litigation. the federal government has put a gun to campuses if they don't regularly report sexual assault. and applying the policy i read young men and young women are now at risk of being accused of rape and harassment and prosecuted on our campus in campus tribuneles which do not have to apply rules of due process if they simply engage in sexual jokes and unwanted flirtation. the age of niro. ask me more about this in the q&a. so let's go back to the trigger warning originally used for the mentally ill to help prevent traumatic stress disorder. triggering now the latest rage on college campuses. recently passed a resolution urging university officials to institute mandatory trigger

warnings on class syllabi. professors who offered content who may trigger on set of symptoms of post traumatic stress disorder would be required not only to provide advanced alerts but also permit students to skip class. if you don't like what someone says you can avoid the subject rather than facing it. in this world, sensitivity and civility are deemed equal to or in fact superior to academic freedom. a point recently made by the chancellor of uc berkeley to allow disapproval. but in the words of scholar steve woodward, if we make the fostering of friendship, solidarity, harmony, civility or mutual respect, primary and dominant value, then we risk sacrificing the university's

central purpose, teaching and scholarship. central purpose. when i was first approached to give this talk, we explored a number of titles, including political correctness and it's impact on american competitiveness. in an important way, i think this title understands that what happens on college campuses does not stay on college campuses. first amendment scholar outlines the problem. administrators on campus, he writes, have been able to convince well meaning students to accept outright sensorship by creating the impression that freedom of speech is somehow the enemy of social progress. when students begin leaving college with that lesson under their belts, it was only a matter of time until their motivation of bad intellectual habits on campus, started harming the dialogue of our entire country. what happens on our campuses profoundly influences what

happens in our businesses, in our hometowns and in our policy making. and i think woe should be concerned. when students are not empowered to speak for themselves, when they're not presented the multiple perspectives and disciplines, when we are led to believe can be free from -- and and they are being deprived of the education they deserve and all of us are being deprived of the thoughtful citizens, prepared workers and life long learners that our society requires. ask most employers and you'll understand what i mean. they don't blame political correctness exactly but they do say in large numbers that they are seeing college graduates who cannot think critically, write clearly and who are historically illiterate. the last two surveys found a

majority were unable to compare perspectives in two editorials. recent surveys conducted for the american council of trustees and alumni found college graduates could not identify the terms of the members of congress. they did not know that the constitution provides for the separation of powers. they thought that d-day occurred at pearl harbor. now, it is true and we can all agree that knowledge is more than rote learning. when courses don't provide a broad sweep of history and the intellectual tools to put the issues into a meaningful context and when speech code kujs that free speech must take a back seat to sensitivities we should not be surprised that college graduates are not prepared for life after graduation and choose to impose the same principals and same constraints that they learned on the college campus.

where does social hygiene and impersonal liberty and privacy begin? in research now underway she has found political intolerance has increased among people graduating from college after 2000. she has found students are accepting speech limitations and speech codes more so than in the past including banning certain books and controversial people from teaching. we have taught this generation that protecting people's feelings is more important than the search for truth and while speech codes and other symptoms of the politically correct university were aimed to protect minority groups students today do not discriminate leaving that anyone who says something offensive to anyone should be restricted. in the wake of uc irvine's

student effort to prevent the israeli ambassador to the u.s. from speaking former assistant president explained what he believed had happened. they believed that constitutional rights were for marginalized groups and not for the privileged. these students took it upon themselves to define privilege and made it clear that jews were among the privileged, not poor, not marginalized, not the object of empathy. no need to protect the free speech of jews. every reason to silence them. in a book entitled freedom from speech and i urge it for all of you, alarming picture is painted. the national obsession with punishing jokes, rants, drunken tirates and even deeply held beliefs shows a growing hostility towards free speech. people all over the globe are coming to expect emotional and

intellectual comfort as though it were a right. on the pc campus respect for the authority of ideas takes a back seat too often to the idea of authority. now, i'm happy to report after all of this that the american council of trustees alumni is not all glum. i am pleased to announce positive action. in late august a group of distinguished policymakers convened by the american council of trustees and alumni came together to demand a different academic culture. the report governance for a new era chaired by former yale president was one of the first to talk about challenges of political correctness and signed by such luminaries as former governor of michigan and president of the business round table, jonathan cole, michael

crow, president of arizona state is bold and to the point. they called on colleges and universities to put an end to disinvitation, insist on disciplinary diversity and to demand the integrity of the hiring process. they call on college and university leaders to make clear that a diversity of opinion is essential and the free exchange of ideas is the bed rock of a rich education. they urge presidents, deans and faculty to address entering students on academic freedom and freedom of expression. we have seen this happen with a powerful welcoming speech by the yale president to incoming freshmen. these leaders state boldly and i hope you will agree that american universities must return to first principles. they recognize dominance of political correctness amounts to

nothing short of a war on youth endangering our next generation of leaders. they recognize that american higher education has long been the envy of the world and that it will continue to be only if true academic freedom returns as a campus value of paramount importance. i thank you and i look forward to q&a. [ applause ] today we are enjoying a forum. we will return to our speaker momentarily for a traditional question and answer period. we ask you to start formulating your questions now and try to keep them brief and to the point. we welcome all of you. television broadcasts of city

club are made possible by cleveland state university and pnc on our live webcast and supported by the university of akron. one week from today, on october 10, city club welcomes steven veters, chief executive officer of partners of americas. today we welcome guests at the table also by western reserve partners, we thank you very much for your support and we also welcome students from two high schools, sharden high school and maple heights high school. student participation was made possible from general gifts from the corporation. please stand up and be recognized. i'm sure you're starting to [ applause ] formulate your questions right

now. and speaking of which, we would like to return now to our speaker for our traditional question and answer period. we welcome this from everyone here today, including guests, holding the microphones today, are marketing an outreach specialist, kristen bianca and teddy isenberg. >> ms. neil, thank you for your remarks. you describe an alarming situation. my question is, how did it come about? is it generated by students? is it generated by students influenced by faculty, who tend to be tenured and largely one political mindness? give us some clarification of this. >> we could go on for some time, couldn't we. i think there are a number of causes. we can look in the '60s when what is known as most modernism

believes things are relative and it looks at issues in terms of power. and i think that many of the post-60s faculty very much subscribe to that philosophy and so that philosophy increasingly became part and parcel of what we have seen on college campuses. i think that is very much the case. i think there has been within the hiring process. the question of whether or not in one. we have looked at this and i think it is fair to say that a number of studies would argue that many faculty members are more of one persituation than another. our basic perception is that in

and of itself is not important. what we get back to is professional responsibility and professional rights. this gets back to the academic freedom definition. when i told you in 1915 academic freedom was a two way street, freedom to learn and faculty's freedom to speech. one thing that has happened in the last 40 or 50 years is a de-emphasize on a student's learning and emphasis by faculty on their right to teach. there is a fundamental misunderstanding on the part of the regular public but the faculty as to what are the limits and the framework of academic freedom. we have seen a growing sense that academic freedom could be used as an excuse for irresponsibility in the classroom. aaup had a committee a which was to be focusing on rights and

responsibilities and were also going to have a committee b to look at and police themselves in the event that they were not showing professional responsibility. that committee was never realized. i think that has been one of the larger problems in the academy in that the faculty have not been willing to police themselves. the 1915 statement i think quite rightly says that we do not want to be policed and it is incumbent upon ourselves and us faculty to police ourselves because if we do not others will do that for us. i think that is a situation where we find ourselves now. many are concerned, rightly so, on the outside. trustees, policymakers, that we are not seeing the students freedom to learn and the faculty's freedom to teach, that true academic freedom should be. it really is a defining moment for many faculty as they hear

very legitimate complaints from the outside about whether or not they are properly preparing the next generation. >> do you think before sensitivity reared its ugly head there was incense tivity that sensitivity was responding to before anti-harassment policies came into effect do you think there was a problem with harassment and now that the situation has gotten, as you have described it, where do you find the middle ground? and what are the trustees and alumni and trustees doing about this or other interest groups who may have a problem with these kinds of policies? >> well, i think you have to be having distinctions between things that are illegal and things that are not. i think the definition of sexual harassment these have gone so broad that they are no longer getting at what is illegal and

they are including vast expans of protected speech. i think you are right. we don't want to have a college campus that is rude and is engaging and intimidating. i shouldn't say that -- maybe rude. we don't want a college campus that is engaged in intimidating, persistent intrusion with people. there are -- that is a level of persistence in intimidation that we are not finding as the line that is drawn by most institutions. i think in an effort to respond to a desire to treat people fairly and nicely we have gone overboard and then as a consequence now find ourselves in a situation where too many things are offlimits. >> professor kent state

