quorum call:

quorum call:

quorum call:

quorum call: presiding officer: t

objection. mr. merkley: thank you, mr. president. i ask unanimous consent that my intern, b.j. wesland be granted floor privileges for the 3w58 of today's session. the presiding officer: without objection. mr. merkley: thank you, mr. president. i note the absence of a quorum. the presiding officer: the clerk will call the roll. quorum call:

quorum call:

quorum call:

mr. reid: mr. president. the presiding officer: the majority leader. mr. reid: i ask unanimous consent the call of the quorum be terminated. the presiding officer: without objection. mr. reid: first of all, i don't think apologies are in order, we've been doing the best he would can on this for several days now and we have a typical agreement, one that is not -- one that either side jumps for joi joy, but i think we are going to jump for joy in the fact we're going to be able in the near future to be able to finish this very important piece of legislation, we've known that from the beginning. mr. president, i appreciate everyone's patience here. i ask unanimous consent that the motion to recommit be withdrawn, the pending second-degree amendment be withdrawn, that the reid of nevada amendment number 1761 be agreed to, the bill be considered as original text for purpose of further amendment and

the following amsdz be the only first-degree amendments remaining, vitter 1335, baucus or designee relative to rural sexuals, collins, coburn 1738, 1822, wyden 1817, hoeven 1837, levin 1818, mcconnell or designee with a side by side to stabenow 181 demint number 1589, menendez-burr, 1782. coats 1517, brown 1819, blunt 1540, merkley 161563, portman 1763, kobe char 1718, shaheen 1678, portman 174 , corker 1810, carper 1670, hutchison 1658, alexander 1779, boxer

1816 and paul 1556. on thursday, march 8 at a time to be determined by the majority leader, after consultation with the republican leader the senate proceed to vote on the amendments in the order listed, following amendments be subject to a 60 affirmative throat threshold, vitter 1535, collins 1660, coburn 1738, knell bi-landrieu 1822, wyden 1815, mcconnell or designee side by side to stabenow 1812, stabenow 1812, demint 1589, menendez-burr 1782, that there be no other amendments in order to the bill other than the manager's package, no points of order or motions in order to any of these amendments other than the budget points of order and the applicable motions to waive. that it be in order for a manager's package considered and if approved by the energies and the two leaders, that the two

managers are senators boxer and inhofe. and that be in order for a meergs package considered and if approved by the managers, and the two leaders the managers' package be agreed to, the bill be read a third time and the senate proceed to vote on passage of the bill as amended. finally when the house receives the house companion to 1813, it be moved to strike after all the enacting clause and insert the text of 1813 as passed by the senate in lieu thereof, the house be read a third time, a strategy pay-go statement if needed be read, the motion be laid on the table, and request a conference with the house on the disagreeing votes of the two houses and the chair authorized to he appoint conferees on the

part of the senate. the presiding officer: is there objection? without objection, so ordered. mr. reid: i ask thousand we proceed to a period before morning business with senators allowed to speak up to 10 minute each. the presiding officer: without objection. mr. reid: i ask the senate proceed to calendar number 263. the presiding officer: the clerk will report. the clerk: s. 1855, a bill to intended to the public health service act to reauthorize various programs under the pandemic and all hazards preparedness act. the presiding officer: without objection, the senate will proceed to the measure. mr. reid: i further ask the harkin amendment at the desk be agreed to, the bill as amended be read a third time and passed, there be no intervening action or debate and any statements appear in the record as if read. the presiding officer: without objection. mr. reid: i ask unanimous consent the senate proceed to s. res. 390. the presiding officer:

the presiding officer: the clerk will report. the clerk: senate resolution 390 honoring the life and legacy of the honorable donald m. payne. the presiding officer: without objection, the senate will proceed to the measure. mr. reid: i ask unanimous consent the resolution be agreed to, the preamble be agreed to, the motion to reconsider be laid on the table, with no intervening action or debate and the statements be placed in the record as if read. the presiding officer: without objection. mr. reid: i ask unanimous consent the finance committee be discharged from further consideration of s. 2152 and the bill referred to the committee on foreign relations. the presiding officer: the clerk will report. the clerk: s. 2152 a bill to promote united states policy objectives in syria and so forth. the presiding officer: without objection the senate will proceed to the measure. mr. reid: i ask for a second reading in order to comply with rule 14 to place this on the calendar but object to my own request. i'm sorry.

