other companies have really helped to raise awareness. .. >> we haven't confronted the problem in terms of how people actually work on the internet. how companies actually have to behave. so until we confront those problems in terms of human behavior and motivation and until we confront them as a business problem and an economic problem and a psychology problem as well as a technical problem, we are going to have to continue to flail and that actually stems from the internet and

cyberspace. it is a vast expanse of cyberspace, the fact that it touches everyone and soon it will touched almost everything and changes how people are going to think about it. when the internet was first built, infrastructure was not connected to it and didn't rely upon it. end users don't worry about the underlying security of the code, only that it worked. governments didn't understand and didn't see why they should care about it. nobody particularly care that the technologist set up the internet to be governed in a highly decentralized function outside of government based structures and they didn't incorporate strong security. but not everyone cares about these things, at least to some degree. governments are waking up to the fact that they really need to care about what happens on the internet and how it works. for all sorts of reasons both good and bad. companies are waking up to this

fact and citizens are waking up to this fact. so as a result, what used to be able to be decided on a purely technological basis by technology experts, or by informal agreements and major companies in this space is the focus of a highly political process and that means those that were once easy in terms of internet governance are now much harder. so given how important the internet and cyberspace has become to everyone and everything, it's not likely to change anytime soon and we need to take that into account as we build our policy. and lastly the third problem that i would identify for you today stems from the structure of cyberspace itself. as we think about how we have worked to build a cyberdefenses and help counter these threats and cyberspace, the physics and math play a large role.

traditionally somebody like me would stand up and talk about how the is borderless. how there are no boundaries and how information flows freely across the entire globe and that is true. and it allows for driving commerce and much of the value that comes from the internet. and it's also a problem because it allows polish attack since like freedom of movement. that includes militia tactics. there are borders everywhere. and different points touched the borders and we are creating more and more borders. i would cement to you that where it lacks is not borders and boundaries but what it lacks is an interior and there's no inside to a network when you think about it. everyone lives and operates

right at the border and touches an edge or border in some way. that reality and that physics of cyberspace has profound and locations for how we organize ourselves as a society to protect ourselves in cyberspace. in the physical world that we have assigned border security to the federal government. but if everyone lives right at the border in cyberspace, it's not possible to assign border security to just one group or element of our society. as a result it means that protecting cyberspace by its very fundamental nature is a mission that has to be shared by all and that makes organizing for cybersecurity incredibly complex because it requires us to do this across boundaries that we have in the physical world made by demand difficult to bridge inside the government and within government agencies

and among government agencies and also between the government and the private sector and within the private sector. so these are the problems, economics, politics, what are we doing to address this? and at one level we have to address the technical issues such as cybersecurity that requires a strong technical know-how. one of the things we've been trying to do is something that howard mention, it's the national initiative for cybereducation and we've been trying to take that to the next level. over the last couple of months we have linked this up and the program with the jobs training initiative. what that is designed to do is to look at how we begin to fill

the gaps in our work force. not just the technical workforce but the work force across the board and the different cybersecurity professionals that we need. so that we can actually generate the kinds of facts that we need to do the cybersecurity missions and not on only the government has been that the private sector has as well. so you generate knowledge on the technical side and also on the financial systems and law and business management and the like. universities are beginning to react by developing this program, getting computer science to collaborate with as the schools and this includes managing cyberspace in the business world and that's not enough and it's projected to grow and we are stuck where we are actually just stealing workers from one another. so what we are trying to do is address that problem by supporting scholarship programs and an effort to drop a heat map

of where these jobs are and partner with businesses and others to develop centers of excellence across the country to really increase the workforce that we have available to us. and we are working to address business economics and psychology issues of cybersecurity. that is where the framework and the court documents have been talked about that others talked about today comes in. because the framework really is the industry document. it is built from how industry has to think about and operate in the real world and address cybersecurity as part of their business. the national institute of standards and technologies led the effort, and it was one that they convene and coalesced with the best ideas out of industry about how to approach cybersecurity not just as a

