Skip to main content

tv   Tonight From Washington  CSPAN  February 27, 2012 8:30pm-11:00pm EST

8:30 pm
many as you want together so if you say i want to crank this up and charge it in today's or charge it in one day or a half a day all you have to do is double the solar panel. so this is basically power on the go, power anywhere really. $1800 at msrp and is the first island generator in the market so it's an indoor generator. you can use it indoors, no gas, no noise. >> host: why not manufacture in the united states? >> guest: is purely cost. we would love to because it would triple the cost of the product and when you are selling consumer products, you will find five or 10% of the people that can actually make them here. u.s. is not a manufacturing come street like is to be. >> host: joe atkin is the president of gold zero. would assure web site? >> guest:
8:31 pm
>> host: "the communicators" is here at the consumer electronics show in las vegas, nevada. one of the exhibitors here at the consumer electronics show is a group called life technologies and we are joined by one of their directors, graham scott. dr. scott, what is life technologies and what do you do? >> guest: we are leading provider of technology for biomedical research, people who are actively working performing research to sell governmental ads and pharmaceutical companies. primarily researchers. >> host: first of all how long have you been in business? >> guest: well, life technologies as an entity has
8:32 pm
been in business for a little over two years. that is the genesis of 25 years because two major companies that came together to form technologies so over two decades. >> host: how do you use technology in your work? >> guest: so technology is used by scientists who are posing questions about disease. they want to understand the biology of disease. typically, they are working with samples. to give you a concrete example they may be working with cancer cells and control cells and there are biological questions about what is different in the cancer cells from the control cells. >> host: what you have display on -- at the consumer electronics show. >> guest: we have a proton sequencer which is very transformative and uses completely revolutionary
8:33 pm
technology that is placed on a chip. we like to say the chip is actually the machine so what you are seeing here on this chip, you are actually seeing an area that has 165 million wells each of which can sequence a small piece of dna. so what we can do is we can take dna from a human sample or really from any organism and we can chop it into little pieces, and we can borrow a series of molecular cells. we can deliver those constructs onto this chip and all the interesting work happens on this chip. >> host: if you put it in machine what happens? >> guest: okay so i simply put the chip in the machine and i will actually close this lever down. went thing we are able to do the
8:34 pm
principle operation is actually very simple, peter. what happens here is we introduce nuclear toys of dna, it a, c, d and p. as the sequence what actually happens is a charged ion is released a hydrogen or proton into the instrument. the proton is released as we sequence and it has a charge on it and we are simply going to measure that charge by measuring that charge and can actually determine the sequence. we actually see the chemistry in real-time by measuring that charge. >> host: what are the practical applications of this doctor scott? >> guest: yes, primarily biomedical research. one of the things i would like to point out is the smaller version or the little sister to this in chu is called the personal genome machine that can use a concrete example.
8:35 pm
it uses the same conductor sequence he. you may recall the e. coli outbreak in europe a few months ago so the genome machine which again is the predecessor to the proton was used very rampantly, pathogenic e. coli bacterium so the screen could be rapidly developed. we do that in a few days of the utility of the technology is very fast. >> host: is this technology on the market? >> guest: we are taking orders right now from customers. >> host: such as? >> guest: primarily biomedical researchers. we expect to be in full commercial by the end of the third quarter. >> host: dr. scott how are you funded? is this a venture capitalist type funding? >> guest: oh no. we are listed, we are a public company so yeah, --
8:36 pm
>> host: life technologies is the name of the company. what is the scientific american thing you have up there? >> guest: at this booth we were able to have a very productive partnership with scientific american in terms of this particular booth but also in terms of wider activities here at ces. >> host: what is your background? >> guest: my background is i am a chemist, so i have worked a lot sequence the -- sequencing and an human genome program a few years ago so my background is in chemistry and data sequencing. >> host: we have been talking with graham scott of life technologies here at the consumer electronic show in las vegas. here at the consumer electronics show in las vegas is a quality-of-life technology center, national science foundation engineering research center and joining us now is the
8:37 pm
director of the quality-of-life foundry and that is curt stone of carnegie mellon university in pittsburgh. mr. stoned what is quality-of-life technology? >> guest: is a research focusing on creating intelligent systems for seniors and people of disabilities. using robotics, robotic technology and vision technology. you are looking at the human side of things on aging at the university of pittsburgh also an in engineering research labs. and it is focusing on creating the smart system, not just the hardware of the time but a smart system that will help people live and extend their lives in their homes longer. >> host: this is something that is done at carnegie with the assistance of the university of pittsburgh? >> guest: they are partnering our research center. we are right next door to each other and basically abutting each other so it's a good collaboration. >> host: mr. stone you have two things on display. u. of a computer running that we want to look at it looks like a
8:38 pm
crash. can you tell us what these are? >> guest: this is for our first application of this technology, in the sports media side. the technology itself is using two cameras, one that looks out in one that looks at the eyes so we know exactly what the person is interested in this machine. when you consider people want to be monarchs to understand what they are doing, having cameras on the outside looking at them is very intrusive. people tend to not be concerned about us seeing or the computer seeing what they see it. in order to do that for the computers to help people it knows exactly what their interest is so this is what it does. the eye tracking system exactly points to it and you can see the target honor system itself on the computer. so it is a little red circle showing this is a driving application or someone driving and using it and it shows exactly where the person is looking as they are driving. >> host: we can see their eye
8:39 pm
in one camera and this is where they're looking with a red circle. >> guest: exactly and this is to show we don't necessarily always show the eye but we are tracking the eye for demonstration. >> host: what is the practical application of this? >> guest: someone who has alzheimer's, we incorporated it into a facial recognition or for four-person it has a condition called prosopagnosia which is significant in the world. over 2% of the population has that aura can actually if you look at someone help the system identify who you are looking at and put it into the recognition system so it tells them who it is. they can tell you that is john smith. you met him two weeks ago or that is so-and-so. we can also use it for object recognition with tbi or alzheimer's. if they have trouble as they are doing these and i do here adequate myself start something in the kitchen and lose track of
8:40 pm
what i was planning on doing. by understanding what they have done so far in saying that an identifying the objects in understanding the actions they have done we can then help them with what to do next so they don't get stuck and don't get frustrated. >> host: do you see a -- this product coming out on the market anymore.? >> guest: very much so. the first market as i mentioned, they're using at the media for sports. we also doing security applications and the show has been extremely helpful or surprisingly helpful in many different applications coming out the on the health care which we are looking at in the gaming space in the military space and the aeronautics, doing everything. it's a technology that is very interesting. >> host: what is the work you do with the national science foundation and how much money has been put in? >> guest: as a research center, to 10 year program and
8:41 pm
$40 million funded by the national science foundation. a certain amount every year. heart of it is distributed, some distributed by the universities as well as industry partners we have who give money to us and we also get other funding through different grants that we write and try to raise that are go. >> host: we have been talking with curt stone of carnegie mellon university in pittsburgh but we also want to me the university of pittsburgh student, and that is he laying out here with the university of pittsburgh i should say. this is elaine houston, and ms. houston what is your role at the university of pittsburgh? >> guest: i'm a ph.d. student in the graduate student researcher. >> host: why are you here at the consumer electronics show? what he demonstrating? >> guest: i am demonstrating that personal manipulable of the appliance. >> host: where was this develop? >> guest: this was developed at at the university of pittsburgh in conjunction with
8:42 pm
carnegie mellon. >> host: can you demonstrate what this does and how it helps you? >> guest: one of the task is going to do is i drop my pen and it has picked it up and now he needed to get it back to me so i could have the hand come in and bring me the pen. can you bring it in? >> host: this is being operated robotically, is that correct? >> guest: open the grouper. yes, it is. >> host: is this a product that could be on the market at some point? >> guest: very much so. we are very much hoping to be commercially available within the next couple of years. >> host: what else does it do? it looks like it has cameras on the site along with the grippers. >> guest: the cameras allowed to remotely operate the device for me if i were not able to operate at myself via local control. >> host: are you disabled? >> guest: yes, i am. >> host: in what way?
8:43 pm
>> guest: i have multiple impairments which require me to use a power wheelchair. >> host: is his wheelchair yours or is this a demonstration? >> guest: this is very much a demonstration chair but i'm working with the chair much of the time. >> host: are you part of the development process? >> guest: very much so. a lot of what we do is very much bringing users of the technology to get them to help provide feedback on which way we should be going and what we should be doing and how we should be doing it. >> host: what would you like to see changed or developed on such a chair? >> guest: the big part is interface, how a person would interact with the the chair independently without the aid of a remote operator. in being able to independently use, even a simple task in life like opening a bottle and taking up a pen you dropped on the floor. >> host: elaine houston ph.d. student, ph.d. in? >> guest: science.
8:44 pm
>> host: at the university of pittsburgh. "the communicators" is that the consumer electronic show in las vegas. >> host: one of the items most frequently on display here at the consumer electronics show 2012 in las vegas is 3-d tv and we are joined on "the communicators" by heidi hoffman, who is the managing director of the 3-d at-home consortium. ms. hoffman first of all what is 3-d at-home consortium? >> guest: we are membership organization. about a 15 member company interested in accelerating the adoption of 3-d into the home and beyond. we were formed about four years ago. our members are active members that worked on different parts of the industry, different parts of what we call the 3-d ecosystem whether it is broadcast, content creation, 3-d products for the home consumers or whether its research studies on how 3-d is working for people
8:45 pm
and what makes it happen what they like us. >> host: are we the second or third generation 3-d? >> guest: good question. i think we are still first generation products and if we evaluate 3-d by active television, passive television, audio stereo, we certainly see the technology changing. we see it moving. we see a lot happening and i think it is, you can see us here at the show. >> host: what are you displaying at the consumer electronics show? >> guest: so for the first year, we have been here two of the years, our companies came together and wanted to show the breadth of 3-d so we have got drawbacks that will show up on your cell phone and we have 3-d products showing up for your entertainment systems and we have 3-d software showing up in what we call education and entertainment combined. "national geographic," discovery and those channels, and really well and aged cheat tv and other
8:46 pm
software applications. you're going to see 3-d in classes because it's really incredibly, the numbers, we have done studies on this. it's amazing how much better students focus on the subject and how much more they take away. it has been tested over time that this continues to happen. students are really getting engaged in 3-d particularly in math and science. >> host: now are we at any point going to be able to lose the 3-d experience? >> guest: absolutely. i think we are going to see a lot of advancements in autostereo. we are already losing -- glasses free, autostereo. you are going to see as you look around the show monitors that work without glasses and you are going to see single user system so cell phones in 3-d, absolutely. 3ds independent gaming system,
8:47 pm
those kinds of technologies have really taken off. and they are dancing. i don't think you are going to see it in the larger. you will see some demos on the show that are in autostereo in large screen but they are not quite to the consumer market yet. >> host: what about the laptops heidi hoffman you have on display here? >> guest: this is the 3-d laptop showing a video gaming system. right now we are going through some still videos or still images. the still images i think demonstrate really well what you can do with generated context. someone went to paris and took this question and someone who didn't go to paris will get a much better sense of what that looks like at the louvre. >> host: what are some of the companies that are members of 3-d at-home? >> guest: we are partnering with samsung, sony, nvidia, spatial view so we have got
8:48 pm
large companies that have advanced products and entertainment products in 3-d and small products or small companies like master image that will be putting displays in your cell phones. dare autostereo technology has a different twist and gives you great tv viewing. >> guest: i'm san jose and i vanished consortium so i've been involved in that for 25 years, 15 years before that in the u.s. government so bringing people together and communicating and moving the industry faster rather than moving separately in them broaching it faster. you will find your roadblock is there and you will hit it much faster than if you go together. >> host: heidi hoffman is a managing director of the 3-d@home consortium. "the communicators" is that the consumer electronics show electronic show in las vegas, nevada.
