surface. are there things we can do today to go back to my original point, are there things we can do today to be able to operate manually? in the event of an incident? to go to a degraded state simply to keep the power running, understanding it's going to be in a less efficient way. those are the kind of big decisions that we are taking as a sector and in partnership with the government to begin to planning for those incidents that could have an impact or a longer-term on the grid. the second thing we are doing and again, this is an experience coming out of the ukraine, we have a filter of mutual assistance. you seen it all over the country. when there is a weather event, you got bucket trucks and cruise all over the country on the affected area. can we learn some lessons from our mutual systems culture in the cyberspace and in fact we are building out a cyber mutual assistance regime at the sector but as

we recognize, we can't do it alone. this goes to the staffing issues. there's going to be in national guard component. there's going to be another sector component to it. the dhs component to it. a law enforcement component so bringing the whole community together for response to cyber threats is a great lesson out of the ukraine. >> two things i wanted to put a fine point on. one, the physical cyber convergence, the attack surface growing exponentially. when we start talking about the internet of things and the internet of everything, making security into the design of architecture becomes that much more important. secure coding and the like. and i might note that one of the greatest deterrence and i've been an outspoken critic that we haven't really articulated a cyber deterrence strategy and i think we in essence blame the victim. we blame entities rather than penalize and put pain and cost on the perpetrator but that's a longer conversation but maybe one of the best

deterrence is the ability to not only the resilience and that's become a bit of a buzzword but to bounce back quickly so i think that's an area your sector in particular has some lessons we can all glean from and also in planning. >> if the adversary realizes the impact is not going to be as catastrophic as they wantedto be , they will go someplace else. >> that's exactly right. >> person you want to pull on that earlier. >> i'm trying to disagree a little bit. >> i need to say something. i think this idea of education and awareness, we have i think there still exists which is a little bit of a false notion that the right technology isgoing to prevent something . and that we are not looking at it as effectively from a pyramid. at the base of that. are the people. the people are then given policies that educate them on what to do and then the technology is then brought in to help assist the policies and the people but at the core, it is the people. if you look at what happened to google, we were talking to

somebody related to the commission and the reason why facebook says they didn't get reaches is they pull out all the operating system literally out of the walls when they found out where the vulnerability was so here's a question? how many of those operation systems existing major organizations today? i can tell you there are a lot or in the private sector that still carry the operating system that's known to have that vulnerability and in different ways as we look at these things. if we look at what the government has proposed which i think is an opportunity for the government to play a model in both the public and private sector, what tony scott has proposed with his it modernization fund is this approach theoretically, makes a lot of sense which is take the functions that are shared across all the agencies that are not agency specific. hr, kate payroll, email provisions, and create a shared platform that is resilient and that to frank's point, what you're trying to do is you're not going to be

able to prevent everything. and this idea that actors are more specifically, that's not an effective work.they're just more opportunistic. it looked where the vulnerabilities are and create the capability versus intent argument that if you create an infrastructure that preventswhat should be prevented, blocks the low hanging fruit, there's basic things we can do . but understanding that you're not going to get ahead of every attack, that we are going to be attacked and it's how we create that infrastructure that is strong to manage what happens and get our systems up and running as quickly as possible and that is an approach both when we are looking at the public and private sector that works effectively but at our core is really what are we doing with the people? i think the point that was made earlier is, there's a very simple vulnerability that we have that we are not doing enough to address and i know one of the elements that we are looking at in innovation that's happening in the government and this is innovating around this as

well as the private sector is how do you ensure that it is a lot easier to do the right thing? it's very difficult to do the wrong thing and if you do the wrong thing, it's contained and it doesn't spread to assist them in a way that the takes down for a long period of time so we have to be looking at all these elements . the people, policies and technologies and how they are integrating together. >> ., this is scott kane. a good segue. i think kiersten hit it spot on, it's a three-legged technology policy. people, workforce and you mentioned this earlier, and the need to empower the workforce sense, how do we translate what is now arguably the weakest link into a strength? what are you advising and what should be thinking a lot about those at the end of the day, the talent doesn't grow on trees but there are some general cyber security awareness capabilities that can be brought to bear. >> also for us, when we look at is to tears. there's people with resources

and there's people that don't have the resources so you tackle both differently with the people process technology . for the big folks, you know, to try to take a stand here, i'm not a big fan of the let's throw our hands up in the air. i'm coaching girls soccer.i don't sit there and plan, when the other team scores let's figure out how we are going to come back. that's a necessary part of the game there's a preventative element . >> it's kind of like kids soccer now. >> we are playing the football pool, they are playing soccer so i guess my point is that for a larger enterprise that has the resources, where do we tackle it typically on the client side is be preventative. it's not a bad word. it doesn't mean you have to plug up every gap but there's a couple of things. don't be the slowest person

at the tasting. just do enough to get beyond that point so every client says yes, i don't want to be the last person what but i want to make sure i'm not black person. got it. the big piece is that on the preventative side, you talked about the threat actors. at the end of the day is not that difficult to see what's going on. in a previous life i worked as a threat intelligence company. you see what's going on. it doesn't have to be monitoring a dark wet red there's social circles out there where you can take a look at threat actors and they have their patterns of attack. you know what they're going to do. such and such of these start showing up in certain places, blogs and so on. not blogs but some of the message boards and so on. now i know such and such company or this industry is about to be attacked. instead of waiting until they hit, let's take a look at how they typically attack folks and make sure the companies in that particular industry or the fed groups in that street are prepared right? so we know john and the bad guys typically operate this way and your name has showed up and i'd say within the

next three weeks you're going to be on the target list get ready. that's not a difficult concept. i was going to add on the people side, what we typically do in large enterprise is our exercises. using a soccer analogy you don't show up at game time and figure out what to do so most of the folks when you run them through scenarios, the boards, the it folks, development folks that do the code and you bring them together. you run them through scenarios that are relevant to the threats in their industry. most don't do very well. so what ends up happening is you find the gap and you fix it so that's the way you get prepared is that if you're talking about people, they are going to do what they have to do but if you practice, you obviously are going to do a lot better at game time so we advocate that. on the midsize side, the small side it's what the expert. do the minimum things you need to do, do the hygiene piece but you may want to consider having someone else come in as the pro since you

don't want to have three people to take care of your security. >> i would highly recommend any of these that don't have the capability to spend a whole lot of time in the argument. that's a tough neighborhood. you've got to have real capability to engage in that and i are spot on. you make the big mistakes in practice, not game day and i do think you're starting to see a pretty big trend to even the financial services sector where you have small medium-sized banks looking to their providers to provide security in the cloud for example. aws for you name it or microsoft, asia or you name the various means. i think you're going to see a big trend in that direction where entities that don't have the devoted capabilities resources and effort to throw at this problem. >> absolutely. the industry will tell you where things are going so as

the midmarket is looking to leverage the cloud more and more because it's easier, faster, better stronger then the threat comes with, how do i keep tabs on folks and i'm havingthe kids with with ? what's happening in the industry is this cloud security pieces becoming enormous. keeping tabs on the big companies that are providing these services. you're not going to get the big companies to allow you to start rummaging through and making sure the security protocols are in place but there are ways the midsize companies can use certain not that expensive technologies to work with their partners to keep tabs on their cloud providers. it's a big bust for us in the commuter commercial world without question. >> i want to make sure we have time for audience q and a so we have about seven, 10 minutes. when you raise your hand, identify yourself and wait for a mic. andy over here. >> general, you mentioned the active defense word.

