get this bill passed now with you retiring, i think you're right, we go back, we'll have all the arguments we've already had and disposed of but with a new cast of characters, and companies are going to continue to get hit. so you and i, because of what we see, share a big sense of a laxative that we need to get this thing done. we really need others to stand up and say yes, we are in support with this. we oppose the last bill, we are for this bill. let's get to it. let's pass it. >> one other thing that gives us the potential to get this build on, the white house came out with their executive order virtually a year ago. i was frankly very apprehensive when they said they're going to issue an executive order because i did no one is going to say, even though i have talked with both of us about it in advance but, frankly, the lay of the land that was put forward in
that executive order is very positive in concert with what we have done in our bill. and some standards are being sent by nist. there are some other things that are being done there that i think lays the groundwork for some of, to solving some of the objections that were in the lieberman-collins bill. and we focus on information sharing which is the guts of it. if you don't have information sharing it's not going to work, but i think the white house needs to be commended for laying out the executive order the way
they have. and i've commended nist publicly and i will continue to do so about the job they're doing. >> we at the chamber certainly agree with you. we have michael daniel, the white house cyber coordinate this morning when he first came out with executive order he was here at the chamber a couple of times which is unheard of to shop around an executive order like that. i think the extent they went to get to that, not buy-in but situational awareness from the private sector on the executive order was very helpful. i will tie you that the nist cyber friend to something the chamber fully supports. we're doing, socializing with small communes has country so we agree with you that the cybercrime and executive order was a step in the right direction. >> i think, ann, if i may, i think if we can get this up on the floor i believe we can pass it. you can't pass a bill that is a bipartisan, and this one is anything we can. and both saxby and i were closely with admiral rogers, the
house chair, the vice chairman. and mike has said we are ready to go. if you get a bill, we will sit down, get it conference and we'll get it done right away. so you really don't wait, want to wait until the legislative bodies change on this. because then you got to go back to your dot and start all over again. that means in -- inordinate delay. i would hope we can get people to stand up, saxby and ann, and come forward and say you've got to do this and do it now. we are happy to make the bill language available. i think it is already. and are staffs are here. they're happy to sit down with you, or we can as well, but we really need the help to get it passed. >> and i will just say both of your us kids have been -- staffs have been terrific to work with. let's take a few questions from the floor. we are having a very hard time seeing you out there with these bright lights. so please wait for a microphone to come to you. tried to get to chamber members
first, if you make. >> cory bennett with a hill but to discuss a lot of the ways that -- high, over. i could get the bill passed in the lame-duck session. what pressures on the things that might be a someone blog and might prevent from getting passed in this upcoming session. >> let me be candid. there were essentially two categories of people who have concerns. one trial lawyers. we think we've worked that out, and that there aren't problems are now, cross my fingers. the other is the privacy community, which is a big, broad nerdy. and i think we made another six changes that we've agreed to, but, you know, it's always more more more. now, we i think if the bill comes to the floor and, obviously, we have a set time and a number of amendments, we are willing to take amendments and do them on the floor.
so that shouldn't stop it. but those are really the two groups that we have concerns about. and i think one of them will be settled, and with respect to the privacy community, you know, what i've heard is we want the old bill. well, the old bill, not exactly -- got exactly one republican vote on the floor. that's not a good message if you want to passed something. so you have to find a way to work together to get it done, and we believe we have done that. >> that wasn't my vote. this one will get my vote. [laughter] >> other questions, comments? over here. >> this morning coordinator michael daniel start but how he's working very closely with you on legislation but where is the white house stand on the bill today?
