year rule of tyranny, institutions, played communities off against one another. i think obviously the biggest failing of the transitional government period after the fall of gaddafi was the absence of a government that could project its authority, that had the means to enforce its rule, that had monday oppose -- monopolizessation. on force. so we're talking about the cohesive army and police. and led to the proliferation of the my militias we hear so much about. one based in tolbrook and the other faction based in the tripoli. unrecognized. it has an islamist hue.

lo this distinction between islamist and non-islamist is really simplification. we're talking about multiple communities, ideological ethnic and town based communities that have banded together against common enemies. it is a incredibly complex civil war. if i was to point to one dividing line in libya that i see is sufficiently explanatory that helps us understand this conflict, it is really the split between the old order, the old officer class, the old technocrats, old regime and younger what i would call revolutionary camp. some of this revolutionary camp are, in fact islamists some are islamist fighting groups that had ties to al qaeda. some are brotherhood. but i think that is the real dividing line. where we are stuck right now is in a vicious cycle of mutual demonization and wild exaggeration. on the one hand you have the camp in the east that is led by

general heftar, there is an excellent profile of him in the new yorker this week. that is sort of using the counterterrorism card to paint his domestic opponents, the islamists, as terrorists. and on the other side i was in tripoli on the islamist side. and you have this camp saying this is a conflict about the return of the deep state. we don't want the old officer corps coming back. and the heftar is gaddafi part two. we're stuck in the cycle of delegitimatization. i think one worrisome development we've seen in the last few weeks is the fragmentation of authority on both sides. we speak about to two camps. the dawn camp in the west. the dignity camp in the east. these are really loose coalitions of militias, power centers, and they are fragmenting. and on the one hand that fragmentation is encouraging because it allows you to identify moderates you can peel

off and bring into a dialogue and that is what's happening now with the u.n. sponsored peace talks under way. but at the same time that is worrisome because you have spoilers. so just as the u.n. talks are under way, you have the islamists carrying out an air strike on the zintan airport yesterday and is very worrisome and threatens peace talks. let me say a little about the rise of isis. the idea of libya as the base, as a haven for extremism is not new. it existed under gaddafi, the city of derna that provided many volunteers to iraq and syria -- iraq and afghanistan. you know, after the revolution you had the growth of al qaeda affiliated groups. the ansar al sharia. and indeed general heftar's campaign was to root out those groups.

i think what you have is not the defeat of those groups but rather their dispersal and mutation. this is what we're seeing with isis. isis is really peeling away a lot of members of these older post revolutionary jihadist groups that had affiliation to al qaeda. you had influx of volunteers that went to iraq and syria to fight with isis. libyans that went, started returning last spring and last summer. that formed the nucleus of isis in the city of derna. you've had isis spread to all three of libya's major provinces. and of course they have conducted some very high profile attacks against corinthia hotel and most recently tragic killing of egyptian cops. again, let me move to some thoughts about policy option. one thing that makes this so confounding, we're faced with a terrorist problem in libya that is embedded in a very complex civil war. there's no government to work

through. there are two competing factions and we face this in iraq and syria and yemen is what partner do we assist on the ground? how do we work with forces on the ground? there is the danger that if we provide assistance to one faction, that assistance will be used politically against opponents in the civil war. where are we at right now with resolving this conflict? you had the united nations came out i think today and said if these peace talks next week don't resolve themselves, lead to some resolution, there is a real possibility of a u.n. intervention. we may be moving toward that possibility. my conversations with u.s. policymakers, i think what the u.s. is trying to do is persuade more pragmatic factions of the dawn coalition, islamists in the west, to move toward a peace agreement with the toll brook

government. first is a cease fire. there has to be a policy of noninterference. the egyptians are conducting air strikes but my sense and my opinion is these are unhelpful. they are going after camps in the east. but what it's having -- what it's doing is having a polarizing effect on the civil war. egyptian intervention is not helpful in terms of resolving the broader political conflict. i think the u.s. has a number and the international community has a number of sort of coercive measures they can use to try to force this conflict to an end. one of them is as asset freeze on libya's central bank reserves or oil funds. again, both sides in this conflict ironically, both the dawn coalition and the dignity

coalition are acting oil funds of the they are drawing from in pot of money to fuel the conflict, to pay their militias. the idea is you cutoff that stream of revenue, freeze the assets. put sanctions on certain individuals who are known to be attacking civilian facilities and that will somehow end the conflict. again, it is a risky hypothesis. there is a lot of operational questions. because most of the central bank assets are held in europe. and my sense is that the europeans are a little reluctant to do that because of blow back in libya. the question of a u.n. intervention force, this is often heralded as silver bullet, you know, send in the u.n. again there are questions about its mandate. who would pay for such a force where it would deployed in libya. there's been questions about numbers of troops you would actually need to secure, key installations, key areas. talking about tripoli or benghazi, combined they have population of 3 million. and by some calculations you would need about 30,000 troops to actually secure those areas. so again, a u.n. resolution of

intervention force is not the panacea. my hope, and i'll just conclude on a guardedly optimistic note. i just got back from the city of misrata, which is the central port city in the west that fuels the most powerful militias on the dawn side. this is a business community. they are merchants. they also have the most powerful militias. i got sense they are tired of fighting. there's an exhaustion. you do have pragmatists emerging. i think the trick is identify pragmatists, bring them into the dialogue process. on the other side, identify people you can work with. there has to be some confidence building measures on both sides. and i'll leave it that. >> thank you. that was really an excellent beginning to our conversation.

i'm going to try again. ibrahim, can you hear us? and would you like to give remarks now? okay. i'm going to take that as a no. ibrahim? can you hear us? okay. i'm going to move on. again, apologies to all of you and apologies to ibrahim for our technical difficulties here. >> i'll ask you to plunge in, if you would. >> good morning everyone. i'm really happy to be here to talk about yemen. i want to point out a few years ago we were talking about yemen in relation to tunisia as one of the successes of the arab spring, and now here i am today talking about it in relation to libya and sometimes in relationship to syria. i this i this is an opportunity to quickly glance over what went wrong. i think maybe it could be a cautionary tale of what the u.n.

should not do in libya, if they have an opportunity for a dialogue. so just a quick look at what's happening now in yemen. you have a houthi rebel movement that's been all over the news. they have control of 11 governorate governorates. you have a strong southern secessionist movement. strong in the sense they are dementing secession but they are not united and it is a coalition of several groups. and you have popular communities also that used to belong to the pro hadi, former president who just resigned. so you have these three main agents taking place. of course in yemen you also have tribes. you have al qaeda and the arabian peninsula. that's been america's biggest concern. putting all of these players aside -- of course there are a lot more than those. and i can discuss in question/answer session if you want. but looking at yemen right now. what is going on in yemen right

now? you have a houthi rebel movement that took over the capital sanaa. and you have a president and a government that resigned. and so what the houthi group proposed for yemenis is the creation of the 551 transitional national council that will take yemen through another transition for two years. this council will select five members and the five members are going to form a presidential council that is supposed to take care of anything that yemen needs for two years. and then we can have elections. of course the the threat of this is we just finished a transitional process that's led by the u.n. so the risk is, are we recreating another transition that is just a lot of work but no actual work would be implemented on the ground? i just want to quickly give you guys an explanation of who the houthis are. we hear about them a lot on the

news. the houthi movement started in a shiite sect in yemen, morphed into a rebel movement. by early 2000s, engaged in war. since air spring in 2011 they were able to present themselves as victims of the former regime and to show that they have strength in the northern parts of yemen. so i they participated in yemen's national dialogue with 33 members, and they also were able to secure an entire committee in this dialogue just to discuss their concerns. so while they were engaging in the dialogue, they were engaging in warfare outside of the dialogue. they were fighting a group in yemen that belongs to the sunni sect. what's happening now in yemen because of the war with hoothis we're portraying it as if it's a

sectarian war. in reality it's all about power and politics. i think we need to keep that in mind. the houthis came to power by protesting a subsidy lift that president hadi decided to do to save yemen's economy. it was an essential move yemen had to may in order to keep its economy from collapsing. so when the people took streets the houthis capitalized and demanded that the subsidy lift would be removed. so to reinstate the subsidies and then they pretty much held protest and within six days they took control of the capital. september 21st they surrounded all the government buildings and took charge of everything there. having said that since they have demanded the creation of a new government, there was a new prime minister who was appointed, new government was selected. but the new government they created just in november of 2014 actually consisted of tech no