i'mwondering if you could describe for us your sort of vision of active defense and get other panel comments about where that's headed . >> thanks. so i think first of all back in the early 80s when we were carrying around brick cell phones and thought we were the coolest cats on the block, right? who thought back then we would be watching tv on our cell phones? who thought back in the early 80s that we actually wanted to watch tv on our cell phones but today everybody's doing it. the speed of technology is changing so fast and it's outpacing the rollcall of victims to cyber attacks. and again, i know you'll find this hard to believe, the government moves rather slow so all of our policies and our processes and the things we are trying to do can't keep up with that and i think that's where the active defense comes in and that's where you have to have a layered approach to cyber defense. it has to be risk-management based so you have to accept some risks because as i said at the outset, you can't build a firewall anymore because it really takes one

person on your side of the wall to do something really stupid and it will take down your system and if you're in the private sector you can't afford that. so we have to all be in this together so when i think of active defense, i think of the risk management combined with a layered approach combined with this notion of the public-private partnership and we in the guard euro partnered with the dhs, doj and we are looking forward to the presidents commission. nobody really has a crystal ball of looking out to the future of what is the threat in the future but this cyber aim is the long game and i think the presidents commission has an opportunity to really lay a foundation and a pathway forward for us so we can go collectively together to be in this kind of active defense arena. >> one thing i wantó, you're not suggesting to people to turn off their files. you're just suggesting that the parameters of the fence as we know it are insufficient. please don't turn off your

firewall but at the end of the day in itself is insufficient and i don't know what's inside and outside the network anymore since it's all kind of blurry. traditional ways of thinking are just building higher walls, wider moats ain't going to cut it. and the question is, there's a lot of policy between hack back and build higher walls. and that's the emphasis of the study we have ongoing as well. we have time for one more question so please in the back there, please identify yourself. how are we on that? >> quick question. i'm john, a student at the university of pittsburgh. i have a question for eric on the left. previous speaker was from the dhs talking about how important it was to share information with the private sector and public sector but you hear about these

vulnerabilities like target attacks, i think it was their point of sale technology and there's a bunch of old vulnerabilities on windows xp that isn't even past anymore. how do you know when enough is enough? are you afraid of sharing too much information and creating more actors of attack? >> if i could build on that noise issue and what impediments are there legally if any to share some of this. >> this really comes down to the sophistication and capacity of the recipient building on the points got me for a large enterprise and major corporation, a large federal agency approach is that we should share as much as possible as fast as possible because the recipient should have the sophistication and automated tools to be able to use that shared information better their own security. at what differentiation and the first point between sharing information about vulnerabilities , about incidents and about threat indicators. our current focus right now in the automation state is on sharing threat indicators as

quickly as possible. we believe that cyber indicators should be a commodity. companies should compete on their portfolio of threat indicators. threat indicators should be published and shared across the enterprise in real time. our goal would be when an adversary uses a single tdp, single email the first organization that detects that in their perimeter of their firewall, they counter that, they put in a shareable format, they send it to our contact and we share to the world. our goal would be the adversary can only use that tdp a single time and it's everywhere else. >> a little pollyanna but i like the idea. >> we are nothing if not optimistic. but it's only the case that some organizations will have a hard time differentiating the signal from the noise or they will need additional help to figure out what is the most important? what indicators do they use

first? we are building into our system the capacity to put in reputation or confidence during that will tell the recipient when they received a cyber threat indicator how important it is, is this time back, nationstate adversary? is this something we've seen used elsewhere with significant consequences question mark that will hold organizations don't want to just take the pipeline of indicators from dhs and use it all to actually differentiate based on our confidence that it's actually significant and the importance thereof. >> ,can i ask one point and we will get one more question in but looking at some of the bounty initiatives in a number of countries companies are initiating which is i think a great marketplace, it allows for the white hat hackers and maybe even some of the gray hat hackers to share information of zero day exploits and unknown exploits before they occur. you see a day where the government can help drive that marketplace with the private sector or no? >> certainlythe dod . >> in essence it would be

providing incentives or no disincentives. >> certainly the dod has launched their hack the pentagon effort where they are paying bounties to hack public based dod websites. certainly there is a model here. the traditional model has been we dhs, other agencies coordinate with white hat, white hat researchers to provide vulnerabilities and we then work with the vendors, work with developers to bring that vulnerability to resolution. obviously there is a significant market now for this service and if the government wants to receive these vulnerabilities along with the better developers, certainly there is a model with the government both sets of the legal framework where this is easier, simpler and lower risk and there's a model as shown by dod where the government is actually a participant in a financial market for vulnerabilities particularly on government owned and operated networks and software which i think we

will see first. >> we have time for one last quick question and quick answer. >> mark peters with the mitre corporation. national guard has experienced many years of experience with physical response supporting state and disasters for example. you're gaining experience in assisting with cyber response. have you given an any thought into how you might have to think or act differently in either preparation or response when you have both of those domains involved in an incident simultaneously? >> that's a great question and i think part of our capability whether it's supporting a domestic response as you said or a cyber event is the value we bring as we are right there and able to set conditions for the governor in advance of other federal services or other capabilities that fema might bring to the table so i think our response is we think about a cyber response is really to set conditions

for other responders then to come in but it is a great area of exploration in terms of how we continue to support others. >> i'll second that. we just met 20 minutes ago. i think that's the wave of the future and i speak from our company, we got about 45 to 50 employees that are all in the national guard in the air force and all of them are cyber folks. >> and they are distributed all over the country so limitation with dhs is because of certain locations, physical locations. the national guard is everywhere, plus they are private motor so theway our team plays out as they work with us during the course of the week . on the weekend they are cyber warriors so they are totally prepared to support the mission out in the field all over the place.you have a bank in okemah slowly, you've got a national guard representation with full that are working day jobs in the private sector that are fully capable of supporting that

mission so i've always felt personally is that i think the national guard came to be the right organization simply because of the distribution coupled with the talent pool they already have simply because a lot of these folks are already in the cyber community in the private sector doing their day jobs. their weekend job just because having more fun helping us out thank you scott. on that note please join me in thanking our panel, this could have gone on so much longer. thank you. [applause] i think we had a short break and then kristen will kick us off for the next panel in a little bit. thank you. >> so welcome back for the

afternoon session of our strategic conference. thank you for coming back after lunch, we will have more peoples trickling in slowly from their lunch break and have a good session of two panels then a final keynote from admiral blair this afternoon so thank you for coming back. this panel is entitled organizing dhs, strengthening unity efforts and preparing for transition. i'm joined by three

distinguished panelists to discuss these issues. first of all and on the far end of the panel, the honorable sco, secretary for management at the center of homeland security. mister deal was confirmed to the position about a year ago as a long distinguished career at johnson and johnson in the private sector and secretary johnson pulled him in to draw on his experience there to address many of the management challenges of the department of homeland security and george and fred and a number of her senior fellows

and board members and others are working now through the end of this year, through the election and transition. and did not duration to address the issues we will talk about today in terms of help gain who have very -- whenever administration gets elected in november, be ready to take on the challenges of running ths and also to ensure a clear understanding of where from a management standpoint, from an organizational standpoint, key initiatives can be preserved and continued into a new administration. obviously a new administration will set some priorities from a policy endpoint and on a number of key issues, it immigration, cybersecurity, different counterterrorism issues. in the core management integration efforts, it's my personal opinion there's been a lot of good work done by the current leadership team that

will be lucky not and want to see it preserved. i will turn first to undersecretary to talk about at the department is preparing for this transition, first of all, what is the process for the transition and the second question, which we can come back to later is to talk about the effort which is two years old now and sort of where that stands, in terms of operational integration. >> thank you very much. it's a pleasure to be here and see everyone. transition as you point out is really critical, particularly for homeland security. you can't afford to have a serious event and not be in a position to manage it well and that is harder when people are leaving and new people are coming, but we are absolutely dedicated to have a very smooth transition. for me, it is about having the right people in the right

positions and then have a straightforward and simple process as possible and making sure people are trained to deal with it. we have already put together our transition committee. each of the components have identified a critical full-time government employees to serve as the point person. this team has learned them at once and will be meeting again and are already working on the transition process. obviously we need to train these individuals so they are prepared for whatever might come up from their components and also have them collaborate and work together. we have a transition team in place. we want to be very proactive in front of it. we are headed for most government agencies are. we will be prepared to train the identified individuals about the roles they will have. we want to make sure we have up-to-date information on critical issues that they might be facing, have appropriate