do you think they are supported enough? >> well, i can quickly state as the chairman. what we have done is kept the white house advised. the staff has done this. they sat down. they have worked with the white house, and i think, in less there's something that's new that i don't know about, there's been a relatively close working relationship. >> this is, it's not been a one-sided conversation. i've had direct conversation with the president, even rode with him in a golf cart one day
and we talked about in the golf cart as we were trying to focus on our game. we were more importantly focus on cybersecurity that day. but we face any number of conversations with the white house on it, and i'm not about to speak for them, but we have taken their original concerns into consideration and we know that the president has got to sign whatever bill comes out. and we are going to continue to dialogue. is it a perfect bill? i mean, all of us know, particularly those of you have been around the senate for a long time, nothing is ever perfect. and that's the way you get those and the way you get things done is to craft something that while it can always be improved, and as dianne said, this is the first step. who knows where we're going to be a year from now, but if we do nothing, shame on us. and i know the white house feels strongly about that aspect of it. >> and for those of you that may not be so in the we just we are, we are talking of 2588,
cybersecurity information sharing act of 2014. a little summary that we put together, this represents a workable compromise among any stakeholders. it also safeguard privacy as you discussed. protect civil liberties because there is the role of civilian intelligence agencies and desensitizes sharing with a narrow liability protection. it would also help businesses achieve timely and actionable situational awareness, information sharing and real-time. so i just want to point out you have this in your folder. we've got 16 16 organizations along with u.s. chamber of commerce now in support of this bill so very supportive. we have a question over here, matthew spent matthew with each other. senators, i wanted to thank you for your work on the bill and the work of your staff members
have done a very big a job in terms of working with us on aspects of the bill. one thing that might not be well-known is the bill does mandate that this is sharing information with government have to remove personal information -- they have to remove pii. the bill says you must remove pii. we didn't originally agree with. primarily because we thought that small and midsize businesses that are not as sophisticated in terms of doing the removal might say instead of sharing the i'm going to sit this one out. we recognized that is a big issue and that one element of the bill that we find the messenger to compromise our ground. you might be interested to know we have been meeting with many offices in the senate to try to educate them about the bill. it is our number one cyber legislative priority. so i wanted to just think and
say yes, ev do have a chance and women opportunity to pass the bill on the floor, please urge senator reid, put it on the floor. anyway, thank you. >> one thing we did to address early on privacy concerns is with regard to the definition of cyber indicator threats. and we narrowed the definition of it, and the focus is on really that serious issues of cyber threats. it's not able to be expanded from a privacy standpoint into non-cyber issues, which i understand from a privacy standpoint. so that was another big compromise that we came together on. dianne with me again. that's the way things get done. i empathize with the rational and the reasoning behind it. that's why we were able to make
the changes that we are able to make on both sides. thank you for your input. when the chamber has input, you speak for a myriad of sectors of the economy as well as individual businesses, and that's critically important to us. >> thank you very much. >> he gave you a little inside information. didn't have to do that. >> any last questions, comments? one back there. >> to what extent is the debate of surveillance in the lame-duck going to put into the ability to pass this bill. you know, i've heard both that it is necessary to this bill would also be a death knell for this bill because they don't want them to get inextricably
linked. how do you plan to navigate that in the lame-duck? >> well, i'll kick that off. you're talking about the fisa reform bill and how does it relate to the potential for discussion and debate on this bill. the thing about fisa reform is that we don't need between now and then the end of the year. we've got a bill. that bill expires the middle of next year. we do know who's going to control congress, but this has been a vigorous debate as to the changes that need to be made in fisa, and i think there's a lot of accord on that. but that's not something that urgently needs to be done between now and the end of end of the year, simply because we have laws on the books today that deal with that issue.
cyber we don't. and there should not be any connection between the two, and i certainly hope that's not the debate we get into, or not the position that we get into when we get back into session. >> let me say this. you've hit on something, because i've heard this in roundabout ways, that fisa reform has to come first. and if i understand the current status, the house has passed a bill which was are difficult for the house to pass a bill. we have passed a bill on certain fisa reforms that went out of our committee i think 11-4. the president has a distinct view on this, and that is that he supports the house passed bill, and senator leahy, the chairman of the judiciary committee, is putting together a fisa bill that would essentially
echo the house bill with a few changes in it. one having to do with the public advocate/amicus, and also with a couple of other things. here is the big problem, and the problem is how do we get something done there ask the vice chairman has said quite correctly, well, this doesn't we need to come up until next year, but that's a long time to wait. my concern is that we do need to do something there. i don't think it's necessary to put the fisa bill first. our bill is ready to go. it could pass the senate. i think at the very least they would show that we can pass something. we can get it conferenced. we can get it back before the senate for a final vote and we can get to the president. so we can do this with not a great deal of debate, probably with a joint rule between the two sides that there be a couple
of hours for debate and a limited number of amendments, and then get it passed and then conferenced it. so we could get something done. and i very much hope that that will happen. >> we hope so, too. we have time for one more question if there's anyone else out there. there's one here in the middle. >> my name is jason from senator mark kirk's office. i wanted to ask senator chambliss, who will hold the banner for information sharing the next congress for republicans? who has that institutional knowledge of working with the chamber but also -- [inaudible] >> the most >> the most senior person in line to me is senator burr. i'm sure he will be the next republican to either be chairman or vice chairman.
