Skip to main content

tv   Key Capitol Hill Hearings  CSPAN  October 2, 2014 2:00pm-4:01pm EDT

2:00 pm
verse associated with america. we have always been a nation of action. when it looks tough, when the obstacle's big, we rise to the occasion because we fight, we finish and we keep faith and the values that made this country special. that's why this day so important, this organization is so important and what you're doing so critical to our great country remaining the greatest nation in history. god bless ya, have a great day. [applause] ..
2:01 pm
terrorism, we have assembled a panel of leading experts to discuss these issues which include, by the way three generals with seven stars between them. coming to moderate the panel is jerry who was one of the original members of the delta force and commanded all of the army's green berets. today we are proud to announce he served as the vice president of the research council. ladies and gentlemen as these men come to the stage would do not just welcome them but also thank them for their service to the united states of america. [applause]
2:02 pm
♪ ♪ thank you all very much. please be seated. my name is jerry boykin. tony is a marine and i normally start my presentation with a range of. having said that, general conway is a retired commandant of the marine corps, so i'm going to skip that out of fear for my life. [laughter] we are going to go right into it. listen i know as americans we are all concerned about what we see today unfolding across the globe with the chaos that we see with the ebola is rising up in so many places are out of the world and particularly in the middle east right now. so i've asked the three
2:03 pm
panelists to make a brief opening statement and then thin as the time permits we will ask specific questions that we've selected with regards to the situation. the first panelist today is a man who has been a supporter of the research council for a long time. he is a representative the representative from the 11th district of north carolina, congressman mark meadows. we have at least one party allowed there. [applause] he grew up in a military family. his father was an officer and he was born in france and then eventually moved back to florida. but he started a small business and ran for 27 years. he has an extensive resume. what you need to know is he's a freshman in congress and he will be back for his second term in congress and he is one of the
2:04 pm
staunchest allies and supporters and the man that worked with tony perkins to bring this woman that is going to come tomorrow night to be honored, mary ann abraham, and bringing her back. [applause] my favorite marine who used to be my neighbor at fort fire -- fort myer virginia. i have to be very careful, but look this is a soldier's soldiers have to speak. an extraordinary man came into the marine corps in 1970. he came from southeast missouri state university infantry officer in the marine corps. beginning in 1970 -open-curly-brace and to become commandant. he's commanded every level in the marine corps and in fact this is the guy that commanded the u.s. marine troops got the
2:05 pm
first expeditionary element at the battle of falluja in 2003. [applause] and then finally an old and dear friend and now not only kind of a minister in his own right but also prolific author, major general retired general bob dees has written books recently and warriors, resilient leaders and resilient nation. such witchy. he is a west point graduate of 1972 and went on to command the second infantry division and ultimately for those of you that have a great passion for israel as i do, bob commanded a task force called the combined task force for missile in israel from 2000 to 20023 he's been a great
2:06 pm
friend. he and his wife kathleen have resettled in texas. so in your case, i don't know what you've been smelling down there in the plains of texas so i'm going to give you a break today if you use some words we don't understand. that said, i would like to start with general conway who has to leave early for another events that he's doing at the hotel. so i'm going to ask him to make an opening statement. >> thanks for the introduction. my mother would be happy. my mother-in-law would still be skeptical but that's another story. [laughter] it's great to be with you this morning. i apologize for having to leave early because i think it's going to be a great session and its finality. the chinese have an old expression may you always live in interesting times, and i think we are there. just to cover quickly, we've got turmoil in the middle east times
2:07 pm
three via discourse in syria with the fight is taking place and the establishment of a caliphate which is always banned the islamic grand strategy moving east. you've got a situation in iraq that hopefully will get better in the near term as the new government starts to take shape and a revitalized their army and include the kurds that are tough guys in the fight and our old friends the sunni tribal leaders have a direct conflict that's going to open itself with isis because it is going to attempt the caliphate and the sunnis in and our profits but don't buy into this and we need to get involved in that. of time is an issue. the sooner the better. iran just further west is a
2:08 pm
problem for us in many ways but not least of course is a nuclear issue and we shouldn't lose sight of that. if i were still advising the president, i would have two elements of advice on iran. one, we don't need them with what we are going to do in the middle east. we are powerful enough to do it without them and involving them only makes us look weaker and then look stronger so please don't do that mr. president. [applause] the second thing is don't lose sight of the long-term objective to make sure that iran does not one day possess nuclear weapons. it will cause tremendous instability in the region of the world. they are seen as the major power already to have the nuclear weapons is simply going to cause weapons to proliferate and countries like egypt and turkey and perhaps even egypt so we
2:09 pm
don't need that. russia in my mind vladimir putin is a dangerous man and we are all products of the experience of his experience is that he was a colonel with the kgb. it was an introduction of the new world new world order or for him it was abject defeat and now he's in the position that he believes to something about that. he's very narcissistic that makes him an predictable but unpredictable but he also has the advantage of the location of a powerful nation we should never forget on the face of the earth that could destroy us tonight and that his mother russia. and every chance he has for as long as he has the opportunity to do that. if you move all the way out west to the pacific and china china concerns me and there is little history of major trading partners come into conflict and
2:10 pm
yet in the case of china concerns me for the long-term. part of that is because the most bombastic people in china with their newfound military and power projection capability are the generals mainly one asserts a politician who is hammering the table but in this case it's the admirals and generals and the last time we saw that was pre- world war ii japan. i will finish with these thoughts and there are lots of challenges that require u.s. leadership. some of these leaderships exist because of the vacuum that the absence of leadership caused in the past so i would offer again we need to stay involved. we need to be in the leading role in all of these with partners and allies and to do that we need a strong department
2:11 pm
of defense is able to respond to the commander-in-chief. thank you. >> thank you general conway. [applause] congressman meadow. >> i will keep it brief. we need to be a country that means what we say and says what we mean. it is time we quit apologizing for for america's greatness and start celebrating. [applause] we have a national security risk and the general said it well. right now we've taken our eye off the ball because of what has happened but a nuclear iran is the greatest national security threats that we face not only for us but for israel and what we must do is stand up to that. this morning there are reports coming out of the state department that we need to meet
2:12 pm
iran halfway. that is a major mistake and something that we must not stand for. we need a foreign policy that makes an objective of what we stand for and what we will tolerate and what we will not tolerate. teddy roosevelt set forth softly and carry a big stick. this president walks softly and gives a good speech and we need to make sure that we stand with the men and women that fight to protect the country and honor them and their service. thank you. [applause] >> general dees. >> thank you that is a good strategic overview. thank you for the call to action and a clarity. you're saying that deterrence is important and that would be my first comment walk softly and
2:13 pm
carry a big stick. that is an ounce of prevention worth a pound of cure. in the strategy we have an expression in the army at least that says strategy eats tactics for breakfast. and at the point is what we are doing in c-reactive a few other pinpoint places is tactical reflex responses rather than a strategic broad perspective that goes towards an end state that is worthwhile and discernible. i'm going to make four points very quickly. if you aim is nothing you will certainly hit it. we must be clear about the threats. we've talked to peer about a number of different threads i will identify three additional threats with laser focus. first of all before the obama administration it was called global war on terror. it's global, the military is 100
2:14 pm
nations plus around the world today and they are not twiddling their thumb area they are resisting evil in its forms and it's all rooted in this islamic fundamentalist terrorism. the global war is a war into despair servers and. so let's call it what it is and be sure we know what we are aiming at. [applause] we have a lot of external threats but from my book the primary one because it's like a cancer it is death by a thousand cuts but the two other threats that i would identify briefly is our internal apathy as a national security issue. more people like you need to stand up to be counted. the third one is we have been infiltrated. the enemy is within. i came back after 9/11, i was in europe at the time, to check out intelligence and i saw the deal.
2:15 pm
i saw the liquid on the dome but showed cell phone calls coming from kandahar in afghanistan going to places like new york, greenville north carolina, nashville tennessee, dearborn michigan. these are all islamic sanctuaries in the united hates within which there are fundamentalist sleeper cells. all the call setup and in 30 seconds i saw that we had been infiltrated badly. we can talk about that but we have to figure out how to observe national security inside our borders. second, international affairs and domestic fares are inseparable. you have heard talk about the tree of liberty that is fed by the blood of patriots. the tree of liberty is not just on the international side or on the domestic side it is both. in the country today we have a pervasive culture of appeasement
2:16 pm
on the domestic side it looks like an entitlement and catering to special interest groups and catering to our illegal immigrants coming across the border and not securing the border. that's what appeasement domestically looks like and internationally we know about novell chamberlain and we continue to appease as the congress and said we appease iran and of the red lines and then we make and break. you get the point of those are the three friends. and it's critical that we recognize this enemy and we deal with it and our domestic situation our morality roach and they are part and parcel to the security. the exceptional with them in a brief word we are an exceptional nation. you drive around washington, d.c. and say look at all of the grander but if you go to moscow and beijing you see the same
2:17 pm
grandeur and say this is impressive and can't that hides the murder of millions of people and the totalitarianism and so what makes america different is not the grander it is that america has the heart and soul that god himself. [applause] we are an exceptional nation and finally, so what areas we are asking the question so what. how then shall we live and if it sums the love in-3 if the foundations are destroyed what should the righteous do. you patriots are the righteous we have to stand up to be counted and i have to say it is a great time to be alive. if you have a warrior spirit in the depths of your soul it is a great time to be alive. he was in the world. let's get to the us.
