[laughter] thank you. first of all, i'll touch on the hardware issue because the whole supply chain risk management issue, it's interesting to me, there's 155 different supply chain risk management initiatives in the government today. we have to coordinate those and quite frankly, organizations like ours, we invest hsm in the brand -- heavily in the brand integrity program because our reputation is how we grow our business. to make it short, one of the things i think this body could help with, as we sit here today dealing with this supply chain risk management problem, the federal government still continues to buy from untrusted sources. there's a culture across the government of costing schedule across the departments and agencies where in order to save five cents on the widget, we buy low cost, low bid, end up in the gray market, and we wonld every

why we have -- wonder why we have malicious products in the government's supply chain. we have to buy from trusted sources. if there's a reason we're not, there should be a justification, it should be public, and the reliability should accrue to whoever the inquirers is. >> dr. schnek, can you comment on that as well? >> i do agree with phil, and i'll add we look at supply chains as an issue of the product integrity. we would also believe in leveraging existing standards to focus on a product integrity issue because you want to know if the widget you bought exactly what you think you bought? that's the heart of the issue of rigorous testing and the standards. >> if we are at risk if we integrate into the u.s. system non-trusted sources of product? >> i think it increases the

risk. >> thank you. >> i used to do this supply chain stuff when i was on the government, sort of on both sides of the table, and the couple points on that. first, right now, it's not worth it. it's easy to hack. you know, you have to assume the chinese and russian friends take the low cost approach to espionage. why should they not do it? the second is it's very hard to push this out to a global supply chain. we're not going to be able to get out of that. this is exceptional difficult issue that will probably force us to think about how we're going to work with foreign suppliers. >> correct. >> there's not really a choice here. what i think will happen real quick, right now, hacking is so easy, why bother? if we manage to improve defenses, they'll switch to the supply chain. >> here's the problem, i'm five minutes over on his time, and i think members -- >> this is a clinton we can all

agree with right here. [laughter] >> the gentleman's time long ago expired, and it appreciate the patients of the members not asking question yet. we'll try to get back on schedule. >> thank you, mr. foreman. thank you for the hearing and to the panelists. your testimony and your answers to the questions have been very informative. i want to follow-up on a line of questioning that mr. waxman had to dr. schnek. dr. schnek, i know in your testimony, mcafee labs predictses attacks on smart phones in the future, and it's my understanding your company, head partner with a research facility at carnegie facility lab in pittsburgh, the distribute i represent, about how employees handle mobile device security, and this study showed that most of lost and stolen mobile devices create the biggest concern for businesses,

about 40% of the organizations surveyed had lost or stolen devices, and half of the devices contained business critical data. further, about 50% of mobile users that were studied, we found out they store passwords, pin numbers, and credit card information on their cell phones, and that's what i'm guilty of, and i'm erasing that as soon as we leave here. [laughter] [inaudible conversations] one way to tackle it is to ensure the devices employees use are secure in the first place so that if an employee loses them data remains secure or you could remove that data from a remote source and to follow-up, can you elaborate on what's done by device manufacturers and app developers to secure products for commercial use? >> oh, wow. so we look at protecting them once they are received so from

what we've worked with, there's a couple vectors on what they do before delivery. one is -- i'll take the application side first -- when people download applications, they rarely think about if it's secure. one of the biggest dangers we see is not did i catch a virus or purposely down load something with a great app that did something neat for me but it's a pretty picture and delivery of malcode and the instructions now will get that to be a platform to enter the corporate network or ship back your personal information for sale on the russian underground. the app developers, some are careful and only approved or back to the trusted source point, only approve apps are for sale, but others are open about it, and it's up to the user to be careful on what you download. >> i think it starts -- we work with all of them, so from the droid operating system to ios to

microsoft, the first thing we work on is how to you identify the device itself securely and identify that back to the company. if you don't know it's connected to your company, you got your first issue in the consumerrization and the enterprise. the second theme becomes how do you then work with the applications that go into that phone and each one of those ecosystems do that differently. some have sand boxing where they can then use our security or others to make sure they know who is putting that there. they all three have very different testing mechanisms to test those apps in terms of that sand box and how they communicate that back and forth, and then the third thing we work with them on is how you secure e-mail and content in communication where it's mobile, no different than we did with laptops and desk tops before. >> mr. dix? >> yes, good old fashioned innovation delivered in the

marnlt today with the ability to lock kate, lock, and wipe those apps on demand. >> there's close to a solution to authentication. a quick story. there used to be just one government approved private company this north korea. do you know what they made? they made mobile phone apps. [laughter] i see a pattern. >> just another general question for the panel, do you think the fcc has any role to increase mobile device security, and what should that be? mr. connor? >> absolutely. in fact, you look at the fcc, the infrastructure's there. i worked at at&t and put electronics and systems into the company. you can look at the mobile networks as either good or bad. it can stop the crime. i talked about it today, if used correctly with technology that cannot be broken today. i think that if you think of one

governing body trying to own each of the pieces, it's folly. i think doe has to work the public-private partnership for its doe domain. i think congress and treasure needs to work it, and i think fcc has to own that infrastructure with that ecosystem to think the attack vectors the bad guys take against us are one size fits all is just crazy. >> very good. mr. chairman, thank you. >> thank you, mr. doyle. >> mr. chairman, thank you, and this question is for the entire panel. maybe we'll start with mr. conner. some argued before we entered the cybersecurity debate, we should heed the hippocratic oath and make sure in the first place we do no harm. if there's one caution you could offer us before legislating, what would that be?

mr. conner, starting with you. >> start with the bully pulpit frankly. i spent my team with this team and others, spent a lot of time educating, and i think quality is a great example this government got right. they didn't heed at quality. they got on the bully pulpit to say security was important. the lexicon still is not here, but someone started quality saying i'm going to get to cig sigma, and we knew what it meant when it started. you heard cost equality. i hear cost of security. we are focused on what cost? are you focused on the total cost of sciewrt or just the -- security or just the cost to implement something? start with education in your bully pulpit. the second thing i would start on is the inability of businesses to talk to governments or to themselves because of anti-trust and the

patchwork legislation in the states. i am tired of it being a one-way communication street to intelligence, and nothing in return, and i understand that they legally can't do it, but as the company is tasked with protecting our government and governments and enterprises and citizens, it's pretty folly to me. i can only give you information. you cannot give me any. >> thank you. going to mr. dix, moving rapidly. >> thank you. one, continue to inspire and drive an environment that supports innovation and investment, and secondly, did aware of the fact that the bad guys move fast. we have to have speed, nimbleness, and agility in the ability to respond. attempting to comply with a compliance model that takes a long time to build and implement slows us down and imposes impediments to the ability to have speed, nimbleness, and ability. >> in 2007, we had an

intelligence disaster -- >> i don't believe your microphone's on, sir. >> 2007, we had an intelligence disaster in the country. the details are still classified. in 2008, the department was hacked. 2010, google and 80 other companies were whacked and lose intellectual property. most have not reported it, but it shows up in chinese products in five years. last year, stucks net, the ability to destroy physical infrastructure using cyber attack, and we have a list at csis of major events because i got tired of people asking me when we would have a cyber pearl harbor. the list is up to 90. we have to stop saying do no harm. we have to move out, do a coordinated defense. >> so do you think we definitely need legislation? >> i do. i think there are things -- one thing we can say now that we

couldn't five years ago, we have a pretty good idea how to do this between the experts here, some of the other places. there's agencies that have done a particularly good job. we have a good idea how to reduce risk, and we have to implement that. >> mr. clinton? >> i agree that we do need legislation. the question is what is the legislation that we need? i do subscribe to the do no harm theory. i think the one thing i tell the committee is to understand that this is not a technology issue. it is an enterprise-wide risk management issue. the problem we have is that in cybersecurity world, all of the incentives favor the bad guys. it's cheap, easy, they are profitable, it's a great business model. defense is hard. we follow attackers around, hard to show return on investment, and criminal prosecution is virtually non-exist tent. back to the last thing i said before i finished my oral statement.

understand that you are dealing with the invention of gun powder. this is an entirely different thing. you can't just take 20th century models and plug it in here because you can pass legislation that will do harm, that will take away needed resources from where they need to be. we need a credittive 21st century approach and a lot of what we're seeing in the public policy world is not that. >> mr. clinton, thank you, and in the last 12 seconds, last, but not least, dr. schnek. >> let's take it as an opportunity to unleash the power of the private sector. we built this thing. we department build it with security. now we understand this add adversary. take the information we have, the data we have, the isps to see all the mobile phone activity. they see it, can protect that, incentivize us so we can eat when we are done doing it, but build business 340d electronicses from the hardware up, and the world will change in a few years.

