>> i like that. >> the only thing i would add, sean, the solution is what we are doing. working together, partnering, sharing information, and having a system set up that when you see something that's not quite right, you have a way of communicating that and that information is communicated throughout the system. so that we can adopt and make adjustments real time in necessary. >> the only thing that i would add to that is the more we can know about either individuals or cargo, the better judgments that we can make in terms of what type of physical screening would be appropriate. we recognize given the latest intelligence that terrorists talking about doing surgically inplainted explosives in an individual as a suicide bomber present additional challenges. but that's why i say intelligence is the most important tool that we have

because for intelligence, the yemen cargo plot, we did not know about those. traditional screening did not detect those. that's why it's critical. some the best intelligence comes from industry. >> great. looking ahead, what obstacles and issues would arise as we try to involve the process to deal with the involving risk? how do we stay one step aside of the terrorists? this is an open question for the panel? one would start. >> well, the way we try to stay one step aside. and that is the day to day challenge that i deal with is to make sure that the intelligence is flowing freely. i start off every day with intelligence briefing from around the world as to what's going on, what the terrorists are thinking, what they are contemplated, how they are going about doing it. that being said, because tsa is almost exclusively domestic, we have to make sure the intelligence partners are

informed and also able to take steps that not only detect, but defer the terrorists. so that's the challenges obtaining actual intelligence that's timely, it's credible, and it gives us a bases for doing something. most ann times it's -- most often times it's through industry partners. such as with fedex and ups a the human cargo plot. >> all i would add is from the pilot in command perspective, the sharing of intelligence and the briefs prior to flights are what you need in order to combat and make sure everyone stays vigilant. vigilance is key. who would have thought the under wear bomber?

that should have been a shock and wakeup call. bottom line, multiple events, sharing of information, realtime, updates, routine, and realtime updates will combat, you know, the problem that we have by something not happening every day in order so -- in order for the pilots to remain vigilant. >> thank you. i think public acceptance in the sense that they need to be aware and educated about the threats so there's greater acceptance, both by the government and partners sitting up here to make things happen the right way, i guess more precisely to make sure that things don't happen. >> with regard to the challenges that lay ahead i think that -- >> is the mike working? >> can you hear me now? >> there you go. >> all right.

with regard to the challenges that lie ahead, i think that in the face of pressure to do 100% which we know there is no true 100%. i mean we face it in our everyday lives. the decisions come here, get a cab, walk across the street, whatever. we need to -- so in the face of that pressure, we need to maintain that delicate balance between the appropriate level of security and the efficiency that is inherent and essential to the aviation system. and, you know, back to a comment that captain moak made, you know, the way we get there is through these partnerships. and working together. >> great. >> i think what we'll do, we'll keep on going back and forth just to keep the flow. i apologize. i'm going to double up. >> great. >> the intelligence and leo has

done a good role. they have done a good job of intelligence and law enforcement in the risk-based process. so i'm kind of curious about what you think about this and what additional next steps are needed to improve the collaboration. >> clearly we've come a long way with regard to intelligence sharing and leveraging booths on the ground. there's really a two-way information flow. tsa provides intelligence information to airports and airport law enforcement officers. and that information is utilized to make adjustments to the security baseline at airports. and at the same time, airport law enforcement officers, those boots on the ground, and airports, they collect information about events, situations, and provide it to tsa. and that can be incredibly useful as a situation unfolds.

>> airlines are currently providing classifying briefings on emerging and twisting threats. we think the partnership is good with the government partners. we'd like to see it expanded. so that there's more. i think captain moak said this, more of an operational perspective put in at an earlier time. overall, we think the intelligence sharing is going very well. >> on a realtime event that going on, we want to continue to do the things that we've been doing to this point. we want to enhance that as we go forward. with all of the air crew that is are airborne during an event. planning, going through flight planning with an event is ongoing or post flying. so more constant coordination. >> i would just add two points, first is the whole risk-based security initiative that we are working with our partners design

to focus on those unknowns, recognizing that the more we know the better informed judgments that we can make. as i said, the second point is right now there are probably 20 to 22, 23 heads of security for passenger and cargo carriers at tsa head quarters receiving the classifying briefing. i met with them this morning for a brief time to outline where we are. that gets back to the issue of we can be informed by industry, we can inform them of what the u.s. government is collecting internationally as to the latest trends, tactics, and techniques that terrorists are using. >> great. thank you. public perception is important to know how we get the buy in from the traveling public as the processes change. the next question is going to be more directed towards mr. pistole and the gentleman to my left. the known travel program should

help contain public buy in. what will it provide to the traveling public from the tsa and industry perspectives? >> well, from tsa, it allows us to do more intelligence screening on the front end before somebody gets to the check point. so the idea is that as people voluntarily share information with us and whether that's through global industry, nexus century, those existing travel programs, or through the prototypes, proof of consents, because there's a rich set of data there. if they are willing to share we can again make those informed judgments. that's the first part of it. to allow us to spend time on those that we know nothing more than about other than name, date of birth, and gender under secure flight. that's one the keys. i'll just leave it at that. >> mr. kelly?

>> for the customer, i think it'll be an improved experience to getting through the airport. that'll improve the customer's move. i think that's what they said getting through the security where the greater threats lie. i think over the long haul, it has to be a matter of we have to educate the public. i just read an article in the "washington post" over the weekend, i don't know if you saw in the travel section, complaining about the known traveler, what it would cost you giving up your privacy. the public has to know there are people who travel more, there are people who are willing to quote, give up some of their privacy to get that prearrival at the airport screening that will allow them to be expedited through the process and also thereby allowing the general public who is not willing to do so to get the airport quicker. >> there's really three benefits in my view. the first of which has been touched upon by the panelist.

in terms of security with the additional data they would get under the type of program that allows them to target resources on individuals about which less is known. the second is efficiency. and this will be in terms of, you know, efficient -- efficiency processing. it will make the whole process more efficient. and the third is predictability for participates who would as a benefit receive expedited processing through passenger security check points and with the potential that has been discussed of relieving some of the items that have been identified over the years as hassle factors, shoes, coats, laptops, remove of those items. i think the program has a potential to benefit industry, government, and the traveling public. >> thank you.

the next question is for the whole panel. do you think that the need for more risk-based paradigm in aviation security should include more throw information about travelers so that we know exactly who's boarding the aircraft? >> currently, there's a lot of data that is available about two tsa to the airlines about passengers right now. i mean if you look, there's what's in the passenger name record or the reservation. there's the data that the passengers provide under secure flight. tsa can utilize that information to, you know, do the watch list betting right now. provided that passengers agree to voluntarily provide additional information that opens the door to leveraging additional data that is also available where it's cbp, the automated passenger information system, it's the information that comes in the machine readable zone on the passport,

global entry information that the administrator mentioned earlier, and other data. but i think one the keys to that, and that is the beauty of this program, is that it will be voluntary. >> yes. >> as captain moak would say, i like that. >> it incorporates a blending of technology and human intervention. are from privacy that needs to be addressed with security? >> absolutely. that's why we are doing the risk-based security initiative as a voluntary measure which has been mentioned several times. what i don't want to do is data mine information that the entire u.s. government has on people who are not willing to share the information. that would effect and go to the core of privacy and civil liberty issues that we hold dear

in the country. i want to use all of the available information that people care to share. but that's got to be voluntary. >> well, by definition, pilots are sharing all of that information about themselves. as you can see, the known crew member programs moving forward and it's going to be very effective. so we are more than happy to share. >> i just say, sure, there are privacy considerations. back to the previous comment about these being voluntary programs. those individuals that don't wish to provide additional data don't have to do so. but they do so, they withhold that information with the full recognition they may not receive the benefits of providing the data which would be increased efficiency. >> actually, i would. the -- it is a choice. and it has to be stressed as a choice. it's a choice frankly i made with global entry. it's a choice that i would make on known traveler program, because i want that efficiency

and i want that expedited screening process. what i also don't want is somebody telling me passengers they can't have that because they don't want it. >> great. with approximately 620 million passengers traveling through each year, tremendous assets are devoted for screening, potential threats, and the most effective and efficient manner possible. the question is the shift to a risk-based security system, will it truly enhance the secure process as well as as the customer experience for travelers, and what are the cost implications of this change? >> sure. absolutely. i think there's potential for some up front costs to support the networking of data bases and whatnot. but when you look at the ability of what will be provided through that networking to provide additional data on a voluntary basis to tsa to assist in the

risk assessment that really allows the focusing of resources and screening technologies on those that we know the least about. and in the long run, that's going to serve to reduce costs, because you may not need to have the whole suite of technologies available at every single screening lane. you can have certain lanes that are decaded for those about which the least is known. >> i couldn't have said it better myself. >> again, the whole goal of this is to provide the most effective security in the most efficient way. any efficiencies we can achieve through the process, such as spending less time physically screening pilots who are in the most trusted position, that allows us to achieve some efficiencies at the check point. that's exactly what we are trying to do here. >> and sean, the only thing that i'd like to add is it's pretty remarkable when you look at the

numbers, 628 million passengers going through these check points. it's an incredible job to tsa that's done every day. they don't get a lot of thank yous and credit. i guess there's a lot of late night comedy are you teens on that. i got to tell you the pilots, we thank them for the great job they do every day. if you look at the trend, the trend is to more people flying. especially over the next several years. the shift to risk base is the way to go. >> thank you. as reminder, if you have any questions that you'd like to present the panel, what i'd ask you to do is write them down on one of the pieces of paper in front of you. you can pass them towards the middle. if you hold them up, one the staff members will grab them from you. allow the lines, let me proceed this by saying that i hope you are enjoying the forum. i was able to go out and chat with folks that build the lacer

proof glasses. i'm told they are good for green lasers, as well as tough questions. i'd be happy to pass them to the panelist. with that, i'm going to get to the first audience question. what role can airport and airline employees play in being the eyes and ears of security? and is training for the purpose needed? >> it's obvious that clearly part of the see something, say somethings comes home to the airport employees, venders, and those who are on the premise. and we've talked about doing training that goes beyond what they would normally have from their employees to give them a baseline, but simply greater awareness of what maybe suspicious activity. obviously, there's a cost of doing that. does the government, taxpayers pay that? fee-based issue? is that something that the employees pay. there's a number of issues there. clearly anybody who can be a

force for aviation security is welcome. >> thanks. every employee plays a role in security. what we've seen as -- has been identified from some of our members as a real innovative security enhancement. it's that some airports have provided security awareness training to all employees. including janitors. that results in a feed of information that goes to the airport. obviously some of that information is pertinent can be provided on to tsa, that, you know, helps guide the application of resources. >> every employee plays a role. >> great. >> next question. should the governments increased emphasis on risk assessment as pertains to

passengers reduce the plans to acquire greater quantities of the advanced screening equipment to the panel? >> i would in a sense defer to the administrator, but one would hope that the greater allocation of resources to real threats over time would allow them to make the evaluation that they don't need some of the machineries, i think, as chris said earlier, as every check point. you don't need the full array of equipment at every different check point. >> we are obviously watching this closely to see how the risk-based security initiative rolls out and how many people are impacted and the demands that are placed on our technology. so i see security as the -- both the human enabled but the technology enabled part of it also. and ait, advanced industry of technology, gives us the opportunity to detect the

nonmetallic devices. we have to be careful recognizing there's no guarantees that anybody, even in a trusted status could be somebody who could do something bad. i've worked with fbi agent that is turned out to be soviet and russian supplies. we are aware of major hassan in the military. that does bad things that have been documented as allegations, anyway, at this point. the key being though that we have technology that we can use to enhance the screen experience for security purposes for those that we don't know. so the total roll out, for example, of the ait does not cover all 2200 check points that we have at the 450 airports around the country. that's not the design. it is to be deployed in a risk-based desay know --

