Skip to main content

tv   Politics and Public Policy Today  CSPAN  August 6, 2015 5:00pm-7:01pm EDT

5:00 pm
you would concur with the school of thought we better be careful about overregulating and overmonitoring, not that we're trying to encourage a lax environment, but if we put too much regulation and restriction on companies they will fail toibbo vat. and i want to make sure i heard you right and work down the panel for other's comments. >> well, mike, i think the truth is somewhere in between. i think if you deregulate too much, you do run the risk of the taxpayer getting ripped off. i think to think on behalf of my own company but i think most defense contractors are very mindful of their responsibilities to the ultimate customer, the war fighter and the american people. we take that commitment very seriously. but by the same toke he went we don't always agree on the a customer base with what they want to do and that will occur
5:01 pm
in a natural relationship. but that being said, you don't want to create -- the government has a responsibility to the taxpayer to be fair and to be transparent. you have to do that. the question becomes how can you do that but at the same time give industry the flexibility to do what they need to do? i don't know there is a good answer which is why acquisition reform has been a buzzword for decades and continues to be something we continue to strive for and continue to struggle with. but i would say that is probably the hard problem of the century. but nevertheless it is something we have to continue to strive to get better because there is a balance between letting industry innovate and letting industry take responsibility and put goods into the hands of the war fighter that meet the war fighter's needs and making sure that the responsibility to the taxpayer is upheld. >> so before i go, let me follow up with a specific question. is there one word, based on your current understanding of where congress has left this debate,
5:02 pm
leaving town now, july 31st, 2015, would you push this to a realistic level, knowing we don't have a silver bullet and solve it all, one thing you would like to see people do and one word of advice you would provide. >> the one thing i would suggest is understand the difference between business and government. and in understanding the difference between business and government and understand you can't run government like a business and you can't run business like a government. and if you understand the differences between the two, that helps to settle the relationship. >> thank you. dave, any thoughts on acquisition reform policy and where we should be doing? >> we take our responsibility here quite seriously as most of our peers do. i think it is about balance. in either extreme you get the kind of behaviors that none of us want, right. so in addition to finding the right balance, we need to step back and reflect a little bit on the kind of acquisition
5:03 pm
objectives that we want to have as we see the cycle times an the kind of technologies coming in, all right. being able to ainquire things that incrementally add capability over time, this is a different kind of acquisition that you do there. so in addition to kind of getting that set point right, and we have a joint responsibility with our customers to help make that happen, it is also reflecting more on how these increment allen hansments help us with the budget pressures, help us get capabilities into the hands of war fighters more quickly, but there are challenges with those kind of acquisitions. >> and where does that have to happen, where is the number one road block now? is it in existing law, in the culture of the military service and in the acquisition of the service and i i'm sure you'll say it is all but if there is one most in need of fixing today
5:04 pm
or inovation, what would that be in your mind? >> i think it is a little bit of all of those areas there. i think that the technology and the future capabilities don't necessarily respect the organizational constructs that we have right now so increasingly technology is forcing us to think about acquiring things that involve varied stakeholders in ways that we haven't had to bring them together in the past. it is just the way it is, right. and so part of it is just the communication across folks, both in industry and government, that form that stakeholder community, that have not regularly been working to acquire those kind of systems. >> jim, you called for more revolutionary change, do you see a way to make that happen in the context of this conversation? >> yeah. i think we just heard a million dollar comment here which is technology doesn't respect the current kind of organizational structures and the way it was adapted. so i don't know when i -- you
5:05 pm
could have a good argument about what era our procurement system harkens back to and some people would say it is a civil war model and it is about mass and resources. well, we need a procurement system which isn't about mass, we need one that is about the adaptability and -- and knowledge effectiveness of what we're procuring. and to do that, i think what we need to do is look at the procurement system not so much in terms of whether we have enough regulation to protect the taxpayer, or not, or are we acquiring the right weapon systems. we should look at it in terms of how do we widen the base of the sources and the resources being used for the developing and delivering these systems. so when i talk to some of the leading folks and in private
5:06 pm
industry about their technology and how it is being used by the department of defense, they repeatedly say to me, you know, there are a lot of folks out there, folks like the chinese, that are much better taking innovation, wherever it is, and effectively militaryizing it. and so we have an archaic procurement and large capital expenditure and not driven by innovation or adaptability. so if i were -- to council the folks going home on vacation, i might tell them not to come back, but i would also -- [ laughter ] -- but i would say the game has changed here. it is not about massing resource and allocating budget, it is about accessing the full
5:07 pm
continuum of innovation and effectively militarizing it as required. ultimately the responsibility is not around protecting taxpayer money or executing big programs, it is about winning. and a lot of folks in private industry will say a transition to civilian technology or technology wherever it is into military use, we're losing our lead on that. just because of the sheer weight and the wrong model. the model doesn't respect the technology. >> so brennan over to you for any questions you have, but the question is, is the glass half full or half ending because we have different themes, not debates or one person against another but themes saying we're making the best stuff in the world, we have the best stuff in the world and we're doing interest things across the domains you are discussing this
5:08 pm
morning and yet at the same time we have bureaucracy, and innovate or not do well in peace time and do you have a view of whether it is a glass half full or half empty. >> and that is a good questionment and i was thinking about what words to use and i would counsel congress on being real estatisticly optimistic. which is a way of life. you can't have everything all of the time and think everything will go well all of the time but you can be realistic about the potential. and i think that all of the organizations that we represent we really do have the taxpayer in mind. and there seems to be a struggle between those of the current leadership on the hill and their understanding of what the industrial base is trying to do and whether or not they have actually the war fighter's best need in mind.
5:09 pm
lmi was founded because secretary mcnamara realized that somebody outside of the military needs to see what is facing the military 50 years ago and see it in a different light and solve the complex problems and we've continued to support that mission and one of the things we continue to try to do is hook at innovation as a way to support the mission constantly. and there is a great spirit, not to get philosophical, but i will, in this country of entrepreneurialship and innovations and that will drive the opportunities that there is and i think that trusting that those -- that entrepreneurial innovative spirit is going to be okay and if you fail and fail forward and learn from those mistakes, it is an accurate and efficient investment in the technology, then this is all worth it. but the process and the structure, as the gentlemen to
5:10 pm
my right have recognized, it does not facilitate that process. it ties up that process. to the people that might have the solutions don't even want to participate. so i would counsel congress to be optimistically realistic about the future and to have a little bit more trust in the private sector and in bringing these technologies to bear on the public sector problems. >> one follow up. in what way is the congress not trusting the private sector enough right now. because it pushing d.o.d. to use the traditional bureaucracy regulated methods of procurement and take advantage of the federal code and the options of commercial acquisition style of procurement? what is a specific way that congress gets in the way. >> i think the acquisition process is so cumbersome and the requirements don't meet the needs of what is being proposed. so the questions that come out and the problems trying to be solved, if there is a new way of solving them, there isn't a
5:11 pm
recognition that you have to look at it and evaluate it in a new light. you are applying old regulations and old acquisition policy to new solutions and there isn't -- there is a disconnect between how you do it. and i also think there is a fear of the unknown. if you don't have the answers at the beginning or if the evaluation process isn't educated enough for the individual evaluators that are part of the acquisition process don't understand it, instead of asking questions again and again to better educate the acquisition policy process, there is a fear and just a shut down of the process. so i think it is just the general bureaucracy. and jimmy said it -- complexity, i would characterize it more as red tape and the amount of complexity in the actual acquisition process that prevents the new solutions from being applied. >> great. well let's go to all of you. we have about half an hour left. i'm going to take two questions at a time. please wait for a microphone and identify yourself.
5:12 pm
and if you can pose a question specifically to one person, that is a help. it is not obligatory but it helps. the woman here in the fourth row and the gentleman on the seventh row, both in the aisle. >> good morning. thank you for your comments. my name is margaret cope, i'm an independent consultant. i have a background in life cycle management in the air force. my question has to do with pma, product manufacture approval. where is that with regard to this whole process? i know when you talk budget constraints, that was an area that we were looking significantly at and i would just like to know if you have an update, probably, jimmy, you're the one that would note most about that. >> and before we do, we'll get two on the table that way we can pick and choose. go ahead. >> i'm john workman with the
5:13 pm
associati association of fliets. as we talk about agile systems, complexity, evolution, revolution. >> what are the implications for the 21st ssht war fighter and how has the defense department be thinking about what the war fighter can do with the new technologies in mind. >> and steven we'll start with you and go to brennan. >> i can take a part and i can figure out how to do it in the field and there you go. but the problem you run into, particularly with aircraft systems, is that there are certain characteristics of those parts that you have to have. it is material properties, as well as qualities such as surface finish and dimensionality and things like that. if you don't have them, that part can fail and when it fails, it will be spectacular not in a
5:14 pm
good way. and so one of the things you worry about, when you go through the pma process, the whole idea is that you've proven that you can produce that part to have the right quality so that you have the quality part that can do what it has to do. if you descent rallize that and take away that authority your given, things like added manufacturing can challenge that because then how do you maintain that authority. the challenge for us as manufacturers is we stand by the quality of our products. and if you start flying around products that have parts that we can't stand by, then it makes it very difficult for us to stand by our products any more. so i think right now, where we are on pma, it is a bureaucratic authoritative process. where you can successfully do it, it can drive competition and cost improvements but you have to be very, very mindful of the quality issues and i think looking ahead as we look at added manufacturing, that may
5:15 pm
become yet even more complex. >> brennan? >> sure. so with regard to some education, we work very closely with universities in our research and development program. we do internal r&d and academically funded r&d projects and one thing we're looking at is how do you provide the work force that can use the technology and a key component of that are what are the skills and capabilities that they need. there is a miscon semgs that when you use a new stuff and you throw the old baby out with the bath water but physics is not changing. the technology that is going to have with stand the physics when you produce a part and put it on a plane or a aircraft carrier or a submarine you have to understand the engineering aspect because you have to know how to produce the part in the past and how to use the new technology to create a if you
5:16 pm
part, or whether it is the same part or print as a singular part but you have to have the background in engineering and the capability to understand how to use it. with regard to how that applies to the war fighter, it is a question that continues to be answered and that is what we're working with the d.o.d. on a training and work force perspective. if you put added manufacturing in the field and at a federal operating base or a combat out post and you have an infantry that is 30 guys, who within the team has the capability to take the software to print the part and create a part as it is needed to use cad files and 3-d data to print the part and what are those skill sets and i think the stem space of it continues to be a growing need and i think there is a need for having specialists and generalists who can facilitate the process so that the technology can be applied in a forward or deployed setting.
