>> well, i'm really disappointed to hear mike say the only thing we can agree on is police camera issue. i agree with you there has been media distortion with the racial narrative, but i laid out about six or seven policy proposals, causes and settlements that victims can seek out. municipal court rope form, turning police officers into revenue agents, keeping a tally of death, keeping a tally, we should know how me people are killed by police officers each year, cutting out red tape to allow police chiefs to get rid of problem officers and i laid out about six or seven and you heard him, billy thing we can agree on is police cameras-- i'm really disappointed to hear you say that. >> you will have an opportunity to respond. >> quickly, i share the opinion that the body cameras can be helpful.

i also share the opinion that it has to be used with discretion, so that those who want to give information to the police are not intimidated by it. we had hoped that when the cameras came into police cars that that would reduce the amount of violence because at least some of us stops would be shown. in our experience and it's anecdotal, to be sure, nine out of 10 accusations that we have dealt with where the violence took place in front of a squad car, in those instances the camera was inoperative. just happened to be broken back at the station. they just happen not to be able to access it and it will probably be the same reality with the body cameras. >> of course, you are not vilifying police. i understand that.

if you believe that, anyone, i have some oceanfront property in omaha, nebraska, to sell you at a cheap price. >> i think he is a body cameras needs to be done sort of in a slow criminal process. i would urge caution in adopting a nationwide because i want to give you an example of a mandatory arrest for domestic violence. for years when a police officer would show up at a house where there was domestic violence going on it was sort of a family affair to and did not make an arrest. they did research in minneapolis, that found the randomized experiment and found that when we instituted mandatory arrest, what you found was that the individual who was arrested was less likely to engage in domestic violence in the future. so, that was a positive effect. well, all across the country cities and towns adopted mandatory arrest and then

written researchers did randomized experiments in other jurisdictions, they found that had the opposite effect. that in omaha nebraska and charlotte, north carolina they found that after the individual was arrested, the person was more likely to assault his partner because he knew he was going to go to jail once the call was made, so unfortunately this is sick, but he decided to beat his spouse or girlfriend even more because he knew he was going to spend the night in jail the latter what, so it backfired in that case and so i think that we need to take sort of these changes in policing and view it as an experiment. we have this experiment going on with the increased use of body cameras and in some cases as mr. woodson has said it could backfire. that's unimportant-- a important criticism. we shouldn't rush to judgment

and adopt body cameras and all police departments. we need to sort of look at it and sort of assess what the affect is an unfortunately, sometimes it takes years to actually assess whether or not a change in policy or a program is actually having the intended result. as always i urge caution because sometimes our policies backfire and cause more harm than good. >> thank you. i feel a bit like a referee refereeing a boxing match, but i want-- >> no one has thrown any chairs yet. >> i went to have the audience members have an opportunity to participate. >> bob woodson, your brief against vilification of the police misidentifies the issue. tim lynch and his colleague on the other side are not vilifying

the police. they are vilifying criminal police. you are calling for prosecution of criminals in the communities in which you work. this is exactly what these other people are calling for, prosecution of police criminals. that's not the same thing as vilification of police. >> when he offered a comment that 90% of the police cameras on the cars is suddenly were not working, what is that? i want to know. that is vilification. that is an example of what i'm talking about. >> but, it's true. >> wait a minute. you are implying that this is done purposely, okay. you are implying this is done

purposely. let me respond to your question, sir. the cato institute wrote in november 2014, that it remains to be seen whether officer wilson will be held accountable at some future date. a cannibal for what? the man was in a set. you talk about vilification, why was it written. you don't know, do you? >> asked him, he's right beside you to mecca went to find out why. >> when the justice department report was issued we immediately update all of our stories. >> why did you saying after he was exonerated by the grand jury that the man, in your opinion, was still guilty. >> i went to attribute that-- i didn't write it. >> you talk about vilification, that's why. >> mike is from philadelphia. again, the chief in his book wrote that when he took over the philadelphia police department he said the disciplinary process-- >> what is that got to do with

what you wrote about ferguson? >> he said the disciplinary process in place in the philadelphia police department was a joke. that's in his memoir. he is not vilifying police. he's identify them hollins in the police department to up their standards. >> did i say tim vilified police wax i'm talking about what you wrote. >> police department procedures is not vilification. >> you want to criticize police procedures and was saying this man was still guilty after he was exonerated. why? >> when he was exonerated by the department of justice we probably-- >> when he was by the grand jury. >> this is a distraction. >> no, you are a distraction. >> i hesitate to jump in. [laughter] >> can't resist a good fight. >> my apologies. >> i think the most important thing from the standpoint of

deshler, policing is a challenging job, but it's important that people of faith in the integrity of that effort. one of the things-- i have been a working constitutional lawyer for 15 years and the thing i found most surprising is the massive double standard between what other practitioners-- i'm a lawyer and i can be sued in my sisters a doctor and she can be sued, the only vocation in this country where virtually it's impossible to sue the practitioner is law enforcement. prosecutors have immunity police officers have qualified immunity and there was a law review article i came out last you that 99.90% of all damage awards found against police are actually paid for by taxpayers, so i have a concrete policy proposal. what if we had police do it every other vocation does which is to self-insure against

lawsuits so that payments, the cost is internalized and if you work with a bunch of police officers who are constantly causing judgments to come in that your premiums will be higher and there will be a natural tendency to self correct because the more out of control your department is, the more it will cost you to ensure and it will come out of your pockets of the taxpayers pocket and the bad police officers will hopefully be forced off the job and the good ones will get the respect they are entitled to. >> i have a better idea. if you get a bad cop, put him in jail. just like if you get a bad ceo, this idea of suing people for money and the insurance come is bear the brunt does not heard anyone. the only way you can do it is if you have someone that you put them in jail. >> you support the double standard where law-enforcement is the only vocation where it's difficult to sue. >> how many ceos escape free because they are-- the taxpayer or rather the stockholder has to pay for these lawsuits? we saw happen in 2007, 2008.

were not held accountable. >> i have a feeling mr. lobi will want to respond. >> by the way, i thought the idea advanced from the floor is a good idea. but, what mike says is really what identifies the problem. i think it's as clear as anyone could. he says if it's a bad police officer, put them in jail. there is all kinds of bad unconstitutional that police officers or other governmental officials can engage in, do engage in that short of criminal conduct, but nevertheless, for the benefit of the citizen needs to be corrected. that's what civil law does. that's what the question from the floor indicated. unfortunately, most police departments reach exactly mike's conclusion, either you did

something so criminal you are going to jail, otherwise you are off the hook. there is a huge middleground and needs to be addressed in order to make policeman and police department's more responsible. >> and i hope everyone saw the front page of the "washington post" story about two weeks ago where local prosecutors indicted an officer for murder and his attorney scott-- went to court and said he was part of a federal task force and his status as a federal officer made him immune, legally immune from state homicide statutes and the case was dismissed. the prosecutor said they will appeal the ruling and so that is one to watch, so it's not as easy as you think, haber broke a law send them to jail. there are legal barriers in place some of which are unjustified. >> can those laws be changed?

can they be removed? >> let's go to the back of the room before another question. >> i am always struck in conversations like this. i like to imagine they are taking place in the late 20s around the time a prohibition and we are all talking about, well, the practices of the police and may be there focusing on hillbillies too much or maybe they are-- maybe they have too much discretion as to how many barrels to destroy and instead the problem was prohibition and so i don't-- i don't know if it is beyond the scope of conversation, but i feel as though we are in this classic situation where what we have done is creating this enormous black market for 40 years and we have-- we have called today's scenario where police are naturally going to be in these terrible situations. .. going to be in terrible situations.

