anscripts as opposed to record. you can very well be a member of a gang and never be charged or prosecuted with that. i think that was his broader point. but with that i will go to the judge from texas. >> thank you and thank you mr. secretary for being here. i was hearing my friend from tennessee talking about all these threats that are in his mind conservatives. i don't know where his numbers are coming from. they're nothing like what i've been seeing. as i understand, the underwear bomber was certainly not an evangelical christian, not a conservative. do you know for sure, was he a member of al qaeda in the arabian peninsula? i know that was floated at one time. >> i would identify his as part

of aqap. >> i know that was before your watch. the boston bomber -- >> sthapdthat happened when i was at the department of defense. i am familiar with the case. >> you're not going to take -- >> i was at the dod. al. >> you were not in charge of tsa when he got through wearing a bomb -- >> i was not charge of tsa in december 25th a 2009. >> fordt. hood, some choose to refer to that as workplace violence. when someone is yelling -- indicating he's doing it in the name of allah, that doesn't seem to be exactly a right wing radical evangelical christian. i know there's been a lot of discussion about francisco sanchez in san francisco. and i know as a former judge, an

ongoing problem, one goyuy i sentenced him -- i think he got nine dui's before he got to me. six months later he's back in my court. he said he was deported 30 days or so after i sent him to prison. i come back and -- that's what keeps bringing me back to francisco sanchez. he was deported five times. have you analyzed each of those deportations, where they occurred and where sanchez may have reentered the country? >> i have looked at the -- a very detailed timeline of each of the five removals. i don't sitting here recall, exactly where he was removed from what point from what station. we don't know for obvious reasons how and when he reentered the united states.

at least i don't know. maybe in a guilty plea or something he acknowledged how and when he did it. i don't know where he reentered across the border each of those five times sir. >> wouldn't that seem to be important to know where somebody reenters five times? >> absolutely. >> i would encourage you -- i would like to find out from somebody in your department where those five reentries were. were they all down in south texas or some in arizona area? were they california? it doesn't seem like we'll ever be able to get a grip of dealing with reentries by people that come in illegally if we don't know where they're reentering. the fellow i mentioned that i had dealt with when he was back in my court, i asked how he came back in, and he said, well, they took him to the border and

watched him walk across and then after the officials -- took him to the border drove off, then he came back across and ended up back in our county. so it seems like that ought to be where the focus is. is there any indication that if mr. sanchez had been given amnesty somewhere between the first illegal entry and the fifth that he would not have shot kathryn steinle? any indications that amnesty would have prevented this? >> i'm not sure i understand your question? >> i think it's a pretty basic question. the white house is saying that the fault for the shooting of this beautiful young lady in san francisco was because republicans have not passed

comprehensive immigration reform. and we know we pass laws, we appropriated money to build a fence, to build a virtual fence, things that have not been done. i'm wondering if we can figure out what the white house is thinking. because, obviously, when amnesty was going to be part of a comprehensive immigration reform -- i'm just wondering if we all of a sudden declared mr. sanchez as being legally here if that would have kept him from pulling a gun and killing ms. steinle. i can't find any correlation to that. i'm just trying to figure out what in the heck the white house thinks would have occurred differently if this man had been granted amnesty? i can't see that it would have prevented her shooting.

>> well to be honest -- >> i do prefer you be honest thank you. >> i am interested in promating cooperation with local law enforcement so we can effectively get at people like this individual. >> so if there were an amnesty -- i don't see how that particularly helps -- you just declare everybody legal then i don't see that it makes a difference. but -- i realize time is running out. is dhs still shipping people to different parts of the country after they enter illegally? depending on where they have family or where they ask to be shipped? >> i don't know that that's our policy, sir. >> are you saying dhs has not done that? >> i don't know that that's our policy as you stated. some people -- >> i didn't state it was a policy. i'm just saying you've done it. >> some people are able to make bond, some people are put in our

alternatives to detention programs, sir. >> so the question was are you still sending people to different parts of the country after they enter illegally? >> the gentleman's time is expired. the secretary may answer if he wants to. >> i don't know logistically where we send people or how they are placed. i do know a large number of people are making bond and a large number of people are being placed in alternatives to -- >> that would be a yes you're shipping around the country? >> the chair will recognize mr. labrador. >> thank you for being here today. ever since kate steinle's murder dhs and san francisco have been pointing fingers of blame at each other. several people on the other side were saying it wasn't the fault of ice that sanchez was

released. we had a telephone conference last week with a dhs official. my congressional staff asked last tuesday that even if dop had released mr. sanchez to ice. ice's answer was likely ice likely would have released him to san francisco. because of the outstanding criminal warrant despite san francisco being a known sanctuary city. that does not comply with the detainers and rueleases hardened criminal ailen. does that make sense that will never return him to you for deportation purposes? >> no. >> how often does ice release them to sanctuary cities? >> i don't know but no to your first question. >> if it doesn't make sense why is ice saying he would -- >> i was not part of the conversation with your congressional staff, sir.

