reason for having futures contracts is for those who want to avoid risk. but it certainly, also, provides a great opportunity for those who want to assume risk in search of profits. >> you've been watching booktv. 48 hours of book programming beginning saturday morning at 8 eastern through monday morning at 8 eastern. nonfiction books all weekend, every weekend right here on c-span2. >> coming up next on c-span2, "the communicators" talks with the president and ceo of one of the nation's top security software manufacturers.

>> among the provegs is a five-year freeze on a portion of the government's nonmandatory spending. white house budget directer jacob lew will present the proposal along with austan goosbee. you can see them live at 12:15 p.m. eastern here on c-span2. >> this week on "the communicators," a discussion about cybersecurity with dave dewalt, president and ceo of mcafee incorporated. >> host: dave dewalt is president and ceo of mcafee, and he is joining us from their company headquarters in santa clara, california. mr. mcafee, if you would start off by giving you an overview of mcafee and your own background. >> guest: sure, peter. dave dewalt here, president and ceo, of course, and mcafee is the largest dedicated

security company. we are entirely focused on security from consumers through corporations, governments. we do business in over 100 countries around the world. we've been in business about 23 years. we were one of the original inventers of antivirus by john mcafee way back in the 1990s, and, of course, we're doing a nice job building his company up, focusing in on the security marketplace, and it's very complex. as the ceo, i've been here at mcafee just short of four years now, and we have seen just tremendous change in the security space and tremendous change at mcafee. we went from, really, just an antivirus company with about 90% of our revenues in just one product area to really a full security company, network security, end point, mobile security and really a complete architecture for security from consumers to corporations. so thank you for having me and glad to be here. >> host: now, mr. dewalt, when you hear the term cybersecurity,

what do you think? >> guest: what do i think of cybersecurity? digital security. so, certainly, internet security, digital security, cybersecurity is what you think of when you think of that term, and it's really the protection of all things digital and all things in the cyber world, internet world is really the core definition. >> host: jill atour row of the washington business bureau joins us here as well. >> host: yes. thank you for sitting down and chatting with us. nice to see you. >> guest: thank you, jill. >> host: i'm going to start off with some company news that we heard about. i'm just curious what this means for the company's technology portfolios. does it change much in terms of the technology itself, or is this more just the uniting of two different companies to better serve the customer? >> guest: well, jill, i would tell you this is a great marriage between the two companies. i can't tell you how excited i am to kind of go to the next level with intel.

we've been working with intel for more than 18 months prior to the announcement that we did in august to announce the merger, and we really had an opportunity to build a road map, build a strategy together as we announced the merger. and this is really, you know, pretty much the same thing mcafee's been doing for many, many years, really now an opportunity to go faster at that strategy. and intel, as you know, a company who really prides itself on innovation, on quality, and really it's a great honor for us at mcafee to have security as one of the three pillars of really what intel's trying to do in the marketplace. and when we made the announcement, they've been focusing in on power and performance and internet connectivity, and now to add security as a mayor pillar is exciting for all the mcafee be employees. and, of course, as we go into the next phase of our company's life cycle, we're looking forward to a lot of new products, a lot of new

innovation and new ways to solve some of the nastiest, most insidious security problems in the world. so we're not yet closed with the acquisition. we're still in the proposed merger state. we need regulatory approval yet to finish the acquisition. but when it does, we'll be announcing some new products and some newark techtures that really have some great promise to make the world a safer place, and that's really our noble cause, if you will, as a company. >> host: is it a marriage of -- a quick follow up on that. is it a marriage of resources and research, or might we actually see some security getting baked in at the processer level? is that even to -- is that even possible? >> guest: well, yeah, it's a combination of all those. certainly resources are important. mcafee being a public company, we have certain resources we can expand on, and we do that all over the world. but with intel now we have an opportunity to have even more. and not only is it financially