2:18 pm
[applause] >> thank you >> i'm going to go to general conway. the general conway dedicates his whole life to this issue of national security and he speaks about it and he is now working with an organization called securing america's future energy. at general con i want to give you an opportunity to speak about the criticality in terms of nationals to be of our energy resources. >> i would argue it's not just national security. you can make the case its international security if you look at what is happening with russia and ukraine and the leverage that putin is exhibiting. but my concern is that it's not
2:19 pm
as bad as it was. we were importing 60% of the total petroleum requirement and over that, a large portion goes to chance petition and transportation industries and more important for the purpose of the economy the trucks that go over the road require 92% petroleum products and my concern is that the diversification isn't there and this year we will import about 30% of that requirement. the countries that are controlling the global market which is by no means a free-market we have a free-market in this country that the market is very much controlled by largely the nations who control our destiny. our islamic extremist enemy has said they will defeat us
2:20 pm
eventually not in the field that they will destroy our economy is through control and/or manipulation on the supply. so we consider the national security issue, the production in recent years is better. if something else happens we don't see the prices in europe go up as they used to but we cannot achieve oil independence simply through our own production. it's too small and goes to this local market. so the answer is the supply and demand. we have to open the federally mandated areas but at the same time, we need to i could develop alternative energy sources that will reduce the requirement that 92% not by investing in companies. that's been tried and failed obviously but through investing in national and university
2:21 pm
university laboratories that could then come up to the free-market and make it stronger >> congressman, would you talk about our southern border and how you see that being an issue of national security do you think that we have been infiltrated with anything other than the workers or people that are just here to sell marijuana or cocaine is there anything else that's come across the border what is your assessment and what should we do about it? connect we need to be secure in may allowing some 9,000 young people came across the border and made headlines in all of us all that and we were somehow shocked and surprised that that
2:22 pm
was happening yet it made national news and we were busting them all over the united states to take care of them. the bigger problem is a national security problem that if we have isil and other groups, which has the law is all over latin america and when you look at that, they have active groups in colombia and panama on and other areas. to have that open border allows the terrorist to be among us and for many of you you think that the left of peace and that isn't happening because we don't see the thread in the neighborhood that i can tell you in north carolina not only greenville north carolina, but we have convicted in charlotte north carolina has the hezbollah was
2:23 pm
convicted but they came back and decide said what they were going to do is kill the prosecutor and blow up the courthouse. you can find out all about it. so for us to think that an open southern border is a secure order and the tragedy will be one of the terrorist groups to take advantage of us here in the united states and we have to address it very [applause] general dees, let me ask you a question i didn't prep you for backstage but i like messing with you because we are all friends. would you please talk to but the current state of the military? that is a national security issue. can we rise to the occasion? are we prepared to defend the nation against the threats that we see on the horizon that the
2:24 pm
community tells us we should be focused on? what is your assessment? >> the military has been at war for over a decade and if you think about general boykin's time in the military, we've been in this global war on terror as well as everything else going on in the world since 1979, 1980. and then recent. i was at fort meade with folks that have been deployed seven years out of the last ten years so they are digging deeply into the well of courage. but what depletes the courage the most is that they feel perhaps the lack of support from a lack of coherence from the commander-in-chief and national strategies. our military people have committed themselves to serve and even to die that is a contract that they have signed
2:25 pm
into the thing that takes the wind out of their sails is if they think they might not be utilized in a proper way or if the commander-in-chief doesn't have the backbone to stay the course. so, that is a problem. and then another issue that i would mention is that for the troops in the foxhole, faith makes a difference. but they are getting ready to go on they will hold hands and sing god for our rock and our fortress and a strong tower we can run. they are not worried about political correctness when they are getting ready to take artillery. conversely when you get inside the beltway of washington, d.c., we have had the politically correct games being played at mirror our culture. many of you are warriors day in and day out. the same effect our military and take from the well of courage and reduce the readiness.
2:26 pm
succumb our military is committed to the noble causes will perform admirably or still the best military in the world and as i will make a comment later the task of the very urgent national security nature to the jv rather than an employee and the american diversity and very precise ways, then we are not doing the right thing. thank you. apostates panic thank you very much, general dees. congressman, let me turn to you and ask you for your personal assessment of the on the concept of our meeting and equipping the free syrian army. what are your thoughts on that? >> anytime you look at putting
2:27 pm
men and women in harms way it is the toughest vote that he will ever taken recently we need a vote in the house to do just that. i was one of the ones that voted no. [applause] you have to ask a few questions. we spend billions of dollars training iraqi troops only to see them turn and run when isil came in. in benghazi we had libyans that were supposed to be helping with the consulate and yet what happens we know all too well. we are now in the process of training five to 6,000 syrians are supposed to go up and take on a battle tested army of over 31,000 or 41,000 by the time
2:28 pm
they are trained and ready and somehow we think that these 5,000 syrians are going to be able to do the job. the general said it best we have the best fighting men and women and national security team in the world. yet what we are doing is putting it out for the page with the syrians somewhere else. for me that was very troubling and it isn't something that i believe we'll have a strategy for success and something i know we will have to come back and address again. >> general, same question. >> i totally subscribe to what the congressman just said. the reality is we don't know what we don't know. intelligence is a very critical commodity and i found you can
2:29 pm
get it off of troops and soldiers hurt if you don't have the right intelligence so we need to develop this intelligence framework that will serve us well and then as we employ that u.s. surgical forces and techniques we have boots on the ground as well as in the air that is a way that we can quickly make their day with a isis and that is a way to reduce, not produce casualties. the second thing and i will use this as a segue we have greater priorities in the region. i'm very concerned if the united states continues to sound big chunk of it about the nation of israel -- [applause]
2:30 pm
a brief vignettes i was in israel as part of my duties and i was pulled out of bed one night by the staff. they had it taken down have taken down a ship trying to infiltrate that had high technology that would drop containers that would float 10 feet under the water and fishermen would take it into underground caves in the next day shooting them towards israel israel called the state department at that point in time and said we have this issue and basically the state department said zero go back to sleep. that illustrates the culture that permeates the state department at present so we need to be clear about the support of the nation and if israel goes down we all go to. it is a mortal moral and a practical issue. [applause]
2:31 pm
let me break the protocol and make a statement. i want to reinforce and support for the congressman said, and i want to thank you for voting on this. there are people that really the right to do is to arm and equip the series and army but there are somethings you need to think about and you need to understand and we will just have to disagree on this. there were no retaining features. he's an evil despot but you know what he's never done is he's never been a threat to christians. when you look at the realities of what is happening to the christian communities in egypt and here yet in iraq and libya and all of these on the countries the reality is he's
2:32 pm
never been a threat to christians. he's also never been a threat to israel. he never raped in east serious attempts to get it back so when we start talking about arming and equipping 10,000 people we also need to reflect on the fact that we did this in other places like afghanistan and iraq and many of those people turned on us and killed our troops in their own bases so why would we invest more blood and treasure arming and equipment for people we don't know what they are going to do with the arms and equipment and in the case of the iraq army they've already given there is to isis. the people we are trying to stop by destroying american-made equipment we need in the hands of the iraq east. if you can get beyond the emotion we have to do something
2:33 pm
to stop isis. by the way i don't call them isil. what you're doing is failing to recognize the existence of israel because it is a concept that does not include -- most people don't know that and i understand that but i say isis. we need to get beyond the emotion and think in terms of the practical side of arming and equipping the spiegel people. we already know that there has been a pact made with isis. i know senator mccain denies that the immensely but my sources and many others are saying it is absolutely true. i will go to the congressman now to ask you another question. we are yet to have accountability on benghazi. what is your assessment of the long-term impact of never
2:34 pm
getting to the answers what is the long-term impact and how does that affect us as a nation and a society if we are going to do the right thing with regards to benghazi? spin it if we don't get to the bottom of it which i believe we will -- [applause] my friend is a true patriot regardless of what you may read he's not political. he wants to make sure the americans get truth and hold those that are responsible responsible. we should be thankful that the chair man is over there. however in the meantime when the truth doesn't come out, we repeat the mistakes of the past. we are starting to see that in the strategy that we have with
2:35 pm
regards to addressing the ticker wrister groups trying to kill our allies every day. the other part of that is by and we start to get a false narrative that comes from the government it undermines the trust that we have in those that are elected in the overall government operation. all the american people want is the truth and we know the truth always prevails and will ultimately come out but if we suppress it whether it is for the irs or anything else, then what ultimately happens as we undermine the credibility and create an unstable situation. i have great hope justice will
2:36 pm
prevail. [applause] >> same question. >> ali would gain altitude just a second. i've written about spiritual infrastructure as an element of power and one of the elements of that infrastructure in the united states of america is the proper retention of natural history instead of historical revisionism to fit into the narrative. [applause] by historical revisionism that we see in benghazi is symptomatic of what we see across the country and across the world of politics and even in the common corporate job of the obama administration.