risk-base the scenario. >> i have one point. what i would say is, you know, nick is right. it's absolutely the administrator's call on this one. my comment would be that we need to continue the r&d process to ensure that we do have cutting edge technologies available. at the same time, i would encourage our government to work with other governments around the world with the shared challenge towards the development of mutually recognized standards for the development of screening technologies. the manufactures are open to this. it will result in lower cost and more highly effective units. and then back to the question, the risk-based security process, the results from that will help guide the application and

investment in security screening technologies. >> thank you. >> another audience question. how can a risk-based security program be used to protect all areas of the airport, and not just passenger screening? >> well, i'll be glad to take that. obviously, tsa has a shared responsibility, particularly with airport police, law enforcement agencies, at least the ones of the larger airports, and then along with the airline security personnel, airport security, so it is a shared responsibility. that being said, we're very much aware of what happened in glasco, or what happened in moscow in the checked bag area. there are vulnerabilities that terrorists will always try to exploit. the question is, again, getting back to the most effective tool being intelligence. hopefully there's a trip wire in place, some place across the

u.s. law enforcement or intelligence or security community that would identify this person or persons, especially if it's an active shooting scenario such as we saw going on three years ago now. we would have intelligence about that before it happened. if it does, it becomes really a question of what are the airports emergency preparedness plans, what have they done to train and rehearse scenarios such as active shooter or something else like that. that really becomes part of the training opportunities that airports along with tsa and airport of police have. >> you know, we spent a lot of time talking about passengers screening, passenger security. but, you know, at u.s. airports we have cargo operations also. and the cbp after 9/11, the

amount of cargo coming in in the u.s. through nonaviation modes of transportation, you know, really forced upon them a risk-based security model right out of the get go. with our cargo carriers we were shocked back into reality in october 2010 with the cartridge, ink cartridge bombs. recently still not known, we've had a couple of cargo accidents, one in dubai, one of the most of korea still not knowing the cause of those accidents. but, you know, taking a good hard look at everything that could have happened. so the bottom line is risk-based models and cargo security is key. we need to be focusing on what's going on in the cargo end of the equation at airports as much as the passenger end. >> in doing so, and we're making good progress on this, i think, you need to move the risk

assessment further and the information gathered as far up the supply chain. you get the information earlier and better information at the same time. >> so there's also a need to as the administrator said rely on the partnerships and leverage the intelligence information that you can glean from those partnerships. also i want to mention that airports do exercises to test and evaluate and learn from various scenarios, some of which has been mentioned today. these are done in coordination with the airlines, tsa, local fbi, and local law enforcement as well. and then the lessons learned are built back in or applies to their security programs to make further enhancements. and then airports have also done a number of things that are separate and apart from

regulation to enhance security. and this is in terms of the implementation of different processes, procedures, and technologies to enhance security. and one of the -- one the efficiencies that those have served to benefit is for passengers being able to get through airports more expeditiously. >> thank you. >> this next audience question is directed to mr. pistole. what reaction is he getting there? >> there has been a great deal of interest. one the things we are doing is working on ikao to work on the cargo property. there's been a series of worldwide conferences to ensure that the baseline that all countries and their civil

aviation security regimen have, meet the standards. there is again a great interest from the stand point of how does this impact what they do for passengers coming to the u.s. we are limiting this initially just to domestic flights because of the impact on international standards and protocols. so we want to make sure we get it right here in the u.s., assuming that's -- that does work then we will look at expanding either bilaterally, or multilaterally. for example, the eu in terms of reciprocity. a lot of interest there looking to us to see how that -- how it's going to work here. >> great. thank you. >> question for the panel also familiar. i know it's probably premature since we just stood up. how well are the airports embracing the known crew member

program? in terms of initial set up and cooperation and collaboration towards getting the programs started? >> the airports have worked in close collaboration and coordination with alpa,tsa, and with the airlines to facilitate the roll out of the known crew member program. and, you know, it's something that airports have identified as a security enhancement and at the same time, an efficiency. so those partnerships have really streamlined the role out of the program. >> the airlines would say there's been very good cooperation. obviously, each airport or different airports may prevent unique challenges to set up. we've been working through that with tsa, alpa, and with the airports. >> i've been getting nothing but good reports from airports, from

pilots, utilizing the services from tsa. tsa who's providing all of the labor and screening. nothing but good. >> same. very positive. >> okay. for the next question, i may have to pass the glasses around. we'll see. voluntary or not, what safeguards are being used to reduce background data from passengers will not be able to exploited? here it says the same question pertained to the known crew member. the question is about safeguarding the personal information. >> i can address at least one part of that. from tsa's perspective, we are hot interested in actually obtaining the information into a government database. we are interested in working with also both alpa in their case, but looking at ata, but for the -- for example, the

frequent fliers or trusted travelers. we're not interested in pulling all of the information into tsa. we're interested in pinging against it to make a judgment that if this person is part of this program at least in the initial iteration, we can make a determination. either they are in or out. so embedded on the bar code is the fact that that person is a known or trusted traveler. :

>> each to the data bases that known crew members are accessing in their security. >> next question, also an audience question. actually, i'm going to change that up and go to the ones i had ahead of time. a partnership between the fbi and the private sector, and association of business, academia institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the u.s. aviation structure. to the panel, now that you've given feedback, can you give an assessment of how well the current system of sharing information and intelligence is actually working? >> well, i can start. with my fbi background, it started in 1995 in the cleveland office of the fbi in terms of the public-private partnership

where companies, not just aviation sector, but across the board could share information in a trusted client type of setting online where if, for example, there had been a cyberattack on xyz company, they could share what the method of attack was, if there's attribution where the attack came from, and things like that without identifying who xyz company is so others could learn from that and take precautionary steps, so that's the model that this question is referring to they worked very well at least from my perspective, and the feedback, i think there are many models like that in public-private realm, and the question becomes from a tsa perspective, is there information that can be used by us collaboratively that helps inform our decisions as to the

best possible security provided most first timely, so that's why we've come back to. >> uh-huh. chris? >> sharing of information has improved significantly over the years, and tsa sponsors, as nick mentioned, industry representatives to get approve for secret clearances, and then tsa provides classified briefings to those individuals. one of the new initiatives is called field intelligence officers, and these officers are regional and local in nature and can provide that connectivity with airports and airlines to increase the efficiency of the flow of information in both directions which is a significant enhancement. >> thank you. next audience question.

9/11 caused a total shut down of the u.s. aviation system. the question is how much progress has been made in developing a prioritized plan to control our air space if we witness significant attacks, and a follow on on this question is -- are the agencies partnering with other agencies within the government for a harmonizedded solution? let's start off with you again, chris. >> you know, there have been a number of exercises that have been conducted at senior levels within the government. some that have involved industry representatives to address this very topic, and i think that there's been a lot of progress made and, you know, depending on the scenario, that is going to really drive whether to localize, shut down, or, you know, a broader shut down.

>> i think it's pretty well known that there has been very good progress made by all parties, and also i think there's a lot of things that are going on that are non-public and have to remain non-public. depending on what the threat is. >> uh-huh. >> i would just add there's significant progress in development since 9/11. i think the 9/11 commission referred to the act of being a failure of the imagination of the u.s. government to participate that. clearly, given lessons learned from that, there's been huge investment made in the resiliency issue, frankly which goes to why the department of homeland security was created to do everything possible with partners throughout the law enforcement intelligence community and private sector to prevent another terrorist attack, but in the event something bad happens to ensure

the resiliency of industry, the american people, the livelihood, the survival of people who have been affected by that attack or by that national disaster. tsa's reason for existence is to make sure another attack doesn't happen. in the event something does happen, we have a very robust plan for -- through the inner agency to address that resiliency issue. >> next question. it's a two-part question again from the audience. joan or jane doe walk into a cor go shipping office, pay the shipping cost, and shortly after, their package is airborne. how can a flight crew be assured there's no explosive on board the aircraft, and is there a move for a trusted shipper

program to act in the same manner as a trusted crew member program? >> i'll take the first part of that. so what percent of the high risk cargo, and we don't define that publicly for obvious reasons so we don't provide a road map to terrorists, but the high risk cargo from foreign destinations is screened. now, there's various methods of screening as we know, but that's the starting point. the whole focus of a known shipper known shipment program and gnarl cargo security programs that we are working with other countries to recognize are key steps in implementing that along with the advanced cargo information that cbp, under the national targeting center utilized, so there's a number of avenues. the reassurance that the pilot and the flight crew, anybody on

that flight, has is that there are robust procedures in place now, but recognizes just as we saw with the yemen cargo plot, facing a determined enemy who always looks for seems to get in between, and just because it's a cargo bomb, let's say, i would not participate it coming out of yemen next time, but try to get it to a low-risk area that would be seen as a greater opportunity to invice president-elect in the global supply chain. >> the only thing i would add is, you know, we focused a lot on the risk mitt -- risk threat mitigation and the tsa through its coordination with our air carriers, and its coordination with -- and training for pilots, that

coordination comes into play because our operations are around the globe, not only do passenger flights originate in the u.s., they -- a lot of the flights are originating overseas where the air carrier has a -- the country has a responsibility for security, but the air carrier has an increased responsibility for security, and in some places, the pilot's responsibility is increased, and that's why it's key that we're coordinating, intelligence is being gathered, it's being communicated, and we have training programs, and we ensure that there's vigilant crews and company personnel on the ground in those locations. >> great. >> i think this is part and partial to everything we've been talking about today. increased use of intelligence, data, data sharing, partnerships to try to figure out a problem,

how to solve the problem to the best degree possible, and that's been a lot of work that's gone on between tsa, dhs, the industry pilot, all parties involved on the cargo issue. >> earlier this year, the department of homeland security constituted working groups and charged both government and industry representatives with looking at different aspects of the cargo system with a specific task to identify recommendations in these various areas. those recommendations came back and not surprisingly one was for and in support of the development of a trusted shipper program. currently tsa, customs, border protections, the department, and industry are working together to really flush that out, and there's some targeting initiatives that are underway and in support of that right now. >> thank you. >> i'll tell you what.

i'll do one more question before i thank the panel, and the question is also from the audience, and what is being asked is perhaps we could get an update on the status of the secure flight system as well as any other risk based initiatives out there we have not specifically addressed in this panel. >> so secure flight is obviously up and running since last fall when we became fully operational so all individuals flying either in or through the u.s. and even working on overflight issues are vetted through secure flights so we know name, data, birth, and jenlder, if they are a no-fly, selectee, and every morning we start with intelligence briefing with a look ahead of all those passengers who are either wanting to fly or scheduled to fly if they are selectees so we can make decisions. for example, if there's two selectees on a flight without

federal marshall caff of cove rouge -- coverage on, we can adjust that. that's an example. we found even though it was working somewhat prior to tsa taking over, we did see an increase in the number of no-flies identified particularly from certain airlines that were not identifying many people for whatever reason, and so it just gets back to the whole intelligence cycle where we are able then to take this information, and for example notify my former colleagues, the colleagues at the fbi that, oh, by theway, there's individuals traveling, that you, the fbi may have under investigation but don't know they are traveling, so we've had several examples of where we shared that information to inform their ongoing investigation, part of that intelligence cycle. secure flight is significant

advance in termsagement and technology -- >> in terms of acknowledgement and technology. >> i'm going to wrap things up with parting comments from myself. regardless if you're a pilot, crew member, mechanic, consumer walking through the airports, at one point or another, we're all passengers coming into airports, leaving airports, and so this stuff is just incredibly important for us to discuss, and i think it's been an incredible privilege, and i hope you would agree that we have the leadership here, the agents of change, the folks who really are at the tip of the speer sharing insights, answering your questions, and it's been a real privilege to stand with this group up here, and i hope you would agree with me, so on behalf of the airline pilots association, i would like to express my sincere thanks for your part in this panel today, and i hope you enjoy the rest of the event. thank you. [applause]