behind him is senator risch, and we have senator coats and rubio, senator collins but we are losing senator coburn so there's a lot of republican experience that will be coming back, and i'm confident that whoever it is is going to work diligently with dianne to move something. but as we both alluded to earlier, we've got lots of new members on the intel committee in the coming back and trying, coming in, and trying to educate those folks about the issue itself, plus there are a lot of members that simply look to dianne, to me, and other senior members of the committee to basically have some security, and from the standpoint of knowing a complex issue, having worked on a complex issue,
they're willing to go with us. we've got a lot of folks are going to be coming in that are not going to be in that position. so that's why i think, and, obviously, dianne agrees with me, that it's going to be a long time if we don't get it done by the end of this year. hope that answers your question. >> i think that's one of the things that we want to work with you on, that educating of new members, and what happy to continue to do that. i want to thank you both for coming here today. thank you for all the work you've done on this bill. it's a terrific bill. again we've enjoyed working with you and your staff, both of you. take you very much. the chamber will continue to push for this bill. >> good, thanks. [applause] [captions copyright national cable satellite corp. 2014] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org]
>> more now from the cyber security conference. cyber securitye coordinator michael daniel. this is 20 minutes. >> good morning, everyone. a pleasure to be here for the third annual cyber security summit. for those who have been forced to hear me talk to four, i've tried to throw in a few new things in my speech so it will not be totally boring. thank you for that very kind introduction. i do want to talk little bit today about why cyber security is such a hard problem. about why, as howard said, we are still talking about some aspects of it 20 years on. how we are trying to think about that inside the u.s. government to design our policies shift, adapt, address some of those key problems. when you take a step back and think about it from a purely
technical standpoint, it is not obvious why it is a really tough problem. in through aing vulnerability that we know about and we know how to fix. that means the enemy is penetrating her networks through a hole we are quite well aware of them even have a patch to go over yet he don't do it. it. so what's the deal? why is this such a hard problem? and from my point of view, i think the issue is that cybersecurity is not really just a technical problem. it's far more than that because of what cyberspace has become to us. in fact, cybersecurity is, it does have technical aspects to it, very strong technical aspects to it, but it's more than that. it's also an economics problem and a business problem, a human psychology and behavior problem, a political problem, and it's a physics problem all rolled into one. and so when you combine all of those factors together, that's why cybersecurity is such a hard problem and so difficult for us to solve and so difficult for us
to tackle. and i want to draw out a few of what those hard problems are and then talk about what we're doing to address them. and the first hard problem i'll talk about is really the business and economics aspect of cybersecurity. i don't think we really actually understand the economics of cybersecurity very well. and i come to that conclusion because of what i just said. we have solutions that we know are out there, the technical solutions that exist, but yet we can't get people to actually implement them. we've been talking about cyber hygiene, information sharing, identity management literally for decades now. and, sure, the adversaries' tactics evolve in cyberspace, and the impact of malicious behavior is growing as we hook more and more things up to the internet. but the same fundamental weaknesses continue. so, and it's not like we don't even actually collectively understand these facts at this point. yes, we need to do more on
education and outreach and talk to more and more -- larger and larger portions of our society. but, certainly, the numerous news reports on cyber breaches from target to home depot and other companies have really helped to raise awareness. .. have not confronted how companies actually work on the internet. how they need to behave. in terms of human behavior and motivation, until he actually confront them as a business problem, an economics problem, a psychology problem as well as a technical problem, we will continue to flail at the issue.
this is the vast expanse and impact of cyberspace, the fact that it touches everyone and soon will touch everything. it is changing how people think about it. when the internet was first built, critical infrastructure was not connected to it and did not rely on it. no one really cared about privacy protocol because people did not live their lives online. users did not worry about the underlying security of the code only that it worked. governments did not understand the internet, did not use it much, did not see why they should care about it. no one particularly cared they set it up to be governed that a function outside of government ace structures and did not incorporate strong security. everyone cares about these things, at least to some degree. ree.