training for them and coordinated to point out, make sure they understand unity of effort and improvements we've made that will help them make policy changes. it is about process. it's about the right people, the rate training and component by component, building up to more strategic work. what are the critical issues? let's make sure you have up-to-date information as we go into the process. it's also about conductivity and make sure the strong communications that take place not only across component in dhs, but other agencies and other government and local law enforcement, it better remain divided and working all the time. >> and can you talk about unity of effort in terms of where that effort stands two years later? is the number of different pillars in terms of the

acquisition side and the operational issues in the joint requirement council. provided that a context on a couple issues. >> and he don't mind, i'll take a couple minutes to frame the issue. as was pointed out, i came from johnson & johnson, which is a highly decentralized company with broad operations on a global basis. one thing i learned is you've got a lot of different companies with different cultures. mitch regina, a skin care consumer market company is completely different than the brussels-based pharmaceutical research organization. so you have to understand what it make sense for people to focus independently on their critical mass, but then when does it make sense to cooperate. dhs is more complicated than johnson & johnson. as you know, multiple components with completely different cultures. some military, someone for that, some civilian, coast guard,

fema, immigration and custom enforcement, all quite different thrown together, brought together 13 years ago without an obvious approach to that conductivity. i think the approach that unity of effort is exactly right for conductivity. you've got these components that have very -- in some cases, very clear missions, cultures that work a lot tried. there's many things they should do independently, but there's also many things where there should be strong collaboration and a direct approach and it's on the situations you need to make sure people are working together. my view is that the unity of effort launched by secretary johnson two years ago is that right blend. i will give you a quick synopsis. you need to have senior leadership teams for all the components are together and working together. we now have a senior leadership council meets twice a month. all the component leadership,

other senior leadership means the secretary johnson to talk about strategic issues and about areas where we need to work together. i will give you one example in a second. we also have the deputy secretary management action group chaired by the deputy secretary with all the components on it. both of these groups have very candid conversation is what you need to do to put issues on the table and then you have policy and management trying to provide support from a strategic as well as from an operational, financial support element. so we now have these two leadership teams coming up with strategies, helping with the implementation, meeting on a regular basis. let me give you one example of an approach to unity of effort that is in place. the slc approved these three joint task force is to focus on

this border, created three joint task forces. east, west and one focused on investigations. postcard, cbp, ice all working together on the critical issues that this border creates for them drug interdiction to dealing with different kinds of migrations from different areas. all of those areas working collaboratively and directly. the dmag mated operational and they are now in place and operating collaboratively on a regular basis. i was in san diego a few months ago. i saw the collaboration san diego harbor adjusting in a way to changes in both transfers into the united states, adjusting their strategies and approach, sharing data, sharing information, making a huge difference. so it starts up at leadership level. a couple other examples as the joint requirement council, which we may talk a little bit more

later. this is in the acquisition space to clearly this is an area where there has to be a common acquisition process. minimize the spend, maximize making sure required things increased capability needs of the department. the church requirement council consist of component membership but via component. the first later was a two star admiral from the coast guard, focusing on the namespace. what are the capabilities we need to acquire to help us achieve our mission and let's do it and across component way to make sure we have what we need. this group does not pass an acquisition on until there is a line that we've identified the right capability, that we know what we need and we can appropriately finance and we can measure success. only then does it go to the next stage. a member of the chart requirements council sits on nine arbitration review board

over $300 million for the life of the acquisition, which he jrc members that tonic it to keep track of it. a huge change of how we manage our acquisition, getting alignment and transparency with the components, maximizing the likelihood of success. one of the things they work on together with biometrics management and the capability to do that, which is so critical in the process being worked through. i will give one other quick example of how in my judgment, unity of effort is working, going deeper down. when i joined dhs, he was right before the opm data breach. i have accountability for their systems and people, needless to say i paid a lot of attention to that. i went to a meeting of the cio council, representation of the chief information officers across all of the component and we discussed this topic of

improving our cybersecurity, a common roadmap, common metrics. and we measured each component measured as itself and saw where it was. clearly, cybersecurity had to be a number one priority despite the differences and components. quickly established it and we have made enormous progress in improving the cybersecurity of the dhs systems. from that experience, earlier this year, the cio that at the dmag approved, the winter study to look at our infrastructures across all the component to make sure our information infrastructure is up to date, working, delivering necessary services, did a review, came up with a common approach to measuring and testing whether an

analytical approach to see what works, what was then prioritize. so it might be the cbp as cementing status before i need this because it is so critical and have gained alignment on how to improve our infrastructure with much more commonality, much more common approach going forward, based on the dmag discussion, openness, clarity, we are now in the process of using the funding we have two most importantly prioritized how we are improving our infrastructure. i hope these examples underscore the opportunity to collaborate when it make sense and still remain independent when it makes sense and the last piece of this is every employee, every college should feel i'm really proud to be part of the coast guard. i am proud to be part of cas, but i'm also proud to be part of dhs. we have a short video called a

day in the life of dhs that is now shown to every new employee, whatever component describes the amount of positive things taking place every day across the breadth of dhs. so we can talk later about making a sustainable, but we're make real progress in how we are doing it. i will do one more and then let the other people speak. dhs used to build this budget component by component. we are now building a budget that is mission focused. we have gone from over 70 appropriations to four appropriations. through that discussion, there is alignment on where the money should be focused, how we should do it. much more of a spend where it makes sense to deliver on the mission. that is germanic change. we've got three clean audits over the last three years. dramatic change. we are now establishing the system's processes, working

collectively, working collaboratively which will make us more good for future administrations. sorry to go on a long period >> that's okay. some of the things we discussed in preparation or this in terms of issues we are looking not, if you want to sort of talk for a few minutes on reflecting on some of the things he undersecretary said another issues when we are lucky not to lead the transition, we should be thinking about. >> well, in terms of bottom line, up front there is a tremendous amount of positive momentum at the department right now that it will be important to carry forward into the next administration. more by way of a preliminary, i would offer that i have a perspective on dhs that extends back i would say approximately 25 years, which may seem a little odd inasmuch as the department has been in existence for not yet 15.

i say that because i served in them senior operational and also two different national security council positions in the years before dhs. and all of those assignments, i had responsibilities that took me across the executive level of what is today homeland security mission and belongs exclusively, but primarily to dhs. and it was dramatically different and dramatically less positive, less effective and less efficient for the american people. so fast forwarding, i've also had the opportunity during dhs tenure to in one instance returned to the white house on homeland security staff, work in the intelligence community and also have responsibility for the coast guard, the netherlands

take region as the final assignment of my career. there is no question in my mind that enormous strides have been made by the department in terms of organizational maturity, in terms of real-world progress in the not yet 15 years of its existence. the unity of effort initiatives that the undersecretary has reviewed or given us some highlight i think absolutely -- not only the right things to do, but the right pace. i really would want to underscore just how dramatically different the cultures, commissions, the orientations, the language, the acronyms are -- has been for the now seven components of organizational change fully implemented, and eight operational component down the road. now you have a unity of network

initiative doing the right things at the right pace, which is really important. for example, one of the first areas in which i think he very wisely decided to focus was an issue i am very familiar with because of my operational back around and that is maritime patrol aircraft. turns out and what an executive at the deputy secretary undersecretary level would be thankful for that you've got to leading component, large, influential, well-funded, well supported, respect it on the hill that have needs for maritime patrol aircraft are complementary but distinct missions. they have done a terrific job of that and i think it was roughly the middle of last year, perhaps august that we now have a dhs signed off operational

requirements document that defines what it is the dhs will go out in the future to procure an order to meet the mpa requirement for all the department of homeland security and its component. so i think there's some tremendously positive momentum and we could talk more about specific examples if there is time period >> jordan, turning to you, i'll give you a couple minutes are general comments, but also one of the issues that we are looking out that is the current issue on the hill and within the administration's reorganization within the department of homeland security, and the budget request this year, and the various stages of implementation the nuclear detection office in the office of health affairs and a few other parts of other offices. there's a proposal but sent to the hill last meant to create the fourth -- the eight