technical problem but as a business and economics problem. the great strength of the framework and my view is that it's not in fact a coke will, if you open it up and try to run your firewall, you will be sadly disappointed because that's not what the framework is. it's really how you think about cybersecurity is an issue and it's rooted in how businesses have to manage risk. in taking this risk management approach, the framework recognizes that no organization can spend unlimited amounts of money on cybersecurity. but it enables a business to make decisions about how to prioritize and optimize cybersecurity in the light of the risks that they take. and it also provides a common lexicon and vocabulary to talk about cybersecurity and a common foundation for communication between businesses and their suppliers and the business and the government. so to that end it provides a new

way for us to talk about cybersecurity and to communicate and deal with it in a new way. and i think that that is where the framework will go. and i have often said that the other great strength of the framework would be when businesses and others figure out ways is the framework that we never even dreamed of when we belted and to me, that is what we are driving towards today. and of course there are other ways we are trying to address the problems among the political problems in the physics problems and we are trying to address them through information sharing efforts and many of that has dealt with these and i'm almost sick about talking about this even though i see familiar faces. and it's one that we rarely address because we really do have to move more information among companies and between companies and from the government back to the private sector. so we have started to see traction in this includes these

models coming out of dhs and providing a technical foundation for information sharing. and we have to continue to do more. that is where the administration is very much focused on. earlier this year the department of justice and the federal trade commission issued guidance indicating that antitrust should not be a barrier to cybersecurity information sharing between companies. this is a big step that helps narrow the scope of work. but there's still more that we need to do and we are continuing to look at what the options are within the administration to support information sharing and we also need to support the passage of legislation in congress. and i hope you will have a chance to hear that from senator feinstein later today that we are working closely to get that legislation over the finish line. another area that we are working on to address some of these

psychology and business aspects of it is in the consumer financial protection space. with many falling victim over the last year and millions suffering from credit card and fraud identity, we knew that we needed to take steps to make stronger more secure technologies available to safeguard data. two weeks ago the president signed an executive order directing the government's lead by example and securing transactions and sensitive data. this will provide consumers with more tools to secure their financial future by assisting victims of identity theft and improving the government payment security and accelerating the transitions in the development of next-generation payment security tools. and while there is no silver bullet to guarantee the state of security, the executive order implement security measures including credit and debit and other cards in lieu of those

simple magnetic strips. and those available on consumer atm cards as well. the president is calling on all ticklers to join the administrators and to drive the economy towards a more secure standard to safeguard consumer finances and reduce the chances of becoming part of identity theft. we also need to announce the white house summit on cybersecurity and consumer protection that will happen later this year to promote partnerships in innovation. it will bring together major stakeholders on consumer financial protection issues to discuss how all members of our financial system can work together to further protect american consumers and their financial data now and in the future. another big area that we have been working on is something that howard mentioned as well, which is the national strategy for cyberspace. and this is the administration's effort to kill this as a primary security method.

we are serious about improving our cybersecurity, we have to kill off this password. it's a terrible form of security and yet we have been unable to move past it for over 30 years. so this comes back obviously too funny of technical solutions to do this and what happens is we can't always crack the technical ones, liability, networking, and other things. and so the goal that we set up to tackle those parts of the problems and to fund a pilot efforts to get over those non-technologies to proliferate more across the echo system. i'm excited to report that soon we will have those that will come to fruition and i think we will start to see over the next six months to a year is the technology rolling out and becoming much more widely available. and that includes a great

example of the way we can make us more secure and the partnership, which has really started to show results and now we are positioned to build on that momentum as we push to accelerate progress within the federal government. and finally i would be remiss if i didn't mention federal governments own house. and this includes across various agencies and one of the things that we are focused on is improving the cybersecurity across all of the different areas. we are working hard to promote that cybersecurity is not just an extra center but his core and fundamental to be able to execute this and that in fact it