[inaudible conversations] [inaudible conversations]

>> in a city that averages >> next, former and current representatives from the homeland security department talk about what homeland security looked like before 9/11. they discuss what changes were made after the terrorist attacks, and what the role of the public is in national

security. held by the u.s. chamber of commerce, this is an hour. >> okay. now we're going to get into the meat of our discussion, our panel. as you can see, we have quite a big pam here, and the intent is to really have a dialogue with the audience. two ways to do that. i'll ask a series of questions to prompt discussion, but feel free to ask questions. there's also index cards and pads of paper on your table, and if you prefer to do that, just hand it to matthew -- raise your hand -- or will, who is around here too, and they'll bring the questions up to me as well. two ways to do it. you have the bios, but i'll introduce the panelists briefly if i may. first of all, commissioner ralph basham. he's one the most distinguished and diverse backgrounds in law enforcement and homeland security. over the course of his 38 year career in federal law enforcement he servedded in leadership positions at four of

the eight operational components in what is now the u.s. department of homeland security, most recently, he served as the commissioner of customs and border protection at dhs which is also the nation's largest law enforcement agency, and the largest operational component of the dhs with overall responsibility for border security of the united states. next up we'll have james caverly, in the office of infrastructure protection at the department of homeland security and helps develop and sustain strategic relationships and information sharing systems with the owners and operators of critical infrastructure in our country. jim joined dhs at its inception. prior to that, 25 years at the department of energy. and then we'll have al martinez-fonts. he is new here at the chamber as a senior vice president, and the executive vice president of the u.s. forum for policy innovation and in this role he serves as

executive vice president and oversees the chamber's three non-profit foundations. before that, as you know, he served at the first assistant secretary for the private sector at the department of homeland security and was charged with a direct line of communication into the department and served with secretaries ridge and napolitano. he worked at jp morgan chaise and others. welcome, al. next is greg garcia, the partnership identity management for bank of america. from 2006 to 2008 serving as the first presidentially appointed assistant secretary for cybersecurity in communications at dhs. he led that department that teggic direction in overawe the national cybersecurity division, office of emergency communication, as well as the national communication system.

then we'll have major general lowenberg and serves as the homeland security adviser to the governor the washington state and has done so since 9/11. he's the longest serving homeland security adviser in the country. he serves as the chair at the general's association, chairs the national governors association homeland security's advisory counsel and shares the governors domestic subcabinet in washington state. then we'll hear from randy mullet, the vice president for government relations and public affairs at conway inc, a 3.4 billion freight lo gist ticks company headquartered in california. as a representative in dc, he's responsible for all government relations and public affairs for conway and subsidiaries. randy is a well-respected voice within the homeland security community, freight

transportation, and supply chain management as well. and then we'll hear from lora. she joined the strategy in 2010, and she leveraged the expertise and thought leadership in the visa, border, and immigration arena to advance next generation infrastructure bringing integrity to reforming visa, border, and immigration reform. from 2003-2006, she worked at the department of homeland security as a policy director in the border and transportation director, and then deputy directer for mission operations in the u.s. visit program. last, but not least rounding us out is dan stoneking. he is the directer at the private office of fema and listens to the private sector to collaborate effectively in preparedness, recovery, response, and prior to that he

worked in the washington, d.c. public relations firm, a soldier in the army, and also a high school english teacher. welcome, dan. like i said, we'll have a series of opening questions. we'll let you ask questions as well, and then we'll take a break. the first part of the conversation really is how did we get to where we are? how did we start and sort of the evolution of homeland security over the decade, and then we'll take a quick break, refuel with caffeine, and come back and talk about where we are going in the next decade, where do -- what are some of the programs that still need to be worked on and that kind of thing. let me start off with general lowenberg. you are currently the longest security director in the country. where were you on 9/11? were you focused on tornado terrorism at the time or thinking of threats like that in >> i think it's helpful to

acknowledge that a lot of people were involved preparing for the looming threat. those paying attention including the thoughtful work of the gillmoore commission and others were aware that the terrorist threat was growing around the world for two decades before attacked on 9/11. in the state of wash, we formed with the governor's leadership, a committee on terrorism including our association of washington business which is the umbrella organization in our state for the chambers of commerce, and we met every other month beginning in april 2000, and therefore had a running head start when we were attacked on 911. i was with joe, the head of fema on 9/11, and for a time it looked like i was going to give my aircraft to him so he could get back to washington, d.c.ment like everybody else in the room,

i remember where i was and what i was doing on that occasion, but that gave us the opportunity to immediately implement everything we had been preparing and examining for quite some time without the federal government. we knew the threat was very reel, and i had a privilege of working with anne at the national governor's association, and late october of 2001 very shortly after the attacks, the white house asked the states to report up what we saw as the greatest vulnerabilities and the greatest priorities for national attention. the national governor's association hosted a meeting in february of 2002, so just a few months after, and i was privileged with ann to facilitate conversation among the states and territories to address the same question, what were the greatest gaps and vulnerabilities. i think they might be a term of reference.

we say inoperateble communications was one of the top three. information sharing and intelligence fusion was the second, and medical surge capacity or more literally the lack of a gnarl medical surge capacity that dramatically effects our private economy which is for-profit and non-for-profit hospitals. we focused on those areas as a nation in many, many different ways in the years since. >> thank you. commissioner, since the days of your career, federal service played a big part. you led the training, the nation's law enforcement officers at the time of 9/11. what did you make of that day? what was it like for you and what did you think was going to happen in >> like everyone, it was a huge shock that this had happened, and then as the realization, you know, set in,

that we can no longer view ourselves just because we have two vast oceans on both sides and relatively friendly neighbors who are north and to our south, that was no longer going to be sufficient to protect us from catastrophic event like that, and i think you recognize you had to create a system where our borders were the last line of defense, and not the first line of defense, and i was in georgia, running the federal law enforcement training center living on an alooped, not a -- an island, not a bad gig, but i was asked to come back to washington to start up the administration, and my friend was one of the six people we together started it up, but i

realized very quickly, and i think pat would agree with me that we needed to reach out to the private sector, and quite frankly, we didn't do a very good job. we didn't engage the people that truly understood the aviation industry, how it worked, and i believe we had some missteps in the beginning. we could have done a lot better job of creating those partnerships early on to build a system that was going to be efficient and effective and has been said here today, not only secure this country, but at the same time, facilitate legitimate trade and travel because otherwise the terrorists, they win. we shut this nation down, our economy goes into the tank, they don't have to strike buildings. they don't have to blow up subways. if they destroy our economy in that fashion, than at the end of

the day, they have won. >> exactly. randy, can you talk about conway's response to 9/11 and how your relationship with the department of homeland security evolved over the past decade? >> sure. well, first off, 9/11 was a huge shock to us as it was to everybody else. it was to me, personally. my daughter had started her first day of work in one of the high-rises over in roslin, and her office looked at the pentagon. me, as a father of a young woman, sat at work watching that all transpire and see what was going on in washington. for all of us, it was something that happened that was very, very important. at that time, i was working in operations for copway, helping to run their trucking company. homeland security was the farthest thing from my thought. i was never involved in government, still have not been involved with government. within several months after the

9/11 event, our corporate risk committee decided that we had a new corporate risk. it was not necessarily terrorism. it was the reaction of government to terrorism. what that might do to our business model and to our international supply chain and our customers. at the time we owned a cargo airline, so i was sent to washington to kind of brimming the gap between what really happens in the private sector, much as the commissioner just talked about, and how can government interface with that. remember that particularly as an air carrier or a trucking company, it's a heavily regulated industry that most of our contacts with government were from enforcement people or regulatory people. we were not big time into information sharing and those sorts of things.

our corporate security was also set up even though intergnarl and very sophisticated people, many ex-federal law enforcement. they were kind of in the basement, people interested in securing facilities and cargo and those kind of things. they were not geared to all hazards. this is a dissertation topic, but i just want you to know that security inside u.s. corporations, particularly those involved in home lant security from an international supply chain point of view have come out of the basement and sitting now at the board room level. i will also tell you that we're finding very, very many ways at lots of different levels of government to interface with government and share information. it's just taken a long, long time to build that trust and so forth. remember, in the private sector, we're about managing risk and

making risk and reward decisions. homeland security is concerned with the government. most of it is an absolute. it can't happen on my watch, and those two different views of risk and reward are going to create natural tension. it's not that that is a bad thing. it's just a thing, but it's something to be aware of and manage. >> following up on that, al, so you were the first assistant secretary for the private sector office. the government didn't really have private sector liaisons prior to that. what were the early days like for you coming from the private sector to government and tell stories of what you experienced back then. >> it's interesting, and to try to put things into per perspective like randy did, and i'm still taking notes on what people say about homeland security and that risk-reward is really in effect what is so important, so as a banker for 30 years, i had nothing to do with security other than making sure the money in the vault wasn't robbed and, you know, white

collar crime. by the way, i was a banker, a lender, i was not even in the securities side of banking. i was a lender, a manager. you know, all that kind of stuff. when i interviewed with secretary ridge over at the white house, he said, well, you've worked, you know, with the government because you're in a regulated industry. i said, sir, with all do respect, i didn't like it very much. when the government, most the time they came in, they came in to ask me to do something i didn't want to do. fast forward to i actually joined homeland security, get this job, and start talking to people in the government, and i said i'm the guy representing the private sector, i'm one of you, but the advocate for the private sector, and the reaction from the career employees in particular were, you know, we don't like the private sector. i'm going like why would you not like them? they said, you know, they are always just trying to sell us something. so one of the toughest things

early on was that almost psychological factor of thinking of the private sector as viewing the government as interfering in our business, and then going into government and having them view the private sector as just somebody trying to sell something and recognizing that by the way, again coming out of the banking industry, i was invited back up to my old jp morgan chase, and at breakfast, i would go around the room and it's bank of america, wachovia and i said what's going on? when it's security, there's no competition. we are working to the. trying to get that message across, the private sector is willing to do more than sell you stuff and get the message to the private sector they are not here to restrict what you're doing. how do we work together? you know, that really was one of the toughest hurdles. >> greg, you too served in both the government and the private sector, and can you talk about

the early days in cybersecurity and how is that partnership evolved to where we are today? >> okay. great question. you know, like the old country song goes, i was cyber before cyber was cool. really the cyber landscape really started to evolve before 9/11. it was really in 2000 when several major household name websites were slowed to a crawl by so-called denial of service attack, and it brought home the notion that our increasingly online way of life is being threatened by adversaries and malicious actors, and then when 9/11 hit, i think that brought into stark relief the recognition, the anticipation that not only are we vulnerable to cyberthreats and attacks, but

bleepedded with physical a-- blended with physical attacks. there was mobilization around the notion that all our interdependencies across sectors and the government could produce situations where we have a bleepedded attack with physical and cyber were to occur, and we had to prepare ourselves for that m i think as dhs began to stand up and began to mature through presidential directive and homeland security activities, there was the stand up of the gnarl infrastructure protection plan that recognized so much of the infrastructure, cyber, i.t., communications, so many others, so much of that is owned and operated by the private sector, and incumbent with the government to protect those assets and those capabilities and those services that make up our way of life ring that support our economy, our public safety, our homeland

and national security, so i think over the years, and we can talk more in subsequent questions and after the break about how these partnerships have worked, but from my perspective as one who has been in the information technology sector and now the financial services and with the congress, i think these -- this partnership has evolved, is maturing, remain challenges, but without this apparatus put into place i think would be much worse off than we are now, and i think we are improving, and i think it's -- i think we have reason for optimism so we can go into more detail of that later. >> thanks, greg. that's a nice segue to jim. greg mentioned the infrastructure plan. can you talk about that and the designating all of the different critical infrastructure sectors and why that was important?