-- technocrats, political parties on the ground in yemen and tribal leaders refused to participate in this government, which is probably why the government resigned. they had no actual effect on the ground. the government was created in november. they got approval from parliament in december and resigned in january. that was a short lived government. and now yemen has no government. everything is in the control of the revolutionary committees composed by houthi. the revolutionary committees is a fancy name for militant and political houthi branch on the ground. and they actually report directly to the leader of the houthi movement. they don't deal with the political office of the houthis. why did the houthis take over yemen? what happened? what went wrong in the national dialogue's transition? first of all we get the usual critiques about yemen's national dialogue that was led by the

u.n. it was too big. it took too long. the members were 565 members. but to be -- to take that a step furtherish the failure of the transition was actually because of the government that was created. so in 2011 we decided to have a national unity government that was going to be composed of different political parties. that government, because it was composed of different political parties, they refused to work with each other. and i think each political branch was trying to secure their position on the ground. and hadi's government didn't really work for him because he was a new president put in place for just an additional two years. so previous to 2011 we had a yemeni government acting as a mediator or middleman between the international community and the wes and the local power holders on the ground.

yemen always had tribes. they always had movements. even in some cases you know, if you're successful, you can be a shaikh. so the government was able to create a flow of communication between the west and what's going on on the ground. hadi's government kind of broke that tie. because they didn't have ties to society, they couldn't communicate anymore. and so it seems that led to the weakening of state institutions. the government wasn't able to deliver services. and on the ground political parties took advantage of discourses that weakened national identity. people on the ground were for the first time asking, oh, are you sadi, are you sunni. what is your politics? and they started pointing fingers at each other and that is all because of a strong political vacuum that was left. so what was also another problem is yemen had no checks and balances in place. the military restructuring that took place weakened the military.

the law wasn't effective. and we also had a parliament that was in place since 2003. there was a huge and dire need for parliamentary elections but that didn't take place. the worst thing that happened during the transition period is that in february 2014, we were supposed to have presidential elections. that didn't happen. the period was extended and the biggest problem was that the international community and the players on the ground did not find a legal way of extending this transition, which made it very easy for people to come and point out the flaws and to take advantage of what's happening on the ground. the only thing that happened to explain the extension of the transition period is the u.n.'s special envoy stated the gcc deal, which had a time limit of two years, is only ending by the delivery of the transition and not by duration. so that is what brought us here. what are the mistakes that the

international community committed in yemen? they wanted to keep hadi as a key ally because they were able to combat terrorism on the ground. and of course they didn't extend an official process. and they also had no plan b. in yemen they had the national dialogue conference and that was the only game in town. all other ways of negotiation, any kind of tribal negotiations or any kind of on the ground work didn't take place. everything was entrusted into the u.n.'s hands and everything poured in that direction. that is a very big mistakes. because the realities on the ground were separate what what was taken on behind closed doors in a very elite hotel. so looking at yemen, what now? what can we do? so first of all what's happening now is the u.s., the u.k., france and a bunch of other governments decided to shut down their diplomatic missions on the ground in sanaa and to pull them out. there is a policy or strategy of

isolating yemenis and isolating the houthi movement on the ground. and i think that this policy right now is probably the worst thing that they could do. it's definitely pouring into what saudi arabia would want because saudi is very upset that there is a shia movement near their borders. however this isolation will only push the houthis towards the arms of iran and also probably strengthen al qaeda and a arabian peninsula. because at the moment with the government out of sight, the houthis are the strongest on the ground and they are enemies are al qaeda and the arabian peninsula. so the fight the houthi, any kind of funds or any kind of weapons that are going to go into strengthening opponents of the houthis is probably going to fall into the hands of al qaeda or any kind of militant branch that is similar to that. and so in my opinion, the countries that evacuated yemen should probably return and engage in negotiations.

the immediate reality on the ground is that the houthis are here to stay. they have control of the majority of the military. i would say at least 60% of the military is in their hand. they have control over the national security bureau and the political secure organization of yemen. and so we're going to have to deal with them. and i think while i strongly condemn their behavior to arrest protesters and torture them and to keep former government officials under house arrest, they have control. so unfortunately if yemen stays in isolation, war is probably going to be the only business in town. and everything is going to pour into that. and that is the last thing that i think anyone in the world would want in the middle east right now given the circumstances in syria, iraq and even libya. can we save yemen? that is a question that i always hear. i think that, yes, we can save yemen. because there are always options. there is never one way. we just have to be flexible in our approach.

we also have to all put pressure not just on the houthi rebel movement but also on political -- other political parties to engage with the houthis to come up with a transition. the only option out of this is to kind of create a force on the ground that is composed of all the different parties. and kind of hope to hold presidential elections. and so we need to stabilize yemen. we need to save yemen from a massive economic disaster that is going to come on the way. i think 62% of all yemen is dependent on humanitarian aid. and about 14 million people are in dire need of clean water. and so looking at the circumstances there, we need to kind of assess these people. and we need to kind of advise the u.n. special envoy to yemen, he is still in yemen, holding negotiations between political parties and the houthis. i think maybe it is in our best interest to ask him to change

his strategy and to hold negotiations that are open and transparent before everyone. the yemeni people need to know everything. and i think on the ground yemenis don't know as much as you probably know here. they don't know what is going on behind closed doors. and i think it's very essential to keep all of the negotiations open and transparent and to engage the people in any kind of transition moving forward. the only thing is i just want to say that it is a shame if we lose yemen to the houthi scenario that we're going to see in the future. because yemen displayed one of the few unique democratic experiences in the arabian peninsula. there was hope for democracy and it was one of the few countries where women's participation was actually going somewhere. and i think the u.s. has invested too much to kind of let yemen go by isolating them or by abandoning all the work that they have there. >> thank you. i'm going to go to ambassador bodine next and hopefully then our technical issues will be

revolved and we could hear from ibrahim. so please. >> thank you. thank you all for coming here this morning. battling the remnants of what passes for a blizzard in washington. and i notice a number of people in the audience who could do just as well sitting up here as sitting out there. so look forward to the question and answer. thank you for your overview of where we are on yemen and bringing us up to date on libya, which i profess not to know very much about. i have to say that sometimes when i hear people talk about libya, i kind of envy you. because it seems as if you have got a nice, neat -- you got the east versus the west. >> too simple. >> no, i know. and i took your point on fragmentation and everything. but when you do get to yemen, you get to what i've often described as the kaleidoscopic political structure. where you have a finite number of pieces and infinite number of

patterns. and who is allied with who? and who is in coalition at any given time is constantly shifting. and i am sometimes concerned that in washington we try to find mosaics which are statics, as opposed to kaleidoscopes, which are in constant motion, when we are trying to do policy. i think one of the first questions on the policy side that the u.s. and others need to ask is, do we judge whatever we have as a yemeni government solely through the prism or via standard of compliance to serve as a proxy ground for our -- first our war on terrorism and particularly on al qaeda? with the financial focus

primarily on issues like working with local partners. in a rhetoric that is almost solely focused on counterterrorism. even the other day when i was speaking about yemen, somebody from usaid noted how much we have increased our economic assistance to yemen over the years. but described it as fully integrated and supporting our counterterrorism effort. and so our development work, our governance work was all put within the context of counterterrorism. so we looking at yemen as a compliant partner in a proxy war? or are we willing to go back to, as was described, looking at the various stresses on this state and on this society that over the last couple of years really have undermined the legitimacy and the efficacy of the government and allowed the extremist narrative to become the operative one?