i went over this too quickly, mr. president. the rule 1 we've taken care of that. i objected. is that all taken care of? the presiding officer: without objection, the measure will be referred. mr. reid: i object to -- objection -- the bill be read -- okay, we start all over? okay. start over. let's go. i understand there's a bill at the desk. i ask for its first reading. the presiding officer: the clerk wilthe clerkwill read the bill t time. the clerk: s. 2173, a bill to preserve and protect the free choice of individual employees to form, join or assist labor organizations or to refrain from such activities. mr. reid: mr. president, i now ask for its second reading and in order to place the calendar

under the rule 14, but i object to my own q. the presiding officer: objection having been heard, the bill will receive its second reading on the next legislative day. mr. reid: i now ask unanimous consent that on wednesday, march 7, the majority leader be authorized to sign duly enrolled bills or joint resolutions. the presiding officer: without objection. mr. reid: i ask unanimous consent that when the senate completes its business today, the senate adjourn until thursday, march 8, at 9:30 a.m. following the prayer and the pledge, the journal of proceedings be approved to date, the morning hour be deemed expired, and the time for the two leaders be reserved for their use later in the day. following any leader remarks -- mr. reid: mr. president, following any leader remarks, the senate will proceed toy pared perform morning business for an hour, senators be permitted to speak for up to ten minimum nets each with the time equally divide and controlled between the two leaders or their designees. the majority be will control the

first half, the republicans the final half. following morning business, the senate will resume consideration of s. 1813. the presiding officer: without objection. mr. reid: mr. president, so everyone understands, we've reached agreement to complete action on the surface transportation bill. under the order that we just entered, we can finish this tomorrow. it's a huge job. we have 30 amendments that we have to dispose of. so there is no question that senators should expect a number of votes tomorrow. if there's no further business to come before the senate, i ask it adjourn under the previous order. the presiding officer: the senate stands adjourned until senate stands adjourned until

for asked at a hearing about when to prevent cybersecurity attacks on communications networks. at&t, comcast and blackberry execs testified at an energy and commerce subcommittee hearing on technology. congressman greg walden of oregon is the chairman. this is two hours. >> will call to order the said committee on technology for a hearing on cybersecurity the role of communications networks. i want to think of or witnesses for being here this morning. we look for what your testimony are appreciative of your taking the time to help educate us so

we can do the right thing in terms of assisting you all for the networks or the cyber networks. back in october the house republican cybersecurity task force appointed by the speaker recommend the committees of jurisdiction review cybersecurity issues. this subcommittee has embarked on a series of hearings to heed that call and to get a complete picture of the cybersecurity challenges that our nation faces. in our february 8 hearing we examined threats to communications networks and the concerns of the private sector security firms helping to secure the communications networks. that hearing provided us with valuable information and even some potential solutions. this hearing continues our subcommittee refuse of cybersecurity issues with a focus on the steps that network operators have taken to secure their networks and any recommendations you all might have on how congress can help, actually help in those efforts.

as we heard in the february 8 hearings threats to communications networks have come a long way in a tree short period of time. before coming to congress, 22 years as a radio broadcaster and as a small-business person i had to worry about securing our own communications networks but those were simpler times. modern communications networks of all types, cybersecurity has become a pressing concern in our february 8 hearing we had a dizzying array of new cybersecurity threats discussed like supply chain vulnerability and system spoofing. on the bright side we were also told during that hearing about several potential solutions to make communications networks more secure. this is why i've asked a number of my colleagues on the subcommittee to serve as the communications and technology cybersecurity working group, working group is a bipartisan team of six subcommittee members led by subcommittee vice chair and ranking member and eshoo and