university i deeply appreciate your comments. i'm wondering if the priority of putting political correctness ahead of discourse is that our society, instead of it being a cause that it is a symptom of a broader thing that our society has lost its appreciation for the well reasoned dispassionate discourse of controversial ideas in lieu of the entertainment value of discussion of controversial issues. jerry springer show, things like that m that. >> i do think that they have perpetuated an atmosphere on the college campus which is not open, which is often not open to the free exchange of ideas. so people who dare to have a different opinion whether or

race, class and gender or climate change or whatever more often than not silence themselves. rather than complaining about entertainment i think as we look at our public discourse which has become increasingly sort of shouting rather than engaging, i regret to say that i do think we have led students on into believe that sensitivity and civility and not disagreeing is more important than having a robust exchange of ideas. while the entertainment may play into that i feel that we have to really point our finger at our academic institutions and that the health of our society depends profoundly on the health of our educational institutions. i think this is one pathology that we need to worry about. >> what influenced you to focus

on political correctness? and have you witnessed or experienced political correctness in your lifetime? >> i started out as a first amendment lawyer so i have always been interested in first amendment areas. as you heard from the head of the organization there have been any number of recent speeches where people have been shouted down and were not allowed to speak. and so this is something that deeply concerns me because i think as i articulated whether it is thomas jefferson or others, the ability to hear differing perspectives so that one can weigh them one side or the other i think is very, very important. it has been a bed rock principle first amendment. i think we can also look at others. what did he say? if you have offensive speech what is the best answer? more speech, not less. i think it comes from my love of the first amendment. i was a journalist for a period

of time. i grew up in a journalistic family. i think the first amendment and exchange of ideas is essential and i think most profoundly in the country we live because our democratic public relies on educated citizens. all of our founding families were emphatic about it and were also college and university trustees. they understood that our educational institutions were instrumental in preparing us for effective citizenship. that is a long answer to your question, thank you. in around years there have been a significant number of very large contributions to american universities coming from foreign governments and from individuals who have specific agendas. sometimes these gifts have resulted in chairs being named and departments of studies being

established. to what extent do you think that these kinds of contributions which are important to universities constitute a problem for academic freedom? >> i think you put your finger on a very serious potential threat to academic freedom. i urge you all to take a look at a booklet that we have put out called free to teach, free to learn. one of the topics it talks about is the influence of foreign governments in college and university campuses. i know you all probably read about some of the confucius institutes as a fear that the governments were paying their way into college and university campuses to put out a particular view point. i think colleges and universities have to be very, very careful before accepting those kinds of gifts. the whole point of academic freedom is to follow truth wherever it may lead. if a gift is so prescriptive

that it means certain areas areoff limits then it underlines academic freedom. we often help donors who would like to see certain areas of a field covered on a college campus. so, for instance, if someone wants to introduce a free market economics course and it's not otherwise available we encourage donors to do that and we do it because sometimes students cannot find otherwise on campus exposure to those areas. it does raise even in those instances questions of academic freedom that has to be looked at very closely and also under scores the institution's failure itself to provide that diversity of perspective that it needs. so it is itself correcting. the institutions if they are open to a diverse or disciplinary and other

perspectives and make those available they will find themselves less in the difficulty of dealing with donors who want to prescribe a certain thing because they will already have done it on college campuses. >> you have a broader perspective than most. so i ask you what pattern, what emerging trend do you see in the envisioned role of three hallowed parts in our educational system, high school, college and post college study, advanced study? on two metrics, one is protection of students. let's focus just on the students for a moment, protection of students from adverse things that might happen to them and also on the metric of breadth of study, broad versus specialized and narrow. i see high school in a very special way, college in a different one and advanced study

differently but i would like your views. >> i think you are right. i think in years past and i think you can rely on high school to provide a solid general foundation of exposure to foundational areas of knowledge. i think for better or for worse that has not been the case. so colleges and universities do find themselves having to provide that foundation that some of our high schools have not been able to do. as i indicated what we are finding today is what i like to call the anything goes curriculum. this gets back to the very first question. you had the influence of post modernism. post world war ii our colleges and universities have been swimming in funds meaning the spigot was on ever since the gi bill. universities really did not have to pick and choose.

they could keep adding. at one point it was called education by adding machine. i think professors had things they wanted to teach. schools didn't have limits on their resources so it was easier just to let teachers teach more and teach more and so now what we have are often hundreds or thousands of courses that will meet distribution requirements rather than a prescribed liberal arts education that ensures that foundation. why is that foundation perhaps more important than it was now? because you were getting so many students coming from very different preparations. and a general education curriculum that is well structured can help bring people from very differing preparations together over a certain set of common material. this gets back to the earlier

question i think we worry about the range of civil discourse. this gets back to me for a lack of a common foundation. thomas jefferson days if you looked at madison and jefferson they could be sure that they knew what each other was talking about. they had read the same things and had that same foundation. lots has happened since then. many more things to look at. i do think that colleges and universities are missing out on using the curriculum to provide that common conversation that can help us unite. it won't mean that we all agree but we will have a foundation on which to have a discussion. i see these kids today who love to watch the voice and other shows. i love those shows, too. i think one of the reasons they find them so enjoyable is that

becomes the common conversation that they have instead of talking about a book they are reading in common they are talking about "the voice" or what they saw on television. i feel we are at a time where we can help that common conversation and help our preparation for life and for community and for civic engagement if we go back to a much more structured curriculum that will ensure that we all have that broad exposure and that will also make us much more nimble in an economy where between the ages of 18 and 45 on average someone will have 11 different professions. having that foundation and having that breadth i think is what in our current economy we really need but we don't have. >> you have essentially made the argument for the small liberal

arts president who says we need a basic liberal arts agenda for our students. my question is, one is can you give us examples of colleges or universities that have kept a broad curriculum with standards and people who have resisted political correctness of disinviting speakers. and the second part of the question is are these positive examples more typical of small liberal arts colleges, larger public institutions or maybe the group in between, the regional colleges, the sort of mid sized like cleveland state here university. >> we did an assessment of the top rated liberal arts colleges according to u.s. news and world report.

and i must confess to you that these are probably the worst when it comes to having prescribed liberal arts curriculum. we often hear that people no longer appreciate liberal arts education. we often hear this from the campuses. after we did this research to see what was the framework of the curriculum offered to the students we came away with the conclusion that there was nothing wrong with liberal arts. what was wrong was the way colleges and universities were imparting the liberal arts. it was a self-inflicted wound where essentially, again, you can go to amhurst, they pride themselves in saying we don't have anything that we require. we allow students to make their own curriculum. i'm not denying that the kids that go to amhurst, it is a highly selective institution, it has many, many very smart students and i'm sure they are well-prepared. it is interesting to look at a

new book which i commend called "academically adrift." it was put out by the university of chicago. what they found there was that after $200,000 of investment students were graduating with very little cognitive gain. in the first two years they found that only 45% had cognitive gain. in the six years and in the six years only a third showed cognitive gain. within institutions is where they found greater variety. so you might be well prepared coming in but there is great vargz within these highly selective institutions so that some students are being allowed to graduate without that foundation and that fundamental strength that they need and should merit coming out of a very pricey liberal arts

college. do i have examples of very good places? they have been attentive to tuition and do have a strong curriculum. in terms of others there is a small liberal arts college in oklahoma in the college of oklahoma arts and sciences, a very strong curriculum. bluefield college in virginia a very strong curriculum. there are schools in fact interestingly there are schools now which are viewing this as a means to carve out a niche. if you send your child to our institution you can be assured

that that student will receive a strong core curriculum. this isn't to say that you can't get a good education at almost any institution. you can. you can but you will have to do it yourself. it is believed it is incumbent on the adults who are in charge of our colleges and universities to make the choices and to make the judgments about what students need to know and be able to do because if they are not going to make those judgments then i can sit at home and take and do the teaching company and teach myself and make my own judgments because that is what i would have been doing at the college campus but i will be $200,000 wealthier. i think this is really what we are calling upon. it is a hard job. it's a job that faculty don't like to undertake because all faculty are in fields that they

love. each feels his or her field is the most important field but you can't teach everything in your four years and i think that it's important for institutions to have this debate. they won't all come out with the same answer. but they will come together as a community to try to decide what they believe a graduate at their institute should know and be able to do that way the market place will have a sig niifier. they will know if you go to this place you will have this kind of education. the way it is today it is so diffuse and pick and choose on behalf of students. an employer can't know what that particular graduate would have studied or will have learned because there is no set curriculum that can be guaranteed.

[ applause ] >> we have enjoyed friday forum. thank you very much for your informative remarks. thank you ladies and gentlemen, this forum is now adjourned. coming up here on c-span 3 discussion on public health emergency preparedness. the u.s. council will talk about how the community is adapting to

new national security challenges hosted live at 5:00 p.m. eastern. congress returns from recess today. the house debating ten bills including one addressing threats of electromagnetic pulse events. members of the congressional black caucus will give speeches on situation in ferguson, missouri. the senate has scheduled votes at 5:30 eastern and off the floor in both chambers lawmakers will continue work on a 2015 defense programs bill. you can watch the house live. and two members of congress who are not going to be on capitol hill today, louisiana republican congressman, bill cassidy and democratic senator mary landrieu both campaigning for a december 6 runoff for senator landrieu's seat. they face off in a debate tonight. you can watch live on c-span 2.