but i will stand by my answer. >> you're standing by your answer but that's not your policy. it's great to come here and give us an answer when the policy of the administration is to release these people to the sanctuary cities. >> like i said, it does not make sense to -- in response to your question release somebody. >> so what are you going to do about it? >> as i said earlier i think we need to evaluate whether greater discretion needs to be built into a situation where there is a choice or there are -- there's a jurisdiction that wants the individual on an arrest warrant and an immigration detainer. i think there should be some discretion built into what is the best course for purposes of public safety. >> it took this young lady's death to actually get to that determination when it's not the first time this has happened. you keep telling the american people they are safe, that we

are stopping illegal aliens. the only way we knew he was here was because he killed somebody. he's been deported five times we're not stopping him from entering the united states. we keep catching him committing crimes once he's here. i don't know how we can say that america is safe when people like this continue to come into the united states. i'm going to turn the time over to -- i'm going to give the rest of my time to the chairman. >> thank you gentleman from idaho. i think mr. labrador's point -- i'm sure given your background as a law enforcement officer and prosecutor i'm sure you can feel and understand the frustration. we've kicked him out five times. he comes back. he reoffends when he comes back. we put him in prison. he violates supervisory release. we put him back in prison.

he is released to a city where we knew ahead of time this was going to happen. it would be one thing to release someone to a jurisdiction for a murder charge. sexual assault. serious, serious drug offense. it would be one thing to do that so they can prosecute him and particularly if there's a victim involved that's what you would want to do. but this is an old drug case. if they were going to dismiss it, why didn't they dismiss it when he was in prison? why did it require his presence in san francisco to decide to dismiss a case? he wasn't going to be a witness anyway. you get the frustration? i think it's being directed to you because we perceive you're in a position to change that. i know you say cooperation you are trying to pursue cooperation. i think that -- maybe this week last week when you were talking to some folks on judiciary, if

i'm wrong, correct me. there are five municipalities that told you they're not going to cooperate with you. what do we do with them? if they really are refusing to cooperate, surely we have to have something more than just going back to them and talking to them again. you work for the united states of america. how in the hell can a city tell you no? >> first of all, i intend to reattack on the five. that was prior to san francisco. i am not giving up on the five. the overwhelming majority have said yes they are interested. so we're going to continue to push at this. and, sir, i agree totally with the spirit of your question. and i want to evaluate whether some discretion can be built into the process so that when we're faced with a choice like that, we are able to make the best choice for reasons of

public safety. i don't want to argue with you there, sir. >> i'm not going to pick on somebody who used to be a prosecutor. because i know you spent a lot of your career standing up for victims. but i swear when i hear the term sanctuary city the only sanctuary it ought to be is for law abiding citizens. if we're going to have a sanctuary, it ought to be for them. and when a young woman is shot walking with her father, with somebody with this resume, either you got to do something or we got to do something or maybe we can do it together. with that i would recognize the gentleman from georgeia, mr. collins. >> i share the chairman's frustration and other frustrations. because at a certain point in time, you say, again, that they just don't want to cooperate. five cities are not going to cooperate y.

cooperate. i was looking at the dhs website. i want to get ahead of the game y. was in legislature and i think cities and states are struggling financially. they have as you've used the term which i do not agree with this is a resources issue, one of the things is cyber security that you deal with and you enforce cyber security laws. you work on the local and state level to do that. when if they say we're not going to enforce that. we're not going to cooperate with you. would you have an opinion on that? >> absolutely. we would engage we would encourage them to do otherwise yes, sir. >> interesting thing. you said to mr. smith earlier -- there's other things from economic security. you said you had no opinion on sanctuary cities. yet to the chairman just now you said you agree with the spirit of his question. >> yes. >> what is it? do you have an opinion, do you have an spirit? do you have a sudden moving

