find a complete television schedule at c-span.org and let us know what you think about the programs you are watching. call us, e-mail us or send us a tweet. join the c-span conversation, like us on facebook, follow us on twitter.

>> coming up next, some of today's white house cyber security summit and california beginning with pres. obama president obama talking about information sharing between government and private industry. then homeland security secretary discusses the same issue with business leaders from american express, pacific gas & electric and kaiser permanente. later the ceos of mastercard, aig, and bank of america sit down with congress secretary for a discussion on what companies can do to better protect against cyber attacks.

>> ladies and gentlemen, to introduce the president of the united states please welcome stanford university president john hennessy. [applause] >> welcome back, everyone. it is now my great privilege to introduce our nation's 44th president, barack obama. he came to office just after the global financial crisis in 2,008. his presidency his presidency has been marked by the complexity and challenges of governing in a time when people are more interconnected than ever. and the idea of community extends far beyond the physical boundaries. so many aspects of our lives have been digitized. our increasing reliance has been accompanied by growing

vulnerability and as many of us have seen and heard in the panel just prior to this the situation is getting much worse at an increasing rate. pres. obama understands this. in fact, he has personal experience. an avid blackberry user and the 1st us president to be always connected he had to face the challenge of losing -- forfeiting his blackberry or having his security improved. luckily, the security security was enhanced and president obama could remain always connected. throughout his administration from the early issuance of the cyberspace policy review to the 2,011th international strategy for cyberspace to today's white house summit on cyber security and consumer protection pres.

president obama has worked to make cyber security a national priority to protect consumers and their data and to strengthen our laws and policies. we are honored to have him with us today. please join me in giving a warm stanford welcome the president barack obama. [applause] >> thank you so much. thank you. thank you so much. thank you everybody. [applause]

first of all, let all let me thank president hennessy alleges the introduction but for your outstanding as one of the great universities of the world. [applause] i have to admit i kind of want to go hear. [laughter] was trying to figure out why it is a really nice play collective a place a place like this is wasted on young people. they don't fully appreciate what you got. it's really nice. everybody here is so friendly and smart. it's beautiful. what is there not to like? i want to thank you and everyone at stanford for hosting the summit especially george tried this

and someone serve as a great advisor at the white house as an outstanding ambassador to russia before coming back. [applause] it is great to be hear. i am pleased to be joined by members of my team who bleed cardinal red. appmack we are infiltrated the stanford people. we have senior senior adviser valerie jarrett, national security advisor susan rice secretary of commerce. let's face it. i like stanford grads.

i i noticed he helped lead our energy department for a while. he's now hanging out. i am also pleased to be joined by other members of our cabinet the secretary of homeland security is your and a small business administrator. i want to acknowledge my tireless homeland security advisor who helped and continues to shape our cyber security efforts. thank you. [applause] everyone is riding bikes. people hopping in the sounds the current holder of the acts. [applause] it's a place that made nerd

cool. taking about wearing sundials. i. i guess that's not what you do anymore. told me if i came to stanford you would talk dirty to me. [laughter] but i'm not just to enjoy myself. as we gather here today america is seeing incredible progress. we had the best year of job growth since the 1990s. [applause] for the past 59 months it created nearly 12 million new jobs which is the longest streak of private-sector job growth on record. and the hopeful sign for middle-class families wages are beginning to rise again. meanwhile were doing more to compare our young people for competitive world. more americans are finishing college than ever before.

here at stanford and across the country we have the best universities the best scientists, the best researchers in the world, the most dynamic economy in the world. no place represent that better than this region. make no mistake, more than any other nation on earth the united states is positioned to lead in the 21st century. so much of our economic competitiveness is tied to what brings me hear today america's in the digital economy. it's our ability almost uniquely across the planet our ability to innovate and to learn and to discover and to create and build and do business online and stretch the boundaries of what's possible. that's what drives us. and so when we had to decide where to have the summit the

decision was easy. so much so much of its began right hear center. students the garage master -- not far from your started a a company that eventually put the 1st personal computers playing at 40 pounds. it was from here in 1968 where a researcher astonished an audience for two computers connected online. you could click on hypertext with the mouse. received the 1st message from another computer 350 miles away the beginnings of what would eventually become the internet many of these innovations built on government-funded research

is one of the reasons that if you want to maintain our economic in the world america has to keep investing in basic research on science and technology. it's absolutely critical. [applause] here at stanford pioneers develop the protocols and architecture of the internet , dsl the 1st webpage in america innovations for cloud computing. student projects became yahoo and google. those are pretty good student projects. the graduates have gone on to help create and build thousands of companies that have shaped our digital society from cisco the sun microsystems you to test a gram stuff.

according to one study of all the companies traced back to stanford graduates you be one of the largest economies in the world and have a pretty good football team as well. [laughter] and today with your cutting-edge research programs in your new cyber initiatives your helping his navigation of the complicated cyber problems. that's why we're. i want to thank all of you who joined us members of congress representatives from the private sector, sector government academia, privacy, consumer groups, and especially the students. they have to work together like never before. the seize opportunities and to visit the challenges of the information age one of the great paradoxes of our

time. the very technology that empowers us to do great good can also be used to undermine us and inflict great harm. the same information technology that help make our military the most advanced in the world are targeted by hackers from china, russia go after our defense contractors and systems can be used by terrorists to spread hateful ideology. cyber threats are a challenge to our national security. much of our critical infrastructure, our financial systems, a power grid health systems runs on networks connected to the internet which is hugely empowering but also dangerous governments and

credit to five criminals are probing the systems every single day. we only have to think of real-life examples air traffic control system going down and disrupting flights, imagine what the set of systematic cyber attacks might do. as a nation we do more business online than ever before, trillions of dollars year. high tech industries like those across the valley support millions of american jobs. all this all this gives us an enormous competitive advantage in the economy. for that reason reason american companies are being targeted, trade secrets stolen intellectual property ripped off. the north korean cyber attack on sony pictures destroyed data in these

attacks are hurting american companies and cost american jobs. this this is also a threat to american economic security. as consumers we do more online than ever before. the manager bank accounts shop pay our bills handling medical records. and as a country one of our greatest resources ibm people hear today unencumbered by convention and uninterested in debates and remaking the world everyday but it also means that this problem of how we secure secured this digital world is only going to increase.