>> yeah. there's a bunch of things that came together. there was a president's commission in 96-97 principally around cyber identifying sectors that were critical. another seminal point was the work for y2k because that was a place in which both the private sector and the government realized a common interest. you come out the other side of 9/11, and there was rejecting critical -- protecting critical infrastructure is a responsibility. there are things the owners and officers have to do in their space, and if you don't merry them together, you are not as effective as you need to be. you come out of that, president says to develop a national critical infrastructure protection plan. we had already started to work on the partnership. we created a structure that came from the private sector, they recommended the structure we use for dealing with the 17 sectors now, 18 sectors we dealt with, and then we put together a

critical infrastructure protection plan, and we realized it was not something that we'd ever done before, a document that has to be developed jointly with government and the private sector. you put documents out sharing with our poort nears, learning to share, and it was not a flawless or seamless as we want, but here we are, a major government document circulating outside. traditionally we never let that outside the government until it's cleared at the highest levels, but it was out there. there were subsets, sectors specific plans that had to be developed with the partners. the architecture came together, and we were fortunate, i think, because it was easy to recognize it was not just a government responsibility and not just a private sector responsibility, but what happened from that with protection, you come into katrina, and we realized we had joint interest in responding, in recovery, and that our critical infrastructure playeded a key role in responding too. in a change really from what the federal role before which really looked at how we simply protected the public, and we saw

we couldn't protect the public if the private sector didn't come back. you move forward out of the a protection frame work to all hazards framework, and we have a resilience framework because it is a partnership. we have a public interest out there, and obviously the private sector has an interest, and they cojoin. we are learning to deal with something that's been under current here which is the tension between the regulatory environment carrying out certain things given by law and public policy with that shared private responsibility that we share also with just the general benefit of the country. >> thanks. speaking of tension, we, you know, a lot of this state emergency managers at the time then became homeland security advisers as well and they were dual hatted. there was a tension whether, you know, counter terrorism is a fema mission or a momentland security mission. dan, can you talk -- i know you were not there at the time, but you heard a lot of stories i'm sur, how does that go down, fema

moving into homeland security, wearing the counterterrorism hat as well. >> i was ready to say where i was on 911. >> go ahead. [laughter] >> i think long before 911, through 911 and even today, there are turfs and battles for who's in charge. i think that's really the problem. i think that what we need to focus on and what i hope we learned from 911 is how to connect the dots, and not worry about who's in charge as much. general lowenberg can speak to that a lot with the roles of the guard and active duty army, but broader than that, in the government, and more broader than that still, we need to do it with the public-private relationship. if you don't mind, i will say where i was on 9/11. i was in the pentagon, and my experience this having been in the pentagon and while the building is on fire, smoking,

you continue to work worrying if another plane is going to come in, the rare bright spot for me was to exit the building because the only place to get food was a mcdonalds tent in the parking lot where it was all for free. they didn't care if you ordered one or twenty burgers. you asked for 20, you got 20 and you went into the building back to work. i didn't fully appreciate it then, but i see in hindsight, that was the real value. at the time as a citizen soldier, so i knew what it was like to be a citizen and a soldier, and i knew that both of those audiences didn't get the other, and it was the first inkling for me that the plek-private relationship is the same way. we are empowered by folks who have a long experience on both sides because that's the only way that we can appreciate the relationship, and my last comment, this is an interesting gathering here today because you can pick any one out here to be

up here. you know, bob connors and phil and rich cooper and bob dicks. you know issue everyone out here has had a long experience of understanding the relationships without being territorial on both sides whether it's from 9/11 or before or sense. >> that's a good point. we'll get into that more after the break about how the public-private partnerships evolved. lora, talk about immigration. that was your area. some of the immigration programs that came following 9/11. was it just because of 9/11? what's your perspective on that? >> a lot of changes that came about were tied to the facts surrounding the hijackers, and some of them actually stem back from the first world trade center bombing in 1993. for example, the idea of having an entry exit system was in a 96 bill in response to the 93 bombing. same thing around student visas because one of the 1993

terrorists had gotten a student visa and then never bothered to report to the school. the ins started a program called sprus in response to student tracking and shelled that, and then after 9/11, we were given the student exchange visitor information system. some other programs and changes that came about were, for example, the 19 hijackers were from four drinks, 15 of them from saudi arabia, and on the one year anniversary of 9/11, the justice department began what was the national security entry exit registration system because entry exit was called for in congress in 96, but had not been implemented, and so after 9/11, president bush said, okay, we're going to go ahead and implement this, and so it began. some other changes that came about were with respect to the

state department. there was a lot of controversy about what to do with visa authority following 9/11 and so there was ended up being a compromise to giving visa authority to dhs, but state department maintained the authority to issue the visas, but for awhile there, there was real consideration of giving all of it over to dhs, in part because several of the hijackers from saudi arabia had visas from a program in saudi arabia called visa express, a third party used to obtain visas without interviews and person interviews with the state department. the visa express program was ended, and also dhs personnel had to review every single visa application in saudi arabia which then began the visa

security system. several security changes. most of them in reaction to 9/11. there was one exception that i've actually forgotten about, but looking at the 9/11 report, it refreshed my memory. the transit without visa program. that was suspended in august of 2003, and it was not in reaction to 9/11, but there was insteel gatt r -- intell gathered that terrorists were looking to exploit this program. it was if you fly from country a to country c, you adopt need a u.s. visa to change over in a u.s. airport. that could be exploited because you just get on to the second plane or do something to the plane coming into the u.s.. that program was suspended, and it has not been reinstated. >> there's a very important document found dation for what we did in the immediate response of 911, and it would be helpful to be reminded of it. presidential direction 63 prom

mull gaited had three important pillars. first is private sector makes everything government does possible. a vibrant resilient private sector makes all government responsibilities possible. the second pillar is including military strength. second pillar is our military prowess around the world makes it necessary for a vibrant economy especially in a global system of the supply, and third is that both the private sector and government are dependent on cyberdomain. as we all recognize, and the greatest strength and our greatest poral vulnerability, and i've drawn upon that

repeatedly, and i talk about that in strategic planning because it brings us back to the roots of what makes everything possible which is the private sector, that all important partnership. >> thank you. well, let's open it up to the audience and see if there's any questions. wait for the mic and identify yourself. >> i have two questions about importance of information sharing, you know, from the private sector to government, but lots of times when you talk to business people, the client is the information sharing is one way. you know nowadays, you know, if you see something suspicious, you report it, but also, you know, especially in international, there's a lot of reporting of cargo movement and shipmentings and all of that regular data to the government, but not as much -- i'd like to

see people comment about what kind of information government could give to, you know, some kind of filtered intelligence or whatever that would help the private sector react, and then in a related question, governor ridge talked about, you know, more information sharing within the government, less of that siloed approach, but i'm wondering how the wikileaks issue lately may have chilled any kind of intergovernment sharing of information and what kind of impact it may have on homeland security. >> al, did you want to take the first part? >> i was going to say i'm not going to wikileaks as this point. [laughter] again, as a banker and my last assignment as chairman of the bank in eel el paso, texas, a place where money, people, and now guns and drugs and all kinds of things go back and forth, one of the three letter agencies from the government came to us on a regular basis and said

ralph basham opened a account, keep an eye on it, and we provide information and at some point the client asked for money or something, and we went back to the agency, and they said raffle who? we don't know what you're talking about. i'm exaggerating a little, but that was really kind of the reaction. it was very much of a one way, you know, conversation. i think or i believe we tried certainly, and i'm i'm going to say during my tenure at homeland security, and i have folks here whether it's james caverly or dan stoneking, folks that are still doing it, and, you know, facilitated often through the chamber, the ability to, you know, how do you get people clearances, including secret clearances so they are let in on more important and critical information? how do you do the information sharing and analysis centers that the infrastructure protection group, the whole sector coordinating counsels?

how do you get that information out there? at the same time, i think a factor we had to keep in mind, and i went around with secretary levitt of hhs talking pandemic. he had a great line. he said, whatever i'm telling you now is going to sound like i'm trying to scare you. if this things happens, you're going to say i wish you warned us more. the government is constantly walking this fine line when they are sharing information between frightening people and not giving them enough, and so, again, it's just a very, very difficult situation that we face. >> yeah, i think there's a couple of things there. there's obviously an education that has to go to the people and government has information about what kind of information is useful to you. i mean, we hear a cry for actionable information. that is a term depending on where you sit. part of it is internally we have to get better of understanding what is useful to you and how to

get it to you in a functional way. the other side of the coin is we have things in government that are great interest and we spend hours dissecting it. you say stop piling that junk on top of us. it has to be learned and shared. it's a growth process, and i also suggest part of it is a generational process. the governor said we have a low mentality of i hold the information, therefore i'm powerful. look at modern communications and modern social media, the value is in how you share that information. we have yet to internalize completely in the government drs there's people who get it, but systemically it's going to grow and take time. the other problem the government has if the media gets it wrong, they stop saying it, but if we get it wrong, we have to fix it. that's a question on us of what we put out and how we say it. it doesn't give us the agility we'd like to see again because of those constraints.

>> having sat over an agency that does, in fact, request and require tremendous amount of information from the private seg tore and in particular maritime shipping industry, and of which i think has be a tremendous success since the 2002 trade agent which was require -- act which was requiring additional information on shipping, but i think a big problem that we have is some of the -- some folks think that we have information we're not sharing, but i can assure you many times we don't have that information either, and nor can we confirm that the information is accurate, and so you do want to put out accurate actionable information, but there is a line where we can't cross when it comes to intelligence, protecting sources and those sorts of things, and i agree

with you on what is it that you believed you need in order to be more effective and more first time and more helpful in this effort of protecting the homeland? i don't believe, you know, i know it's owners on the industry, and i recognize that, and we spent many days talking about this issue in the past, but it is a huge challenge for the government to share certain information that we are restricted from. we can't share that information, so our hands are tied as well, but i do believe that after 9/11 particularly in the law enforcement and the intelligence community there has been a greater effort to try to break down those barriers of sharing information. we have the same problems with state and local law enforcement,

not just the private sector, but sharing information with state and local law enforcement, so these are issues that are going to have to be overcome if we're going to succeed going into the future. >> did you want to -- >> the one thing i wanted folks to hear in response to that question is it has improved a lot. a lot of that has to do with trust, a lot of it has to do with agencies that are working better together so we don't have to go to 30 different places to get information of the we trust it coming from one. they are sharing better internally. there are becoming trusted partners that are actually alawed to help design some of the information sharing methodologies, and expectations, and as the public sector and the private sector are able to look bhien the curtain a little of what each other are doing and get exposure, i look back six or eight years ago and what we had to do to get information, and i

look now -- it is not perfect, but it is great compared to the way that it was. >> yeah, i think we need to establish the sharing relationships at a state and local level. one of the things that governor secretary ridge focused heavily on was the development of state fusion centers, and i'm happy to say there's been great progress there. the sharing of information among law enforcement and law enforcement related agency, federal, state, local, and tribal has become much, much better in the decade since 9/11. it's still a process, but there are opportunities that develop relationships with the information sharing and intelligence operations of the major corporate citizens of those states to bring them in as an advisory committee to the governing board of the fusion center for example to learn from one another how we can best share information with one another, and i'm very mindful as i work overseeing 65 partner countries around the world that our transnational and global

businesses have amazingly sophisticated information sources that can be immensely helpful to the government. it's not a one-way transfer of information, and it all enhances our national security. >> okay. >> well, one quick data point on cyber for another tangible example of where information sharing between industry and government is, i think, maturing rapidly with great promise, and a lot of us at dhs was proud to put up on a launching pad an industry government cyber collaboration organization bringing cyber operations from the i.t., communications, financial sector with multiple operations, capabilities across the federal government. that was on the launching pad, and then the next administration under secretary napolitano prepared it for launch. it's known as the national cyber and communications integration center.