internally internally? what do you feel about this issue? why can we not have the united states government pass law and then you have an opinion. you have an opinion, you don't have an aopinion. the american people, this is hard to understand here. >> let me make this clear. i believe that the most effective way to address and enhance public safety is to work cooperatively with state and local law enforcement. as a result of our -- >> let me stop right there. the supremacy clause is optional? i'll let you answer. >> may i finish my sentence? >> go ahead. >> i believe as a result of the prior policy, we were inhibited in our ability to promote public safety. with the new policy, i believe we'll be in a much better position to work effectively and cooperatively with law enforcement. i do not believe that federal

legislation mandating the behavior of a lot of sheriffs and police chiefs is the way to go. i believe it will lead to more litigation, more controversy and it will be counterproductive. >> the supremacy clause question you never answered. you don't believe that mandating what law enforcement does from a congressional perspective -- we're the only ones that -- congress does the law writing. they can pick and choose what they want to just -- >> i do not believe that the federal government and the u.s. congress should mandate the behavior of state and local law enforcement. >> civil rights could be optional? >> the most effective way to do this is cooperatively with the new program. i believe it is going to yield very positive results. >> in the spirit of your question civil rights are optional to enforce?

>> i don't believe it's a way to go -- >> so the civil rights was counterproductive? >> my public safety efforts in this regard. >> i want to go back to what you're saying. it you're saying the civil rights action was overreach? when does it become whole sale abandonment of prosecutorial discretion? what you're saying if you just take a whole class off the table. the earned income tax credit, folks are eligible -- the decisions you have affect other issues than simply saying we're going to hold somebody or not. we're going to address the earned income tax issue. it has more to do with what do we pick and choose to enforce? i'm not sure, still, what your opinion is because you've, again, not answered it. you said we'll work with them.

my question is, before you come back next year whenever it is if we have this hearing again, is what if some of these agencies decided they didn't want to enforce something you thought they should? where is the screaming and outrage? when should congress pass anything if there is no supremacy clause, if there is no work that what we do to protect civil rights and other things? when does each department get to decide they're not going to enforce their federal jurisdiction on states and localities who simply say, you know we're not going to do it right now? >> may i answer? >> i stopped and it's ask a question, that's your response time, yes. >> all right. i have two seconds. >> the chairman will give you all the time you need. >> i want to enforce the law -- may i chairman? >> yes, sir you may answer the question. >> i want to if force the law in a way that maximized public safety. that means going after the criminals. a big problem with doing that

are the number of jurisdictions -- i don't know what label you want to put on them. that have elected laws and policies that inhibit cooperating with immigration enforcement. in my judgment and the judgment of a lot of other border security immigration enforcement experts, the way to most effectively work with these jurisdictions again is a cooperative one, not by hitting them over the head with federal legislation that will engender a lot more litigation. i believe we're on the path -- >> mr. secretary i respect that opinion. what you have opened up is a pandora's box on other things they don't want to enforce because of other reasons they'll come up with. because this is a political issue for this administration they will let it go. you open up a pandora's box. that's not what the average person learns about black letter law. the chair recognizes the

gentleman from texas. >> thank you, mr. chairman. thank you mr. secretary for being here. once again thank you for coming to houston. i appreciate your personal involvement. and fema doing an excellent job during the floods of may as i refer to them. i'll direct some questions about foreign fighters. not only from the united states going to help isis, but foreign fighters in other countries. we know that isis uses social media, twitter others, to recruit, to raise money, and to spread their propaganda. what is dhs doing to counteract that? >> a number of things sir. to deal with the foreign fighter issue, one of the things we did last year was to add information

to the electronic system for travel authorization so that we know more about people who want to travel to the united states from countries from which we do not require a visa. we have always developed and are developing an additional set of security assurances that we can get from visa waiver countries. because a large number of foreign fighters as you know i'm sure are coming from and returning to countries for which we do not require a visa. and so i want to see us enhance the security assurances we get from these countries with respect to people who travel from those countries to this country. additionally on the international level we've done a lot. i sat in on and represented the u.s. and the un security council session in may on the issue of

foreign fighters. and in terms of our efforts here at home, one of the things that we're spending a lot of time on that i'm spending a lot of time on are what refer to cv engage engagement. i had a good session in houston on the same visit where you and i were together at your middle school. and in my view, enhancing and refining our cbe efforts in this country which dhs participants in and the fbi participants in and other law enforcement agencies along with state and local law enforcement is a priority. given how the global terrorist threat is evolving. >> the other thing i want to discuss with you is repatriation. and what the law is currently in the united states and how it's