governments wake up to the fact they need to care what happens on the internet and how it works for all sorts of reasons both good and bad. companies are waking up to this fact and citizens are waking up to this fact. so as a result, what rused to be able to be decided on purely technological basis by technology experts or by informal agreements among service providers and major companies in the space is now the focus of a highly political process and that means the decisions that once were easy in terms of internet governance and management of security are now much harder and given how important the internet and cyberspace has become to everyone and everything, that isn't likely to change anytime soon and we need to take that into account as we build our policies. then lastly the third hard problem that i would identify for you stems from the struck turf cyberspace itself. and as we think about how we
worked to build our cyber defenses and how we counter the threats inside cyberspace the physics and math of cyberspace play a very large role. now traditionally somebody like me would stand up here and talk to you about how cyberspace is borderless. how there are no, there are no boundaries and how information flows freely across the entire globe and that's true. and it is both a strength because it allows for, that's what drives commerce and drives the much of the value that comes from the internet. and it is also a problem because it allows malicious actors great freedom of movement but i think this argument is not entirely correct. there are borders and boundaries everywhere in cyberspace. everywhere that networks and routers and servers and peering points touch, there are borders. and we are creating more and more borders as we build the internet of things much. so i would submit to you, that what cyberspace lacks is not
borders and boundaries. what it lacks is an interior. there is no inside to a network when you think about it. everyone lives and operates right at the border and touches an edge or goarder -- border some way. that reality in cyberspace has profound implications how we organize ourselves as a society to protect ourselves in cyberspace. in the physical world we assigned the mission of border security to the federal government. but if everyone lives right at the bored in cyberspace then it is not possible to assign border security to just one group or element of our society. as a result, it means that protecting cyberspace by its very fundamental nature is a mission that has to be shared by all. and that reality makes organizing for cybersecurity incredibly complex because it requires us to do cooperation across boundaries that we have in the physical world made by
design difficult to bridge. both within government agencies and among government agencies. also between the government around the private sector and within the private sector. so if these are the problems, economics, psychology politics, physics, what are we doing to actually address them? at one level we have to address the technical issues that mentioned. cybersecurity requires strong technical foundation and know how. one of the things we have been trying to do is something howard mentioned in his opening remarks which is the national initiative for cyber education. we've been trying to take that to the next level. we have, over the last couple of months we have linked up the nice, this is washington everything has to have acronym. the nice program with the
president's jobs training initiative. that is looking to begin how to drive to fill the gaps in our technical workforce. not just our technical workforce. the workforce across the board, all different kinds of aspects of cybersecurity professionals we need so we can actually generate the kinds of staff that we need to do the cybersecurity mission that not only the government has but the private sector has as well so that you generate the knowledge on the technical side but also financial systems, law, business management and the like. so, universities are beginning to react by developing the blended degree programs, by getting computer science department tosco elaborate with the business school to produce graduates with applied skills to solve cyber-based problems and manage risks in the business world but that's not enough. the cyber workforce is projected to grow larger. we're stuck in a posture where we're stealing workers from one
another. what we're trying to do is begin to address the problem by supporting scholarship programs, but supporting an effort to draw up a heat map where the cybersecurity jobs are and to partner with business and others to develop more cybersecurity centers of excellence across the country at various universities to really increase the workforce we have available to us. we are also working to move to address the business, economics and psychology issues of cybersecurity. and that is really where the framework, one of the core documents that has been talked about, that ann talked about and others will talk about today comes in because the framework really is industry's document. the core thing about the framework is it is built from how industry has to think about and operate in the real world and address cybersecurity as part of their business. the national institutes of standards and technology led the effort but it was really one
they convened and really coalesced the best ideas out of industry about how to approach cybersecurity, not just as a technical program, but as a business and economics problem. the great strength of the framework in my view is the fact that it is not in fact a cookbook. if you open it up and read it to run your firewall, you will be sadly disappoint 9 because that is not what the framework is. the framework is how you think about cybersecurity as an issue. it is deeply rooted in how businesses actually have to manage risk. in taking a risk management approach, the framework recognizes that no organization can or will spend unlimited amounts of money on cybersecurity. instead it enable as business to make decisions how to prioritize and optimize cybersecurity in light of the risks that they face. it also provides a common lexicon, a common vocabulary to talk about cybersecurity. it provides a common foundation for communication between
businesses, between businesses and their suppliers and between the business and the government. so to that end it really provides a new way for us to tale talk about cybersecurity and communicate it and deal with it in a new way and i think that is where the framework will go. i have often said that the other great strength of the framework and its great success will when businesses and others figure out ways to use the framework that we never even dreamed of when we built it and to me that's where we're driving towards today. of course there are other ways that we're trying to address some of these problems. the political problems and the physics problems. we're trying to address them through information-sharing efforts. many of us in the room that have dealt with these issues for a long time are almost sick of talking about information-sharing. i see some familiar faces out there but it is still one we must clearly address because we really have to move more information both among companies and between companies and the government and from the
government back to the private sector. we've started to see some real traction in the formulation of efforts like the sticks and taxi models coming out of dhs and providing a technical foundation for information-sharing but we have to continue to do more and that is where the administration is very much focused on. earlier this year the department of justice and the federal trade commission issued guidance indicating that antitrust law should not be a barrier to cybersecurity information-sharing between companies this is big step that helps narrow the scope of work we have to do to crack this problem but there is still more we need to do and we're continuing to look at what the options are within the administration to support information-sharing and we continue to support the passage of cybersecurity information-sharing legislation in congress and i hope that you will have a chance to hear that from senators feinstein and chambliss later today, that we're working very closely with
them to try to get that kind of legislation over the finish line. another area that we're working on to address some these psychology and business and economics aspects of this is really in the consumer financial protection space. with over 100 million americans falling victim to data breaches over the last year, and millions suffering from credit card and fraud identity crimes, we knew we needed to take some steps to make stronger, more secure technologies available to secure transactions and safeguard sensitive data. two weeks ago the president sign ad new executive order, directing the government to lead by example in securing transactions and sensitive data. the new buy secure initiative will provide consumers with more tools to secure their financial future and assisting victims of identity theft and accelerating the transition to stronger security technologies in the development of next generation payment security tools.