i didn't select the name, but it is, i think, a fine example of where trust is being developed between industry and government-under-par the same roof breathing the same air where we are, in fact, learning what information is truly relevant and actionable to each other as jim mentioned. government learns from us what it is what we can actually do with that information and what information is really not relevant to us, and so this is over time going to go into development, bring in more private sector participants, more government participants, state as well, and i think that bodes well for the future. >> if the information sharing -- if the commercial -- private sector folks or anyone else -- is there any concern that the commercial data that you're sharing now -- you know, could be proprior tear information with wikileaks or something that

give you second pause on how much you share with the government if it's exposed somehow. >> i think that there's always concern with the private sector about releasing proprior tear information that somehow gives or takes away a competitive advantage. i have to tell you in our decision making about what do we share with the government and stuff, that's not even on the list when it comes to homeland security. >> next question. right here. >> aaron fuller from cmc the about three weeks ago in colds at another event focusing on 9/11, there were lots of notables like yourselves on the panel. this was focused on counterterrorism. they talked on topickings you would expect.

many referred back to the 9/11 commission report. in fact, they said, please, everyone should go read the 9/11 commission report, but they also used it as a reference point not to look back, but looking forward ten years later artery roads that still needed to be traveled, things we still need to do, and so on. anything occur to any of you that in the 9/11 commission report rather than looking backwards provides a useful lens for focusing looking forward? >> i'll start with one that the secretary mentioned in her speech this morning, the voluntary private preparedness center. they didn't believe they were prepared to deal with something of that sail. dhs is rolling out that program, but it fits into the larger sense out there now about resilience opening up the door to look at what the interdependent sighs are out there looking at just in time environment. there's a set of risks that come

from being just in time, there's economic advantage and risk. .. which the governor also talked about is the entry exit portion the was a recommendation by the commission and the fees and restated its this year before the senate homeland security committee death that really needs to be done. secretary napolitano talked about the system now using avis

to match the air departures with a rival. however, that takes considerable manual checks of several databases, and as you talk about, they had to get a plausible backlog decreased to identify potential overstate and then the a vice to investigate and deport. homeland security state to a biometric exit would be the highest ability system. it does come with a hefty price tag but with the use of technology for example, smart phones perhaps, i think it is worth exploring to a biometric exit in large part because it does get at the issue of over status which the governor ridge also talked about and it's a sizable part of the emigration

community, but overstays and having exit also has for having the knowledge of that exit brings also deals with and can tackle terrorism issues. for example, the gentleman who attempted to set off a bomb in the square we haven't to catch them on the airplane trying to a scaped we call him the biographical information. perhaps the next terrorist want to use his real name and biometrics will come in but it also can prevent sex trafficking, international child abduction, tax evasion to catch criminals, multiple uses for having the exit information and in a biometric capability. >> interoperability i think everyone in the room recognizes that is something we've to continue to try to achieve going

into the future. the issue of the entry and exit, if you think about the challenges involved, it's one thing to be about to capture information as an individual enters the country but if you think about the 420 or 450 ports of entry whether they are airports, land ports, seaports, and that also means people will exit in the same fashion, in an airport environment it's a controlled environment. at a port of entry, it is a very uncontrolled environment on the exit side. it also requires tremendous cooperation from our neighbors to the north and the south. so it's maybe not in possible but it the same time i want to say it may be impossible to get a fully 100% operational exit system that we know exactly who is coming and going from this country every day, day in and

day out. you may agree or disagree but from my perspective that the u.s. customs and the border protection, trying to capture that information on the exit is just going to be extremely expensive and extremely difficult to manage to respect the land exit is the toughest to crack and the u.s. hasn't until recently started to build an infrastructure to do that and the controls with a share of commerce as a result. the u.s. has been in talks often of canada about sharing information as someone drives out of the u.s. into canada they would share that information for their entry becomes the exit and you run into the issues around that but i do believe with mobile tools, smart phones and gps and smart phone technology can help to tackle that infrastructure question. >> we will take a question here.

stomach there's a small community of us that really get preparedness and you always see the same people on the audience when we talk about this stuff. the public and private sector partnerships are a key element in promoting national resiliency , but the public at large, they the people are critical to engage. i'm wondering what you all think, how are we going to compel, we talk about the quote cosi something, say something," it doesn't require the public to look and good to talk to somebody but if you talk to the public and try to get them to make a plan to get or reverse, whatever it would we are doing some stuff. how are we going to move them needle and compel the public at large to get better prepared because all the stuff we are talking about only works if they

are getting prepared as well. >> t want to take that? >> thanks. i agree 100% and you know this story i caught on fire last christmas and when i did i went by a song's, didn't have protection and felt some heat on my shoulder and i'm on fire. without stinking i stopped, dropped and rolled. i'm proud to say that i didn't spell my year when i did it but i put my dear down, stopped, dropped and rolled to read all of it into ridgely. i've worked at fema and can't remember if it is have a plan, get a kid or get a kid, have a plan. it doesn't change behavior. one of the things i encourage my colleagues to host and i hope we do that in the coming years is to host a messaging summit with the private sector as well as the public sector from academia, a sociology, psychology, so forth so that we come up with a language and the action that can change behavior and says make it

simple and easy and start small and i think if we started small but effectively it would be with the messaging. >> i would add that really it is a viral. the fact that the chamber is sponsoring "if you see something, say something" campaign and goes out to all of the members, corporate members of the chamber of commerce and all of those members companies are encouraged to push that message out to all of their employees, and it is a viral messaging. we do the same in bank of america with the training and education ongoing throughout the year every year in cybersecurity training our people about what their specific responsibilities are in their particular corner of cyberspace coming in the dhs also has a similar campaign

called think, stuff, connect. a very clear sustained message when he or online and you were about to click on something or go to a website, stop, think about what you're doing, what information you are going to provide or what is the credibility of this website or e-mail, and when you have assessed the saturation and think that it's safe to proceed, connect. and these are viral messages to be pushed out person by person, company by company, and that's how we get the critical maps. >> when you talk about building a resilient society we are talking about voluntary human behavior. and we know how to change voluntary behavior. we've done before in our country. there's to places you can do that. one is in the schools so you educate the used to think differently and the other is in the workplace, the private sector work place to reliable

offer as a kiss example smoking behavior in the united states happened to have worked with a certain general of the united states working with fortune 500 companies talking about changing the corporate policies with regard to smoking behavior at the worksite. if you change the behavior for adults in the workplace, if you change their thinking in the workplace and of of thinking and behavior of the youth who come home and say dad, mom, pleased stop smoking i don't want you to buy, now i think we can about that to build a resilient society. it may just be something as simple as see something, say something, do something. prepare to take care of yourself and your family for a minimum of 72 hours. matt your neighborhood, learn who in your neighborhood is a formidable and need special assistance in the event of a catastrophic event and i take it a step further. to some act or acts of public

service, as we are talking about what it means to be a well rounded citizen and build towards a whole society response to be that resilient society that we all aspire to. so i think we know how to do some of this it's just a matter of taking a holistic approach. >> i just think we recognized one that's oversaturation. if we ask america to care about breast cancer and stop smoking and all of these other things in the 12 montrose that we have that's competing with each other don't stand much of a chance, so i think we have to be realistic in the outreach and there's one example i went to a major company and signed up for national preparedness month. my slogan as it takes 97 seconds because i myself and then i went back to get a little greedy because metrics forced upon me arbitrarily and so i said i don't want just you to sign up. go back and get the thousands of stores to sign up and the answer was wait a second. when i talk to my stores i'm telling them go out and meet

your customers and i'm telling them to follow dorcy to plan and all these other things. i don't know if i want to go to my stores and ask them to sign up for the national prayer month. so we have a mutual challenge of the oversaturation that we have to deal with. >> let me mention to terms that have been in effect. skill ability in psychology, so the number coming and you all heard me say it, there are 30 million businesses in america. let's not try to take 320 million americans, just businesses, 23 million of them are single proprietorships so in theory note, just the one person. let's focus on the 7 million. just think about that. just to reach all those businesses and try to get them as they and tried to do and my office tried to do, the task is overwhelming so it is something that has to be a sort of maturity over time. think about this ecology. the average american thinks it's

not going to happen, right? it's really not going to happen even if you live in the hurricane areas of america or the flood areas you think it's not going to happen. if it does happen is not going to happen to me. my house isn't going to get blown down or flooded and if it does happen in my get affected somebody's going to help me manly somebody from fema or a first responder. we have to change the psychology. we have to change that idea. >> if we reverse engineered the doctrine we were talking about before the country will be resilient as the private sector is able to get back on its feet after a catastrophic event. corporate america, business america is only going to be as resilient as its employees are able to take care of their immediate family and return to work so we want people back to work for generating as quickly as possible and so it's not only a good act as a corporate citizen but frankly in the self-interest of every business to make sure that its employees

are resilient and prepared so that they can answer the call and get back to work and to doing what you all count on them to do. >> absolutely right. what we are going to do now is take a ten minute break and when we come back we are going to talk about where we are going in the next ten years. some think about that, where do we need to go. let me thank the panel. [applause] [inaudible conversations]

[applause] >> we return now to the u.s. chamber of commerce to hear remarks from homeland security secretary janet napolitano. she spoke about the role of the public and private sector and making the u.s. more secure. this is 35 minutes. >> it's an honor to be with you come and i think that of the three of us who have served as secretaries of homeland security, governor ridge, secretary chertoff, myself, we share a special bond in terms of

the multi mission aspect of the department and building the department even as we deal with what everything from natural disasters to terrorism to other sorts of man caused disasters. so we run the gamut. we have multiple missions. it is now the third largest part of the federal department of homeland security. so, governor ridge, secretary ridge, thank you very much for your service to the nation in this regard, and i think a shout out as required. [applause] i'd also like to see through the chamber of commerce for inviting me back to be here and to

address the national security task force. going back to my time as the governor of arizona, and continuing now at dhs, i have always believed that we can achieve our goals more quickly and efficiently when the public and the private sector work together. and nowhere is this more important than in this day and age when we must keep our nation, our citizens, our businesses safe from a variety of threats. we must do so in a fiscally constrained environment. so, we must work together. and homeland security means that every part of our society must play its role to make our nation more secure and resilience. by a resilient, what i mean this to be able to quickly respond to a disaster and quickly get right

back up on the horse and get back to work. we must do this, we must secure the nation and be resilient and work one person, one home town, one community at a time. now, as it has already been mentioned, next month as the tenth anniversary of the 9/11 terrorist attacks, and i think there is no question that over countries more stronger and secure against that type of attack than it was a decade ago. we have bounced back and we've bounced back very strongly from what was the worst attack ever on our soil. we have made progress on every front to protect ourselves. indeed a few weeks ago the department released a report

outlining with specifics the actual progress that has been made by the department of homeland security and by our partners in fulfilling specific recommendations of the 9/11 commission that what the vehicle were directed at the department. this means strides over the last decade to protect the nation against large-scale attacks are disasters to protect our critical infrastructure and cyber networks and to engage a broad range of americans in the shared responsibility for security. indeed, our experience over the last ten years has made us smarter about of the evolving threats we face and how best to deal with them. we used the knowledge and experience to make emanations and communities more resilient, not just the terrorist attacks

but also threats and disasters of all kinds. and we have done so in the context of making sure that we also protect and preserve our fundamental rights as citizens of the united states. so, as part of our efforts, we continue to increase information sharing to state and local law enforcement agencies, and to the general public, and we do so because of that fundamental principle that all of us have a role to play in thwarting potential tax and reporting suspicious activity to the authorities. as you will hear more, the scene where individuals are concerned is "see something, say something," and that is easy to remember and something that we hope the american populace begins to incorporate as a