we are looking to some of these potential solutions and the legal and regulatory impediments to secure communications networks against cyber threats. the approach as the working group looks to facilitate communications among private sector companies and the public sector on a variety of topics including deanne fet cc adoption, supply chain risk-management, and a voluntary code of conduct and best practices for network operators. in this hearing we are privileged to have five witnesses represent parts of the commercial networks to help guide us through the complex cybersecurity issues that you each face. the network operators owned, maintain and operate most of the infrastructure that makes up our communications networks. the management of the wires, the towers, the stations, the servers and wireless handsets that are in trouble parts of the communications networks put these companies on the front lines of cybersecurity. i want to know what

cybersecurity services and educational initiatives are being maimed your consumers. what steps are being taken to secure the components that make up our communications networks and what affirmative steps that would operators have taken to secure the supply chain and prevent cyberattack also expect to hear what you think the appropriate role of the federal government is to combat cyber threats. our federal law and regulations are helping or hindering information sharing tree are there cybersecurity solutions or companies have identified the would prevent cyberattack but would run afoul because they've lost? how can the federal government in sent network operators and other members of the private sector to invest and innovate in the cybersecurity arena coming and coming off hour prior hearing on february 8th, how do we make sure that we don't put things in statute that cause misallocation of your capital and make you less nimble in this extraordinary cyber threat

environment. so we look forward to your testimony today and i would yield time to miss blackburn. -- before mr. sherman. welcome to all of you. we are appreciative of your time for being here. >> can you get a little closer to your microphone? >> i certainly can. i am a mother. i can always talk louder. that's right. the gao report that mentioned we've seen a 650% growth in cyber attacks over the past five years, i think that caused a lot of people to sit up and take note of what might be happening out there because you look at the attacks and what that equates to on the economy. sherman boehner mcginn dalia are working on introducing a bill, the cybersecurity bill here in the house similar to secure i.t. from the senate and i think the

concepts we are viewing are not to be overly prescriptive and to kind of or across the first principal of do no harm and have a good broad conversation. i would love to hear you all talk a little bit about the government network and the importance you think irresponsibility you think the government house and securing its own networks and systems and then would love to also hear a little bit from you about incentive based security and how we approach that and with that i would yield back to disconnect now recognize my friend from california for an opening statement. >> thank you, mr. schramm, and welcome to all the witnesses and thank you for being here today. as the title of today's hearing suggests, our communications networks are part of the backbone of the nation's critical infrastructure for electricity generation to financial-services and transportation we depend on our communications network of

everyday life. yet as was highlighted during our first cyber security hearing, our networks remain vulnerable to attack command particular there are three areas i would like to hear more about from our witnesses today. first as we discussed in last month's hearing the chairman is currently proposing a voluntary by efp code of conduct as a way to alert consumers when a botnet or other malware is discovered. so today's witnesses will be on the frontline and ensuring such best practices are effectively implemented, and obviously i think that you are going to talk about that and i look forward to it. second, i would like to hear more about your views on the supply chain security. i continue to have really grave concerns stemming from my eight

years that i just recently completed at the house intelligence committee about the implications of foreign controlled telecommunications infrastructure companies providing equipment to the u.s. market. in 2010i wrote to the chairman asking for a better understanding of the authority to address these challenges and what kind of transparency requirement should be placed on companies seeking to sell telecommunications infrastructure equipment to the u.s. network providers. third, i would like to learn more about any unique challenges in securing of the mobile network. more data is transmitted wirelessly we need to work closely how these networks are secure to ensure they don't become the entryway to the broad network. so today's hearing is an important aspect of our subcommittee work on cybersecurity. again, i want to thank each one of our witnesses for being willing to testify today to be

instructive to us, and i want to thank the chairman for the spirit of cooperation on this issue. usually there are democratic witnesses that are called and republican witnesses. that is not the case today. this is something that rises above that, and i look forward to working with the entire committee so that we not only better understand the cybersecurity challenges facing communications networks, but what steps we can take to secure them, and thereby strengthen the country. so, let's see, i would like to yield my remaining time to the representative matsui to estimate think you madame chair. i want to think the witnesses for being here today. there is no doubt the cyberattack is a real and

continues to pose significant threats to several aspects of our economy. and mr. chairman i'm pleased that you and ranking member eshoo formed a lie partisan working groups of that we can appropriately explored the said committee interest to enhance our nation's efforts against a cyberattack. there are a variety of issues that we make. communications and works are one of the many areas that our nation must protect and ensure safety and soundness. as asking ip based technologies and posing safety communications heightened concerns for cybersecurity. would be important that that be done is protected from the pc or cellphone and transnet, particularly as more and more americans send personal information to the cloud. i also believe the subcommittee will have the ability to further promote information sharing monsoor threats, securing the supply trade would be of high importance said that the technical components remain secure to the manufacturing and distribution process these.

