status, the house has passed a bill which was are difficult for the house to pass a bill. we have passed a bill on certain fisa reforms that went out of our committee i think 11-4. the president has a distinct view on this, and that is that he supports the house passed bill, and senator leahy, the chairman of the judiciary committee, is putting together a fisa bill that would essentially echo the house bill with a few changes in it. one having to do with the public advocate/amicus, and also with a couple of other things. here is the big problem, and the problem is how do we get something done there ask the

vice chairman has said quite correctly, well, this doesn't we need to come up until next year, but that's a long time to wait. my concern is that we do need to do something there. i don't think it's necessary to put the fisa bill first. our bill is ready to go. it could pass the senate. i think at the very least they would show that we can pass something. we can get it conferenced. we can get it back before the senate for a final vote and we can get to the president. so we can do this with not a great deal of debate, probably with a joint rule between the two sides that there be a couple of hours for debate and a limited number of amendments, and then get it passed and then conferenced it. so we could get something done. and i very much hope that that will happen. >> we hope so, too. we have time for one more

question if there's anyone else out there. there's one here in the middle. >> my name is jason from senator mark kirk's office. i wanted to ask senator chambliss, who will hold the banner for information sharing the next congress for republicans? who has that institutional knowledge of working with the chamber but also -- [inaudible] >> the mos >> the most senior person in line to me is senator burr. i'm sure he will be the next republican to either be chairman or vice chairman. behind him is senator risch, and we have senator coats and rubio, senator collins but we are losing senator coburn so there's a lot of republican experience that will be coming back, and

i'm confident that whoever it is is going to work diligently with dianne to move something. but as we both alluded to earlier, we've got lots of new members on the intel committee in the coming back and trying, coming in, and trying to educate those folks about the issue itself, plus there are a lot of members that simply look to dianne, to me, and other senior members of the committee to basically have some security, and from the standpoint of knowing a complex issue, having worked on a complex issue, they're willing to go with us. we've got a lot of folks are going to be coming in that are not going to be in that position. so that's why i think, and, obviously, dianne agrees with me, that it's going to be a long time if we don't get it done by the end of this year.

hope that answers your question. >> i think that's one of the things that we want to work with you on, that educating of new members, and what happy to continue to do that. i want to thank you both for coming here today. thank you for all the work you've done on this bill. it's a terrific bill. again we've enjoyed working with you and your staff, both of you. take you very much. the chamber will continue to push for this bill. >> good, thanks. >> thank you, ann. [applause] >> [inaudible conversations] >> if i could call the next panel up, we will finish the. chris furlow will moderate for us.

[inaudible conversations] [inaudible conversations] >> we are missing a couple of panelists. i think they're getting dessert.

[inaudible conversations] [inaudible conversations]

>> still waiting on our final panelists. [inaudible conversations] >> okay. i can welcome back. this is our final panel of the day for the chamber cybersecurity summit. again, this is our third annual one. thank you all for coming in sticking with us. this is a great panel. we wanted to get across sector discussion going. as many of you know that follow the cyber framework closely, there is a workshop, i should more than workshop. it's a big conference intent without a lot of folks are flying down for this afternoon. so thank you all for sticking to that have been on this bill. i really appreciate expertise and support. i want to introduce chris furlow. chris is the president of ridge

global. both he and governor ridge have been terrific friends and partners as i mentioned earlier. tom ridge, first sector of how muncie could department, also governor. is the current chairman of the chamber's national security task force. chris will moderate our next panel on the sector cooperation independence is in challenges. thanks, chris. >> ann, thank you. some congratulations need to go to ann and the chamber team today. if you think about it it's pretty remarkable to have the nation's almost an entire cyber leadership here in the room today, that we have the opportunity to engage with. so it's been a great day, so things are much. i'm not sure it's great to be the last panel today after lunch and when folks are ready to go home, but we hope to make it interesting for you because we have talked about a lot of macro level issues throughout the morning and afternoon. we really hope to get a little more granular in terms of how

the fairest sectors are dealing with cybersecurity challenges, cyber resiliency. at a much more granular level. today we're very fortunate that we have a group of folks who are from what many people would call the most critical of the critical infrastructure sector. those sectors which track most of the concern when you look at whether it be from our law enforcement committee come the intelligence community, and certainly from i.t. professionals. now is becoming a lot more of an issue across the business community. folks, they get the threat. they understand. now we need to talk about very much as john carlin said, as admiral rogers said, had we figure out how to do something about these challenges. and today we hope to get into a discussion about what is being done already today and where we can go into the future. joining the on today's panel, we have bill erny, that johnson,

chris boyer, and dennis gilbert. and what i would like to do the kind of start off the discussion today is at hud just briefly explain kind of your roles and responsibility. i think it will help us set the stage in terms of the types of issues are working and help guide our conversation as we kick things off. bill, toss it to you. >> i'm bill army, with the american chemistry council in washington. i'm a senior director within a regulatory affairs department. in my primary role with acc is to advocate on behalf of the industry. cybersecurity is one of issues undermine advocacy portfolio. but i also play into the role within acc where i look across the organization and i'm sure that we've got coordinated efforts within acc and to make

sure that we are responded to our members need. so in that regard my interface with a lot of different elements within acc including -- some of you may be for me with that. that is our group of cio members that engage directly on cybersecurity issues. >> i met doug johnson with american bankers assocation, and the senior vice president of payments and cybersecurity policy. so i run all the various committees that are within 88 better across the platforms either from a cybersecurity business resiliency, even visible security standpoint. and also in charge of the right sort relationships and legislative relationships across those platforms as well. i'm also serve as vice chairman of the financial services sector coordinating council, and on the board of our -- so obviously

there's a lot of interaction with all the other trade associations within the financial sector and industry capacities and, of course, we are very much tried all of our membership to be part of the information sharing apparatus that we have. >> my name is chris boyer, i'm with at&t. my roll is largely to serve as an interface between our chiefs agree office and/or network operation team, public policy issues in washington. i serve as a representative for the company before congress, before the white house, for a variety of agency to a big chunk of what i've done is spend time working on the nist apparatus secreted from a. i was involved in development of remote and also serve a variety of capacities at the fcc, reliability and interoperability council to work a variety of cyber issues. i also serve on the disc of

serve on the disk or internet secure and privacy advisory board. i spent a lot of my time doing a lot of there is accused of cyber statistical issues throughout. >> good afternoon. i'm dennis gilbert, director of information and cybersecurity at exelon corporation. for those who are not me with excellent when the largest energy and utility companies in the united states. i before drucker to our chiefs secured officer who is responsible for both physical security and cybersecurity within 25,000 employee corporations. within that realm i'm responsible for both information technology and violent as well as the operational technology aspects of the cyber assets. we have within our team a complete cybersecurity operations center that includes monitoring intel, digital forensics and incident response team. we also have architecture in getting, secured ingenuity and and a management team. so we really are, have a complete suite of ms

capabilities in addition to some the things the contract for. >> thanks very much. again, the title of this panel discussion is strengthening cybersecurity together, sector cooperation from interdependencies, and challenges. i think it may be very wise to start the discussion first on the interdependency. what are the things that often creates some channels, challenges so we can then move on to discuss how we are arriving at solutions today. dennis, i think i will start with you. from the electric sector standpoint, because the greeted in particular is where there is much concern, so many of the other sectors completely reliant upon the greatest factor. do you think, particularly given what we've seen on the hill where we can't get the bill is in the a lot of the public officials we heard from today said let's get a bill through, we just heard senator feinstein,

senator chambliss, the intel committee chair and vice chair say we need to get a bill. you think that there is in the oven understanding among our policy leadership in terms of the interdependencies that exist, particularly as a look at things like the internet of things? everything that has betrayed and why your sector. it's all plugged in in one way or another. >> i have to admit i think it's sometimes people take for granted when the plug-in or turn on the heat or anything else that the power is there. it's ubiquitous and they don't understand the level of effect sometimes. [inaudible] i think that's what the key challenges. it's a challenge within our sector because we have a complete suite of challenges we have to face. it's not just our operational assets, but its entire suite within the i.t. network of come with a look at the threat actor

and what their motivations are, whawhether it's in getting intor building systems for financial gain or whether it's trying to steal our intellectual property to improve their capabilities overseas, to our personal information. in that regard we have interdependencies with other sector, critical infrastructure, sharing. from assuring prospective, i've been with excellent for about four months after spending about 30 is in the department of defense. is at one level we get a lot of information. we get from the fbi, we get from a variety of sources. we still are looking for what admiral rogers said, from all the information that comes in. but i think it to others that we need to contingency focus on is timeliness and if i had my wish list other it would be one definitive single source that would bring that information

and. a lot of times we did it in and it will trickle down -- and we have to reconcile that with the differences at the same time that means that one or two analysts looking at the information coming in versus looking honor networks to make sure with everything patched, covered, and that there isn't a threat on the networks. >> chris boyer, we as a nation have gotten pretty good at responding to natural disasters, having the ability to be resilient within -- [inaudible] putting towers back up as a case may be. are we prepared for a potential cyber attack where it may be a long time before the power grid, for example, goes back up to enable -- [inaudible]