matter of "if you see something, say something" campaign. now the role of the private sector is very significant which is one of the reasons why i find it important to address this group on a regular basis. with our private sector partners, we've increased preparedness for disasters, and we have strengthened the resilience particularly of our most vulnerable critical infrastructures. two weeks ago the dhs, fema, and north, partnered with the u.s. chamber of the american red cross to present the first annual resilience conference, furthering our efforts to participate and partner with the private sector to sustain a safe and secure homeland. together now with the world customs organization, with the international maritime organization and with the

international civil aviation organization, wco imo, and the iko and the united postal union we have initiated a major international campaign to better secure the global supply chain. this means that been a good inters the stream of commerce and ultimately enters the shores, we are working to make sure all along where it crosses international boundaries, where different personnel may be involved, that security measures are being taken and that they are becoming more and more standardized as we work for the global economy and we work towards the fact that we have to deal with our homeland security it means also international security in this regard. we are working with the private sector and international partners to expand and to

integrate trusted traveler programs to facilitate legitimate travel and trade will enhancing security. what does this mean? what it means is we are about led to the to about and working to implement work based strategies both for people come passengers coming and the goods for cargo both internationally and domestically. and what does this mean for practical purposes it means that all ultimately we want to be able to expand programs like the global gentry that allows those for example business travelers who are traveling internationally and frequently to have yet to process through the lines expeditiously to read some of you may already have your global entry card to interviews the global entry system. and everybody that i know has used it has been more than

pleased. our private sector office is in the department and has produced an online resource catalog to make it easier for our private sector partners to find and utilize the information they need from bombing prevention resources to the technologies. and this year we launched the private sector preparedness for ps-prep program to improve their own preparedness to the implementation of the business continuity in the emergency preparedness plans that meet certain standards. not every plan is all that it needs to be to really provide a security that you need. the ps-prep available on line is designed to give you that information. we have also who launched this

year a loan executive program to enable the top-level executive talent from the private sector to share their expertise with the department, particularly with respect to selling in certain discrete needs. we recognize as a part of the partnership we need to have the private sector that there are execs that if they will be long to us for a while it's helpful to us and quite frankly, it is also helpful to the private sector. it has more on the ground exchange about what happens at the department on an ongoing basis. now as i mentioned before, the public has an important role to play here because everyone has a role to play in the security. it is a shared responsibility. of particular importance and where the private sector can continue to play the key role is an effort to increase public

vigilance and awareness of threats and the reporting of suspicious activities to the authorities. why is this important? because time and time again we have seen an alert public including business owners when they notify the authorities when something the encounter just doesn't seem quite right. and these efforts, when somebody has seen something and said something has actually helped prevent crime and terrorism. it was to alert street vendors in new york city who notified police when they saw a suspicious act vehicle last may and other actions stop and stop find the perpetrator. in january alert city workers and spoke in washington reported a suspicious backpacked along

the parade route and thwarted what certainly had been a deadly bombing on martin luther king day. more recently the owner of a gun store near fort hood called authorities when an individual acting in the store was the hitting in a suspicious manner, his actions helped prevent a potential terrorist attack. against our troops that could have taken many, many lives. and those are just three examples that have been in the open source media. there are many others as well. as of the importance of public awareness in fighting crime and fighting terrorism and preventing violence is critical, and that's why over the past two years we have been strengthening and expanding one of the most successful public awareness programs in the country "if you see something, say something" campaign. it's a jury simple and effective

message, a very simple and effective program. first-come implement it. by new york city's metropolitan transportation authority to raise public awareness and indicators on terrorism and crime. and to emphasize the importance of the reporting to proper law enforcement authorities, and to do that in the federal buildings, transit systems if you were in a sports and you come major retail venue and entertainment in new. we have a number of partners in the sea something say something campaign including the ncaa, the nba, the national football league the indianapolis 500 lodging association, the general aviation industry among many others. and today i'm proud to announce we have a new partner in a fussy something say something

campaign, and that is the united states chamber of commerce. they are encouraging all of their members to utilize the new public service announcement that we are unavailing today and to find ways to partner with the dhs to get this message out. we are working with the chamber now to develop material that can be used in the regional offices across the country and also within particular communities. i would like to congratulate the chamber on joining the campaign. i look forward to their support and working with you on this important initiative. today we are going to continue the see something say something expansion. we continue to add partners, new materials and a new ad campaign, and today we are releasing a new set of 32nd national public service announcements designed

to engage the public and identifying and reporting suspicious activity. each public-service announcement presents a different scenario involving a suspicious activity, what to do and how to notify the appropriate authorities. we will be showing one of these 30 it set and it announcements in a moment. it will be up here. and then i'd like to mention with that to issue a challenge to you. my hope and my charge to you today is to help us spread this public awareness message. you can do it in a number of ways. when you return home to your businesses and communities, you can share them with your colleagues, with your employees and help us reach an even broader audience by showing them in your own of in use, buy showing them and things like stores, business is that you

operate, linking them to company web sites so that employees have access to them, including them in your own marketing campaigns. more directly, you can partner with us to bring the "sees something say something," right into your business. quite frankly we need all hands on deck in this effort. you know, members of the private sector, and i know in my role as secretary, how hard it is to get the message across the general public and get them thinking in that way. right? what we are trying to do is say homeland security, no government department no matter how large or how well run can do it by itself, and private sector, no matter how large or well-run can do it by itself. it has to be a partnership, and the public as to be involved. and by these simple campaigns

and a simple and straightforward message, we think that emphasis will indeed help us to insure that we have all hands on deck. so i think as the governor, secretary ridge has described, we've done much in the last ten years to better our country to keep our nation safe. we have a lot of efforts under way right now. the credit for this is widespread. a lot of it should go quite frankly to the men and women on the front lines working these issues every day including our counterterrorism and law enforcement professionals, including our first responders, including our many industry and ngo partners, volunteers, state and local governments, the list goes on. when we work together, when what we call homeland security is truly a national enterprise with

a whole nation participation, then we increase homeland security and homeland resilience triet as was previously described, the kind of threats we now face from terrorism, from threats in cyberspace to pandemic disease to the natural disasters of all types demand that we strengthen our capacities working together. none of us can do it by ourselves. it also demands a continued vigilance of the american people. so, today, we are stronger than we were on 9/11. there are no guarantees in this world, and i am not here to offer him guarantees. there are lots of things that are threatened that can happen. but what we can do is maximize our ability to prevent an attack from occurring, minimize the a devotee of such an attack having

a large impact and increase our ability to respond with efficiency and effectiveness and to get as i said earlier to get right back up on the horse and back to the business of the country. so now i would like to have played for you for the very first time fief 30 second television psa. there are 15 seconds versions, there are radio psas, they are all available at www.dhs.gov/ifyouseesomethingsay something. www.dhs.gov/ifyouseesomethingsay something. let's set aside 30 seconds and see this new spot.

>> maybe you see something suspicious but you don't want to get involved. it's not your place. can you be sure? if you see something, say something. report suspicious activity to local authorities. >> what do you think? [applause] so, again, thank you for what you have done today and for what you are going to continue to do to help us spread the word. thank you very much. wait for the microphone to come to you. any questions?

>> [inaudible] >> nope you point out a valuable thing which is we want the public to live with information but not to live in fear. and quite frankly, when they have information, that helps reduce low level of fear. that's one of the reasons we mature out of the color coded and ended it and instead substituted the threat advisory system which is designed when we have specific credible intelligence about a threat to be able to go to the public with the information that we have. what we want them to do themselves and for their families and then where they can get ongoing information. the national threat advisory system has replaced a color

code, and the idea is with information empowered. "see something, say something" is the same thing and we've had it in enough places over the last two years now that we have not seen it at used by the public. so, now it is more a matter of public awareness what we would call situational awareness. there's the microphone. >> thank you for this opportunity to read of course you mentioned the u.s. is safer to the counterattack like 9/11. but do you think it is safer to counter an attack like all kinds of turbines and attacks and ideology? thank you. >> thank you. what i feel we are seeing is the evolution of the kind of attacks against our country. so if he were to take the 9/11

attack and break it down into all the steps that need to be taken by those terrorists to what lies basically commercial aircraft and slice them into the world trade center, the pentagon and ultimately the one that was crushed into shanks still, we have a linear system of securities that would give us multiple ways of which to interrupt that large and complicated plot. what we see instead now or smaller plots involving fewer people so they are much more difficult to intercept, to pick up information in time to intercept. there's been an awful lot of good work done. but we are seeing smaller plots using a variety of techniques. they are derived internationally, but we are also seeking the rise in activities

by individuals who are actually in the country, and they are acting by themselves. that kind of attack is the most difficult to prevent because there's nothing to intercept and so forth and so you have to go and use other methods, and one of the other methods is for every citizen of the united states, every person of the united states to have awareness of their surroundings and feel comfortable in reporting suspicious activities to the authorities. >> one more from the back. >> thank you very much since 9/11 asra mengin you've seen an expansion of the government power to protect american citizens from the threat of terrorism as well as an expansion of the bureaucracy with a that be for the five amendments were the patriot act to get can you sketch out a scenario when you think the government wouldn't need some of those extraordinary powers, and a scenario when in some cases it

could return to a pre-9/11 sitting in terms of the power of the u.s. government. >> no. [laughter] realistically we have to say look, environments change over time, and 9/11 was a signal of the change in the environment that we now have to deal with. i think throughout the foreseeable future what is that change? against the united states motivated by various ideologies, terrorists, other ideologies as well aimed at trying to commit a crime, motivated by the ideology that would have an undue impact on ever society either economically or by a end or a number of individuals affected. as a con ausley and we at the

department we run this assuming that is the environment and then the questions presented are okay what are the best things we can do consistent with american values of the civil liberties and privacy. so, one of the things we have in the department right now is our own civil liberties office, and we examine all of our programs and exited activities in that perspective. we also have i think only one of two privacy officers appointed within the federal government. the other one is at the department of justice. and the privacy office analyze is from the privacy perspective all of the activities that we are doing. so, i think that we live in an environment where terrorism and those sorts of threats are part of what we have to deal with,

and we also however want to do so in a way that is respectful of and protect the civil liberties and values that we fight to continue. so, it is that a balance that we strike on a day in and day out basis. and as i mentioned earlier, that if you see something, say something campaign, it's been on amtrak and it's been in the metro. you probably heard my voice if you ever write the metro. it's been in the ncaa, all of the march madness in use at the "see something, say something" campaigns running in enzi arena. it's in the stadiums and shopping malls and other places where people congregate and gather it now we are taking it to the next level, which is to say let's focus on individuals and see if we can make sure that

the individuals of the united states acknowledge the shared responsibility for security and acknowledge and incorporate and value of the "see something, say something" campaign. that is really designed to help protect all of us. okay? one or two more? i don't know what your schedule is. >> i know what i have to do next, so i would rather stay here. [laughter] >> joe from the system planning corporation. we obviously have reacted to some very severe issues. but where do we stand on the opportunity to reciprocate the requirements that we've placed on our overseas trading partners and perform the same services for them and by the country, and

we have goals of vastly increasing our exports of the jobs program and what have you and is there any thought that it would be a good idea if we were able to offer those same types of scanning services that we insist others around the world perform for us that we would perform for them. >> we have discussions, and this kind of goes to the global supply chain program i mentioned briefly in my remarks, and very much a reciprocal type of program in terms of standards for inspecting goods and looking at when they first entered the stream of commerce, you know, the consignors, all of the places the different personnel might touch a container or vessel would be needed than to

make sure that there wasn't something inserted in there that was a weapon and explosives, something that could be of debt needed and the like. so the global supply chain strategy which does involve all of these international organizations which cover about 180 to 190 countries is designed to make sure that we are all using the same sort of standards and you are right to say that there can i think over time i think we will be able to do joint leveraging and sharing of those responsibilities. >> madame secretary, governor ridge spoke to the entry system and the fact we know when people come into the country and when they get here and one of the things we don't understand is when they leave and stay if you can speak to your vision for the management and when you think we might see a solution for the

