problem here and i think it needs to be addressed probably to the education system. spriggs before. we appreciate your comments and we will come back with questions as well. now i'm joined by mr. david mahon for century link. we look forward to your comments. and if you can pull the microphone close to you make sure it's on. >> [inaudible] is your microphone on when he knew. >> you have to get really close. >> chairman, ranking member eshoo and other members of the

subcommittee, thank you for the opportunity to testify today on this important topic. a century link aid provider provides connection services to over 14 million homes and businesses in more than 37 states around the world the services of broadband internet and data as well as fiber, cloud computing and managed security solutions to customers range from the most basic voice and internet customers to the largest fortune 500 companies and large, agencies. as vice president chief security officer for central bank, i am responsible for all security functions. before joining century link i look for over 30 years with the fbi and was responsible for investigating teams and programs related to targeted facts on the internet, computer systems and exports by terrorist organizations from criminal and intelligence operations of the

foreign government, white-collar crime investigations and crisis management. the cyber threat is real and serious. our networks and those of our customers are the targets of thousands of cybersecurity events daily from symbol part scans, probing defenses and to the sophisticated attacks. a century link and our customers invest resources and ongoing efforts to keep those assets secure. a century link use is an overarching government's risk and compliance creamer to ensure cybersecurity threats are addressed enterprise wide. as stewards of the internet infrastructure, century links's programs on fiber security fallen several general categories. protecting the customer, protecting our core networks and giving management cybersecurity and in addition services. we have worked extensively with the industry appears, partners and government and others to close to strengthen the collective defense against cyber

attacks. the ceo participation of the president's national-security telecommunications advisory committee to buy securities teams patient and key organizations dhs communications sector coordinating council and the fbi domestic security alliance council conduct risk assessments, information sharing come instant response planning and participating government sponsored cybersecurity exercises. in addition, senator link ceo chairs the fcc communications security reliability in danger of ability council which is working on voluntary best practices for the remediation for the system's security, internet routt hijacking and other emerging issues unique to the communications industry. more can and should be done carefully. the part purchase of yield a significant progress in the last years by building a framework of collective defense and

cooperation helping us understand the cyber threat to as many of you have pointed out, we are entering into a new era to the career of cybersecurity threats for the adversaries have become more sophisticated and determined. to collectively step up the game is more acute. we are particularly encouraged by legislation like h.r. 3523. reza brenda watson sharing and protection act and provisions in the senate bills that can clarify and enhance the cyber related public/private information sharing. as the commission providers, we see a number of areas for the congressional action to make a valuable and provides for the nation's labor security such as improving information sharing, market-based incentives analysis, and prevent the federal government posture and development. shifting to a mandated based approach with of the counterproductive. we strongly caution against the traditional regulatory approach

based on government mandates or performance requirements. because our network is the one central asset of our business, century link and our industry peers already have the strongest commercial incentives to invest in and maintain robust cybersecurity. there is neither a lack of will for a lack of commitment to do this among the major communications providers and at its best cybersecurity is a dynamic constantly evolving challenge best done in a collaborative partnership and at its worst cybersecurity can evolve into an exercise and divert resources away from effective protections into expensive compliance measures that may be already outdated by the time they are implemented. we of the most knowledge of the network systems and databases, and we understand the most effective and efficient way to protect these assets. we commend the members of the energy and commerce committee for their interest in improving the nation's cybersecurity and for the delivery of process the committee is undertaking to find

the right mix of incentives and elimination of legal barriers. a century described to be a partner in this effort and we will continue to do so. thank you. >> thank you, we appreciate your testimony and now we will move to mr. john olson senior vice president and chief security officer for metropcs communications. welcome. the senior vice president chief information officer for the communications five nearly 30 years of i.t. experience and i'm responsible for our i.t. networks. metropcs is a limited communication services for a flat rate with no annual contract. we sell our services for our own retail stores and independent dealers to retail consumers and do not sell from business to business sales channels or to the government to read our recommendations that works use the well known and established a network centers erickson, siskel

and samsung. we also purchase handsets from the well-known established vendors they are not the primary net for the vendors which mitigate the risks that and embedded handset is able to exploit vulnerabilities in a network. our communications networks utilize the security measures from the carriers. we've also adopted measures both physical and logical to protect these networks. we have for i.t. networks which are critically important to the business as we will discuss in more detail from the servers to treen efforts to protect our i.t. networks with physical and logical to the security of the critical networks is important to the metropcs. remained in a comprehensive holistic risk-based inter program build by industry best practices covering people, process and technology. we use a combination of hardware software services. our security program directives were driven by a formal government's function and include among other things centralized policy management, security awareness, training,

internal and third-party monitoring, physical protection, threat identification and vulnerability management council as intrusion prevention. we are particularly focused on security at the perimeter of the networks and use the multiple securities to prevent unauthorized access from both inside and outside their companies to conduct the security of its and patrician tests and have a single provider for all network equipment. further, or i.t. networks are broken up into segments with fire wall between critical segment. our 24/7 monitoring efforts for augmented by the cybersecurity partners can generate hundreds of thousands of potential cyber threat alerts today but result in just a handful of real threats which we address immediately. why we cannot say definitely we have never had a cyber intrusion we are not aware of any significant cyber intrusion or cyberattack that have been

successful but our networks. in addition, we have also adopted a number of other measures to protect our customer information such as encrypting hard drives, installing virus software and for remote access requiring the factor authentication. we also conduct background checks come segregate duties of personnel command law all taxes and changes to critical systems. metropcs is also and plummeted numerous security measures such as part he played a metric access. we have maintained certifications and regularly participate in vendor sponsored symposiums, industry summits and conferences. we are involved in these groups not because we are required to but because they are a valuable source of information of best practices. metropcs does not believe that regulation is required is warranted at this time particularly for the care that doesn't provide services to the government or local public safety organizations. they are already well incentive to protect the netflix and this is particularly true for the

month to month service providers like metropcs. if we don't provide the level of protection of our customers want or demand the can terminate service without penalty and activate service with a competitor. governor of regulations and private sector certification such as tci also force providers to invest in the appropriate tools and practices to detect and deter cyber threats. market forces are pursued to respond to constantly changing cyber threats. if regulations are considered, metropcs urges that the requirements be flexible and tailored to the threats. a regulatory compliance can be particularly burdensome for carriers to compete by providing and affordably priced differentiated service for consumers. unfortunately, even voluntary obligations can involve into a mandate on industry. we support voluntary industry efforts come industry standard bodies, enhanced government of consumer education, and the fcc's cyber securities takeover efforts. along with government sharing of cyber threat intelligence,

including national central clearing house. finally, the carrier should be liable for using such information. thanks again for the opportunity to testify. i look forward to any questions that you may have. 64. we appreciate your comments today and we will be back with you with questions as well. now return to the final witness on the panel this morning. mr. scott totzke senior vice president blackberry security group research. thank you for being here. estimate a governor, ranking number eshoo, members of the subcommittee, thank you. linus, totzke, senior vice president of the blackberry security and i'm pleased to be here to talk on the topic of cybersecurity. we revolutionized the industry in 1999 and products and services are used by millions of round the world for more than 630 carriers and distribution partners and 175 countries that offer the blackberry products and services to customers. more than 90% of the fortune 500 companies are blackberry

customers today and we have a longstanding relationship with the u.s. federal government in putting congress, department of defense and department of homeland security. mobile communications security risks as the non-mobile communications several of the same types of threats have existed in the platforms and the power computing capabilities of the smart phones have increased over the last few years the threat matrix continue stifel to exponentially. most users have yet to realize that the applicable buddy of both of the existing and emerging threats to what is essentially a smaller and more mobile computing platform that they already have the home or office. an effective comprehensive global security solution must therefore provide protection by preventing immoderate texas to the smart phone data by protecting the data and transmit over the wireless africa protect the corporate network using features built into the platform. when a technology vendors can provide components of the solutions it is equally important as a mobile technology

industry we help the government enterprise consumers better runners and the risks involved in all types of online activities. for our part we focus on designing security efficient solutions for enterprises and consumers and have a history of integrating security features into its products and believe that security technologies are an important foundation for the digital economy. rim has built security features and allow the data to be encrypted and protected from unauthorized access to limit and control access to information on the smart phone by the third-party obligations and to remove the phrase sensitive information in the case very phone is lost or stolen. these controls can all be managed by the blackberry enterprise which is designed to yield small and large organizations the ability to organize individual and enterprise to use of blackberry smart phones while protecting the privacy of the corporate employee information. rim also believes their needs to be more focus on security testing and certification that stellas is the baseline for technology vendors to bid without an established baseline to properly gauge the security

of the product or network it is difficult to make informed decisions. vendors the court to certify the mobile solutions with trust the other asian programs provide assurances to governments and consumers who would otherwise be unable to verify the security of the claims being made by the vendor. blackberry products and solutions have already received more security accommodations than any of the wireless solutions and our consumers value this level of transparency when it comes to protecting their information. we feel the greater experience in the standards would help customers better and understand the personal and professional investments of protecting their information. lastly, the panel has raised a number of concerns regarding the two extremely important points relating to the evolution of security technology in the mobile industry that i would like to address. the vendors have also increasing degree of commonality in the components used by many platforms to read this correctly transit's to devolving risk of the platform will notice creating a level of shared risk

that increases the need for the vendors to work together to responsibly dispose and address these concerns. this also means programs such as rim information sharing primm me to engage the public sector entities such as the u.s. to ensure timely direction of flow of security information. to the end of it can have on the security of devotee of the networks. product that has been modified and created in an unauthorized manner can pose security risks to the customer's information and to the overall posture of the network the carriers' networks or the customers that works. rim has been working with a look at berkeley and the silicon of the products and in all aspects to ensure only authentic products are allowed to alt-a network services to read we believe that the combination of hardware security operational security manufacturing facilities securities offer security work together to negate many of the concerns about a lot

of products that of other ways been tampered with and hecky the security of the customers. we support the subcommittee efforts to raise awareness in this wide reaching impact with respect to the supply chain related security issues, german walden and members are elected to begin for the opportunity to provide this perspectives. >> thank you very much for your testimony. all of you, thank you. we appreciate your being here. i'm going to lead off. dr. amoroso and mr. olsen you say that you routinely track threats across your networks and how can we facility information sharing among the network providers of such information while protecting consumers' privacy and companies competitively sensitive data? >> the debate has been between the government and industry. that's been the big issue. if i go to a security conference and a hacker whispers to me that there is a signature that i

should be looking at and i scribbled down and run back to my off-center and put it in place if the government individual does that why can't put that in a network because we would be operating as a branch or agent of the government or something like that so that seems a little silly like that's something that probably ought to be -- >> that is the kind of specific issue we are trying to drill down. can you give us something more specific, where does that show up? >> the united states intelligence agencies and law enforcement agencies regularly see different types of signatures that we don't look for we are not enough law enforcement, providing the service to customers. we don't chase that down. we chase it to the point we can stop it and that's it. but like intelligence groups we dig down deep and see something that we don't, for them to share that particularly of its classified or something it is

awkward and i know my own company whenever i get involved in something like that there are more lawyers involved in the discussion than people in this room right now. so it's almost like we are a disincentive and bothered. it's not between the different groups we sure because frankly we kind of do. the internet wouldn't work if we were not sharing constantly treated its government. >> are there any provisions if you spot something and go to that conference and they say look for the signature is that something that mr. olson, mr. mahon and others should be looking for? >> i'm sure they do. >> is there a way you can share that information with them or they're impediments to that kind sharing? >> we all buy services from a lot of the same companies that do that. we pick companies that do a great job and from three or four different companies that provide about the same intelligence everybody else is going to get. it's pretty good, and it's --

but because their incentive to make sure it's pretty useful because the pay every month for it. >> so i guess the question then is there is not a problem sharing information back and forth. >> some times there is. >> to have an exclusive on the iphone saw it with a bunch of people in new york city, died of school and i tell them find ways to filter attacks being aimed at the iphone that would help our customers and they work hard and come up with some and once other carriers got access to the iphone the disincentive was to do it as well and compete with us and i would like my customers to say i'm going to stay with at&t because they are investing in the protection and our competitors say the same thing and we innovate that way.