while there is no silver bullet to guaranty this data security the executive order implements enhanced security measures including securing credit, debit, other payment cards with microchips in lieu of simple magnetic strips and pins available on standard consumer atm cards and the president is calling on all stakeholders to join the administration and number of major corporations in driving the economy towards more secure standards to safeguard consumers finances and reduce the chances of becoming victims of identity theft. we also announced the white house summit on cybersecurity and consumer protection which will happen later this year to promote partnerships and innovation. the summit will bring together major stakeholders on consumer financial protection issues to discuss how all members of the financial system can work together to further protect american consumers and their financial data, now and in the future. another big area we've been working on is something howard mentioned as well which is the national strategy for trusted
identities in cyberspace. in a nutshell this is administration's effort to kill the password dead as primary security method. if we're serious about improving the cybersecurity we simply have to kill off the password. it's a terrible form of security yet we've been unable to move past it for over 30 years. so, again this comes back to obviously there are plenty of technical solutions out there to do this but what hasn't been able to be cracked is the issues not the technical ones, the liability issues, the networking issues and other things. so the goal that we set up with this to tackle those parts of problem and really fund private efforts to get over those non-technical humps to enable the technology to proliferate more across the ecosystem and i'm excited to report that very soon we will have many of those, the pilots are starting to come to fruition and i think we will start to see the over the next
six months to a year some of those technologies start to roll out across much of the market and become much more widely available. i see it as a great example of the way we can make cyberspace inherently more secure working through strong public/private partnerships, projects that the industry and government have piloted under nstic and now we're in position to build on momentum and west accelerate progress on identity and access management within the federal government. final i would be remiss if i didn't mention the federal government's own house. obviously over the last six months we dealt with all shorts of issues to "heartbleed," shell shock, to intrusions across vary with us departments and agencies. so one of the things we're very focused on within my office is improving the cybersecurity across all the different parts of the federal enterprise. we're working very hard to promote that the concept that cybersecurity is not in a corporation, cybersecurity is not just an extra cost center
but is core and fundamental being able to execute a federal agency's mission and that in fact cybersecurity is a mission enabler, not just for the department of defense and the department of homeland security but for the department of the interior, for the department of housing and urban development, for health and human services and every kind of agency you can imagine inside of the government. cybersecurity is now core to all of the missions of all the agencies across the federal got in order for them to be able to do their mission. so as i mentioned at the top, cybersecurity is an inherently hard problem. for at least the reasons i cited and probably more. but, as a community we have indeed made progress, particularly over last few years and started efforts i think can alter the cyber landscape is fundamental ways. we started to do things like the framework and nstic. started cybersecurity as business problem and underlying psychological and human behavior
issues present in cybersecurity. we're starting to realize we have to build partnerships to address political issues of cybersecurity and to work together to address the physics and math that make cybersecurity so hard. so despite often within the national security staff being considered one of the four horsemen of apocalypse i have am at root an optimist. i do believe we can tackle these problems and make cyberspace safer for all of us. of course in cybersecurity there is no such thing as done, right? there is only better. so we still need to continue focusing on making progress. that is what i'm looking forward to doing over next year and working with all of you to make cyberspace more inherently secure. thank you very much. [applause] i think ann indicated i do have time to take a few questions, so i'm happy to do.
stunned everyone into complete silence. >> i guess you're off the hook, michael. >> thank you very much. [applause] with midterm elections just one week away, we have more and make coverage coming up on c-span. next, new jersey incumbent senator cory booker faces republican jeff bell. carolina, tim scott running against joyce dickerson and joe bossie. that is in one hour. later, the georgia governor's debate. presidenton of former jimmy carter up against the incumbent.
