quorum call:

quorum call:

quorum call:

mr. reid: mr. president? the presiding officer: the majority leader. mr. reid: i ask unanimous consent the call of the quorum be terminated. the presiding officer: without objection. mr. reid: mr. president, we've been this afternoon trying to move forward on the wrda bill, water resource development act and significant progress has been made. one of the issues we're trying to work out is an issue dealing with senator landrieu. she's been more than anyone else in the senate concerned about what happens when places flood and she has every reason to feel this way because of what happens in louisiana with flooding. she's concerned about flood insurance.

i have worked with senator boxer, senator boxer's staff, i've worked with the republicans, and it appears to me that this is something that has made great progress today. the staffs can work on this over the weekend. we're going to be here monday, and i'm going to file cloture in a few minutes. but if, in fact, cloture doesn't need to be voted on, we can always move forward without doing that. we can vitiate the cloture vote. so i would hope that the ghood work done by senator landrieu, her staff and other staff members here and herself, she has been here like she is, i don't mean this in a negative sense but a bulldog, she gets hold of something, it's hard to get her to loosen to jaw. she's been here all afternoon working on this. i hope something can be worked out in the next 48 hours on this national. i have a cloture motion at the desk. the presiding officer: the clerk will report the motion to invoke

cloture. the clerk: cloture motion, we the undersigned senators in accordance with rule 22 of the standing rules of the senate here to move to a close the debate on s. 601 a bill to provide the conservation and development of water and related resources and for other purposes. mr. reid: i would ask unanimous consent the reading of the names be waived. the presiding officer: without objection. mr. reid: i ask that the mandatory quorum be a waived and the motion to invoke cloture occur at 12:00 noon on tuesday, may 14. the presiding officer: is there objection? without objection. mr. reid: i ask we have a period now of morning business, senators allowed to speak up to ten minutes each. the presiding officer: without objection. a senator: mr. president? the presiding officer: the senator from louisiana. ms. landrieu: thank you, mr. president. i wanted to speak for a few minutes as if in morning

business first to thank the leader for the remarks he made and thank him and his staff for working with us throughout today and the afternoon to try to mitigate against sufficient dpulties that are going to be imposed not only only louisiana but many, many coastal states. as these insurance rates rise because of new requirements in a bill that this body never really got to vote on because it never came to the senate. i want to correct something i said in the record earlier. i'm sorry. if the senator needs to finish up his business, i can yield to senator reid. mr. reid: if the senator would be kind enough, we can move through this in about three or four minutes and then put it on automatic pilot and you can speak as long as you care to. the presiding officer: the majority leader. mr. reid: of course, i appreciate the courtesy of my friend from louisiana, my dear trend. i ask unanimous consent that at a time to be determined by me in consultation with senator

mcconnell the senate proceed to executive session to consider calendar number 40, one hour of debate, equally divided in the usual form, upon the use or yielding back of that time the senate proceed to vote with no intervening action or debate on the nomination, the motion to reconsider be considered made and laid on the table with no intervening action or debate, there be no further motions ordered to the nomination and any statements related to the nomination be printed in the record, the president be immediately notified of the senate's action and the senate resume legislative session. the presiding officer: without objection. mr. reid: i ask unanimous consent at a time determined by me and senator mcconnell the senate proceed to calendar number 91, three hours of debate, equally divided in the usual form, upon the use or yielding back of that time the senate vote with no intervening action or debate, the there be no intervening action or debate, and that no further motion be in order to the nomination and any statements related to the nomination be printed in the record, that president obama be immediately

notified of the senate's action, and the senate resume ledge safe -- legislative session. the presiding officer: without objection. mr. reid: i ask unanimous consent the senate proceed to h.r. 360. the presiding officer: the clerk will report. the clerk: h.r. 360 an act to award posthumously a congressional gold medal to addy mae collins, denise mcnair, carol robertson and cynthia wesley and so forth. the presiding officer: is there objection to proceeding to the measure? without objection. mr. reid: i ask unanimous consent that the bill be read a third time, passed, the motion to reconsider be laid on the table, there be no -- any statements related to this matter appear in the record at the appropriate place as if given. the presiding officer: without objection. mr. reid: i ask unanimous consent the senate proceed to s. res. 136, 137, and 138. the presiding officer: is there objection? proceeding to the measures en bloc. without objection.

mr. reid: i ask unanimous consent the resolutions be agreed to, the preambles be agreed to, the motions to reconsider be laid upon the table en bloc with no interstreakveningvening. -- with no intervening action or debate. the presiding officer: without objection. mr. reid: i ask unanimous consent the appointments appear separately as if made by the chair. the presiding officer: without objection. mr. reid: i ask unanimous consent when the senate completes its business today it adjourn until 2:00 p.m. monday, may 13, 2013, the journal of proceedings be approved for the date, the time for the two leaders reserved. following the leader remarks, the senate be in morning business until 5:00 p.m. with senators permitted to speak therein for ten minutes each. further that the filing deadline for all amendments to 601 the water resource development act be 4:00 p.m. on monday. the presiding officer: without objection. mr. reid: as previously announced there will be no roll call votes on monday. the next will be tuesday prierlt the caucus. if there is no further business to come before the business i ask it adjourn following the remarks of the senator from

louisiana, senator landrieu. the presiding officer: without objection. the senator from louisiana. ms. landrieu: i'd like to speak for up to five minutes as if in morning business. the presiding officer: without objection. ms. landrieu: thank you, mr. president. i'd like to continue and again thank the majority leader for his kind comments and assure him that i'm working with the republican leadership as well to try to find a way forward to minimize the impact on many businesses and homeowners that will be negatively affected by the new requirements of the federal flood insurance program. and i offer an amendment which i have filed, it's amendment 888, i'm offering it for myself and senator vitter, senator

schumer, and senator lautenberg are also cosponsors of this amendment. hopefully we can get a vote. i do not mind trying to meet the 60-vote threshold, i understand that would be a requirement should we be able to move to a vote next week on this amendment. we will be working very hard over the weekend to get additional cosponsors on the first amendment that i filed, which had a multimillion-dollar cost to it, we had 62 people who had committed to vote. so we have a strong network of senators, republicans and democrats, that are very supportive of the effort that senator vitter and i are leading to try to mitigate against some of the harshest provisions of this bill. that passed last year that never was voted on in this chamber. it came out of the banking committee, it -- a separate bill came out of the house with a strong bipartisan vote, but

then what happened was, both bills never went to a formal conference. it just got pushed inside of a larger bill, and a few things didn't get pushed in the correct way. at least from the perspective of those of us that believe that yes, our flood insurance program should be -- should be cost-effective, should be affordable and should not run at deficit levels any longer. but there are certain more ways to do that more equitable than others. so my amendment now -- we've worked all throughout the day and i thank senator crapo and senator johnson's staff has been helpful as well. we're not quite there yet but we are working on a fix to delay the implementation of some of these rate increases to give our communities -- this is not just for louisiana. texas is affected.

florida is affected. the east coast is affected. california is number three in the terms of policies that are related to flood insurance. it will give us just some time to give our people a little bit more breathing room until we can get our levees constructed, until this new mapping can be put into place as not to shock homeowners and owners of commercial real estate with these very high premiums that we hope to be able to avoid. again, it's amendment 888. there is no score attached to it. we will accept a 60-vote threshold and i really hope that my colleagues will look at this. i thank senator vitter for his leadership on this. it's a landrieu-vitter amendment. again, with senator schumer and senator lautenberg and their staffs giving us plenty of help and assistance throughout the day. so we'll work on it over the weekend. hopefully we can come to a final

resolution early next week and then get to the passage of the wrda bill, which is also extremely important to people in louisiana. very grateful for senator boxer's leadership, senator vitter is the ranking member. this bill came out of the e.p.w. committee with a fairly strong, bipartisan and overwhelming vo vote. we have millions of dollars of projects that are authorized in this bill. we have corps reform that is important to -- for us to be able to build our levees more quickly, more efficiently to avoid some of the terrible devastation that's happened. but -- so it's very important to get the wrda bill passed. but i'm going to ask my colleagues to, please, if you can join in helping on this flood insurance bill, please do. i'll look forward to working with people over the weekend on it. thank you. and i yield the floor. i suggest the absence of a

quorum. i yield the floor. the presiding officer: the senate stands adjourned until senate stands adjourned until >> work on a water infrastructure bill that authorizes dozens of flood protection, sewage and water way improvement projects around the country. they are expected to finish that bill next week. also did a senators approved two judicial nominations for louisiana and new york. live coverage of the senate when members return here on c-span2. elsewhere on capitol hill today the house homeland security committee heard testimony on the recent boston marathon bombings. boston police commissioner edward davis was among the witnesses at the hearing telling the committee that russia's warning about tamerlan sarnia was not passed on to local law enforcement in boston. here's a look. >> commissioner davis, first,

i'd like to start with you. as i said, post-bombing, the actions of the police department and all law enforcement, federal, state or local was unparalleled. and i commend that. but i would like to ask you a few questions about before the bombing. before the bombing were you aware of the russian intelligence warning regarding tamerlan and the fact that he may travel overseas to meet with extremists? >> we, we have, we are 3-d texas and a sergeant who were assigned to the joint terrorism task force. one of my detectives is actually in the squad that investigated that. we have access to all the databases, but we are not, in fact, informed of that particular development. >> so it's fair to say that your police officers assigned to the

