involves international military intervention. steve said i'm not opposed to militaryizing the opposition, as far as russia, i mean the russian ties to the families. if you think about a counter fa factual, the russians will not have a solid partner, and i think they will not have the base they have in other places and so on. the structural issues play a bigger role. about the u.n. and the opposition and the resolution, i have very little good things to say about the syrian national council, i support the other branch of the opposition which is kind of led by the national

coordinating bodies that oppose the regime and opposes military int intervention. >> so, final words. um, well, i think to speak of the militarization without anying that any militarization will bring foreign intervention will be mistaken, that means that there will be turkish intervention, american intervention and saudi and so on, and the continued iranian intervention, we have seen that already from the iranian and hezbollah's side.

hezbollah has been said to be sending fighters but i've not seen anything to support that. but the leader of the resistance standing by regime has been damaging for the opposition and for himself as well. i don't know what the way is out of this, there are people getting killed every day and protecting civilians through peaceful means, should thinking about protecting civilians through peaceful means should be the priority. and the problem we are seeing today has roots with doing business with dictators and military and having a military economy internally and global and that is what continues and sustains s regimes? middle -- regimes in middle east

and elsewhere, to think it will be resolved by militarization it's not, it means further break down, further violence and continue ed unfortunately u.s. intervenz. i would like to thank all of you for staying with us, it's been a fascinating discussion and i would like to draw your attention to the event we have to evening of march 20th, when we will have wendy pearlman, to discuss her book, thank you all for coming. have a great day. [ applause ] .

and we are live now at george washington university for a panel of former security officials and current congressional staffers who this morning will talk about pending cyber security administrations, they want to talk about a public private partnership, michael chertoff and the former director of national intelligence mike mcconnell, both served during the second bush administration.

>> we are live this morning at george washington university for a discussion of cybersecurity legislation that is coming up in congress, a bipartisan group of senators passing legislation that will address cyber threat that is one of the main topics of discussion. >> ladies and gentlemen please welcome today's special guests. [ applause ]

>> good morning. members of the washington community, trustees, students, faculty and staff of the george washington university, it's a pleasure to welcome you to this forum about a conversation on cybersecurity. it's particular honor this morning to welcome the former secretary of homeland security and former judge for the u.s. court of appeals, michael chertoff and former director of national intelligence and former director of the national security agency and a george washington a lumnist, mike mcconnell. both of these gentlemen have been leading figures in efforts to address the growing cyber threat to our national and

economic security. they will be joined today by senior congressional staff to discuss pending legislation that is designed to shore up the nation's cyber defenses. here at the george washington university, we are in the process of rolling out a university wide cybersecurity initiative that will bring together policy, research, education and training. among the results of the effort that are already far advanced are the creation of a new master of science in cybersecurity, based on our department of computer science and the launching of an executive mba that will bring together our school of business and our law school. it's my pleasure to turn the podium over to the director of george washington's homeland security policy institute and the moderator of today as discussion that i hope you will all enjoy and profit from. thank you. >> thank you.

[ applause ] >> thank you president knapp and let me echo the welcome for all those watching our live web stream and to those here today. we have a good sized panel here which is reflective of the significance and the importance of the various issues we are going to discuss today. one would argue it's taking quite some time to get to this point, as senator lieberman put it, perhaps our system is blinking red in a domain very similar to the days pre9/11, i think that we can all agree that we need to do more in this space and ensure that our ability to protect networks can as much as

possible keep pace with the advances in networking. i'm not sure we can all agree on thousand best get there. i'm reminded to some extent, i'm reminded of the goldy locks story where some say it's too hot and some say it's too cold and others say it's too over reaching. we have some saying not reaching enough and some saying it's just right. but hopefully we will be able to drill down on what some of those issues are. i think in a simple way, we all know that the cyber threat is significant. the scope and scale ranges from foreign nations, i thought it was a powerful piece written in the wall street journal on the activities that the people's republic of china is engaged in. at the high end, you have threat

actors such as that and russia and you have actors such as iran and north korea engaging in this space and all the way down to that which effects us as individuals. our roles as skpconsumers and o ability to have confidence in the system we are using in the cyber domain. i think this is something that touches just about everything we as a society do. we as individuals do. and whereas the tools may change, the technology may change, human nature doesn't, so it effects warfare, finance, business, economic security and down to our individual sets of issues. without going any further, i've already spoken too much. we have two wonderful mentors of mine and people i have the utmost respect for to help frame some of the big issues. first we will hear in admiral