2:37 pm
what's changed the truth to fit our liberal agenda objectives and our narrative. we see it happening left and right. we have to resist that stringently and tell you what happened. thank you. [applause] i'm going to go to the congressman and ask you for a brief assessment of the strategy that has been laid out by the president to deal with the threat of isis. >> there is not a strategy and i think that he even admitted that he didn't have one so there is a desire on the part of almost all americans take sure that we deal with it. it's a threat against american interests and american people.
2:38 pm
we need to understand that and yet what we need to do is make sure we have a clear objective one that is focused as the general indicated and if we do not have that than what happens is we have a lot of dollars are spent in the billions of dollars that will be spent in a camouflage of doing something to protect the national interest and yet it doesn't. when you have people at the state department this is the greatest national security threat is climate change, you have an issue. how ridiculous is that when you have our fighting men and women dedicated to the morning and say it's a little chilly we have to worry about climate change that's ridiculous. >> what strategy would be the question and i would offer that we are in a very complex
2:39 pm
environment and the reality is complexity requires strategy whether you are in business or any other endeavor to the employment of national power both internally and externally. we are playing chess, not checkers into the administration needs to recognize that. >> i'm going to close this out. i was asked last week to do judge jeanine's program and i went to the studio in atlanta and the question came up of how can we put 3,000 troops on the ground so quickly to fight ebola when we don't have a strategy to deal with isis. remember in america we got what we asked for. this president is thinking like a community organizer and not a
2:40 pm
commander of chief that takes the lives of his soldiers sailors compare men and marines. so grab yourself with people that know everything about climate change, marxism, the agenda but virtually nothing about national security and he's unwilling to listen to his real professionals because he doesn't trust them because they represent something that he's never been able to understand. and god bless you. [applause] ♪ ♪ [applause]
2:41 pm
earlier this week we covered the texas governor's debate as wendy davis and greg abbott are guiding for the governorship and the current governor not running for the re- election. here are some of the exchanges in the debate along with the comments of analyst charlie cook on the senate races. >> it's incredibly important whenever we talk to a woman who's a victim of rape or incest at the surface of the compassion and the support they deserve. that's what i have done as attorney general by providing a record amount of financial support to the victims and victims organizations supporting women have been victims of rape and incest. that's what i've done as attorney general by arresting more sexual predators and all of
2:42 pm
the attorneys general in history of the state of texas. but you bring up the issue and you know that i'm pro-life and i'm catholic and i want to promote a culture of life that supports both over and safety of both the mother and child both before and after birth. in texas speak we are about double and that is the woman has five months to make a very difficult decision. >> moderator: senator davis quick >> is catapulted into the spotlight with her filibuster against the abortion research and that he told the editorial board of the dallas morning news that he might not have filibustered if the legislation only banned abortions after 20 weeks with allowances of rape and incest. what kind of abortion restrictions are you willing to
2:43 pm
accept? davis: i've always believed that a woman guided by her faith and her family and her doctor to make these very difficult decisions for themselves. i do not believe that the government should intrude into the most personal and private decision-making. greg abbott on the other hand believes it is his right to intrude even when a woman has been the victim of a brutal rape or has been the victim of incest. this should come as no surprise to us given that mr. greg abbott c-5 attitude has revealed himself another race. he pays women in his office less than male assistant attorney general's. he campaigned with a known sexual predator who bragged about having sex with underage girls.
2:44 pm
abbott: it's like the perfect storm of factors coming together. it's exposure just the raw numbers. they have the 21 seats and republicans only have 15. that is the first factor into the least important. the big one is the math, the geography of the election. it's awful for democrats when you have seven seats up in the state that romney. and there's only one there is only one republican seats up in the obama state she couldn't lose the re- election election if she tried. you have that. six of the seven republican seats that are up this time our democratic seats in romney's state. you show me a state where mitt romney won by 14 points and i will show you the state that in 2014 iowa didn't want to be a democrat running for a federal office in that state. it just is what it is. third is the turnout and quite simply midterm election turnouts
2:45 pm
are better for republicans when they turn out smaller. the presidential year the turnout is big and broad and it looks like the country if term elections the turnouts are 70% of the presidential turnout is that not only is it smaller it is older and wiser and more conservative but it is a thumb on the scale unless you have a situation like in 2006 where you have an unpopular war in iraq and hurricane katrina unless you have something like that going to be a very direction you will have a turnouts dynamic that will pay for at least a certain extent republicans in the broad environment. so you look at those and say that is a pretty big sort of atmospheric condition. so when i do the math real quick and maybe i should stall time but on the other hand when i do the math i am putting it at about a 60 of republicans
2:46 pm
getting the majority. and i have been there for three or four months and at one point i was higher than most people it if and if you look at a lot of the models i'm actually lower percentage than most of the computer models if you follow those things. but i put it at 60% and the way that i do the math is this. there are three different things for republicans because the seats are going to go republican. montana, south dakota west virginia. so theoretically they are half to the seats they need. then you get to the three other democratic seats where we are -- obama carried by 14 points or more. mark begich in alaska, mary landrieu in louisiana. each of these are really
2:47 pm
challenging and difficult and i would say at least a little bit and each one a pill races. could one of them survive? sure. but the thing about it is if republicans don't lose one of their own seats in kansas, all the republicans have to do to win the majority, montana, louisiana, alaska and arkansas that's it. >> the campaign coverage continues live tonight. the governor's debate on c-span at the oklahoma governor's debate with incumbent republican mary fallin and her challenger joe doorman. the republican is term limited and cannot run again.
2:48 pm
that debate again 8 p.m. eastern on c-span2. this weekend we partnered with comcast to a visit to boulder, colorado. >> my book is called the beast in the garden because it is about a large animal that in ancient times in american history we would have called the beast, the mountain lion come in what is really a garden and that is boulder colorado. it's a beautiful seemingly natural place, but in many ways it's been altered by human kind and when you get this wild animal coming into this artificial landscape you actually can cause changes in the behavior of that animal. >> they eat about one d. or a week and then on the outskirts of the beautiful city where we have irrigated gardens the city
2:49 pm
attract them and so we have one in downtown boulder. they move back into the open space area and then they discovered there were deer in town so they ruled them into town. then they discovered that they could eat dogs and cats. that is food for them and so that lying in her learning and they have learned that this is where they will find food. there is food up there but there's lots to eat in town. >> it is a retreat generally in a beautiful place for enrichment , entertainment and coming together. the people who were intended to be the audience for what we would call the middle-class. the programs were very similar. a combination of speakers also a
2:50 pm
variety what we might consider highbrow and lowbrow entertainment classical music and what is to be considered in that day. now government officials and private industry representatives talk about what's being done to combat cyber security attacks. yesterday's panel includes housing solutions chairman mike boettcher's on the probing of u.s. financial institutions by russia and iran and also the director of the defense department agency darpa responsible for developing new technologies for the military. good morning everybody. i'm with the "washington post" and thanks to those watching online and here in downtown washington at the "washington post" headquarters.
2:51 pm
this is the fourth year that the post has had a cyber security conference where cybersecurity conference where we bring together government, defend, state state department of homeland security and the business leaders to talk about cyber theft and espionage into the challenge over the years has only intensified. u.s. the u.s. government and companies are now investing leans. many, many billions to try to secure what is valuable and what by virtue of being connected to these internet are vulnerable. there's a lot of bad actors out there and they are very good at stealing. they are great hackers and what they are stealing is everything from the next generation of plans the defense department has two credit card numbers. the staff enforcing alliances on the government and private
2:52 pm
sector and that's one of the things we will talk about today so how to secure what the company and the government and each of you here put up online is only becoming more and more relevant because more and more of our lives are online. our devices are connected to come our houses are connected, our medical devices. until we have a remarkable group of people from capitol hill from the corporate board rooms and research labs to talk about how to make our lives online more secure. so i would encourage you to tweet questions and comments to #washpostcyber and you can send a question of to the question to ask. now with a better way to start the morning then to talk to the director of the government agency that brought us the internet, darpa. the defense advanced research project agency has a long line
2:53 pm
of technological breakthroughs from computer networking, self technology to gps. with a 3 billion-dollar budget, darpa's mission is to prevent technological surprise to the u.s. and to create technological surprise to our enemy. let me welcome the director. a poster to the -- [applause] she's running darpa but she's been back and forth from the silicon valley area to electrical engineer, she has had many huge jobs in both sectors. president clinton appointed for the director of the national institute of standards and technology. she was running the whole show at darpa she was running it as a director and held huge jobs in the private sector at interval
2:54 pm
tech and u.s. spencer partners. so, perhaps the woman with the coolest job in the city is going to explain what darpa rule is. >> thank you very much for the chance to be here. it's great to shine a light on this important topic. and what you said about darpa is absolutely correct in were created in the wake of sputnik because we knew we didn't want any kind of surprises anymore. we liked creating them and that's what darpa has been about for six decades. now the internet is one of our babies were very proud of, but it is in the fractious teenage period with all the problems we are dealing with. the mission today in cybersecurity during the day i think you are going to be hearing from people typing these tough battles today about how to we keep ourselves secure and
2:55 pm
engage in a policy issue. i'm very grateful for the work going on in our role is a little bit different because what we are asking about a cybersecurity is what are the technology concepts that could change the ground rules and give us a way to get out ahead of this explosion of challenges. >> give us some good news whether you big brains over there you find people in teams. so what are they working on that will kind of pay that to niche? >> i will give you two examples that we can talk about all or any of them in more detail. we are looking at how to completely reduce the surface so it's hard to find ways to move into the internet. >> this means vulnerable ways. the second example we are looking at a new challenge to
2:56 pm
figure out how we can start having automated systems to fight cyber defense. we don't think that we are going to deal to stay ahead of the problem and just throwing more people added isn't going to work given how fast the machines were able to generate. >> so, the cyber grand challenges, how much money do you get if you win? >> the first prize is in june of 2016 that's $2 million. >> so what do i have to do to get the $2 million? >> you can sign up to try to get $2 million. what we are going to do and what we are in the process of doing is building a cyber warfare in a box that will be a separate environment for the new operating system. it's going to be really like capture the flag except we are creating a league of their own rather than human teams.