8:49 pm
and "the communicators" continues its tour of the consumer electronics show in las vegas, nevada. the mobile 500 alliances here and john lawson is the executive director. what is the mobile 500? >> guest: it's a consortium of 47 broadcast companies. we own 430 television stations across the country and we are dedicated to taking advantage of the technology breakthrough that allows us to use our over the air television signal for mobile devices. >> host: what does that mean exactly? if i'm here in las vegas how would i use your device? >> guest: your cell phone or your laptop is enabled with either an adapter or a built-in receiver, you can get live television over the air. through that device without touching a data plan while you are making a phonecall. it's a way to get very high-end
8:50 pm
video to your device cheaply. broadcasters are watching three channels to be received over the air and what we are demonstrating today is the consumer product, and apple adapter that will go to an ipad or an iphone and allows you to receive over the air television allows you to have a dvr built into it and you can pause the programming and take it with you, and then we have got a solution through 3g the wireless network integrated into that into a single user interface. >> host: mr. lawson again i'm here in las vegas. could i watch the three broadcast channels, or you have got all your member companies down here in your display but what exactly could i see if i were right here? could i watch local tv from washington d.c.? >> guest: you could watch local tv from las vegas so this is a local play. we will have national content and of course we have the food
8:51 pm
network here at the boot but it is a local broadcaster and what we have found his people value the local news and sports most highly. >> host: so people who may be interested in watching c-span, would c-span have to sign up for your service for people to get that over their mobile devices? >> guest: it all depends on our deal with c-span. we would love to have c-span. everything we are broadcasting is free and in the clear. we would love to have c-span in our portfolio and stations and channels we are building. >> host: does it include the broadcast networks? >> guest: it does. there is a consortium headed by nbc and their they're lighting up their stations, nbc, fox and telemundo stations across the country and they will be broadcasting. >> host: where's your device manufactured? >> guest: the companies are designing it in israel and germany and it will be manufactured probably in china. >> host: we are also joined at the booth by ryan mchale the
8:52 pm
vice president technology for fisher communications out of seattle. mr. mchale what are you going to demonstrate for us today? >> guest: what i want to show basically is live television over the air from a station in seattle. that is the siano accessory with over the air content so we have got basically the guide here itself. various stations are broadcast which we can pick up. for our demonstration we have itv, cw, the food network which has allowed us to distribute their content and the country network. so what i'm going to do, and going to drop into my tv here. >> host: that is an ipad. >> guest: the application was built via a company called ogato picking up the signal so this is live television over the air.
8:53 pm
what is interesting here is the question we all get is how can we drive revenue from this application? what you see here is a flip through the channels we have an interstitial which gives the opportunity to drive advertising revenue for the product itself. as we move forward more interstitial as well. the country network is there. and that goes back to the food next what -- network. >> host: windows that pop back up? >> guest: it will pop back up in the second. we have program guide information to show exactly what you're watching what is interesting here is i can tap the screen once and i can hit this bread right here and i'm recording that show right now over the air. >> host: it will record onto your ipad? >> guest: yes, records locally to the storage device itself and women finish recording, i can touch the screen again. hit that button there and actually the recording is now completed. >> host: is this market, is
8:54 pm
this product right here on the market now and if so what is it so far? >> guest: it's not available on the u.s. market yet. yet. siano is committed to launch this year and they are ready to ship. they have the product in europe. the european market has extensively. this is not the latest and greatest but the next version of this will not have a telescopic antenna but basically an antenna and a small wire so it's actually the lighter and easier to take with you within, if fewer of siting want to pick up mobile over the air television. >> host: why did you start the product launch in europe? >> guest: cno has been in that market already so we basically brought them and to help us and they definitely want to get into the u.s. market with their devices. they want to see it succeed for broadcasters so they were a great partner in stepping up and providing these accessories for us for the show itself. >> host: and we have been talking to the folks at the mobile 500 alliance.
8:55 pm
you have been watching "the communicators" and for the past five weeks we have in showing you our visits to the consumer electronics show in las vegas. if you would like to watch any of these past shows are any communicators go to up next on c-span2 a hearing on u.s. cybersecurity legislation which the senate is working on. this debate on the state voter i.d. laws in the affected could could have on elections.
8:56 pm
>> the accusations that he made against the veterans who served was just devastating. >> we can all point to an outrageous commercial or two or three or four, but on average, negative commercials are more likely to be factually correct and negative commercials are
8:57 pm
more likely to talk about issues. >> earlier this month homeland security secretary janet napolitano testified about cybersecurity legislation. the measures designed to strengthen both government and private computer systems. the senate, and security committee hearing is just under three hours. >> the hearing will come to order. senator collins is on her way.
8:58 pm
i just saw senator mccain and governor napolitano together and it seems to be here i cannot hesitate to offer my congratulations on this centennial celebration of the great state of arizona. here, here. i happen to have been on the floor of the senate introducing -- >> i was there at the time. [laughter] >> you look very well, very well. okay, this is in fact the tenth hearing our committee has held on cybersecurity, and i hope it is the last before the comprehensive cybersecurity global -- is enacted into law. time is not on our side. to me, it feels like september 10, 2011 and the
8:59 pm
question is whether we will act to prevent a cyber9/11 before it happens instead of reacting after it happens. ..
9:00 pm
a very damaging impact on our economic prosperity because extremely valuable intellectual property is being stolen regularly, buy people and individuals and groups in countries abroad that is being replicated without the initial cost of research done by american companies meaning that jobs are being created abroad that would otherwise be created here so when we talk about cybersecurity there is an actual way which we are focused on the danger that an enemy will attack us through cyberspace, but as we think about how to grow our economy again and create jobs again, i've come to the
9:01 pm
conclusion that this is actually one of the most important things we can do, protect the treasures of america's intellectual innovation from being stolen by contenders abroad -- competitors abroad a very distinguished group of security experts, led by former department of homeland security secretary michael chertoff and former defense secretary bill perry across both parties issued a warning and i quote the constant barrage of cyber assault is inflicted severe damage to the national economic security as well as the privacy of individual citizens. the threat is only going to get worse. an action is not an acceptable option, end of quote come i agree. the bill before us today is the product of hard work across party lines and committee jurisdictional lines and i particularly want to thank my colleague, senator collins and
9:02 pm
senator jay rockefeller and dianne feinstein for all the hard and cooperative work in getting us to this point where we are going to be privileged to hear from all three of them shortly. i also want to thank cementer carper who isn't here yet for his sycophant leadership contributions to this effort and i want to think the witnesses who are here. we've chosen the witnesses deliberately because they hold differing points of view on the problem and on the legislation we have crafted and the challenges we face, and we look forward to their testimony. so this cybersecurity act of 2012 does several important things to beef up our defense is in the new battleground of cyberspace. first it ensures the cyber systems that control our most critical privately owned and operated infrastructures are secure and that is the key to the privately owned and operated
9:03 pm
seibu infrastructure and can well be and probably will someday be the target of an enemy attack. it is today the target of economic exploitation, and we have got to work together with the private sector for to better secure the systems both for their own defense, and for our national defense. in this bill the systems that will be asked to meet standards are defined as those that have brought down our common era of mass casualties, evacuation of major population centers, the collapse of the financial markets or significant degradation of the national security is a this is a tight and high standard. after identifying the systems that meet those standards, the secretary of the department of homeland security under the legislation would then work with the private sector operators of the systems to develop
9:04 pm
cybersecurity performance requirements. owners of the privately operated cyber systems covered would have the flexibility to meet the performance requirements with whatever hardware or software de choose so long as it achieves the required level of security. the department of homeland security will not be tech db to picking technological winners and losers and there is nothing in the bill the would stifle innovation. in fact, a letter from cisco and two of the most prominent i.t. companies concludes that this legislation, and i quote, includes a number of tools that will enhance the nation's cybersecurity without interfering with the innovation and development processes of the american i.t. industry. if a company can show under our legislation commercial to the department of homeland security that it already has a high
9:05 pm
cybersecurity standards met, then it will be exempt from further requirements under this law. failure to meet the standards would result in civil penalties the would be proposed by the department during a standard rule making process. the bill also creates a streamlined efficient cyber organization within dhs will work with existing federal regulators to ensure no rules are put in place that either duplicate or are in conflict with existing requirements. the bill also establishes a mechanism for information sharing between the private sector and the federal government and among the operators themselves. this is important because computer security experts need to be able to compare notes in order to protect us from this
9:06 pm
threat. but the bill also creates security measures and oversight to protect privacy and preserve civil liberties. in fact, the american civil liberties union has reviewed our bill and says it offers the greatest privacy protections of any cybersecurity legislation that has yet been proposed to the i'm going to skip over some of the other things the bill does and just go to mention the process by which we reached this legislative proposal was very inclusive and we not only worked across the committee lines but reached out to people in business, academics, civil liberties come privacy and security experts advise on many of the difficult issues that any meaningful piece of cybersecurity legislation would need to address i can tell you that literally hundreds of changes have been made to this bill as a result of their input
9:07 pm
and we think finally we have struck the right balance. i do want to describe briefly or mention some things that are not in this bill. first and foremost, this bill does not contain a so-called kill switch that would allow the president to seize control in all or part of the internet and a national crisis. it's not there and it never was. thank you, center. but we put in! by dropping a section frankly the people included the costs which it just wasn't worth it because the urgent need for this bill. there is also nothing in this bill that touches on the balance between the intellectual property and free speech that is so arrau's in the public opinion over the proposed online privacy act and the project on pnac and has left many members of
9:08 pm
congress with scars or net least a kind of post-traumatic stress syndrome sids that have been furious infect this is not the ultimate verification of my assertion that there's nothing anywhere like what concerned people in sopa and pippa. but mr. stewart baker was a leading opponent but his testifying today in favor of our bill. after the cybersecurity act 2012 becomes the law, the average internet user will the without using the internet just as we do today. but hopefully as a result of law and outreach pursuant he's far better equipped to protect their own privacy and resources from cyberattack. bottomline a lot of people have worked very hard to come so far
9:09 pm
and in a very bipartisan way to face a real and present danger to our country but we cannot allow this to slip away from us. i feel very strongly that we need to act now to defend america's cyberspace as a matter of national and economic security. senator collins. >> mr. chairman, let me first applaud you for your leadership in this very important issue as well as the leadership of our two witnesses, said her rockefeller and senator feinstein who contributed so much to this issue and this bill, and i personally think you for holding this important hearing today. after the 9/11 attacks, we have learned of many early warnings that went unheeded, including an
9:10 pm
fbi agent who warned that one day people would die because of the wall that kept law enforcement and intelligence agencies apart. when a major cyberattack occurs, the ignored warnings would be even more glaring because our nation's vulnerability had already been demonstrated by the daily attempt by nation states, terrorist groups, cyber criminals and hackers to penetrate our system. the warning of our vulnerability to a major cyberattack comes from all directions and countless experts, and they are underscored by the intrusion that has already occurred. earlier this month the fbi director warned that the cyber
9:11 pm
threat will soon equal or surpass the threat from terrorism. he argued that we should be addressing the cyber threat with the same intensity that we have applied to the terrorist threat. director of national intelligence, james clapper, made the point even more strongly describing the cyber threat as a profound threat to this country, to its future, its economy, it's very will be in. the director warned that the cyberattack spread in a growing number of the systems with which we interactive reading, the electric grid, water treatment plants, the key financial systems. similarly, general keith alexander, the commander of the u.s. cyber command and the director of nsa has sworn that
9:12 pm
our cyber vulnerability are extraordinary, and characterized by the disturbing trend from exploitation to disruption to destruction these statements are just the latest in the chorus of warnings from current and former officials. and the threat as the chairman pointed out is not just to our national security, but also to our economic well-being. a study last year calculated that the cost of global cybercrime at $114 billion annually. when combined with the value of the time victims lost deutsch cybercrime, this figure rose at 388 billion. and described this as significantly more than the global black-market if
9:13 pm
marijuana, cocaine and heroin combined. and an op-ed last month in title china's cyber is now policy and must be challenged. the former dni mike mcconnell, a former homeland security secretary michael chertoff coming and former deputy secretary of defense noted the ability of cyber terrorists to cripple our critical infrastructure. they sounded an even more urgent alarm about the threat of economic cyber espionage sliding in october, 2011 report by the office of the national counterintelligence executive. these experts warned of the catastrophic impact that cyber of espionage particularly that pursued by china could have on our economy and competitiveness.