is a enabler not just for the department of defense and department of homeland security, but for the department of the interior and the department of housing in a urban development and health and human services and every kind of agents or you can imagine. including to all of the agencies across the federal government so they can do this. so as i mentioned cybersecurity is an inherently hard problem for the reasons i cited and probably more. but as a result we have made some progress as a community over the last two years and this includes the landscape in fundamental ways. he started to do things like the framework and start to address cybersecurity is a business problem. and address the underlying psychological human behavior issues that are present. we are starting to realize that we have to build the partnerships to address political issues of

cybersecurity and work together to address the physics and math and makes it so hard. so this includes one of the four horsemen of the apocalypse and i actually am at root an optimist and i do believe that we can actually solve this problem and make cyberspace safer for all of us. and cybersecurity there's no such thing as done but only better. we need to focus on making progress in this includes working with all of you to make it more secure. thank you very much. [applause] >> i think that it has been indicated that i do have time to take questions. i'm happy to do that. >> everyone is in complete

silence. >> i guess you are off the hook. [laughter] >> on the next "washington journal", the washington examiner discusses the lame-duck session before the end of the 113th congress. and then women in politics and the impact elections had in public office. and erica fry looks at how this little-known industry is hoping to treat ebola patients. "washington journal" is live every day at 7:00 a.m. eastern on c-span. >> on thursday, the longest-serving republican

speaker will join us on "washington journal" to discuss the 24 to election results and how republicans will cover in the 114th congress. you can watch us live on c-span. soon after 2015 student camera video competition is underway open to all middle and high school students to create a documentary on the three branches in you, showing the legislation and judicial branch has affected you in your community. there are 200 cash prizes totaling $100,000 for a list of rules and how to get started, go to studentcam.org. >> back to the u.s. chamber of commerce cybersecurity summit. we will look at protecting public and private

cybernetworks. this is just over one hour. >> okay, welcome back to the chambers are at annual cybersecurity summit. up next we have a great panel for you and matthew is going to be moderating this panel. >> thank you very much. i hope to leave the cybersecurity working group and we want to discuss how cybersecurity works in your lives. we are using a few words in part for the framework process, to start the process and they

hadn't been involved in that space enough space for many of the folks in this room helping them improve what they are already doing. either way it's very important. we want it to remain flexible and dynamic. the other thing is that we have three panels. the first is about the framework and we also have an international panel that will follow. and we want other governments around the world look at the framework and to consider using it. we have an effort in the u.s. and what we want is to have other governments looking at the framework and using them because we have companies here and many companies operate globally. the standards and best practices embodied in the framework

support transcending borders. for those that are operating in one or more countries, it is cost-effective, smart securities are trying to look at it that way. and their panel we will have a second discussion that allows businesses to talk about the frameworks and the interdependencies that they are dealing with some of the challenges and opportunities. just a quick snapshot as to why this panel is what it is and where it sits today. so we thank you. and so do to my left i have crystal. and then we have sean franklin with american express and then we have the u.s. department of homeland security and vhs and david velázquez follows.

and of course we have kelly welsh with the department of commerce. as many of you are aware there's a group that has been very involved to help to coordinate this process and the framework as well. so if i may, let me start off with a general awareness question in the me turn to you, pol, if i could come in to have you give your self introduction. >> thank you. as mentioned earlier this morning, dell is transforming to offer a series of solutions for our clients and public sector as well as private sector clients having to do with cybersecurity. i gets everything from this, which we would love to see the death of the password and to be

able to help our clients with that. we are working on a variety of policy issues as well as technology issues in the cybersecurity space everything from supply teams, integrity, devices that are on this desk or in your pocket, on the way back into security intrusion prevention and a broad technology spectrum for cybersecurity. >> excellent. >> sean franklin with american express and i want to thank matt and the chamber for putting us on its pleasure to be here, especially with a panel of everybody. i'm responsible or cyberintelligence at american express and my playground playground is to identify and protect category. also responsible for information security to try to advance

