to cancer so those exclusions are no longer permitted. also requires the insurers to cover a basic pass it -- package and there are 10 categories layout hospitalization, doctor visits, lab test, by drugs, maternity care and designed to be modeled on the typical employer plan so everybody has a basic standard of health benefits. they are not allowed to charge more based on status or gender and have to cap the out-of-pocket cost over the course of the year that somebody would have to pay. also they are required to offer coverage at certain bubbles that at the precious metals rubbles with bronze

is the least generous covering an average of 60% and platinum is the most anti-depressant. but to get these to ensure we have a sustainable market the law included the individual mandate and the basics are to maintain a central coverage or pay a penalty or attacks in 2014 it was the greater of $95 or 1% ashley threshold. h&r block recently cannot with an announcement that said on average the penalty is $170. because it says the greater of the most active is the

1 percent of income. . . well you'd shearers to encourage them to compete on price and quality so people can really see

very clearly differences between plants on dimensions like benefit and costs. the market place of course is the only place you can get financial assistance to a lot provide. first and foremost is the premier tax credit in the desire sliding scale subsidies based on your income between 100% of poverty and the slideshows how they are somewhat progressive and allocated. peg to the second lowest cost solar plant available in your area. you can take your tax credit. you can either buy the second lowest cost plan or you can buy you, paid more to gold or platinum level plan or you can buy down to the bronze level plan and garner more savings. however, if you choose to do that you need to be careful

because for people between 10250% of the federal poverty level, they are eligible for something called the car sharing reductions or subsidy. you only get to take advantage of those if you sign-up for a silver level plan. if you decide to buy to the bronze level plan use advantage of the car sharing subsidies. they do set the of this over level plan by allowing the doctor will come a low rate car sharing so you have to pay less out-of-pocket than you otherwise would. the federal government reimburses insurers for the cost of those subsidies in unlike the premium tax credit, which achiness estimate your income when you sign up for coverage, you do have to pay back any extra tax credits you've received. the car sharing subsidies do not have to be reconciled at tax

time than you do not have to pay those back. lastly i would just say a couple words about king versus or a while which is on everybody's minds this week and the supreme court heard oral arguments. you know, in case you haven't been always litigation that closely, the crux of the issue is a provision of the statute that says the federal government can provide financial help to people who buy coverage through exchanges established by this state. the king plaintiffs are arguing because 34 states have exchanges around by the federal government that the tax subsidies provided through exchanges are illegal. it is important to note almost 90% of people that have purchased insurance or the exchanges are receiving up

cities. so with the king plaintiffs prevail subsidies through federal exchanges are deemed to be illegal. you have a vast majority of people buying subsidies and policies through these exchanges. they will no longer get subsidies and according to one study done by apple leader individuals will face on average a 255% premium increase. the government of course in its arguments insane if you look at the full context of the statute, it is pretty clear congress has for all eligible individuals be able to receive subsidies matter who was operating the exchange that the way the statute is structured to congress intended for tasty set of exchanges but if for some reason they are

unwilling or unable to do so defensive step in their shoes. if you are eligible because of income, doesn't matter who runs the exchange. the bottom line here is that the plaintiffs prevail it knocks out the third leg of our school, making financial assistance not available in 34 states, but importantly it significantly weakens the second leg of our school, those individual mandate and that is because most people who currently get subsidies taken away, coverage will be unaffordable and they will qualify for an exemption from the individual responsibility requirement. so if plaintiffs prevail we have a lot on the essential soul. without i will turn it over to paul i think, right? >> thank you very much, sabrina. paul fronstin is our next speaker, senior associate at the benefit research institute and

for all the attention paid to the exchanges over the past two years, policy or to remind us that most working age americans get coverage through their jobs to the aca affects that coverage to an paul will explain those effects for us. >> this is on, right? you have already seen two basic presentations and i don't know where the came from on the presentation but i will talk about the basics and how its effect by the aca. i was at someone else's presentation on this on wednesday nights after their presentation which was two hours long. there is just so much to cover on this which we just don't have the time to do it justice any of us. so there's an extra slides in the packet for you to see during your own time. one of things to keep in mind is

the environment before the aca past and that is the percentage as jennifer showed on her first slide employment-based coverage is the base that the aca is building on. before the aca past coverage was following. it was as high as 76%. by 2010 it is down to 69% and when you look at where workers get coverage from, we are at the point now where only 50% of workers get coverage through their own job. i don't know if that's some psychological level would breakthrough in what that means if we do but it's important to point now. given what is happening with the economy labor market unemployment 5.5%, you shouldn't be surprised if you see the downward trend reversed itself in the near future. the other thing to keep in mind is what is happening with them if it's offered.

what workers are seen when they're offered health benefits. he sat increasing to do the bulls increasing copayments offices non-generic description drugs for tears for pharmacy copayments. there are some exceptions to the general cautious tone to workers whether it was your value-based insurance design or telemedicine. lots of changes going on with and if it's offered to workers. some of the sincerity covered but the next of the science goes through the timeline of all the different things that affect employment-based coverage. i'm not going to go to decide individually but he saw 2010 was a big year for provisions affecting employment-based coverage. 2014 was a big year for

provisions affecting employment-based coverage in 2018 you've got the high cost excise cost also known which will talk more about in a few minutes and a few provisions that did not affect in the states in the legislation that employers may have to address at some point. just a couple items to go over. the employer shared responsibility provision assuming you're familiar with this, but it's worth reviewing. you pay for $2000 for full-time employee penalty if at least one full-time equivalent employee receives the premium tax credit and that is the piece to really focus in on an employer that doesn't offer coverage does not have to pay a penalty if none of their employees receive tax credit and that has implications

for the supreme court which will talk about in a minute. currently employers must offer coverage to 70% of full-time employees and that goes up to 95%. employers have 49 employees when it comes to calculating the assessment of first 30 employees are excluded from the calculation. only workers employed 40 or more hours per week are included in the assessment. the case for you got somebody you want multiple businesses and maybe their small businesses there is a provision to look at whether or not businesses are under common control us to whether or not the businesses would be subject to the $2000 assessment. the effect of the. the effectiveness safer this is mr. jiri first last year to this year for employers with 100 or more full-time employees and next year takes effect for employers with 50 to 99

full-time employees. the environment before the aca past. 2009 when you look at employers affected by this mandate, those with 90 to 999 workers come and 95 offering coverage and among employers, 90% were already offering coverage to their employees. in some ways this is not a mandate to offer coverage but a mandate to get incentives for employers to continue offering coverage but also affects employers that not all of them offer coverage to employees if they didn't necessarily offer them to dependence and all the other provisions such as the requirement to offer affordable coverage that took effect as well. those are some of the qualifications here. for example the definition of a full-time worker change is now

effectively 30 hours or more per week. employers must ever coverage to not only workers that dependence. dependence are defined as children up to age 26. dependence is not included spouses. employers must offer value benefits and they must also offer coverage. the family quidditch is basically affordability is determined that premium for employees and coverage. not determined by family premium. an employee may not afford the family premiums by up effect the employer is offering an affordable packages for his employees are concerned and when that happens, when an employer offers coverage to the family not affordable for the employee spouse and children are necessarily eligible for a tax credit in the market.

