there. this kind of resolving door happens in dc a lot, and this is another example of it. >> host: former head of the ncta is the chief of the co mcast washington bureau and two republicans, do they have strong democrats as well on their staff here in washington? >> caller: they do. comcast hired a variety of folks from both offices. cathy is head of the regulatory office, a democrat, and they do have a number of democrats that they've brought over from the agency. former staffers for commissioners and others, and so it's actually one of the aveses in town that's known for being very bipartisan. they have a good selection from both sides. >> host: how did you find out? >> caller: i can't tell you. >> host: who might be the replacement? any word out there yet?

>> caller: that will be interesting. no one has been talking about her leaving. no names have been floated yet, but i'm sure within days we will have plenty of people floating names out there. obviously, this is something we had a democratic seat opening up with michael copps leaving at the end of the year, and morgan, a counselor, and other names in the mix. this could be something that movings the nomination forward because there's both republican and democratic seat to fill. >> host: thank you for being on the communicators. >> caller: thank you. >> coming up next tonight, federal communications chairman on cybersecurity services.

later, a look at the findings of this year's medicare trustees report.

>> now federal communications commission chairman julius lays out cybersecurity discussions. this is an hour and a half. [inaudible conversations] [inaudible conversations] >> well, welcome, everybody. i'm happy to welcome you to the fcc's forum and cybersecurity with a focus on small businesses. i appreciate everyone here joining us today. this is being streamed live on c-span and on the interpret, and so i appreciate all of you

joining us as well. this is an important topic for our country. let me give a special thanks to each of the participants who are here as part of this forum and panel though each be introducing themselves shortly. i do want to particularly thank former homeland security my call chertoff for joining us. we are privileged to have you here at the fcc for this forum. as many of you may know, this is national small business week, so we gathered to talk about an issue that's critically important to our economy, small businesses, and their ability to seize the benefits of new technology and tackle cybersecurity threats, and in addition to this discussion, the fcc is releasing today a tip sheet for small businesses and launching a new section on our

website with basic steps small businesses can take to protect themselves, to seize the benefits of the internet, and we'll be talking a lot about that today, and also to protect themselves against threats on the internet. now, american small businesses are key drivers of innovation, economic growth, and job creation in our country. small businesses employee more than half of all private sector workers, and they generated about two-thirds of net new jobs over the past 15 years. it's an important statistic, two-thirds of net new jobs over the last 15 years come from small business, and so at a time when we have to focus on job creation, making sure that we have technology platform that is most conducive to small businesses creating jobs can make a big deal in our economy. small businesses drive innovation whether it's small

businesses in hear in dc -- here in d.c. in cities around the country or even in rural america or small businesses in silicon valley. small businesses produce 13 times more pa tents per employees than larger ones. broadband technology is increasingly important to the success of our economy, to jobs, and to the future of small businesses. broadband connectivity, broadband is high speed internet, wireless to wireless, and connectivity and tools that you get in the cloud. we use a lot of terms that for you watching and don't understand them, you'll learn more about them on this panel today, but all the tools and information that are available online can enable small businesses to grow and jobs to be created anywhere. they allow small businesses, for example, to market their

products and reach customers in the next neighborhood, in the next city, in the next state, or even overseas, and it's not just limited to, you know, big businesses saying, hey, we can sell our products overseas. this can be very small businesses as well expanding beyond their local markets, and it's not just small businesses in big cities, although that's really important, it's small businesses in rural america as long as they have connectivity, and so consider a company called blue valley meats in nebraska, and i'll have the good fortune of traveling to nebraska later this week, and so blue belly meats its employees and boosted sales 40% even in the rough economy of the last few years after setting up a website that's starting to sell its beef online. there's so many examples of that. there's a cupcake bakery here in

washington, d.c. that, again, even in this bad economy has been able to go from zero stores to over 10 stores now employing new people with each new store, and when i asked the owner of this shop how is he succeeding even though the economy is so challenging? he said, the answer is technology. you got to go, he says, to where the customers are. the customers are online and mobile. that's what i'm focusing on. he created this business with more than 10 stores here in the washington, d.c. area. another thing -- cloud-based services, internet-based services can also lower the cost for a small business, increase the efficiency for a small business, and so boost a business' bottom line. this could be products to run

customer relation management or run others -- well, here's example from the panelists today, but here's the thick, more revenue from lower cost, more profit, more jobs. a recent study found that having a broadband connection makes a $200,000 a year difference in median annual revenues in small businesses by reaching now markets and more productivity. the issues and challenges are real. we are here to focus on cybersecurity challenge, but that's not the only challenge before us we're working on at the fcc. we have a deployment gap of broadband to small businesses. not every small business can get broadband where they operate. we are modernizing the universal service fund to ensure all americans and all small businesses are connected to the internet. we face a spectrum gap that can

hurt small businesses as well. demand spectrum, that's the invisible air ways on which our mobile devices operate, demand fueled by smart phones and tablets is increasing exponentially, increasing a lot. supply is not increasing so fast, and the challenge we face the demand is outstripping supply. we have to do something about this. if we don't, it affects our economy in general and affects small businesses thinking, hey, i can use the devices to communicate with the sales force while out on the road. i can use these mobile devices to move more people out on the road to respond more quickly to service calls, to respond more quickly to opportunities to sell a new product, to communicate directly with a client or each

other. you know, a plumber at someone's house who can take a picture with their phone and have people back at the office look at it and say, hey, you know, can't figure occupant what's wrong with this, to be able to check inventory, well, all of these incredible uses of mobile technologies can help drive productivity and efficiency of small businesses as long as we have enough spectrum to do this stuff. it's going to be a challenge. that's why we work with congress to have voluntary incentive options and other policies to free up mobile broadband. that's the stuff we're not talking about today. we've convened this round table to discuss one of the biggest challenges our country faces for businesses and our national security, the growing threats to cybersecurity. two years ago, the president declared that securing cyberspace was a vital strategic goal of the united states. last week, the white house delivered a road map to congress

on how better to protect the nation's infrastructure in critical u.s. industries from cyber threats. this afternoon, more announcements will be made. i want to acknowledge the coordinator, a new position created by president obama two years, ago, howard, schmidt, and i want to acknowledge him for his leadership in getting it organized on cube security an the excellent work down by the department of homeland security, justice department, and the other agencies all working together to tackle these threats that require the expertise and participation from a number of agencies around government, including the fcc. congress is looking at doing its part, which is very important. congress has been actively considering legislative proposals that include increase

information sharing between the government and private sector to respond to threats and attacks. it's vital that small businesses be part of the cybersecurity equation. in many respects, small businesses have the most to gain from addressing the cybersecurity threats and increasing trust on this platform. small businesses that don't take protective measures are particularly vulnerable targeting for criminals, and we talked about the benefits for small businesses. a recent study found american small businesses lose billions of dollars annually to cyber attacks and 74% of small businesses reported being attacked by cyber attacks in the last 12 months. the average cost of each attack on small to medium sized businesses is $2,000 per attack. in a moment, you'll hear from a

local businessman joining us today to talk about the benefittings of the internet and also about how a cyber criminal hurt his construction business. that's a jump off point to talk about what small businesses can do. they also truck 1 l to -- struggle to protect the confidential data of their customers. they reported the loss of confidential or private data data in the last 12 months, and others experienced district financial losses as a result. most businesses don't back up their data. that's something we're talk about. there are things small businesses can do to improve their posture in this world. we are here to help small businesses overcome security challenges and seize the benefits of online commerce. i expect today's discussion will reveal many small, but significant steps that small business owners can take to protect their company and their customers. let me announce a number of steps that the fcc is taking

today with our partners to help this educational endeavor, to promote a safe and secure internet and seize the opportunities of online for small businesses. first, the fcc is launching today a small business cybersecurity section on its website. go to fcc.gov/ fcc.gov/cyberforsmallbusiness. we will be releasing today a one-page tip sheet to help small businesses understand basic cybersecurity precautions. we are partnering, the fcc is, with the u.s. chamber of commerce, with score, and with the national urban league to distribute this information, to district the tip sheet and related online resources widely to small business owners across the united states. the fcc is partnering with the score, e-business now program, and we have the head of score

here to talk about that as we have representatives from the chamber, from semantic, and the national urban league. the partnership with score is something i'm excited about. they do a great job interacting with small businesses all over the country. we identified the opportunity to work with score last year doing our national broadband plan and we developed, proud to say, a very successful partnership bringing our complement expertise to the table and to accelerate their moves online, and now we're focusing as well on how small businesses can protect themselves. we're working with score to dribbed -- district this material in the effective ways score developed over many years. we have partnered with organizations like the national urban league, national congress of american indians, the national black chamber of commerce and national hispanic

chamber of commerce. we are delivering the education partnership called "nice" led my nist. we will try to make it an carriers cro anymore free zone, but i suspect we'll fail -- [laughter] they run the stop, think, connect campaign. stop, think, connect designed to raise awareness in the american public for the need to strengthen security and regenerate new approaches and strategies to help americans increase their safety and security online. virtually all of these initiatives are collaborations with the people in this room, and as the fcc's national broadband plan emphasized, there's tremendous power in the government and the private sector coming together to help solve some of our nation's toughest problems. this area, cybersecurity, and particularly cybersecurity for small businesses, is an area i'm