directives in the economic transaction lifecycle and we are going to be a big proponent of teamwork and i continue to support the ongoing improvement efforts as well. >> thank you for having me and i'm pleased to be here. i run the treasury and within that we have a critical perspective which is where we opus on cybersecurity efforts. our efforts are to act as a fulcrum between three groups, the administration and also the intelligence community with the regulatory community and so we have the coordinating group with those bodies. then we also have the point of interchange with the financial service sector and the governing bodies that they have on best

practices and to help them get input on the policy as well. that includes cybersecurity and critical infrastructure issues. >> good morning. i want to echo the sentiments. there's a bright light in my eyes, but i want to thank you all for taking your time. across the government, across industry and academia, my role is for cybersecurity is the national protections and there's a quiz on that at the end, when i looked at is that it protects our industry stakeholders and many that are represented and are very helpful to us as we rollout modeling machines and programs but also how we have partnerships between government and industries and people that you know you are going to call,

including cybersecurity across the u.s. coast guard, secret service, tsa and certainly as you can imagine the number of attacks as well. my top priority is all about building trust. with community, stakeholders, around the world and that is how he can beat an adversary to do whatever we want to with this and my second priority is enhancing situational awareness and that's where the framework would be a part of. and we will talk about that to enable this to take this to the board room.

and that includes the partnerships that we have experienced in the third priority is to roll that out to make sure we communicate that to the framework and to best practices. >> we serve about 2 million countries including the nations capital. this building is very important, especially cybersecurity has always been important. i've been down here for five years and i think over the last five years we have seen a real increase with the government partners as well. which does continue to increase and especially the maturity. including from the federal government to state government,

it has a single pattern of framework to follow without different armaments and states have to deal with that. and we will continue with progress around the framework, continued to work with government around information sharing and all that is done important. >> i would like to thank all of you for participating in this event. and this includes coordinating the development of the framework. one of the primary objectives is to increase awareness and we believe that the more awareness there is in private sector and government, the more the uptake will be and the better that this will be throughout the country. so to the end of this week, we are putting on a symposium

conference in tampa, meeting with a lot of private sector security developers as potential users of the framework and it also serves beyond awareness is one of the other principles that we believe is dynamic and changing and we are continuing we listening to develop ideas on best practices and how to implement the framework more effectively in these kinds of dialogs like we had today are very important to that objective. >> let's do this. i think we would like to hear about the framework, big priority is and i think it's time that we talk about this. let's start with this and then get a little bit of this for you. so how have these gone including

awareness, going out and visiting local chambers. what is the sense and how are your interactions in the private sector and government in what has been the reaction? >> the reaction has been outstanding in the conversations that we have been having with a wide spectrum of industry shows the general applicability of the framework and the diversity of the organizational sizes that are grasping shows that it's not just for large organizations. the way that i look at the uptake or the awareness goes to conferences, coalitions of like-minded folks, and then it

also gives the collaboration. we were having a conversation earlier about industries regulated have the chance to collaborate. i think. >> we are able to really have the ability to collaborate, we don't have the resources of a large public institution, but we are looking at the framework as a way to quickly reach the common ground. so we are seeing a good uptake from a wide variety of industries and different mission objectives and from that perspective the robust aspect of the framework is going to serve them. >> certainly with our own numbers in our cyberworking group, we found that it's something the company say this

is something that can be used internally and so let me ask, what is your reaction from your perspective to government. >> i think that we have had tremendously positive feedback from the financial services sector and it's a credit in which there are lots of complications and with the framework it's very clear that it was voluntary and applicable with individual organizations and also a strong message and when you put those together, the reception has then very positive generically. and within this sector specifically we have a huge range of different types of businesses and we have banks that are essentially small businesses as well and they are

certainly constantly reminding us of how the diversity industry is. and the framework has been pretty effective. one of our messages going out is just remind people that cybersecurity doesn't have to be that complicated. if you have a small organization and if you have a simple i.t. infrastructure, you can approach cybersecurity with a lower degree in a technical complexity and the other thing that we have been spending a lot of time on is getting people engaged with their vendor and getting people engage with their vendors and suppliers to make sure that there is a dialogue around using the framework is the basis for our conversation. are you using the framework and can you help me use the framework. i think those kinds of dialogs have been well received at all

stages of our industry and the financial services act or in the last thing is seeing specific efforts on translation and how do we translate this specifically into the private sector and how do we do this to an audible standard of project led by industry to try to develop an auditable version of this framework and i think the baddest ruinously positive when we see industry banning together with the specific requirements of basie as best practices. >> have you guys had this program that you want to talk about? >> yes, critical of the structure bollettieri programs, that's a lot of work for saying that we are committed at dhs with businesses of all sizes and government and state and local.