depending upon the income, they may be eligible for medicaid or chip as well. it has been estimated between two and 4 million spouses and children may be affected by the family quidditch. there's a $3000 penalty that takes effect when the employer does offer coverage but at least one employee opts out because it's not minimum value and get subsidized coverage in exchange. there is no assessment that are triggered. when it comes to implications of king versus burwell, if the supreme court rules for tax subsidies are not allowed in federal exchanges, that is an occasion for employers. employers are only required to pay the assessment when an employee gets tax credit.

it is deemed employees in 34 states cannot get a tax credit, essentially the employer doesn't have to offer coverage because there's no penalty associated because their employees can go out and get a tax credit in the 34 states. there's all kinds of issues that come up especially for employers that operate across state lines. the shop exchanges is the marketplace for small businesses. one of the advantages visited greases choice of carriers and plan options for employers and workers which is something the market hasn't seen a whole lot of good it allows employers to set a defined contribution and it was delayed until this year. in 2016 that will cover businesses with 100 employees and the states may allow

employers with 100 or more employees. the fact individual states discretion. you've heard about the different shop exchanges. there are tax credits available to small businesses if a business has less than 25 employees in than an average wage under $50000. tax credits cover up to 50% of the employer's contribution. if the employer contributes 50% of the premium it's only available for two years and faces up the larger the employer and higher the average wages. there are provisions for workplace wellness programs in the aca allows employers to provide financial incentives of this much is early% of the total cost of coverage when tied to participation in some type of wellness program. at the allow 20% and an increase for 50% for intervention designed to prevent or reduce

tobacco use. financial financial incentives, the former premium discounts reduction or other benefits and incentives can be participation of wellness program in health related standards. finally the excise tax also known as the cadillac tax takes effect in 2018 so 40% excise tax on the cost of coverage that exceed these levels, exceeds $10,200.27500 for family coverage. they are all higher thresholds are plans that cover early retirees. there are adjustments for workers that we have to see exactly how that will take us that. in terms of calculating the tax it's not as straightforward as premiums. it takes into account

reimbursements for account reimbursements from a essay as well as employer contributions to hsa, no there was the release last week from the irs that provides more information and one of the things if a worker contributes to their hsa through payroll deduction, that is considered an employer contribution for tax purposes and as a result that would count towards threshold. there's all kinds of questions that still haven't been answered yet because we haven't seen regulations on this. the effective date is 2018. >> thanks, paul. can i just ask a factual follow-up. you're asking about thresholds for applying the cadillac tax if they exceed 10,200 for employee only coverage. how does that compare with the actual normal cost of individual policies through the employer at this point? >> at this point is about 600 if i'm not mistaken.

obviously people appear can correct me and 15000 or so for family coverage. so the average is well below the threshold, but with an average that goes below and above it, so certainly some plants will trigger it. it's not as straightforward as lacuna premiums. if you count at you count fsa contributions, that will boost up how many plants may be about the special. the issue is premiums have been increasing faster although the gap has shrunk and recently in the cadillac taxes and next overall relations after the first year. the expectations while there may not be a lot of plants affected by the attacks initially over time, more and more players would be affected by it if they don't make changes to avoid it. >> thank you very much. paul was exactly right.

diane's organization is cosponsor of the definitive survey of employer-based coverage that i commend to you if you haven't taken a look at it. a renaissance woman diane is stepping in to the breach to pick up the thread of questions about medicaid and chip. we don't have her slides in your packet, but we will have been mounted on her website after the brief. thank you are your much being so flexible today. >> you don't have the slides because they were done at 10:00 a.m. this morning. last night medicaid clearly is the overview noted is the key building block within the affordable care act, but one of things to remember is it's been around for 50 years and has a lot of other changes embodied in the affordable care act. today i'm just going to go over some high-level changes and i

urge you to come back for the medicaid 101 to go in greater depth here clearly one of the main things the affordable care act was doing was extending coverage to low-income adults to the medicaid program. it was also seeking to modernize the language eligibility in a moment happened in medicaid to simplify the process to streamline the way eligibility determination survey and the way income is counted. it also provided substantial federal funds to states to help them put in place the expanded coverage as well as supporting a wide range of changes in the delivery system not just for acute medical care but also long-term care services. the key piece of what the affordable character seeking to do is fill in the gaps and eligibility that occurred from medicaid especially for adults.

one of the key provisions was medicaid was never available for childless adults without dependent children unless they qualified on the basis of disability so the affordable care act change the way in which medicaid eligibility was going to be sad to be based solely on in, not the characteristics of the individuals and is going to try to put in place a uniform standard across all states to eliminate the variation in who is eligible on the basis of income to 130% of the federal poverty level for as little over $11,000 for an individual. that is because of the tremendous variation that occurred in who is thoughtful for the program by income as well as category. here you see the medicaid program together with its partner the children's health insurance program or chip provides coverage on income eligibility levels for children across the nation. virtually all states cover

children at least 200% of federal poverty level as well as pregnant women. is a great disparity in the standards are working parents are jobless. the lack of coverage for childless adults without disability. so the affordable care act site to show that but the supreme court is not a mccain versus versus burwell case but his previous case decided it was coercive on the states to require them to expand coverage even in the early years with financial participation for the cost of the coverage and gave states the option to not provide coverage to the expanded adult situation said that would've been some of the working parents about the old income eligibility level as well as adults who would previously not been covered. creating a coverage gap between

medicaid eligibility standards and eligibility in the market place and as one of the glitch is that occurs when the supreme court intervenes and doesn't change a lot of other provisions of the law only make something optional, individuals below the federal poverty level were going to all be covered by the medicaid program in the aca vision said they were therefore left ineligible for gaining access to coverage in the marketplace subsidies that have been talked about earlier. anyone allow the federal poverty level who was not already eligible for medicaid bystanders was left without coverage between 10138% of the federal poverty level could gain coverage in their marketplaces and state subsidies for

coverage. so what you see in the states that expanded dedicated, there's a very nice flow. childless adults get coverage through medicaid and then get coverage in the marketplace as sharon come goes up, parents are covered equally and children have already had higher coverage so there's no real coverage gap there. in a state that not expand medicaid those who are childless adults below the federal poverty level have no coverage option. those who are parents can be covered if they need their states very strange and early income eligibility level is sometimes 17, 25% of poverty made this states that do not expand had the lowest coverage level income wise for them if they are childless adults, they were ineligible. and therefore between poverty

and the safe standard they fall into the coverage gap and once they earn enough to be above 138% of poverty, then they can go into the exchange are between 10100 or va they can gain coverage in children again because of the coverage was already provided remain covered up much higher income levels. nationwide as a result of the 22 states have not expanded coverage with about 3.7 million low-income adults fall into this coverage gap where they are two for to go into the exchange coverage and above the income eligibility levels for medicaid coverage. as you see many of them fall into southern states. the states of the highest uninsured rates, some of the highest poverty rate that they