convinced we can make real progress in working together. thank you to all of our partners for your partnership. i look forward to today's institutions and working with all of you to keep the internet safe and promote the success of small businesses in our economy. we're going to move to our panel, and i think what i'd like to do first is ask each of our panelists to briefly introduce themselves, and we'll go around the table this way, and then mr. jones, when we get to you, we'll ask you to talk about your experiences and we'll jump from there into a discussion. start here, dr. schneck. >> good morning, i'm the chief technology officer for the global public suffers for mcafee. >> good morning, i'm sherry

mcguire, the cybersecurity policies at. >> i'm the vice president for national security and emergency preparedness at the u.s. chamber of commerce here in washington, d.c.. >> good morning, thank you, mr. chairman, for having us here for this program. i'm michael chertoff, chairman of the firm and secretary of homeland security from 2005 to 2009. >> good morning, i'm the senior vice president for policy research and advocacy at the national urban league and national policy institute. >> i'm al kinney directer of defense cybersecurity for hp. >> i'm ceo of score. >> good morning, and first of all, i want to thank the chairman for having me here to today to talk about my experience. i'm maurice jones, the owner of the local construction company

and employee anywhere from 150-3000 employees depending on the economy. as the chairman said, we experienced a situation with cybersecurity. for our company, first of all, i do want to let you guys know that without the broadband technology and things of that nature, we would probably suffer a lot of financial losses because of inefficiencies with being able to do our jobs. small businesses are very essential to communicate with our various foremen and superintendents and things of that nature, and without the benefit of high-speed connection and broadband technology, it would not happen. we would lose money in ways we could not quantify or be here in front of you guys here today. with that being said, also, of course, cybersecurity has its growing pains i would like to say. one of the issues we experienced was due to those growing pains. our experience started with getting a phone call first thing in the morning from o reporter

-- a reporter asking us if we knew we experienced a financial loss. honestly, at that time, we had no idea what happened. as the president and i had started to sit down and go through certain things, we realized the bank had been attacked by a cyber criminal. basically, to give you an idea of what happened was there was an e-mail that came, and we thought the e-mail was coming from a valid source and clicking on different things related to the e-mail while we gave him the way to access our data base and passwords to bank accounts and things of that nature. by the time we caught up with it, we were missing quite a bit of funds, so through working with the local banks and certain authorities with different organizations, we were able to recoop some of the loss, but not all of it. even though we experienced financial loss, without the benefits of broadband technology and things of that nature, we would not be able to function today. these things are essential. these things are seecial for us

to grow -- seecial for us to grow on how we grow our business and things of that notch. as we have a better way of doing business in interacting better with the broadband technology without care and structure throughout the company, now we can say hopefully we will not be a part of that financial loss again, so -- >> well, thank you. i wanted to ask you one question first, and then we'll open it up for broader discussion. talk a little bit about the ways you use the internet to help grow your business. >> sure. as far as to grow our business, of course, we use websites to attract new customers and clientings -- clients as a way to express what we do and reach out to bigger contractors because we are a subcontractor. we use technology to con standly

send -- constantly send information. without being able to send information online, we would be bind the business curve and could not compete with larger businesses with this technology, and we can fill out applications online, submit financial data to stake holders who need the information, and we are log on to bank accounts to verify information now realtime. without it, we would be at a loss. it allows us to take a business that may probably take 15-20 people to run and run it probably with 10 people from this perspective because we cut out certain positions that are very, very dire to us, especially in this time when cost is something you have to control. sometimes the revenue is just not out there, so you have to try to control cost, and that's what broadband technology has given us the ability to do. >> well, thank you. i'll ask you to keep on engaging in the institution. we'll move to a broader

discussion. i want our audience to know feel free to submit questions. if you're in the room, write them down, and if you're online, there should be a place to click and submit questions, and we'll try to get as many as we can. secretary chertoff, let me move to you. you have many years of experience in this area. you've seen both the opportunities and the threats develop. you continue to be directly engaged in this. can you give us an overview of -- of the most common threats that small businesses have to worry about? >> well, first let me say, i think this is a very valuable program that you've launched here because for a lot of people, particularly in small businesses, even though they read in a newspaper about large scale intrusions in very

dramatic compromises of cybersecurity, they may feel that's something that only very sophisticated companies or institutions have to worry about, and as mr. jones illustrated through his own difficulties, this really touches everybody. at the same time, i think it's important to recognize that what we're talking about here is managing cyberrisk, not eliminating cyberrisk. there will never be a program that will eliminate all possibility of a cyberthreat, and the only way to do that is to get off the network, and that would cause an enormous loss of some of the great potential that we have using the interpret, so you have to be realistic and balance, and a lot of this has to do with the nature of your business. different businesses will have different sets of concerns. at one level, there's basic concerns about the integrity of finances and customer information that will apply to almost every business. at another end, when you worry

about your intellectual property being stolen, that may be a bigger concern to a high-tech small business than a bakery. i'm sure recipes are important and proprior tear, but not of great interest to bad actors in other parts of the world, so everybody's going to have a different set of concerns, but i think there's going to be a common core of concerns. very briefly and broadly speaking, the particular technique that mr. jones talked about which some people call fishing where you induce people to open the door to bringing in a device or a tool to allow them to steal your information, and that's a common approach and one that relies upon the trust of the person running the network, but you can have a whole spectrum of different kinds of attacks that you deal with in cyber. they can range from attacks over the network using sophisticated tools. at the other end, it's people

stealing passwords because individuals in the work force write them down on a piece of paper or give them to people on heeding the fact that creates a risk. we can talk more about those later. i'd say there's generally several categories of information though and you have to be concerned about it. first, you want to be concerned about how you protect transactions you do that might reveal sensitive financial information about your own business. you want to be concerned about the proprietary business data, what your plans and are and negotiating plans are. if you deal with personal identifiable information, credit cards or other things, you owe it to your comous mothers and business to be sure that is not somehow picked through negligence or an innocent mistake and get compromised. you have to be concerned about intellectual property. that's a very, very big target for people who steal things over

the internet. you have to be concerned about criminal groups that try to extort money from you by threatening to attack your system, and often they do that through what's called a distributive denial of service where they overwhelm your network with bogus messages shutting down the network to legitimate customers and also creates somewhat of a crisis of trust with your customers who are engaging you over the internet, and finally, you have to to worry about those who may maliciously attack you. we had a group so-called referred to anonymous attack institutions because they don't like what somebody's saying or a particular client or customer of the institution, and that can be very, very damaging, so all of these are things to be concerned about. the good news i think about this forum is that it's about not only education, but about empowering small businesses to know that there are steps they

can take in order to protect themselves against most of these kinds of problems. >> very helpful. i want to turn to hp because you're in a very interesting position when it comes to this because you -- hp offers a whole array of products to help small businesses seize the benefits of the internet, and then you also particularly in your job had a real view and insight into the security side. i take it you look at the world, something like this. every technology can offer tremendous benefits and also brings with it some risks, and with something like interpret access for small businesses, you can eliminate the risks by not going online, but from a competitive situation for small businesses, it's probably not a

good idea because other businesses go online, and the opportunities for growth and lowering costs just aren't there, and so that's why we're having this discussion and we're not advising people to, you know, turn it off, just the opposite, but we want to help small businesses protect themselves. i wanted to ask you from hp's perspective to talk both about as concretely as you can remembering that a lot of small businesses are online, but a lot aren't. what are some of the practical products and benefits on the market to help small businesses expand markets and lower costs and then shift to the security side and talk about what you see at hp and beyond on the concrete things small businesses can do to protect themselves. ..to protect themselves? >> it is true that small businesses are today cyber- dependent. they cannot operate effectively

or grow effectively without having cyberspace at their disposal, yet cyberspace's continually threatened, not only by individuals out to extort money or ideas, but also multinational and crime syndicates that are there as well. each of these threats are apparent to not only small businesses but to governments as well. the resources to deal with them are different at each level. i think it is important that small businesses work toward establishing security relationships as well as they would establish relationships with other kinds of suppliers, relationships with the people that will bring you the piece is the need for the product to make. likewise, you need to establish relationships with the folks that support the security of your company. it is important you have folks on stuff that understand the privacy of the information's

your handling. how you process, store it, what you are doing with it when you're done with it. that will protect you from losing in the nation, and also protect you in the long term from being accountable for losing that information. it is very important to make sure that the survival of your business is something that will happen after a cyber attack. as secretary chertoff mentioned, cyber attacks are going to happen along the way. the question is, how prepared are you, and how invested are you in knowing that this critical portion of your business is protected? with that, there are several products available at many levels that can help. a lot are available from small business value added resellers. they come packaged with the equipment that you might buy. it is important that you understand what you're buying, because you might not have to make secondary investments. a lot of this is available

freely to you because you're dealing with sophisticated vendors. likewise, there are relationships to establish with organizations like info-guard, so that you can understand what is happening in the broader environment and get some great in vice -- great advice. now, the other thing you have to look at is how my going to survive in the face of threats? just like you have to deal with weather and traffic, the price fluctuations in materials, you also should say i know i have to deal with the security of my information and i know it will not be perfect. i now have to plan for it and deal with reality as it comes. look at the tools you have, the processes you have, the people you have, train them and leverage them to the greatest ability.