>> we have our response plan as part of our standard course of business. you can never say there -- we've acknowledged there is potential for cyberattack immediate plans in place to deal with that as they might. i think it's pretty common knowledge that there independent sector to sector, between financial services, energy, i.t. we did talk about that quite a bit of the council such mutation counts level of discussion about interdependency. we resort have had a series of meetings with the energy sector in fact a couple weeks ago i actually spoke at the energy sector court in counseling and we've done some work through d.o.e. another suit to sectors can work together to be better prepared. there still are issues when there's a physical type, keeping things up and running and how

can we better work together to deal with those. i think those conversations are happening. we have had meetings but i think it's pretty well understood within the answer it's something that needs to be dealt with. that a lot of active conversation happening on the energy side to deal with those issues. >> there's been a lot of focus on financial services sector as of late due to some high profile breaches, et cetera. but taking a quick step back come when the financial services sector, whether the banking institution, what have you, this is not just about an atm machine not working. did you talk about some of the interdependencies that if when an attacker bent on a financial services entity, what that means for other sectors? >> well, it means something to every citizen. essentially. because we are essentially the keeper of those accounts, and i think that's one of the reasons why a concert with other sectors that we take cybersecurity so

seriously. unfortunately, or fortunately, we've been tested quite a bit over the course of the last few years and i think one of the things that that has demonstrated is that the information sharing environment that we have is pretty darn effective. i think he saw a lot of different media reports, for instance, about the most recent breach of jpmorgan chase. one of the reasons why essentially that went no further and immediate action had to retract statements saying it did go further and did create essentially breaches of the visitations is because the bank that was actually breached was very good at a measly sharing the vectors of sosa with a bridge to other institutions. and i think that's what so vitally important is that every sector has that kind of apparatus. i think that's what we're going to see more going forward is more maturity within other sectors that are also experiencing impacts.

because regardless of what the breach occurred it's going to impact financial services. it's going to impact financial services to the extent of availability. it's good impact financial services to the extent that there's, for instance, of retail breach which specific impacts the financial services customer account. and so i think again that's going back to my initial statement, that's what we recognize is first and foremost is really having that environment protected. i have to laugh having chemical council nixes. interdependencies between the three of us but where is there in interdependency with chemistry? well, i'll talk to during the east coast power outage, before the east coast power outage we were very fixated on talent and patience redundancy. but then we found out if you don't have electricity, there's not much you can we do about redundancy. but then what we found out

during the blackout if you don't have h2o, your servers will fry. and so it doesn't matter whether not you have generators. there are interdependencies you never think about, and i think testing is where you able to really accomplished really some great learning. that's one thing i think you will see in the course of the next year is some similar effective testing across sectors as opposed to the way we tend to do in silos where in electrical financial services or telecom will essentially be testing within their own environment. that needs to be across sectors really to be effective. >> and just from the conversation thus far we have seen the cascading effects, and the interdependencies that we are exposed to. let's talk, bill, about your sector in particular. let's talk about your supply chain. just the folks within your supply chain on him you are dependent and how that plays out into a broader discussion.

>> yeah, no, absolutely. the chemical supply chain we consider that to be all sort of an integral part of what we did in the business of chemistry. so for instance, within the acc we have partnership groups that address issues like transportation of chemicals, warehousing and storage and distribution. it's funny, when i talk to people about the chemical sector, and i don't explain exactly can one ever really talking about here, right? i think different people have different ideas. but i guess the point to take hold views that we are unique in a lot of ways because of diversity of our sector. the chemical sector is in one particular type of product or service we are providing. so while we may not be sort of

the major interdependency, we touch a lot of people in a lot of different ways as we started to discuss here. we can impact the health care industry. we provide medical oxygen and things of that nature. we support other aspects of chemical and oil and gas production through the use of nitrogen that's used within their processes. and then clean water, you know, the availability of chlorine used in our water disinfection and wastewater treatment facilities is absolute a critical. so we are unique in a lot of ways and we may not be, say, at the top of the critical infrastructure list, but we touch so many different people across the supply chain, across our economy that we are, in fact, a very important part of the american economy.

>> want to transition, please see the interdependency that exists and in dealing with in particular the cyberthreat. we would like to get your perspectives from each of your sectors of prospectus now, first on information sharing and what that means for you. because i think it's been clear through the discussions that we've had today that information sharing for one group or company or sector may be completely different for another. so dennis, let's start with you from the electric sector, you know, what are those things that you need from your sectors perspective to effectively manage cyber risk? >> well let me just back up just a second on that because at some point we talk about differences uniqueness we do have isac and other threats, sharing things set up by these verticals if you will. and you just want again, we refer to excellent a selector.

this is only one of the types of energy generation anticipation of utility we have. we have nuclear, gas, fossil fuel, wind and solar. so that if you break that down there's different organizations, different sharing aspects for each one of those. and we also then have a trading floor and we have billing for customers and we have interest my financial services specter. we can't to incident response for any of our either physical or cyber instance we come across without our telecommute haitian partners. it's interesting to see what's affecting telecommunications and how that affects our networking and our i.t. infrastructure as it works over the i.t. portion. from a chemical perspective, too. i'm new to the energy sector but i'm sure we have quite a few chemicals we use. and so that's a long way of saying the sharing that we have, in particular areas is good but if you got a workstation that responsible for cybersecurity

across the entire corporation, from information technology aspect to the operational aspect, and you add executive transportation whether it is fleet or eric out, things like that where there's a platform, i.t. aspects. it's a lot of different sources of information coming in, and a lot of times it's the same threat to the act with a different motivation, after different asset with a different outcome that they're expecting to have. so that's what i alluded a little bit to the interdependencies also that i have any other sectors is the threat after me also become at the same time from a financial perspective and not just after the energy grid. so it's a challenge of getting around all of those types of aspects, bringing them in and working that across the organization. timeliness and definitive is a wacom and to think it was going to increase my wish was one of the areas and we talked about and i think i'm even, admiral

rogers talked about the elements malware. when we talk what information sharing we focus on malware type indicator, whose the threat, those types of things. some of them reacted, sometimes proactive but another valuable thing is trying to move left of these activities and i would like to see increase opportunities in the future also get the bill signed, but for stepping forward. things like lessons learned from past practice, prototype result to the department of defense and the intel committee, darpa and i spend billions of dollars that would be relevant to all of our capabilities and the things we would like to deploy to present these aspects of happening to her information technology or operational assets. i think it would be one of the next steps. we talked about, i don't know feature today but i read ready couple of his articles, david carrera i think it is, and he talked one of his recent articles about engineering out the cyberthreat. that aspect of actually increasing sort of from working on workforce, training and

education, investing in security and engineering. >> sure. so information sharing, the oure energy is out there like the national cybersecurity center coordination, nccic that we participated. i know we literally have people on the floor of nccic we cohosted with the dhs, working information sharing, we have a committee patient's isac information sharing and analysis center that shares information today amongst come with and making notation notations commit is also cross sect notations committee but is also cross sect in china gaza through dhs. we participate in a variety of third party information sharing groups that are outside of government, groups, ad hoc groups a pop-up that the with different types of cyber threats. they are are paid and free resources you can purchase information from like shadow server.org. a wide variety going on now. i think could be better. that's something we're trying to

