booktv, 48 hours of book programming beginning saturday morning at 8 eastern through monday morning at 8 eastern. nonfiction books all weekend, every weekend right here on c-span2. >> here's what's ahead this morning on c-span2. next, "the communicators" talks with two house members on congressional legislative efforts to address cybersecurity. then a look at a pilot program using digital technology and live streaming of trial court proceedings. after that a forum on the future of nasa with the space agency's scientists and engineers. then more on nasa's future by u.s. representative donna edwards, a member of the science, space and technology committee. >> this week on "the communicators," two legislators discuss congress' role when it comes to cybersecurity issues. representative mac thornberry is the chair of the house republican cybersecurity task

force, and democratic representative jim langevin is co-founder of the house cybersecurity caucus. >> host: and this is c-span's "communicators" program. we're continuing our series on cybersecurity and cyber threats to the united states. this week the congressional response to cybersecurity. joining us is representative mac thornberry who serves as chair of the house republican task force on cybersecurity. congressman thornberry, thank you for being here. jennifer martinez of politico is our guest reporter. congressman, what in your view are the cybersecurity needs of the u.s. to defend against, and do you think that the white house plan introduced in may addresses those needs? >> guest: well, the country faces a wide spectrum of threats in cyberspace be all the way from vandalism and petty crime to more serious crime, theft of

intellectual property to things that people are calling cyber warfare. and be so it's a wide spectrum of threats. i think the fundamental issue is that our laws and policies have not kept up with the changes in technology. and so to a large extent the government is playing catch up, and that's what, i think, the white house proposal is trying to address, that's what we're trying to address in congress is to try to help update, basically, our laws and policies. i think the white house proposal has some very helpful elements in it. it, there are, i think it's a good building block for steps that congress can and should take. it doesn't address all the issues, but we're not going to fix all the issues in a single bill. it's going to take a conversation with the american people, it's going to take a, i think, an incremental sort of

approach. but there are a number of issues that it does not address that i think we need to at least be talking about. >> host: do you think that cybersecurity legislation can ever keep up with cybersecurity threats? given the fast-moving -- >> guest: no, and it shouldn't try to. i mean, we cannot have the federal government pass a law that says what the defense needs to do. but we can improve our organization, we can update laws, criminal, our military doctrine to reflect this new reality that we are, we have national security challenges as well as criminal challenges and other things, economic challenges in cyberspace. so there is no definitive, you know, point we'll reach and say, okay, now we're done. that's why this has to be a continual sort of process. >> host: jennifer martinez. >> host: so the house is going to tackle cybersecurity

legislation in a piecemeal fashion. in the summit they're scrambling to punch out a single, larger comprehensive cybersecurity bill by the fall. so are there any bill or bills in particular that you think the house should act on first and you think are particularly important? and then, also, do you think it's possible to pass a cybersecurity bill through this congress? >> guest: um, i do think it is possible to pass legislation in this congress that will make significant progress in cybersecurity, and that's what the speaker wants to do. and so, but because it is complex and it touches on at least nine different committees, he wanted to form a republican task force to at least begin to lay the groundwork for what the committees would do. and so the work will go through

the regular committee process, and as you know speaker feels strongly about that. but our hope is this task force can kind of set up the framework from which the committees can operate. and you're right, i think when you have the committees do their job, that means it'll be more of a piecemeal because different committees have different jurisdiction on the cyber issue. and i can't tell you what the final legislative vehicle will be. as you say, the senate's working towards this big bill, but i hope we don't take an all or nothing approach, big bill or nothing. i don't think that would be helpful because there are some parts of cyber that nearly everybody agrees we need to act on; improving the government's own procurement in cyber practices. there's a legislation called fisma for the government's own, and so there are other examples like that. but i think the key is and what the speaker wants to do is do