no small business can be outside the cybersecurity business. they have to intersect at some level and understand investments they have made, and try to leverage those investments toward the most important piece of their business which is to survive in the event of an attack. >> i want to ask you a similar question. you're one of the largest information based companies in the world. what do you see both on the benefit side and on the risk side? also, talk about your own experience at thompson reuters that could be helpful. >> from the benefits standpoint, we use the internet for distribution. obviously, many of our customers connect to us a rare the internet. it is a very good way to reach a very broad -- connect to us over the internet. it is a very good way to reach a

very broad audience. mr. jones alluded to the risks that come in through e-mail and malicious code. we also see that often over web browsing. those are the two main channels. everyone is susceptible to those, both small businesses and large businesses. we see that very often. secondly is just direct attacks on your system itself, whether it is a hacker coming in and perhaps stealing credit card data off your web server or serving at -- or stealing a database. those are the two main risks we see. today, those are what occur more frequently than most. just to comment on an earlier comment made about services, i view causes services as a way for small businesses to leverage

the purview of large businesses. you can get good e-mail, ceram and process knowledge at a cost service and not really have to build the infrastructure yourself. i think that can give small businesses a step up as to what has been available in the past. >> ann, talk about small businesses today. what did they know in terms of opportunities, and what did they know in terms of risks and threats and what they should do? >> 97% of our membership is small business, so we do deal with them a great deal. as you can imagine, using the internet as a small business is

a wonderful tool. you can reach the world. the downside is, you can reach the world. the bad guys are watching you. if i were to sit down and talk to you about infrastructure and railroads and banks, i think you'd be surprised at how well they are protecting their infrastructure. i think events like this and cybersecurity awareness month in october all help to raise awareness, but we need to do more. i think it cannot just be one month out of the year. we need to have a campaign much like the stop, think, connect. it is a culture change. it is going to take a long time, much like wearing seat belts, not smoking, and getting people to not click on a link or not open an e-mail if they do not recognize it. basically, yes, the internet is

a great tool, but you need to protect yourself. it is about the bottom line. you can really hurt your brand. you can end up in a lot of legal trouble if you're not protecting yourself. that is key, and we are trying to get the message out to our members. >> thank you. i am going to take a minute and mention that we are releasing today tend cybersecurity tips for small businesses. en cybersecurity tips for small businesses. i am going to move on, but i would like you to comment on these. let me review the headlines quickly for people listening and people here. then i will ask our representatives from symantec and mcafee to comment.

one, train employees and security principles. two, protect information, computers and networks from viruses, spy where and other malicious code. three, provides firewall security for your internet connection. four, download and install software updates as they become available. five, make backup copies of important business data and affirmation. 6, control physical access to your computers and network components. fi enth, secure your wif- network. eighth, secure individual user accounts for each employee. ninth, limit employee access and ability to install software. 10, regularly change passwords. comment on any of those.

help small businesses understand what they can do to immediately improve their security online. >> how much time do we have? [laughter] first, i want to thank you and thank our audience and panelists. it is important that we understand these risks. the way we do that is by a hearing from everybody else. it is a little bit like the cbc. we learn about the disease not from its popularity, but by how it spreads. we, as the good guys, especially in small business, have to remember how important that small business is. we are two-thirds of the job creation and 60% of the gdp of

this country. we have to focus on not just one bit of information. other governments and other companies are very interested in what is in every single small business in this country and around the world. they will find ways to get it. instant messages a new one. mobile is a growing one. when you think about these things, i can pull a couple out. physical access -- very often we see an insider threat. you can secure your perimeter. it is shiny objects. when someone offers you a free gift, heaven knows what happens when you click on that.

you have to protect your brand. you have to gross sales and help your employees eat so that you can grow sales and build value. when you lose the quality of your brand, that will go away. it is a people think. regularly change passwords. a cyber event could cause physical damage. that is one of the many attacks we see at their worldwide. the nuclear passwords were the easiest to get and the hardest to change. resilience is key. be as flexible as you can be. another quick point to mention, at mcafee we say safe never sleeps. we see 14 million new machines become compromised every day. these attacks will overwhelm

your network. you can be part of that, if you are compromised, hurting other companies, or used as a compromise machine. i commend the fcc and this program in putting out some tips that help smaller businesses leverage the power of the internet and make your business and your customers safe. thank you. >> thank you. cheri from symantec, similar question. what jumps out at you as far as actionable steps he thinks small business owners could take right away to significantly -- you think small business owners could take right away to significantly improve security? >> as you mentioned, semantic conducted a study released in 2011 that actually surveyed small business owners and customers around the world. what we found through that was

that 50% of small businesses do not have a plan. more shockingly, 41% said it never occurred to them that they should have a plan. 40% also said the data protection was not a priority for their business. when you think about this, 40% of small businesses saying data protection is not important to their business, that is kind of a shocking statistic when you think about it. data, as mr. jones indicated, is what your business runs on. it is why your customers trust is dependent on, in how you conduct your business. from the standpoint of the 10 cybersecurity strategies for small business that the fcc is releasing today, we think it is a great list. we are delighted to announce that we will be posting this on our small and medium business website that is dedicated to that particular segment of the

communities of the week and try to get that awareness out to them. i would also like -- so that we can try to get that awareness out to them. and also like to mention that as customers of small-business owners, we found that not being prepared can also go have significant impacts. 44% of small-business customers have actually seen a small business vendor shutdown due to an attack. that cost as customers roughly $10 a day. here is the kicker. more than 54% of those customers actually switched vendors were switched to another small business owner because they did not believe they could continue to rely on that small business owner. so this can have, cybersecurity can have a bottom-line impact steerer survival as a small business, and frankly those

security -- impact to your survival as a small business, and frankly the security in packs can -- in packs can be the key to your customer's business. >> you spend a lot of time with businesses run by people from disadvantaged backgrounds, minority communities. do you see any unique issues among the businesses you work with that we should put on the table? >> i would not say unique, but i would say that if you look at the most recent poll out from ew, there is an indication that there is greater discussed -- greater distrust among the

community about internet security. perhaps the slows down ways in which minority owned businesses begin the process, but as others have discussed, it is critical to take that risk. it is one of the reasons the national urban league is excited about working to spread the information about cybersecurity for small business, because we know that is critical to the growth of urban small businesses. speaking to the secretary just a moment ago, up we were speaking about the importance of having some natural suspicion and being able to spot the kinds of things that cause problems for small businesses. i think there is a little additional skepticism, but overall, a recognition of the opportunity. >> ken, could you describe sc

ore a little bit? i will admit, i did not know about it before we partnered with score. describe what you do, and what you are hearing from small businesses around america about the internet, good and bad, and your thoughts about what they should be doing. >> thank you. thank you for having me and for having this panel, and thank you for your partnership. for those that do not know, as gore is a volunteer organization of mostly retired -- a score is a volunteer organization of mostly retired small-business owners who mentor people who would like to start a small business. we speak about any topic that

relates to growing, managing, buying or selling a business. our volunteers are well-trained and very knowledgeable, and anxious to be of value to these would-be entrepreneurs and existing entrepreneurs. we partnered with the fcc recently on a new e-business initiative where we're working to train these business owners on the values of broadband technology. how can they grow their sales? how can they manage internally more effectively by using these tools? a natural extension of that would be to talk about security. when we started the e-business now initiative, we did do some focus groups, and most of those that did not have a web presence or a web presence that included the opportunity to do e- commerce, they did not because they were concerned about security. there are so many tools and so many opportunities to mitigate and manage that risk as

secretary chertoff said, it is really something all small business owner should be aware of. small-business owners are busy. they're wearing multiple hats, and they often do not take the time to think through some of the issues that relate to a web strategy, internet strategy and cybersecurity strategy. i think the list you're putting out -- and congratulations on doing that -- no. one is critical. you need to have a plan and communicate that plan. that is not hard to do. this should be part of your ongoing business plan as a small-business owner. this should be something you review a couple of times each year, maybe when you set your clocks forward and backward. don't just check the batteries in your smoke detector, also review your business plan for security. people need to know about opening some drives, sharing passwords, leaving their

computer on. talk to them about securing data and data back up. in a natural disaster or a man- made disaster, business is that lose their data, 90% of them never go back into business. we saw that with katrina, and i'm sure that with some of the tragedies we are experiencing today, we will see that going forward. we work at score to educate through our volunteers, the web, and other vehicles, to really break down the steps that business owners can take and actually make a difference. talk about the plan. 50% of small businesses do not have a plan. secretary chertoff, let me ask you about that. how concerned are you about that, and how can this give us a

broader perspective of what we need to do as a country on cybersecurity? >> what emerges from the conversation we have had here, there are really two parts to solving this issue. one is to educate people. if you are a business engaging in transactions on line and you have a date to a breach and a loss of -- and data breach and a loss of information, it is important to realize your customers will probably not reach engage with you. the second part of this, and what is important about the program you are rolling out here, is that you are empowering people to understand that they can actually address the problem. it is complicated, particularly

if the look of these high-end kind of attacks. people walk away. the message has to be there is a lot that business can do to protect itself. we have talked about some. blogging the correct, the products to protect yourself -- buying the correct kind of products to protect yourself. also, buying the correct kind of products. you're not going to get the updates, you may find things embedded in that hardware or software that could be malicious. being careful about making sure you are buying their products to protect yourself is an important part of your plan. resiliency. how to make sure you have back up your data? how you make sure you can