joint terrorism task force did not know this information? >> that's correct. >> would you have like to know that information? >> in hindsight, certainly. >> before the bombing, were you aware that based on this russian intelligence that the fbi opened an investigation into tamerlan? >> we were not aware of that. >> would you like to note about the? >> yes, sir. >> the for the bombing were you aware that mr. tamerlan traveled to the chechnya region? >> no, we were not. >> again, would you like to know that? >> yes. >> before the bombing were you told that he posted radical jihadists video websites online? >> no, mr. chairman, we were not aware of the two brothers. we were not aware of tamerlan's activities. >> and again would you like to know that that? >> yes, sir. >> we know there was a

department of homeland security officer in the joint terrorism task force who was alerted, of mr. tamerlan's overseas trips, trip to russia in the chechnya region. were you aware of that information before the bombing? >> i was not. >> with the officers that you assigned to the joint terrorism task force aware of the? >> they tell me they received no word on that individual player to the bombing. >> after the bombing, after the bombing, were you made aware of this information? >> yes. >> at what point in time was that? >> the information started to come in immediately upon our identification of mr. tamerlan, of the older brother, on the morning of the water tower arrest. so the shootout occurred late in the evening on thursday into friday, and friday in the early morning hours we started to get

information about the identity of the individuals. >> commissioner davis, if you have had this information before the bombing, would you have done, your police force and you, which have done anything differently? >> that's very hard to say. we would certainly look at the information. we would certainly talk to the individual from the information i've received, the fbi did that and they closed the case out. i can't say that it would've come to a different conclusion, based upon the information that was known at that particular time. >> but if you knew of a russian intelligence warned that this man was an extremist and a traveled over the seas, and he came back into the united states, without may not have caused you to give this individual a second look? >> apps are moving. >> the senate judiciary subcommittee on cybersecurity threats held a hearing wednesday to examine the way government and private industry can work together to protect online resources.

this hearing is just under two hours. >> good morning. we will call this hearing to order. i believe that senator graham will be joining us, but in the interest of getting underway on time, we've been cleared to proceed and await his arrival during the course of the hearing. i would like to note today's hearing will consider cyber threats, law enforcement, and private sector responses. this as press reports indicate every day is an extremely

important and timely topic. indeed, i'd like to add without objection to the record of this proceeding to pages from the department of defense annual report to congress that just came out, stating, among other things, china is using its computer net work exploitation capability to support intelligence collection against the u.s. diplomatic, economic, and defense industrial base sectors that support u.s. national defense programs. obviously, there's a lot more to this issue than just that, but it's an indication of timeliness and importance of our concern here. technology continues to expand into every area of modern life. our power stations, our dams, and at the defense of poor, our

defense industrial base, are all online. and even everyday items like our cars, our home alarm systems, even our refrigerators are increasingly connected to the internet. unfortunately, these innovations have been accompanied by new threats to our prosperity, to our privacy, to our intellectual property, to our very national security. this subcommittee has heard previously about hackers have taken over the webcams of unsuspecting americans computers. we have heard about activists like anonymous using distributed denial of service attacks against financial institutions. we've heard about criminal rings that use botnets to send spam, to send spear phishing enough to capture and sell americans credit card information, or to engage in click fraud, scare where our ransom ware schemes.

and, finally, we've heard about the advanced persistent threats that have allowed foreign entities to steal enormous quantities of american intellectual property, and to worm their way into our american critical infrastructure. this hearing will consider our nation's law enforcement response to these threats. our first panel will include witnesses from the department of justice, and the federal bureau of investigation. it will consider their strategy to combat the broad array of cyber threats, and the resources that they have brought to bear to execute those strategies. the second panel will discuss the private sector's role in responding to these threats. it will consider a reason investigatory report based solely on public information that indicates that members of the chinese military has sponsored or engaged in sophisticated and extensive

cyber espionage, including industrial espionage. and it will evaluate the role of the private sector in investigating, preventing, and responding to such crimes and intrusions. i would start this discussion by noting that the justice department and the fbi both already have done some important work to address the cyber threats facing our nation. in march 2012, for example, charges were unsealed against the former head of activist groups anonymous and lulzsec, and against four other members of anonymous or lulzsec and a member of antistate, another hacking group. earlier this year the justice department secure the conviction of a 25 year-old russian who had operated and controlled the schenectady.net. and in april 2011 the fbi and the justice department engaged in a civil lawsuit to bring down the core flood botnet. ..

the fourth-star general heading our military cybercommand has said that our country is on the losing end of the greatest transfer of wealth by ill illicit means in history. it's good to complain about such theft through diplomatic channels, at some point you need to stop complaining and start

indicting. the justice department has not indicted, to my knowledge, a single person for purely cyber-based trade secret theft. i'm sympathetic that the justice department and the fbi lack adequate resources to respond to the severe cyberthreat as the witnesses will testify shortly, these are immensely complex and challenging cases to put together. the administration, of course, agrees and the 2014 budget includes a request for sixty new cyber agents at the fbi, sixteen new cyber attorneys in the national security division, and nine new cyber attorneys in the criminal division. as welcome as the request is to many of us, we must also ensure,

however, that the resources are deployed wisely. accordingly, i will be inquiring today if appropriate structures whether task forces or centers of excellence are being employed. whether attorneys and agents are properly dedicated to cyber work, not just carrying the badge of a cyber attorney, and listening to the conference call on mute while they do their own work. whether they're tasked with goals of achievable scope, and whether the attorneys and agents are properly evaluated and recognized for that work. i will close my opening remarks by adding that a law enforcement frustration and a frustration that is has effected this very hearing is the unwillingness of many corporations to cooperate for fear of offending the

chinese government and suffering economic retaliation. the shadow of china's heavy hand dollar kens the world and overshadowed the hearing. i look forward to an important discussion on the response of cyberthreats we face. i thank the witnesses here to participate today, and i will call the first panel right now. ly introduce both now so they can move from the testimony of one to the testimony of next. we begin with jenny dirken. she's a united states attorney for the western district of washington. she is on the attorney general's advisory committee of united states attorney, and she is the chair of the agac subcommittee on cyber crime and intellectual

property enforcement. prior to beginning her service as u.s. attorney in 2009, she was in private practice representing a variety of compliants and -- clients and civil litigation. she's a graduate of the university of notre dame and received her law degree from the university of washington. with her today is joseph. he's the assistant director of the cyber division at the federal -- bureau of investigation. in that role he manages over 600 employees debt candidated to the investigation of both national security and criminal computer intrusion. he joined the fbi as a special agent in 1988, and served in a number of roles within the bureau including as a s.w.a.t. team leader in the new york division, as shift commander for the pnttbom investigation, and as assistant director of the

international operations division. i welcome both of the witnesses here, and before we ask you to begin your testimony, i will also welcome my wonderful ranking member, who has demonstrated intense interest and commitment to this issue. and if e wishes to make any opening remarks. >> most of what i know about the cybersecurity threat comes from senator white how's which is a damning indictment to him. i enjoyed working with our chairman here who understands the threat as well as anyone in the congress. when it comes to the private sector has the most practical solution of trying to get the private sector to hardin their -- liability protection as the reward. i'm looking toward to the hearing. >> why don't you proceed with

your testimony. we'll put your entire comprehensive statement in the record. if you could keep your oral statement to about five minute, that would be helpful so we can engage in conversation and leave time for the next panel. >> thank you. good morning, mr. chairman, ranking member graham. i thank you to testify on the behalf of the department of justice on regard to cyberthreats and the resources required to do so. i thank you for your leadership in the area. the articles you have written show your great grasp of the array of threats we face. as you united states attorney, i see the full range of threats that our communities and nation face. few things are as sobering as daily cyberthreat briefing i receive. technology is changing our lives. we have witnessed the rapid growth of important businesses like saving technologies and new ways to connect our society. unfortunately, the good guys are not the only innovators.

we also seen significant growth in the number and the sophistication of bad actors exploiting new technology. seeking profit international rings have stolen large quantity of personal data. criminal groups develop tools and tech vehicle no disrupt our commuter system. state actors and organized criminals demonstrated the desire and the capability to steal sensitive data, trade secret, and intellectual property. one particular area of concern is the computer crimes invade the privacy of every individual american. every day criminals hunt for a personal and financial data which they use to commit other fraud or stole criminals. as you will hear from the next panel, the potential victims range in the tens of millions. the national security landscape has also undergone a dramatic evolution in recent years. we have not yet experienced a devastating terrorist cyberattack, we have been the

victim to a range of malicious cyber activities that are testing our deferences, tarting our valuable economic asset, and threaten our nation's security. there can be no doubt. cyberthreat actors pose significant risk to the community, and economic interest. addressing these complex threats requires a unified approach that incorporates criminal investigative tools, civil and national security authorities, diplomatic efforts, public/private partnership and international corporation. criminal prosecution whether in the united states or abroad play a central and critical role in these efforts. we need to ensure that throughout the country, the department of justice is investigators and prosecutors have the resources and forensic capability they need to meet it evolving threat. we thank this committee for the support in the efforts.

the department of justice has organized itself to ensure we're in a position to aggressively neat threat. the criminal division's cyber crime and intellectual property section works with nation-wide next of ore 300 assistant united states attorneys who are designated as computer and hacking prosecutors. mr. chairman, we'll address this question, they are doing the work in the field. they lead our efforts to investigate and prosecute cyber crime ovens. the department's national security division pursue national cyberthreat through a variety of means. including counter espionage and counterterrorism investigation and prosecutions. recognizing the diversity of the threat, last year we did form what the mr. chairman you have noted the cyber specialist. this networking brings together the department's full range of expertise in the this area drawn on exert from the national security division, criminal division, u.s. attorney office

and other component. there is a nationality security cyber does nailted in every united states attorney's office across the country. i hope to address some of the successes later here today. as said, despite the successes, the number of intrusions continues. because of the very serious nature of the cyberthreat and the pressing need toed respond, the administration is asking for enhancement to target the political program. most addressed to the fbi so we can do more ground research and additional request of the 92.6 million to the national security i division because we must address the increasing national security threat and the criminal division so we have the resources needed to deal with this internationally. mr. chairman, ranking member graham, thank you for the opportunity to testify here today. the country is at risk. there's much work to be done. we look forward to working with your committee. thank you.