are so most limited coverage for the poor. in addition to the coverage which has gotten all the attention in terms of medicaid choices, every states it has to modernize and improve its application and enrollment process, try to fortnight the process with the federal or state-based exchanges. we have seen a great deal of effort put into replacing paper applications in person applications come the places there is no data exchange about eligibility to try and have no wrong door anyone can go apply at the marketplace or apply to the state said by the way in which they try and really keep the doors of benz sedan rolled that process is more available. as a result even in this states that did not expand medicaid

coverage, the process has become more consumer friendly for people already eligible. we've seen coverage in the states of people previously eligible but not enrolled. largely due to delay the process process works out for them. second most of the state have expanded coverage for some real benefits to population and the number of uninsured has been particularly important among the low income population in the states the greater reductions in the uninsured than obviously curd in the non-expansion stage. receive increased revenues to provide or increase job in the health care or, increased state savings in the expansion stage as they begin to be able to provide less uncompensated care use some of the services

provided to the population onto medicaid coverage and increase economic and dvd. all in all come in many states that experienced the expansion has done so with economic success as well as better coverage for citizens. in addition to trying to really focus on getting the coverage right and making the process even less than easier for people to gain coverage they need the aca also thought to have proof that happens to improve access to primary care services to improve the way the health system works for the low income population and trying to develop other ways to provide services especially to the population in need of home and community-based services and alternative to long-term care and nursing home facility. bbc payment to primary care

doctors under medicaid. there's a two-year boost. unfortunately that is now expire so some states have kept them in place. they invested heavily in expanding community health centers so medically underserved areas facilities could take care of the newly covered population. they put more preventive services on public health that dvds can try to develop a medicaid and medicare more patient centered medical home synagogue will care models now been tested in many places and new options for the disability population to control her more home than options for care. at the end of the day that they coverage expansion of medicaid, but a real reform of the administrative structure for determining eligibility how to

get people connected to managed care plan and reforms. though the medicaid may be 50 years old, but it's entering the next 50 years because of the aca is a much more modern and change program that is much more responsive to some of the ongoing changes in our overall health care system. the outstanding question of course remains level happens with state still on the fence about whether to provide expansion or not. many seek waiver changes to try and build a comment a comment with a slightly different tilt to the affordable care act provision so they can provide coverage to citizens. the story is still out on will finally end up. remind us medicate itself was phased in over many years. not every state took up the option when it was first passed in 1965. thank you. >> is terrific.

thank you very much, diane. one quick question if i can. you mentioned standardizing of the income measurement does the eligibility changes that the aca brought what happened to the asset test that were in place for medicaid recipients from the time of enactment? >> is the children's health expansions are expanded, the asset test for gradually dropped his intelligibility to church donation mechanism for children and with the affordable care act for low income adults to the family coverage. however medicaid also covers a substantial number of individuals who are elderly and have disabilities to qualify some through supplemental security income program and

others through various provisions of the medicare program that requires the asset tests. there is attached to many utterly in the state but not for programs under the new determination of incomes. i should also say since i am over my time i will say it anyway, that the other provision of this now clearly coming to congress and in the affordable care act was the children's health insurance program that has actually helped boost the coverage of children that i showed in the income eligibility levels for children was funded through the affordable care act through the end of 2015 which is fast approaching and the requirements for state operate programs continue eligibility were intended to go through 2019

the congress will have to make a decision fairly soon very soon about whether to extend chip funding beyond 2015 and are they going to spend it as a straight up programs delayed structure will didn't make other other changes to it? we on the commission have recommended a two-year extension of the program just as it is in us also said it importuned over the next few and in the next two years about the length of the extension to figure out how to integrate coverage for children into either the exchanges in the medicaid program for whether to continue the program as it's currently structured as a middleground program. >> thank you or emerge. as you can infer from that response, medicate itself is one

of the most complicated programs that we have going. to reiterate diane suggestion that you plan to be here on the 20th of march for the specific primer on medicaid. if you have questions you would like to have addressed by one of our panelists, you should either get to that microphone or take up the great question card, write down, holding that will bring it forward. let me just take advantage of how long it takes you to get into position. spoke too soon. i ask everyone at the microphones to identify themselves and keep your question as brief as he possibly can switching it to his many questions as we can. yes, sir. >> tommy hasner, formerly with cms here is one of the things

i've seen over the past year or so and the center for budget and policy priorities help make it more clear to me that consumers and navigators have an awful lot of comparisons to make both deductibles of coinsurance different co-pays. quite a few different co-pays and i was overwhelmed by how many they have to compare. i've seen one washington consumer check book center for illinois simplify that. wondering why solutions the panel house for that kind of dilemma confronting the consumers signing up for the affordable care act. >> i will turn to sabrina but let me ask him how many in the audience know what a navigator is? 's good member, but nowhere near majority. you might remedy that.

>> just quickly the affordable care act requires exchanges to establish a navigator program. navigators are responsible for conducting outreach and education activities to let people know what's available to them and what their rights and obligations are under the law and also to help enroll people and figure out what they're eligible for a nasa gentleman indicated because it sounds like you've been serving a navigator. >> working with them. >> yeah, help them figure out what is available to them and optimal plan choice. although the law does include some new standardization for health plans, in other words they'll have to cover the essential help benefits and offer coverage of precious metals. there's still an enormous amount of flexibility for the carriers around cautionary but also

specific items and services covered nazir isolde can be overwhelming for consumers to figure out what's right for them and their family. there has been an effort and consumer check the is a terrific organization that has developed decision support tools online tools to help people filtered out or narrow down choices we are hopeful in addition to illinois for exchanges will deploy those types of tools. other states are actually looking at greater standardization of health plan options. in other words narrowing further the flexibility insurers have two very copayments or deduct those for services and that maybe something to look to in the future.

some states that the first year or so said they're looking to do it going forward now that we're past the bigger operational hurdles. >> thank you. >> and dr. caroline poplin, primary care physician among other things. one follow-up to his question. has there been any study looking up other carriers structuring their choices in such a way as to attract how the people and push away costly people since they get the same premiums for the healthy people as sick people. my question was about employer sponsoring insurance and requirements of the aca. how does the benefit package compare? do they have to cover the same benefits or can you get -- can

an employer get away with a much stingier less useful package by >> i can cover the benefit design issues. may be turned over to paul. one of the shortcomings of horses having since i did another chance to cover the precisions is one of them is a provision from using benefit design to discriminate against high-risk individuals. that said there's not a lot of clarity about what discrimination and benefit design looks like and there's been early evidence that some insurers have been doing that you suggested, trying to find benefit and for example some insurers recently sued because they put hiv/aids drugs and the

highest cost formulary tier even generic ones. it's really incumbent on the federal and state regulators to perhaps put out clear guidelines about what discriminatory benefit design is an actually provide oversight to prevent plants are doing that. then i'll turn it to paul further question. >> the question relates to the essential health benefit and whether it applies to employer plans. >> i would add one other thing. limits on out-of-pocket costs. >> the essential help them if it's depends upon the employer for employers purchasing coverage through an exchange they have to comply with the essential health benefits. those fully insured have to comply for those employers i don't think they do. they provide minimum value

coverage and guidance and make sure that coverage which is the big issue. when you look at what they are providing they are for the most part in compliance. not sure that was a concern that needed to be addressed. as far as the out-of-pocket employer plans have to comply assault plans do. the limits in the way limits as well. >> can i ask also we've heard a lot about what people call three hours. is there an adjustment if you end up with a risk will get a sticker or a sticker instead of

average. >> i don't want to hog all the time. the house law provides for risk adjustment and risk corridor and reinsurance programs. all three of them are risk mitigation designed to help in the early years to take on more risk than anticipated. risk adjustment is a permanent program that you end up getting more sick people than a competitor. the five peter to pay paul assistance. the hope is on their benefit design question, it will actually encourage to chronically ill people if they can manage their care and keep them out of the hospital, they end up winning under risk adjustment systems.