that's kind of the case where. the market is going to force the competitors to want to catch up or for me to catch up that's the balance between all of us and the information sharing should be more free. >> walden dr.. mr. olson? >> in the metropcs patrols in the internal systems have cybersecurity partners so security monitoring firms that we use to monitor when african systems 24 hours a day those firms' share information between them, but if i believe i and understand your question, there isn't a central clearing house for that information for the folks that are outside of those security companies to easily share information. so, mr. amoroso recognizes the threat or is told about a threat in his network there isn't a central place for the carriers

in the same industry that this threat is out there and we should respond to. >> if you identify the threat that your customer why you tell the iphone -- >> i've noticed a disincentive. keep in mind when we advertise the threat we are worried about you tell them about five. to be too open about what your concern was, so i kind of like the existing model. i think that there are companies that do this. we evaluate them and when the intelligence looks pretty good, we buy it. >> my time is expired and i will turn to the gentle lady from california. >> think you to all of the witnesses come excellent testimony. first come to mr. livingood, i think it's really terrific that you are the first isdn north america to fully implement and

how we encourage others to follow your lead? >> on the question fall and the dns sec adoption by the providers is a person to keep in mind it isn't just about network operators it's about the banking sites and about other web sites, software developers, other people have to implement dns sec to make it work, but specific to network operators i would say there is already a lot of that attraction going on already. one of the beautiful things about the way the internet has worked and is successful is there's a lot of multi stakeholder consensus based organizations that get involved in. one of them happens to be one of the working groups that i am on and they will be coming out with a recommendation soon and a number for companies participating. >> when will that be? >> it's due today. >> you never know on the

government times that's relevant. >> congress has an extensive network to ensure the security of our mobile devices and the networks that they run. i experienced this firsthand when i travel abroad that part of the congressional delegation and my device can infected during the trip and because the device never left me under my pillow at never was out of my purse, it was never left in the hotel but nonetheless, it was infected. the good news is the productive was detected prior to being reactivated in the house networks comes as a company, what steps do you take to ensure that your customers particularly

those in smaller organizations adhere to the same pro-active security measures and my question to dr. amoroso -- i love your name, amoroso -- [laughter] and mr. olsen. >> we provide a comprehensive list of guidelines for the configuration of the device, and our administrators have white papers and information they can access on the web site, and our goal was to make sure that your administrator come in your i.t. organization that looks after your device as it is a blackberry device has control over the device at all times, so there's a comprehensive set of policies, more than 500 of them than an administrator consent to control all aspects of the platform including preventing access to information or disallowing the installation of software on the device. so, we try and do that as i think it will be a common thread here carries a lot of indication

security is a complex decision making thing that we have to do on a daily basis, and a lot of risk is difficult for people to understand. we are trying to offer as much transparency and how to our customers through the publication of the best practices and in forums like this. >> as understand, one way to prevent the activities to isolate and the block ip addresses that post a threat. dewaal have the technology to do this today? and if so, has it been effective? >> i can comment. we have technology to block, but it doesn't work so we can certainly -- we deutsch right. we try hard. botnet is all of your pc being infected. that's what it is. we made the mistake in computing, turning every person in this room into a windows system administrator.

that's what you do part-time when you're not legislating. so that model is wrong and most of you don't do a good job of it nor do i or people in this table would say we don't do it will either. so we distributed the responsibility massively. estimate is that causes the complexity? >> billions of people around planet earth with pcs but improperly connected so it is a piece of cake to build the botnet. we build new ones every day, ones that are 2000, 100,000 botnets we don't even bother naming we just say there's another one and we try to contain it. it's not a matter of blocking the ip address, because we would be blocking you. you probably wouldn't like that. sorry can't you can't go on the internet today. it looks like to have a botnets. we would shut down the whole internet if we did that. >> in my opening statement, i mentioned the issue of supply

chain and the securities that i think really need to be brought to that. first of all, do you share these concerns about the supply chain, and if so, what do you think would be the appropriate kump role for us to play an ever sing it? i think it is a serious issue. our telecommunications network as we came to more fully appreciate after our country was attacked was the system that we rely on. we didn't have that. i don't know what we would have done. and there are constant things that keep coming up relative to the supply chain. so i welcome any comments on that. >> i will answer that from the device manufacturers standpoint. this has been a concern for the

decade plus that i've been there. we have to understand where we get our components from and manufacture the devices and when we started it was easy because we need everything in our factory into was all under our control and you go into a global entity, you deal with outsourced manufacturing and kind of distributing that capability around the world with different partners, so it brings into question are we actually managing the product you think you are making are getting something that is holy and intact, and we are really focused on understanding what we can do to secure our products in the manufacturing process as well as the parts that come in so for some of our strategic vendors, we are actually doing sterilization and in getting the kind of cryptographic element in their silicon before it gets to us and then our manufacturing process goes through a verification of every tool along the line checking with rim head office is a are you actually performed the operation in

silicon and the device to get blackberry services. so we know that the device hasn't been tampered with and it's been manufactured by rim in the first turn on, and the authentication and the partners at work and your networks and the networks working together to ensure the integrity of the blackberry services that we provide to our customers. >> not to the vice chair mr. terry. >> with my five minutes and five people i want to ask you all the same question and that is to the fact that you are the interface if i want to have an internet experience, have to hire one of you. so, what are you doing to provide me services that will protect at least to some extent from botnet and viruses for a

tax to my information and my computer, and we will start from left to right, my left to right mr. livingood. >> i think we all have somewhat similar to devotees it's a multilayer approach that's not going to solve them and it's like an onion, there's lots of lawyers and it's everything from intrusion protection that at the edge of a network things that provide the denial of service attacks are mitigation when you see those things to the intelligence systems that detect botnet edify and customers and that in my opening statement to notify customers and is also a number of things that we all do and in particular to educate customers to help them understand what the steny to secure in their network get in the software that the need to secure other network and other computers is a multilayered

approach. .. that something i think all of us struggle with. [laughter] >> we do a number of similar things with the isp world to protect particularly residential customers. i think you have heard on the

spyware the antivirus parental control, we all have educational and awareness, you know, places on our web site, our homepage where you can go to. we have a botnet notification program. request that your computer does become a.net. we have a method to notify you and then facilitate you cleaning up your home device. >> i think there's a lot of commonality in the approach is that we are all taking. one of the distinctions that i mentioned in my opening comments regarding our cybersecurity partner, i think our partners, it is really important. these are people that are focused and their full-time job is cybersecurity. they are looking for threats all the time and they have hundreds if not thousands of customers that are feeding them information and they are seeing real-time threads go through many companies. a threat that might hit one company they are aware of before many of us would see that.

so that information sharing and that cybersecurity industry is really critical in something that we value. >> you may have answered that question. >> yes maam is certainly the embedded security elements are part of that but beyond that we have users ministry or control security that lets our users dictate what level of profession they want in a platform and we do have services available to consumers and enterprises that allow for on device encryption data remote backup, remote restore and to lock the device or you can deal with the mobile device that will be lost or stolen or lost in a taxicab. we give you the capability out of the box to deal with it. >> i appreciate that. i guess the last 47 seconds i'm going to give to chairman. should they have a system to detect viruses as they enter into your network before they

get to my computer? >> if we knew how to do that reliably, i would have tried to sell you that years ago. it's a very difficult thing to detect viruses and malware. sometimes reading kind of pick it up and just like the rest of them, i called 100 to 1000 people every week. the problem is that i really knew what to tell them and exactly how to fix their pc i'd call everybody. why just restricted to the ones that happen to know about active malware. the problem is there is not persons from the can tell you how to clean malware off your pc other than free amateur computer. that's the best we can do. >> can we just tell you to stop at? >> i wish i knew. here's the reason we can't stop it. i an off year for me with the concept of an encrypted tunnel but when you visit a web site pc hdtv ps it means there's cryptography between you and the

web site and its really security should look for that. the reality is everyone knows they are pushing that malware through their encrypted tunnel because none of us can see it. so we can sort of block the web site and hide the malware and places we can't see. that is where anybody would go. >> when we pick up malware, it's the equivalent of somebody falling over or having a heart attack on the table. that is a rapid response to preventive care. if you fell over and had a heart attack i'd pick that up, that's easy. is picking up the stuff that isn't easy and that is why it's difficult for us to build reliable services that will detect malware because any hacker would do it that way. >> thanks. [laughter] mr. doyle, you are up next. >> i think we ought to just call

him dr. sunshine. [laughter] mr. totzke i want to ask you about federal workers. as you know the white house is currently working on a national mobility strategy to determine how the employees of the federal government are using their mobile devices and they are going to decide for example whether always to have employees bring their own devices to work much like many private-sector employees do. now we don't of course sir advocates to prescribe one particular type of phone for everyone to use in the federal government at what security issues do you foresee that might come up as a result of this if we allow all federal agencies workers to use their own mobile devices and how do you think device manufacturers can make sure that the data that is on the phone of federal workers especially agencies remain secure? >> so she moved to more of a heterogeneous environment where you bring your own device, individual liable devices one of

the challenges he faces the security of platforms is going to vary based on the vendor in the posture and the features they build into its a getting a consistent view of security and how you protect your information is probably one of the issues. there are liability discovery issues and corporate contracts, who was the intellectual property and if you go through any litigation. in the case of the federal government employee and how do you protect the information on the device which is probably one of the more pardon. there is a level of encryption built in the black vary to encrypt all of the data whether it's personal data or government data and one of those can be in forcible. as we look at how we go into a bring your own device scenario, the biggest concern that i have is this lack of a standard bar for protecting information and what i would be most concerned about is sort of a range to the

lowest common denominator so we have three of four competing platte warms. in order to allow everything we will reduce their security requirements to the bare minimum which i think is the wrong thing especially if the government level. >> thank you. mr. livingood given the concerns outlined by dr. sunshine about implementing the dms, can you outline for us why comcast made the decision to begin using dns and what you think it has had the intended and if it's you hoped it would have? >> the intended benefits is it's a long-term gain there. one of the challenges with dns adoption was they needed critical mass for people to start signing their names, for people to build software to do that and we felt like we could play a role in meeting the industry in creating that critical mass. that's part of the reason we did it. i think the reason we did that is when the folder ability came out in 2008 it's fundamentally scared the heck out of us.

our customers couldn't be sure that when they went to bank of america.com it was that web site. that scared us because then they are less likely to use the internet and they're not going to the care about higher speed services and so on. that's incredibly important to us so we also had a short-term fix to that, and to have a long-term fix we thought was incredibly important and dns appears to be that one. we are pleased to help create that critical mass. >> thank you and in closing, i have enjoyed your testimony and it makes us all realize how much work we all have to do together to face this problem that is certainly there is no easy answer to but i want to thank all the panel is for your testimony today. has been very enlightening and i yield back mr. chairman. >> mr. doyle thank you very much and will go to mr. shimkus. >> i want to build a little bit on what a friend mike doyle mentioned that i wanted a different perspective.

because it's kind of tied with federal workers. were you finding your cyberwarriors today? in other words where do they come out of? do they come from private universities? do they come out of the military? cutting-edge people who are helping you do things this stuff, where they coming from? >> i think it's a variety of places and i would say there is a need for more educational focus not just in cybersecurity but ip generally but we find people in their afraid of their brady boys. some are former military service, former law enforcement and others are just system administrators who are interested in security. others are former childhood hackers or something like this. they are interested in it so it's a variety of things. >> i mean, can you get i.t.

