cable or satellite provider. >> atop security and homeland security advisor said north korea is responsible for a may 2017 iran somewhere attack called want to cry. he spoke to reporters in the white house briefing room yesterday. [inaudible conversations] >> morning. i would like to talk to today about a cyber issue that happened in may of this year called want to cry. it spread rapidly across the

world. it rendered useless hundreds of computers and hospitals, schools, businesses and homes in over 150 countries. they received ransom demands and this was a careless and reckless attack. it affected individuals, industry, government and the consequent is worried beyond economic. the computers affected badly in the uk and their health care system, not just money. after careful investigation they are attributing this to north korea. we do not make this allegation lightly and we do so with evidence and partners. other governments and private companies agree the united kingdom, australia, canada, new zealand, and japan have seen our analysis and join us in denouncing north korea for want to cry. commercial partners have also acted, microsoft attracted to the korean government and

others in the security community have contributed their analysis. the security of our computers is vital to free and fair trade and fundamental principal to our liberty and accountability and cooperation are the cornerstones of our strategy. north korea has acted especially badly, largely unchecked for more than a decade. many of you have reported on that. this malicious behavior is growing more egregious and stopping that behavior starts with the step of the con ability. it's a step toward holding them accountable but it's not the last step. addressing cyber security also requires businesses to cooperate to mitigate risks and increase the cost to hackers by defending america. the u.s. will lead this effort. president trump has rallied allies and responsible tech countries around the free world to increase the security and resilience of the internet. cooperation between industry and good governance will bring

improve security and we can no longer afford to wait. we applaud our corporate partners, microsoft and facebook especially for acting on their own initiative last week. that was without any direction of the u.s. government or coronation to disrupt the activity of north korean hackers. microsoft acted before the attack in ways that spared many u.s. targets. microsoft and facebook acted to disable a number of exploits and disrupt their operation as the north koreans were infecting computers across the globe. they shut down the clock counts. i am extremely proud of the hard and dedicated work of the intelligence and cyber security nationals and i'm happy to have one of the finest with me. i would like to introduce jenness for assistant security at dhs. we call today on the private sector to increase the con

ability by taking action that deny north korea and the bad actors the ability to launch reckless and destructive cyber acts. as responsible u.s. companies, join us in this cooperation it will fall to jenness. they are in charge of coordinating the operations that will protect us. as we make the internet safer, we will continue to hold accountable those who harm us or attempt threaten us whether they act alone or on behalf of criminal organizations or hostile nations. with that, i turn it over to jenness. thank you. >> thank you. at dhs, cyber security is a core mission of hours and just like preventing terrorism or responding to hurricanes and wildfires, it is a shared response ability between government, industry and the american people. want to cry is a great example of how this partnership works. it began on may 12, the friday

before mother's day. we first learned that something unusual was happening from our partners in the asia-pacific region. as the malware traversed the globe we received information from our partners in europe. as they went on and the health service in the uk was impacted, we knew we were dealing with a serious issue and began to activate our domestic industry partnership. by midafternoon i had all of the major internet service providers either on the phone or on our watch floor sharing information about what they were seeing globally and in the united states. we partnered with the department of health and human services to reach out to hospitals across the country to offer assistance. we engaged with federal cios across the government to ensure our systems were not vulnerable. i asked for assistance from our partners in the it and cyber security industry and by 9:00 p.m. that night i had over 30 companies represented on call, many who offered analytical assistance rough weekend. by working closely with these companies in the fbi throughout that night we were able to issue a technical alert publicly that would assist offenders to assist in

defeating this malware. we were largely able to escape the impact that other countries experience. in many ways it was the defining moment. it was also inspiring. it demonstrated the tireless commitment of our industry partners, a moment that showed how the public and private sector got right. it was keeping our system up-to-date. we are seeing increased activities and sophistication from both nationstates and state actors in many instances these are the same adversaries we faced in the past. they are just now operating in a different space. most devices are connecting to the internet which broadens the threat landscape. there is no sign of these trends even aiding in the years to come. this is why cyber security continues to be one of the most significant and strategic risks to the united states.

