class? tripling their going down 10% and so they don't want to talk about this and that is what it planned to vote against the extension with the emergency unemployment insurance benefits. last voted for them to have a debate and some said that we should have a debate and a debate we are having. we are looking for a distraction and a diversion to steal attention away from their on the issues that matter most to the middle class. .. .

it's something to help people who are in desperate shape. so, mr. president, i repeat, they're looking for a distraction, a process argument to steal attention away from their unconscionable stand on the issues that matter most to the middle class. you have to give them credit, they're doing their best to divert attention away from this issue. this is opposition and it's cold-hearted, to extending unemployment benefits. it's a very tough position to defend, especially when republicans around america support what heller and reed from rhode island are trying to do. democrats support it, independents, but republicans in congress don't and they've said so. republicans complained that the majority never allows the minority to offer amendments is, mr. president, false. it's not true.

it's another diversion. during my tenure as majority leader, it's -- there have been volumes of stuff written about the obstruction we've had with my republican colleagues during the last five years with the obama administration. think of the obstruction that took place when barack obama decided to run for reelection. well, that was a little interesting because the republican leader said his number-one goal as a united states senator and leader of the republicans is to make sure he wasn't reelected. well, he fell real short on that because he was elected overwhelming. so during that period of time, obstruction, obstruction, obstruction, obstruction. and after he was reelected, it continued. during my tenure as majority leader, the senate has voted on minority amendments at a higher rate than it did during either

of my republican predecessors. the largest number of minority amendments probably in the history of the senate. but let's just talk about republican leader frist, republican leader trent lott, both friends of mine. i still am in touch with them all the time. they're people i will always admire and have great respect for. since i've been leader, 7-10 amendments on which the senate has voted have been, mr. president, republican amendments. under senator frist's leadersh leadership, certainly there weren't that many, i'll tell you that, that were offered by the minority. under senator lott's leadership only 54% of the amendments considered by the senate were offered by the minority. and during my leadership of the 111th congress, minority amendments represented a greater share of all amendment votes than during any single congress during either leader frist or leader lott's tenure.

facts. in fact, often the minority is prevented from offering amendments. why? their own senators won't allow amendments. how many times has the presiding officer and others come to this floor and wanted to offer an amendment? objection on the other side. because they want to offer an amendment that has nothing to do with anything that we're debating on the floor at a given time. last year, just a handful of republican senators held up any legislation. the best example was the legislation that we tried to do dealing with energy efficiency. energy efficiency. couldn't get it done because of republican obstruction. often a particular republican will prevent any senator from offering an amendment unless he gets a vote on what he wants voted on first, a little

unusual, so let's not revise history. let's talk about history as i know it and as the books report how we should know it, what the -- what the facts are in the "congressional record." we know how under my friend, the republican leader's, leadership there have been obstruction in the way of filibusters. you know, mr. president, filibusters isn't some right that was placed in the constitution. it's a privilege. it was granted under the senate rules, and that has been abused big time. their obstruction has continued to be unprecedented over the last five years. half of all filibusters waged in the history of the country -- that's 230-plus years -- half of

them have been waged against president obama's nominations. half of them. in five years compared to 230 years. last year republicans mounted the first-ever filibuster of a secretary of defense. now, by the way, a former republican senator. they even filibustered him. so i understand republicans don't want to talk about how we can create jobs, how we can boost the economy or any of the other issues that matter most to the middle class. and i understand the republicans are struggling to explain turning their backs on 1.3 million unemployed america americans. but i do wish they would stop trying to justify their opposition to helping americans in need with false claims and distortions of the truth. finally, as i leave the floor, mr. president, i prefer not to pay for these emergency -- this emergency situation where we have long-term unemployed.

this is an emergency and it should be considered accordingly and should not be paid for in the normal course around here. now, we believe in reducing the debt. in the senate chambers with me now is someone that i had the pleasure of appointing to the bowles-simpson commission, the senior senator from the state of illinois, assistant majority leader. he worked hard on that. but, mr. president, we haven't followed bowles-simpson as a bible but it's certainly been a guide that we have followed. and while we could have done better, we've done pretty good. we're approaching having reduced the debt by some $3 trillion right now as we speak. we could reduce it another trillion dollars if we could get comprehensive immigration reform done. now, the goal of bowles-simpson was $4 trillion. so when i say this is something that hasn't been paid for

ordinarily in the past, that's true. but that doesn't take away from the fact that we all are -- we're going to continue to work on this side of the aisle on reducing the debt. but i do hear that some of my republican colleagues want to pay for this. i disagree with them but that's what they want to do. so for -- so far, all we've heard from republicans pay-fors is this -- take a big whack out of obamacare. there are 9 million people, approaching 10 million now, who will benefit from obamacare. they want to damage every one of those 9 million-plus people. or they've got another one, go after children, children, with the child tax credit. ha-ha. those are their two pay-fors at this point. a little scary, i would think. so i'm waiting, we're waiting for republican suggestions how to pay for the full year

extension of unemployment insurance. let's hear from them. how do they want to pay for it? they say they want to pay for it.