reconstitute? what some of us call computer hygiene. how you train yourself and your work force in basic principles that minimize the risk that you'll have a compromise of risk of your data. on the issue of passwords. passwords that rely upon your spouse's name or other kinds of very available personal information are not likely to be useful or protective. educating people and how to select an change passwords is important. common sense is a great tool. we have talk about tony e-mails that come to you and induce you to click got -- we've talked about phony e-mails. a common one going around is summit will going and get an

address book and it will get everybody's address book -- everybody is addressed and it will send e-mails out to everybody. usually is something like, sorry to bother you, i'm stranded in paris. can you send me money? often this is from somebody you may have seen yesterday and they were not planning on going to paris. educating your employees about that is important. flash strives -- drives. the was a report outlining what had been one of the major security breaches in the defense department. it began when an individual officer picked up a u.s. peace stick -- usb stick of uncertain

origin and a major intrusion occurred. -gen -- hygiene. you do not pick up and eat everything off the street. this is very, very important. >> a couple of themes. we started about talking of being on-line can help small businesses and guarding against it is necessary. having a cyber security plan is a competitive advantage. not having want is a competitive disadvantage -- not having one is a competitive disadvantage. if you do not have a plan,

you're more likely to get distractions. having a plant is a competitive advantage -- having a plan is a competitive advantage. the stuff is complicated and technical. i wanted to come back to maurice jones. you're not using talking about on panels at the fcc. you have explored this issue. what are the best ways to communicate about these issues with small businesses that are not technology businesses, but that are starting to use the internet to grow their business and lower their cost? what have you seen in your work be effective in talking to your

own employees, talking to other companies in similar businesses? >> sure. thank you again. using the system itself, e- mails. when you get anymore, check the validity. if you received something that does not make sense come pick up the phone and call. make sure things make sense to you. having small meetings. the monday morning meetings. we may talk about things like this. sit down and let people know, if you have a problem with your e- mail or blackberry, let somebody know. communication is always the key. people felt the victim. it is about communication.

checking the e-mail, picking up the phone, calling supervisors and making sure people are what they seem to be. >> it starts with a lot of small businesses, especially ones that are offline business is starting to embrace on-line opportunities. is this all too complicated? how can we make sure that what we're doing is actionable for small businesses? >> i think you're right. the assumption is that this is an i.t. problem. if you lay out simple steps that are inexpensive, businesses will do that. i like the top 10 list that you put together. i have a prop. we didn't internet security essentials for businesses.

security an internet essentials for businesses. educating your employees, making sure they have strong passports, designating someone to handle security, taking control of your network, making sure you of someone who is watching the flow of traffic or the e-mails. then we put into policies and problems. identifying and prioritizing your business information. what is important to your business? defending your company computers. to not be plugging in those free things you get at conferences. that is a terrible idea. think about when you're buying new computers, what are you doing with your old computers? having a plan to deal with if you get attacked. who'd you call?

do you know the groups out there that can help you? a third part is defending your data on the go. for folks who travel abroad, make sure they protect their blackberries. backing up your computers regularly. not just participating in cyber security month, getting information from the chamber of commerce. make sure your folks know what they should do and what they should not do. >> chanelle hardy, can i ask you the same question? what suggestions on how to break through the common concern that technology is for other people, we're not in the technology business so it is not our problem. >> i think a lot of that gets to

who was providing the information and making sure that organizations, individuals that are trusted. part of the rule that the national urban league plays, we have developed services to 36 states, working with small businesses through things like our entrepreneurship center, where we have been in the committee for a long time and they know the information that we're providing is safe and tested. when we can partner with the sec and disseminate that information, then there recognize that we are giving them the same types of useful tools that we provide in our direct services world. >> i want to put a topic on the table. often we talk about small businesses at forums like this. we have a picture in our head

and small business or other offline businesses that are starting to think about the internet to expand their business. more and more, there are small businesses that are on line only. hp, if 100% of those online start-ups are doing everything they can to protect themselves, are they, or is there more work to do among all line -- online start-ups as well? >> there is a good chance they are already ahead of the game. there is a good chance they don't run their own networks. a certain level of security. their culture is in and they are partnered with folks that have

the broad responsibility to party do the security and the availability aspects of the security -- of that business, they are well off in terms of security, but there is always more to do. they have to have a way to switch business to another provider of those services if that provides to be susceptible to a threat like that. it is not like they can turn off the need to pay attention to what is going on, but in general they are more prepared than somebody who is running a less technology intensive operation. >> then the ask dr. schneck. we have heard about startups and the often struggle to raise money and a very focused use of capital.

some of them are young folks starting at of college. how important is it that even young entrepreneurs just starting out, how important is it to stop and say, do have a cyber or security plan as part of my business? so that i am protected. >> i think ann nailed this. this is an overall risk. there was a report that showed around the world a huge increase in awareness of all the attacks that you mentioned today, and then some. within that increase of

spending, some plan was responsible for that. if you look at the spectrum of companies, i had a small company when i was young and i was part of a slightly larger company after that appeared in both cases, security was not a profit center. that was over 10 years ago. the role of a small company is to make revenue and to grow. it insures your trust. it says you're building an infrastructure that is responsible. you are part of the entire infrastructure. we're all connected. if you don't do your part to keep a healthy network, you're endangering all the other companies, big and small. a lot of those online start-ups that leveraged, some managed security providers we have seen

have had issues with break-ins and personal information being shared where it should not be. you do need that plan to shift over. venture capitalists are looking at what your infrastructure looks like. who is your idea guy? how are they locking this down? that is part of the insurance echoes into venture capital. >> i will ask you a similar questions, cheri mcguire. ift of what we're hearing you're a small business and a growing -- whether you're an offline business using on-line, it is important to think about these issues early because you

are not immune from the threat and also because it could become even harder and more expensive to wait and then deal with an infrastructure and try to superimpose security. if you could each, and what you're seeing -- if you could each comment on what you're seeing. >> what i see a lot of is -- more contacts. we serve a number of market verticals. we have numerous security departments across those verticals. in many cases, they are not the same. here is the requirement that you have from your customers and your regulators and this is how you build it into your business and your products and services going forward.

we see the numbers a different way, whether it is is developing products for services, it is always cheaper to build it in upfront. that is critical. the complexity of the problem -- we seek well-regarded security companies are having issues. it is complex and it may seem like something we'll never get past. i like the list of 10 items. there is no end of the information that you can find on the internet about how to secure your systems but little that is summarize that can be useful. another interesting statistics. there is a well-regarded data -- that was just appalls.

96% of bridges could have been avoided by doing a medium ever in security measures -- 96% of breaches. they could have been avoided. >> any small business and those that are working online have to recognize there is a risk. you cannot transfer the risk away just because you have a vendor or someone providing services to you. you still own at risk when it comes to providing a service for your customer. a break in the trust can have a detrimental impact to your bottom line and the survival of your business. from that standpoint, you really need to know what questions to ask of small business owners of your vendors. what kinds of security protections do they have built into their class services, for example?

how do they handle things like data breach that you may be paying them to provide service for profit those kinds of questions that a small business owner should ask. >> what is the class -- what is the cloud? >> the cloud is storage in the cloud. it is a remote way to access your data comes to back up your data, secure your data, to use various applications such as, you know, word-processing, accounting, those kinds of tools that you can access, pay a service provider for, access them from pretty much everywhere. it provides opportunities for small businesses as well as lower cost. they don't have to manage those prophecies, updating of those applications over time, updating

the security. it is all being done at another layer by a provider this small business owner does not have to do it anymore. it is a way to simplify your business, gain efficiency, perhaps reduce costs, be more secure. it is something small business owners need to recognize. there's a risk associated with that. the need to manage that risk. >> there are terms that i think we all use ourselves that we know very well like cloud and malware, phishing, and i'm wondering and i will ask our team in partners to follow up on whether we should pursue ways to develop a glossary, usable glossary that mr. jones with tell us, this could be helpful. that is something we will follow up coming out of this. lemme think some of the staff that has worked so hard on this.

animal jimmy barnett -- admiral jamie barnett. tom reed. our main point of contact for small businesses. the staff of our consumer bureau, also very focused on these issues. a number of folks who worked very hard on this. i want to thank all of you for putting together something that i think has been and will be very productive for small businesses. secretary chertoff, then the ask you a question -- let me ask you a question. it came to us online. more and more malicious attackers are compromising small business web sites by leaving

the compromise site unaffected. attackers -- redirecting others to malware. the owners have little resources to scan for and correct security breaches which dealt primarily affect their sights. is there a role to discourage these? that is a great question. dr. schneck touched on this earlier. they are controlled remotely and can turn them into an attack. this is a challenge that we have in cyber security. obviously there is an incentive to protect your own system

against being compromised or degraded in some way because there is an economic loss that you want to avoid. what do you do when the attack on your system will not actually result in a negative consequences on your system, but rather a negative consequence on a third-party either because it is used or sicken or remotely or because it becomes a way to embed malicious code in the network of the third-party? this may not have an incentive because it is not feeling the consequences. the consequence is being felt by a third party. this is an area where people may find themselves facing lawsuits because the victims may wind up suing or complaining about the website the was the source of the attack, even if it was in a sense. -- even if it was innocent.