that has not gone to full effect yet. >> yes, ma'am. >> i am senior scholar at an academy help adjunct member at george washington. they were available to cover people who were not insured for qualified health centers and disproportionate share payments to hospitals. i believe those were reduced or cut off in the aca because the presumption was everybody would be covered. i was suffering that the status was and what is happening in the state and if they are reduced, what is happening in the state they still have uninsured. >> well, currently, the disproportionate share hospital payment is scheduled to be reduced, but reduction had not yet gone into place and the

administration is charged with trying to develop a formula for how they would be reduced over time. clearly those provisions were put into the lot with the expectation that all states would be expanded by medicaid pro-program and now that it remains a state choice that kind of provision a little bit down the road being fixed or looked at. the availability of community-based services in the community health centers on a free 30 program as you mentioned with substantially expanded by the affordable character matters irrespective of which states expanded are not expanded so there has been a real infusion into the mat for underserved areas and the low income population. >> diane you have sort of dominion over the numerous cars that forward.

>> says sabrina one of the first questions they would like you to explain in depth, the difference between cautionary subsidies and premium tax credit. >> clarify how those two are together and what they are. >> the premium tax credits are designed to make premiums more affordable. premiums are up front monthly payments to u.k. for houseplants. they are available between 10400% of the federal poverty level. essentially you get tax credits on an advanced basis or you can wait until the end of the year collected at that point. mostly bug in advance aces which essentially reduces the amount of the payment. the power-sharing reductions are cautionary subsidies often you will see csr are available to

people between 100% in 250% of the federal poverty level and only available if you enroll on the silver level plan. they are designed to basically increase the value of the silver level plan by reducing dockable thing copayments and again with the time credits, they are provided on a sliding scale basis. a 100%, 150% of poverty when you sign up for the silver level plan, abuses of the value to 97%. 94% actuarial values. that plan is really covering most of your copayments ended up bowls. between 150% in 200% of poverty is goosing of the value of

yourself or level plan to 87%. sort of making it a little board more than a gold level plan in between 200% in 250%, slightly increasing the silver level plan to 73 -- thank you for keeping me honest. 73% actuarial value. eventually you get the eligible tax credit in your premiums are reduced. i your point of service, you also pay less in your out-of-pocket costs. i hope that covers it in depth. >> jan, maybe you could also since this will occur in april when the reconciliation process. >> sabrina mentioned this earlier but another key difference between the power-sharing reductions of the premium tax credit be reconciled because they are tax credit.

people who accepted the payment of the premium tax credit are based on what people project their income to be for the coming year. people signing for a coverage in january projected income for 2015 but they thought they would make and then come tax time of the amount of the premium tax credit they receive its reconciled against what they actually made over the course of the year. if they made more than a project that come that they may post some of the tax credit back and they were paid in the form of additional tax when they file taxes. if they made less income than anticipated, they would get an additional refund on their taxes importantly, the power-sharing reductions are not required to

be reconciled in the same way as the premium tax credit. >> to your knowledge is there any data on the prevalence of these packages are particularly are there any lawsuits against either the state or providers to prevent discriminatory packages? strategic health resources. >> so to my knowledge there is no data on how widespread it potentially discriminatory benefit design is. hhs permanent head of human health services has provided what they would do would be a discriminatory benefit design,

but it is still pretty vague. to date what is happening is to have individual organ is nations looking at some of the health plan benefit which by the way can be hard to get a hold of if you are not enrolled in the plan. so we are aware of some lawsuits filed with the federal office of civil rights that hhs alleging that benefit designs are discriminatory. some lawsuits have been settled, but my personal opinion is ideally the feds or the state would have some clearer guide those are boundaries to prevent practice in the first place. as opposing to waiting for it to be litigated. >> this has been an issue in the state of florida and their sense

of in-depth look at availability and some of the research of the kaiser family foundation are working on case studies that were particularly center and if it offerings in different plants in five different states to see if there's any patterns that would be discriminatory. depending on how the supreme court decides, how many people would you estimate are going to be significantly affected by the decision. i was curious if you have similar opinions are not was reelected in all this in the 34 states with federally run marketplace, their 7.5 million people who are receiving subsidies in those states.

the subsidies for those people would immediately go away. many people would no longer be able to afford the is the expectation is beyond that because as was pointed out when you take away the lead laser tool, the require method insurers guarantee the issue restrict we face on health status remain in place and so what you are likely to have happened in those states is what is referred to as a death spiral in the individual market. in other words, many people, young and healthy adults leaving the market, the people who stay are those who need it the most those who are sicker. what you see insurers doing his

is and possibly and eventually without any changes made to the law, most people will be priced out of the pocket. so it affects not just the people who are receiving the subsidies, but really everyone is currently purchasing coverage in the marketplace in the state. >> and the low income perspective in those states that elected not to expand medicaid coverage many individuals between 100% and 138% of poverty have gone into the marketplace and most most of those are federally facilitated. we estimate 2 million people who would be covered by medicaid if the states expanded are now benefiting from being eligible for coverage in the marketplace and most of them will lose the coverage as well. >> one other aspect if you are an insurance executive with what

to do with the rates he will file in 2016 you are facing a strange timetable, are you not? i'm sorry. >> that is one of the difficulties. insurance companies have to file a great 42016 by may 15th of this year. that will be before the supreme court hands down its decision. the rates have to be filed based on current law. insurance companies can't build into the rates in favor of the plaintiffs. there is real concern they could be locked into a very good does it represent the risk status of their pool for 2016, which i can tell you is making a lot of executives extremely nervous. >> one of the questions we got from the fourth was what would be a plausible plan b if the

plaintiffs prevail and then in parentheses be realistic. well, one plan b would be for congress to clarify the ambiguity and say the subsidies are available whether they are in the exchange or federally facilitated our state based. i will let my other panelists come up with a different plan b if they have one. >> there is no good plan b. i'm not a budget expert, but i understand cbo will almost immediately readjust the baseline. if congress were to go back and fix the language, that costs money in the budget. so not only do you have a congress inclined to make a quick fix you also have a budget problem. it is also not easy for states

at this point on the time establish a state-based exchange. there are significant costs involved. you have to have state authority, which means getting it through your legislature or even those that could do it through executive order, there are questions about how you can raise the revenue to operate the exchange. there's just a lot of unanswered questions and i don't see an easy or simple plan d. at this stage. >> hello i'm an intern, but i wanted to bask a little bit about, have you all studied in terms of cost savings and specifically you had some numbers as a result of medicaid and these insurance plan but how much is that really fred savings as opposed to the government giving them money in