i want more americans succeeding in the digital world. i want more people to unleash the next wave of innovation and launch the next art ups. expand connectivity and places we currently can't imagine to help open up new worlds and new experiences empower individuals in ways that would seem unimaginable ten, 15 20 years ago. that's why we are working to connect 99% of america's students to high-speed internet. when it comes to educating our children we can't afford digital divides. were helping more communities get across to the next generation of broadband's faster with cheaper internet philistines and entrepreneurs and small businesses across america have the same opportunities to learn and complete as you do here in the valley.

so i have come out so strongly and publicly for net neutrality, an open and free internet. [applause] because we have to preserve the greatest engines for creativity so connectivity brings extraordinary benefits to our daily lives and risk. when companies get hacked americans personal information including the financial information to stolen from identity theft ring your credit rating and turn your life upside down. in recent breaches more than a hundred million americans have their personal data compromised including in some cases credit card information. new line children to go online and explore the world a direct threat to the economic security of

american families and to the well-being of our children which means we've got to put in place mechanisms to protect us. shortly after i took office before i had gray hair. [laughter] i said that these cyber threats were one of the most serious economic national security challenges that we face as a nation and i may confronting them a priority. given the complexity of these threats i believe we have to be guided by some basic principles. let me share this with you today. first, this has to be a shared mission. so much so much of our computer networks and critical infrastructure are in the private sector which means government cannot do this alone. the fact is the private sector private sector can do alone either because the government austin@teefive

often austin have to have often has the latest information on the threats. there's only one way to defend america from cyber threats, through government and industry working together sharing appropriate information as true partners. second, we have to focus on a unique strength government has many capabilities but is not appropriate or possible for a government to secure the computer networks. the company's hear today are cutting-edge but the private sector does not always advocate abilities needed during a cyber attack. the ability to warn other companies in real-time or the capacity to coordinate a response across companies in sectors. left to be smart and efficient and focus on what each sector does best and then do it together. third we we will have to constantly evolve. the 1st computer virus it personal computers in the early 1980s and

essentially we have been in a cyber arms race ever sense we design new defenses and then hackers and criminals design new ways to penetrate the. whether it's fishing or botnets, spyware or malware and now rent somewhere these attacks are getting more and more sophisticated everyday. we have to be just as flaxen -- fast and flexible and nimble. fourth and most importantly we have to make sure we are protecting the privacy and civil liberties. we grapple with these issues and government. we pursued important reforms to make sure we're respecting peoples privacy as well as ensuring our national security. the private sector wrestles with this as well.

when consumers share their personal information with companies they deserve to know it's going to be protected by government and industry share information about cyber threats we have to do so in a way that safeguard your personal information. when people go online we shouldn't have to forfeit the basic privacy that we are entitled to us americans we have worked to put these principles into practice. we boosted our defenses and government sharing more information with the private sector to help those companies defend themselves working with industry to use what we call a cyber security framework to prevent respond to and recover from attacks and they happen. and i recently went to the national cyber security communications integration center which is part of the homeland security were representatives from government and the prospect monitor cyber test way for seven.

defending against cyber threats just like terrorism or other threats is one more reason that we are calling on congress not to engage in politics but work to make sure that our security is safeguarded and we fully fund the department of homeland security because it has great responsibilities in this area. we're making progress. i recently announced new actions to keep up with this momentum. we call for a single national standards are of americans know within 30 days for your information has been stolen. this month we we will propose legislation that we call a consumer privacy bill of rights to give americans baseline protections. the right the right to no how companies are using that information. we propose the student

digital privacy act which is modeled on the landmark here in california. today's amazing to have amazing educational technology should be used to teach students and not collect data for marketing to students command we have taken new steps to strengthen our cyber security proposing new legislation to promote greater information sharing between government and the private sector including liability protections for companies that share information about cyber threats. today i am once again calling on congress to come together and get this done. this week we announced the creation of our new cyber threat intelligence integration center just like we do with terrorist threats we will have a single entity that is analyzing and integrating and quickly sharing intelligence about cyber threats across government so we can act on those threats even faster. today we today we are taking an additional step which is why there is a desk hear you were wondering am sure.

i'm signing a new executive order to promote even more information sharing within the private sector and between government and the private sector. it will encourage more companies and industries to set up organizations organizations hubs so that you can share information with each other. it will call for a common set of standards including protection for privacy and civil liberties so that the government can share threat information more easily i want to acknowledge the companies represented here are stepping up as well. we will work to share more information under this new executive order apple to and tell to bank of america

strengthen their own defenses. they will make their transactions more secure. joining companies that are giving their companies another weapon to battle identity theft, free access to there credit scores. more companies are moving to new and stronger technologies to authenticate user identities like biometrics because it's just too easy for hackers to figure out user names and passwords like password. [laughter] or 12345. seven. those are some of my previous passwords. i've changed since then.

so this comes as an example of what we need more of a cabal of us together to do what none of us can achieve a lot and it is difficult. some of the challenges i described today have to find solutions for years. and i want to say very clearly that as somebody who is a former constitutional law teacher and somebody who deeply values although i chose the wrong job. but we we will be a private citizen again and cares deeply about this. i have to tell you that grappling with our government protects the american people from adverse events not abusing his

capabilities it's hard. the cyber world is the wild wild west. to some degree we are asked to be the sheriff went something like sony happens people want to no what government can do about this. if information is being shared by terrorists in the cyber world and attack happens people want to no other ways of stopping that happened? by necessity that means government has its own significant capabilities in the cyber world. then people rightly ask well, what safeguards do you have against government intruding on our own privacy and it's hard. a cast the lead the technology so often

outstrips whatever rules and structures and standards have been put in place which means the government has to be constantly self-critical. we we have to be able to have an open debate about it. they are all hear today because we no there going to have to break through some of these barriers that are holding us back if we're going to continue to thrive in this remarkable new world we all no what we need to do. do. we have to build stronger defenses and disrupt more tax, improve cooperation across the board. by the way this is not just here in america but internationally which also by the way make things complicated because a lot of countries don't necessarily share our investments were commitment to openness and we have to try to navigate that.

