workers particularly to work unusual hours such as shift workers, particularly those people in remote and regional locations where they are not been easy access to childcare facilities, mr. speaker. we have the $869 million child care safety net which recognizes that vulnerable children and families need extra support, mr. speaker. we are a government that understands the need of this nation's, families and relationship child care. that's why we're putting in place those sort of policy that will provide flexible, affordable childcare for parents and grandparents. >> the member for herbert. >> yeah. [laughter] >> my question is for social services. i have a mobile population. my constituents are asking me how we can make save face and

have -- this can help them with childcare. can you outline, answer that question for me? >> the minister for social services. >> and an excellent question. of course, it was the case, mr. speaker, when originally the childcare reforms were designed they were designed in the first iteration by the treasure when it was minute of the social services and ke the board responsible for find the savings inside the tax benefit system to pay for those reforms. it's not the case because minister of government changes. member for herbert is usually well aware the genesis for the changes were suggested for childcare which were welcome word needs to be paid for with appropriate rational savings out of the tax benefit system found their genesis and the productivity commission, who noted 165,000 australian parents

said that they wanted to and would work more but felt that they were unable or inhibited to do so because of the access and arrangements surrounding childcare. they are the winners to give of australians we are working veryy hard for, that we devised a plan for, that we wish to assist engaging in the workforce. as you have noted, as your constituents are no doubt keenly aware that has to be paid for and perhaps its time if i could respond to the likes of the procedure makes that which that payment will occur. we had ever event in the house last week were members of with agreed with the savings been issued by the government. doesn't happen very often but it did happen last week and that savings with with respect to a mechanism to lose pay for some portion of that childcare spent about $500 million was agreed to by members opposite which will see in the not-too-distant future, family tax benefit the

ends for families when their youngest child turns 13. that will be making a contribution $500 million worth of contradiction to sweeping reforms to childcare. it's now the case member as you are where we have the legislation before the house this week with respect all the detail on the childcare package. that is a very significant expenditure of money and it has to be paid for. one of the benefits that we have seen is the expenditure, less than expected, that there is less generosity to those on higher incomes and better targeting of the childcare on lower incomes. what i want to assure you and your constituents is that whilst, whilst, mr. speaker, whilst the childcare package needs to be paid for and whilst only part of it has been a great two in terms of the savings by members opposite, the remaining savings will be back before the house this week with a slight modification and i said to the legislation through the member

and that revolves around excluding the small group of grandparents and single parents -- both smokers and we've been able to do that because the spent on childcare due to the work is less than we thought. thought. >> that's we conclude a final question time wrap for this year. we hope to see next year. thanks for watching. ♪ ♪ ♪ >> to do a special representative for afghanistan and pakistan testifies before the house foreign affairs committee on u.s.-pakistan relations. see his testimony live at 10 a.m. eastern on c-span3. >> governor of puerto rico speaks about the state of that territories economy at its $70 billion of debt at the national press club. we have those remarks live at

1 p.m. eastern on c-span3. >> the reagan narrative was it was a lightweight great the actor with premature own chair which is what gerald ford said about him in 1976. turning prematurely orange. with all the successes of this administration you know, historians have consistently rated reagan little. i believe out of ideological bias. >> sunday in the uncommitted historian craig short discusses his book "last act," look at ronald reagan's life. >> liki like to write about wrig because the group indicated. it was the time for us to i also write about the fact that i don't believe ed meese or anybody else makes things up. and i think we have succeeded in

repositioning people's thinking about ronald reagan so that it was, the picture that emerges of a very serious, deep thinking, considerate solicitor's main. >> sunday night at eight eastern on q&a. >> necks, trade technology and cybersecurity experts look at the best practices for personal online security and safety. and national cyber security alliance posted at this hour 45 minute event focus on individual and small business cybersecuri cybersecurity. >> good morning, everyone. >> good morning. >> that was a little we. let's try this again. good morning. much, much better. my name is michael kaiser and an executive direct of the national cyber security alliance and it's

my job to welcome you to talk about factor identification of issues related to cybersecurity. we will talk about it more later in the morning, we are a public-private partnership really live that model of working with industry and government. so if a partnership or example from dhs have been with us from day one working on education and awareness. you may know was for things like national cybersecurity awareness month, or data privacy day, or the stop think connect campaign which will be discussed a little bit later on as well. these are efforts where government and industry and other partners in the nonprofit sector as well like we have the bbb here today, we work with other groups in the nonprofit sector to to education and awareness to help the organization teach people how to save -- stay safe and more secure online. please feel free, listen today and go visit us at our website, stay safe online.org to learn

more about all those things. let me start by saying we always talk about cybersecurity as fixing the weakest link in every chain. and having a shared responsibility which means we all have things that we need to do to make the internet safer and more secure. no matter where we are whether we are at home doing e-mail, maybe social networking, although shopping during the holiday season or if we're running the most largest most complex network available. that everybody has some role to play in making the online experience safer and more secure. and so when we are here today talking a multi-factor authentication our two-step verification or two-step authentication template if you want to call it, it's a really important piece of that puzzle because it adds a layer of security for all of us to be safer and more secure online, and to secure our most critical

accounts from hackers. so we'll talk a lot about this but i'll give you an example that gmail account is the most important account you have. if you lose ownership of the e-mail account to a hacker con what happens the first time someone tries to go to a website for general use for ask for your password to be reset. where does that go? it goes to your e-mail. if you don't own your e-mail and someone else does your basically own across the whole internet anyway so that's what this particular piece is so important. when we talk about the shared responsibility and this notion of everybody participating, i would just leave you with this thought before introduced our first speaker. that if you think about the internet as a whole ecosystem of all of us connected and everything we do having an impact on each other. you will notice that whatever you do online makes the internet more secure for all of us. that this is a shared responsibility we all have. so now it is my distinct and

really privilege to introduce the branch chief cybersecurity education awareness at the u.s. department of education, citing his department of homeland security. she is in charge of education awareness but we have worked with kristina for four or five years direct on national cybersecurity awareness month and the stop think connect configuration also oversees the workforce development arena of dhs where they're looking to build a cybersecurity workforce not on the h.r. site but helping to figure out the kind of folks that they need in that arena as well as training. so i just want to say that we have worked with kristina for many years. this is a true partnership between ncsa and dhs. we have worked together to really build on each other's strength, to do the work that we do best each other together and kristina has been a true leader under her leadership the programs that we put together

have grown enormously and immensely. i think the trajectory is all good. we're going to get bigger and better as time goes on. so it's my pleasure to introduce kristina dorville. [applause] >> good morning, everyone. thanks for coming out today to talk with us and he all but about some of the work we're doing. you are going to hear later today about a lot of different topics and cybersecurity but i could you talk about some of the work that the department of homeland is doing and cybersecurity and specifically the work we're doing with ncsa to support a public-private partnership. so i know a lot of people are familiar with dhs i'm sure many different aspects of their life, traveling upcoming for the holiday season of course, the many faces you see at the airport are tsa agents. they work for the department of homeland security. the u.s. coast guard is part of the department of homeland security, the federal emergency management agency, the united states secret service and host of others.

however, one thing you may not know about dhs and why i'm here today is we also have a mission and cybersecurity. one of our main missions is to protect the dot gov to any address that ends in dot gov for the federal interagency as well as for state and local governments. as part of that i believe we have the shared responsibility in our part in that is helping on the government side to make a network to use across the country. so a couple stats. cybersecurity really does affect us all. as michael mentioned everyone has able to play. there are studies that show smart phones are never more than about three feet away from anyone at any given time. most of you may be through with it if you're using your smartphone as an alarm clock and it is plugged right in next today. or mib in your pocket throughout the day. it really shows how prevalent the internet and our access to information through the networks is in everyday life of the

average person. in addition nearly one in five americans have been a victim of cybercrime. there is another stat that shows the enterprise of cybercrime as a business, everything from the small stuff to the very big stuff has surpassed the illegal drug trade and the amount of money is making annually. so that's the indicator of our cybercrime gone and where we're headed with vetting having on the internet, that's a quick stat right there to show that. 43% of companies have expressed a data breach in the past year. so we are all of us together both on the private sector side, on the nonprofit or positions on and on the government side working to educate people about what they can do to be safer online to protect their companies, their families, and really just make sure they're having a safe user experience as they navigate the web. one of the ways were doing that at dhs in partnership with ncsa

is busy stop think connect campaign. just a bit of background. in 2009 when the pressure came into office he did a review of everything happening across the cyber landscape and the federal government. and issued a report. as part of the report one of the largest gaps i guess it was there was no education programming onto a americans on how they can be safe online. think something similar to like smokey the bear type campaign but for internet use. the department of homeland security was charged on the federal side to come up with something that we could do to educate people. smh up with the department of homeland between the departments -- the people's department and ways they operate in the normal day-to-day life and one of those is on the internet. so we got together with the national cyber security alliance and all of its partners and jointly develop and came up with the stop think connect campaign. i believe that is an unprecedented effort.