house will be n order. will representative-elect byrne and the members of the alabama

delegation present themselves in the well of the house. and will all members please ise. the gentleman will raise his right hand. do you solemnly swear that will you support and defend the constitution of the united states against all enemies, foreign and domestic, that you will bear truth faith and allegiance to the same, that you take this obligation freely without any mental reservation or purpose and will you well and faithfully discharge the duties of the office on which you are about to enter, so help you god? mr. bryne: i do. the speaker: congratulations. you're now a member of the 13th congress.

without objection, the gentleman from alabama, mr. bachus, is recognized for one minute. mr. bachus: thank you, mr. speaker. we welcome bradley byrne as the newest member of the alabama delegation. we also welcome his wife, rebecca, who's in the balcony with his four children, and ck, and collin athleen and laura. bradley asked me, and i think all the members will identify with him, do you ever get over the thrill of walking in this

chamber? and the answer is no, you never do. let me say this, we like bradley. the delegation. i think you know how important that is. he has a wonderful wife. we're very excited about him being here. he brings a wealth of understanding. he comes from an area with natural resources, very important in armed services. he served as chancellor of our two-year college system. he can bring some insight to educational reform. he succeeds our -- one of our closest friends, all of us, on both sides, joe bonner, and although we miss joe, we welcome bradley. that makes up for some of the loss of joe. and i think you're going to get where you know and appreciate this gentleman that has joined us today.

t this time i yield. ms. sewell: mr. speaker, i rise today to welcome newly elected representative bradley byrne. to the 113th congress. as a lawyer, former alabama state senator, and as a former chancellor of alabama's two-year college system, bradley has a proven record as a principled servant leader. i know bradley as a man of strong character who has dedicated his public life strengthening the community and improving our state. i believe bradley will ably follow in the tradition of his predecessors in proudly representing alabama's first congressional district. i look forward to working with bradley, especially on our shared constituents in clark county. recently a local reporter asked the delegation to give bradley some advice. the best advice that i could give you as you embark upon this special journey is to always put your constituents first. the oath you took today is a

very sacred one. you join a body that has awesome responsibility and that responsibility is neither republican nor democrat. the issues that we talk about are for all americans. i look forward to working with you and i know that given your record of hard work and your willingness to work across the aisle, you that will be an amazing addition to the alabama elegation and i welcome you. >> thank you. mr. speaker, it is my great privilege to represent the good and hardworking people of southwest alabama. mr. bryne: to my family, my wife of 33 years, rebecca, my children, patrick, kathleen, laura and collin, i thank you for your love and your support. to the people of the first district of alabama, i promise day i will work hard every

to serve you and build upon the trust that you have placed in me to represent you in our nation's capitol. to the members of this house, i'm ready to roll up my shirt sleeves and work with you as a problemsolver, not a problem maker. as a workhorse, not a show horse. this is a great country, mr. speaker, but over the last several years we have failed to live up to that greatness. i come to this house ready to work together with each of you to find solutions that will make this country truly great again. i ask god's blessings and wisdom as i embark on this new endeavor in this house for the people of my district. thank you again, mr. speaker, for the opportunity to make these brief remarks. now it's time for me to get to work. yield back.

the speaker: the chair announces to the house that in light of the administration of the oath of office to the gentleman from alabama, the

briefing, it is available on our website. .o to www.c-span.org live at the brookings institution, a group of analysts a group ofas that journalists discusses cybersecurity -- a group of journalists discusses cybersecurity issues. you'll hear from two panels of theespondence, from guardian, wall street junior -- wall street journal, the new york times. it should get underway in just a moment. this is live coverage on c-span.

>> hello, everybody. brookings. at i work for a magazine called "foreign policy." i am really honored and i am really excited to celebrate the of a really interesting book, which i have right here in my hand, "cybersecurity and cyber war," which has already been endorsed by everyone from the former commander of nato to the head of google to the

homeland." "24 and we are going to talk today about some of the big issues in cybersecurity. what are the policy implications? what are the policy responses? what can we do with ordinary folks? i am sure you all know, is the director of the center for 21st century intelligence here at brookings. is now a visiting scholar at the cybersecurity policy research institute at george and was here at brookings for three years. just interesting to me -- to kick things off -- this book is coming out now. we have had a stream of cybersecurity stories,

mishaps, even sit in the last five years. -- events in the last five years. i'm curious as you guide -- curious as to why you guys decided that right now was a time to go back to basics and to lay out a primer for folks about what they need to know on the topic? >> i first want to thank you and thank you all for coming out. it is an exciting time for us. that actually links to your question did -- to your question. e-book is a journey. it is coming out now but it shows the journey of almost two years. and why wehind it think it is particularly relevant right now is -- i would argue there is no issue that has and lessre important understood than cybersecurity. , more say more important important in terms of its policy

workcations, whether you on classic military issues, national security issues, to legislative questions and the roleess side, to your own as a medicine -- as a citizen. the issues at play here are we as to the weighty future of politics and your kids on what they are doing on snapc hat. we can see a gap in lots of different ways. the former director of the cia he has neveras dealt with an issue where there was less knowledge from people around the table making decisions. 70% of business executives have made a cybersecurity decision for their company. thoughts of these percent -- not