>> with live coverage of the u.s. house on c-span. here we compliment by showing most relevant congressional hearings. and then on weekends c-span 3 including six unique series. the civil war's 150th anniversary. american artifacts touring museums and historic sites to discover what artifacts reveal. history book shelf, look at best known american history writers. the presidency, looking at policies and legacies. lectures in history with top college professors. and our new series real america from the 1930s through the '70s. c-span 3 created by the cable tv industry. watch us in hd, like us on

facebook and follow us on twitter. >> the director of the nsa warned lawmakers that countries like china and russia have the capability to inif iltrait cyber infrastructure. admiral mike rogers testified before members of the house intelligence committee for about an hour and 15 minutes. >> the committee to order, we have got competing hearings with some of our members. there will be members coming in during the course of the meeting. >> today the house intelligence meets today. as well as ongoing efforts.

our wins for today's hearing is admiral mike rogers, the commander of the u.s. cyber committee and director of the national agency. you cannot have enough mike rogers in the national security space. we appreciate you appearing before us today. as the congress comes to a close i want to take this opportunity to talk to the american people one more time about one of the most significant national threats that we facefelt i was a member before many years before i became chairman and i had the opportunity to see the cyber threats grow in volume. as i took the gavel as committee chairman in 2011 i was determined to do what i could do to help american companies deal with these threats. we sat down to address the

measure. start talking publicly in as great a detail as possible in countries like china and iran. i wanted to raise awareness to companies being targeted and advance the debate about what the american government needs to do to address the threats. the highlight of the effort was the october 2011 open hearing on cyber where both ranking member and i called out chinese government for industrial sized campaign for cyber economic e e espionage. the united states was unwilling to call beijing to account and it was feared chinese government would punish them with crushing cyber attacks for having that public debate. after we open that debate here and called china out we were able to have an honest conversation with the american

people about the cost of this chinese campaign and what needs to be done about it. china's cometic cyber espionage has grown exponentially. chinese intelligence services that conduct these attacks have little fear because we have no practical deterants to that theft. this problem is not going away until that changes. it is not the only threat we face now. iran launched challenges denial of attacks on our financial networks in 2012 with tactic not new and it is certainly not the most sophisticated. the scale and speed of which this happened was unprecedented and made the attacks very difficult to defend against. a sophisticated virus widely attributed to the government

wiped out nearly 30,000 computers at an oil company. there has been a lot of talk about hypothetical dangers of a cyber pearl harbor and has become a bit of a cliche. i would argue that the threat of a catastrophic and damaging cyber attack in the united states critical infrastructure like our power or financial networks is actually becoming less hypothetical every day. the iranian attack is a clear example that our adversaries have intent and capability to launch damaging attacks. there are growing reports of attempts to breach the networks and industrial control systems of our electrical power operators. foreign cyber actors are probing americans critical infrastructure networks and in some cases have gained access to those control systems. trojan horse malwear has been detected on industrial control software for a wider range of

american critical infrastructure systems throughout the country. this can be used to shut down vital infrastructure like oil and gas pipe lines, power transmission grids and water distribution and filtration systems. not aware of a case where a hacker has gained access to one of these systems and used it to cause damage to american critical infrastructure but i wouldn't take much comfort that. these nations lack a strong motive at this moment to conduct such an attack and are deterred only by the fear of u.s. retaliation. our critical infrastructure networks are extremely vulnerable and can't count on deterrence if we are in an adversial position with a country like china. it's not hard to understand how difficult it would be if power

or water was shut off. economy would grind to a halt. imagine if a key financial data was deleted so we couldn't verify account balances. it would be chaos. most of our critical infrastructure providers are doing their best to better secure their networks. if they get attacked by an adversary with resources and capabilities of a nation state it isn't a fair fight. the u.s. government has an obligation to help the private sector by sharing this threat information about potential attacks before they happen. glad we had the opportunity to talk to the american people today about this vital issue. i am hoping this hearing can help focus attention to this issue and before the end of 2014. we must be ready for damaging cyber attack against our critical infrastructure. if the senate does not act

swiftly both houses of congress will have to start from scratch next year moving new bills. this could be an unnecessary and dangerous delay when we are so close to an agreement that preces privacy in our economy and security. i want to turn it over to ranking member for remarks he would like to make. >> thank you for having this open hearing. it is important that we let american people know how serious this cyber threat is. thank you for appearing before us today. you have a tremendous job. we are ready to work with you to make sure you get the resources you need to protect our country from the threats you are talking about. this committee has been sounding the alarm on the cyber threat for years and has twice led the house passage of critical

legislation. suffered a devastating cyber attack. the virus erased data on 30,000 company's computers replacing it with a picture of the burning american flag. we continue to warn as cyber attacks hit the united states. government computers including the department of defense and it goes on. the full congress did not act. the threat spread further now to our private networks. target was struck. and then as our banks, jarks p morgan was hit as well as visa and the bank of america. in fy 2012 department of homeland security responded to 128 incidents and of these 40% were in the energy sector.

the energy sector continues to bear the brunt because hackers recognize it is the country's achilles heal. remember how a single fallen tree in ohio back in 2003 triggered a blackout. just think about what a cyber attack would do. it could be straucatastrophic. we are watching threats grow and spread. the danger is not waiting. what is the congress waiting for? thanks to the leadership and the bipartisan committee the house passed cyber legislation. this would fix a dangerous gap. the inability to share threat information between the public and private sectors. the private sector owns about 80% of the internet which makes it difficult for the government to protect our networks. right now if your house is broken into you call 911 and the cops come. if a company gets cyber attacked

and billions of dollars are stolen which has happened in the united states they can't call a cyber 911 line in the same way. currently there is no legislative framework to share it with the private sector. it's like being able to see hurricane sandy heading up the east coast but not able to warn that it is coming. that is what our cyber legislation does. it enables this two-way information sharing of cyber threat information. it's the description of the burglar. it's the trajectory of the coming storm that is being shared, not private information. the senate has its own cyber legislation which is similar to ours but which is not past the full senate. we have been working on these issues in the senate. we need to move quickly to reconcile the two issues and

pass this legislation the threat is not going to wait. thank you for taking the time to come before us. thank you for having this open hearing so we can educate our american citizens on this threat. >> thank you very much. the floor is yours. welcome. it is good to know you haven't bumped into anything too significant. >> thank you very much. >> members of the committee thank you for the opportunity to talk to you today on a topic that clearly has a critical importance to the nation and to each of us here today. i will keep my opening remarks very short i think the interaction will generate the greatest value. i would start by -- thank you as well as your fellow leadership with --

>> interacts with your committee on a regular basis i thank you for that. i think it is easier and. >> i don't think there should be doubt that cyber challenges you are talking about are not theoretical. this is something real. it is impacting our nation and those of all our allies and friends every day and doing it in a meaningful way. -- almost catastrophic failures if we don't take action. it also high loigs to all of us, i think, that there is no one

single group or party, party in the sense of whether it be government or whether it be the private sector, the challenges here are so broad that the idea that one sector or one individual sector or one individual organization is going to solve this, i don't think, is realistic. i think the work that you have done on the legislative side is critically important because we need a legal framework that enables us to rapidly share information, machine-to-machine speed. and do it in a way that provides liability protection for the corporate sector as well as ensuring that the very valid concerns about privacy and civil liberties are addressed. i think question do that. i think you've done that. the challenge clearly is achieving the political will. i leave that up to you fine men and women. what i'll try to focus on is,

so, what do i think within the realm of responsibility of u.s. cyber command and national security agency, what do we need to be doing? i'll talk about that first. my marry roles for us, to ensure we're generating insights that aid the public sector as well as government and the private sector as well as government in terms of what's the cyber threat out there. what's coming at us. how can we give timely, advanced information that help us be in a position to respond and defeat those efforts, getting into our systems. whether that be on the private side or the government. in addition, nsa has a primary role in ensuring it's information insurance expertise is available to help the government and private sector in defending its systems, in generating the standards and approaches to how you defend capability and ensuring our expertise is available to help. from the u.s. cyber command perspective, three primary missions for us, number one to

defend our department's networks. i find myself, as many people do, just as the private sector does, as does many other elements in the government, responsible for defending the cyber infrastructure of a large, global organization. we're taking a series of steps in the department to do that. it never goes as fast as you would like. but i'm very comfortable at the rate of progress and the plan we have to do that. the other thing we're trying to do at u.s. cyber command is we're tasked with generating the cyber mission force, if you will. the men and women who are going to be addressing the department cyber needs from the defensive to the offensive. and then lastly, to be prepared to provide dod capability to defend critical u.s. infrastructure. as many of you are aware, the u.s. government has designated 16 segments within the private sector of being critical significance to the nation's security. think water, power, aviation,