>> i thank the panel for the excellent response, and, mr. chairman, i yield back. . >> thank you. we're going to lock the doors and not let you out until you give us all the ideas. we'll let you out today, but seriously, in terms of helping us understand how to get this right, you have a lot in your testimony, but if you could help us drill down very specifically at least within the jurisdiction we had, we would really appreciate very specific suggestions back. going now to california and thank you for participating. >> thank you, mr. chairman, and i have to say this is probably the most interesting and scary testimony i've ever heard, but i think that quite frankly our country doesn't realize what risk we have, and i think the things we hear about over the news are things talked about hacking, but they are at a level where personal level to where

people understand. this is far beyond that. it really affects every sector of our economy, our country, the way we live, so i truly believe that this education process is going to be very, very important. i also believe that people like you have to step up to talk about it in ways that the public can understand. the cybersecurity, everybody sort of understands it, but they do not understand it 6789 i think with every advance in technology, we open ourselves up, and our daily lives can be impacted so much. i wanted to follow-up a little more on the cloud-base services. businesses and governments are now going into the cloud. what are the unique challenges facing the cloud with respect to cybersecurity, and are we thinking ahead knowing what we know now about how we address

these challenges? start over here with mr. conner. >> it's something that's giving a lot of attention from everybody, and i think a lot of people are running before they thought it through. >> oh, okay. >> i think it's very app -- application and business sensitive depending what you put in the cloud. some stuff in the cloud is user name sensitive, and that's fine, but if you put valuable personal information and intellectual property in the cloud, there's two issues. the security within the cloud is not the security within the mainframe data center today. >> oh -- >> and how do you awe -- authenticate the cloud and i think that's naive. >> so are we still at a place, though, where we could start looking at that and incorporate how we integrate these things and the information sharing activities? we're still okay right now, but

right now, you talk about the cloud as a very sexy thing, so people are now jumping to it. i was curious, too, also about dr. louis, that you mentioned that government should find ways to incentivize companies, and dr. schnek talked about the same thing to prevent cyber attacks. what are the most effective in your opinion? i want to hear from dr. schnek, too. >> there's basically four kinds of incentives. there is regulation and we're going to need some of that, not too much, and it varies from sector to sector. there are tax breaks. i mentioned this to some other republican task forces in cybersecurity, and they thought it not to be the best year to go after it. there are subsidies, and we

might need subsidies for research and development and perhaps other things. finally, there's a coordinating effect. someone has to lead. you can find this as maybe a good story from the australia example. if you pool industry together and point them in the right direction, they'll come up with some good stuff, and we can find examples in the defense department where that's worked pretty well, so regulation, tax breaks, subsidies, and that might include billing something into the rate structure for some critical infrastructure, and then coordination. >> dr. schnek, do you agree? >> not entirely m i think our regulation drives a box around technologies that you are forced to adopt. puts your money there. takes it away from science innovation and shows the bad guy what we're not protecting, but i favor tax incentives, insurance reform, litigation reform, and anything that allowed a company to be creative and up front

invest, because it's easier and cheaper than the clean up. i testified earlier a couple months ago about small businesses and incentives needed, but the small to medium businesses make up 99% in some cases of our business fabric, and 23 you think about where the newest technologies come from, not just cyber, but maybe the next engine comes from a start up from two bright guys just out of college, but they won't invest in security right away, but if into the grant there's extra money saying you'll get this money only if you promise to secure it, and we can do that for all levels of companies. >> government has that role though? i think the part i'm looking at is who convenes all of this anyway? how do you do this to work together? i think you're obviously right, business, the business sector can work together and have the solutions, but how do we get to the next point? >> the first thing you got to do

is retrieve the legal obligation when we ceos and my first public private, all the ceos agreed until they talked to their legal counsel. >> okay. >> guess what? then it went completely dead. >> all right. >> because no onements -- one, there's an iphonety trust -- antitrust issue of sharing, and once you go public, you create a standard to be sued criminally as well as civilly, and that is the reality as a government person who doesn't understand u but if that means something, suits mean something. the minute i say something, i now put a different standard to me to be held to. >> okay. well, thank you very much. i see my time run out. this is very fascinating. >> thank you. we now go to mr.-- from ohio. >> thank you, i appreciate it. i thank the panel for being here, and someone who serve on

the cube security task -- cybersecurity task force, and go to your office, do i want to turn that thing on now or not? you know, talking about the yellow lock you are engaged with, mr. rogers in discussion about, you know, a lot of times if it comes up the https comes up you're safe. are you going to tell me that's not true now? >> the only thing i tell you is unless the chrome goes green, i wouldn't assume you're safe. >> the reason i ask that, you know, we have to get the message out to the american people, and i know that a lot of folks see the yellow lock come up and say i'm fine. >> right. >> i hate to say that my daughter's were on some social networking, and we had a problem for about four days before somebody could spend that much money to get the thing fixed because we could go back on to the computer, but, you know, i'm

really very cognizant of the fact now watching for the https come up because it goes to the whole point, again, if the state -- you do online banking or people do certain things, and we have to communicate that. that's one thing. if i could ask mr. dix and dr. schnek this question, you both mentioned the idea of creating trusting relationships online either through authenticated e-mails or white listing. can you elaborate on the ideas explaning how they differ from the previous cybersecurity messages like spam filters and blacklisting? >> ladies first. >> everybody wants that one. go ahead. >> our focus on trusted relationships in the ma crow are bigger. we have to work together, and we do. organizations like bob mentioned with regards to government and private work together. we're dealing online today with a world different.

i used to help build a spam appliance many companies ago, and what we looked at then was only the e-mail vector, and now there's the web vector, firewall vector, and the mobile vector, but, again, the enemy's faster. online, we had 30 parameters to look at just at e-mail. it was not that i trust to send, but all indicators in the note, and now you multiply that. from our view from protecting against threats with all these vectors, we have a thousand parameters of trust we look add. it's not just an established relationship, but what's the behavior lately as in the last two milliseconds and the last 15 years. >> continuing to advance the development and implementation for trusted identities in cyberspace is the step in the right direction which is an example of industry and government working to the have come together to deal with

identity. everybody says identity is a root issue in the entire trust discussion here today. it is underway. it's collaborative producing results and moving to implementation would be a step in the right direction. >> just the last comment on that is it's -- the irony of this is if you think of who are the most trusted identities we use? they are usually government issued. i think this is one area where our government needs to get out of the u.s. think and into the rest of the world think. >> let me go on with this because, you know, again, when you look at, you know, people trusting what they are doing on the interprets and banking, i don't care what it is, but, you know, talking about trust, in another discussion earlier, talking about not buying from the low cost, low bid, and you have to buy from the trusted source, but how do you know that even if you buy from somebody that's trusted, that that stuff is still good?

how do you go through, unless you're testing, are you testing constantly? that's for you all. >> i'll take it first with nor permission, sir. >> yes. >> each of us as manufacturers have a network of authorized resellers and distributers that we utilize in the distribution of our products into the marketplace. that's a place to start from. understanding who those authorized providers are. there's a great deal of work going on now through the trusted technology form and open group to create a certification and accreditation process for suppliers working collaboratively with the government again in a standards based approach to be able to address the issue. there's good work going on right now, but the fundamental piece of it in my mind is cultural. we're still evaluating people, department, and agencies on their ability to meet cost and schedule driving certain behaviors because there's not security as a paramount foundation of that conduct. >> mr. chairman, i see the time

expired. i yield back. >> thank you very much. dr. christianson, you are now recognized for questions. >> thank you, mr. chairman, and thank you to all of the panelists. this is a general question. the fcc's communication security reliability and interoperatability counsel has recommendations of best practices to ensure optimal security and reliability of communication systems so how does this contribute to improvements in cybersecurity or said another way, what is fcc's role in the coordinated defense that we heard about? >> i'm glad you said that because i've been trying to remember what it stood for. i have gotten all but two. we have all said when you talk about cloud, when you talk about mobile, that we're moving to a world where the role of the service providers is going to be more important, and that's where fcc and ntia are the lead

agencies right now. there are others, of course, that are involved, but fcc originally looked at the issue, and they were afraid if they took too active a role, as i understand it, they might be seen as trying to regulate the internet, and they wanted to avoid that, so instead, they've taken on an approach that works more on coordination with private sector experts, with developing venues for these private sector experts to get together and encouraging them to come up with a voluntary approach, and one of the things i had said to fcc staff awhile ago is try the approach, and if it woshes, great, if not, we have to think more mandatory measures. so far, it looks to be working. i understand they have some measures to roll out in the next few months. congress has other things they are doing. this is where thee service

providers and their regulators will be one of the key elements of cybersecurity in the future. >> anyone else? >> so they are in a position to serve in a key role in the education and awareness campaign that we talked about and coordinating that at the national and in a sustained manner to help deliver messages to constituent stake holders whether they are home users all the way up to large enterprises working with the carriers and content providers to help deliver the message. there's a key role in that part of it in showing leadership how we advise people how to protect themselves. >> dr. schnek? >> just one point. having worked in the past few months, they set a great example. their house is in order from a cybersecurity per perspective ad their leadership looking out to private sector with the best practices and reaching out to other parts of the government. when you talking about the needs to get the government's house in order, that's an exemplary piece. flays group of people looking at the policies and issues.