9:14 pm
the estimated the cost easily means billions of dollars and millions of jobs. this is all a more menacing because it is being pursued by a global competitor seeking to steal the research and development of american firms to undermine our economic leadership. the evidence of our cyber secure medieval morality is overwhelming. it compels us to act now. now some members have called for yet more studies, even more hearings, additional markups. in other words, more delay. the fact is since 2005 alone, our committee has held ten
9:15 pm
hearings on the cyber threat including today's hearing. i know the commerce and the intelligence committee have held many more. in 2011, chairman lieberman, senator carper and i introduced our cybersecurity bill which is reported by this committee later that same year. since last year, we've been working with chairman rockefeller to merge our bill with legislation that he championed which was reported by the commerce committee. senator feinstein has done groundbreaking work on information sharing which he has been kind enough. after the base on the feedback from the private sector, our colleagues and the administration, we have produced a refined version which is the subject of today's hearing, and
9:16 pm
it's significant that three senate and chairman what jurisdiction over cider security have come together on these issues, and each day that we fail to act, the threat increases to our national and economic security. others of our colleagues have urged us to focus narrowly on the federal information security management act as well as on federal r&d and improved information sharing. we do need to address both issues and our bill does just that. with 85% of the nation's critical infrastructure owned by the private sector, the government also is a critical role to play in ensuring that the most vital part of that infrastructure, those whose
9:17 pm
disruption could result in truly catastrophic consequences meet reasonable risk-based performance standards. in an editorial this week, the "washington post" concurred writings that the critical systems have remained unprotected. some of our colleagues are skeptical about the need for any new regulation. i have opposed efforts to expand regulations that would burden our economy. but regulations that are necessary for our national security and that prone to delete the promote rather than hinder our economic prosperity strengthen our country. they are in an entirely different category. the fact is the risk based performance requirements and our
9:18 pm
bills are targeted carefully. they apply only to those specific systems and assets, not in tiger companies that if damaged could result reasonably in the mass casualties, masri evacuation, catastrophic economic damages, or severe degradation of our national security. in fact some of the witnesses think that we have gone too far in that direction. senator lieberman has described much of what the bill contains. so i will not repeat that in the interest of time. let me just say that this bill is urgent. we cannot wait to act. we cannot wait until our country has a catastrophic cyberattack, and it would be irresponsible of
9:19 pm
congress not to pass legislation deutsch to the turf battles were deutsch dubow claims by some businesses that we are somehow harming our economy. in fact, what we are doing is protecting our economy and our way of life. thank you, mr. chairman. >> thank you for that strong statement. i agree with you and i would just correct one part. you said how pleased we were that the three committee chairs with jurisdiction have come together on the bill since i consider you the co-chair of this committee i would say it was before and i appreciate very much your contribution to this effort. we are really grateful to have senator rockefeller and senator feinstein and again i can't think unef for the work that we've been together. i think it is a very powerful statement and we agreed on a consensus bill and i hope it enables us to move it through
9:20 pm
the senate. i know the majority leader is really concerned about the threat and is committed to getting time on the floor. senator rockefeller, mr. chairman, we welcome your testimony now. >> thank you, chairman lieberman and ranking member collins. you are quite right about that. i think senator reid once this on the floor as soon as possible, and the thing that scares me more than anything is the fact we have had so many hearings coming and yet that was necessary to get to the agreements that we have come to and they are solid now, rock solid, but we still have to find the time for it. this isn't going to be an easy time so the pressure is on this conference on both the house and the senate to come through on this in the face of all this danger is huge, and not yet guaranteed. i think our government needs a leave civilian agency to
9:21 pm
coordinate our civilian cybersecurity efforts, and that the agency should of course be the department of homeland security under the superable leadership of janet napolitano. i want to emphasize our bill represents expertise as both of you have said, the three senate committees, and that is as it should be. we have eagerly sought as you mentioned, senator lieberman, and have received constructive criticism and input from a lot of places. i remember giving a speech i think two years ago to a business group presenting ideas that olympia snowe and i had for this and they were just surprised to hear somebody was willing to listen to them and their complaints, and there were a lot of them. it's -- even when people refuse to engage with us, and there has been that, even within the senate, to refuse to discuss with our staff and have to have discussions that doesn't mean we don't take some of their
9:22 pm
suggestions, and we have done that because if they don't want to engage that's okay. if the of good suggestions put them in to make a stronger bill. beyond the bill principal office, senator collins and feinstein and myself it reflects the input of assistance or the request on both sides of the aisle as it should be coming and which gives me hope for the final passage. senator snowe was like a lot of the bill and, as reported last year as you know. senator carper was a co-author of the bill. both have had a major input on this bill. senator hutchison and her staff worked with us a good part of the past two years. she's my ranking member and superb. i call her the co-chair, too and we have tried hard to address all of her specific concerns, and i think that we have in fact met most of her concerns. we have sought to engage senator chambliss and before him senator bond in the same fashion. there was reluctance at some point to discuss but it didn't
9:23 pm
make a difference. we were interested in what they had and it was something good we put it in the bill. we wanted it in the bill and then it had to pass the future test has become by all the efforts. senator kyl and senator whitehouse contributed and untie your title regarding cybersecurity awareness and senator kerry, linker, children and hatch did the same thing regarding diplomacy. because of senator mccain's concerns, we owe significant language pertaining to the white house cyber office. when colleagues have ongoing questions about the provision that i first believed an extremely important to be extremely important i agreed to drop it from the latest bill. this provision that i'm talking about would clarify private sector companies existing requirements regarding the risks returning to cyber have to be disclosed to the investors and
9:24 pm
filings because as you know at one point out of the frustration i went to the fcc and mary schapiro agreed if you are acting to as a company it goes on the web site of that company coming and that is have a substantial the impact actually. i believe the provision is crucial for the market to help solve our cyber vulnerabilities and we will wait for an amendment on the floor as it should be. that's the way the system works but in the interest of providing more time to address questions i agreed to take it out of the bill would be introduced this week to be any suggestion that this process has been anything but open and transparent is false. this has been an open process and lengthy as has been pointed out. why have we worked so tirelessly to include the views of all sides? tried to get this right? because our country and communities and citizens are at a grave risk. they simply are.