financial, 16, u.s. cyber command is tasked to defend that structure. we continue to move along in that journey. we're about halfway through the department has between fiscal year '16 and '13, so we have about four years to generate that capability. we're about halfway through the journey in time. we're about 40% in terms of actual generation of the force to date. again, it's progressing well. we continue to learn insightful lessons as we continue through this. i always remind people, this will be an iterative journey. we're all trying to learn here. cyber is an environment, a mission set that continues to change. with that, i think i'll just answer any questions on any topic you might have. >> thank you, admiral. mr. conley. >> thank you, admiral. your last comments, that was actually the question i had written down to ask you about,

your efforts in recruiting and reta retaining, the folks you need to defend as well as attack, assuming they get the orders to do that. given that this skill set in the kind of colloquial wisdom doesn't look like clean-cut, short hair, wearing a white navy uniform person. how do you fold in -- or find the folks with the mind set to do these kind of specific technical things and also have the mind set to be a good sailor, as an example, or soldier. >> thank you, sir. i make a couple comments. first, the workforce will be composed of both military and civilian. one of the comments i make to people is that gives us an opportunity to have a pretty broad swath of individuals. if you come out to the national security agency today, you'll see people with long ponytails, t-shirts, jeans, very casual

different approach to doing things as opposed to what the military force looks like. i think that's one of the advantages of a military and a civilian workforce. we can get a broad range of capabilities and background. they don't have to all be the same. i'll tell you, when i started working in cyber in the department ten-plus years ago, my number one concern was, how are we going to be able to recruit and retain the men and women we need to execute that mission within the constraints we have within the department. ten-plus years into this and now as commander of united states cyber command, i've been pleasantly surprised both in the uniform element and the civilian element of the workforce. >> i understand at nsa you have that blend. in actual cyber command itself and in the field, would you have a blend there as well. >> u.s. cyber command is the

same model. now the ratios are different. 70% military, 20% military. >> is there a pay differential between the two workforces people do in the same job, one wearing a uniform getting one scale. someone sitting behind them with a ponytail, t-shirt and flip-flops. >> i've never heard that issue raised. >> and about retention. we've got angelo state university we have a great cyber air force base. a lot of money and a lot of time, give these kids tools are that are very valuable in the private sector. what's the retention issues that you're dealing with? >> so, knock on wood, to daylight retention has exceeded our expectations. i think that's largely due to the fact -- it's not unique to cyber. can you look on almost any

military set, skill set. we are not going to compete on the basis of pay. where we're going to compete is we will attract people, we'll be attracted to the ethos and culture. this idea of serving something bigger than yourself. we attract people who like the idea of service to the nation as a core part of what they do in life. we will attract people who are attracted to the idea -- if you are doing something that matters to this nation and you are helping to defend this nation, we will attract people on the basis of, we're going to let you do some really neat things. and we're also attracting people on the basis of, in our culture, our model, we're going to give you responsibility at a pretty junior or young age. that seems to have resonated with both the military and civilian parts of our workforce. >> is there -- and i ask this question at goodfellow. we train infantry using an m-16. they know how to do it pretty well. when they leave, it's clear they don't take that weapon with them

back into the private sector. is there an ethics element to the cyber-trained folks? they'll take that skill set with them that could go rogue if they don't have the right kind of mind set. is there some kind of training and constant reminder that we're giving you tools that if used in the private sector could do good harm? >> ethics is part of what we do as a force, an organization, if you will. i think it's the same challenge, if you will, when we provide military members sniper training. we remind them, you're given this capability, we give you this training under a specific set of authorities for a specific mission. and it's not legal or appropriate to use this otherwise. and we do the same thing in the cyber missions. >> thank you, everyone. appreciate your work. >> thank you, mr. chairman. thank you, admiral for being with us. we heart from general cartwright more needs to be done to set

norms, something analogous to war with cyber. i wonder if you can give us a sense of who's in the day-to-day mix here about what some of the key principles might be for those international norms. i'm obviously worried that in the absence of such agreements or norms it may take a ka c catastrophe and retaliation to force people to the table. can you give us a sense of what you think those norms would look like and, secondly, how we could help catalyze that agreement around the world. >> well, firstly, i would strongly concur with general cartwright's comments. we have to develop a set of norms or behaviors in this space. absent that kind of thing, being totally on the defensive is a very loosing strategy to me. it will cost a significant amount of money. it leads to a much decreased

probability of mission success. that's just not a good outcome for us in the long run. and as you yourself referenced, and representative rogers did in his opening statement, there doesn't seem to be a sense of risk among nation states, groups and individuals and the behaviors we see in cyber, that you can just do literally almost anything you want and there isn't a price to pay for it. that's not a good place i would argue for us as a nation. i would argue more broadly for us internationally to be in. so, what we're trying to -- i'm not the primary in this, but what we're trying to make an argument, collectively, is we need to develop a set of norms and behaviors we can fundamentally agree with as a starting point for how we're going to behave and act within this environment. i've seen an initial set of points the white house raised in a couple of united nations forums. we talked about things like

treat search as hospitals, every nation state should have its computer emergency capabilities left alone. every nation state, that would be destabilizing. you want the nation to have the ability to respond to cyber emergencies. you don't want to take that capability away. we need to define what would be offensive, what's an act of war. those are all issues we're trying to come to grips with right now. and in the absence of any current definitions or any current expectations of behaviors, now we're all in the -- left at a place where we're trying to guess what the intent is and we're trying to guess how far things are going to go. that's just not a good place for us to be. >> so, in addition, you highlighted one principle there. i guess some sort of agreement not to attack a nation's emergency response capability. what else? what else would you suggest? i mean, obviously, you know, there's a difference between taking down a sovereign's internal i.t. capability, and you know, trying to steal a commercial secret. there's probably, at least in

the laws of war, some difference there. what else in addition to sort of isolating emergency response capability. >> there's discussion about do we to want put in standards about critical infrastructure for a nation state. if you're going to go down that road, then that's a step beyond these norms and behaviors. therefore, you're opening yourself up to potential repercussions. so, the idea of critical infrastructure, some discussion about nation state application against the commercial sector is a way to steal intellectual property for nation state gain. you know, we have always argued that is not within the u.s. vision. we don't do that. we have always argued that's not appropriate for the role of a nation state. i think that would be among them. going after, as i said, infrastructure. if you looked at going after things that could lead to loss of life, if you looked at going after things that could lead to loss of control, you know, as

outside the norms of behavior, those are the kinds of things we're having discussions about and how do we build a framework, if you will. >> as you sort of look at the discussion internationally happening here, do you have any confidence that this debate or this discussion is going to advance? in particular, are we going to be able to draw in bad actors like china and iran, or is it going to, in fact, take some demonstration of capability against them to get them to the table? >> i don't know, is the short answer. i'm hoping it's not the lalter. i hope people use the nuclear analogy how we developed over time, norms and behaviors. i try to remind people, remember, the challenge in the nuclear analogy is, when we started most of that work back in the 19350s and the 1960s, in

this case, nuclear weapons controlled purely by nation states, no individuals or groups. by a very small number of nation states. two when we had these initial discussions. that's different from the cyber analysis where we're dealing with nation states and groups of individuals, when we're dealing with a capability that is relatively inexpensive and so easy to acquire. very unlike the nuclear kind of model. that make this is really problematic. >> thank you. thank you very much. >> admiral, there's recently been disclosure of trojan horse malware. can you talk about what the intention may have been? can you talk about that throughout a little bit? if you have any attribution to any organization or nation state that may have been involved? put it in context about what this -- what this really means for the national security interest of the united states. >> so we have seen instances where we're observing intrusions

into industrial control issues. what concerns us is that access, that capability can be used by nation states, groups or individuals to take down that capability. in fact, as you saw with aramco, to be destructive with that capability. we are clearly seeing instances where nation states, groups and individuals are aggressively looking at acquiring that capability. what we think we're seeing is reconstance by many of those actors in an attempt to ensure they understand our systems so that they can -- then if they chose to, exploit the vulnerabilities within those control systems. those control systems are fundamental to how we work most of our infrastructure across this nation pipts not just the united states. on a global basis. they are foundational every aspect of our life.