this should not be an ideological issue. this is not a democratic issue or republican issue not issue, not a liberal or conservative issue. everyone is online. the business leaders you want their privacy and their children protected. just like they want america to keep leading the world in technology and be safe from attacks. so i'm hopeful that through this forum and the work that we do subsequently where able to generate ideas and best practices in the work of the summit can help guide our planning and execution for years to come. after all we are just getting started. think about it. temperatures live in switzerland invented the world wide web in 1989 which

was only 26 years ago. they they great epics in human history, the bronze age iron age agricultural revolution, industrial revolution, they span centuries. spanned centuries. we're only 26 years in this internet age. we have only scratched the surface. and as they say at google, the future is awesome. we have not even begun to imagine the discoveries and innovations that we will be on least in the decades to come. we know how we we will get they're reflecting on his work in the 1960s on the precursor of the engine and the late paul baron said this the process of technological development is like building at the --

building a cathedral. over the course of several hundred years new people come along and each lays down a block on top of the old foundations, each saying i built the cathedral. then then comes along and historian who asks who built the cathedral. if you're not careful you can con yourself and believing you did the most important part. the reality the reality is each contribution has to follow up the previous work. everything is tied everything else. everything is tied to everything else. the innovations that 1st appeared on this campus all those decades ago that 1st mouse, that 1st message help lay foundation and in the decades since i campuses like this and companies like those that are represented here new people have come along each laying down the block one on top of the other and

what future historians ask who built this information age he won't be any one of us who did the most important part alone. the answer will we will be, we all did as americans. and i am absolutely confident if we keep at this keep working together in the spirit of collaboration like all those innovators before us our work will endure. like the great cathedral, for centuries to come. that cathedral will not just be about technology. it will be about the values that we have embedded in the architecture of the system. it will be about privacy and community and connection. what a magnificent cathedral

all of you help to build. we want to be a a part of that and look forward to working with you in the future. thank you for your partnership. with that going to sign this executive order. [applause] thank you. it's right here. [applause] feels a little formal. [applause] >> i have to do this so that everybody gets a pen. i don't mean everybody in the audience. [laughter] thank you very much everybody. [laughter] >> a look now at some

reaction from our facebook page. we are asking the question, do you feel safe online? i don't feel safe, but but i certainly do not want the government interfering. they mess everything up and make it worse. cyber security is an individual responsibility, just as securing your home and car are your responsibility and not the government's. you can leave a comment and see what other people are saying. homeland security sec. johnson moderated a discussion that included the ceos of american express. palo alto. they talk about the private and public sector working together. this is 45 minutes. [applause]

>> good morning, everybody. i think we can do better than that. come on. good morning everybody. [applause] a lot of men in business suits around here quite conspicuous. a lot of secret service agents in suits on this campus are quite conspicuous this morning reminded me of the fact that i have to college students kids who go to school in southern california. my daughter has instructed me that whenever i come visit her on campus i am to

dial back as much of the entourage as possible. [applause] >> somebody in a back room somewhere cleaned it up. things going on on campus, classes canceled. i went on to campus to visit my daughter and did what i was instructed to do do dial back the entourage, but it did not work. immediately this chat room lit up. there are two secret service agents on campus.

what up. somebody responded, president obama is here. [laughter] some but he replied, no he's not. he's not even in even in this day today. call down. next one, his daughter is looking at us for school. no, calm down. she is an old enough yet. my son is with us on my daughter's college campus. my son figured out how to hack into the conversation. my son can't resist making a little fun of dad. they they still cared about the fact that i have an ipod my son my son hacks in and says hey, it's a vin diesel look-alike. abcaseven why does he need armed guards. somebody finally figured figured it out and says, no, it's the fake obama the chief of homeland security.

his daughter goes to college hear. somebody said that's too bad. she'll never get a date. we are here. thank you for hosting us. talk about the all important discussion, the subject of public-private collaboration on this panel in particular in cyber security the discussion is critical in timely for the reasons that you release a spell out. at the department of homeland security we are responsible for counterterrorism, aviation counterterrorism aviation security, maritime security, border security, protection of our national leaders the coast guard enforcement guard, enforcement and an illustration of our immigration laws and cyber security. cyber security is a top priority of our department a top priority of mine at

dhs we are responsible for securing a civilian .gov world as well as partnering with the private sector in mitigation, prevention cyber attacks and information sharing. last month the president came to dhs to announce our administrations legislative priorities in cyber security. the congress late last year passed a pretty good cyber security legislation. they actually do things also while to beef up the role of our national cyber security communication and integration center which is sort of the centerpiece of my departments cyber security mission. we have announced in the administration that we want to formally end through legislation codified the

single.of entry for the private sector and of the federal government. we have announced our support for limits on civil and criminal liability for those in the private sector who share with the and kick cyber security information, cyber threat indicators with the government. the president will talk a little bit more about that later. we want to encourage information sharing with the private sector given us so much resides with some of the people you see here. it needs to be a shared partnership and a shared relationship. and in and in this dear i say post snowdon environment it is key for us and is critical for us to strengthen the dialogue continue the dialogue which is much of what this conference is about. the the last thing i will say before i introduce the

panelists as many of you no here, i have to say this in front of any public audience i speak to these days, any opportunity i can the department of homeland security which has as part of its mission cyber security is operating on a continuing resolution right now which expires on february twice second. as long as as we are on scr we are severely restricted in how we spend money, how we spend money on knew initiatives. so every opportunity i get i am urging our congress to pass and enact for years appropriations bill for homeland security of this nation. it is critical, particularly in these times. let me introduce the panelists. to my immediate right is my good friend ken chennault chairman and ceo of american