being implemented, if it is. we have this problem that a person comes to this country, commits a crime, goes to federal prison, while in prison the system works he's ordered -- deported. the country doesn't take him back. six months later he's released back across america. what are we doing to those countries to encourage them you take your convicted criminals back? >> the state department and i have been in dialogue about this. and we have been in dialogue with countries that are slow to repatriate people. i have personally had this discussion with my chinese counterparts. when i was in beijing in april. and i believe we made some progress there where they agreed to additional repatriation flights. and so china is one of the big

ones. we made good progress there. i think and i agree there is more work to do in that regard. >> if i understand, china, number one, the other top five vietnam, cuba india jamaica, refused to take back their lawfully deported citizens. doesn't the law already allow the state department under some circumstances similar to that scenario to revoke visas from that country? >> i believe it does. >> do you encourage the state department to do that when appropriate? >> i would not at this time encourage that sir, no, sir. >> all right. thank you mr. chairman i will yield back. >> the chair will now recognize my friend from florida, mr. deutsch. >> thank you. thanks for being with us today.

i want to applaud your recent decision to change detention practices for families awareiting their day in courts. because many of them are mothers with young children. why they fled their countries is no mystery. they have been gripped by gang violence. these families are not, as republican presidential candidate donald trump has described, to be violent criminals. these people are fleeing them. many of the mothers in custody have witnessed extreme violence and received death threats against themselves and their children. how we treat them colored the reputation in the united states. our practice of welcoming these families by incarcerating them was wrong and called for change. after all, the purpose of civil detention is to insure that individuals show up in immigration court. these families have every reason to do so. they pose no flight risk. many of them returning home

would mean risking death. like wise we have no national interest in exposing children to detention. your written testimony include plans to rapidly increase the use of alternatives to detention. it deserves our praise. expanding the use of atd's from 23,000 in 2014 to 53,000 in 2016 is the fiscally responsible thing to do. i want to encourage you to expand the use of atd's. our overreliance on immigration retention has disturbing rev lazes. ice often agreed with for profit businesses that guarantee minimum number of detainees for each center each day. it obligates ice to pay for a

minimum number of beds at specific facilities. for the government to contractually guarantee specific repaid number of detainees east day is a waste of taxpayer dollars. a violation of best practices of law enforcement. the financial implications was raised in november 2014 gao reports. because such quotas pad the process of private prison companies at taxpayer expense even when slots go unfilled. detention is invaluable to law enforcement. it's invaluable when deal ing with immigrants who have officers who determine flight risk or whose release could threaten public safety. detention is intended to be one of the tools. evidence of local lock up quotas may be a system of the real

disease. that requires ice to maintain the detention of 34,000 individuals each day. this mandate costs taxpayers $2 billion a year. $5.5 million a day to enforce. placing someone in detention for $1.60 $160 is far more expensive that other methods. we could save taxpayers nearly $15 billion over the next decade through the use of alternatives of detention. i'm concerned that the incorporation of local quotas into ice contracts is only further entrenchening the national bed mandate into our countries. and i have just a series of questions i'd ask. you can respond now or provide responses after. mr. secretary. i'd like to know if you're aware of ice's practice of signing

these contracts that contain lock up quotas. we're interested to know whether during contract negotiations private detention companies insist they contain these provisions. is it the lock up quota for a specific facility and negotiable, and finally, the november 2014 gao reports that addressed quotas for specific facilities was critical of those. i'd like to know whether dhs made policy changes in response to that report. you're moving in the right direction, i hope you can respond to these questions so that we can save the taxpayers money so we can have policies that are more hume anane as well. >> i would refer you to the directive i issued on june 24th and the announcement concerning family detention which you alluded to in your statement. and i'd like to take those questions for the record, sir.

>> gentleman from florida yields back. the chair will recognize tl gentleman from michigan mr. bishop. >> thank you for being here today. i have a number of questions i intended to ask about cyber security. as i sit here and we've been through most of the members on the panel, i need to ask you a question. i feel like i need to ask you it as not a member of congress, not a republican or democrat, but just as an american. you were a former prosecutor,ing i respect your insight on this. i hope you can share your thoughts in a candid way. this is actually, you know, a follow up question to mr. collins and gowdy's questions. we're a nation of laws. as i listen to this discussion we are a nation of laws. it's what distinguishes us as a

civilized society. and in this countryerse we, we don't discriminate when it comes to the application of the law. in fact, the fifth amendment of our constitution equal protection docktrine says it requires us, people in similar circumstances are to be treated in the same way, in similar ways. and as i think about sanctuary cities and how they have been applied and how we have discussed them in this context how has this continued on? how do we continue to accept sanctuary cities and its selective application of law? i would say historically, americans would view the selective enforcement of laws as a sign of tyrannical government.