training in the business schools or computer science class? >> i've been teaching at stevens for 22 years. i teach the semester. if you look at my classroom in 1990, you would see something that would look like the typical, college class, went to dickinson pennsylvania, a pretty good mix of kids. my class today at stevens is about 98% for a national and i've got about 65 in the classroom. almost all of them have the intention of leaving the country when they complete their masters and ph.d. because they see bigger opportunities elsewhere. >> that kind of segues and if you all want to jump in, if i can raquette but i don't want to get the aspect of compensation for people entering the private sector versus the government sector. there is this debate on salary compensation. i don't know where it is. we have the same issues about

bringing in the best and the brightest. we are not compensating them or what the private market bears and if anyone wants to jump in. >> just on where we resource. we find people moving into private industry. the most talented guy is a high school dropout and so i think using some of the education system as a bar doesn't really help identify the best talent. he was one of the top recognized hackers and researchers in the world, so it varies and i don't think you can actually teach somebody to be a hacker. if you want to be a researcher in that area there is an ingrained mentality that you are either born with are not so it's not like teaching a trade with programming and getting to it level of sophistication in developing software. being a hacker is a much different thing. >> the debate on the senate side, this is how you provide is

what happens if the federal government requires you to follow a new government security standard? what happens to you? that is the debate on the senate side legislatively. one as a government imposed standard. one is really i think letting you guys fight the battle yourself so anyone want to jump in? >> i will offer briefly, my guess is write things down as you think of as a best practice being done here and the things we are back at the shop worrying about now i think are not on your list. as an example we talked about botnet. do you remember y2k? hoover building a y2k white house communications fusion center and we were worried that we are going to get eat doss for one day. that would be really bad if you are not that one day and missed the millennium change. you can't move that date, right? so we were completely freaked

out by botnet. a lot of people assume we have built ways to steer traffic around and now we have a service and we have moved on to the next thing. >> let me put a final challenge out because i do agree. how do we incent innovation in this area which is part of the opening statement, incentivizing meaning government money here or government tax credits. that his persona non-grotto right now in this new world which we live and so i would ask you to help us wrap around may be seizing durden's and maybe there things we can do that are not a dollar incense component but tax credits, things like that it would be very difficult to do in today's environment. i just throw that out and thank you mr. chairman. >> with the committee's indulgence doctor you explain e

doss. that stands for -- here's how it works. when my voice talks while of your ears it's one thing to many ears and it works great if you are quiet and listening but if you could bounce my voice off of your ears, it would sound like you are all shouting. my voice to all of your ears and then you reflect it back. that's a denial-of-service attack. we hit all your cpus and tell your cpus to shout. boom it all comes than it sounds like this big attack and it knocks them out. that's how it works. >> thank you, it doctor. now we go to miss matsui. thank you mr. chairman and this is all challenging and frightening at the same time here. i do appreciate all of the testimony. i want to go to another area here. as we look into developing

industry best practice standards for isp should ice sea cloud services as being as included or do you think because technology is newer it could be better for cloud providers to consider forming their own best practices to secure data in the cloud? i would like mr. subboren dr. subwent to answer that please. >> first of all we are already talking to cloud providers and some of us and factor cloud providers so i do think the conversation is well underway. we are very familiar with the challenges and if you really think about it the term cloud is a rather generic term that is probably misunderstood and it could mean a number of different things are different type of customer. so therefore i would say we continue to include them in the conversation as we have everyone else so to speak at the table as partners, and the solution you are looking for a really going to have to be integrated across

a very wide platform so therefore i would say you would want to keep them in the conversation. >> okay, thank you. >> my mother has a pc at home that i am sure is attacking china or something. it's not administered properly and she has got that big tower with verizon fios and the whole thing. she doesn't need that. she'd be much better served to have a cloud provider to just take care of all of that for her and she would just be using some you know, appliance. the reason she doesn't is there a software and the pc that she wants to be able to use as the equipment cloud so in general that concept is a more secure concept than my mom trying to do administration. so i think in general is the more secure model than the one we have. >> okay, that's good to know.

yourself one given your expertise in this area, what are the differences between securing wired and wireless communications networks, and how can these differences be accounted for in any type of cybersecurity initiative? >> they are pretty big. the differences are significant. we had three hours to get through the whole thing but i'll give you one example. remember, i'm guessing most of you remember when computer security was just don't put an infected floppy in your computer. remember that? don't put software in your machine that you don't award came from and it seemed like perfectly good common sense. what do we do every single day in app stores? we download stuff. i don't know where it came from but voyager looks pretty cool. i think i will downloaded to my device. that's something we are going to have to address. that is a big difference between wire and wireline.

>> i'm also thinking also too is so much of what we do is wireless. so much of what we do within our own home is wireless and get its been so easy to do it. most people don't think about it at all. and i am concerned that we are not thinking as rightly as we should be thinking as far as some of the personal use and i think here with mr. doyle who in the government area too but it's so easy-to-use be carrying tablets, different cell phones around. and for me, it's hard -- apart to me that is quite frightening is nobody knows what they don't know and we are looking at you and you are saying that there are a lot of things you don't know too. we look upon u.s. experts and i'm hoping that we can build some incentive here with a sort of a sharing of information that

goes beyond some of your commercial type of concerns, because i am looking ahead and this gets more and more complicated as we develop more tablets and smartphones and whatever. we are losing control of cybersecurity and the software aspect i think you brought up dr. amoroso is very important, the education factor that and not that we are actually building our own principled standards into that too. that is just a comment and i really do appreciate your being here and i see i am taking more of your time. thank you very much for being here. >> thank you for your comments. we go now to miss black word for five minutes. >> thank you also much and i tell you what i think i'm going to do is just ask my questions

and then if you all want to respond or respond in writing, that would be wonderful. first of all going back to something that mr. shimkus said i would like to hear from each of you and you can say now or send it to me. what you are seeing as the disturbing trends, and what is the next thing out there? i would like to know that and i would like to get an idea of how much of your cost of doing business is beginning to center around the cybersecurity issues. in your testimony, several of you have mentioned in one way or another in response to the questions in your testimony, the federal government could end up being more of an impediment than a facilitator in bolstering some of the cybersecurity efforts. i would like for you to speak to

what you are concerned that we might do and then what we are not doing that we should be doing. and hear from you in that vein. with your consumers appreciate knowing what you are doing to educate them? i think that one of the things that helps us as we work through the process is being certain that consumers are educated and if i could get that bit of information and then when we look at the attacks that are out there, some of the anonymous attacks. there is one in the news today or i think there are five people that they are bringing forward on charges. what kind of government imposed performance requirements would help keep pace with some of the technological evolution you are saying and this cyberattacks and if we were to do a government

top-down sort of structure to try to deal with cyberenemies would that be giving a signal to that cyberenemy? is that too much information for them to be able to work around? with that, those are the questions that i would love to hear from you on the trends, the cost, what we are doing and what we are not doing dealing with consumers, how you are educating them and then looking at the attacks, the cautions you would give to us there and with that anyone that wants to respond. >> i can go first and i will try to be quick so others can answer. in terms of the positive things the government can do i think making information sharing easier, there a number of things there to help. i think government has a role to play in education whether that's tsa's or other kinds of education or end-users for citizens. i think there's an opportunity to help send our fund additional r&d.

i know other groups tried to do research and security and other internet futures. i think there is more that can be done there to support and in terms of things to be careful of or be aware of, think to be aware of mandates and be careful of mandates. we don't want to be focused on checklists in compliance and we want to be focused on the innovation of the threats of tomorrow, not just the threats of today. >> thank you. anyone else? >> i would just make two comments. several of the questions and comments mentioned incentives. i can tell you as an i.t. professional we are heavily incentive to make sure we are protecting not only our internal resources but all of our partners connected with their systems. i think one of the things that is a little scary so far is we monitor all of our customer service channels, call centers, stores, web sites and we are not saying a lot of requests from our customers concerning their

own security on their handsets and devices. i think education is certainly going to be important. i think there's just not a general awareness in the consumer population of how big an issue this is. >> may be a comment more around why it's so difficult to regulate this arena. i think here we are speaking rather generically about mobile devices in cybersecurity threats. it's a much broader problem decanting on what category you're looking at because there are multiple categories from throughout act there's trying to be finding a solution a prescriptive way is very typical. they think about who is coming at you and why they're coming at you you could have a nation-state coming at you were all sorts of reasons. they could be coming at the federal government for military reasons for the same nation-state could be coming after a corporation for corporation for intellectual property. everything from understanding the intellectual property is not just a 50,000 corporate

environment. could be law firms doing year and then they act to the reports say report said reports say you have the broad landscape as you are looking in nation-states. if you're looking at criminal activity, sure you have what used to be the script kitty doing something that was relatively harmless and you hired and today is your network administrator. on the other hand, you have organized crime looking at more broadly the world and how to make money. look at the recent fbi investigation on the dns changer malware inspecting hundreds of thousands of computers and then you can take a look at your nautilus and others that are hacked of us trying to make a point. then you come to your insider threat and your companies are doing it. if you think about that landscape and the data they are after, they are after it for sometimes different reasons. when you try to throw regulatory overlay on that it's difficult

and puts us in a position to respond so there are four broad categories. at the same time to make sure we ever checklists compliance programs going. >> thank you. i yield back. >> the gentlelady is yielding back and now i recognize the gentlewoman from the virgin islands, dr. christiansen. >> thank you mr. chairman. good morning everyone. thank you for being here. i have a couple of questions. let me begin with the saddam -- mr. amoroso. you suggest in your testimony to congress defined the role of the various executive branch agencies and cybersecurity. where do you see the fcc has an individual agency playing a role? >> i don't think there is an agency right now that is in a good position to come in and solve a problem that we can't solve ourselves. if there really was a case where we could write out these things it we should all be doing and forward ever reason negligence,

ignorance, whatever we are not doing it, then you really do need somebody in government to shake us into action. the problem is that we don't know what it is that you should be telling us we should be doing. that is why we are pointing to innovation is the key. so it's almost kind of a moot question whether it should be dhf for the fcc or whoever because we are not really sure what they should the telling. that is the problem and there are some things, like i said i am part of the team trying to make recommendations. i don't want you to believe that we are just punting on such a hard problem and not trying to ease the risk that i would say from an agency perspective if there were an obvious set of things that should be done right now, kind of thinking the groups that are here would be doing it. we are incentive to do that and that is the problem. i hope that answers your question. >> okay.

mr. livingood you mentioned the comcast is an active participant on the fcc communication security reliability and interoperability council, so can you describe for us how you been vision the improvements and cybersecurity especially the types of attacks the counselor is suggesting,.net and -- etc.? >> their number of working groups. i'm on one and one of the folks that works for me is the chair of one of them. and they focus on things like the security routing structure, and and a whole range of other things. i think that is a process that works pretty well. people voluntarily get involved and work together and on what they think the current best practices are. that is a process that repeats. in 2000 we came up with some best practices and that is what

we are focused on. something that gets renewed and refreshed all the time so we can look at every threat as it comes out and that is one of many places that we all work together. there are lots of others, the north american operators group, and the whole range of others, other acronyms that i could go on for minutes about the rubes like that are good because they tend to space are voluntary and focused on practices and current issues. ..

the government and private industry as well as the private companies. what protections to you think are necessary to protect civil liberties and consumer privacy and what do you believe will be the reasonable boundaries to the liability protections and antitrust? >> the issues you raise are the issues we have those sentiments because i'm an american. i want celebrities, i want all those things. it's the current state that we have swung the pendulum in the

direction of making absolutely certain that we are protecting civil liberties. that's a good thing. so the question is how do we somehow preserve those liberties and also allow all of us to know if this is a malware thing. the motivation, everybody's head shakes. yeah, malware, that isn't a really civil liberties issue. comcast should know that blah, blah the problem they conclude that in their systems and somehow you just have to maybe get the lawyers out of the room and come up with some kind of the common sense approach. but that's the reason. all the things you listed, that's why we can take those signatures today. simic's before mr. chairman. >> thank you, dr. cristian samper. dr. amoroso, you should have seen the people shake behind you when you citizen get the lawyers out of the room. let's go to mr. bass from new hampshire.

>> thank you. i have a couple questions for mr. livingood but before i ask that, can i ask a mobile or smart phone question for dummies if there is a difference in cybersecurity issues between an ipad or smart device like this, and a laptop or desktop computer make it quick because i have other questions. can anyone answer that for me? >> there is probably a fire wall between your pc. if you are on a lawyer and so we can do more faltering and policy control with your wireless it's a direct drop to the isp and we have been invented and lead particularly in washington pushed the packet, don't look at them, don't impose -- god forbid you impose any kind of policy or faltering. so your connection is strictly to the internet where has your

lawyer connection probably has some i.t. group at work. stomach's this exposed to the walden is their cybersecurity issue with my ipad? >> let's say i'm connected to comcast, which i am. >> i think those are a new class of device, and a lot of the hackers and other criminals are very focused on the return on investment where the biggest platforms are and so the more those devices could out there a bigger target that makes and they say okay i can stand a couple days developing this and i have a few million devices, you will start to see more and more of those things and depending upon the tablet that you have, some are more vulnerable what the moment than others. but that is something that a lot of americans are buying into and there will be the next draft. >> who is responsible, is apple responsible for this or are you?