something that helps make the country safer in cyberspace. >> host: uh-huh. and so for the task force, um, speaker boehner, majority leader cantor announceed the creation of that last month, and they tapped you to lead it, so congratulations. [inaudible] [laughter] >> host: congressman langevin, though, has been pretty vocal about how this task force is not bipartisan, it's only comprised of republican members. do you think that because it's comprised of members from only one party, do you see any obstacles you're going to face because of that or potential challenges? this um, and then, also, can you address that charge from congressman langevin about how this is potentially turning cybersecurity into a, um, a partisan issue? >> guest: i don't think it's turning into a partisan issue at all. and jim certainly is one of the most knowledgeable people in congress, house or senate, on

these issues. and he and i happen to be chair and ranking member of the subcommittee on armed services that has cybersecurity jurisdiction for the pentagon. we work very well together. um, and there is no reason for cybersecurity to be a partisan issue. it has not been in the past, and i don't think it will in the future. the speaker felt, though, that before we move legislation that he needed an advisory group, basically, to step back and look at the broader picture of cybersecurity and establish or at least lay out some sort of framework from which the committees can do their work. we're not writing legislation in the task force, we're just trying to step back and look at the bigger picture, lay out kind of an approach that seems to make sense there a house republican standpoint. but then it's going to be up to the individual committees. and there's every expectation and hope that as the committees actually write the bills it will

be completely bipartisan. and, of course, in the armed services committee i guarantee it will. jim and i will be working together on cyber legislation there. but and then the other key thing, the task force has members on it from each of the nine committees that have significant jurisdiction. and so you get a variety of inputs as you're looking at that bigger picture, and he felt that we needed to do that first. >> host: congressman thornberry, the u.s. chamber of commerce has expressed concerns about hamper being business with regard to the plan, there's also been concerns expressed about privacy issues. where do you stand on both those fronts? >> guest: i think both are very legitimate concerns. if we take action through the government that makes our business less competitive, we will not have been doing the economy or the country any favors. and at the same time if government takes action that

significantly effects our individual privacy rights in the name of cybersecurity, then we also will have changed the essential fabric of our freedoms. and so it's a little bit like some of the screening mechanisms that we've gone through in the last decade. we're going to have to work our way as a country through it understanding we'll accept some risk in cybersecurity, but the same time we can't leave ourselves just open and vulnerable and exposed to malicious actors in cyberspace. so we need to work with privacy folks, we need to work with business, we need to work with the high-tech community to take these steps i'm talking about understanding it's not a final answer, but to try to increase our general level of cybersecurity around the country. >> host: is this only a defense threat, or do you see it as an economic threat as well? >> guest: oh, it's clearly an economic threat. and i can't tell you the numbers. various people use these

gigantic numbers about how much stuff has been stolen from industry. it's intellectual property that is being stolen, and that's american jobs that are being stolen. so there's no doubt that there's an enormous economic element to this as well as criminals making money as well as a national security element to it. and, of course, that is the primary funk, i think, of the -- function, i think, of the federal government. >> host: jennifer martinez. >> host: so industry has discouraged congress from instituting a set of regulations or security standards they must follow and instead have advocated for those to have incentives that reward the private sector for taking better steps to secure their computer systems and networks. so i wanted to see do you prefer incentives over regulation? and if so, what would possible incentives be? are we talking tax breaks, are

we talking grants for research and development for businesses? >> guest: well, to me, it's always preferable to encourage somebody to do the right thing rather than to tell them, go do the right thing. if you get their interests aligned with what you're trying to accomplish, you're going to be more successful. and just as we were talking earlier, this is a very difficult area for the federal government to regulate in because it changes so much. but on the other hand, if you can encourage business to make the changes on their own to keep up with the changing threat, then i think you'll have accomplished more. now, there may be some more regulation that's needed, and people most often talk about the nuclear power industry. maybe the electricity grid as areas that are already fairly regulated and perhaps additional regulation is needed. so i think we need to look at that, but to me it makes more sense if you can encourage people to think the same way.