operational direct or it alluded to. these proposals come forward at a time right before a transition. first off, how should people be in assessing proposals on the hill among other stakeholders and how does that factor into transition and any other sort of comments he wanted to make in reaction to earlier speakers. >> i think a few things, you know, if you think about the discussion of the unity of effort that the undersecretary talked about, one is almost implementing our establishing a new set of ground rules for how the department will operate and what a great time to do that. i don't know how many of you have lived through raising teenagers. i have done three so far. this comes at a great time

around 11, 12, 13 years old and new set of expert haitians, a new set of requirements, new people to engage with. a tremendous sort of analogous story to establishing a new set of ground rules for how you engage internally and next journaling. the effort could not have come at a better time. the timeliness was right. as we know, policymaking and politics can be messy and challenging, but also really to find the time to mess the admiral said amanda pays to do it and to operationalize makes a tremendous amount of sense. as you mentioned, a number of other initiatives coming forward and the department revolve around a additional sets organizational changes and organizational restructuring. as we heard earlier today with talk of the new organization, there's no cyberwithout physical. no physical without fiber and so

looking at the way the national protection program directory forms to address what that next evolutionary set of challenges is also cannot commit a better time. the threats more complex, vulnerabilities more widespread as we heard the internet of things and every one of those creates a new type of vulnerability. the time could not be better i think for us to look at and examine and explore how the department organizationally is going to face these new physical cyberthreats that are really joined together. if you look at the evolution of the mission the department has and i think again if you look back historically over time, you see an organization that was established to address a number of components of the lifecycle of the issue. threat detection, mitigation, information sharing, all of those together when they exist

in separate organizations in separate components, even if you could enforce a request some type of consolidation, it's not always the easiest to make sure the requirements established, for example, on the r&d side get implemented or the funding is actually going to fund the right research and development committees. so started the new look for the organization and still working its way through we will see ultimately how it gets resolved. having started a fresh look for a fresh start and how we face that threat is also quite timely and the timing could not be better. >> turning back to you, undersecretary. your reaction to a friend in jordan said, but also, the core issue is service sustainability. i think by as far as i looked at it, the effort has made progress in the things that fred said

that go in terms of addressing some of the challenges that i had when i was a hill staffer and wanted things to work together consistent with the founding vision of the department and a sound that is greater than the whole of pars. progress has been made towards that, this sounded like a gao report here, but still a lot of work to do. so what are the ways that can equate that we can make efforts such as this, but other things throughout the department on workforce issues. some of the things that have been done to address morale issues for some of the other acquisition issues to sort of ensure that when a new team comes in in terms of the small political leadership team at the top, if you have career civil servants invested and can run them and you have the operational continuity, that you have in other parts of the government that are lesser reliance on political leadership

at the top, but have not and the uniformed military the foreign service officer and the cadre that continue core operations, you know, three transition process. >> so i agree virtually with everything my two colleagues appear sad, so thank you. i agree first of all we are 13 years old. we are a teenager and there's some confusion that comes with that and we are working hard to work through that. the work that the secretary is built upon prior administrations and good work they did. this is a continuum of improvement. i do want to act like we just started fresh. it is a process, but these are large complex components. so to make them sustainable is a challenge.

let's be honest about it. there was a jrc in the past and now we have a new jrc was very much wanted to continue. one is muscle memory is being used to how it works and people seeing the benefit of it. the jrc is meeting on a break other bases. they are having successes involved in the oversight. we have very positive feedback from both the ig and the gao about the jrc and our acquisition process. they are giving us a lot of credit for having a more centralized oversight, clear transparency, clear accountability about how we go about it. we are getting positive feedback from industry about improvements we about improvements we're making in the procurement process. very open dialogue with reverse engineering and other things. hopefully there's plenty of issues they want us to continue to address. but there is very much open dialogue.

we have got documentation for virtually all of our acquisitions as they are going forward now. we've got people trained in the procurement phase of common expertise in the new people working at least two components. common training, common approach, making it easier for everyone to work together. we have to make sure it sticks in the muscle memory and peoples the the value appeared to be candid i found it easier to be in private industry. at johnson & johnson, to convince the u.s. marketing companies to buy vehicles for their salesforce very common strategic purchasing initiative. well, why not. look at the amount of savings, the broader choice of vehicles, et cetera. each of those operating companies got the financial benefit. they got an immediate benefit of money saved fake abuse for themselves. it doesn't quite work that way

here. you have to demonstrate the benefits commission and you have to make the process simple enough that people get it and build on it. we've got to demonstrate that value. we can talk about morale a little later. >> with the new common appropriation structure that you mentioned earlier debut in the secretary and leadership team additional leverage to drive back, or is that one believes in terms of acquisition? >> know, the common appropriation structure and we are now in our second iteration of that will be so much simpler for the new administration to plan and manage and we are getting better working with the appropriators on mac, so they are getting more and more comfortable with it. i think that will be a huge benefit. i have a huge responsibility in the process to damage straight to the next administration how these two structures will actually help them be more

effective in implementing whatever policy changes, focuses they want to do because they will be capable of faster responding to issues making those changes than they otherwise would be. >> we will take questions. about 15 more minutes that we can take a couple questions and jump back in with a couple. if anyone had a question right now, feel free to raise your hand. in the front here, senator. ..

getting an emergency response were needed early in a crisis is extremely important and it may be of value to consider expanding your program to capture more than just india and asia. >> i think that's a great comment. what you just said is about the extent of my knowledge about that to be brutally candid but that's an important area and i willmake sure i follow up and make sure we have that structure in place. we have the benefit of a pretty good playbook together in prior transitions . i was so focused on making sure that by now we've got the right people in the component and now we can start building to reach out across agencies etc. but i agree with you, that's absolutely critical. so i agree. we do exercises, i've seen how we respondedas a department to the situation in belgium , to san bernardino. i've seen how we know how to

do that kind of outreach in a very effective way and learn and improve. we want to make sure that isn't lost as we transition to the next administration . >> okay. i'm glad you're looking at lessons learned in the last administration, particularly with the handover from the bush administration to the obama administration, this is public knowledge now of terrorist threat related to the inauguration that was being managed as the inauguration was taking place that was unresolved until a day or two before the inauguration so those type of issues are critical to planning and exercising for now as a transition takes place and that handoff between secretary share top who was secretary on the day of the inauguration through until secretary napolitano was confirmed, i think later that afternoon and then sworn in i think the next day was about as efficient of the handover at the top as you

could envision . >> and if you think about if you are out there looking at opportunities to engage in such an attack right? the transition. fits the bill in terms of both attention and risk. thank you sir. >> you want to jump in on that issue or other things? >> just generally, from a transition standpoint i certainly have experienced the layoff transition between the clinton administration and the bush administration . i can't overstate the importance of looking ahead and making sure you have a number of different mechanisms to provide continuity includingpersonnel . one of the i think bush administrations wise decisions and i can't practice in previous transitions having simply not been involved but there were a number of individuals, many

who were civil-service or military officers and so on that were left in place to provide continuity for the first at least six months if not out to a year. icertainly thought that was a very wise practice . obviously at the department level that the practice that can be followed as well but i would offer that outside of government , there's a role for those of us who have been inside government or have focused on homeland security, national security issues for years whether in the academic realm or in terms of various active interest groups and so on. i think there's perhaps a larger role that can be played to be supportive from the outside and that is, if you look at what's published in the run up and the first few months, perhaps out to a year after a transition, there is no shortage of

suggested first principles and themes and priorities that new incumbents ought to take advantage of but if i'm going to reflect on my own personal experience in senior national security positions and the vicarious experience i gleaned from my colleagues and those were considerably more senior than i was, you are so overwhelmed from day one in thosepositions . even assuming that you are well qualifiedfor the position , you have to read in, update yourself. you have to handle a certain amount of just frankly unavoidable inbox taxing that has to be dealt with no matter how executive, how strategic you think you feel you may be and you got to navigate administrative and political minefields all from day one. and i offer that background as the predicate for