the communities will engage in bad behavior. that comes right down to the argument in front of us on the panel. we have made this fight. in talking about smaller points here and there, that is important to be sure. but, it seems to me the bigger problem, the elephant in the room, is the drug war, which hasn't been mentioned. about guys want to talk hear yourve to thoughts. thank you. mr. stras: does anyone want to respond to that? mr. lynch: i agree it's at the root of many problems, but is beyond the scope of this panel. >> thanks to the gentleman who spoke to the vilification of the police. i understand there was some recent article, in the cities that you mentioned, but throughout the country as well.

crime has gone up as a result of police afraid to do their jobs. i want to see what people think about police reform. better police training. it seems like some of the death that occurred had to do with police not recognizing medical issues. we need better training of recognizing when someone is in medical distress. i have a friend on the police force who says police need better training in martial arts. they are a way of bringing down someone without having to resort to gunfire. that's a possible reform. it could be very helpful, and something that everybody could agree to. i want to ask you about the people behind anti-police demonstrations and the total lawlessness of this.

i mean, you know, policeman have been killed as a result of some of these demonstrations. it is really unbelievable. i have been organizing protests, and other matters in new york city. you have to get a permit when you organize. you work with police, your restricted to a certain area. the anti-police protests, they were lawless, they ran through the streets. obviously, the baltimore situation was worse than new york. who is behind this? some of these lawless protests were well-organized, in ferguson and so on. there were other groups involved, antisemetic posters

were noticed. do you know who has been behind some of these. reallyknow who was behind some of these protests. mr. stras: let's talk about the negligence of officers first. mr. woodson: a lot of police officers are promoted if they make a felony arrest, which means violent encounters. there are also police officers who prevent violence with positive interactions with the police. that should count towards promotion and elevation as well. mr. loevy: i agree. we are litigating a case in which a 97-year-old world war ii veteran in a nursing home had a knife in his hand and was shot and killed by the police when they arrived at the request of

the nursing home. what so the police needed better training ow to disengage someone, talk someone down. obviously, no policeman should not be able to protect himself when he or she is in danger. but there is a skill that, in our judgement at least, should have been used to talk down a 97-year-old man that was in a nursing home in his kitchen and when there were other mental health people on the premises who could have helped. so training is, indeed, a factor. i think most police departments in their more reflective moments realize that there's a lot that could be done. >> it's very difficult to establish a training regimen

that would cover just about every situation. you know, i hear martial arts a lot. i've studied brazilian jiu-jitsu and some other things over the years, and as you might have heard, i used to coach wrestling. even at that, if i would have applied some of those techniques, you know, it would have caused injury to the person i was trying to apprehend. there is no one silver bullet that would solve every situation. especially when you're dealing with people who are mentally ill. and it's the really, really difficult to do that. so, and i just don't know what the answer is there. >> now, it may be beyond the scope of the panel, but i want to give you a chance to respond. she also brought up the protests that have been occurring over the past year. does anyone want to respond to that? >> i think black lives matters has been one of the most destructive forces around. it has no purpose but to

protest. i'm a vet are iran of the civil rights -- veteran of the civil rights movement. we had, i think, laudatory goals. what is their solution? and, again, black lives seems to only matter when a white person is taking a black life and not when a little girl gets shot through the head sitting on her grandfather's lap. when they can rise up and protest when that occurs, then i will join them. >> all right. let's go to the back of the room. >> okay. this, you know, i know that you've been talking about how it feels like the police have each other's backs. sometimes i wonder to what extent it also feels like the judiciary has the police's back. and i'm talking specifically about the heightened pleading environment. to what extent do we end up shielding municipal entities and counties that should have made some really good decisions on the front end from continuing to

make bad decisions because we basically are shielding them from liability through the judicial process? >> thoughts on the judicial process and how it plays into some of these questions about policing. >> well, it plays in in some ways. one of the speakers pointed out policemen have immunity from being sued. it's a qualified immunity. prosecutors, judges have an absolute immunity. they can never be sued. and part of the problem is, is municipalities insure themselves, part of the problem is that the municipalities can pay a judgment even for errant police officers, even when they know they're done wrong short of criminal conduct, even when they've engaged in criminal conduct. and what happens is they pay the companies to have damages --

compensatory damages. just real quickly, a policeman can be sued punitively to give a warning to other police officers they can't engage in the same kind of conduct in the future. they can punish him for his bad acts. and, again, and i'm speaking anecdotally, i don't have statistics. but anecdotally, every time we get a punitive damage against a police officer, the department puts pressure on the municipality to say as part of the settlement, person that your suing -- this is not the lawyer, this is our climate -- you can get all that money as long as you don't collect it directly from the policeman. it is very unusual in the civil litigation under section 1983, extremely unusual for a policeman ever to pay anything out of his own pocket. what happens is the municipality steps up. the more subtle problem is quite

often it is the supervisory personnel in a department that are really responsible by the instructions they've given. everybody falls on the sword in most -- and, again, anecdotally. but in most of this litigation, the patrolman takes responsibility for the sergeant, the sergeant takes it for the lieutenant, the lieutenant for the captain, the captain for the chief. knowing that at the end of the day, they're never really going to be hurt by it. i hope that answers the question at least in part. >> all right. i'm going to take the moderator's prerogative and ask a question i hoped that was going to be asked that hasn't been asked yet which is there are different views on the panel about the need for reform and what that reform looks like. but i want to ask a more fundamental, federalist question which is where does the reform need to to come from if reform is necessary? does it come from the national

government? the state government? the local governments or all of the above? >> i would say all of the above. >> i'd like to add i think that, you know, state -- policing is inherently a state and local issue and needs to be governed by the jurisdictions that are responsible for providing the services. and i think the federal government is more likely to impose a one-similar-be fits-all solution that might work across this varied land that we live in. so i would stress we need to have sort of a maybe outdated but a view that this is a view that federalism there are certain responsibilities that are entirely reserved to the state and local government and not the federal government. i see this as a local issue, and the federal government should play very little role, if any. >> yeah, but then you --

>> i agree. we should look for reforms. camden, new jersey, for instance, used to have one of the most corrupt and most ineffective. they've made some major reforms where police officers are actually living in the community where they're serving, and there's just been some positive community interaction. violence is down, police relationships in franklin township in new jersey where the chief has met with local citizens, so if there is an incident involving the police, the call doesn't go to new york to demonstrators, but it goes to some local leaders who are able to to convene and explain to their citizens what happened. so there are some positive models of reform, but it should come, i think, from the local. but we ought to have somebody spend some of the time, particularly some of these research institutes, on what works in terms of community police reform. where the studies of successful police/community interaction. >> dade, in your opinion --

david, in your opinion do you feel that because of the nature of the politics between city and state that sometimes you do need the federal government to come in? >> i think it should be extremely rare occasions. >> yeah. i mean, we saw that during the civil rights era where it was necessary to do that. >> i think there are some cases, but broadly speaking, the federal government should not play a major role. and i think that if for those of you who are interested in looking at what the best available research says about various topics in policing, i'm not affiliated with organization, but the center for evidence-based policing at george mason university does excellent research. i highly recommend the work that they do for looking at what works in policing. [inaudible conversations] >> i'm sorry. >> i'm sorry. without existing federal law and law as at section 1983 and the way that it has been interpreted by the supreme court, without

those laws there would be virtually -- i shouldn't -- let me put it differently. it would be extremely difficult for a citizen, an individual citizen to get redress from police misconduct. the very viable remedy that is available to 'em is available under federal law. without federal law, citizens would be dependent on state court remedies and historically they have been inadequate. so the federal government does have a role to play. section 1983, section 1988 been on the books for a long time, and i think that they have provided an effective watchdog, an effective oversight on police misconduct. >> mr. lynch? >> in the weeks after the death