work on. .. it's really looking more specifically of technical information. in terms of how power sharing information can be proved i think that the senator already

talked about it today. we have long supported the information sharing legislation and we think that clearing up the legal framework on the cybersecurity in particular will go a long way to enabling the new capabilities in the information sharing that just doesn't portend is the actual authorization to stop the threats a lot of what we do today is covered under exceptions for network security and we would like to move it away from being exception-based behavior to something more encouraged behavior that says these are activities we would like you to do so that we have clarity in the law. >> in the regulatory perspective the financial service has been

around since before 9/11 and it's recognized as one of the most sophisticated from an information sharing perspective. what specifically does it do to encourage information sharing among its members and what is the relationship like with your government partners? >> of incredibly strong and as well as the dhs it builds a trust network eventually between individuals. we are not unknown to hire them in the financial services and move them over because of those relationships, so that's just a few threads. i think that is first and foremost. but that has done is enabled us to take information and make it more actionable because one of

the things that gets accomplished is the financial services operator can tell the folks on the government side whether the information has meaning and what meaning it does have. not just here's just here is a threat have a nice day but what you can do a associated with that threat. i think that is huge. i think that they've made an excellent point when he was talking about the data and we have a problem to some degree that we are faced with having so much data within the threat environment but it's hard to comb through all that data to make a determination of what part of the environment is impacted by a particular thread and then what should you be doing associated with that and so we recognize that and so some of you may be familiar with a

couple of protocols. one is essentially html and allows you to essentially tag the threat information and what part of the government is being affected. the other part is called taxing and it is essentially what it sounds like it is the method by which the information can go from a to b. to the financial institution and the financial institution has tagged their information appropriately. essentially it can read from a computer computer to computer the threat information. that's something which is a significant initiative within the financial services industry. it's going to migrate to others as well and it's become the standard and i think that it makes sense for that to be the one standard that you were talking about earlier. from machine to machine so that

we can spend more te doing the analytics and the mitigation and what part of the threat really impacts our environment, so. and in the course of the last three years it's going for them when you from when you have information or get information from the institution by you already have so much information that you actually have to figure out ways to automate more effectively for the meaning and then also by the way working with the government partners and building the products so the joint products out of the bureau and the fbi of words have been coming out of associated with various types of attacks against the services are co-authored by the industry so that gives us more flavor and more actionable. >> on the chemical actors stand point, do you think that you get

actual cyber threat information through the sector relationship and the business to government relations? >> what he said. so, that is a good question because it's something that we are currently dealing with right now. i mentioned earlier the acc has a program. with the folks in the chemical industry that have a particular interest in cybersecurity, and like i mentioned, we had a cio roundtable activity within the industry to share information and things of that nature. they are currently piloting the chemical outside that began in

the latter part of 2013 and it continues today. we are working closely with the dea checks chest and one of the issues that they are trying to wrestle down to the ground is how do you separate the weak and how can we get specific actionable information to the hands that need to know this? it's been a challenge to be able to do that effectively. i think we started out in a place where it was a data overload and what happens is you start losing folks and when you get all this information, it's hard to really kind of keep this interest when you are just getting by -- fed by the fire hose kind of thing things that we are making progress in that area. we are not there yet.

we look at probably the middle of next year where we are going to have a solid and a place where we can start to broadly stand that off and use it across the chemical sector. >> you each come from sectors that are highly regulated and that adds another layer of complexity earlier in the discussions this afternoon admiral rogers had actually mentioned this. now we have the federal regulations to deal with and particularly those of us that have utility commissions etc.. so why don't we explore that a little bit, what is the multiple layer of the regulatory environment how does it impact you from a cybersecurity standpoint in terms of protecting the network? stomach every one of the examples we can use is, you know, the efforts that have been underway over the last i guess

it's been five or six years now to increase the reliability based on the instances in the past. the critical information protection program in place operating base line right now against version number three which is an entire program to protect the cyber assets. moving quickly we had a new version that is in the draft but the ink is starting to dry and we have to implement a badge by 2016 serious about as driving to the entire industry to the scope to now looking at the operational operational assets it really starts to then look at opening up the eyes and the aperture and the internet of things not assuming that things in the general air gaps now that we are putting many more things into the environment and doing

things for the efficiency perspective and we are deploying more types of components that you can do remote access to even even the white earbuds access points into energy sector is doing these things to increase reliability and decreased cost and provide a better service reliability. so all of those are on top of the normal aspects that we look at. the industry focused on a culture safety because of the high-voltage area high voltage area in the electrical industry there have been injured into areas and other generation plants there've been some fatalities and so they really have inculcated to safety across the entire energy sector from top to bottom. when you add these relations on top of these and start to shift a little bit the organization tries to get a culture of

compliance because you have to comply with the regulation. the cybersecurity cares supplies are running to catch up because it's not just safety its security and then from the compliance perspective it is a compliance doesn't secure but if you don't have that culture of cybersecurity then you don't see what some of the different are from access management so it really adds that level of complexity to try to shift from or add a culture safety to the culture of the cybersecurity or the cybersecurity and raise it from a heads down and compliance perspective. one of the other aspects that we

have is for some of these regulatory bodies, you find something yourself and report it, then you are still fine or you are given another activity instead of being congratulated for actually going through the process. finding something, fixing it in a best into best practice and then saying to make sure we have a process in place. so that's one of those aspects i know we have had some conversations with including a people that were another act sass locations where this started and they really did want to be implemented into some of these are regulatory bodies but it's a matter of fact right now that we have to deal with and it does affect the performance from a security perspective. >> it's interesting as we look at things such as the transition to the smartcard which is

hopefully leading to more efficient become a better service out of our homes and we look at the standpoint of where you are delivering all of these mobile devices that folks want to make their lives easier and more convenient and we tend to open up a whole new set of vulnerabilities which is complicating particularly from the regulatory standpoint because on the other hand you have the regulators wanting you to hold the line on the rates etc. or we're finding all of these new uses for all of these new devices and what other challenges are you seeing? >> most of the work that we do is through the communications reliability council. it's actually a voluntary set of standards so it is a success organization on the network

reliability in 2006 that identified the practice at the time it was a success organization and the best practice efforts to update the cybersecurity standards so back in 2011 we published a working group that together the best practices identified 397 cyber practices. they are to be confirmed in the cybersecurity form so i am the chair of the white airline group in that effort and we've been trying to pull together how does the framework set up lighting the principles to the sectors of most of the work is done through

citrix. we have the federal level in all 50 states and potentially internationally it was very daunting and i don't think that it would be fixed if. and our general thoughts on the regulation security has been that the threats are constantly changing. the best way to deal with cyber security is risk management and it's constantly evolving and not check the list you have to comply with and to the extent the government encourages more of the regulatory standards regime, you end up directing people who would otherwise be dealing with ongoing risk management and the threats to the compliance behavior and i'm not sure that's the incentive that you want to put in place.