observing that everyone going into those positions as a certain tenure which i always thought of as an opportunity and it is very hard to orchestrate building new initiatives that will move the ball down the field and promote progress when you are starting from scratch which takes me back to where i was a moment ago in saying that there is more that can be done by those outside governments. i would really encourage individuals who feel strongly that for example we are doing a good enough job commensurate with the threat in the bio defense arena to go past these priorities, suggestions, etc. and develop action programs that are essentially on input to a menu of options as

individuals at the secretary, the assistant secretary up to the secretary level out in the departments at the special assistant all the way up through the president's advisers and take a look at evaluate if they feel that they make sense, modify them as appropriate and get a head start as a result. i've taken a pretty good look at the homeland security oriented literature generated in the run up to the 2008, 2009 transition and the months following and for the most part, they aren't as detailed and as helpful as they might be. >> you want to add anything to that question mark. >> sort of picking up on something that the undersecretary mentioned a minute ago, you mentioned the importance of muscle memory or bringing back or

revitalizing the jrc. i think that also reflects a really interesting sort of a change in philosophy because if you think about it, we talk about the kind of on the metal changes the department is going toundertake in the next year, 18 months , now 36 months to meet the evolving threat. you've got a high-level philosophy, you've got the community of effort which says these are the ways fundamentally we are going to ask and coordinate together. then you got some of the structural and organizational changes whether there's a new cip directorate , whether there's a new suburban directorate and then you've got something, sort of a thing that is in the middle so you think about maybe the integrative product teams, one particular example. what you are doing there is emphasizing and sort of establishing the rules of the road for how operators and the requirement folks and the r and d capabilities are going to work together and coordinate and i think what

you do by instituting that sort of set of expectations is also creating that muscle memory around, these are the ways you want to engage. these are the ways you want to interact. and as you substantiate that, you create a little bit of inertia so that irrespective of what the next transition looks like at the highest level, you got the lowest level which is organizational yougot those relationships that are built in the middle and that's something to build on and you cannot afford i think to lose the inertia and the effort that's gone into that.>> i think those are great comments and i agree with all of them so there's the muscle memory . there's the embracing it by the present senior management that underscores that it's the clarity of the value this brings if it's done right. i think the changes, the id teams you are talking about between the components and smt conceptually makes much sense.

this is where s and t which does that break the research and we should be looking at you know, next generation about what we need to support fulfilling the mission and performance doing their own research, establishing these teams between them to make sure the research is directly connected to the visible need and taking those really good people, working together this is a demand approved process by the way. this reinforces it. will we have enough time because this was really just getting underway. we gotfive ipt's , going forward will people see the benefit versus the difficulty of change question mark let's be honest. change is hard for people used to doing things the same way. will they see the value, will they understand it? will we see some successors enough that we can keep this alive ? or will we see enough improvement successes and

strategically will it make sense to the next administration that they will keep it going? that's our challenge. i think we can . i'm optimistic we can but imagine fiscal year 2018 where not only do you have ibt's you've got a spreadsheet that shows where r and d for the department is being expensed to deliver on critical elements of the mission with clarity, right? that would be a huge improvement for protecting the nation and helping people understand what's trying to be accomplished. we are also trying to get legislation for some of these, so bernie, that restructuring cannot be done without new legislation. i haven't had too many senatorial congressional hearings but i had one that was actually fun . and it was on our acquisition process and it was fun even though gao and the inspector general were there because we were all in complete alignment that proposed legislation on our

acquisition processes adopted gao recommendations, id recommendations to consolidate centralized, oversight, accountability to make theprocess stronger . anything that any of you can do to support this legislative effort that will help sustain these improvements because they will be statutory would be great. we are working hard, a lot of our colleagues on the hill or working hard. hopefully we will get something out of it. >> one of the issues we touched on a few minutes ago was some of the workforce issues and half the time there's a headline on dhs that awards more out somewhere in the headline and i know without sort of belaboring the issue, i know that's something the secretary has made a priority with his undercover boss and everything else he's been doing but i guess the question for you.

>> he's not an undercover boss to me. pretty much in your face i guess the question is, transition and the preparedness for transition and opportunity to sort of address those issues in a sort of a different way if you think about, is the time when you're empowering career officials who will stay on through a transition a time of uncertainty so it seems to me like there are risks with the transition but also an opportunity to sort of level on some of these workforce issues in a way that can address the more our challenges the department faces. >> so let me start by saying what we are doing then talk about the transition process. so coming to dhs and attracted to dhs because i came out of retirement based on the secretary giving me a call . and i was attracted because of my respect for him and the criticality of the mission which i think is incredibly inspiring and certainly you

understandhow critical it is so when i got here and learn we had the lowest morale of any federalagency i was quite surprised . over time you learn some of the reasons why . one issue was the sequestration when we had to let people know longer working and the destruction that caused and the vacancies that caused and we are still working hard now to get up to full strength but we've taken a different approach to employee engagement and employee morale this time and it's sort of consistent with what i've said about unity of effort. we are not trying a one-size-fits-all across all these very different components with their different cultures. each component has their own engagement plan, employee improvement plan and it's signed off on by the lead, the director of each component and its customized

to meet the needs of that group. one of the areas of issue that must be addressed?we have an employee engagement steering committee with representatives of each of the components working together on some common areas of approach. for sds, we built and their performance plans the element that they are responsible for employee engagement. that's part of what they will be measured on. we worked hard to provide better leadership training, guidelines, electronically and otherwise for people. the secretary and debbie terry secretary have been across the country going to places, talking to people about it. but it takes a while to turn a battleship that's got some issues including going back to the fact, let's be honest. you don't hear about successes in dhs, you hear about problems so right now tsa, right? all the news about tsa and the long wait lines and shortage of people. that's the reality we deal with and i'm not making excuses. we plan to getbetter . i you the transition as an opportunity sort of for the

next administration to talk about it. i think our responsibility is to have made progress and demonstrate progress and have plans in place that hopefully will resonate and make sense that they can then improve upon as they wish to do so to move it forward but i think this fundamental change of customized plans owned by leadership is the right way to gobecause the cultures are so different . >> i open up the floor for questions question mark over here and then over there. >> hi, i'm mike egan. i'm an editor with the journal of homeland security and emergency management. currently headquartered in berlin area i had a quick question for admiral rosa. in your transition sir, have you looked at the role and

the way in which the department of homeland security plugs in to the intelligence community? do you see any major changes there or assurances that there will be continuity? >> i served for a period as a deputy for the coast guard intelligence program so i'm going to answer your question i merrily through the lens of that experience. the coast guard essentially exists at an intersection between the intelligence community which now i believe a number 16 or 17 members and the homeland security intelligence enterprise and that enterprise as one other formal ic number and that is the department of homeland security investigations and analysis.

essentially, the department intelligence team.you have other components that have their own intelligence elements. cdt, tsa, ice and so forth. and my sense is that over time, the flow of information whether it's been law-enforcement information flowing into intelligence channels, intelligence information flowing down into actually increasingly the state and local level where it can be utilized, that's improved steadily over time. what specific plans may be anticipated now to ensure that the progress that's been made is maintained? i don't have the visibility to answer the question with any kind of specificity but clearly, my tenure ended as the coast guard intelligence in 2007 and the successors i've kept in touch with and

so on have informally shared with me their perspective that not only is the dhs intelligence enterprise maturing but that the connectivity provided in part through the coast guard has helped that in a very significant way. >> question up here? >> laura sabin era, strategic alliance business group. my company currently supports the tsa and i've supported or worked for dhs component for the entirety of my career. in looking at the incoming administration and beyond, what is the departments plan to attract and maintain the next generation of the public servant particularly in the areas of cyber security or it or the public or private sector tends to be more attractive? >> so this is a very high priority.