2:57 pm
the whole goal of this is that instead of human error about detecting viruses it is good to be automated? >> the key point in my mind as we need to get where we are able to do this labor defense because when we are dealing with attacks that are being generated automatically by machine, those things have been. they are happening in microseconds not at the rate that you can type on a keyboard and so today all we can do is keep with the problem. we are looking for a fundamentally different way to get faster than the growth of the threat. who are the people that sign up for this? >> we are excited with the people that have signed up.
2:58 pm
we have an enormous range of talent. we got some eye-popping names that signed up and the -- >> i don't know if that list is public but that is all the more reason. i will tell you where the website is and whatever is out there is what is public? >> when you look across you'll find people all of the above superstars the big academic names and people from the companies and people in the community. >> in addition to this i think people are looking to darpa. you have come up with huge things like gps. this is the unit the touch screen, too. >> if you look at your iphone or
2:59 pm
smartphone is all chock-full of technologies we hope to spark debate coast guard. the chipset since the radio wave to the tolkien meets -- radio wave to the tower, tower, this private investment k. behind it. >> can you talk to pull them to secure the network's? >> you then shouldn't the pc. >> let's go to audience questions to see what they have on their mind. but in general, again, i think when you see how we are going to secure the network that the end of this year the network says 3 billion people will be online and because of the internet of things which is machine talking to machine, it is estimated tens of billions of objects.
3:00 pm
.. >> this is a mathematical proof that this particular function can't be hacked from, you know, from the outside, from a pathway that wasn't intended. so, you know, that's not going to solve the entire problem, but especially for embedded systems that might have a more manageable, you know, a more modest number of lines of code
3:01 pm
that is trackable through this method. that's an example of reducing that attack surface, making it hardter for people to come in -- harder for people to come in, especially for our most critical vulnerabilities. >> and how do you keep the bad guys from getting unhackable software? >> well, that's a concern if you want to hack them, but let's start by making sure we're secure so we can do our mission. >> isn't a lot of it to be offensive hacking? we're getting inundated, but we're also out there offensively -- >> yeah. and i'm sure you're going to, i would hope you're going to get into the question, the policy questions around offensive cyber. just to take it in a slightly different direction, one of the other problems i think we're seeing is just the vastness of the information space, the internet environment. we all love it, we use it to great effect, but it's also a place where bad actors hide what they're doing. and another one of our programs
3:02 pm
is specifically designed to find those kinds of hidden networks. >> how do you do that? >> you start by creating a different way to look at this vast information environment than how we search today. so a simple example, a project that we've been doing working with law enforcement, our thesis was we might be able to develop a way to find hidden networks that would reveal a pattern that relates to human trafficking. we started working with law enforcement, learned that their use of that information space, how they explore that vast information space is exactly the way you or i would go online and, you know, do a search with google or whatever your favorite search engine is. it's the sort of single-threaded walk through this vast environment and, oh, by the way, it feels like search engines are indexing everything but, in fact, they're only indexing a very small fraction of the total public information that's out there. they're indexing what's optimized for advertising
3:03 pm
revenue, that makes sense. but they're not going to get to all the material that might be of interest to law enforcement. our tools build deep cores through the web to look for these hidden patterns and linkages among web site, and in the work, the first project that we did we were able to find a set of phone numbers that were very heavily linked to each other in back page ads where a lot of is the sex trade is advertised now. we provided those phone numbers to law enforcement, we gave them 600 numbers that we said, gee, we don't know anything about these numbers, all we know is they seem to appear over and over again and they're linked to each other. law enforcement found in that list 466 numbers that tied to criminal violations. they also found numbers that tied to fund transfers in the region around north korea, and they're now -- >> wow. >> -- working on finding human trafficking networks. so, again, you know, we didn't give them a smoking gun, but we gave them a much more powerful way to start grappling with the sheer scale of the information.
3:04 pm
>> when you look at the cyber universe, what percent of it is the hidden black market, criminal activity? >> i don't think we even know. there's a huge amount of the internet that, as i mentioned, isn't indexed and isn't that readily available through the way we usually think about accessing it with search. now, a lot of that is completely, you know, completely benign. it's just all the legal and fruitful ways that we use the internet. but i think that's actually one of the great mysteries, is the information explosion so vast that we really don't even know -- >> do you have any guess? i mean, is it 10%? >> i don't know. i don't know. i've seen reports that just as a simple example that are very senate fraction of network -- significant fraction of network traffic right now is bot nets. now, those could be benign bot nets, just automated programs that go out and do something on the network.
3:05 pm
>> but often malware. >> or they could be malignant. we don't even know. >> right, right. >> but we know a lot of it is machine generated right now. >> okay. we'll go to allison for some audience questions. >> can you hear me? okay. so you talked a little bit about patching and praying no longer working. can you talk a little bit about processing made on clean slate technology, this idea of rebuilding the internet with, you know, with security in mind rather than patching and praying? >> yeah. yeah, and just to be clear, patching and praying, you know, it does work, it's the best thing we've got, so we must keep doing it as fast as we can. we just think we've got to get beyond it, because it's a losing, losing game. so one of the questions that we asked in recent years was if you did have a clean slate, how would you rebuild systems to make them more fundamentally cyber secure? one of the ideas that came out of that was actually inspired by biology where, n., one of the
3:06 pm
reasons that the human race, as an example, has survived, you know, we survived plague, we're going to survive ebola and other infectious disease partly because under the hood, under the skin there's a lot of diversity among individuals. and so one attack can't wipe out the entire human race. similarly, we're now finding ways of building complex networked information systems where under the hood each one is a little bit different. so an attacker, it just completely changes the economics for the attacker. instead of one attack that can wipe out everything as is usually the case, one attack might wipe out one thing, and it's just not that exciting, i think, from an attack point of view. now, of course, the hard part is how do you make that not a nightmare and figuring out a way to have things diverse under the hood that still work seamlessly and be able to be maintained seamlessly is where the challenge lies. but i think that's an example of clean slate thinking and
3:07 pm
bringing those methodologies back to the way we do work today. >> go ahead. >> one more? [laughter] so you started off by talking about being created in the wake of sputnik. what's the moonshot for cybersecurity? >> moonshot for cyber. you know, i think one of the hardest challenges about cyber is we're trying to wrangle this problem while the information explosion is continuing. you talked about three billion people on the internet, you know, seven billion on the planet, so we still have more to go. and as we move to the internet of things, there are going to be more and more elements connected into our information universe. so the moonshot for cybersecurity in my view is to find techniques that scale faster than this explosion in information. and again, i don't think it's going to be a silver bullet, but i think a combination of these fundamental advances, you know, has the potential to get us to a place where -- not where we never have a cybersecurity problem, but where it's
3:08 pm
manageable and we can get on with our lives. >> when do you think that will happen? when will be this -- >> yeah, great question. >> -- unease that we're under attack all the time you pick up every single day, when do you think we'll feel more secure in cyber? >> yeah. i think it'll happen in pieces, and i think, actually, it's already happening, right? our most critical systems get the most critical, focused attention, and whether it's within dod or more broadly throughout our economy, gradually, i think, we will achieve this greater state of cybersecurity. but i really don't want to be glib about it, i think this is incredibly technically challenging, and it's very challenging from a practical and from a policy perspective. so, you know, that's the work that's out ahead of us all. >> and there's been a lot of talk lately that, you know, it's time, the internet is of the age -- you were saying it's a teenager -- there needs to be some kind of a global body of regulations, standards that would issue an early warning system when there's a problem. what do you think? is it time to create some kind of a body that has some kind of
3:09 pm
standards? right now we know that there's certain countries that are really literally off the grid, right? >> yes. no, that's true. you know, i don't know, i don't really know the answer to that. i think you'll have others here who know a lot more about the policy aspect. the one thing i would really just think about when you go down that path is to recognize how dynamic and fluid the situation is. because, you know, the power of information technology and the reason we put up with all these problems is that it is phenomenally capable for all the things that change how we live and how we work and how we create national security. you don't want to cut any of that capability off in the process of, you know, building this underpinning for cybersecurity. >> so the defense department in general and your outfit has a lot of priorities, lot of big issues. right now the hot one you're working on is staying out in front of infectious disease, very topical.