we've never seen that before, so i think this is a good time for them to not only build on the awareness they want, because i believe it was last spring with the sba to the hygiene program point, but then jump on that for the larger enterprises also as an example. >> well, mr. conner, and this is probably what you referred to with the sba, but your testimony reports that the fcc with reports having been affected by cyberattacks. what is the role of the fcc in preventing the attacks or aiding the small business community? >> well, i think increasingly the networks underpin all of the attacks. you the isps, the carriers themself, and you have devices attaching to it. i think one of the areas that we must remember is it's not always outside where those attack vectors come from, and just like organized crime found its way inside organizations, i think

increasingly we're going to have to look at that as an attack vector, and that should be something that the fcc takes into consideration is they look at how to deal with it in addition to the isp filtering and listen to the other pieces they use. one thing i would caution. i hear a lot of rhetoric on building separate networks and having lived in a world that i'm old enough that we had separate networks, but only had clear people dealing with it, i think the reliability when things like 9/11 and tsunamis happen, the benefits of having multiple networks outweigh the needs for a protected isolated network. i don't believe in today's world that's a real answer. >> i don't have any other questions, mr. chairman. i'll yield back my time. >> i thank you for yelling. i believe this blackburn is next for questions. then i will go to mr. shimkas

next. >> thank you, we have two competing panels, and i apologize for not hearing all the testimony. i'll go with mr. lewis. you mentioned in your written testimony the importance of the domain name system security. could you describe the problem with the current implementation of domain name systems and why it's important? >> well, it's what you heard from us all is the people who designed the internet designed it as a dod network and thought it would grow out. they didn't worry about trust or awe thept -- aweauthentication. when we did it, we didn't have to worry about this. the domain name system, the addressing system, can be

manipulated and spoofing. you heard it can redirect traffic. you think as far as you can tell on your machine you're going to a legitimate site, but it could be the government of iran or russian cyber criminal. you can spoof it. this uses authentication technologies largely so that we reduce that ability really almost eliminate it to impersonate another site. >> and i think, you know, the challenge with this committee is it's so high-tech, so, you know, we're lay people for the most part, and it's tough for lay people to understand and that's why we have experts like you come. we understand domain, basics, and now i can't -- with that should we -- this is one for the whole panel, should we be working to allow? >> i think everybody's already working that. i would tell you be ware of

newfangled toys. they have a promise, but they have liabilities today that are equal toot liabilities we have today. will it be there in 5-10 # years? we hope sooner, but it's not there, not even close. i think we've got to use the capabilities we have like evssl, where the chrome turns green, and you know you're safe. when someone says your identity is who it is, it is. i think that's where i put the focus instead of buying $19 authentication technology from where sex sells to taking responsible liability for your identity and who that is, and if it cost $500, that's where the bully pulpit makes a difference in technology. >> anybody else want to respond? that's fine because i want to go to a couple others. i also deal with democracy movements and the former captive

nations, eastern europe, whatever you call them, the attack on estonia years ago, the meddling by china, russia, and their neighbor, and they continue to be very concerned, although, the new technology age is allowing democracy movement to get their word out, to communicate, and that keeps evolveing, but you also see governments fight to -- the government in belaruse clamp down on that which i'm very concerned about. that's just a statement. it's just an evolving -- it's like a competitive market. do you want to -- people want to get information, but the bad guys want to get around, and it moves too fast, and we can really regulate. i've always said that about this subcommittee and the tech community. it's just -- there's a lot of self-interest that gets you people to move before they get caught. let me talk, just say quickly

and to -- i served on the energy community, go to powerplants all the time, big proponent of nuclear power, and mr. terry's opening statement talked about what you could be secure if you just had a desk top alone and were no longer connected. now, with wifi and stuff, who knows what dpoaks could end -- folks could end up doing. relying on data going to rtos, really what they are producing are excitable electrons to get on the grid which if that's all that we had to worry about and this a close system, we'd be safe, but it's the monitoring and calculation of the load. what's the solution to the utility industry? anybody have -- >> two thoughts. one is i testified earlier, that's why i believe you have to

start with doe as elite. electrical is very different than nuclear at the source. we believe you've got to start within the power production plan itself. we're working with large manufacturers in terms of how do you authenticate everything in that power production plant because you want to know what parts whether they are original ones or the alternate parts coming in, who they are, and where they are from, and frankly, that doesn't matter whether it's good or bad sources, just know where they come from and that they are there. the second thing we then focus on is who are accessing those systems and sharing that information so only the people with the right authorization or identity can see it, and the third thing we work with them is how that data is shared because data on its own at one location will not solve a grid by definition. >> two other quick points.

the idea of a stand alone secured network doesn't make any sense. people bring their iphone to work, plug it into charge, and we have seen that happen twice with allegedly isolated air gap networks, so forget it. we need to think about securing the industrial control systems that schav the networks. this is an avenue of attack. it's a different kind of network technology. right now, it's not produced -- it's the typical thing. when you buy it, the password is password, and the user name is add -- admin, and it doesn't take much to figure that out. people have to look at how the critical infrastructure connects to the internet. talking with nuclear companies, for example, they say they are not connected. when you do the survey what you find is sure. you have to have a way to bring the industry -- some companies do great; others need help, and we have to figure out how to do that. >> one point on that. the good news is a lot of the

industrial criminal systems are the same across the vectors. 23 there's best practices, they will go across from the grid to even transportation, nuclear in some cases. authentication is one sector, but another is what gets executed? it's back to the instruction. is it a malicious instruction from someone you don't want executing on a system that controls critical infrastructure? that works at the component level making sure there's technology in the components that looks at whatever operating as system is on that saying only execute these things. it's simple. they only do one job in life. they are a proponent on the system. it's not like they are a big server that you can lock down what they do. >> thank you, mr. chairman. >> thank you. we'll going to ms. blackburn for five minute questions. >> thank you, mr. chairman. thank you, all, with your patience with us. i just want to say a couple of things. i think it is so important that the industry lead on this.

anything that we do as different members have said today is going to be passe before the ink is dry on whatever it is that we do, and so as we look at the security issues, i think that your guidance is there. another thing that i -- we have spent some time in this committee and also in cmt, commerce manufacturing and trade, looking at the issue of privacy, and the data security issue, the breach note any cation -- notification issue, which is a component of what we have here, and quite frankly, i think that most people do not realize the vulnerability that exists in there home with a computer that is there, and believe you me, i hear about it a lot. with my district in tennessee, with all the song writers and entertainers, and the individuals that are in

logistics information or financial service information or health care information, auto engineers and so the problems are compounding for this every day, but as we look at the private sigh issue and in my conversations with them, let me ask you about federal preemption, and as we look at our standards on breach notification, data security, i wonder if you all have any thoughts on putting in federal preemption language making certain we work from one standard and the importance of that. >> if i could? >> yeah. >> we are very supportive of federal preemptive notification requirement. i think we have 47 different ones now from multistate company, it's very, very difficult to work with the similar themes i've been hammering on throughout today and regimely is that we have to understand --

generally is that we have to understand it's not a technical problem, but it involve costs. if we can find a way to reduce costs, we can have good standards, but we deponents have to -- don't have to have multiple standards. just have better adherence, better security, belter privacy, and at lower costs, and i think that ability to cut through the government's falling all over itself at various levels is critical on getting that going so i'm very supportive of that. >> okay. >> i would second that. i would tell you the single largest legislation issue that has bought security from being in the stonehenge to today is california 1386. why? because it said if it happens, you have a carrot and a stick. 23 you tried to protect yourself from encryption, you're safe. if you have not, you are liable for class action suit. that is singling the shot heard around the world at least in the

u.s.. problem being as said we have too many state legislations with patchwork so that needs to get dealt with because it is linked to cybersecurity. the second piece is the regulation passed by the fcc about disclosure is going to have just a profound impact. the problem is it's only public companies, and that disclosure's pretty nebraska by louse in terms of being meaningful. for you as a small business person in no objectionville -- knoxville or memphis. >> thank you, i yield back. >> i think the final questioner is mr. bilbray from california. we recognize your questions. >> thank you, mr. chairman. do you believe the law enforcement has the tools they need to go after siesh --