>> enough of the the leaders essentially take over the cybersecurity -- not that there is an important -- >> and reacting to the current real-time and involving the plan i have to do all this to check the box and i'm not sure that's where we want to be. >> via one comment that got everyone's head nodding is that the comply against is not equal security so that is a culture change as you're saying. so in the financial services standpoint, how for example through those are you encouraging that called church of reselling and see not just in the compliance and the financial services sector? the >> it is fairly well baked in the regulatory process as well because there's a recognition that as it relates to a lot of things in financial services that particularly talking about information security and data security which is a component but it has to be risk management

based. it cannot be compliance-based and i think that lends itself to the environment we've been talking about where you can even shall he continuously review how well you are doing, what the threats are, what you are mitigating against the threats and what is your risk that you haven't been able to address and how are you going to because it is a new risk. that environment is and that her going to change and its more sophisticated not less sophisticated and so i think that it is going to be as we try to deal with vietnam scrutiny from all these different levels to maintain that kind of culture from a regulatory standpoint. we have increased interest by the states particularly the state of new york in terms of the firms into the commercial banks as it relates to a third-party risk management.

we have continual interest from the european union and other international entities as well and one of the good things is that they are pretty purely interested in this framework and you heard from adam earlier that he's coordinating the work that is being accomplished right now and we have to try to understand how the framework might have meaning not just in the financial services oversees but in other cybersecurity sectors as well. so i think that's going to be incredibly important to try to ensure that we have as great a uniformity as possible because you not only have to look down towards the states but also look at the international level as well which is going to be an increasing challenge a year

behind so i think to the extent we can take the lessons learned in the united states and apply them appropriately overseas will be well served. we have enough of a challenge trying to ensure that the states , the federal reserve, the fdic and the comptroller of the currency are on the same page as it relates to these things and i envy those that have one body to deal with as it relates to these things. sometimes they act in concert and sometimes they act alone if. and that can be somewhat problematic on the occasion. >> sometimes it's difficult to see where we've made progress on the regulatory standpoint. they are still looking at it in the chemical sector standpoint we have the chemical facility and take care anti-terrorism standards program where the industry has gone through quite the wringer in terms of having to comply with the regulatory standard and then whether or not it was being followed up on from

the dhs perspective was in question. that's yet another layer that you are having to deal with. >> absolutely. i think that's the experience for us really kind of demonstrates it is a cautionary tale for policymakers who think they want to regulate the industry and go too far particularly in the cybersecurity realm. i kind of look at it as a static approach to try to fix a very dynamic threat that exists out there today. so i echo the comments of the colleagues appear in the panel and the right approach to this is a risk management approach. one of the ways that they deal with this from that perspective is through the responsible care program.

responsible care is a continuous improvement program that's required of the entire membership. it requires third-party audits on a basis and since 2001 we have a security code elements that was added to that and addresses the cybersecurity as well. we are currently taking the speed of an framework and giving a mapping exercise in identifying the gaps and so we can better bring the code up to the current state of technology and the gaps and anything of that nature. the regulations address what i would consider a small segment of the issue and through the industry programs like the responsible care for instance, we are able to cast a much broader net to make sure that there is at least a base level of security practices out there that address not only

cybersecurity but safety as well. >> because the sector gets an awful lot of credit for the collaboration not only in the sector but others through your experiences if you were advising a sector that's just coming along and trying to build their infrastructure for the information sharing collaboration, what lessons do you learn that could be applied to other sectors? >> for one thing it has assisted and helps run the isac that deals with large facilities in the country and large buildings. and we have helped other isac ramp-up. and i think the lesson that i've learned more than not is that there needs to be within the sector a set of individuals that have a long-term voluntary

commitment to the effort because there is an aspect which is public service and there is aspects to this which might not be necessarily attuned to the day job when you're talking about the members are vital to the operators that are the ones that are going to know how things are working at the organization or not and what the threats are or not. what you hear sometimes is we need to focus internally for a while because the fact that so much of the effort on the external organization might not necessarily be as appreciated internally as it necessarily should be. so, i think that it's having those individuals with a level of commitment and building up a

network is a precursor to success because that build trust between individuals as well as provides the sweat equity because it is only to the extent you have trust between individuals that share that information that you can have an effective information sharing environment. i think the other piece is that you need to ensure that you are able to have the individual company providing information maintained control of the dissemination of that information. they need to be able to control that information whether it is attributed into the information goes to and about violations of that protocol needs to be treated with -- we kick people out of the club because they violated the information sharing protocol, because it seriously impacts the ability to be able to effectively share information. so it starts with the individuals building up the network and it creates a trust which is necessary to have effective information sharing.

the associations play an absolutely vital role in terms of pushing the individual members but also providing redundancy in terms of information for those that are not involved. we do not pretend to know whether or not a particular individual's member is joined or is not. and we are going to shoot them the information of the critical portability anyway because in this case redundant is good. so we have a measure of success first of all the environment where it is effectively shared that it's made to be actionable and pushed out to the entire industry. >> chris from the communication sector standpoint i think a lot of people may not know that one of the most long-standing public relationships is what the communication sector in terms of the national communications system where you've got the government and private sector working hand-in-hand together.

how has the sector been able to leverage the experience over decades in terms of cybersecurity preparedness? spinnaker i was going to start with that. >> by way of background, your mission to the system is actually started in 1962 after the cuban missile crisis. so we've been partying with the government for over 50 years now into the national security matters there are three prongs to that. there is the national security and that provides policy guidance to a variety of different security issues, so with that the group is comprised into my national security matters. one of the recommendations was the formation a few years ago

and it's also written reports on the dependencies there was a report and the energies of there are things that the policy level for quite some time now that has incorporated cybersecurity into the work and the second prong is the planning so that's where the concept council sits in and that's the group that i serve in a variety of others and it works on the planning function so they do a lot of organizational planning and how they participate in the different exercises so it's things like the cybersecurity framework or whatever kind of planning functions are going on and then at the operational level the third is the fbi wide variety of information sharing groups and the operational side of information sharing. so those are the three prongs and we have incorporated cybersecurity through each of those elements over the last five to ten years and we are continuing to do so

>> in terms of information sharing i think one of the challenges most of the sectors have is that you're not only dealing with just one government entity in terms of receiving information, you have the intel agency of the dhs, you have all kinds of entities that you are working with. in terms of streamlining streamlining the process well streamlining that process what would be helpful from your perspective in terms of getting information as timely, relevant and actionable from the cyber perspective? the >> here is your wish list. easy answer you get a directv from fort meade. >> okay. independent of that, we have to keep working on that. there is not an easy answer for that.

part of it is getting back to as we discussed paying attention on not just the data into the technical information, but the actor and the motives because a lot of times we get stuff, we get the signatures and the elements into some of the details but before we know what happened to somebody else which is good. we have a model that we go through to flush out where we are with the tools and capabilities where we look at the actor, the motivation committee action they are going to take, what assets we think that they are going to after a week ago after two achieved their objective and once we try to understand all that, then we have the strategic intent of the response together. and so when you get a technical bit of information it doesn't really help you all the time understand the actor or the motivation is and it definitely doesn't help you start with one

of the cyber assets that they are going to go after. and it definitely the risk management approach outshine and management if we don't have a way to anticipate or model the outcome of the impact and the consequence would be. so we definitely need to figure out a way to get some of that really highly actionable data that we know it needs to go out now because it is highly exploitable and we need to update and see what assets may be not only vulnerable but susceptible to that type of attack mechanism. but if you backup from that, i think add a little more depth to this and understanding, that's the question that we get asked all the time. we are lucky the frontline board of directors get it and one of our sources of the resources of intel our sources of intel is our ceo and others who will say we read this this morning.

what do you think or did you read this? so we get things all the time. >> we have to work to come up with a risk management decision on the cyber engineers i have on my team and cyber architects are very professional, very good but also very risk adverse. they would like to drive the solution down and put it exactly where it is and then put things into what is the critical information and what is the most potential outcome. >> what you're saying sounds an awful like what the admiral was saying they want from that perspective in terms of getting that information. if you want to be flooded with the data it comes down to those key elements.