for once there was a become a saint we know best we're going to move forward and not talk to anybody or any of experts. we really truly have a meaningful partnership with ncsa and industry to advance this effort. as part of that the department in our role specifically works with nonprofit organizations, academic institutions and other government entities including state, local, tribal and territorial entities to help spread the message. if they train the trainer approach if you a. i know i can speaker phone across america all the time. but we can seek a trusted partnerships that already exist in communities and ask them to help carry that message to the folks there talking to already. as part of that we've established a partner program with dhs against the government nonprofit and academia where they can join with us and have access to all the messages and materials that were used in the

stop think connect campaign and we're excited to announce our goal for finish out 2015 was to reach 250 partners and we did which that and are not surprising that so we are really excited about the opportunity to work with people across the country. i just finished as example some of our partners, we of folks ranging from the international association of chiefs of police to the aarp to the boys and girls club and even girl scouts of america. there something in there for everyone in all different communities across the country. we also excited we got our first tribal partner. if you know how the tribes don't typically like to work with federal government that's a huge accomplishment for us and we're excited about that. another way we're doing outreach specifically to individuals is to our friends camping. this is an opportunity for individuals like my mom and dad to receive information directly from the department in partnership with many of the partners that we have about timely topics that are relevant to the. outcome with all the season perhaps holiday travel that you

should think about being safe online as you're traveling as well as holiday shopping. during april or march and april we're putting out information how to make sure you're filing your taxes online safety tips you should know from the irs. as part of that with almost 50,000 individuals who have signed up and are getting month information from dhs about things they can do to be safe online and that continues to grow. if you're interested in getting involved from either of these, our website is right there, dhs.gov backslash stop think connect a welcome you to check out all the resources we have available. specific as relates to resources that would've available, they are all for free and they are designed to be used for a wide array of audiences. older americans are law enforcement, government industry, we have something for everyone. including teachers and students and parents specifically. because while in your day job mits hypersecretive expert come

with it comes to talking to kids about what they're doing online, totally different message than perhaps which are used in workplace. i am privileged to be the head coach in arlington. i can tell you that kids are very active online and in what you may not actually even as a parent i always make sure part of my spiel that you must talk to kids appointed an online. as part of that there are resources available for you again irrespective of what kind of demographic you fall into that you can download from our website. we've got public service announcements, quality videos, presentations you can give you get a career day or information day after child's school as well as bigger government entity i want to talk to employees about what they should be doing to be safe online. we have quick tips on tip sheets that a quick and easy to read and understand about simple things you can do, the same with the tip cards. our website is there if you would like to download any of those materials are about some of the of the work we are doing.

i mentioned at the demographics of that students, parents, and other government entities, but we also work with businesses. we do that more in a voluntary capacity at dhs. there is no mandate for us to be specifically working with businesses but we defined working with and allows for a more broad situational awareness picture of what's happening across the entire national network. and, of course, businesses have access to data the cyber criminals are looking for an especially small business. we find small and medium-sized businesses tend to be some of the largest targets because they don't think they have anything people might want. you are a yarn shop, you might not think that the cyber criminals want any of your information. but if you're taking people's critical data, storing personal information without, that you did something that is of value to folks. we have found small businesses main event for specific resources that they need to

respond and prepare for cyber threats. as i mentioned their systems tend to be more possible. typically the person who is the chief information officer are all the same people who might also be the owner who does all the financials and everything in between. we found that's a group we wanted to make sure had access to resources and information so that they're able to keep themselves safe. we have a couple different things. what is on our stop think connect website we worked with the fcc and other small businesses across the d.c. metro air to put together a small business cybersecurity planner. if you think of how you install a printer like a wizard to go through to install printer on your computer it's a wizard like that that you can answer questions and at the angel of a customized cybersecurity plan for small business bu but it's basically give you somewhere to start and gives a quick information about what you should be doing at bare minimum to help keep your system, employers, this is safe and protected. another big aspect of some of

the resources is through the critical infrastructure cyber community. we call that c-3. the c-3 voluntary program and data from it at all with some of the work that's been going on related to the cybersecurity framework that the department of commerce put out over a year or so now, this is a dhs is working to implement the cybersecurity framework for businesses. it's a public-private partnership that aims to connect businesses, government agencies and academic to dhs and other federal resources and have a specific small business to get. you can see what it includes right here to help businesses be safe and protected as it relates to what they're doing on network. they have a separate webpage dedicated specifically to resources. you can get there through our us-cert.gov website. lots of great information and resources geared specifically towards the private sector and

small and medium-sized business community. over all of the department is working to try to do what we can and do our part in sharing information and resources promoting best practices online and how people can be safe again anywhere from students, parents, teachers, older americans, government, law enforcement and industry. we really welcome any kind of input into how we can better be of customer service, focus can we can be better customer service focused programs to ensure that the resource we're providing are relevant so the opportunities to give us feedback. you can visit our website or the e-mail address that is checked by myself. not just going into a black hole. and like three or for other people on my staff. so i can assure you if you get a response. if you go to our website and you see something is missing or something should be there or you have a resource that may be relevant and 20 picture we are aware of it, please send us a note, let us know how we can be of better service to you. so with that i will turn it back

over. thanks for having me again today. appreciate it. [applause] >> thank you so much, kristina. it is a pleasure to see that our federal government is doing so much for the public, and she is a fantastic representative of that. thank you for all you divorce. my name is kristin judge, i work with the national cyber security alliance. and i want to first show you our thought leadership comes in on the department of homeland security partners but from these great partners who are on our board. we have a lot of great thinkers working with this every day to set the direction that ncsa goes and. i am the director of the two steps ahead program we started about a year and a half ago in march of 2014, and we have been to 15 cities so far are across the country. this is our 15th event and we are excited to be in arlington today. i want to encourage folks to live between giunta what if you're undergoing as long as

you're putting about this. i can tell the difference. i usually keep your attention so much we put a filter life tweaked after hashtag two steps ahead and we will reach we give and help you gain more audience for your visit and help be a part of the conversation. i want to give people some permission to not understand how to keep themselves safe online yet. ..

people are definitely concerned about getting hacked. that was not much of a surprise. we're not real good using passwords. we've been working on that message for a long time. we'll get into that a little bit later but we're still not great using good passwords or changing our passwords. 39% of consumers use two factor. three years ago that has gone up quite a bit. a lost large breaches happened over last couple of years, even main media outlet articles. , if companies using two factor authentication the breach may have not happened. this is personal use to large corporations. we made a short video on our website you can share to talk about what is two factor authentication.

we'll talk about it more in depth after the video. >> time honored dance move, that involves two steps. what happens if you don't take the second step? the result canning embraer raying or painful. using password alone to identify sensitive date it is like taking one dance step. what you need is the two step. two step authentication that is. two step authentication goes beyond a password, and to make sure is really you with someone with your password. that is known as log-in approval or multifactor authentication. two step authentication empowers you to take control of the safety of your on-line account. it is easy to you, gives you peace of mine and makes your life more secure. use the two step, stop, think,

connect. >> talk about the old way of protecting our accounts. which do this every day, probably 40, 50 times a day for some folks. we put in log in information and password and access our account. we all know that there are folks out there who are stealing our credentials, stealing our log-in or password or guessing it with technology they have. they can go into the account looking just like us. we want to show you how you other folks can not access your account. our passwords are not that food. anyone let me know why monkey is in list. no one, been to 15 cities, no one can tell me why monkey is up in the top 10. we're still using 1, 2, 345as most used was words. if any of these passwords are your password.

go home and make them better. i will show you how to do that. do you need a huge long strong password for every single account you own? probably not. some of the accounts where you bo in for example, there is no credit card data on that account, your address isn't necessarily on it. for example, i blog sometimes a local news media station online. and so i go into my regular name but they don't have my credit card information or my phone number or critical information. i use easy password to get into that one. banking critical passwords like email i use higher, stronger password. talk about what it looks like using two factor authentication. put in long-in information and password still. you get a secret code that comes to your phone or to your email or somewhere else or an app. only you have that code. and it is time sensitive. only lasts one minute, two minutes, three minutes, depending on company.