we used to be very much engaged in governance and projects in yemen. we were never the largest donor but we were a very active one. and yemen was at one point a emerging but indigenous democratic experiment. in fact, the first community of democracies summit meeting was held in sana. sanaa. unfortunately i think what washington has been doing over the last several years -- we opted for the first alternative. that we have seen yemen solely within the context of our counterterrorism fight. which is a highly narcissistic way to be structuring your policy. your national interest absolutely needs to be first and foremost.

it may not be narcissistic. ours has become narcissistic. in fact a couple of months ago after the september takeover by houthis but before the january, whatever we're calling that, there was some talk about washington starting to open a dialogue with the houthi. but it was all done within the context of "well, will they let us continue our counterterrorism policy?" and so we were defaulting back to where we had always been. the other problem with this is is that it's very short-sight sighted and i would also make the contention it has not been successful. we've been so focused on aqap that a constant stream of reports going back at least a decade, on the houthis, on the southern secession movement, on all of the various security and political stressors within the country, were not really fully

realized and addressed. and in fact i've recently heard someone -- a senior policy person describe what is going on in yemen as an intelligence failure. and i was very surprised because it was not an intelligence failure. anyone following yemen knows yemen. knew what was coming. perhaps not the exact date but certainly it was not a surprise. i think what we have had is a policy failure. persistent efforts to squeeze yemen into the preexisting templates have proved to be of nominal effectiveness. an example is the current effort to try to squeeze yemen into this sectarian battle. that it is between sunni and shia, the fact that they are sadis and shaffis gets completely lost. and by putting it in this sectarian vocabulary, we also again walk away from having to face what are the real stressors

in the society and the state which are again governance and development. we start to see the problems as externally generated. if it wasn't for the iranians everything would be fine. well everything was not fine. the iranians are actually fairly late arrivals to this. and we have been raising the profile and the status, therefore, of aqap against sunism and the iranian backed shia-ism. the houthis are the internally focused indigenous political movement. i agree with mel, a, their tactics have been very wrong. but to think that they can somehow step down, the recent u.n. resolution, which asked the houthis to basically walk away was naive at best. they are a political force.

they are a security force. they are there. and they are not going to step down. ironically, if they were to step down -- let's just say they actually kind of went oh my god the u.n. security council has told us we have to step down. i guess we're going to have to do it. there would be a total vacuum in yemen. there is no party. there is no coalition which is currently capable of running the country. even with a constantly shifting coalitions. and so this is one where a u.n. intervention force would be about as counterproductive as anything i can imagine. it would not work. i don't know what side they would be on. i don't know what they would be doing. except perhaps unifying all of the yemenis against them. but where the political dialogue with these ever shifting coalitions is frustrating, no

guarantee of success, but is the only step forward, what we have to do in terms of policy is think what happens the day after? this is what we did not do with the national dialogue, which was an amazing experiment in rewriting the social contract. but the international community was not set to step in the day after the national dialogue and provide to the yemeni people the economic/employment/governance changes that had been behind the 2011 revolution to begin with. we kind of went national dialogue over. we have constitution. you know, put it in the success column. go home. we can't do that. so we need to learn from our most immediate failures and i think our failures going over a number of years to start thinking about, you know, we don't want the shame of losing yemen.

we are not at that point yet. but we have got to change our approach and our commitment to yemen to be one of something other than a proxy war, seeing it as somebody else's proxy war and actually get at what are the stressors within yemen. this is a saveable country. thank you. >> thank you. i think we still have some technical difficulties. let me check. ibrahim, are you on the other end? >> i think it is solved now. can you hear me? >> yes we can. so as we originally planned, our last speaker will be ibrahim sharqieh. please go ahead. >> hello. thank you, everyone. thank you in washington and thank you for starting this very important discussion early in the morning. it is almost 6:00 p.m. here and

-- in doha i'm glad to finally overcome this technical issue and share with you my thoughts and join the discussion with washington. thank you, everyone. thanks also to my colleagues for their great insights. i'm trying after these great presentations on libya and yemen, i'm trying to recognize some patterns and do some bridging between libya and yemen and run some comparison and recognize some patterns over here, try to understand civil wars that are taking place now in the region. and it is sad, let me begin with this, that only simply we were talking about change and nonviolent resistance and national dialogue. and now the narrative or the debate has shifted from change in peaceful means that we're talking about civil wars in the region.

looking at the two country, two cases, libya and yemen there are a number of patterns that can be identified here. the very first one is that in my view the process of a transition it self in my view levels of instability and the violence that we are seeing, that is taking place in both countries, actually, is not completely out of norm for transitions looking at worldwide experiences at how other countries dealt with this transitional period. so transitions are going to be complicated, messy, difficult, very challenging and yes can be violent. in many cases -- actually looking at a number of cases there. there is an estimate of approximately only one-third of transitional conflicts that make

it peacefully, successfully peacefully without experiencing levels of violence. but two-thirds -- estimate two-thirds of transitional conflicts after negotiated agreements, they usually suffer some aspects of instability. especially in the first five years of transition and after a regime change or after a civil war and all of that. so what is happening now four years or five years after the arab uprising, i think we're still looking at it from a global perspective. it is still within the norm. but we should of course take that for granted and recognize that especially because -- and here this takes me to the second pattern, which these conflicts or civil cars, call them

whatever you want to call them, can still be contained. looking at civil wars in general, also globally, the duration of civil wars usually last between five years and 15 years. here we are still in the beginning. actually this is good. this gives us hope. and in this tells us why probably we haven't -- i see the point why some are hesitant about even calling them civil wars. so i definitely see that. probably we haven't reached a serious civil war that is happening in these two countries. so it is still debatable. and it is still within the first couple of years after the transition. so i think in my view this gives hope.

and as it is still -- can still be contained and can be prevented from entering more of a vicious civil war probably as we see in syria or in other places. the number -- the third pattern that i'm seeing, which is quite alarming and we should be careful and we should notice it now in fact, which is these conflicts or civil wars are becoming more self-sustaining conflicts. meaning that this experience of instability that the two countries are experiencing actually are generating new issues that were not or did not exist in the past. for example, in libya only as a result of the recent fighting the number of displaced people has reached almost 394,000 people. this of course adds to

approximately half a million from the revolution under the regime. so this takes the number to now approximately 800,000 or some estimates put it even to a million. so this large number or influx of refugees emerging as a result of the current finding is pushing the conflict in libya to more becoming self sustaining here because issues making more resistance to the revolution. in addition, an example actually, is the number of militias. in the past i remember we were talking about probably a handful, a few numbers of militias in libya. today we're talking about some estimates put it to 23 active militias working in libya. regardless of the exact number, this actually is alarming in a

way, we have emerging warlords here that are benefiting from the status quo. it is in their own interest for this conflict to continue and that is, again, the self sustaining continuation of the conflict becomes more alarming. another pattern that the two countries have shared, which is the spillover effect. we are seeing it's obvious that egypt, or conflict in libya has aspects of spill over in egypt. we are clearly and publicly seeing egypt becoming or taking an active bombing part in the conflict in libya. in yemen we have to be careful because always when we talk about the instability there, we always -- the immediate thing

that comes to our mind is saudi arabia. and of course, 2009 is still present in our minds when saudi was pulled into the conflict between the central government and the north, and make the conflict of the situation more complex or more complicated. beyond the spillover, in the neighboring countries, another pattern that is emerging here is the regional or the global aspect. and i will give you an example here of the oil supplies, oil markets, and how the markets go to be impacted as a result of this -- in libya, for example,

oil production has dropped in libya to today almost 400,000 barrels a day from 1.6 in the past, so it is almost now -- libya is producing less than one-third of its capacity in oil production. this is going to have, of course continuous impact to the world market. in the case of yemen, also, the houthis, as you know are getting closer. now we're nearing more often in the debate in yemen. a civil war in yemen protracted civil war, of course, is going to have serious impact on states where we have almost 4 million barrels of oil go through the trade daily. so that is also another impact

that we're going to see more beyond the region and how it's going to impact others. the spoilers, we're seeing that part of it is emerging and taking more active role, gives the transition against the political process and working against everyone, basically. we know that it has been a long time in yemen, and now we're seeing daesh or sis or isil, whatever you want to call it also becoming more active in libya, which is the two countries shared. another alarming aspect here is that we started to face an issue of legitimacy in the two countries where in the case of yemen we know that houthis are representative of themselves. they have representation. but on the other side, actually

who represents who? the south -- the joint meeting partners that used to be more functional in the past, it's no longer the case. now the youth, or who exactly is representative of the other side. also even within libya itself, we were talking about operations or -- on the side of libya, who