the states claiming that i'm saving in that they are not spending the money and it the federal government giving them money? >> well actually, some of the savings comes from programs they've been operating for the indigent population once the population gets insurance coverage, they don't need to get cheney to operate the program. individuals with coverage are able as one of the earlier questioners ask him about the hospital and have their care paid for through the program instead of the state having to come in and provide uncompensated care to help keep some of the public hospitals in safety net facilities going. some of it is community health centers being able to stretch the grants they get to operate for care of the uninsured to now have more people with medicaid and provide. we need to remember they would

be uninsured populations because of the fact that many were excluded from coverage. there were others that will really need to continue to reliance upon compensated care. many states have also seen improved revenues from the fact that it generates economic activity in this day and night gives better revenues which helps to offset some of the budgetary costs. >> thank you. >> thank you so much for presenting the breakdown of the 2015 and all that data. i was curious if you have any estimation to what percentage of residents were ruled in 2015 plan? >> so i've not actually look at

this, in depth for 2015, that there is data available from hhs by zip code. when we did do it now with these for 2014 enrollment in rural areas have lagged behind enrollment in urban areas. you know the number of reasons for that a lot of people signing up for coverage especially those getting coverage for the first time needed the help of the sisters and the sisters are more easier to access in urban areas. i think that where hazardous put in place during the second open enrollment. to have greater availability in rural areas. it is possible when we analyze data for 2015 we will see an increase in element in rural areas. it is still very much in area where we need to focus attention. not only are the coverage rates

of of the lower, but access to care is much more of a problem in rural areas. >> we have only five minutes left. i will ask why you're listening to the last couple of questions that of questions if you pull out the blue valuation form it would be very helpful. thank you. >> this is the question i will direct. federal government wants to encourage employers to offer health insurance to employees. why would it include the cadillac tax under the aca which discourage high-quality player offering coverage exceeding 10,200 per employee for 27,500 per family. >> that's a really good question. employment-based coverage has always benefited from a preferential tax treatment in the sense the amount that employers pay towards coverage

on behalf of workers it is not included in worker income and the amount workers pay through payroll reduction reduces taxable income. the concern is that the dollar health insurance is not subject to taxes and workers prefer health insurance over wages to some degree or increases in compensation in the form of more generous health insurance. we know that more generous health insurance results in more use of health care services and those services are good for people and they may be unnecessary and therefore people may be over insured to some degree. there is always that an interest as far back as the reagan administration in changing the way health benefits in the workplace's tax and is cadillac tax is one way coming from

top-down addresses high-cost health plans that are often though not necessarily always but often associated with plans that provide generous benefits. you may remember summer 2009 i think the poster child for this tax was gold in fact when it came out they were spending about $40,000 per executive for their health benefits. it is a crude way of going about it. there's some issues with it and some things we haven't seen exactly how its address. the intent is to reduce these very generous than i said or at least find a source of revenue to pay for provisions in the bill by taxing these benefits. >> last question here is really about the value of having health insurance coverage and ask if we can speak to the cost benefit or

cost avoidance by having more coverage and eliminating costs by medical conditions are getting care of cost environment. this question speaks to the affordable care act which was to recognize the uninsured population uses a health system very differently than people with insurance coverage. they often delay care postpone care, postponed carried mnf in many cases sicker and when they arrive for care, they are more expensive because the delayed care we know there are real health consequences in cases like early detection of cancer to make the difference between being alive and being prematurely put to death by the fact or condition was not treated windows responsive to treatment. so in the issue came to need to move more people into the state

of having insurance coverage and especially with the big focus in the affordable care act on early access to primary care and to prevent services being available without cautionary. they are also and we will get into that. i know in the medicaid section and in the health care costs section about the oscars to try and restructure the way the delivery system works to change the way the patent policy for to provide more incentives to use the system in less costly settings but also to pay and reward cared for performance and value. that is advertisement for the fact that the next 3101's are really going to do with issues in the way we could almost get the surface today. >> perfect segue. it gives me the chance to stay thank you. first of all to you for

providing a rich background of questions to eliminate the number of physicians and provisions in this law. second, for showing up. we have a difficult set of circumstances. thanks to the kaiser family foundation not only for cosponsoring but also contributed richly to the discussion. and thank you the panel for giving us so much progress. we will see you in a couple weeks to talk specifically about medicaid. thank you. [inaudible conversations]

[inaudible conversations] >> here are some feature pro-grams for this weekend on the seas and network. ..

find our complete television schedule at c-span.org and let us no what you think about the programs you are watching. callas, e-mail us or send us a tweet. join the c-span conversation like us on facebook follow us on twitter. >> homeland security officials discuss cyber security and the law hosted

by the american bar association. they outline the goals of the national cyber security and communication integration center. this is 50 minutes. >> good morning. i promised i would be back and i am from a different podium. this is a new format. we are trying to throw c-span off. you got it. okay. thank you for braving the cold. did everyone get a copy of the book outside? the blue law review article?

that is your reward for coming this morning. please be sure and get one show your friends and neighbors, put it on your coffee table. it marks you as special. allow me to let you peek behind the aba bureaucratic curtain. and i say that with our fondness. the standing committee is reviewed every year. they look at the topics such as programs publications outreach my things the committee has done in the legal community. holly puts our reports together and every year we received top reviews. in preparation for this year's review we were looking at our previous year and what we have done. we noted something very interesting.

all of our programs, publications, legal community outreach mirrored the current legal issues of the day. that was that was what set us apart from the other aba committees. we are both timely and relevant to the national security discussion. in keeping with that tradition of timeliness and relevance today we have a unique format. we have a tag team. doctor andy ozment and daniel sutherland. they we will talk with us this morning about their offices challenges opportunities and priorities in the cyber security world. you have their impressive bio, bio so i won't take precious time in reading them to you. they do work for dhs, and dhs command we will have donations to help pay their salaries. let me welcome them to our breakfast. please join me in welcoming

doctor andy ozment and mr. daniel sutherland. [applause] >> well, good morning. thank you jim, for the introduction holly, for arranging all of this. always a great job pulling off these events. if. if i could give you a tiny bit more introduction i am the associate general counsel at the department of homeland security for the national protection of programs directorate. andy is my client. we are having some attorney-client discussion here this morning. [laughter] it is privileged. please don't tell anyone about the conversation. originally. originally i reached out to holly and harvey and jim and talked about the idea of doing a briefing on some of the knew legislation and the

knew legislative proposals of the knew executive order that we knew was about to come. they said, great. let's do that. this is a great way to put an audience to sleep have a lawyer talking about the mechanics of the legislation we get to do a tag team. i am the play-by-play commentator and he gets to do the color commentary. he we will tell you what these laws mean the knew authorities and daily operation. >> absolutely. i was trying to think of a good comparison. you look like a sports talk radio crowd. we are like mike and mike on the radio. yes. andy is not a big sports fan

mike is the brains and mike is the bronx. one is the armchair fan and the other was an actual football player. i don't know i don't know how that works, but you are the actual practitioner, and i am the straight man. >> i i think i just got caught lebron and not the brain. >> i had the opportunity to characterize it. anyway, we hope this will be a discussion back and forth. it we will it will be interactive. we have good opportunities for you to ask questions. without we would start by giving you a broad sense of why this is an important time for us to be talking to you. this is a significant moment for dhs in the cyber security field. the congress passed and the president signed several new pieces of legislation that