in addition to broadening the threat landscape, we see some gaps between wanted entity might consider adequate security for themselves or their sector and what is in the public interest. the american people depend upon critical services and functions such as electricity, a stable financial system, and dependable communications, all things that enable our modern way of life. many of these are run by the private sector. in order to ensure the security of the services and functions, we rely heavily on public-private collaboration. this is entirely voluntary and provides companies with strong liability and privacy protection should they participate. to ensure adequate security, dhs plans to move beyond only offering voluntary assistance to more practically becoming the world leader in cyber risk analysis and intervening directly with companies when necessary. specific north korea, we have issued technical alerts to assist network defenders and

understanding the types of malware they are using an urge them to remove them from their systems so they cannot continue to have access to our infrastructure. as we learned during the one cry attack, these incidents can have life-threatening consequent is. how did we get here? the internet was designed for openness and automation. often times the cost of security which is to commonly and afterthought, attackers only have to be right once. some say defending cyber space is impossible. i disagree with this. we can take small tangible action to make this safer. our goal is a cyber environment where threats such as malicious e-mail can only be used once before it's blocked by all other potential victims. we need to get to the advantage and we make it too easy by operating

independently. our adversaries are not distinction between public and private so neither should we. government and industry must work together now more than ever if we are serious about protecting our defense. we cannot skewer our homeland alone. we cannot defend ourselves single-handedly against these attackers. cyber security is a shared responsibility. to prevent another attack like wannacry, we are calling on all companies to commit to the collective defense of our natio nation. this does not end at our borders. as identified in the want to cry incident, it is a global challenge. as many as 150 countries were affected and only through international partnership that the united states had time to prepare. we are taking a greater leadership in cyber security at dhs. we seek to drive the market toward more secure, scalable and opportunities which we can

encompass by working together pretty very much. >> questions. >> two questions. the united states was apparently slow to publicly identify north korea as a corporate in all of this. was there some new evidence that came to the floor that led to making this public conclusion. second question is about marcus hutchins who was identified as an individual who helped out to stop wannacry. what's going to happen to him given that he's been locked up on unrelated charges. >> two questions, one did we do it too slowly, no, the most important thing is to do it right and not too fast. we took a lot of time to look through classified, sensitive information. what we did was rely on, and

some of it i can't share unfortunately but we relied on technical links to previously identified north korean cyber tools, operational infrastructure, we had to examine a lot and we had to put it together in a way that allowed us to make a confident attribution. as we move forward we can't do it wrong, we can't get it wrong, we can try to rush it. i think ultimately at this point if we had gotten it wrong it would've been more of a damage to our reputation and national security. the second question i can't comment on the ongoing criminal prosecution or judicial proceedings but i will note that to some degree we got lucky. in a lot of ways in the united states we were well prepared. it was partnership in preparation. we also had a programmer that was sophisticated and noticed a glitch in the malware, a kill switch and enacted to kill it. he took a risk and it worked. it caused a lot of benefit.

we will give him that. next time when i can get so lucky so what were calling on here today is an increase partnership in the speed of sharing information so we can prevent patient zero from being patient 150. >> you said cyber affiliates in the north korean government were responsible for this. how do you believe generally that there cyber operations and hacking operations work? how does it all pieced together and secondly, you talk about wanting a private sector to do more, exactly what you want the private sector to do. >> the difficulties often figure out who was operating the keyboard so those are the two biggest challenges. people operating keyboards all

over the world on behalf of the north korean actor can be launching from places so that's one of the things behind cyber attribution. we are confident that it was directed by the government of north korea. we are also comfortable in saying there actors on their behalf, intermediaries clearing out that attack and they had carried out those attacks on behalf of the north korean government in the past. that was one of the tradecraft routines that allowed us to reach that conclusion. that said, how they operate was often a little mysterious. if we knew better with perfect knowledge we would be able to address north korean problems with more clarity. part of the larger strategy of increased pressure on north koreans is to get them to change that behavior. my observation, they've got some smart programmers. it's a shame their government is leading them down the use of that in the wrong direction. that smart people there and a free government and they could be positive contributors of the world and i wish their leadership would get out of the way.