liability exposure and even some regulation to make sure people are properly incentivized so that their own networks to not become a weapon against some innocent third party. >> a very practical question. al kinney. this is from someone in our audience here. if my business is under attack, and who'd you call first? -- do you call private experts? a very practical question. >> thank you. the first thing is to make sure that your business can still run. that business is important to you. the employees that you have. once you look at that, the technical experts that you have established relationships with during the course of planning

for your cyber security and next, those are the people that you need to call. law-enforcement needs to be broadened in concert with that to this problem. -- needs to be brought in. there are some immediate things that you should do with that information to make sure that you preserve it for law- enforcement but also provide continuity for yourself. so you should switch over to your backup systems. if you have another place the year of made an agreement with to help you with your business. you need to switch over there quickly. theneed to perhaps unplug internet from that system. unplugging from the internet can provide some protection for you so that you don't continue to bleed information over the internet.

you need to find a way to enact your plan of communication. the customers know that something is going on and you have the responsibility to protect their information and describe for them the types of risk that they may be incorrect because of this problem. it is an integrity issue that every business wants to make sure that their brand is top notch on a good day and a bad day. be honest up front. >> excellent. dr. schneck. for companies that use smartphones for employees, or whether any special precautions to take? >> thank you, mr. chairman. i was in georgetown a month ago -- smartphones are an extension

of every other piece of technology that we use. they have an address. they do have additional information as to where you are. precautions go to consumers asian -- consumerization. shiny objects that everybody would like to use. they play and reedbirds -- they play angry birds. what we're facing right now is a huge increase in malware is directed to mobile in this country. and then start looking at how we can lock those phones down but make them adaptable. make it so the consumer, the small business consumer, the military, all those can work with the smartphones and still be secure. everything with an i.p. address,

you are connected. and they are connected to you. on the plan to respond to a breach, the fbi and secret service have done an amazing job of our reach to the private sector. as part of your plan, build in a relationship with law enforcement, secret service. having that law-enforcement in that list of cell phone numbers on a first name basis on who to call so that you could help drive the investigation. you know when you can unplug stuff and you know when to preserve that information frantically. >> if i could just add to that. we have seen an explosion with the use of mobile devices.

the simple thing is to make sure you have anti-virus or security virus installed on your smartphone. that is a simple thing you can do to protect yourself. second, use the same kinds of common sense precautions that you use when you use your laptop or your desktop at home or at worked. do not click on those e-mails that you do not know where they came from for sure. do not go to those websites that maybe are not totally trusted. use the same kind of common- sense principles when you're using your smartphone. >> that is very helpful. this is been very productive. i thank you all. we're getting near the end. i like to ask each of the panelists to provide one piece of takeaway advice to small

business owners who are watching this panel or will come to later. we have our tip sheets. i'll start with mr. jones and go round the table and then we'll skip secretary troth -- secretary chertoff. the question is, talking directly to small business owners, one piece of actionable advice, something they can do today to help protect themselves and sees the benefits of online opportunities. >> educate yourselves, education is out there with a great use of the internet and give you things like googl searche and you can find out things in five or 10 minutes back and make your day a lot easier and more comfortable to understand what you are dealing with and understand what

kind of simple things you can do to protect yourself. believe it or not, the list of top 10 may take you know more than half a day to look at and organized in an effective way that can help your business wants to understand what is your business is subject to. >> excellent. >> very similarly, this is a competitive advantage and a competitive disadvantage for the list of 10 is only good if you execute around it. i would suggest that anybody take that list of 10 or other resources they can find and do something that creates value in their business for their customers. unless they act and act quickly, it will be a disadvantage. in this environment, nobody needs that. >> the first step in cyber security for small business is all about relationships. you want to be able to impress upon your employees their

responsibility and give them the ability to perform a task they need to do and work with law enforcement and other industry groups to understand what is going on in the environment and what the tip of the date is for how they protect their networks and you need to be involved with industry at large so you can invest with capital funds are operating funds as needed to further secure your enterprise. it is all about relationships and knowing where to go and when to go there. >> what actionable piece of advice do you have? it be a deterrent to you're making maximum use of the opportunities presented by the internet and make sure use the education and resources that we are discussing today to allow you to continue to grow and expand. we have seen tremendous growth, particularly in minority-owned businesses in the last few years.

many, many single employee businesses. it is a real answer to a lot of the challenges we face in the employment due to the recession. knowing how to empower yourself, to not allow concerns about cyber security slow down and limit your business is critical. >> thank you. >> they should implement the top 10 sec recommendations as well as the chambers internet security guidelines. those are simple steps and they are inexpensive. is far less expensive to invest an internet security now than to lose trust business and partners later. >> recognize you have a risk first and second, don't ask before it is too late. insure that your information is protected completely, get your employees involved, get them trained, tester plans frequently, review and update those plans on a regular basis,

and lastly, don't be afraid to change with the evolving technology. that will keep you safe in the long run. >> all good suggestions -- i would say in closing, now what is valuable to your business and no if you lost information or intellectual properties and you can no longer function, now were that bad and that gets lost in the day-to-day operations. make sure your increasing revenue because sometimes we forget the bigger picture. until you really sit down and realize that, this can go a long way to protecting you. >> it is a lot -- as a way of getting a lot of value of getting communication is to take a leadership position in your sector. whatever kind of business you are in, had that business be a leader in implementing security. you can find pretended security

at could bulk rates and you can get informational relationships that will protect you and your customer and her brand. >> secretary chertoff, please offer actionable advice but also if you could put this into context against the backdrop of a broader cyber security issues that the country faces along with the broadband opportunities that we need to seize, what are your thoughts? >>two little actionable tips -- be mindful about free wi-fi. people have the ability to collect information off a free wi-fi. there is little in life that is actually free except for your family members. second, when you have your employees, there are capabilities that and now you -- enable you to the disabled in of late. watch out for lost devices.

i think this program is vital because you have given small businesses actionable advice that they can use to enhance security and that will benefit businesses individually. in a larger sense, a huge part of our national economy now rests upon the ability to operate on-line whether you are a business in the physical world or exclusively on line. you cannot really compete globally without the ability to use the internet. that means it has to be trusted. it means we have to safeguard our intellectual property. people who work about -- a worry about our national security are aware that enormous amounts of very valuable intellectual property is being stolen all the time by people who are acting as criminals or even seeking to help overseas competitors. the ability to protect against that and make sure the benefits of the internet are available

throughout the country so that we are on the cutting edge of the global move to internet and cyber communications, i think that is the number-one priority for the national economy over the next 10-20 years. these efforts are a big part of moving the country forward to compete in what will be an exciting but also challenging global economic environment. >> that is very helpful. thank you so much for taking time to join us today. each of you are all playing a very important role in our broadbent economy whether it is building businesses and employing people or whether it is advising them or whether it is building and marketing the security software that companies can use, the chamber, the national urban league working with small businesses, all of you, thank you so much for taking the time to be here. i want to thank the staff again.

let me conclude with a couple of observations. high-speed internet, broadband for small businesses and large is really the platform for our economy for the 21st century. no less so than .. and telephone service were in the 20th century. imagine thinking that you could run a small business without a telephone or without electricity. at some point people did. small businesses seized those opportunities. we are in the middle innings on small business is getting to the point on broadband where we have gotten a telephone service and electricity and it is important that this platform become available to everyone and it be

seized two of them to our economy, growth businesses, to compete locally, nationally, and globally and to save costs and become more productive. we have to take the risks that come with new technology seriously. their respective the telephone service. the risks the kindle electricity. there are risks that come with broadband service. what we have tried to do today with this group and the work that has gone in behind it is to help busy small businesses manage these risks. so vacancies the opportunity of this new technology for their businesses and economies. i thought the data point that stands out for me today is one that 50% of small businesses don't have security plans. 50%, each of the businesses that does not have a security plan

is at a competitive disadvantage in and is that needless risk. you can't address every risk but there are many risks that small business can address. everyone on this panel agrees that it is not an on/off switch. we have to do everything we can to improve our security profile and minimize risk. we can't eliminate them but we can minimize them. my closing actionable thought to small businesses is have a plan. we have given year the draft of a plan. with this one page cyber- security to small-business is, take a look at it and look at the resources available at fcc.gov. you will see a lot of material there. you will see similar information on the small business administration website and other places. we are trying to do the opposite

of confusing people with inconsistent information. we're trying to focus small businesses on a small set of actionable things. give us your feedback on that because that is what we wanted to and we know we can improve every day. thank you to all of us for joining here and joining at home or at your business. i look forward to part two of what i thought was a very successful forum today, so thank you. [applause] [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2011]

[general chatter] [inaudible conversations] [inaudible conversations]

[inaudible conversations] [inaudible conversations]

>> coming up tonight the reserve chairman ben bernanke on government funding and research and development to help stimulate the economy. also, a look at the findings of this year's medicare and social security trustees report. >> you are watching c-span2 with politics and public affairs weekdays featuring live coverage of the u.s. senate. weeknights once key public policy events. every weekend the latest nonfiction authors and books on book tv. you can see past programs and its scandals and websites and join in the conversation on social media sites. [applause] >> federal reserve chairman ben bernanke on investing in research and development and economic growth. he was the keynote speaker at a conference hosted by the organization for economic cooperation and development. this is about 20 minutes. >> new building blocks.