70% of cto's. no major mba program teaches it as a regular management issues. the way we handle our self favorite terms of our story -- the most popular password is still "password." was that is what i use on my luggage. theset we -- to all different issues popping up, whether it is the an essay or the like, that the nsa or the is the nsa orr it the like, it goes back to basics. it gives you a primer for all the key questions from how does thism work to how can we do it? we are emphasizing what everyone needs to know. as long as we have the internet and we are using it we will have

issues of cybersecurity and cyber war. thet seems to me 2013 was year of the leak in terms of cybersecurity. i don't know if you heard but there was a contractor who got his hands on some documents. 2014 -- where do you see tony 14? see 2014?o you >> it is going to be like the past, but more so. one of the interesting things about 2013 was it was the first year that no major person in the policy world gave a speech that amounted to -- the problem with the internet is it was built without a security and line. -- a security in line. want to move from an area where cybersecurity is

something that is seen as unique wholeparate and cut out a new cloth into an issue that is integrated into everything. a manager cannot just say, i will call my cyber guy. one thing we expect to see is boards of directors are going to start demanding briefings. they are going to say -- how are recovered? -- how are we covered? we are going to see more , moving fromcks taking advantage of human error and finding new challenges. one of the largest questions that is always at the intersection of the technical and the economical and political. the responsibility of securing your cell phone? is the manufacturer of the phone, manufacturer of the operating system, or yourself on company? in 2014 those questions will

come to head and we -- or your cell phone company? in 2014 we will see those issues come to head. we will work towards a more coordinated approach. ofi am going to ask a couple more questions of these guys and then we will open it up to the audience. get your questions ready. both of us have worked around pentagon types for a while. it always seems like the answer to any cybersecurity question is more offense. if we are being hacked, the answer is to hack them back 100 times more. do you see that trend continuing in the government, that everything has to be about offense? trend, sodoes that far, make any sense?

>> it is a big question of consequence and we think about not just what we are spending on but the potential to spiral out in directions that we do not want it to or we lose control over. this notion of cyber offense is very appealing. --is appealing in terms of if someone attacks me i will attack them first. the best way to defend yourself is a good offense. we can see its implications and assumptions that we are being -- that we are starting to bake into our military doctrine. there is a pentagon statement "in cyberspace cyberspace --"--

in our next panel we are going to hear from experts on it. to do something like that is quite difficult. we have not seen senior pentagon officials describe it as -- they are a couple of teachers -- a couple of teenagers sipping red bull. and they can pull off a weapons of mass destruction style event. no they couldn't. to do some of the more effective stuff, it is not that easy. the defender has a series of steps they can take to make cyber offense difficult. it is not as easy offense. when you start to connect both technical side to the military site to the policy side to the history side, you see some lessons crossing back and forth.

every time in military history were someone has said the military offense will be dominant, history had a great way of teaching them that it played out the office -- layout the opposite. where doproblem is these assumptions sometimes take you? we have seen this in what we are spending on right now. it depends on which study. roughly 2.5 to four times as much on cyber offense research as they are on cyber defense research. if you go back and connect to security studies, it is a lot like thinking the best way to protect your glass house from a gang of roving teens is to buy a stone sharpening kit. that is the implication here. we need to come to balance on not only how we talk about how

we assess these threats, but also a balance in what we are spending on and how we approach it. >> just from a political perspective, one of the things that i think is a novel aspect from the international conflict prospective is we talk about attacking their systems and they talk about attacking our systems. they are the same systems. we are using the same platforms. often we are going to be faced exploitecision of do we the other guy or two we work towards defending ourselves? once you realize it is not just them,st them -- us versus you find many different ways and the many different them's. we are all better off if we move toward security. >> i think one of the reasons people are outraged is because they're not just undermining

access to e-mail accounts of terror suspects that they are undermining the fundamental security protocols that work for all of us. >> i think that is a key point. we don't want to overstate it. there is a headline in "the washington post" this weekend that's at the nsa is trying to -- this weekend that says the nsa is trying to break our phones. othert to make sure that national goals for diplomacy, for commerce, for trade are balanced in the government's process. that is why many people around the world said, what does this mean for us? that does not lead to a very stable world. >> i was doing some policy work

here. frankly it relied on trust in the government that i feel i cannot take anymore after the snowden leaks. maybe talk to me a little bit about how those leaks are affecting policy prescriptions across the board. challenge of what was disclosed is the massive but together a variety of things. leaks -- iabout the categorize them into three types of activity. smart, sensible espionage against american enemies. there was a series of activities that was disclosed that way. the second category i would put in terms of questionable -- legally questionable, politically questionable, a sickly efforts that involve u.s.

