quorum call:

mr. reid: mr. president? the presiding officer: the majority leader. mr. reid: i ask unanimous consent the quorum call be dispensed with. the presiding officer: without objection. mr. reid: i now ask consent the senate resume consideration of s. 223, and on tuesday, february 15, at 11:40 a.m., at that time, the senate proceed to consideration of the nelson of nebraska amendment, number 58, that a nelson second-degree amendment which is at the desk be agreed to and there be up to 20 minutes of debate equally divided prior to a vote on the amendment. that there be no further amendments in order prior to the nelson nebraska amendment. prior to the vote that the motion to reconsider be laid on the table and there be no

intervening action or debate. the presiding officer: without objection. mr. reid: thank you. further at 2:15, there be 10 minutes of debate equally divided and controlled in the usual form prior to vote honoring relation to the wicker amendment number 14 as modified and all the amendments covered in this agreement be subject to 60-vote threshold. if an amendment does not achieve 60 affirmative votes, the amendment be withdrawn, that there be no second-degree amendments in order prior to the votes, that the motions to reconsider be considered made and laid upon the table. that no intervene -- with no intervening action or debate. the presiding officer: without objection, so ordered. mr. reid: mr. president, i now ask that we proceed to a period of morning business, senators allowed to speak for up to ten minutes each. the presiding officer: without objection. mr. reid: i ask that we now move to s. res. 49. the presiding officer: the clerk will report. the clerk: senate resolution 49, celebrating black history month. the presiding officer: is there objection to proceeding to the measure? without objection. mr. reid: mr. president, i ask consent that the resolution be agreed to, the preamble be

agreed to, the motion to reconsider be laid on the table, there being no intervening action or debate, that any statements relating to this matter be placed in the record as if read. the presiding officer: without objection. mr. reid: mr. president, i understand that h.r. 359 has been received from the house. is that true? the presiding officer: that is correct. mr. reid: i would ask for its first reading. the presiding officer: the clerk will read the title of the bill for the first time. the clerk: h.r. 359, an act to reduce federal spending and the deficit by terminating taxpayer financing of presidential election campaigns and party conventions. mr. reid: i would object after -- i, first of all, request my second reading and then object to my own request. the presiding officer: objection having been heard. mr. reid: i ask unanimous consent -- the presiding officer: the bill will receive its second reading on the next legislative day. mr. reid: i ask unanimous consent that notwithstanding the resolution of the senate of january 24, 1901, a traditional reading of washington's farewell address take place on monday,

february 28, at a time to be determined by the majority leader in consultation with the republican leader. the presiding officer: without objection. mr. reid: mr. president, i ask unanimous consent that when the senate completes its business today, it adjourn until tuesday, tomorrow, february 15, at 10:00 a.m. following the prior and the pledge, the journal of proceedings be approved to date, morning hour be deemed expired, time for the two leaders to be reserved for use later in the day. following any leader remarks, the senate proceed to a period of morning business until 11:00 a.m. senators permitted to speak for up to ten minutes each with the time equally divided and controlled between the two leaders or their designees. further at 11:00 a.m., the senate resume consideration of s. 223, the f.a.a. bill as provided under the previous order. and finally, the senate recess from 12:30 until 2:15 for the weekly caucus meetings. the presiding officer: without objection. mr. reid: mr. president, the first vote will occur at approximately noon tomorrow. that vote will be in relation to the nelson of nebraska amendment as amended regarding the distribution of airport screening x-rays.