>> i talked earlier about the technical things that we look at on the network side but we also do apply the context of overlay to understand more about the attacks. it's not coming is actually the context of what is going on. >> from the ceo of home depot or target, candidate do that to us. it's not what was the signature to affect the system to stop that. >> back a couple of years though before you had that ceo interest it is an obligation to do what you just said. if that is if it is contextualizing the information that it is digestible. they are going to ask the questions and we are glad they are asking and resources are now

being deployed in a greater degree than they were in the past because there is a greater recognition. this is an important matter and so i think that is a real opportunity for us to take advantage of to further protect the environment. >> the sector has done an awful lot of drills and exercises it does them regularly involving the leadership. can you tell us more about how you conduct does and who were the other players that were not in the financial services involved in those exercises. >> i'm happy to. we tested that and i'm sure the other sectors do as well to avoid another exercise from a lot of different organizations. they are getting better. one of the things we recognize

as we need to expand in a greater degree so that isn't just financial sector participants and we've done it with the merchant environment as well for instance. we have joint exercises within the small business for the last four years to understand our mutual areas of concern. the other thing that we are trying to do better is also an after action analyst us. everybody wipes their brow after words and then goes on. the learning was worded you do anything associated with that and make your organization better. we will do a better job on the to-do list for 2015 in terms of after action exercises.

so we need to ensure that we have the appropriate players in the exercises and also we apply the lessons associated with those exercises and do a better coordination of exercises as well because sometimes there is a redundancy associated with them and there are a lot of international exercises as well. so the larger institutions end up having a hard time coordinating the testing that's going on. that doesn't mean you don't do it. the other thing that we've done recently. it's an exercise in a box. there's a recognition that we need to be able to ensure that

all different types of financial institutions regardless of their size and client base have the opportunity to be part of these exercises as well. >> it's not the size of the company. >> let's turn to the speaking of an framework. it's been a topic of discussion. from a chemical sector perspective argues being your members implement a framework and what's been the reaction to manifest itself? is exactly what we need today. it's exactly what it says it is. it's a framework so it kind of sets the table for a dialogue that can happen across the sectors, across large and small companies and can be adapted to

fit the unique needs as they mentioned it is very diverse so we understand that there isn't a one-size-fits-all application. the other thing that i would say from the perspective is that in this framework it maps well to the responsible care program and they are both frameworks, they are both management system types of programs and they help companies do something in a coordinated fashion and the organizations to assess the risk and to address the risk in a way that fits their need specifically. the voluntary nature of the framework presents a very openness to it and it invites people and companies and

organizations in whereas a mandatory approach to this particularly at this stage of the game i'm afraid of what actually put people away and push people off. the framework has the capability and i see this already in my membership. it stimulates the industry. it sets a framework and now companies are taking this and adapting it and building off of it and pushing the envelope forward. that is exactly what we need today to help thwart this cybersecurity into cyber threat from a chemical sector perspective if you ask the company is what is the greatest cyber threats that they address today i think that is largely

due to hear the theft of intellectual property whether it is coming from an insider threat or external threats. many of the members are involved in a military contracts. there are folks domestically and overseas that would like to get their hands on that information. so, there's a lot of folks in the attention and framework that helps address those issues to the companies and like i said, it's a standard language the companies can use that companies can use across the organizations and at all levels in the organization. >> and i bring this up to the group are you seeing the members of your sector asking folks in the supply chain for example who are key partners partners and

stakeholders to adopt the framework as well are you seeing that happening? tag as an industry we are required to hold our major supply-chain partners to the same security standards that we as companies have to abide by and how you monitor for that and how that gets accomplished is sometimes difficult and regulators are actually requiring the continuous on a the turning of the larger vendors now if from the standpoint of information and data security. so the larger banks are bustling with what that means and the community banks are trying to understand how they have the leverage to even be able to accomplish that. but i do believe it is helpful in that regard because what by service level agreement or

otherwise what you can do is try to essentially apply pieces of the framework as having said that it's just a framework and so one of the criticisms of the framework is that it is not very much rector of him. them. it drives down the standards that you can't really benchmark against other companies very well. scoring associated with it might tend to be somewhat subjective in nature but i think that the common language alone is very helpful because you've got the financial services space and any space in terms of the sectors almost a various level of maturity in the community. that could be a vendor that is immature as a company because there are technical companies that do not have a lot of

maturity associated with them and they don't necessarily get the fact that it does cybersecurity is front and center as an industry player. so i think the short answer is yes. the larger institutions are using it and if a community banks are looking at it as a way to talk about security with their core processors who are particular to their operations. >> as it was said earlier this is something that would seem appropriate given the nature that it changes itself so speedy love and framework 2.0 might be necessary. >> here we are third in the summit. let's imagine that we are

sitting down here connecting the panel in october, 2015. if you could wave a magic wand proving the collaboration both with your sector partners and the government what would you like to see a year from now that could be accomplished? >> one of the things i experienced but haven't had the chance to experience from the energy sector i like the things he said. general alexander said about defending the nation and if called upon by the president and secretary of defense to provide the capability for the critical infrastructure i am not sure how much exercise, there are good or bad but especially a combination

in the baltimore area strides power to some of the customers in the area and whether it's los angeles, new york, chicago i'm actually going through that exercise and then having some of these things in place. we would know who do you call and we have the explanation and do they parachute in to help you on sight or do they do it from fort meade or are they doing it remote to have that say not if but when the major attack against the grid takes place either from the rogue nation state that if it came to that point if blood -- you can't expect them to be prepared enough to basically counter and

advanced nationstate to make sure all the mechanisms are in place through congressional, legislative, legal, regulatory, so that we know exactly how to do that in place that i would sleep better at night and i think a lot of people in the energy sector would feel better if they knew that that was locked down and the eu could rely on it. >> i would say more of the same. i will strike the optimistic view today. i would like to see that legislation passed. i don't know if that is going to happen or not. but if you pass that information it's helpful as i mentioned earlier the key part that isn't discussed is the authorization part of the bill that would allow for the network monitoring and the countermeasures so we would like to see that move forward and i think they changed

the paradigm that we will see if the congress does anything outside of that issue. we are going to continue to see the same things happen and i think nst will do the workshop tomorrow. and in the one just released today talk about the establishment of that group that can work on the internet security issues and intranet security issues and we would like to see that under way. there could be more work done on that. i think some of the partnerships are going to grow and there is a lot more understanding of the interdependencies and the need to do that there. i think that we all realize that and that will grow so it'll be a similar conversation that we've been having but things will continue down the path and also we will continue to see more

cyber attacks. it's going to be what can we do to protect ourselves and why ... same time dealing with these ongoing kind of facts >> i think a lot of what will happen is based upon existing statutory authority and that's one of the other cybersecurity bills going around right now that we haven't really spoken about. it's well hanging fruit so i went into the surprised if it does pass but i think the dhs should be recognized for what they have to do in the building that specific legislative authority which is hampering the ability to bring sectors in. once that is cured it will be easy to bring the others in and then i think what you will see

is a level of maturity associated across the sectors but also between the public and the private sector which will be essential because i do belief that next year we are looking at more sophisticated threats than we have seen this year. that is the only given that you can take away if the environment is going to get dicey. >> if things happen will make it much tougher to get the bill passed in that type of environment versus now in the lame duck session they can come back. >> or it will be passed and it will have elements that will not be productive. >> first things first i need to throw out kudos to the table. matt at the chamber has done a

great job in leading the coalition of the groups, an impressive set of individuals that have been pressing the congress particularly in the senate and educating them about the importance of the secure information. >> we are all moving together on this one. >> my vision next year we have a passed bill that provides a protective environment for the sharing information and as a result of that we will have more robust sharing happening. we will have a completely formed isac operating under the protections that the bill will provide us.

we will also have integrated the framework into our continuous management program and responsible care program and that will begin to measure how effectively the members are implemented that program. last but not least if there was a statistic thrown out about the increased number of cyber incidents as. next year i want to see that trickle-down but i'm a dreamer. >> there's one thing clear what is the private sector giving on private security? are they invested in this and you have all demonstrated that a huge amount of resources and certainly from a knowledge

partnership standpoint you were investing in the relationship not only in your sectors and in the government. with that we will wrap up and thank you all. [applause] thank you, gentlemen. great panel as always. i want to say thank you to all the speakers today i think everyone that we invited her to come accepted the invitation. we have great members of the chamber and you can see the subject matter experts as well who are very fortunate. i want to say thank you for sticking around and does cyber campaign is thus cyber campaign is going to continue to find out more information and look at cybersecurity advocacy.com. we want your support we've got your support and want everyone to be part of the campaign. stay tuned. more to come. thanks again. [applause]

we have more campaign 2014 debate coverage coming up. here's the lineup for tonight on the companion network c-span.