9:25 pm
i'm not sure if they are aware because there are so many things reported in the news cycle that have almost diminished the overall aggregated weight of the danger. so our citizens have to be aware of this. it's not a republican or democratic issue it is a life or death issue for the economy and for us as people. i want to be clear this labor threat is very real. this is not alarmist. it's hard to talk about this sometimes without seeming alarmist. and yet, it's simply reflects the truth. hackers supported by the government of china and russia and sophisticated criminal syndicates with a potential connections to terrorist groups are now able to crack the code of the government agencies including sensitive ones, and the fortune 500. they can do that, and they do that on a regular basis. senator collins mentioned what michael mullen said and pointed
9:26 pm
out that we are being loaded of the valuable possessions and fatima will scale, but that isn't the end of the problem during the the reason that this cyber threat is a life or death issue is the same reason a burglar in your house is a lie for the issue. if criminal has broken into your home how do you know what he wants to do? is it take your belongings was something more? you don't know pity if he's in the building. in your home. that's where we are now. in terms of the country. so that's the situation we face that they have thrown in. michael mullen with senator collins indicated that the only other threat on the same level to the cyber threat is russia's stockpile of nuclear weapons. fbi director mike mullen, the first thing after 9/11, we had to pass sadly, pathetically, was a law we say that the cia and fbi could talk to each other how
9:27 pm
pathetic could that be the that's where we were because the stove pipes and things of that sort. senator mahlon, i mean director miller testified to the congress recently as cyber threat would soon overcome terrorism as his top national security emphasis. so, it's all very serious and you can't exaggerated and it could happen. so then you think about how people could die. a cyberattack on air-traffic control system. i was talking to secure a napolitano just before this hearing. often over big cities it gets very soon be. people don't like to be in a soupy weather. they can't be above or below. but if they are protected because the air traffic control system we will put in a modern one with the same situation to prevail. the cyber hackers can take that out. they can take the city or a group of cities, they can take out the capacities of the planes
9:28 pm
are literally flying in the dark and they will fly into each other and kill a lot of people and people have to understand that. they are causing trains that carry toxic materials, deadly materials through the major cities, and there can be a massive explosion from that so we are on the brink of a very serious happening spirited we have not reached that, which is one of our problems in getting legislation passed. but we can act now in trying to prepare ourselves. let me close by saying that i was on the intelligence committee during that time leading up to 2001, and the world was like with reports of people coming in and going out of our country and the dots here and there that appeared to be connected but were not quite sure and what about this and
9:29 pm
folks in the house in san diego and all of that was up there with the closing down of the bin laden unit with the message the government to the yet to the community. the national-security apparatus was working very hard on that, but they took it seriously but they didn't get deep enough because it was a new phenomenon. well here we are in a very similar situation. it's already with us. it's much more obvious than the lead up to 2011 was, so we now have to act. we do not have the luxury of waiting to see and develop. we have to act to the it at some point the congress has to assert itself, the government does have a role but this isn't a heavy-handed thing as senator collins pointed out. it's not. but the federal government is involved because it is a matter of national security, so i just wait to work with anybody and everybody to get this passed
9:30 pm
through both houses in the united states senate. congress? >> thank you, senator rockefeller. there was great. german feinstein, welcome you contributed immensely particularly to the information sharing section of the bill and you bring all the expertise and intelligence so the senate committee on intelligence. >> thank you very much mr. chairman and senator collins, cementer landreneau. i look at this as finally the senate is coming together that we are settlement on one bill. this is the bill and it needs improving we will improve it but we have the focus now and with the focus we can hopefully move forward. i want to thank you for the hard work and for the hearings yet held and for all of the authors for consultation that you have placed out there to us. let me speak for a moment on behalf of what i do in the
9:31 pm
intelligence committee. we have examined cyber threats to our national and economic security and just last month that the worldwide threat hearing which is an open hearing, we heard fbi director bob miller testified that the cyber threat that cuts across all programs will be the number one threat to the country and already cyber threats are doing great damage to the united states and the trend is getting worse. let me give you four examples. what's interesting is we know about these when they happen but they are often classified because the people that the happen to don't want it released because their clients will think that we of them and of course it's not their fault but nonetheless, i think it is fair to say that the pentagon networks are being probed thousands of times daily and its classified military computer
9:32 pm
networks have suffered a significant compromise in 2008 and that is according to the former deputy defense secretary. in november, 2009, the doj charged the seven defendants from estonia, russia and moldova with hacking into the royal bank of scotland and stealing $9 million for more than 2100 atms and the 200 cities worldwide in 12 hours. in 2009, federal officials indicted three men for stealing data for more than 130 million credit cards hacking into five major companies computer systems including 711, heartland payment systems and the supermarket chain. finally, an unclassified report
9:33 pm
by the intelligence community in november, 2011 said cyrus intrusion against the company's cost untold billions of dollars annually, and the report named china and russia as aggressive and persistent cyberthieves. modern warfare is already employed in cyber attacks as seen in estonia and georgia. and unfortunately, it may only be a matter of time before we see cyber attacks that can cause catastrophic loss of life whether by terrorists or state adversaries. our enemies are constantly on the offensive and in the fiber domain is much harder for us to play defense than it is to attack. the hard question is what do we do of this dangerous and growing cyber threat.
9:34 pm
i believe the comprehensive bill that has been introduced, the cybersecurity act of 2012 is an essential part of this answer. i would like to speak briefly on the cybersecurity information sharing bill that i introduced on monday and that you have included in title vii of your legislation. the goal is to improve the ability of the private sector and the government to share information on cyber threats that both sides need to improve their defenses. however, a combination of existing law, the threat of litigation and standard business practices has presented were deterred private sector companies from sharing information about the cyber threats they face and the loss of information and money they suffered. we need to change that through better information sharing and we that companies will use that
9:35 pm
protect privacy interests and that takes advantage of classified information without putting that information at risk so here is what we have tried to do in title vii. number one, affirmatively provide private sector companies the authority to monitor and protect the information on their own computer networks. number to call encourage private companies to share information about cyber threats with each other by providing a good faith defense against lawsuits for sharing or using them permission to protect themselves. number three, require the federal government to designate a single focal point for cybersecurity information sharing. we refer to this as a cybersecurity exchange to serve as a hub for the appropriately
9:36 pm
distributing and exchanging cyber threat information between the private sector and the government. this is intended to reduce government bureaucracy and make the government a more effective partner in the private sector. but with protections to ensure that private information is not misused. this legislation provides no new authority for government surveillance. fourth, establish procedures for the government to share classified cybersecurity threats information with private companies that can effectively use and protect that information. this, we believe that the intelligence community requires without putting our sources and methods at risk or putting private cybersecurity over to our intelligence apparatus.
9:37 pm
it's something that is not yet included in this bill and that is the data breach notification. this is an issue i've worked on for over eight years since california had a huge data breach that we only inadvertently found out about that have literally hundreds of thousands of data breaches. it's an urgent need. it's called the notification act that's come out of the judiciary committee, and it accomplishes what in my view are the key goals of any data breach notification legislation. one noticed individuals who would better be able to protect themselves from identity threat. number two noticed the law enforcement that can connect the dots between the breeches and cyber attacks. this is important, the preemption of the 47 different
9:38 pm
state and territorial standards. this is a problem. 47 different laws in the country. it makes it very difficult and private sector. companies will not be subjected to conflicting regulation if there is one basic standard across the country. i know that senator rockefeller and prior have a bill in the commerce committee and sent her leahy in the blumenthal have their own bills but also were reported out of the judiciary committee. but the differences in our approaches are not so great that we can't work them out. and i am very prepared to sit down with members of this committee with senator rockefeller and others to find a common solution. but i would really and for you to add a data breach preemption across the united states so that there is one standard for
9:39 pm
notification to an individual of data breach, of communication with law enforcement that goes all across america. until we have that, we really won't have a sound data breach system. let me just thank you. i think we are on our way. i'm really so proud of both of you on this committee for coming together. thank you very much. >> thanks very much, senator feinstein. thanks for your testimony, and i am personally very supportive of the proposal and i look forward to working with you as you say the others that have bills to see if we can find a way to include that in this proposal when it comes to the floor. thank you very much. >> thank you pittard >> have a good rest of the day. now, madam secretary, i hate to
9:40 pm
break up the conversation between the current secretary and the first secretary but we almost had the trifecta of the three secretaries of the department of homeland security come secretary chertoff wanted to testify at a previous commitment and has filed a statement for the record strongly in support of the legislation. senator napolitano, thanks very much for being here and for all of the work that you and people in the department have done to help us come to this plight of the bill. we welcome your testimony now. >> thank you, chairman lieberman, a ranking member collins, members of the committee, pleased to be here today to discuss the issue of cybersecurity, and in particular the department strong support for the cybersecurity act of 2012. i appreciated this committee's support of the department
9:41 pm
cybersecurity efforts to be a more sustained attention to this issue and the leadership that have shown in bringing the bill forward to strengthen and improve our cybersecurity authorities. i also appreciate and want to emphasize the urgency of the situation. indeed the contrast between the need to respond to the threats we face in this area on the one hand, and the desire for more deliberation and sensitivity to the regulatory burdens on the other reminds me as several of you have suggested of lessons we learned from the 9/11 attack. as the 9/11 commission noted, those attacks resulted in hindsight from a failure of imagination because we failed to anticipate the vulnerability of our security infrastructure. there is no failure of imagination when it comes to cybersecurity. we can see the former devotees. we are experiencing the tax, and we know that this legislation
9:42 pm
would materially improve our ability to address the threat. no country come industry, or individual is immune to the cyber risk. our daily lives, economic vitality and national security depends on cyberspace. a vast array of interdependent network systems, services and resources are critical to the communications, travel, power in our homes, running our economy and obtaining government services. cyber residents have increased dramatically over the past decade. there been instances of theft, compromise of sensitive information from both government and private sector networks, and all of this undermines confidence in the systems and the integrity of the data that they contain. combating evolving cyber threats the shared responsibility there requires the engagement of our entire society from government and law enforcement to the private sector and most