it's intarantly unjust. it's a blatant misuse and abuse of power to allow for such an environment to exist. i'm wondering how we expect americans to respect the rule of law if the administration's policy is to enforce them based solely on edicts from rulers rather than from actual rule of law? >> is your question with regard to sanctuary cities? >> it is with regard to sanctuary cities. and to me as a person who represents 700,000 people. one of the very issues i hear about every day is the fact that we have lost the ability to enforce laws as they are

written. that we do it in such a way that applies one way to one group and another way to another group. and when that happened we lose the rule of law. >> if i could answer it this way, i -- last year when i took a look at the number -- the growing number of jurisdictions, state, cities counties that were refusing to cooperate with my own department in the enforcement of our immigration laws i said this is something that we have to fix. because the number is growing and it's affecting public safety, in my judgment. and so we took a hard look at the program. we saw how it was becoming an item of litigation in court and the defendant was losing in court in these cases.

and we look at the political controversy that had been built up around secure communities. i concluded we need to make a clean break with the past and develop a fresh program that i believe is going to fix the situation and promote public safety. and so that's what we've been doing since the announcement of the new program in november. unfortunately, there's no one size fits all answer to this. because a lot of these jurisdictions have erected different types of limitations on their ability to cooperate with us. >> may i -- >> one by one -- >> i gathered that from the testimony. i know my question was a duplication of many other questions. i apologize for the fact i'm asking a question that has already been answered. how is it possible we live in a nation of laws that allows its local jurisdictions to set up these little buffer areas where the law does not apply to them? i know we be heard about the fourth amendment and the concerns about the fourth

amendment. i respect the fourth amendment. we can't hide behind the fourth amendment when the rest of the constitution applies. it prevents us from applying the rule of law in a way that's consistent with every american. and i sit here in frustration as i listen to this discussion. why isn't the federal government insisting the local units of government following the rule of law and not allowing this this selective application to happen? >> well again i believe that the best approach is a constructive one. and i believe that it will lead to much better results. it will lead to -- will raise the level of trust and cooperation. because we have not been in a good place when it comes to a

lot of just dictionsrisdictions that are not comfortable with us. i want to put it in a better place. >> the gentleman yields back. the chair recognizes the gentleman from texas, mr. radcliffe. >> secretary johnson, earlier today as you gave your testimony and responded i think to the first question. you said something -- you said -- i'm quoting -- it's a fiction to say that we are not enforcing the law end quote when it comes to deporting criminal aliens. did i hear you correctly? >> yes, sir. >> in fairness, the department clearly is deporting some folks. i hope you would agree with me that what is not a fiction is that this administration has been attempting to change the law when it comes to deporting criminal aliens a fact reflected by the president's executive orders back in november. >> i disagree. >> why would you disagree with

that? >> because in my judgment, and in the judgment of the department of justice they are within our existing legal authority. >> i'm not talking about within authority. i'm talking about changing the law. >> if it's your legal authority to act you're not by definition changing the law. >> let me ask you about that, then. you do agree with me that the president's executive orders in november attempts to allow executive amnesty to illegal aliens? >> not the wheyay you characterized it. i signed a program in which we can offer deferred action on a case by case basis to chose who come forward and who meet certain criteria. and who in the judgment of the agency should be given deferred action. >> which could result in amnesty

to up to four to five million folks -- >> no, i don't agree with that want that's not my definition of amnesty. >> you have gone on record that you think the president acted constitutionally? >> that's right. >> i don't think that he has acted constitutionally. right now a federal judge and a court of appeals in the fifth circuit has agreed with me that the president's request to lift that stay and to proceed to take those actions shouldn't be allowed. but you've been asked today and talked a lot today about the issue of prosecutorial discretion, we're both former prosecutors. i would like to ask you about something you said previously in a hearing last year. you said -- i'm quoting -- there comes a point when something amounts to a whole sale abandonment to enforce a law that is beyond simple

prosecutorial discretion. does that sound something you said? >> that sounds like me. >> do you believe that? >> i still do. >> i know the answer to this question, do you think that dhs has already crossed that line by suspending the law for almost 5 million folks who are here illegally? >> i would not characterize our executive actions that way. and i would refer you to the opinion of the doj office of legal council in november in terms of where the line exists. i thought it was a thoughtful discussion. >> but, again you don't think that -- wherever you think that line is you don't think dhs has crossed it? >> no, sir. there are people who disagree with me but no, sir. >> that begs the question for me, what would it take in your opinion for dhs to cross that line? because i think there's every possibility that this president will attempt to move this line