we've done a good review of the hiring process, working hard to shorten including the security clearance so that when we attract really terrific people we can actually get them on the job quickly. we have pretty good authorities in the cyber it space that part of our issue has been separating myth from reality so we can expedite the hiring process. we are actually planning some hiring fares where we can do some immediatehiring virtually on the spot.we are working hard that . we have happily some very good people that are in this space that are finding the work both meaningful and appropriate so we got them working on some of our cyber experts or it experts working

on great projects. they are working closely with the it professionals. they are not separated as some agencies have done. we are working on really critical products including a project where the team went overseas to deal with these issues. this is a huge priority for us. it's taken me a while to understand the complexity of the federal hiring process. we are talking to internal, external experts. we are talking about people that come in for three years then go back out then come back , working on all of those. it was a month from now i have more specifics for you but we are working closely with opm, they are a terrific new eco-head angie bailey. we've got really strong digital services people that are helping us in this process. we are dedicated to making this happen and in a very concrete way. so a, high priority. i can't articulate it as clearly as i would like to because we are just finalizing it but one last piece is, we found we had a

huge shortage of hiring specialists that could work with the hiring manager and the need externally . we didn't have the people who understood the separation between what's realistic, what's myth that we could actually get it done. we are filling that gap as rapidly as we can so we have all the pieces together and then working hard to amplify the security clearance process as well. so were going to get there. i think our mission as explained by the people who are working here now, they find it so meaningful that we can deal with the challenge of much higher pay in the private sector and we will do better than we have done even though we've done better than many federal agencies in this phase area thank you. we also have an issue of working hard to get more women into our law enforcement division. federal are marshals in particular but were dedicated to making this happen. it's a high priority for me. >> i think we are rapidly

reaching the end of our slotted time for the panel but wanted to see if any of the panelists have any final comments or thoughts they wanted to make. for you under secretary, if you would in particular as the senator engages on these issues over the next six months, any suggestions or advice for us as we look at these issues and then other groups, certainly to try and help you and the team up there. >> thank you. it's an honor to be here and thanks everyone so on, i'm a great believer in transparency so i'm open to suggestions. there's no agenda with the leadership of dhs other than making the department stronger for the future. so any guidance or suggestions are welcome. and i'm very proud to work with my colleagues at dhs. we may have overall the lowest row but among the

people i work with on a daily basis, could not be better, stronger, more dedicated to welcome suggestions, welcome ideas. i've never been through a transition so any suggestions, guidancewould be welcome . but thanks for having me here today. >> jordan, any final thoughts? >> one additional final thought i would share and that is triggered either natural tendency at the point of a transition to revisit the strategic picture and question whether we've got the right significant assumptions driving what we do and it's that kind of reflection that leads me to wonder whether this is a good time to revisit an issue that's been out there but has never really gained a lot of traction and that is, have we

done an adequate job of conceptualizing, defining homeland security? now, there are different approaches for those that have thought about that issue and they fall into somewhat different camps that you might roughly described as balance. some feel it really doesn't matter. we are doing it and it's fairly obvious generally what content ought to be there under that rubric. there's another point of view to the effect that perhaps homeland security as a term that has significance legally, politically, problematically.is it all that necessary anymore? that's increasingly been subsumed because of the changes in the threat landscape under the broader enduring rubric of national security . i'm not in either of those

caps. i think that homeland security as a concept is extraordinarily important but i think there are a lot of questions that we haven't answered sufficiently well to optimally set the stage for the many policy debates that need to take place as we go forward, especially in an era projected to have fewer and fewer available resources to support homeland security efforts and just to explain that a little bit, i would ask, are we clear about what is homeland security? are we clear about what is not homeland security? who is homeland security, however we look at it, who is it for? and if i'm representative of

a person for whom homeland security should be provided , how much of it ought i to get ? and then there's a whole set of derivative questions that gets into the process by which we are currently assessing risks and trying to come up with ways to evaluate just how significant they are and how we ought to allocate scarce resources in addressing those risks. that whole set of closely interrelated questions, i think, has not gotten sufficient attention and i think it's part of the reason for some of the less than optimal outcomes we've had in allocating resources, establishing programs and so on so i would offer that for any of you that might want to consider it further or talk with us about itoff-line .

>> i yield my minutes. >> okay. thank all of you for sitting through this panel and join me in thankingour panelists . [applause] we had a short break on our schedule but if frank is ready when they go quickly to start the next panel so don't go too far away but if you need this day for a few minutes, please do so. a few minute break. >> the third panel of the break just ending, the group going to take a break are having some problems with the video coming from george washington university but while we are in this break our crew is on the ground working to fix that connection. and right now we are going to take a look at some of the earlier panels from today. >>. [applause] so permit me if i

may, post two questions. and then open them to the audience for questions. let's switch to the counterterrorism perspective. post paris and brussels, what has become very evident is that there have been enclaves of isolated communities within those, throughout europe really but specifically in brussels that have permitted the radicalization on a community basis of some members, certainly in the ability to move in and out of these communities itself. given the level of rhetoric in this campaign and the concern we've seen growing throughout europe, what is it we can do in the department of homeland security's perspective to counter the narrative of radicalization? let me say that i appreciate the question. it's an important priority of

ours, countering violent extremism. last year we were very focused on the foreign fighter phenomenon. the phenomenon of individuals leaving the united states, traveling to conflict zones, syria most notably and the concern that they became or already were radicalized and intended returning to the united states to do us harm. that remains a concern of ours but increasingly we are concerned about the homegrown radicalized violent extremists. and we had an effort that was under the rubric of countering violent extremism but we rebranded that effort very importantly and created the office for community partnershipsbecause ultimately , the owners of that effort must be the local communities themselves to be able to identify individuals who are on the path to

radicalization and to intervene in that path. we in the federal government can facilitate and equip them to address this phenomenon. the director james comay has spoken on a number of occasions about the fact that there are approximately 1000 individuals under investigation in the united states now. there are individuals in every single state of our union who are under investigation. and they may very well not have traveled to an area of conflict but instead become rather like radicalized in their own communities. we were given funding by congress to equip local and state law enforcement and community organizations whether they be nonprofit, religious or other types of organizations to build the lines of communication and to build the apparatus to reach

those individuals, their families, their friendsand equip them with the tools to intervene . we are also of course involved in transmitting the counter narrative and the one thing or at least one characteristic that really distinguishes isis in that radicalizing effort is there very sophisticated use of social media and we in turn are using social media to reach the very same individuals to ensure that the message is that they need to receive in order to work their path to radicalization is in fact communicated so this is a community-based effort that we in the federal government very much support, facilitate and equip. >> i appreciate very much your remarks on the efforts and the department for cyber security and one of the

things that is so daunting to the private sector. >> some of the earlier sessions here, were going to go back live now to george washington university for continuing discussion. this is on cyber security and counterintelligence. >> it covers a wide range of issues from insider threats to foreign counterintelligence to cyber security but i think one of the things we hope to be able to show how they come together, where they do come together and where they don't. and quite honestly, they are treated as very separate disciplines but i thought we had a great group to shed some light on some of these issues. firstly, let me introduce michelle vancleave, michelle is one of the titans in the counterintelligence world. few was the first director i believe of the nci x when it was the national counterintelligence directorate. when it became part of the directorate of national intelligence function sounder

president bush he was running nci x . followingmichelle , and she worked on the hill. she's worked on numerous committees focusing on cyber issues and counterintelligence and national security issues long before they were cool. she's young, but before they were cool. jeff hancock is one of our senior fellows here. he's been instrumental in our active defense work and tax force looking at active defense issues. he comes from a background in the private sector and the public sector.he's a former special forcesofficer . he worked cyber at the point us and of the sphere which i think adds a lot of flavor to the issue and has also worked at small companies like microsoft. and last but not least we have brian condos who is with secure onyx who i want to thank for supporting us in the conference today and he

too has come to his current role with extensive background in a number of cyber security companies ranging from riptide to remind me. >> arc site. >> so all the companies. he actually brings a very good perspective from cutting-edge companies in terms of some of these issues so what i thought we do is start with michelle , sort of paint a picture a little bit to provide a parameter. i think when people think foreign counterintelligence, when they think counterintelligence they immediately think security. obviously there are similarities but also some differences. you've got to understand yourself, you've got to understand your enemy, son sue 101 but i'm interested think what some of your thoughts are. how should we frame this in terms of thinking about some