9:43 pm
importantly, with members of the public to read dhs plays a key role in this effort both in protecting federal networks and working with the owners and operators to secure their networks to the risk assessment mitigation response capabilities. and fy 2011, our u.s. teams at the dhs received over 106,000 incident reports from federal agencies, critical infrastructure and our industry partners. we issued over 5200 cyber alerts they're used by private sector government met with administrators to protect their systems. we conducted 78 assessments of the controlled system entities and made recommendations to the company's about how they could improve their own cybersecurity. we distribute to the 1150 copies of our cyber evaluation tool. we conducted over 40 training
9:44 pm
sessions, all of which makes the owners and operators better equipped to protect their networks. to protect federal civilian agency networks we are deeply in technology to detect and block intrusions of these networks in collaboration with the department of defense. we are providing guidance on what agencies need to do to protect themselves and our measuring implementation of those efforts. we are also responsible for coordinating the national response to the significant cyber incidents and for creating and maintaining a common operational picture for cyberspace across the entire government. with respect to critical infrastructure, we work with the private sector to help secure the systems upon which americans including the federal government rely such as the financial sector, the power grid, the water systems and transportation networks. we pay particular attention to the industrial control systems
9:45 pm
which control prophecies of power plants and transportation systems alike. last year we deploy the seventh response teams to such critical infrastructure organizations at their request in response to important cyber intrusions. to combat cybercrime, we leveraged the skills and resources of dhs components such as the secret service, cbp, and we worked very closely with the fbi. dhs serves as the focal point for the government cybersecurity of read and public aware efforts to read as we perform the work, we are mindful that one of our missions is to ensure that privacy, confidentiality and civil liberties are not diminished by our efforts. the department has implemented strong privacy civil rights and civil liberty standards in all of its cybersecurity prevented initiatives from the outset, and we are pleased to see this in the draft bill. now administration and private
9:46 pm
sector reports going back decades have laid out cybersecurity strategies and highlighted the need for the legal of police. in addition to obstetrics from the homeland security act of 200 to specifically directed dhs to enhance the security of the nonfederal not works by providing analysis of crisis management support and technical resistance to the state and local governments and private sector. a policy initiatives have had to supplement the existing statutes. these initiatives strike a common chord, indeed this administration cyberspace policy review in 2009 echoed in large part a similar review by the bush administration. and we've had numerous contributions by private sector groups including the csis study led by jim lewis, one of your witnesses today. still, dhs executes its portion of the federal cybersecurity mission under an amalgam of the
9:47 pm
40's that have failed to keep up with the responsibilities with which we are charged. to be sure, we've taken significant steps to protect against the evil and cyber threats. but we must recognize the current threat of pieces of our existing authorities. our nation cannot improve its ability to defend against cyber threats and less certain laws that governor cyrus security activities are updated. we have had many interactions with this committee and with congress to provide our perspective on cybersecurity. indeed in the last two years, the department representatives have testified in 16 committee hearings and provided 100 b-1 staff briefings. we have had a bipartisan agreement in particular many would agree with the house republican cyber task force which stated, quote, congress should consider carefully targeted direct at for a limited
9:48 pm
regulation of critical infrastructures to advance the protection of cybersecurity. the recently introduced legislation contains great commonality with the administration's ideas and proposals including the two crucial concept some are essentials to our efforts. first, addressing the urgent need to bring the core critical the infrastructure to a baseline level of security, and second, fostering information sharing which is absolutely key to the national security efforts. all sides agree that federal and private networks must be better protected and that information should be shared more easily come and get still more securely. and both fell proposals in the senate legislation would provide the dhs with clear statutory authority commensurate with our cybersecurity responsibilities and remove legal barriers to the sharing of information. senate bill 25 would expedite the adoption of the best
9:49 pm
cybersecurity solutions by the owners and operators of the critical infrastructure and give businesses, states and local governments the immunity the need to share information about cyber threats or incidents. there is broad support as well for increasing the penalty for cybercrime and for creating a uniform data breach to protect consumers. this proposal would make it easier to prosecute cyber criminals and establish national standards requiring businesses and the core infrastructure to have suffered an intrusion to notify those of those that have the responsibility for mitigating and helping them mitigate. i hope the current legislative debate maintains a bipartisan center that it benefited from so far and builds from the consensus that stands to administrations and the committee of the last several years. but the close by saying now is not the time for the half
9:50 pm
measures as the administration stressed repeatedly addressing only a portion of the needs of the cybersecurity professionals will continue to expose our country to serious risk. for example, only providing incentives for the private sector to share more information will not in and of itself adequately address critical infrastructure vulnerable levees. and let us not forget that innumerable small businesses rely on this critical infrastructure for their own survival. of the president noted in the state of the union address, the american people and expect us to secure the country and the growing danger of sires threat and to ensure the nation's critical infrastructure is protected. as the secretary of homeland security i strongly support the proposed legislation addresses the needs of the urgency and the methodology protecting the nation's critical infrastructure
9:51 pm
no pressing legislative proposal in the current environment. i want to thank you again for the important work that you have done and i look forward to answering the committee questions. >> thanks very much, madame secretary. we will do a six minute round of questions because we have a large number on the second falling penalized as some people have to lead. madam secretary, let me get right to one of the issues that has been somewhat in contention which is that there are some people who have said that the expanded authority particularly related to cyber structure on and operated by the private sector would better be handled by the department of defense or the intelligence community, in other words, they should take the lead in protecting federal civilian networks. i wonder if you would respond as to why you think the department of homeland security and has obviously we do, is better prepared to take on this
9:52 pm
critical responsibility. estimate several plants. first, the department of homeland security, as i stated, already has exercised authority in the civilian area working with the private sector, working with federal civilian agencies. so that as a space we are already filling and continue to grow our capacity to fill. second, military and civilian authorities and missions are different, and there are significant differences. fred symbol, the privacy protections that we employee within the exercise of the trust action, and then finally, i would note that both the dod and dhs use the technical expertise of the nsa. we are not proposing and have never proposed that the would be created but rather that there
9:53 pm
would be the different lines of authority that emanate using it when of course for civilian and one of course the military. >> that's a very important factor. i want to come back to that in a minute, but one of the opinions expressed to the committee as we face the challenge and decide which part of our government should be responsible for funding is that there would probably be deep and widespread concern among the public if we for instance asked the national security agency or the department of defense to be directly in charge of working with the privately-owned and operated cyberinfrastructure and particularly with nsa about the privacy of civil liberties concerns. does that make sense to you?
9:54 pm
>> i've heard the same concerns. they do make sense and when secretary dietz and i by the memorandum of understanding figured out the revision of the responsibilities and how we were each going to use the nsa, one of the things we were careful to elevate is in the discussion of the protections of privacy, civil liberties, and insure that to the extent we have people over at the nsa they are accompanied by people from the office of privacy come office of general counsel to make sure those protections are abided by. >> i'm glad you mentioned the memorandum to the department of homeland security and the nsa, because i want to make this point senator mccain and i codified that in the law the memorandum of understanding and the national defense authorization act was passed at the end of last year, but that memorandum doesn't -- if i can put it this way doesn't preempt
9:55 pm
the need for this legislation in other words that memorandum doesn't allocate responsibility with regard to working with the private sector having the authority to require the private sector to take steps to defend themselves and our country from cyberattack to read is that right? >> that's right, mr. chairman. as a memorandum that describes the division of how we would each use the resources of the nsa, but it doesn't deal with the protection of the core critical infrastructure the way that the bill does. it doesn't deal with the private sector at all the way the bill does. it doesn't deal with information exchange the way the bill does so it really was designed to make sure that at least with respect to help we each use the nsa we have a meeting of the mind. >> there's nothing in your opinion inconsistent but in a memorandum of understanding between the dhs and nsa and the
9:56 pm
cybersecurity act of 2012? >> not at all. >> i'm pleased to note for the record that in testimony earlier this week said it to the defense leon panetta and the chairman of the trend chiefs of staff general dempsey both endorsed this legislation, and then this morning before the armed services committee, the director of national intelligence burgess and the head of the national intelligence agency also endorsed the legislation. both of those as questions of support were unexpected by symmetrical once and me and therefore all the more appreciated. i wanted to ask you this question, dhs's industrial control system cybersecurity response team has been a critical role for the owners and operators of critical infrastructure. can you describe some of their capabilities and the work they've done to assist private
9:57 pm
entities? >> well, what they have done is to help isolate and identify when they have been notified of attacks on the industrial control systems and help identify the source of the attack and the methodology with which it was conducted to work with the infantry the entity to prepare the patch, and then to make appropriate the disclosures were the sharing of information to other control systems that could be subject to a similar attack either in that particular industry or in other industries. >> so come on a voluntary basis if i can put it this way, the dhs has developed the capability and relationships of working with the private sector that will be strengthened by this legislation? >> yes, we have since the passage of the national institution protection act infrastructure protection act in
9:58 pm
2006, you know, we've been working with critical infrastructure through the coordinator council that said a lot of names and what it basically means is we have a process in place for dealing with the private sector and for exchanging some information on a voluntary basis. but that doesn't mean we get all of the necessary information we get from the court critical infrastructure. that's one of the problems the bill addresses. the knicks very much. my time is up. senator collins? >> thank you mr. chairman. madam secretary, to follow-up on a question that the chairman asked you, it's my understanding that dhs has unique expertise in the area of the industrial control systems that is not replicated at any other government agency. is that correct? >> yes. >> and that's important because
9:59 pm
industrial control systems for a key part of critical infrastructure like the electric grid, water treatment plants. is that also correct? >> yes, and when you think about it if you have the ability to interrupt the control system, you can take down an entire protective network. you can interfere with all of the activities there and the attacks on the control systems are growing more and more sophisticated all the time. >> can you tell us about work being done by the dhs with your ics team with respect to the u.s. electric grid? ..