cyber criminals as described in your testimony? >> no, they do not. i got to tell you, it's -- if you look at the attempts being made with dhs to justice to have the criminal network geared up, i think part of the problem is we look at it in the one-time uses for critical events, and unless you use it every day, that system's never going to be ready. we partnered with interpoll to do just that. they have 6,000 agents worldwide, and their issue was -- because they didn't have the money, interpol is treated like a country now under passport control. we put their passport information so there's by yo metrics, but this country doesn't deal with that in its passport today. it's first generation digital. the second thing it has, and this is all on commercial chips, it has software to do logical access so those 6,000 agents, if

they go after tsunamis, they can go on an internet cafe and be secure in accessing information whether it's mobile, ect., but also physical access to every interpol office. all that technology resides on this little card, and this is a real one, that the 6,000 agents follow crime with three different standards, three use cases, allowing them to do their job. why is it important? because it's what he or she have to use every day. to the extent it's not used every day, it's not useful at the time of need in some event. >> basically you're saying -- [inaudible] >> mig's on. >> in the 30s, the bad guys running around with machine guns

and the cops carrying .38 revolvers. >> we're ice -- isolated, most at risk, and no capability to work with the good guys to defend that. >> it's interesting to bring that up. i think most of us here remember after 9/11 the issue of the technology, security, the biometrics, high-tech stuff was one of the top priorities of the 9/11 commission. we pass the thing called the real id bill, and now everybody found excuses to keep dragging it on and dragging it on. in fact, i think we're even giving grants to states for homeland security, and states refuse to implement the 9/11, and we have not -- we have gave the money, and they basically say we want to spend it on other things rather than the first priorities. you think we may want to revisit that whole situation rather than

just ignoring the fact? >> absolutely. i spoke the morn after bush addressed both the house and senate. that morning after, i was with mr. bennett and other legislators leading the effort, and spoke at nato after 9/11 on we've learned how to defend air, land, and sea, the next frontier cyber, but in those ten years we made a lot of progress, but the bad guys made more progress, and they can jump across jurisdiction with no legislative, legal barrier. >> mr. chairman, i have to say this is one thing i think our committee always referred over to homeland security, but this is a place where both sides of the aisle should be able toe cooperate on, there's a consensus there, and frankly, the bad guys in here, the obstructionists are on both sides of the aisle too so maybe the committee can look at how we can go back and revisit that, and address that issue, and i appreciate the fact you drove

the line about how concerned and i'll ask the doctor to jump in here because the two at the end brought up two interesting things. we don't want to create a box that gives people litigation to the private sector, but we don't want a box that lets the bad guys know how far they have to move outside to avoid it. starting with the doctor, and i'll go back, you know, can you elaborate, again, how that is creating arbitrary boxes could be utilized by the bad guys. >> it was said earlier and by the ranking member, this issue is so vast. this is science. it's if you start saying you implement these five things, the adversary's always looking at how to get around that. they know their target. they know what they want, and the advanced threat, they spend money, months, and people on finding the exact property they want. they find the person, the company, what the person

responds to, and they get it. it's clear if we say we're going to seal up these ways, these are the best practices we have to follow when it's a regulation, that's where the money will go, and after that, the money won't go to anything new and different and the add adversary goes outse that saying i can get in that way. they say they are disconnected, but true story after true story finds a modem out the back. there's always a way out in science. what we want to do is insent vise. it's a classic problem. we're not insent vised to do what's good for the greater good. we are incentivized to work for the shareholders. we need the technology, and at many times the speed that the legislation can get through to do the, quote, "protection." >> i'm less concerned about what we say we're doing. say anything you want, by the

time ewe say it, they already figured that out. they are not waiting for us to legislate and regulate and figure out the next hole. i think the model's very clear. it's joint forces, and it's in dod. we have strong army, air force, marines, coast guard, and they act on their own. they are highly integrated with their suppliers. there is what is public available. i served on the joint forces advisory board as a private sector person. there's what you do in that that is public and what's not public. that's how cybersecurity has to be treated. there was 10% of the money set aside for cybersecurity, and no army, air force department could deal. they needed the best and brights in on it and share what's public is public, and not share what is more or equally as important.

>> referring to australia, the son of australia war bride, reminded of the story of the notorious australia bushman that -- robber named ned kelly, and, in fact, the head of the rolling stones played it, but ned kelly was notorious for putting so much armor on so nobody could shoot him, and the armor slowed him down so much, they shot him in the back where he was not armored. i think thats semi-- symbolic of the ned kelly syndrome is put on so much armor, but give a way to get around it. i yell back. >> thank you. i appreciate this, but the value of the content we got from you ul was unparalleled, and i think we will be reaching out to each of you to say come back to us with what really would work. we got a lot of that today and our staffs got.

that we'll move forward on this. i think there's an opportunity to look at device manufacturers, perhaps the phone side, the router side, there's an issue on the education side, and so we really appreciate what you're doing out there in this fight, and your input to us so we can try to get it right and solve this problem. with that -- >> i would say bravo, and thank you very much. every member really drew so much from your testimony and the answers to our questions have been most, most helpful. thank you. thank you, mr. chairman. >> thank you. with that, the committee will --

>> last month, the oregon governor delivered his state of the state address discussing reforms in the state's health care and education system. from portland, this is 55 minutes. [applause] >> thank you. [applause] thank you very much. [applause] thank you. [applause] thank you.

[applause] thank you very much for that warm introduction. if i might, i'd like to just take a moment at the beginning here and ask you to join me in acknowledging our friend gail ackerman with the tremendous contribution she made to the city club and our state. she's not able to be here with us today, but i hope she's listening, and i want to say thank you for all you've given to the state of oregon. [applause] when i was working on my remarks last night at home, apparently, i was talking out loud, and my son overheard me. logan walked in, and he said, dad, i have a quote to put in your speech. [laughter] here it is.

it is not in the stars to hold our destiny, but in ourselves. and, you know, that's pretty good. [laughter] if i had to summarize the message i want to leave you today, i probably couldn't do it any better than that. i've very, very proud of what we all accomplished together over this past year. i'm very proud we have not shied away from difficult challenges in education and in health care and the budget. i'm very proud and deeply grateful that we have such tremendous bipartisan leadership in salem that's chosen to put problem solves ahead of partisanship. i think all 6 those things are tremendous, and i'm committed to continuing in that spirit of collaboration going forward because we still have a long, long way to go. for example, i am stuck on this image from an article that came out last october, and it's the image of an extension cord, a

cord that runs from the house of one resident to her neighbor and provides her power because she's been without heat for six months after losing her job and exhausting unemployment benefit and getting pushed to the edge. the cord is a fragile lifeline for her, but it's also a harsh reminder that we are at the high point or near the high point of human need in the state, and we're at or near the low point in public resources to provide the vital services. the extension cord ring i think, is a symbol of ore interconnectedness. it's a symbol we're all in this together, and together, we'll weather the economic uncertainty and emerge strongly and more united than when we began. because this story's also about the woman's landlord that has cut her rent in half to keep her from going homeless, and it's about her neighbor sharing power in spite of the fact that she's two months behind in the mortgage payment because she,

too, lost her job. my optimism about oregon's future is rooted in that county despite double digit unemployment and 3% under employment, the words ring true that oregon is a citadel of the spirit, and it is. we are in this together, but it's also true that extension cords and good neighbors can only go so far. the more and more oregonians are pushed, the more we continue to pay the price. the urgency of everything we've undertaken is rooted in my belief and i hope a shared belief embedded in the recession is a profound opportunity for change. the kind of change that's absolutely essential to secure our future and change that's based on our spirit in the state and on our shared commitment. i'm here to tell you the vision still stands and oregon's best days are ahead of us, and, in

fact, many of the things we need to move forward are already underway. when i spoke to you the last time, i think, ten months ago, i focused on two things. the first one was trying to ensure that we get the private sector economy going again and the second one was the importance of transforming the way we provide public services starting with health care and education. we've made significant progress on both of those fronts. when i spoke to the oregon business summit last month, i focused on what the state's trying to do to be a good partner with the private sector to get the economy moving again for large businesses and for small entrepreneurs as well. while we have a long way to go, we are definitely making progress on that front. treasure ted wheeler was here in september talking about the invest oregon act, a proposal that will bring to the legislature next february that i think is very, very important to help shore up the fiscal health of the state by providing access to capital to our business

community, but the point i want to make to you today is all of our efforts in job creation and economic development is feudal in the long term unless we can fundamentally transform our public education and health care system. public education because we should not be willing to accept a high school graduation of 65% or the fact that 40% of the kids ri rive at school not ready to learn, or the fact this jen race of oregon children could be the first ones in history to be less educated than their parents. health care because we cannot stand by and pay more and more to a hyperinflation system not making itself healthier as a population. dollars and businesses that could be used to create jobs and families could be using to pay down mortgages and get out of debt, and the state could be using it to invest in education and in children. last session with strong