3:10 pm
tell us, how does securing the internet, cybersecurity, rank in priority? >> yeah. it's one, it's one of many efforts at darpa, but i think of it as a truly foundational piece. a couple of other major things that we're doing at darpa, one is about finding ways to wrangle biology and turn it into a useful technology. one example is work that we're doing to outpace the spread of infectious disease, a problem that, actually, you know, has a lot of resemblance to outpacing the cybersecurity threat that we're dealing with. but those in biology as an example, those are problems that we simply can't wrangle without using the power of big data and new information tools. so if we don't have that security, if we don't have the trust in those systems, we're not going to be able to solve this other, you know, really different -- >> but we heard from the cia last year and the head of the fbi that there is nothing that worries them more. because, you know, with jamming capability and hacking
3:11 pm
capability you can take down critical infrastructure, you can actually do can enormous amount of physical damage, let alone all the theft of intellectual property and trade secrets. so i guess i'm just trying to figure out if we're hearing from one part of the government that it is, like, such a big threat, and so now like the big brains in here who are working on it, like, how hard are they working on it or how big a deal is it in all the priorities? >> pretty darn hard. [laughter] don't worry. but, you know, let's just be clear, national security is a -- there is not a single problem that if we solve it, the country can sleep easy, right? so, you know, yes, it's an a incredibly critical problem, but it's not the only problem, and i think it's important to just keep that in the mind. again, i think it's foundational, and we are going to have to deal with it because of all the other national security challenges if we're going to build a new generation of complex military systems that can overpower a future peer
3:12 pm
adversary, that's critically important. guess what, it calls relies on cybersecurity capabilities. i think they're linked, but i think you have to be clear that any of these issues that we deal with, cybersecurity is a piece of it. >> and then, and break through -- so when we do hear there's a breakthrough on cybersecurity, presumably it'll be out of your unit. and it will, again, i mean, what's the core of what we're going to see? again, it's not going to be relying on security of individual people, it'll be an automated system? >> yeah. and just to give you an example, we're working on ways of building unhackable embedded systems. you will see that. i hope you will see that rolling out into automobiles in the commercial sector and, you know, uavs in the national security context within dod. those will be new techniques and practices that get adopted by people who are building those systems.
3:13 pm
you might see, you know, i hope after a our cyber grant challenge that you start to see automated cyber defense systems that become commercial products that people who are worrying about their own cybersecurity can purchase and start using. that's how you'll -- >> and one thing on the same type of grand challenge led to driverless cars. >> yeah, absolutely. our first major challenges were about the urban challenge was a major, significant one about a decade ago, could a vehicle navigate without a human being in it through a particular environment? and if you want to find the number one, number two and number three teams that came out of that challenge successfully, you should go visit google and see their self-driving car project, because a bunch of those folks are there. a great example of using the challenge and then letting that technology go out in the world. a lot more work has to happen after we show it's possible, and it's great to see that happening there. >> so we'll be paying attention to that grand challenge. well, thank you very much. >> thanks so much.
3:14 pm
>> thanks. [applause] thank you. and now i want to welcome my colleague, dana priest, who actually has won two pulitzer prizes and is one of the most well known and respected journalists in national security in the united states. and she is going to interview the chair of the house intelligence committee, representative mike rogers. they're going to talk, and then daib that's -- dame that's going to stay on stage, and she has an all-star panel from justice, state and defense. thanks, dana. [applause] >> thank you, mary. thank you for coming. >> well, thanks for having me. good to see you. >> i know this is on cybersecurity, but i wanted to start out just briefly on white house security since it's such a topic. >> oh, look at the time. [laughter] right. i assume you get briefed on these intrusions, and have there been some foreign intrusions we haven't read about or other things we're going to read
3:15 pm
about -- >> do you want to see in the classified cabinet? [laughter] you know, obviously, this is of concern, so there's two problems. one, as many in the security business know, the static security footprint is always the most difficult, the most challenging to keep and maintain a state of readiness. so there'll have to be some reviews of how they continue to test and audit that system in realtime to make sure that that system is functioning properly. clearly, i think the level of readiness decreased when the president was off the grounds which shouldn't happen. but did. so they'll have to do a couple of things. is the systems they have, are they working, are they appropriate, number one. and number two, then you have to start asking the hard questions about is there a cultural management problem at the secret service that allows for that kind of behavior to happen? and that is a more troublesome, i think more difficult and certainly more subjective list of questions and things that
3:16 pm
congress is going to have to ask. >> okay. so we'll rely on our reporters to get -- >> into the cabinet. [laughter] >> okay. >> i look really bad in those orange jump suits with the numbers on the back. it makes me look very boxy. [laughter] >> okay. so cybersecurity. isis, obviously, has shown that it has a cyber communications capability that's much more sophisticated than al-qaeda started out with. have you seen them probe, attack government systems? >> we have not. no, what we have seen in the past is that al-qaeda, isis, other organizations have reached out and tried to find individuals that have the right capabilities to put together a cyber attack capability. and we watched that happen. we've never seen them actually put it together to where they could actually penetrate or do some cyber disruption
3:17 pm
activities. but we know they have the aspiration to do it. they've advertised for it in their social network and their recruiting networks. we just -- i don't believe today that they would pose a threat in the cyber realm like we see in each criminal enterprises. >> and how about al-qaeda? at this point what's their capability? >> i think it's the same. i think they're trying to put their capabilities together. they spend a lot of time, as you've noted, on the public relations portion of their operation. and they use social media in an incredibly effective way. in a way that you haven't seen in the past, certainly, the islamic state has upped their game and used that tool as a way not only to subjugate people to their violent political ends, but to use it as a recruiting tool. some estimates are as high as 3,400 per month now joining their fight because of their social media recruiting efforts.
3:18 pm
and so that part is all dangerous. i don't see them yet engaging in the cyber attack mode, if you will. >> do you think that the united states is actively trying to counter that in a way that's more effective than, certainly, they did in the beginning of the al-qaeda cyber communications? >> i -- no, actually, i don't. i don't believe that on the social media side that the u.s. government using all of its abilities and capabilities have really pushed back in a way that i think we have the capability to do and, candidly, should do. >> and why is that? >> we still wrestle with the policies of what is appropriate and what isn't, and we should have that debate. we should know what we're doing and make sure it's appropriate when you step out on taking those offensive actions. you know, we can -- there's some nibbling at the edges. i don't want you to walk away thinking the intelligence community isn't doing anything about that. that would be inaccurate. but i don't think that we're
3:19 pm
using all of u.s. capability when it comes to our cyber capabilities to disrupt their ability to have these recruiting tools that we see are, candidly, very effective. >> does that mean the decisions for threshold to -- threshold offensive attacks still are being debated within the administration and the community, they still have not really gotten those red lines clear? >> i assume you're talking about offensive -- >> offense. >> -- capabilities. no, we don't. as the usg writ large, we don't have the policies now. we debate it a lot. i can't tell you how much time we've spent in the intelligence committee. part of that challenge is the government has about 15% of the networks, and the private sector holds about 85% of the networks, and contrary to popular belief, the nsa is not monitoring those networks, it's not on those networks. so the only way they see anything coming in is from the
3:20 pm
outside. so most of the offensive talk is from the private sector saying i've had enough, and i'm going to go do something about it. because, basically, what we've done today by doing nothing in congress is telling these 85% of these private networks, you're on your own. you have nation-states who are targeting you, who are ravaging your networks, but you're on your own. good luck. i hope that works -- >> surely as the national security threat you can trump -- >> you would be surprised about how far away we are from really good, understandable policy on what offensive operations look like and should be. >>'s -- i don't understand that. >> because it's very difficult. think of the public debate we've had after the nsa contractor leaked information. it is, you know, most of it is wildly inaccurate. and the political narrative is the nsa's reading all your e-mail and listening to all your phone calls. politicians use that on the campaign trail. serious presidential politicians use that on the campaign trail. and that is an easy thing to
3:21 pm
believe if you're not exposed to understanding what the rules of law and what the parameters we set on our intelligence agencies. so you're fighting a narrative that is completely inaccurate at a time when we are absolutely under siege. and that's been our challenge. >> have you seen -- >> and attribution is a problem here, by the way. you want to make sure we get the right attribution. you don't want to reach overseas and flick somebody in the forehead if we're not exactly 100% sure that that was the perpetrator of that particular event. nsa, capable of doing that. i think their capabilities are getting better and better to understanding who that signature is. private sector is, some are better than others. obviously, there's a mix out there. some could do it, some couldn't do it. so if you start this digital vigilantism about, well, i got hacked, i'm going to go do something about it, you could create a storm here of which the rest of the network, that 85%, is not prepared to handle. >> have you sensed an uptick in what you might call
3:22 pm
counterattacks against the united states either because foreign entities or governments perceive that the nsa is actually acting more offensively or in some cases is? >> well, we've senior a couple of -- we've seen a couple of interesting trends that i think are very dangerous, again, why we need to get this right very soon. one was the in public reports that iran has been at least probing our financial institutions. and we know that they have the capability, saudi aramco, that clearly allows them to have destructive attacks so that they destroy day when they get there. they basically made about 3,000 or computers, excuse me, 30,000 computers paperweights. all that information nonextractable. i mean, they really almost put saudi aramco out of business. that in and of itself is a problem. that means a nation-state has
3:23 pm
made the determination that they're using cyber as their way of using that as their political tool to influence or damage the united states. you know? so this -- >> you quantify that? is it a dozen probes, hundreds, thousands -- >> it would be in the nature of hundreds. now, we have seen a little bit of that fall off into this year, and we assume that's because they're weighting to see -- waiting to see what happens with the negotiation. but the very fact that a nation-state believed that they could do that without any problem or consequence is another very, very serious issue for us. the latest round -- and, again, according to some public reports -- that the russians have, were also flying around or attempting to get into some of our financial institutions, and the question is, a, why? and the way they were doing it, certainly, might raise some questions. was it designed to be destructive or disruptive in our economic, our economic fabric, if you will?