express. he is my fraternity brother, on the board of directors of ibm, procter ibm, procter & gamble, and is a trustee of the world trade center memorial foundation. i i want to be him when i grow up. to his immediate right is the chairman and ceo of pg&e is on the board of directors of united way in the bay area and numerous other boards. chairman and ceo of the rapidly growing palo alto network cyber security firm. mark is also a west point graduate class of 1988 and the former attack helicopter pilot. very cool. mark serves -- he looks like an attack helicopter pilot. mark serves on the president's national

security and telecommunications advisory committee. to his immediate immediate right is bernard tyson chairman and ceo of kaiser permanente. he spent more than 30 years of that company and positions ranging from ceo to administrative hospitals. his dedicated much of his work to eliminating health care disparities among individuals in this country. last but not least dr. elizabeth sherwood randall, one of my best friends in the obama administration, deputy secretary of energy. prior to that she was special assistant to the president and white house coordinator for defense policy. doctor sherwood randall is a rhodes scholar her principal claim to fame in this audience is that she was secretary and christians college roommate. if we run out of time we will ask you a few questions about that experience. having said all of that, let me turn it over to the panelists for a few remarks.

>> thank you, mr. secretary. let me 1st maybe go up 100,000 feet to talk about this issue of cyber security and consumer protection. one of the very important points that i make that our company, american express, is that trust is really what holds us together. it's what holds our society together. together. what we're really talking about, we talk about cyber security and consumer protection. it's it's really trust. as the bond for all of us. and i think what is very important about the tension that is playing out now something that i emphasize in our company is we have to be very focused on what i call constancy of values. the values of this country. for our for our company

those values are trust, service, integrity and 265 years of reinvention we have to adhere to those values. that's what we have to do with the threat of cyber security. we cannot allow the threat to in fact change the constancy of values that are so essential to the future of this nation. and so we have to have constancy of values with constancy of reinvention because that is what has made america great. great. and so those two points, i think are very critical before i go in to some of my prepared remarks which i thought since i would fulfill the time requirement and it we will be much better if i put something down on paper. as we as we have all talked about the threats that we face are increasingly challenging increasingly

complex and changing every 2nd. and so and so all of us on this panel take these threats very seriously. the tone and substance have to be very strong. in the context of collaboration i i really think that information sharing may be the single highest impact the lowest cost, and cost, and fastest way to implement capabilities we have at hand as a nation to accelerate our overall defense of the very end varied and increasing threats that we are facing every 2nd.

the financial services information sharing and analysis center, we work closely with various federal state state and local government agencies to quickly disseminate physical and cyber threat alerts and other critical information. when our industry has an effective i suck and much of that has to do with the close collaboration that we have with our government partners in addition we also work closely with the government for senior coordinating council and the national cyber forensic, and training alliance based in pittsburgh. these partnerships help us defend our networks from cyber attacks but their capabilities to be dramatically enhanced. consider these numbers.

over 100,000 attack indicators yearly various sources. and less than 1 percent comes from the government. in order to incentivize the greater industry sharing we need to pass legislation that provides liability protection for private sector sharing channels government resources more effectively. the government needs to aggressively share with the private sector in an appropriate manner the indicators of attack.

with these changes we would greatly enhance the timeliness and quality of threat information. in addition to information sharing around cyber threats the public and private sector should continuously partner to eliminate barriers. i'll give you an example of a a common sense and simple change to an old regulation that would show immediate benefit for consumers and consumer protection. we constantly communicate about potential fraud. we reach them from a a variety of channels, the internet, the amex app, text messaging. there's a lot from the early 1990s 1990s that limits our ability to contact american express part

numbers: this applies to the industry overall. as a result we are not allowed to send fraud alerts via text to more than 90 percent of our customers. yet to the university are allowed to text we received a reply within 60 seconds 35 percent of the time. this is near time protection. this capacity, not just ours, but the industry we will he tenfold overnight with a single update to existing government regulation. it would have a measurable impact on fraud and it would help to reduce decline charges which are an annoyance. most of the audience is likely faces. the private sectors must partner to keep our laws and

regulations coming this is how are going to be able to meet the objectives of constancy of values and constant reinvention. we need more cost industry and cross sector and cross partnership with the government. again mr. secretary, i want to thank you for inviting me think the president for this very, very important effort. the last thing a leave you with, i really do think this is fundamental to maintaining only an orderly society but to make sure that we can adhere to the values that have made this country great. >> thanks. [applause]

>> thank you for allowing me to represent the utility industry. i want to start by assuring you of the commitment to america's electric and gas companies have to maintain a safe liable service. reliability reliability and safety are part of our industry every time there's a, every ice storm every tornado we have a graphic reminder of all that we play and how our society operates and in the impact that we can have a national security back back in 2,003 hours ceo of duty energy joint in the middle of the great northeast blackout. i can assure you neither i or any other ceo in the industry wants to experience that empty feeling you realize you've lost power to everyone and everything.

and and so our industry is incredibly self-motivated to focus on cyber security issues. the electric and nuclear sectors of the only two sectors that have enforceable mandatory cyber security standards. our industry's commitment to cyber security is reflected in the active involvement of our seniors. in 2009 at nine at charity industry trade association edison electric institute and recall we had our 1st briefing where cios talk to ceos about trends the computer area and started talking about cyber security it was an eye-opening experience, and i can tell tell you not a single meeting of ceos goes by where we are focused on cyber security issues. and and the ceo involvement has led to a public-private partnership with the

government that has been very effective. it's a group called the electric subsector coordinating council and interestingly this public-private partnership evolved out of some real-life experiences. in hurricane sandy northeast it became immediately apparent if the electric industry did not coordinate with the department of energy, homeland security the river going to have suboptimal responses to the massive outages that occurred in super storm cindy. in fact, the president himself addressed the 1st conference call involving industry ceos in various government agencies, and i can tell you that his commitment to a collaborative approach made all the difference of the world and the effectiveness of the response to the. so it was concluded that if it works so well why don't we try the same approach in dealing with cyber security issues and hence the stc was

formed. the areas we have when you need to focus on this provides a good blueprint for other sectors. you have to maximize the available tools and technology, and this is an area where the government has far more effective tools in the private sector, and it has been refreshing to be able to cooperate with those areas in the government that have these tools and allow them to be used on our systems to help upgrade the security of our systems from a cyber standpoint. second is the importance of information sharing. i mean, how many of the horror stories around security breakdowns involves filing information where one group doesn't no the others doing?