>> thank you very much. >> thank you, mr. chairman. distinguished member of the committee. i'm pleased to appear before you today to discuss the cyberthreat. how the fbi responded to it and marshalling our resources currently and strengthening our efforts. the 21st century brings new challenges which national security and criminal threat strike from afar these intrusion to the government systems are occurring every day. such attacks pose an urgent threat to our nation's security and economy. we face the significant challenges in our efforts to address and investigate cyberthreats and currently prioritizing our immediate and long-term needs for strategic development in order to best

position ourselves for the future. we have made great progress since the cyber division was first created in 2002. we have seen the value of trusted partnership and work tirelessly to support and improve them. providing the information that is needed to secure our networks, demands cooperation and cyber vulnerable are magnified when you consider the ever connected system of the cyber world. we follow a one-team approach in the partnership for the u.s. intelligence community, law enforcement, private industry, and academia. we significantly increase the hiring of trained agents, analysts, and computer scientists. we place them in key locations to effectively facility the investigation of cyber crimes affecting the u.s. and while we are pleased to report our progress, we recognize that we must be proactive inured to effectively depress the threat we face. next -- the fbi next again

information related to cyber intrusion, investigation, and fbi headquarter and throughout the 56 domestic filed offices. with the intelligence community and law enforcement partners both domestically and overseas. implementation of the initiative is focused in four areas. first the national cyber investigative joint task force in virginia. the key part of the intergovernmental effort is the fbi-lead national cyber investigative joint force. since the formulation in 2008, they made significant progress in developing the cape as well as expanding the interagency leadership to now include increase personnel from 19 partner agencies and deputy directors from five key agencies. the second key element on the initiative is a restructuring and expansion of the fbi's networking of field office cyber task forces. which emulated the successful

joint terrorism task force model and counterterrorism division. just last year, the past year, the fbi formally established a cyber task force in each of the fuel offices. staffed by cyber specialized agents, analysts, and other agency participates. in the future, each ctf or cyber task force will continue to grow the capability leveraging nationally developed system, investigative effort and expanding motorcycle with a key focus to add. they are committed to advances the cyber work force and the surprise infrastructure. intelligence analysts professional after and task force officers through online training. the current result from improved information analysis.

since the role out of next jen visibility to the source of cyber activity. to support success and investigation intelligence operations and disruption operations. to support this we adopted an incident reporting collaboration system called e guardian used successfully be the counterterrorism division and for cyber reporting. we are industry partners to also report cyber incidents in a secure and efficient matter to the fbi and leveraging intelligence from the to effectively identify and notify cyber victims. as the committee knows, we have face significant challenges in our effort to combat cyber crime. we are optimistic by strategic areas for change the fbi will

position itself to neutralize the criminal threat in the future. we look forward to working committee in congress, sir. question look forward to our success. thank you, chairman for the invitation to appear before you today. we would be more than happy to take any questions questions. >> thank you. >> we thank you very much. i appreciate the work you are doing. i know it's an honor to be selected and confirmed as united states attorney. it's a greater honor in the rank to be selected to serve and your work to focus on cyber crime and cyber terror as the chair that subcommittee i think something that we should all be very proud of. and agent, you have been working this beat for awhile. nobody has more passion for it than you. i'm a little bit preach together choir. i want to try to give both of

your organizations a bit a shove through the hearing to be a little bit more forward on this issue. one of the ways you measure legal outcome is results. your testimony, miss dirken talk about prosecution as a deterrent and punishment. yet the level of actual legal activity does not seem to be all that great. botnet was taken down well over a year ago. i think we are through the stage where the participates had their attorney general awards and i'm glad they were recognized for that important piece of work. as i understand it, this was a group that was sort of coupled together from a variety of different officers, and at the conclusion of that effort it was basically allowed to just disappear back to the original offices. rather than continue the process of cleaning up and attacking botnets. as you know, microsoft has done

a at least four, that i can think can, four civil cases to go to court to clear botnet out of the system. it's not impossible for the justice department to have done more than one. on the side of intellectual property theft, we have, i think, primarily the chinese attacking exceedingly vigorously not only our national defense infrastructure in order to get to how our guy a dance system work they can imperil our military in the event we were to end up in a military conflict with them. they are plain trying to steal stuff to give it to the company so they can build it without either eventing it or paying us for the intellectual property right. that has been described as biggest transfer of wealth in the history of human kind. to my knowledge, the department has done exactly zero cases

involving a pure cyber intrusion to steal intellectual property and back out. they have done some intellectual property theft cases where somebody left with a cd in the pocket, the old school version. they haven't done any cases yet. the results are a little bit -- don't send a signal yet where we're need to be. when you try to look at the structure, it's not clear that the structure is firmly in place for this. this has been a considerable issue for some time. and yet it's i guess last year that the expert core began at the dp -- department of justice. your testimony, miss dirken, the department is developing threat focus cells. the ncijtf is a wonderful effort. i've been out there. i think the people who are there are going great work. my impression of it is they are working so hard out there to figure out who is coming through

the windows and trying to keep track of them and trying to warn businesses that somebody is now in their system, that there were hasn't been the capability to sit down and take that information and turned it to a prosecution package and put it in play a u.s. attorney's office and go and put somebody on the business end of an indictment. i'm not aware of any grandeur that are active in this area at this point. i think that i want to applaud, i'm sure it's thanks to both of your leadership that both the u.s. attorneys offices and department of justice, and the fbi are rethinking the structure that needs to deploy this effectively. if this really is a national security threat to the type that every administration if this is the biggest transfer of wealth in the human kind to illicit means we're underresourced for it when you put it up against a

dea just to deal with narcotic. we have atf for alcohol, tobacco, firearm, and bombs. where are we in terms what are we doing about this threat? i want to applaud for your own personal commitment in this issue. i really do want to continue to push both the department and the bureau to resource this up, we will do everything we can to support your efforts to enhance the resources in the way that the budget request, at least i will. firm up this structure so it's clear that the people who are on the list is doing cyber work are in fact doing cyber work and not just -- i've been a u.s. attorney. i know, the drill. somebody that is to get on the phone, somebody is a cyber person, out goes the conference call. there's offices across the country sitting there listening with the call on mute nap is not the way to fight this battle.

we shouldn't be counting those. it's a valuable function. we shouldn't be counting them as full-time cyber folks if that's the sum what they're doing. i like the notion of threat focus cells being developed, could you tell me both of you a little bit more about the new steps, the new structure that you're looking at for implementing the cyber. and where on the curve between behind the curve and way behind the curve that we are in terms of the resources necessary to do this? miss dirken, why don't you go ahead first. >> thank you senator. let me impact that a little bit. let me say i want to talk about result structuring grand jury. in the last three years i have been united states attorney and served in the role of the cyber crime task force. the threat evolved enormously. ly say also so has the department's response and forward-looking nature. there is no one solution to the cyberthreat, and no one part of government can quicks it alone.

as he said we have to have a one-team approach. so every aspect of government is working together and we center to work with private sector. for example, in my direct, we have a very strong outreach to see what the threat they are seeing to see what we can address. if we can prosecute someone, believe me, we will do it and have done it. i want to report that results actually have been very good. ly use my own district as an camp. even in the area of botnets, our direct was a center of botnet investigation. some people know it as the -- botnet. it was one of the largest, i think even larger. but that's my district. it was, as you know, a resource intensive investigation. it required multiple agents and multiple districts in multiple countries. we were able to work with our international partners across law enforcement, secret service, fbi. we took down the entire botnet at the same time in america and

several european countries. people were arrested in several european countries. we were able to extradite one of those to my district and prosecute them and put them in jail. we had successes and will continue to have discussions. we also towns meet the threat, we will not be able to prosecute our way out of it. we have to have technology answers, we have to have the department of defense, department of state, and all across government from the top down, i think every agency is committed to addressing this threat. it's a big threat, but i think we have great successes to report. i'm proud we do. >> let me ask senator graham to jump in. he has to step out for a moment to make a phone call. >> thank you. you can continue to answer his question. which i thought were great questions. from a layperson's point of view, we have a pretty robust system to deal with bank robbers. is that right? >> yes, sir.

and how many -- do you have any idea how many bank robberies were last year that the fbi was involved in? >> no, sir. >> probably. hundreds? >> hundreds. >> how many cyber theft in the united states? >> hundreds per days, weeks. >> thousands if not hundreds of thousands a year. >> yes, senator. >> there's two bays you have money stolen from you. a guy come in with a gun and say give me your money. or somebody can hack to the bank and steal your must be. how many people have been prosecuted for hack together barning and stealing money? >> can i answer that, senator? >> please. very many. >> one of the things we saw was a spike in not just hacking but atm skimming people would put device and able to take millions of dollars from many, many customers. we put together a task force and able to break down. it was a are main began ring. we respected those pete.