mike mcconnell. he is a gw, alum and former direct of the national security agency, long-term naval intelligence officer, as well as the second director of national intelligence. and he came -- left that role to be vice chair and following admiral mcconnell, we will hear from michael chertoff, he serves on our steering committee, he is a former judge, ran the criminal division when it was a most significant division of the department of justice, before and after 9/11, took on one of the most difficult jobs in the world, was a judge and assumed the role as the second secretary

of the homeland security and following these wise men we will hear from various numbers of staffers who are driving and come to the issue with expertise and are driving various legislation that is before the senate and house as we speak. first we will hear from tommy ross, who is the intelligence lead of the defense lead and cyber lead for the senate leader and the driving force behind the cybersecurity act of 2012. and we will here from senator rossi, he is the minority staff director driving the issues as well as jeff ratnear who works for senator lieberman and much of the legislation that we are looking at build on the leber collins bill and last but not least, we will hear from tom kirkman, in terms of chairman

rodgers and rupersburger bill on the house side and from kevin to hear from mr. lundgren's commission on the security committee. a lot to get out there. we want to have a robust conversation, admiral, the floor is yours, frame the conversation. >> thank you. i appreciate the kind words and remarks. i have focused on a topic that is topical, for 20 years. i had the privilege to serve as the national security agency just after the cold war. and my worry when i checked on board, great contributions in the cold war, but back before world war ii, we were breaking and reading nazi germany codes

in war time and reading them before the field commanders. if you think bit in historical context, a tremendous agency and great contributions and how are you relevant going forward and so, what i was struck by is most of what, and i say had been success in doing this exploiting of the intelligence was wireless communications. one of the things that i was told was mr. director before you leave here, 90% of communications will be in a glass pipe. they were thinking about it in a way that this volume, the global communications flow would be inside fiber optic pipes and

today we are testing a terabit per second. think about that volume. the way i imagine it as a nontechnical person. if the path between washington and richmond is a cow path that, is wireless, imagine a 6,000 lane highway, that is wire. that is just the way to think about the difference. so, i'm starting to think about this early, and first idea was how do we exploit in the nation's interest, exploit, you exploit, that doesn't mean you destroy. it means you read the other guys mail, so you want to exploit and the first discovery was wow, it's amazing how easy it is. they have two missions, code making and code breaking. and as soon as you start thinking, wow, this is so easy in a networked world, what about

us, and then i started to worry about us as a country, and how dep -- and how dependent we are, and we are truly dependent on the digital age. let me jump to facts that i think are debatable. there's not a corporation in the nation that can successfully defend itself, not one. the most sophisticated among those who would protect themselves have been penetrated to the point of capturing source code or business plans or innovation or research and development. every one of them. i remember going back to my experience at nsa in the early '90s about how easy it was. let me give you a way to think about it. if you are in a wireless world, it's data in motion, you have to be in the right place at the

right time. if you are in the wired world, it's put in a safe. in the wired world it's digitally stored. the whole paradigm drifted. i want to make a couple of comments about the bills debated on the hill. first of all, thanks to the members and senators who had the courage to put this forward. it's time. we need it. it's over time in my view. i want to say thanks to the gentlemen to my left and right because they do the heavy lifting. members can do -- can set the trend, but somebody has to write it all down. when i looked at the bills, my view is they're absolutely necessary, but both of them, the one in the house and the one working through the house and the one in the senate side are insufficient. both necessary but insufficient. they're two framing arguments

for concern. there are privacy concerns. we can't allow the government to look at domestic networks for protection, because they may go too far and intrude on personal privacy. that's a very serious concern. it should be captured in the legislation that eventually comes out that that is a violation of law, and i think that would provide adequate protections. on the other side of the coin, we don't want to touch industry with regulation. let me use as an example the cold war. i would submit there were not adequate market forces in the cold war to produce the capabilities that we need to prevail in the cold war. we did prevail. it was largely the contribution of the private sector, because they could build faster and cheaper and better and more productive and so on, but it had been harnessed in a way that hard decisions that needed to be made. we had a national consensus. both parties were in agreement.