republican congressman rodney davis and his democrat challenger that recently for a debate for the state's 13th congressional district seat. the 13th district is located in the central portion of the state and includes champagne, medicine and verdana. of the rothenberg political report and vocal rated this leaning republican. this is about an hour. [applause] >> welcome to the 13th congressional debate. i'm your moderator. we wanted to make this debate different from others you've seen. we are going in-depth on a few topics to get to the heart of what the candidates belief. there are no podiums, just the two people that want to represent you in congress to read with me introduce them now. republican rodney davis and ann callis. asking the question for tonight's debate the news gazette and hannah michael from

will. my role is asking for clarification to keep things moving forward for all of you and for the studio audience. during the debate you are also going to take questions from the viewers on facebook and twitter and just use the hash tag 13-14. it's been about a year since the launch of insurance exchanges under the affordable care act. we are going to start on that issue. congressman davis has the first question. >> you have pivoted from wanting to replace the affordable care act. i don't believe that i have pivoted at all. i have been perfectly clear and i would before replacing to make some fixes to the affordable care act. my latest was the high year more

heroes act. it came about as an idea from my veterans of assistant advisory board from madison county illinois came up with the idea to ensure those veterans who are you seething their health care through the department of defense wouldn't count towards the affordable care act 50 employee limit. that would be to hire more veterans, hire more of our heroes. it passed the house of representatives with only one no vote on the house floor. you can't get much more bipartisan than that. it's in the senate waiting to be heard and it passed the house again as house again as part of a larger package and it sits in the senate along with 380 good pieces of legislation, many commonsense fixes to the affordable care act. >> getting to the health care act what would you change or repeal tax

>> i am proud to be talking about that change. i want to make sure we put together a plan that isn't going to cost consumers more. when you look at the affordable care act of there are many in illinois that signed up for private policies. about 185,000 individuals are estimated to have lost their coverage before. they promised that they could keep. those are the kind of changes that will cover pre-existing conditions and we want to make sure that we have a lifetime cap gone. and the youngsters that can find a job are able to stay on their parents insurance plan until they are 26. they are good commonsense provisions that we can't continue to see families have to pay more. and in the first year besides the fact that 2 billion was spent on a website, many families especially women over 55 are paying an average of

$2,128.00 more per year. the increased cost on families have to stop and that's why i want to do whatever i can to make the fixes necessary and many of them are in the united states senate and they need to move to the president's desk. >> are there parts of the wall that you would like to see changed that the congressman has suggested? 's >> he's developed political amnesia because he voted to repeal and also shut down the government to the tune of about $240 billion because he didn't like the law. but traveling around the district people do like parts of it and i've heard as it unfolds having become a candidate when it first came out and now traveling around, people like that they can stay on their parents insurance policy on till they are 26 since we had the nine colleges and universities. seniors like the prescription drug card on the savings of up

to close to $2,000 a year and no discrimination against pre-existing conditions so they do like that and i hear more and more stories. for instance a woman came to my office about a month ago in five or six years ago her son had developed long hodgkin's lymphoma. the treatment was enormously expensive and she told me that her son finally passed away and she said she firmly believed that if the aca were in place at that time her son would be alive. i hear stories like that so we have to keep in place but works very of 14,000 people in our district. have insurance now that they didn't before. so to take the congressman and his position to away from 4,000 people isn't what we should do. we should see what works.

and what i would do is travel around the district and listen. opening it up, listening to what people are saying. then we can fix what doesn't work. .. >> m oderator: of course, we have people signing up more medicaid

and subsidies, but for those that see their premiums rising, what can congress do to fix the law to make it more affordable to people? callis: well, one woman came up to me who's nebraska had insurance -- never had insurance, and she's terrified that's going to be ripped away from her if the republicans have their way and repeal the aca. so again, it's listening, listening to the people and how we contain costs, because that was the goal of the aca, is lowering the costs. so what can we do to lower the costs? and just listen and get to work. >> moderator: but you don't have specifics in mind right now? callis: well, yes, as i had mentioned before, we should be able to with companies that are 50-plus companies should be able to possibly receive some of those subsidies, and people should be able to stay on their own insurance, and i think that would lower costs. >> moderator: and congressman, same question. if the goal of the aca is to lower costs for people, do you

see that happening? davis: well, if we're successful in changing and replacing the affordable care act with a much more market-based approach, it's going to continue to cover pre-existing conditions, continue to make sure there are no lifetime caps, continue to make some common sense changes like the ones that i've offered, like the hire more heroes act. you know, i appreciate my opponent reminding the viewers that i voted 50 times to either repeal or replace or change the affordable care act. it's actually 54. i guess i would ask my opponent which of those 54 votes would she not have taken? what would she not support? what would he support? these are common sense changes that we've already tried to implement, and that's exactly why i'm going to continue to fight to lower premiums. and i will tell you, i'm on obamacare. by law members of congress have to sign up for their health care benefits on the aca exchange. my premiums went up. my deductibles went up.

and in my family's case, i've actually reached the out-of-pocket maximum that a family would have to pay due to a catastrophic illness, because my wife, shannon -- who's here with me tonight -- actually is a 15-year colon cancer survival. we've seen how families have to struggle to meet that maximum. those are real costs to real families, and we need to make real changes to this law. >> moderator: before we get to our next topic, we have a question from twitter. about half of this district will vote for the other candidate. how will you represent the other half if you win? congressman davis? davis: the exact same way i've been representing the entire district for the last almost two years. i believe i've gone to washington making the promise that i wanted to pass a farm bill. not only did i help pass a farm bill, i helped write it from its infancy into its final completion as a member of the conference committee, a committee where members of both parties come together with

members of both parties from the senate, and we sit down, we work out our differences, and we put together a good, common sense piece of legislation. and that's exactly what that farm bill did. we made sure agriculture remains a pillar of a growing economy, and we also saved taxpayers $23 billion. and it's those common sense fixes that i'm going to continue to do on a district-wide basis regardless of whether or not one votes for me. >> moderator: judge callis, how would you represent the people who did vote for you? -- who didn't vote for you? callis: well, this is the most nonproductive congress since we've measured congress, so it's a do-nothing congress, and we need to start getting things done. when i was chief judge, i -- in a bipartisan way -- instituted significant court reforms, started the first veterans court in the state of illinois in madison county, and i'm glad to see that congressman davis has shown an interest in our madison county veterans. but we started that very

rudiment aryly. when i put a committee together to student an innovation or reform, i never cared if that person were republican, democrat. what we did was put the best people on that committee to get the job done. so, for instance, we were able to create the first veterans court in the state of illinois. no taxpayer dollars, recruiting the best people to be a part of that program. it has grown to be a model for our nation. hundreds and hundreds of veterans have gone through that program and graduated successfully. they don't reoffend. as a matter of fact, it was nominated for a national award by congressman shimkus, and it won that award. also i had two -- a few months ago i was at an event, and i had two vietnam era veterans come up to me separately, and they told me it was the first time they felt like someone carried about what they were going through. so i think i have a record of

reaching across the aisle and getting things done, and that's exactly what i would do. i always had an open door policy as chief judge; listening and then acting. >> moderator: all right. next topic, this is a big one, jobs and the economy. hannah has the first question for judge callis. >> there's a push to increase the federal minimum wage to $10.10 an hour, but the congressional budget office says that a hike could lift 9 t 00,000 people -- 900,000 people out of poverty, but it also suggests half a million could lose their jobs. and, of course, some small business owners say they can't afford it and they would have to either layoff people or push the price on consumers by raising prices. judge callis, do you support an increase to $10.10? callis: absolutely. i have traveled around this district, gone to many, many community centers. people are choosing between food and diapers. people are going to school full time and trying to better themselves, and they keep falling further and further

behind, beneath the poverty line. so it's time that we raise the minimum wage in this nation. six out of the ten minimum wage earners in the state of illinois are women. many of them heads of households. so, absolutely. and then when we raise the minimum wage, these people then are moving into commerce and spending money and reinvigorating our community. so it's time we raised the minimum wage. >> is there anything you would want to implement to offset the costs to businesses who might struggle to raise that wage for their workers? callis: i just think it's time we raised the minimum wage. now, again, as chief judge i listened, had an open door policy. so if i would, of course, listen and see what was going on and see if actually businesses were costs were raised. but fundamentally, fundamentally it's time we raised the minimum wage. it's time. i hear it from so many people in the community centers, traveling