provide dhs and others with new authorities in a cyber security arena. and the pres. and the presidents and other legislative package to the congress on cyber security. strengthening strengthening the role of dhs and addressed other issues as well. the pres. then came to our worksite and gave a speech about cyber security issues from our worksite, which was a great experience for our workforce. the white house cyber security summit was last week. the secretary was very involved with that. and then the president released a knew executive order on information sharing that talked about strengthening the role of dhs. do you want to expand on that? >> from an operational perspective cyber and dhs was a long time in startup mode. it pulled together agencies

from across government but they were existing agencies. cyber was knew. it did not pull upon an existing agency with a great backbencher capability. we have been in a search mode of creating something since the inception and what i would say the last few months really recognize that we have come into our own. we have a level of capability now that we have extraordinary demand from our customers command i would say our customers are threefold. federal civilian federal, civilian, government agencies, state local, tribal, territorial and the private sector. a few years ago you used to have to go out and sell people on what we could do for them. now they are beating down the door. we have seen we have seen that recognized by the president coming to speak at our organization

the congress formalizing our roles and responsibilities and the executive actions that have come lately giving us more work to do. it is a recognition that the reward for good work is more work. >> i i think that there are some great opportunities for dhs. my client is recognizing there are responsibilities associated with the knew opportunities, and it is great that we have such a capable team led by assistant sec. kayseven. we thought we would start by giving you a sense of the unique contribution of dhs what we see it is many many organizations and government and outside have an important role to play. we were talking about the national association of attorney general's and their role. we. we thought that we would emphasize three particular areas where dhs plays a unique contribution.

a strong record of embedding privacy and civil liberties into its programs. dhs had the 1st statutorily created office for civil rights and civil liberties and chief privacy officer. when the department for started the homeland security act incorporated a number of interesting endeavors. one of them was to create these two positions that reported directly to the secretary. many of you may no i i was the 1st officer for civil rights and civil liberties at the department. i started the 1st day with the chief privacy ofc. officer now the president of the center for democracy and technology. i remember the 1st day in orientation looking at each other like what do we make of all this now. we shared an assistant and tried to figure out where to go with all of this.

i was at dhs until 2009 and then left for a a couple of years and returned. that perspective has helped me as i have come back and really been so pleased to see that it did not just stay on and org chart. these commitments have been incorporated into the daily life of national protection programs directorate and others in the department. the commitment to privacy has been written into strategy written into standard operating procedure so at an operational level and daily, tactically folks are trained and privacy protection, how to get pii out of material that they have got to push along. so it was gratifying to see that the concept has begun to take hold.

i don't know if you want to comment on the privacy and civil liberties distinctive. >> from a cyber security perspective privacy a strategic. i say that both as a a citizen who is concerned about privacy in my own life obviously, but also as a cyber security practitioner where i i recognize and i think most people in this field recognize that to effectively secure cyberspace we need the trust of the people we are working to secure. if we do not build in and strong privacy and civil liberties protections and enhancements we are not going to succeed as a cyber security practitioner. that is a critical.of strength for the department. we have to strong organizations internally to draw upon and we have institutionalized privacy and civil liberties. i agree that is a core strength for us. >> the 2nd of our distinctive is dhs expertise

in public-private partnerships. write a whole a whole book on the subject. one scholar i read recently said the development of public-private partnerships is the single most important development in the field of homeland security. we are working in public-private partnerships constantly. that is a distinctive we have had is very important. >> absolutely. when i came on board i really made explicit something that had been implicit which is, my cyber security organization, we are customer service organization. we don't have any competing interest. and so public-private partnerships is one of the more core avenues for doing that. we have been given a pretty

big job and you don't do it by reaching out and touching companies one of the time. you have to do it through a structure the scales and an ability to reach and partner with core organizations and have them reach out themselves to cover the rest that is what it means for us >> the 3rd distinctive is that dhs provides a civilian, nonlaw enforcement interface with the private sector and the public on these issues. that is a critical part of the cyber security environment. >> we should be clear. dhs has clear law enforcement organizations that are part of it. secret service, homeland security investigators the federal protective. but cyber security and communications is not law enforcement, and we are not intelligence. at this back to the customer

service if those. when i got to help a private sector company, they know my only motivation is to help get the bad guys off the network and get the company back on there feet. i'm not trying to prosecute or gather intelligence. those are important actions. i will encourage them everyday to help prosecute whoever built into them, but if the company is not comfortable with that, they can still get help from me. it helps us have that customer service focus. >> that is just a broad overview of the three distinctives. what we thought we would do today is talk you through five recent pieces of legislation executive order and legislative proposals. we we will run through them one at a time and i we will describe the technical aspects of the peace of legislation.

and and he will have the fun part and describe what it means. so the 1st is in december the president side of the national cyber security protection act of 2014. let let me describe it quickly. it establishes and while the national cyber security and communications integration center or where the n-kick. if you have been to the n-kick, raise your hand. good. it codifies the n-kick as a a central player in the federal government information sharing about cyber security risk and it codifies the n-kick as an entity that provides cyber security technical assistance and incident response capabilities to the private sector. every time i talk about the n-kick and this piece of

legislation i realize we need to describe the n-kick 1st. maybe you can do that. >> you are an organization and need to secure yourself, company, government agency. what does it mean to have cyber security? we talked to a lot of folks who are just wrapping their heads around this concept. it is not that complicated. you you need three things to secure yourself. implement best practices which gets you two thirds of the way home. strong strong it management and implementing best cyber security practices. that is a core part of what you do. that takes care of the noise you get 80% of the threats. and you have a more sophisticated more sophisticated that guys, nationstate adversaries, organized crime that are particularly capable and really after your organization to review implement a best practices. now you do information sharing. information sharing is this

nothing particularly complicated, but right now the bad guys can try the same attack against a thousand companies and if they are not picky they will hit ten of those companies successfully. that is enough for them. right now they can probably hit 200 200 out of a thousand. the cost for them is extraordinarily low, and they have a really high return on investment. the idea of information sharing is they try 1,000 companies. the 1st one they succeeded breaking into learn something. be on the look out for this activity. shares. shares that. the other 999 companies received the information and are able to protect themselves. what used to be a scalable thing they can keep trying until they succeed.