longtime washington post executive editor ben bradley died last week. of thesaw the coverage watergate story during the nixon administration. his funeral will be held tomorrow at the washington national cathedral and we have live coverage starting at 11:00 a.m. eastern starting on c-span. >> here are just a few of the comments we've recently received from our viewers. >> i appreciate the airing of all of the debates. it's given me insight into the diverse views of the other representatives, candidates to the u.s. house in houses and other districts. i really enjoy seeing the different viewpoints. it's a great thing to be able to watch them. >> i watched the debate on c-span 2. hear awhat i want to
politician said, the things he'd said. i wish you would put that on regular c-span at about 6:00 p.m. please put the program on every night until election day so we can hear the truth about things. the nick rahaled .ebate from west virginia i am so tired of his campaign. i am so sick of these politicians who cannot tell the truth. >> continue to let us know about the programs you're watching. call us. e-mail us. or you can send us a tweet @cspan #comments. join the conversation. like us on facebook. follow us on twitter. cory new jersey, incumbent
booker against jeff bell. cory booker won a special replace last year to frank lautenberg. mr. bell is an author, former political consultant, and speechwriter. the debate was held in trenton and this is courtesy of wpvi tv. >> this is vote 2014. the new jersey senatorial debate. today's debate is brought to you by 6 abc philadelphia. wabc-tv new york. and the league of women voters of new jersey. and now from our 6 abc trenton studio in alphabetical order, the candidates are republican jeffrey bell of leonia, and democrat cory booker of newark. friedman with the "star-ledger." mariela saigado for telenoticias 41. and jonathan tamari for "the philadelphia inquirer." moderating the debate are wabc-tv's anchor saying saying nd jim gardner of 6 abc.
>> hello and thank you for joining us for this debate between the two candidates running for the u.s. senate in new jersey. >> they have gathered here for what we hope will be a wide ranging and informative discussion of the major issues in the campaign. and a quick note about the format. each candidate will have one minute to answer the question posed to them by jim, myself, and our three panelists. the candidates have also agreed to one round in which they will ask each other one question. at the end of the debate, each candidate will have one minute to make a closing statement. >> and so let's begin by random drawing. our first question goes to mr. bell. mr. bell, only five people have been diagnosed with the ebola virus in the united states. and each one has a direct connection, an obvious connection, a first generational connection with the source of contagion. are we making too much of this? are we overreacting to ebola and by that i mean the government, the media, the medical community, and subsequently americans?
or is this an ominous public health issue and if so, what would be the first priority of the federal government? >> in my opinion the government has underreacted and underestimated the ease with which this spreads and gets around to a given country. we should have cut off on a temporary basis all flights from the three west african countries involved. and i think president obama has once again failed and helped an institution, namely the c.d.c., to fail by political appointments and complacency. we absolutely have to have a temporary travel ban, screening people in the airports isn't enough because very often the symptoms are delayed. i don't think just saying that the experts think that it won't help is enough. i think we have to earn the side of caution and aggressive containment of this disease.
>> mr. booker. >> first of all i want to thank the sponsors of this event and the moderators and my opponent as well as the viewers at home. this is a clear difference for new jersey voters in the choices you have in this election. between someone already who's obviously about a tea party attacking, attacking, attacking and hardening of positions as opposed to somebody in the state of a crisis that really reaches out and finds ways to work together. look, i'm the senator right now, and the biggest call to my office is from new jerseyians worried and concerned about this issue. and so as a result of that, what i've done first and foremost is make sure that after tea party and others look to cut organizations like the c.d.c., that they had their funding. and join with my colleagues on both sides of the aisle to get them $88 million more. on top of that i say we have to hold the people accountable. and i've been talking directly to heads of c.d.c., health and human services, even going out to newark airport to make sure all the policies and procedures are there. christi g with the
administration to make sure our hospitals prepared and i will be held accountable for keeping us safe. >> the next question goes to mr. booker. mr. booker, the shooting at the canadian parliament complex in ottawa certainly heightened fierce about a homegrown lone wolf terror attack. it's believed the gunman was sympathetic to isis and given that new york and new jersey are really considered the leading targets for terrorist attacks, how would you make sure that there are adequate resources given to the state to combat terrorism? >> first and foremost, the number one time, the only time in the situation room in the white house was to work on the challenge of homegrown terrorism. and we need to make sure that our agencies that are in charge of protecting us have the resources necessary to do the job and we're being very aggressive about that. that's why i've supported investing especially in new york and new jersey which have been targets in the past making sure that our local law enforcement officials and our state officials have the
resources they need and the kind of coordination to stop these attacks. but i want to tell you, i have a worry. i worry right now that while in states like new jersey, we have good laws in place to try to keep guns out of the hands of crem analysis we still live in a nation where someone who's on a terrorist no-fly list, that we worry about committing terrorist attacks can go down to virginia where my opponent has lived for the last 30 years and go to a gun show and just buy a weapon without background checks. we need to tighten up common sense gun regulations to keep weapons, guns, out of the hands of criminals and terrorists. we should change these laws as soon as possible. >> mr. bell, your response. >> i'm astounded that anyone would turn this situation in canada into a sermon on gun control. this is a worldwide problem. it is not just a matter of an individual criminal or terrorist. president obama is very reluctant to call things like this acts of terrorism. and that is part of the problem. we have to be honest about what the nature of the problem and
the extent of it. and we have to take greater measures to prevent this from happening, to screen more people as they're coming into the country. but more important, it's a worldwide war. and to say that it isn't a war as president obama insists on doing, whether it's the domestic war or what is happening with islamic state, is -- is just unconscionable. we have to be truthful about the nature of the problem and much more active both overseas and here. it's better to do it overseas before it gets here. >> and a quick follow for you, mr. booker. do you support putting american troops on the ground to fight isis, and if so, would it be for a limited time period or would this be open ended? >> first of all, isis is a real threat and they've been cutting swaths through the middle east and putting in danger ethnic minorities, beheading citizens, doing harscompsh horrendous things to women. and they must be stopped. but at the end of the day i disagree with the president