>> to think it comes from within the actual borders. >> i don't think there's a distinction within the north korean regime. i think every thing that happens happens by the direction of the leadership. >> the private sector, what were doing here is improving our own ability to work with them so there's two halves to this. remember, what they do is they report to us all the targeted attack records that they are seeing and we put out there and share with everyone. if you are receiving a phishing attack and reported to us we can notify the whole country to be on the lookout for that. we want them to increase their sharing of information with us and then as we move forward and ask them to share more technical information on where their exposure points are. >> the purchase of rent somewhere. [inaudible] you have an extensive how much money they raised as a result of this and what did they do

with the money? did it go to fund the nuclear program or to the regime for some benefit or word that money go. >> it's interesting. first, we don't really know how much money they raise but they didn't seem to architected in the way that a smart architect would do so. they didn't want to get a lot of money out of this. if they did they would of required more. this was a reckless attack and it was meant caused havoc and destruction. the money was an ancillary side benefit. i don't think they got a lot of it. >> two things. what is the consequence for this. i understand we have have a collective defense renovation but what is the consequence to north korea for doing the. >> at this point, north korea has done everything wrong as an actor on the global stage that a country can do and president trump has used just about every lever you can use short of starving people in north korea to death to change their behavior so we don't have a lot of room left to

apply pressure to change their behavior. it's never nevertheless important to call them out and i think at this point some of the benefit that comes from the attribution is letting them know that we are going to move to stop their behavior. it also allows us to galvanize that. in this case the private sector also acted. facebook took down accounts that stop the operational execution of ongoing cyber attacks and microsoft acted to patch existing attacks. this is allowing us to call on all like-minded in good responsible companies to stop supporting north korean hackers whether they're operating in north korea or elsewhere and it's also an opportunity call on the other countries in the region that were affected to mobilize them to stop that same behavior. often north koreans can travel outside north korea to hack or they can rely on people outside the country with

better access to the internet and carry out this malicious activity. we need other countries, not just other companies to work with us. >> it seems like there's a different handling of different intelligence. there's an elaborate rollout here today where you are calling out north korea by name for it cyber activities, but take russia for example for interfering in the u.s. election. why hasn't there been a similar rollout like this to call russia out. >> i'm not sure this is all that elaborate but i'll tell you there was but i think president obama called them out and i think for what it's worth and underreported, president trump not only continued the national emergency for cyber security but he did so himself and sanctioned the russians involved in the hack last year. i think that was the appropriate act. i think he has continued that for another year end will probably continue it for the year after that. >> have all the sanctions been implemented. >> yes, this was a continuation of the national emergency with respect to significant malicious cyber enabled activities. president trump continued that national emergency pursuant to

the international emergency act to deal with the emergency ask. [inaudible] in addition, if that's not making people comfortable, we act to remove it from all our federal networks. we did so because having a company that can report back information to the russian government constituted a risk. in light of cooperation which is our second pillar, we've had retail stores and other foreign governments follow our lead. today's about north korea but i welcome the question on russia. i think we stand with a good record. >> i will follow up on that in a separate question. the president said were

casting down on the hackers but he said it's very hard to know who is behind it. >> that's the key. today took us a a little while but we did it in a thoughtful manner because now we believe we have the evidence to support this assertion. it's hard to do when you're looking for individual hackers. [inaudible] there is been reporting that the u.s. has been able to combat north korean interference with taken action reportedly when you said largely unchecked doesn't that undermine the idea that the u.s. has actually taken action.

>> he's made it very clear that previous administrations of both parties could have done more and should have done more in his opinion to apply more pressure on north korea when the opportunity to do so might've resulted in a opportunity. the cyber issue has come on the heels of other decisive action. it leaves little room left to apply additional pressure but we will continue to apply that without any wavering. >> thanks so much. can you take us a little more into your attribution process. you said the leadership of north korea ordered this. that's not something that was necessarily visible from the code itself. can you tell us a little bit about that and whether you believe kim jong-un was directly involved in that decision. can you also tell us what you believe the motive was. as you pointed out, ransom was kind of a cover story. chaos, i can see that but that's not the usual north korean ammo.