of freddie grey when baltimore was all over the news, pressure began to build to bring in the department of justice. and eventually, the mayor of baltimore did invite loretta lynch and the department of justice to come in and investigate the city police department. and so that investigation is now ongoing, and i expect in a few weeks, it could be two weeks, it might be three more months, but the department of justice, i expect, is going to issue a report saying that there's a pattern and progress of problems in the baltimore police department. and, you know, it's really not going to be any surprise. but a lot of people are surprised when i say that that was a mistake by may car rawlings to bring in -- mayor rawlings to bring in the department of justice. i think when there was all that national attention, there was no better time for her to make the corrections that a lot of people thought were necessary in that city police department. the environment is never going to be better than it was back then when there was so much

attention and scrutiny on that department. so the department of justice is going to issue a report in a couple of months, and i'm sure the mayor will hold a press conference with the police chief, and they'll pledge their cooperation and follow through with the reforms, and we'll see what happens. my point is sometimes the local officials shift off the responsibility for cleaning up their own police department by inviting the department of justice in and to let hem handle it, let them handle it, let them make the tough decisions. and i think it should be done by the mayor and the chief of police. >> thank you. let's go back to the front of the room for another question. >> yes. my name's bill o to dis, i'm an adjunct professor of law at georgetown. the question has been raised by the panel over whether police misconduct sparks distrust of the police and that that distrust in turn undermines law enforcement. the question whether the police and other major public institutions enjoy the public's trust has actually been polled

by gallup. gallup polls it every year. in this most recent poll that was just taken last month, it was a poll of 15 institutions. the leading two institutions were the military and small business. coming in at number three were police with 52% trust. by contrast, the president enjoyed 32% trust, the supreme court, 31, and tv news, 21. in other words, the principal organization calling for police reform enjoy about half the trust of the police themselves. [laughter] the reason that they enjoy that level of trust is that they have largely adopted what has become the motto of the anti-police movement; that is, hands up, don't shoot. it's no longer news that hands up, don't shoot is false. that his hands weren't up and he was not trying to surrender.

what is news is that the media and anti-police organizations continue to the adopt what they know is a false motto as the anthem of their movement and a movement that takes root in a knowing falsehood deserves all the amount of trust that we would give, for example, to something like if you'd like your insurance, you can keep your insurance. [laughter] [applause] >> the model in poor communities today is nothing to do with your hands up, it's don't put your hands in your pants, because that's what results in shooting. the issue of broad surveys of police -- and i'm glad it's like that -- has nothing to do with the reality of high crime communities. in high crime communities, and again it's more anecdotal, but i

think it's true. in high crime communities, there's an intense distrust of the police. why is there a distrust of the police? because the police in the high crime communities do the stop and frisk, they, their issue is not only to reduce crime, it is to make -- and this is what is really going on -- is to make a social statement. much like the social statement that the last speaker just made. you have to respect me, you have to respect authority, you have to be in a position that if a policeman tells you to do something, asks you to do something you can't wise off, you can't exercise even a constitutional right to do it. you, the police, are someone that has to be listened to. it is not an accident that law-abiding, decent, fine people in high crime communities won't

talk to the police. and it's not just because they're being intimidated by gang members and other bad people. it's because the police in those communities have not been trained very well and have taken the exact same kind of an attitude that some at least have presented that we can do what we want because we represent justice, the citizens do not. [applause] and that, i think, is what's going on. >> well, the data doesn't bear that out, arthur. i just quoted -- [inaudible] perhaps you didn't hear it, it was a 2011 study which said that the majority of people do approve of the way the police do their jobs, and there was no discernible difference between hispanics, blacks and whites. there are gallup surveys that do the same thing and other survey that is do as well, and, bob -- >> it shouldn't be a majority, it should be 99%. >> well, it was 93%, i'm sorry.

go ahead, bob. >> the point is, people in those high crime communities want increased police. if you look at any of those studies, they want increased police. they're the ones losing the children. it's just not true, what you're saying. >> the people -- >> there are surveys of people in those high crime areas, more of them desire increased police presence in their -- that's what the demand is. >> from the chiefs of police to the officers on the street, their biggest complaint in trying to solve crime is that people are not coming forward to help us. >> well, that was -- [inaudible conversations] >> let me finish, if i may. that is -- >> that was the same issue in the -- >> that is, if i may finish -- [inaudible conversations] >> that was the same thing in the italian-american communities. now, look -- >> i wasn't finished with what i was going to say, but okay.

>> -- on use of force, either nonfatal or fatal use of force by police in the african-american community. there is no doubt about that. the question we have to answer is why. and people who are interested in criminal justice reform, true criminal justice reform, need to answer that question. if i say to you what ethnic group -- if i say the term organized crime and i say to you what ethnic group would you associate, anybody who says anything other than italian-american is lying, okay? and i'm italian, all right? question was, why were italians so much involved in organized crime, okay? nobody answers that question. these are the questions that need to be answered. and you can't have reform until you have some kind of idea of what you want to reform and why and what causes things. >> you -- >> to have anecdotal information, well, in your opinion blacks don't talk to cops because they're afraid of the police, that's maybe your experience. of that's not mine as a police officer, and that's certainly not bob's.

and, guess what? bob happens to be african-american. >> arthur gets the last word here, because we do have to wrap up. >> you spoke over me. what i was about to say, what i did say was police complain regularly, from the chief to the guy on the street, that communities, high crime communities do not have sufficient cooperation from the citizens in those communities. what i was about to say was we can disagree about reasons. one of those reasons -- not the only reason -- one of those reasons is the fact that police in many high crime communities have abused their authority and their power. now, you can deny that takes place, but it is it is an element -- it is an element, and i believe that very strongly. [inaudible conversations] >> i'm told that we have to wrap up. it's 2:15. i apologize to those standing at the microphones that we didn't have time for your questions, but please give a nice round of

applause for these very passionate panelists. [applause] >> later today, "the train to crystal city," about a world war ii interment camp in texas that housed japanese and italian detainees. that's on c-span2 at 7 p.m. eastern. >> three days of featured programming this new year's weekend on c-span. friday night at eight eastern, law enforcement officials, activists and journalists examine the prison system and its impact on minority communities. >> but the first and, i think, primary reason we have prisons is to punish people for antisocial behavior and to remove that threat from society. the prison system is to keep us safe whether they're going to rehabilitate prisoner or deter

future crime, i think those are really secondary concerns. great if it happens, but the primary purpose of the prison system is for people who are not in prison. it is to keep society safe from the threat imposed by those folks. >> saturday night a little after eight, a race relations town hall meeting with elected officials and law enforcement from areas experiencing racial tensions with police. >> that's where it begins, because they get the job saying, well -- and go and do their job saying i'm protecting the public. their idea of the public are those who gave them their marching orders, and that's us. that's us who need to look at all of that. so we talk about transparency, we need to look at those rules that they have to start using to engage themselves with our community. >> and sunday evening at 6:30 a discussion on media coverage of muslims and how american muslims can join the national conversations.