among others, i believe that r&d could encourage the industry to explore ways to better address and to send against malware and botnet. i think the trend for holding the hearing and i look forward to working with my colleagues on ways this can encourage greater protection against side or threats and i think the witness for appearing today and he'll back the remainder of my time. >> thank the gentlelady for her comments and now recognize the vice chairman of the committee, mr. terrie for opening comments. >> thank you, german and i would start by saying that most of my colleagues on the committee sure my optimism, that a collaborative attractive cyber defense capability is actually achievable. there might be a few differences in opinion on what needs to be done to reach the goal but through the bipartisan conversations, like those taking place in the working group and public hearings like this, we are getting closer. in reading through the written testimony provided by today's witnesses, i noticed a common thread throughout.

as mr. amoroso has eloquently said, quote, quite simply innovation is inconsistent with standardization. i agree wholeheartedly with a witness, and in my opinion, i find this to be the most vital the guiding principal in how to enhance the cybersecurity. in fact, as i continue to dig deeper on this issue i become more convinced any sort of legislative effort to provide over broad regulation or certification regimes will surely come with unintended consequences. instead, should have the flexibility to respond to the real-time security threats in a manner that minimizes delays and maximizes their ability to innovate as they strive to protect their consumers and their network. a couple of things i believe that we can do to help reach a goal of collaborative active cyber defense capability or one comer remove the current barriers in place to prevent

communication networks from sharing cyber threat information with the government agencies is also with the private sector entities, provide adequate liability protection in order for the sharing of cyber threat information is second. again i think our witnesses for joining us today, and so i yield to mr. stern's. >> i thank my colleague. i think the consistent message from the witnesses today is that the private sector has very strong commercial incentives to invest in and maintain robust cybersecurity. in fact each of our witnesses today has described unique and thorough approach to protecting their own networks. these examples demonstrate one-size-fits-all legislation is not the appropriate solution to cybersecurity threats. moreover, because these threats change every day, they must provide the flexibility to respond quickly to an attack.

therefore i believe that prescriptive top-down government mandates are not only not necessary that they simply will not work. instead, government should seek to improve information sharing and consumer education. we also support to eliminate outdated regulations that have created unintended barriers towards ensuring the security of the networks so i look forward to our witnesses today and i think you, mr. sherman for this great hearing. >> are there any other members seeking time on our side? if not, the gentleman yields back his time and i recognize the gentleman from california, mr. waxman for an opening statement. >> i welcome our witnesses as well. i'm pleased the subcommittee is looking at this issue of cybersecurity. this is our second hearing. every week we learn of a new cyber breach of vulnerability so we are finally paying attention to this question. like this margaret which is the topic of the last hearing by the

subcommittee, and the investigations the connections networks are highly vulnerable to cyberattack, the potential for this fear do because of their assertions are high because communications networks are the common thread to all critical infrastructure sectors. in fact the public safety legislation that was just signed into law exemplifies these concerns under the new law first responders will be relying on the broadband communications networks to secure the safety of life and property and the devotee to protect the public but only if the networks are protected the cyber attacks. we are continuing our discussion of the security threats faced by local offices and the proper role for the subcommittee to ensure server security. our witnesses today represent a broad cross-section of internet service providers as well as a handset manufacturers. this should further help cover

understanding of what risks threaten communications networks and what companies are giving to mitigate these risks, and what the subcommittee might do to assist you in these efforts. i believe the federal government has an important role to play in ensuring the cybersecurity of the nation's communications networks. one important role as developing practices the will keep the internet safe. the fcc's upcoming release of the cyber best practice report by the well-regarded communications security reliability and interoperable -- interoperability council. that is a long name that is reduced will provide valuable guidance to the industry and the subcommittee. i and instead of the chairman is planning a third hearing with government agencies. i commend them for the series of hearings and look forward to what our witnesses have to tell us and finally i want to join in thinking you, mr. chairman, for organizing a bipartisan working