the conference organizers have gathered an outstanding group of participants and have set an ambitious agenda. i'm not going to have to spend much time convincing this audience of the importance of long run economic growth. robert e. lewis jr. once wrote that once one starts thinking about long run growth economic development it is hard to think about anything else. i don't think i would go quite that far, but it is certainly true that relatively small differences in the rates of economic growth maintained over a sustained time can have enormous implications for material living standards. a growth rate of output per person is two and a half percent per year doubling average living standards in 28 years, about one generation. output per person grows at a

modest this low rate of one and a half% per year leading to a doubling in average living standards. forty-seven years or two generations. compound interest is, indeed, powerful. of course factors other than economic growth contribute to changes in living standards for different segments of the population, including ships in relative wages and rates of labour market participation. nonetheless, and output per person increases more rapidly, the prospects are greater and more broadbased austerity are significantly enhanced. over long spans of time economic growth and the associated improvements in living standards reflect a number of determinants including increases in workers' skills, rates of savings and capital accumulation and institutional factors ranging from the flexibility of markets to the quality of the legal and regulatory frameworks. however, innovation and technological change are undoubtedly central to the growth process. over the past 200 years or so

innovation, a technical advance, and investment in capital appeared embody new technologies have transformed economies around the world. in recent decades as this audience well knows, advances in semiconductor technology have radically changed many aspects of our lives from communication to health care. i noted that twitter remarks of the beginning. that is the people will learn about what is happening in the conference. technological developments further in the past such as electrification of the internal combustion engine were equally revolutionary. in addition, recent research has highlighted the important role played by intangible capitol such as the knowledge embodied in the workforce the business plans and practices and brand names. this research suggests that technological progress and the accumulation of intangible capital have together accounted for well over half of the increase in output for hours in

the united states during the past several decades. innovation is not only leading to new products and more efficient production methods but also inducing dramatic changes in how businesses are organized and managed. highlighting the connections between new ideas and methods in the organizational structures needed to implement them. for example in the 19th century the development of the rover and telegraph along with the host of other technologies or associated with the rise of large businesses with national reach. at transportation act imitation technology develops further multinational operations became feasible and more prevalent. economic policy affects innovation. sound public finances and ralph waiver and product markets all support innovation among

entrepreneurs should, and growth as the effective tax trades and regulatory policies. politics such as the development of research and developments promote innovation and technological change. innovation policy, government support. the effective commercial application of new ideas involves much more than just pure research. many other factors are relevant including the extent of market competition, intellectual property regime and the availability of financing. the market supplies to little providing a rationale for government actions. no matter how good the policy environment ultimately big new ideas are often rooted and well

executed but me tell you about the role of men. governments in many countries directly supports scientific and technical research. the estates, or through tax incentives like the r&d tax credit. in addition, the governments of the united states and many other countries from there on research facilities, including facilities focused on nonmilitary applications such as health. the primary economic rationale for a government role in r&d is that absent such interventions the private market would not adequately supply certain types of research. the argument which applies particularly strongly to basic fundamental research is that the full economic value of a scientific advance is unlikely to improve its discoverer, especially of new knowledge can be replicated are disseminated at low cost. for example, received a minute

fraction of the economic benefits that have flowed from their discovery of the structure of dna. if many people are able to exploit or otherwise benefit from research done by others then the total or social return to research may be higher on average than the private return to those with the costs and the risks of innovation. as a result, market forces will lead to an under investment in r&d from society's point of view which in turn provides rationale for government intervention. one possible policy response to the market under a provision problem would be to substantially strengthen the intellectual property rights regime. for example, by granting the developers of new ideas strong and long-lasting planned to the economic benefits of the discoveries, perhaps by extending and expanding pension rights. this approach has significant drawbacks of its own in debt strict limitations of the free

use of new ideas would inhibit both for their research and development of valuable commercial applications thus of a patent protections or similar rules remain an important part of innovation policy governments have also turned to direct support from r&d activities. of course the rationale for government support of r&d would be weakened if governments had performed consistently poorly. certainly there have been disappointments. for example, the surge in federal investment in energy technology in the 1970's in response to the energy crisis of that decade accused less than the initiatives have helped. in the united states, however, we have seen many examples, sometimes extending back to a late 19th and early 20th centuries. federal research initiatives and government support enabling the emergence of new technologies in areas that include agriculture, chemicals, health care, and information technology.

a case that had been particularly well documented and closely studied is the development of hybrid seed corn in the united states during the first half of the 20th-century. two other examples of innovation that received critical federal support our gene splicing, federal r&d and the road to techniques that open up the field of genetic engineering and lithium ion batteries which was developed by a federal response or material research. recent research on the government's so-called war on cancer initiated by president nixon in 1971 finds that the effort has produced a very high social but never turned, notwithstanding its failure to achieve its original ambitious goal of eradicating the disease. what about the present? government support of are in the today at the right level? the question is not easily answered and involves not only difficult technical assessments but also a member of value

judgments about public parties. as background consideration of recent trends and expenditure in r&d at the united states and in the rest of the world should be instructive. in the united states total r&d spending both public and private has been go to the stable over the past three decades of roughly two and a half percent of the gross domestic product. however, this apparent stability masks important underlying trends. since the 1970's r&d spending by the federal government has trended down while their share of are in the down by the private sector has correspondingly increased. second, the share of are in the spending targets to basic research as opposed to more applied r&d activities has also been trending down. these two trends, the decline in the share of basic research in the federal share of r&d spending are related. as government r&d spending tends

to be more heavily weighted toward basic research in science. the declining emphasis on basic research is somewhat concerned because fundamental research is ultimately the source of most innovation, albeit often with long legs. indeed some economists have argued that because of the potentially high social return to basic research expanded government support for r&d could, over time, significantly boost economic growth. that said, and at time of fiscal stringency the congress and administration will clearly need to carefully weigh competing priorities has been make the budgetary decisions. another argument sometimes made for expanding government support for r&d is the need to keep pace with technological advances in other countries. r&d is becoming increasingly international banks to improve communication and dissemination that research results, the spread of scientific and engineering talent around the

world, and the transfer of technologies through trade, foreign direct investment, and the activities of multinational corporations. to be sure, r&d spending remains concentrated in the most developed countries with the united states still the leader in overall r&d spending. however, in recent years spending in r&d has increased sharply as emerging market economies, most notably china and india. in particular spending by china has increased rapidly in absolute terms of the recent estimates still show r&d spending to be smaller relative to gdp than the united states. reflecting the increased research activity in emerging market economies a share world r&d expenditure of member nations of the oecd which mostly comprises advanced economies has fallen relative to nonmember nations which tend to be less developed. a similar trend is evident, by the way, with respect to science and engineering work forces. how should policymakers think

about this increasing globalization? on the one hand the diffusion of scientific and technological research throughout the world potentially benefits everyone by increasing the pace of innovation globally. for example, the development of the polio vaccine in the united states in the 1950's provided enormous benefits to people globally, not just americans. moreover in a globalized economy product and process it is a process innovations in one country can lead to employment opportunities and improved kits and services around the world. on the other hand in some circumstances the location of r&d activity can matter. for example, technological prowess may have a country reap the financial and employment benefits of leaders in a strategic industry. a cutting edge scientific return possible center can create a variety of spillovers replan innovation, quality, skill

acquisition, and productivity in industries that are located nearby. such spillover is the reason high-tech firms often locate in posters or near leading universities. to the extent that countries gain from and technologically viable industries were from spillovers arising from local events and activities the case for government support of r&d within the country is that much stronger. the economic arguments for government supported innovation generally imply that government should focus particularly on fostering basic or foundational research. the most applied and commercially relevant research is likely to be done in any case by the private sector as private firms have strong incentives to determine what the market demands and to meet those needs. if the government decides to foster basic r&d what policy and -- policy instrument should it use? a number of potential tools existing contract funding of government research facilities,

grants to universities or private-sector researchers, contracts for specific projects and tax incentives. moreover within each of these categories many choices must be made about how to structure specific programs. unfortunately, economists no less than they would like about how best to channel public support for research and development. it is good news, therefore, that considerable new work is being done on this topic including recent initiatives on science policy that have been started by the national science foundation. certainly the characteristics of the research to be supported are important for the choice of a policy tool. direct government support or conduct of the research may make the most sense if the project is highly focused and large-scale, possibly involving the need for the coordination of the work of many researchers and subject to a relatively tight time friends. examples of large scale government-funded research include the space program and the construction and operation

of so-called atom smashing facilities for experiments in high-energy physics. outside of such cases which are often linked to national defense more decentralized models that rely on the ideas and initiatives of individual researchers for small research groups may be most effective. grants to or contracts with researchers of the typical vehicle for such an approach. of course the success of the centralized models for government support depend, as always, on the quality of execution. some critics believe that funding agencies have been too cautious, focusing on a limited number of low-risk projects and targeting funding to more established scientists at the expense of researchers who are less established or conventional and their purchase. supporting multiple approaches to a given problem at the same time increases the chance of finding a solution. also increases opportunities for cooperation or for constructive

competition. the challenge to policy makers is to encourage implementation and a greater diversity of approaches while simultaneously insuring that an effective peer review process is in place. guiding funding toward the most high-quality signs. however it is channeled government support for innovation and r&d will be more effective when it is thought of as a long run investment. gestation from basic research to commercial application to the ultimate economic benefits can be very long. the internet revolution of the 1990's was based on scientific investments made in the 1970's and 1980's. today's widespread commercialization of biotechnology was based in part on key research findings developed in the 1950's. likely to get better results if the support is stable and long term oriented avoiding a pattern

of feast and famine. government support for r&d present sufficient national capacity to engage and effect research at the desired skill. that capacity in turn depend importantly on the supply of qualified scientists, engineers, and other technical workers. although the system of higher education in the united states remains among the finest in the world numerous concerns have been raised about this country's ability to ensure adequate supplies of highly skilled workers. for example, some observers have suggested that paul masson the system limits the number of students receiving undergraduate degrees in science and engineering. surveys of student intentions in the united states consistently show that the number of students who seek to major in science and engineering exceed the number, aided by a wide margin. waitlists to general and technical courses have trended up relative to those in other fields as has the time required to graduate with a science or

engineering degree. moreover although the relative rates have increased significantly over the past few decades this year of undergraduate degrees awarded in science and engineering has been roughly stable. at the same time critics of k-12 education in the united states have long argued that not enough is being done to encourage and support student interest in science and math nine. taken together these trends suggest that work could be done to increase the number of u.s. students. at least when viewed from the perspective of a single mention emigration is another path for increasing the supply and highly skilled scientists and researchers. the technological leaders in the united states was and continues to be built and substantial part of the contributions of foreign-born scientists and engineers both permanent error grants and those staying in the country only for time.