it is now inverted were every time they try someone is likely to learn what they do share that information inoculate everyone else. suddenly suddenly trying itself has costs for the bad guys. that is part two. two. first part is best practice. second is information sharing. a 3rd. third is instant response. risk management almost inevitably means there will be risk that is accepted and that there will be intrusions that happen. you have to be prepared and be able to respond effectively. how does the n-kick help organizations? it is not the part of my organization that focuses as much on promulgating best practices. they help prevent incidents by information sharing and respond once they happen. we send out analytic reports all day everyday. a threat actors is going

after this sector. we also send out cyber threat indicators. this is tactical granular information. if you get an e-mail from this address it is a phishing e-mail. this ip address is sending malicious traffic. be alert. now, that is preventing intrusion through information sharing. sometime incidents will happen. so we we also help respond. at the most basic level a private sector company government agency could reach out and say we found this tool on our network. tell us what it did. we we will break it down and analyze it. you, the victim can figure out what happened on your network. we we can take the information and share it out our partners

or a company or government agency can say, you say you no, we have bad guys on our network to need your help. .. >> the more people ask for our help the more we can help and derive information we can push

out and other government agencies can secure themselves. i will tell you it happens in a flashy, cool room with screens on the wall showing what is happening around the world on the internet. a lot of serious gets done there but it is a cool looking room. i recommend you do a tour. >> let me give you the nuts and bolts of the legislation. the first is the composition. under the new law the center is authorized to have representatives on the floor from federal agencies primarily leads from different sectors, energy treasury or the like authorized to have law enforcement there which is n important part of the n-kick. state and local and tribal governments are there and the private sector including owners

and operator but also information sharing and analysis organizations and organizations that group together and represent sectors there on the floor. so by statute the n-kick is authorized to have this multi disciplinary group of people interacting together. it is helpful to have in statute that these people are authorized to be there and work together. those who are lawyers appreciate the legal issues we have dealt with are now in statue. do you want to expand on the composition? >> not at all. >> the n-kick is now authorized charged with being an interface for cybersecurity and providing awareness and coordinating the sharing of information related to cybersecurity risks and incidence

incidences across the federal government. the act provides the authority for the n-kick to provide upon request technical assistance to those who need it responding capabilities to the public or private private. you have referenced some of that. there are fly away teams authorized by statues to do that work. anything you want to add? >> you will particularly appreciate why this is helpful to us. i have found more general counselors are happy, go lucky people letting whatever flies happen. maybe not. general coun counselors are there to help minimize the risk and see a lot of risk bringing in an outside organization to help them out. having in statute our responsibility for responsibility to spend a fly

away team to help isn't going to reduce the fees but mitigates their concern. when we have an incident at a critical infrastructure company and we think it is important to help them out the fact the general counsel can see we are authorized to take this action speeds it along and minutes and hours matter. that is just one example where positive authorization is valuable for us. >> i have to defend the lawyers of course. andy isn't a lawyer so he is going to criticize the profession. i think what andy just said is absolutely right but i think approaching cio's and those in the information sight with these organizations, we can help you who you are where does this come from and now it is laid out in statute directly. in previously years, the n-kick has operated under the broad authorities of the homeland

security act. we have the authority to operate the n-kick. but it was under the broad authorities of the homeland security act and required a system of look at this. it is three pages and here is this, this and the presidential directive. and that takes a precious time away from what should be focused on the response. and so the congress decided we are going to put this in statute and clearly establish its authorities and eliminate that. i want to echo what andy said as attorneys this is going to be helpful. we have been talking about the private sector. mostly private sector. let's look at the second piece of legislation that talks about the dot gov environment. i know fisma is everybody's great topic. it is a great way to start off

the day. those of you who don't recognize sarcasi m. the federal authorization act of 2014 grounds dhs' role to administer cybersecurity and policy and practices within the federal civilian executive branch. this has been around for many years and primarily produced paper reports that agencies submit submit on their information security practices. that is an outdated system. so the mordinization act brings us into 2014 and establishes dhs' role. what are some of the implications? >> you make a joke about this to a room of cfo's they are rolling

on the floor laughing. we think this is a great source of humor when we make jokes about it. this lays the groundwork for how the government manages its it risk. the com bination of this act and others passed along recognizes how the world has changed. we are moving from a world where it happened at the outer edges of the department to a world where to manage your it there has to be a level of centralization and governance. there has to be awareness of what is happening over the department and believe it or not

that has not always been the case. to the government level where dhs can play that level across the agencies hand in hand with oab and undering how agencies are secure where they can make improvements, giving them that feedback and holding them accountable for managing their cyber risk. the federal information modernization act gives us the tool to do that. it is really two-fold in my mind. first, it establishes and clarifies dhs' role as the government-wide for the civilian government and measurer and motivater for the departments. the second thing is it helps us move away from the thick binder approach to an approach we use computers to measure how secure computers are. that is where you need to be.

millions of computers in the federal government going around with a clip board is not the way. you have to use computers to assess how secure they are. we got the positive authorization to do continuous dio dio diagnostic and they get a tool where they have a dashboard with a stating of their other than environment and we have a roll up dashboard across federal agencies and we can help them understand how they stand next to each other. whether one department is particularly lagging, whether one department is doing a great job and we have lessons we can take from that department and share. this is a profoundly important tool. >> just as general counselors from private companies have question agencies have counsel

who also ask that question. you have capability you will put on our network? where does this come from? now it is laid out in statue that dhs working with omb has the authority to deploy technologies on to the network of other agencies and i think that will be helpful on a daily and operational way. it makes clear the continuing strong roll for omb. omb and dhs enjoy a strong relationship here and the statue solidifys that in terms of working together -- solidifies -- >> i think that is a great point. if you have been in the federal government you recognize that departments and agencies are most likely to listen to budge. omb has the budget hammer that department and agencies are responsive to. we at dhs will never have that.

omb is the bad cop and we are the good cop. that is a more pleasant role for me to be. i think it is a valuable role. working together we are helping agencies secure themselves and they are saying this is what is and what isn't acceptable. >> third area we want to talk about briefly is developing the cyber workforce. this is a major issue. how do we develop people who know how to do this work? the border patrol agency pay increase act has stirred up this talk. within the statue there is a provision that gives dhs similar authorities to the defense department in terms of setting

pay scale for cyber professionals. do you want to comment on the cyber workforce development? >> i will say we are patrolling the borders of cyberspace. i cannot overstate how important this is. we lose people ever day willing to come to dhs and work long hours in the luxury government offices we provide them -- flickering lights and dirty dingy carpet -- but they do it because they believe in the mission. but after a few years, they look around saying i could make six times the salery in the private sector. is one year of work in the private sector worth six years of government for me and we lose them. some of that we have to recognize. we will never have the normal government lifetime career employee in the cyber field at

dhs. we are not building ourselves to work that way. we recognize we will have people going back and forth to the private sector and that is healthy. at the same time we have to have the best talent. and when the pay difference is so incredibly vast it is not sustainable for us. this is really important for us. >> fourth area friday the president signed a new executive order we wanted to address. it is an ex executive order on the idea of information sharing and it is designed to try to encourage more sharing of information between the private sector and the government. the executive order builds on the foundation of the n-kick legislation i talked about previous previously. we need to have a private sector willing to share that type of information that is what the executive order is going about.

they are trying to tackle. it encourages the development of strong associations of private-sector partners. in wax washington we are comfortable with this. every company doesn't lobby on the hill but you group together and approach from a group. and the same thing needs to happen in information sharing. so it is trying to develop associations that allow the information sharing and they are called information sharing analysis organizations which i think we are pronounceing as as isao.