they usually have something a little more concentrated and this was all over the place. so, tell us a little bit about that and how attribution got you to intent. >> let me go backwards on those if you don't mind the knowledge of some in reverse order. one of the difficulties here of this assertion is that it is wanton and reckless and also one of the most troubling attributes of what we've seen. why it's important for us to treat this one differently. the idea here is that what discriminates on the ma map is not the discrimination of the attacker but. [inaudible] they were affecting people in russia and china and some

sectors in great britain also took it very badly. their peak computers were defended properly, or at least in time and we are all struggling to keep up with this increasingly reckless behavior. i disagree that they are looking to be more targeted and more sober, i think at this point north korea has demonstrated they want to hold the entire world at risk whether it's through a nuclear missile program or cyber attacks. secondly, it's hard to find that smoking gun, but what we've done is combined a series of behaviors, we've got analysts all over the world but also deep and experienced analyst within our intelligence communities that look that normally the operational infrastructure but the tradecraft and the routine and the behaviors that we've seen demonstrated in past attacks. you have to apply multiple types of work not just analysis. >> do you think the vulnerabilities published would've made a difference in their ability to carry out these attacks. >> i think what dave is alluding to is that vulnerabilities exist in software.

they're almost never designed on purpose. software producers are making a product and are selling it for purpose. when we find vulnerabilities, the united states government, we generally identify them and tell the companies so they can patch them. >> in this particular case i'm proud of that process and i'd like to elaborate. under this president's leadership and under the leadership of rob joyce, we have led the most transparent vulnerability equities process in the world. what that means is the united states government finds form abilities and software and then at a rate of almost 90% reveals those. they could be useful tools for us that exploit international security benefit but instead what we choose to do is show goes back to the company so they can patch the collective defense of the country. it's not fair for us to keep those exploits what people said vulnerable to those to tell turn regimes are going to bring harm to them. in this case i'm proud of the program and i go one step deeper for you, those

vulnerabilities that we do keep, we keep for very specific purposes so we can i increaser national security and we use them for specific purposes only tailored to our perceived threat. i think if they're used very carefully they need to be protected in such a way that we don't leak them out where people can get them. that has happened in the past. when we do use those vulnerabilities in the classified work that we do, we sometimes find evidence of bad behavior. sometimes it allows us to attribute that actions and other times it allows us to privately call third were doing this in a more routine fashion and were able to call targets and companies and say to them we believe you've been hacked, you need to take immediate action. it works well, we need to get better at doing that and i think that allows us to save a lot of time and money.

that process is an equity balancing process. i think we've got it right and i know the united states is by far head and shoulders above any other country in the world. >> is this administration's policy. [inaudible] how did you get that conclusion that it's clearly holdings the state of north korea responsibl responsible. can you explain that policy, and then, on digital currency, i believe, i know you said not much money was raised office, but that seems to be, it appears to be how the hackers were seeking any compensation. what you doing on that. >> any crypt crypto currency might be difficult to track so the good and positive innovation but also a concern as we hope it doesn't end up being used for illicit behavior. in this particular case, our sumption on them not raising a lot of money is the belief that the hackers targets that

then report what they did about it. the targets reported that they mostly didn't pay. some tried to pay and quickly reported to others online and through other medium that they were getting their computers unlocked so the other stopped paying. we were able to track the behavior to the targets. >> so without that report you would not have necessarily had the ability to see how crypto currency was going to use. >> i'm in the get back to you on that. i will say your last question is open, it's not about holding a country accountable, it's about culpability. we've determine who was behind the attack and were saying it. that's pretty straight forward.

we are going hold them accountable and with it and were going to shame them for it when we need to increase our collective defenses we will cooperate and try to trust each other more. i think companies are demonstrating that and this president is inspiring that trust in bringing them together in a way that got them feeling like we are on their side and i think it will improve our security. [inaudible] >> that is not the policy right now. >> can you said again? [inaudible] >> i hope they decide to stop behaving badly online. i'm not naïve and i think that probably continue to deny and continue to believe they are beyond repercussions and beyond consequences, but i think at some point they will realize this president, this country and the allies he's row rallied around this cause will change their behavior. if they don't he will act international security interest.