that he should have come to congress actually to have an open debate about our commitments to this crisis. i'm a big believer that they must be stopped. but before we rush off to war, let's make sure because we've learned the hard lessons in the past, let's make sure we have an open debate and clear objectives. we have contingency plans because we've seen what happens and how things can go wrong in the past. and let's make sure that we have all the resources we need to do the job and that our allies are footing some of the bill and bearing some of the burden. america can't just rush off into this. we need to have an open discussion and debate about what the strategy and tactics are. and make sure we're doing this in coordination with our allies and make sure we have a real plan to stop this isis threat. >> mr. bell, your response. >> again, i'm astounded that you would say that the priorities to get the allies to spend money on this. there are no allies who can take the leadership. america has the only 21st century military in the west. and to say that we have to wait
for allies to spend money, we have to have a debate in congress concerning that a declaration of war exists. that is what we need to do. we have to have a debate about the strategic objective. not the ways and means, not the type of bombing, not whether troops are ever deployed. some of them already are. but that's irrelevant to the issue of what is our strategic objective. franklin delano roosevelt was a great war president because he knew the situation we were in world war ii the only policy toward the nazis and the japanese empire was unconditional surrender. our debate should be we have to destroy isis. we have to annihilate them before they annihilate us. which they have consistently threatened to do in beheading our captives. >> our next question comes from mariela saigado and it goes to mr. bell. >> mr. bell, more than 30,000 accompanied minors have traveled into the united states illegally from central america. they claim they're escaping from poverty and from violence.
and they are in new jersey and they are in the state and more than 1,500 to be exact are living right now in new jersey. would you support any sort of plan that integrates them in our society, in our schools, since their families have been here already or any plan that would give them temporary or special status for this -- these families and these children? >> we have to be compassionate, mariela, toward those who have been sent across the border by parents who are desperate. either unaccompanied they came or accompanied by coyotes. but i think it also illustrates the failure of the obama administration on the issue of immigration in general. when the dream act failed to pass, president obama went out and gave an amnesty to young people who would come here with their parents, not of their own accord. and it seemed like an unacceptable thing to do in some ways but here two years later we have a national embarrassment and humiliation with this system and this
nonsystem we have causing this flight from the south. toward our borders. we have to do everything to change the immigration system, to replace the mess we have now with a legal immigration system that includes both a path to citizenship, for those here illegally, and also a guest worker program for those who want to work here temporarily. president obama pays lip service to this. but he did nothing when he had the majority of votes for immigration in his first two years in office. >> so the state of new jersey shouldn't wait any more and grant them some special status to these families? is that what you're saying, mr. bell? >> i believe we need to help them. whether you need to legislate a special status or not, i'm agnostic about that. but certainly we can't act as if they are criminals. >> mr. booker. >> thank you very much. i support the comprehensive bipartisan immigration reform that we have seen going on and actually passed through the senate. and it involved people from
both sides working together that would have helped so many children in new jersey. i support the dreamers act that again has some bipartisan support that can give those kids who no other country but the united states who have learned from our schools the ability to stay here and contribute to our great economy and our great country. what's really remarkable to me is that my tea party-backed friend already, in this little small debate, just a handful of questions, has shown the kind of attack, slam and slander he is. he says he believes in tea party mill tancy. has already mentioned the president and attacked -- i'm counting now seven times already. that's not going to bring us together in washington and move us forward. we need people that don't believe in tea party militancy but come together with people on both sides of the aisle and solve difficult problems like immigration. there's a comprehensive movement going bipartisan, not like my opponent who wants to retrench and actually wrote a book called "the case for polarized politics." we don't need more what's making washington bad. we need people who will bring folks together and move our
country forward. >> i would like to answer that because apparently the senator is unaware that i have worked for 10 years for bipartisan comprehensive immigration reform. even working for a latino civil rights organization, la raza. raza, president, jana magia called president obama the deporter in chief and he is a complete phony in saying that he wants immigration reform and senator booker, not a word of criticism to had complete abdication and failure on his part. i have a track record on working for a bipartisan immigration bill. i even -- i was filmed in the office of senator ted kennedy in 2007 working on that. it's really silly to say that i am a phony on that. >> mr. booker. >> sir, i had the privilege of meeting ted kennedy and no two further apart politicians than ted kennedy and my opponent. and i have a simple belief. someone tells you who they are believe them. if they look like a duck and
quack like a duck, then believe they're a duck. this is a guy who is supported by the tea party. this is a man who actually wrote a book called "the case for polarized politics." if we send him down to washington, he's not going to be involved in bipartisan coalitions. he himself has told us, i believe in tea party militancy. that means digging in, don't compromise, the kind of shut down government problems that we've had. america's had enough of that. it's time for people to come together and work on solutions to our problems. >> i thought the whole point of working with people who are different idea logically is to bring them together on things they can agree on. but i guess senator booker has a different definition of bipartisanship. >> and gentlemen, we're going to have to move on. the next question comes from matt friedman and goes to mr. booker. matt. >> senator, this is a good segue into this because with the congressional inaction on immigration, president obama had planned to issue major executive order to overhaul the system, as much as he could by the end of the summer.