. . . . policy failed miserably and exacerbated the situations.

part of one reason why we are where we are today in yemen is because of the short sighted security approach of the drones attack thinking this is going to solve yemen problems. in fact actually we missed an opportunity for a political transition to succeed that was magnificent -- achieved magnificent results in the past three years in yemen. but in fact, actually, the past three years in yemen showed that we have international community ignored yemen neglected yemen ignored. of course this finally led to where we are today and unfortunately that transition or solution within has been the

problem. i think the solution will have to come from within. a nonviolent resistance, uprising might need to continue. i agree also my colleague from washington that probably isolating, this is not going to solve the problem going to make it more difficult. again, i think we need to emphasize that local solution from within supported by international community, nonviolent resistance national dialogue, and with the hope in libya peace negotiations has are taking place. here is a very important lesson to learn from yemen where actually the u.n. became too much involved in managing the

schedule and dialogue of the yemenis during -- during the time leading the national dialogue. actually lost the concept of ownership of yemenis. i think this is a lesson that is important for leadership to learn today. and that the ownership of libya, the libyans will have to solve it i think moving negotiations from outside to libya was a step in the right direction. and i can't resist to say one final word because i see this, i'm sorry taking more time because this is always, has become central to the debate about especially in yemen whether we have a sectarian conflict. in yemen it has never been

sectarian conflict. they have always lived together in peace and harmony on many levels. political, tribal, you name it. the civil society organizations. however, i'm particularly concerned with the way the crisis is being managed, that one day the sectarian aspect is becoming more vicious and will start to cause more -- so with that i will stop there and thank you again for this discussion. >> thank you, ibrahim. thank you for your patience and the audience as well as we dealt with technical issues. before we go into audience q&a, i'd like to ask a few of my own. ibrahim, let's start with you, just taking advantage of the fact that the video system works and fearing that it might stop at some point.

my question for you is, your solution of dialogue from within, a change from within, to me sounds very compelling. but there is another possibility which is simply the violence from within gets worse. and that five years from now we're talking about a much more bloody conflict. what is your sense of the trajectory of violence? do you feel we're going to be looking at resolution or that it's actually going to a more dangerous stage? >> well thank you. this is really, really important question. what i would like to see is the following. because the rest of that political parties in yemen are still overwhelmed with the houthis movement although they started the coup, back in my view, in september, they are still overwhelmed.

they haven't really been able to put their thoughts and their strength together and form a balance of power to the houthis. also in arabic form. for the yemenis, the other political parties to come together and more of a nonviolent continuation of uprising, the nonviolent uprising we saw in the past and to balance the power there in yemen. i'm hoping that the rest of the parties or the political parties in yemen will realize that and be able to form come together and balance and be able to engage on a solution. but i am, i am actually concerned that concerned that

it's not taking that direction yet. i haven't seen. i'm seeing more signs of civil or violence. the tribes, they've already formed a power together, a coalition together. see the secessionists in the south that they're also forming their own power it's not taking the direction of the solution i would like to see, but more exacerbated the crisis of the civil order. and for the international community to support that direction. >> thank you. if i could ask you. since the killing of ambassador stevens and other officials, it seems that the united states has been in retreat from libya.

both in a policy sense but also in an institutional sense. as the situation becomes more and more complex, u.s. knowledge on the ground, ability to work with people on the ground diminishes. is that actually right? but more importantly if that is the logic, how and why should the u.s. be more engaged in libya? is it reasonable to say it's a tough situation, okay. moving on we have other priorities. >> well, again the attack in benghazi. it did force this retreat. and i went to libya five times since the revolution. each visit i saw that the u.s. you know, just presidents and, you know, talking to libyans. we never get visited by the meshes anymore.

we have all of these programs on the books but we can't execute because we don't have the staff, it was a skeleton crew. the same thing with the security sector. we make a lot of noise about should we help them build their army and police early on? there were plans on the books to do that. you know, i think part of it was some u.s., you know, reluctance to get involved. we can get into that. the question also was where would this training occur? it would have to occur you know overseas. so, again i think the question was -- the problem was one of distraction, no doubt. i mean, obviously syria, iraq ukraine, libya started sinking lower and lower on the priority list. i think there was a sense in washington that this is a european problem. i mean, they're the ones that are, you know, 200 miles off the coast from this problem.

the mission in libya. there's been a lot of after action thinking about its mandate, its capacity early on. the u.n. was frank in acknowledging they focus too much on the elections early on. they are so geared on having these successful elections. and they were successful. but then they neglected the security sector. and while those elections were happening, you had the rise of militias. you had the deterioration of security in benghazi, the rise of extremism. you know i think moving forward, when i talk to people in senior level policy positions now, there's this sense that if there is some sort of peace deal. if there is a unity government in libya. the u.s. approach going forward is going to be more forceful. they're not going to be waiting for the libyans to ask. i don't know what that means operationally. you do get the sense that washington is taking this

problem very seriously. unfortunately, and this goes back to barber's point. it's the isis thing. my danger is we're going to view this again through a counterterrorism lens. there was an effort early on to try to train a very small libyan contingent of counterterrorism forces. the program fell apart. we can get into why that happened. what we were essentially doing was training a factional militia. not a counterterrorism force. again, inserting ourselves into this very kaleidoscopic situation, inserting ourselves into that. could be more destabilizing in the long run. >> thank you. if i can ask you anything that can catch attention as much as terrorism, it's iran. as you know, there's been press reports of great iranian mole in yemen. can i get your sense of first of

all how extensive this is? is this kind of, you know, one iranian showed up and all of a sudden it became an iranian division in yemen or is it something more serious? what's your sense that iran wants to accomplish by having a presence in yemen? >> i think it's clear that they don't like saudi arabia and their presence in yemen is to weaken and undermine saudi arabia first and foremost. but it's also to create allies in the arabian peninsula. they don't have a lot of friends there right now. but they are a growing force. to answer this question with a clear answer would be very hard. we don't know if they're still practicing as it used to be. we don't know if there are new holidays that they're celebrating that are not part of the traditional sect that was practiced in yemen. i call them a neo zati movement. they're not like hezbollah and lebanon who are very similar to

the way they are in iran. and i think to say with certainty how much support they're getting support from iran would be very hard. i know that at the start of the revolution, on the ground, the kind of support they provided yemenis is more logistical than it is financial. they are training them to be organized. how to present themselves, probably presenting strategies. it's very obvious from the speeches, who is the leader of the group that he is mimicking the attitude of giving speeches. also, the uniform and some of the strategies, the views on the ground are very similar to what hezbollah's done in the past. however, what's not like it. so hezbollah has come into beirut before twice, which is the capital of lebanon. but they withdrew after their demands were met. and yemen's scenario, we have the them coming into the capital

and trying to take over the entire area. to come and take control of everything. and so, it's very very vague. i think the only way to find answers is the situation has never happened before in yemen, and to kind of say anything with certainty would be a mistake. >> barbara, if i could ask you to conclude at least my part of the q & a. you've been thinking about counterterrorism more than the vast majority of americans. you've done this for quite some time in professional capacity and you've also been thinking about it in the yemeni context. with that in mind, how do we think about al qaeda and the arabian peninsula? if drones are not the answer, or, then what is? and especially in the context of a lack of government? >> yes, thank you. i will say that i do think that i agree with a lot of observers that the drone policy when

drones went from being a technical tool to a, you know, the full strategy, we began to lose and lose very badly. interestingly, when we first i won't count the very first rounds we used. but when it became more the focus of our approach, what we've actually done is spread al qaeda, aqap. its supporters have grown. its territory has grown. they also did see the vacuum that was created by the 2011 revolution and used that to expand their territory. what we should be doing is not so much and instead of but in addition to. and this goes back to what i was saying. that our c.t. strategy in yemen has been too narrow and too

short focused. as fred noted you know, you end up training what you think is a ct unit. you've really just sort of trained, you know, a militia. we didn't work with the yemeni government on what do you do let's say after 2013. when he came in he was very focused on aqap. became much more personal. even though the yemeni military on the ground was effective and the drones were being used, where we failed was going in afterwards and rebuilding. and so, you know, it's one thing to take out, you know, some tiny village in the middle and

scatter the aqap people. but if you don't go back in and rebuild the homes and provide services and provide something else, you have not moved it forward. we used to have what was a clear build and -- we never got around to the build part. aqap has a fairly limited reach in yemen because it is such a sunni organization and a large part of the country is not. and we've never capitalized on that. we never used that as a way to build works against it spreading in other parts of the country. so what i would say is, and this is from something that a yemeni official said to me. it's not that we need to take our focus off of security, but we need to broaden our focus an aperture.