citizens -- a sickly efforts that involve u.s. citizens -- involvey efforts that u.s. citizens. to be blunt and direct, a third category we could call " "stupid," which is collecting close intelligence on american allies. we have these three categories out there so when people talk about this issue and how upset they are about what the government is doing or upset they are with snowden and should he get clemency or not, they usually focus in on one of those categories. in turn it is effective in the way we have talked about it. we have defended these programs to the public in what matters in the lyrical discourse is category two, the legal and questionable stuff in -- and the political discourse is category

two, the legal and questionable stuff. categoryrkel is an three. the real effect is not just in terms of how it has changed the political discourse here, but the long-term impact of it is probably going to be most felt -- one, american business will lose as much as $180 billion of revenue because of disclosures around these activities. goes into is -- it thee 2014 questions -- ongoing debate of the future itself and its governance. andalked about these issues looking at the itu. these questions are around internet freedom. frankly, the internet freedom agenda the state department has been pushing seems almost dead.

in the years ahead there will be some big decisions to be -- decisions to make. we may have lost certain key swing states that were with us previously. if we don't watch out in the year ahead, the internet that all of us have grown to know and love will not be the ones that our kids inherit. because of why? >> it is the idea that there is very different visions about the internet and how it should be governed, so to speak, and what should be the role of states layers ofti-actor responsibility. we have rightt up now has worked so well. we see this push by authoritarian states.

when you try to enter in an address that doesn't go where you want, that- could very much be the future. that is different than the nsa -- the monitoring side. is to different state problems. in the politics of it they got wrapped together. >> they have been tied together. so you have genuine concern about the process that peter -- which, that ad hoc to be fair, seems close to human interests. we set up this organization and it works well. if you look at the structure on paper from a political perspective you say, that's not fair. let's move away from a representative style. the problem is while that may sound good from an organizational perspective, the consensus seems to be that it will really empower two types of

countries, those that want to throw up barriers around their own national network for national security regions and countries that want to throw barriers around for economic reasons. they longed to go back to the local telecom monopoly style. this discussion has been pushed since last december. it came to head at a conference in dubai. ,nited states and its allies including brazil, held off on this. we lost the vote but maintained enough to keep the status quo working. beennk if that vote had taken shortly after the snowden leaks, i don't know how many european allies would have voted with america. ,e risk a vulcanized internet were each country sets of its own policy level and says we want to make sure our technology

is in the network. we are going to have national level policies about what kind of crypto algorithm you can use the at everyone making this technology needs to make a separate chip for each country. that is really going to hurt the pace of innovation and change how this whole cyberspace evolves. out --e are two things on the domestic side we see the classic security questions. this has done to the politics of cybersecurity on capitol hill. we have not had major cybersecurity legislation passed since 2002. that was five years before anyone heard of the iphone. because of this and a number that and a number of other factors -- because of this and a number of other factors it will be a number of years before we see this come to fruition. it is trust in the computer labs , which -- ivalley

met with a senior leader of a silicon valley company who described it as an arms race with their own government, with the u.s. government. in the book we talk about the importance of finding the i.t. folks and how we deal with this capital problem in cybersecurity. our government agencies now have a major issue at the same time where we need to do a better job of recruiting cyber talent. by one measure we are only getting around 10% of the cybersecurity we need. >> i would like to take some questions from the audience. please raise them in the form of a question, not a rant, statement, or diet try. have a? at the end or have your voice turn up at least.

question mark at the end or have your voice turn up at least. this iss been said that as much of a threat as an attack -- in the administration does this issue about governance reside? many people believe that the model is too u.s. centric. where in the administration does this reside? ,> like a lot of cyber issues it covers a lot of ground. the question of internet governance covers everything donor naminget new names for top-level tone name names -- new domain names for top-level domain names.