10:00 pm
with defense contractors in an effort to better defend systems that contained information critical to the department's programs and operations. i understand that dhs is now the lead for coordinating this program with the private sector
10:01 pm
and it's being expanded to other critical infrastructure sectors. could you tell the committee why the administration decided to transfer this pilot program from dod to the department of homeland security? >> the pilot gets to the division of responsibility between military and civilian, and what are talking about here are basically private companies that do important defense contracting work, but they're in evens private companies, and the authorities and laws we user better situated in dhs, which deals in the context as opposed to dod so we have been working with dod on the design of the pilot, the initial aspects of
10:02 pm
it, and now the decision was made to extent it and to grow it. the decision was also made it's more appropriately located within the dhs. >> the bill provides the authority to dhs to set risk-based performance standards for critical infrastructure. do you believe that we can achieve great progress in improving our cybersecurity in this country absent that authority? >> i think it makes it tougher. we have, as i said in my testimony, the basic hurt under the homeland security act. we have authorities by various presidential directives. but nowhere do we have explicit authority to establish on a risk-based level, on a risk-based basis, the protection
10:03 pm
necessary for critical infrastructure. >> finally, i think that a lot of people are unfamiliar with a lot of the work that the department has already done in the area of cyber security, including the fact that there is a 24-hour, seven day a week, national cybersecurity and communications integration center, call the ncic could you complain to the committee and those watching this hearing how this center operates and what it does with respect to the private sector? >> the ncic is an integrated 24/7 watch center for cyber, and it includes on the floor not only dhs employees but representatives from other federal agencies, from critical
10:04 pm
infrastructure sectors that coordinate with us through the nip. lots of,acronyms in the cyberworld. and it has representatives from state and local governments as well because a lot of the information-sharing is applicable to them. >> thank you. thank you, mr. chairman. >> thank you very much. >> mr. chairman, and madam cochairman, thank you for holding this hearing on long awaited cybersecurity act of 2012. i welcome all our witnesses. secretary napolitano and governor ridge who will have different aspects of this bill. i'd like to state from the outset my fondness and respect for the chairman and ranking member, especially when it comes to matters of national security. the criticism is may have with
10:05 pm
the legislation should not be interpreted as criticism of them but, rather, on the process by which the bill is being debated, and its policy implications, all of us recognize the importance of cybersecurity in the digitam world. time and again we have heard from experts about the importance of possessing the ability to eeffectively prevent and respond to cyberthreats. we listened to couldn'ts of cyberespionage from china, organized cybercriminals in russia, and rogue outlets with a domestic presence like anonymous. and launch cyberattacks on those who dare to disagree and our government report over the last five years cyberattacks against the united states are up 650%. so we all of us agree that the threat is real. it's my opinion that congress should be able to address this issue with legislation, a clear majority of us can support. however, we should begin with a
10:06 pm
transparent process which allows lawmakers and the american public to let their views be known. unfortunately the bill introduced by the chairman and ranking member have already been placed on the calendar by the majority leader without a single markup or any business executive meeting by any committee of relevant jurisdiction. my friends, that's wrong. to suggest this bill should move directly to the senate floor because it, quote, had been around since 2009, is outrageous. the bill was introduced two days ago. secondly, where do senate rules state that a bill's progress in a previous congress can supplant that work on the bill in the present one. in 2009, we had a different set of senators. the minority of this committee has four senators on it presently which were not in the senate much less this cometee in 2009. how can we call it a product of
10:07 pm
this committee without their participation in committee and executive business. respectfully can, to treat the last congress as a legislative mulligan by bypassing the process, is not an appropriate way to begin consideration of an issue as complicates a cybersecurity. in edition to this process concerns, i have policy issues with the bill. a few months ago, as senator lieberman mentioned, he and i introduced an amendment to the defense authorization bill codifying an agreement between the department of defense and the department of homeland security. the purpose of the amendment was to ensure the relationship endures and highlight the best government-wide cybersecurity approach is one where dhs leverages, not duplicateds, dod efforts and expertise. this bill -- this legislation unfortunately backtracks on the principles of the m.o.a. by
10:08 pm
expanding the size, scope, and reach of dhs and neglects to afford the authorities necessary to protect the homeland to the only institutions currently capable of doing so, u.s. cyber expand the national security agency. at a recent fbi sponsored symposium, general keith alexander, the commander of u.s. cyber command, stated if a significant cyberattack against the country were to take place there might not be much he and his teams or cybercommander can legally do to stop it in advance. quote in order to stop a cyber attack you have to see it in real time, you have to have those authorities. these are the conditions we put on the table. now, how and what the congress chooses, that will be a policy decision. this legislation does nothing to address this significant concern, and i question why we
10:09 pm
have yet to have a serious discussion about who is best suited, which agency, who is best suited, to protect our country from this threat? we all agree is very real and growing. additionally, if the legislation before us today were enacted into law, unelected bureaucrats at the dhs could promulgate regulations on american businesses which own 90% of the critical infrastructure. the regulation create under this new authority would stymy job creation, blur the definition of private property rights and divert resource from actual cybersecurity to compliance with government mandates. a superleg later like dhs under this bill would impact free market forces which currently allow our brightest minds to develop the most effective network security solutions. i'm also concerned about the cost of the bill to the american taxpayer. the bill before us fails to include any authorizations or
10:10 pm
attempt to pay for the real costs associated with the creation of the new regulatory live vie thon at dhs. this eye crepessed be the reality of critical infrastructure, the promulgations of regulation and enforcement will take a small army. i'd like to find out what specific factors went into providing regulatory carve-outs for the i.t. hardware and software manufacturers. my suspicion is that this had more to do with garnering political support and legislative bullying than sound policy considerations. however, i think the fact that such carve-outs are included only lends creed dense to the notion we shouldn't be taking the regulatory approach in the first place. because of provisions like these and the threat of a hurried process, myself, a total of seven of us minority ranking minority, on seven committees,
10:11 pm
will be introducing and are left with no choice but to introduce an alternative cybersecurity bill in the coming days. the fundamental difference i we aim to enter into a cooperative relationship with the entire private sector through information sharing, rather than an adversarial one with a proscriptive regulations. our bill which will be introduced when we return after the president's day recess will provide a common-sense path forward to improve our nation0s psycher security defenses. we believe by improving information sharing among the private sector and government, updating our criminal code to reflect the threat cybercriminals force, reforming the federal information security management act and focusing federal investments in cybersecurity, our nation will be better able to defend itself against cyberattacks. after all, we're all partners in this fight as we search for solutions. our first goal should be to move forward together.
10:12 pm
and i also would ask entered in the record a letter signed by secretary chambliss, ranking member on intelligence and miss, ranking member on armed services, jeff sessions, ranking member on finances, ranking member on the commerce committee, ranking member on energy committee, and chuck grassley, the ranking member of the finance committee, which is too senator reid, which we have asked that the legislation go through the regular process with the committees of jurisdiction having a say in this process. so, mr. chairman, i thank you and i yield the balance of my time. >> no balance. [laughter] >> senator mccain, i would turn -- i would turn the -- no,
10:13 pm
it's not. [laughter] >> look, with the same fondness and respect you expressed for senator collins and me when you started, i cannot conceal the fact that i am disappointed by your statement. this bill is essentially the one that was marked um by the commitee. but that's not the point. the opinion is we have reached out not only to everybody who was possibly interested in this bill outside of the congress, but opened the process to every member of the senate who wanted to be involved. we pleaded for involvement. and a lot of people, including yourself, have not come to the table. the most encouraging part of your statement is that you and those working with you are going to introduce some legislation, and we'll be glad to consider it. the senate should consider it. i think senator reid spends to hold an open amendment process on this bill. you know as you stated, this is a critical national security
10:14 pm
problem, and to respond to it with business about regulation of business, this is national security. as senator collins said, there's regulation of business that's bad for business and bad for the american economy. there is regulation such as we worked hard to include in this bill that in fact is not only not bad for american business and bad for the american economy but will protect american business and american jobs and help to guarantee more american economic growth. on a question of dod, and an intelligence community, i indicated for the record earlier that they have supported our bill. this week. i hear what you said about general alexander from nsa, but he has at no point, nor has the department of defense or the dni, come before us and offered any discussions for additions to this bill that would give him more authority.
10:15 pm
i'd welcome those suggestions if he wishes. so, i can't -- i had to be on with you as you have been honest with us, express my disappointment and express the only satisfaction i have from your statement, which is that you're going to make a proposal, let our colleagues in the senate consider it, senator collins and i and the others working on the bill will consider it, and let's get something done on a clear and present danger to our country this year. >> mr. chairman, could i say briefly in response, i speak for seven, seven ranking members of the major commitees of jurisdiction. i don't speak for myself. there's a breakdown somewhere if seven ranking members of the arrest committees are all joining in this opposition to this process and this legislation. so, if you choose to neglect how many years of experience legislative experience and time in the senate, that's fine, but there's seven of us that are deeply concerned about this process, and the legislation,
10:16 pm
and we don't think it should go directly to the floor. >> i will say for the record that we have reached out to all seven in various ways to try to engage their involvement in this bill. i would have much rather preferred to submit a bill, and senator collins as well, that everybody had been involved in discussing. we were very open to trying to find consensus as we did with other chairs who were here. so, nobody is neglecting the expertise. i'm saying i'm sorry that they haven't been engaged before and i'm glad they're going to be engaged now. >> senator moran. >> mr. chairman, thank you. madam secretary, this is my first opportunity to visit with you since the announcement about the president's budget, and i want to talk about a topic unrelated at least to cybersecurity but certainly related to security. and the chairman just spoke about clear and present danger. one that you and i have had a
10:17 pm
conversation about over a long period of time is related to our food and animal safety and security in this country, and as you can imagine, can expect, the disappointment that i have, others in our congressional delegation have in regard to the president's failure to include dollars related to construction of thing a grow and bioscience security facility to replace the aging plumb island, we have had a number of conversations and i will live within my six minutes today to talk about this nongermane topic. but i will have a greater chance to visit in the homeland security appropriations hearing in which you and i will be together in just a few days. but i would not want this opportunity to pass without again delivering the message to you and to the folks at homeland security who have throughout this process been our allies,
10:18 pm
and we consider we have been your allies in an effort to see that a facility designed to a make certain that the food and animal safety of this country is protected, and you and i had a conversation in march of last year, less than a year ago, that was in an appropriations -- homeland security appropriations subcommittee. you told me it's something we are supportive of. plumb island does not meet the nation's needs in this area. there was a highly contested peer review competition and we look forward to continued construction. we believe that n bath needs to be bit and we need to get on with it. later, in september of that year, you talked about the future. we need to get prepared for the next generation. and again, we need be to confronting the things we face today and the things we will face ten years from now. that series has continued with your testimony and others from
10:19 pm
homeland security, the u.s. dep of agriculture, and i would like for you to, i hope, reiterate at the department, your position as secretary, continued support and belief in the importance of building this facility and to explain to me the idea of a re-assessment, which, as i read in press reports, is a reassessment in scope only, not in concerns about safety or in concerns about location. >> that's right, senator. and you are right, the president does not request in the budget an appropriation for the nbath in part because last year we requested $150 million. the house ultimately appropriated 75. the senate appropriated zero. we ended up with 50. and that -- and a lot of extra requirements put on the project as you just stated. what we have done in this year's
10:20 pm
budget is allocate $10 million that will go to related animal research at k-state university. i have talked this over with the governor among others. and in light of the budget control act, and the other changed circumstances we have to deal with, and in light of the fact that we have not been able to persuade the congress to really move forward in a substantial way, on funding the mbath, we have recommend thread be a reassessment in light of the budget control act, in terms not of location, not in terms of need -- both of which i firmly stand by the position i've stated -- but in terms of scoping and what needs to happen so that this project can move forward with the right level of appropriation. >> madam secretary, thank you. i would comment that the solution to lack of funding by
10:21 pm
congress is not for the administration to not request funding. the solution to that problem is continued support and encouragement for congress to act. as you say, the house appropriated 75 million last year. the senate in a conference committee, was agreed upon to 50 million. you also are requesting reprogramming for additional planning of money within this year's budget. again, the money that's there needs to be spent as quickly as possible. i will be asking you, by letter, shortly, to continue the funding of the $40 million that is available, is appropriated, and now as a result of the report filed this week, can be spent to complete the federal share of the utility portion of this facility. based upon what i have heard you say and what i have read you have said, it's not about location. it's not about the site. and it may be about the scope of
10:22 pm
what will occur. but the utility pad is still important and will be necessary regardless of the scope 0 of that project. so we're going to ask you to continue the funding you already have committed to and are authorized to now spend, this 40 million decide, on utilities, and i would add to that point, we have appropriated $200 million, federal dollars. the state of kansas put in nearly $150 million. this is a partnership we need the federal government to continue its partnership, and in fact on the utility portion we're waiting on the share you're now authorized to spend to be spent, and i appreciate the answer to my question. i have considered you an ally, i continue to consider you an ally, and my plea is, let's work together to see that this congress moves forward on an issue that is important just as cybersecurity is to the economic security and future of our nation.