senators should be expected -- should expect roll call votes in relation to amendments to the f.a.a. bill to occur throughout the day tomorrow. if there is no further business to come before the senate, i ask we adjourn under the previous order. the presiding officer: the the presiding officer: the a conversation on computer security. been in 30 minutes on c-span2,

secretary of state hillary clinton meets with house speaker john banner about proposed republican cuts to the state department's budget. later a look and look at nasa proposed budget and a house rules committee meets to discuss additional federal funding for 2011. >> host: this weeks on "the communicators" a discussion about cybersecurity with dave dewalt president and ceo of mcafee inc.. >> host: dave dewalt as president and ceo of mcafee and he is joining us from their company headquarters in santa clara california. if you would start off by giving us an overview of mcafee and your own background. guest: sure peter. david dewalt. maccabee is the largest dedicated security company. we are entirely focused on security from consumers to corporations, governments. we do business in over 100 countries around the world. we have been in business about 23 years. we were one of the original

inventors of antivirus by john mcafee way back in the 1990s and of course we are doing a nice job building this company up, focusing in on the security marketplace and it is very complex. as a ceo i have been here at mcafee just short of four years now and in the four years i have been here we have seen just tremendous change in the security space and tremendous change at mcafee. we went from really just an antivirus company with around 90% of our revenues in just one product area to really a full security company network security, endpoint bubble security and really a complete architecture for security for consumers to corporations of thank you for having me and glad to be here. >> host: mr. dewalt when you hear the term cybersecurity what do you think? >> guest: what do i think of cybersecurity? digital security. so certainly internet security digital security cybersecurity is what you think of when he think of that term and it is

really the protection of all things digital and all things in the cyberworld, internet world is the core definition. >> host: jill aitoro of the washington business journal joins us here at the table as well. guest: yes, thank you or chatting with us. nice to see you. i'm going to start off with some company news we heard about with the acquisition by intel of mcafee. i am just curious what this means for the company's technology portfolio? doesn't change much in terms of its technology itself or is this more the uniting of two different companies? guest: well jill, i would tell you this is a great marriage between the two companies. i can tell you how excited i am too kind to kind of go to the next level with intel. we have been working with intel for more than 18 months. prior to the announcement we did in august to announce the merger, and we really had an opportunity to build the road

map, build a strategy together as we announced the merger. and this is really pretty much the same thing. mcafee has been doing it for many years. really now an opportunity to go faster and at that strategy and intel as you know is a company who really prides itself on innovation, on quality and really it is a great honor for us at mcafee now to -- securities one of the three pillars of really what intel is trying to do in the marketplace and when we made the announcement, they have been focusing in on power and performance and internet connectivity and now to add security of the major pillar is a -- employees and of course as we go into the next phase of our companies lifecycle, we are looking forward to a lot of new products, a lot of new innovation and it weighs to follow some of the nastiest most insidious security problems in the world. we are not let you -- get close with the acquisition. we are still in the proposed

merger state in the regulatory approval to finish the acquisition. but when it does, we will be announcing some new products and some new architectures that really have some great promise to make the world a safer place and that is really our noble cause if you will as a company. >> guest: it is a marriage, just a quick follow-up on that is that a marriage of resources and research or might we actually see some security getting at the processor level or is that even possible? gecko yes, it is a combination of all of those. certainly resources are important. mcafee being a public company we have certain resources that we can expand on and we do that all over the world but with until now we have an opportunity to have even more. not only financially good for shareholders. if you are an intel shareholder but also good for mcafee employees because we get to do more than we ever could before and the insight and particularly the insight from the silicon

layer is critical to solving some of the problems we are seeing in the markets. those problems are things like what is called root kit and malware that is essentially really below the operating system. this is what gives us this new model opportunity, what we call harbor enabled security. the architectural will be open. their competitors both of the chip layer and the security layer, but this innovation is unique and i think long overdue and we are excited to bring new products and some new place to solve some of the challenges the world is facing. we have a lot of them in the cyberworld. >> host: david dewalt in a recent op-ed in "the hill" newspaper you talk about strengthening cyberdefense and gave some advice to the u.s. government. there were three points that you made an avid like you to expand on these. number one, define public and private partnership. number two, develop security standards and best practices collaboratively and number