and the president is directing dhs to enter into an agreement with a non-government organization to make guidelines that will deal with the creation and functioning of these organizations. essentially, this non-governmental organization is going to establish standards for the private associations. and the thinking is this will develop and deepen the private sector information sharing organizations. do you want to comment? >> absolutely. i mentioned before there is no way that the government is going to help every company in america secure itself. we view ourselves as an enabler. we are trying to help companies understand the best practice share them and implement them. we have some extraordinarily

successful information sharing analysis organizations now. they are sector based and doing a great job of helping members protect themselves against cyber threats and we need more. we need every company in america that has the capability and interest to have this order available to this. this order is solving two problems we are hearing from the private sector. one is organizations were coming to us saying they want to be part of a information sharing organization but we don't fit in the sectors where we have the information sharing analysis centers. that is the traditional sector model. they said look, we are a law firm and there is no real critical structure for law firm but we face cyber threats. what do we join? who isn't there an organization for us?

why on the 16 critical infrastructures? that is one of the first realization. trust comes in all shapes and sizes and our job as the government is to encourage the trust groups, help them share information with each other and help them share information so we can connect them so an intrusion over here shares the information that helps everybody in in inoculate themselves. we need to work beyond this model and accept other organizations. geographically based, folks coming together in different cities are being asked why wouldn't we recognize them and we said you are right, we should recognize you. this says we will work with you. you decide what shape you want to take we will work with you. the second problem we are trying

to solve is companies would come to us and say we understand information sharing is important, there is not an organization that fits us so we will form an organization. what do we do? and we said here the kinds of things we do and let's connect you with more effective existing ones and you have to do all of the work. sorry we are here for advice and to help but we don't have a system to help you build a new organization. and we kept getting a lot of companies saying we're ready to do this we want to build an organization, don't make us reinvent this wheel every time. and again, that was exactly the right thing. we said okay we will help you come up with best practices that delinate what an effective group is. so you don't have to start from

scratch, invent the theory and come up on our own. we will work with a non-governmental organization to run a standard process and come up with a set of best practices. that is going to take time but that is the process that led to the development of the cybersecurity framework which has been a successful way of spreading the best practices and the hope and intent is this will help you set-up information and sharing analysis organization and that will in term lead to the creation of lots of these organizations that are successfully serving their members. >> so the last thing we want to talk about is the president's information sharing legislation proposal. this we could have spent the entire hour on. we will spend two minutes and give the wave tops and then turn it over for questions. the administration's 2015 edge

legislative proposal sent to congress was on information sharing. there were a number of other cybersecurity legislations in the criminal area we will not touch on. the relevant for us is information sharing encouraging the private sector to share appropriate cyber threats with the n-kick and it does it through providing targeted liability protection for companies that share that information with the n-kick specifically the proposed language stated no civil or criminal cause of action shall lie or be maintained in any federal or state court geps any in -- against any enity relate today the n-kick. the federal government is reinstructed in how it could use that information moreover. the proposed legislation says

you cannot use this as evidence of a regulatory enforcement action against an entity that uses that clause. again, we could spend literally an hour on this. we will give you the wave tops and if you want to comment on what this legislative proposal adds to the landscape. >> i think you just called me the long winded one. companies share information now and that is awesome and great. we have formal agreements with over 110 significant sophisticated companies and they share information with us every day and that information helps protect other companies and the nation at large. but it is too hard and we need more companies to share.

this legislation will accomplish that. i think there are a few key aspects to that. it is narrowly tailored. they are very broad and trying to eat the whole apple at once. this is a bite from the apple but it is the right bite and it will do a lot of good for national security. what does it mean to be narrowly tailored? one is about cyber threat indicators. you sharing an indicator doesn't mean you are breached. you will see attempted intrusions and block them and they will say that one was a little different let me share the key information so others can protect themselves. so it doesn't mean you have to come forward and say someone broke up. it helps the company be less nervous about sharing and frankly that is the information we need. this is the information that network defenders use all day every day to defend themselves.

it is the right information at the least concern for the company. second, it is not intimatt -- in intimate information. if you have a law enforcement investigation that is a much more rich than just sharing the threat. that is why the legislation is clear to see existing relationships are not touched by this. it is only focused on cyber threat indicators and that gives comfort to those concerned about private and civil liberties. there is a lot of protection in place for privacy and civil liberties. we think it strike as balance and gives us information we need to help defenders defend themselves and lower the bar so

companies are more comfortable sharing >> i think we have ten minutes or so for questions. here we go. throw it open to you. >> bridging the generational gap. someone over the age of 30 i found the last half hour fascinating and understandable. hopefully c-span producers can move this to another time than 3 o'clock in the morning because a lot would be interested in this. use your imagination. i am sure you can find a client to bill this time too. questions? hands up please. >> thank you. >> identify yourself. >> dean from politico. can you talk about what happens to cybersecurity in dhs should the shutdown actually occur? there has been vague statements and i am kind of assuming most

of the operational personal are essential personal and would remain on the job. is that accurate? what about programs like cdm? can you talk about what happens in terms of operational and programmatic. >> i am greatly concerned of the impacts of the shutdown at dhs. half of the personal was furloughed last time during the shutdown. it would be similar numbers. the people standing watch on the n-kick watch floor will continue to work there. what i will say, though is that a number of contracts could be disruptive that pride the support to help those folks and less timely analysis. you send us a file with malicious software we have fewer

resources available to take it apart and figure out what happened. we will be less timely in information sharing and you will see a slowdown of the operation that needs to be happening in seconds. and for programs like continuing diagnosttic that gives us the censor and allows others to know the health of their agencies would grind to halt. we are working with departments and agencies to select those censors and roll it out. we run einstein as well and we are rolling out einstein 3 which is a think of a guard house around the whitehouse and checks attacks and intrusions on the whitehouse. we plan to roll that out over the next few weeks moving the

coverage from the government of 20% to almost half of the government covered. that roll out would be delayed. there would be no action taken on it during a shutdown. you might say the government hasn't had this protection so what does a few extra months hurt. i would say we suffer attacks and intrusions every day in the government. you never know which attack takes the critical piece of data removes it from government networks and give to a foreign nation state. so the fact we will go unprotected for the portion of the government we could otherwise protect for days weeks, months is of grave concern. [inaudible question] >> i am. >> the law firms are organizations that have tremendous amount of information that directly relate to the

client they are trying to protect. what group do they fall in? where does that come in? >> we have talked to this committee about that issue. we need to continue talking about that. it is not just law firms. i think of accounting firms as well. firms are agregrate and it is an important issue and we talked to the committee about trying to develop more awareness and even an isao for law firms. so it is a project we are talking about with you. currently, law firms don't fit in one of these particular sectors which is what andy is referencing. do you want to take? >> law firms are a target of the

most sophisticated ad vuout there. you are very much a target so i would ask you to go ask your company what they are doing to protect you. >> please join me for thanking our guest for a terrific talk. >> thank you very much. [applause] >> thanks everybody, for coming out. that concludes our breakfast program. >> thank you. c-span2. providing coverage of the floor

senate. the only television devoted to non-fiction books and authors. c-span 2 brought to you as a local service by your local cable or satellite performance. watch us in hd like us on facebook and follow us on twitter. >> look at cybersecurity policy and how it relates to public and private partnerships. and then ken walish discusses celebrity in chief. and ashton carter takes the oath of office at the pentagon swearing in ceremony. >> speakers include senate homeland security chair ron johnson, the national security counsel and senior director for cybersecurity and