from our watter, power, aviation industry, just as examples. they're so foundational to the way we do -- we operate complex systems, you know, on a national basis. it's an area -- people will often ask me, what are the coming trends you see. i think the industrial control system and the escada peace are great areas we'll see in the 12 months. it's among the things that concern me the most because this will be truly destructive if someone decides that's what they want to do. >> it was determined that malware was on those systems. can you be a little more definitive. what does that mean. if i'm on that system and i want to do harm. do the lights go out? do we stop pumping water? what does that really mean? the fact that it was there, does that mean they already have the

capability to flip the switch if they wanted to? >> let me ask the last part first, if i could. there shouldn't be any doubt in our mind there are nation states and groups out there that have the capability to do that. to enter our systems, to enter the industrial control systems and shut down, forestall our ability to operate our basic infrastructure. whether it's generating power across this nation, whether it's moving water and fuel, whether it's moving, you know, some -- i'll highlight those because those tend to be the biggest focus areas that we have seen. once you're into the system and able to do that, it enables you to do things like, if i want to tell power turbines to go offline and stop generating power, can you do that. if i wanted to segment the transmission system so you couldn't distribute the power that was coming out of power stations, this would enable you to do that. i mean, it enables to you shut down very segmented, very

tailored parts of our infrastructure that forestall the ability to provide that service to us as citizens. >> so, if you determined nation states have that capability and there was a public report, that referred to chinese -- attributed to the chinese government, hackers being on some of our critical infrastructure systems s there any other nation state that you believe has been successful in getting on those systems? >> there's probably or two others. i apologize -- we consider that classified, so? an opening hearing, i apologize, but i'm not comfortable spelling out specifics. i would say, there is more than one nation set out there we watch, we believe has these capabilities. >> the thrust of that question really is to say, it isn't a one-off according to that public report. there are multiple nation states who both have the capability and have likely actually been on

those networks. >> definitely more than one. the other point i would make is we're watching multiple nation states invest in this capability. >> and when you say invest in it, can you talk about what this means? this is an important turn of events here. >> when i say invest in this capability, we see them attempting to do reconnaissance on our system. attempting to generate inside how our networks are restructured. we see them doing research in this area. we see them attempting to steal information on how our systems are configured, the very specific schematics of our control systems down to engineering level of detail, so they can look at where the vulnerabilities, how are they constructed, how can i get them to defeat them. we're seeing multiple nation states invest in those kind of capabilities. >> and what -- so that you mentioned this next group, so you've seen the international organized crime organizations certainly starting to develop their capabilities. we've seen in some cases them

using nation state-like techniques. can you flush that out for us. you've highlighted the nation state threat. this would, i would argue, is probably the next one down that gives us pause for concern. can you talk about that threat and what it means and why it's so difficult for the private sector to try to defend themselves against those threats? >> so, what we had traditionally seen in the criminal sector was criminal actors, gangs, groups, penetrating systems and trying to steal information that they then could sell or use to generate revenue. so, credit card information, selling personal information on -- there's actually a market out there to sell personal information on individuals. they had been stealing -- we had been watching them, observing them stealing data associated with generating revenue. the next trend that i think we're going to see in the coming near term is, you will start to see, i believe, in many instances, some of those

criminal actors now engaging not just in the theft of information designed to generate information but also potentially as a surrogate for other groups. other nations. because i'm watching nation states attempt to obscure, if you will, their fingerprints. one of the ways to do that is to use surrogate groups to attempt to execute these things for you. it's one reason, for example, while we're watching criminal actors start to use some of the tools that we historically have seen nation states using, now you're starting to see criminal gangs in some instances using those tools, which suggests to us that increasingly in some scenarios, we're going to see more linkages between the nation state and some of these groups. that's a troubling development for us. >> so, cyber -- cyber hitmen for

hire really. i had a lot more on threats, but i'm going to do this quickly. i want to ask this last question. in this cyber sharing regime in which you talked about, certainly what our legislation proposes, there are concerns, and i think they're valid without the understanding of exactly how it worked, machine-to-machine, real time, millions of pieces of information or packets at the, you know, speed of light. how can we assure americans their personal information is not being read or collected or used by the nsa in that real time machine-to-machine sharing that would allow you to share what you know with your militia source koeshgcode. >> i think there's a couple ways. first of all, i remind people, this is about computer network and defense. not about intelligence. totally different missions with totally different objectives. the second point i would make is, we need to very publicly sit

down and define, just what are the elements of information we want to pass to each other and we to want make that very public. these are the specific data fields. this is the specific information we need. both, what is the private sector need and what does the government need? from my perspective as director of the national security agency, if -- when we add, for example, private information into this, that complicates things for me because i have specific protections i must provide to u.s. person data, for example. that will slow us down. that's not what we're interested in. that would be a negative for us. it will lead to a slower sharing of information. that's not what we want. so, i think sitting down and having a very public discussion detailing exactly what we're talking about when it comes to information sharing is one way to do that. and also highlighting what we're not talking about. this is not what we want to see. i don't want people's personal data. i'm not interested in -- so, i

want names, addresses. that's none of the things -- kinds of things we're talking about in this scenario.abouin t. >> this is not the nsa plugging into the private networks of the united states. >> which is exactly why we need to do this. my comment is, you don't want nsa in that private sector network. i'm not in that private sector network. therefore, i'm counting on the private sector to share with us. so, tell -- what i'm interested in, from the private sector is, what i think so i would owe the private sector is, here's the specifics of the threats coming at you. here are the precursor kinds of activities we think you'll see before the attacks. here is the composition of the malware we think you'll see. here's how we think you can see it. what i'm interested in learning from the private sector is, tell me what you actually saw. was the malware you detected written along the lines that we anticipated? was it different? how was it different?

help me understand when you responded to this, what worked for you and what didn't work. how did you configure your networks? what was effective? what can we share with others so that the insights of one now come to the aid of many. that's the kind of back and forth we need with each other. >> you made an interesting point. i think is one of the -- i think the biggest perception problems of this whole debate. when you said the nsa is not on the private sector networks, can you take a couple of sentences and explain that again. i think that is so important. because, unfortunately, i think people believe the nsa is on their private sector networks. it's not, which is, candidly, why the bad guys have so much opportunity to swim around in there. can you talk about it that. this is one of the most important points if we can make clear to the american public today, what we're trying to do and why the fact you're not on there and don't want to be on there is so important. >> the national security agency

is a foreign intelligence organization. it is not a domestic intelligence organization. there are specific legal constraints placed on us when it comes to collection against u.s. persons. u.s. persons includes the definition of a u.s. entity in the form of a company. we're specifically legally limited from doing that. we do not have a presence on u.s. private networks inside companies. that's not what we're about. that's not what our mission is. it's because of that lack of awareness, if you will, on our part i'm saying, look, i need a partnership here. we need to exchange information. you don't want us on those private networks. if i was a ceo, pick a major bank, i wouldn't want to be telling my shareholders, well, you know, nsa's inside our network. that's not the way we work. i would, i want to think, tell my shareholders, look, we have a

proceed active sharing relationship. we're sharing with them, here's what ware doing. here's what's effective. here's what hasn't been effective. this is the help we need from you. that's the kind of relationship we need. >> important point. the nsa is not on american domestic networks but the russians, chinese, iranians and multiple other bad actors are. mr. ruppersberger. >> i think the chairman has raised very important issue. it's one of the things we've been dealing with in developing legislation to protect our country, to protect our businesses from losing billions of dollars we spend a lot of time negotiating and thanks to this committee and the chairman's leadership we've been able to put together a bill that, unfortunately, has not passed in the senate about the fisa bill that gives you the authority to do what you need to do. what i would like to do is get for you in the opening hearing so the american pup public can

understand what the checks and balances are for the nsa. again, your focus is not on american people. the argument from privacy is what could happen. i'm glad in this country we have the privacy groups who focus on that and debate that so we can come together and learn and develop legislation that deals with the issue of privacy, protections. if, in fact, someone at nsa breaks the law, they'll be held accountable. the bill we passed. the perception, unfortunately, of the american people is because the government controlled so much of -- strictly a phone number, nobody's name, nobody's address but there was still a perception to the public, unfortunately, national media pushed it out pretty far, too, that somehow nsa was listing. that wasn't the case. they committee came together. we developed legislation.