>> it's a variety. with the device if apple plays a role with the android device and google please enroll and then all the software vendors that make the applications that go on that, but there's also a component of customer education and ensure overtime just in the same way that we have software that runs on the pc to provide security, that will start to develop and evolves and provide that extra level of security as well which is that the early stages of that adoption curve. >> and the same is true for blackberry, right? >> all of the tablets are going to have different risks, and when we look at it in terms of how we protect our platform. but the key that i keep hearing over and over again and it's one that this committee has highlighted is the need for education, and when you're talking about computer security one of the inevitable comparisons is driving a car. we don't let people drive without a license but we let them get on the computer and connect to the internet,

download software not understanding what those risks are. and that piece of education, i'm not suggesting we license people to use a computer but we need a level of sophistication and education how we inform people of what risk half. >> i want to ask a couple questions about the constant guard protection sweep. i know in your testimony, mr. livingood, on page six it says we understand securing cyberspace is a complex task comes to education prevention detection, remediation recovery of the core of objectives of the antimalware efforts. does comcast require its customers to download the protection sweet, and if not, how is the customer going to know that it exists, and how are you going to notify that the of the problem? >> it is not required a customer download that to use our service. they just have to have normal internet connectivity to do that. but we do a lot to make

customers aware of that and to and sent them to download it before they have an issue and after so before the have an issue when they are installed, they're given a lot of information about the things available for them and they are given links to that and so on. when they get a welcome e-mail wendi sign up for service we are reiterating that coming and we do a lot of things on the website and other places to promote the fact these are available after they have an issue and we notice it will drive them to a three mediation portal and that's one of the first things we recommend the download is that sweet and take a number of other steps so we do a lot of education up front and when they come on and we call it on board when they come on as a customer and we do things while they are a customer reiterating that. >> it is to the windows operating system, correct? how long has it been around? >> that protection is pretty recent. i think that's a little bit more than a year. that's the supplement to a larger anti-virus security suite

that we have had for many years that is comprehended -- >> real quick because i've run out -- what business incentives, if any, did you get or did you have in developing and offering the service? >> we view it in two ways. number one there's a competitive incentive if we can be seen as having more security features or more secure than the next guy's someone chooses us as their isp rather than someone else but the other thing as customers when they come on board as a customer used to tell us the true reasons for price and speed, and today its price, speed and security so customers are aware increasingly so not as aware as the need to be that very aware about security, they ask about those things when the collis to order service and so we view it as a competitive feature that we need to add, and that's why all of the things we are doing is part of the constant guard dns sec and other things important to us. >> now we go to chairman

dingell. >> mr. chairman, bots. gentlemen we have much to do and little time so i'm going to try to ask questions if you can answer yes or no. starting now with mr. livingood. gentlemen, you seem to be in agreement that imposing new federal cybersecurity regulations on industry would stifle innovation and harmon industries ability to protect consumers from cyber threats. is that correct, yes or no, starting with you. >> yes i am concerned about that. >> mr. amoroso? >> yes. >> server? >> yes. >> gentlemen, let us assume for a moment the congress will pursue that no regulation passed in this manner has facilitated greater information sharing about cyber threats between industry and the government. would that be your collective preference, yes or no? >> yes. >> server?

>> yes. >> yes. agreed. >> gentlemen, thank you. islamic in that case with the congress need to consider granting exemptions to the antitrust laws and the federal trade commission act in order to allow companies to share cybersecurity information among themselves, yes or no? >> yes. >> yes. as the mcconaughy unfortunately can't comment on that. >> now, gentlemen, similarly, do you agree that a safe harbor provision should be created in a statute to permit companies to share serious cyber threat information with government agencies without fear of class-action or other lawsuits being brought against them, yes or no? >> yes. >> the reporter doesn't have yet but you guys say yes.

>> okay. >> i'm afraid i can't comment on that. i don't know. yes. >> now, gentlemen, my last several questions have been premised on a no regulation scenario where in the congress adopts legislation to promote information sharing between industry and government. would you please submit for the record what enforcement tools you think the federal government would have in this scenario to ensure that industry is adequately regarding and being guarded against site were threats? i'm asking you to make a submission there for the record because of the shortness of time. now, gentlemen, let us assume that the government would have some role in promoting sires security and private sector.

if the federal government were to require the promulgation of cybersecurity standards stood to the crush of such standards preempt state law? starting with you, mr. livingood. yes or no? >> yes, easier to have one standard. >> i don't know. i'm not sure. i haven't thought that one for a treat >> you? >> yes. >> i would have to agree with dr. amoroso. i haven't considered fat. >> i can't comment on that either. >> gentlemen, i have read with some interest in mr. olsen's testimony that, and i quote, the ongoing evaluation for metropcs' security program is based on a periodic internal and third-party assessments and auditing. what your respective companies object if such audits were

government mandated, yes or no? >> we already provide all those things. we already do that to get >> i think we would not checked. >> you would object? >> then we come back and ask you to explain that. >> we probably object but we do that anyway. >> now, those who've indicated no, would you please explain briefly? >> i can explain. when you write a law, we do paperwork. so i take people away from giving their day-to-day work and sit and do work one of our favorite things to show people in the operations lab is a long one of the walls we have about a mile ellsworth of the ring binders and they always say there's the government paperwork filed by a lot of chuckle and laughter but it's true we do have a great deal of paperwork

that we fill out when we are dealing with different federal groups or sarbanes oxley, whatever. there's a lot of paperwork, so i'm just suggesting that if we are already doing it and the government comes in and says i need you to fill out this compliance checklist you are taking people away from the work. >> very quickly if i could just make a note to very quickly this is dangerous sometimes but i'm told that we might have objections and the same concerns. >> gentlemen, thank you mr. chairman. >> mr. chairman, thank you for your questions. i think we got to the heart of the matter quickly. now the intelligence committee and in part a member of the subcommittee mr. rogers. >> thanks for having the hearing and the witnesses as well paid i think one of the big problems we've run into in this is we haven't really sounded the alarm bell i think in all of the circles people that have looked at this every day all the security shops, the i.t. security shops across america

they know what the problem is. average users don't see that and that's why there is no crying i think yet about how we get this fixed but i appreciate all of your comments today. you talked about coming each of you, the importance of information sharing and keeping it as clean and simple as you can. talk about how that would work if we bring the folks together we are sharing the government secret sauce with you all and you are sharing pact militia swear that maybe the government is not aware of, talk about how fast this is. there's talk about civil liberties and i think people have this visual people are reading e-mails. some guy named bob indy 500 clevelan is reading everybody's e-mail but define this malicious software. but what works. if that happened it's a mill was servile failure. can you talk a little bit about how you envision that would work with the sharing arrangement, real-time, no regulatory from all voluntary, can you talk about that?

>> first a lot to compliment you on your legislation. niquette there are some real nice elements in the work you've done. first of all, real-time, absolutely. independently audited i think is important, so that somebody can come in and look at the way that this is done, but it also has to be controlled by blasting out over the internet would be a really bad idea. but i think you need to balance this real-time also the ability to come back and look at the process, make sure that it's transparent without exposing it to our adversaries. that's the right way to do it. >> there's also different levels of sharing by industry. you have to look at how you do your risk assessments. there's also right now a very good example of what's working well and that is the defense industrial base pile but that's going on. i got particularly supporting defense contractors and the dod. you can expand that to the financial-services industry and other industries.

>> just for clarification, when we talk about real time i have seen the numbers as high as 100 million a second, packets of information flying around. so if this is going to work, the source code has to be compared at an incredibly fast rate. can you talk about that from the engineering perspectives? anyone? >> one of the challenges is trying to do any kind of pattern matching. if of the malware we have seen for a number of years is what's called polymorphic ordered changes every individual that every instance is different from the next so a lot of stuff changes. it's not like to use with anti-saddam where you can match on a few key words or one to file an attachment, that's the target and flag get that placing a need to come up with ways and a number of us have systems like this and there's others and development that can do this on a wide basis but that is the

challenge you are getting which is doing that in real time is just incredibly difficult and you are at the edge of computer science at that point. >> which is why many of you have told us before the legislation was written be careful about the regulatory scheme if we slow you down and give you another row of books down your life a long hallway it doesn't work. we already have an outdated what you are trying to accomplish in the room, and this is a value added not only for you but for the government, is it not? the government also gets a benefit from the protection of all of your great work in the private sector, correct? >> that's correct and there's two things that interest in there. one is by the time that a prescriptive law would be written by the time that eink is driving the threats would have moved on and so you've got to be liable to be flexible. the other is we all need to have with our software developers and security specialists the need to be hard at work in the room not with half a roomful of lawyers with them slowing them down and

asking questions about why you doing this and that the need to be at work trying to solve the problem. >> i have to see for the record this may be my favorite panel of all times. never so often has a group of engineers belittled lawyers of the table. [laughter] you have warmed my heart today that we have faith we are moving forward. i wish we had time to talk about all the issues and i'm a very curious about how you would fix the programming issue, a huge problem as we move forward. we didn't dhaka of exultation which is difficult for any of you to catch which i would argue right now is the single greatest threat to our economy moving forward a side of the things we know today. >> could you outlined exultation? >> we know venetian states today are engaged in getting on your

network, they will be there for very long time. system administrators don't know it, these folks can't catch it. a lot of times the government can't catch it either and then they will latch onto that intellectual property that is on everybody's computer today. there's all those designs and everything of company and the right time at the right speed, the latch onto it and run through your network and to get back. a country like china is investing in this as a national strategy to exfil trey intellectual property and then directly use the intellectual property to compete against the united states businesses, and unfortunately it is happening at a breathtaking pace and was concern is they're looking for fifth oriented. this is very sophisticated as any that and incredibly hard to detect and they really don't

want to break anything. they want to steal it without you knowing and that is what is troubling about. hundreds of thousands of jobs lost every year for the intellectual property that's been programmed commercially against u.s. companies. it's as big a problem as i've ever seen and it's one of the things of the many that keeps me about night, mr. chairman, so let me explain it and something we didn't really get into today because that is in the focus of what they can even watch, so that's why this information sharing i think is so important. it would help american businesses by the federal government having information being able to identify that code and share it with the right partners amazing what we would be able to stop to respond with the indulgence of the committee members perhaps the importance of that topic to the justice you have anything you want to add on that if anybody wants to comment

on the chairman. >> it's called advanced persistent threat and these guys are exactly right. somebody targeting any of you. we know the folks you run around with. we can craft a female that looks pretty realistic. point you to one of these websites that establishes a tunnel, it drops a remote access tool on your pc. you know how you login when you chemotaxis from work or from home or wherever you are doing it, this is a hacker doing remote access to you. you are now the server and once they are on they can control your pc and so on and the intellectual property is becoming significant. it is probably the number-one thing i get all of us when we go back we talked about botnets but that's not what we deal with when we go back to the office of at&t which is kind of powerpoint where we are ahead of the discussions here that we've been dealing with in the past and

things we deal with now are things we will be here testifying five years from now, that is an issue. >> the advanced persistent threat these are remarkably sophisticated and for cities, they are slow, patient, they will work on your network for years and i'm from the canadian headquarters. we had a large company go to business and part of the attribution of that is the loss of the intellectual property to a foreign state levels adversary write off their networks, so when you look at that this is a serious concern as is mentioned five years from now you will probably be looking at that the tower advanced to be looking at now, congressman because the threat is real and persistent today and as you stated it is a threat to jobs and economic threat to the united states and elsewhere. >> bots. >> for the record can i thank him for his 30 years of fbi service as well for all the time you put on.

>> bots. >> a former fbi agent himself. let's go to mr. stern's. let me take my questions a little bit along the lines to my colleague from michigan talked about advanced persistent threat to read dr. amoroso, when you did your opening statement, you were speaking quite eloquently talking about malicious software, malware, and you had this picture that the malware you were impressed how well it was developed, put together coming and you sort of alluded to the fact that it was almost not and pet treatable, but it was to the point you are respectful of it and we are not sure that we were keeping up. is that my interpretation what you said? >> that's right we are definitely not keeping up. we are trying. think of the pace of innovation

in silicon valley. new things every day. the hacking and the militias adversary community moving at the same pace. so the job we have is we have to keep up, and you would say you'd better be ahead of that, not even enough to just kind of keep up, you better be ahead, so we are always going to be biased three we have to innovate and go faster. >> you think you are always catching up? you apply to me by saying that respectability that you had for this malware, is this true for ad where, where, all these others, is also applicable to that, too? >> apts are the best of this exultation point the congressman's book about, that is the elite attack of 2012, where maybe not so much. >> with the malware, who are the

people doing this specifically? can you name them? >> i'm not law enforcement. >> is their anybody on the panel? dr. amoroso talked about this malware so respectfully and how it is put together. anybody can tell me who we are talking about? >> i think if you take a look at the most recent investigation conducted by the fbi on the dns sec malware was a group of individuals operating out of estonia that sent malware to individuals and various forms and e-mails and you click on it and infected your computer in a way that directed at you when you went out to do a dns sec search you were looking for amazon bought, or some other company you really went to their servers and their own servers were actually embedded in various locations in the united states, these are organized groups. they figured out how to capitalize on the money you can make with the malware.