but amid pleas from democrats, who are locked in tough races this year, they feared voter backlash and president obama delayed action until after the midterm elections. do you agree with president obama's decision to delay action on that executive order? >> absolutely not. the president was wrong. the president should have stood up and made the call to do whatever he could to advance what's right for america. you know, i've spent the last years travel all around my state while my opponent was working in a think tank in washington for the last 30 years. and when i talk to people both business folks as well as people in the community, they understand that we have a problem. whether it's people who come to our schools and graduate from our universities, as soon as their student visa is up we are kicking them out when they want to contribute to our economy or young kids being denied access to citizenship even though they spent pretty much their entire lives here. we have an urgent immigration issue. there should be no waiting for politics. i didn't support the president's decision. and i will continue to go to washington to work to bring
people together to make sure that we in a unified way solve this problem. >> senator, no one is going to come together if the president threatens unilateral executive action. it's just not going to happen. you pay lip service to bipartisanship, but you've just advocated something that would completely foul the immigration debate. having the president do everything by executive action which he's not constitutionally entitled to do which would drive republicans and everyone else in congress away from the table. you talk a good game on bipartisanship but that answer shows that you really don't mean it. >> may i respond to that, please? this is a typical tea party cry. attack obama, attack obama, attack obama and call him king obama for all the executive orders he's done. if you look at the numbers, president obama is doing less executive orders than other presidents from jimmy carter to ronald reagan to even george bush. again, this is exemplary of what he does. he's part of a movement that is
going to be slamming and slandering and not stopping that madness and finding ways to bring people together to work together to find solutions. we've had enough of that in washington. his book tells you that. the title of it is "the case for polarized politics." we don't need more gridlock in washington. we need to work together and solve our problems. >> polarization is sometimes a public service because it enables voters to see the difference between two points of view. that's the sense in which i think polarization is sometimes good. >> let's go on to jonathan tamari for mr. bell. >> governor christie said he's tired of hearing about the minimum wage and later said the focus should be on creating better and higher paying jobs. democrats have been saying they want to give a raise to 3.3 million people who earn the minimum wage or less. the federal minimum wage has been $7.25 an hour since 2009. should it be increased? >> it's a bad time to do that because the openings are so limited. the young people here,
particularly high school graduates, will be priced out of that market. just the other day, i read about mcdonald's which is having a significant decline in profitability because of the prospective minimum wage increase will go to technology to replace low wage workers. that's counterproductive in a very, very difficult job market. >> mr. booker. >> my opponent says a bad time to do what's right. i've talked to people in our state and i've heard from them. heard from a guy who lost his job, had a good minimum wage job, lost -- lost his job and now is working -- you had a good job and now lost the job working for a minimum wage job trying to support his family. it's a good time for him to raise the minimum wage now. talk to people at county college who are trying to go to school, work a full-time job and making the minimum wage and they can barely afford to make ends meet because they work a full-time job and are still under the poverty line. it's a good time to do it for that person. and what about that single mom who's working double shifts
because in new jersey, when you work a full-time job, at the minimum wage, it in no way is enough to meet the minimum basic needs of her family. it is a good time to raise the minimum wage. we are america. nobody should work full-time and find themselves under the poverty line, having to go to food banks and rely on public assistance just to make ends meet. it is a good time to do the right thing. in fact, it always is. >> that is typical of why we have a jobless recovery. the minimum wage, even if you like it, is redistribution. it takes money from one sector and gives it to another. it has nothing whatsoever to do with fixing the economy and creating new jobs. >> let's look at some statistics as long as we're talking about jobs. the jobless rate in new jersey is 6.5%. which is .6% higher than the national average. but newark's jobless rate is 11.3%, camden's is 14.3%. and i think most