contrary to the notion that highly trained and talented immigrants displays native-born workers in the labour market scientists and other highly trained professionals have come to the united states and enhance the productivity and employment opportunities of those already here reflecting the gains from interaction and corporation and from the development of critical masses or researchers in specific technical areas. more generally technological progress and innovation around the world would be enhanced by lowering national barriers to international scientific cooperation and collaboration. in the abstract economists have identified some persuasive justification for government policies to promote r&d activities, especially those related to basic research. in practice we know less than we would like a bug which policies work best. a reasonable strategy for now may be to continue to use a mix of policies to support r&d while taking pains to encourage

drivers and even competing approaches by the scientists and engineers to receive support. we should also keep in mind that funding r&d activity is only part of what the government can do to foster innovation. as i noted, insuring a sufficient supply of individuals with science and engineering skills is important for promoting innovation. this raises questions about education policy as well as immigration policy. other key policy issues include the definition and enforcement of intellectual property rights and the setting of technical standards. well, finally a someone who spends a lot of time monitoring the economy let me also put in a plug for more work on finding better ways to measure innovation, r&d activity, and intangible capital. more likely to promote innovative activity if we are able to measure it more effectively and document it's very important role in economic growth. thank you. i wish you the best in this

conference on a very important topic. [applause] [applause] >> thank you very much. i think we can all say we are deeply plunged into the topic in ready to go. >> coming up on c-span2 a look at the findings of this year's medicare and social security trustees report. later, federal communications commission chairman on cyber security for small-business this. on washington journal tomorrow morning representative don edwards on deficit reduction plans. the four republican national committee chairman on the gop presidential primary. later a former homeland security

department senior policy adviser for civil rights. she talks about individual rights and national security. that is live saturday on c-span2. coming up on c-span three, the future of oil and gas development in pending legislation. energy and natural resources committee hearing. we will hear from interior secretary kim salazar and a former deep water horizon incident commander. that is live at 2:00 a.m. eastern. now look at the finding of this year's medicare trustees' report. what those results will mean for seniors and taxpayers. this is hosted by the american enterprise institute and is about two hours.

[inaudible conversations] [inaudible conversations] >> welcome to aei. i'd like to welcome all of you. my name is matt helms', i'm a resident scholar. i have been for years. i would like to thank all of you for coming and also welcome to our c-span viewers. we are here today to discuss the financial status of medicare. we can say for certain that medicare is in the news. it looks like it is going to be a key issue in both the republican primary and the next election. that is a prediction.

i can't say it's going to come true. we are here to talk about predictions of the future which is easy to do. people do it all the time. the tough part is sort of figuring out which projection of the future that you want to believe. there are lots of serious people that try to do this, including our speakers today. we started this series in 1995, i think. we have been doing it for a number of years. we really appreciate. rachis, and done this for several years, and we appreciate his cooperation and his willingness to do this because there is a lot of interest in the annual trustees report. given that there is going to be all this attention, we think, and the rhetoric is already flying. we think, again, it is worth stepping back and looking at some of the actual facts about

medicare. a lot of misinformation out there. so with that short introduction of want to and reduce richard foster. he is the chief actuary for the centers of medicare and medicaid services which is the federal agency that oversees both medicare and medicaid. he has had a long and distinguished career as an actuary. we certainly welcome him back. >> thanks. morning to everybody. i am honored to have yet another opportunity to be here to talk to you about the financial status of the medicare program and to participate in what usually is a very interesting for between various speakers to my questions from the audience, and the discussion that i look forward to every year. i'll summarize the financial outlook for medicare as shown in

the new medicare trustees' report that came out on friday the 13th last week. i would like to take just a moment to recognize folks in the audience to contributed to this report who work in the office of the actuary. if you would not mind standing up for a moment. [applause] [applause] there are a number of other folks back at the office. dive right in. the first slide is just a summary of things like the aroma and medicare, the types of benefits that are covered by the different parts and the financing of the program. have emphasized just a bit. there are two different trust funds. hospital insurance for part a and supplementary medical insurance which includes parts

be in the. part a, of course, is hospital inpatient services, skilled nursing, that sort of thing. pardee is physician, outpatient hospital. almost everything else that is not drugs. pardee is charged. part c, of medicare, the private health insurance plan that contracts to provide part a in the services. it is paid from part a in the trust fund accounts. the most important thing to notice and to know about medicare from a financial standpoint is how the different parts of medicare have very different financial basis. in particular for hospital insurance, most of the revenue comes from payroll taxes. the payroll tax rates are set into law and they cannot change except the new legislation. so over time it is not terribly hard for the revenues of the program which are fixed into law to someone tripped apart from

the cost of the program which will be what it will be. that is why you are constantly hearing about changes in the financial status. on the other hand, for parts b and t the financing is reset every year to match the following year's expected expenditures. so the financing is poorly for general revenues and also premiums make a project of it. we adjust these each year. those programs and trust fund accounts should never go broke barring something out of the ordinary. these different trust fund accounts for a, b, and tea are all separate. no provision for sharing assets are learning money back and forth -- sorry, lending money back and forth. that is what we have to look at the financial status of each one of these separately. let's take a look starting off at the hospital insurance trust fund over the next ten years.

these are the projections under current law. the following one is the expenditure curve. if less so many years and is projected for the next ten years. and then the revenue projection. any surplus revenues that we have at any given moment are invested in special treasury securities. treasury bonds are repaid with interest any time any the money. this is the intermediate projections. of focus on those, although the trustees make the high cost and low cost projection under current law. if you look ride around the vertical dividing line in 2010 you can see that in just the last couple of years 2008-9-10, the in, curved dived down word. that, of course, was the

economic perception. more people unemployed. the star of growth in average earnings. we have a lot less in petrol tax revenue that we might have otherwise without the recession. and so that has created a gap in the bad direction between expenditures and income. in 2010, for example, the trust fund experienced a $32 billion deficit. in other words, the revenues including interest fell $32 billion short of expenditures. that is the largest deficit in the program's history. now we can cover that deficit by drawing down $32 billion in assets. we can also see in this chart that over the next few years the encounter of is growing pretty rapidly. that is partly because we assumed an economic recovery so that the unemployment rate comes

down, people's wages grow faster than they have in recent years. you can see that the gap between income and expenditures is narrowing. that is partly because of faster growth in revenue and partly because of the savings position of the affordable care acts which has acted to slow the growth with the level of hospital insurance costs. in fact, you can see the deficit gets down to the chrysler offer a number of years before it began to widen. it is actually pretty unusual to have a projection like this where the health insurance program is projected to grow more quickly or at a faster rate than the expenditures. glad you could make it. [applause] [laughter] >> i've heard you before.