and a variety of incentives have been talked about from tax incentives to liability protection, um, and others. if you can streamline some of the audits that are already in law, you can offer an enticement for businesses to improve their cybersecurity and thus remove some of the burden that they face under sarbanes-oxley and some of the other current regulations and laws. >> host: uh-huh. and also as part of the task force, basically, you're reporting back to your key leadership in october. have they asked you to look into any particular areas of cybersecurity, and when you report back to them this fall, what are they going to be doing with the feedback you'll be giving them? >> guest: they did give us four specific areas they wanted us to consider. one is critical infrastructure, one is information sharing, another is laws that need to be updated, and the fourth one is

authorities issues. and there we're talking about a fair number of national security-related type authorities. so those are four areas that they've laid out. there may be others. it wasn't exclusive. and really it's going to be up to them on what they do with the recommendations. but the hope is that we take this kind of cross-committee framework without writing the details of the legislation, but we set that up. but that enables the individual committees to move out in their piece of jurisdiction under that framework and consistent with that framework. meanwhile, as they write the legislation, you're going to have to have this bipartisan approach, talks with the white house and considering what the senate approach is. that all has to come together through the process. >> host: some of the committees that will be active on cybersecurity in the house include the armed services, mac

thornberry serves on that committee, in fact, he's chair of the subcommittee on emerging threats and capabilities; homeland security; energy and commerce; intelligence; oversight and government reform and judiciary. just to follow up on jennifer's question, if you're reporting back in october, what do you think could possibly be passed with regard to cybersecurity legislation in this congress? >> guest: well, there are two or three pieces of legislation already moving in the house that touch on cybersecurity. i think a subcommittee of energy and commerce is already reported out a data breach bill. we have a couple of provisions in armed services, the science committee just approved last week a bill relateed to cybersecurity, so things are moving. and, again, i think the hope is with this framework over the next year and a half we can make substantial progress in a

variety of areas. but not put -- my preference personally would not to be to put all our eggs into a single 2,000-page bill that you have to ram through and nobody knows what's in the it. i don't think there's a very good history of that sort of approach. >> host: jennifer martinez. >> host: and then the budget crisis has consumed washington for months, as you know. how do you think that's going to impact the type of bills coming through the house. >> and, also, the house gop freshmen have made it very clear they're against anything that's going to increase spending. do you see that as a possible issue going forward as these various committees are looking at cyber legislation? >> guest: i think you're exactly right, it will be an issue going forward. so a lot of people perhaps would like to have more federal research in cybersecurity. if so, the question is how to you pay for that -- how do you pay for that?

the incentives that we were talking about, some of them may be tax incentives, may have a cost to the federal treasury or at least cbo would score them that way. that may make them more difficult to accomplish. so cybersecurity, like every other issue in washington right now, is going to be constrained by the budget, tight budgets that we all face. i think that's absolutely true. >> host: and, in fact, the national journal reports that the pentagon's budget for 2012 includes $2.be 3 billion for protecting against cyber attacks. and omb estimates that total government spending on information security this year will be about $12 billion. jennifer martinez, we have time for one more question. >> host: okay. um, well, since you're the vice chairman of the armed services committee, i wanted to ask you about the pentagon's recent release of its first formal cyber strategy. and in that they did not give a

very clearcut definition for what an act of war is in the digital age and what type of a cyber attack would warrant a physical or kinetic response. were you disappointed that they left that question unanswered, and how important do you think it is for the pentagon to be spelling out what an act of war is in the digital age? >> guest: i was somewhat disappointed at the vagueness of the strategy. i don't know that any of us should expect the pentagon or anybody else to come up with definitive answers to some of these very hard questions because they are difficult. in our first hearing in our armed services subcommittee this year, i tried to pose the question this way: we know what we expect opportunity of defense -- department of defense to do if a bunch of planes come to bomb a refinery in the houston ship channel. what do we expect the federal government to do if it's a bunch