again. and so if this president were to seek -- to grant deferred action to, say, all 11 or 12 million unlawful aliens in this country, i'd like to hear you on the record on whether or not you think that would cross the line. >> well, again, i'm no longer practicing law. i'm just the secretary. and so i think what you're asking me for is a legal judgment. again, i believe that the opinions of doj's office of legal counsel has a good discussion of this exact topic. i recall when i read it agreeing with the analysis. i don't have it with me. i recall them agreeing -- >> let me ask you about that. as analysis extends since you had a good discussion with them. would it extend to 11 or 12 million folks? >> doubtful. >> if it did would you have an opinion whether it should? >> it depends on the circumstances. i would say i doubt it.

>> so when you say you doubt it you doubt that amnesty should be granted to 11 or 12 million people? >> if you're referring to the estimated population of undocumented in this country, a lot of those people are and should be priorities for removal. so in my judgment someone who is a priority for removal should not receive deferred action. >> the gentleman yields back. i thought we were getting towards the end and then two members came up. would you want or desire a short break or do you want to keep marching on? >> i'm happy to keep going for a little while longerism. thank you for asking. >> the gentleman from new york is recognized. >> thank you distinguished chair from south carolina. my good friend.

i want to thank the secretary for your presence here today your patience as well as the tremendous job i believe you've done as secretary of homeland security and your prior service. >> i've known you a lot longer than the gentleman from south carolina. >> i want to begin by just asking, there are 11 million undocumented immigrants in this country approximately. is that correct? >> that's a pew estimate from a few years ago. >> have this congress ever given department of homeland security the resources that would be required to deport all 11 million undocumented immigrants? >> no. >> is it reasonable to have a priority policy that focused on those undocumented immigrants that would pose the most danger to the american citizen? >> yes. >> is that what dhs has done? >> yes.

>> okay in new york city, we've got a technology innovation economy that has begun to develop in some significant ways are for our city and our state as has been the case across the nation. and i've been very supportive of that. many within the technology sector have indicated there 20% vacacy rate of jobs that they cannot fill here in america. that's been part of the impetus for the increase of visas which i've supported. i was disturbed by the revelations as to what appears to have taken place down in florida at the disney company. i wanted to ask a few questions about that. i just ask unanimous consent that an article from "the new york times," training foreign replacements be enter kbooded into

the record. >> without objection. >> as i understand it, approximately 250 disney workers were laid off in 2014 and many were replaced by immigrants hired by an out sourcing company based in india, is that correct? >> that's basically my understanding, yes. >> is it also your understanding -- >> the public reporting of it. the matter is understand investigation. >> okay. as i understand it those individuals were allegedly laid off, and then asked prior to their departure to train individuals from this connected to this company to replace them who are given h 1 b visas. is that the current allegation as you understand it? >> yes i believe so. the matter is under investigation. >> so i understand what the law is in this area am i correct

that the h 1 b visa program which provides a limited number of temporary visas i believe it's somewhere in the neighborhood of 85,000 a year with foreigners with computer science engineering or other advanced skills to fill job in american's countries when american workers are not otherwise available. >> that sounds basically correct to me, yes, sir. >> if your investigation determines this particular company or any other company violated the actual law related to the issuance of h 1 b visas and the employment constraints what are the potential consequences related to a violation of the policy? >> well, that's, actually, something where i think congress may be able to help us. it's my understanding that we don't have enough tools legally to deal with that kind of situation assuming it occurs. and so what people have told me

is that we could use some help from congress to bolster our enforcement capabilities in a situation such as that one. i can get you a more informed opinion on that answer, but that's what i'm advised of. >> i would be interested in your further thoughts in that area. i yield back. >> the chair recognizes the gentleman from texas. >> thank you mr. chairman. secretary johnson, thank you for being here. we appreciate your service to the country. first of all, can you give me a quick response with a percentage, how secure do you think our southern border is? >> how secure? >> percentage. >> it's tough to quantify by percentage. as i mentioned earlier, i think that over the last 15 years we've come a long way in our border security -- >> 50% 75%?