i'd like to thank christina for your work on this. as we look at that it's designed to reach all of these companies that supply the large companies and the large companies are resilient. when we look at that, it's a smaller ones that can take this framework that has been transformational and one of the reasons for that is it was developed by scientists and it wasn't as the document of people thinking what we do, it was actual scientist to know the products that made something that we believe we are using to help drive the market. select the market allowed them build better if super stuff that and put our country in the lead on that. at the same time securities companies that in the past did not have the budget and didn't take this consequence, but the

actual ability for them to mitigate any other corporate risk and the framework to have this conversation and the example is my boss has spent a lot of time talking to the start of companies, the venture capitalist and one of the things that we asked them for is that if you're going to put $25 million into this, we should ask if the firewalls or any information you have is protected and we have guidelines on how to do that. so we have been using this program to take the conversation to the board room and make cybersecurity part of our culture. howard schmidt says 14 years ago, and i'm not that old, but some they might be, howard said 14 years ago its partners.

and i think this framework is taking part of it. >> that is something that is a small to mid or larger sized business has. >> this includes with presenting them and we provide the critical of the structure resiliency and we provide this on the website. we're taking everything that we have in government and giving it with instruction, how to use it, and were asking people to self measure. one of the challenges is that it's hard to get quantitative metrics on exactly how many are using the framework. we look at other ways as well and how companies are using it

and not asking companies to necessarily report back to us. >> we are just commenting on the collaboration aspects and i think the framework has been pretty valuable internally. and that includes putting it in categories and understanding it. and that includes where we really need to focus on the supply chain as well not just within our four walls but how do you supply to us. in our industry because we are regulated, libration comes a little bit easier and it's also central.

i don't know if many folks realize that the electric system is a single grid tied together. so it's impossible for us to think about physical attack, cybersecurity, we are very much involved with our partners across the entire country to think about cybersecurity in the broadest sense. i like to think about this in regards to the infrastructure. this includes the coordinating council and different councils. and i think that this comes to the highest level of ceos and executives from public power and some of the regional transmission orientations that operates the grid at the senior level policy discussions and

current discussions around information sharing and using that and also an incident to keep the lines of communication very open. and that includes within the industry and also within government and something where we actually want to talk about what would happen if something happens. >> the reaction generally on framework awareness. >> whether things is the framework is a great facilitator of dialogue and the develop development of plants around cybersecurity is important. but also i think it will be a bottom acceleration and

hopefully the framework as well. and this includes the most sophisticated customer and it sometimes interrogated who they are buying from and what are the increasingly institutional sophisticated buyer is going to buy from your company. but it's also penetrating at the consumer retail level, the situation is whether someone would buy something online one company or another is dependent on cybersecurity measures. and i think of this includes various consumer groups its

clinical up with cybersecurity and accordingly the framework. including that we have a dynamic and working success way of dealing with these issues like the framework not just top-down but also in the private sector. >> chunk from you guys were with us in chicago and phoenix. you guys are using the framework and looking at it as a useful tool. how are you guys looking at it more generally with this and so forth? >> okay, we recognize the viability of the framework with the suppliers and if we could speak a common language and get closer to this concept, it makes

it the overhead in terms of how we evaluate the vendors and a common assessment that provides us the way to do that. and you have long-standing things they get pretty complex. so it's pretty much one of those moments where we wish that we can adapt the framework into a policy that will take time. however, the recognition as we start to talk about this includes the framework of a decision in the discussion has been very helpful. >> you find that businesses are receptive to that like the framework? are they receptive? a few years ago we saw some