group to study cyber threats and informed the subcommittee on this finding. this is a good opportunity for some committee members and staff to work together on an issue of common concern. i look forward to hearing back from the working group and exploring with the subcommittee potential for their actions. thank you for the hearing and all the witnesses for being here. i look forward to the testimony and yelled back. >> the gentleman yields back his time. we have a lot of big brands in this committee. we need them all to protect america. thank you all for agreeing to members agree to serve the networking group. gentlemen, we are delighted to have you here today. we will start with mr. livingood we appreciate your being here and vice president internet systems engineering from comcast corporation thanks for being here and just a friendly reminder pull the microphone is very close and insure the button is clicked.

>> ranking member think you for inviting me to discuss some of the work that comcast is doing to protect consumers in cyberspace for what we appreciate the interest in this issue and patroling as you're the perspective of someone like me an engineer working on cybersecurity and other technical internet issues every day to really serve as the president of systems engineering at comcast and by the engineering leader in charge of our residential high-speed internet service. i currently serve on the sec on an fcc working group on the security and stability of eis recommitting on the broadband internet technical let fisa group and a member of the board of trustees of the internet society. i also an active contributor of the internet engineering task force ketf. weeks ebbers it to the issues seriously and know our customers are very concerned about security. we strive to provide them with the best, fastest most secure

internet service possible and we engineer, our engineering teams of sycophant time, energy and investment to constantly updated and replay number cybersecurity efforts. one such threat that we focused on comes from malicious software called the bot run on an end users computer and or controlled remotely to read your used to conduct identity and credit card theft, denial of service attacks, steel user names and passwords and send spam. they need not consciously do something like demoting an apt to become infected. sometimes they can be affected just by visiting a web site. to counter these we developed a system called constant guard. the customer facing system first detect the botnet traffic and notifies users of infection such as sending them alerts in the web browser command provides them the tools to remove those infections. another area of threat is to the domain system which is a

foundational and extraordinarily important and critical part of the internet. the domain system is responsible for basically translating names like comcast.com and to ip addresses which are the addresses used to connect and routt traffic across the internet, so it is extremely important. but a vulnerability can permit an attacker to invoke if a cancer. an attacker for example can direct traffic destined to recite such as a banking website to computers they control to login to financial information, the address and the users' web browser steel appears correct. the long term fix is implemented the ns security extensions, or dns sec for short. this involves someone doing two things, first, assigning domain names they own and an internet service providers, with aiding the signatures before connecting a user to the site.

this is basically akin to your bank giving your signature on file and checking a signature on your check against that before cashing a check. it's important to note that dns sec was developed over an international multi stakeholder process at the on ets across ecosystem such as banks, web browsers, software companies and cloud services, not just isp. i am pleased to report that is a part of the constant guard comcast will support to fully deploy dns sec in january. but it's important to understand that no open and mass of the interconnected networks can ever be completely and totally secure. while there is no perfect solution to security, that does not mean that there are no good solutions. so our focus has been quite simply to allow our sleeves and get to work today at the security threats day in and day out quickly learning and adopting. we are working within the industry and on a global basis to combat the key threats and to

protect our customers the best that we can and also to help them protect themselves. they are powerful incentives to take strong and effective measures to ensure the network security and safety. our consumers want assurance that the networks that they are using are safe and secure, and we have strong reason therefor to invest capital resources into the cybersecurity safeguards. the same is of course true for other network providers. we all have powerful incentives to take actions necessary to secure our substantial investment in our networks. policymakers can help these efforts by removing legal uncertainties that can inhibit collaboration while preserving and strengthening this flexibility that providers have to develop the best solutions for each of our networks. as one of the members of the moment ago, there is no one-size-fits-all solution comes of flexibility is key and it's important because the threats