bad guy was your password and log h in don't have the code they can't get into your account. so it is really easy step. people say to me, well that will take me 30 seconds longer every time i want to get into account. think about the time it would take to clean up your identity if your identity was stolen or credit cards and driver licenses were changed if accounts were hacked? think about how long that would take? a little bit of insurance. we ncsa is very proud of our relationship with the bert business bureau. at all 15 events they have been a part and we have a representative here today also. we've been working hard on a small business program over next 10 months or some we want to urge everyone to check out the website, bbb.org/cybersecurity. there is a workshop coming to a location near you. we want small businesses to know

we taken difficult topic and put it in language you can understand. so we're very proud of that relationship. on our two steps ahead page at stop think connect, you will notice on the purple sheet that is resource guy all of the key websites we encourage to you visit will be on the research guide. so when you go home you won't have to remember ones i'm sharing here. a video, poster and how-to library and link to instructions. i want to actually take you online to show you how simple it is to put two factor authentication on an account. first thing i will talk about is passwords. this is a website where you can go in and just test out a password and see how strong it may be. i want to show you how long it would take the bad guys, if they wanted to get into your account, if you ice password as your password. one second in a brute force

attack. nowadays they're talking about passwords but pass phrases. a pass phrase is a sentence, i like to east ice cream on sundays. it is pretty easy to remember, isn't it? think about if you did something like when you see a s, put in a dollar sign or put in an e you put in the number three. this is actually something you can write down. you can write down the sentence i like to eat ice cream on sundays, as long as you don't put password above it and put it into the computer. sticky note with your passwords that is another thing you fix at home. you can see, have an easy sentence to remember. if you're visiting, say chase bank, you can add a c at end of

it. visiting eddie bauer to buy some clothes you can put an e at end of it. you coo have a unique mass words for different accounts, adding a letter at the end. this helps you get an idea what a better password thinks like. think of it as a pass phrase, not a password and make it long and strong. i will take you on an account right now to show you how simple it is to add two factor authentication. google has really fantastic security tool here. when you're in the email or google account and click on this routing area here, go to my account. i have taken both my parents and sister and an aunt through this. it is really fantastic. they have some security checkups in here. highly recommend you go through your google accounts today and do that. it will show you if someone from russia has been trying to access your account. who has been on your account. you can make sure they don't get

back up there again. so there is security checkup. and then, excuse me, go back up here. sign in at security. when you're putting in two factor authentication on almost every account, it is under settings and then security which makes sense. go to settings. change the way you access to the account and go to the security part. here is the security checkup. then here is two-step verification. right now off on brian's account but i will turn it on. it is called two step verification, two step authentication, multifactor authentication. unfortunately us bat internet is so new we haven't decided all of the words yet to agree on. it may come in a little bit of a different form. when you get the account it tells you how to set it up and what it will do for you. they make you put your password in, which is a great idea. and they tell you to look at

your phone, to add your phone number. and send it a code. and takes about two to three seconds. the code comes directly to your phone. this is the first time i'm setting it up. i am putting my code in. anybody can know this code. it will only last for a minute or two. then i will verify it. some people say, do i have to put that code in every single time i sit down at my computer? i'm sitting down at my computer, 30, 40 different times a day. no you don't. if you know your computer sitting at your desk at home in your library, no one is going on it. you don't have to worry about it. you can say trust this computer for 30 days. you won't have to keep logging in with different code. unless someone comes in a different device. after 30 days you have to put it one more time. like i said earlier, it is worth the time. i will confirm that i want to

have that. and then i want to show you one more specific thing. so it is enabled on my google account. that took me less than 10 seconds i wasn't talking to you, correct. add specific passwords. one thing important to know, if you get your mail on your phone, once you put two factor authentication on your account, you have to put a one-time specific password in your phone. we have videos on the website an on purple resource guide. make sure you add then the app-specific password one time to your phone. if you have to update your ios system on your phone, sometimes you have to put the app specific password one more time. so it is extra step the first time if you want to get your mail on your phone. many people have social media. anybody here have linked in account? it is really our rolodex today but also a place for bad guys to fish information about you. they find out who you know, who you work with to send you email.

they can also get in there and pose you to your account and send mailware to europe friends computers. you don't want to be the one who brings down your friends computers. there is linked in account on the web page. literally 12 slides. go to privacy settings. click, turn it on, put in your phone number and you're done. literally takes less time than it did on gmail. another fantastic sight is turn on 2 fa.com. this is came out from our partners. just put in the name of the website that you want to turn two-factor on. it literally will take you step by step with screen shots. number one, you put in your name. number two, you go here. you click on this and then you click over here and tells you step by step instructions.

anybody can put two-factor on an account if they go to this website and follow the instructions. so it is really fantastic tool. they have it for over 100 websites. most of the american public can find whatever they need on there. we have videos of somehow to turn on our website. i encourage you to click there. i will pull back up here. and now i want to have michael kaiser come up as our, our guest arrived? wonderful, great. i will ask michael kaiser to come up to introduce our next guest who brought a video here for us today. i will let her start that when she is ready. thank you so much. [applause] >> thank you, cris tin. that is why we call this get two steps ahead. that is putting yourself ahead

of the curve when it comes to being more safer online. my honor to introduce commissioner mcsweeney at the ftc. she was sworn in as commissioner in 2014 and the term expires in 2017 but she has a long history prior to her participation in the ftc. served as curve counsel and governmental relations for the department of justice at the antitrust decision. served as deputy assistant to the president and policy advisor to the vice president in 2009 to 12. serving president obama and vice president bide inch in a variety of areas, health care, innovation, intellectual property, education, women's rights, domestic violence. worked as deputy joe biden's deputy chief of staff in the u.s. senate where she managed domestic and economic policy and development and lodgetive initiative and council to the senate judiciary committee. she is graduate of harvard and georgetown university law school. but let me add one thing about

the ftc and ncsa. we consider the ftc one of our prime partners in education awareness. i've been at ncsa since 2008. one. first people we reached out to are the ftc. their educational materials for consumers an small business are really some finest materials we have out there. when you talk about partnership by i did earlier they make our job much easier. that is a great partner. quality of materials for the communities they develop they serve. we count on the ftc for continuous evolution of quality materials for people to stay safe and secure online. ply distinct pleasure and honor to welcome commissioner mcsweeney this morning. [applause] >> thank you so much. good morning, everybody. thank you, thank you, thank you. thank you for that incredibly kind introduction.

i really appreciate it. and thank you also for getting this video that i'm going to share cued up here. i really amde lighted to join you this morning for this important he event. i have to say again, to underscore what michael said, that partnership here is incredibly valuable to the federal trade commission and its mission to protect consumers. we really value our partnership with the national cybersecurity alliance but also with the better business bureau who is a really valuable partner to us in our consumer protection mission. michael gave a shoutout to our wonderful materials available right outside the door at table. so i also wanted to just thank lisa here from the ftc who can help you find any materials you're lacking. i direct you to our website which has a host of different materials available which i will be discussing shortly in my remarks.

also want to want to thank christine from my office and training advisors today. as ftc commissioner i have a terrific job, i get to go around and take credit for all the wonderful work that the staff at the federal trade commission does every day protecting consumers and preparing business and consumer education materials. and i will underscore what michael said. they are fantastic materials. they really provide very plain english explanation for some of these complicated issues. so hats off to them for all the terrific work that they do. you know that the two steps ahead campaign is a wonderful way to spread the word about the steps we can all take to protect our data and our privacy and identity online. so those of you that aren't familiar with the federal trade commission work, we're the nation's premier consumer protection agency. we work across all sectors protecting consumers from scams

and frauds and increasingly, our mission has modernized over time as consumers moved from the brick-and-mortar world of consuming to online and interconnected one. our mission is increasingly involved protecting consumers privacy an consumers data. we have brought more than 100 privacy and data security cases over the last decade but equally important to our mission is promoting a educational materials, reaching out through better business bureau and through partners to try to make sure that businesses and consumers have the most up-to-date, effective information at their fingerprints both to protect themselves online and to adopt best practices. a lot of those materials are here today. as i said they're also available through our website, ftc.gov. they're available at onguard

