cherry blossoms would represent free peace. i would say brightness. it comes in spring and the whole tree is flowers at the time. it brings brightness into town. second is beauty, of course. you don't need the explanation there. the third is briefness. it is only a week or ten days. it is a very short period. the flower petals will not cling on to limbs. they disappear. the green leaves will take over. you don't see worn out flowers hanging on. in the spirit of the beauty and briefness is said to be representing some of the japanese spirit. >> the history of washington's cherry blossoms.

our conversation with ichiro fujisaki, the ambassador to the united states. marking the centennial of the cherry blossoms along the tidal basin. thank you for being with us. ♪ >> we will continue the conversation tomorrow morning at 7:00 a.m. eastern time. 4:00 for you on the west coast. the topics, the situation in syria. we will be joined by ellen touscher. she is also a member of the atlantic counsel board of directors. we will talk about the faith-based initiatives and the debate over birth control and a roundtable discussion on the u.s. and global economy. new jobs numbers out tomorrow. thanks for being with us on this

thursday. i hope you enjoy the rest of your evening. coming up up here on c-span 3, representing testifying on efforts to secure their networks from cyber attacks. then a senate hearing on the situation in syria. after that, military officials discuss options for dealing with iran. later, david petraeus discuss the future of the agency. at&t, comcast and blackberry executives discuss on the cyber security on the networks. according to a recent gao report, cyber attacks have

increased 500% in the last five years. this hearing is two hours and ten minutes. >> we'll call to order the sub committee on communications and technology for a hearing on cyber security. the role of communication networks. i want to thank our witnesses for being here this morning. we look forward to your testimony and appreciative of your time to help educate us so we can do the right thing in terms of assisting you all for the cyber networks. back in october, the house republican cyber security task force recommended that the committees of jurisdiction review cyber security issues. this sub committee has embarked on a series of hearings to heed that call and get a picture of the cyber security challenges that our nation faces. in our february 8th hearing, we examined threats to communications networks and

concerns of the private sector security firms helping to secure those communications networks. that hearing provided us with valuable information and even some potential solutions. this hearing continues our sub committee review of cyber security issues with the focus on the steps that network operators have taken to secure their networks and any recommendation s that you have that congress can help in those efforts. as we heard in the february hearing, threats have come a long way in a very short period of time. before coming to congress, i spent 22 years as a radio broadcaster and as a small business person, i worried about securing our communications network. those were simpler times. networks of all type, cyber security is a pressing concern. we had a dizzying array of threats discussed.

like supply chain and bot nets and spoofing. on the brighter side, we were told about several solutions to make communications networks more secure. this is why i asked a number of my colleagues on the sub committee to serve as the communications and technology cyber security working group. the working group is a bipartisan team of six sub committee members led by lee terry and ranking member anna eschu. we will look into the regulatory impediments to securing the networks against the threats. with the eye to incentive-based approaches, we look to facilitate among private sector on the number of topics. including dnsscn adoption, supply change risk management and code of conduct and best practices for network operators. we are privileged to have five

witnesses that represent the commercial network to help us through the issues you face. networks own and maintain the infrastructure that makes up our communications networks. management of the wires and towers and base stations and servers and wireless hand sets that are integral that puts companies on the front lines of cyber security. i want to know what cyber security services and educate al initiatives that that are aimed at your consumers. what is making up communications networks and what steps network operators have taken to secure the supply chain and prevent cyber attacks? i expect to hear what you think the appropriate role of the federal government is to combat cyber threats. are federal laws helping or hindering information sharing? are there cyber security solutions that your companies

have identified that would prevent cyber attacks but would run an foul of the existing laws? how would members of the private sector help in the arena? how do we make sure we don't put things in statute that cause misallocation in the statute? i yield my time. >> we are deeply appreciative of your time for being here. >> could you get closer to your microphone? >> i certainly can. i am a mother. i can always talk louder. that's right. the gao report that mentioned -- we have scenes a 650% growth in

cyber attacks over the past five years. i think that caused a lot of people to, you know, sit up and take note of what might be happening out there. you look at the attacks and what it equates to on the affect of the economy. chairman bonomack and i are looking to security i.t. from the senate. i think the concepts we are reviewing are not to be overly prescriptive and do no harm. i would love to hear you all talk a bit about government networks and the importance you think and responsibility you think government has in securing its over networks and systems. then i would love to also hear a bit from you about incentive-based security and how we approach that. with that, i yield back. >> thank you.