we had great success for a period of time in my district we drove down the incident of skimming to virtually zero. we did it not through the prosecution but working with the banking industry, educating the people. >> how many people were prosecuted? >> there were, i think, i have to get you the exact number. it was the entire ring some for the group of theft. it was more than a dozen. >> okay. get back with me. the point i'm trying to make, you know, are doing a good job of trying to up the game. the resources we have provided over time to deal with bank robberies compare that to the resources we have provided over time to deal with cyber theft. how would you equate the two? >> well,, the threat is certainly changing. so the fbi has reallocated resource which we had at other programs internally to cyber. so we significantly -- we'll talk about structure the

chairman we have done to develop team and also in the local fuel office and cyber task forces. >> do you have the resources necessary to deal with this? what appears to be a rampant theft problem? >> we are making do with what we have today. >> i think what we are telling you let's don't make do. let's treat it more like bonnie and collide. remember the bonnie and clyde the national bank robbery during the depression. that startedded fbi. it was the reason for being in existence. that kind of focus of dealing with, you know, crime in the' 20s and '30s. do you think we have that? >> i describe it as a moment. changed so much where crime used to happen on the street is moving to onlike. including violent crime. we have more and more violent crime set online. targets -- victims being targeted online.

we are addressing that threat. we have a great brick and mortar threat we have to address. it's a time where we have to allocate and realign ourselves. we have done it, we need to do more and with the help of committee in the congress. >> we need changes in the law to make it more effective. >> yes. i think we have proposed some changes. i think there are other changes that senators have proposed and congressman working them and your staff. in the '20s and '30s we fundamentally changed the role of the federal government's involvement in the crimes committed across state lines and really created, you know, groups. and i would maybe not a good analogy. to me we seem to be have a new emerging crime wave here. when it comes to resources and legal infrastructure, would you say on a a to f rating. a being exceptional prepared. f failing.

where would you put us in term of legal infrastructure and resource to deal with this new kind of crime? i think we are much better off than three years ago. i think we have aligned ourself to address and had successes. i think we have to keep working and we have to make sure that we are aligned with private industry. >> give the congress an a to f grade. >> i give congress always an a grade. [laughter] you're the only one. the one person in the country. >> i wish you were my teacher. [laughter] how would you say our infrastructure? >> i think today we're still phasing the same threat we face ten and twenty years ago, but now we have a threat and emerging new threat in addition to the old crimes. >> that's what i was saying. how far behind the curve . >> as far as the community. we are much evolved. event from the time the sovereign division was created in 2002 to where we are today,

and even over the past six months or a year. >> i think both of us want to kick in gear and get there kicker whenever the congress is failing. we willing to try to form our colleagues. we need up our game. if you have hundreds of bank robberies using force and you have maybe millions of thefts using cyber technology, it seems to me we're probably not where we should believe. >> i know senator graham has to jump out for a moment. i would like to continue this. one thing i'm going do without objection is put in the piece that senator graham and i wrote together in to the record of this proceeding. i want you to know we have just confirmed a new omb directly. we have a new deputy director in the process of conformation. i have spoken to both of them about the problem. and about the concern i have that you guys are good scouts

and don't go beyond the envelope that omb and the white house allow you in the budget. we have to have a serious discussion and sit down and figure out what the plan is for dealing with this and how we resourced it enough. i've been trying to for some time to get omb and department in the room together so we can have this discussion rather than you being accused of talk ugh out of school without omb there and vice versa. i hope to do that. senator graham and i came close to having a bipartisan agreement on a cyber bill. it fell apartly unfortunately at the last minute. and the executive order emerged. it is out and the landscape has been changed by the executive order. we are reengaged on trying to do what needs to be done legislatively. so please work with us on this. we will provide whatever cover

you need to bring omb in so question have a grown up discussion which you don't have to be flinching from saying what your real needs are. but it is very clear to me when you put the privacy and the criminal loss of all of our individual credit card and personal information that is being hoovered up out of the internet and actually marketed on crooked website where crooks can actually go and buy personal information so they can run crooked schemes off the info. you stack that on top of the attack on the bank that senator graham was referring to, you stack that on top of the theft of so many companies secret special confidential information that they use to protect themselves and build their product and their and, you know,

intellectual property and stolen by industrial espionage. you throw on top of that what is being done to our defense and industrial base which has both private theft and national security connotations. and you throw on top of that the viruses and worms and programs that have been inserted in to our critical infrastructure so that the grid can be taken down, bank records can be comprised, dams with can be opened. gates and pipelines could be opened. all of those sorts of things could take place. you stack all of that up, that's a big problem set. and i know i don't want to get you in trouble for saying anymore than you're authorized to, but you have at least the two of us who strongly believe that we need to have our moment on this and get ready to put the resources in to this problem

set. and one measure of that will be when we see significant indictments on this industrial espionage piece related to what the defense department said is being done. related to what the company said is being done. and all that have. i'll give you a chance to respond to the thoughts. we're having a bit of a back and forth here, and i want to push you on this. i think as wonderful as the work is that you have done, we aren't there yet. we need to make sure we get there. we cannot for long remain on the losing end of the transfer of wealth in human history illicit means. i see that senator koontz has arrived. rather than continue my . >> go ahead. thank you for being here,

senator koontz. >> koontz has taken a sincere and strong interest in this issue and worked very hard with me and others to get the bill to the finish line before it fell apart and before the executive order came out. thank you very much. thank you senator, thank you for invitation to you and senator grams and so many others who have dedicated time and effort and research make sure that the congress are doing our part. we'll give ourself a low grade how we have done in term of being able to bridge the differences between our party and chamber in term of coming up with some functional structure for dealing with the cyberthreat to our nation. i'm grate to feel senator white house for the per sis tebtd leadership in the issue the cross of number of committees of jurisdiction. my own home state. it has implications in addition to the intelligence, defense,

and many others. let me could, if i could. ask a few questions. i have a piece of legislation i want to talk about. but if you would help me understand in the run up to some of the legislative work last year a great deal was made about our military's unique capability to defend the united states and cyberspace. and the other agencies in terms of their capabilities and capacity. what unique advantage do civilian agencies or the companies the next panel represent have in the realm of cybersecurity? >> one you anemic ability we have is to put them in jail. >> right. >> we're trying to do that more. but again, i think that, you know, our ability to investigate and prosecute in these arena i think forms a couple of important things. number one, we deter further activity when we are able to

extradite someone vacationing in a different jurisdiction and bring them to seattle and put them in jail. it sends a message. we try disrupt. we don't have a capability to put all of them in jail. part of our strategy has to be disrupt the activity as anywhere we can do it. third, we have to hold people accountable, which we're trying to do more and more. i think some of the unique capability we have in our system we have the ability through the grand jury process, subpoena process, investigative tools to get information that others don't have. but again, lookinged at department of defense we have to use a whole government approach. senator white house is exactly right. the nature of the threat, frankly, cannot be overstated. it cannot be answered by any one part of government or governmental loan. that is to be private-public sector department.

>> senator. the by is uniquely positioned based on statutory authority and cyber is cross cuts. it's a program we have within the fbi that looks across criminal cowrnlt counter intelligence and counterterrorism. we able to incorporate from each of the division. and looking at the various threat. one area in counter intelligence was broad array. dod plays a key role, the intelligence community at large and the early partner at home in the law enforcement and homeland security. >> thank you. thank you for the answers. i agree with you in particular in a democracy and facing what is a broadly distributedded threat. the origin not completely clear. it's not always tax from nation states and tributeble to foreign actor. cyber crime and cyberthreat come from a wide range of sources. they manifest in our country in

a wide range impacts. the ability to compliment the defense capabilities with agencies that have broad jurisdiction and the capability to investigate, deter, to see compensation for victims is a different response than one gets from the defense department. i just wanted to comment, if i could, remaining minute when it comes to doing broad things that deal with both domestic disorder or natural disaster or with confronting a foreign threat to the national guard, has a also broad range of capability. it crosses the legal authors in the tactical capability and strategic role a fairly broad range of capability. a number of us, senator jill would give governors the capability to order cyber capable guards men to support and train local law enforcement. to leverage the expertise they

have from the military training and civilian career. my home state has an capability one. allow us to tap in to the fairly sophisticated. through the national guard service. i think this sort of function in this particular legislative authorization would be help of the for doj and fbi as well. because it can help them have more capable better prepared state and local partner. i certainly welcome recommendation or comments you or other witnesses. we'll beholding a law enforcement caucus event on this particular idea of this bill in june. i'm grateful to senator to contribute to the hearing this morning. thank you. >> thank you, senator koontz. we in rhode island have a cyber wing in the rhode island guard,

and i look forward to working with you on your legislation. i think it's a valuable thought. it is important for the record of the proceeding move from the local guard and reserve capability to our military and from there to our active duty military from there to the intelligence services. there are increasing restrictions and concerns about taking action within the continental united states particularly where it involves american company systems and individuals. and so that's, i think a particular reason why our law enforcement is 0 so important. we look at this domestically. we are joined by senator cloab char, a former prosecutor herself. >> thank you, mr. chairman. thank you to both of our witnesses. i was listening to senator koontz and thinking about back to when i my job for eight

years. running an office of about 400 people. two levels of issue with computer crime. one was officers who despite their best effort didn't have training. they would go to a room and turn on a computer and erase everything on it. that's how it was rigged to do. and it happened a number of times in the second thing. second per capita for fortune 500 companies. huge companies like target and best buy and companies like 3m and u.s. bank. i have firsthand seen how challenging the situation is and how as a local prosecutor we simply didn't have the resources or the know how to handle some of those cases when they would come our way or be handled by the u.s. attorney's office. my first question, i guess thank you for your good work. what is the best mondle how we go forward and get them trained?