what do you think? you can't put a number on it? how can you measure results if you can't quantify it? what percentage foesks arelks are getting away? >> apprehensions which are an indicator have gone down. >> you can't give me a number. that's fine. i spent some time on the border talking to the men and women down there. it's in the back yard of the district i represent. i have to tell you, i'm hearing a lot of frustration from the rank and file of the border patrol. i'm hearing restrictions on overtime are causing smaller groups of agents. aliens and drug smugglers and agents risk their lierveves to

apprehend. they're planning to replace the vehicles that our border patrol agents need to secure our borders. these men and women are brave and danger. i did a ride along. i understand it's tough to protect this country in some of the terrain in south texas. the administration's policy seem today completely ignore the fact that they need the equipment and manpower to do what they need to do. it seems like they're almost intentionally reducing morale of agents. tell me if you had to be on the border working shifts with the men and women in uniform -- you know in all likelihood that you're putting your life in danger to catch illegal aliens and drug smugglers that they would most likely end up getting released and walking in the way in the end how would you feel oabout it? >> let me answer it this way, if i may. under our new policy those

apprehended at the border are priorities for removal. those apprehended who arrived in this country after january 1, 2014 our priorities for removal. >> what i'm hearing from the border parole agents is they're catching somebody and then just a few days later, they're catching the same person again. so you deport them. they're taken back across the bridge. my understanding of the contracts with the coyotes is you get three tries to get across. >> that person should be a priority for removal. and i believe that in our current budget request to congress, they are asking for more surveillance technology, more border security to do a better job. we've come a long way in the last 15 years. i'm pleased about that. i know that there's a lot more to do. >> i know mr. gowdy's bill helps with some of that. we look forward to getting that through congress. let me take it from the other side. if you were an alien or a drug

smuggler with the knowledge that as long as you don't bring more than a handful of people across or a certain amount of drugs under the and you don't bring a certain amount of drugs under the discretionary limits, everybody knows you would get away scott free. wouldn't that just be incentive to keep going? it doesn't seem like that would be a deterrent. >> i disagree. those apprehended at the border irrespective of whether they have narcotic or drug smuggling are priorities for removal. >> what about those for the drug smuggling. you basically walk as the coyote. >> we also beginning last year, cracked down on the smuggling organizations. that's something the department of justice and i instituted last summer.

>> are you telling me it's not a fact that if you have a small number of aliens or small amount of drugs with you you are certainly not going to face any jail time. at worst you will be taken back across the border. >> well that's a matter of law enforcement and prosecutorial discretion by the department of justice. ive do know since last year, since about a year ago, we have prioritized going after the coyote on organizations. >> all right. thank you very much. i see i only have five seconds left. so i yield back. . . >> you have been here a good long while. i wanted to recognize mr. gutierrez and any closing reflections he may have. i wanted to mention a couple matters and we'll have you out of here. mr. gutierrez. >> thank you, mr. gowdy for your excellent presiding over these hearings. one of the reasons mr. sec tear, one of us always stays behind to

protect the interest of the minority. in this case yours. it was totally unnecessary. the chair is very well balanced. and even handed and everything. just for the record, because i think it's very important i want to say to you mr. gowdy, i share with you the same anguish and pain as i know the secretary does and every american at the death of that woman. and that nobody has come here to look for excuses or anything else. that woman should be alive. that woman should be enjoying life in the united states of america. mr. lopez should never have been allowed on the streets of our nation again. but i think it is important that we have the facts straight. that our system does work. and sometimes it fails us. he was sentenced 63 months, 51 months 21 months 46 months four consecutive times he was

sentenced to over 10 years. and he served them. over 10 years in jail because he illegally entered the united states of america time and time again, violating. this is a career criminal that we had on our hands. so i think we should just try to figure out a way, because i really believe this. and i will put it on the record even though it may cause you great damage back in south carolina. for you and i and the men and women wanted to solve this problem, we could save future people from harm. this man is not an immigrant. immigrants come here to work hard, sweat and toil. we should be warm and receiving. this man is a foreigner. who came here to cause damage. and let's fix our broken immigration system so we can get rid of the foreigners who come here to cause damage and harm and welcome the immigrants. thank you so much, mr. secretary, for a long day here with us.