and at nine, young people from across the united kingdom gather in the house of commons to discuss issues important to them. >> this issue is so much more than buses, trains and expense. it leaves young people feeling disdained, deprived and disillusioned. as a child i couldn't wait to experience a train journey. i looked forward to the children chattering and drivers honking. however, when we grow up, steam trains lose their smiley faces, and we forget to notice the swishing and the honking while we worry about whether we can afford the bus to school tomorrow. >> for our complete schedule, go to c-span.org. >> president obama signed cybersecurity legislation into law just before christmas as part of the $1.1 trillion spending bill. "u.s. news & world report" writes: the bill aims to help prevent breaches of consumer day a by offering legal protections for companies that share information about threats to

their networks with the government and other businesses. next, the national cybersecurity alliance hosts a discussion focused on cybersecurity for individuals and small businesses. [inaudible conversations] >> good morning, everyone. that was a little weak. let's try this again. good morning. >> good morning. >> much, much better. good morning. my name's michael kaiser, and i'm the executive director of the national cybersecurity alliance, and it's my job really to welcome you this morning to talk about two-factor authorization and a bunch of other issues regarding cybersecurity. we'll talk about it more later in the morning, we are a public/private partnership. we really live that model of working with industry and government. so we have our partners here, for example, from dhs who have been with us from day one working on education and awareness. you may know us for things like

national cybersecurity awareness month or data privacy day or the stop, think, connect campaign which will be discussed a little bit later on as well. these are efforts where government and industry and our other partners in the nonprofit sector as well, like we have the bbb here today, we work with other groups in the nonprofit sector to do education awareness to help every organization teach people how to stay safe and more secure online. so please feel free, listen today and also go visit us at our web site, staysafeonline or stopthinkconnect.org to learn more about those things. but let me just start by saying that we always talk about cybersecurity as fixing the weakest link in every chain. and having a shared responsibility which means we all have things that we need to do to make the internet safer and more secure no matter where we are, whether we're at home just doing e-mail, social

networking, shopping during the holiday season or if we're running the largest, most complex networks available. that everybody has some role play in making their online experience safer and more secure. and so when we're here today talking about multifactor authentication or two-step authentication, whatever you want to to call it, it's a really important piece of that puzzle because it adds a layer of security more all of us to be safer and more secure online and to secure our most critical accounts from hackers. and so we'll talk a lot about this, but i'll just give you an example that your e-mail account in many ways is the most important account you have. if you lose ownership of your e-mail account to a hacker, what happens the first time someone tries to go to a web site that you normally use? they ask for your password to be reset, and where does that go? it goes to your e-mail.

so that's why this particular piece is so important. so when we talk about the shared responsibility and this notion of everybody participating, i'll just leave you with this thought before i introduce our first speaker. if you think about the internet as a whole ecosystem of all of us connected and everything we do having an impact on each other, you'll notice that whatever you do to be safer online actually makes the internet more secure for all of us, that this is a shared responsibility we all have. so now it is my distinct and really a privilege -- [laughter] to introduce kristina dorville, cybersecurity awareness at the u.s. department of homeland security. she is in charge of education awareness. we have worked with her for four or five years directly on national cybersecurity awareness month and the stop, think, connect campaign. she also oversees the work force development arena of dhs where

they're looking to build the cybersecurity work force not on the hr side, but, you know, helping to figure out the kinds of folks that they need in that arena as well as training. so i just want to say that we worked with christina for many years. this is a true partnership between ncsa and dhs. we have worked together to really build on each other's strengths, to do the work that we do beth, each other together k and kristina has been a true leader. the programs we have worked together have grown enormously and immensely, and i think the trajectory is all good, right? we're going to get bigger and better as time goes on. so it's my pleasure to introduce kristina dorville. [applause] >> good morning, everyone. >> good morning. >> thanks for coming out today to talk with us and hear a little bit about some of the work that we're doing. you're going to hear a little

later today about a lot of different topics in cybersecurity, but i'm here to talk about some of the work the department of homeland security is doing and specifically with ncsa to support that public/private partnership. so i know a lot of people are familiar with dhs, i'm sure in many different aspects of their life; traveling upcoming for the holiday season, of course, the friendly faces at the airport are tsa agents. they work for the department of homeland security. the u.s. coast guard is part of the department of homeland security, fema, the united states secret service and a host of others. however, one thing you might not know about dhs and why i'm here today is that we also have a mission in cybersecurity. and one of our main missions is to help protect the dot governor. so any --.gov, so any address that ends in.gov. part of that, i believe we have that shared responsibility, and our part is making networks safe

for everybody to use across the country. so a couple stats here. so cybersecurity really does affect us all. as michael mentioned, everyone has a role to play. there are studies that show that smartphones are never more than about three feet from anyone at any given time. most of you might be familiar with this if you're using your smartphone for your alarm clock in the morning, and it's plugged in next to your bed. or if it's plugged into your pocket throughout the day. so it really shows how prevalent and internet and our access to the information through the networks is in the everyday life of the average person. in addition, nearly one in five americans has actually been a victim of cyber crime. and there is another stat that shows the enterprise of cyber crime as a business, everything, you know, from the small stuff to the very big stuff has actually surpassed the illegal drug trade in the amount of money that it's making annually. so if that's not an indicator of where cyber crime has gone and where we're headed with bad

things happening on internet, that's a quick stat to help show that. and 43% of companies have experienced a day a breach in the past year. so we are, all of us together both on the private sector side, on the nonprofit organization side and on the government side, working to help educate people about what they can do to be safe online, to protect their companies, to protect their families and really just make sure that they're having a safe user experience as they navigate the web. so one of ways that we're doing that at dhs, as michael mentioned, in partnership with ncsa is through the stop, think, connect campaign. so just a little bit of background. in 2009 when the president came into office, he did a review of everything that was happening across the cyber landscape in the federal government and issued a report called the cyberspace policy review. as part of that report, one of the largest gaps they identified was that there was no education programming on, to americans on how they could be safe online. think something similar to a smoky the bear campaign but for

internet use. so the department of homeland security was charged on federal side to come up with something that we could do to help educate people. and as i mentioned, i believe the department of homeland security truly is the people's department, and we're working hard to protect people across various different systems and ways that they operate in their normal day-to-day life, and one of those is on the internet. so we got together with national cybersecurity alliance and all of its industry partners and jointly developed and came up with the stop, think, connect campaign. and i really believe that is an unprecedented effort. for once, it wasn't the government saying we know beth best, and we're going to move forward and not talk to any experts in this space. we really, truly have a meaningful participate with ncsa and industry to help advance effort. so as part of that the department in our role specifically works with nonprofit organization, academic institutions and other government entities including state, local, tribal and

territorial entities to help kind of spread the message. it's a train the trainer approach, if you will. i know that i can't speak to everyone across america all the time, either can michael or really anybody in this room, but we can seek out trusted partnerships that already exist in communities and ask them to help carry that message to the folks that they're talking to already. so as part of that, we've established kind of a partner program with dhs, again, with government, nonprofit and academia, where they can join with us and have access to all the messages and materials that we use in the stop, think, connect campaign, and we're really excited to announce our goal for finishing out 2015 was to reach 250 partners, and we did reach that and are now actually surpassing that, so we're really excited about that opportunity to work with people across the country. and just as an example about some of our partners, we have folks ranging from the international association of chiefs of police to the aarp to the boys and girls club and even girl scouts of america. so there's something in there for everyone in all different communities across the country.

and we also, actually, are excited, we just got our first tribal partner -- [laughter] and if you know how the tribes don't the typically like to work with the federal government, that's a huge accomplishment for us, and we're really excited about that. and then another way that we're doing outreach specifically to individuals is through our friends campaign. and this is an opportunity for individuals like my mom, my dad to receive information directly from the department in partnership with many of the partners that we have about timely topics that are relevant to them. so upcoming with the holiday season, perhaps holiday travel, things you should think about and being safe online as you're traveling as well as holiday shopping during april or march and april we're putting out information about how you can make sure you're filing your taxes online safely and tips you should know from the irs. so as part of that we have almost 50,000 individuals who have actually signed up and are getting monthly information from dhs about things they can do to be safe online, and that number continues to grow. if you're interested in getting involved from both an

organization side or an individual, dhs.gov dhs.gov/stopthinkcorrect. and we welcome you to check out the resources we have available. specifically as it relates to resources we do have available, they're, first off, all for free, and they're designed to have used for a wide array of audiences. as i mentioned, older americans, law enforcement, government, industry, you name it, we have something for everyone including teachers and students and parents specifically. so while in your day job you might be a cybersecurity expert, when it comes to talking to your kids about what they're doing online these days, it's a totally different message than perhaps what you're used to in the workplace. i'm actually privileged to be the coach at washington high school here in arlington, i've been here 11 years, and i can tell you the kids are very active online and ways you may not even know as a apartment. so i always make sure i pimp that you -- i pitch that you must talk to your kids about what they're doing online.