around our district. and it's just time. >> and congressman, same question to you. do you support raising the federal minimum wage to $10.10? davis: i've been clear, i would support it as long as it was paired with some offsets, some tax credits, similar to a bill i introduced with a chicago democrat to allow for tax credits for businesses to hire young apprentices in the trades and labor section of our economy. we need to grow infrastructure jobs. i've said all along we need to offset these costs because of the congressional budget office estimates. that's not necessarily the most partisan organization to. it estimates that if the minimum wage was increased to 10.10 without any offsets, 500,000 families would lose that minimum wage job. i don't want any family to lose their job. we need to continue to work together to find the solutions to grow our economy. illinois is lagging behind the rest of the nation. as a matter of fact, illinois over the first -- over the first seven months of this year has been last in job creation

because we have a disfunctional government in springfield. we need to make sure that we work toward creating real jobs. and i'm happy to be joined by my dad here tonight. my dad walked into a restaurant, a brand new restaurant in 1959 called mcdonald's. and he started working what was then a minimum wage job. started flipping hamburgers and shucking french fries and had no intention of ever staying there. my dad worked his way up, and because he did that, he allowed my family to achieve the american dream. and no young person should ever listen to a policymaker who says that you should turn your minimum wage job into your career now. because your career should be the american dream, not keeping the job that is paying you minimum wage right now. and i go to colleges and talk to many students, and i ask them to raise their hands if they're on minimum wage, and they do can. i say how many of you want to make it a career?

not one single hand is raised. speaking of colleges, it's going to cost our universities and colleges in this state millions to implement any minimum wage increase in a time where the state is not fully funding higher education. it's a time where students will have to be laid off from a job when they are working so hard to help pay for their ever-increasing costs of college education. >> judge callis, the congressional office we were talking about earlier reported that the lowest earners in the middle class have lost ground over the past three decades while the income of the highest earners has grown sometimes by three digits. is it the government's role to address income inequality, and if so, how would you do that? callis: well, i think one way to address income inequality is raising the minimum wage, and i don't know who mr. davis is talking to with these student ises that say that their career to have a minimum wage job just

because the minimum wage is raised, it will raise them up to be able to afford to attend college and be able not to fall further and further behind in the poverty line. so i don't understand that. and i heard him point his finger at dysfunctional government in springfield, but how about the one in washington, d.c. today? so i think i that's one way that we can address income inequality. also it's time that we pass the paycheck fairness act. i talk to many, many women around this district, and the fact that in illinois 70-plus cents on the dollar that women make is not commensurate with men, so it's time we do that. also i think that we could even warren buffett had said it's unfair that we pay, that he pays a lesser tax rate than his secretary pays. so there can be some reform in the tax code especially closing some of these loopholes for corporations. for instance, the corporate jet

tax loophole where it's $4 billion. $4 billion that could come back into our nation's economy if we close that loophole. >> congressman davis, how about you? davis taste well, i -- davis: well, i will tell you, when we look at the minimum wage and the students that i talk to, let me make myself perfectly clear. many of them work at the universities to pay their way through college. and when the university tells us that they're going to have to lay off students, that is not a net positive if they can't have an offset to that minimum wage increase. we want the students to be able to continue to work through their education. we need to also look at equal pay, and i will tell you the best thing you can do to find out on a government official or a politician as to how they view equal pay is to look at what they can control. and if you look at my office, i pay the women in my office an average of $4,000 more per year while my opponent when she was in charge of the madison county

court system had, actually, there was unequal pay of anywhere from 8-15% per year from the male to the female employees. >> how about the question about income inequality though? should the tax code be changed? davis: yes. oh, absolutely. we've got to grow our economy to grow jobs. the income inequality under this administration in washington has grown to levels we haven't seen in decades. we need to do everything we can to create good paying careers, and that's exactly what i've tried to do throughout my short time in washington. that's why i helped write and work through the entire process and make sure that it was passed into law as a member of the conference committee for the water infrastructure bill. water infrastructure is enormously important to our entire district's economy. most of the products that go up and down the mississippi river are coal and grain. that screams the 13th district of illinois. we need to upgrade our locks and dam cans, we need to -- dams, we need to put our trades and labor

people back to work, and that's the first the step. >> moderator: we actually got tweets from two university students. one is a student and an undocumented immigrant. how do you plan on supporting students like me? and another said what are your thoughts on comprehensive immigration reform that might help me? my future after graduation is uncertain even if i get a job. judge callis, how would you help these students? callis: well, first i want to address what went on in my office with the income inequality. madison county was unionized, and i'm happy to have their support, and we would cocontractual negotiations, so i don't know where he's coming from that at all. also it is time we've had comprehensive immigration reform. i have traveled around this district can, students have addressed that. but also looking at going through and touring research park and talking to the

executives at yahoo! there. they're number one. their number one issue was comprehensive issue was immigration reform. so it's time that mr. davis asks speaker boehner, who came down to raise money for him, hey, let's take up this bill and pass comprehensive immigration reform. and it's not -- it's a difficult process. 10-13 years, and people have to pay fines, and they have extensive background checks. it's deliberative, difficult process, and it strengthens our borders, and it's time. also if we pass comprehensive immigration reform, the gdp would be increased in the next nine years 3.3 % adding, i think, it's $1.4 billion into our nation's -- or $1.4 trillion into our nation's economy within the next nine years. gdp after that would go up 5%. so it's really time. and i think it's be about $1.4

trillion added into our economy, so it's time. >> congressman? davis: i've said i'm open to discussing a package, but the one that passed the senate is not going to pass in the house. we have thrown out some good ideas to move in a step-by-step approach to address many of the issues that the students at the universities and colleges i'm blessed enough to represent may be affected by. i find it just completely wrong for universities to attract students into majors where we need engineers, we need mathematicians, we need scientists, we need people who are going to work with technology, especially in cybersecurity. and i find it wrong that we don't have a system in place that will then allow them to be employed here in america. we tell them to come get educated here and then tell them to go back and compete against us. these are some of the types of provisions that we can come together on. but the far right and far left don't want to solve this problem.

we have a broken visa system. most of the illegal immigration in this country does not come from the southern border, it comes from people who fly into our airports and then overstay their visas. we have to develop a system that's going to be a true solution without playing politics. and i want to make sure that when my children ask me 27 years from now which was the last time this issue was supposedly fixed, i want to make sure that we put a solution on the table that's actually going to work to fix that broken visa system. >> moderator: which leads us into foreign policy. last month president obama and a handful of u.s. allies launched airstrikes against the group that calls itself islamic state or isis. obama recently described it as, quote, a long-term campaign. tom gets to ask the first question in this next category to congressman davis. >> somehow you've supported the president's limited airstrikes, the military action against the islamic state.

what would success look like to you, and how long are you willing to continue with just primarily airstrikes in that region? davis: well, tom, that's a great question, but i don't profess to be a military strategist. i don't have access to the intelligence that the president does, and that's why i've supported him when he has asked -- he has said he's listening to the generals that are under his command as commander in chief, and he's told us that this is a plan and a strategy that will succeed. if he and his generals and our military leaders offer up a different strategy, i'm willing to take a good look at that and consider it. i want to make sure that victory is wiping out isis. this is the most humane, radical terrorist organition that we have seen in our, in my lifetime. an organization that glorifies beheading individuals, an organization that intelligence estimates put at about 31,000 soldiers. these are people who are waging a war against humanity. not a war against christianity,

not a war against the west. because we have to remember the majority of those of who have died at the hands of isis have been fellow muslims who weren't pure enough. these are the types of -- this is the type of battle that we have to eradicate this group. and i do believe the president missed a golden opportunity to do so when isis was marching across the open desert of iraq. i wish he would have acted sooner. i was proud to support his plan before we left washington just a few weeks ago, and i stand ready to go back tomorrow -- >> how would you know you eradicated it? i mean, is there any way of telling? couldn't this go on forever? davis: well, when isis doesn't control any towns or cities in iraq or syria, i believe that that's as close as we can get to eradication. but that doesn't mean we stop. that doesn't mean we stop working with our allies in the region. that doesn't mean we stop asking our allies to take the lead on the ground. that doesn't mean we stop trying to make sure that isis do does not have the ability to regroup

and make more attacks on innocent americans and innocent syrians and iraqis. >> judge callis, a recent cbc news poll shows that a majority of americans think u.s. ground troops will eventually be necessary to remove the threat of isis, and only 20% think that airstrikes alone will do the job. do you agree? callis: well, i do have to separate my professional from my personal in this, in that my son is an army ranger, an infantry officer, he was deployed to kuwait. his deployment was extended because of the deteriorating security situation in iraq. he is, blessedly, home now, and i was able to welcome him home. but, yeah, the airstrikes i did support. i am not privy to the security briefings. my son did not tell me much, but one thing he did tell me is the sheer and utter brutal the city the that's going on -- brutality that's going on there.