10:23 pm
senator, i'd be happy to work together with you on this. >> thank you very much. we need your help. >> thank you very much, senator moran. for the information of the members, the order of arrival today now is senator landrieu, pryor, brown, carper, so senator pryor. >> thank you for this very important meeting, always good to see you madam secretary. let me start, if i may, madam secretary, with a question about -- i think you have already pretty much said that you feel like we need a statute, but i'm curious about what specific authority your agency or the federal government does not have in this area that you need? what specific authority do you feel like you need to accomplish what you need to do here? >> i think the specific authorities the statute contains most important is the ability to bring all of the nation's critical infrastructure up to a
10:24 pm
certain base standard of security. and to outline the process with which that will occur. >> let me ask you, on a different topic. i know in reading some of the news stories, trade publications, et cetera, the private sector seems to have hesitation about sharing too much information and understandably so. they may fear that a competitor will get it or it may create liability issues for them or whatever. but do we have an effective mechanism for the private sector stakeholders to share their best practices and potential threats and those concerns without raising issues of their own security and liability and even antitrust concerns? >> no. in fact, another major improvement in the bill over the current situation is it
10:25 pm
clarifies that kind of information can -- sharing can occur without violating other federal statutes, antitrust, the electronic communications privacy act. we have had situations where we have had delay in being able to get information and to respond because the lawyers had the first of a company -- had first assess where they would be violating other federal law by alerting the department of homeland security that an intrusion occurred. and i think as you and i can both appreciate, when the lawyers get it, it can take a while. >> i understand. >> the new bill would clarify that should not be a problem. >> okay. and you're comfortable how the new bill is structured in that area? >> yes, i am. >> let me ask about lessons learned. dhs has recently discussed --
10:26 pm
it's been discussed beside dhs -- some of the work done in the chemical facility antiterrorist program -- have not really been done as quickly or as thoroughly as maybe it should have been. and as you know, this bill provides a requirement that dhs produce similar type assessments. so there are lessons learned in this experience that might indicate that we can put that problem behind us and that we can comply with what this law would ask you to do. >> yes, senator. first of all, with respect to cfas, no wince more displeased than i am with the problems that occurred there. there is an action plan in place, changes in personnel and other things, and that program is going to run smoothly, and now that security is -- the security plans are being
10:27 pm
evaluated, the tiering has occurred and the like. >> there are lessons learned. >> there are lessons learned, as there are in all things, and this bill is less proscriptive. this is a very regulation-light bill. this is a security bill. this is not a regulatory bill per se. so, -- but in terms just of management and organization, yes, there are some lessons learned. >> great. and i know that a lot of times when we read news media accounts about cybersecurity, and even as we discuss it among ourselves, often times we tend to focus on large companies and breaches that large companies experience. the truth is a lot of small and mid-size companies carry a lot of sensitive information. is dhs working with small to mid-size companies in the way to reach out to them, to talk about best practices or anything like that? >> we conduct a lot of outreach
10:28 pm
activities will small and medium-sized businesses on a whole host of cyber-related areas. so the answer is yet. >> great. we always want to make sure our small businesses are taken care of, and obviously if they're the weak link in the chain, that's a real problem. >> senator, as i continued to emphasize, when year talking about the security of core, critical infrastructure, if that goes down, a lot of these small businesses are dependent on that and they will fail. >> that's exactly right. also, we also can talk about the federal government but also state governments have this same issue in their states, cybersecurity, and obviously you're a former governor, former attorney general, as is the chairman here, general lieberman. so, you appreciate that state perspective. are you working with states to try to talk about their best practices and lessons you learned? >> yes, we are. we work with a multistate
10:29 pm
information system and they proceed input into this ncic, the center we talked about. >> great. mr. chairman, that's all i have if yield back the balance of my time. >> thank you, general pryor. next so senator carper. >> could i have his 14 seconds? >> you got it. >> madam secretary, good to see you. good to see a former secretary out there, former governor out there, former congressman out there, don ridge. nice to see our witnesses. thank you for being here. one of the things my leagues know i like to develop consensus. and my hope is that when we adjourn here today we'll have identified, not justy we have differences but we have identifiedy we can find some common ground so i ask a couple of questions with that in mind. i want to return to the comment of my colleague from arizona, and sort of a cautionary note.
10:30 pm
i just want to second what the chairman said, regulation can be a problem. it can be problematic if we don't use common sense and look at cost benefit analysis, it can be a bad thing. having said that i always remember meeting with a bunch of utility ceos about six or seven years ago and they were meeting with me about clean air issues, mercury,co2, and were trying to decide what a password should be. so finally a ceo from someplace down south, an old gay, said, look, senator, just do this, tell us what the rules are going to be, give us some flexibility, give us a reasonable amount of time, and get out of the with a. that's what the said. i've always remembered those words and i think it may apply here to today. i want to thank the chairman and our ranking member, susan
10:31 pm
collins, for calling a hearing, for working with us, for giving what the chairman said -- mentioned trying to open up -- got an idea, bring it to us, and that, i think, an open door, and to bad some haven't taken full opportunity of that. we have a lot of distractions around here. >> we know we're being attacked in cyberspace some are there to cause mischief, some steal ideas, steal our defense secrets, steal our intellectual problem, blackmail businesses and nonprofits and do worse. also the challenges i think we have here, really need a ball plan, road map, i call it a common sense road map to move forward. and i hope we can move along that way today. i'm especially pleased the legislation that is being introduced includes a number of
10:32 pm
security measures my and my staff worked on with me colleagues for years to better protect our federal information system, and having said that, i'd like to begin, madam secretary, by asking a couple of questions about the departments efforts in this area, if i could. as you know i've been calling for some major changes to the laws that control how federal agencies protect their information, our information systems. when the subcommittee i chair first look at this issue several years ago we found that federal agencies were wasting millions of dollars on reports that nobody read. nobody read and hardly anybody understand. they didn't make us any safer. the bill that is before us today includes many improvements to the so-called federal information security management act, affect natalie known as fisma, and it's hoped our federalling agencies are respong to threats and not just writing paper reports. from what i understand many agencies are taking steps to
10:33 pm
improve their security measures to make fisma more effective, despite the outdated legislation. i commend you for putting forward a budget request that would enshih sure your department has the resources necessary to address the growing responsibilities. here's the question. a long windup, huh? can you describe the current limitations of fisma and why the new tools we might give you might be needed. >> well, i think just getting back, one of the key things that this bill would do is by clarifying and centralizing where the authorities lie within the government and how those relate with -- to the fisma among other things so that it
10:34 pm
really sets, as you say, the common sense road map for hour how we move forward. we have done a lot with the civilian networks of the government. they have been repeatedly and increasingly attempting to be infiltrated and intruded upon all the time. we have almost completed the deployment of what's known as einstein 2. we are working on the next iteration. we have also in the president's budget request, asked for budget that would be held by the department of homeland security but would be idea to help improve or raise the level of i.t. protection within the civilian agencies. >> thank you. very quickly if i can follow up and get more specific. can you talk a little bit more about how your department will be able to achieve what the
10:35 pm
president has requested, for federal network security and how this legislation will impact those activities. can you just go down for -- go over it? >> what it allows to us do and what we will be able to do is have a fund out of which we can make sure that the civilian agencies of government have -- deploying best practices, hiring qualified personnel, and other ways strengthening their own cybersecurity within the federal government. >> all right, thanks. mr. chairman, if i could just say in conclusion, one of the thing is hear a lot from, this is across the country and certainly in delware -- they want us to provide certain predictability and one of the things we're trying to do with this legislation are just that, predictability and certainty.
10:36 pm
and it would be really helpful to figure out ways to not divide us but help bring us together. thank you. >> thank you. senator levin. >> mr. chairman and ranking member, thank you for taking the initiative on this with other colleagues. thank you, madam secretary, for all the work the white house did on a similar bill which you worked on which i understand is basically part of now this pending bill which is on the calendar. i'm trying to understand what the objections are to the bill. it seems to me as if a whole bunch of protections in here for the private sector. i haven't read the bell yet but read a summary. there's a self-certification or third-party assessment of compliance with the performance requirements. i understand there's an appeal
10:37 pm
of those requirements if there's objection to it. i understand and believe the owners of covered critical infrastructure that are in substantial compliance with the performance requirements are not liable for punitive damage, which arise from an incident related to a cybersecurity risk. so, you have here something unusual, i believe, actually for the private sector, which is a waiver of punitive damages, and i think that's fairly -- i don't know it is unique but i think it's fairly unique in legislation to waive the possible of punitive damages in case of a liability claim. there's a number of other protections in the privacy area, as i read the summary of this bill. for the information which must be provided where there's a significant threat which is identified.