3:24 pm
and it was believed that they decided to make that decision based on the fact that they were having these sanctions imposed, and they believed, well, if you're imposing sanctions on us, we can use this very capable tool to cause you harm in your economy. that, this is a new, dangerous form of warfare. and international relations that, candidly, the united states as a whole is not prepared to handle. remember, the russians can flick a switch, their internet goes out. the chinese can flick a switch, their internet goes down. we don't do that, nor do we want to do that or should we do that. but, again, that exposes these 85% of these private sector networks and puts them at the whim of nation-state capability in cyber. and that, this trend is very, very concerning. >> can you talk a little bit about what the evidence is for that link to sanctions? is it just -- >> well -- >> -- a guess? >> again -- >> something better than -- >> well, let me just say as
3:25 pm
someone who reviews all this, i believe that the timing of it -- and you pair that with public reports -- i clearly believe that the russians had an intent to try to cause some harm, some disruption as a result of those sanctions. and so, again, that's why i think this is, this is so dangerous and so important we get right on our defenses. >> and it was the russian state, not russian independent hackers, and was it in any way -- >> that is getting harder and harder to determine. so the, you know, the svr and the fsb has very interesting relationships not only in their hacking community, but the international organized crime community. and sometimes it's hard to tell the difference. >> and what did they manage to do to disrupt? >> well, i'm really not at liberty to discuss who or what their efforts were other than to say, again, according to public
3:26 pm
reports it raised questions on what their intent was. was it to try to monitor, say, transactions so you could let your imagination roll here a little bit, or was it to go in and destroy enough data to cause economic harm to transactions in the marketplace? any one of those conclusions is pretty bad. >> so i'm letting my imagination roll. monitoring financial transactions between russian, between who? >> again, i'm not -- i can't get too close to that. but, again, it was enough of an alarm for me to ramp up our effort to say, hey, we have got to put our defenses in place. and, remember, any action on behalf of the u.s. government, so we talked about, well, okay, so what do you do about that, do you offensively go and, you know, as we say flick 'em in the forehead in that particular unit that's operating or that
3:27 pm
particular ip address? the problem with that is that the attack won't necessarily come back to the u.s. government. our security services are very good about trying to get what the threat matrix is and apply that to the protection of our networks. but that's only 15% of the networks. so that 85% it does not benefit from that information. currently and today. and that would expose them to this attack. they're not likely to come back at whatever agency participated in that. they're likely to try to come back, again, in the private, one of those private sector networks to cause their harm, damage and/or -- >> how many times since you've been chairman of the committee have we flicked somebody in the forehead? [laughter] without saying who, just is it -- >> not counting my staff to me in. >> yes. [laughter] >> oh, okay. well, again -- >> is it a dozen times? >> part of the problem is this notion of what is an ops i have
3:28 pm
response -- offensive response. so we haven't gotten there yet. i used to say if you're going to punch your neighbor in the nose, best to hit the weight room for a couple of months first. we are not prepared. if the federal government decides they want to take offensive action or disruptive action in any significant way even in response, it's, again, not the government that we're worried about. >> are right. >> we can hunker down, put the helmets down. it's the 85% of the public networks that are exposed to them, and they will not be ready for what comes next. i will guarantee you that. if you have a cio in any company that comes in and says, sir, i'm ready and i can beat anything that comes, time to find a new cio to, right? you are nose is just above water, even the best of the best out there are just trying to keep up with the pace of the threat. >> so let's talk a minute, because we only have a minute -- >> perfect. >> -- about industry in cybersecurity. your bill is now, can you give us a quick update on where that is?
3:29 pm
>> sure. >> do you have any hope that it's going to be passed this -- >> you know, we -- i had a great conversation this week, yesterday with senator feinstein. we have worked pretty closely on this. we have a very small window to get this done, very small window. it is not impossible, but the political challenges of the senate right now make the hurdles pretty high, unfortunately. so only in the senate can you tie a fisa issue with an intel authorization bill with a cyber bill and mush it together. and so that's what we're -- we're trying to unwind those political tantrums, if you will, for holds and other things that are being placed in the senate. my fear on this is, and senator feinstein, i think, shares this fear, is if we don't get it done in this lame duck session -- and, you know, the senate will have some differences in our bill that passed in a bipartisan way in the house not once, but twice -- we'll have some differences, but we think we can work those out in a conference committee pretty quickly, is that it all starts over.
3:30 pm
the clock starts over. so sax by-chambliss -- saxby chambliss will be gone, he's retiring. i'll be leaving as chairman. it's going to take some time to ramp it up, and we've asked house members now to vote on this very difficult issue because, again, the political narrative, i think, is wrong on what's going on out there. there's a lack of understanding what the real threat is. i'm not -- you know, this could be years before this gets done. and that's why we have heightened the awareness about how important this is to get done in this very brief window that we have left if we're going to have any success in trying to push back at what is a growing threat. now you have criminal organizations that have nation-state capabilities that we didn't even see a year ago. and this is only going to get worse. it is only going to get worse. you know, nude photos could be the best thing that ever happened that got stolen off the cloud, right? i mean, seriously, you think
3:31 pm
about the six-year threat level of economic damage, do your lights go out and they don't come back on? we have some really significant challenges here that we're just not prepared to handle. >> okay. we're going to leave it on -- we're getting word, but thank you for your time. >> thank you. i appreciate it. [applause] thanks so much. >> okay. [applause] >> okay. we're going to enlarge our stage here. [inaudible conversations] >> hello. first we have christopher painter from the state department. >> good to see you. >> you too. have a seat. and john carlin from the doj, national security. and you're going to explain your title which keeps growing -- [laughter] but this is eric rosenbaum from do to d. so we have -- dod. so we have all branches of national security just about represented here. can you first explain your
3:32 pm
title? >> yeah. i just got confirmed by the senate last week as the assistant secretary of defense for homeland defense and global security, so that's a whole wide path of stuff in homeland defense, global security. cyber is definitely one of those things, but i'm also dual-hatted as the principal cyber adviser to the secretary, something that the senate put into law last year to kind of help coordinate all the things that go on cyber wise in the department of defense. >> okay. so i actually wanted to start with you for a minute because -- >> first victim, right? >> yes. [laughter] when i think about the military and homeland security, you think about, obviously, some bright red lines about when the military can participate or not. but cyber doesn't have bright red lines, as i can tell. so where are your limits? >> that's a great question. we in the interagency with my colleagues here, we've spent a lot of time thinking about that,
3:33 pm
and there are no bright lines, but there is for dod in that we don't do domestic cyber operations unless with the national guard. there are some, there's more leeway there for a posse comb tatties, but when it's a domestic issues it's always the department of homeland security or fbi in the lead and then either cybercom or nsa will provide them with technical type support. that's the way it works under the law. now, a couple of years ago there was a kind of raging debate about who should have the lead on this. there were some ideas maybe it should be nsa and cyber com as opposed to dhs. and we settled that and to the point now there's a very good working relationship. we know what the roles and responsibilities are, and everyone kind of understands what their place is in the game, and it's a team sport we like to say, and we all work in our different positions. >> so you gave me a perfect next question which is what is, what can the national guard do? you said they're the exception. >> yeah. we spent about the last several months thinking about the role of the national guard because we
3:34 pm
made the decision two years ago to build out the force structure in cyber com to develop a force that was about 6,000 people, elite cyber warriors, kind of the special operations command for cyber. and then when we recognized that we needed to figure out how to use the national guard, they have some pretty unique attributes. for example, i recently went out to washington state and met guard members who work full time for microsoft, but work for the guard on the weekends and in the summer, very highly skilled. they're definitely not working in the guard for money, and they bring a lot to the table. they also have a unique authority set so they can support dhs, support the governor first and foremost, and there's a role they can probably play in protecting critical infrastructure. so we want them to be part of the overall cyber force but have the unique role that the guard does in doing state-type activities and helping with other civil homeland defense issues. >> and so has that become a new policy? >> in this analysis we outlined what we think the role of the guard is, and we'll be building