of these issues from an insider threat all the way through to foreign counterintelligence? >> let's start by considering what we mean by foreign intelligence activities. they are all a range of things at one, adversaries and whether they be nationstates or other entities due to try to steal our secrets but also to hide there's an to deceive us into thinking or doing the things that are going to be in their interest. so there are fluent operations as well as collecting activities that fall within the range of things that counterintelligence worries about in dealing with foreign intelligence threats to the united states. to our interest at home and abroad. so counterintelligence therefore becomes the full range or is the full range of things thatare done . information acquired and activities conducted in order to identify and assess these

foreign intelligence activities in order to neutralize them either through denying them access to things they are seeking, by deceiving them or let me also add by exploiting what we learn and understand about these foreign intelligence activities. so then frank, within the range of things that are done to protect our secrets we certainly have a full range of security activities that are performed in order to protect secret information, to protect against access to things that are important to our national security so the full range of security activities, operation security, physical security, information security, personnel security which will will get into. these are things that are done to protect our secrets to be sure but beyond the

protection , counterintelligence looks to understand how the adversary is going after these things, what their intentions and objectives are about how they are resourced, they are targeted. how they are recruited, what is the nexus of their relationships and the zone relationships may be. in fact, the full range of things that the foreign intelligence service or entity does in order to be able to say aha, now we can identify what other vulnerabilities such that we can look to those vulnerabilities as ways of stopping them and best of all, is foreign intelligence adversaries service to think that it is succeeding in what it is doing against us when in fact our insight into their operations is sufficiently refined that we can misdirect their

collection and operations in order to protect what we are doing so you might see in that short explanation the potential sometimes for a tension and i will call it a healthy tension between what counterintelligence tries to do engaging as you will with the adversary and what security and security operators and personnel may do in trying to shut things down and deny access sometimes. sometimes operationally. we need to have the ability to let things play along in order to better understand what is up. does that help? >> that works. great. jeff, you put together insider threat programs for a number of companies, small and large. talk us through what that looks like.at the end of the day, if you want to glean

information you can glean it as we are talking about my cyber means which are vulnerable and successful to property damage but you can also recruit an insider which obviously can have the same impact and i think we are starting to see a confluence and convergence of intelligence disciplines at this space with what used to be technical and human is coming together to a large extent but the same thing you are putting out in the corporate world . of us think that through. >> very much so. developing is a program is really in part two things for this broad conversation. as both the technology use which is a smaller part but it's the method and process the organization can use to identify its most important information, protected, understand how it's protected and used within the organization and identify those vulnerabilities. from a broader perspective is very much a defensive position for an organization to be in. whereas counterintelligence,

counterintelligence is more the offenses view of security organization so the threat is understanding where your issues are, where your risks are and having a method of protecting that information. and going through that process, developing a whole program plan with the organization, developing the technical means with which you can detect inside or outside its because at the end of the day cyber security is a ones and zeros problem. there's very little to be determined around that threat. what looking for those things digitally, you're not going to tell the difference. behaviorally is what you're looking for when you are developing a program read there's nuances there but there's some key foundational components when developing a program like this for any size organization and it's really helping the organization understand its risk appetite , where that information sits. >> brian, and i thank jeff hit a point earlier and that's looking at behavioral analytics but where did the two converge? where do they come together and shed some light little

bit on where to see the various threat actors and ranging from disgruntled employees to more obvious nationstates. >> i'll answer the second part first. when we think about threat actors i can to think of the 40s. grandmother, gorillas and governments. insider threats, cyber criminals, minor access such as hackers and then nation actors. it's simple for us in this country to think of that as the cyber groups but in fact there's a lot of overlap between these seemingly disparate individuals or organizations.that comes out to a very simple statement. why hack when you can recruit . >> mark if you have somebody that already is trusted, that already has access you can operate with more ease and greater self, probably exfiltration more information or create sabotage if that is your end goal. with an insider group, i see three general areas. i see the careless insider,

somebody that made a mistake. they don't know they're being malicious, they just left the back door open or did something by accidentarea . [audio lost] we are still having some problems getting video from george washington university.were going to try to get this last panel and the closing remarks from c-span.org and also have the earlier panel there as well. for now though, look at the future of afghanistan. this is hosted by the middle east institute. >>. [inaudible conversation] >> good afternoon everybody. my name is mark chelan, director of programs and government relations at the middle east institute. we are pleased to welcome you all to today's discussion

under the title political and security crisis in afghanistan, the future of the national unity government. we are gratified by the turnabout, also an immediate interest today. thank you very much for being here. if you see empty seats, to either side of you in either centers please feel free to move in a way from the isles where we always have late arrivals and would like to accommodate everybody in seats. there are quite a few open here to my right. this is an event in the middle east institutes lewis r hughes lecture series. we are very grateful to mister hughes, a member of mdis boyd of governors for his generous support of our programming on policy issues in afghanistan. the issue today, you will be hearing about the sustainability and legitimacy of afghanistan's national unity government, an issue that has been very much in the news and has powerful implications for among other things the future of us and coalition military

engagements. before i introduce our moderator, i want to urge you all to take a look at mdis website right after this event is over and register for a discussion tomorrow that mpi is cosponsoring with johns hopkins . with the conflict management program there. professor emeritus bill zartman will speak on his new book arab spring: negotiating in the shadow of. the panelists joining him will be alan t sweater and ellen lakes in, daniel sir word will moderate the presentation and discussion. that event is tomorrow may 3 from 4:30 to 6 pm. there's information on mpi.edu. now it is my pleasure to introduce the moderator of today's panel, doctor wine bound is the director of mdis

center for pakistan studies. marvin is a distinguished scholar whose experience includes fulbright research fellowships in egypt and afghanistan. he directed the program in south asia and middle eastern studies at the university of illinois for 15 years, has worked in the department of state as an intelligence analyst and is a prolific author of articles and book chapters. marvin saw the importance for us interests of addressing our topic today and he's recruited a panel of remarkable and diverse expertise to do so. marvin will introduce the panelists, lead the conversation with them and with you, taking your questions all over the coming 90 minutes. ladies and gentlemen, thank you again very much for coming in today. marvin, the floor is yours. >> thank you. please as you can see we have a good deal of media coverage today so i ask you please to turn off your cell phones. thank you.it's a pleasure

to see we have interest but why should we be surprised? because what is happening in afghanistan today leads so many of us to say, is this a period of crisis? we've all, those of us following afghanistan, we regularly say that we are entering some kind of. here of some decisive development which are going to determine the future of the government and the state but i think we would probably all agreed that recently there have been a number of developments which seem in this year to have created circumstances which lead us to believe that somehow we have reason to worry more about afghanistan, again about its government and the

issues of security, the economy , and of course we want to address all of those today and i'm sure will have an opportunity. this is not going to be a series of speakers but rather they will be posing a series of questions . and we will therefore be encouraging here among our panelists discussion and we have a superb panel to do just that. to my right, scott smith who most of you know for his time heading the afghanistan program at the us institute of peace. he's now left us for the un, returned to the un where he is involved in mediation efforts befitting his skills. to his right is omar samad

who is also well known here as well as in afghanistan and he is recently returned from afghanistan after having been named adesignated ambassador in belgium . he has chosen however to join us and we are pleased to hear . omar has been ambassador to france, to canada and most recently has been a close advisor to doctor abdullah. michael kuhlman to his right is another familiar face, they all are here in washington. with the south asia program at the wilson center and he is organized so many panels and as you know from his own moderation of panels how well

he is able to address afghanistan and pakistan and south asia in general and finally, ali jalali. ali has been in the past, has a long path with afghanistan which includes military service and was early in the karzai administrationminister of the interior . but is currently a distinguished professor atthe national defense university here in washington . but ali is a very serious player in afghanistan so he's more than just simply an observer.he's someone who participates actively in the affairs of afghanistan and i don't know that we can have a

panel about afghanistan today without having ali jalali join us so with that, let me start. where i started and that is to say gentlemen, what makes this year different? what is now being posed by coming events, previous events that suggests that we ought to be paying greater attention perhaps then we have over the next few months ? ali? >> thank you marvin. good to be here again and please share the panel, they are old friends.