change as rapidly as they do. flexibility will help to ensure we can continue to focus on security and innovation rather than compliance and regulation. thank you. islamic thank you, sir, we appreciate your comments and we will be back to you with questions on the specifics of what those uncertainties are into the law. we now are delighted to have dr. edward amoroso with us. he is the chief security officer for at&t services incorporated. doctor, we are glad to have you here and look forward to your comments. >> thanks. i am dr. amoroso. i spent my entire adult life and cybersecurity. in fact, even as a teenager, my dad was a computer scientist, so i was walking on when i was a little kid. so i have been in and around this forever. i started work at bell laboratories and found the car was actually a pretty good hacker and had been doing that ever since. now i'm the chief security officer, so i kind of come at

this with, you know, every practical perspective on threat. there's three things i want to share with you that i think our observations that might help you as you develop legislation, and they are based on empirical day-to-day dealings with security issues with our mobility network and our white airline network and the entire fortune 1,000 lots of different countries we deal with. i do that all day long and i wanted to share it and the first one is about innovation. we are being held in a faded by our adversaries. that's basically the case. i don't know if you ever bought a piece of furniture and taken it home and admired the handiwork and furniture. that's what we do with malware that being developed by at nurseries. it's so good and so well crafted that we marvel at how far the

anniversary has come. they are not script doing dopey things and these are pretty good. i don't know if any of you watched 60 minutes that solve this piece. that is an incredible piece of computer science. so i think we need to recognize that whatever we do collectively as a nation we need to figure out a way to incentivize companies and universities and government agencies to innovate in this area. if we don't, we are going to be in trouble, because i will tell you why that everybody of on the panel will agree with me that the best state-of-the-art security protections that any one of us can put in place will not stop a determined adversary in 2012. that is the fact. so we need to do something to get ahead of that and the way that you do something is enervate. you need to do something to get ahead of it. part of the problem that sort of

predicting an answer to every one we are all going to do the following is it would be like every team publishing their defense saying this is what we are going to do. guess what, you think the adversaries don't read your legislation? you think they don't look and see what we are all going to do? you leave it out and say okay, on wohlstetter are not these things that you are doing, that's just a practical issue in cybersecurity. this is not the kind of thing where we can all kind of two common sense stuff and will fix it. there's a million things in our lives where if we all go back to the basics and to a set of common sense things we all live our lives that way. cybersecurity doesn't work that way. we are dealing with anniversaries the first issue is innovation to read the second is infrastructure, and i think everybody also at this table would agree that complexity in infrastructure is the biggest problem for cybersecurity. when things get way too

complicated, we can't keep track of. it becomes almost an impossible to protect something that has become so big and complicated when you can't get your arms around it and part of the problems with dns sec and others which clearly have benefited, and i certainly agree with a lot of the plan still were made, they add complexity to get the way to think of dns sec as when you do commercial and the and you say i am such and such and i approve this commercial, that's dns sec. it's essentially this server accessing the fact here is a signature that. but if someone is breaking into a server, the signature is meaningless. it doesn't do any good. and i would say empirically i feel a lot more break-ins to the servers than the different types of pravachol responses and so on. i think what we need to keep in mind as we develop legislation

that when we add complexity, when you add things we need to keep track of, do this, do that, over leavis, and this, and that, the complexity can be stifling. you know when dns sec was first proposed decades ago this is not something there was dreamed up last week. we've been working on adding cryptography. the reason we don't have today is because they are unbelievably complicated to run. the deutsch and benefits but they have -- it's like bringing a senior citizen to the doctor with five ailments and the doctor says i'm going to give you medicine for one of them but it has side effects. it has side effects, it doesn't fix everything. the third and last issue i want to raise its software. at the root of every cyberattack, every problem i've ever dealt with in my entire career is that software, and i

think that it needs to be addressed. the discipline of software engineering, the profession of writing software that it's a complete mess right now and i need professor of the stevens institute technology in the computer science department for 22 years. i teach software engineering for security, that kind of thing so blame me, but the bottom line is youngsters and professionals today cannot write a nontrivial piece of software that it's a bug free and those bugs are the way they get into our company we are going to close a website down, it's there and software powering that has vulnerability we don't know about. i bought it and i installed and tested, everything is great.