look at the midterm and long term stress, stressors on the society, and be seen as involved in those as we are in what i think a lot of yemeni's see. >> thank you, i would like to open it up to the audience. a few notes, please speak into the microphone. short questions. and also please identify yourself. i will take people in groups of three. yes? >> thank you, palm dawkins with "voice of america." you mentioned you were recently in libya, what is your feelings larding the beheadings of recent egyptians, is it your feeling it was done by the group, or islamic supporters, and what does that say for the u.s. lead counter terrorism strategy.

and along that line, for the u.s. extremist summit under way here, what needs to be done trease this type of extremism in yemen if this is the core islamic state? >> in the back corner? >> thank you, two questions on libya. the first one, what do you think about the agerian game? and don't you think having an

egyptian led u.s. mission in libya would have a new equation with the ethiopians. so you have a bordering country going inside ethiopia with somalia edged with libya. thank you. >> graham common with icrd. if the south succeeded, how would that affect them. >> thank you, i will no ask our panelists to respond. ibraham, please take up any of the questions you want to take up.

>> thanks, one thing that is on the issue of libya, i think this is going to be -- keep in mind that we have spoilers -- the groups in libya. i think it will lead to catastrophic results. libya is a vast country. there are many active groups that are operating in libya. these are indigenous groups. they have one representation within the public of -- within

the libyan public so they're not isolated in groups probably like al qaeda and yemen. and look today you will see the difficult wide representation. and other parts of libya. so any solution in libya, if we are thinking of this time of somalia intervention, or troops that will intervene, and stop the strikes as we see by the egyptian government, i think this will make the situation

worst and will have to -- on the negotiations, and i think there is a plan for this. because for the past weeks showing willingness and i think that is where it must be doubled and nur that you have an agreement there. >> right, i mean i completely agree. egypt is really a party to this conflict. they're backing one side. this has been on going since last year. they're backing it with intelligence and logistical support. it is unreasonable and it would be polarizing and it would lead to greater conflict. on the issue of the islamic state, what do we mean by core islamic state in libya. there is a council that was

among the first groups to declare loyalty. the people that conducted the execution, there is foreign elements there. the real question is what does this mean for the islamic state's actual reach. what kind of coordination and communication is going on between the islamic state core, and the sprout up group in libya. certainly there is a transfer of communications, technology, i think the videos really speak to that, but it is unclear to me what that means operationally. i think the danger of what we're seeing is a weakening of these groups in libya that have been pushed out of benghazi. you have younger members of these groups graf stating towards the islamic state. with regard to the white house counter-extremism conference. i think there is action for ngos to be involved here. i was talking to a lot of groups

in libya on the so called islamic state. with regard to the counterextremism conference and how that applies to libya again, i think there's a real role for civil society activism for ngos to be involved here. and, you know, i was talking to a lot of groups in libya on the so-called islamist side. and they're worried about the spread in their communities. i spoke to one young man who has a large family and he says some of the members of my extended family have gone to fight in is a problem that affects communities. and i mean tripoli and other partners that the u.s. should be engaging on that issue. >> on the subject of southern

succession in yemen. we have a joke going on for a few years is the reason that yemen has not succeeded is because of the southern succession. they are composed of several groups that cannot agree with each other. so there has been many opportunities, but they're still trying to come together. we have a leader who flew as soon as they took over, and he is trying to bring together all of the movements tonight and to come up with a southern solution. in my opinion, if they could not do it since 1994, they will not be able to do it now. right now they're going to take

a lot of funds and support from the outside world to combat or could wanter act the movement. looking at a possible fragmentation scenario. so you have several that would probably want to be an independent state. the biggest example is the governor of where two oil sites are located. and you will have triable war fair between them, and then you will have political parties that are disbursed all over. will they unite or what will they do? we're not really sure. and then we have a new youth movement that is not following the older generation that want to do near own thing, they are very angry. and that is pretty scarey in the south. having said that, i think that

moving forward in yemen, a succession scenario is not in their best interest. >> i agree totally. we tend to talk about the southern movement, it tends to be capitalized as "the southern movement" and there is no movement. there is an enormous range of views and parties. obviously what passes for the southern movement is really a movement that has nothing to do with the surrounding governance. the idea that even if yemen were to fragment, and i don't personally think that's going to happen dividing along the old

1990 line is probably not the way it would break up in any event. that wasn't our official line. we all talked about how we should not look at yemen in sectarian terms, but i would say the line is not at the 1990 north yemen and south yemen line. you have two very important governments north of the line that are certainly -- they don't have anything to do -- they're not that connected. so the north/south division i don't think will happen. i heard there are some parties and we were talking about spillover going out of libya, i'm more concerned about spillover coming in.

some parties in the region who do believe a divided yemen is in their interest and is starting to talk about this again. they talked about it in 1994. and the u.s. government quite wisely went to them and said a divided yemen is not in your interest, our interest, or yemen's interest. if we're concerned about the al qaeda not being adequately funded if we're worried about failed state and the humanitarian side. if we have problems with one yemen, two or three is going to be just two or three that much more failed states. and so that is not a solution to a problem. i have never been able to find out where the line between the

north and south really is. sdwr i think we have time for one more question, we'll take one from the very front. >> thank you, fred, could you take more about the central bank and how it is relating to the two sides. was the funding able to stay independent? >> just very generally, it has been a recall battle over ownership of it. and in the ben benghazi branch was raided, i think it is the real focus of the international effort, to safe guard that.

the problem is that the two sides are accessing funds from it. again what i hear lately is there is a move to freeze the assets of the bank. the europeans say they're reluctant to do that, the americans are pushing hard on that, if they cut off funds they will have a lot of angry militias. they're incredibly well armed. somebody's helping them repair those aircraft. we're talking artillery tanks. this is a very well-armed conflict.

>> with apologies for those of you whose hands i did not get to. we have to end our event now. if you're like me you're both more depressed and better informed. please join me in thanking our panelists for an excellent conversation. and again, thank you all for coming out. have a nice day. >> the house returns today after a district work period. members will gavel back in at 2:00 eastern for a debate on six bills dealing with health care and emergency care. later this week considering legislation on the epa's rule making. live coverage of the house on c-span. and the senate starting the week with several executive nominations. they'll vote this afternoon on moving ahead with a human trafficking bill and awaiting action is a vote on a loretta lynch nomination for attorney general. you can find live coverage of the senate on c-span 2.

and the senate homeland security committee's looking into errors in social security records including incorrect death records. we'll hear from a woman who has been listed as deceased as well as the social security and inspector general who's been looking into the recordkeeping. live coverage at 4:00 eastern on c-span 3. and infrastructure's effect on u.s. competitiveness. live conch from the council on foreign relations at 6:00 eastern. >> tonight on the communicators. municipal broadband and the subsidized phone and broadband program lifeline. >> what i am proposing that we do is overhaul the lifeline program, make it -- making concurrent and in sync with the

information age. challenge those providers to give more to their consumers. the prices and opportunities have gone down -- have been more explosive. for the rest of us, it should be for a lifeline of consumers. get the providers out of the certification business. that has been the number one problem we've been seeing with not so positive headlines. it is a vulnerability in the system that we need to plug. >> tonight at 8:00 eastern, on the communicators on c-span 2. >> the white house is trying to increase information sharing between government and the private sector. this is about 50 minutes.