that is a trademark issue. it is versus the very real question of how to be secure the domain name system? how do we allocate the remaining ip addresses? those cover very different issues and this has been in the department of commerce traditionally, who has the contract to negotiate the head of the internet in the domain name system. we talked about this in the book. there is a nice graphic to help you understand it. what the past administrations have been successful in doing is working to make sure that this is not a purely american question. at the same time, the organizational questions of who is going to be in charge globally is a question of international diplomacy, with people lobbying on either side. >> part of the challenge when it comes to the policy is to

keywords, ignorance and in balance. balance -- and imbalance. can make theo policy decisions are not equipped to deal with these issues. we have all the wonderful and great anecdotes on this in the it is a senior diplomat about to go to negotiate with the chinese on internet issues, who asked us what and i at -- what an isp was . this but my mocking mom does not know what an isp is and does know what and i cpm is. icpm is. former deputy of homeland

security had talked about how she had not used social media for over a decade. you have that level of ignorance. it is just there. the imbalance site is also there. this may be as big a policy issue as there is. aboutat is not talked when it comes to the notion of cyber attacks as opposed to a structural problem. i would argue the massive campaign that is going on in the u.s. right now may be as much as $1 trillion worth of value lost. that matters far more than the narrative that is out there. a half-million times we talked about cyber 9/11 or cyber pearl the 30,000 magazines talking about cyber terrorism, despite the fact that no one has been hurt or killed by cyber terrorism. week a lot like "shark

turcotte we access about sharks even though we are 15,000 more times -- "shark week." we fantasize about sharks even though we are 15,000 times more likely to be hurt by the toilets. squirrels have taken down the power grid more times. whether it is our spending when it comes to budget to the decision-making questions -- in the white house you have 12 people on the national security staff working cybersecurity questions. you have one on the economic side, who also has responsibility for things like copyrights. we very much need an approach that is both informed and balanced. >> next question, over here.

>> thank you. , a strategicdowney consultant. you mentioned a little bit about corporations and how they protect -- how well they are or are not protected. intuitively you would just assume that large corporations or banks have lots of resources and would do what is required to protect themselves against these kinds of threats. is a cybersecurity maturation model that measures how prepared organizations and even countries are against these kinds of threats. zero isfe axis, defenseless and the curve goes -- an-- and ask why axis axis, euros defenseless and the curve goes of to resilient. -- goes up to resilient.

>> there are a number of approaches like that. i think it helps us understand the issue a little bit. probably the leaders in developing the senses and working together how the risks are connected in the financial sector, why? the financial sector vases very real threats from criminals. why do you go after banks? that is where the money is. the financial sector has learned to work together am a developed good defenses, and also understand it from a risk perspective. they don't have to stop every single attack. i have some models to understand the relationship between how much to invest and what they're given. companies in the broader economy do not have that. they do not have that for a number of reasons.

one, we do not have a good way of understanding what our loss is.ood -- loss often when we talk about the theft of competitive data we think about the special sauce. in 2010,-cola was hit an attack that was later to be did to a group associated with the chinese government, did the bad guys go after the secret formula for coca-cola? no. no one really cares about that. than 10do know is less days after the attack happened, the chinese government rejected coca-cola's bid to buy the largest soft drink bottler in china. that everyone in wall street thought would go through. we have to think about what is at risk from a very broad perspective. the challenge is actually understanding what is at risk and how to defend ourselves. that is a really big job.

it involves having a holistic view of what is at stake in an organization. that has to come from the board, top-down. it also has to come from thinking about the risks we face . the managers will say we have immediate losses we can tie to failure to act. from the markets, it may have to come from a more interventionist government approach. >> one of the main lessons of the book is that -- as opposed to how this is often framed and ,alked about, this problem area whether you are talking about it at the national level all the way down to you as an individual, it is not about the software. it is not about the hardware. it is about the people. it is about the incentive that drives them, the organizations they are in, the level of awareness. it is all about people at the

end of the day. , in your question you used an important word, which is "resilience." one of the ideas we want to push is the idea of a resilience model. someone has the secret sauce solution for all your problems or i can hack back and i will -- no,ll the problems all we need to do is build up and a vaginal -- and i that defense.an imaginable it is the idea that bad things are going to happen. it is how you bounce back from them. your body doesn't have an defense.\ayer of

important, itas recovers. think about the psychology side. resilience, you can't go through life thinking things are going to happen. a resilient mentality and relationship is something that can deal with the bad things and recover. to go back to what we were talking about before, part of the problem of how and why we talked about this cybersecurity issue is -- we joke we turn the .olume up to 11 get scared. i have all the solutions for you. -- iower grid scenario guarantee you someone will lose power in the washington dc area within the next 48 hours. "cyber" inhe word front of it, we would suddenly have congressional panels asking who's is to blame and what is wrong. -- who is to blame and what is wrong.

resilience, again, whether you are talking about the nation down to you as an individual and how do you protect your cherished memories and files? you ought to be thinking about that for yourself. >> let's go here. >> thanks a lot gentlemen. i'm an attorney here in town. i focus on national security and human terry and law. -- and humanitarian law. i think the and this is a pretty easy whipping boy. there are problems with corporations not taking their own initiative. when the opportunities for leadership and policy move things forward in the absence of legislation, president obama signed the work -- signed the order on cybersecurity -- i am wondering what you three think or hear about its prospects of enhancing the resilience of security posture of the u.s.