5:17 pm
>> thank you. let's take two more. these two gentlemen here. >> thank you. john harper with national defense magazine. i guess this question is probably for brennan and jim. can you give some examples of the ways in which the services are using additive manufacturing now and what some of the plans are for utilizing that technology in the coming years. >> sure. >> i'm randall doyle from george washington, university, i would like to look at this from a different angle. listening to the process and the quick and everything, i want to talk about external factors with the fansment of fighter planes and missile technology and in china and how much pressure is on to produce the products for the military and so forth and maybe because of chinese advancement in weapons, maybe that is the process of breaking down the red tape you talked about and maybe make you happier with congress.
5:18 pm
>> and i'll add one more and potentially have a question for everybody. we'll see here. that is what i'm hoping. >> thank you. i'm elliott horowitz, a former member of the intelligence community and the state department and the world bank. for mr. kenyan, i have a question, what is the rate of progress of our major adversaries with the people's republic of china and the federation in terms of rapid propulsion. >> we'll begin with jim and work across the panel. >> well i characterize the use of additive manufacturing among the services as islands of experimentation. and in many ways driven by either individuals or -- units that i have an inherent interest in innovation. though some concrete examples of
5:19 pm
how it is being used in the field would be the deployment of additive manufacturing machines with so-com. i mentioned the dog bone for the antennas and there has been modification of weapons so that they are -- rather than being mass produced, they are more custom fit to individuals. and there is some -- an example of something used for a sling underneath the helicopter that was made in the field. again, i would say, that this is not in any way new. and in fact, when you start talking about the navy, it is in the navy's dna to do this kind of stuff. the ship is out there in the middle of the ocean and it will keep going an the machine shop will come up with a solution and what this particular technology does is it widened the envelope of possible solutions that that machine shop can execute on.
5:20 pm
so the adoption path within the services is really a function of need and frankly immediate need. there is nothing like having to solve a problem that causes you to propel a technology forward. now in the industrial base, the adoption of the technology is really kind of bifluctuating. the machines and the material, the price performance envelope on them is crashing and effectively within that class of machines their commodity is going on of both the material and the machine. there is also a group of machines and materials that are becoming highly specialized and regarded as a competitive advantage. so if i returned to jimmy and said would you tell me how
5:21 pm
you've locked down your processes and limited variability, well how do you guarantee you'll find an element analysis, he wouldn't tell us because that is the competitive advantage. so there is a limited number of folks, usually with a lot of capital, that are truly differentiating themselves in additive manufacturing and frankly they are having to build the machines themselves. the machines that are available just aren't up to snuff. so in the commercial, industrial sector, it really is playing out as is this a commodity type of capability with commodity or is there an opportunity for a distinct advantage and we're seeing it takes a lot of money to lockdown the processes on the metal side and create parts but when do you, you have an advantage over other companies that is significant and
5:22 pm
justifies that capital investment. >> brennan, do you want to add an example or two before we go to jimmy and dave. >> there are two things helping. the navy has been using additive manufacturing. the navy of dental skill has been printing bridges for people in their mouths for many years, probably almost 30 years. with the evolution of additive manufacturing the customization to an individual person's physiology, there is a great opportunity there. and the medical services continue to provide that. there is a lack of infection, when you have customized prosthetics or skull caps when you have traumatic brain injuries and that is a growing area. the other example i like to use often is the rapid equipping force that i mentioned, so com, special operations deployed in afghanistan. infantry units were given flashlights and there was an
5:23 pm
exterior button and they would put it on the pocket or the pack and every time they would walk it would click on and off. and everybody with night patrols, they know that is rule number one. no light. and so they needed a cover for this. so they produced and came up with a cover for the flashlight and printed them in the field and provided them immediately to the infantry units. and that is a key example of the innovative aspect of it. and there is that -- it is continuing to go on, and again to jim's point about the services, at the services they are pushing the envelope constantly because they are primarily there to support the war fighter and sometimes luckily they don't want to put up in the impediments i mentioned earlier about supporting that mission and so they are just pushing the technology from a strategic perspective and that is where we're trying to help d.o.d. see as you push that across the services, having a comprehensive
5:24 pm
strategy for how you apply the technology. >> so jimmy, i don't know if you are comfortable talking about global trends in propulsion? >> well that is a little hard to answer -- to answer directly, but here is what i will say and i will actually touch on both of those questions. there has been a lot of investment, a lot of work going on both in russia and in china and that has been fairly public. there have been a lot of articles in the press about china's desire on the commercial side to develop propulsion capability. and so clearly that is something that bears watching. if you were to watch secretary kendall's remarks, we have a $2 billion investment in propulsion even while we are struggling in other areas and why is that. propulsion is recognized as a differentator for the united states. it is something that sets us apart. and that is why keeping that technology lead is a big reason
5:25 pm
for that. that is an interesting thing, in looking at the bigger question, it is remarkable, in this nation historically we've been able to rise to the occasion when we have a national imperative. when you go back to world war ii, we had this thing going on in europe and this thing going on in japan and the result of that was a tremendous blossoming of the defense industrial base and in particular the aviation base. we produced airplanes, punching them off the production line day after day after day because we needed them in the fight and we found ways to do that, both the government and the industrial base. and fast forward a little bit and once sputnik was launched and detected, we took off and not that long later we were putting people on the moon and this turned into the cold war and the technology advancement that was the cold war because of a compelling national imperative. where are we today when we consider what we see going on in
5:26 pm
russia and what we see going on in china and when we look at the defense strategy that we hear about, is it a compelling national imperative? well when you look at our defense acquisition system today you might argue not yet. but are we headed in that direction? maybe. >> thank you, dave. anything you want to add to this. >> i'll hit on both of those as well. from the added manufacturing perspective, i spend my organizational time in the r&d spaces. but we're using that very expensively. and it is really about being able to respin prototypes more quickly and far more effectively. i was in a proposal review a couple of weeks ago and we're talking about how we're going to modify a system with a phase two and walk with an aluminum version of the infrastructure there and experimenting with far more sophisticated materials as well beyond the aluminum instance in that particular case. when it comes to the pace of our
5:27 pm
adversaries and what we're doing, technology wise and capability wise, i'm very optimistic. in the sense that some of the dialogues that are occurring right now, you don't have to be more than a few minutes into a conversation with secretary kental, on this kind of a topic before he asks you the question, are you getting the data you need. are you in the conversations with our folks about where our adversaries are going, where our deficits are and what we're doing to potentially overcome those. and same thing with mr. stackly and the navy. they are very keen on making sure those conversations are occurring and those are substantial conversations around data and scenarios and the like, right. and they are not just operating within stovepipes either. i've seen good conversations coming across services. so i'm not suggesting that those conversations weren't occurring before but they are occurring now with a sense of intensity that i can actually see the
5:28 pm
difference. >> i think we'll do one more round of questions and allow everyone to make final comments too. while i look for hands, i'm going to say that we have general campbell coming from afghanistan to be here tuesday at 3:00 to talk about the state of play there. but that also is an opportunity and i'm sure everybody in the room would want to join me, we may or may not have another opportunity on stash tash to say thank you to a departing group of military leaders that as you know are leaving now in mass. so we're seeing the chairman and the vice chairman of the joint chief and the number, all four is changing in weeks an the navy is in transition and we want to thank general dempsey, ode der know and all of those who served with them during this intense period of military service for our country. and when we thank the panelists,
5:29 pm
let's keep the round after plause for the wonderful military leaders because it is a historic moment as the united states makes this transition out of war and seeing those four leave brings it home for me. sorry for that aside. and let's get three last questions and then a final wrap-up. so the question at the very back and then you two here. and then we'll go across the panel. >> matt jones from the boeing company and i want to thank the panelists for very informative session here. thank you very much. my question is related to -- i guess i'll aim it at jim. you've talked about the application of additive manufacturing to logistics and to other aspects of it. do you see much evidence of how additive manufacturing is changing design philosophy. in other words are people starting to design for additive manufacturing? >> and the gentleman here in the
5:30 pm
fourth row. >> i'm ryan sturgil with the cohen group. i want to ask what initiatives you see other d.o.d. funding or potentially even other departments for additive manufacturing and for example the white house has moved to set up this national network for manufacturing innovation and the first center is on additive manufacturing, i think based in youngstown, ohio and i think d.o.d. kicked in a fair amount of money to fund that initially and amaybe you can comment on how that is going and are there other initiatives down the pipeline that we could see coming? >> thank you. and over here. >> sean lingis with federal computer week magazine. dave, you mentioned that adversaries are kind of moving away from a hardware laden approach to more software to
5:31 pm
having digital things early in the cycle, that is maybe a crude summary of what you said and can you elaborate on that and what you mean by that and the implications for how the u.s. does business. >> and because they were put so succinctly, i'll bring in forge hand into the mix and we'll follow up. >> my name is flant and my remarks are my own. i would like to get remarks from 3-d printing and energyic materials. we heard about component parts but if i can look toward cartridges for individual soldiers put forward and air drop munitions to be tailored more adaptable and more efficiently placed in the hands of the war fighter to zero in, opportunity and efforts, what is going on now that you know of, the merits of this kind of research and effort and lastly
5:32 pm
defense industry and academic partnerships, things we can leverage our graduate students on, what are the opportunity trz. >> why don't we work from brennon on downward and conclude the questions as we go. >> okay. i i can speak with the three of them. with regard to the logistics, the key part that we see in terms of applied additive manufacturing is you are turning the supply chain on its head. and you create the part at a manufacturing base and then send it to a depo and it gets put on a opponent or sent out into the field. if you push the entire supply chain forward and you actually put the machine in the field and you are printing in the field, you are actually just truncating the entire process and meeting the need exactly where it is. so the potential there is great and significant and in condensing the whole supply chain and all of the logistics that support it.
