where they live. if i were the bad guy, all i have to do is watch these types of people promoting these types of books and i would be able to do damage to america. some things should be secret and some things should be exposed. guest: i agree with you. i am sensitive to that. about consult with fbi people theevealed intercepts that "the new york times" revealed. that did tip off the enemy. in this case, it is no secret that the fbi does blogging -- bugging. the general outline of what they do is known. a lot of the material in the book is stories about what goes on in these break-ins

coming up on "the communicators" a discussion on congress's role when it comes to cybersecurity issues are go after that, our booktv coverage starts with robert hirst, and curator of the mark twain papers. >> this week on "the communicators" to legislators discuss congress's role when it comes to cybersecurity issues. representative mac thornberry is

the chair of the house republicans cybersecurity task force and democratic representatives jim langevin is co-founder of the house cybersecurity caucus. >> host: this is c-span's "communicators" program. we are continuing our series on cybersecurity and cyberthreats to the united states this week. the congressional response to cybersecurity. joining us is representative mac thornberry, who serves as chair of the house republicans task force on cybersecurity. congressman thornberry thank you for being here. jennifer martinez the politico is our guest reporter. congressman, what in your view are the cybersecurity needs of the u.s. to defend against and to you think that the white house plan introduced in may addresses those needs? >> guest: well, the country faces a wide spectrum of threats in cyberspace, all the way from vandalism and petty crime to

more serious crime, theft of intellectual property to things that people are calling cyberwarfare and so it is a wide spectrum of threats. i think the fundamental issue is that our laws and policies have not kept up with the changes in technology, and so to a large extent, the government is playing catch-up and that is what i think the white house proposal is trying to address. that is what we are trying to address and congress is to try to help update basically our laws and policies. i think the white house proposal has some very helpful elements in it. there are -- i think it is a good building block for steps that congress can and should take. it doesn't address all the issues, but we are not going to fix all the issues in a single bill. it is going to take a conversation with the mag and people. it is going to take, i think, an

incremental sort of approach, but there are a number of issues that it does not address but i think we need -- mcaleese need to be talking about. >> host: do you think that cybersecurity legislation can ever keep up with cybersecurity threats? >> guest: you know, it shouldn't try to. we cannot have the federal government passed a law that says what the defense needs to do, but we can improve our organization. we can update laws, criminal and our military doctrine, to reflect this new reality that we have national security challenges as well as criminal challenges and economic challenges in cyberspace. so, there is no definitive you know.we will reach and say we are done. that is why this has to be a continual process. >> host: jennifer martinez. >> guest: the house is going

to tackle cybersecurity legislation in a piecemeal fashion whereas in the senate they are scrambling to hammer out a single larger comprehensive cybersecurity bill by the fall. so since the house is taking this piecemeal approach, are there any bill or bills in particular that you think the how should act on first and you think are particularly important, and then also, do you think it is possible to pass the cybersecurity bill through this congress? >> guest: i do think it is possible to pass legislation in this congress that will make significant progress in cybersecurity and that is what the speaker wants to do. and so, but because it is so complex and it touches on at least nine different committees, he wanted to form a republican task force to at least begin to lay the groundwork or what the

committees would do, and so the work will go through the regular committee process and as you know speaker feels strongly about that. but our hope is this task force can kind of set up a framework from which the committees can operate. and you are right. i think when you have the committees do their job, that means there will be more for piecemeal because different committees have different pieces of jurisdiction on the cyberissue. i can't tell you what the final legislative viewpoint will be. as you say the senate is working towards this big bill, but i hope we don't take an all or nothing approach. big bill or nothing. i don't think that would be helpful because there are some parts of cyberthat nearly everybody agrees with that we should act on come improving the governments own per curiam and in cyberpractices. there is a legislation called the smoke. there are other examples like that. but i think the key is, and what

the speaker wants to do is do something that helps make the country safer in cyberspace. >> guest: for the task force, speaker speaker boehner, majority leader cantor and a creation -- so congratulations. congressman langevin though had a pretty local about how this task force is not bipartisan and only comprised of republican members. do you think that, because it is comprised of one party, do you see any obstacles because of that or potential challenges? and then also can you address that charge from congressman langevin about how this is potentially turning cybersecurity into a partisan issue? >> guest: i don't think it is turning into a partisan issue at all, and jim certainly is one of the most knowledgeable people in