nation. does the executive order move us closer and in the direction of where we need to go in the absence of legislation? the core -- for those of you who do not know, the core of the executive order is to develop a voluntary framework to implement existing standards for more security. this applies to all could go infrastructure, which is a legally defined but we think of it as the basic essentials -- light, air, water, things like that. the challenge of this framing -- we can think of the government as being good at some things like hitting people with a stick to do things. and they are bad at other things, like developing technical standards. one way to look at the executive order is we sort of flipped

that. the government is collecting all the technical standards. that is why able are skeptical. i think there is some reason to be optimistic for a number of reasons. this exceeded to get the right people in the room to pay attention paid representatives from all the major industries have stood up. they are watching what is going on. they are tying to figure out how we get ahead of this. this is theere is last opportunity that industry has to fix the problem themselves. if we think about the executive ," and i haveit now a stick of regulation behind my is one area to identify where areas are not working. tide need to have a rising preach we need to find the tools to get various players to work together. -- rising tide. we need to find the tools to get

various players to work together. that sounds fluffy. that is where we want to be. cybersecurity should not be this sexy new thing. work ofd be the boring lawyers talking to other lawyers , economists talking to economists, and having everyone talk to each other. a lots of conversations -- lots of conversation so we can work together. >> let's go to another -- jim? >> jim hansen and -- jim hansen. security is focused on the permit her. you big -- you build bigger walls, make sure nobody can

sneak in. between him and snowden we did not make a whole lot of progress. backed a panel up to a data center and took off with all the servers -- backed up a van to the data center and took off with all the servers. at where theyg are stealing the data itself? >> you hit it exactly right. we are making a military parallel. walls never work. the past question of infrastructure, sometimes they will say they don't need a an air gap.ust need i like an air gaps to those that teachers would put

between catholic school dances. they just do not work in the end. the iranians had a wonderful air , keeping bad malware out of their nuclear research. it did not work. also following basic measures in terms of not only trying to keep dad out but monitoring what is happening on your own network, including by your own people. snowden -- those organizations are as sophisticated and well-funded as they were -- the u.s. military they were not following basic procedures that a cupcake store should have. to basic cyber most important

penetration of a u.s. military network happened because a stick inound a memory a parking lot and thought it was a good idea to plug it into their computer. that is not cyber hygiene, that is basic hygiene. that is the five second rule. it carries across this. we were laughing that there is the same story of a major technology company who was hit when a guy picked up a cd that he found in the men's room. would you pick up anything you found in the men's room? he took it home. he did it with a cd. all of us go to conferences where you are given these memory sticks as favors. hygiene.c it goes that this notion of the standards. one study found they would stop 94% of all tax.

94%. what about the other six percent? it may come from someone sophisticated. i would hate to tell you, but all of you are not being targeted by that six percent. even if you are someone with a sophisticated operation, go talk to your i.t. folks. if you do not have to spend 94% of your time running down the low level stuff, you can focus on the advanced stuff. the advanced stuff often gets into these low level things. my favorite recent story of this was a diplomat at the g 20 fished.ce who got spear they received e-mails that led them to click on a link where they thought they were of theding nude photos french first lady and they were downloading spyware instead.

better and then get to some of the more sophisticated technological responses. does anyone else have a question about picking things up in the bathroom -- >> does anyone else have a question about picking things up in the bathroom? we have to stop talking in cold war frameworks, which is the main way this is talked about in this town. it is just like a wmd, which has been said about everything from national security to these data centers. if we are going to use these comparisons, the period of the one war is not the only to draw upon. we are in the early stages of the cold war where he did not understand the technology but we took characters like dr. strangelove seriously. >> i am a student across the

street. bit,u zoom out a little people talk a lot about the u.s., russia, china. people don't talk often about countries like israel and the eu in a tear down -- in a tier down. report saysernment very sensitive information was protected by passwords like "123 systems.ry weak what do you think of the place of those countries, the lowest tier, on cyber security in the future? luxe there are a number of different issues. for example, -- >> there are a number of different issues. for example, the number one

trader of malicious information on the internet is indonesia. it did they it to be this -- is a separate discussion, which is also interesting. this is a real issue for every country. there are some benefits to being small. you actually can have a trusted group of people. i know we have chatted here at brookings with some governments who have been the victims of aber attacks and they set up volunteer army to react in the case of crisis. that works at a small country. there also is a very real danger of cybersecurity ghettos, where more and more countries build a basic defenses and you will have more of those seeking to exploit infrastructures and have a much

higher bar to make themselves more secure. not having toe of outrun the bear, just outrun you, we have a lot of people who are slower. korea has said of cybersecurity capacity building should be a priority for the world bank. they are trying to figure out how they can build that international cooperation to raise everyone up to at least above a minimum level. space where you have sony different types of players. we fell into that old political science flaw of just talking about the states. yet this is a domain where everything from states large and small to nonstate actors that range from targeting google to