we have concluded that actionable intelligence and threat indicators have to be communicated between government and industry, and it has to be a two-way communication and it has to be to. third,. third we can't assume that we we will be able to stop everything. so we need to build robust response plans and test those plans so they are just not plans on paper. grid x tube which was a joint exercise conducted in 2013 was the perfect example of such a test. and and then the 4th thing that we discovered that we need to have is cross-sectional corporation. we learned this insane. and so we now no that while the electric sector plays a key role in our economy and in national security we also have to work with other

sectors. we're working with telecom on information sharing, working with the railroads. the financial sector has experiences that are very relevant. obviously the coordination between the electric sector and the in the natural gas sector is critical to keep up power plants. i think those are lessons that can be taken from the stc and applied to a number of other sectors of the economy. finally i want to mention because i really have to emphasize this this work cannot be adversarial. we have enough adversaries out there. this is going to be like a new a new manhattan project were government and the private sector work together for common goal to combat israel pernicious threats. we going to start with what were doing. i thank you for your lead.

>> thank you, mr. secretary. it's obvious the cyber threats are very real and systemic. historical tickets together. they may be differences that that that the shoulders of the own figure out how to make it better for everybody the networks are in the business of trying to prove that the sorts of things. we no we can't prevent everything but we also know for sure that one of the best and effective ways to increase prevention is to share information. i mention this because it's highly effective and of the

end of the date the.of that is more of this threat intelligence and information we're sharing faster we all and what that means for the bad actors is the less chance that i attack we will be successful over time and perhaps maybe it's only successful once. to reduce the outcome, it dramatically increases the cost for a successful attack and limits the number of actors who can do that. so sharing is absolutely critical. we are seeing more and more. there are a lot of acronyms flying around. trying to get public the public sharing. the administration's announcement a couple of days ago was a perfect example of that. public to public information sharing. then you have the public to private sharing. sharing. and at the private level there lots of filesharing.

you both mentioned various programs that have been incredibly effective for some time. one of the things on very happy is the security industry coming together to do something that. about six months ago they announced the cyber threat alliance, security competitors coming together in essence to form a security industry i said. you will a lot of vertical information that is helpful. this is a horizontal security viewpoint to share information among competitors. they are very happy about that. we invite every security company to become part of it. we think that these are steps forward. then, of course getting that information shared his fastest possible is a great outcome. in doing doing that it has to be done in a responsible manner. how how you can do that without having companies

face baseless liability litigation and at the same time immunizing negligence. those are not mutually exclusive concepts. those are not mutually exclusive. there will be differences of opinion that we we will get over the most recent down and talk about the think that's a fantastic a fantastic thing for all of us. >> good morning. it's an honor to be here. want to welcome you again welcome.

it's a privilege to be. the quite make quite make it here, here, but my wasted. on a more serious note this is clearly a major issue for us within kaiser permanente we're unique organization because i have in essence to business models. i have i have health plant which we provide insurance and coverage to almost 10 million american women on the comprehensive delivery system. provide care to those temples million americans

was the communities in which we exist. the flow of information on both those continuums now in the 21st century sits on the backbone of technology. as a result of that we have pretty much been able to provide real-time information to our physicians, caregivers members when they needed and what form they needed for the health decisions that need to be made between the patient, physician and the character. the single biggest concern that our members have about the beauty of the technology ability to move information freely is the security of that information and the confidentiality of that information. the researchers shown the patient patient information is much more sensitive issue for the

average person than even the financial information. and that too is devastating we have spent a german this amount this amount of time inside of physicians doing everything possible to keep the people of. god forbid if any of them get in how to quickly know that they are hear which is a two-pronged approach that i oversee. i chair the governance committee. spend at least two times a month and committee meetings. reports of the board about the work we're doing inside the organization. spending millions and millions of dollars trying to figure out the nature of securing this information on behalf of the people. and i'll share that information with any and everyone i can in the industry to share lessons learned. so so there's an infrastructure inside of my organization which we're

trying everyday every night to grapple with. inside of our industry were coming together in different forms which are openly sharing of uses of the public-private relationship is a national committee and the natural for me is we all have a common interest. the common interest as it doesn't matter what business was run over and we want to security information for the good people were putting their trust in our respective organization. so the interest assigned. and the opportunities because the collective intelligence that we can bring to the table benefits

everyone and is a common interest each of us. and finally and finally say that they're are two incredible opportunities that i think we can have with the public-private relationship. the 1st of all thoughts which is the ability to share the information. demonstrate how 1st and excited that the issues are described. i have to be absolutely clear when i say i'm not talking about sharing the actual content to protect. it is sharing what i am learning about people who are trying to get to that content. it is important for me to say that because that sensitivity that i hear every single day. i you sharing my information with the wrong people

tonight i think together with the public-private relationship we can, in fact create a forum a forum in which we can continue to share with each other what we're learning and how we're addressing. the 2nd is the area that was touched on earlier. in the healthcare industry well-intentioned regulations were written for a certain time in which it is now irrelevant. we need to have a form on which we have a collective conversation about constructive change that will in fact advance our efforts and yet assure the american people have the best interest being protected. the public-private partnership can be tremendously helpful. thank you.