3:35 pm
some force structure behind that, giving them the training that they'll be required to be up to the standard of the cyber mission force. and that is something that's new. it's something that's good and positive. >> okay. and, john, how do you in this, how do you use the military as maybe a backup investigative force? they're much bigger than you are. >> well, first, i was hoping to get the question of what's my title. [laughter] i was ready for that. we -- >> what is your title? no. john has much broader responsibility, he's in charge of the entire national security division at doj. so -- >> the, i'd say this, in terms of the roles inside the united states that they lead in terms of the investigation, attribution and, obviously, prosecution would be the fbi and the department of justice. now, fbi is set up -- has set up a center, and we've mastered bad acronyms and making as many as possible, but it's the nci/jtf
3:36 pm
or national cyber investigative joint task force. my former boss, director mueller, would put it the task force. but it's fbi administered, but it has capability from every agency from secret service, the law enforcement side to nsa to make sure that when you're doing the investigation and attribution of a domestic threat that you have all the information in one place so you can best figure out who is that actor, where is it coming from and what can we do to stop it? >> and given the relative size difference between you two, do you then end up using military assets to help you in the investigation quite a bit? >> um, you know, in some ways i have to defer that to fbi colleagues. in my experience in the usual criminal case or now as we focus
3:37 pm
on nation-state actors and looking to see terrorist groups, no. i think the fbi has significant capabilities that both the prior director as he was leaving said would be their top priority and director comey as he's come in has said that's what he sees as the top challenge over the coming years. and they do work closely with department of homeland security where department of homeland security is focused on what would we do if an attack is successful in order to try to build resiliency in the companies or the fbi's prime focus is how do we figure out who did it to stop them from doing it again? >> in all, and anytime you talk about cyber, it's so invisible to the public that i think that's one of your challenges. can you make it a little more visible and quantify? is are you seeing more -- can you quantify the increase we hear there is in cyber attacks
3:38 pm
in the u.s. both against private sector and government? is there a way to do that? >> so one framework which i think just fits with people's common sense and experience of the world is in many parts -- and many parts of this are good. but we as a nation and many countries in the world have put almost everything we value into cyberspace. we've put our personal information, we've put our financial information, we've put the way that we operate our critical infrastructure. it's digitally stored, and most of it's connected to the internet. now, the flip side of that means all the same bad guys and all the same activity that we've seen for years in the brick and mortar world is going after where the money is, where the secrets are and where they can cause damage. and so as we put more of what we value, we're seeing the number of criminal groups trying to target it increase. we're seeing nation states develop it as part of their strategies. there was a recent estimate, relatively recent, i think, from a panel that former governor
3:39 pm
huntsman commissioned that said 300, they systemed the loss on the economic -- estimated the loss on the economic side to be at a range of $3300 billion of lost -- $300 billion of lost intellectual property which would equal our foreign exports to asia. another figure that chairman rogers put out is just looking at one attack in the saudi aramco attack where somebody wanted to do something destructive, not particularly sophisticated was able to wipe 30,000 computers out. and looking forward there, thera good criminal takedown in a case called game over zeus. this was an infection that infected hundreds of thousands of people's computers, and the bad guys there, the criminals, were using it for profit. they would lock you out, say, as a reporter of your files. you desperately want to get them back, and so you pay them to get them back. it doesn't take much imagination to say, hey, if a terrorist
3:40 pm
group like al-qaeda or zawahiri has publicly put out a videotape saying what his intent is, if they get access to that same tool, they're not going to use it to get money, they're going to use it to destroy as much information as they can. >> so does the government have figures that you can talk about that show an increase instead of relying on someone else's panel? i mean, you're inside. you see these. >> i'd say, i'm going to defer -- yes, we are seeing an increase. >> by how much? how do you quantify that? >> so you're seeing an increase in the number of reported incidents -- >> 50% increase? or 10% increase? >> that figure i don't have for you. >> but you do have one. i mean, again, i'm not -- of course i'm trying to prod you. >> yes. >> but this is by nature an inadvise are bl threat -- invisible threat to most people. so i'm a little confused about why the government doesn't make it more clear.
3:41 pm
you know, what exactly has been the increase? you know? >> well, i think you can, you can -- there are many different ways you can try to measure the increase in what you're seeing. and so it's like a white collar crime issue. i used to prosecute those cases. you can't give a precise figure how many dollars were lost to white collar criminals in part because until you investigate and work with, you don't have a precise figure because it's, until you dig, it's visible. but what you can see, for instance, the head of bp put out, they're seeing 50,000 incidents a day. >> right. >> and we're seeing that increase in reporting from all of our private sector colleagues; the intelligence community can also say we're seeing an increase in the intrusions that we see that we're able to detect and, again, going back to the common sense -- >> right. >> -- that's where the information is, and when we do
3:42 pm
see a case, we're seeing startlingly large amounts of information taken. i hesitated, and we've put more resources into shining that flashlight. as we do it, we see more. does that mean we're seeing the total picture? no, i don't think it does. >> okay. >> in fairness, i think one of the problems -- and i've been doing this a very long time in different aspects including at doj -- is that it's hard to quantify because, just as you say, it's hidden often. so the reporting is not perfect. we don't know what we don't know. we don't know a lot of the intrusions that are never reported by companies or individuals. we're seeing better reporting now not just in the united states, but around the world. so that gives you a better sense of the picture. and sometimes people are more willing to tell computer emergency response teams, they're willing to tell private companies who are gathering this data than they are willing to report to law enforcement. and partly that's true by maybe a misunderstanding of what law enforcement can do for them. so i think we're getting a better picture, but i think
3:43 pm
danger of trying to quantify an increase is difficult. what we are seeing, i think, are more serious attacks, and saudi aramco is a good example. because people are relying on technology a lot more, we're seeing more dependence, and when these attacks or thefts happen, it has more consequence. and when we talk about theft of intellectual property, one of the big challenges again is you understand when you're a company and your physical asset is taken, it's not there anymore. you don't understand necessarily when your trade secrets are taken. you don't understand what the long-term consequences are to the life's blood of your company. so quantifying that is a challenge, but i think we're collie -- clearly seeing an uptick. >> do you think there's sort of a snowden hangover, i might call it, in terms of tries to get private tech -- of trying to get private tech companies to cooperate with the government? you see apple and google encryption as a way of saying to their can customers, you know, we're impenetrable, is that having an effect in being able to ask people to help out and tell us what's happening in your
3:44 pm
company? >> there's probably a couple phenomena that are happening simultaneously. one is the private sector is getting better, and the government is getting better at sharing information, but we need to do more faster. >> so there hasn't been a reluctance because of the nsa revelations? >> well, let me put it in different buckets. i think at the same time that that was occurring you've had the target intrusion, home depot, and when i go out compared to when we were doing this in '05, 'to 6 and talk to companies, i see an awareness of the threat at the highest levels of the company in a way that we simply haven't seen before. and so that's a good thing, and that leads them to think about, hey, what do i do if i've been intruded upon? what do my shareholders and customers expect of me? do i have a response plan to go to law enforcement? you also see for the first time the president cheering the security council -- chairing the
3:45 pm
security council and the unanimous security council resolution that talks about the combating violent extremism, combating the foreign terrorist fighter threat and a need to do that where it's taking place which is in social media in part. and you saw that as part of that security council resolution. and the third phenomenon is the one that you referred to. speaking not as a national security prosecutor, but as somebody who used to do the sex offense/domestic violence cases as well, i think you heard the attorney general yesterday speaking to the global alliance that seeks to protect children online and saying it would be, it would be unfortunate and we're going to need the cooperation of companies that when you have a lawful quarter like a search warrant for a state and local police officer, that you need to be able to serve that. and that's a debate or discussion we need to have to figure out the right response.