10:38 pm
i'm trying to identify -- and i'm not going to be able to state it here from the next panel -- what the objections are. i surely will read the letter from the opponents and will study the bill that senator mccain referred to, but i'm trying to the best of my ability as we go along, to see exactly what those objections are. there seems to be privacy protection here. there seems to be self-certification here, which avoids part of a bureaucracy, at least. there's limits on liable where there's good faith defense for cybersecurity activities as the bill's heading says. there's a number of other protections. can you to the best -- i don't want you to argue for the people who have problems, but i would like you to the best of your ability to address what you understand are the key
10:39 pm
objections. if you can give us your response for the record as well. >> well, i think there are three kind of clusters. the first is that the bill is a regulatory bill, and it will be burdensome to industry to comply, and the answer is it's a security bill, not a regulatory bill. it really is designed with making sure we have a basic level of security in the cyberstructures of our nation's core critical infrastructure and that we have a way to exchange information that allows us to do that without private sector parties being afraid of violating other laws. and so this is not what one would consider a regulatory bill at all, and as senator collins
10:40 pm
said, it really is designed to protect the american economy, not to burden the american economy. second set of objection is think revolve around the whole privacy area. but as the aclu itself acknowledged, this bill really has done a very, very good job of incorporating those protections right from the get-go, and realize one of the reasons why dhs is -- has the role it does, is because we have a privacy office with a chief privacy officer who will be directly engaged in this. so, the bill, i think, really addresses some of those privacy concerns. the third cluster would be -- i think senator mccain alluded to it -- it somehow duplicates the nsa, we don't need another nsa, and that -- we don't need
10:41 pm
to clarify the authorities or the jurisdiction of the dhs, and i think there's a misconceptions there. the plain fact of the matter it's the chair, the joint chiefs and other, secretary panetta and others recognized by the dod and the dhs use the nsa but we use it in different ways. so we're not duplicating or making a redundant nsa, we're taking the nsa and using it within the framework of the bill to protect our civilian cybernetworks. >> i understand the department of defense basically supports this legislation. what i can understand, at least, it does, and is that your understanding? >> i think not just basically. i think wholeheartedly. >> and in terms of the privacy concerns, those concerns are met with a privacy officer, but in terms of the information which is supplied, where there is -- has been a threat, that
10:42 pm
information, when it's submitted to a government entity, is protected. >> right. the content is not shared. it's the fact -- >> tell us more about that. >> content is not shared. the information shared requires minimization, requires elimination of permanently i'd identifiable information. all the things necessary to give the public conversation their own personal communications are not being shared. it's the fact of the intrusion, the methodology, the tactic used, the early warning indicators, those sorts of things are to be shared but not the contents of the communication itself. >> thank you, mr. chairman. >> thanks very much, senator levin. that was a really helpful change. senator johnson. >> thank you, mr. chairman. madam secretary, nice to see you again. i'd like to say to senator lieberman and senator collins, i appreciate your work on this. this is critically important,
10:43 pm
also incredibly complex. is it appropriate for know ask you a question, mr. chairman? i'm new here. i don't walk to break protocol. >> i may have to check with counsel. go ahead. >> i share coaches senator mccain and because this is so important, not a good way to start the process so certainly in light of his objection and those of the ranking members, are we going to consider doing a -- not taking this to the floor directly? is that going to be reconsidered on that basis? >> i don't believe. so i suppose the people want to raise the question, but i think there's been a long process here. those have been reported out of this committee, out of commerce, intelligence, foreign relations had some stuff all done -- not all done on a bipartisan basis but most of them were. senator reid got acknowledge stated about this problem last year, and began to convene the
10:44 pm
chairs and then held a joint meeting which in these teams is very unusual. bipartisan meeting. all the committees urged is to work together to reconcile the differences. some came to the table, as i said, some didn't. we worked very hard to try to bring people in. i think -- i can't speak for senator reid but i think his intention is to take the bill that is the consensus bill now and bring it to the floor under his authority on rule 14, but to have a really open amendment process. i don't think anybody is going to rush this through. and there will be plenty of time for people to be involved. i'm sure i speak for senator collins, we're open to any ideas anybody has. >> i appreciate it. this is important to get right. i couldn't agree -- >> to me the most important thing is to get it right, but also to get it done as quickly -- as quickly as we possibly can get it right. we should get it enacted.
10:45 pm
>> okay. >> because the crisis -- the threat is out there. >> senator collins? >> mr. chairman, if i could just add one thing. and that is, this legislation has gone through a lot of iterations. it was reported first in 2010, and realized the -- is not part of the committee at that point, but ours that shared draft after draft after draft, and briefings, i know that senators come to some of the classified briefings that we have had as well. so we have invited input from the -- >> again, i'm sincere in my appreciation to your work on that. with that in mind, the house has worked on a bipartisan bill, hr3523, a very slimmed down version, an important first
10:46 pm
step, trying to get information being shared between government and private sector. is that something you can support in case this thing gets snagged up? maybe move towards something like that? >> i think there may be part office that are included within this bill, but this bill is a much stronger and more comprehensive focus on what we actually need in the cybersecurity area, given the threats out there. ...
10:47 pm
and you want to avoid some of the complexities that deal with the isps and where they're located in the jurisdiction of another things that the car what is appropriate and in fact it helps pull the legislation along. >> have you done cost assessment in terms of the cost complying with the regulations? >> well, i think talking about the cost is important here the cost of the critical infrastructure and the country is however our belief that the cost of making sure you practice a base level, common these little cybersecurity should be a core competency within the nation's critical infrastructure
10:48 pm
, and so while we don't want the undue cost, we do want a recognition that this is something that needs to be part of doing business. >> has there been an attempt to quantify that or will there be an attempt to quantify? >> i would imagine just thinking about it that there will be many entities that are already at the right level, but sadly there are others that are not, and given that we are only talking about infrastructure that if it is intruded or attacked it would have a really large impact on the economy, on the life and limb on the national security talking about the core part of the critical infrastructure, the fact they all have to reach a base level is a fairly minimal requirement. >> one last quick question i am aware that the chamber is not for this bill the american
10:49 pm
bankers association. do you have a list of private sector companies that would be -- to have to comply with this in favor of it? >> there are a number of them and i think that they have been in contact with the committee that we can get that for you. >> i would appreciate that. thank you mr. chairman. secateurs the napolitano, appreciate your testimony very much. you've made a really important point here define the group of owners and operators and private cyberspace in our country that are ultimately regulated here that can be forced to meet standards very nearly to include only those sectors which if they were attacked, the cyberattack would have devastating consequences in our society. so you are right. it will cost them to enforce this to carry it out, but it will be a fraction of what it
10:50 pm
would have to cost our society if there was a successful cyberattack and i go back to the initial 9/10, 9/11 question. after 9/11 we couldn't do enough to protect ourselves from another 9/11 and we have another opportunity here to do something preemptively, preventive law, methodically and much less cost to our society overall. >> that's right, mr. chairman, and i think as you and i both noted and senator collins did in our opening statements it is our responsibility to be proactive and not just reactive. we know enough now to turn away ahead and the bill does that. >> i agree. there is a cyberattack. we don't legislate, we don't create a system of protection of american cybersecurity. there is an attack we are all going to be rushing around frantically to throw money at
10:51 pm
the problem and its plan to be after a lot of suffering that occurs as a result so we have an opportunity to work together. nobody's saying the bill is perfect. it is darn good after all it's been through. but you've been very helpful today and thank you very much. we look forward to working with you. senator collins. thank you mr. chairman. i too i want to thank the secretary for her excellent testimony and the technical department for the record i would like to submit what is a very clear statement from the chairman of the joint chiefs of staff at a hearing before the armed services committee earlier this week, and general dempsey said i want to mention for the record that we strongly support the lieberman collins rockefeller legislation dealing with cybersecurity.
10:52 pm
so the secretary's comment in response to the question of senator levin about where does the department stand wholeheartedly is exactly right and the department testified to that effect and i would submit that for the record. >> without objection submit for the record. thinks mr. secretary, have a good rest of the day. we will call the final panel. secretary ridges first. i know you are under time pressure. i apologize for keeping you leader than we had hoped. we have secretary ridge and the honorable baker, james lewis and space charney. gentlemen, thank you for your willingness to be here to testify and for your patience.
10:53 pm
although it's pretty interesting and times during the hearing. secretary ridge, in a comment that only you and i and two other people would appreciate i don't think we will be going to the common man together tonight. it's another story. [laughter] thanks very much. we will hear your testimony and then understand if you have to go because i know you have another engagement and you are already leaked. so please, proceed. >> thank you very much, senator. first of all let me tell you what a pleasure it is to be back before the committee. as i told you before in my 12 years in the congress and the united states i did enjoy being on that side of the table better than this but every time on the period before this committee the engagement in the civil constructive substantive and i hope i've been able to contribute, and i hope the fact that we agree in part and disagree in part today in a very
10:54 pm
significant agreement and disagreement doesn't preclude the other times it is a great pleasure to be before you. i testify today on behalf of the u.s. chamber of commerce which as you well know is the world's largest business federation representing the interest of more than 3 million businesses and organizations of every size, every sector river region in the country. for the past year coming year and a half i have chaired the chambers national security task force which is responsible for the development and implementation of the chambers on land and national security policies and very much consistent with the president's concern, the committee's concern on both sides of the aisle you are probably not surprised cybersecurity has been at the top of the list. we've met with dozens and dozens of private sector companies and the vice presidential security and the bricks and mortar cyber this may be the top of their list right now, it is in my
10:55 pm
capacity as chairman but hopefully with a perspective also as the first secretary of homeland security that i think you for this opportunity to appear before you regarding cybersecurity and ways in which we can secure america's future. at the very outset, senator lieberman and senator collins, one of the mind set that i do want to share with you is that need to add the chamber of commerce to the people sounding the alarm. they get. and why do they get it? because the infrastructure that we are worried about that protect america's national interest and supports the federal government and state government and the local government is the infrastructure that the operate, and in addition to being concerned about the impact of the cyber invasion and incursion on their ability to do their job on
10:56 pm
behalf of the federal government, they also have the 300 million consumers one way or the other the have to deal with. so, they joined that course not only in terms of the urgency of dealing with threat, and i would dare say respectfully they are probably better positioned to be able to calculate the consequences of systemic failure in the cyberattack that even an agency in the federal government, and on top of that, they have their interest to protect, fiduciary interests for shareholders that their publicly traded. they've got their employees and the communities the working and the consumers and the suppliers, so we are in this together and it's important to understand that the chamber times the course that appreciates both the urgency of dealing with something and i would say respectfully better understands from the microlevel the hermetic consequences to them and their
10:57 pm
community to their brand and employees and in this country for a significant cyberattack. as you also know, the industry for years has been taking a less and protective steps to protect and make their information networks more resilient. there's been much discussion with regard to the process here and let me just talk free briefly and i'm going to ask unanimous consent to get another minute one minute and a half, and i apologize for that, but as the secretary i remember the national strategy that we created in 2002 talked about securing america but we didn't talk just about people or just about bricks and mortar, we talked about cyber attacks as well. in 2003 it's been referenced by secretary napolitano the legislation talked-about cyber attacks as well to read you and from the enabling legislation that creates the department and as the homeland is to the presidential number seven and the anticipation of testifying i
10:58 pm
read it's all about, it is establishing the national policy for the federal departments and agencies to identify and prioritize the united states critical infrastructure and ki resources to protect them and goes on to talk about protection from the cyberattack as well. you have the plan again encompasses all that had gone before and so very specifically based on the hsppd7 that created the sector agencies and coordinating council the same mandate. the point being we don't need a piece of legislation from the chamber point of view that identifies the critical infrastructure. we've been working on that for ten years in the enabling legislation coming and you understand that process. what we do need and where we took that because compared to the first mark of the president's bill to this mark, the information sharing that we
10:59 pm
would like is a vast improvement from the one that was initially placed and initially considered by the administration, and again we are not ready to presidents to help achieve that the direction of it being bilateral, we believe this the way to go. as at the end of the day, ccp and our judgment there is money for that we already have the process in place to meet people have been working together for ten years, personal relationships to develop the critical infrastructure is you've got cybersecurity experts in the sectors selected agencies, so not only do you take a definition that appears to have no walls, ceilings or floors, but it appears to be redundant. and second, somebody used the word requirements. one of the great concerns we have, and i will conclude, is that the requirements prescriptions are mandates, mandates are regulations, and frankly the attackers and


info Stream Only

Uploaded by TV Archive on