congress, house or senatesenate, and these issues and he and i happen to be chair and ranking member of the subcommittee on armed services that has cybersecurity jurisdiction for the pentagon. we work very well together. and there is no reason for cybersecurity to be a partisan issue. it has not been in the past and i don't think it will in the future. the speaker felt though that before we move legislation that he needed an advisory group basically to step out and look at the broader picture of cybersecurity, and establish or at least lay out some sort of framework from which the committees can do their work. we are not writing legislation in the task force. we are just trying to step out and look at the bigger picture of laying out kind of an approach that seems to make sense from a house republicans point, but then it is going to be up to the individual committees and there is every expectation and hope that as the

committees actually write the bills it will be completely bipartisan. and of course in the armed services committee i guarantee it will. we will be working together on cyberlegislation there. and then the other key thing, the task force has members on it from each of the nine committees that have significant jurisdiction. so you get a variety of inputs as you were looking at that bigger picture. he felt that we need to do that first. >> host: congressman thornberry as you know the u.s. chamber of commerce's has expressed some concerns about hampering business with regard to the cyber plan. there's also been concerns expressed about privacy issues. where do you stand on both of those of france? >> guest: i think both are very legitimate. if we take action to the government that makes our business less competitive, we will not have been doing the economy or the country any favors and at the same time, the

government takes actions that significantly affects our individual privacy rights in the name of cybersecurity, then we also would have changed the essential fabric of our freedoms. so it is a little bit like sum up the screening mechanisms that we have gone through in the last decade ago we are going to have to work our way as the country a country through it, understanding we will have some risks in cybersecurity but at the same time we can't leave ourselves open and vulnerable and exposed to malicious actors in cyberspace. so we need to work with privacy folks. we need to work with business. we need to work for the high-tech community to take the steps i am talking about, understanding there is not a final answer but to try to increase our general level of cybersecurity around the country. >> host: is this only a defense threat or do you see it as an economic threat as well? >> guest: is clearly an economic threat and i can tell

you the numbers of various people that use these gigantic numbers about how much stuff has been stolen from industry. it is intellectual property that is being stolen and that is american jobs th at are being stolen so there's no doubt that there is an enormous economic element to this as well as criminals making money, as well as in national security element to it and of course that is the primary function i think of the federal government. >> host: jennifer martinez. >> guest: industry has discouraged congress from instituting a set of regulations or security standards that they must follow and instead have advocated for bills to have incentives that will report the private sector for taking steps to better secure their computer systems and networks. so i wanted to see, do you prefer incentives over regulation and if so, what would possible incentives be? are we talking tax breaks?

are retracting grants and research and development for businesses? >> guest: well, to me it is always preferable to encourage somebody to do the right thing rather than to tell them, go do the right thing. if you get their interests aligned with what you are trying to accomplish, you are going to be more successful, and just as we were talking earlier, this is a very difficult issue -- area for the federal government to regulate in because it changes so much but on the other hand if you can encourage business to make the changes on their own to keep up with the changing threats than i think you will have accomplished more. now there may be some more regulation that is needed and people most often talk about the nuclear power industry. maybe the electricity grid as areas that are already barely regulated and perhaps additional regulation is needed. i think we need to look at that, but to me it makes more sense if you can encourage people to

think the same way. and from tax incentives to liability protection, and if you can streamline some of the audits that are already in the law, you can offer an enticement for businesses to improve their cybersecurity and thus remove some of the burden that they face under sarbanes-oxley. >> guest: also come as, as part of the task force, basically you are reporting back to your peer leadership in october. have they asked you to look into any reticular areas of cybersecurity and when you report back to them this fall, what are they going to be doing with the feedback that you will be giving them? >> guest: they did give us for specific areas that they wanted us to consider. one is critical infrastructure. one is information sharing. another is laws that need to be

updated, and the fourth one is authority's issues and we are talking about a fair number of national security related type authorities. so those are for areas that they have laid out. there may be others. they were not exclusive. really it is going to be up to them on what they do with the recommendations but the hope is that we take this kind of cross committee framework without writing the details of the legislation but we set up bad and that enables the individual's committees to move out into their piece of jurisdiction under that framework and consistent with that framework. meanwhile as they write the legislation they're going to have to have this bipartisan approach and talks with the white house and considering what the senate approaches. that all has to come together through the process. >> host: some of the committees that will be active on cybersecurity in the house include the armed services, mac

thornberry serves on that committee. in fact he is chair of the subcommittee on emerging threats and capabilities, homeland security, energy and commerce, intelligence, oversight and government reform and judiciary. congressman just to follow-up on jennifer's question, if you are reporting back in october, what do you think of possibly be passed with regard to cybersecurity legislation in this congress? >> guest: well, there are two or three pieces of legislation already moved through the house that touch on cybersecurity. i think a subcommittee of energy and commerce has already reported a bill. with a couple of provisions in the armed services. the science committee just approved last week a bill related to cybersecurity so things are moving. and, again i think the hope is that with this framework, over the next year and a half, we can