>> are these people in estonia part of a mafia underground, an organization? it's larger than just an estonia without you revealing -- >> these are no longer just individual hackers. individual hackers are out there. they've now formed themselves into types of federations to work together across the world. you can do it across the world. there are certain groups you can join and and be a member for different countries. so it's like a fraternity. i am a member of the estonia -- >> estonia seems to be a hotbed right now because the economy. >> if i could add to that is actually pretty interesting. this is a very large and very well organized underground economy. their specialized, so you have some people that right tools, other people that read access, you can rent botnets by the hour and where you want them to be and what kind of computers.

all of -- payment network mechanisms between the parties, so it's very sophisticated and if you think about it from a criminal standpoint it's a lot easier to get a return on investment on this type of thing than it is to do physically oriented crimes and the scale is so much larger. these are folks that operate internationally and there is an enormous amount of economic consensus for them to do it and it's primarily unlike apt it is an economic crime and focused certainly on economics but more intellectual property or undressing companies. this is all about the money. >> why guess, mr. mahon is there a possibility that we have terrorists involved that are a part of this estonia the terrorists could go to this group or federation across? >> terrorist use these for funding for their operations, and number two, the use it as a

communications system, they know they are being looked at, so the waiting to communicate or surreptitiously any matter that cannot be intercepted so they use these types of technologies to communicate with one another but they have to fund their operations. >> i guess the question comes down and this is probably the premise of understanding with the hearing is all about. what could we as legislators on this subcommittee of the full committee or members of congress, but can we do to make it easier for you to operate and at the same time give you the wherewithal to compete, and what should we not do and what should we not do it as a closing statement give what we should do and should not do that would be helpful as one legislator. >> i think what you should do is help make information sharing easier. remove those infamous pip relating also there is a rule

for the government to play in education mother that this tsa or others to raise awareness about the security issues and i think that there aren't the types of things through agencies that you can help fund to focus on this. i think what you should not do is focus on mandates and compliance. that enables us to focus instead on innovation. >> that sounded good. i would repeat those comments. i have one additional and that is that you have influence around the federal procurement process. a lot of times we see procurement come out and scratch our heads and say don't you think fer ought to be through gsa there's this program a lot of fuss spend they're ought to be more business, there isn't. so i would recommend that procurement process ought to be the most secure process in the entire world. >> i would echo what both of

them said and and the importance of information sharing. we've limited resources to conduct risk assessments. the risk assessment when we are trying to decide on impact and probably based on the information we have at that time. if a government agency or another carrier has additional information, we don't factor that into our analysis we are really miss aligning our resources and how we develop our countermeasures. >> i think there is a lot of commonality among the panel the and we would like to see i think just to add a little bit to the information sharing area with the federal government has access to information through various agencies that are watching the country's cyber borders and we've seen in our own company a vast majority of reconnaissance stance and attempt to gain access coming from china and eastern europe, and i think the federal government would be in good position to monitor and provide more information on that.

>> lastly i agree with everybody else on the panel here, especially on the information sharing from the government industry. the purview that the intelligence agency has in terms of what you see is much different than what we see. my team works with dr. amoroso mahon on areas of common nobody between rim and at&t were we of issues that need to be addressed with the impact of the security of our customers, but we don't necessarily get feedback from our government about what do you see that we need to be aware of, and if there is anything i could ask for, it would be more transparent, more real time information sharing mechanisms to what industry and what the government knows so we can act to protect our networks and by extension protect your information. >> bots. mr. gingrey, thanks for your patience as we got through the hearing your the last estimate this detriment, you took the words right out of my mouth. you are extracting the last measure of patients with all of the last member to ask a

question, but i moved down here early in the year because i couldn't hear very welcome even though the chairman said speak right into your microphone. but i'm glad i did move down close because i knew it was going to be interesting, and i knew that all five of you experts were going to have a lot of useful information to present to us, and quite honestly, after two hours of this, i am trying to figure out a way to beat these guys, and the only thing i can to get his there's an opportunity to invest in these packing operations. i don't guess that would be legal, but if it were that would probably be one of the best ways for us to win. but thank you all very much. let me ask a couple of specific questions and may be discussed a little bit to the chase. one of the main reasons why the chairman is holding this hearing

-- and each one of you, please come starting with mr. livingood and service for me -- you believe the fcc has enough cybersecurity expertise to delay the concerns that some industries stakeholders have with the commission if they do choose to impose cybersecurity regulations on how you guys on the network providers? do you have enough confidence in the expertise to do that, mr. livingood? >> i don't know the answer to that. we work with a lot of folks of the sec and the have a lot of expertise. whether they have enough here that is a tough question. i don't know the answer. >> i said earlier i don't think there is any agency that has the right expertise to do that. if we knew the answer was, we would be doing it. i don't think that it is a knock on any one particular agency. i just don't think that there is any agency that has that capability right now. >> mr. mahon? >> i would agree, the answer is no by don't think anyone does.

that's the importance of the collaborative relationships. you do need to bring people in from all sorts of the federal arena as well as the private industry to work together. it's the evolving nature of the threats in this arena. >> mr. olsen? >> it's an important question but i would have to agree with mr. livingood. i don't know whether the do or not. >> mr. totzke? >> i don't know whether they do or not. i think what you're hearing here is common among the panel, the defender job that you're trying to do to protect your information is exceptionally hard and it's much more difficult than being on the other side. >> speaking of hedge funds, let me go back to mr. olsen and the formal testimony that you talked about in the clearing house. i would like to know a little bit more about that specifically, and do you think there would be helpful and meet the you could elaborate a little

bit more. >> there are two aspects to that. one is where the federal government is sharing with the private industry but they are seeing as far as threats and i mentioned a little while ago with the threats from outside of the u.s.. that is a critical component. the of areas where can share threats that they are seeing and that the clearing house would have to be sponsored by someone in the federal government has the right place to do that. >> and i think that u.s. trust also in your testimony the whole harmless provision that would be necessary to share that information so you would be subject to lawsuits. >> yes, sir. >> i have a little time left. one more question. the internet is currently transitioning from this internet provider from before to be six in addressing. does that have any new sires security issues and will

transitioning alone solve any cybersecurity issues that exist? there is a process of transitioning to prevent opportunities to resolve existing cybersecurity issues through a stack of those issues that exist in the current internet and the ipv4 to refer to the ipb6. that is a new format addressing and technology you are introducing new things into the ecosystem to dr. amoroso's point earlier. when you change something it can have unintended consequences and so it's something you have to keep an eye on and make sure you are not introducing new vulnerability is but i think that if there were any it's simply because some security tool work to great and ipb4 -- >> every plan that running ipb6

would be addressable and that is a pretty dangerous situation, so for all of us we have to figure out how to architect security protections around that. so i do have some concerns about the transition. >> mr. mahon? >> the architect engineering teams are still working through those that as you said, you have legacy systems being married up with the evolving technologies, and whenever you do that, you are going to have things evolves as you began to deploy. estimate mr. olsen? >> from perspectives standpoint it is a step ahead with the bad guys are out there working as hard as we are to find another way around that. as soon as we make an advance and in technology they are out there keeping pace with us. >> that expands the surface and by doing so increases the risk, so we have new and unknown risks we have to figure out how to mitigate. >> mr. chairman, thank you for the generosity of those extra

seconds, and i will yield back. >> actually you got to 49. thank you mr. gingrey for staying in participating. i want to think of the witnesses, and all the folks i know played some role but we really appreciate your insight. it's really helpful in our effort obviously we are trying to do the right thing and you are out there fighting the battle every day. we don't want to get in your way. so we may get back to you with our working group to dig a little deeper on some of these issues and get as specific as possible. we hope to look out some of the other types of networks and small providers. you obviously represent major providers or a representation of them. we are also wondering about the weakest link which might be small iset and how the deal with this and do they have the same sort of capability to fight back, so anyway, i deeply appreciate your willingness to be here today and share your knowledge with us. we are better for it.

with that, the subcommittee on technology stands adjourned. [inaudible conversations]

the top commander of u.s. forces in the middle east was on capitol hill testifying about the 2013 budget for special operations. a general james mattis took about afghanistan, russia and iran's nuclear program at the senate armed services committee. this hearing is two and a half hours. >> good morning everybody.

this morning we continue to the committee's review of the posture of the combatant commanders to meet the security challenges and operational requirements in the areas of responsibility in light of the president's budget request for fiscal year 2013. our witnesses are general james mattis, commander u.s. central command, and admiral bill but craven, commander of the u.s. special operations command. thank you both for your dedicated and distinguished service to the nation. also on behalf of the committee, please extend our heartfelt gratitude to our military men and women serving with you. many have served multiple deployments often in harm's way. we think them for their dedication and service and their families or so essentials. and reflected in the president's budget request as $88 billion for overseas contingency operations in fiscal year 2013,

the conflict in afghanistan remains our military's foremost security challenge. the afghanistan mission is entering a critical phase of transition. the drawdown of the 33,000 u.s. search force is scheduled to be completed by the end of the summer, and the remaining 68,000 u.s. troops in afghanistan our plan to continue to be reduced, "at a steady pace thereafter through 2014 according to president obama. u.s. and coalition forces have begun to move from the combat lead to an advise and assist role in support of the afghan national security forces as those forces increasingly assumed the lead for providing security. this transition is to be completed by 2014. when afghan security forces will have assumed the security lead throughout the country. as the u.s. troop presence in afghanistan winds down our

special operations forces will assume greater and greater responsibility for the afghanistan mission and for advising and supporting the afghan security forces. even after 2014 our u.s. military plans on having an ongoing presence in afghanistan to train the afghan forces to conduct terrorism operations and provide key enablers such as logistics airlift and intelligence support. the recent violence in afghanistan following the unintentional regrettable burning of crowns of the u.s. military base is deeply troubling. president obama has expressed his regret, and i would hope president karzai would condemn the killing of six american soldiers as a part of that violence. while these events could weaken the level of trust between the u.s. and afghan forces, secretary leon panetta has reaffirmed the united states

remains committed to the current approach and afghanistan misstating the recent attacks on the troops, quote, will not alter our commitment to get this job done. the success of the afghanistan mission will depend on building the capabilities of the afghan national security forces. at the end of today, the consulate in afghanistan is an afghan war and will be up to the afghan forces to win. for this reason, i am concerned by news accounts that the united states is circulating within nato proposal to reduce the afghan security forces by as much as one-third of. according to "the wall street journal," under this proposal, the size of the afghan army and police would be reduced from 352,000 personnel this year to 230,000 after 2014. lieutenant-general dan global church, the head of the nato training mission in afghanistan

is cited as saying this proposal is based on, quote, with the international community will provide financially and the afghans can provide for themselves. i am surprised and disappointed to hear our military commanders are focusing on afghan foresight based on what they think might be affordable instead of a number of afghan security forces they believe will be needed to maintain security. it strikes me as unwise to base decisions on the future size of the afghan army and police exclusively on projections of the future of portability instead of military requirements to secure the games that have been made at great cost to prevent a taliban return to power. the sustainability of the progress on the security and afghanistan will also be affected by a number of issues including the progress of reconciliation with the taliban, whether pakistan chooses to play

a constructive role, eliminating the threat of insurgency to fence in pakistan, the rest of the end of a long-term partnership between afghanistan and the united states, and the karzai government efforts to improve government, deliver services and increase government revenues, fight corruption and promote transparent elections. general mattis, the committee will be interested in your assessment of the progress on security and afghanistan and the sustainability of the games through 2014 and beyond. there's a strong determination on the committee and in this congress to do all we can to counter the threat posed by iran and in particular to stop iran from acquiring nuclear weapons. the national defense authorization act included distinctions with respect to iran by requiring foreign financial institutions to choose between maintaining ties with the u.s. financial system for

doing business with the bank of iran relative to the purchase of the related products. president obama has appropriately focused considerable and determined diplomatic effort, quote, to prevent iran from getting a nuclear weapon and has repeatedly said there are no options of the people to achieve that goal. general mattis has the task of the planning and something of the military options in the president relative to iran in case they are needed. i'm going to put most of the balance in my statement except for the following. the new strategic guidance and priorities emphasize the importance of special operations personnel for counterterrorism operations. the capacity building and other theater security cooperation activities and support of the geographic commanders. admiral mc lo raven, a recent

published reports indicate that you are seeking new authorities that you believe would help to be more responsive to the geographic combatant commander's request >> host: the committee looks forward to your comments on these reports and learning more about any authorities may be necessary, that you believe may be necessary to fulfill the global missions. finally, general, we would appreciate your comments relative to these events. as to what you believe the options might be to end the slaughter of syrian civilians by the government of syria. we are determined that we want to end it. the question is what are the military options that might be available in the case that they were seized upon as being one of the ways to do that, and we very much appreciate your comment on

that. gentlemen, again, our thanks to you and the men and women that served with you for your great work. senator mccain to the estimates before mr. trump and let me think the witnesses who are the most impressive military leaders currently serving our nation. we are all grateful for the years of dedicated service. we are also grateful for the men and women the lead in the u.s. central command and special operations command. amazing americans with a free service to carry on the fight after a decade of war. admiral mcraven, this is your first time testifying before the committee as a commander of so, and it's fitting that you do so alongside general mattis, a seasoned veteran of this committee's hearings to have the scars to prove that. nowhere is the work of america's special operators more important than an centcom's scirica of responsibility.