online.gov and. variety of resources there. we have no private authorship in these materials. they are not copyrighted. we want you to take them, copy them, use them, reran them, and get the information out there to in the hands of people that need it. we also distributed and this is a campaign that's near and dear to my heart, millions of copies of our net et cetera guide which provides guidance to parents and caregivers talking about being safe online and tips how to talk to kids about computer security and how to protect your child's privacy. this is important to me because i'm a parent of a five-year-old and seven-year-old who are growing up in this incredibly interconnected world we live in. you know i think we've probably heard this morning already a discussion of some of the risks here. you're probably well aware of them or you wouldn't have shown up to attend this event. but, i just want to throw some

numbers at you really quick. i think everybody would probably agree that i say the risk of data breaches and identity theft looms large but to underscore that the ftc has just to date in 2015 received more than 4,674,000 complaints about identity theft, which is, by far our most common complaint that we receive. and according to the bureau of justice statistics, about 17.6 million americans, or 7% of the u.s. population were victims of identity theft in 2014. the bureau of justice statistics found in 2012 the financial losses from all identity theft and data breach totaled $25 billion. to put the number in perspective that total loss of all property crime combined by comparison was just 14 billion. so that's a huge number. i expect if we looked looked at

more current numbers it might be larger. so in addition to reaching out to consumers directly, the ftc also reaches out to business. and -- [inaudible] >> this is great. i'm not going to be offended if anybody wants to go to that. [laughter]. but to continue, we recently unveiled our security initiative at the ftc and we've been on the

road with presentations around the country from silicon valley. i was in austin recently. we're moving out to be in communities all over the country with new materials geared to specifically towards businesses that are trying to do the right thing with security. so i brought a little visual aid. these pamphlets are available today. they're outside on the table. i'm really excited about the service security initiative because it is best practices and basically 10 rules based on enforcement cases that the ftc has brought. it goes through common mistakes that people make in businesses with security. it talks about how to remediate them. it is incredibly plain english. i think it is users manuel for doing the right thing to protech data security. i think it is incredibly helpful. if you don't find answer in these materials we have more available online as well.

we have a terrific staff who are available and do respond to questions and inquiries. we're here to help people do the right thing so we can avoid situations where consumer data is breached. we have distributing the information by video. i'm going to try to make the video work here. let's see. kristin, i think you have set this up and now i need to -- this is i'm stalling, technical help. this is our latest video which we're debuting today. it reminds businesses to think critically about how to, about access to data on their systems. >> [inaudible] start with security video series and resources at business.ftc.gov. offer lots of valuable tips.

savvy companies control who can and who can't get their hands on their data. not every employee needs access to everything especially customer information. one social media company learned this the hard way when it was subject of an ftc case the company failed to restrict its administrative rights. so nearly every employee could access user accounts. hackers used employee credentials to reset user passwords and sent phony messages from several accounts, including accounts of a major news organization and the president-elect of the united states. information controls make a difference. not in your own company who has administrative privileges? what data can they access? and what can they do with it? taylor access based on job responsibilities and restrict to authorized parties only n another case the ftc cite ad financial information for failing to adequately restrict employee access to consumers

personal information. employees who didn't need access to data for their jobs, transferred more than 7,000 files to third parties. one employee sold hard drives that contained information to 34,000 customers. how your company can avoid disasterous and preventable scenarios. assign access on only need to know basis. for your network consider limiting access to the places where personal data is stored and putting controls on who can use certain databases. >> learn more ways to control accesssensitive data in your business and build a culture of data security by visiting ftc.gov/startwithsecurity. >> that is the video on the website and we have morn training videos as well as materials at our table. i want to underscore the start with security guide really reminds companies that security knit isn't a one-time effort but

rather ongoing process that requires continuous valuation and updating f you take nothing else from the material, please take that lesson that's security is a daily task, that updating material is absolutely important, understanding your risks, trying to make the best choices possible are really, really vital to securing consumer data if you're handling it. for all of our efforts to try to help make sure that the best practice and security are being deployed out there protect consumer data, we recognize there is no such thing as perfect security. that is the not world that we live in today. so one of the things we've also been updated on ftc resources available to consumers resources to consume that's are experiencing problems with identity theft issues. i think it is unfortunate but i expect that more and more

consumers will have need of these resources. so over the past year we've been updating all of the material on i.d.theft.gov. this is seamless one-stop shop available to consumers that need to remediate situations of identity theft and want to find out more how to protect themselves. i'm pleased to announce that we will continue to expand and update resources there. right now the site helps consumers generate affidavit, learn what actions to take following eye dent think theft, depending what type it is and sample letters for credit bureaus and businesses and debt collectors. soon we'll unveil enhancements that allow consumers to register and create an account to update affidavits an track their progress over time, update a personal recovery plan that walks consumers through each step they need to take and customized prefilled letters to send out to companies.

i think these improvements will make it easier and faster and safer for consumers who have been affected by identity theft to address damage and regain control over their identities. additionally ftc will continue to bring data security cases to protect consumer data serving notice to scammers and businesses that leave sensitive data exposed that we will take action if the rights of consumers are violated. and that we will use all of the tools available to us to try to protect consumer data in our increasingly interconnected world. so i want to conclude by emphasizing one thing, which is that the ftc alone can not make security a priority. so that's why i'm really grateful for our partnership with bbb and our partnership here today. i think all of us together and your presence here today really under scores that we can take security seriously and protect consumer data.

so, thank you for your attendance today. thank you for your interest in this topic. i encourage you to check out our resources at the trade commission. if there is anything missing reach out to us, let us know how to provide it to you. we want to be a resource and a partner and we're excited to move forward trying to share the mission of protecting consumers. thank you so much for your time. [applause] >> thank you, if i could ask my panel to come up to join us here. we'll have a panel discussion. let me take a word to thank our partners here today, to help bring this on. as we go across the country we have tremendous work in the local community around work we do. google has been a great supporter bringing this to communities all across the country. as we normally do in these

events we would like to have some local folks come in and talk a little bit what's going on. we have a great panel here today. i'm going to start --s we also have opportunity for people to ask questions. we have note cards. if you want to fill out a question. you can submit it and get it up here an we'll try to get it answered for you. we have a terrific panel here today. i will let them introduce themselves. i will start out, go right down, tell us who you are and a little bit what you do and we'll get into some specifics later. let me know that you must use this microphone. those are for c-span but go ahead. >> good morning, i'm a special age sent with the washington field office for ftc i'm coordinator for field offices local chapter. regarded as non-profit organization by chapters and geographically aligned with fbi field offices to promote two-way information sharing to protect

critical infrastructure. >> good morning. my name is ken ball. i'm dine of the volgenau school of engineering at george mason university. as of the school we have departments like electrical engineering, civil engineering systems, mechanical engineering, bio engineering and we also have computer, technology and science and technology. in our school we have 15-degree programs related to cybersecurity. across the campus we have a number about additional programs that are multidisciplinary that would pull in business and public policy. and one of our most recent programs is a new bachelor of science and cybersecurity engineering. so we're trying to broaden cybersecurity education to include engineering disciplines, to get into cyber physical systems and infrastructure.

whether that's driverless cars or drones and uavs or the smart grid for electric power distribution. we're trying to take a proactive approach into cybersecurity. i would point out to hose that have children considering what to do, right now the average starting salary for a cybersecurity professional in this region is $88,000. and if you add a security clearance on top of that that can add another 25 to 30,000. so our graduates are starting right out the gate over $100,000 with a great cybersecurity related position. there are 11,000 jobs currently in the northern virginia region. in the greater washington metro region, there is probably about 50,000 open positions right now. and that is expected to grow to a million. we're very pleased to be providing these programs and work with our sister institutions in the region across the nation to really increase cybersecurity education opportunities. >> thank you.