3:46 pm
>> chris, could i ask you the same question vis-a-vis the international partners? and can you pack up and tell us how do international partners share information on terrorist cyber attacks? >> well, i mean, not just terrorist sign cyber -- cyber attacks. i think one of the things we've been focused on doing is working internationally to build those partnerships. we work with fbi, we work with -- and doj. we work with uso, we work with dod. one of the things eric said in the beginning i just want to reemphasize which is one of the things i've seen in the past few years which is a little inside the beltway but really remarkable is a really coming together of all these different federal agencies and working much more seamlessly together. so to give you an example that goes to your point, when we had the denial of service attacks that were coming and hitting our financial institutions over a period of time, we were working, dhs was reaching out to -- these were bot nets, so they can be concentrated all over the world,
3:47 pm
and the concentration can change from day-to-day. so they were reaching out to their counterparts, the technical experts. the fbi was reaching out to their counterparts. but, you know, there's a lot of noise out there. we make a lot of technical requests all the time, so what we did -- and this is unique for us -- is the state department decided to do demashes. -- demarshes. before coming to the state department, i always thought that was a bad thing. but you can have something where you say i need your help on this, i want you to elevate that. so for about 20 countries we said, look, this is serious. we want your help. we want to build more of a cooperative framework to deal with these common threats. and so that's been part of our mission, working with the other agencies. the problem is more and more countries, i think -- the good thing is more and more countries are now taking this seriously. we've seen in the u.s. that this is not just a technical issue, and that's been the other transformation. people used to go in, you know, when it was justice, you'd go into the white house, you'd go
3:48 pm
in and talk to folks and they thought it's a technical issue, i don't understand it, i'll have the technical experts deal with it. now people understand it's a major national security issue, and in the u.s. especially national security issue, economic security issue, human rights issue and foreign policy issue. and getting other countries to get to that same level is one of the challenges. but more and more countries are. so building that cooperative relationship both on the technical level but also on the policy level, because there's a long-term game here too in terms of diplomacy, what proper norms of behavior are, confidence-building measures between countries, those are all really important. so the consequence, as i often say cyber being the new black where everyone cares about cyber and everyone wants to talk about cyber in the u.s., it's increasingly happening around the world. if you get countries doing national strategies around cyberspace which we've had for some time but more and more countries are doing it, as you get them reaching out and saying how can we build these more
3:49 pm
cooperative frameworks against these threats, i think that's helpful to us all. >> so are there -- just one more question about this, do we mainly do it bilaterally? >> both. so we, for instance, we have dedicated what we call all-of-government bilateral relations with a number of countries where we've had cyber discussions focused on the full range of cyber issues including issues of internet governance and human rights and internet freedom but especially on security. and we bring our colleagues from doj and dod and dhs and commerce and the whole suite of agencies. and that forces the other government to bring the whole fleet of agencies because often they don't necessarily know what's happening. we used to have stove pipes of excellence in the u.s., and so that's replicated other places. so we've had those more formal ones, we have that with germany, with a number of our close partners like the u.k. and australia and others. we've had that with india, we're renewing that, i think, the joint statement, the presidential joint statement yesterday talked about renewing
3:50 pm
our cybersecurity dialogue with india. we've had it with japan, with korea and other countries. so that's one aspect. but then we've also done multilateral work. we've done it within the organization of american states. we've done it within asean, the organization for security and cooperation in europe where we, as a landmark thing, got the first what are called confidence-building measures. this is not rocket science, it's just how you build better transparent sky and confidence. transparency and confidence, ultimately stability with all the, i think it was 57, countries in the osce, we got these confidence-building measures last year. we're implementing them now. and then we also have to leverage our law enforcement networks and dod networks as we reach out to these countries. >>, so eric, yeah, i was going to say, do you have similar cooperative -- >> we do. we'll work with other nations' militaries very often try to do capacity building. there's a lot of demand in the world right now for people
3:51 pm
trying to figure out how to build their equivalent of a cyber command. and the reason we do that is we want them to do that in a responsible way. there are some things we've learned that we didn't do as well as we could have. how you balance that with respect for civil liberties within the law, you know, executive oversight of military organizations. and there's another point that i wanted to make that builds on what chris was talking about and also chairman rogers talked about this. offensive operations are something that are always an option, but it's only one of many tools that you have available on the policy spectrum. and we have made the very conscious decision especially in dod that that should be one of the very last things that you go to, right? before you would ever take offensive action, you would want to work diplomatic channels first, work law enforcement channels. so the policy-making process in the white house and interagency is pretty sophisticated right now based on this for cyber, and a lot of it has to do with the fact we got a lot of practice on that during the denial of service attacks and some in the
3:52 pm
past years there's been pretty significant threats. >> can i just add one other thick in terms of how we build better cooperation. the other part i left out was capacity building, particularly for the developing world. so we have done, again with our colleagues, we've done them in east africa, we've done a couple in west africa, regional ones, we've done one in south africa, we're looking at asia where we talk about cyber crime, we talk about cybersecurity, we talk about both building structures in government but also capability. and we also talk about the civil liberties issues and the public/private partnership. >> and are we actually transferring funds in order to increase -- >> well, there's been a lot of work where we're trying to, again through our partners, build, for instance, search, build law enforcement channels, build good cyber crime laws. there's been a lot of activity that's been undertaken. i think it's one of these things where we're always challenged not just by funds, but by actual, physical people, resources that can do that because the bench isn't that deep. but i think that's something that's a priority. >> let me follow up on your sort
3:53 pm
of foreign cyber command idea. are, is the u.s. training particular countries now to stand up cyber commands? i mean, can you talk about -- >> we have, there are i think last estimate in the public press, there are about 60 countries that are looking at building -- which isn't surprising mostly because they want to defend their own networks. there are a small group of countries that we work very actively on kind of giving consulting and advisory advice about how we did it and things that they can to to build it in terms of training, doctrine, all of the things you do when you're building a military force. but we only do it with our very closest partners mostly because we want to make sure that it's being done right. and also we're very conscious of the fact that a lot of countries want to build offensive capability which we're not in favor of. that's something that -- >> so have we done it in countries that are allies but also developing? pakistan, egypt? >> not as much. and, you know, quite frankly,
3:54 pm
the biggest demand signal comes from countries that have more traditionally well-developed relationships with the department of defense. >> like europe? >> that's right. and then we also spend a lot of time, i spend a lot of time in the gulf trying to help them build capacity and also make sure that's balanced with good governance. those are the two areas, but also in asia we have strong partnerships. >> like vietnam? who in asia? >> this is one of the things where most of the countries prefer we don't speak publicly about it and, i think, you know, just to honor that relationship, it's probably better not to name names so to speak. there's always, like, the five is partnerships. >> right. >> it's very, very close. close allies like the frenchover germans -- or the germans we always want to work with, and those are things that chris and doj are also involved with. so it's a balance. >> the problem overseas, though, is you are dealing with countries who are in the process of censoring their public often. >> right. >> this is another tool for that.
3:55 pm
so how can you actually have any impact on that? >> well, i mean, part of the diplomatic effort is, as i said, this is a broad spectrum thing. we don't think of cyber in silos where you separate cybersecurity from human rights and other issues. we did get a resolution in the u.n. human rights committee that says you have the same rights online as you do offline. shocking to us, but it actually was pretty major. and when we even think about technologies and washington just recently came out with some recommendations in terms of technologies where you make sure that as you're giving aid or working on cybersecurity issues with countries that you're not enabling them to better monitor their citizens or impinge on human rights. that's always a delicate balance, but you've got to make sure you do that. and then you have the larger context of what are the norms of waiver in cyber -- of behavior in cyberspace we're trying to promote? as eric said, as more and more
3:56 pm
countries develop these capabilities, there should be some understandings of what's appropriate behavior. and so, in the u.n. last year we got in this group of government experts we got something that said international law including the law of armed conflict and international humanitarian law applies in cyberspace. again, that makes a lot of sense. but before there were some countries that said, well, this is a completely lawless space, you can do whatever you want. that's part of the long-term gain of how these concepts apply. one of the things below that level that states shouldn't do and we've been talking about that in the u.s. government, what are the peacetime norms we should be promoting, so that's part of the long-term game you couple with the short-term game. >> in terms of that development, i think actions matter. and for a period of time because these cases are very difficult to bring and you need to put resources in on the front end in order to do the attribution and the investigation because of the difficulty in developing the capability with our partners and the willingness for them to take
3:57 pm
parallel criminal actions for a period of time if there was a nation-state actor and they were conducting what would be traditional criminal activity -- stealing economic information from private united states companies for private use by companies back in their home country -- we were not pursuing those cases criminally. i think starting in 2012 at the department of justice we created a national security cyber specialist network in in 94 u.s. attorneys' offices, all 94 u.s. attorneys' offices, hundreds of prosecutors. at the same time, the fbi announced a similar approach to how it did counterterrorism prosecutions which is that it was going to share the intelligence side of the house with those trained prosecutors. most of them will not result in criminal cases, but some will, and you saw the beginnings of that with the indictment of the five members of the people's liberation army. and the idea there is we are
3:58 pm
increasing what we do on the criminal side of the house, and we've had great cooperation now from, for instance, partners in europe where we'll do a global takedown of a criminal ring. but at the end of the day, if we follow the facts and evidence where they lead and instead of leading to an organized crime group in ukraine while we're looking for their cooperation, it happens to lead to five members of the people's liberation army, we're going to treat criminal activity as criminal activity. and that type of action, i think, mens build the -- helps build the norm, ultimately, of what's acceptable in this space. >> and have you had cooperation from other nation-states for determining attacks against, you know, the nation-state here? >> um, yes. i think you're starting to see increased cooperation in law enforcement to law enforcement channels, prosecutor to prosecutor channels. >> okay. where do you see -- yes. we have some e-mails. [laughter] >> we're going to have --
3:59 pm
>> just to end up here, can we just down the line from all your vantage points, this is an audience question, what's the cyber threat, who, the nation or group, that keeps you up at night? >> other than china and russia. [laughter] >> i, what keeps me awake at night is the nations that are less deter bl. so in particular iran and north korea and the fact that there are even new vulnerabilities that come out every day that have an impact on the security of industrial control systems. so it's a set of hard things, undeterable or a difficult-to-deter country, a lot of vulnerabilities, and it's difficult to defend against. so i worry about that stuff. >> switch my general -- given my general portfolio, if i wasn't a sound sleeper, i would never get a good night's sleep. but i'd say the top threat, similarly, are those who would not be deterred. so if they had the capability, they would use it. and to my mind that's the terrorist organizations who have
4:00 pm
declared their intent to cause maximum harm and are actively seeking to acquire the capability. and that's where each day i feel that all of us working together need to do more and faster working with our private partners so that we're not having a, as the 9/11 commission recently put out that we're not having a moment post, a post-9/11 like moment where we all saw that coming and we didn't take sufficient action ahead of time. ..


info Stream Only

Uploaded by TV Archive on