5:33 pm
and looking at reduction of inventory, reduction of the money spent on the space where the parts are housed. but again it has to be a thoughtful process. which of the parts is a business case to truncate that logistics and supply chain. and then with regards to the question about academic partnerships, so a lot of the universities work with organizations like myself and then the youngstown, ohio, organization, it is america makes, that you were referring to, it was an innishive born out of the d.o.d. and it brings together industry academia and the services and the department of defense to have a conversation and continue to push the technology forward and to facilitate the process -- the acquisition process and introduce the entrepreneurial spirit in the small organizations that focus just on the technology of the 3-d printing and the potential implications. they may not have a familiarity with the d.o.d. contracting process like most of us do.
5:34 pm
and so america makes and organizations like it are making those. and there are directive working with schools, fliets are the schools, and the dreams lab at virginia tech is the 3-d arm and there are investments that different organizations within d.o. did are making to work with them collaboratively to look at what the potential implications are and what the processes are and where you can find efficiencies and what parts or components would be printed and we do work and facilitate that conversation. so taking the questions and investing our own funding and in answering those questions and using the academic expertise. the graduate students in those programs again still have the traditional manufacturing and engineering background and then are advancing it to understand better how do you design in 3-d, how do you look at a part that was subtractively manufactured
5:35 pm
or three or four parts and put them together and look at how they could be printed. and so those are some of the things and i hopefully covered all three of those. >> jim. >> i would like to address the question around design of additive manufacturing. it is an art and not an engineering science, that the software -- the design software needs to take a jump forward before it catches up with the technology, that there is a lot of lack of understanding or just frankly knowledge about how you design the digitally optimal part, as it is sometimes referred to. so in many ways i compare it to, when composites came in to aerospace and everybody was a metal person, there was just an incredible adoption cycle, a cycle to totally reorient
5:36 pm
themselves, a cycle of getting composite education into engineering schools before it really flourished. that took decades, really. so there is some of that going on with design for added manufacturing. i would say there are two interesting things i think in the manufacturing space. the first is where designs are coming from. though we've all heard about competitions being run on jet engine brackets or parts coming from design and art schools, used in industrial applications. so there is this democracy of design already occurring and where do you go for ideas and solutions to include the actual users of the product. the second thing is my experiences that folks that embark on the design for additive manufacturing path often veer off and start designing for their own supply
5:37 pm
chains. because as they lay out the economics and the needs, they revert back to i don't want to change the part, i just want to be able to build it at the point of use because of what that does to me logistical requirements and my inventory requirements and what it does for a disappearing source of parts, et cetera. >> thank you. dave. >> so sort of what is the implications for more and more software content, closer and closer to the front end of the systems. maybe i'll motivate that with an example. i'll take you back a couple of decades or more. so there is a set of enthusiasts that have scanners and they listen to things going on in the radios and if you had one of those 20 or more years ago you would figure out what you want to listen to, you go down to your local electronics store and buy a crystal and you would open the back of the radio up and plug the crystal in there and you had four slots for crystal
5:38 pm
so you could pick four in you wanted for and if you change your mind you go back to the store and get another crystal and then listen to the radio frequencies of most interest to you. and is we take for granted, you get it, the frequency you are interested in, boom, you are listening to it. as new formats come out, in large part that new system is able to address and receive and understand those, right. an the reason it can do that is because we are converting from the radio frequency that comes over the air into a format where we do the processing in software much, much earlier. so the change to accommodata any system in this case, a new radio that you want to be able to listen to, is an upload of software into that system, it didn't going down to the local store and buying a crystal. sow can extrapolate from there to systems where we're not
5:39 pm
listening but maybe we're communicating, right. and systems where perhaps we want a bridge across radio farmots. in the past you might have to have different sub radios for what you want to bring and now in software you can make that connection occur. and so the real implication is one of efficiency, cost, expense ability and all of those things. >> and jimmy. >> and i appreciate that relationship here because my fon is a hughes bryce harper fan. >> and we can't make him in a 3-d fashion if we could. >> >> a little one. >> yeah, maybe. there are a lot of key ideas here. i think going back to the question on design for additive manufacturing, at the end of the day, that is the real opportunity. that is the real opportunity. because it opens up a whole new way of making things that can cost less because i need less
5:40 pm
material, that can take less time because i can eliminate some processes out of my manufacturing line, there are a lot of things i can do with that that frankly just make the product better. they take weight out of processes out of other things where i can't remove it later on. i have design flexibility. right now i have a program where i have a military engine on test and we made parts of it using additive manufacturing and i could lay in instrument leads and or ports for instrumental leads and by doing that, i don't have to add things that disrupt the aerodynamic performance and it just makes it a lot better and that is really ultimately where we need to go, what is the catch. we have to learn how to do it. as jim alluded to it, it is kind of an art right now, we get used of thinking of physics. physics, f equals ma and you
5:41 pm
can't push on a rope. and how we do our analysis, we are to rethink not only how we make things but how we design things and analyze them with the physics to take full advantage of that. the opportunity there are things like the america makes initiative, like stem initiatives that had added manufacturing. and america makes was intended to cat liez the -- -- cattalize the industry and it was worked because we're here talking about it and companies like my own and others are heavily engaged in it and working in taking it forward very quickly. the other part of that with stem, universities are a huge part of that. how do i think dishly about the physics. we have a relationship, we heard about two universities earlier. we have a relationship naturally being a connecticut based company with the university of connecticut with we are working on additive manufacturing and if you talk to similar companies you'll talk to similar stories
5:42 pm
about relationships they are forming with universities specifically for that reason and i think there is a huge opportunity there and i think it is only a matter of time before we get there. >> wonderful. thank you all for being here and please join me in a big round of thanks and appreciation. [ applause ] with congress on its summer recess this month, wii featuring our stash tash city oez tour which featured sites across the nation to hear from local historians and auck ors and civic leader. today we went to ft. lauderdale. watch that at 6:00 p.m. eastern. and tonight a televised debate, the first and so far only
5:43 pm
televised debate scheduled with all four leaders. the participants are prime minister stephen harper, new democratic party thomas mull care, liberal party leader just intrudo and green party leader elizabeth may. this week prime minister harper called for the election to be held on october 19th, kicking off the longer campaigns in modern canadian history. the debate hosted by mcclain's magazine will be on c-span and c-span radio at 8:00 p.m. sunday night on q&a, former emergency manager of detroit kevin orr talked about detroit's financial issues and his job overseeing the largest municipal bankruptcy in u.s. history. >> if detroit had taken that $1.5 billion that it borrowed in 2005 and 2006 when the stock market went down to 6,700 and invested it in an in dex fund, dow jones, standard and poors,
5:44 pm
whatever, stock market is now trading at 18,000, three times what it was. they would have not only tripled their money, they could have paid the pensions in full and got back in the business of paying the 13th check, giving pensioners a 13th check in at the end of the year in addition to the 12 they are due. so it could have fix the management, just like any organization like the united states as well, if you have strong and focused leadership you can resolve these problems but it takes a lot of effort. >> sunday night on c-span q&a. >> next remarks from nigeria president muhammadu blv. he was in washington, d.c. last month and delivered a key note speech on his relationship with the united states at a an event hosted by the u.s. chamber of commerce. his remarks are 15 minutes.