i recognize my friend from california. >> thank you, mr. chairman. welcome to all of the witnesses. thank you for being here today. as the title of today's hearing suggests, communications networks is part of the critical infrastructure from electricity generation to finance at services and transportation. we depend on our communications networks for nearly all aspects of our daily lives. yet, as was highlighted during our first cyber security hearing, our networks remain vulnerable to attack. in particular, there are three areas i would like to hear more about from our witnesses today. first, as we discussed in the last month's hearing, the fcc chairman is proposing a voluntary isp code of conduct as a way to alert consumers when a bot net or malware infection is discovered.

today's witnesses will be on the frontline in ensuring such best practices are effectively implemented and obviously i think that you will talk about that. i look forward to it. second, i would like to hear more about your views on this supply chain security. i continue to have grave concerns stemming from my eight years that i recently completed at the house intelligence committee about the implications of foreign control tell communications infrastructure companies providing equipment to the u.s. market. in 2010, i wrote to the chairman asking for a better understanding of the fcc authority to address the challenges and what kind of transparency requirements should be placed on companies seeking to sell telecommunications infrastructure equipment to u.s. network providers.

third, i would like to learn more about any unique challenges in securing mobile networks. as more data is transmitted wirelessly, we need to see how the networks are secured to make sure they are not the entry way into the broader network. again, i want to thank each one of our witnesses for being willing to testify today to be instructive to us. i want to thank the chairman for the spirit of cooperation around this issue. usually, there are democratic witnesses that are called and republican witnesses. that's not the case today. so, this is something that rises above that. i look forward to working with the entire committee so that we not only better understand the cyber security challenges facing

communications networks, but what steps we can take to secure them and strengthen the country. let's see. i would like to yield the remaining time to representative matsui. >> thank you for yielding your time. mr. chairman, thank you for holding today's hearing. i want to thank the witnesses for being here today. there is no doubt the cyber attacks are real and continue to pose significant threats to several aspects of our economy. mr. chairman, i'm pleased that you and ranking member eshoo formed the group to explore the interests to enhance the nation's interests. there are a variety of issues we may explore. communications networks are one of the many areas that our nation must protect and ensure safety and soundness. advancing ip technology

heightened the concerns for cyber security. it is important that data is protected from a pc or cell phone to transit to cloud courage. particularly as more and more americans send more information to the cloud. i also believe the sub committee will have the ability to promote information sharing on cyber threats. securing the supply trade will be important to tech can be secured through the manufacturing processes. among others, i believe that r & d incentives could explore ways to defend against malware and bot nets. i look forward to give greater protection against cyber threats. i yield back the remainder of my time. >> i thank the gentle lady for her comments. i recognize mr. terry for opening comments. >> thank you, mr. chairman.

let me start by saying most of my colleagues share my optimism that a collaborative, active cyber defense ability is achievable. there might be a few differences in opinion on what needs to be done to reach the goal, but through the bipartisan conversatio conversations, we are getting closer. in reading through the written testimony provided by today's witnesses, i noticed a common thread throughout. as mr. amaroso eloquently says, quote, quite simply, innovation is inconsistent. i agree. with my opinion, i find this to be the most vital guiding principle in enhancing our cyber security. as i continue to dig deeper, i become more convinced that the effort to provide overbroad