leadership, the legislature set the stage for fundamental changes in both our systems of public education and our health care system. changes that i think are absolutely crucial to follow through on to secure our long term economic future. in education with the creation of the oregon education investment board and with education that promotes professional development for teachers and more learning opportunities for children, the legislature took the first step to create a unified p-20 education system shifting focus from funding institutions based on enrollment to funding students based on success. for the first time, funding and governance are aligned across the entire continuum from early childhood education to post-secretary education, and the legislature created an early learning council focused on changing and restructuring the fragmented and inefficient system used to provide early

childhood services in oregon. each two years we spend almost $800 million on programs for children 0-5 through six state agencies and dozens of local programs, but the programs are not coordinated, and in many cases, they don't measure outcomes and they are disconnected in many cases from the k-12 system and from health care services. the average cost per child is about $15,000 every two years, but less than half of the at-risk children who need the care get them. maybe 30% at best of the at-risk kids meet state reading benchmarks in two years. there's good programs out there, head start one of them, but to continue to support is a system that spends that money and produces these outcomes should no longer be acceptable here in oregon. we laid the health insurance exchange that will provide easy to compare information about the

affordability and quality of various health insurance products. the nine member board of the corporation are appointed and confirmed meeting on a monthly basis. they committed to reforming the model of delivering health care services to reduce year after year cost increases while improving health outcomes for oregon. ..comes for oregonians. the business plan for a new coordinated care organizations, the primary tool through which this transformation will take place shifts the focus on financial incentives from the emergency room and after-the-fact to wellness and prevention and early intervention and community-based management of chronic conditions like diabetes and congestive heart failure. the potential savings of this plan are enormous. $3 billion over the next five

years. that will allow us to ensure most vulnerable citizens continue to have coverage, that we have more resources to invest in either area seek education and we can provide a model for the private commercial health insurance market. but in both education and health care, success to date is based on setting the stage for change. now comes the hard work of implementation. ongoing success depends on working together in the next year in the same way worked with each other in the last year and bring into the legislature next month tools to implement to move forward the work we party started. before trying to specific legislative matters, i would term a new change is. it always makes somebody uncomfortable. if you recall the last time i was here, i offered you an analogy by comparing the development of a successful business to the systems through which we provide public education and health care.

if you recall we had an art exercise around that. i may just refresh you. a successful business results from a climate in which investment producers gross and not the circumstances, the business climate in which the business operates changes if the business doesn't design a new business plan to reflect circumstances rather than old ones that flattens often begins to decline. a successful business when it sees the world changing redesigns its business model to take advantage of new circumstances rather than the old and builds a new growth curve. for a period of time the old growth model and in that area between them has been called the area of paradox and the area attorney and anxiety and a lot of concern because people know what you're doing isn't working but they don't know what the alternative is so they continue to cling to the status quo even though it takes them over the edge.

i believe now more than ever that is exactly what we find ourselves in oregon today, particularly with health care and education in this area of paradox that we are well down the road to creating transformational change, to build new business models for both of these services based on today's realities, not realities of the 20th century. we've reached a critical moment in time. some have suggested we've come too far too fast. what i hear for oregonians as we have not come far enough. we're not going to lose our nerve at this critical moment in time. we will forge ahead together with reform efforts with urgency driven by precarious situations that say citizens in communities throughout the state. 21 oregon county sees double-digit unemployment. one out of every four children in the state of ours goes hungry. half of african-american are living in poverty.

imagine a six-year-old showing up for the first day of kindergarten unable to match any spoken or written words, not aware that print is written from left to right and unable to sound out words. imagine not. imagine the incredible disadvantage that child has an imagine trying to do all of that when they're hungry and not getting enough to eat. you may not know any of those children personally, but you see them every time you drive past an elementary school in the state of oregon. you are looking to hunger poverty, dozens of kids just trying to make it. so the first time we had the opportunity to do something profoundly important about it, all the research demonstrates that children who are ready to learn a kindergarten, ready to read in first grade and read at a level in a third-grader much more likely to graduate from high school and fine social and

economic six s. the fact is early childhood success is the foundation for every one of our economic and educational object gives. five years ago in 2006 the city club issued a report called early care and education, which noted and this is a quote, multiple programs across multiple state agencies with no clearer, and be. that report called on state officials to strengthen oregon's effort to coordinate disparate early childhood programs. that is exactly what early learning bill will do the legislature. it implements recommendations of the council which you find on their website to streamliner system, to ensure coordination and accountability in their programs focused on outcomes for children and families. every day we delay, every year, 46,000 kids are born in the state in 40%, over 18,000 are at

risk. risk we will pay for down the road or school failure, school dropout, social dependency, involved in the criminal justice system, wasted human capital. yet you hear people say, these changes are happening too fast. for who? certainly not for the 18,000 at risk kids. for those kids commit these changes can happen fast enough. [applause] serve local and committed support next month for legislation to implement the recommendations will allow us to move from diagnosing the problem to actually beginning to solve it and give every child in the states a chance they deserve to be successful and set our state and citizens up for prosperity in the future. the second education bill will introduce is necessary to achieve ambitious subject is the 100% high school graduation.

next year's class of kindergarten students as a benchmark. they are the class of 2025. 2025 is the year we've said to have 100% high school graduation in the state of oregon. that is a tall order 13 years from now. just yesterday education we ranked oregon 46 out of 50 states in its k-12 treatment. our choice for the class of 2025 is very clear. we can continue our decade-long experiment with the no child left behind law and its one-size-fits-all approach to school accountability or we can adopt their own tailored approach to improve student outcomes. we can stick with federal control and an oregon high school graduation rate stuck stubbornly at 65% or we can take responsibility upon ourselves as a state to work together with

teachers, parents, district administrators, students legislators and nurture community to devise a system that allows more flexibility while pushing every district in every school to better suit now come. we can continue to label schools and teachers in districts as failures and overland standardized testing as a single measure student achievement or we can recognize there is no single formula for school improvement and instead be concise and meaningful goals on a small number of outcome focused measures like third grade reading at high school graduation and closing the achievement gap we know it's not to accelerate learning and free up resources for comprehensive education. choice is clear in the time is now. we have the opportunity to seek a waiver in the punitive aspects of the no child left behind law if we can create our own home-grown alternative that provides my accountability and better paths for student

success. so the second bill we will submit will establish educational achievement compaqs, which are essential to winning the waiver and also essential to achieving our goal of 100% high school graduation rates by 2025. so the achievement compaqs will replace the federal compliance-based approach and create partnership agreements between the state and educational institution school districts, universities and 20 colleges to express a common commitment to approve certain outcome to the unique circumstances of each school district for educational institution. it will also allow us to compare progress and outcomes between districts that are comparable and begin to connect funding to outcomes so over time the state can be a smarter investor in education. so if we fail to adapt these achievement compaqs in february,

we will be left under the no child left behind long and i think everyone agrees is not a good outcome. if we fail to make the shift, we'll have fun in debates a context, debating a big number with no real information about the relative difference between funding levels in student outcomes. i want to pause a moment and make comments about funding. we need to be very cognizant of the fact that we will not achieve our long-term ambitious education attainment goals without additional resources. as i said before, system of public education is underfunded at all levels. the capacity of our public universities is going after and dramatically to absorb tens of thousands of new graduates. class sizes and k-12 need to calm down, particularly in the lower levels. classes like vocational and technical training, art, music and p.e. need added that, but we can't allow the debate about funding to be the only debate we

have and we can't allow the lack of adequate resources to get anywhere the real discussion about how we can be more effective at the resources we do have. for me to focus on key leverage points like early learning and third-grade reading reading and college completion we know who drive down costs and increase performance. regarding health care, action next month's legislature is equally important to fully implement and build out our new health insurance exchange and allow us to move forward by establishing coordinated care organizations across the state. there are those who are understandably concerned about how this is all going to work out and if and whether we can realize the savings in our budget. i want to pause again and put this concern into a larger context. the context is what is going on in the capital regarding national debt and implications

it has other health upper health care in the state of oregon. caius of all of you have a personal credit card. your credit card has a credit limit. and if you don't pay your bill from your credit limit is reduced for your card is eventually canceled. the federal government also has a credit limit called the debt ceiling set by congress and congress has to reset periodically so we can continue to borrow. at the congress doesn't raise the debt ceiling, his credit card is canceled and we default on our national debt and that is playing out today in greece and italy and other countries in europe and that is something we really want to invite here in our country. your credit limit is based on what your bank thinks he can repay. unfortunately the debt ceiling is not based on apple discussion or rather increasingly on the politics of trying to maintain current programs by raising taxes necessary to pay for them