5:45 pm
[ applause ] >> please sit down, ladies and gentlemen. i think mr. paul hinks started it by rereading his speech. i think i'm constrained to follow suit. when we read our speeches in the other room, the audience was so small and, in fact, i was wondering why some of the governors have turned down our invitation only for me to find them here. now so we are complete, i too will reread my speech. [ applause ] >> the executive governors here
5:46 pm
present of nasawra, and the former governor of river state, the governor of borno state, the center of the battleground of boko haram, the governor of emu state, the governor of edu state, and the rate of my team, mr. paul littles, the counselor of africa, mr. haines, president corporate counsel on africa, and mr. pliets our ambassador to the united states of america and to the capitals of industry that are present, the distinguish
5:47 pm
leaders and gentlemen, i'm not surprised to meet [ inaudible ] here. because a friend of my big friend bola habitu, i'm required to -- the chief executive of adebowale adefuye, but i was surprised to see the chief leader of the israeli bank and maybe the govern of the central bank. i wish you well. [ laughter ] >> ladies and gentlemen, let me begin by saying how pleased i am to be here tonight and to be treated to this elaborate dinner
5:48 pm
by the united states chamber of the commerce and the corporate council on africa. there are so many entrepreneurs and capitals of industry tonight speaks well of the growing relation shim between nigeria and the united states. i would like to commend the chamber and cca for assembling united states companies whose top executives have taken me through their vision and activities in nigeria. my intention here tonight is to simply to bring our message of hope about my country's future and the opportunities that are available for united states investors. ladies and gentlemen, due to the long-standing excellent
5:49 pm
relations between nigeria and the united states, our two countries found it necessary to sign a violation commission agreement in 2010. as the framework to guide our interactions. the agreement provides a template to effectively and efficiently manage the growing political diplomatic, social, economic and security cooperation between nigeria and the united states. a line with bnc and the need to strengthen our bilateral relations and investment have been organized on power, agriculture, and infrastructure. these interactions have led to increased economic and investment activities between
5:50 pm
nigeria and the united states. i would like to see these interactions broadened and sustained because a huge econom and trade relations beyond the current levels. it is my intention to create the next environment for future investment in nigeria. we are a most superfluous nation in africa. there's vast human resources, and we're blessed with an abundant skilled work force. we are the prime candidates to become the destination of choice for the united states investment in africa. [ applause ] the investors know from
5:51 pm
experience that the nigerian market for investment is better than any other in africa. i will work hard to improve our country. the challenges i lay on the table tonight is for the united states and nigeria to take advantage of the political cooperations between our two countries, to concentrate investment activities, including joint venture projects in the private sectors of the nigerian economy, including power generation, gas, agriculture, mining, health sector, and other sectors of our economy, to take advantage of the united states/african growth opportunity.
5:52 pm
ladies and gentlemen, while i recognize the role of governments in facilitating and promoting the economic growth, the private sector must resume the increasing role of growth. this is even more so for us in nigeria, as we take steps in a diverse way to grow the economy. in particular, we will welcome general investors who are willing to come to nigeria for minerals exploitation. generation employment was one of my key campaign promises. i'll do my best to keep this promise. i will do my best to keep this promise. [ applause ] there are other ways to expand the economic opportunities and
5:53 pm
create opportunities for millions of people, for boost in domestic manufacturing, and infrastructure development and industrialization. let me repeat, nigeria will partner with general investors who are willing to join us to achieve our economic objectives, and at the same time to reap returns for that investment. there is more in nigeria than oil. this is why i want to stress the need for increased united states investment in our non-oil sectors. the administration will be attentive to the needs of the business community. and the policies that will strengthen the sectors that will drive the growth. [ applause ]
5:54 pm
we intend to reduce waste with accountability and good governance, a respect for the rule of law in compliance with observance of constructual agreements, and removal of some of the measures that the federal government will promote. ladies and gentlemen, nigeria will require heavy fund iing whh is not just in nigeria alone. in this regard, i would encourage the united states foreign investment and agencies such as overseas investment
5:55 pm
cooperation, and the united states export/import bank. to include access to capital, and funding of such businesses. nigeria, therefore, requires investment of the united states energy companies to improve our power supply. while we're confronting the energy sector in nigeria, i want to assure you that the government of nigeria is prepared to take on the challenges related to gas shortage and vandalization, both of which are known to have in recent times had disrupted
5:56 pm
transmission of power to the consumers. ladies and gentlemen, the current environment can only thrive under a secure and stable environment. as such, i'm giving full attention to the fight against boko haram insurgents in collaboration with nigeria's immediate labors. to this end, nigeria has pledged 100 million united states dollars to the multi-national joint task force for the resources for the task force to effectively function. last month nigeria released the sum of 21 million united states dollars of this pledge, and stands ready to support the pledge until the tax force
5:57 pm
becomes fully operational. niger niger any j every little bit helps in this all-important fight against terrorism. it will ensure the protection aof every inch of nigeria's territory. and providing the utmost resumption of normal life. in conclusion, i would like to remind you all that we are continuing with privatization programs in sectors ranging from telecommunications, energy, gas,
5:58 pm
minerals, aviation, health and infrastructure development which will improve architecture. we will also simplify these procedures, based on principles of democracy. i, therefore, seize the opportunity to formally invite american business community to take advantage of our liberal trade and investment climate to do business in nigeria. i thank you very much for your attention. [ applause ] this weekend, on the c-span networks, politics, books and american history, saturday night at 8:00 eastern on c-span, congressional profiles with four freshmen members. pennsylvania democrat brendan boil, louisiana republican ralph abraham, and new jersey republican tom macarthur. and sunday night at 9:00 with elections coming in october,
5:59 pm
we'll show you a debate among the four national party leaders in canada. on c-span2, saturday night at 10:00 eastern, on book tv's afterwards, charles murray argues through the use of technology, we can rein in the power of the federal government. and sunday evening at 7:00, susan southern talks about nagasaki japan. this weekend, on "american history tv" on c-span3, we commemorate the 70th anniversary of the bombings of hiroshima and nagasaki, japan, and the end of the war in the pacific. our programming starts saturday morning at 10:00, with a conversation with harry truman's grandson. and we'll visit the exhibit with the university's director of nuclear studies, peter koznick. and sunday morning at 10:00, our coverage continues, with the 2000 documentary of the making
6:00 pm
of the atomic bomb. and interviews with two bomb survivors. get our complete schedule at c-span.org. next, two panels discuss the global increase in economic cyber attacks and espionage, and examine threats targeted against the united states. participants talk about the current strategies employed by the u.s. and its allies to defend and counter those attacks. and make suggestions on how best to improve cyber defenses. the hudson institute hosted this forum. all right. good afternoon. i'm samantha ravich, the principal investigator on this project. i want to thank everyone for attending. in particular, i really want to thank the hudson institute and the foundation for the defense
6:01 pm
of democracies for co-hosting this event. i also want to thank the co-authors of the monograph. some will be speaking today. zarate, dubowitz. but some may be in the audience, abe and tiffany. i don't know if tiffany is here. tiffany was quoted extensively in a recent "washington post" series on the cyber vulnerabilities of the auto sector. a few housekeeping notes before we get started. the first panel will begin momentarily. and about one will roll into the second panel. finish around 2:00. there is a short survey, if you could, if you haven't taken it already, we would really appreciate it. it will give us -- it's anonymous and short. it will really give us a better idea about how people are thinking about cyber-enabled
6:02 pm
economic warfare, and where resources should be put to it. we will be publishing both a synopsis of this seminar, and the results of the survey, so stay tuned. all right. so let me set the stage for a few minutes on how the project on cyber enabled economic warfare really got started. it really had its genesis back in the mid-1990s. in discussions with incredibly smart people like marge at the smith richardson foundation that sponsored this work. about the intersection of economics and security. so in 1997, the asian financial crisis hit, if you remember. it began this thailand and then the contagion quickly spread to indonesia, south korea, malaysia, other countries throughout the region. foreign debt to gdp ratios rose over 180%, during the worst of the crisis, riots occurred, governments fell.