so i think we need to join with non-jihadist sunnis in iraq, a multilateral approach, not a unilateral approach, and listen to our military leaders. i know and believe that we have the best military in the world, but we should not go in there unilaterally and get bogged down. but it would have to be a wait and see. i know it's a rapidly, rapidly developing situation and listen to our military leaders. and i think, mr. davis, you meant inhuman, not humane when you said humane. >> and would you support boots on the ground? callis: if our military leaders say so and if it's a multilateral approach, i would. i haven't seen firsthand. i know we have the bt fighting force in the nation. my son's now in a different unit, and i know if he is called over there, he and his brothers and sisters in arms will do the best of their ability to defend our nation. >> judge, do you think more terror attacks against the u.s. are inevitable, and if so,

should we be prepared to give up even more civil liberties than we have already? callis: well, it's a balance. it's a balance, and i hope it's not inevitable. i hope not. so i think that having been a judge, i think any of these types of processes that would continue to gather information, whatever the means, that it should go through judicial process. but security has to be balanced with our freedoms -- >> you concerned with the way it's sort of played out over the last ten years? callis: well, having been a judge, yes. i think -- a little concerned. i just think it should go, it should go through a warrant system and go through a judicial process and be -- have judicial oversight, absolutely. >> moderator: all right. up next, entitlements. federal programs like social security, medicare and medicaid, food stamps, among others. judge callis will get the first question from hannah. >> social security is one of the largest domestic expenses of the

federal government, and with this so-called baby boomer generation retiring, the cbo expects those costs to keep rising without the revenue to fully support it. so, judge callis, you say you want to preserve the system. how would you do that, and would you be open to changing benefits or increasing the taxes people pay to the system? callis: well, social security so important. traveling around this district, it's so important to a lot of people in this district. as a matter of fact, i was at a pig roast in calhoun county, and an older woman came up to me, and she grabbed my arm and said, please, do everything you can to protect social security. so i would be against any chain cpi, raising the retirement age. but i think in a bipartisan manner we could create a commission and see how we could keep social security solvent for not only more now, but for future and future generations. i saw my grandma who was an irish immigrant and came over, and she was a nurse at

st. elizabeth's hospital, and i saw her when she retired rely on her social security firsthand. so what should we keep on the table in and possibly raising the payroll tax cap. and where that is, i don't know. i'd have to listen. but it's, it would be a great priority for me to keep social security solvent. and how we do that, how we can work together and get it done. >> if a payroll tax cap, if that option wasn't politically viable at the time, do you have any other ideas of how to raise that revenue to keep it solvent? callis: well, i don't know that wouldn't be politically viable at that time. i think that should be on the table. but, absolutely, i would be against any type of chain cpi or raising the retirement age. >> and congressman, same question. what would you do to keep the system solvent? dais davis well, i want to say -- davis: well, i want to say, first of all, thank you for correcting my error in grammar. i apologize to the viewers, but i do appreciate it. and i do agree with my opponent that we need to create a

bipartisan commission to deal with social security because as we've seen actuaries say, is not going to be sustainable as is. and i hope we can have an adult conversation, a bipartisan conversation in washington to do so. and that's exactly what was part of the ryan budget proposal to do, which was to create a bipartisan opportunity to discuss possible solutions to social security and its insolvency that's coming up in about 2032, 2033. these are issues because we both agree we don't want to see benefits cut at all for anyone who's on social security, and i'm going to continue to fight to make sure that our social security recipients get everything they were promised. we need to make sure that we have social security not just for this generation, but for future generations. and, tom, i notice i didn't get back -- i didn't get asked your question. i think my voting record clearly shows that i want that balanced approach between privacy and between protecting americans.

i want to make sure that our intelligence officials don't acquire so much data and they tell us that they need to find the needle in the haystack that they make the haystack so large, they'll never find the needle. my voting record clearly shows that i've been supportive of those issues to rein in issues that are relating to our individual liberties and our priorities. >> back to social security real quick. would you be open to raising payroll taxes to keep the system solvent? davis davis i'm open to making sure we have that bipartisan commission that's going to discuss a portfolio of solutions. i've talked about discussing means testing. i don't think it's, i don't think it's appropriate that bill gates can receive social security benefits when others who are living on social security have to do so. i think bill gates would gladly give up his social security benefits to save system for those who need it the most. that needs to be part of the discussion. we need to make sure we have that adult conversation, and i hope there are some new ideas

that come out. the president stood in a room speaking to the republican conference in washington and professed his support for chain cpi. many in the room were surprised by that. so i think the president's going to want to discuss chain cpi, and i don't know if that's a proposal that would become reality orbit. >> moderator: so you both have brought up bipartisanship, but when you're in that room -- this is for pote of you -- what would be your nonnegotiable? with this, what is your top prior tie? davis: that those who are 50, 55, 56 and above receiving benefits right now have no cuts whatsoever. >> moderator: and what's your courses. callis: chain cpi, absolutely against that, and raising the age, eligibility age, retirement. >> you mentioned the paul ryan budget, can which you voted for, but you said it was an imperfect plan. are there parts, are there a lot

of parts you'd like to revise or undo or eliminate? davis: yeah, tom, there's no perfect bill that comes out of washington. and what we need to do is make sure that we judge the quality pieces of that legislation versus those that you may not be as favorable on. and in this case, you know, we have to as americans, we have to look at balancing our budget. this is the only budget that was ever offered that balance ares in ten years. i -- balances in ten years. i think that's a very great goal. >> you said it was imperfect, so you must have a few ideas that are, you know, about it that need to be eliminated. davis: i do. and when it comes to addressing pell grants, when it comes to addressing other programs that are related to saving, i believe we ought to be able to get back to our constitutional appropriations place because a budget is never going to be implemented fully into law. we need to go through and reprioritize how we spend money,

and that's exactly why we need a vision. and that's exactly what this ryan budget did. it gave america a vision that we'll have a balanced budget in ten years. and it also, it also gave us the opportunity to make the senate actually have to fulfill their constitutional duty and pass their own budget. because i proudly supported one of the first votes i made in washington was more no budget, no pay. i think the democrats in the senate ought to lay out their vision for america, and they did. because they weren't going to get paid if they did. but you know what? typically, their budget never balances and increases spending at a time when we have been working in a bipartisan fashion to reduce our deficit to the lowest levels since world war ii. it is a travesty that we cannot continue to work together to cut spending in areas that need to be cut and increase it in areas that need to be increased through our constitutional appropriations process which is the way washington used to spend money when washington worked. >> moderator: hannah, you had another question? >> yes. we were going to move on to more

about into entitlements, namelyd stamps, welfare. so according to the center on budget and policy priorities, the average food stamp recipient received $133 a month last year which is about $1.48 a meal. food stamps are just one example, like i mentioned, of the safety net for people who are struggling to make ends meet. and right now the federal government's poverty line for a family of four is around $24,000 a year which is based on measures from the 1950s. so, congressman davis, to you first. who is most at risk of falling through the cracks, and how would you change these programs and their qualifications to serve those people? davis: well, thank you very much for your question, hannah, and i made sure i was part of that debate in the farm bill. we put together some common sense provisions that insured we saved taxpayers $8 billion. there is a loophole that gave food stamp benefits to anyone who qualified for