the forces play an instrumental role of an ongoing counterterrorism operations both in the region and around the globe. while the senior leadership has been diminished by sustained pressure against them in pakistan, al qaeda's global operations are becoming increasingly decentralized and no less deadly. regional affiliate's seek safe haven in the country's set by the weak governments and internal instability particularly in places like yemen and the horn of africa and the trans, this is why the efforts to build the capacity in the nation's in the troubled regions remain a vital component of the strategy to disrupt and defeat these terrorist organizations. i'm concerned, however, as the administration seeks to decrease the size of our military conventional ground forces, many people are already coming to see special operations forces as a fix all to the myriad securities

alleges that our country faces. i look forward to your thoughts, admiral, to the proper role of the special operations in the total force, and what more can be done to ensure that these operators are not stretched at the expense of the unique core responsibilities. general mattis come all of us have the utmost respect for you but we do not envy you. few of our military leaders have more on their plate from supporting our friends in jordan and egypt and saudi arabia and the uae with the fragile but very different situation and of rain coming yemen and lebanon. in afghanistan despite the progress of the troops on the ground, we are at an impasse with president karzai on the negotiation of a strategic partnership agreement which is critical to sustaining our goals and blocking the lasting success. in pakistan our relationship remains fraught by a series of

setbacks and lack of trust, largely to rising from the fact the country's intelligence service continues to support terrorist groups such as the haqqani network that are killing americans. the wreck a minister maliki continues to centralize power at the expense of the other political blocs while the threat posed by al qaeda appears to be growing along with the kinds of perfect spectacular attacks like the one we saw yesterday. if the regime continues working to subvert iraq and many other countries in the region which the recent attempt to assassinate the saudi ambassador in washington as well as the officials in the southeast asia and the caucasus suggest a growing and increasingly reckless threat, the threat that would expand exponentially if the iranian regime would require the nuclear weapons capability that it clearly seeks. unfortunately the impressive international effort to impose

crippling sanctions appear to have been nothing to dissuade iran from its military nuclear pursuit. and then there's syria. after a year of bloodshed, the crisis has reached a decisive moment. it is estimated that nearly 7,500 lives have been lost. syria today is the scene of some of the worst state-sponsored violence since the balkans. brochard al asad and his lieutenants appear to be accelerating their fight to the finish, and they are doing so with a full support of russia, china and iran, a steady supply of weapons and ammunition and other assistance is flowing from moscow and tehran, and as "the washington post" reported on sunday, the iranian military and intelligence operatives are likely working in syria to support al asad. the president has made it the object of the united states that

the killing and syria must stop and that al asad must go. he's committed the prestige and incredible the of the nation to the goal, and it is the right goal. the united states has a clear national security interest in stopping the slaughter in syria and forcing al asad to leave power. at the end of the regime the lifeline to iran eliminates a longstanding threat to israel, the sovereignty and independence and remove the committed a state sponsor of terrorism that is engaged in the proliferation of weapons of mass destruction. it would be a geopolitical success in the first order and the strategic defeat for the iranian regime. however, is not clear that the present policy will be able to achieve our goals and syria. the recent testimony to this committee, the director of national intelligence stated

that if the status quo persists, al asad could hang on for the foreseeable future, and there was before rumsfeld. with each passing day the international response to the house of atrocities have been overtaken by the defense on the ground and syria. what opposition groups in syria need most urgently is relief from the tank and artillery seizures in the many cities that are still contested. but time is running out. the forces are on the march. providing military assistance to the free syrian army and other opposition groups is necessary, but at this late hour that alone will not be sufficient to stop the slaughter and save innocent lives. the only realistic way to do so is with foreign air power, and the time has come for it. air strikes would help to establish and defend safe havens and syria, especially in the north, and which opposition forces can organize and plan

their political and military activities against al asad. the safe havens could allow for the delivery of humanitarian and military assistance including weapons and ammunition, body armor, tactical intelligence, secure communications equipment, food and water and medical supplies. these safe havens to also help the free syrian army and other armed groups in syria to train and organize themselves into more cohesive and effective military forces likely with the assistance of foreign partners. rather than closing of the prospects for some kind of negotiated transition that is acceptable to syria's opposition, military intervention is now needed to preserve this option as credible. al asad needs to know that he will not win. but right now unfortunately he seems to think he can come and for good reason i'm afraid.

i look forward to hearing our witnesses advice about how we can change the balance of power against so as to finally end the bloodshed and their rule and syria. thank you. >> thank you, senator mccain. let me call on you, general mattis. >> thank you, mr. chairman, members of the committee. i appreciate this opportunity to discuss the u.s. central command region. i've submitted a written statement requested to be accepted into the record. it's my privilege to appear today along sign and abshire cleaver and good friend, admiral bill mcraven. no commands work more closely together and the u.s. special operations command and central command. let me begin with what i see today in the region. the arab awakening is manifesting differently in each country, while we may hope for it and certainly we firmly supports all efforts for more space government in the region, the awakening origins are not

necessarily a rush for democracy. rather this awakening stems from a breakdown in the social contract between government and their people. unjust or unresponsive regimes have fallen or are in the throes of falling as is the case and syria. however, the transition to the space government is never easy. as we see in egypt. further it isn't clear what the resulting government will look like. ..

we are nesting or military effort and side for broad u.s. diplomatic objectives are go first it's important for each country's political reform to adapt to their own pace. second, support for economic modernization that provides the people ownership of the future. third, a renewed pursuit of middle east peace, recognizing the status quo is not sustainable. heinle, we stand firmly with their friends and supporting regional security, territorial integrity of the sovereign nations and the free flow of commerce. as a military commander for the central region, my overarching goal is to prevent further conflict. we seek to deter those with hostile intent and if deterrence proves unsuccessful we provide military options to the president. as our president has said we are strong presence in the middle

east endures. at the united states will never waiver in defense of our allies, our partners or our interests. the military challenge will be determining how we retained a sustainable presence and operate him flexibility and a fiscally constrained environment. although we are withdrawing some ground forces from the region we are not withdrawing our support for long-time allies and partners nor are we pulling back our commitment from the region that too many times has taken a commitment of american blood and treasure to restore stability. through persistent military-to-military engagement our troops reassure our friends and temper adversarial intentions. security cooperation activities such as foreign military sales, internet and military education, security force training and multinational exercises are cost effective means for building our friends defense capabilities,

allowing us to operate in concert with allies and friends and to rapidly respond in times of need. a sustained joint presence with a pronounced naval character supported by embarked troops, special operations forces, strong aba elements in an expeditionary army ready demonstrates our commitment to allies, underwrites regional stability, familiarizes our forces with the theater and builds partner abilities to protect themselves all while we are providing response to crises. there are some other key needed capabilities that we have. improved counter-ied efforts to protect her our troops from pervasive threats that extends well beyond afghanistan. information operation and programs to counter adversary information and recruiting on the internet. improved intelligence surveillance and reconnaissance

assets that enable us to locate an elusive enemy and intelligence expertise to support our deployed elements. wheels in a specific resources that are vital to the afghanistan campaign, coalition support funds, commanders emergency response program, afghan infrastructure funds and reintegration authority enable us to meet humanitarian and infrastructure needs of a population that is increasingly secured by its own forces, forces we have been building and training through the afghan security forces fund. in conclusion i appreciate the essential resources you provide which enable us to carry out the strategy. we ask only for what we need and what we request as critical as we carry out the transition in afghanistan and continue on course to achieve our desired strategic end state there by december 2014 as laid out at the nato conference in lisbon. thanks to congressional support

in our military families are forces represent america's awesome determination to stand by her friends and maintain regional stability, defense of our bellies and interests. i look forward to answering your questions. >> thank you so much. at route. >> good morning chairman love our -- levin senator mccain. thank you for appearing free today and representing the extraordinary men and women of the united states. to not to command the world's finest special operations forces for serving side-by-side with our broader military and inter-agency teammates and i'm proud to appear today with my good friend and next-door neighbor jim mathis. admittedly though jim is rarely fair, but when he is there he is a great neighbor. with your permission i will submit my statement for the record and open with brief remarks. 's morning i would like to provide an overview of our nation's ongoing emergency

security challenges. secretary panetta recently outlined how he viewed the future joint force. he called for low-cost, lean, technologically advanced agile responsive innovative efficient and effective forces able to address a variety of challenges and adversaries. as i read those characteristics i'm struck at how accurately they describe your special operations forces and what we bring to our nations arsenal. special operations forces have a tremendous impact on our nation's security and never more so than during the last 10 years of war. since 9/11 are forces have doubled in size now at 66,000. our budget has tripled in the number of deployed has quadrupled to meet emerging demands however even with that growth are $10.4 billion budget still comprises of only 1.7% of the total department of defense budget. simply put, it remains relevant, and high demand and offers an

unparalleled unparalleled return on the nation's best. is reevaluate the days rapidly evolving landscape it's clear that demand for special operations capabilities will remain high. our focus is on winning the current fight against violent extremism. first and foremost we will sustain our efforts in afghanistan in support of isaf by continuing the application of the direct and indirect approach. the direct approach lethal imprecise continues to degrade extremist leadership and facilitation networks. the indirect approach which i believe offers the greatest opportunity for victory but security and governance references to ability operations and security forces. the direct and indirect approaches continue to have daily positive impacts on isaf strategy. our sacrifice and effort in afghanistan is benjamin as we continue to make this our highest priority. in addition to our efforts in afghanistan we strive to maintain persistent presence globally. today u.s. special operations

forces are in 70 countries around the world supporting u.s. policy objectives. in the pacific, africa, latin america, europe and other regions the cultural knowledge and the ability to work with partners courier affects far above our small numbers are gall of these international engagements are done with the complete support and approval of the respective geographic commanders and the chiefs mission. in addition to our forces, in addition to our focus on winning the current but i'm committed to to strengthen our support to the geographic combatant commanders by reinforcing and enabling their theater special operations command. as you know the theater special operations command are commands of the gcc and provide the regional commander his special operations capability. is the force provider for the soft capabilities uso, well insured special operations command have the human capital, capability and the expertise to meet the gcc requirements. another important aspect is their ability to partner with

other national soft units. since the establishment of service special operations forces in the 1960s and uso, 1987 our relationship with their allied partner force around the world has strengthen each nation and each nation's ability to deal with their own security problems. we must continue to build these relationships wherever possible. two in the current fight and strengthen our support it will be necessary to ensure our force and their families remained remain strong. my predecessor admiral olsen established a task force to discover the fraying around her edges. base high demand has put a stress on our force in and families. i'm committed to taking care of our people with the best support we can provide. i put a general officer in command sergeant major in charge to the preservation of the families. they are empowered to to implement innovative solutions across the socom enterprise to

improve the well-being of our warriors and their families. in conclusion the demands of will not and in the foreseeable future. with a your son efficacy will continue sustain a world-class special operations capability in providing the nation a decisive edge in addressing the challenges that affect us today and will undoubtedly emerge tomorrow. it is an honor to appear before you today is the commander of the united states special operations command and you can take pride in what the men and women of special operations are calm pushing around the world each and every day. thank you or your continued support and i look forward to answering your questions. >> admiral, thank you so much. we will try a seven minute round for our first round. general mattis and admiral mcraven first let me ask you about fiscal year 2013 budget and the administration's recently revised strategy. how does the 2013 budget request reflects a recently revised

strategy, general? >> yes sir, it does. >> admiral? >> yes sir, does. >> general do you support that budget request? >> i do completely. >> absolutely. >> in the wake of the violence in afghanistan, including the killing of at at least 6 million -- american soldiers secretary panetta says it will not alter our job to get the job done. he added our goal is that by the end of 2014 the afghans will have the responsibility to govern and secure themselves. general following the violence over the koran burning incident should we modifier strategy in afghanistan? >> no mr. chairman i don't believe so. i believe it is working. we should not allow a few criminals, malcontents, to define the afghan security forces.

even their performance during these last two weeks disciplined restraint standing by us is an indication that this is a force that is, long ways. it is right now nearly up to 352,000 mark handley had set up shows the afghans are willing to fight for their country. we wanted to be a 352,000 by october and we should be there within 60 days. we are on track mr. chairman. >> how does the events which occurred, where we had some afghans showing americans and coalition forces and their own people, how does that strike you? is that a significant shift in anyway in terms of either afghans willing to take on the taliban or the reliability of the afghan army? >> cert, treachery has existed as long as there there has been warfare and there has always been a few people that you

couldn't trust. i am one of those who has slept peacefully in the afghan guarding me in 2001. no forces perfect. i would just remind everyone that even jesus of nazareth had one out of 12. my point is that no matter what selection process we use, you are going to have somebody who doesn't make the standard, and in this case, the overwhelmingly positive response by the afghan security forces, even in the face of what was a very disappointing and unintentional mistake by the u.s. forces, it did not shake their confidence. it did not shake the teamwork. i think that right now it does not cause us any questions about the overwhelming reliability. at the same time prudent measures taken with the full support of the afghan chain of

command unprecedented i might add, absolutely -- support means we are on the right track to address what is a bona fide insider threat concern. >> thank you. according to "the wall street journal," the united states has proposed reducing the size of the afghan national security forces from the 352,000 strength goal for this year to 230,000 after 2014. as a way of reducing the cost of sustaining the afghan forces. first of all what is your reaction to that? is this something which we have decided upon and if so are we project ring the need for afghan troops two years in advance as the security force needs of afghanistan? >> i understand your question mr. chairman. i completely support general allen's recommendations.