i'm mary power. very proud to be president and ceo of the council of better business bureau. we were started to do root out bad guys and snake oil sails minute and help businesses put their best foot forward. the new west create a new wild west. that is good news and bad news. consumers use it to make their lives, quicker, faster, easier but there is still the snake oil salesmen out there. we're partnering with csa to add resources an knowledge to help you as consumer protect yourself or you as small size business owner to put the right safeguards in place, deal with your staff and make you a trusted business. >> hand it back down here. just quick introduction who you are and where you're from. >> good morning, i'm jack bienko. u.s. small business

administration. i'm director of entrepreneurship education. if you're not familiar with the sba, we work on smalls about finance and growth across the nation. resource partner network which is a large network of university, non-profit and other mentor networks. we work on procurement issues for small businesses and disaster preparedness and recovery. we're seeing cybersecurity as a growth concern from a number of perspectives. i know a number of items have been discussed this morning. happy to see everybody here and a lot of our partners we work with especially on this growing area of concern. >> thank you. i want to go back to mary for a second. i know you all at the bbb launch ad very significant program. commissioner mcsweeney talked about some of the scams out there and christina from dhs. tell us what you're up to. i think people want to know about that. >> glad to. we started scam tracker. where consumers go on line at

bbb.org, scam tracker and self-report of any scam they think they're a victim of or aware someone else might be a victim of. it gives real time tracking. what scams are in your area. how fast they are going. put in a search word, irs scam, puppy, anything, will give update, information about a scam, what media they use. whether it is in person, robocall, online, a little it about what the pitch is. and some things to be careful of. it also will say what audiences they target though it changes. so if there is senior citizen scam we're noticing in florida, there is a real-time heat map that will show where it's moving and what direction it may be heading. we in bbb community can warn people and partner with the group, in this case aarp. to be careful this is growing and changing. >> thank you. kenneth, you talked a little bit about the big huge need in northern virginia, d.c. area for jobs. give us more specifics about how

you're actually getting young people into this workforce? >> yes. there are several initiatives that we've recently taken one in particular we're getting halfway programs through community colleges and particularly northern virginia community college. in fact in our information sciences and technology program more than half of our student come through that pathway. and by developing real strong relationships with our educational partners in the area and that also extends by the way, down through the k-12 system. we do a lot of outreach. one unique aspect of the pathway program with the northern virginia community college we're reaching out to our veteran population and veterans, for example, can earn an associates of applied science degree and come directly over to george mason university and complete a degree in cybersecurity and i should mention too that the commonwealth of virginia has, is

providing us with over $150,000 in the appropriations to he provide specific guidance and advice to those students in the veterans pathway program. we're looking to expand that this year. we're also working with professionals in the area. we're one of six universities that are partnering with the united states army reserve command to create a public/private partnership to create cyber professionals and that would be working prohe professionals there in the army reserve and to leverage their positions in industry in the area and provide them with additional training to help secure the nation's cybersecurity needs. so those are just a few examples. >> that's great. kara tell us a little bit about info guard, not many people know what it does, how people join and what advantages are to be part of that process.

>> info guard in a public/private partnership, we heard a lot about that already. it has been in existence for 20 years t started as grassroots effort in one of our smaller field offices in the midwest to really harness the expertise that existed in the private sector as cyber was really exploding for the fbi and evolving and changing. so we sought out that expertise to about the threats we were facing, moving away from traditional cyber criminal scams that obviously still exist and exponentially seen ray across america and go to nation states targeting resources and information as well. that is really esolve involving for us we reached out for key holders and stakeholders that had expertise in this area to help us combat those threats. it has grown to organization

with 40,000 individual members nationwide. it is a little different than some of the fbi's outreach mechanisms. it is not specifically for a business or position within a company but individuals who volunteer because they're stakeholders in critical infrastructure. they want not only to protect their companies they work but for themselves as individuals and their families an communities. so by joining the fbi vets those individuals. so foles who volunteer to be vetted by the fbi usually have interest in keeping their community safe. they're not doing it just for the heck of it. and we allow them then access to secure portals where intelligence products are posted. a lot of resources we heard about here, a lot of joint products with dhs partners. we have agreements with the sba and nest and others to inform consumers but provide a mechanism for them to tell us things. a lot of time at individual level the federal threshold for the fbi to open an investigation

is not met, whether it is a dollar amount or statute. so we rely on our partners at ftc, at ic-3, the internet crime complaint center to aggregate for us. and as we see trends across the country and growth in aggregated data it sometimes rise to the level where we can get involved ourselves. i like to think just hearing today we're extension of a lot of partners you're already hearing as i'm a cheerleader for the ftc, for the stop and connect campaign, for sba, referring our members to those resources as well what we have available on info guard portal. >> if someone was interested in becoming part of info guard where do they start that process? >> www.infoguard. >> that is easy. you're looking issue of cybersecurity for small businesses. can you talk about what your efforts will be and these days

to address that? >> sure. key effort is partnership with the fbi and this, where we can co-host with them leveraging our infrastructure and much of their expert tease to hold workshops on cybersecurity around the nation. so we're really interested in scaling that obviously to more communities across the nation. also digitizing. it so we've been working on a special project to upgrade some of the online learning we offer sba.gov. we have a great cybersecurity course. a one-on-one course that many main street businesses are interested in. we have 10,000 people take that free on-line course last year. we'll build upon that. we'll add more information. also connect the digital dots. we probably talked a lot about checklists, assessment tools, resources many of the federal agencies and local partners offer as well. we're doing a lot of communication. so coming out of national cybersecurity awareness month in october. we also talked a lot with our mentors.

we have 12,000 men and women that serve as mentors to small businesses whether they're aspiring or growing across the could counttry. we're doing a lot more trainer to trainer information. we'll do some internal, host some internal experts to talk to these businessmen and women so when they're talking to entrepreneurs whether great public libraries here in arlington, virginia or other locations across the nation, they candying in a little deeper, answer for questions quickly and make referrals to expert organizations like infoguard and others across the nation. we're trying to educate and inform small businesses when they're becoming aware of cybersecurity or this huge growth area of small businesses in that space, in the d.c., virginia, maryland market, that is obviously a huge growth area. on that front it is a lot of advance information like venture capital opportunities or making business-to-business relationships or federal

procurement opportunities. that is where we're seeing a lot of growing occurring in the sba and better connecting with organizations and individuals interested in cybersecurity. >> great. mary i want to go back to you too because i will let you talk about an effort at ncsa and the bbb are starting to build to reach small businesses as well. when we think about the small business community and cyber community, in many ways they're very hard to reach and get focused on the issue. most small business owners wear multiple hats, right? they are literally chief cook and bottle washer in most of the situations. talk about the program we're rolling out or thought you have about this. >> be happy to, michael. you said it best at the start. small and mid-size business owners are doing some things. they realize there is a lot of information but it is almost overwhelming. there is so much information where do i go for the right resources? we work with the sba and a framework, five steps to think about what is the most important

asset you need to protect and what you need to do. the thinking behind that if we give you five steps it can help you and your organization put together a plan, start small, and let it grow. the five elements, identify the issue, protect your data, detect problems, respond and then recover. it is really a circle because you get your house in order a few months, weeks, later there will be more data. there may be a potential situation and it doesn't stop. but it gives you confidence that you will have tools to do what you need to do. the other part of the program is also to provide vetted resource. there is so much information. you've heard a great deal this morning and there is much more. what are trusted resources i can use as small business person to put in place quickly to help my staff think about cybersecurity. not in i can't do anything. these are two, three, four things i can do to be a trusted business for my consumers.

>> i want to go back to kara for a second, ask you a little follow-up on infoguard issue. you mentioned that people get information. what kind of information do they get? how does that go back and forth and how do people use it and those kind of things? i think that is really intriguing. >> there are a couple of different methods. members get access to the secure portal i talked about, yes, another place you have to log in to remember a password. we like to think of it as another resource for people evident. joint intelligence products. private industry announcements. notifications are couple of different products posted there. not just the fbi, dhs, ftc, sba, nest. we like to get as much information to our members as we can. often times some of the more technical information we put out called a flash report, fbi liaison report will provide indicators that companies can use to plug into their networks

and systems. doesn't have attribution, those things but has enough information for folks to plug holes if you will, to be able to better protect themselves against some of the threats. each fbi field office has a special agent infoguard court nate tore that is liaison to the local chapter it. the local chapter has a person as opposed to calling a switchboard they can get in touch with. if it is cyber related, most of our infoguard coordinators since on cyber squads in those offices. we can get you in touch with experts about the threats you're seeing and don't know what to do about it especially if the chief cook and bottle washer don't have enough resources to figure out what is going on. i will get you in touch, my colleagues get you in touch with agents and analysts in the field office that help you with that issue. and even if it is not cyber related, it still put as face to

a person in fbi field office, often times calling switchboard and not knowing exactly who you are talking to is daunting enough in and of itself. it is trusted participate. info guard coordinator become as trusted partner with those members. once the trust is facilitated we have the forum for members to share information with us and for us to share it back with them. >> great. once again if you have a question you can write it down and someone -- kristin here will pick them up. you can move them to the side and we'll try to get those answered. thank you for that. ken, i want to go back to you for a second. in october, national cybersecurity awareness month we released data raytheon and millenials attitudes towards cybersecurity careers. see them as customer for these careers. what they're thinking about. we found a couple things that are interesting. that young people didn't actually know what a cybersecurity professional does, right is they kind of heard