>> that's an excellent question. again partnership with local law enforcement is critical to our successes. working both with the secret service and electronic crimes task force about fbi's task force. we have create successes in the field. key is training. we have work to make sure we have forensic people who can handle this. and also education to the public. an camp where the successor that worked in my district. we have a small family restaurant that was hacked by minute who was in maryland who was attacked a number of sale people. stole many, many, many credit cards. he sold them to someone in romania, a citizens of another person who posted them to a carting site and purchased by a gang affiliated group in los angeles. through our investigation we were able to arrest the person in maryland, charge the person in romania, and los angeles.

we got all three level. we did it working with it the local law enforcement, task force officers, the secret service, and the fbi all played a part in those and other investigations. it is a critical part of it. we look at the training for lawyers we have worked to make sure that not just our chip lawyers are trained in cyber activity but other lawyers have the experience. we have the national advocacy center in south carolina, and one of the conferences even in the difficult time we make sure went forward was our cyber conference. because we have to make sure a prosecutors are trained, the local law enforcement is trained, and the public is educate. i think that's part of it. especially with small business aren't going have the resource of u.s. bank and minnesota. so i think more outreach to them would be a good idea through chamber and anything. i think they are starting to be victims as well. they don't have the resources. that's right. if the small business hasn't come forward. we wouldn't have had the case.

having that it creates able us to do our job. >> the next question from the cloud computing area and the fact that our cases have to be becoming more and more sophisticated, as you know. digital evidence evaporates than a paper trail making it difficult for law enforcement to investigate the crime. and another challenge is the evidence is imcriminating information it's stored in the cloud out of the jurisdiction of the united states. i had a bill on this soft floating out there like a cloud as we try deal with the cyber bills that i think are important. can you comment on the challenges of a lifetime of evidence in cybersecurity crimes and real possibility that the evidence could be outside the gorses diction of the united states? >> that was a good likelihood it will be outside the jurisdiction of the united states. it's many challenges. depending on which country the evidence may lie, our

relationship in that country with the investigative agencies of that country as well. so does present several challenges on that front. >> what would be the best way to get at it. agreement with other countries? is there something we can put in law that would create a structure for the agreement? >> i think the agreement and the as far as what law and other changes question possibly put in place. to better circumstance and working with our foreign partner. >> i think it's all of the above, senator, you mentioned. you will notice one of the budget increases we asked for is to have additional prosecutors overseas. we have seen more and more of the cases arrive on international soil. our partnership with foreign nations and europe particularly has increased. we need more people there. we have the budapest convention, which is having more and more international part near make sure we can get the evidence abroad to prosecute people here. they can get the evidence from our country they need there. we have to do all of the

things. >> we vitamin creased our footprint overseas from just three offices to just short of a dozen this coming year in key locations throughout the globe. >> thank you. >> appreciate it. >> senator graham had the time interrupted by the me and the call he had to take. let me turn to him and have a fresh start. >> just very quickly, i mean, we are facing a law enforcement threat. people stealing our property, our intellectual property, stealing our money, and anything else, i guess of value in the cyber crimes. on the nation's state national security counter -- after 9/11 the fbi has two commissions. counterterrorism as well as traditional law enforcement. are there clear rulings of engagement that exist today that would allow the fbi, the clay, department of defense to engage

a nation state who is committed a cyberattack under the law? >> there has been a lot of discussion, and a lot of coordination. we mentioned -- that means no. i'm sorry the question. >> are there any rules of engage ment has anybody sat down and said the event would be considered a nation state cyberattack while allowing us to respond outside the law enforcement model? our chinese friends seem to be held in on stealing anything they can get their hands on here in america. rather than developing in their own time and economy. we're worried about what they could db our other nation states not just china. our terrorist organization could do our ability to defend ourselves. to you worry about a cyber 9/11?

depending on the extremely complex issue, and what you may be referring to or looking at. different motivation by many. >> is it possible? is it possible that the cyber technology you can create at 9/11-type event on america? >> it's possible that they could cause significant damage and destruction through cyber. it's possible. >> what kind of thing would be possible? >> if you look at access to systems, if they get access to oil and energy. so the system that control key networks or critical networks. that could cause significant damage. and whether it be long lasting or short term. it could be both. >> do they disrupt military operations? >> i'm not sure, sir.

>> would you like to take a crack that the? >> i think, senator graham, if you look at the range of threat. it keeps me up at night. i think part of the questions have to go to the general alexander. i think if you look at there's people who work to get it done. that's why the department of justice is part of the solution. but it's not the whole solution. and again private surprise developing better security mechanism and better technology going back to robbing banks. when banks set up. they didn't bar with they didn't have camera, they didn't have a lot of defense. private companies are determining private technology. they have to provide part of the solution. both of you folks, the one forcement model here and how question go after bad actor. are you familiar with the counterterrorism threat.

>> yes. >> how would you rate our infrastructure on the counterterrorism side? the national security side to protect us against people who don't want to steal money but want to do more damage? >> i think based on tragic losses in 9/11 part of the response of that in new york and here at headquarter, i think it's a more developed model that i think the community has in addressing counterterrorism. i agree with that. >> absolutely. i think we'll get there, senator. >> and i could use one example, the national security cyber specialist, it sounds like another government thing. one thing we realize in national security setting if there's a cyber event we get intelligence is going to be. who do we call? do we call the cyber lawyer? the antiterrorism lawyers? we knew we had to merry them

up. that's what we're trying to do to make sure we have the right appropriate people in every office and the best expertise we can have it here to give to the field. >> let me, before i release you guys and call up the next panel, ask you two things. could you, in a supplemental fashion to the testimony you have provide make a little bit more of a detailed case as to the conclusion you describe in both of your testimonies about how complicated complex resource intensive et. cetera -- as much as you can without revealing things that shouldn't be revealed. try to put some tangible facts and real teeth to the

discussion. it will help senator graham and myself in arguing with our colleagues with this if we have more of the conclusive statement. something that makes the case further. it would be helpful to us as we try to proceed. . second thing, we have the discussion about resources and structure and budgets and i look forward to continuing that discussion with the new omb director and your department and your bureau. but separate from that, i think we can make some progress on your capabilities and authorities and safe guards in taking out the botnets. and i would ask you for your commitment to work with us in drafting appropriated

legislation that will be allow you to have more authority and proper safe guards as you go after future floods and future -- would you do that? >> absolutely, senator. >> yes, sir. >> terrific. again, let me close by thanking both of you for your service and passion in this area. i am pleasessed pleased that people like you are in this. it comes with the recognition you are part of a large bureaucracies that don't always move with great e lackty and sometimes our job to give a little bit of shove. but it reflects not at all on either of you or folks working the problem. it's been done impressively. >> thank you. >> we'll take a minute to call up the new panel. [inaudible conversations]

[inaudible conversations] let me thank our private sector representatives for being here. kevin is the ceo of a corporation which he founded in 2004 to help private organizations detect and respond to and contain computer intrusions. when you find out you have been hacked, who are you going call? ghost busters. that's kind behalf he does. he began the career in the u.s. air force. in which he served as a -- senator graham is also in the air force. as a computer security officer and investigator. he has degree from the george washington university and lafayette college and taught at george washington

universities. let me stop there and i'll call on kevin. let me also -- back in our earlier legislative process, senator graham and i and senator mccull sky and others organized a series of classified briefings to bring them more to awareness of what was going on in this field and you were gracious enough to come and make a presentation and effective one. i want to thank you for that. let me ask you to proceed with your testimony and introduce the other witnesses they are called up. thank you, mr. chairman. and ranking member dwram. american companies will be under seeing by many different types attack. economy espionage more than nuisance-based attacks. today with what i'm going to talk about is the sophisticating espionage attack. while many organizations are actively trying to count counter the threat. at the end of the day there's a

security ghap we need close. today what i would like to talk about is three things. why the security gap exists, what the private sector is doing about it, and how law enforcement can help in regards to that security gap. first the reason the security gap exists is that there are government resources hacking our private sector. it's simply an unfair imbounce fight. if the government was chartered to hack the private sector in other countries we would be successful at nap i likened to it ab ultimate fighting champion mugging my grandmother. it's a imbalanced battle field. they pointed it out in an report in february. we released a report to the public that clearly shows there are member of the pla targeting the private sector here in the united states. the second reason there's a gap in our cybersecurity is that for the first time in history, that i'm aware of, it used to be when

systems were targeted it was nobody knew who used that system. but today the cybersecurity attacks there are human targets. we at show that in the apt one report in the that the pla recruiting english-speaking people so they can send the e-mails. ..

it's just an imbalance in the expertise required. another reason there's simply no repercussions to hack into u.s. infrastructure and certain safe harbors for safe havens such as china, russia, north korea, iran. these are countries that can have our resources with impunity in repercussions. we also have a lack of resources than i could go on. in short, technology vastly outpaces our ability and willingness to secure it. so what are companies doing about it? essentially have noticed two things. they are doing some actually talking to knowledge in hiring the expertise to defend.