because it is deemed politically risky to cut things like medicare and medicaid in defense spending in the election year, so we wrote those under his credit card. that is exactly the political dynamic we saw playing out last august in a high-stakes game of chicken about whether or not to raise the u.s. debt ceiling to keep us from defaulting on the national debt. in the end, congress kicked the can down the road to 2013, just past the election by the way babies in the debt ceiling $2.1 trillion. but they did almost nothing to address the underlying driver of the u.s. national debt which is the intersection of an aging population hyperinflationary system. they did create a super committee which utterly failed in charge and triggered $1.2 trillion of debt reduction over a decade. $1.2 trillion is a drop in the bucket compared to what we need. think about it at $1.2 trillion in debt reduction will be

accrued over 10 years. we are going to increase national debt by two times almost that much by next january. meanwhile, a year ago this month, the first to 70 baby boomers came on the medicaid program and came at a rate of 10,000 a day every day for the next 20 years. by 2020 average medicare recipient will take $3 out of medicare for every dollar they pay him during their lifetime. my point is regardless of who wins the presidential election and by this part is in a year from now, there is no way to get our arms around the national debt unless they take on medicare and medicaid. absent any rational pathway to the delivery model, congress will turn off the tap and that is really bad news for a health care industry built on a business model that assumes that the public sector and private employers will continue to finance an inflation rate several hine higher than the

cpi. those days are gone forever. that brings us back to her again, where people are concerned about whether we actually realized these cost savings. but think about the shortfall in the billions of dollars, which is exactly what will face if we continue to cling to the status quo. people are still in denial. people who think if we can just tell that this health care reform the problem will go away. it won't. because health care reform is not just about politics. it's about economics. the laws of economics are just as immutable as laws of physics. the reaction time is just a little blogger. the fact is we are rapidly approaching the end of the runway for health care financing as we know it. here is the good news. you may know for every dollar spent on medicaid the federal government gives us $2. the same token, every dollar received in medicaid saves the federal government to dollars. i was in washington the day before yesterday at the white

house with the president health policy adviser and deputy chief of staff and also the head of cms, the agency that oversees medicare and medicaid and we took documentation that we ran through the omb and shows oregon say the federal government's $15 billion over the last 20 years and we can save them $20 billion in the next 10 years with her new health care reform. we asked them for several hundred million dollars a year each year for the next five years to help us make this transition and the response was extraordinarily positive. [applause] so what that means this will most likely have the resources necessary to make this transition for those dollars will not come to oregon to pop up the current delivery model. he will pull through the care

organizations that will produce savings over the next 10 years. selecting early in february to authorize the full bill of the health insurance exchange and not brace expansion of the coordinated care organization gives the only chance we've got to create a health care system that's actually financially sustainable. we have an opportunity to help inform the national debate and also put us in a position to weather the economic storm that is surely coming our way when congress seeks to raise the debt ceiling again a year from now. the choice is ours. a lot to do in the next month, but a whole lot to gain. we are well down the road to transformational change in health care and public education and importantly luck changes and a mock trajectory in february so they can turn our attention to other pressing matters facing the state. developing a revenue system that can adequately fund education and shelter us from the boom bust economic cycles that affect

us for decades. adopting a tenure energy plan that gives us a pathway to me rps and reduction goals and maximize energy resources. improving public safety to protect and reduce the cost to the state. on federal lands and what we seek over the next 10 years. moving forward will require courage to challenge the status quo. but it's also going to require us to actually believe in our ability to shape our future. i'm not suggesting that isn't a risk involved with the path they've undertaken here. but there's a lot more risk in the status quo. the riskiest thing we can do i will continue to do what we're doing because we know that will take a senate on a very good place. anytime his decision the best thing you can do is the right

thing. [laughter] the worst thing you can do is nothing. i think you now and i now and oregonians know that delay is not some benign and prudent place order. it is a choice. it is a choice to embrace the status quo. it is a choice to abandon dozens of oregon's schoolchildren situates to spend more and more in health education. in short, and it is a if they choose to bear the responsibility we have for the next generation in a choice to fill the future and we are better than that. not here, not now, not in oregon. we are not going to fail the future we will not abandon the responsibility that we have for the next generation. i want to close with the words of the epic form ulysses, which i think in a very special way captures the struggle of the

working people over the last four years, but also captures the resiliency and spirit and commitment to the future. come my friends. it is not too late to see this newer world. so much is taken, much advise them that we are not now the strength which in old days move was in heaven that which we are, one equal temper of heroic art made with a time and date for strong and well to strive, to seek, to find and not to yield. thank you. [applause] >> thank you. [applause]

>> thank you so much, governor for challenging us to do better and inspiring us. and now if you have written a question on an index card at your table, now is the time to raise it up and given how crowded we are, i advise you raise it up high so the staff can see it and collected and bring it out to me. the first question for a speaker by tradition comes from our friday forum post, who today is city governor, jeanne a crouch. genius crouch pitching instructor is sustainable growth the charter construction, where she focuses on business development, community outreach and sustainability. jeannie has been a member since 2006 and has served with me on the friday forum committee. [applause] >> thank you, melody and governor for being with us

today. we really appreciate it. i reached out to a dozen or more people i know in business and education and in government and ask them what he would want to ask you today. and interestingly, the answers coalesced around one topic and that his tax. we can have a prosperous economy and community you alluded to. so the question as, what do they need to do? is it doable? how do we do it and what specifically will you do to make that happen? [laughter] >> easy ones first. >> i think two things very briefly. first of all i think just about everyone recognizes we have a

dysfunctional tax system in a state of oregon and we disagree on what we need to do about it. the moment of opportunity here having been a veteran of two widely unsuccessful efforts to change the tax system is the debates we've had in the 80s and 90s were just about the attacks. there wasn't a larger context. i think more and more people are beginning to understand there is a direct relationship between the depth of the recessions we have a cyclical basis, the capital from our state and our tax structure. so there are three steps. the first is we have to get the people on opposite sides of the table during the 66, 67 campaign in the same room and recognize we cannot follow the tax problem without all of the employment hurts. that has begun. we had a meeting several months ago with the leadership of major labor and business organization followed up on a couple other meanings. the dialogue is taking place.

planning to do joint point to look at various options. and i think we have to decide on the best approach and obviously a number of fat nurse. one has to do with stability come a key element. one is adequacy of bonus equity, largely in the mind of the beholder and the more difficult one to address, but we have to make sure that the relationship between a long-term economic objective in our tax code is not random, but is intentional. and then we have to have a campaign to educate oregonians about the need to do this. we are moving in that direction and i'm optimistic we'll be a little pull it off. [applause] >> will not take questions from the floor. as always, members are invited to the microphone address their questions. asking questions at the microphone is a privilege of membership, so please identify yourself as a sitting member and ask your question in under 30

seconds or you will see the infamous city club? also, i'll be sure to read at least one index card from the floor. >> good afternoon, city club member coming thank you for your focus on education, which those of us in business now is key to ensuring the regional economy continues to flourish. i'd like to ask you in two parts, what are chances for getting a waiver and no child left behind and how dependent is that waiver on the legislation that you described with? second, if we get the waiver, how long before you see us moving forward on an organ specific approach? connect the chance of the waiver are very high. i talked to secretary duncan when he was here in the key is we need to demonstrate that if we are going to get rid as a punitive provision of that law, we have to actually have our own real accountability system and we are perfectly capable of doing that and that obviously

will be part of the legislation that goes forward in february. the idea is to have the achievement compact to set up in the next school year, 2012, 2013 sclera to collect baseline data so they cannot have a benchmark for which to measure progress. it is a very important. is about taking a child from where they are and making movement forward been using testing not as a blunt instrument, but it did diagnostic tools you can turn around and help each other next week, nasa and the ghetto report card card in august telling how your kid did. >> afternoon, jamal sorensen, city club member. i'm one of those many people concerned about health care you mentioned earlier. many of us who deal with seniors and people with disabilities are concerned about the severity of cuts to programs, especially home health care which would drastically affect seniors and people with disabilities. aarp and far less damaging cuts

save oregon's seniors.org. i wonder if you'd consider those changes before making further cut to seniors and those who care for them? >> well, i can't argue with anything you said. i mean, having taken care of both of my parents and the last few months of their lives, bathing them, feeding them, i understand the important role that home health workers play in our system. i also believe that home health workers and community health workers will be the back room of a new delivery model that keeps people with chronic illnesses in their home and not the hospital. the reality is we have a difficult budget and chronic unemployment at 9%. we have $310 million less money now than we did in the end of the budget. we will have to make difficult choices. i'm yesterday with legislative leaders with co-speakers in the senate president to begin a process to see how we can do

this. there will be some cuts and that's not session. i'm not going to defend the budget will do the best we can to set priorities. but i also think we need to keep our eye on the long haul to make sure the choices we make and this biennium look at the impacts we have in 2013 and 15 to continue to seek waivers to allow us to use the dollars to more efficiently get hundreds of millions of dollars for federal resources into this state, hopefully in this biennium to mitigate some cuts. i cannot tell you though that some of those cuts are going to take place. >> good afternoon, governor. i want to thank you on the behalf of minority voters. initially ten-month ago we accuse you of not doing anything around equity. 10 months after that, you're doing a great job. >> my work is done here.