regulation or certification regimes has consequences. i believe isp should respond to realtime security threats in a manner that minimizes delay and maximizes the ability to protect consumers and their network. a couple of things we can do to help reach the goal of collaborative active defense capability or remove the current barriers in place to prevent communications networks with the government agencies is with the private sector entities. provide adequate liability for the cyber threat sharing is second. i yield my time. mr. stearns. >> i think our message is today that the private sector has

strong commercial incentives and maintain robust cyber security. each of our witnesses today described unique approaches to protecting their own networks. these examples demonstrate that one size fits all legislation. it is not the appropriate legislation to consider these threats. because these threats change every day, industry must be responded quickly. i feel the government mandates are not only unnecessary, but they simply will not work. instead, government should seek to improve information sharing and consumer education of the we also should work to eliminate outdated regulations that have created unintentional barriers toward ensuring the security of the networks. i look forward to our witnesses today and i thank you, mr. chairman, for this great hearing. >> are there any other members seeking time on our side? if not, the gentleman yields

back his time. i recognize the gentleman from california, mr. waxman. >> thank you, mr. chairman. i'm pleased the sub committee is here. every week, we learn a breach of vulnerability. it is vital we are paying attention. like the smart grid, which was the topic of our last hearing by the sub committee, it was a sub committee on oversight investigations. communications networks are vulnerable to cyber attack. the potential for disruption are high because communications networks are the common thread to all critical infrastructure sectors. in fact, the public safety legislation that was just signed into law exemplifies these concerns. under the new law, the first responders will rely on broadband to secure the safety of life and property.

that will strengthen their ability to protect the network. today, i look forward to continuing the discussion of the security threats faced by mobile devices and the role for ensuring cyber security. our witnesses today represent a broad cross section of internet service providers as well as a hand set manufacturer. this should further help our understanding of what risks threaten the networks and what companies are doing to mitigate the risks and what the sub committee will do to help in these efforts. i believe the federal government has an important role to play in the nation's communications network. one important federal role is developing practices that will keep the internet safe. the fcc upcoming release of the cyber best practices report developed by the communications

security reliability and inter operable council such a long name reduced to srioc. i understand the chairman is planning a third hearing with government agencies. i commend him for this series of hearings and look forward to what our witnesses have to tell us. i want to thank you, mr. chairman, for organizing a bipartisan working group to study cyber threats and inform the committee of the findings. this is a good opportunity for staff to work together on the issue of common concern the i look forward to hearing back from t for further actions. thank you for the hearing. i thank the witnesses for being here. i look forward to the testimony. i yield back. >> the gentleman yields back hi the committee. we need them all to protect

america. thank you for agreeing to serve on that working group. gentlemen, we are delighted to have you hear today. we will start with mr. levingood. we appreciate you being here. from comcast corporation. thank you for being here. just a friendly reminder, being a radio guy, pull the microphone close and make sure the button is lit. >> thank you very much, mr. chairman. ranking member eshoo and members inviting me to discuss the work that comcast is doing to discuss consumers in cyberspace. we appreciate your interest in the issue and thell me, an engi working on cyber security and other issues every day. i serve as vice president of internet systems engineering at comcast. i'm the engineering leader in charge of the high speed internet service. i currently serve on the fcc

working group on security and stability advisory committee on the broadband internet group and board member of the internet society. i am a contributor of the task force. at comcast, we take cyber security issues seriously. we know our customers are concerned about security. we strive to provide them with the best, fastest and most secure internet service possible. we engineer -- our engineering team devotes significant time, energy and investment to update our cyber security efforts. one such threat that we focused on comes from malicious software called bot. it runs on the ends user computer and controlled remotely. they are used for fraud and steal user name and send spam. it is important to understand

that a person need not consequently do something like downloading an app to be infected. you can be infected by using a web site. to counter bot, we have a customer facing system which first detects bot net traffic and notices alerts and providing them with tools to remove the infections. another area of threat is to the domain name system, which is a foundation and extraordinarily important and critical part of the internet. the domain name system or dns for short is responsible for translating names like comcast.com into ip addresses which are the addresses used to connect and route traffic across the internet. it is extremely important. a vulnerability can prevent an attacker to inject a fake answer. an attacker can direct traffic