acreetive to intel so good for share lders, but also good for mcafee employees because get to innovate, do more than we ever could before, and particularly the insight from the silicone layer is critical to solving some of the problems we're seeing in the market, things like what's called root kit and mall wears that, essentially, really below the operating system. and this is what gives us this new model opportunity is what we call hardware-enabled security. the architecture will be open to our competitors both at the chip layer and the security layer, but this innovation is unique and, i think, long overdue. and we're excited to bring new products and be new ways to solve, you know, some of these challenges the world is facing, and we have a lot of them in the cyber world. >> host: dave dewalt, in a recent op-ed this hill newspaper, you talked about strengthening cyber defense and gave some advice to the u.s. government. there were three points you

made, and i'd like you to expand on these. number one, define public and private partnership. number two, develop security standards and best practices collaboratively. and number three, reform the federal information security management act. if you could start by expanding on number three. >> guest: yes, sure. i mean, what's called fizz ma as you just described is legislation today that, essentially, can allow auditing and compliance for security architectures. and what we think we need to do is take the basis for some of the policy, some of the auditing, some of the compliance that's in place today and make it more robust. continue to expand what's already in place. for example, there's a lot of organizations and entities and agencies that adhere to fsma today, but there's many that do not, and we need to extend it to areas of critical infrastructure

that's critical for all of the citizens of the united states' security. you know, transportation, banking industries, energy, utilities, oil and gas are all really important areas of what we do. so how do we take an architecture and extend it to, you know, other critical areas of the organizations that are important to everyone in the world? and this could be expanded beyond the borders of the united states as well. when we look globally, there's very little common architecture for how we can put security architectures in place worldwide. we need to evolve to a better architecture and a better compliance model. each country does it different, each organization, each agency even does it different. so how we evolve is really key, and that goes to the first point you mentioned, peter, as well. we need standards in most i.t. areas we have standards. think about the database with what's called sequel. think about other areas that

involve standardization bodies who regulate how and which we architect our products. security doesn't have that. we need to continue to evolve of that. in many ways mcafee's taken this on on our own. we built an architecture that's open, we involve a lot of third party companies that can interoperate with our architecture, but we need to advance that to an industry level as well, and that just is really important in today's environment. and the critical part of that is really number one that you mentioned, too, public and private partnership. we have to do this together. to have standards, to have compliance, to have architectures has to be collaborated together. government and commercial. and we're doing that. we're making good progress, i think, worldwide on our public and private partnerships. united states government's been great at reaching out to the, really, the whole private sector to get input. but we've got to keep evolving. how do we get those standards in place, how do we collaboratively work together to evolve what

we've got to do which is protect ourselves more than we are today. >> host: dave, you mentioned expanding fsma, but there's been quite a bit of criticism in the sense that there's somewhat of a paper-pushing exercise. there have been efforts to fix that focusing on continuous monitoring and so forth. have they gone far enough, and beyond the efforts of the administration to fix fsma, are the agencies following up, and is the cultural change within the agencies happening enough that they're actually, also, changing how they approach security? i mean, is sfma where it needs to be to address the security issues out there right now? >> guest: well, i think you hit on the point that's frustrating for everybody. fsms is very onerous and challenging for governments to adhere to. we need to streamline it, we need to make it easier to understand. and one of the problems is education around it. most organizations don't know exact hi what it is -- exactly

what it is they need to adhere to because it's been evolving. but that's okay because it's a starting point, and i'm encouraged to see we have some foundation in place. but like anything, we need to evolve it. and we need to make it easier to adapt, easier to use, easier to adhere to, and that's the next most important phase we're in. keep working together with private industry who can provide tools that can help organizations adhere to fsma, but make it easier for them. so, again, like you said, public/private relationship and ability to respond to standards and architectures is really the couple of components needed to make it all better. >> host: and it's interesting, you hear so many may notes in terms of how long it takes federal agencies to procure tools and buy them from industry. the defense department said it took 81 months in the time when a program was first envisioned to the time where it becomes