senator come you mentioned willing to oppose china. in my experience, most of the private sector take us seriously when it had a preacher in china to do everything on the technical front to bolster safeguards and if you're not willing this is a public nation is to it happens based on the fear of shareholder value repercussions and the same timeframe because simply the economic gains could be so great in china. it's a very tough issue but make no mistake on the cybersecurity sanctum of folks do a lot in the air when they are worse to preach and have resources to do something about it. a lot of companies are pretty aware they've had a security breach and could be making important intellectual property for a country they simply don't have defenses to safeguarded. these are beholden to standard legislation or regulation to create a charity pot shared and it has been my experience of your soul driver for security is

some compliant, the compliance does not prevent the attacks cc. so what can we do about it? what can the fbi one person do to help? the fbi has been compromised by finsbury groups. indeed two thirds of the preachers are first adapted by a third party. if we do what we can to have the detection could be the dod, intel community. i've seen communications from the fbi. the fbi notifies quicker we can of lemonade impacts and consequences of breaches. a private industry will not always win the battle speed five, if we should nation, what you will see is limit the impact of the breaches, limit the consequences and share the information and law enforcement can do that. by establishing a system where

they share proactively uses that information, america will put a cyberdefense that is dynamic. no one is getting smarter for these preachers today. thank you for the opportunity to share with you. >> our next witness is stewart baker appeared from 2005 to 2000 is the first assistant secretary for policy at in the early stages of the department for homeland security. as an intelligence lawyer, mr. baker has been general counsel to the security agency and general counsel to investigate weapons of mass destruction intelligence failures that took place prior to the iraq war. mr. baker, welcome. thank you. >> that kevin founded and turned to the question of what the role of the fbi and the ink could be, should be. i would not spend too much time

as kevin demonstrated we are not likely to defend our way out of this problem. defenses played an important role. i've been supportive of the legislation and the executive order, but it's not enough. it's as though were trying to solve the street crime problem and telling pedestrians to buy better body armor every year. that's not a complete solution. we have to find the criminals and deter them. i don't have to preach to me to review about the importance of that. but in thinking about that, the real question is how come we last reached the threats that are most struggling to americans today, which is protect in the attackers. it seems to mean the justice department and fbi suffer from a lack of imagination authorities and lack of imagination with

respect to resources. with respect to authority, the idea of prosecuting, said the people who are protected by nation states is deeply unlikely and we need to find additional mechanisms for deterring that committee. the administration is doing naming and shaming that's a good thing, but we should use their visa authority to say if you participate, if you train hackers in a country, if you hire hackers after they finished their tour of duty, you have to cooperate investigations or you will not get visas to come to the united states. to industrial for the treasury department, which doesn't rates with whom we will not do business. not in russia or belarus. we won't do business with people engaged in conflict diamond

transactions. take as much care to protect against people abusing human rights right here and the dissonance and ordinary citizens. we should be using those tools as well. i see that senator mccain, senator rockefeller have introduced a bill that goes down this road looking for tools to deter government sponsored the names of the cosponsors and i think the approach of looking for handles to deter the beneficiaries of this espionage is worth pursuing. let me turn to the question of resources, which is profound and not solvable and our current situation. sheldon whitehouse.about the gts

that notifies those attacks on the networks. this is enormously affect it because they've been exploited for months. at the end of the day of work with clients to have the experience and the fbi's role basically is to figure out somebody's been compromised and to tell them. maybe they can give them advice, but frankly after that it's a little like having somebody tell your bicycle has been stolen. he'll not get a lot of help from the police tracking that down because they don't have enough cops to do it, not purely to help other companies they are notifying. if you curse days in a domestication make the noticed account any is largely on its own and they hire someone and they begin a process of hundreds of thousands of dollars to get

attackers out of the network and figure out who's attacking them. we know from the kinds of work that mandiant has done that they got their enormous volumes of information about who is attacking a particular client they had. we should be working much more effectively to utilize that information to build it into mechanisms that will take care outing on. the biggest problem we face there is even no resources are enormous and the private sector and will focus on particular attacks, we do not let individuals under attack for the people they have hired go beyond looking around and they're not hurt and perhaps a few networks that will cooperate with them voluntarily inside the united

states. i'm not calling for vigilanteism. i am not calling for lynch mobs, but we need to find a way to get firms doing these investigations at doherty to go beyond their network under some guidance from the justice department said they are not doing harm to the networks they are investigating, go back to where the hackers are storing all of their stolen data, try to retrieve the stolen data to gather enough evidence to prosecute these guys. my deepest disappointments here and the reason just point my money into the justice department at this point is a dubious proposition is the justice department's reaction has been to pour as much cold water as they can to say we think that if you got policy idea and probably illegal so they are deterring companies that want to investigate people

attacking them and provide information to the government. they say you can give it to us, but we might indict you instead of the hackers. that's the wrong answer. my suggestion would be to find mechanisms to provide the oversight necessary so we are not just letting people wander around shooting in the dark, the people know what they're doing can carry out these investigations and pursue attackers back to what they currently think is their safe haven in another country. if we don't do that, will never get the bottom of most of these attacks. >> finally, ms. tran nine from symantec. thank you for being here and so much symantec has sent to be helpful in our process to get to legislation. >> freethinker microphone may need to be turned on. >> chairman wright has come a member graham, it's my pleasure to testify before you today.

my name is cheri mcguire and i'm the vice president for government affairs. >> i should've done a more complete introduction. ms. mcguire served in various capacities at department of homeland security, including active directory deputy director of the national cybersecurity division in the u.s. cert. so she comes not only with her experience at symantec and i'm sorry i omitted that. please proceed. >> thank you very much. so symantec is the global leader in developing security software and we have over 31 years of experience in developing internet security information management technology. today we have employees in more than 50 countries and within 21,000 employees with us. in particular, i like to mention global intelligence network or

what we call the chant comprised of more than 69 million attack sensors in 200 countries a record thousands of internet events per second which gives us a couple of tight end to the worldwide threat landscape. in addition, everyday we process more than 3 billion e-mail messages submitted 1.4 billion web requests f-14 global data centers. as i said, these resources allow worldwide security intelligence data that gives him a savior of entire internet that landscape. a few key findings to renovate a security threat report i would like to share with you clues in 2012 we saw 42% rise in targeted attacks and 93 million identities exposed through hacking, theft and simple error. in addition, we estimate 3.4 million zombie computers

worldwide and one and seven by 15% of these were located in the united states. we also saw 52% rise in first to mobile devices. another disturbing trend with expansion of what we refer to this watering hole attacks are these directors to come nice legitimate website celebrates as iran's race of infections. these states distribute ran somewhere, a type of knowledge or, malicious software that locks the user's computer, displays a fake fbi warning and attempts to extort money from the user in return for unlocking the computer, which by the way he usually doesn't get unlocked even after the user has the extortion. semantic participates in numerous organizations as part of our global commitment to fighting cybercrime as well as numerous public or the

partnerships in the u.s. and abroad to address these and other cyberthreats. in the cybersecurity institute, national cyberforensics alliance in the ei and for card, u.s. secret service, electronic task force says it has provided more information and i do want to have a few. for example, two years ago we establish the norton cybersecurity institute to address critical shortage of investigators, prosecutors and judges adequately trained to handle cybercrime cases. through the institute record made in sponsored technical training for law enforcement globally. we also publish the annual norton cybercrime report which is one of the largest global cybercrime stripes -- studies that it is more than 15,000 users across 30 countries.

another example is a trading alliance that includes 80 industry partners and provides members with real-time cyberthreat intelligence to identify threats and actors and has been a key player in the fight against financial sector intrusions that have occurred recently. these partnerships have lead to successes in one example is the takedown this era of the dermatol botnet such as identity theft in click fraud. this takedown is the culmination of a multiyear investigation. many say it takes far too long to complete these investigations and what can be done with private industry and law enforcement joined forces to go after cybercrime networks. i've also detailed in the testimony similar successes in operation mentioned earlier and other testimony today. unfortunately, these examples

highlight how much sony's to be done here while we have seen successful prosecutions and take down as chairman white house describing her opening statement, there's undoubtedly more and larger criminal rings operating today and the relative cases like these is not because the government does not want to pursue them are the criminals are not out there. in fact, investigators and prosecutors we found her quite willing and many in the private sector are eager to help. unfortunately, cybercrime cases require a technical understanding as well as deep knowledge of multi-jurisdictional legal issues. they're simply not enough investigators, prosecutors or judges of technical training to keep up with cybercriminals as a party heard today of low low bar for deterrence. a symantec were committed to

improving security and infrastructure as well as the data across the globe and industry on which to do so. i'm happy to answer any questions. >> i'm going to turn immediately to senator graham is the schedule is starting to talk to attend and not the here until the end of the hearing. senator graham, let me thank you again for being the ranking member on lance and the intensity and protecting our nation and a variety of areas and the cyberarea. >> thank you, mr. chairman. enjoy the easy question. you're about to embark upon because he will be back. i've really learned a lot from senator white house and the witnesses today. just to keep this 30,000-foot level, two mr. baker and kevin do you agree china as a nation

state is involved in hacking into u.s. databases, banks of the stealing intellectual property. is that a fair statement? >> yes, i would agree. >> could you give me two pages of why you say yes? i will take it to the chinese ambassador and ask you to give me a response. >> i'll give you about a hundred pages. >> which will be consolidated to two. >> absolutely. comments company has done the most -- [inaudible] >> russia? >> russia is harder to identify as a country. >> would you say china's number one? >> china's number one was in my country doubles in size every year. so yes, they're number one.

china by far in terms of volume is the most aggressive. >> who would be second? >> there is a battle for second. >> could you give me the top five? >> i think of alliance for safe harbors. middle eastern organizations emerging. china furs, probably russia, but it's my opinion the rules of engagement between russia and america is on the site we worked it out. the government only hacks are governed. we see then they go away. cheney just keep going through it. there's an enormous gap between china's first, russia's second, the second is competition there. we see attacks out of the middle east more. >> i'm going to get with senator white house and do something about this. we are going to try to put nation states on notice that if you continue to do they still pay a price.

these are programs or tools available to us politicians to pick it back or send notice and maybe the immigration bill would be a good opportunity that we have to think outside the box. when it comes to cyber9/11, i've got two minutes and 20 seconds. could you describe what you think of cyber9/11 could look like? >> very briefly to break into a network of you can probably break it. no networks in the united states haven't been broken into. all of them can be attacked and in many cases you can move to the equipment that runs on that and break that. we demonstrated that it ths with a generator, just assigning code to what we burned it out. the risk is an attack are determined to break into industrial control systems and

rack power systems, pipelines, refineries, water and sewage. new york city without all of those things is going to be a very unpleasant place. and i will feel worse than 9/11. >> is complex to determine what will happen when somebody tries to bring down an electric grid. even from the attackers did you make it unpredictable results. i remember during the super bowl on the lights went out, i give you two things. we should see a way makes the shots across before it happens. i don't think the first attack will be noticed. the catch is that it does happen it will come from a third-grade classroom in mississippi somewhere. it's going to come from an ip address in this day for a human not reiterate the state will branch out from there. hopefully we have controls in place to know who did it because

the deterrence for that act is outside of the cyberdomain. >> ms. mcguire come you mention the law enforcement resources and model. how would you rate our legal infrastructure in terms of providing tools necessary to go out and attack cybertheft and create deterrence without all of the swearing more body armor and from resourcing point of view, how advanced are required to integrate from eight to to s. legal infrastructure and resources available to our government to fight cybercrime. >> from a standpoint of legal infrastructure, we have it pretty strong legal infrastructure in this country. it's been equipped to address cybercrime as i mentioned in my opening statement is something we need to play catch up with. there's quite a gap because we just don't have the number of investigators, prosecutors.