>> ladies and gentlemen, please welcome secretary of commerce penny prisker moderator on improving cyber security practices. >> well, thank you for having us here today. first of all, i am thrilled to be back on campus. i'm a graduate of the law school and the business school, so this weather is not a surprise to me nor a shock. and it's lots of fun to be back home. and my other comment about the previous panel is i really had no idea that secretary johnson was such a comedian. and i'm looking forward to asking his fraternity brother a lot about his room when they were in the fraternity. secretaries go back and forth with one another.

but, any way, we are thrilled to be here today to talk about cybersecurity and how it affects the private sector. a year ago and a day, our administration released something that's been referred to earlier today called the nist cybersecurity framework. nist is the national institute of standard technology, which is part of the department of commerce. we knew then when we released the framework, as we know now, that cybersecurity represents a challenge not just for critical infrastructure which is how the framework was originally created, but also for economic security, and as we've heard, for our national security. we recognized then, as we still do today, that the most effective way to combat the growing threats on our cybersecurity space is through a strong partnership between industry and government and the civil society. and that's who we have here

today. i represent the government, some of our panelists are from industry and some from civil society. so with the recent high-profile attacks that we've had from sony and anthem, it's clear that cyber risks continue to grow and that we as a nation need to do more to strengthen our cybersecurity. that's why congress must pass information sharing and data breach legislation and update our criminal code without delay. that's why the department of commerce is working with other federal agencies and with our educational institutions on something called the national initiative for cybersecurity

education, which is aimed at filling the 210,000 open cybersecurity jobs in the united states today. that's why president obama made cybersecurity a priority in the state of the union address last problem that we know exists today, yet a recent price waterhouse cooper survey found that only about 35% of ceos are extremely concerned about cybersecurity threats. i have to confess, i'm amazed it's not 100%. but our nist cybersecurity framework creates a common language to discuss cyber threats and a way to measure success for senior executives

and their it professionals. the goal of the framework is to help companies, organizations, institutions protect their it from security threats, ensure their confidentiality, safeguard their privacy and civil liberties and capitalize the cybersecurity marketplace in the process. at its core, the framework serves as a bridge between business leaders and information security professionals within their own organizations. it is through the framework that we designed, you know, with critical infrastructure in mind. any business, though, can use this framework to help manage your cybersecurity risks and many are already doing so and we're going to hear from our panelists about that. i'm someone who spent 27 years in the private sector so that i know, as all of you in this room know, that good risk management

is essential for a successful business. and that's why companies from a variety of sectors are using the framework to help manage their cybersecurity risks, including procter & gamble, walgreen's, qvc, kaiser permanente, all of them are here with us today and it's also why major auditing firms like deloitte and price waterhouse cooper are using our services today. the fact is it's in our society, our businesses and our daily lives. as we know, there are 3 billion households worldwide and somewhere between 7.5 and 10 billion items, from toasters to thermostats to phones, all on line. and the implications of the cybersecurity threat given those

facts are vast. so our discussion today is going to explore how business leaders and their boards are moving cybersecurity concerns to the forefront. this is an opportunity to learn how this critical issue is part of corporate planning, part of corporate communications, part of corporate governance, part of corporate operations. so i am really thrilled today to be joined by a number of business leaders. brian moynihan, who is the ceo of bank of america. ajay banga who is the ceo of mastercard, peter hancock, who is the ceo of aig, renee james who is the president of intel. nuala o'connor who is the leader of democracy and technology. so let's jump into this. my first question, renee, is for you. what is your vision for how technology can create a more

secure environment and protect data? >> thank you. we have been working on improving the baseline of security and computing for about the last decade. billions of dollars of investment. so our vision is really we'd like to get -- just get a baseline of security for everybody, and to that end, we've made significant investments in the security industry, but more importantly, are moving forward with initiatives like giving away free mobile security, putting in multifactor authentication into all new computers, things that we really think will help consumers if it's just there and it's available for them instead of forcing them to have to go out and make decisions about what security, what they should put in, what are these crazy things. just make it easier for them and just raise the baseline so we can get everyone.

one of the statistics that was most concerning to me even just two years ago, more than half of the computers in the world that go out go out with the security turned off, basic firewall, basic virus scanning, so those are the kinds of things we've taken a lot of steps in our technology and in the industry as part of the security industry, as part of the computing industry, to move that forward, to get a baseline. >> does that mean, then, that as i'm buying a new piece of equipment that i'm going to be able to have my security just know it's there, or does it mean we have a long way to go, still, with the technology being ubiquitous and protective environment for our information? >> i would say i would give us a half in intel speak, which is to say in the next generation, we're lucky to have a lot of collaboration from the software industry, from companies like apple, like microsoft, others that are actually putting in

security that's -- you know, you can opt out, of course, but it's there. like us putting in mechanisms in hardware so it's a lot harder to break makes the transaction safer. i'm sure the gentleman on the panel will talk about some of that as well. but we still have a long way to go. it's not complete. it's measurably better in this next generation. i think the telecommunications companies are doing a great thing in pushing security onto the devices, because mobile devices have been a big target zone. but to say that we were there would be, you know, a mistake at this point. i think we have a lot of work to do. and i do think that, you know, the conversation on information sharing, the conversation on the public/private partnership is a big piece of moving that forward. >> so, ajay, let me ask you a question. there are numerous high profile and damaging cybersecurity incidents in 2014 affecting a broad range of industries and

companies. how have your customers' expectations about cybersecurity evolved, and how are you promoting what you're doing? >> so a lot of customers are people like the bank, so brian is a customer. brian the individual also carries a mastercard around. there is the consumer customer, there is the bank customer, there is the merchant, there are telecomm companies in all parts of the spectrum. the fact is whether you pay with cash for stuff or you're paying with a card or foreign or biometric print, you want safety and security in the transaction forum. you don't want to make sure something coming at you would steal stuff that is yours. we want to interact in the last three years which is completely different from the past.

technology is changing the way people do business and shop and buy and the way things are done and everything else. along with all those changes, the thieves are changing, too. they're figuring it out, how to break into these security. the first one is stop trying to make me remember things to prove i am who i am. because -- [ applause ] >> too many things to remember, and by the way, these darn passwords because of security change are on a different day of the week. if you're working in a company and you've got nine passwords to change on nine different days and you can't use the same password nine times which basically means you write it down on a stickie and stick it on the computer, which is the worst form of computer. the password is gone. it's gone. what they really want is to identify in other ways is going that direction.

the ones look at the heartbeat of you which identify wearing a bracelet and you tap the computer and you're fully live and connected, or you open your car with it and it starts and sets your map to your office, and on the way to dunkin' donuts to buy coffee and pay with your mastercard automatically, that's where it's going. that takes away the pain of remembering the password to converting to who you are. i think that will be where this will end up finally. there are challenges of privacy, there are challenges of a lot of information about you which you may not want, and those are real topics to be discussed which we began talking outside with our presenter, but the fact is that's the first one. the second one is you can use data and analytics in a clever way and a smart way to create a safety net. it's one of the things they're

launching to be able to protect wrong transactions that come through by them being fraud because of what they are. if you have enough data and enough analytics, you can do a lot with that. that's the second thing going on. the third part is something we launched with a credit union to a number of employees in the silicon valley firms where you'll be able to use a combination of voice, biometrics and scans to get telecommunication remotely. if you do those three things together, going beyond digital payments which has already been announced. this is the next stage of stuff going on. >> is there really data that is not something that can be discovered? >> so the measure of the data we get is i don't use your name when i get your card.