there's resources available for you, irrespective of what kind of demographic you fall into, that you can download from our web site. we've got public service announcements, presentations you can give if you did a career day, for example, or an information day at your child's school as well as if you're a government entity and want to talk to your employees about what they should be doing to be safe online. we have quick tips on, kind of tip sheets that are quick and easy to read and understand about simple things you can do, and same with our tip cards. again, our web site is there if you'd like to download any of those materials or learn about some of the work that we're going doing. i mentioned the demographics about students, parents, you know, other entities, government entities, but we also work with businesses. we do that more in a voluntary capacity at dhs. there's no kind of mandate for us to be specifically working with businesses, but we do find that working with them allows for broad situational awareness picture of what's happening across the entire national networks.

and, of course, businesses have access to data that cyber criminals are looking for, right? and especially small businesses. we find that small and medium-sized businesses tend to be some of the largest targets because they don't think they have anything people might want. if you're a yarn shop, you might not think that the cyber criminals want any of your information. but if you're taking people's credit card data, if you're storing personal information with that, you do have something that's of value to folks. and so we also have found that small businesses may not have the specific resources that they need to actually respond and prepare for cyber threats. and as i mentioned, their systems tend to be more vulnerable. typically, the person who is their cio or chief information officer or chief information security officer are all the same people who may also be the owner who also does the financials and everything in between. so we've found that that's kind of a group we really wanted to make sure had's to resources and information -- had access to resources and information so they're able to keep themselves safe. so we have a couple different

things. one is on our web site we worked with the fcc and other small businesses across the d.c. metro area to to put together a small business cybersecurity planner. and if you think of how you install a printer, like a wizard, it's basically a wizard like that that you can answer questions on, and at the end you'll have a customized cybersecurity plan for your small business. it's pretty basic, but it gives you somewhere to start and gives you information about what you should be doing at bare minimum to help keep your business, your employees safe and protected. another big aspect of the resources is through the critical infrastructure cyber community, we call that c3 because we always have to have an acronym in the government. but the c3 voluntary program. if you're familiar at all with the some of the work related to the cybersecurity framework that the department of commerce put out, this is actually how dhs is working to help implement cybersecurity framework for businesses. and so it's a public/private partnership that aims to to

connect businesses, government agencies and academia to dhs and other federal resources, and they have a specific small business tool kit. you can see what it includes right here, to help businesses be safe and protected as it relates to what they're doing on networks. and so they have a separate web page dedicated specifically to resources there. you can see here dhs.gov/cqvp x. lots of great information and resources there geared specifically towards the private sector and the small and medium-sized business community. so overall, the department is really working to help try to do what we can and do our part in sharing information and resources, promoting best practices online and how people can be safe. again, anywhere from students, parents, teachers, older americans, government, law enforcement and industry. and we really welcome any kind of input into how we can better be of customer service, how we can be better customer

service-focused program to insure that the resources we are providing are relevant to you. so there's opportunities to give us feedback. you can visit our web site again or that e-mail address is actually checked by myself, and it's not just going into a black hole, and like three or four oh people on -- other people on my staff. so i can assure you you'll get a response. if you see something that is missing or that should be there or you have a resource that might be relevant and want to make sure we're aware of it, please send us a note, get in touch and let us know how we can be of better service to you. so with that, i'll turn it back over. thanks for having me again today, appreciate it. [applause] >> thank you so much, kristina. it really is a pleasure to see that our federal government is doing so much for the public, and she is a fantastic representative of that. thank you for taking the time to come out today and all you do for us. my name's kristin judge, i work with the national cybersecurity alliance, and i wanted to first show you our thought leadership

comes from not only the department of homeland security partners, but from these great partners who are on our board. so we have a lot of great thinkers working with us every day to help set the direction that ncsa goes in. i am the director of the two steps ahead program that we started about a year and a half ago, in march of 2014, and we have been to 15 cities so far across the country. this is our 15th event, and we're very excited to be in arlington today. i want to encourage folks to live tweet. i don't mind be you're on your phone, as long as you're tweeting about this. i can tell the difference. [laughter] i usually keep your attention, so i'm not too worried, but if you want to live tweet at our hashtag two steps ahead, we'll retweet you, it helps you gain potentially more audience for your business and to be a part of the conversation. i want to give people some permission to not understand how to keep themselves online yet. if you think about it, we know how to protect our physical world. we've been doing it for a very long time. we all know to keep our lights

on at night, i have a big dog, i keep the bog i dos -- dog toys out front. we've been doing this for a long time. but the internet is still pretty new, so if you don't know how to keep it all locked down and secured, that's okay. but i want to encourage you to embrace the internet, and cybersecurity helps to empower you to use it safely. the internet is a fantastic place, we just need to know a few things to keep ourselves safe. we want to teach you how to use two-factor authentication today so you can have peace of mind. put that extra layer of protection on the key accounts, like michael said, with your e-mail. some research one of our partners did this year about two-factor authentication showed this: people are definitely concerned about getting hacked. that was not much of a surprise. but we're not real good at using passwords. we've been working on that message for a long time, but we're still not that great about using good passwords or changing our passwords. about 35 -- 39 percent of

consumers do use two factor, or so we're getting somewhere twair compared to three years ago, that's gone up quite a bit. and if you notice the large breaches that have happened over the past couple year, even in the main media outlet articles about those breaches, they'll say if the company was using two-factor authentication, the breach may not have happened. so this is a really important tool for everyone from personal use all the way into large corporations. at ncsa we made a short video that's on our web site that you can share just to talk to people about what is two-factor authentication, and then we'll go into it more in depth after video. >> a time-honored dance move that involves, well, two steps. and what happens if you don't take that second step? the results can be embarrassing, even painful. using a password alone to protect your online identity and sensitive data is like taking only one dance step. the imposters can trip you up and gain access to all your personal and financial information. what you need is the two-step.

two-step authentication, that is. two-step authentication to goes beyond just a password. it incorporates another factor to make sure it's really you and not just someone with your password. more and more web sites and applications are implementing two-step authentication, also known as log-in approval or multifactor authentication. two-step awe innocentation empowers you to take control of the safe tiff of -- safety of your online accounts. it's easy to use and makes your digital life safer and more secure. so let's do the two step, come on. stop, think, connect. ♪ ♪ >> so let's talk about the old way of protecting our accounts. we do this every day probably 40, 50 times a day for some folks. we put in our log-in information, we put in our password, and then we access our account. but we all know there are folks out there who are stealing our credentials, or they're guessing it through some of the that technology that they have.

so they can go into our account looking just like us. so we want to show you what we can do to make it so that other folks cannot access your account without being kicked out or without you knowing. one of the issues we have is our passwords are not that good, like i said earlier. if anyone can let me know why monkey is in this list, i would be thinked to know. i've been to 15 cities, no one can tell me why monkey is in the top ten. be there's one thing i can ask you to do today, if any of these passwords are your password, your homework when you leaf is to go -- when you leave is to go home and make them better. do you need a huge, long, strong password for every single account you own? no, probably not. some of the accounts, for example, where there's no credit card data on that account, your address isn't necessarily on it, for example, i blog sometimes on a local news media station online, and so i go in with my regular name, but they don't

have any credit card information, phone number, so i just use an easy password to get in that one. but for my banking and other critical passwords like my e-mail, i use a higher, stronger password: let's talk about what it looks like when you're using two-factor authentication. you put in your log-in information and your password, but then you get a secret code that comes to your phone or to your e-mail or somewhere else or an app, and only you have that code. and it's time sensitive. it only lasts for one to two minutes, maybe three minutes dependent on the company. if the bad guy has your password and log-in but they don't have that code, they can't get in your account. so it's really an easy step. some people say to to me, well, that's going to take me 30 seconds longer every time i want to get into an account. think about the time it would take to clean up your identity if your identity was stolen or to clean up your credit cards or your driver's license and change all those things if your accounts have been hacked.