6:03 pm
the causes of the crisis were varied of the but most experts think it was the combination of crony capitalism, and economic bubble flooding the market with cheap money, and a simultaneous slump in semiconductor prices with the rise in the value of the u.s. dollar. but from westport, connecticut, we discussed how economic destabilization in southeast asia could potentially affect large eregional securities. what would it mean to relations in taiwan and china. what would it do to separatist groups like abu sayyaf. it was the malaysian prime minister at the time, what he was saying that really got us thinking. he appeared directly and piping the blame on the finance ears who said they sabotaged the malaysian economy. he said the economic fires were no accident, but a western
6:04 pm
conspiracy to rule the world and tell other countries how to run their affairs. we discounted the malaysians' specific diatribe and ret oh trick and anti-semitism. if you remember that part. but we did think about the broader issue of how a country or countries could use economic means to undermine an adversary or change its policies. we thought back on america's use of economic warfare against the nazis, then again against the soviet union. and we began to think, if and how the u.s. would need to think differently about these threats and capabilities as the world financial markets became more automated, and more integrated. over the next decade, the conversation kind of waxed and waned, but came roaring back as evidence began piling up on the scale and scope of cyber attacks against u.s. banks, u.s. defense contractors, u.s. intellectual property, our electric grid, our health care system, the most sensitive parts of our
6:05 pm
government. were we seeing something new? again, there's always been economic warfare. where one side in a conflict goes after the economy of another to affect and weaken its overall strength. but the rise of the global electronically networked economy, and the growing cross-border integration and interdependence of its constituent parts has produced sizeable opportunities for various actors to develop new methods, and strategies of economic warfare. both state and nonstate actors increasingly can contemplate new possibilities for using pernicious cyber penetration of critical economic assets, and systems, in order to cause harm to a target state security capabilities. so we have this new class of security threats. cyber enabled economic warfare. the attempt at achieving political and security goals through cyber enabled economic aggression. and in this type of warfare, the
6:06 pm
united states is particularly vulnerable. as mike mcconnell said, if we were in a cyber war today, the united states would lose. this is not because we do not have talented people. or cutting-edge technology. it is because we are simply the most dependent and the most vulnerable. so we started this project with a few organizing questions. one, within the escalating cyber attacks on u.s. public and private organizations, is there lurking a new type of action. some form of concerted strategy to undermine the u.s. economically. two, are there adversaries whose strategies are specifically designed to cause economic harm that could weaken or significantly debilitate u.s. security capabilities? three, is the u.s. prepared to identify and address such strategies effectively? and four, if not, what can be done? we did not attempt to provide definitive answers in the monograph and through this seminar, rather, what we wanted to do is start a robust,
6:07 pm
much-needed debate on this topic. the chapter authors and those who are participating in some of the seminars we've held have also been willing to put novel and creative approaches on the table. some are workable, some might not yet be workable, but it is critical for new ways of thinking to be explored to address this problem. because to a person, we are certain that u.s. intelligence, defense, treasury and homeland security departments and agencies appear to be inadequately constructed or attuned at present to address the way these threats are evolving. the u.s. system for detecting, evaluating and addressing the cyber enabled threats is insufficiently focused on the matter. this raises concerns about america's preparedness for identifying and responding to existing economic threats. and the inability to match the rate of the evolution. and with that, i want to turn to our first panel that examines the evolving nature of this
6:08 pm
debate. we're honored to have three highly knowledgeable and well-regarded individuals. so our format is, that each will speak for about ten minutes. and then we will open it up to q&a for another 20 or 30. so first up is the honorable juan zarate. he served as deputy nshl security adviser for combating terrorism. his phenomenal book explores the evolution and importance of this new era of economic warfare. juan serves as chairman and senior counsel for the -- >> this is a wonderful turnout. i want to thank the hudson institute, and mark dubowitz for
6:09 pm
hosting today. sam, thank you for your leadership, for shepherding the authors for this important piece of work. i would commend all of you in the room, and those watching online, to make sure to pick it up and read it. because the contribution at least from the other authors in this compendium are incredibly important. i'm honored to be here today, especially with steve and mike, to discuss these issues. i want to thank sam, too, because she gave me an opportunity to write a bit more about the issues that i began to explore at the tail end of my book that i think are critical as we look forward. what i want to do is discuss with you, and maybe open up the discussion for the panel to talk about the convergence of financial and cyber warfare. because as sam has laid out, one of the interesting dynamics of the 21st century, how dynamic, how fluid, how interconnected both the global financial and cyber domains have become, and
6:10 pm
how interdependent they are. the reality is, the more dependent that the u.s. and western economies become on those globalized interconnected cyber systems, the more vulnerable we also become to the potential asymmetric impact, and effects of those who may try to attack, if not affect u.s. interests. and so what i would like to do is talk ha little bit about what that convergence looks like, starting first with the discussion of the nature of the threats. and then what this means strategically. because i think where we are now is we're facing a very dynamic and shifting threat landscape. but also a dynamic and shifting strategic landscape, where the threat of asymmetric capabilities is really upon the u.s. and has really been identified by the dni, and others in the u.s. intelligence community. so let me start first with the threat landscape itself. in particular, the actors involved in this space.
6:11 pm
it's clear that actors around the world, be they state or nonstate actors have realized there's asymmetric advantage in using cyber tools, using tools of financial or economic warfare to their advantage. that in many ways, it provides a low barrier to entry and asymmetric advantage to think about the use of these tools in a much more aggressive way, to attack u.s. interests. in many ways, it's laid out the 20th century, in the beginning of the 21st century, dominated not just by the american economic dominance, but really a dynamic where the u.s. found creative and innovative ways to use power and influence, and reach to get the rogue activities from the financial system. we're seeing this play out obviously in the negotiations with iran. we're seeing this play out to a
6:12 pm
certain extent in the debate around russia. the ability to use financial and global tools to isolate rogue behavior has large by been the province of the u.s. government and u.s. policy. but u.s. competitors, and threatening actors realize that those very same tools, those very same mechanisms, some of the same strategies can actually be used against the u.s. for asymmetric advantage. so you see a full spectrum of actors playing out in this space. realizing this dynamic. super empowered individuals, hackers, for political or other reasons, profit often using these tools to go after the financial system, in particular banks. sophisticated organized crime groups using deep expertise found easily on the internet, beginning to infiltrate banks and the financial system.
6:13 pm
intelligence services, figuring out how to use these tools for state and nonstate advantage. again, for profit and for political purposes. and then finally, nation states. some of them major powers like russia and china, others marginalized like iran, syria, north korea, figuring out ways to use these very same tools to influence. and we've seen plenty of examples of that. one of the advantages to these actors is the low barrier entries. as we often say, it's not very costly to get into this game, or to be on the offense. it's incredibly costly to be defending against these. but there's a supply of expertise available on the internet. often sold to the highest bidder. there is the dark web that provides access to those willing to play in those dark alleys of the internet, and to connect with those with expertise. there's open source protocols and programs that allow individuals and small groups to have global reach.
6:14 pm
and there's weak defenses globally, whether it's at opm, or in other systems around the world where small or relatively weak actors can gain access to prized information. and so you have a spectrum of actors with a spectrum of capabilities that provides a low barrier to entry. and begins to challenge the u.s. system and dependencies. now, the tools of disruption, and potentially even destruction are many fold. you have spear phishing techniques and attacks, which are common in the cybersecurity space. you've seen d-dos attacks, increase in sophistication and frequency. you've seen malware evolve into some pretty dramatic and important ways, in particular, attacking the financial sector. you've seen trojan horse
6:15 pm
attacks, which may portend potential destructive malware attacks. these aren't imagining or hypotheticals, we've begun to see them. the jpmorgan attack last summer. a good example of the potential for vulnerability as well as destruction. the dark seoul attack led by the north koreans affecting south korean banks and operations. the denial of service attacks led by the iranians and syrians against western banks which continue to this day. the attacks against the middle eastern banks in 2012. the nasdaq hack, which has not been fully determined, or figured out, in october of 2010. matched with significant infrastructure attacks, like ramco and others. portend the real series of adaptations and attacks on the
6:16 pm
financial system in a way that is strategic, systemic, and important. now, let me move just very quickly to discuss why the financial system, in particular banks have become such an interesting and important part of this landscape. as i've often said, in many ways, the international global banks are now the center of the cyber storm. and that's for a few reasons. one, banks in the financial system, where the money is, right? so if you want to profit, if you're an organized criminal ring that just wants to make money, you want to engage in fraud, that's where you hack. that's where you attempt to get access to data and to money. it's also where intellectual property, sensitive information may exist, informational data important to data, also intellectual property important to deals and companies that are engaged in mergers and acquisitions, and attempts to enter new markets. so that information becomes valuable to a whole host of actors.
6:17 pm
banks over the last 15 years have also become protagonists, and many of the national security issues and debates that affect rogue actors and countries. so the very isolation of iran, for example, from the global financial system has been driven in part by what the western banks have decided to do, or not do, in terms of business with the revolutionary guard, or iranian companies and fronts. and also, actors in the space, the full spectrum that i described understand that banks and the financial system are part of the key vulnerability and a systemic risk for the west, and for the united states. and so some actors, no doubt the most destructive among that spectrum, would find it incredibly advantageous, if not helpful to try to bring down the system in some way, or to destroy the trust that is at the core of the international financial system. what hank paulson once called the magnificent glass house.