about it. funny when you ask them are they interested in career in cybersecurity you kind of get a pretty good response. ask them interested in career protecting internet the response goes up dramatically because they understand that in plain language a little better. one of the things they said to us were two things. no one talked to them about cybersecurity careers while in high school. no teacher or guidance counselor. two, they didn't know what a cybersecurity career was. can you talk about how maybe you can bridge that gap a little bit to figure out a way to get communication to younger folks about how to get engaged in these careers? >> certainly we're doing a number of things. as i mentioned, short while ago in the introduction we do a lot of k-12 outreach. for example we're working with the government schools in the area and high schools and our faculty go out to give

presentations and sponsor different student clubs going on. one example would be with the first robotics competitions and leagues that is focused on robotics. robotics is step away from autonomous systems which gets you through cyber. we're raising awareness through variety of outreach programs. one of the things we're doing, working with the community, the corporate community, within industry, with federal agencies. we're working with economic development groups. for example, the northern virginia technology council. there are thousands and thousands of people who live and work in the northern virginia area who touch upon those groups and can also go out and spread the word about what we're doing. our most recent program that i mentioned, our bachelor of science in cybersecurity engineering, we specifically developed that in partnership with the industry to find out what their needs are. we work with northrop grumman and dr. michael papay who is

vice president and chief of cyber operations for northrop. we're making sure our programs are very relevant and very multidisciplinary and desai per security touches all aspects of business and, for example, it could be in the health care industry, robotic surgery or everybody hears about driverless cars and drones and uavs and that sort of thing. so the high school, millenial generation they're all aware of these things. they all have their smartphones. it is just really for us to reach out to show them how broad cybersecurity is. it is truly multidisciplinary. some ways we can exploit every cyber incident that occurs. we're talking just before the meeting about the hello barbie. now you have barbie dolls that are wi-fi-connected. home appliances, fridge

straighttores and things like that -- refrigerators that are on wi-fi. every time that is out in the news. that is the opportunity for us to show how young people can have very fulfilling professions in this area. as i mentioned with the parents, just let being them know that your child could go out there with a good-paying job and they will be in demand for 20 or 30 years. so when we go to the high schools, we also reach out to the parents to try to show them that their children have very good opportunities in that area. >> so do you, a little follow-up on that, cyber challenge is obviously very important part of this. can you explain maybe a little bit what a cyber challenge is? other research we did in october really show 1/5, or 20, 25% of parents heard anything about these. so can you talk a little bit cyber challenges and role they play in getting kids in the space? >> that is one way to get students interested in cyber careers especially even once they come to the university.

they you always want to be sure they stay in the program and retention becomes an issue. so the cocurricular and extracurricular learning opportunities are very important. things like hackathons or cyber patriot competitions. there are national competitions that students can engage in every university in the nation that has cyber programs, computer science engineering will have these opportunities. to push that down into the high school level is very important. that is beginning to happen. a lot of our students from high schools in the region, there is a high school club that does hackathon. they learn how to, raises awareness of cyber cybersecurity issues. all the programs are very important. we hold for example, career fairs and go out to the high schools and try to also use our current students to go back to their high schools and to engage with their student clubs to be sure that students are having these opportunities to see that

they can have a lot of fun with this as well. that is certainly, the programs are not interesting we won't succeed in getting student to come into them. the students really, if you just, at george mason university alone there is probably about a dozen different cyber groups that students can join. they're probably our best disciples going out into the community to get more students interested in these programs. >> great. go ahead, please. >> michael, the other add is get families interested in cybersecurity. think of cybersecurity, oh, data breach. it's bad. if we use effective tools to control the bad part internet is of huge value. it is getting students involved but just the whole family. you don't want one person in your family being expert. you want to raise level of comfort. yeah, i'm going to use internet and tools. i need to think about how i do it right way, smart way. not to be afraid of it. it is really education, starts

with students but really whole family. >> we agree with that. we think cybersecurity enables people to do more on line than prevent them. jack, you talked about emerging areas, smaller companies providing cybersecurity to other folks. talk more what is going on there. how you're supporting them or how they should be supported or what we need to make them successful? we will see every single business in this country needs some form of cybersecurity. maybe one tiny network or two or two computers all way up. it is all throughout the ecosystem so how do you support these folks. >> feeling better as parent, i drag my four-year-old to hackathon. at sba we're sitting on business competition panels, more so now, hackathon sessions. my youngster is getting more exposure. he is actually attending. we talk about this in house a little bit more, he has a lot of digital devices as a 4-year-old.

now he counsels his father paying attention to things. i feel more comfortable as parent we're exposing to some issues early on while on other hand fearful how we all address these things as we move into this advanced digital age. back to your question. so we often, our mentors talk about small businesses don't know what they don't know. so drawing them in to talk about a lot of business topics is sometimes a challenge. so it behooves us to work in partnership, while we counsel people in marketing we do that making sure people are exposed to things in semicomfortable setting so they can be exposed to these business topics including cybersecurity so our partner experts can talk to them. now definitely it is the new norm where it is sort of built into your standard business plan or advanced formats for, as people talk about how they're going to set up either their

app, their business or their potentially unicorn. so sort of baked in now. i think we're doing a pretty good job. it's heightened for a lost main street businesses. you may have talked about this earlier today during the holiday sales season. there is a lot of sales opportunities. people are going more online. how do we communicate with people to pay attention to cybersecurity. we've been talking across the board about the emv chips in credit cards and how small businesses need to pay attention to those. how the card readers and standards and their requirements are going to evolve sort of 30-day periods as entire credit card industry pays more attention to this i often think about the food truck. we talk about food trucks in a lot of cities across the nation. they're not probably starting food truck thinking about cybersecurity across the bat. a lot of services are digitized whether communicating on social media. we launched a cybersecurity vandalism tool kit.

we see a lot of cyber mack hacks going through social media channels. whether somebody hacks through social media channel. whether that is interconnected with e-commerce or web platforms. how somebody communicate on your behalf. a big vulnerability we thought there. we partneredded with general services administration to launch a cyber tool kit on sba.gov. as they go into the cloud and mobile computing that is huge area of concern. small businesses are talking a lot about it as as they have been for last couple of years. staff training, i know folks talks about main street and advanced companies talk a lot as they change their -- train their small businesses employees how do you lock the back door? your customer systems, databases or business vulnerabilities. that is a huge area.

insurance options are things we're talking about. people talk about flood insurance and other type of insurances. what type of requirements may a insurance company may have for cyber hacks. small businesses are talking about that actively. last thing i mention we're seeing a lot of growth across the country but also in this community for incubators and accelerators focusing on cybersecurity firms. there is a number of award winning firms we recognized at small "business week.." national small business week, white house honored and other organizations have for small businesses that have deep expertise in this area. they are either working with small businesses or a lot of corporate america. the press covered a number of corporate hacks. so corporate america is paying a lot of attention to the supply chains which gets into the small business community as well. so those are just a range of topics that we're talking to small businesses about and trying to do a better job of sort of connecting them to the right resources in their

community as a lot of things, all politics are local. we find people talking about security issues, much of that is local too so how we can connect people with experts in their community. >> i throw this out to all of you since we've been talking about small business, i don't know who might want to jump in on this. our experience is they're hardest group to get their attention, right? they have very limited bandwidth. any good ideas for sort of reaching these folks, the right kind of messages to send to them to engage with them. info guard is working at local level across the country. bbb is local across the country everywhere you go. talk to us how we engage with them that is productive? sometimes these small businesses maybe overwhelmed by the amount of information that's out there. approaches ways we can do that better? >> sort of a plug for many of our grantees. if you're not familiar with them, score, which is a large

national mentor network, small business development centers and women business development centers. these are natural hubs small businesses go to or a lot of education. whether trying to reach out to small businesses or providing a training opportunity, whether it's a flyer or workshop those are excellent resources to act for small business communities. >> infoguard membership is free and as i said, it is an easy conduit to go directly to your fbi field office where we give briefings about those threats to small and medium businesses. . .