and now, if in fact you all find a terrorist situation in yemen, you get that information. you immediately turn it over to the fbi because you don't have jurisdiction in this country. and then with this legislation we have, has prejudicial and post judicial review for the fbi basically at that point to move forward and protect us, if, in fact, we need to protect us. we're not listening to americans at all. if we are listening to americans, we have judicial review. same thing in the united states with criminal cases. we get the court f we need to have a search and seizure or wiretap, we have to get the court. that's the checks and balances in this country. by the way, the checks and balances we have in this legislation are the most stringent in any country in the world. the important thing to get the message out, we do have privacy concerns, we do have constitutional issues and there are checks and balances. if, in fact, someone does break the law, they'll be held

accountable. i would like to you get into more specifics. the chairman raise the issue on what happens if you do break the law and why you have the checks and balances you won't be listening to americans. you don't have the jurisdictions to begin with and that that's turned over to the domestic side in this country with the supervision of the court, privacy groups overseeing it, that type of thing. that was a long question for a short answer maybe. >> yes, sir. so, in broad terms there's a legal aspect to this. in terms there's a court of law whose authority and permission we must gain. we have to formally petition the court if we're going to do focus collection against a person. to do that, we have to prove to a court of law there's either a connection with a foreign nation so they're acting as an agent have a foreign government or affiliated or connected with a terrorist organization. we're an entity doing harm to u.s. or u.s. persons. we have to make a legal case to

a court. we have to present legal evidence to the court. >> that is reasonable, arcticable suspension. >> correct. in addition, congress is duly elected representative of the citizens of the nation, conducts an oversight function. that's one of the primary roles that led to the hips in the houses. the idea the elected officials would have oversight, knowledge of what we do, how we do it, that would act as recentives of our citizens to ensure there was an external party monitoring what we do, having an awareness of what we do, briefing briefed on what we do, notified. i do formal notifications and say, as a matter of record we're doing this, we're doing that. there's an oversight mechanism to this. in addition, internally we have

created a pretty extensive compliance and oversight mechanisms, how we control data, access to that data. there's training requirements for every one of our employees that have access to that data. we have controlled the number of employees that have access to that data. if you look at the bulk record, the phone issue, for example, under the patriot act section 215, it was something on the order of approximately 30 people out of the organization. that number it tens of thousands. we try to ensure we have tight control of that data. we don't retain that data indefinitely. we have defined window as as to how long we can retain data. we purge all data and remove it. we don't hold data forever. we ensure we maintain protection of the data from the moment we collect it to the moment we purge it. we don't sell data, for example. we have to maintain strict controls over the information

we've been granted authority to collect when we're doing bulk collection overseas, for example, when we become aware of data that is specifically tied to a u.s. person, we have to stop what we're doing and either make a decision in our own mind, okay, is there a legal connection here with either a nation state or a group that we need to go to the court to get permission or do we just stop collecting. we have to make that decision we have to make a legal case if we're going to continue f we're going to target someone. so, there's the legal framework to what we do. there's a series of protections and oversights to what we do, both external to the organization and multiple branches of our government. also a series of kroeldz in place within the organization. you know, it's one reason why i would say, look, you can certainly disagree about the legalities in terms of, hey, is a law good? is a law bad? my responsibility as director of nsa is to ensure we comply with

the law. and there shouldn't be any doubt in anybody's mind, we comply with the law. when we fail to do so, we will hold ourselves accountable. >> just one thing because i want the members -- on the issue of threat. technology experts were recently interviewed by pew and american lifetime project. a majority of these technology experts said they believe a major cyber attack will happen between now and 2025. which will be large enough to cause significant loss of life or property, losses damage, theft at the level of tens of billions of dollars. do you share this grim assessment with the majority of these experts? why or why not? >> i do. >> explain. >> what i have told my organization is i fully. and during my time as the commander, we are going to be tasked to help defend critical infrastructure within the united states because it is under attack by some foreign nation or some individual or group. i say that because as you've

already highlighted, we see multiple nation states, and in some cases individuals and groups that have the capability to engage in this behavior. we have seen to date this actual behavior as you raise the in the aramco piece. we've seen this destructive behavior acted on, executed. we have actually seen physical destruction within the corporate sector. knock on wood, that has been largely outside the united states. but it has happened. we have seen individuals, groups inside crate cal u.s. infrastructure that has a presence, that suggests to us that this is an -- this vulnerability is an area others want to exploit. all of that leads me to believe, it is only a matter of the when, not the if, we'll see something traumatic. >> thank you. yield back. >> and you're seeing attacks now, some you're able to repel,

but you're under attack today. >> yes. >> is u.s. government cyber networks under attack today? >> sir, people trying to gain unauthorized access, people trying to attempt to steal data, people attempting to manipulate data. >> and that's happening today. this is not some -- >> no, this is not theoretical. you're saying they might just get through before 2025, is that correct? >> i don't think it will have to wait -- unfortunately, my comment would be, i bet it happens before 2025. >> ms. bachmann. >> mr. chair, i just want to thank and compliment you and the ranking member ruppersberger for holding this important committee as this committee has spent a great deal of time on this issue. i think admiral rogers, your compelling testimony makes it clear to the american people that we need to even redouble our efforts on this area and make sure not only are we paying attention, but we're taking direct actions to protect the

american people and our economy from cyber espionage. and as well as our military espionage. i had the occasion to travel to china in august and it was very clear that the chinese saw no difference between cyber attacks on military versus espionage. and they were open to doing both of them. thank you for this important information that you're putting out. as we know, technology is changing rapidly and increasing rapidly. one area a lot of people are beginning to be engaged in, and yet people have fears about, is the area of cloud computing. mobile and cloud computing. so, could you talk to us a little bit about -- as a follow-on to the ranking member's question, are there follow-ons -- can you let this committee know, are there bad actors that you have already of detected in the mobile and cloud

computing and how does this advance toward mobile and cloud computing change cyber activity and cyber attacks going forward for the private sector as well as for our government? >> thank you, ma'am. we have observed both the cloud as well as mobile hand-held digital devices becoming -- being attacked, being exploited. the mobile arena, in particular s an area whereas i look to the future f you ask me, again, what are the major trends you think you'll see in the next 12 months, efforts against mobile is one of the top three i would highlight to say, hey, look, this is a coming trend. in no small part because if you look at the proliferation of device, it's the greatest growth these days is not in the traditional corporate, fixed, large networks. this is both true for us as individuals, as citizens, as

well as for most of us in terms of business. you see the same phenomenon in government. we are all turning to mobile digital devices as vehicles to enhance our productivity. the ability to work wherever we want, whenever we want. the flipside is, those same things that make it attractive, the ability to spread this outside of secure spaces, the ability to use it in all sorts of environments almost universally in almost anyplace, that also represents an increased potential for vulnerability. >> could you speak a little more specifically to that. is mobile and cloud computing n your opinion, are the american people and american companies more vulnerable through mobile and cloud versus the servers, or less? or equal? >> on the cloud side, can you see arguments either way. in general, i'm supportive of the cloud idea because my view is, one of the challenges to defense is the broader, if you

will, of a structure you have, the more you have to defend, the greater the probability of people penetrating you. one of the things i find attractive about the cloud is it collapse, if you will, your attack service down to smaller. the flipside, though, is people who don't like it would argue, you're putting all your eggs in one basket so somebody gets into the basket, they get to all the eggs. that is certainly true. the flip side, i would argue is, this enables to you protect that basket a whole lot better than having multiple baskets with the eggs spread around and with the baskets all connects, if it were. i apologizing. i never thought i would be testifying about baskets and eggs. i'm supportive of the cloud. >> we're looking for a new cliche in cyber discussion. you may have given it to us right there. >> terms of the mobile piece, it is really going to be problematic. the whole idea of mobile is -- >> it doesn't matter which mobile device, right?

you don't see any distinction? >> now, the way that the whole network -- >> i don't want to lead you. >> no, no. the way the whole network in some ways is structured, the idea you're just going to pull down whatever application you like, i'd only highlight to people, those applications have a lot of potential vulnerabilities in them. you look at all of us. we're searching for applications that make our life more productive, more easy, more convenient for us and also represents a lot more potential vulnerability. >> i appreciate that. i see my time is up. i yield back. >> thank you, mrs. bachmann. mr. schiff. >> thank you, chairman. admiral, thank you for your service to the country. you have undoubtly the most difficult job in i.c. and we're glad you took it on. i want to ask you a couple questions. one on the cyber bill. one of the major difference between house and senate proposals involves the sharing of information between the

private and government sector and what requirements we place on the private sector to remove private information before sharing it. last month in comments before the chamber of commerce, you mentioned that the nsa doesn't need or want private information as part of the cyber threat information. and that, in fact, receiving that information makes your job harder. given that, does it make sense to require private companies do make a good faith effort to strip irrelevant personally identifiable information before sharing cyber threat information with the government or other entities? and then on the other program you made reference to the metadata program as you saw the usa freedom act fail to get the votes to move forward earlier this week in the senate. which probably pushes that into next year. means we have to start all over again. is the nsa, though, nonetheless moving forward with the telephone companies to prepare

for the new paradigm where the companies will hold onto their new data? there's nothing in statute that requires government to gather bulk data so you can move forward on your own with making the technological changes so we don't have to wait until next year, so are we making progress on the technological adaptations that we'll need to make? >> two parts to your question. first part about should we attempt to -- if i misparaphrase, just tell me. should we attempt to filter up front, if you will, before the data is pushed to the u.s. government the removal of any privacy. >> yes. should we ask the private companies to make reasonable good faith efforts to remove any personal information before they either give it to the government or share it among the private sector. >> right. i think that's all part of that point i was trying to make about let's define all this up front so we're not willie nilly pushing information for the sake of pushing information. we should define exactly what we want, what we need and what