three, reform the federal information security management act. if you could start by expanding on number three. guest: yeah, sure. what is called says not as you just described is legislation today that essentially can allow auditing and compliance for security architecture and what we think we need to do is take the basis for some of the policy, some of the auditing, some of the compliance in place today and make it more robust and continue to expand what is already in place. for example, there is a lot of organizations and entities and agencies that it here to it today but there are many that do not. we need to extend for us not to areas like critical infrastructure that is critical for national security for all the citizens in the united states. transportation, banking industries, energy, utilities oil and gas are all important areas of what we do. how do we take an architecture

and extended to other critical areas of the organization that are important to everyone in the world? this can be extended beyond the borders of the united states as well. and we look globally, there is very little common architecture for how we can put security architectures in place worldwide. we need to evolve to a better architecture and a better compliance model. each country does a different. each organization, each agency even does a different so how do we evolve is really key in that goes to the first pointer to you mentioned peter as well. we need standards and standards are critical. in most i.t. areas, we have standards. think about the database with what is called sql, ways to query the database. think about other areas that involve standardization bodies to regulate how and which we architect our products. security doesn't have that. we need to continue to evolve that. in many ways mcafee has taken us

on on our own. we built an architecture that is open. we involve a lot of third-party security companies that can interoperate with our architecture. the need to advance that to the to an industry level as well. that is really important today in the environment and the critical part is number one that you mentioned, public and private partnership. we have to do this together, to have standards, to have compliance, to have architectures has to be collaborated together, government and commercial. we are doing that. we are making good progress i think worldwide on our public and private partnerships. the united states government has been great at reaching out to really the whole private sector to get input but we have got to keep evolving. how to get the standards in place? how do we collaboratively work together to evolve what we have got to do which is protect ourselves more than we are today? gecko you mentioned expanding fisma but there has been a criticism in the sense that it is a paperpushing exercise.

there've been efforts to fix that focusing on continuous monitoring and so forth. have they gone far enough and beyond the efforts by the administration to fix fisma? are the agencies following up and is the cultural change within the agency happening enough that they are actually also changing how they approach security? is fisma where it needs to be to really address security weaknesses that are out there right now? guest: you hit right on the point that it is frustrating for everybody. fisma is very onerous and in many ways very challenging for agencies entities and governments to adhere to and that is one of the challenges. we need to streamline it. we needed to be easier to understand and one of the problems of education around the. most organizations don't know exactly what it is they need to adhere to because it is evolving but that is okay from my vantage point. the starting point and i'm encouraged to see we have some foundation in place. but like anything we need to

evolve and we need to make it easier to adapt come easier to use, easier to adhere to and that is the next most important phase we are in. keep working together with private industry who can provide tools that can help organizations adhere to fisma that make it easier for them. so again, like you said public-private relationships, and ability to respond to standards and architectures is really a couple of components needed to make it better. guest: you mentioned tools. if you hear so many complaints in terms of how long it takes federal agencies to procure those tools and provide industry, companies like yourself. think of the defense department. they said it took 81 months from the time when a program was first envisioned to the time where it becomes operational. i mean by then technology is three generations old so what needs to change in terms of how government buys the technology to allow a company like mcafee to better serve the agencies to improve security?

guest: you are pointing out another challenge. if the fisma takes too long in the buying process takes too long, you notice challenge and certainly the world of security is dynamic. we see new mobile devices, new operating platforms, new architectures emerging every day, new challenges and we just saw wikileaks and we saw some problems emerging in those ways. we have to respond quickly. part of this is to create again by the public relationships where we can very quickly certify or product to be used in government. we need great place to audit those products once they are deployed and it is just speed and mobility that i think is the missing aspect that we don't have today. and we are working on it and i can tell you many examples where we were able to use the proper processes to make procurement whole lot less than 81 months but at the same time, we have to keep working on that. speed is an important part,