6:18 pm
and so the banks, the financial system find themselves in the middle of the cyber storm at a time when the asymmetric environment is evolving. evolving in some interesting ways. as sam mentioned, and as the report lays out, the u.s.'s vulnerability is increasing over time. with hybrid warfare, and gray zones of warfare beginning to evolve as parts of national doctrines. we see this clearly with the russians, thousahow they're thi about the use of proxies in cyber capabilities. you see this as well in the environment where there's much more fluidity than in the past with rogue actors able to interact, and profit with and for each other. so the chinese government able to use nonstate actors to hack, and to claim deniability of those attacks. the syrians and iranians developing their own capabilities, perhaps relying on others. the north koreans clearly
6:19 pm
developing capabilities as seen in the sony hack and attack of last year. so there are enormous adaptations happening due to the technologies, the global connectivity of the system, but also strategically with these rogue actors, with these challenging states, thinking aggressively about how to use these tools. and i know the next panel is going to get into some of the defensive dimensions of this, sam, but i do think it's worth mentioning, at least some of the ideas that i put forth in my piece, and that i know we will discuss here, because there has to be a new way of thinking about the strategy. there has to be a new way of thinking about these tools, in ways that not only puts us on the defensive, but also on the offensive. and thinking about more aggressive public/private partnerships and paradigms that allow us to create not only defense in-depth, but also denial, strategies of deterrence, which we have yet to do using financial tools like
6:20 pm
the president's executive order from april 1st. perhaps some tailored hack back capabilities, in particular instances, perhaps with cyber warrants. when the government gives license to the private sector to protect its systems, go and destroy data that's been stolen, or maybe even something more aggressive. and then finally, developing the redundancy of our systems, so it becomes less attractive as a strategic tool for our adversaries. so with that, i hope that's a helpful way of framing the issues. it's a much more dynamic environment not just in terms of the threats, and the technology, but also strategically as we look at the landscape. >> that's fantastic. i look forward both in the q&a from this panel and rolling into the next one, to discuss some of those things that juan laid out at the end, particularly the hack back, which is a very interesting topic. next up we have steve chabinsky,
6:21 pm
who's general counsel and chief risk officer for the cybersecurity technology firm crouch strike. mr. chabinsky served for over 15 years with the fbi, where he helped shape many of america's most significant cyber and infrastructure protection laws and strategies. as deputy of the fbi cyber division, mr. chabinsky helped oversee fbi strategies, intelligence analysis, budget and policy development and execution, and major outreach efforts and focused on protecting the united states from cyber attacks. so mr. chabinsky? steve? >> thank you. juan, those remarks were so good. all you've left me to do is actually pull some of the subjects you brought up. where you really started, you know, where you ended is where i'm going to start, which has to do with strategy. where are we, where should we be. we actually have a failed strategy right now. the way we know this is we keep putting more resources, more
6:22 pm
people, more effort, more policies in place, and the problem keeps getting worse, right? by no stretch of the imagination can someone say that's going well. even our best efforts, to the extent we say we're doing well over time, it doesn't compare to where the threat's going. so we keep -- that differential keeps getting further. i want to address why i think we're there. but first, i really wanted to summarize in my view what those are doing to us from an economic warfare perspective. what we're actually doing to ourselves in response that's making it worse, and what this portends for our future and hopefully what we can learn from that. what others are doing to us, as juan has mentioned, goes across a full spectrum of activities that range from stealing confidential information. some highly sensitive information. intellectual property which gives our businesses, not only a fair market condition, but over
6:23 pm
time, we've seen us to become economically powerful enough to sustain our military capabilities. and private information about individuals that we're seeing can be used both to defeat consumer and citizen confidence, as well as used against some people depending how sensitive the information could be used for espionage purposes and blackmail and extortion. the ability to capture information also shows the ability to change information, and to destroy information. and juan brought up a couple of those examples. the aramco case, in which a company in the middle east wakes up to find 30,000 computers essentially destroyed overnight. but it's not only about data. it's also about physical systems that are being run. so if you change the integrity of nuclear enrichment, for example, which we've seen capabilities that can be used, which could also be used against
6:24 pm
us, or manufacturing products, changing integrity to chips, components that go into military fighters which we've seen through supply chain attacks. what that shows you is there are a number of ways for the adversaries to both react, come at us, and how they get into systems. it can be remotely. you hear about the phishing attacks. it could be through the supply chain as we mentioned. products are being created all over. it could either be in the design, the manufacturing, the delivery stage. and it could be insiders that are sent to our country, which is fairly liberal, in terms of work visas and the diversity of our work force. so the vulnerabilities are enormous. and now, let me step back to how we've responded to that. because economically, we've responded in the worst possible way. what we've done is we've sunk billions of dollars of our budget into the least probable method of success for cyber
6:25 pm
strategy. now, what we've done is we've focused almost entirely on vulnerability mitigation. we are expanding our surface area of the internet. there's one brand that just the other day, the u.s. government told all hospitals to stop using a particular type of infusion pump because they're worried through the hospital's enterprise network, hackers could get in and start changing the delivery of medicine to patients. we saw, of course, a car being demonstrated -- the demonstration of a car being taken wildly offcourse. vulnerability mitigation is a fool's errant, if you think that that will work against determined persistent, so fis ti skated, all-spectrum actors that we're up against. it doesn't work in the physical world. what we do in the physical world, you do a certain amount of vulnerability, you lock doors, lock windows, but there's
6:26 pm
a point if an adversary wants to get in badly enough, whether it's rappelling through the roof, cutting through the ground, they will. and we change our strategy quite quickly to threat deterrence. which juan also mentioned. the idea that we concede the ground, we say, it is possible for you to get in, but no longer will this be about me protecting myself. it will be about me going after you. and the principles of threat deterrence involve detection. you don't know they're there, it's pretty hard to deter them. we're seeing routinely organizations, agencies, corporate industries that are very mature, taking in excessive of 200 days to know there's even an attacker on their system. so you have to be able to check them. either based down through the person, or who's behind it, or responsibility model is perfectly acceptable. we don't know if it's you, but you're responsible for stopping it because it's coming from your area. and then penalties. some penalty based deterrence.
6:27 pm
currently, for what we're seeing in the advanced space, is they get caught, and they get to try again. they don't succeed at first, but they try, try again. that model has to change. in the physical world, we put up alarms. and so that immediately says it's for detection, right? you put up cameras for attribution. when your alarm rings at 2:00 in the morning and it goes to the monitoring company, the monitoring company call the police, they don't call the locksmith to come over. it's about penalty based deterrence. and you'll note from an economic perspective, that what we've done to ourselves in response, we are bleeding ourselves dry financially with our response because it has led to two concepts. one is diminishing designs on our cybersecurity investment, meaning every dollar we're spending now is no longer worth the same amount as when you started off. at the beginning of a program, just like in the beginning of
6:28 pm
physical security, the dollar might be worth $100 of protection, or maybe even more, and it inches slowly towards having $1 represent $1 worth of security. far worse is we're actually now in the system of negative returns, meaning every dollar we're spending is actually making things worse. because it's proliferated and escalated the problem. and we see this every day play out in the newspapers. those of us who are seeing victim clients. the bad guys, when you defeat them, they don't just give up. they say, i used to have a life of crime, now i live a life of law. it doesn't happen. they find alternate routes. we just heard about nation state using stenographer through twitter accounts to control boughtnets. it doesn't stop. and so what we've done is we've spent our money, and it's
6:29 pm
resulted in an escalation of the problem. similar, for example, if somebody were to -- if someone were to break into your place of business and the response was, well, why don't you put up a 10-foot wall at the price of $1 million around your complex, then they go out and purchase a 15-foot ladder for $30, and then the response is, you know what? 15-foot ladder, make it a 20-foot wall. we all know what's going to happen next. but that is happening to us here. so not only are we falling victim economically, to the fact that our intellectual property is being stolen, fair markets are being distorted, our bank and finance system itself is vulnerable, as is the rest of critical infrastructure, but then our response has actually furthered our economic dependencies at a loss of viability for our security. so where do we go from here? that's really where the second panel is going to answer the
6:30 pm
questions. but certainly, i think that threat deterrence has to be the predominant focus, using all elements of national power, military, law enforcement, and consideration of the private sector's role. for that, we have a global private sector. it can be very influential. this is not just a u.s. problem, of course. and as we think about that strategy, the other thing that we really have to be concerned with is how the political and economic warfare that we're facing can result in a crisis of confidence in our country, which could, of course, be as severe or more severe than actual consequences. i think we're facing the real potential of a crisis of business confidence, the ability to be protected in today's global economy. consumer confidence, the ability actually to do anything online
6:31 pm
any longer, to take advantage of technology. like infusion pumps, insulin injection pumps, automobiles. it can face a consumer backlash. and citizen confidence, if we feel that the country cannot protect us. and it's actually subject to extortion at any given time. in this country, we have police forces who routinely are being extorted through ransomware, and which organized criminals are breaking into police force computers, not only police force computers, and telling them if you don't pay us our ransom fee, we'll delete or destroy or just not allow you to have access ever again for your records. police forces are paying extortion to foreign criminals. what happens when that happens at a nation state level against us? is it already happening and you just haven't been apprised of
6:32 pm
it? and with those remarks, i'll pass it on to the distinguished congressman. >> that's fantastic. >> time for a drink. >> it's afternoon, yes. we are really pleased to have chairman mike rogers addressing us today as a former member of the u.s. congress representing michigan's eighth congressional district. a member of the u.s. army, fbi special agent. mike really is in a unique position to shape the national debate on a wide variety of issues, including this one. he hosts the nationally syndicated something to think about with mike rogers on westwood one. with his time in the u.s. house of representatives where he chaired the powerful house intelligence committee, was a member of energy and commerce. mike built a legacy as a tireless and effective leader on cybersecurity, counterterrorism and national security policy. we welcome you, mike. >> thank you, sam. what i learned today is steven was an fbi agent that was
6:33 pm
apparently assigned to catch smart criminals. i was the fbi agent who was apparently to catch the dumb ones. so when they needed a door kicked in they called me. when they needed to catch the guy in russia in his mother's basement on the computer they called you. i've had the opportunity to meet and spend some time with all your panelists you'll see today. and all of the authors of the book. i highly recommend it. believe me, i've read a ton. this is to the point, provides you some unique talking points that is a little bit different. a little out of the box. i love that thing. i spent this weekend reading it. when i walked into the room today with all the panelists, it struck me that the iq on the room on average went down 15 points. i don't know why that happened. oh, come on, people, lighten up, for god's sakes. two things have happened in the last decade we just don't talk about. we don't want to talk about it. we have had a strategic erosion in our dominance in both cyber
6:34 pm
and space. so you think about in 2007, when the chinese launched a rocket that took out a satellite humming around the -- our earth at about 11,000 miles an hour and hit their target. thankfully it was their own. you think that from that day forward, and then a whole host of other activities, including what someone called killer satellites, americans dominance in space came to an end. we no longer were uncontested in space. you think about how reliant we are on space for everything we do in our economy. that was a fundamental change. and that meant policy makers like us had to start figuring out how we counter that. now you have to launch a satellite that not only can do its mission set, but can protect itself. that is a whole new ball game when it comes to space. about half of all the satellites up there don't belong to the united states. some of them are up to some pretty nasty things. then you take cyber. we watched this problem happen year over year over year.