companies are going to provide. just as the companies should expect us, the u.s. government, to define up front just exactly what and where wha are you not going to give to me and share with me. i do do agree with this idea of, we should build this all up front so we have clear delineations before the data gets to us, we should have clear delineations of what the private sector is going to be sharing with the government. in terms of your second question -- cue refresh my memory? >> are you moving forward already and working with the telephone companies to mauction whatever technological adaptations have to be made, since both the dni and the administration support moving to that model and there's nothing that prohibits you from doing that. you don't have to wait for the usa freedom act, are you moving forward with those technological changes. >> the shorter answer is, no. in no small part because the

corporate side indicated they want to wait and see what the specifics will be of any requirements before we start getting into making changes or have discussions about the specifics of making changes. i think part of the reason for that, i think on both our perspectivess is the hopes we'll come to a solution in the near term. one thing i'm trying to consider is, okay, if we're unable to gain the consensus in the window we thought, what are the implications of that meeting, do we need to reach out and discussions now? i don't have an answer in my own mind, to be honest. >> there is no statutory mandate of any kind for the government to collect bulk metadata. the administration and dni said it's no longer necessary. the telephone companies can hold onto their own information. the only reason it exists is the government went to the fisa court. there's nothing to prevent them from going back and saying,

we're going to come to you on an individual case by case basis. there's no reason, if you think this is the correct policy, that you have to wait for the congress to mandate you to to do it. >> in fact, that is the current policy we're acting on right now. the president's remarks on the 17th of january directed us to use that legal court construct. we've been doing that since january, even as he indicated, and he would turn to the congress then to enact legislation that makes the long-term changes you think are appropriate. but we've already been directed to use that model. we now have to go to the court to access the data. >> so, is the government then no longer collecting the bulk metadata? >> the data continues to be provided to us. we now -- now to access the data, i have to go to the court to access the data. >> why continue to gather the bulk metadata if the administration and dni don't think this is the best approach? >> i guess i'm confused because i don't think i've heard the president or the dni say access

to the data is not of value. what i think i have heard, is the question, who should hold the data. what the president directed in his remarks on 17th of january is, we'll continue to implement the program as it is right now while congress works through how we're going to make long-term changes. we'll continue to do that on a 90-day interval. every 90 days right now we have to go back and ask for continued permission. >> one last comment. i know i'm out of time. the administration believes and i understand they do, that the better model is to go to a paradigm where the companies hold onto their own data, it doesn't make sense for us to continue the collection of bulk metadata. you're not legally required to and there's no reason not to move to that model and begin that transition now. i'll yield back, mr. chairman. >> thank you, mr. chairman. admiral, thank you for being

here today and for the work that you and your team are doing at nsa. obviously, it's important work to the country. so, we had a discussion just a few minutes ago about the types of things we're seeing in terms of cyber intrusions. obviously, over the past several weeks, the american people have seen a disturbing number of cyber-related incidents including the state department, the white house, the national oceanic and atmospheric administration, u.s. postal service, and the industrial control systems that control our critical infrastructure. we found some very concerning malware on those control systems. and these come on the heels of other major attacks such as -- or intrusions such as at jpmorgan chase, target, michaels, saudia, the south korean banking attacks.

on "60 minutes" last month fbi director said there are two, and i quote, two kinds of big companies in the u.s. those who have been hacked by the chinese and those who don't know they've been hacked by the chinese. obviously, other nation states are doing this, or criminal enterprises, et cetera. so, to date, we've seen these cyber incidents mainly focused on data breaches and industrial espionage. obviously, what keeps me up at night, and i'm sure you as well, the worry we could face a true cyber attack, which we haven't really seen yet occur that actually causes significant damage where attackers seek to get the same kinds of effects through cyber that traditionally you'd see through use of kinetic weapons. and we know that that technology is out there, as you know. and so my question is, you know,

we know who and how we respond if we saw an attack using kinetic weapons, missiles or bombs. we have either the pentagon or the law enforcement agencies would respond to protect us in those cases, or national guard. but what confidence can you give to the american people, what can you say to the american people that would give them confidence that we have a plan in place and we know how to respond if either we saw an attack was in the planning stages, ready to be executed or if it was being -- the order was given to be executed, we saw it under way and that we could stop it. at this point, is there sufficient mechanisms in place absent presidential authority or would it require only presidential authority to step in and order an intervention

whereby we could protect that attack, protect our country, protect our critical infrastructure, et cetera? do we -- basically, have we had a bridge in place to deal with the bureaucratic and legal hurdles or does it take presidential authority at this point? >> the short answer is, i'm pretty comfortable we have a broad agreement and a broad sharing of how we're going to do it, who would do what. the roles are clearly defined. if i go back two years ago, 18 months ago, we were spinning our wheels about, well, who's going to do what? we're way past that. we have good dlination within the federal government as to who has what responsibilities. we have good, broad agreement as to how we would go about providing that capability in the scenario you talked about, with attacks against critical infrastructure. clearly, presidential authority is required for part of it, for example, for me as a dod entity

to provide support in the u.s. to partner with others outside the dod arena. that's required. if part of the response, for example, was going to be an offensive capability, yes, i would greed approval of the president to do that. we've got a broad agreement on that. the challenge to me is, we've got to move beyond the broad agreement to get down to the execution level of detail. come from a military culture. the military culture teaches us, you take those broad concepts and agreement and then you train and you exercise and you do it over and over and over. that's what we have to do next. >> what about less directed attacks, the cyber crime, cyber espionage. one could certainly argue the hundreds of billions of dollars lost to cyber crime and cyber espionage some of which is highly methodical and systematic, are a massive threat to the american economy, to competitors and jobs. when does that become economic warfare and how do we respond?

>> first of all, i think we're trying to come to grips when does it -- we have clearly tried on make the argument we differentiate between the capabilities of the nation state and trying to understand the world around it versus applying the capability of a nation state against the private sector of another nation to generate economic advantage. for example, that's the major difference among the major difference between us and our chinese counterparts where we have argued we don't accept that premise. we don't use our capabilities to go after private industry and other nations to use that as a vehicle to gain economic advantage. that's not what we do. to your broader question, i think the shorter answer is, we're clearly trying to work our way through all those issues. we tend to treat it right now -- you talked about criminal actors. we tend to treat it as a law enforcement issue. the fbi, primary lead there with

director komey. that is not achieving the results we want. we're spending our time dealing with the repercussions of the penetrations. what i'd like to do is, how can we forestal those penetrations in the first place? as we've already talked today, that's about the -- those norms, it's about those rules of behavior, it's about those ideas of deterrents. clearly, those are areas we have a lot of work to do. >> i appreciate your time. i appreciate the work you're doing. my time has expired. i have a question i'll submit for the record. i yield back. >> there's about 1:15 left on the clock. >> i'm going to be very brief. on the other side of this, what can you say to assure the american people, in the absence of legislation, that would address their concerns over the mass collection of metadata and concerns about privacy, that

despite the failure of the congress to pass legislation, what you may be doing differently that could assure them that their privacy is protected? >> so, what we're doing differently, as you heard in the president's remarks on the 17th of january, he indicated, hey, while i haven't seen nsa violating the law or attempting to systematically undermine the rights of our citizens, i'm concerned about the potential for abuse, therefore, i'm going to overlay a couple of additional requirements on nsa. for example, with the metadata, i want you to now go to the court. it's not enough that you use your own authority as the director, so to speak. now i want you to go to the fisa court to convince a judge you should be granted access. we didn't used to have to do that. he also directed -- we used to be able, in those instances when we went into the data, we used to be able to -- what we called three hops, the amount of times

we could follow the string, so to speak. the president came back and said, i tell you what, again, i want to put another level of protection on there. i only want to you do two hops, if you will, if you think there's a connection. so, we're not authorized now to follow it is string, as you will, as deeper as we used to be able to do. those are -- in terms of the metadata, those are probably the biggest changes that we've dealt with. in addition, he's provided broad guidance in the form of ppd-28, unclassified document that the government has generated, which in a very public unclassified way outlines the general principles we to want make sure we apply in conducting signals intelligence, the mission of nsa. so, we're putting those principles in place. in addition, we've completed over the course of the last 15 months or so a pretty fundamental review of everything nsa does, what we collect against. that's all been reviewed to

ensure we're comfortable from a policy perspective with what we're doing. >> thank you. >> yes, ma'am. >> one thing on that, most of what the admiral just said is in our bill, that the senate, unfortunately, did not take up. >> i realize that. >> and you were part of putting that together. >> right. >> and just quickly, and i think this is so important, because i think there was some confusion here. when you -- you're obtaining information under section 215 via the court, are you not? so, don't you have to go to the court -- >> that is correct. as i apologize, as i thought i indicated, every 90 days we have to go to the court to get permission. >> so the court oversees -- >> oversees the program. >> is there content on those phone calls? >> no. >> are you taking, collecting, storing content -- >> no. >> -- on phone calls obtained under section 215? >> no. >> the information you get is it metadata. does it contain pii in that metadata? do you store the pii? >> you could -- well, it goes --