>> it is a wish list of what she'd need to get to where we want to be. >> we clearly need more investigators, prosecutors and judges who are equipped and trained at the necessary skills to address these kinds of actions. that's a pretty big gap we have today. the folks who are out there, probably most to say they are overworked and can't keep a with the volumes they are being presented with every day. >> given the threat and the focus, is very big gap there? is there a gap between the threat we face as a nation and the amount of resource is we are supplying to the threat to meet the threat. >> item off i could actually quantify how large the gap is, but suffice it to say there is a

gap, a significant gap. we are not putting resources against this today. what you mentioned about the way we approach burglaries and rappers, we do not put the same emphasis in cybercriminal and cybercrime activity today in this country. we make progress, but we've got a long way to go to catch up. >> thank you, senator graham. a couple follow-ups. first of all, mr. mandia, when you mentioned a big attack might come while three classroom in mississippi or somebody's individual computer come you didn't mean it would be originated there. you refer to an attack starting overseas that would've come through a slate computer they are so fed up with the as if that the source. clearly that's the level of

sophistication enemies operate out that they could slaves a classroom computer news that two factor attacks into infrastructure. >> that's the case. every attack has points in between, but these attacks are coming straight out of china into the victim. they are routed through vulnerable sites in the real challenge we have is the protocol, nothing looks bad about the traffic of a nationstate to third-grade classroom in mississippi. who looks bad when it goes from a classroom to the real target, so it's complicated and prevent that. >> you mentioned china and russia. if you are lucky not what we would call for want of a better word, but it seems to be the right has developed advanced persistent threats.

versus botnet and criminals siphoning off route. the chinese have heard is much more in the direction of persistent threat and attacking intellectual property and tried to insert potential cybersabotage and terror systems and not so matching ph and botnet and neck cavity from the russians died as the official and criminal network trinity that is more involved in stealing and spamming, so they're two different problem sets depending on the source. is that correct? >> that's correct. i would think it is a consumer problem, not necessarily enterprise problem, but it does cost into a criminal element

using a the targeted tax the criminal element uses them. many think economic espionage, most are targeted tax come a very attacks. >> if i heard you correctly in your testimony, he said two thirds of the time when you respond to a company that is said we've been hacked, they had no idea they had been hacked until some government agency warned them, often the fbi. department of homeland security. there was a time not too long ago and i'm just using my recollection now, that does your company and the fbi operation indicated when they won out, 90% of the time they were the

bearers of bad news to companies that had no idea. a little like the u.s. chamber of commerce, which while busily packing our efforts to get legislation in this place, also had basically the chinese to rattle their systems right down to the fingernails for months and months and not had no clue about that until the government came and told them by the way i think you've been hacked. has it shifted from 90% to two thirds? is my memory failing me? is a little more rice in the private sector now. >> with a misleading figure. it's based on the chinese intruders since 1996. over time it's no longer the first time you learned you been compromised by these folks. when you go to your second or

third trail from chinese hackers come in general security posture gets to a point where you detect it yourself. last year we would've told you over 90% and i've been tracking this and 1998. over 90% third-party notification for customer self-service. we are responding for the second or third or fourth time that had detected themselves because they've lived through that first wake-up call from law-enforcement. >> which you describe companies you provide services is operating critical infrastructure in america? >> yes. the critical infrastructure demarcation line is harder to find in some industries, but the answer is yes. >> d.c. difference among companies that operate critical

infrastructure? are the demonstrably noticeably better at this? had a far away from 90% are more or less like any other company quick >> if there is a regulation or standard outlined by industry that your security is in fact better in general than organizations that may befall through the cracks of the hodgepodge of my collations out there. your security is better. >> let's talk about what we can do to increase security for critical infrastructure. let me ask ms. mcguire and mr. baker. some time to develop defenses in the critical infrastructure sectors. we've also heard from both of you that the word dynamic keeps

popping up. the society dynamics drive. if we set xyz strategy or xyz to knowledge he is the mandated defense, within a week or month or year, that would be obsolete and we hold companies back from doing what they needed to do because we would require them to stay with an obsolete elegy. that simply set regulatory requirements in a static way. what's your recommendation to how we might go about accomplishing that mandiant has suggested, which is standard help and we need to have them for critical infrastructure at the same time the dynamic capability necessary to meet this evolving at.

ms. tran nine. mr. baker. >> the key point is this is not a simple technology solution issue. you can't just fix this technology. it has to be a multipronged approach. many of us would use the term sensenbrenner echoes across all areas of his past. >> to interact, you can tell when it company has to did when they don't. effect is not a technological as a best practice solution out there. >> you've got to have the technology properly deployed and up-to-date in order to be your line of defense. in most cases, we will catch most of those sectors and threats. but to mr. mandia this point, we will not catch everything. in the face of a sophisticated attacker that is well resourced,

that is very deep roots of sponsorship, we will not be able necessarily to address those kinds at a pta and threats. so it has to happen is really a mash or standard risk management approach. we've got to address this through, and risk management principles that includes technology, training of personnel, awareness of critical infrastructure owners and operators that this threat is real. they're starting to get that now that we have more high-profile conversations around this with events like the recent code issue with the breaking of more than 30,000 constraint system devices they are, and major pipeline.

they're starting to have this awareness on this search around the importance of it. a couple other areas we need to address and that is information sharing. information sharing is a tool, but it can certainly help but the warning and preparedness at this critical infrastructure owners and operators in the common standards question always comes up. again, as you mentioned the need to be dynamic and flexible enough to allow for the most modern and up-to-date technologies to be implemented. having the common standards that, for example, are being worked on to the administration executive order right now that will raise the bar across all industries will come a long way. still remains to be seen, but that's a positive step forward. >> not only can't campus office of, regulation is not the greatest will because as we've

seen that things keep changing faster than regulators can identify things that need to be done and start imposing sanctions. if people are willing to pursue security themselves appear regulatory solution will solve the problem. the good news is there's a way to think -- >> perhaps a regulatory solution measures the pursuit rather than the solution. >> that's what i was getting at. when they paid the court gave rich, they never stop. they get to the other and i go back to where they started and start paying over again. that's a security approach that is her best. start with his attacking me, who's likely attacking me. what tactics and how do i stop those and lament that. who is attacking the amateurs are they going to use now?

you just lather, rinse, repeat. that process is the only thing you could say for sure were going to have to require people to do. >> there is a red of responses among operators of critical infrastructure to this problem. some of them are very forward in the foxhole, throwing everything they can at the problem in the danger regulation creates if you interfere with a holdback directories and there is a price to be paid if that is the effect. at the same time there are free writers and people who say why should i spend the money this quarter with what are the chances of that happening out database probably a big catastrophe the government will save my rear end anyway and so

there are lacquer is an writers and she on the system basically peer without a standard they continue to be lacquers and free writers in chief, said they see significant cost as well. there needs to be a standard, but he needs to be dynamic and measure pursue rather than any static point. >> one area where there's been a distortion due to regulation number we should try to find a way to use the existing regulatory schemes are some of the data breach notification laws say you don't have to notify if you had correction. people spend a lot of security budget putting encryption i'm not up so take a loss they don't have to disclose they had a breach. that's probably not the biggest threat, but it is the one that hurts the most. finding a way to get the ftc and

state attorneys general to focus on security as a whole rather than just this one is probably useful. >> mr. mandia, any thoughts on the pursuit versus static? you do a lot of these companies as well. >> when you look a legislation commits a complicated matter. i thought this discussion for 15 years. that's very complicated. that aligns the industry the private sector has done a lot of that themselves. what i've heard here makes a lot of sense if you can push for an agile defense mechanism in the united states at our companies can take that intelligence shared with it and that the technology and means processes to do something with it. that's a great next step to cover the security tab. there's already hodgepodge of legislation and regulation covering 80% of the problem out there but when we want to deal with the nationstate, 10% to 20%

of the problem is the means for the government to share intelligence of the private factor with that enormous liabilities in doing so insert the information sharing and a codified way we can make it actionable quicker. >> all three of you agree among the operators of critical infrastructure in this country you can find companies that are not doing what they should be doing in this area and every there just not pay any attention it deserves or maybe economic decision not to invest are basically play the role of the lacquered rewriter about other people drive it forward. is that a yes, yes and yes across the board? >> i can say most of the organizations they responded to were unreasonable to prevent.