>> doctor randall. >> j and i met the day after the election when we joined the obama transition team in washington. indeed,. indeed, i came to that team from stanford where i spent 12 wonderful years pace of the center for international security and cooperation. and i'm thrilled to be back on the phone today with all of you. [applause] so many friends in the audience. what has kept me away from this magnificent place that i love so much has been the opportunity to work on some of our most difficult national security challenges including

modernizing and securing our electric sector with powers or nation. as we know innovation that born here in silicon valley as an elected to do more today than ever before through interconnected information technology and industrial control systems. and while this is empowered us to do so much this convergence of wireless communications communication and digital control also creates huge new vulnerabilities. so so on to highlight two aspects of the electric grid in which vulnerabilities are introduced by this interconnectivity. one is our industrial control system and the other is in supply chain vulnerability. industrial control systems including what we call supervisory control and data acquisition systems are the backbone of the energy

sector. these systems allow users to monitor, gather, and process data in real-time as well as send commands the power grid we can send commands for example that will open and close fuel pumps water pumps and remote locations. obviously this offers the opportunity for adversaries would want to do this on. second,. second, the supply chain of the electric grid is vulnerable. electric companies don't make the parts and software supports what they do for us. for example a company could be taking great care to enhance its cyber defenses but failed to fully audit the potential vulnerabilities for the software.

in fact the amount of time energy and money they were have to put into doing that would be impractical. supply chain integrity and management has to be part of our cyber security protection. leaders in government don't have the opportunity just to admire a problem. they have to figure out what to do about. one of the reasons this meeting was called is to talk with you all about what we want to do to identify tactical solutions. the partnership that is highlighted at this summit between the federal government and the private sector is at the core of what we must do in government working with industry and resilient people at universities like this across the energy industry to address cyber vulnerability. pres. obama pointed out in

his 2013 policy directive on critical infrastructure security and resilience that energy and communication systems enable all of their infrastructures to function. so if we don't protect the energy sector we are putting every other sector of the economy in peril. at the department of energy we are the day-to-day coordinator with industry on matters of security resilience, incidence response and planning. we are called the sector specific agency. that brings me to the core of this discussion which is the public-private partnership and information sharing mechanisms that are indispensable. getting started is deputy secretary just a few months ago made this one of my highest priorities and chair of the department cyber security council. the fact is the energy infrastructure is largely not government owned. about 90% of it is privately owned. that means we have to work with owners and

operators to rapidly elevate and sustained their cyber security capability as well as ours. one of the most progressive partnerships we have was mentioned, our energy sector coordinating council. ceos eat several times here and already i met with them twice. our efforts have resulted in the development and deployment of the number of information sharing measures and industry effective tools and i have also emphasized that it is critical we coordinate with other sectors of the oil and gas sector, the transportation sector, the communication sector. one of the big challenges is being given the dynamic threat that we face. we have to have a government process that does not take too much time to share information about threats. we can't wait for regulation

to deal with these new cyber attacks. we will be perpetually lagging behind the threat that is that we deal with. our solution is to work to provide schools information the company in real-time so they can be aware of risks. you may see the information 1st on your systems and data reported to us. as soon as it is at. in addition in addition department of energy has a number of extraordinary national labs. one of them is here at stanford. we do cutting-edge research on cyber challenges to critical infrastructure. over the last several years 80 percent of the world control system vendors have been tested through government-funded assessments at our i don't

national lab. his testing his testing is followed by a design review and mitigation discussion with the vendors. indeed at idaho which i visited last week and 900 900 square mile risk scale test range exists. .. >>

>> i want to speak directly to the students here today. can you raise your hand? when the president of united states and cabinet members come to your campus, we hope we inspire you to pursue careers to find a chance to do public service. that could take many forms into will blaze your own trails. by 17 year-old son will join you hear this fall on the campus. [cheers and applause] it is my hope he will take up the call to action alongside you because we need your mind and talent and dedication and energy.

the problems we discussed today are the toughest we face as a nation and that is worth working on. i encourage all of you to use a privilege to be at this extraordinary university to find solutions thank you. [applause] >> i did not even know her son was coming here in the fall. in the time remaining you want to ask whether to questions. your the cybersecurity expert.

but then kaiser permanente a and american express there pretty sophisticated with themselves in terms of cybersecurity what is your assessment with smaller companies or smaller firms are doing these days? >> there may have been more resources and bigger companies that have been designated with critic -- critical infrastructure or whole of the owner of a small company is just says more radiant because there is subject to attacks. in some believe with the mistaken assumption to

protective cells with a technology it is becoming evident this is where information sharing is very powerful for smaller companies some of the larger companies can the public gore private a lot benefits go to the small companies and employee more people. >> thank you very much. in the 30 seconds that we have left let me take the moderator's prerogative to comment the constancy of values. that the n homeland security believe that this is certainly true whether

border security or cybersecurity our counterterrorism means striking a balance between basic physical security and the things that we cherish as americans, our values in terms of freedom to associate privacy thomas sobol liberties -- civil liberties amateurish to our heritage. to preserve the things that make this country strong and great. we can screamer more people or have more senator security but we should not do so at the cost of the nation. thanks for listening in take you for the terrific discussions. [applause]

[inaudible conversations] [inaudible conversations] >> ladies and gentlemen, please welcome secretary of commerce for the panel of improving cybersecurity threats. [applause] thank you for having us here

today. first of all, i am thrilled to be back on campus and this weather is not a surprise or a shock to me and it is fun to be back home. whether comment about the previous panel is i had no idea that secretary johnson was such a comedian. i look forward to asking his fraternity brother about time when they were in the fraternity. [laughter] but we are thrilled to be here today to talk about cybersecurity and halifax the private sector. one year ago and a day the administration released of the mist cybersecurity framework that is the standard of technology that is part of the department of

commerce. we knew then that cybersecurity is a challenge not just for critical infrastructure, and also economic security and national security. we recognize than that the most effective way to combat those growing threats is through a strong partnership to industry and government and that is what we have here today i represent the government summer from industry and civil society. so with these high-profile attacks it is clear that the cyberrisk continues to grow and we as a nation need to do more to strengthen our cybersecurity that is why congress must pass information sharing and data

breach legislation in to update the criminal code that is why the department of commerce is working with other federal agencies and educational institutions with a national initiative for cybersecurity education which shows 210 open seven security jobs in the united states today. that is why the president made it a priority in the state of the redress and that is why we convened the summit. of the panel is focused on beating american business is an there it is to space policies, technology and day-to-day operation to better protect themselves and their customers and cyberthreats.