again, i'd have to talk to a lawyer, but you could argue, i guess, that a phone number is pii. of course, the challenge is -- not the challenge. we get number, not a name. >> do you -- so, there's no names, no addresses. >> no addresses. >> the information of which you collect. and you use that as an analytical tool. do you believe that information is valuable in any counterterrorism effort that the united states undertakes? >> yes, do i. >> do you have personal knowledge that that information has led or assisted in any counterterrorism investigation to help defend the united states? >> yes. i mean, i definitely think it has been a value and of assistance to our efforts. >> just to make sure -- this is really important to me. no content is collected on any of those phone calls under section 215. you get a review by the court every 90 days, meaning have you to go back every 90 days with what you've done with it and how you've processed it and how you've handled it. and if you want to go for another 90 days, have you to

make the case -- >> we have to make the case for the next 90 days. >> there's some notion we shouldn't be participating in this, i think, was a bit confuse hearing. i think we tried to get this right by the end of bulk metadata collection with the government putting them all in one place. i think the general conscious of america said, yeah it was legal, constitutional but maybe that's not the way to do it. you've adjusted to that, is that correct? two competing bilsz that are trying to get this right. but i would be cautious about shedding that before there's any legislative direction on fixing that, would be my caution, and i know some others have called for something different. secondly, on the pii from companies, don't you have the capability to strip pii from information? the nsa. don't you do that today? you do that in many cases. >> right. i would think we could do that in an automated fashion.

again, it's one of the reasons why i would want to have a discussion about exactly what kind of information we're talking about, is because then i can build in protections as well as technical -- >> that was an important part missed in that conversation. even if a the kayabilika capability today but says i have this malicious source code that looks like this, i'm going to give it to you. you would have the ability to strip out pii before it ever got into your analytical database. >> i think we could do that. >> in past conversations, that's what the nsa has told us. my only fear, and this was the biggest debate, you want companies to participate because this is voluntary. we need to make sure that the liability standards are right. if they are, in fact, in good faith trying to provide malicious source code without pii that the companies aren't held to a different standard when accidentally, and it could happen, that pii gets through. you would want the companies making some effort. you would want the nsa to have a system to strip the pii before

it got into the analytical database which is easier for you to do than the multitude of thousands of companies trying to share malicious source code that may have originated in russia or china or iran or north korea or some international organized crime element. i just want to make sure we have that full and open discussion about what that looks like and why there are concerns about limiting the number of companies that could participate. it just adds more vulnerability to the whole system. so i just wanted to make sure we made that clear and it was on the record. >> yes, sir. >> admiral, you are saved by the bell. the vote clock shows zero but i want to thank you for your service to the country. thanks for stepping in at a different time. thanks for improving the morale of the nsa folks and i hope you will take back as a committee that in a bipartisan way does pretty tough oversight, i think you have seen that already. >> yes, sir. >> that we have the utmost respect for the work that they're doing and thanks for their patriotism and staying on mission despite what they might

read in the newspaper. so thank you, sir, and thanks to the men and women of the national security agency. >> thank you, sir. coming up here on c-span3, politico hosts a discussion on public health emergency preparedness with senators richard burr and bob casey. we'll have that live at 2:00 eastern. and later the head of the u.s. national intelligence council will talk about how the intelligence community is adapting to new national security challenges. hosted by the atlantic counsel

we' -- council. the house debating ten bills including one addressing the threats of electromagnetic pulse events. following votes, cq reports tonight in the 7:00 hour members of the congressional black caucus will give speeches on the situation in ferguson, missouri. the senate today has scheduled votes at 5:30 eastern on two state department nominations and off the floor lawmakers will continue work on a 2015 defense programs bill as well as legislation to fund the government past december 11th. you can watch the house live on c-span and the senate live on c-span2. and two members of congress who are not going to be on capitol hill today, louisiana republican congressman bill cassidy and democratic senator mary landrieu. they're both campaigning for a december 6th runoff for senator landrieu's seat and they face-off in a debate tonight at 8:00 eastern. you can watch their debite liat on c-span2.

tonight on "the communicators," peter thiel, co-founder of pay pal and palantir. >> but i would say the single overarching theme of my class and of the book is that people should rethink competition. most business books tell you how to compete more effectively. mine tells you that perhaps you should not compete at all and that as a founder or entrepreneur, you should always aim for something like a monopoly. a zero to one company that's such a break through that you have no competition at all. >> tonight at 9:00 eastern on "the communicators" on c-span2. now, a discussion about the status of college athletes and whether they should be paid and considered university employees. the big 12 conference hosted the forum which included college athletic directors, sports reporters, and former nba players. this panel is just over an hour.

good afternoon, everybody. thank you for joining us here, the continuation of our panel discussion today organized and sponsored by the big 12 conference. college athletes -- college athletics i should say occupies a unique position in our culture. the athletes themselves can be among the biggest stars in sports. think about johnny football. but whether stars or not, they will likely work hard. kain colter, a former northwestern quarter testified before the national labor relations board that he spent 50 to 60 hours a week during training camp in the summer and once the season started his commitment to football was 40 to 50 hours a week. it was hard to be a student, he said, in light of his obligations as an athlete. as it happens, a finding of that same nlrb hearing is likely a significant step in radically

changing further how college athletes in our society are regarded. the regional director ruled that football players at northwestern are, in fact, employees of the school and have the right to form a union. the ruling is currently being appealed by northwestern, but the battle lines have been drawn. what is a student athlete? and how should he or she be treated in regard to compensation and rights? here this afternoon to try and answer those questions, or at least shed some light on some of the issues a distinguished panel. we start with cholesterristine , a columnist for "usa today," a commentator for cnn and national public radio. len elmore is a sportscaster for cbs and espn, a former professional basketball player, and a lawyer. he is president of the national basketball retired players association and a member of the knight commission on

intercollegiate sports. lisa love is the former director of athletics at arizona state university. in 2005 she was inducted into the american volleyball coaches hall of fame and currently teaches a graduate class at the university of louisville entitled "the business of division one college athletics." tom mcmill sentence a former rhodes scholar, professional basketball player and member of congress. he's the founder of the national foundation on fitness, sports, and nutrition and a former co-chairman of the president's council on physical fitness and sports. chris plonsky is a 38-year veteran of the college sports world. she currently serves as the women's athletic director at the university of texas. she's a former board member. and shayian zhanger is the director of athletics at the

university of kansas. he's a one-time assistant on coach bill snyder's staff at kansas state which he started when he was just 23 years old. all right. let's cut right to the heart of the matter here. should student athletes be paid? who wants to take that one? it's an easy one. >> well, i'll start. >> ladies first. >> sure. thanks. and great to be with you. and great to be with everyone up here. absolutely not. they are and in many ways you can make the case they are receiving obviously a lot of benefits now with a college scholarship which steve berkowitz and usa today surveyed a few years ago valued at i think over $100,000 a year in terms of coaching, exposure, training, all of the things in addition, of course, to receiving a first-class education at some of the finest universities on earth. the idea that athlete -- student

athletes need to be paid. i understand the argument. i'm sure we'll be going into that quite a bit over the next hour and a half or so, but for me a couple thoughts. i'll throw them out there is we can get rolling on this. the no holds barred discussion i think we're planning to have. if we're paying the football player, are we playing the field hockey player and if not, why not? there's that little thing -- that little law known as title 9 signed by richard nixon june 23rd, 1972, changed the playing fields of america. i think the most important law in our country in the last 42 years and wee just begun to see it work its magic. it's really still in its infancy. if you have a daughter or a girl next door, a niece, a granddaughter, you know how important that law is. wait until all these women are running for president and running universities and running businesses. we can't ignore that law unless we decide to go to some economic model for college athletics that leaves the university in the academic setting and katy bar the door if we go there.

i think my overall feeling on this, jimmy, is that the notion of be careful what you wish for. i'm not so sure we would like what we create if, in fact, we start paying athletes and have a whole separate pro league and lose what has been such a popular piece of all of our lives, which is that college sports experience either playing for watching, being on campus, cheering for these student athletes, many of whom are doing it the right way, are going to graduate, and are going to give back to the universities for the next 50 to 60 years and those communities. so there are absolutely -- are there problems in college sports? you bet. but paying athletes is not the way to solve them. >> let's go right down the line. lenny? >> well, i would agree conceptually with christine. she speaks of paying athletes, but it depends on what you mean by paying them. i look at the relationship and kind of just came to my mind as