[laughter] >> this is not mission accomplished, governor. >> the 40% african-american kids you eloquently said in your speech is man-made. when the resource is or again is in an insert minority contract juries cannot ask that, what we have is poverty and communities of color. what are you doing at least now to mitigate and to create answers to opportunity among communities of color? >> said yesterday afternoon i met with representatives of minority contract is around the state in our conference room, your comments and actually to talk just about that. there are significant -- extra two weeks ago we had a meeting abalone with ceos around the state to talk about a variety of

issues about minority contracting and minority businesses in emerging businesses and women-owned businesses it is a couple of robust opportunities coming up. one is this year's the, which will move forward. there will be a lot of contracts with the crc at one of the things we want to do is get some major contractors we know will be involved in around with some minority contractors and see if we can do some mentoring and figure out opportunities embedded in that project to really make progress on the road for creating opportunities, not just for contracting, but growth is some minority business enterprises. another is a school program is that begins to ramp up. it's on the radar screen. met just yesterday with a group of people focused on the assembly will continue to lean into this. >> anthony peschel, thank you, governor for your innovation and candidness in the state right now.

my question is around communication and i prefaced it with given the tense political climate we have right now and origin's unique ballot ballot initiative within our constitution that could undermine some of the things you're planning on doing, what do you plan on communicating to the general public and how do you how do you plan on communicating a lot of your changes, which as you mentioned change be difficult. >> well, you know who ken masiello's, my communications are. we have obviously a very act of social media operation out of the office, but we're trying to use the networks of various partners we are working with to bring about these changes. but obviously the education association american federation of teachers a tremendous and robust network as does the european school boards association. university system. i happen to have first-hand experience with the

effectiveness of the university of oregon outreach network. [laughter] the business association. essentially we try to engage the major stakeholders have been a party to designing to use their networks to reach out and communicate. i was a sign that we are having a series of community meetings around the state this month around the work of the oregon education investment board, including the early learning council. so we are attempting to have a very aggressive community outreach aspect as well. [inaudible] >> one question from the floor, from the table. teach for america and other programs like at a place in the future of transforming k-12 education the state? >> any program that helps the professional development of art teaching staff and gives them opportunities to teach in

different venues that they not us. i think we are obviously looking for partners and ideas and concepts proven around the country that we can use here in oregon to bolster and accelerate efforts. >> bill dickey, city club member. i first of all want to thank you for your talk with the members to ask their questions. it's a time-honored tradition and i think the members of the club really respect the speakers who monitor the time it and give us a chance to ask questions. i'm also a business owner who has been suffering. i own a printing company. with a double whammy of the recession in an additional revolution that is sort of hurt the printing industry in general. we have been suffering through a really difficult times trying to figure out how financer company. and so my question -- i've

written it down so i don't get it out. >> actually bill brad very -- you touched on this briefly in your talk. one of the things i like about brad. 2010 was his state bank idea. in any event, here's my question for you. what you're doing to support work in businesses who want to examine and debate that don't have the capital to do it? >> the effort we're undertaking with the treasure just is the idea to the average the resources we have to increase or a best buy and try to free up a lot of private credit sitting in capital, whether that is to return to the program or other marketing sense, to gauge as to essentially try to leverage public resources. we should have a draft of the legislation -- we actually probably have one and i have been to know you so make sure

you get a copy of the bill drafting you can look at it, i urge you to come down to salem in the legislature is considering this. the other thing i want to mention that i was fortunate enough to participate in a white house conference on wednesday on and sourcing on basically how then can we bring manufacturing back in that state of oregon and into the united states? it's interesting how many people are thinking about that. folks that make the otis elevators throughout the manufacturing mexico and brought it back because it separated manufacturing from r&d and manufacturer transportation costs and other ratios is no longer penciling out quite as well. there's a real opportunity and access to capital, but also to be attentional and aggressive to bring the manufacturers offshore back here to the united states and particularly the state of

oregon. >> but after now, governor. [inaudible] a lot of people that i listened to were concerned about the elliott state forest decision. do you have a biting questions about the way we tied the funding for river schools to oregon forest? i understand some people have 90% of our forests are gone. that law came into effect when we have more trees and fewer people in this situation is radically reversed over the last century or so that we've lived with this. what would you do to address the problem of funding rural schools, but not at the expense of the last few trees and also one quick comment.

men and forests of the tree. >> will not agree entirely with your last statement. i do think there're vast reaches of federal forests, particularly in the northeast part of the state that will burn down an essay for us that is that bernstein is neither a tree farm very forest. it is charcoal. reduces carbon in the atmosphere, does real damage anything to sensitive habitats. so i think we'd find a place where we can have a conversation about this. i don't think anyone wants to go when i log over a forest, but we interested the national cycle, particularly in the northeast of our forests to suppress fires. we have hydrated some big fire resistant trees end-of-life stark raving. this is not a natural habitat and fund management to make them healthier can also produce fiber that can be used for a biomass

industry and putting people back to work. that's on the east side inside their origin. we have a very strange set of laws enacted piece over time. have to do is default in a man. have to deal with patchwork of forests. we have a very perverse financing mechanism for cutting trees. i think that's an artificial connection and i don't think we have to continue that. we're working very, very hard. what if counties facing very serious financial issues .. regardless of what happens with the forest on it. a short-term challenge of trying to figure it out to maintain a financial integrity of our counties, particularly in southwest oregon may longer-term challenge should tolerate to measure in a way that makes sense. i personally feel of the lands were bundled and there are parts

that are plantations have been operative plantations. if we use is going forward as an opportunity to provide a responsible production capacity and not part of state, they said their lands if we can bundled them up around ecosystems, watersheds or we can create a big conservation can as well. and for that to happen, we have to basically find a table of space to sit down and have a conversation about that. i'll close this by saying were essentially creating a spot in my office to have a person working full time on forestry issues and at the top of the list is trying to address this growing crisis down in southwest oregon. >> hi, mary boca line. it is a killer at lunches. and i wanted to ask about an issue that seems to have almost disappeared from the mainstream media these days, unless you

listen to democracy now, you heard almost nothing about the durban conference on climate change, for example. so what about climate change? what is the state doing to show leadership in the absence of the federal government's role ms? 's >> well, a couple of things. and my remarks to the oregon business summit, i talked a little about beginning to add and integrate into european business elements of what i call a sustainable economy. an economy that seeks economy and jobs by replenishing our national environment. i think what we are talking about in terms of the management of some of these is an element of a conservation economy and there is a restoration economy out there as well. i've done a lot of work developing a very real market for ecosystem services.

the three biggest elements that contribute to greenhouse gases are power generation, transportation and environment. our cool schools initiative is trying to prove the roi investing and large scale which are bits of our environment from a debt-financed mechanism. i think that we are developing a ten-year energy plan to try to guess a pathway forward on both renewables, head of a rps and reduction goals. the big nut to crack long-term as our transportation set their. we are making some steps towards washington and california is putting an ev recharge stations around the state. we are taking steps and if we can develop a common set of policies on the west coast, we can move the national debate forward. i think the debate at the national level is stalled out as

is the responsible debate about health care and other things. there thinks he can on the west coast were definitely doing some in the state of oregon. >> susan stoltenberg number. also direct drive impact northwest, which is a social service that has thousands of folks that are positively affect it by good vision with regard to health care, education and early learning. my question is three fold and you partially answered one of them. most of the families we serve need housing. second thing, a lot of folks we served as most of the children we serve have. to need jobs. they are underemployed and unemployed. and it so we can them, all the early childhood, the best education in the world are not going to be looked to be received by those children.

and the third part of that is mental health. so let me give you jobs, not to my satisfaction, but if you could extrapolate, but what about the immediate need or basic needs for housing and mental health? >> i didn't talk about jobs potentially. i want to talk about issues we have to move forward with the 2012 february session. i did talk about jobs last month at the oregon business summit. your point is very well taken that there are service is absolutely essential for children and families in houston is one of them, hunger is another one. but we attempt to do the early learning council. if you like on the website and look at the delivery mechanism as we envision it is organized around elementary school areas, where family resource manager would work to connect those families with whatever those

services happened to be, whether that be housing challenge or mental health issues. there's no question that a whole lot of investments and mental health independent services. you've got to treat the entire family. their services in an event overpeer the problem is they are not connected, not integrated in many of these contracts at the state state to provide services are not performance-based contracts. adults around how many people they serve, not whether people benefit from the service. that is where a lot of the resistance is. everyone will argue that needs to be changed as long as the revenue stream doesn't go to someone else for iraq to change what i'm doing. we do have to change the entire system. the other thing i want to make reference to is the first lady is fleeting a very aggressive initiative to focus on poverty and to actually develop a poverty policy.

a lot of programs that address poverty. poverty is an underlying contributing pratt dared to all the other else's bad part of it is a social services issue, parties the jobs issue. as the economy begins to recover, we've got to be intentional about workforce community workforce agreement and creating opportunities and pathway opportunities for people who are living in poverty to get back into the work force. [applause] ..