exit permits the entry exit. >> actually we are far along now. let me explain the progress we've made in the last few months. one of the things we did is we have gone back and looked at the -- there was an original estimate of 1.1 million visa overstays. we have now gone back and looked at and systematized the cross reference and other records that we have and we've been able to reduce that number in half, and then we've been able to go through with other systems and reduce that even further. and one of the things that is different now than existed when the vienna shall u.s. entry and exit system was conceived is we have much more biographical data

as opposed to biometrics but we have many more databases and different things that are now appropriately linked comment that can be searched that enable loss from a biographical standpoint to keep track of when people actually leave the country and to know better where people are who have overstayed their visas and then to be able to prioritize who among those need to be touched by the law enforcement first. so those who have overstayed and also appear on a suspected security or terrorist risks and who are fugitives from the justice and that sort of thing. so we have been able to clear the list and we are in the process, basically compete the process of prioritizing the remainders and many more ways of

by zero graphically ascertaining when somebody has left the country. we have a different devotee now and the cost of having what was originally conceived which was a universal biometric exit system because we piloted its in several places, and the cost is very, very high. we believe in our analysis demonstrates the kind of data that we now collect that we now have organized that we now have systematized and with of the ability to search very quickly because we have to move millions of these daily that we get virtually the same results. it's just much more economically efficient. in this day and age, with the pressure on the fiscal system the way it is, badgers a problem and figuring out an answer, they

get us where we need to go and that is cheaper and as efficient. i think that is one of the challenges we have come and that's what we have attained. so yes, cognizant of the problem as it was set before us earlier today, but a great progress has been made. all right? thank you hiring much. "see something, say something." [applause]

on the fbi's role in combating cyber threats and it's 45 minutes.c- >> back to our f.b.i. series oat we've been doing this all week focusing on different focusi onf the agency. monday we talked about tactical operations and tuesday we talk l operations, and on tuesday, the role in counterterrorism. wednesday, the budget and the programs. tomorrow will be forensics and profiling. we will be live from the museum in washington, d.c. today, commenting cyber attacks and cybercrime. shawn henry is the assistant

executive director of the fbi. let me just began with director summers testimony this where he talked about the threat from cyber attacks. according to a fox news report, in 2010 alone, the u.s. government was subject to over 300,000 cyber attacks on its infrastructure. according to some government officials, there have been over 100 attempts by foreign governments to access sensitive data from our government. describe for our viewers the threat that is out there. guest: i think it is important for people to understand the stage, what the internet is all about. it is arguably the most important ssingle innovation technically in our lifetime. the amount of data transmitted throughout the internet, stored on the internet, has really revolutionized the way we do business. because of that data, when i

talk about data, intellectual property that businesses use every single day, financial data, personally identifiable information that we use, to access your account, do business, shop online, do your banking, our military secrets, some of the next-generation weapons secrets -- that type of data being available is attractive to adversaries. terrorist subjects, people sympathetic to the jihad thi ca, foreign governments interested in collecting information to help their economic infrastructure in their countries, and organized crime groups who are interested in pilfering that data to bolster their organized groups. we have lost billions of dollars financially. we have lost billions of dollars through our intellectual

property loss. it has caused a dramatic decrease in our economic capabilities in some respect. from a national security perspective, because of the type of information that has been lost, we are less safe as a nation. host: what about the threats to infrastructure, hacking into the intellectual electrical grid and otherwise? guest: the ability for an adversary to try and intercept those communications or infiltrate the networks to run those infrastructures would have a cascading effect and impact on this country. if we were to be without electricity in a major city for a protracted period of time, we all saw what happened in hurricane katrina in new orleans. after just a few days, there was civil unrest in the city. people were without food, unable to pump gas. it was hard to find water.

those are the critical infrastructures that supply us with our necessary day to day infrastructure. host: does that number sounds correct, 300,000 a tense, cyber attacks? guest: it actually sounds low to me. it is hard to calculate. there are millions of packets that fly around, billions of packets of data that fly around the infrastructure on a daily basis. every single network that is connected, every single device connected to the network is susceptible and potentially vulnerable to attack. host: what would be the impact of a cyber attack, a successful one, on the electrical grid, or some other example? guest: there are a number of different consultancy's that have estimated the impact of the attack. some say it is tens of billions of dollars annually.

a recent study was done by a consultant and the last month that said in reviewing a number of companies that the annual cost was about $5 million a year, and that they had lost data on an average of once per week. they had suffered an intrusion and lost data. so the cost is calculated based on the cost to protect the network. it is based on the cost of data that is actually lost. the cost of mediating the network, the cost for lost business opportunity. when your network is down, you're not able to conduct business. host: so millions of dollars? guest: billions of dollars. host: what is the fbi doing, as we speak, to thwart any kind of attack? guest: the fbi's role is threat mitigation. how can we identify who the adversaries are and how can we use our tools to try to mitigate

that threat? with organized crime groups, there are groups that operate, and many out of eastern europe, who are operating on line, collaborating. they are attacking our financial services sector, retail infrastructure, and they're stealing tens of millions of dollars. our job is to identify who they are and to use our law enforcement capabilities to coordinate with foreign partners to actually take them off line, take them out of the game. we do that and disrupt those activities and those groups by arresting people, by sharing intelligence with our foreign partners, and they can use their authorities to take some of those groups offline. that is one of the ways. there's also national security. we talked about the foreign intelligence services. the fbi has a law enforcement authority and a national security authority. we can collect intelligence and share that with our partners. we can use their authorities to

identify who the adversaries might be. host: give us a visual for people who are thinking about computers -- i think there are 1000 agents in the fbi working on cybersecurity, cyber threats? guest: there are agents as well as analysts. we have computer scientists, people who do forensic evaluation. the number is closer to 1500 personnel. host: what are these people doing? what are the different aspects of trying to forge a cyber attack? guest: the most important part is identifying aan attack that has actually occurred. that means chordata with security, -- that means coordinating with security and the private sector. that means collaborating, sharing information with them, so we can identify the threat and go after them. host: who is the threat, and which countries are we talking

about? guest: there are dozens of countries could have an information espionage -- who have an information espionage program that collects information off of the networks. there are dozens of organized crime groups operating throughout the world. your viewers might be surprised to hear about how these organized crime groups actually operate. when we think about organized crime in the traditional sense, you think about "the sopranos," guys operating in a back room selling drugs, loan sharking. we see organized groups that get together online in a virtual environment. we have seen criminal groups that have that other co- conspirators online, never met in the physical sense, in each of those individuals have a very specific capability. one might be the person who designs the malware that reaches into a network. one might do the reconnaissance

to identify the most vulnerable networks. one might turn pilfered data into an economic advantage and monetize it. these groups that have never met each other before operating in multiple different countries caused a significant threat to infrastructure. host: back to this fox news article that i referred to earlier. it notes in here that the united states government is planning to spend upwards of $13 billion over the next five years to try to keep the government's most sensitive data away from cyber hackers, cyber attacks. if you look at the fbi's budget this year for cybersecurity, it is about $285 million, approximately, agents. -- two hundred $85 million, approximately 1000 agents. -- $285 million, approximately

1000 agents. if that is correct, what do you see as the budget for cybersecurity. is it going up? is it enough right now? guest: there is a comprehensive plan through the administration. it is a government response. i think we have seen our budget go up, increasingly over the last five years in terms of both personnel and non personnel resource in and enhancements. that has been valuable. the threat that we see has been growing. it is not going away. it becomes more sophisticated and more advanced, requiring us to be more sophisticated and advanced. we will see increased resources deployed. host: democratic caller from easily, south carolina. how are you doing today, mr. henry. i cannot hear you. host: we are listening.

caller: considering the money we are spending, when you really look at the internet and cyberspace, i want to know how your agents feel about the fact that people can come in, do not do anything or say anything, and it seems like there should be a penalty for them to do anything in the world. host: what is the crime, and what is the punishment for a potential cyber attack? guest: there is a computer fraud and abuse act that is currently in place. there is current legislation on the hill that is being discussed, more of a comprehensive plan. certainly deterrence is critical. the ability for us to arrest people to determine or demonstrate to them that some of the activities they are involved in are illegal, take them off the playing field, it provides us with a much stronger

advantage to mitigate that threat. host: can you give us more details about what congress is talking about, a more comprehensive plan? guest: this is legislation on the hill. congress has been working on this plan for a while and they recognized the significance of the threat. i have been on the hill and have spoken to different committees and members about the threat. they are raising the deterrence levels of the penalties to raise them to a more substantial level. host: lancaster, pennsylvania. john, independent, next. guest: greta, you could conduct this interview with anyone in the nation that has the information, and they would say the same thing. let's have some balance between fbi, cia, the defense department. we're hacking countries all over the place. guest: the caller is talking

about other agencies. my role in the fbi is threat mitigation, the attacks we face here in our nation. looking at to those adversaries are. can we share intelligence that we collect with the department of homeland security and others to help make this country safer? host: are there other agencies outside the fbi that do that sort of thing? guest: i do not have information about the u.s. intelligence capabilities that this gentleman described. host: from the local washington journal," back in may, "sat -- from "the wall street journal," back in may, the pentagon responded with military force. what does that mean for the fbi as a law enforcement part of that equation? guest: role is both law enforcement and national

security because we cover both of those areas. in addition to arrest powers, we can share information with the intelligence committee. the piece you are talking about in terms of the department of defense response, the administration has stated that our critical infrastructure is a key part of our national security. it is a critical asset and we rely on its function, and the u.s. government will look at all forms of response if that asset is threatened. host: we go to john, albuquerque, new mexico. a democratic column. caller: enjoy your guest. it has been so and lightning. i wish they would talk about it more because they really are in the zone. i feel like the independent out there -- the social network, a group of young people put together a social network,

facebook. a group of young people can attack on online entity and institution. i have a lot of smart young people around me in new mexico that when i had a computer problem i go get my ninth grader. he pushes this, does that. i got scant five years ago by a group working out of florence, italy. they were called wholesale brands, they were showing shoes, and you could buy a case of the shoes for $1,500. you could sell them on ebay. the trouble is, you go on ebay, with their beautiful pictures, you buy the shoes, you send them your money, and they scam you. i called scotland yard, scotland yard spoken little italian. i talked to the italian police. that did not go well because i do not speak much italian. nothing is done well -- nothing is done to these cameras.