think about lounge that would take. -- about how long that would take. so it's worth the time. ncsa is very proud of the partnership we have with the better business bureau. they've been a part of all 15 events, and we have a representative here today also, and we have been working very hard on a small business program over the past 6-10 months or so, and we want to encourage everyone to check out the web site, bbb.org/cybersecurity. there's some fantastic tips there, and there's workshops coming to a location near you soon, and we want to met the small businesses know we've taken this difficult topic and put it into language that you can understand. so we're very proud of that relationship. on our two steps ahead page at stop, think, connect, you'll notice on your purple sheet that you have with us that's a resource guide, all of the key web sites that we encourage you to visit will be listed on that resource guide so when you go home, you won't have to remember the ones i'm sharing with you here, but we have posters you

can download, the video and links to instruction. what i want to do is actually take you online and show you how simple it is to put two-factor authentication on an account. first thing i'm going to talk about the is passwords. this is a web site where you can go in and test out a password and see how strong it may be. and i want to show you how long it would take the bad guys, if they wanted to, to get into your account if you use password as your password. one second in a brute force attack. all right, nowadays they've been talking about not just passwords, but pass phrases. and a pass phrase is a sentence. i like to eat ice cream on sundays. it's pretty easy to remember, isn't it? and think about if you just did

something like when you see an s, you put in a dollar sign, or if you see an e, you put in the number 3. and this is something that you can actually even write down. you could write down the sentence i like to eat ice cream on sundays, and as long as you don't write the word password above it and stick it to your computer, i think you're going to be okay. if you have a sticky note that has your passwords on it, that's another thing you'll have to fix after today. it's an easy sentence to remember, and if you're visiting, say, chase bank, you can add a c at the end of it. if you're visiting eddie bauer to buy some clothes, you could put an e at the end of it. so you can have a unique password for different accounts just by adding a letter at the end. this is a way to help you get an idea of what a better password looks like. start thinking of it as a pass phrase, not even a password, and make it long and strong. i'm going to take you on an account right now to show you

how simple it is to add two-factor authentication. google has a really fantastic, new security tool here. when you're in your g mail or google account and you click on this routeing area here, go to my account. i have taken both my parents, a sister and an aunt through this because it's really fantastic. they have some security checkups in here, highly recommend you go through your google accounts today and do that. it'll show you if someone from russia has been trying to access your account, who's been on your account, and you can make sure they don't get back in there again. so there's a security checkup, and then -- excuse excuse me. i have to back in here. sign in and security. when when you're putting two-factor authentication on almost every account, it's under settings and security. which makes sense. you're changing the way you access your account, and then you go to the security part. so here's the security checkup. but then here is two-step

verificationment right now it's off on brian's account, but i'm going to turn it on. it's called two-step verification, multifactor authentication. unfortunately, because the internet is so new, we haven't decided all of the words to agree on. so it may come in a different form. when you get your account, it tells you about how to set it up and what it's going to do for you. they make your put your password in, which is a great idea. and they tell you to look at your -- to add your phone number and send it a code, and it takes about 2-3 seconds. the code comes directly to your phone, and this is the first time i'm setting it up. and i'm going to put my code in, and anybody can know this code, because it's only going to last for a minute or two. and then i'm going to verify it. now, some people say do i have

to put that code in every single time i sit down at my computer? i'm sitting down at my computer 30, 40 different times a day. no, you don't. if you know your computer is sitting at your desk at home and no one else is going on it, you don't have to worry about it very much. you can say trust this computer for 30 days, and you won't have to keep logging in with that extra code, unless someone comes in from a different device. in 30 days you have to put it in one more time, but like i said earlier, it's worth the time. and i'm going to confirm that i want to have that. and then i want to show you one more specific thing. so it's enabled on my google account. that took me less than ten seconds if i wasn't talking to you, correct? now, app-specific passwords. one thing that's really important to know that if you also get your mail on your phone, once you put two-factor authentication on your account, you have to put a one-time specific password in your phone. and we have videos about that on our web site, and it's on your

purple resource guide. so please make sure that you add then the app-specific password one time to your phone x you have to update your ios system on your phone, sometimes you have to to put that app-specific password in one more time. so it's an extra step the first time if you want to get your mail on your phone. many people have social media. anybody in here have a linkedin account? it's also a place for the bad guys to phish information for you so they can find out who you know, who you work with. so it's another good place. they can also go in there and pose as you if they get into your account and send malware to your friends. you don't want to be the one that brings down your friends' computers. they have a how-to on linkedin account, on the linkedin web page that's not going to go for me. so it's literally just 12 slides. it says go to privacy settings, click, turn it on, put in your

phone number, and you're done. it takes less time than it did on gmail. turn on 2fa.com, a new site that came out last june, and what you can do on here is just put in the name of the web site that you want to turn two factor on, and it literally will take you ten by step with screen shots. number one, you put in your name. number two, you go here. you click on this, and then you click over here, and it tells you step-by-step instructions. anybody can put two factor on an account if they just go to this web site and follow the instructions. so it's a really fantastic tool. and they have it for over a hundred web sites. so most american public can find whatever they need on there. we also have videos of some of those how to turn on on our web site, so i encourage you to look there. i'm going to pull back up here. and now i want to have michael

kaiser come up as -- has our guest arrived? okay, great. i'm going to ask michael kaiser to come up and introduce our next guest who's also brought a video for us, and i'll let her start that when she's ready. thank you so much. [applause] >> thank you, kristin. and, you know, that's why we call this get two steps ahead, because it really is just putting yourself ahead of the curve when it comes to being safer and more secure online. now it's my distinct privilege and honor to introduce commissioner mcsweeny from the ftc. specifies sworn in in 2014 -- she was sworn in in 2014, but she has a long history prior to her participation at the ftc. she served as chief counsel for competition policy and intergovernmental relations for the department of justice in the antitrust division, she served

as deputy assistant to the president and domestic policy adviser to the vice president from 2009-2012, serving pram and -- serving president obama and vice president biden on health care, innovation, intellectual property, women's rights, education, criminal justice, domestic violence. she worked as senator joe biden's deputy chief of staff and policy director in the u.s. senate where she managed domestic and economic policy, development and legislative initiatives and as counsel to the senate judiciary committee. she's a graduate of harvard and georgetown university law school. but let me add one thing about the ftc and ncsa. we consider the ftc one of our prime partners many all our education and awareness. when i walked -- i've been at ncsa since 2008, and one of the first people that we reached out to were the ftc. their educational materials for consumers and small business are really some of the finest materials that we have out there. when you talk about partnership, which i did earlier, they make

our job much easier. that's a great partner, because of the quality of the materials that they develop for the communities that they serve. so we count on the ftc for a continuous evolution of quality materials for people to stay safe and secure online. so it's my distinction pleasure and honor to welcome commissioner mcsweeny this morning. [applause] >> thank you so much. good morning, everybody. >> good morning. >> thank you, thank you, thank you. thank you for that incredibly kind introduction, i really appreciate it. and thank you also for getting this video that i'm going to share queued up here. i really am delighted to join you this morning for this important event. i have to say, again to underscore what michael said, that partnership here is incredibly valuable to the federal trade commission and its mission to protect consumers. we really value our partnership

not only with the national cybersecurity alliance, but also with the better business bureau who's a really valuable partner to us in our consumer protection mission. michael gave a shoutout to our wonderful materials that are available right outside the door at a table, and so i also wanted to just thank lisa who's here from the ftc who can help you find any material that you're lacking. i'd also direct you to our web site which has a host of different materials available which i'll be discussing shortly in my remarks. of. ..