operational. by then you know in technology it's three generations old. so what needs to change in terms of how government buys the technology to allow a company like mcafee to better serve the agencies to improve the security? >> guest: well, you're pointing out another challenge. if fsma process, the certification process takes too long and the buying process takes too long, you know, it's a challenge. and, certainly, the world of security is very dynamic. we see new mobile devices, new operating platforms, newark techtures emerging every day, new challenges. we just saw wikileaks, we've seen some of the problems emerging in those ways, and we have to respond quickly. so, you know, part of this is to create, again, private/public relationships where with we can very quickly certify our products to be used in government. we need great ways to audit those products once they're deployed, and it's just speed and mobility that i think is the missing aspect that we don't have today. and we're working on it, and i

can tell you many examples where, you know, we were able to use the proper processes to make procurement a whole lot less than 81 months, but at the same time, you know, we have to keep working on that speed. it is an important part. nimbleness and the ability to procure in the world of security is a quintessential component to making scheuer secure. >> host: and, you know, you bring up wikileaks, can't resist following up on that one, needless to say. [laughter] a lot of people would argue that was not a failure of technology, but a failure of process in terms of how those documents were exposed and released from federal government. how do you deal with that? how do you deal with insuring the proper technology is in place which i think you and i would argue is not the case yet, but also insuring that the people that are within the agencies are following the proper procedures to insure that the security, you know, is topnotch and that the tools are being used as they should? >> guest: well, jill, you just hit on it. you know, there's really three things that you always see when you have, when you have a

problem. you either have a lack of, you know, kind of a process, a lack of a product or, you know, some sort of lack of people or some sort of breakdown in the people side. and really in this case with wikileaks we saw the people break down a bit because, certainly, an insider caused some of these, you know, leaks. we saw a breakdown in the process. in this particular case, some of the product was even in place that could, could block this. but in the world of cybersecurity we're see the evolution of these threats come in each of those vectors, and if you don't fix each of those areas, having the state of the art product, state of the art process and education, the people, you're not going to be able to, you know, prevent these things from occurring. so what we learned from wikileaks is we've got to improve our process, and this was a good lesson for, for everyone in this particular case, is what rights of access do personnel have, how do we

continue to audit and monitor employees that do have access to classified content, how do we make sure that we have quick ways to resolve it if there is a process breach or an employee breach? and these are the things that i think we're learning as we go on. and, of course, we'll see more of these, without a doubt. in the world of data today, it's so mobile, it's on so many devices. you know, we need to improve all those areas in order to be more effective in the future. >> host: dave dewalt, you talked earlier about the borderlessness of the cyber world. can you speak a little bit more about that and how you, how that conflicts or works with 100 and some different national governments? >> guest: yeah. i mean, borderless, i mean, what is the internet today? the internet is borderless, it's global. it's one of the greatest treasures we've had in the 21st century and the 20th century is this development of the internet. and it has tremendous appeal to capitalism, to our ability to

grow our commerce and our gross national products all over the world. it's been phenomenal. but the other edge to that has been securing that internet and how do we secure both privacy as well as the ability to invoke crime or even terrorism or even warfare on the internet? and so we need governments to work together, and this is probably the biggest challenge the world is facing, in my opinion, move being forward is how to cooperate together as a global community to secure what has become fundamentally as important as anything else that we have in the world as the internet. so we have to eradicate the crime that's online. we need to work together to proper law in place. we need to have borders that are really seamless now to find, really, you know, the criminals that are out there and put 'em behind bars. and, of course, it's very virtual in the way crime works online. the same with terrorism. terrorism is moving, you know, from physical to cyber, and,

again, it's going to challenge us as global governments to work better together in order to solve these problems. we've made some progress, but again, we have a long way to go. we haven't really ratified a lot of the legislation that's been put in place in the world today, and we need to continue to evolve to do it. it's just the key, i think, to our next generation in being able to solve some of these challenges. >> host: i also wanted to follow up on your comment about wireless. you were recently quoted as saying mobility or wireless is our number one poke right now. what did you mean right now? >> guest: well, we're certainly seeing an explosion in mobile devices. you know, i'm sure for you, peter and jill, you probably have devices you've probably acquired in the last few months. we've seen a tremendous explosion of new device types, and apple made this, you know, obviously famous in the last six, nine months with the launch of the tablets and the ipads and the iphones, and the world is changing very quickly