i'm glad he's our president in that regard. >> can you say how the president initially interpreted. [inaudible] senator lindsey graham said there's a 30% chance that the president will have to strike north korea and if they touch another nuclear weapon there's a 70% chance. >> i have no ability to for the percentage on those outcomes. i hate to do so. it doesn't seem productive for me too do so. that said, the president's brief, regularly by the heads of his intelligence communities and that's how he received that information. [inaudible] was this one of the 10% that you had held onto. >> i think there is a case to be made for the tool that was

used coming together from a number of different sources but the vulnerability that was exploite exploited, the exploit developed by the culpable party is the bad tool but the underlining vulnerability and the software that they exploited predated and preexisted our administration. i don't know where they got it, but they certainly had a number of things cobbled together in an intentional tool meant cause harm that they didn't entirely create themselves and part of that allowed us to contribute their behavior because we were able to look at where they got different parts and tie them together and how they did so. when they tied them together they revealed their tradecraft and revealed their hand. >> one of the criticisms that came out in late may. [inaudible]

was another example of why the stockpiling of vulnerabilities by government is such a problem. you're talking about private industry leading to step in with information sharing, but how much is the u.s. government and the nsa to point to the. >> model all. i think while the u.s. government needs to better protect its tools and things that leak is very unfortunate and we need to apply scary measures that prevent that from happening. i think they appreciate more and better what we hold onto and how we hold onto it. it's something that we addressed and changed under president trump's tenure. it's something we rolled out and while you are quoting people who have criticized us, i can tell you the aclu complemented us for how well that process rolled out and how transparent it is.

microsoft is standing with me on this. he is a good partner for this country and he has come out in this particular case and joined us in this activation. i think microsoft is a strong partner, actually have no fear that there's anything between us. >> you didn't really answer the question fully. >> i believe i did so let me back up and tell m tell you why i did. the reason i thought i answered it already is in part because his question touched on the process. what brad was talking about at that time was his belief that we were not adequately weighing the different equities in the process only held on to vulnerabilities that we discovered inside the government. now he understands how that process works because we made it transparent. at the time it was not an open, transparent process.

>> we hold onto about 10%, give or take of the vulnerabilities we find for the purpose of national security exploitation. >> how does that make private industry feel comfortable that it can't happen again if you're still doing that not providing one 100%. >> we don't use them to attack anyone indiscriminately. we certainly didn't attack 150 countries and hundreds of thousands of computers. the north koreans took a vulnerability and modified it into a weapon and applied it recklessly. not the united states. >> you said it's difficult to track crypto currency. what exactly is being monitored. why are you monitoring it and what is the administration position on this seemingly booming industry. >> we don't have a formal position on crypto currency. block chain currency operates in a way that there's great hope and promise, they also have, they present some

security risk and concern for us and so i think what sermons tell you is that i track and monitor this very closely from the security perspective because among other things i'm not only devising on cyber policy but also counterterrorism policy. we want to make sure that this isn't being used for illicit behaviors in a way that we can discover, but we have other people in the administration equally following it for the promise it provides economically and from a trade perspective. we don't have any negative or positive view but we have to monitor closely as this new technology is becoming quite expensive, lucrative deregulation? >> i'm not prepared to say that. >> utterly wet. i'll give you a full briefing on puerto rico, i track it regularly and the safety of homeland security is there toda today, housing is a

major challenge in puerto rico. the governor is doing a great job but he has a large problem here as we move forward with 55% of the housing population in formal housing. powers making strong recovery. we were up over 65% in terms of power restoration which is 65% of the load capacity which is a significant milestone. we were hoping to get to 70 by the end of the year. we will see how that tracks. pretty close to what we set for ourselves. puerto rico is on my mind on a regular basis and the president as well. he sent his officials announced he was happening.

>> today the house approved a tax bill that will make changes to the tax code. the house is set to revote on the bill after the senate made some changes and send it back to the house. the bill passed the house a second time 244 - 201. twelve republicans voted against the bill and no democrats voted for it. the measure now heads to the president's desk for his signature. cspan "washington journal", live every day with news and policy issues that impact you. coming up thursday morning, american university professor and the brookings institution molly reynolds on the legislative and political significance of the 115th congress so far. also, heritage foundation michael sargent looks at u.s. infrastructure policy and spending following this week's am track derailment in washington state. cspan "washington journal",

live beginning at 7:00 a.m. eastern thursday morning. join the discussion. next on c-span2, a hearing discussing ways to improve the procedures for the consideration of executive and judicial nominees. this hearing is a little more than one hour. this hearing will come to order. today the committee will receive testimony on senate resolution 355. improving procedures for consideration of nominations in the u.s. senate. i want to thank senator langford who is here with us today at the table for agreeing to appear before us today to discuss the merits of his resolution. in 2010, this committee undertook a comprehensive examination of the filibus