for some of these complicated issues. so hats off to them for all the terrific work that they do. you know, the two steps ahead campaign is a wonderful way to spread the word about the steps that we can all take to protect our data and privacy and identity online. for those of you who are not familiar with the federal trade commission work, we work, we are the nations premiere consumer protection agency. we work across all sectors protecting consumers from scams and fraud that increasingly our mission has modernized as consumers have moved the brick and mortar world of consuming to an online interconnected one our mission has increasingly involved protecting consumer privacy and consumer data. we have morewe have more

than 100 privacy and data security cases over the last decade. equally important to our mission is promoting the educational materials for reaching out through better business bureau and partners to make sure businesses and consumers have the most up-to-date and effective information at the fingerprints. our website at dc, onguard online and their website identity theft. we have a variety of resources. we have no pride of authorship. the one thing to do whatever you all with them. the point is to get the information out there and in the hands of people.

millions of copies provided advice to parents and caregivers talking to children about being safe online. five-year-old andfive -year-old and seven -year-old growing up in this incredibly interconnected world that we live in. i think we have probably heard discussion. you are well aware of them were not have shown up to attend this event. i just want to throw some numbers that you quickly, i think everyone would probably agree when i say the risk of data breaches and identity theft close large, but to underscore that the ftc has to date in 2015 received more than 474,000 complaints about identity theft which is my by far most common complaint

7% of the7 percent of the us population are victims of identity theft in 2014. they also found that the financial losses from all identity theft and data breach told nearly $25 million. a huge number and i expecti expect if we look at current members it might be larger. in addition to reaching out to consumers directly the ftc also reaches out. >> pardon the interruption. in a few minutes we will be having a sect to our special program on the 2nd floor. >> okay.

[inaudible] >> i'm not going to be offended if anyone wants to go to that. we recently unveiled our security initiative and have been on the road with presentations around the country from silicon valley. i was in austin recently, moving to be in communities all over the country. these new materials geared specifically toward businesses trying to do the right thing with security. these pamphlets are available today, outside on

the table. i'm excited because it is -- best practices and basically ten rules based on enforcement cases that the ftc has brought going through, mistakes and businesses of security, talking about how to her immediate them and i think it is a user's manual for doing the right thing to protect consumer data security. it is incredibly helpful. if you don't find the answers you need we have more available online, and we have a terrific staff are available and you respond to questions and inquiries because we're here to help people do the right thing so we can avoid situations where consumer data is breached. we also have been distributing information via video. ivideo. i'm going to try to make the

video work here. let's see. kristin,kristin, i think you have set this up and now i need -- technical help. this help. this is our latest video which we are debuting today. it reminds businesses to think critically about how to -- about threats to data on the system. >> this video series and that report business .-dot sec .gov offers valuable tips. companies can't get there hands on the data. notdata. not every employee needs access to everything, especially customer information. one social media company learned this the hard way. the company failed to restrict administrative rights, severely every employee can access users accounts.

they reset user passwords and sent messages from several accounts including that of a major news organization and the president-elect of the united states. information control makes a difference. who has administrator privileges? what data can access? what can they do with it? restrict unauthorized parties only. in another case a financial firm was cited for failing to adequately restrict employee access to personal information. employees who did not need access transfer more than 7,000 files to third-party and one employee sold surplus hard drives. how can your company avoid disaster? assign access only have a need to know basis.

for your network consider limiting access to the places were personal data is stored and put controls on who can you certain databases. >> learn more ways to control access to data and build a culture of data security. >> that is a brand-new fugitive. we have more video and training materials as well as the materials that are here today. i just want to underscore that this reminds companies that security is not a one-time effort but an ongoing process that requires continuous evaluation and updating. if you take nothing else, please take that lesson, security is a daily task, updating material is important to understanding risks for trying to make the best choices possible,

really vital to securing consumer data. forfor all of our efforts to try to help make sure the best practices and security are being deployed to protect consumer data we recognize there is no such thing as perfect security. so one of the things that we have also been updating, resources available to consumers more resources for consumers that are experiencing problems. it is unfortunate but i expect more and more consumers will have need of these. over the past year we have been updating all of the material. it is a seamless one stop shop available to consumers that need to remediate the situations of identity theft want to find out more about

how to protect themselves. i am pleased to announce that we will continue to expand and update resources. right now the site helps consumers generate an affidavit from a learn what actions to take following identity theft and how to obtain sample letters for credit bureaus, businesses, and that collectors. so we will be unveiling enhancements that will allow consumers to register and create an account so that they can update affidavits and track progress over time , obtain a personal recovery plan that walks consumers three-step and get customized prefilled letters that they can print out and send the companies. these improvements are going to make it easier and faster and safer for consumers who have been affected by identity theft to address the damage and regain control. additionally they will continue to bring data security cases to protect consumer data sending notice that we will take action if

the rights of consumers are violated. and we will use all tools available to us to try to protect consumer data in our increasingly interconnected world. so i want to conclude by emphasizing one thing which is that the ftc cannot make security a priority. that is why i am grateful for our partnership. i think all of us together underscores that we can take security seriously and protect consumer data. let us know what it is.

thank you so much for your time. [applause] >> thank you. if i could ask my panel to come up, let me take a word tremendous support from the community. as we normally do we would like to have the local folks come in and talk a little bit about what is going on. they have a terrific panel

here today. i'm going to let them introduce themselves. >> good morning. i'd serve as the coordinator. organized by chapters and geographically alive. >> good morning. i am dean of the school of engineering at george mason university. as dema -- as dean of the school we have eight departments including the traditional bars engineering, civil engineering.

as of computer science. 15-degree programs and across the campus we have a number of additional programs that are multidisciplinary that would pull in business and public policy. trying to broaden the include engineering disciplines and infrastructure, whether infrastructure, whether that is driverless cars or drugs that uavs for the smart grid for electric power distribution, trying distribution, trying to take a proactive approach in the cyber security. and i will point out that right now the average

starting salary for a cyber security professional is $88,000. if you have a security clearance on top that can add another 25 to 30,000. graduates are starting out the gate a lot of times over hundred thousand dollars. 11,000 jobs currently in the northern virginia region when the greater washington metro region there are about 50,000 open50,000 open positions. we are very pleased to be providing these programs to really increase security education opportunities. >> very proud to be the president and ceo. we were started over 100 years ago.

good news and bad news, we rely on the internet for business. consumers use it to make their lives quicker, faster, easier. we are here partnering, csa to add resources and knowledge to help you as a consumer protect yourself. but the right safeguards in place, dealplace, deal with your staff and make you a trusted business. >> just a quick introduction. >> good morning, everybody. us small business administration. if you are not familiar comeau we work a lot on financing. resource partner network, a, large network of university nonprofit another mentor networks and work on procurement issues for small businesses and disaster preparedness and recovery.

the growth concern from a number of perspectives. see everybody here and our partners we work in conjunction with. >> thank you. i know that you all just launched a significant new program. pressure swinging talked about some of the scams. tell us what you are up to. >> we just launched scam tracker. real-time tracking, scams are in the area anything will give an update for information about the scam medium they used.