anonymous to you and i all matter. we all have levels of power. we all matter in this. we are talking about problems and solutions. we have to move out of that classic framework. back to the policy from-- we can draw lessons other actors out there. there is an active debate in the u.s. military right now about what is the role of the national guard and reserve when it comes to cyber. we are approaching it in a very classic model versus a estonia's model. it may be far more effective. if we are talking about the makeup of the internet itself fundamentally shifting to the antidote -- to the anecdote where we illustrated the internet is changing -- "cute

cat videos" are losing out to cute panda and cute goat videos. it shows the power of chinese and african uses of the internet. security threats and concerns are growing with the number of videos that are out there. >> i am unaffiliated but i do have an atm card. how hard or easy is it to to forge a cyber attack? >> from whom? fool your trying to basic cis abdomen -- basic

sysadmin, very forward. you also have to have perfect operational security. you have to remember that among the defenses that countries have is not just to let me look in this package and see the technical frame. -- andve been dropped ease dropping on satellite and telephone calls. then you have to narrow it down eavesdroppingeen on satellite and telephone calls. then you have to narrow it down. it depends on what kind of attack you're worried about and what kind of resources you have to if you're trying to fool your local police department about who is spending all the money in -- who is sending all the money in a bank account to a foreign country, very simple. if you're trying to fool them in into a false flag operation, you need to do it a lot more

carefully. >> you made a joke at the start about your atm card. it is a great illustration of the earlier points. your atm card is a multifactor approach to security. it is something you have but then they also ask you for something you know, your password. things. points to two first it points to why does the bank have that structure as opposed to the way we approach security in other sectors and it goes back to what alan was saying, the differences of --entives in the industry oh, by the way, there is a legal framework that drives that price for them. they put in those kinds of security requirements that you think are quite simple and easy versus a power company that does not have these kinds of approaches.

80% of small-- power companies that are under regulation right now. it points to the value of the incentive but also how personally we should all be thinking about our own security. you have that multi factor for your atm, do you have it for your gmail? if you don't, you should. (wee have about 10 minute s are going to roll into the next panel with the talk to reporters -- 10 minutes left. we are going to roll into the next panel with top reporters. >> i am with the dutch embassy. we have ay much that colonization of the human factor. is gettingomain extended not only to our digital age but our human nature. i want to talk about the last where a roll of the

government could exist. i want to give you three examples and ask your opinion. the first one are the black -- one of the internet of the main successes is the use of zero day exports. another example is the industry leading processes in chip manufacturing -- the underlying doesption is cryptography not lie only in software but also on hardware. and it can have an origin in our industry, hence our government has a role in that. the last example is about the have seen the professor

.o a lot of research on isp these are responsible for a spyware version that lands on our blackberries. how you think about these -- what you think about these three examples with respect to the government's role. them i will jump on them real rapidly. first, on the black market, it is a very good illustration of the lessons to be learned from both contemporary security history, notl as just within the cyber domain. thinking about current counterterrorism policy, playing like a mall is a loser's game for since going after the underlying structures. book,hing in the understanding the parallels to seacy and privateers at

back in the 1600s and 1800s. actorsgreat pirate versus privateers, state groups that give you deniability. it is like the example between classic cyber crime versus some of these more state linked efforts and patriotic cappers. by going after the markets and going after the structures, that is how you dealt with it, rather than try to chase every individual one. this leads to the isp question. ofis a perfect illustration by how going at the structures -- perfect illustration of by going after the structures, you have a cooperation that you don't think is possible. the u.s. navy and the british fight each other in the 1800s. they had fought two wars against each other. they also cooperated in antipiracy campaigns.

much like the u.s. and china, there is a lot of issue for conflict. there are also areas we can work together. part of this is also facing the fact that we americans, we have some issues. one study showed 20 out of the top 50 cyber crimes viewing eyes peas are american -- cyber crime spewing isps are american. i would point to in a military example -- to a military example. it was revealed df-35 program effort--- revealed the 35 program allowed certain chips in -- we would be dropping certain waivers around them. >> i think these examples really cap sure how you understand -- you cannot address this issue without understanding the

technical, economic, and political side. different countries have looked into the options. should the isp tell me whether my computer is part of an international plot? the challenge there is on the we don't know much about what's the likelihood of detection is and how we will respond. if you are going to be reinfected immediately, it is a waste of money and effort it on the black market side, i think this is -- and effort. on the black market side of your doing greate we are work with gsw. -- discoverr mall vulnerability in a major piece of software, what is the likelihood you, as an adversary, will find that vulnerability vulnerability?