of packets coming to bomb that same refinery in the houston ship channel? what is the government and particularly the military's responsibility to defend private business and facilities in cyberspace? we don't know. so i didn't really expect the pentagon to come up with definitive answers, but i think it's very important that we grapple seriously with these issues. and that particular strategy was more vague and didn't advance the ball as much as i would like. at the same time, secretary lynn has been very helpful in putting forward ideas and strategies to help defend the country, and so some of his speech bees maybe have advanced things a little further than the strategy did. >> host: congressman mac thornberry is a republican from texas, chairman of the subcommittee on emerging threats and capabilities and chair of the house republican task force on cybersecurity. thank you for being on "the

communicators." up next, congressman jim langevin, democrat of rhode island. we'll be talking with him as well. and now we are continuing our conversation on the congressional response to cybersecurity threats. now joined by representative jim langevin, member of the armed services subcommittee on emerging threats and capabilities where he serves as ranking member, and he's also co-founder of the house cybersecurity caucus. mr. langevin, with the president's cybersecurity proposal introduced in may how do you think the congress can implement that, and how would you like to see it improved? >> guest: well, the white house proposal's been a long time in coming, but i'm finally glad it's here. i think it moves us in the right direction. i'm hopeful that the congress will take up most of the elements of the cybersecurity proposal and, hopefully, we can implement it. the challenge will be, of

course, reaching across jurisdictional lines and multiple committees that have responsibility for cyber and trying to move a bill forward. but i'm hopeful that certainly on the senate side there may be a comprehensive bill that they've been pushing, at least they're talking about moving through the senate. senator harry reid has said he wants to make that a priority, and i'm, again, i want to continue to push the house to also take up comprehensive cybersecurity legislation. >> host: now, mac thornberry said that when he was here that he would not prefer a 2,000-page bill, he would prefer it almost in piecemeal. >> guest: well, i would say let's get something done whether it's a comprehensive bill or the piecemeal. we at least have to address what i think are glaring threats out this. right now we have serious threats facing the country in both vulnerabilities in cyber crime and cyber espionage. those are -- and also nets we see in the areas -- threats we

see in the areas of critical infrastructure. those concern me the most. where the most damage can be done is in critical infrastructure, and at the very least i'd like to see that threat addressed, and if we can close that vulnerability, we'll go a long way in protecting the country. >> host: jennifer martinez with "the politico." >> host: and also when congressman thornberry was here, he was talking about the creation of the cybersecurity task portion in the house. -- force in the house. >> guest: right. >> host: and we've talked about how you've been disappointed that it's republican members only, and you'd have hoped it would have been bipartisan. and he was saying the reason behind the creation for the task force was to help reduce the procedural challenges in the house when dealing with different types of legislation and also make sure that the bills are shepherded to the right committees. do you, do you think that's going to help with some of those challenges? >> guest: well, as we've spoken about, i would have preferred to have seen this a bipartisan

effort. i've been at this for several years now dealing with the issue of cybersecurity, and i've always went to great lengths to try to make this a bipartisan issue and, hence, creation of the bipartisan cybersecurity caucus. that being said, you know, i've always ray raised, you know, concerns i have with the speaker and both directly and through correspondence be that it should be a bipartisan effort, i'd like to see that continue. but that being said, i do want to see the issue move forward however we get this done, and i'm not working to make it a partisan issue. let's see what is going to come out of this it is task force, an we're going to try to work together to get something through the congress. >> host: uh-huh. and then you were talking about protecting critical infrastructure, so in the white house plan that came out this spring, the obama administration basically gave the department of homeland security a stepped-up rule in managing the government's cyber defenses, that also included having dhs

work with an industry to come up with a framework that would boost their own defensive against cyber attacks. but there's been some concern raised about dhs' ability to perform in this new elevated role. do you think dhs is up for the mission? >> guest: well, as you know, i would prefer to see a strong director in the cybersecurity office in the white house that is a senate-confirmed position that can reach across goth and better coordinate -- across government and better coordinate our defenses but also working very closely with the private sector. so that being said, there are strong elements in the president's plan that i like. i think it's very important that they emphasize information sharing between the government and the private sector. the government has broad visibility into the threats, but we don't have broad visibility into what's happening in the private sector the way isps