all of this is about the urgency of the problem. yet a recent price waterhouse cooper surveyed said only 45% of ceos are extremely concerned about cybersecurity threats. i have to confess i amazed it is now 100 percent. but the framework creates a common language to discuss cyberthreats and a way to measure success for senior executives and 80 professionals. the goal is to have companies or organizations project id from cyberthreats to ensure confidentiality and safeguard privacy and civil liberty and capitalize the marketplace in the process at the core it serves as a bridge between

business leaders and information security professionals within their own organizations. it is through the framework with critical infrastructure in mind that any business can use the framework to manage your cybersecurity risk and many are already doing so. i spent 27 years in the private sector so what i know is that good risk management is essential for a successful business and that is why companies from a variety of sectors use the framework to manage cybersecurity risk including procter & gamble, walgreen's , ab -- qvc, a kaiser permanente a they're all here today and

why in major auditing firm like pricewaterhousecoopers are using them to better manage the risk. so the digital world is imbedded in our government government, the cities, the society of business and daily lives. and 3 billion household's rolled wide -- worldwide farha all online and with the cedras security threat our discussion in today will explore how business leaders and the boards are moving cybersecurity concerns to the forefront. it is an opportunity to learn how the critical issue is part of planning and communication and governance

and operation. i am thrilled today to be joint by a number of business leaders. the ceo of bank of america and the ceo of mastercard and the ceo of h.j. -- a.g. and the president of intel and the ceo of center of democracy and technology. let's jump right into this. what is your vision how technology can create a more secure environment to protect the debt? >> we have been working on improving computing for about the last decade. billions of dollars of investment so we would just like to get a baseline of

security for everybody and to a dead end to make security investments but more important the moving forward with initiatives like giving away free mobile security or to put applications into all the computers things that we think will help consumers if it is available to them instead of forcing them and what are these crazy things? and just to raise the baseline. one think it is most concerning to me that more than half of people go well with the security turned off with of virus or the fire wall exposures eliot taken steps in the industry to move that for word to get to a baseline.

>> does that mean if i buy a new piece of equipment i can have my eight security just not there or we have a long way to go in the protected environment? >> i would say give us half. for the next generation real lucky to have a lot of collaboration from companies like apple or others better putting in security the you can opt out of course, . but it is there like mechanisms and hardware that is a lot harder to break. that makes the transaction safer. we have a long way to go but

it is measurably better and it it shows up the communications companies are doing a great thing to push it because it has been a big target zone but to say that we are there is a mistake at this point. we have a lot of work to do. the conversation and information sharing and public-private partnership is a big piece to move them forward. >> there are numerous severs security events in 2014, how are your customer's expectation of several security evolving and how to promote that? >> hours are directly like the bank also the individual that carries the mastercard.

and the telecom companies. the with the you pay for cash or with a card or your biometric print you what security in the transaction to make sure that it does not steal stuff that is yours. but you want to interact in a way that technology has chosen the way consumers by. so long those changes to follow the pattern figuring how to break into the changing habits. so what we have learned is the first is forget trying

to make me remember things to prove i am two i am. [laughter] [applause] because they changed on a different day of the week. the machines in nine different days which basically means you write it down and the sticky notes and stick it on your computer. so then the security is gone. so the previous question everything from biometrics to those in e. verify by wearing a bracelet is stops the computer is due to open your car with it and then go to dunkin donuts to buy a

coffee. that is where it is going. and we don't need a password to convert to you are. but now the challenges of privacy that you may not want but the fact is the second one is you can use in a very clever right way that is smart to create a safety net to protect the wrong transactions that comes through. so if they're not predictive analytics you can do a lot with that. that is the second part. and the third part is a

number of employees that the credit union that you could use it by a regular skean but if you do them together beyond the digital payments this is the next page. >> so the data that is not something that can be discovered? >> i get a card number and a dollar value but cut i collaborate and find a way? probably be you chose to have a relationship with bank of america. so my perspective is the

consumer choses. if you chose the relationship with the bank the that is the technical interest. sova together we can make a lot of stuff happen. >> the multi stickle the process is used to create a framework that is a big success but we do not have sufficient engagement going on. and i am concerned of the policy debates including cybersecurity too often occurred in silence. so what is the role of the public/private partnership and how do you break them down and who should lead? >> if you look across the

industry will see people who looked at it and are drafting a because they think it is a common language and dialogue. but where i agree easily make distinctions about critical infrastructure. so the university has computing power that could be used to attack other people. that is a power as mastercard and bank of america. first you have to get them in. it is very important we have to figure out the liability structure. that takes change but with a comprehensive view for those

people that share information in the right way we would get that collaboration that will help do that did you get to individual consumer behavior and hygiene around usage and the data but we're still a long way from the collaboration that we need but we have to keep pushing people. >> where should that collaboration occur? >> every merkle to delete i think bankers with the government because at the end of the day the information comes to the informations cycle so there could be as a private sharing and also inability

to warn us what is coming or for us to find out what has been used before and it can be defused faster. things are very touchy and critical and that takes the government to have the capabilities. although we do tremendous work. >> so the president as you know, . legislation on several security of legislation that is not just notification about the data breach but offering up liability protection for corporations that share with the government. one of the debates that we

had is to make sure there is meaningful sharing so we can collaborate between government and the private sector to address that actors and bad action without violating people's privacy but instead to get out the threat. that is tricky and ultimately will take legislation to create that protection. >> when somebody comes into a branch of the bank did not ask a lot of questions on line per hour. [laughter] then we get into the issues of cyberspace of what we have to pick through it is difficult because bad actors are bad actors you don't have to figure out why. >> peter, what is the role?