so we respond to over 30 of the 100. i think they were probably out getting a check for compliance is pretty aggressive standards. yet they were still breached. when it comes to the critical infrastructure as they sit inking about it, the majority of organizations had security programs that were mature and above compliance, yet still breached. and given you an unfair frame of reference because we respond to the tent% to 20% of breaches. >> there's two problems. one is the high performers remain vulnerable to breach by very highly qualified in persistent attackers and at the same time is a considerable set of critical infrastructure operators to make it easy may simply not been up to basic standards. >> i just described and 10 seconds the attackers veteran to

respond to have the exact same chance of getting in. the only thing that separates the a's from the bees is the a's will detect the attack themselves, be small. we are responding to surveys in peace right now. >> back to the point we've heard many people articulate in this area and that is if you are looking at a come to me, it is in one of two categories. indeed there has been hacked and noticed that her has been hacked and doesn't know it. but then it comes in a significance has been hacked. it is also important, senator klobuchar undercurrents mentioned the interest in small business. as the attack runs, small businesses, particularly those that have a specialist process or product or scale that is susceptible of being stolen and replicated without having to pay

license fees and invented on your own are becoming more and more the target in the supply chain to the intense industrial base. if you're a small shop in rhode island, that is the best place in the world that manufacturing a very specific kind of titles to knowledge she, that's what we want you to be doing. we don't want you to have to stop everything and bring a best of class sabers curating the same way a racy honor but donald douglas ursa major contract or would admit they are just as much at risk. we all agree. let me thank all of you. i know you work hard in this area every day and you think in very dynamic ways about this problem. i look forward to working with all of you as we go forward. i will accept senator graham's invitation or suggestion that we

come up with something on visas perhaps in the framework of the immigration bill that is now pending. as i said to the first panel, we are re-engaging in trying to basically do fiber legislation 2.0 now that the executive order is in place and look forward to talking to all of you but the substance of the legislation and also have a new hope communicate with colleagues at the nature and importance of this problem. this has been hauled on a grateful to all of you. the hearing will stay open for a week if anybody wishes to add anything to the record of hearing. if i have not done it already, by consent i will add the piece that lindsey graham and i wrote into the record of the hearing and with that, we will stand adjourned. [inaudible conversations]

>> senator john mccain of arizona has introduced a bill that would require cable and satellite tv providers to pick and choose channels they pay for. he spoke about the measure thursday on the senate floor. >> not present at, today i am introducing the television

consumer freedom act of 2013, a legislation that has three principal objectives. one, encourage the wholesale and retail on handling of programming by distributors and programmers. in other words, allow the consumer, the television viewer that subscribes to cable to have all occurred capability. in other words, not required to buy a whole bunch of channels that that consumer may not wish to subscribe to. in other words, all occurred. you want to watch on television program, you can watch it. if you don't, you don't have to. the situation today obviously is far different from that. it would establish consequences of rochester's juicy downgrade over the air service and a

lemonade for sports blackout rule for events held in publicly financed stadiums. for 15 years that supported giving consumers the ability to buy cable channels individually, known as all occurred to provide consumers more control over viewing options in their home and they're not the cable bill. the video industry, cable companies and programmers to sell channels continue to give consumers to options when buying tv programming. first, purchase a package of channels for the watch them or not cannot purchase any cable programming at all. teachers is feared by one of the packages are not watch it at all. it's unfair and wrong, especially when you consider how the regulatory deck is stacked in favor of industry against the

american consumer. it's clear when one looks at how cable prices have gone up over the last 15 years which is brought to light by federal communications commission pricing survey. the fcc survey average month to praise an expanded basic service i surveyed are increased by .4% of the 12 months ending june we went coming for $54.46 compared to an increase of 1.6% in the consumer price index. in other words, the cost of cable went out four times the prices people pay for everything else. you can only do that when you have a monopoly. over the last 15 years, the cost has become more evident. according to the fcc, the price

of basic cable has gone not at an average general growth rate of 6.1% during the period of 1995 to 2011. this means the average annual cable price has gone up about $25 a month in 1995 to over $54 today. that is a 100% price increase. people are on fixed incomes. why in the world should they have 100% cost increase and the only way it can be done is through monopolies. those who provide video to consumers that cable and satellite companies are not solely to blame for the high prices consumers face today. many articles have been written about packages called bundles sold to satellite companies they programmers like comcast-nbc,

time warner, viacom and walt disney co. and 8080% of espn had the worldwide leader in sports thrives because of the advertising revenue at table to have large subscriber fees. according to a january 2012 "newsweek" article, espn charges $4.69 per household per month citing the research can't need. by comparison, the next network tnt costs $1.16. again, $4.69 for espn. the next expensive is $1.16 for tnt. whether the watch espn or not and i do all the time, all cable subscribers are forced to absorb this cost. not every american watches espn.

not every american should be forced to watch espn and pay $4.69 per household per month in order to have it carried into their homes when they don't view it. because these channels are bundled into packages, all consumers whether they watch sports are not a her pain anyway. cable and satellite carriers consider drop in espn must also contemplate losing other channels independently the disney channel. some describe this as a tax on every american household. others like the ceo of the american cable says the nation has set my next neighbor is 74, a widow. she says to me, why do i have to get all the sports programming? she has no idea in the course of the year they just espn and

espn2, she said to check the disney for about $70. should be because she knew ultimately there'll be a revolt of the cost of policymakers will get involved because cost of these things are so out of line with cost of living that someone is going to put up a stop sign. today we are putting up a stop sign and we will find out how powerful these companies are as opposed to collecting and injustice inflicted on the american people. this legislation would eliminate regulatory barriers by frame that will two programming distributors. that's the cable and satellite companies like cable, satellite and others offering services to offering a video programming service on an à la carte basis. if you want to keep rumbling, they, they can do that too.

they could make both offers to the american subscriber. in order to give companies an incentive to offer programming on an à la carte basis, legislation links availability of the copyright license to the voluntary offering. another race, these companies don't offer broadcast station and channel some of the broadcaster, the company cannot rely on the license to carry this nations. the compulsory license is a benefit conferred on corporations. the recipients of the benefit provide consumers with an à la carte option and i emphasize an option to address the notion à la carte options are denied distributors, the legislation conditions important regulatory benefits like network not duplication, syndicated

exclusivity and the program so i can vpd to sell channels on anàa la carte basis. it's time consumers got something in return other than a higher bill at the end of the month. furthermore because not all programmers on broadcast station, the bill contains a provision that would create a wholesale à la carte market by allowing programmers to bundled services in a package only if they also offer services to purchase on an individual channel basis. the cable operator decide to cover channels like mtv could only buy the channels it thinks consumers want to watch. finally, the bill provides if the parties cannot agree to terms of an agreement to final offer by each side must be disclosed to the fcc.

second section of the bill response to statements by broadcast executives that they may downgrade the content of over the air signals. pull them all together so the program this evening -- received by customers is preferable to that available over the air. our country is facing this doctrine crunch and broadcasters using the public airwaves in return for meaning obligations are going to deviate. it is maybe we should consider the most efficient use of our country spectrum. it would be a distortion of the basic social compact that over the air viewers were treated as second-class citizens. the bill provides a legislative race on the broadcaster's downgrade their signal or pull it together. the bill provides a broadcaster will visit spectrum allocation in the spectrum will be auctioned by the fcc if the

broadcaster does not provide the same content over the air as it provides. finally, our bill touches on blackout rules that limit the ability of subscribers to see sporting events when they take place in a local community but are not broadcast on a local station. the venues in which sporting events take place has been the beneficiary of taxpayer funding. it's unconscionable to deny those taxpayers who paid for it, the ability to watch the games on television when they would otherwise be available. therefore the bill proposes to reveal the sports blackout rules insofar as they apply to events taking place in publicly financed by ms. were involved in publicly financed local sports teams. in the end, this television consumer freedom act is giving more choices than watching

television. it's time to help shape the landscape to benefit television consumers. another broadcasters and cable companies are likely to suggest they should not micromanage unbundling can promote diverse offerings. what they fail to mention is the government has entered the marketplace and confers certain rights and privileges like a compulsory license network not duplication, syndicated exclusivity and retransmission can vent, which stack the deck in favor of everyone but the american consumer. i hope the introduction of the act furthers debate on issues like à la carte channel selection but i look forward to the channel's consideration of the bill. >> post-9/11, it a lot more people cared about national security issues than was the case before. so all of a sudden there is a

market for former cia votes, former intelligence to sensation he is a national security is. all those guys used to operating in the shadows saw a market for services as commentators, as book writers. so they arrested someone uncomfortable interaction between agencies and these former employees. at the time i thought waterboarding was something we needed to do. as time has passed in as september 11 has moved further and further back into history, i think i've changed my mind and waterboarding is something we should be in the business of doing. >> why do why do you see that now? >> we are americans and we are better than that. >> these are americans who by all accounts meant well, he

served his country well by most accounts for 15 years and some very dangerous situation. to risk his life taking on al qaeda and pakistan and terrorism before that. he's going off to prison for 30 months, leaving his young family behind. >> al capone and the gangsters in general whose main business was to supply a legal alcohol became coastal figures. very very violent of course. gangs organize with other games and other gangsters and blood ran the streets of chicago, detroit, new york, philadelphia,

pittsburgh, other major cities across the east and the west. in 1925 but only 26 years old, he had a big degenerated $60 million annually, which is equivalent to about 400 or $500 billion today. ..

the senate judiciary committee began consideration of more than 300 amendments to the gang of eight immigration bill. committee members varied widely on whether conference of immigration legislation is the way forward or if the