to a site like a banking site to computers that they control to collect log in information. the address in the web browser still appears correct. the long-term fix is to implement extensions or dns extensions. this involving someone doing two things. signing the domain names they own and service providers validating before connecting a user to that site. this is basically akin to a bank keeping your signature on file and cashing a check. it is important to note that the dns was developed on an international stake holder process at the itf and will require adoption across the ecosystem like banks and web browsers and cloud. i'm pleased to report that as part of constant regard, comcast

was the first to employ this in january. it is important to understand that no open network can ever be completely and totally secure. our focus has been to roll up our sleeves and get to work chipping away at the security threats day in and day out. quickly learning and adapting. we are working within the industry and on a global basis to combat the key threats to protect our customers the best we can and to help them protect themselves. they are powerful incentives to take strong and effective measures and ensure network security and safety. our consumers want assurance that the networks they are using are safe and secure and we have strong reasons to invest capital and resources into cyber security safeguards. the same is true for other network providers. we all have power incentives to

take action to secure our substantial investments in our networks. policymakers can help these efforts by removing uncertainties that can inhibit collaboration while strengthening the flexibility to provide the best solutions for our networks. as a member said a moment ago, there is no one size fits all solution. so flexibility is key and it is important because the threats change as rapidly as they do. flexibility will help to ensure we focus on security and innovation rather than comp compliance and regulation. thank you. >> thank you, sir. we appreciate your comments. we'll be back to you with questions on the specifics of what those uncertainties are in the law. we are now delighted to have dr. edward amaroso with us. he with at&t services. doctor, we are glad you are

here. >> great. thanks. i'm ed amaroso. i have spent my entire adult life in cyber security. in fact, as a teenager, my dad was a computer scientist. i have been in and around this forever. i started work at bell laboratories. i found i was a pretty good hacker. i had been doing that ever since. now i'm the chief security officer. i kind of come at this with, you know, a very practical perspective on threat. there are three things i want to share with you that i think are observations that might help you as you develop legislation. they are based on imperial day-to-day dealings with security issues with our mobility network and wire line network and entire fortune 1,000 in lots of different countries. i do that all day long. i wanted to share.

the first one is about innovation. we are being out innovated by our adversaries. i don't know if you ever bought a piece of furniture and taken it home and admired the handy work. that is what we do with the malware. it is so good and so well crafted that we marvel at how far the adversary has come. these are not script kitties doing dopey things. these are pretty good. i don't know if you watched "60 minutes." you saw that piece. that is an incredible piece of computer science. that worm. i think we need to recognize that whatever we do collectively as a nation, we need to figure out a way to incentivize companies and government agencies to innovate in this

area. we will be in trouble if we don't. i think everybody on the panel would agree with me. the best state of the art security protections that any one of us can put in place will not stop at a determined adversary in 2012. that is a fact. we need to do something to get ahead of that and the way you do something is you innovate. you need to do something to get ahead of it. part of the problem with pre-scripting an answer to everyone, we will all do the following. it is like every nba team publishing their defense. this is what we are going to do. do you think the adversaries don't read your legislation? you lay it out and you say, okay. i will step around these things that you are doing. that's just a practical issue in cyber security. this is not, you know, the kind of thing where we can all kind of do common sense stuff and it will fix it.

there are a million things in our lives if we all go back to the basics and do a set of common sense things that will make things better. we all live our lives that way. cyber security doesn't work that way. we are dealing with an adversary. the first issue is innovation. the second is infrastructure. i think everybody at this table would agree that complexity in infrastructure is the biggest problem for cyber security. when things get way too complicated, we can't keep track of it. it becomes almost impossible to protect something that has become so big and complicated that you can't get your arms around it. part of the problem with the dns and others, which have clearly benefits. i certainly agree with a lot of the points that were made. they add complexity. the way to think a dns sc is, i'm such and such and i aro