>> from the university perspective, universities are a resource in their communities for the surrounding business communities. i know the universities in this region and also throughout the commonwealth of virginia to provide services for small companies. for example, george mason university has a network of small business development centers and the mason enterprise center and at the school of business, for example, is very proactive in helping small business, providing advice is very important. but i would also add as you noted there's a great need and we need to do more, a lot of small business don't get into

intel have a problem. i do know that other, governor mcauliffe, he's making a real effort to develop the new virginia economy and a big part of his plans are to make a very large investment in cybersecurity. the budget will be announced december 17. they've already had a series of small press releases that will indicate significant investment in cybersecurity. for example, at george mason university there will be an additional $400,000 to provide more training for cyber programs in the community. and some of that will go to beef up the veterans pathway program i've talked about earlier. there's also going to be significant investment in things like cyber ranges that will pull on the universities together with industry throughout virginia to provide more opportunities to provide cybersecurity for trading that wouldn't benefit the business

committee both large and small. small. >> could you tell people what they cyber range is? that may not be common knowledge. >> cyber range would be basically, will mimic the larger internet, the internet of things and 11 networks and computers. so it's meant to imitate the larger internet but in a controlled way. and venue, for example, you can have teams try to attack and hack in and teams to defend and you got to worry about disrupting all the commerce and a big test fo do everything else that goes on in the larger internet. you can control. that's basically they cyber range is. >> small business owners are so busy that the message needs to be told in many different ways and have linkage. one of the things were getting people attention, talking about holiday scams. so you as a consumer might be looking at the holiday skinless but you as an employee or a small business owner are also doing the same thing.

we tried to divide our messages consumer focused, one business focused but there's linkage. if we can get there attention can we talk about the positive as well as the negative. prevent scams but if you are skim, be resilient. the path we are talking about, make it easy. one step, two steps, three steps, i can do this. it's not going to take all my time and it will protect my family and my employees, my business and my customers. >> i'm going to sort of, you raised the holiday scams. are there some people should specifically be paying attention to right now that you've all seen for your efforts? >> most scams are impostor scammed. be very careful it received in the cart and it does not say who it is from our ask you to give personal information to open the card or have a special link. a lot of the scams are a fake shipping announcement. we tried to deliver a package to you. please click this link to find

outcome if it doesn't say who the packages from, don't click the link. there's lots of sneaky ways to try to get malware loaded during the holiday season. and then, of course, the families came often called the grandparents scam where n. is holiday time lots of travel, i've been stranded, grandma and grandpa, please e-mail me money. i'm in the hospital, i'm very ill. please d do not send anybody unl you talk to a family member. the pigskin parties i went to look like you got a great deal. it's a special sale, click now budget asks for payment either wire transfer or a debit card which can be traced. and once it is in it is gone. lots of red flags out there. if you take a moment, most of the scams rely on an emotional response. if you take a moment and simply, if it's the bad guys can what an eternity me to do? stop and think if we connect.

you can have a very happy holiday. >> let me ask a follow-up. one of the things we look at the last you with a number of people drop off shopping carts because they are concerned it about the amount of personal information largest hosting their got about what's going on to any advice for businesses when they are communicating with their customers about completing a transaction? >> one, look for hdtv as, stands fofor secure and at the locks o. that we need payment you know is protected. as a business recommend they pay by credit card we have support in trying to collect event has been fraudulently obtained. most businesses will not encourage you to pay by wire transfer or prepaid debit cards. the more a business can do to show that the working to protect your information and get those tips or promote their either

through paypal, give the customer another reason to keep going. they will know it is secure. and also make sure they get privacy policy is posted so people can feel a bit more comfortable because today people are starting to be more savvy and looking for those billboards that say you're safe. they may not get down to your postcard but looking for billboard is a is is a good company and i can trust them. >> i think consumers are looking for the roadsigns themselves. not only the business being secure but how they express that up to a potential. any other thoughts on the topic? >> when i which is continue to validate business e-mail compromise is one of the top things we still see. doesn't matter the size of the business, if they engage in wire transfers or have a lot of foreign partners, that that's a huge vulnerability where we see a lot of cases come out of.

>> i will just follow up within. definitely a concern this season but i would look at january or february also from a small business perspective to have those discussions not only staff attorney but with your bank or other supply chain partners, talk about their vulnerabilities, their experiences and their cyber protections. it's a very hectic season for small businesses. you want to be as diligent as possible. also i which i think about january, february looking inward, talk to other folks who can get a better understanding. so many small businesses have multiple interdependencies and not everything is in your immediate span of control. it might also prompt what you need to look at a different service provider or solution but you want to start educating yourself, having those discussions like you would with any other other business partners but now cybersecurity is a must discussion point you would have early in the year.

>> maybe some new years resolutions on cybersecurity? >> i'll try to get it started in january. cybersecurity fitness this one of those things. >> can we get until january 3 to start? so we just have a few more minutes and i don't know if with any other questions -- we do have a question way in the back. shout out and i will repeat it. [inaudible] >> thank you for the excellent program. >> you're welcome. [inaudible] >> i have a personal question. i had some ideas for stuff on a website, and i used search engines to see if someone already has of those, and i'm just wondering if when i do that and i say that so many

scrutinizing the search engines and they see something and they can grab it and register it before me? is there a way to check myself when i search like gmail, if something is gmail, you also want to have it connected e-mail something with the same name. who is watching that? how do i know that somebody can't register it themselves right away and cut me out? >> the question is really about, the gentleman who is trying to look for things to sell online, trying to be creative, have some intellectualizing pursuits around me be me make some things and there's a way to protect that effort as he undergoes in making sure that no one is trying to steal his -- steal his ideas, free associative into the internet. is that a good way to explain it?

[inaudible] when you're using search engines, free e-mail solutions in conducting market research, if you're conducting market research, you're looking for branding opportunities. so it is something to be aware of. i have not heard many cases of people doing a general search and then finding somebody is tracking it immediately and snatching up a url or a product me. there's millions and billions of the search is going everyday i don't think they're being snatched up. that doesn't guarantee that if you do a search today that you're, that product will not be taken or bottled up somewhere else. people are gobbling up these websites, product names every day. search, search and search. there's a lot of great small business tools that will give you alternatives that something is not currently available on the front. if you get to the point where you go to copyright or patent something we have a lot of solutions at the local level and also at the federal level with

the uspto on some tips on we are at that juncture what may be involved in trying to claim a right to an important website. any other tips? >> i agree with all that but i would add one more thing, and it's maybe the obvious thing. something that's really, really, really hot, you think is really going to be something that's really going to take off, limit how much you get that out there. we at the universities with the research we deal with intellectual property all the time and have lots of disclosures and to the patent process mostly, the best advice is until you're really ready to move quickly on it, hold it back because once it is out there so much can grab it and lus lusher prepared to be done to it. so that's the last piece i would add his whole back as much as you can until you figure it out. >> if you find like a domain

name, that sounds like what you're searching for, and internet name, if you find one that is available that you like, go get it because in this world a lot of people have good ideas and has unique as you may think your ideas, other people maybe think about the same thing. a lot of us have many different domains associated with things we do either as a protection to the people can't spoof us or make that happen because we just have a great idea and we don't know if we will ever make it into reality but we want to hold it because who knows, we might have the next big thing, right? any other questions from the audience? a couple down here. we will try to get a couple of these in here. our card systems do not work all that well today, so speak up. >> by show of hands from the four panelists how many other companies have been hacked, compromised in the past three to five years speak with three to

five years is forever last night spent what have you done to the people have been optimized and had, outsiders, employers can what is your -- you notify them? do you do some -- how do you deal with that? >> i'll start since i'm holding the mic. mason as, i think every university in the united states like a lot of big companies, people are constantly trying to back into the networks and do malicious things. and so we have a large staff that handles our cybersecurity. and we have very aggressive policies now in changing passwords, two-step authentication was talking earlier, things like that. and even beyond the university itself, for example, our benefits are their anthem and anthem was hacked, with a lot of people who do classified

research, for example, and the federal government clearance process, that was hacked into. and so a lot of times i, for example, have four different free monitoring for identity theft with different groups like the next two or three years because of all these different things. so whether its target for the federal government or health benefits, this happens all the time. so the general advice everyone has given already is what to follow, especially the higher levels of authentication when you get onto the internet and are doing things online is a very important. >> the bbb name is not entrusted to a lot of people, we are constantly under pressure for phishing scams. i brought my security officer to talk about but the most important thing businesses we know something is going on, let people know. but to know there is a phishing scam. we get to work out right away and that's a good policy for any employer. if someone has done something

come if they have accidentally downloaded some outward, the worst thing that can happen is if they are afraid to tell you because the longer that sits, the more your company is in danger. we have a policy of anybody suspects anything, everything is happen, you've got to let us know right away. we're going to act on it a try to protect as many people as we can because one of the worst things any company can do is have an employer that inadvertently downloaded something or knows that saddam and sits on it too long because it won't go away. it just gets worse. >> just looking at this from all that different of a perspective, a lot of times my colleagues the company to say do we have a member at a company because they had to go do a victim notification. they are telling the company you have a problem, so for us developing that trust with those members is key because it enables a much better interaction with us going out to