it will also say what audiences they target. there is a real-time map that will show where is moving in one direction it may be heading. you can warm people. >> thanks. talk about this big, huge need. give us specificsgive us specifics about how you are getting young people into the workforce. >> there are several initiatives we have taken. one in particular is creating programs through the community colleges. for information science and technology program for that

half of our students come through that pathway. that also extends down through the k to 12 system. one unique aspect is we are reaching out to veterans who can, an associate of applied science degree and come directly over to george mason university. i should mention that the commonwealth of virginia is providing us with a hundred $50,000 appropriation to provide guidance and advice. we are looking to expand that this year. we also working with professionals in the area. one of six universities partnering with the united

states army reserve command to create a public-private partnership to create several professionals that will be working professionals in the army reserve to leverage their position in the industry in the area and provide additional training to help ensure the nation cyber security needs. >> many of us have been in this field long time no not sure everyone knows what info gartersgardens and what it does and what the advantages are. >> a public-private partnership. really evolving and changing.

they sought out expertise to help us get better. moving away from the traditional cyber criminals scams that obviously still exist but also seeing nationstates targeting a network. so that was evolving for us and we reached out to key holders and stakeholders that had expertise in those areas. since then it has grown to an organization that has 40,000 individual members nationwide. a littlea little bit different than some of the other outreach mechanisms which is not specifically for business but individuals who volunteer pages they want to protect only the companies that they were for but themselves, individuals, their families, and their community.

by joining the fbi, those folks usually have an interest in keeping their community safe. and we allow them access to secure portal for intelligence products are posted for we have agreements to inform consumers and provide a mechanism for them to tell us things. a lot of times an individual level, the federal threshold to open an investigation is not met. so we rely on our partners toaggregate a lot of that for us. we can get involved ourselves.

we are an extension in the cheerleader referring members to those resources. >> where would someone go to start the process? >> you raise the issue, can you talk a little bit about what your efforts will be? >> sure. >> the effort is the partnership where we can cohost, leverage our infrastructure hold workshops and cyber security. communities across the nation. we have been working on a

special project to upgrade from the online learning. it's kind of a one-on-one course. we have about 10,000 people take that course last year. it will connect the digital dots. we are doing a lot of communication. we also talked a lot with our mentors. 12,000 and women who serve as mentors. there going to do some internal.

digging a little bit deeper will make those referrals taxpayer organizations. educate and inform their becoming aware in that space. that is obviously a huge growth area. a lot of advanced information. that is where we are seeing this growth. >> i want to go back. i'll let you talk about an effort,, and i think what we think about the small business community, in many

ways they are hard-to-reach it hard to get focused on the issue. they are literally, the situations. they are doing so many things and realize there is information out there. so we partnered to put together a framework of you think that the most important asset you need to protect. so if we can give you the five steps can help you and your organization put together a plan, start small, let a girl. identify the issue, protect your data, respond, recover. once you get your house in

order there will be more data and it doesn't stop. the other part of the program is to provide vetted resources. the trusted resources i can use and help my staff think about cyber security, these are the things that i can do i can do to be a trusted business for my consumers. >> i want to go back for a 2nd. you mentioned that people get information. as they go back and forth and have a people use it? >> a couple different methods.

members get access to the patient portal. weportal. we like to think of it as yet another resource, public service announcements of private industry notification are just a couple different types. we like to get as much information as we can. the more technical information will provide indicators that companies can use to plug into the networking system. and that each fbi field office as a special agent coordinator. a local chapter has a person

as opposed to just calling a switchboard that they can get in touch with. most of them sit on cyber squads and field offices. we can get you in touch with the experts. especially if you don't have enough resources to figure out what's going on. it will get you in touch with the agents and analysts in the field office. and even if it is not cyber related it still puts a face to a person which is often daunting enough. there is a trusted partnership.

>> great. they can write it down on a card. you can move them to the side. thank you for that. in october release data about millennial's attitudes toward cyber security. what are they thinking mac and we found a couple things that are interesting. young people did not actually know what a cyber security professional does.

no teacher or guidance counselor and they didn't know what a cyber security careerwise. talk about bridging the gap. >> we are doing a number of things. we do a lot of outreach. they go out and give presentations and sponsors. one example would be focused on robotics. robotics is a shorta short step away from uncommon assistance. one of the things is working

with the community, working with economic development groups. there are thousands and thousands of people who live and work in the northern virginia area and can spread the word about what we are doing. they developed that in partnership with industry and work with northrop grumman and are making sure. they are very broad. today server security touches all aspects of business. it could be in the healthcare industry, robotic surgery.

and in some ways we can exploit every cyber. we were talking about the barbie. that is an opportunity for us to show how young people can have fulfilling professions in this area. as i mentioned, just letting them know your child to go out there and have a good

paying job, that helps a lot. we reach out to the parents to show them that the children could have good opportunities in the area. >> cyber challenge is an important part of this. other research we did. really only about a 5th even knew or had heard anything about these. talk a little bit about cyber challenges. >> and that is one way to get interest in cyber careers, especially once they come to the university. the co- curricular and extracurricular is very important. the cyber picture competition, a national competition for every university in the nation has

cyber programs. push that downed to the high school level is important. new line how to -- it raises their awareness. all of these programs are important. we go to high schools and try to also use our current students to go back to their high schools and engage the student clubs to ensure that students are having the opportunity to have a lot of fun. the students really -- just a george mason university alone they are probably our

best disciples were going back out into the community. >> go ahead. please. >> do you have families interested? data breach, bad, but also if we effectively use tools to control, it is getting the students involved. you don't want just one person. i'm going to use the internet in these tools. >> we would agree. it enables people to do more. they talk about these helping to provide cyber security. talk more about what is going on and how you are supporting them.

we will see every single business in this country need some form of cyber security. maybe it's just a tiny network. >> better as a parent. i tried my four -year-old with me. at least animal. attending. we do talk about our house more. counsel's father. i feel more comfortable that we are exposing of issues early on. vendor the advanced digital age.

small businesses don't know what they don't know. working in partnership. communicating to make sure you are exposed to things. now it is definitely the new norm. a standard business plan about people some of the ads. i think are doing a pretty good job. a lot of ministry businesses during the holiday sales season, doing more online, communicating with people.

they talk about the chips allow small businesses need to pay attention to those, the card readers and the standards and requirements, a 30 day period. i often think about the food truck. they are probably not starting the food truck thinking about cyber security right off the bat. we just launched a cyber security vandalism toolkit. cyber hacks going into social media channels. not a lot of people think about that. how somebody can communicate on your behalf. we partner with the gsa to launch a toolkit.

they're talking about it, as they have been. the staff, i know folks who talked to main street. as they often train their employees on how to lock the back door. partner organizations digital vulnerabilities. people often wonder. what type of requirement does the insurance company have? small businesses, and the last thing i mention, across the country but also this committee frank evaders.

aa number of award-winning that we have recognized, national small business week small business that have a deep expertise in this area. the press covers number of corporate tax. just aa range of topics that we are talking, small businesses. connecting them to the right resources. politics are local. >> talking about small business. but our experience has been that they are the hardest

group to get their attention. very limited bandwidth. any good ideas for reaching these folks, the right type of messages or how to engage them. working at the local level. in a way it is productive. overwhelmed by the amount of information that's out there. a lot of business, education.

>> easy condiment. that a lot of programming for the membership which is driven by what their interests are. we do programs many times a month all throughout the year, and in this area there is a lot of cyber tropics. so those programs allow those folks might not be able to get those resources elsewhere. the threats that we see in how they are targeted.

all the universities in the region and throughout the commonwealth of virginia provides services. the examples very proactive. providing advice, but i would also add that there is a great need. small businesses don't get into it until have a problem. i do know that governor michael is making a real effort to develop the new virginia economy. the budget will be announced september 17.

cyber security. where can the governor's budget there will be money to provide more training. there is also going to be things of work in this to provide more opportunities. the benefit the business committee. >> tell people where cyber ranges? cyber range would be mimicking the larger.

disrupting all the commerce and everything else. >> you know, you're right, business owners are smug busy. one of the things of air doing, you as a consumer by looking at the list, we try to the fire messages. if yours can be resilient. we are talking about one step, two steps, three steps.