where we would like you to help, the company said in we would like you to. how has this receptive event remapped. >> i think that this activity is good. the value is against the single structure and that with that assessment is able to be shared across all perspectives as well and there's a big cost to their. but that is part of the journey, knowing how to adapt the framework. >> people are proud of their work, the framework gives him an opportunity to explain what i.t. and other organizations, whether

it's the legal side of things where the risk mitigation side of things. gives them a way of describing it gently between other disciplines and i think that the idea of being able to value eight a supplier and make a decision on who you want to do business with, i think it's going to become more it can to a certification and i think you're going to be able to get to that level of the good housekeeping fill of approval. and this includes the cybersecurity and information security as well. all of this is going to improve business interaction and people are going to be proud. and they should be.

giving the techies an opportunity to say yes, this is good. >> one question that i've been interested in is the executive order -- the critical greatest risk. how should we talk about this. are they getting the resources they need to counter some of the more advanced sophisticated threat and are you comfortable widows partnerships are? what does that look like? >> when we look at cybersecurity , we have infrastructure protection programs. and everything non-cyberis used to understand how we go forward.

our philosophy of critical infrastructure is one and the same. not just protecting a network. and we are committed to making that collaboration and i realized that we been up this for 20 years and we've had this conversation at different stages about the critical of the structure with them having all the resources, and the resources or are not there especially in the state and local and so as we look at bad we want to inform some of those folks that set aside resources with the consequent analysis and that includes budget numbers where someone looks at the seven i.t. shop and says that okay, this is there. looking at how we look about cybersecurity, it's been a cost center but it's actually being

used as a way to drive this and i would say that it takes it one further. so those companies that are better protected are better when we do business. especially when we are in the energy sector, you have the understanding and others have not been as quick and they are seeing it and i think that they are helping drive died. among comfortable? now. i feel that we are ready? yes. are we on the right path for the first time in 20 years towards brazilian collaboration and working together? absolutely. >> thank you.

>> the framework is relatively high, if you will, with the industry in legal circles. he noted that the framework could be a part of this in the event of a cyberattack. can you capture your thinking correctly? >> what i was talking about and what a couple referred to as well is that firms working with the framework and developing something that could be audited in the financial services area has been working in this regard. and when it becomes his not as if there is legislation in safe harbor, but it can be and there are losses instead of having no

defense with respect of what you've done and you have all sorts of evidence that you were diligent about, everyone from the board to the cio acted reasonably. he tried to handle best practices and when you're able to do that you are able to be in much better shape than if you didn't do something like that. so i think having something like the framework, which isn't a prescriptive rule book but is a much more flexible document that is tailored to individual companies makes it a better vehicle to achieve that kind of protection than something that is more prescriptive and set in

stone to adapt to the individual circumstances. >> the idea behind the framework kind of meat see where you are. if you're at a certain level and you are looking at the various aspects of the framework. just speaking about small business generically, this includes the resources of a nationstate or his surrogate. and at least in the context of liability, so my best, but i can't go coated silica. >> i think the framework is as you said, it's not one-size-fits-all but it would

be a more usable resource. but i think that it is one of oranges that we face is a me and there can be huge risk is directed at an individual small company. i could be a big challenge. i think that's just the reality. on the other hand if you're a smaller company are less likely than jpmorgan chase to be a target and you're less likely to have damages when he got to buy this insurance is not going to cost you as much. and i think that there are normal with a smaller players in the private sector may not have the resources to put up the defenses of jpmorgan chase or wells fargo, but on the other

hand in many respects they are smaller. >> i would agree in the same spirit that those smaller companies prevent a risk to larger companies and that includes the framework to help secure them so that the others don't get into the larger companies. >> is jumping around, we talk about supply chain or even a good vehicle for conversation and it is a distinguishing characteristic when we look at suppliers. they also have the ability to look at us where we can say it's not enough for you to tell me and we want to make sure that you are following it as well.

so we have insurance around a lot of machinery and property in that. there's always standards and your valuation based on this is really what your rates are or if you are eligible for insurance at all. so over time using the framework and other mechanisms, you understand the risk of how to manage it and it will be applying this as well to help establish what the rates are. >> aig has already been working to help them develop products in the private sector. >> anything on that point you'd like to weigh in on? >> may be just a couple of points to add on to what had been mentioned.