>> this is going to be a good program. i can tell. now, i was saying this pattern is unusual. for almost any kind of health insurance program costs generally grow faster than gdp or wages or whatever financial base you have for the program. this is kind of the opposite. normally the costs rose faster because you have growth in the number of beneficiaries or injured persons, growth in general prices, growth and what is referred to as excess medical specific prices above and beyond normal inflation. we have growth in the utilization of services, and you have growth in the intensity of services. and these factors combine and always exceed growth in the number of workers or whoever else is paying for the program. the growth in general inflation and the growth in the economy why productivity or the growth in average earnings.

there used to support the program financially. but because of all the changes in the economic recovery we have the opposite situation. charge number three just shows the projection of assets for the hospital insurance trust fund. we show that three different sections of current law but focus on here. the assets are expressed as a percentage of annual expenditures. the board of trustees, including bob, whether he realizes it or not, has recommended that -- bob is, of course, one of our newest members of the board of trustees. justice for many years have recommended assets be counted at a level equal to one year's expenditures or 100% of annual expenditures. and if you look carefully at the start of 2011 the hospital

insurance trust fund is just about at that level, 103% of annual expenditures. it is been going down for some years, and it is expected to continue going down fairly steadily until the assets are exhausted in the year 2024 ended the intermediate assumptions. the trustees have a formal test of short range financial adequacy which involves among other things having a trust fund ratio of the stays above 100% of annual expenditures. obviously that just fun has not for many years. it is worth taking a little more careful look at how this projection compares to last year's. one of the more novel findings in the new report was that the exhaustion date for the hospital insurance trust fund is now projected to be 2024 which is five years earlier than in last year's projection.

that is one of the larger changes of one of the larger earlier advances in the estimated date that we have run into. but the largest, with the second. now, the reasons for this are a bit complex, an active user version. the short version is that we have lower than expected payroll tax revenues of 2010 because of a lingering effects of the recession and slow growth in average earnings. we also have faster projected real growth in age i expenditures. so the two of them combined lead to the changing result. now, if there is time in any of you have questions we can go into that in much more detail if your interested. let me go back just a second. notice that under the 2010 trustees' report projection the dyfed curve, notice of the assets, the trust fund ratio is

off for a time between 2014 and 2021. so that brought us some time in the hiatus from for the trust fund deficits, bought a some time and treated to last year's projection of 2029 as date by which the assets would be exhausted. you can see in the new projection, this year's projection, that doesn't happen. this next chart just shows of a bit more about why it doesn't happen. these kurds are the annual surpluses or deficits, and that is just the difference between total revenues and total expenditures in a given year. again, the doctor, last year's projection, you saw that we expected the impact of the recovery and the affordable care at savings to result in a trust fund surplus for 2014 through 2021. now with the somewhat worse condition and the larger deficit

we don't have a surplus in more for those years. it's a small deficit. that moves up the time that we get into the very large deficits of $50 billion per year or more annually. this so-called budget trust fund trustee deficits. that is just a little bit of what is underlying the earlier time. now, in the office of the actuary, not just us, but the board of trustees be all had to make exceedingly long-range projections in something as volatile as health care costs. the project him for 75 years and get a lot of attention in the trustees' report. their projected beyond that point. what i'm showing here is a 75-year long-range projections for the trust fund operations. because of the long time, nominal dollar amounts.

if all workers are a million dollars a year and a trilogy that it would happen someday you will stop believing anything further i said. i would stop believing anything further i said. to avoid that calamity we should use relative terms. for example, the income rate, we show relative income to program tax revenues / all the money that is subject to the age i payroll tax rate, that is referred to as taxable payroll. in 2011, for example, the age i payroll tax rate is 145%. for a combination of teenine percent. then we get revenues from income taxes on social security benefits which adds another core%. right now the income rate is in the vicinity of 3%. starting in 2013 if you look

carefully you see a little bump in the income rate. that is when under the affordable carriage for high-income workers, they will need to pay an additional perrot tax. high income worker is defined as a single worker with $200,000. a married couple with earnings of about $250,000. it is important to know that those income thresholds are not indexed. $250,000. that is fixed forever. the greater proportion of workers will meet those thresholds and be subject to higher petrol tax. as a result the income rate showed in the chart increases over time. the normal tax rate for people below the threshold doesn't

change unless congress enacts the legislation. they will stay. this extra will apply to more and more people. in fact, by the end of the 75 years about 80 percent of workers are going to be high income by those definitions. did you all something to look forward to. what about the cost rate? in 2010 expenditures were $50 billion. compared to taxable payroll that gives you a cost rate of 38%. the current cost is fairly high. it jumped up primarily because of the recession. reducing the taxable payroll. the custer went out. growth in the future is due to the same thing we talked about

in the future. intensity of services and if you have the retirement of the baby boomers, their entitlement to a medicare benefits starting this year for people turning 65 this year and then continuing for the next 20 years until we all breached sufficiently high age. that that the projected expenditures exceed the projected income rates in all years. even though the difference narrows quite a bit the economy recovers. the affordable care acts savings can't. netted in particular in the costa a hell of levels of starting in 2014 or thereabouts, it is growing very rapidly and then levels off. one might think, okay. that is the baby boom showing up. they are all there.

that is a little too simplified. what is is the combination of the baby boom becoming eligible for benefits plus growth and utilization services, prices for services, and all of that overtime significantly offsets by one of the key features of the affordable care act. that is starting almost immediately for most medicare providers the payment rate updates will be based on the increase in their input prices. the facilities that they owed or lease or rent or whatever for medicare equipment and supplies the energy costs, utilities, professional liabilities, all of the above, the input prices they pay go up from time to time.

payment update equals the increase-the increase in a companywide productivity which is about 1 percent per year roughly speaking. now, those 1 percent adjustment compound over time. overlong periods of time like we are showing in this chart the become strong. the more than counteract everything else. the aging of the baby boom, the otherwise growth and utilization and intensity, all of those factors. you can see the curve starts to come down. the leveling off is caused almost exclusively by the compound in effect over time of their productivity adjustments. this relatively good news. we have seen projections like this for medicare in ages. they don't like that bad. you can deal with the deficit of that size, although it would take some doing. that is not a big deficit value.

what is there to worry about? we will skip ahead to chart number five in downtown you. chart five illustrates medicare payment rates for incoming house will services, past as well as projection. we're showing these relative to payment rates for private health insurance. and assumed one bandit%, the level projected for private health insurance. assuming that it does not change because medicare rates are slower, you can make a case that because of those lower medicare payment rates the private health insurance can also be slower or maybe they would have to be faster to make up for this for medicare. you could make a good argument either way. we are assuming there will be but they are, negotiated in the future based largely on the

input price growth for providers-they're achievable productivity. now currently the medicare payment rates for inpatient hospital services are approximately 67% or two-thirds of the private health insurance rate. you can also see medicaid on there, and it's about the same. just a hair lower. now, with medicare prices growing 1% more slowly than the input price per of, medicare rates are going to grow more slowly than what we think will happen in the private sector. this chart shows what happens eventually -- well, within ten years there would be less than 60 percent of the private health insurance rates consuming to have the simi it doesn't do anything special up or down. by the end of our long-range 75 years it would be only about

one-third of the level for private health insurance. for that matter it would be only about half of the current relative level for medicaid. now, medicaid does have an upper payment limit for hospital inpatient services. they can't generally pay more than medicare pays. so this is going to drag the medicare payment rates stand at the overtime. now, the real question is, can providers live with this? has this become unworkable overtime? i would argue the key question facing us. one thing that is pretty clear, today virtually none of the health care providers have been able to achieve their own increases in productivity that have come anywhere near a, rates.

remember, the economy wide rates and the adjustment to the payment of debts for medicare. historically if you think about it a health care treatment is pretty labor-intensive. a lot of the treatments are customized for individuals. in that kind of environment is tough to achieve the same kind of productivity you see in manufacturing or other centers. so if providers cannot match these productivity adjustments and payments lag behind their costs at some point they would become unable or unwilling to treat medicare beneficiaries. at that point they would either have to drop out of the market or far more likely congress would have to step in and say we can't have access problems for medicare. we're going to override him and adjustments much as they have had to do for the payment adjustments required. if that happens in the actual

costs for medicare would be significantly higher than what is projected under current law. there is the possibility that with major transformation of change in the delivery and payment for health care services providers can improve their productivity, efficiency, and hold costs down sufficiently to live with these lower payment rates. that is a major if. they have not been able to do it today. this gives it a lot of incentive it remains to be seen whether the transformational changes can occur and can occur sufficiently to make it possible to live with these payment rates. let's go back to a long-range a giant projection. the blessed curves of the same

ones we saw before, the projection under current law. the cost rate. the red curves are from the 2009 trustees' report prior to the enactment of the affordable care act. you can see the major changes brought into effect because of the affordable care at. nudges, for example, the income rate increases considerably more than it used to because of the additional payment rate. but notice even more dramatically from the 2009 cost reproduction grappling clear down to the 2011 cost red projection, just notice how much lower that is. it is dramatically lower. that is primarily the effect of the compound and of the productivity adjustments the payment rates. together with all the other savings, principally to lower medicare advantage payment benchmarks that take effect and

phase in over the next several years. so that is an incredible improvement. if it all works that will be fantastic. now, suppose it doesn't work, i have suggested -- i have been suggested, i've brought your face is that the likelihood of these productivity adjustments may not work in the long run. so to recognize this possibility and said give the trustees' report a sense that if they don't work than by how much life costs exceed the current projections, the board of trustees has asked the office of the actuary to do an illustrative alternative to projections. that is the blue curved in the middle. the 2011 trustees' report. for that we assume that the productivity adjustments are fully in place through 2019.

gradually phased out over the next 15 years. so there is a difference between the blue curve and the black cost recurve. it's just to phase out these productivity adjustments. you can see what kind of difference it makes. under current law the cost rate is projected to be a little less than 5% of taxable payroll. under the illustrative alternative to current law it would be over 9%. it makes a big difference. and so the future viability of these adjustments to payment rates become critically important in terms of how much of the remaining problem we have to solve. okay. let's not talk about part de for a little bit.

its own payment rate question. everybody here, sustainable growth rate for position payment. i'm sure you're all aware that come january 1st 2012 of the current law we will have to reduce medicare payment rates to physicians by 29 percentage. that is pretty unlikely to happen. congress has overridden smaller payment reductions every year in 2003 through 2011. they're almost certain to override these again. but the trustees report has to show current law projections. we have to assume that actually happens as well as the impact of further adjustments and payments updates for physicians and the next fg are. this is what the results would look like. currently medicare payment rates for physicians by 80 percent of