make substantial progress in a variety of areas, but not -- my preference personally would be not to put all our eggs into a single 2000 page bill that you have to ram through and nobody knows what is in it. i don't think there's a very good history of that sort of legislation. >> host: jennifer martinez. >> guest: and then the budget prices has consumed washington for months, as you know. how do you think that is going to impact the types of deals coming through the house and also the freshman freshmen have made it very clear that they are against anything that is going to increase spending. do you see that as a possible issue going forward as these committees are looking at cyberlegislation? >> guest: i think you are exactly right. it will be an issue going forward so a lot of people perhaps would like to have more federal research in cybersecurity. if so the question is how do you pay for that?

the incentives that we were talking about, some of them may be tax incentives and may have a cost to the federal treasury or at least cbo would score the not way. that may make it more difficult to accomplish. so, cybersecurity, like every other issue in washington right now, is going to be constrained by the type that just that we all face. i think that is absolutely true. >> host:>> host: and infect the "national journal" reports that the pentagon's budget for 2012 includes $2.3 billion for protecting against cyberattacks and omb estimates that total government spending on information security this year will be about $12 billion. jennifer martinez we have time for one more question. >> guest: okay. well since you are the vice-chairman of the armed services committee, wanted to ask you about the pentagon's recent release of its first cyberstrategy. in that, they did not give a

very clear-cut definition for what -- in the digital age and what type of a cyberattack would warrant a physical or kinetic response. were you disappointed that they left that question unanswered and how important do you think it is for the pentagon to be spelling out what an act of war is in the digital age? >> guest: i was similarly disappointed at the that the vagueness of the strategy. i don't know that any of us should expect the pentagon or anybody else to come up with definitive answers to some of these very hard questions because they are difficult. in our first hearing in our armed services subcommittee this year, tried to pose the question this way. we know what we expect the department of defense to do if a bunch of planes come to bomb a refinery in the houston ship channel. what to expect the federal

government to do if it is a bunch of packets coming to bond that same refinery in the houston ship channel? what is the government and particularly the military's responsibility to defend private business and facilities in cyberspace? we don't know, so i didn't really expect the pentagon to come up with definitive answers that i think it is very important that we grapple seriously with these issues and that particular strategy was more vague and didn't advance the ball as much as i would have liked. at the same time secretary lynn has been very helpful in putting forward ideas and strategies to help defend the country and so some of his speeches maybe have it and stings a little further than the strategy did. >> host: congressman mac thornberry is a republican from texas chairman of the subcommittee on emerging threats and capabilities and chair of the house republicans task force on cybersecurity.

thank you for being on "the communicators." up next, congressman jim langevin, democrat of rhode island will be talking with him as well. >> now we are continuing our cumbre station on the congressional response to cybersecurity threats now joined by representatives jim langevin, member of the armed services subcommittee on emerging threats and capabilities where he serves as ranking member and he is also co-founder of the house cybersecurity caucus. mr. langevin, with the presidents cybersecurity proposal introduced in may, how do you think the congress can implement that and how would you like to see it improves? >> guest: well it would certainly be the white house proposal has been a long time in coming but i think it moves us in the right direction. i'm hopeful now the congress will take most of the elements of the cybersecurity proposal and hopefully we can implement

it. the challenge would be of course reaching across jurisdictional lines and committees that have responsibility for cyber in trying to move the bill forward, but i'm hopeful that on the senate side there may be a conference of bill that they have been pushing and that they are talking about moving to the senate. senator harry reid has said he wants to make that it priority and again, i want to continue to push the house to also take a comprehensive cybersecurity legislation. >> host: mac thornberry said when he was here that he would not prefer a 2000 page bill. he would prefer it almost in piecemeal. >> guest: yeah. well, i would say let's get something done, whether it is a company bill or a piecemeal. we at least have to address what i think are glaring threats out there. right now, we have serious threats facing our country and both cybercrime and cyberespionage and also threats we see in the areas of critical

infrastructure. those are the things that concern me the most. where the most damage can be done of course is in critical infrastructure and at the very least i would like to see that threat addressed and clothes that will go a long wait way for protecting the country. >> host: jennifer martinez with the politico. >> guest: also in congressman thornberry was here he was talking about the creation of the cybersecurity task force in the house and we talked earlier about how you have been disappointed that it is republican members-only, and you had hoped it had been bipartisan. he was saying the reason behind the creation for the task force was to help reduce the procedural challenges in the house when dealing with different types of legislation and also make sure that the bills are shepherded to the right committees. do you think that is going to help with some of those challenges? >> guest: as we spoke about, i would have liked to of seen as