i get a card number, a dollar value, the transaction and a merchant call. i don't know it's you. but could i, through collaborating with brian or someone else, find a way to try to get back to you? probably. but you chose to have a relationship with bank of america and you took the card. you didn't choose to have a relationship with me. brian chose to use a mastercard. my perspective is play the role with the consumer the consumer chose to have with you. if you chose to have a relationship with the bank or the merchant, you deserve to know it's secure. i don't deserve to know that, he does. i'm very clever with where my role is and where his role is, and together we can make a lot of stuff happen and the merchant community. >> so, brian, the multistakeholder process was used to protect the nist framework, and i think it's been a big success, but i don't think we have multistakeholder

engagement going on. i'm concerned that policy debates that affect the digital economy, including cybersecurity, too often occur in silos. what do you think is the role of the public/private partnership, and how do you break down these silos and who should lead? >> i think nist had a framework, and i think if you look across the industry in our company, you see people who are looking at it and studying it, people are adopting it. we're in a phase where we think it's good enough and it gives you a common dialogue. initiatives like that are important and collaboratively important. the thing i agree with you is we make distinctions about large and small, we make distinctions about a critical infrastructure or not, we make distinctions about all that. the answer is everybody is in a tent because they all have access. the university has tremendous computing power that can be used to attack other people, so they have to be in a tent. as does mastercard, as does bank of america.

i think the issue of getting everybody in and the information sharing i think they talked about on a prior panel is very important, and we have to figure out the liability structure and that's to do still as to how you have the liability. that will take a lot of change. think about it. if everybody is in the tent, it's a comprehensive view, and then you protect the people who share the people who use the information to use it the right way. you actually can then get that collaboration that will help do it. then you get to the individual consumer behavior, and that's the type of thing ajay talked about, the data and communication and things like that. but i think we're still a long way away from the collaboration we need from the parties. we were better a year ago,

better three years ago, better five years ago, but it's getting pushed around the room and it has to be collaborative. >> where should the collaboration occur? >> i think it should occur with the government, because at the end of the day, a terrific amount of the information is going to be coming through that information cycle, and it's got to occur in things like the financial institutions that ken talked about earlier, that we share information, so there could be a private sharing among that, but there is an amount that has to go on outside. also an ability to warn us what's coming and an ability for us to find out what is at us has been used before and can be defused faster. things like that that are very touchy i think are very critical. the government spent the money and they have the authorities of powers and capabilities and they see it across everyone. so i think you have to have the government, although we can do tremendous work as we do in the financial institutions sharing information, but i agree there are still a small amount of stuff that goes into that sharing than the amount of stuff that comes at you. >> the president, as you know,

put out proposed legislation on a cybersecurity legislation that addresses the issue of not just notification about data breaches but more importantly, offering up liability protection for corporations that share with the government. and that's one of the debates that we've had is to make sure that there is enough protection so there is meaningful sharing so that we can really collaborate between government and the private sector to address bad actors and bad actions without violating people's privacy. but instead trying to get at the threats. and that's the tricky thing. and it ultimately will take legislation in order to create the kind of protections. >> the example is if someone comes into a bank and tries to rob it, we don't ask a lot of

questions about why they're there and everything else, we stop the robbery. to get into issues in cyberspace we start to get into that that we have to think through. it's difficult, but if they're bad actors, they're bad actors. we don't have to sit there and figure out why. >> so, peter, what's the role of insurance in the whole issue of cybersecurity? >> well, i think it's evolving. this is an industry that's been around for a long time, and some things just don't change. i was visiting a business in italy not long ago and i was doing insurance and i saw an industry of policy. we geeks will do all sorts of things for amusement. here was a policy dated 1670 for marine cargo. what was that insurance policy's

purpose? it was to reduce the fear of some merchant exporting to another country. and that has not changed. so when i look at the potential of the use of data to innovate has, it's as profound as international trade was back then. and the role of insurance is to mitigate fear, to empower the economy. and to quote fdr, what do we have to fear but fear itself? insurance can, at a margin, mitigate that fear. and today we insure about 20,000 businesses and about 20 million individuals against cyberbreach and identity theft. we've been doing it for about a dozen years. it's still a tiny, tiny business. but through the early learnings from the breaches, the claims, i think that there is a feedback loop of innovation where the insurance industry working together with government can help the adoption of standards,

including the nist to better security data. but the concept of insurance as a risk transfer is certainly one part of the role. it's the advisory part, the feedback loop where we choose to insure only people who put in robust controls, only people who have the right corporate culture to put an end-to-end view of where the weakest link in the chain might be in terms of securing their customer's data. >> so part of what you're doing is if i'm running a business, you're helping me do a better job at my own cybersecurity, so then you feel that your risk of loss on your policy is less because i'm a more sophisticated actor? >> absolutely. there are many, many consultants and advisers who are much more technically able than we are on this topic. the difference is we have skin in the game. if you get it wrong, we have to pay. so the nature of our advice is very much in a practical way what statistically tends to be

the result? and as ajay said, it's often a yellow stickie note with a damn password. it's not that complicated where the vulnerabilities are. getting these simple things right significantly reduces the frequency and severity of loss events, and that's where i think we can really help spread the word and be a catalyst for a more secure data environment. >> is it your perception that as the fear level continues to grow, we've seen what happened at anthem and other major corporations. is it the fact we have insurance that people aren't that worried about it, or do you really feel that there is a new level of fear that needs to be addressed? >> i think that the insurance is still woefully underutilized. i don't think people are becoming complacent because they've got insurance, i think they're complacent because they're not aware.

and a lot of people are reassured by their technical advisers, oh, it's absolutely watertight. but that's maybe watertight in one silo, but it may not be the technology, it's human error that's the problem. so having enterprise risk management that expand silos is the critical ingredient to being secure. >> so if you're running bank of america, your running mastercard or you're running intel, you have large organizations that manage this. if you're running a medium-sized business and i come to you of insurance, what kind of guidance will i get on how i do this when i don't have the large resources to grow with the challenge? >> to be honest, for these large companies, our ability to provide sufficient capacity for them is really limited, so it really is the smaller median companies that we can help most. so we have a lot of on-line training and we have tools which we deliver with our technology

partners to provide information sharing on threats. so it's really making it affordable for smaller companies who have rich data sets. it's very critical to their future, but they don't have the resources to fund all of the security apparatus that a larger firm might have. >> i think the nist framework actually opened that, because by creating different levels of companies based on the low level of sophistication, you create a benchmark process that makes it possible for companies smaller than medium to try to live up to the benchmark, makes them impossible to rewrite because of the benchmark. i think that's a critical part of what the framework does. >> i want to get back to the framework in a minute. there is a perceived tension between privacy and cybersecurity. i mean, do you think this is the case, and how are you dealing with this? >> well, i do think it's the case that a lot of people think that is a tension. i wouldn't agree there actually

is. in my time in the private sector, we saw privacy and security two sides of the same coin. you can't have good privacy without a good security system. you can't have good protection of your data without knowing data is secure. you can't have good cybersecurity if your employees aren't well trained, if you don't have the right practices and principles. we built a great team here that know how to merge those two mindsets and two corporate values. at amazon we call data an issue of customer trust and customer respect. it's about respect for the individual. it's their data, it's their dignity at stake. and this kind of always on, always connected world, we are all sharing data. i'm sharing data right now. i'm proud i'm going to get all my fitbit numbers in today, so somewhere in the cloud, the computers are watching what i'm doing. i'm incredibly proud of the great work the technology sector

has done on these issues. but we have to know as customers, as citizens, as individuals that our data is going to be protected, it's going to be kept secure, it's going to be treated with the respect when we do business with these communities and it's not going to end up in the hands of the federal government for no purpose at all for a kind of reckless and wanton collection of data. although we respect the fact that there are national security issues and real threats to this country. the whole collection of data in the hands of the federal government is not the solution. i work at this great organization, the center for democracy and technology, and we believe there are solutions. there are ways around encryptions, there are ways to de-identify and really protect the data and still achieve the ultimate needs and ends we have to get to for cybersecurity in law enforcement.