[inaudible] we are talking about getting this walking attack on the cybersecurity perspective and getting the basics down. and this includes changing the economic perspective and i don't think anyone expects this in the capability, assuming that they might do this. if they raise the cost of doing this business, that's a good thing. and that includes how it can be significant. >> you had mentioned small businesses a few months back in the department issued a request for the feedback on small businesses and i remember i was at a meeting in the city carrying around a binder with all the comments that you have gotten so what did you find?

what were the feedbacks on that? >> we issued a request for information shortly after i came to the department just over a year ago asking slum is medium businesses what would you like to do and what can you do to help the market drive is in security. is it inventing things, what is it that we have looked at doing in the future to help you help the markets dry beds. my first impression is it was also technology, whether companies have them cornered it up but they could be developed. and everybody gets interested in the truth is that it we will bring the science back. we are looking at everything. we want to use cybersecurity to drive innovation in the policy and technology.

so those responses were very helpful and a lot of technologies that are out there, i can also say that we are willing to look at the new technologies so that what we do in cyberresponse is aimed not at where technology is but where we are going because that is where the adversary will be. and so we thought it was also very early on and we could go back nine or 10 months ago to take a look at those again and i will actually go do that now that we say that. and this includes cybersecurity partnership that brings in on this talking about the actual science in the boundaries and using all that and i can't say

this enough. this is one of culture and risks investment for the investment to make sure that this goes forward so that the market can make this work. >> let's turn to information sharing. and that is a cyberlegislative goal in the sense that we have passed some legislation in the house with great help from lawmakers and others and their staff in the senate right now. and there will help us to find out more later this afternoon to get this across the finish line. it's going to be tough, but what we hear is that businesses want to be active and to be able to

share in a productive manner and give information about threats that they see, getting that information. we are kind of looking at it as a neighborhood watch program and i think if anything there other aspects of the legislation that you think congress can pick up and run with now. and i think that we are ready to go and hopefully we can move back. would anyone like to pick up on this topic remap. ..

>> >> we don't see the same competitive pressures but as part of that critical infrastructure in order to adequately protect and defend a and recover we need to know as soon as possible of the information sources what happens before they become threats almost. >> are you getting that threat information? what you hear from your colleagues and business partners? >> the issue of partnership with companies that have gotten better at sharing information. we still have room to grow

collectively and adds an industry but i have been here five years it is e. mayhew increase and information sharing. everyone tries to do that. in the way that does not reveal information. >> one thing worth noting the get the energy here financial-services sector of comprehensive legislation to help disinformation sharing but there are plenty of examples set those channels are already working and they are good examples of what can be done with legislation was certainly analysis the financial-services sector

with an extremely well funded the testament to the commitment of people starting to move in that direction as they try to have a very concentrated effort and not just to share through classified channels and i think the d.a. jesses the leader to help us get that information out. legislation is important in ways that we look forward to do to help information sharing to protect privacy

or to give those sides but the same time there is a lot we could do so we encourage people to push on the informations sharing mechanism so we continue to make progress well work with congress. >> also with the existing debt is probably a hard time with the u.s. government especially in the global markets but there also has not been a more urgent time. so i am understand in many cases it is much more than the government with that concept to put those pieces together is incredibly important and with our partners teeeight chess plays the key role deal lee

statutory privacy in the government's arrears' civilian agency charged just with trust in that situation and call that with the executive order, our ability to put those pieces together what we see coming into the government hinges on the trust and the ability to share information we have those mechanisms in place already so if you share information with us we have mechanisms to keep that quiet and how to handle that information to i'd -- protect those identities recall them merely targeted liability protection through not sharing the things that should not get shart