especially in large governments, in large corporations where with what once was really largely windows, endpoint devices that most employees and most citizens would use is now being evolved to smart devices like tablets and phones. so for mcafee, we're focused where the threat is. and our goal is protect whatever consumers or employees use. and now employees are using more and more of these types of devices. so just in the last six months we've really created a very strategic imperative as a company to protect these devices. we've acquired two with companies, state of the art companies that can do this. we've evolved our own product road map to be much more focused on the world of mobile computing. we've developed partnerships with telecommunications companies, mobile operators, mobile device makers to really bring what we've done really good job in the pc windows world to the mobile world as well. so in 2011 we've really seen the

mobile environment as probably our biggest threat. and, of course, from a security point of view we need to protect that threat. and we're focused on it, and we have a lot of solutions to offer the marketplace as a result. >> host: this is cell c-span's "communicators" program. our guest is dave dewalt of mca key. also joining us is jill eye tour row. >> host: we see a big transition to social media that's been growing all the more since, you know, wide spread in the last couple years. we saw a cover of time magazine, of course, honor the ceo of facebook recently. and at the same time there's also cloud computing which even the federal government now announced a cloud-first strategy. a lot of people question the security of both social media as well as cloud computing. can, can those two new mediums

be secure? and is it a smart strategy for federal government to be adopting both? >> guest: well, the short answer is it actually can be secure. and like anything, we see the first phases, the first rollouts of new types of platforms or operating systems or applications as probably the most vulnerable. and that was the case for social networking as well, social media applications. it's the case for mobile that we were just discussing as well. so those first architectures tend to be the most vulnerable. however, in the last year or so we have really seen a concerted effort by most of the major application providers to increase their security posture. certainly, facebook has been a great partner of mcafee's now. they really viewed it as a socially responsible area to meet, and they've really upped their architecture. and we've really seen a much

less, you know, insecure environment for facebook as we've ever seen before, and they're improving. it's still vulnerable, it still needs to evolve, but certainly we haven't seen those types of doss attacks on twitter, malware spreading on facebook as we once had seen and, you know, they're improving every day. again, it could still happen, of course, because the bad guys are always thinking of new ways to penetrate the systems, but i believe they're secure. and to your point, jill, cloud computing is, essentially, you know, the next generation model that we're all using. not just in ways that we can protect citizens and employees around the world, but also how in which the applications will be performed. so cloud computing is a quintessential component of our strategy as well as, i think, governments in their ability to deploy applications quicker and easier in the marketplaces. so i think this is evolving very well, and of course, cloud

computing is a great way for us to help protect better than we've ever done before. >> host: and, you know, i always hear people say how important it is to bake security in at the development stage where from the get go before it's in use, getting security incorporated in rather than treating it almost like an afterthought. do you see technology companies increasingly going that route? because, i mean, i would argue they hadn't done that in the past. you know, they would call upon mcafee, perhaps, after the product was already out there and being sold. so do you see improvement in the market? >> guest: i do, and you hit right on it, jim. that's the challenge, you know? in the race for attention, for eyeballs and for impressions and, certainly, architectures like security aren't always put into the first versions of the product. so later they start thinking about those security architectures and certainly now, like you said earlier, we're now starting to see that for social media type applications. but it goes back to an earlier

point which is we need standards. we need ways in which we can build these architectures more securely before they're mass deployed. so baking security in is really one of the most important things we can do. what is the standards for which we can deploy these applications? how do we make sure they're safe? it's almost like a good housekeeping seal needs to be created like we've done for power or the underwriters' lab. you always see the ul seal of approval that says, yes, it's safe to use this appliance. by having these capabilities where, yes, it's safe to use an application, it is a great way for consumers to feel comfortable that these are secure. and a case in point, we've watched the service in the last year called mcafee secure where we secure web sites. and if you ever see a mcafee secure trust mark on a web site, you know it's already been tested for security. and we're trying to bring these types of standards to the world of the internet in a way that allows us to have a good housekeeping seal, if you will,