we need to understand the technical details, how code is secured over time as well as the market side. >> we have time for one last question. >> i am an attorney in town. my question is about resources. i am thinking of the post-9/11 era where there was a lot of talk of soft targets. how do we stop people from going into movie theaters or shopping malls and stop them from blowing themselves up? there is not much we can do to harden those targets. have been fortunate that we have not seen many attacks. seems to me, if this is a good analogy, there's a lot of

opportunity for those soft targets. they can get my credit card information from target or a cupcake store. we have all the resources we need? -- do we have the resources we need? >> i will give an example of the military implication of this. what is fascinating about this is how we have approached , which hasthin dod heartened -- which has hardened the dod. we try to incentivize one part of the defense economy, the major contractors, to get much better at their security. they have seen these kinds of

threats to their intellectual property happening. they are not facing the fact that there is this wider set of targets out there that are quite soft because the incentives are not right, the awareness is not there because just as much implication -- to give an , how our entire logistics systems is dependent on these companies. let'sve a perfectly -- imagine you have a perfectly hard and safe and secure u.s. military network. what happens when someone enters into the logistics company and changes the barcode numbers for the shipment of gasoline to that uniter? you have that gets a delivery from the supply train and it is toilet paper, not gasoline or ammunition. thinking about the defense industry, the big times have paid attention to getting themselves secure. did agree the small copies are

not well protected. that is where we are going in. small copiesthe are not well protected. that is where we are going in. we need to raise the level of resilience and awareness. >> very quickly, on the private sector side >> it comes down to two things we are still trying to understand but are working towards. returnhow we think about in investment, how we create investments, saying if you make yourself more secure, it will be in your interest. to communicate that. the second thing is scale. defense comes down to making it cheaper to defend van to attack here that means we need to raise the costs of the attacker and that is a technical question, but also in organizational question, an economic question, and it fundamentally is a question of politics and

governance. .> we have got time i want you to join me and give me a round of applause. [applause] aty will be signing books our next panel. i would now like to ask a second group of panelists to come up to the podium and we ask you all to sithe house will be

n order. will representative-elect byrne and the members of the alabama delegation present themselves in the well of the house. and will all members please ise.

the gentleman will raise his right hand. do you solemnly swear that will you support and defend the constitution of the united states against all enemies, foreign and domestic, that you will bear truth faith and allegiance to the same, that you take this obligation freely without any mental reservation or purpose and will you well and faithfully discharge the duties of the office on which you are about to enter, so help you god? mr. bryne: i do. the speaker: congratulations. you're now a member of the 13th congress. without objection, the gentleman from alabama, mr. bachus, is recognized for one minute.

mr. bachus: thank you, mr. speaker. we welcome bradley byrne as the newest member of the alabama delegation. we also welcome his wife, rebecca, who's in the balcony with his four children, and ck, and collin athleen and laura. bradley asked me, and i think all the members will identify with him, do you ever get over the thrill of walking in this chamber? and the answer is no, you never do. let me say this, we like bradley. the delegation.

i think you know how important that is. he has a wonderful wife. we're very excited about him being here. he brings a wealth of understanding. he comes from an area with natural resources, very important in armed services. he served as chancellor of our two-year college system. he can bring some insight to educational reform. he succeeds our -- one of our closest friends, all of us, on both sides, joe bonner, and although we miss joe, we welcome bradley. that makes up for some of the loss of joe. and i think you're going to get where you know and appreciate this gentleman that has joined us today. t this time i yield. ms. sewell: mr. speaker, i rise

today to welcome newly elected representative bradley byrne. to the 113th congress. as a lawyer, former alabama state senator, and as a former chancellor of alabama's two-year college system, bradley has a proven record as a principled servant leader. i know bradley as a man of strong character who has dedicated his public life strengthening the community and improving our state. i believe bradley will ably follow in the tradition of his predecessors in proudly representing alabama's first congressional district. i look forward to working with bradley, especially on our shared constituents in clark county. recently a local reporter asked the delegation to give bradley some advice. the best advice that i could give you as you embark upon this special journey is to always put your constituents first. the oath you took today is a very sacred one. you join a body that has awesome responsibility and that responsibility is neither republican nor democrat.

the issues that we talk about are for all americans. i look forward to working with you and i know that given your record of hard work and your willingness to work across the aisle, you that will be an amazing addition to the alabama elegation and i welcome you. >> thank you. mr. speaker, it is my great privilege to represent the good and hardworking people of southwest alabama. mr. bryne: to my family, my wife of 33 years, rebecca, my children, patrick, kathleen, laura and collin, i thank you for your love and your support. to the people of the first district of alabama, i promise day i will work hard every to serve you and build upon the trust that you have placed in me to represent you in our

nation's capitol. to the members of this house, i'm ready to roll up my shirt sleeves and work with you as a problemsolver, not a problem maker. as a workhorse, not a show horse. this is a great country, mr. speaker, but over the last several years we have failed to live up to that greatness. i come to this house ready to work together with each of you to find solutions that will make this country truly great again. i ask god's blessings and wisdom as i embark on this new endeavor in this house for the people of my district. thank you again, mr. speaker, for the opportunity to make these brief remarks. now it's time for me to get to work. i yield back.