the whole issue of cybersecurity? >> it is evolving into the industry that has been around for a long time and some things don't change. i was visiting italy and went to the museum of insurance. [laughter] we are geeks. but here was the policy and what was it? to reduce the merchants exported to another country and that has not changed. when i looked at the potential of the use of data , it is as profound as it was back then. the rule of the insurer will

and power. at the margin to mitigate that fear. and today we insure 20,000 businesses and about 20 million individuals from cyberbreeze janet kennedy theft and have been doing it about one dozen years. through the early 30's to their breeches and claims i think there is a feedback loop of innovation where working together with government can help the adoption of standards to better secure data. but the conflict of interest is a strong phrase with the advisory part is three choose to insure only those applauded robust controls or have the corporate culture

or in end to a the view we could weaken the chain. >> part of what you we're doing is to help me do it better job so you feel if the risk of loss on your policy is less because i of the more sophisticated actor? >> absolutely. there are many advisers or consultants that our more technically able than we are but we have skidded the game. we cannot get a wrong. the nature is very much in a practical way. it is often the sticky note. slow to get the simple things right with the frequency and severity said this where we have a more

secure environment. >> is your perception and the fear level continued to lead dash tin to use it to grow? isn't the fact but there is a level of fear that needs to be addressed. >> i think the insurance is still locally underutilized. i don't think there complacent because they have insurance but because of lot of people are reassured by the technical advisers may we is watertight in one silo but maybe not of human error is the problem. such a half risk that expands silos is a critical

ingredient. >> if you are running bank of america or mastercard you have large organizations to help manage if you want a medium-size business and i come to you for insurance what guidance to like it when i don't have the large resources? >> to be honest these large companies have the ability to have sufficient capacity so it is a small and medium we can help first the most and we have to will so we develop to provide information and sharing so it is making it affordable for smaller companies that assets that our critical to their future but not all the security apparatus. >> by creating different

levels below the level of sophistication you have the benchmark to try to live up to the benchmark or compared to the benchmark that is the framework. >> darr will get back to that there is some real tension or perceive to tension between policy and cybersecurity. deal think that is the case and how do you deal with it? >> a think people think there is the tension but we saw. you cannot you cannot have good protection of your customer data if the employees and put those that

know how to merge the two mindset and that amazon we call it the issue of customer trust and customer respect. is there data in their dignity that is at stake. with this always connected world we are sharing data right now and i am very proud of it. so somewhere in the cloud in the computer is watching what i have been doing and i am proud of the great work of the technology sector has done but as citizens of individuals reedy to know it is protected and kept secure and respected and it will not end up in the hands of the federal government with no purpose at all for

reckless collection of data. although we do expect there are issues and real threats to the country but all the data is not the solution center for democracy and technology we believe there are solutions there could be around encryption to protect a the day dash to show a legitimate need for national security and law enforcement. >> determining how much they want those conveniences offered by using the data first was the privacy of to give away my whereabouts or to invade my personal space.

>> i hear that a lot and good companies are already building into their devices but the argument just because i put my data on facebook doesn't mean i don't want privacy is not a good argument. to be fully engaged digital world without feeling like i should be spied on by my government. >> but it is not just the government there are those that are trying to breach trying to get information and the other is one that as a user with the customer end product hard to rectify that fact my data becomes a product they you are selling the i am also a customer? i know you push a of a

button you agree to all of these things. though we don't have the opt out a system. should we? >> that discussion is so much bigger than that. but really good companies here today are engaged in the of respectful use of information to create new products it is part of the ongoing dialogue. but where we think about this issue that is something you can barter or so or trade and that we want to engage in this digital world but this is part of me. this is the way we need to start thinking about data transactions with my individual space and i choose to be there and communicate but at the end

of the day the most intimidating is flowing through the system as it should be protected. >> returning to the issue of the framework how to use the free market? >> but some are figuring out with the implementation of it but the framers that helps us to think through. so i think people use it because boards of directors have to deal with companies so especially last week with me giving my annual review the at what is the process

without getting into the details? with this is with this series of principles or white you kin to but let the professionals do the work with combat. >> if people continue to look for ways at m i g -- duet well enough that i can protect myself in that benchmark did not help. >> we help to contribute wrong so recently believed in the effectiveness of the idea and they are a great

necessary but not sufficient but the important elements is the appointment of a chief technology risk officer reporting to the enterprise officer as well as part of another technology session of you cannot help to be coopted by procedures. is this is subject of a telex across at the weakest link in the chain. did with the underlying framework that repos to potential insurers, we hope that will create standardization some benchmarks. >> actually do we needed to point show? >> absolutely. >> and for everybody who has the same language.

but that is the first step. but we are moving everyday. right now people of trying to hack into our company. by now. but just be careful that you can stay agile enough. >> actually the overall issue with the number of agencies with the internal parties, this thing is moving very quickly. so with that cyberthreat attacked is sharing information and it is of the different to use the

information to take very seriously. that's to make sure we get there right but to be sure with the amount of fishing but to share the dialogue will. >> i liken it to the development of the infrastructure of this country. it is through collaboration in the others that it fits right through. but then they get a license then there is law-enforcement. in to those pools of the road but they should feel

free to innovate bed to have the music says he likes. that's fine. but to be given by a of a driver for 51 different states to say it will be great to. what do you think about it? [applause] and we have a chance to be in the physical infrastructure and if you do that with many others. >> this is the interesting analogy in other areas of driving into building. >> with superstorm sandy, we

had to pay over $2 billion of claims of damage. there was a flood of the same area four years ago and the building code changed about 2007, 22 years after the first flood into move mechanicals from the basement to above the flood line. so now change much more rapidly so we can bridge the rule with the constant litany to have claims every day that teach something but to say to get that daily feedback but we can get that from you. there right now we are focused but to have that

same language that begins to say what are the rules and regulations? how many judge if the return of investment is a cyberinvestment? is a fee on the did pool of money? had argued know you do the right amount? >> because bayer doing board because it is a young kid and then of us can spend enough money. because the federal government has resources that we could benefit from so for them to say i'm spending enough that people rely on security and how

much money is enough to protect that? >> as i mentioned here is 230,000 people in our company and i can go right where they lived and it is the group for texas because it doesn't if you have a problem the we are cell growth and operating protecting data but if we lose the confidence they all had people to process the transaction. we have to go back to hire 50,000 people. but to say if i spend a dollar i get a dollar in return. >> i have the question for

you. the intel commercials about science and technicians are some of my favorite. is the priority of the department of commerce. how do we trade people to close that open cybersecurity job? . .