for computing online. and others in the security industry are doing that, but we're just evolving to the point where vendors are looking for security providers to take this kind of service mainstream. and we're hoping this takes off for everyone because it's important. >> host: dave dewalt, what kind of work have you or mcafee done for the nsa or for the cia? >> guest: well, there's certainly -- they're certainly a customer as is governments around the world. the intelligence communities are important to not only mcafee, but all the security industry. in mcafee's case, we see defense and intelligence as a critical customer community. we work together with the united states governments as well as governments all over the world just as we would with large banks or large telecommunications companies. these companies oftentimes are the ones that are attacked the most, and in mcafee's case being a dedicated security company, we want to protect the ones who are attacked the most.

and in this case we are good partners, good customers and, hopefully, those agencies would say the same thing. we try to collaboratively partner with them to create solutions for the security industry. >> host: you know, dave, relating to that there's been talk by the defense department as, actually, as well as civilian agencies about incorporating security requirements into the procurement stage where they'll say to industry here's what we want to purchase, you need to get certain security standards met before we'll even consider your proposal. there's some in industry that don't like that. they feel it's government dictating too much in terms of development and what they need to do with their own product. how do you feel about that? should security be rolled into the purchasing process for federal government especially when you talk about agencies like nsa who has a lot to protect? >> guest: well, jill, in many ways there is certain certifications that are required particularly for security products today.

we go through pretty extensive testing of our products. and, again, this is where the public and private partnership work out. certainly, to have our products on gsa and some of the procurement program models we have to meet certifications, and we do that. but to your point, could we do more? yes. certainly when we look at the supply chain and we look at products that are acquired into government, sometimes those are the critical areas that we need to make sure are secure. and when we look at those environments, many times the procurement process doesn't have security standards for lots of products that are acquired. they do for security in some areas, but let's say they just buy a mobile phone or a pc or a usb stick. is it secure? and how do we create the proper balance between keeping the speed for procurement but also keeping the safe -- safety there

too? i'm all in favor of a little more security posture, clearly, when we're procuring and a little bit more certification for that. i think it's needed. >> host: so should the onus be on industry to insure that the products through the supply chain come from a reliable source? i know that's difficult because these days the supply chain comes from across the globe. should that be an industry to make sure that there are products that are being used within their development meet certain security standards? >> guest: i think it can be, jill. i mean, certainly, in many parts of our high-tech communities we already have standards like that for safety. and, you know, again, i use the power example where you have safety standards that have to be built right into your product. doing a little bit more for security is certainly something the industry should take responsibility for. but, again, it goes back to what's missing in the world of security: standards. and, again, we as an industry need to evolve a bit to create standards that allow us to have

certain levels of security architecture baked right into the products that we deliver and force all vendors selling to government to adhere to those standards. again, we don't have that, and that's another level that i have for advice is always we need that kind of standard created, built and certainly as one company and one person i'd help lead that if we could. >> host: dave dewalt, do you find washington understands silicon valley and vice versa? >> guest: um, you know, some days we do. certainly, we have a lot of relationship there, particularly as a high-tech community. i'm involved with a number of groups, what we call the silicon valley leadership group here. we meet with washington and with congressmen and women and senators pretty regularly and follow up with what's called the business round table as well, a collection of ceos of the largest companies. we have a great public/private interlock there as well where

we're always seeking to understand one another. and it can always be better, but, you know, certainly we do have a good relationship. i think that relationship's getting better. i'm really encouraged by the work that brt has done, the work that the silicon valley leadership group has done to really, you know, create education on both sides. but, again, like anything, you know, things are dynamic. we need to keep evolving, and i think washington could always be improving, but i'm encouraged by what we're doing too. >> host: and, unfortunately, we are out of time. dave dewalt is the president and ceo of mcafee, jill aitorro, senior reporter with the washington business journal. thank you both for being on "the communicators." >> host: thank you for having us. >> guest: thank you for having me. >> here's a look at what's ahead.