nimbleness and the ability to procure in the world of security is a quick essential component to making sure we are secure. guest: you bring up wikileaks. can't resist following up on this one needless to say. a lot of people would argue that was not a failure of technology but a failure of process in terms of how those documents were exposed and released from federal government. how do you deal with ensuring the proper technologies in place, which i think you and i would argue it's it is not the case yet but also ensuring that the people that are within the agencies are following the proper procedures to ensure that the security is top notch and the tools are being used as they should? guest: joe, you just had on it. there are really three things that you are we see when you have a problem. you either have a lack of kind of a process, a lack of a product or some sort of lack of people or some sort of breakdown on the people side. really in this case with

wikileaks we saw the people break down a bit because certainly an insider caused some of these leaks. we saw a breakdown in the process. in this particular case, the product was even in place that could lock this. but in the world of cybersecurity we are seeing the evolution of these threats come in and each of those vectors and if you don't fix each of those areas, having having the state-of-the-art products, state-of-the-art process and education to people you are not going to be able to prevent these things from occurring. so what we learned from wikileaks as we had to improve our process. this was a good lesson for everyone in this particular cass to personnel have? how do we continue to audit and monitor employees who do have access to classified content? how do we make sure that we have quick ways to resolve this if there is a process breach or an employee breach? these are the things i think we

are learning as we go along. and of course we will see more of these without a doubt. in the world of data today it is so mobile and on so many devices. we need to improve all those areas in order to be more effective in the future. >> host: dave dewalt you talked earlier about the borderlessness of the cyberworld. can you speak a little bit more about that and how you -- how that conflicts or works with 100 some different national governments? guest: yeah. borderless, what is the internet today? the internet is borderless. it is global. is one of the greatest treasures we have had in the 21st century and the 20th century is the development of the internet and it has a tremendous appeal to capitalism, to our ability to grow our commerce in their gross national product all over the world. it has been phenomenal but the other edgy that has been security internet and how do we secure those privacy as well as

the ability to -- crimes or even terrorism or even warfare on the internet. so we need governments to work together and this is probably the biggest challenge the world is facing in my opinion moving forward is, how to cooperate together as a global community to secure what has become fundamentally as important as anything else that we have in the world is the internet. so, we have to eradicate the crime that is on line. we need to work together to put proper law in place. we need to have orders that are really seamless now to find really do know the criminals that are out there and put them behind bars. and of course it is very virtual in the way crime works on line. the same with terrorism. terrorism is moving from physical to cyberand again it is going to challenge us as global governance to work better together in order to solve these problems. we have made some progress but again, we have a long way to go. we haven't really ratified a lot

of the legislation that has been put in place in the world today and we need to continue to evolve to do it. it is a key i think to our next generation and able to solve these challenges. >> host: i wanted to follow-up on your comment about wireless. you were recently quoted as saying mobility or wireless is our number one focus right now. what did you mean by that? >> guest: well we are certainly seeing an explosion in mobile devices. i'm sure for you peter and jill you have new devices you have acquired in the last few months. we have seen a tremendous explosion of new device sites and apple made this obviously famous in the last six or nine months with the launch of the tablet in the ipad in the iphone and the world is changing very quickly, especially in large governments and large corporations where what once was really largely windows, endpoint decisis that most employees in most citizens would use is now now being

evolved to smart devices like tablets and phones. so for mcafee we are focused where the threat is and our goal is to protect whatever consumers or employees use. now employees are using more and more of these types of devices so just in the last six months we have really created a very strategic imperative as a company to protect these devices we require two companies, state-of-the-art companies that can do this. we have evolved their own product roadmap to be much more focused on the world of mobile computing. we have developed partnerships with telecommunications companies, mobile operators, mobile device makers to really bring what we have done a really good job and the windows world to the mobile windows world as well. in 2011 and we really seen the mobile environment is probably her biggest threat and of course from a security point of view we need to protect that threat. we are focused on it and we have a lot of solutions to offer the

marketplace as a result. >> host: this is c-span's communicators program. our guest is dave dewalt who is president ceo of mcafee. also joining us, sublife of the washington business journal. gets going going to follow up on what you were just talking about the mobile devices we see a big transition to social media that has been growing all the more widespread in the last couple of years. we have the cover of "time" magazine honoring the ceo of facebook recently and at the same time there is also cloud computing which even the federal government now announced a cloud first strategy. a lot of people question the security of both social media as well as cloud computing. can those two new medium. >> secured and if it is smart strategy for federal government to be adopting both? >> guest: well the short answer is it absolutely can be secure.