accompany and saying, we have some bad news. so having a two-way trust is vital to the work that we do in that arena. also, the fbi has become a lot more forward leaning in reaching out to those industries that are targeted and had been targeted. they have a concerted effort from the headquarters level within our cyber division to reach out to the health industry, for example. also to both holders of pii, specially related to government pii. and doing so can be more proactive oftentimes as a result as a large breach, but going out there and saying these are some of the things we have seen, best practices, after action almost any will to hopefully get a little bit in front of that for the next time. >> federal employee information bridge was -- fairly well

documented if anybody wants to read that, on multiple websites or opium.gov as a case study but as a staffer or customer of opium, communicate often africa late with me sending mahlon commission shall got to my home address of record, and telecommunications on cyber hygiene, a lot of the q&a sessions old, agency and opium. if you have a question that was a result of, we could ask that and then a lot of standard responses in terms of monitoring systems and tips and information. so i felt fairly confident given the circumstances that i knew as an individual may next couple of steps in terms of figuring out what personal vulnerability, if there were breaches, money is withdrawn from my bank account or other access points which may pii server provided these hackers. sort of an ongoing issue as a

federal employee. i more diligent at the personal level, at our agency level there's a lot of communications. we are communicating in multiple avenues, whether its flyers, quizzes, discussions as i mentioned. so that was a lot of the response i so as an individual federal employee. but again you can read this information, a lot of great case studies out of there. >> this is a true confessional moment. i think it was three october cycle our website was compromised. we're not quite sure if it was a malicious hack. we don't know that for sure but what we did know, will we did come to find that was, and we don't collect a lot of personal information. we don't engage in business transactions with people or purchases or sales. was actually our former web developer was using an open source system and there were some patches that were unavailable that they did that

putting because they liked the way the old version worked better than the new version, which have some security features which they had not knowingly told us they were not going to update our software for our website. and that led to a vulnerability that was across the whole web that this particular open source system had that hackers were using, and they use our website to direct people to malware and other kinds of things. we did do a notification, posted a blog about what happened on our website to let people know that if you had any issues they should change passwords and other kinds of things. is not always updated. sometimes if your business it could be our website being hacked a compromise, could be used for other purposes, to redirect people to places where they don't want to go. it can happen in a lot of different ways but i think the important peace is we are getting better at telling people when this happens. in the old days it was like they've got a bridge, the first thing is, don't tell people. now you are like tell people. that's a good change.

we have another question right here. maybe this'll be the last one and then we will have some closing remarks. >> i was just wondering how often you see accounts of two-step authentication being compromised? >> i don't, i don't, probably no one here, unless you do from the education, you know, from -- >> i'm not aware of that. since regard to the two factor we haven't had any problems peoples accounts been compromised. that was the requirement for strong passwords and send them something out through your phone is on record as a sort of thing has really worked very well. so i think that that's the really important thing to do. once you do that you still haven't the other vulnerabilities that which is talked about, at least are experts at the university, that's weakened enough problems.

>> if we had the superduper cybersecurity researchers up your i'm sure some would say that two factor can be hacked because there's no such thing as perfect security so let's remember that. someone said earlier in the day. no such thing as perfect security. in the current world you have people who are using two factor people that are not. and less to say the bad guys of opportunistic and all this going to go to the lowest hanging fruit. if i've got 1 million compromised accounts and 800,000 of them i would have the login and password and the other 200,000 have multi-factor authentication on it to make it hard to get into. guess which 800,000 i'm going to first? that's the environment we're in right now. but as time goes on i'm sure there'll be efforts by the bad guys to break in pieces were put in place and will just have to keep increasing the ability to make the systems more secure.

so with that said i just want to go, anybody have any last thoughts are resources that may be helpful? we want to start from the end and work towards your. >> thank you for letting us be a faq for ever and join us. i think this is an important topic and we can't talk about enough. it's something that's not going to go away and it is growing. we are taking baby steps to take on a huge challenge. the website i'm most proud of is bbb.org because we partner with many of the folks here. we share information with the fec and the tremont and even the reports in the scans recorded, we make sure no personal information is available. if you have been scammed we know people are embarrassed, nothing about you will come out, just about the scam. we share a lot of our data. a lot of these, all of the website and the sources here are often linked, which is good. and i would do a little plug that though we are talking on cyber and internet there some

great materials out front. so please take an old-fashioned copy and read it and then it also has the same information online. there's great resources from everybody are out front, and hope you will take a look at that as well. >> and in closing i would use a thing if you're interested in learning more about the educational programs we are doing, i website, gmu.edu has links that will lead you to a lot of what we're doing in cybersecurity. the one thing i didn't mention is as a research university we do have the experts that the research. some of them are sitting out in the audience right now you're we are also trying to really do the research work with the industry and the federal government to stay one step ahead or maybe i should say two steps ahead and -- >> five steps ahead. >> all right, five steps ahead. we are really doing very creative things and were getting

a lot of support from all of our partners and universities are all working together as well. just as an example, and this is rapidly changing and brand-new, five years ago there weren't very many cybersecurity programs. now there are hundreds and then five more years build the a lot more than that. we are also working with different groups to set standards, common outcomes for programs and that we can go in and continue to improve accreditation and those sorts of issues. it's a rapidly changing area, one with great opportunity. and again as a university educator, we strongly encourage young people to consider that as a career opportunity. >> i, too, would encourage you to look into this as a potential venue to find more resources available to you as well, akamai colleagues statements. you will see a lot of links to each other, so try to afford you the most opportunities to get

information to help you protect yourself. >> and a reminder, sba.gov come you can punch in your zip code to find a local resource or take some of these digital tools that all of us provide. if you of something you would like from a small business perspective and you don't see it on our website, feel free to e-mail me, jack at sba.gov. happy to provided to working. we're always looking for material that fits best for small business owners. if you have something a big fan of simian note and we'll get it processed your digital thing. go to our website and find a local workshop at the library, university, or business bureau or one of her federal outlets. >> so let's give a big hand to the panel. [applause] >> thank you. is always a bright light of the conversation, really great experts. i want to once again thank our partners today who made this

possible. the bbb, google, george mason, of course tenure at the arlington public library has been a great honor today to do that. i want to thank all of you for coming, and just please take the time to just do one or two things to make a soap a little bit safer online. and remember you make the internet better for all of us. so everybody have a great day, and thanks again. [applause] >> here's a look at what's ahead today on c-span networks. on c-span3 will show you a hearing on u.s.-pakistan relations, house foreign affairs committee is hosting that. that starts live attending eastern on c-span3. then remarks on puerto rico's governor, speaking of the national press club today here in washington and we expect to comments on health care and debt situation on the island. you can see that five at 1 p.m. eastern on c-span3.

later today federal reserve chair janet yellen would be briefing reporters. it is widely expected that the fed will announce a rate hike this week. you can see the light start at 230 eastern c-span3 will also cover that. spent all persons having business before the honorable the supreme court of the kind of monge draw near and give their attention. >> monday on c-span's landmark cases we look at the case on one of the most divisive issues to come before the supreme court, abortion. >> roe v. wade was decided in january, 1973. it is a case that is controversial, that is constantly under scrutiny. and there is a question i suppose whether it ever will

cease to be under scrutiny. >> wanted to commit an unwanted pregnancy but unable to because of the texas state law banning abortion, and married thomas carnival worker agreed to be the plaintiff in a 1970 case that challenged that law. requested to remain anonymous, the lawsuit listed her as jane roe and a defendant charged with enforcing the ban was dallas county district attorney henry wade. while she had the baby and put it up for adoption, her case made all the way to the supreme court. >> general, the pregnant woman, i've gone to several dallas physicians seeking an abortion but refused to because of the texas law. she filed suit on behalf of herself and all those women who have in the past at the present time or in the future would seek termination of a pregnancy. >> we will discuss the court's decision in roe v. wade, it's in pakistan and now with our

guest senior counsel with americans united for life and author of abuse of discretion, the inside story of roe v. wade, and melissa murray professor at university of california, berkeley law school, and former law clerk for sonia sotomayor prior to appointment to the supreme court. that is live monday night at nine eastern on c-span, c-span3 and c-span radio. for background on each case while you watch order your copy of the "landmark cases" companion book available for $8.95 plus shipping at c-span.org/landmarkcases. >> next week is off this week on "washington journal" with the featured nonfiction author monday through friday and want our conversation with you. starting monday december 21 at 9 a.m. eastern.