6:35 pm
here's the thing. here's the good news about the former dni mcconnell's comment, if we were in a cyber war, we would lose. if we were in a cyber war, we would lose, that's the good news of it. here's the bad news. we are in a cyber war in the united states, and we are not winning. it's that bad. and it is getting worse. so you think about where we are today. most of our financial system is under attack. some successfully, some not. we now know, and you'll hear from other panelists about how the new generation of technology, which we pride ourselves in, making a car do amazing things, is now susceptible. airplanes have been hacked. they're susceptible. our electric grid has been penetrated. it's susceptible. what they don't tell you in the second part of that, don't worry, nothing to see here, move along, we've got it fixed. why? because we don't. the fbi just came out with an
6:36 pm
interesting report that year 13 over year 14, there was a 53% increase in economic targeted american business espionage. 53% increase over one year. and the bad news was, it was outrageously bad the year before. why? no consequence. all right? they have been absolutely able to get away with it. china has built an entire economy on stealing intellectual property, not only from us, but from our european allies and other asian allies. anyone that has a company that has intellectual property is subject to getting it ripped off. and likely, they have. we've watched this problem get worse. i get worked up about this. i just read today where department of homeland security has issued a letter in opposition to the one piece of legislation the senate is ready to move here called sissa, for
6:37 pm
those of you who are familiar with our bill called sista, all that tells you is we've got problems with acronyms in congress. for the one reason that it allows companies to directly go to certain intelligence agencies to share malicious threat code. which by the way, has been happening intermittently in the past. so the one thing that we looked at in congress and said, here's the biggest problem, we have to foster sharing. everybody said sharing is the key word. if we can share malicious source code in realtime, zeros and ones at light speed, we might, might be able to put a dent in this. so what you're seeing, and why we have watched it happen year over year, now there's a bill out there that i think could be very, very productive, allows and protects those relationships so that companies can feel comfortable knowing that their information is safe in saying, we have this malicious source code. you have to help us with this. we don't know where it came from. now our own government is going to work against itself for god only knows how long, again, over
6:38 pm
the details of how we come up with a cyber sharing regime in the united states. in the meantime, i mean, i think the first bill was passed in 2013 by dutch and myself in a big bipartisan vote in the house. we're going on certainly two years. likely it will be three years. we still can't come together, the white house can't talk to the congress, the senate can't talk to the house, the house can't talk to the senate. in the meantime, how many trillions of dollars have we lost in potential economic gain, and real dollar loss? billions. billions and billions and billions of dollars. the one trump card that they will throw down, and they did it in the dhs letter to stop the legislation is, quote, we have privacy concerns. that stops everything. in the meantime, the russians, the chinese, the iranians, unfortunately now the north koreans, we could list about 15 other nation states, are already on your networks. they're stealing your
6:39 pm
information pretty much daily. at ease, again, with no consequence. so think about where we are today. space, we are no longer the dominant player in space. it is now contested. now, our technology is better, clearly, in many cases. but now we have to worry about the safety and security and the survivability of many of those old systems, including some of the relatively new systems that we launched into space. big problem for any business anywhere in the world. let alone how tied we are to the economy. on cyber, getting our clocks cleaned. now the intelligence community is going to set up its own version of a cyber center, to try to police up its act. i think this is probably a good idea. we didn't even know all the capabilities amongst our own intelligence folks. why? people kept throwing down the privacy note and we stopped everything for two years. we couldn't get the intelligence community together to share the information in a meaningful way. nobody's reading e-mails.
6:40 pm
in order to push back on what we know is a serious and growing threat to the united states. couldn't quite get ourselves there. and the last part of this, in 2014, was a huge policy shift that we all, as americans, kind of yawned and moved along. we had two nation states, not the most capable on our list of nation states we worry about, make the calculated decision that they were going to use their nation state capability to exact an economic punishment of a single united states business. now, normally, if somebody went in and blew up somebody's warehouse and they fired a missile or sent some sabotage group from somewhere across the world into the united states to do that, act of sabotage to further its political gains. clearly fits in the definition of terrorism at the very least. we saw nation states in 2014, and both of those cases now are public, one is the sands resort
6:41 pm
casino and the other is the sony case, both of those involved nation state cyber capability and cyber actors. the problem, and i think what the panel has said today, is where is the deterrence to doing that? there is no deterrence. they're not going to stop. they're actually going to increase their ability to have the capability to conduct those kind of attacks. and they will continue to pick companies of which they find vulnerable to do economic and real destructive things. the sand resort casino, it was a similar type of arrangement where the ceo gave a speech about why iran should not get a nuclear weapon. they decided that wasn't an affront enough they could use their capability to attack the sands resort casino, they ended up penetrating a casino out in pennsylvania and worked their way back to their headquarters, took them a long time to do it, they were determined, before they did millions of dollars worth of damage at that headquarters. for a political purpose.
6:42 pm
america's response? not much. and so we have kind of yawned at this notion that we have this problem, but as long as i can get to starbucks with my app, and i can pay for my parking on my iphone, everything must be okay. the problem is, every day we erode our ability to protect a growing and more complicated system. lastly, we are getting ready to add 28 billion new applications to the internet. everything from your garage door opener, and i don't know about you, but every time i walk by my refrigerator in my house i think it's working against me already. thinking that it's on the internet working against me as well. this is a huge problem for us. and i think you'll hear a little bit about this on the second panel. especially with the automotive focus. we're going to add all of these devices, not one ounce of security prevention has been planned in any of it.
6:43 pm
and one of the biggest things that happens to you when you have an application on your network is if you talk to your security folks, is they probably don't even know that application is on their network. there are good companies coming out now, understanding how you map -- adequately map in realtime network. it is harder than it sounds. nobody has completely 100% mastered it. some have come close. but on your private sector networks, there are huge vulnerabilities built in. that even the best security companies, so you ask, why does a serious financial institution on the west coast get penetrated? they spend $250 million a year on security -- cybersecurity alone. $250 million. they can penetrate it. why? it's because the complicated nature of network and how you manage the network, and even understanding what application is on it. i always say that this is not just a technology problem, it's an anthropology problem, too. it's a people problem.