do. so if we can bring in those barriers that prevent information sharing going both ways, i think the private sector will be much better protected. the other thing is i do like the fact that they're encouraging, you know, closer cooperation with trying to protect critical infrastructure in the private sector, most of which is, again, owned and operated by the private sector, the electric grid in particular is a real cause of concern because that's where i think most of the damage could be done both in terms of potential loss of life, but also damage to our economy. so we've identified vulnerabilities in our electric grid that certainly can be exploited by an adversary or an enemy, a terrorist, if you would, that could cause that kind of damage. so closing that vulnerability is just so important, and it's been a high priority of mine for a very long time. >> host: right. and you actually testified on protecting the electric grid not that long ago. >> guest: that's right. >> host: do you think it's possible to get a bill passed this congress on protecting the

electric grid? >> guest: yeah, and so this is where the right authorities in place are going to be important. that's why i'm hopeful we can get a bill through. the grid act passed in the last congress and be, unfortunately, didn't get to where we needed it to become law. but that would have given more directive authority, for example, which they don't have the authority right now to direct that vulnerabilities be closed when they identify problems in the electric grid. nerc is the self-regulating body of the electric grid, and they propose changes to ferc. ferc can't direct changes be made. we need to approve that authority, and that's what my legislation would have done, and it would have done that also in the grid act. and my legislation that i've introduced would give broader authority to regulate in the area of critical infrastructure.

right now they don't have authority. and even the president's proposal, it's not strong enough, and it encourages through incentives for the electric grid to close vulnerabilities, but we need to -- i think they have to have stronger authorities to regulate. >> host: congressman langevin, do you see a need for one director of cybersecurity in some capacity? so if there is an attack on a u.s. government site or a private site, um, there's one resource to go to also has budget tear authority? >> guest: yeah, i do believe that, and that's the legislation that i've introduced. and the executive cybersecurity authorities act would, basically, create in a cybersecurity office within the white house that has both policy and budgetary authority. it would be a senate-confirmed directer and, again, would be able to reach across government to really compel compliance where the things that need to be done to protect the network. we're not doing a very good job

right now in protecting the.gov network. that person needs to work more closely with the private sector. general alexander is head of cyber command in nsa, and they do a very good job as can be done on protecting the dot.mil networks. but we don't have that same robust arrangement in protecting the dot.gov network. >> host: where are most of these attacks coming fromming? >> a variety of sources. it's not only attacks, attacks being the worst that could happen. most of us are familiar with cyber intrusions, and people think of things like going in and hacking into our e-mail or spamming the e-mail. but intrusions can also be much more serious; espionage, criminal activity.

certainly in the banking system where there are millions if not billions of dollars that are siphoned off every year. espionage, defense contractors being hacked and critical information being stolen, some of which may be at the classified level or will eventually become classified. those are real problems. the area of attack, of course, that's what we -- that term is used, in my opinion -- [inaudible] but the potential exists that a nation state or a terrorist could, for example, hack into the electric grid in an attack which governs safety systems on pumps and valves and could actually cause a generator to blow it up. that's been trust -- been proven through idaho national labs. and that's, again, what worried me. what we're seeing mostly right now is cyber crime or espionage,

and those things really need to be addressed because it's doing great damage to our economy. >> host: what do you think about kill switch legislation or the concept of a kill switch? >> guest: yeah. there's no such thing, and i don't believe -- i don't ever want to see the goth -- the government have that kind of power to ever have a kill switch. what i do want to see, again, is closer collaboration, cooperation between the government and private sector. the pr's proposal -- the president's proposal would help with that. that we could share that with the private sector so they know what signatures to look for, but then private sector can share with the government what they're seeing and how we can work more collaboratively to better protect our citizens. >> host: do you think that businesses field -- need incentives to do so? they're afraid of sharing information with the government because they're not sure how