bipartisan effort. i've been at this for several years now on the issue of cybersecurity and i have always gone to great lengths to make it a bipartisan issue and hence creation of a bipartisan cybersecurity caucus. that being said i have also raised concerns i have with the speaker both directly and through correspondence that it should be a bipartisan effort. that being said, i do want to see the issue, however we get this done and i am not looking to make it a partisan issue. let's look at the task force and will try to work together to try to get something through congress. >> guest: and you are talking about protecting critical infrastructure. so in the white house plan that came out this spring, the obama administration basically gave the department of homeland security a stepped-up rule in managing the federal government cyberdefense.

it also included having dhs work with industry to come up with a framework that would boost their own defenses against cyberattacks. but there has been some concern raised by those in the security community about dhs's ability to perform in this new elevated role. do you think dhs is up for the mission? >> guest: as you know i would prefer to see a strong director in the cybersecurity office of the white house that it is a senate confirmed position and that can better coordinate our cyberdefenses, but also working more closely with the private sector. so, that being said, there are strong elements in the presidents plan that i like and i think is very important that they emphasize information sharing between the government and the private sector. the government has brought disability into the threats but we don't have ability and to what is happening in the private sector and where the isp is.

so if we can prevent barriers that prevent information sharing going both ways i think the private sector will be much better protected. the other thing is, i do like the fact that they are encouraging closer cooperation with trying to protect critical infrastructure in the private sector most of which is owned and operated by the private sector. the electric grid in particular is a real cause of concern because that is where i think most of the damage can be done both in terms of potential loss of life but also could damage our economy. we have identified vulnerabilities in our electric grid and certainly can be exploited by an adversary or an enemy or a terrorist if you would that because that kind of damage. closing that vulnerability is just so important and a high priority of mine for a very long time for. >> guest: you actually testified on protecting the electric grid not that long ago. do you think it is possible to get a bill passed through this

congress on protecting the electric grid? >> guest: yeah. this is where the great authorities in place are going to be important i'm hopeful we can get a bill through. the grid act passed in the last congress and unfortunately didn't get to where we needed it to become law, but that would have given more directive authority for example, which they don't have the authority right now through direct the vulnerabilities be closed when they identify problems in the electric grid. nric is a self-regulating body of the electric grid and a proposed rule changes to ferc. for can either approve or reject those changes that can't direct changes be made. we need to improve that authority and that is what my legislation would have done and would have done that also with the grid act. and, my legislation that i introduce would give port authority to regulate an area of

critical infrastructure. right now they don't have the authority and even the president for puzzle is not strong enough or coding courage is through incentives for the electric grid to close vulnerabilities that we need to i think have stronger authorities to regulate. >> host: congressman langevin do you see a need for one, director of cybersecurity in some capacity so if there is an attack on a u.s. government site or a private site, there is one resource to go to that also has budgetary authority? >> guest: i do think that it and that is the legislation i have introduced. and executive cybersecurity authorities act would basically create a cybersecurity office within the white house that has both policy and budgetary authority and would be a senate confirmed director who would be able to reach across government to really compel compliance with the things that need to be done to protect the network. we are not doing a very good job

right now protecting the.gov network terkel also that person needs to work more collaboratively with the private sector. general alexander is the head of cybercommand and nsa and they do a very good job that can be done at protecting the .mil network on military networks. we don't have that same robust authority and coordination in protecting the.gov network and there is a lot of work to be down there. >> host: where most of these attacks coming from? >> guest: from a variety of sources and it is not only about attacks. i look at it in terms of looking at cyber intrusions, disruptions that are the worst that could happen. most of us are familiar with cyberintrusions and people think of things like going in and hacking into our e-mail or spamming the e-mail list but intrusions can also be much more serious. espionage, criminal activity,

banking system where there are millions and billions of dollars they are siphoning off and stealing every year so it is a real problem in detecting our bank system. espionage, contractors being hacked and critical information being stolen, some of which may be at the classified level or if not classified now will eventually become classified. those are real problems. the area of attack of course, that term is used sometimes to loosely, but the potential exists that a nation-state or a terrorist could for example hack into the electric grid. it is called a attack scada attack which governs safety systems on pumps and valves and could actually cause a generator to blow itself up. that has been proven to idaho national lab's. and those are the things that worry me. what we are seeing mostly right