6:44 pm
if you wonder why the chinese have stolen as much data that isn't related to a criminal act and from medical, and the list is pretty long, we could be here an hour going down the list, certainly the opm, they have lots of really detailed personal information, why would they do that? 85% of all the success rate of a chinese penetration of your network comes from a phishing e-mail. imagine the e-mail i can create if i know everything about you for the last ten years, and i mean everything. and i also know when the last time you you went to the doctor, and exactly what you had done at the doctor, and what your billing status is. imagine that e-mail that comes to you at work that says last week, mike, you had your knee looked at, you had it x-rayed, i think i screwed up on the billing cycle. can you confirm this is your x-ray? yeah, i was there last week. the e-mail came from my doctor,
6:45 pm
at least it looks like it came from my doctor. i click on it, they're in. 85% of the chinese success rate. they just increased their target rate by 63%. i'm not the smartest guy in the room, but in the fbi we would call that a clue. we've got problems abreuing. i appreciate the discussion. and thanks for including me. >> that's fantastic. we have about 15 minutes or so to really open up for questions. focusing on the evolving threat. and from this panel, it became clear that the evolving threat is both from our adversaries and against ourselves as well. so i don't know if someone has a mic, or small enough room. sir? >> my name is george. my question is, is there like any difference in the approach to cyber warfare between the
6:46 pm
public and private sector? can we say the private sector go one way, the public sector go another way? is there an approach to that? >> thank you. >> i want to take a little bit of a different perspective from my panel. i worry about this. 85% of the networks in the united states are private. and contrary to popular belief, and the national security agency is not on those networks. they're not. not unless they have a warrant to be there. and that is highly unlikely. and so what happens is, you have this intelligence services overseas trying to collect information, bring it back to protect the government. what we want to do is share that information in realtime, so the private sector can protect themselves. that's where we are today. it's not working very well. sharing is terrible. nobody wants to do it for reliability reasons. good reasons not to share, that hopefully we can fix, here's the problem with the private sector saying to heck with it, i think i'll go ahead and flick whoever
6:47 pm
i think did this. attributes, determining that attack to a nation state or international criminal organization, there are capabilities all over the map. some can do it very, very well. some think they can do it very, very well. some don't have a clue how to do it, but wouldn't stop them from doing it anyway. the government would then be in the responsibility of how do i protect 25 businesses from what would be the second order impact. if i attack you, you come flick me in the forehead, i guarantee you they're not going to sleep on it overnight. they've already been trained there's not much of a consequence to doing this. how do you contain that? if we don't have a good policy on this -- i always argue, you've got to have a good defense before you go out and do something bad to your neighbor. if you're going to punch your neighbor in the nose, hit the weight room for a few months first, because he's likely to hit you back. the problem is, we have no good defense today for the 85% of the
6:48 pm
networks. so the companies who are really good at it, they would be fine. a lot of companies i wouldn't have any problem doing that. the problem is, what do you do when they take out the 15 companies that are their suppliers that can't withstand a cyber attack at all? now what do we do? now we have an engaged private sector against a nation state that we're watching happen as a government entity? what do you do? now from a government entity, we have all kinds of ways to stop -- to de-escalate any event. you have none of that in cyberspace. we have to get all of that right before we allow them to have it. >> real quickly. i just love being on this panel with these gentlemen. it's awesome. three problems. you've identified a critical question. one, the adversaries we're talking about don't differentiate between public and private. in many ways, you know, the autocratic states in particular, it's all one thing. their economic power and influence is a part of state
6:49 pm
power and influence. the chinese have actually identified their banks as a strategic asset. so starting principle is that our adversaries in this space don't differential yat. secondly, if we think about national defense resilience, health, you know, our health system, our financial system, our infrastructure is a part of that. so in some ways, the clear divide between public/private in many ways in this environment doesn't make a lot of sense. the third point i would make is, i think one of the challenges, and mike referenced this is, how we interact between the public and private sector. information sharing is sort of a leading edge of that question. but also, it's a fundamental question of our national security architecture. how do we actually enlist the private sector in a way that enables them, defends them, and makes us part of a national resilient campaign when there's a clear blend? and one sort of way of thinking about this, and maybe this is
6:50 pm
where mike and i disagree, i do think there's a way of thinking about this a bit more aggressively. a cyber privateering model, taken from our constitution, the founding of our republic came at a time when came at a time when there was much unease about maritime security. we have a provision in the constitution for letters of mark rereprisal for the government to actually leverage privateers in the maritime security domain precisely because there was this blend of threats and this blended environment. i think we need to start thinking a little more aggressively because the environment itself doesn't differentiate between public and private. we don't want to do damage to our constitution or the way we foster the private sector and protect it but we also can't ignore the fact that the private sector, sand, sony, jpmorgan are a part of our national resilience and economy. >> you want to hear one more question? >> actually, i wanted to add one thing on this matter. it's something that both chairman and juan talked about
6:51 pm
when discussing the differentiation in our country with what's government owned and what's private sector owned, but it goes a little bit past that. in our country and most of the western countries, there's a very hands-off view to the internet. you have to let technology innovate and governments have it as a philosophy to not get overly engaged in the infrastructure. that's not happening everywhere in the world. so the countries that we've already mentioned that get thrown out, russia, china, north korea, they are vulcanizing the internet, you just don't realize it. they have filtering in place. they own the infrastructure, they're monitoring, they can take it up, turn it down, have resilient approaches. that relationship we have with the private sector were hands off but at the same hand it's not resulting in secure outcomes, isn't being followed everywhere. what we're seeing is as the rest
6:52 pm
of the world, those who tend to be the aggressors are really locking down their infrastructure, we're going in exactly the opposite direction in a way that really would not be consider ed -- i guess obvios when we do other things. for example, if i were to say i could develop one cell tower that has so much power that al you need is one cell power, you'll always have your four bars wherever you are in the country, the only problem is it will give you cancer. everyone would say that's a ridiculous invention. don't use it about i said i could build a car that would go 2,000 miles per hour. you'll be in california before you know it. the only problem is our roads aren't set up for it. everyone would say that's the most ludicrous idea i've ever heard. but you can develop anything regardless to the security consequences to our country. we really have to start thinking about what we're permitting and that relationship between the
6:53 pm
private sector and the government really has to shift and common cause to health, safety and security. >> great, thank you. we'll take a couple of questions. i just want to reference in the monograph, both in juan's chapter and in michael's chapter, there are discussions about letters of mark and, in fact, there's some really interesting footnotes about some law school articles that have been written specifically about mark in cyber that i comment you to. >> good afternoon. i just want to follow up on your last comments. a lot of the focus is how could we make the network more resilient. how do we, at what point do we flip the model like you just alluded to and start holding the actual manufacturers accountable in most of these intrusions, sony or elsewhere utilizing a
6:54 pm
vulnerability in adobe or flash or some other vendor's software that is running on that network? so what time do we start holding them accountable and start cleaning our own house? >> i think it's the wrong perspective, quite frankly. we don't demand perfect security in any other aspect of our life. i would never dream if my house got burglarized i should start going after the architect and the contractors to say that someone was able to tunnel underground. we're incentivizing products that don't have that level of security but never will. i can't say there can't be better job encoding and there are companies that have been done an excellent job and i'm all for it. but the fundamental issue wouldn't change that nation states and organized crime groups that are persistent and determined will always be able to break in sooner or later because it is impossible, based on vulnerability mitigation
6:55 pm
efforts, to secure a dynamic interoperable environment, which is what we have in the internet. the only time you see it in the physical world is something like a bank or a fortress. it doesn't move and it doesn't change much over time. you could really secure it. once you say we're going to actually meet up with everybody and we're going to change all the time through updates and upgrades and connections, that's the fool's errand. so the real choice here is how are we going to start taking some of this money and putting it into a robust conversation and intellectual analysis, right, bring actual analytic standards to options analysis when these things happen, how do we build platforms that when necessary are not better necessarily at being secure but are a lot better at detection, attribution and then figure out what our policy choices are. we might find out despite -- i think you took the card on this one, that some of the systems that we need the best security for coincidentally and a good coincidence have the least privacy concerns?
6:56 pm
like the electric power grid. if you work for the -- well, forget about smartgrid for a second. standard electric power grid, everyone wants to have perfect knowledge of who is on it at any given time. very low privacy demand. so that's where i would start. not by necessarily cleaning up the house from a vulnerability mitigation point of view which god bless if it can be done but figuring in real policy choices to give to our leaders in those areas that matter most. >> just real quickly. i think there's a different dimension of liability that's enabled. because the private sector bar and the plaintiff's bar to actually be a force in this environment. with the attribution revolution, there's actually an opportunity to think about class action lawsuits, key tam actions, victims of malignant cyber attacks, that allow victim
6:57 pm
companies, individual shareholders to actually go after companies that are taking advantage of the environment. chinese soes that are using stolen data, why aren't they subject to not just government action but potentially even private litigation? so i think the question of liability is an important one but i think we need to flip the model a bit more and power the private sector to actually be an actor in deterrent. >> i think we have time for one quick question. michael? >> just to get it on the record on this. >> just you get you all on the record with this -- >> how fast the tables change. >> is it fair to say that the u.s. private sector in cyber has no right of self-defense according to the law, that that is our policy? we have no right of self-defense? and the same way there's a duty to retreat, we have no right of
6:58 pm
self-defense. and i think i'd like to begin with juan because you advise banks on this. when you listen to the lawyers and the lawyers seek to work with you on this, do they feel that the bank has a right to defend itself when it comes under attack by either criminals or by nation states? >> i think part of this is how you define defense, right? because if you define it passively, of course we've got a right to defend and create layers and redundancies and the criticisms is they haven't done those. they haven't done a lot of to cyber hygiene they need to do in terms of employee awareness and et cetera. certainly we can do that. there's a lot of reticence in the private sector to the chairman's point to actually getting involved too actively. there's a lot of company that really don't want the very idea of hack back to be sort of active defenders of systems. they want the government to do it. they want more information to be able to do it themself. so in that sense, if you define defense broadly, yes, they do.
6:59 pm
do they have an active defense role to play at this point and is there a legal structure for that? no. >> i mean, defense of personal property is a justification, right? so it's an otherwise legal activity. i think it's very uncertain. we haven't seen prosecutions against companies. that might be prosecutorial discretion. we don't know what would happen if there was a case that was taken up. unfortunately, a lot of this is theoretical, but what i would certainly say is there's no certainty in this area. and businesses, unlike individuals, who are more likely to roll the dice, businesses hate uncertainty, right? and we're a nation that can't even get a national data breach law, right, we're stuck with dozens upon dozens of individual state laws in the area of data breach notification, right? so what's the chance of a company figuring that they have certainly of action even within the united states no less how that might be observed outside of the country where they are
7:00 pm
likely doing business. so i think the short answer is do they -- there's no clear answer to that. but that factor is enough to make it that big businesses that are responsible are not going to touch it. >> when you start talking about extra territorial aggressive defense, that's a loser from the point go. if you do not have proper legal authority, i think it's a disaster. mainly because, in a stand your ground circumstance, you're dealing with a personal threat to your life in the way the law is written it has to fit that criteria. this you would never make that legal argument here, number one. and number two, again, when you go -- when you decide your going to breach territorial jurisdiction and go after someone, you have opened up a can of worms of which is well beyond the scope of your threat. and that's where i think we have to -- and our policy is not there. we don't even in the united states have

48 Views

info Stream Only

Uploaded by TV Archive on