>> over 120 graves at arlington national cemetery are misidentified according to a study done by the veterans affairs department. that includes eight cases of

bodies buried in a grave say. lastly, to house armed services committees received an update on improvements made at cemetery. this is an hour and fit 10 minutes. -- 15 minutes. >> welcome ladies gentlemen about hunter thank you for being here today putative subcommittee and oversight subcommittee continued their oversight of actions to improve the operation and sustainment at the arlington national cemetery, a national shrine which indicated our sincere appreciation of servicemember of military families and veterans. the testimony today is based on reports direct good by the congress and delivered in december by the grammy and accounting office. in general those reports reflect substantial improvement in a number of areas of management and contract in execution. that reflects not only the

personal commitment of secretary john mchugh, but also the professionalism and commitment of ms. katherine condon, executive director of the national cemeteries -- i'm a national cemetery program and mr. patrick callanan and superintendent of redington cemetery. as i look at the issues that still must need to be addressed, these do appear to rise above all the rest. first, what is the correct reduction in funding that will be required to resolve the nearly 14,000 critical deficiencies cited in the arlington grave accountability effort? and second, should the department of veterans affairs kit the cemetery of the soldiers home here in columbia? before introducer witnesses, let me recognize intern

representative susan davis, the ranking member of the military personnel committee and chairman rob portman of the oversight and investigations subcommittee and mr. jim cooper, ranking member of the oversight and investigations subcommittee for any opening remarks they might wish to make. >> thank you, mr. chairman. i appreciate the hearing today. general mcallen. i understand he recently took over jenna macauley, the army inspector general. i look for t.i. and the government accountability office with respect to arlington and ms. condon, welcome back. we've had a chance to see each other quite a bit and i really appreciate your efforts. adding to national cemeteries beyond now is one of the most hallowed ground of this nation of a missile look to the high standards of performance. members of the subcommittee --

members of the subcommittee on personnel in conjunction with the oversight and investigations subcommittee are interested in the actions taken by the army to improve accountability of our international cemetery since i hearing in september. ms. condon, i recognize the hard work you have done to turn around the cemetery and i know that you could not have done it alone. there are probably a number of people that should be acknowledged for their efforts but could not all be recognized here today. but i do believe that there is still more to be done to ensure we maintain and build upon the achievements that have happened and to ensure above all i accountability of those who are involved in the missteps at arlington national cemetery. i am interested in learning from the gao what issues and can parents should the committee be aware of that the army works to develop a strategic plan for arlington. what fine, if any should we be tracking is the army moves

forward on its efforts to continue to improve arlington? i'd also like to hear your thoughts on what concerns we should be aware of if there is an effort to transfer the management of arlington from the army to the veterans administration? general david galli would be interested in the ig's perspective on arlington and what can be done to build upon the improvement that has been recently made. thank you all for being here. this is an important issue among the touches all who serve our nation in uniform. thank you, mr. chairman. >> thank you, ranking member and chairman whitman. panel members, welcome. i want to thank my cochair and chairman joe wilson recommend this show cooper and susan davis with a steadfast commitment and focus on this extraordinarily important issue. it's an honor to work over the month when the lord as we continue this journey and making sure collectively we'll do what is necessary to make sure

arlington maintains its rightful place in honoring the nation's heroes. i'd also like to extend a warm welcome to general dan gale. thank you for your leadership in her oversight of arlington. when i was a new challenge for you, but one that you are ready up to the task. i want to thank you and your team who has met with us on a monthly basis to keep us apprised. we appreciate your dedication. we noticed in a long arduous journey with more steps to come. i'd like to also highlight of my appreciation for what you do in total for the army, which is done for your career and what you have done to this point. army leadership has done a lot to change at arlington and they also want to thank secretary micu, a person a steadfast devotion on getting this issue saw been certainly a man of certainly a man of his word. he said early on this would be his focus. i admire him for that focus, for his commitment and dedication to make sure arlington again goes

back to his hurtful place. i want to think the secretary for that. this was a organization characterized by deficiencies in mismanagement that has since been transformed into a stable, functioning and professional organization that is finally setting a new standard for how we care for our fallen heroes. mr. brian lepore, thank you for coming. we appreciate your efforts to gao. we know is always the gao does an excellent job and we appreciate your service. we are here today for two important reasons. first to figure what progress has been made with respect to accountability issues at arlington and determine what challenges remain that need to be addressed moving forward. i've said many times how important it is to me personally that we were to achieve 100% accountability in the army has done a great job with helping us get there with the great site accountability task force.

validating almost 200,000 grave sites is difficult and challenging, that you cover your staff in the old guard cut it down. however, i do remain concerned about a number of issues. first, lack of accountability with respect to former officials for their misconduct. if my understanding of criminal action has been taken and investigations are ongoing and no pity. i find this very, very difficult to believe an unacceptable and i will continue to follow this very closely. second, despite the great amount of time but as the laps and finished allegations came to light that is the laps and finished allegations came to light management contract and issues persist at arlington. to have that a few i'm concerned about the gao's findings regarding lack of strategic plans, lack of ip organizational architecture, which call into question whether we are effectively and efficiently spending taxpayer dollars at the cemetery where millions of dollars of arguments that. i hope this panel will address

these issues but i also hope you'll tell us a progress has been made and what you believe we will find in finally trying to resolve these remaining matters. we cannot close the door on this terrible chapter in arlington and tell all of these issues. we all were heroes who sacrificed lives on her behalf and continue to make this a top priority. has he done in the past, we need to get this done and we owed to her future generations of heroes who deserve the honor of being married here -- and buried here and now arlington is assuming its rightful place as the harmer of honoring this nation's heroes. mr. chairman, thank you. >> mr. cooper. >> thank you, mr. chairman. i have no opening statement. >> will proceed with their witnesses. the order will be low peters and then the inspector general at the u.s. army. next of the ms. delta martin, director acquisition and sourcing management team, u.s.

government accountability office and thirdly because mr. brian jay lepore, director of defense capabilities and management u.s. government accountability office and forth and finally we would have ms. katherine condon, who is the executive or that the army's national cemetery's program. and so, general, thank you for beginning. >> chairman will send, chairman wittman khmer ranking member couperin distinguished members of subcommittee, thank you for the opportunity to speak today for your oversight and support over the past 18 months. it has made a difference at arlington national cemetery. since assuming duties of the army inspector general in november, ever the previous inspections and that was executive director and her team and other stakeholders involved in correcting deficiencies found at arlington. having to fully appreciate the progress made, one only has to review the 2010 ig report, which

identifies 61 deficiencies. among them the florida organizational climate archaic recordkeeping recordkeeping and nomination systems uncontrolled contract in the budgeting process as a significant problem with great site accountability. in contrast of you may recall from general mccoy's testimony to 2011 ig report identified no deficiencies and noted significant progress at the cemetery gradually teach the course set by secretary of 2010 as there were other sites from the department of the staff. in short, the mismanagement reported to you in june 2010 ig report has been relegated to the pass at arlington is beginning to transition from successful crisis management to sustain excellence. and sherri few specifics. the previous insular environment contributed to mismanagement and substandard performance at arlington has improved significantly. the executive director has

established a positive work environment emphasizing cooperation, collaboration and coordination. workforce or the steepest part of the 2011 inspection did reflect steadily improving morale, unity and organization effectiveness that the cemetery possesses technology infrastructure supported by service agreement with the army's information technology agency. arlington has leverage the agencies consolidated customer service and are to more effectively monitor and respond to customer calls, which is increasing customer service. a new computer application for digitizing burial records has been critical in establishing the accountability baseline for each gravesite. and the contracting arena, new acquisition is subjected to rigorous analysis prewar compliance checking contract packet reviews for quality assurance. while they still note some deficiencies and errors have been contract, the number was significantly less