and like anything, we see the first phases, the first rollout of new types of platforms or operating systems or applications is probably the most vulnerable and that was the case for social networking as well, social media applications. it is the case for mobile that we were just discussing as well. so those first architectures tend to be the most vulnerable. however, in the last year or so we have really seen a concerted effort by most of the major application providers to increase their security posture. certainly facebook has been a great partner of mcafee's now. they really feuded as a socially responsible area to meet and they have really upped their architecture. we have really seen a much less insecure environment for facebook as we have ever seen before and they are improving. it is still the overall and it still needs to evolve but certainly we haven't seen those types of dos attacks on twitter

or malware or virus spreading on facebook as we once had seen and they are improving every day. again i can still happen of course because the bad guys are always thinking up new ways to penetrate the systems but i believe they are secure. they are as secure as a lot of applications are today into your point jill cloud cloud computing is essentially the next generation models we are all using not just in ways we can protect citizens and employees around the world, but also how in which the applications will be performed. cloud computing is a quintessential component of our strategy as well as they think governments and their ability to deploy applications quicker and easier in the marketplaces. so i think this is evolving very well and of course cloud computing is a great way for us to help protect better than we have ever done before. >> guest: i'd always hear people say how important it is to bake security in that the development stage where from the get-go before it is in use,

getting security inc. and rather than a second afterthought. do you see technology companies increasingly going that route because i would argue they haven't done that in the past. they would call upon mcafee perhaps after the product is our ready out there and being sold. do you see improvement in the market? >> guest: why do when you hit right on that jill. that challenge is, in the race for you no attention for eyeballs and for impressions and certainly architectures like security aren't always put into the first versions of the product, so later they start thinking about the security architectures and certainly now like it said earlier, we are now starting to see that for social media type applications but it goes back to an earlier point which is we need standards. we need ways in which we can build these architectures more securely before they are mass to play. baking security and is really one of the most important things

we can do. what is the standard for which we can deploy these applications? had we make sure they are safe? it is almost like it is a good house he -- housekeeping seal needs to be created like we have done for power or the underwriters led. you always see the ul seal of approval that says yes it is safe to use the sum plans. by having these capabilities were yes it is safe to use an application it is a great way for consumers to feel comfortable that these are secure and the case in point, we launched a service in the the last year called mcafee secure where we secure web site and if you ever see a mcafee secure trust marconnet web site you know that it has already been tested for security. we are trying to bring these types of standards to the world of the internet in a way that allows us to have the good housekeeping seal if you will were computing on line. others in the security industry are doing that but we are evolving to the point where vendors are looking for security providers to take this kind of service mainstream. we are hoping this takes off for

everyone because it is important. >> host: dave dewalt what kind of work had fewer mcafee done for the nsa or the cia? >> guest: well they are certainly a customer as is governments around the world. the intelligence communities are important to not only mcafee but all the security industry. in mcafee's case we see defense and intelligence as a critical customer community. we worked together with the united states government as well as governments all over the world just as we went with large banks or large telecommunications companies. these companies oftentimes are the ones that are taxed the most. and in mcafee's case being a dedicated security company we want to protect the ones who are attacked the most. in this case we are good partners, good customers and hopefully those agencies would say the same thing. we try to collaboratively partner with them to create solutions for the security industry.

>> guest: you know dave relating to that, there has been taught by talk by the defense department has actually agencies about