any country any place, you have to look first on the context. political context and the country of afghanistan is changing. okay. can you hear me now? there are a number of issues, a number of factors that shape the situation in afghanistan. first of all, the international forces west of afghanistan, at the end of 2015 and that was the end of combat missions by the international forces. second, afghanistan has to deal with the security threats by its own capacity, its own forces. afghans national security forces which are still in transition. although the country has a sizable army and sizable

police force, it was dependent on international assistance both financially and operationally. that dependence is still there. that's why until you have this capability gap in the national security force of afghanistan, there will be a need for a system from outside. third, the taliban and and other insurgents and kurds are using or trying to exploit the situation of the departure of the international forces from afghanistan and believe assuming that they can do better with theafghanistan it measures . then there's the economy. the economy of afghanistan and the presence of international forces was dependent on international presence actually to some extent. three or four years ago the

service sector and economy cost 50 percent of the economy with the departure of international forces and also the contractors and others, the service market attracted and at the same time it caused unemployment and also the deduction of state revenue and finally in the region, some countries who believe with the departure of the international forces begin the influence of afghanistan to the extent to better get a better deal if there is political settlement in afghanistan. therefore the impasse and all the factors that shape the situation in afghanistan has grown from a regional dimension and that's why afghanistan is dealing with these threats now with its own capacity with some

assistance from the outside. >> omar? >> in order of age issue, you want to look at it that way. thank you marvin for the invitation. i think that mister jalali's assessment is correct. i want to look at it from another angle. and that is that today is shaped by what we have seen over the last 15 years. especially shaped by the transition of 2014 which was an extremely difficult, top and challenging transition on different levels, at different levels both political, security and economic. and there's a fourth level that people really do not talk about often that's the psychological transition that has to take place in afghanistan which we did not manage well. both afghans and

internationals but then 2015 was expected to be the year of some level of positive change. on all these different accounts. in 2015, to the dismay of many of us and to the surprise of some, it was a very difficult year for the afghan people to begin with, for the afghan forces, the national security forces or the newly formed and new experience of the national unity government. or the economy that as was mentioned shrunk and the bubbles that burst after so many years of heavy involvement in investment and the promise to keep that economy afloat and we realize that part of it was artificial .

and finally, the regional context has been shifting as well. we hoped for some real change and real strategic shift, especially with pakistan, in regards to pakistan and for a while we thought a new government in kabul and mister ghani's overtures might crack the knot. it didn't and we are seeing that there's so much more that needs to be done and it's not that simple and easy. so these specifications that developed in 2014 and before that and i'm not going to dwell at this stage on how mister karzai handled this transition and what he left behind for the rest of us but this transition obviously has not resulted in what most of usexpect . some of us saw some of the faultlines and tried our best

to convey that and express that and try to find some ways to mend them and to correct the course. some of us were a bit too optimistic. some of us heightened expectations at the beginning for unnecessary reasons and they are paying a political price for all that today so all these things are going on at the same time in a very short period of time given the government's lifespan and today we are talking about how fragile is this government? how fragile ispakistan? what will happen next? should we talk about alternatives? should we talk about plan b and c and so on? we , i will, this is sort of how i seethings . >> i think omar is entirely right. i will rephrase or stated in slightly different terms.

i don't know that afghanistan in 2016 is more fragile than it was in 2015 or even in 2014. i think what has changed and it's particularly relevant from the perspective of where we sit in washington is we come to the end i think of our wishful thinking. what we learned in 2014 and 2015 now convinces us that the dynamics within the national unity government are not going to significantly improve. the taliban are not going to come to the negotiating table anytime soon. pakistan is not going to be able to push the taliban to the negotiating table. the afghan national security forces are not going to be the miracle we had hoped and to some degree convinced ourselves that it would be. and elections are probably not happening in 2016 so that leaves us with no real way out of what is supposed to be the beginning of an emergence of a slightly abnormal constitutional situation that we are in now so that's why

we are looking at alternatives and plan b because we run out of all the optimistic scenarios that we once had and that's what i think is sinking in and making 2016 challenging and different year even though the fundamentals may not have changed. >> michael? >> thanks marvin. i'll keep this brief. i imagine we will discuss how things are getting worse, dark days ahead, etc. which is true but it just to start off with context, as this audience would know in particular that things are bad but it's not all bad. example, there are plenty of people that didn't expect the national unity government to get as far as it has now. also for all the talk of the deepening taliban asked insurgency, the taliban has suffered setbacks including the other day in kandahar , there was a major operation that killed several dozen

caliban fighters. you've also had afghan special forces that have been distinguishing themselves on the battlefield so i think that's important to keep in mind. that said i would highlight briefly three changes thatare really making existing challenges more difficult to deal with. one, this isalluded to , is a new urgency , new sense of urgency pervading politics in afghanistan because of the national unity government's founding agreement which stipulated that a number of things happened by a certain time >>

>> it i think that these types of problems these are things happened in the past and it'll happen again today it is difficult to start to do with the deeper challenges with a number of the best and brightest are headed for the exit. >> let's look specifically at the national unity government for the year and a half years ago and still has another 3-1/2 years in office. how have these developments the we have been talking about specifically with the survival of the gut -- different but it has eroded

so what could they done differently? and what to ensure the survival of the government for another three and a half years? >> goals spending a year and a half in the unity government so i am not at liberty to say too much i don't want to go into the wide -- though why of their own theories of how it came about in to follow a certain recipe.

with that set of guidelines and for those of us we know by now why and what are the motivations. it is very distressing it has to do with pity politics and power struggles in the real issues that have created a sense of not a united government. och -- a political marriage of sorts. in to have a very traditional sense with the eastern context.

but on the other side is trying to accommodate to be flexible to that extent possible and it you have to realize it is unjust to individuals or two parties or two factions that fought in the elections. so this is very difficult to handle. we did try to bring anybody under the tent and this would be a government but it was the only alternative but there was no other alternative with the two top

vote getters. to receive the largest amount of votes in the country. but once we had that and accepted that that there was a mistake to let this government find its own way that they know all the problems and all of the solutions. they have always given the impression he knows all the problems and he knows all the answers to the questions. but this comes back to bite

him in with this image that was created that somebody mentioned something very interesting. is a modernist or tribal or post tribal? i never thought about this but that is a very interesting question for the afghan. when he sits here he is modern and post tribal but if you go back there he is a tribal but too much even the majority of afghans to date cannot totally connect with him. and this is why we cannot find the balance to make a more functioning government. in there was another option

at the time. we shouldn't be looking for the revolutionary to further destabilize afghanistan to put us in a very difficult situation. i think we should do everything. there is still time to try everything possible for all means possible to impress upon the leadership of this government. that is what john kerry tried to do a few days ago to impress upon the leap to -- to the elite we need to learn some hard lessons and of the international community and one of the biggest problems is we have

immature politicians three don't have professionals who even know how to play politics the best example is karzai. why? because he walks into the room and will tell you everything you wanted to hear but it's not mean that. he left the room then somebody else came in they would agree that when they left he continue doing the same thing. karzai was a total failure in my opinion but we need to learn the lessons over the last year-and-a-half. >> interesting paradox of national unity is there is the much more significant opposition day and to the government of karzai was a

government of singular powers run by one person. the other thing is what is our responsibility? if after the difficult negotiations, a transition not so well handled and the economy that was taking with all the internal friction say you take care of this. when the iraq war was debated in 2003 you break it then you own it but if you fix it you own it. [laughter] and that is what we hear about with their president and john kerry's repeated visits to get them to work together. what can be done differen