we wanted to contain communism, so we did that over a period of approaching 50 years. in my view we are facing something that is as dramatic, as significant, but there's no forcing function to cause us to do the things we need to do. here's my example. there are unique things the government can do, only the government can do, and we need to harness that capability. i mentioned nsa and code breaking. nsa can see the globe, see it at network speed, network speed. what does that mean? fo tokyo to new york is 30 mil milliseconds. if you see it, it has to be seen with machines. if you react to it, you have to do it with machines. if you see an attack or a penetration or whatever it might be, you have to block it at network speed. the current drafts, while they're very important and we need them, the concerns about

privacy and the concerns about regulation that might touch industry are not allowing us yet to get to the point where we do the things in legislation to set the legislative framework to allow us to harness the best of government, what's needed from government, what's needed from the private sector in a way that we share the information and move at network speed. there's information in both drafts about information sharing. having been an observer and a participant in the government side and private sector side, particularly focused on information sharing, i submit that unless it's required by law or its an incentivized in a significant way, you will not have information sharing. it will not happen. i know that from firsthand experience in my time in the military in the various agencies

when i saw agencies with similar missions that perceived themselves to be in competition and they absolutely refused to cooperate or share information. as a warm-up, frank, thanks for the time. i hope i didn't go on too long. >> i'm sure others will have views on that. secretary. >> thank you, frank. i want to thank president knapp for hosting this and, frank, for you moderating and setting this up. it is a very opportune time to talk about this issue. i want to -- in addition to agreeing with everything mike mcconnell said, i'd like to underscore the importance of the fact that congress is really taking this up. you know, we're at a time when people say not much gets done in washington. this is actually an area where there is an urgent need and it's good to see something is getting done. it may not be that the bills that are being discussed are the end point, but they're a good starting point. i wouldn't want to lose a good

start by making the enemies. let me cover three points briefly. one is is this a serious problem? probably for the people sitting in the room and maybe p many watching on c-span, it's an obvious yes, it's a serious problem. i will still tell you that you will find significant pockets of people who will say, it's overblown. it's not that big a problem. it's a little hard for me to understand that, because when i open the newspaper every day, i see stories about, for example, nortel, the canadian communications company, which was reported in "the journal" a few weeks to have had an advanced persistent threat, basically wholesale theft of its business information and data for over a decade going to another country. that's in the "wall street journal." that's a serious issue. many of us red about the stock

net. i might think to myself, well, the outcome of what i read is a good outcome, but it raises the question could that be done to us? even at a less sophisticated level, the rise of hack groups, like anonymous, that look to target enterprises by interrupting them or penetrating them and releasing proprietary information is becoming an increasing problem. so you really have to either have your head in the sand to think it's not an ongoing, serious economic and security issue, or you have to simply view it those as not being serious concerns. i have to say at a time that we worry about whether we're losing jobs and losing competitively in the globe, at a minimum we should insist on a fair fight, meaning that we don't get our stuff stolen from us. i think the problem is very real. here's the challenge. unlike other security problems we dealt with, in the world of

cyberspace it's much more complicated. first of all, the battle field is not just at the border, at the perimeter, or overseas. the battlefield is here at home. it takes place in the private sector's own networks. most of the targeting here and most of the impact is felt not by government agencies necessarily but by the private sector. unlike the traditional notion of security where the government owns the whole thing and unless you have private bodyguards you're basically a bystander. in the area of cyber whether we deal with exploitation or attack, the private sector is very much a combatant in the middle of the problem. the assets are the private sector being taken, and it's ultimately the private sector's operations. it's control systems that are some of the highest value targets in this area. another challenge in this is the issue of interdependence. i'll talk a little more about

that in a moment. basically unlike what we've seen in terrorist attacks where people die and it's a horrible thing, things get destroyed, but that is essentially the target. that's where the impact is felt. in the area of cyber, particularly when you're dealing with attacks rather than exploitation, the collateral consequences and the interdependencies are global. they cascade. so the idea that i can watch my own domain or watch my own little enterprise and i can take care of myself really misses the fact that everybody's enterprise, whether it's a government enterprise or private enterprise, is dependent on the acts and omissions of everyone else on the network, and that makes it much more complicated. the last challenge is the very nature of what the internet is culturally. you know, the internet grew up

with the assumption that those people participating in the network would be trusted people who had a commonalty of interests. so the fundamental architecture of the internet is a presumption of openness and accessibility. you can get to any data anywhere as long as it's connected in some way through a network wire or wirelessly. from a security standpoint, that's the exact opposite of what we have accepted as the premise of security in prior centuries where you locked things up if they were valuable. you put nem in a safe, as mike mcconnell said, and putt them in europe desk drawer and someone had to get into your space physically in order to see what you had and perhaps to steal it or destroy it. that presumption of openness, which is a good thing, challe e challenges us in terms of how our security operates. with that as a background, let me talk about the bills for a