352,000 afghan security forces through 2015. while they can be any number of varying levels of maturity in planning or thinking going on, the conditions on the ground will have to determine the size of that force. between now and 2015, think to sustain the gains we have made especially after 2014 when our troops are withdrawn other than advisers, the 352,000 is a prudent measure. >> as far as you know is the decision made relative to that? >> i'm confident there has not been a decision made on that. >> i want to change the subject a bit to the village stability operations. some of the afghan local police. i'm wondering whether or not you have a response to that, and i really what i think ask you both

to kiss you both very much are involved in the afghan local police and their support by our special operations center. the general purpose forces. first general what is your response to the criticisms by the afghan local police program? >> as you know chairman that program is under the provincial governors command. they are not on their own out there. they have u.s. federal forces living alongside them. it's interesting that during all these months of difficulty with this insider threat as we called it where we had some more troops attack, not one of these troops living out of the very edges of the battlefield in small groups have been attacked. we find that those forces are at that goal. we keep a close watch and if we get any indication of unethical behavior, violent behavior,

taking advantage of their position to investigated immediately and we keep very close watch on them. >> general? >> yes, sir. as you know general allen investigated some of these allegations with the afghans and they found the allegations to be false, and his general mattis mentioned the program and the afghan local police in in particular are in fact part of the minister of the interior so that chain of command goes right back to the simple government. some credibility from the tribal level to the village level to the central government and i think that's very important. there are currently 11,000 afghan local police and we are growing to about 30,000 over the next couple of years. we think this is an exceedingly important program for the stability of afghanistan. >> thank you both very much. >> senator mccain. >> general mattis, after all the

sanctions have been imposed on the iranian regime, do we know if the regime has been at all dissuaded from pursuing nuclear weapons capabilities? >> no, sir. i have not seen that. >> general mattis, are there strong indications that al qaeda is making a comeback in iraq? >> yes, sir. notably, in the western iraq area but extending into baghdad. >> general mattis, general burgess director of defense intelligence agency testified last month at the assad regime and its military remain a quote buyable cohesive and effective force. the same hearing james clapper director director of national and tones testified as an external intervention, assad will quote hang in there and continue to do as he has done.

do you a free with general burgess and director clappers assessments? species are assad cert assad has chosen violence. i think his military is under more pressure every day. there are desertions rate going up but in aggregate i agree with general burgess' assessment. >> current conditions persist absent external intervention, how long do you think a side can remain in power? indefinitely? >> i i don't think indefinitely, serve but i would be very slow to put a time horizon on it. i think he's going to be there for sometime some time because i think you will continue to employ heavier and heavier weapons on his people. i think it will get worse before it gets better. >> and recent reports have increased iranian involvement as well as russian arms supplies to

make it worse. would you say that a sod's crackdown especially in recent events in homs is gaining or losing momentum? >> she is gaining physical momentum server on the battlefield. he is creating more enemies and i think he is creating more international pressure against him but on the tactical battlefield, he is clearly achieving what he wants to achieve. >> i think we would agree that syria, out of the hands of assad with a chance to be free and democratic would be one of the greatest woes to iran as far as lebanon is concerned, hezbollah, iran's closest allies. it would be an american strategic interest to see assad go. >> yes, sir. it would be the biggest strategic setback for iran's in

several years when a sod falls. >> fundamentally, you went to the balkans because ethnic cleansing and genocide were taking place in bosnia and kosovo in the 1990s. do you see a difference between the kind of slaughter that is going on in syria now and the kind that was going on in kosovo and in bosnia, maybe edit different scale the sort of the same kind of behavior, actions being taken by the government? >> certainly each situation is unique but as far as the trend, i would not disagree with your characterization. >> under current conditions, was simply providing arms to the

opposition be sufficient to help end the violence and to force a sod to leave power? >> cert, providing arms is perhaps an option. that would be a policy option. i think we'd have to do our best to determine who we are providing to arms to and follow the first do no harm to make certain what we are doing is actually going to reduce the scale of violence ultimately. it may go up for a short time, but you would have to look at it terry closely because the longer this goes on, the more potential there is for all qaeda and four basically a full scale simple -- civil war. >> have you seen any evidence that al qaeda has any significant role in syrian opposition today? >> yes, sir we have in terms of the rather spec tech ever ied attempts. >> so, every time i have seen

one of these crises, the first answer is we don't know and it could be al qaeda. it could be each of. i heard tunisia, we heard it in libya. we don't know who these people are. they are probably al qaeda. do you know what that flies in the face of general? people who yearn for liberty and not being of an oppressive myrtle dictatorships all of a sudden it's al qaeda. i am just returning from a trip in egypt tunisia and libya there is ours the threat of extremism. but there is no doubt the that people have made the revolution. we are not al qaeda. in fact we are are a direct repudiation of al qaeda so frankly one grows a little wary of this, we don't know who they are and they are probably al qaeda. general do you think we can find out who they are? >> sir, i think it's always

prudent to find out who your allies are and who your enemies are. >> is it written to stand on the side of freedom and democracy in front of one of the most oppressive dictators in the world? >> no, sir. >> is is met with the united states has been standing for were a couple hundred years at least? is not why we fought wars? so, frankly i grow irritated and i grow angry when i see in miep gies people who sacrificed their very lives and their families who are wanted. i visit a hospital where a whole shipload of the wounded young men had just returned and i didn't see a single one of them that was all qaeda. not a single one. i didn't see a single one that died before my eyes that was al qaeda. so i suggest, suggest we find out who these people are and i guarantee you that you will find out it's not al qaeda. it's not al qaeda. it's the people who have the

same yearnings that are universal and that is freedom, democracy and our god-given rights. so, i would hope that we would spend sometime with your unique capabilities and finding out who these people are. i'm surprised you haven't tried to do that before. you should do it. this conflict is going to go on and a whole lot of people are going to die if we allow the status quo to prevail and the slaughter to continue because quote, we don't know who they are. >> thank you senator mccain. general mattis thanks very much for being here and take us for your leadership. obviously is it considered the records both of you have had and what you are doing now, don't think we could have two better people in the position that you are in. we ought to be very grateful to you for that. general mattis i look forward to your testimony because in some sense i feel when i read your stuff or listen to it i am back in the classroom because you do

have a very developed sense of history. just want to read in the context from your submitted testimony. in over 30 years of supporting u.s. forces, in the central command area of responsibility, i've never witnessed it so tumultuous. at changes only constant in surprise tends to be the dominant force in the region. while transformation is underway across the region as a result of the arab awakening maligned efforts by regional actors particularly iran represents perhaps the greatest immediate and long-term threat to regional stability. i am skipping here but again i saw an interesting bit. there is only one state in our goal i are actively seeking to destabilize the region and actively foam and violence and that is iran.

and that helps us put things in context but let me go back to something that senator mccain touched on but i want to ask you if you could go into it a little or detail. it's about syria. can you describe in more detail, what is the extent of those iranian and russian assistance to the military assistance -- to the outside government? >> senator they are russian to have provided very advanced integrated air defense capabilities, missiles, radar and that sort of thing. it would make a position of any no-fly zone challenging if we were to go that direction. in terms of iran they are working earnestly to keep the side in power. they have flown in experts and they are flying in weapons. it is a full throated effort via ran to keep us thought there oppressing his own people. >> so, the iranians first, to

the best of your knowledge, have some expert or high-ranking personnel that have come from tehran to damascus to assist the syrian forces? >> they have, yes sir and generally speaking what kind of hardware, what kinds of military assistance -- systems are they providing to the syrian army? >> they are providing the kind of weapons that are being used right now to suppress the opposition. they are providing listening capability, eavesdropping capability to try and pick up where the opposition networks are added and they are providing experts who i can only say our experts in oppressing their people and they know how to oppress their own people in tehran. they have helped façade do the same thing. >> i'm generally in sympathy

with the argument that senator mccain just described. the international community, for reasons that are both humanitarian and strategic, really just shouldn't sit back any longer and watch a sod do his thing. my own sentiment is i suppose eventually they will fall but there is such it disproportionate military power between the government and the opposition. as you suggested earlier and senator mccain said if we can hang on -- we saw this in the balkans in the '90s before we got involved and stopped it. and i don't minimize the difficulty of getting involved here but i do want to say that your answer to the last question which i appreciate, does lead me to say this. if we get involved and some of

our arab allies get involved or people in the european union to for instance provide weapons to the opposition army, that we will be militarizing the conflict. the complex is already militarized and militarized adequately on one side which is the iranians and russians are providing a lot of military support to the assad government and the opposition doesn't have much of there on. has the white house asked you as head of centcom to prepare any contingency plans for possible assistance to the syrian opposition? >> senator, i would prefer to answer that question in a closed hearing if i could, sir. >> okay, then i hope we will have the opportunity to have a closed hearing before this is over. i know for the hurt that i don't

believe in i don't believe senator mccain believes that we should do this summer on. i i hope we can organize something but i gather that the saudi's are actively thinking about it least applying some weapons to the syrian opposition. let me move to another area. this also goes to iran. i have heard reports that the iranian regime is now involved in more actively in maligned activities and in other countries in the region. and in a way that poses some threat to our forces in the region and i wanted to ask you to talk about that particularly of yemen but beyond in syria out. there are other areas where we feel iran is beginning to threaten our forces. i would like to hear about it. >> they are fighting basically a shadow war every day.

they are moving weapons into sudan and sending them into yemen. they are trying to make inroads there by passing out money to various factions in yemen and they take their first up store some kind of a democracy. having come out of a very good election, we see what they are doing in damascus. they recognize that their link to lebanese and hezbollah if assad falls so we see this throughout the region. they have never gotten along that well, the iranians with the taliban but yet they are willing to help the taliban to some degree fight us in afghanistan. we also see their mischief all around the world and of course right here in washington d.c. where they attempted to kill and arab ambassador. so this is an ongoing effort. i think it's now within the regime something we have to make

part of our modus modus operandi and we certainly have taken a lot of prudent steps in our own force protection. we also see the trying to find their way and take advantage of anything in any of these arab awakening causes that. they have tried in cairo and i think they were pretty well rebuffed there. the iranian revolution is not being seen as an example for any of the arab nations in their awakening. so it's not successful but at the same time it's highly concerning. >> my time is about up. i was about to ask you briefly, is all of this activity and the region via ran evidence of the fear that they really have hegemonic ambitions that they want to stretch out across the region or can we not conclude that? >> sir, i think one of the reasons we are seeing the unity of the cooperation council right

now and away the arab league is banding together and becoming actually a force for initiating operations whether it be in libya or in other areas, there are concerns about damascus. i think what we are seeing is the whole region is becoming aware of this sort of effort on iran's part of and a more unified opposition, almost akin to 1948 in western europe when nato was formed out of the fear that the soviet union and their forces. >> so a very significant parallel. thank you very much general. senator promised next. >> thank you is your chairman. thank you both for your service and admiral thank you for taking the time to come in. senator actually referenced the afghan local police program, which i had an opportunity and an honor to serve as a soldier this summer and go out and visit

with a special forces and see that program. and is that many of the villages and speak with the tribal leaders and also the soldiers that were there. to me it's a program we should have implemented from day one. the value of the dollars incredible and the amount of cooperation between tribal leaders and the people of the villages in the special forces is unheard of. it has never happened the way it is happening now, that check and balance. 11 villages coming to the aid of another village when they are being attacked or harassed. it's never happened and that is obviously because of the advent of just a simple road, connecting those villages. that's why it's important to continue with infrastructure that region so they get from point a to point the to see what the other villages doing. create trade with that village, and vice versa. is that your observation of

those types of positive activities as a result of our involvement in the afghan local police department? >> serve actions -- absolutely is. the afghan police program is one component of the village stability platform or operation which really kind of looks at security governance and economic development. the afghan local police are part of that security aspect as again the village level through the district and the district through the province in the province eventually to the central government. we think the program is working extremely well. >> thank you. general i have the opportunity as a result of my military duty to actually go to the detainee facility and actually participate in a so-called board to determine whether the detainee should be released. was not dissimilar to our drug courts and other types of warts that seem to be in concert with everything i has been -- have been taught as a j.a.g..