host: what is your question? caller: the fbi believes they were al qaeda terrorists working out of itsitaly scamming people out of $2,000 or $3,000. guest: the caller is referring to internet fraud that takes place. it is prolific. traditional organized crime groups have migrated there. they have the ability to access such a greater volume of potential subjects. for us, the international opportunity for us to work with our partners is critical. some of the things we have done internationally, working with the italian, the spanish, the turks, romanians, estonians, and others has made it a much stronger situation. this is a pervasive problem in our ability to work

internationally so we can identify these culprits and bring them to justice either under u.s. law or international law. that is an area we are engaged in. host: our guest has more than 20 years of experience as a special agent in the fbi and currently heads up the response services branch of the fbi. there are four divisions under you. do all these divisions focus on cyber? guest: they do not appear in the criminal division focuses on public corruption, white-collar crime, violent crime, and the like. the cyber program focuses on computer intrusions were people are hacking into networks, what we have been talking about here today, as well as child exploitation and internet fraud. i have an international operations division that focuses on our partnerships overseas. we have a fbi agents deployed into 75 countries around the world, in indices and working with our international

colleagues. our critical incident response group is involved in critical incident response teams and so forth. host: good morning, richard, from wisconsin. caller: thank you for c-span3 what i am going to talk about is basically -- thank you for c- span. what i'm going to talk about is basically drop everything, this is a red alert. we're talking about the magnetic pulse threat. there is an author named drew miller. his book is called "rohen nation. viruses.ing about the i will explain to the american people what i'm trying to explain. i'm talking about the solar flares of the sun, that in 90 minutes could take out our grid

system in our country. host: that was richard. here is a tweet -- "sir, part most breaches -- aren't most bridges and security perform from inside the firewall?" guest: i think the viewer is referring to the insider threat. i am talking about primarily remote access attack. there are multiple ways and asked for seri -- an adversary can attack. they can get remote access from their living room come from mara -- from anywhere in the world. people administered in the work, employees, somebody who may have gotten access to the network by being part of a corporation. they provide a significant threat because they have already breached the perimeter. those administering that data certainly pose a threat, which

requires a government agency, the private sector to become vigilant in the people they are hiring, making sure they do their due diligence. host: kerry from -- a republican, you're next. good morning. caller: i was wondering how they were going to protect our systems from things like wikileaks . guest: when you look at something like wikileaks -- and that is an ongoing investigation, so i cannot comment specifically on that -- it really is incumbent on the odors -- on the owners of data to ensure that those could have access to it have been fully vented -- vetted, and our

policies in place to make sure that the integrity is maintained and that the data is shared according to a corporate protocols. host: you cannot comment on ongoing investigations. i want to show our viewers this reference to lawmakers wanting a briefing on shady cyber attack. lawmakers are looking for more information about operation shady rat, the cyber attack that targeted more than 20 government organizations and companies in 14 countries. wanting to know whether having a conversation about it would hurt or harm cybercrime, combating it. why does it hurt having a public discussion about it? guest: i think that the public discussion is necessary. that is why i am sitting here talking to millions of viewers. it is critical for people to understand the threat.

the particular issue you are describing, shady brat, standing for remote -- shady rat, steny for remote access tool -- i think the dialogue is critical. i do not think the public understands how vulnerable they are, how vulnerable their data is, at how critical it is for that to be protected. the loss of that data, not only to the entire country, but the impact it has on them individually. host: i went to the homeland security website for their 2012 budget request. they are asking for $233 million for federal network protection, another $41 million for i the security assessment. another $24 million for education and training, etc. and another $80 million for

cybersecurity, and research. when you combine that with the budget for the fbi, is their redundancy going on? why are there two different agencies looking at this issue? guest: the department of homeland security is really in protect mode and consequence management. their role is really looking at protecting government networks. the fbi possible is different. it is in threat mitigation. there is absolutely opportunity to share information and intelligence so those two organizations make each other stronger. there is information in the course of our daily investigation about developing vulnerability, about areas that may be exploited. the department of homeland security might not have visibility on. because we have an exchange of personnel in each of our agencies, we are able to share that information so they can distribute to others in critical infrastructure and raise their defenses. it is not one or the other or redundant, if it is the sharing

of intelligence across programs. host: is there a cyber command center? guest: are multiple centers currently in different agencies. there are personnel in the different organizations that are stationed in each of the centers, so there is a sharing of information. there is a program in place to connect those centers so there is a faster sharing of that type of intelligence. host: back to cyber crimes. there is a tweet from one of our viewers. "social networks play a role in tracking organized criminals. how many crimes are detected through social networks?" host: social networking is an interesting phenomenon we have seen explode in the last couple of years. one of the ways we track criminals is not very much different from the way we have tracked criminals for over 100 years. the technology has changed the game a little bit, but there are a lot more similarities than

differences. what we have done historically is infiltrated groups. we have collected information from coal operators, people who have information from -- from cooperators, people who have information about different groups. social networking is a place where we can identify bad guys involved in attacking u.s. infrastructure, and by identifying them it provides us an opportunity to under -- to attribute an attack to them and use law enforcement authorities to take them out of the game. host: an independent, akron, ohio. caller: mr. henry, is there an organization or a name you can give me that can assist me? i had my computer tacked to the point of not being able to travel to a u.s. -- at -- i had my computer hacked to the point of not being able to travel because of -- it was done with

the assistance and permission of the command leadership and diplomatic corps. as an officer and commander, i witnessed crimes against children happening. there were five immunity laws giving rapists and murderers inside the military to continue their activities, and there are large networks allowing this and torturing and abusing victim witnesses. guest: you're talking about an issue with your personal computer, certainly people have a responsibility to maintain security on their individual home computers and their networks, similar to the way you protect your house, ensuring you have adequate locks, and alarm system, you keep the outside exterior lights on. to the extent that you have had a breach on your personal computer, there are many various security firms that will provide an assessment and a remediation for that problem. host: here is another tweet

question. "should i have an expectation of full privacy rights when i am on-line?" guest: i guess it depends on when you are -- where you're going for privacy. when i talk about the information being lost every day, that data is not private. once it leaves your network and is available, someone has stolen it and posted it. you do not necessarily have privacy. within the fbi, from a government perspective, civil liberties and privacy are critical components of very thing that we do. but i think it is important for people to understand, when they put information on to the network, there are other people who can see it and view it. much like when you go to the supermarket and use a car for a discount, you are putting into circulation data about what

you're buying. host: how easily do companies work with your agencies and other agencies to help you resolve the situation? if there is a vulnerability, and attack, and you need a company to respond, how does that work? are they doing it efficiently and quickly? guest: companies more often than not recognize that their ability to mediate this, our ability to mitigate the threat relies on the quick sharing of information. historically, companies were somewhat reluctant to report because they felt it would impact their customers, it would impact their brand, and that people's confidence in their ability to do their job and protect that data. as this becomes more prevalent of a problem, as it is communicated and people become more aware, companies realize they are not the only ones being victimized, it is happening really to everybody.

for them to come forward and share that information puts us in the greatest position to respond quickly and effectively. host: give us a percentage on how adequately the company's that run or own the comfrey knee -- the country's infrastructure are prepared for a cyber attack. guest: it is difficult to say what that number would be. sharing on a program such as yours here, to let people understand and identify what the concerns should be for them. when senior leadership and organizations realize the potential liability, they realized the vulnerability is inherent in their networks, and they realize these types of threats threaten their very existence. when the senior leaders recognize, and i believe they are getting to recognize that, they are strengthening their defenses and becoming more tailored. alert.ming more

host: we go to barney on the democratic line. caller: they do not pay a lot of money. i know they probably just do it to try to make a call. why couldn't the government and together -- band together for the cause of just say we are going to come together? why does it cost so much money? host: are you following that question? guest: if you are talking about people coming together, in come and cost goes back to what we were discussing earlier. were budgets can be leveraged, capabilities can be leveraged across other agencies and we are much stronger. if we are sharing intelligence, sharing capabilities, sharing technology, sharing advances, we are much stronger that way.

host: james parker wants to know, "what about cookies that are placed on your system to spy on your online behavior? any move toward more regulation?" guest: cookies are small pieces of software that provide information back to companies. when you log in, a company is looking at your browsing habits. we give up privacy oftentimes because we get an advantage for it. when people use online media, when they use online applications, some of that data is susceptible. host: we go to larry next in florida. caller: when a threat has been identified in a foreign country, what is the option for enforcement? does it have to go through the fbi as the law enforcement officer? do the cia take action directly?

how is it handled when you know who it is? guest: when a prime is committed -- when a crime is committed internationally, when we're talking about the internet, it is a worldwide network. many of the cases that we see begin or end overseas. our ability to coordinate with for law enforcement agencies is critical. one of the things we have done in the last few years, i talked about our program where we have agents deployed in 75 countries around the world. we have also started to embed fbi cyber specialists into the law enforcement agencies of another -- of other countries where we have seen threats thrive in the last couple of years. we are in a much more advantageous position by doing that to share more expeditiously, to respond to an emerging threat, and better protect the country. it comes down to partnerships, collaboration, cooperation, and

intelligence sharing with law enforcement policies -- partners. host: another tweet online, "which is a bigger security leak, cell phone technology or wired internet?" guest: i do not understand the question. host: with new technology coming on constantly, what gives you pause? what did you see that could make the united states or it infrastructure people vulnerable? guest: that is a good question that might go to the last week. 10 years ago the threat was our computer networks. people had a central processing unit, a cpu, on their desktop, and it was wired and it was connected. that was the threat, how could somebody breach that network. in the last few years we have seen an expansion of the perimeter. through the advance of technology where everybody is

carrying a blackberry or mobile device, they are all internet corrected -- internet connected. the areas for vulnerability have increased exponentially because there are so many more devices. imagine if you're trying to protect the building, and there are a couple of doors on it. relatively easy to protect. you have a defined area that you can protect. if you had 100 doors or 1000 doors on that same building, the ability to protect it increases substantially. that is what i see with the -- people's cars are connected with the internet where they are communicating with their service department, communicating about driving patterns. anything that is connected to that network is potentially vulnerable. host: frank, an independent from paris, arkansas, good morning. caller: good morning and thank you so much for taking my call. the opportunity to speak with

mr. hendry is very much appreciated. our industry, our national health care industry, has been subjected to, and our customers, for that matter, a horrible crime of cyber fraud that has been going on for 10 years now. we have been able to bring a class-action lawsuit against these frauds in the superior court of arizona, but they continue to perpetrate their fraud, it seems, with impunity. we are deeply concerned about the tremendous harm it is doing, causing fills a poll this -- causing physical illness wikipedia has a note under will spare a -- or simply go to goj itrees.com to get the archives

about this. it is an ongoing class-action suit going on for more than 10 years. what can we do to stop this? we need federal interdiction. host: we will get a response. guest: if you are talking about health care fraud, if you have not contacted your local fbi office, it is an area we are responsive to and i encourage you to do that. when we talk about the type of information that is vulnerable, people's information -- this resonates when we talk about their health treatment. the type of information we are very clear to protect, there are regulations in place that protect that data. health-care information being susceptible to pull three or exploitation is something to be concerned about. host: here is jessie ramirez with this week. "why are so many hackers that

target citizens computers from overseas?" guest: there are certain countries that have gotten into the technology game early on. it is certainly not related to a particular country or geographic area of the world because there are a lot of hackers within the united states doing the same types of things. we have seen this increase in these eastern european gangs, and it is certainly not relegated to those areas. host: so cyber attacking is an industry, a profitable business? guest: computer exploitation is absolutely a profitable business that organized crime groups are utilizing to enhance their bottom line. there is no doubt. host: how have you seen that grow over the years? guest: it has grown substantially over the years. more vulnerability, more business moving to the networks. more adversaries realize there are opportunities there.

there is a saying that goes back to a few decades when a favorite bank robber asked -- when a famous bank robber was asked why did he robbed banks, he said because that is where the money is. i have seen financial institutions that have lost tens of millions of dollars from these attacks. host: in one day? guest: yes, in one day. host: robert, a republican from athens, georgia. caller: will this help keep the unconvicted sex offenders from spreading their propaganda? guest: it is an area that we're focused on with our partners around the world, and it is a crime that is a of a significant concern to us.

the types of defenses we're talking about, literally to those trying to reach networks, to infiltrate networks, and to take data out, to sometimes even destroy data or deny us access to that data. it's a different type of crime. host: grand rapids, michigan, you are next. caller: what i kind of want to hint at, in some ways i feel as if the american public reflect upon them because there is this growing animosity of corruption and sort of almost exploitation in the united states from a citizen's perspective that stays aware. i feel on the internet -- i notice they represent this more. it is not that i feel -- well, i do not do any thing, but i see that they just sort of hack and

sort of exploit but do not steal anything. can i get your comments? guest: just talking about hacktivists generally, not any particular group, people who want to use the network as a means of protest, which i certainly appreciate people's right to protest. that is what this country was founded on. but by breaching computers, infiltrating networks, damaging networks, with its be wed the basements or by taking websites down, it is against the law. it causes damage. it causes billions of dollars of damage a year. i talked about some of the costs that businesses incurred that are passed on to consumers. for hacktivists to destroy networks to stand by and their cause, t