>> the convenience using their data versus the privacy that they want of feeling hey, i don't -- my device is not -- not giving away my whereabouts or my -- invading my personal space? >> well, i hear that dichotomy a lot. obviously consumer control, individual control, and the control that good companies are already building into their devices, exists and we want customers to take advantage of them. the argument that, well, just because i put all my data on facebook doesn't mean i want any privacy, that's not a legitimate argument. i should have the right to engage in a fully engaged digital self, digital world, without feeling like i should be spied on by my government. >> it's not just the government. you're vulnerable also to folks that are trying to breach all of these folks' businesses to get at information. the other issue is really one

about, as i am as a user, customer and product, and how do you reconcile the fact that my data becomes a product that you're selling, but i'm also a customer. i'm not sure i -- and i know that when you push agree on the button, you've agreed to all of these things. but is that, you know, we don't have an opt-out system. should we have an opt-out system? >> i think it's more than -- the discussion is so much bigger than opt in and opt out. the state of stewardship that i think really good companies like the ones here today are engaging in, thinking about the respectful use of information, the legitimate use of information, to serve their customers' needs to create new products. this is part of the ongoing dialogue. i really want to encourage, we're thinking about this issue and people around the world are thinking this is no longer property rights, my data is something i can barter and sell and trade.

although the companies have legitimate interest in them and we want to engage in this fully digital world. but we're thinking about this in terms of the digital self. this is part of me. latin americans have the concept of habeas data, my data, myself. i think this is the way we need to start thinking about data transactions in the digital world. this is about my individual space in the online world. i choose to be there. i choose to communicate. i choose to transact. but at the end of the day this is my personal data. some of the most intimate data flowing through the systems of these great companies now and it should be protected. >> so i want to return to the issue of the framework and ask you, maybe starting with brian, about do you use the nist framework and how do you use it and is it helpful to your company? >> as i said earlier, my observations are colleagues and institutions are people at different levels, some sort of figuring out and we're sort of of in the implementation on a framework which helps us think through some of the management practices going to the commentary that ajay had earlier.

i think people use it because people are looking for -- especially boards of directors are looking for frameworks of how to deal with companies. to deemal with companies. the board, giving my annual review, it's wanted that we're not good at cyber security. what's the process where they can remain engaged without getting into the details about what's going on and frameworks using this you know, a series of principles and how you think about things are things can you use to say okay, if do you this, you ought to be covering enough but let the professionals do the work on a day-to-day hand-to-hand combat stuff. i think my observations people are adopting, people are using it. people continue to look for ways to say, am i doing this well enough that peter's company will ensure me that i can protect myself, that i've done the industry standard in some court of law or some proceeding or

some regulatory proceeding? that benchmark you get is good. >> peter, do you have a thought on this? ? >> well we've helped contribute to the drafting and so we certainly believe in the ideas. it's a great foundation. i think an important element we implemented for ourselves is the appointment of a chief technology risk officer pointing to the chief risk officer as opposed to being part of the technology organization. i do think sitting within technology you can't help but beingbe ing co-opted by your own procedures. this looks across the organization at the weakest link in the chain. we also incorporate the nist in the underwriting questions we

pose to our potential insurers. we hope through that that's really going to create some standardization, some benchmarking as i just said. >> do you think we need framework 2.0? >> absolutely. >> and 3 and 4 and 5. >> it's evolving all the time. a little while ago in cyber security we weren't all talking the same language. it's a good first step. >> the other guys are moving way too fast. the guys you're trying to protected from moving every day every minute. right now people are trying to hack our companies right now, right now. one of those idiots might succeed. that's the fearful part. what you have to be careful of is you are being able to stay agile enough and protected yourself and not think one framework would solve every piece. >> that's the overall issue is

that just the incomenumber of agencies, expersonal parties. this stuff's moving very quickly. and so where -- the real cyber threat attack transactional fraud information, stuff like that, the sharing of information has to move at a pace, the dialogue has to move. it is a bit different than you can think harder about the use of information as a company having data, more stores of data and we take it seriously. the reality of the amount of attacks and intrusion and phishing, we have to be fast. no framework can keep up with that but the concept of forcing the sharing and dialogue will. >> likens it to the development of the road infrastructure of this country. it's ultimate public/private collaboration. we built roads this one is aan interstate, that's a parkway, this one i can't go through.

here's how you turn that's where you don't go, that's the speed limit, here's how you get a license and there's law enforcement. our new digital super highway is going to need some rules of the road, with no pun intended. those rules of the road are going to evolve as the quality of the cars and the trucks and methods are moving and keep improving. and private sector should feel free to innovate as much as it wants on designing the cooler car and cooler truck and a car that listens to peter's voice and starts playing the music he likes. that's fine. but it has to have four wheels and move with safety and driven by a driver with a license and preferably not 51 rules for 51 states but a federal license now that you think about it? right? these are all history. we have a chance to do this the right way. if you learn from all that we did in the physical infra infrastructure days, if you do

that, then nist 1.0 is the beginning of nist of 1.1 and -- >> it will keep evolving. >> it's interesting on the pace of, on driving regulation and building regulation, both of which we watch closely. and in superstorm sandy we had to pay over $2 billion in claims to infrastructure that got damaged. there had been a flood in the same area. and the building code changed about 2007 22 years after the first flood. and to move mechanicals from the basement above the flood line. underwriting guidelines can change much more rapidly than the regulations can. we can perform an interesting bridging role between version releases to feedback the learning and the constant litany of, you know daily claims.

we have claims every day. >> and in fairness, government doesn't get that feedback. we can get the feedback from you and revise the frameworks knowing that the adoption right now we're focused very much on adoption because as soon as we can have as you said, using the rosetts stone, the same language, where it becomes ubiquitous, you say, what are the rules and regulations that are to exist there. how do you judge the return on your investments, cyber investments? is this an unlimited pool of money that needs to be thrown at this problem? how do you know you're doing the right amount? >> i don't think any of us are doing enough? the guys are doing much more -- if you're a bad actor the other end is a mafia group versus a young kid versus a state government.

none of us can spend enough money individually. that's why this public/private relationship is important. the federal government is resources i used in many different aspects that we could benefit from for that the federal government could do. i don't think we spend enough. there's no way to say i'm spending enough. i sell a global network that people use because they rely on security and safety. how much money is enough to protect that? i don't know. >> ias i mentioned, as people ask this question, there are 130,000 people in our company, and i can tell you where they are and how much they cost but the one thing i never ask the group that protects us, how much they spend, because at end of the day they need to spend. is it a lot of money? yeah there's a return on it. we're open today, operating, protecting our customers' data protecting the financial services system protecting trust in the public and the financial services system.

if we love the confidence in the mobile phone, we don't have people to actually process transactions to go through that device today. we just -- we have to go back and hire 50,000 people, probably to do it. how much do you spend for that? it's not something you can sit there and say f i spend $1 i get $1.50 return. you spend it because it's the whole infrastructure. >> renee, have i a question for you, changing the subject. the intel commercials about scientists and technicians are some of my favorite. and the skilled workforce is a priority of the department of commerce. what do we need to do? how do we train people to fill the open cyber security jobs? what are the good ideas? how can you help us to inspire people to be interested in this area? >> thank you, secretary, for the easy question. i was going to tell you about how we implemented the framework and i was so excited. >> well, you can tell us that, too. i'll tell you about the

s.t.e.m., they all have backgrounds in s.t.e.m. and half of them will be women. before i go into that -- >> good job. [ applause ] >> we have to remember we have students in the audience. >> exactly. i want to inspire them. we have jobs for you. please, stay in the computer science department. like the gentleman on the stage, we're all intellectual property companies in the end. we all collaborated on the framework. we talked about this a lot. one of the things i think uniquely we're all in different phases of using the language, we published a white paper because we are actually through the other end of an implementation of it. which i think can be a blueprint for others. i wanted to put that out there we published what actually we did with our seven-month journey and how it worked and the framework. the other thing we've done that

i'm very proud of the team for doing, is we wrote into our supplier agreements and we have 7,000 suppliers around the globe that we want them to consider the framework and all good sense of intel, that's the first step on the journey of needing to impe mentd the framework so what probably will work with our insurers. on the topic certainly with analytics and what's materializing is the new business opportunities, we need to continue on our journey of s.t.e.m. education and increasing the capabilities in math and science. and you hear everybody say it, we're not making enough progress. we're doing our part. i know bank of america is probably doing their part, aig we're all doing our p