i found fascinating and i found it a little bit troubling especially troubling, potentially troubling i should say because the strategic partnership agreement with the afghan government is absolutely important something we need to get a signed it signed and implemented right away. the notion we are packing our bags and leaving however excel rigging the transfer of the detainees to afghan custody presents real concerns for me. i don't think they have the capacity at this point based on my personal observations to assume the security of these detention facilities, and i found it was one of the best run facilities i have seen ever. i have been down to get mo my went my old senate district where i was responsible and participating in getting funding for three or four persons. is that general your understanding of the position as well? are you concerned about that

transfer and whether they can handle that? >> yes, sir we are. we are in negotiations with them now. ambassador crocker is leaving those negotiations in general allen right alongside him. i think the most important thing is that we figure these things out or process for figuring them out and not going to an agreement. what we want is the right agreement and as you point out we want to make certain were not paid -- turning people over for the afghans to take care of them and then we end up with abuse or some failure in terms of how we take care of these prisoners. >> i mean it's a top-notch facility and i know they are expanding it and i have seen the caliber of afghan corrections officers and a soldier who would be manning it and i have to be honest i have deep concerns and something i want to monitor closely along with you and ambassador crocker in general

allen are obviously working that through. regarding iraq i'm as concerned as others are about the vacuum that has been created and as you know al qaeda in iraq is carried out more attacks this year than the entire second half of last year. do you think there's a security vacuum here now since we have left or what? >> it's not a security vacuum senator brownback it is a less capable iraqi security force without our capabilities there. they are scrambling to try to fill in those gaps. they are working with our small footprint there to help them fill in those gaps but it's a concern i know for the iraqi government and the concern for ambassador jeffrey's. >> do you think al qaeda is making a comeback in iraq? >> yes, sir they are. >> what about about the favoritism in the iraqi government had majority shia

party? do you think that is fueling another insurgency and assist plan to cut his hands to create that instability? >> it's not playing into al qaeda's hands yet and i think that there has been some progress in a political dialogue in the last couple of weeks that i think its back on the right track so i give you a caution, optimistic view of this and it's very cautious at this point. >> regarding syria, do you see iraqi al qaeda moving over to syria to fight against the syrian regime and how do you think this affects our understanding of the assad opposition? >> off qaeda is trying to increase the chaos of ungoverned spaces. i don't think they have a moral bone in their body. they are just opportunistic. i don't think they characterize or represent or define the opposition to assad. that they would try to take advantage of it i have no doubt.

but they did not define the opposition of the assad. >> admiral, can i just touch base? can you comment -- sometimes i feel not often understood but contributions of the guard and reserve and socom. how do you view their role now and how will do you view the role of the future? >> as you know the guard and reserve has been absolutely essential to socom's capability here in the last 10 years and since the establishment of the u.s. socom back in 87. we have to reserve units in special forces groups that that do phenomenal work for us and in afghanistan we have the 193rd special operations wing which fly some of our unique guard and reserve assets so we are very strongly enabled by the guard and reserve across all components, all sorts of components and special operations and we expect that

they will continue to be well-resourced in the years to come and play a vital role in the u.s. special force. >> do you welcome that role? >> absolutely, sir. >> thanks senator brownback of senator reid. >> gentleman thank you for your extraordinary service and the men and women, their contributions also. general you indicated that the most significant threat in your region, in your land -- is iran and given the issue of strategic focus you have to keep maximum pressure on the key threat. can you comment about what could happen if we either coordinated or supported or encouraged military operations with syria with respect to the iranians? would this be neutral in terms of our efforts are with this disrupt international

collaboration and create unanticipated and unwarranted -- >> sir, i think that if we went into providing options, whatever they are, to hasten the fall of assad, as long as those were put together in a coalition international form, it would cause a great deal of concern and discontent in tehran. >> the one area that would be problematic would be something that was perceived as unilateral or so dominated by the united states that this lack of international collaboration could undermine our intentions or our motives. is that true? >> i think the international collaboration would be essential to the successful outcome. >> so, in effect, we are working

on, as we speak, pulling together an international context for efforts that are directed to what are many have said and we hope the ultimate demise of the assad regime. is that a fair characterization? >> yes, sir. >> let me take it one step further because it's discussion establishing safe areas and safe havens. operationally on the ground, let's assume that could be done. it would seem to pose some problems. first the syrian military forces are very well organized and robust and buried proficient. i don't know how long they would tolerate those safe havens for second, given safe havens it also implies that someone would

have to go in and organize training and organize really an army. that could take months if not years. are those considerations being thought through carefully and what it would mean in terms of the commitment of resources and again, deflecting efforts away from other more serious threats? >> sir, if not been directed to do detailed planning on these. i would prefer to take senator reid in a closed session but it would require regional or surrounding states support to do something like this. i've looked at the maps. there are note terrain limiting features where we could create the safe havens. another brick you would have to create military forces. it's not like the mountains of northern iraq where they could be in the area against saddam

hussein to help in that area. would be a significant commitment of resources and of course the international aspect could reduce our commitment. >> thank you very much. one of the typical points negotiating strategic framework would be the persistence of president karzai to resist operations and even his own forces. can you admiral comment on how critical this is to us and is there a way to somehow ameliorate his concerns to be tactically effective? >> sir we think the night raids are essential for our task force to go after high-value individuals rico high-value individuals that we pursued during the course of a 24-hour

period or days or weeks. generally bed down at night. they are much more targetable at night and in fact you are looking at tactically what you find is the afghans are actually much safer if we target an individual at night because there aren't so many people out and about in the villages. what we have done to reduce the afghans anxiety on this is, the afghan special forces are in the lead on all of our night operations. i think this is an important point. i know it's an important point that general allen and general matches have nate as well as ambassador crocker to president karzai. these are his forces that are in fact surrounding a potential compound, trying to call out the specific individual and the first forces through the door. we think that is the best way to reduce the app dan's concerns. it is a critical tactical component of what we do every day in afghanistan. >> general mattis do you have in a comic?

>> would emphasize that there is less collateral damage and in some think people being killed in both on the moral level besides the aspect dictates we continue these operations along is the enemy -- >> one of the principle assumptions going forward is that we will be able to operate with the afghan national forces and police forces, special forces and army forces. at small unit levels which means essentially small rips of u.s. and nato personnel with larger units and this is particularly something that u.s. forces, soldiers and other operatives get. the recent attack by an afghan military force against the american forces, one-on-one sort of violence, to what extent has

that caused you to reevaluate that approach and that assumption? >> sir i think as general mattis mentioned earlier we have not had what we referred to green-on-blue incidents with respect to our partner relationships with the special forces of afghan. but, that is not to say general mattis mentioned there couldn't be treachery in the ranks and i think we are ours cognizant of that. having said that we have built these partnerships over many years and we have great respect for our afghan partners. we think this strategy of partnering with the afghans is absolutely essential to victory. >> sir, the ana definitely is defined by the tens of thousands alongside us. bear casualties are routinely higher than ours, significantly

higher. they are doing much of the fighting now and there is an increasing need for us to have mentors among them as they take that will take every prudent measure but at the same time it comes down to the trust between the young men fighting alongside each other and this is characterized by a high degree of trust overwhelmingly although these tragic incidents become understandably what we hear about. >> thank you. >> thank you senator reid. senator ayotte. >> thank you mr. chairman, thank you general mattis and thank you sir for your service to our country. i want to ask you about the recidivism rate in guantánamo. a story which i believe was misleading and the headline was not so many guantánamo three offenders. the story said far fewer detainees released from guantánamo bay have rejoined terrorist activity as previously reported. however before this committee

this is an issue that i've questioned many individuals about. last year director clapper said the re-engagement rate from former guantánamo detainees were confirmed or suspected of re-engaging with 27% and in fact just three weeks ago before a committee again and he actually said that he reengage -- the re-engagement rate of those who led reengage where we conformed suspected to be re-engaging with increasing close to 20% and i believe it's 27.9%. and of course we heard the same testimony from secretary gates as well as secretary vickers that the way we calculate the recidivism rate is not just those who have returned but those who have been suspected of returning to the side. one of the big issues we have of course is that it's difficult to determine who has reengage because we are so, once they

have reengaged, reconfirming. we can't always reconfirm who is out there, who is back fighting us again and often we find them when we encounter them in the battlefield or elsewhere, and so i want to ask you, in my view, one terrorist re-engaging is too many. and the reason we have tracked both those who are free engaging and suspected because that is in my view a more accurate reflection of where we are with a re-engagement rate. two individuals i would like to ask you about general mattis are engaged in the fight and that is sayeed al zawahiri and bashir al-sharari are former detainees who have been released. one became a leader in al qaeda in the peninsula and the other became a leader of the taliban in afghanistan. both of these former detainees have been actively involved against us and our allies.

can you update the committee on the status of these two former illustrious guantánamo detainees and what types of activities they are engaging in against us and our allies? >> thank you, senator. he is the number two man and the al qaeda is in the arabian peninsula is in yemen. he is their number two military commander right now and engaged in active operations. we did confirm that. on bashir al-sharari he is a taliban commander in afghanistan and i can get back to you with more specifics in a classified setting. >> just to put it, and look forward to having more from you on that but just to put it in perspective is that these individuals are engaged in activities to kill americans or our allies, are they not? >> that is correct, senator. >> i can imagine how frustrating

it must be obviously for our group to re-encounter someone we have had already in detention. so one of the concerns i have had is, what do we do if tomorrow greed recapture them in terms of where do we detain them to interrogate them and admiral mcraven you testified before the committee last year that for example as we got out so will hari we did go to afghanistan and we needed a place, long-term detention facility and that would be helpful. can you help me, both of you, where we are in that and what we do have fully capture the two individuals but just talked about tomorrow in terms of interrogating them? where were behold them? have we solved this problem as we move forward at all? >> senator, i am confident that we would be able to hold them.

each case is looked at individually so i cannot tell you in advance how we would do it. but if they are listing i would suggest they don't sleep well at night because we are after them. we will hang onto them if we can get them. i'm not quite certain where we will put them but we will be interrogating them. if they are alive, we will do our best not to see them on the battlefield again. >> that we don't have a designated facility because we are essentially not taking anyone else into guantánamo as far as i understand it pursuant to the administrative policy. >> there is not a designated facility, no maam. >> one of the concerns i have is we certainly can't hold everyone on a ship particularly if we have to hold them and long-term detention. would you both agree with me on that principle? >> yes, maam. >> so it's not clear where we

would put them up a if we capture them tomorrow? >> maam, some people, we have been able to facilitate their transfer. >> i would hope that we would not bring those two individuals to the united states of america because i would have a hard time explaining that to my constituents when we have the availability of the guantánamo detention facility. so i would hope that would be an option given how dangerous both of those individuals are. do you think that is a good option, bringing them to the united states? >> that is a policy decision maam and is certainly an option but it has not been considered. >> why wouldn't they just use the facility that is secure at guantánamo? >> i'm probably not the right person to ask a question man but it's a policy decision, and i have no reservations or by we

have -- as far as where he put them. >> admiral is there anything you would like to add on that? >> in the case of al-sharari at and sakir if they are captured obviously we have agreements with the yemenis and the afghan said they could be held in their country of origin so right now for those two individuals i think that would be the likely solution. >> admiral i just wanted to follow up. last year when your roof before the committee for your confirmation hearing i had asked you about al zawahiri and i asked you the scenario if we caught him tonight in pakistan for would replace him for long-term detention? you were not sure what we do in that circumstance. has anything changed since then? >> no maam, nothing has changed since then. >> certainly we could not put them in afghanistan.

we can't take individuals who we have captured outside of the sit -- afghanistan or pakistan or yemen and bring them here for detention? >> that is our practice now is not to do that but it's correct we take a government to government agreement to do something like that. >> we have issues we are trying to resolve with the afghans obviously to secure his deal with the afghans that they have now. thank you, both of you. >> thank senator. up next to senator nelson. >> thank you mr. chairman and let me add my appreciation for your service as well. thank you. i have got a number of concerns about our presence in iraq at this time. i don't think that i have a clear understanding of what our mission is there. and is further complicated by the fact that we have got questions about the new embassy,

which is a significant in terms of size was significant number of security contract yours located there, perhaps not even functioning in a security role outside of the embassy. and the embassy continues to be expanded and i understand perhaps the state department now is in charge of establishing what our mission in iraq is. can you, either of you, help enlighten me about what our mission truly is in iraq today and how that might relate as well to providing of security by contractors and the continuing expansion of ability, of a building that seems to be gargantuan in size