>> i thank the gentleman from illinois and for what he said and for being always very consistent in the entire time i have been on this committee, you have zero tolerance for those who come here to do harm to anyone. that has been your position as long as i've known you. mr. secretary, the chairman wanted me to mention really quickly to you that he had written in march about alleged fraud and special immigrant justice fees program and pledged again his willingness to work with you to cooperate to identify any sources of the fraud so it could be eliminated. i can tell by the look on your face. you may not specifically recall that one. i know the folks behind you will bring it up. i think it was in march of this year. if not, if we need to get you another copy of that, we will. secondarily, it sounds like you are well aware of the sentencing commission change and even the department of justice is working on that. i'm not going to ask you about

the 5th circuit. you could comment on it. i'm not going to ask about it anyway. the only thing i would add is what my friend from illinois said. there are parts of immigration that you and i and mr. gutierrez will probably never agree on. that's the beauty of a democracy. i think what we can all agree on is to return someone with his criminal history to a jurisdiction that had no intention whatsoever of ever prosecuting him and in the process he is released should be a front to everyone. irrespective of a little bit al ideation. san francisco had no intention of prosecuting him. they dismissed the case. you can dismiss it when he's halfway through his federal prison sentence just as easily as when he is in your custody. i tell you i am happy to work doctor i get the due process considerations. i know those are

legitimate. you have court cases out there. if there's a way to get around that. what i find instructive i don't doubt your power of persuasion. i know you will talk to those five municipalities that told you no. but even after this young woman was murdered san francisco was already on the record saying they're not going to change their policy. so when you have a city like that, i don't know that cooperation and persuasion is going to work. so we may need to consider something else. when i look at you i see the secretary of homeland security for the united states of america. he shouldn't have to ask san francisco. you shouldn't have to get their cooperation. you, to me outrank the city supervisors in san francisco. so with that, thank you for your patience. you have a really hard job. and we appreciate your current service and your previous service. with that, we are adjourned.

on the next washington journal, we'll start the program by getting your reaction to the

voters forum. and the importance of the state's role as the first in the nation primary. after that, national journal reporter jason plautz examines president obama's announcement that would limit power plant emissions. >> finally freedom house discusses a report which rates countries across the world on efforts to combat human trafficking. plus, your phone calls, facebook comments and tweets. washington journal is live, 7:00 a.m. eastern on c-span. sunday is night on q&a. former emergency manager of detroit talks about detroit's financial issues and overseeing the largest municipal bankruptcy in u.s. history.

>> if detroit had taken that money it borrowed in 2005 and 2006 when the stock market went down to 6,700 and just in vested in an index fund standard and poor's it is trading almost three times what it was. they not only would have tripled their money but paid the pensions in full and got back to declaring the 13th check. it used to be giving pensioners a 13th check in addition to the 12 they're due. so it could have fixed itself if there had been some sober management going forward. just like any organization the united states as well. if you have some strong leadership and some focus leadership, you can resolve these problems. but it takes a lot of effort. >> sunday night on c-span's q&a. coming up tonight on c-span3, a discussion on cybersecurity. then a look at how medicare is working 50 years after being

signed into law. and later retired general john allen talks about the u.s. strategy for combatting isis. the hudson institute hosted a discussion today on economic cyber attacks and espionage. mike rogers and zarate who served during the george w. bush begin station. they talked about current security measures being used by the u.s. and its allies and where there is room for improvement. this is two hours. >> all right. good afternoon. i'm samantha ravage, the principle investigator on this project. and i want to thank everyone for attending. in particular, i want to thank

the hudson institute and defense of democracies for co-hosting this event. i also want to thank the co-authors of the monograph. some will be speaking today. zarate dubowitz. i don't know if tiffany is here. if you haven't seen it, tiffany was quoted extensively in a recent "washington post" on the cyber vulnerabilities of the auto sector. a few housekeeping notes before we get started. the first panel will begin momentarily. and about one will roll into the second panel. there is a short survey if you could, if you haven't taken it already, we would really appreciate it. it's anonymous, short. fill it out and leave it in the box. it will give us a better idea

about how people are thinking about cyber enabled economic warfare and where resources should be put to it. we will be publishing both a synopsis of the seminar and the results of the survey. so stay tuned. let me set the stage for a few minutes on how it really got started. it really is its genesis back to the mid-1990s. in discussions with incredibly smart people like manager and nadia shadlow at the organization that sponsored this work about economics and security. so in 1997, the asian financial crisis hit, if you remember. it began in thailand and contagion quickly spread to indonesia, south korea malaysia, other countries throughout the region. foreign debt to gdp ratios rose over 180%. during the worst of the crisis,

riots occurred governments fell. the causes of the crisis were varied. but most experts think it was the combination of crony capitalism and flooding the market with cheap money and simultaneous slump in semi conductor prices with the rise of the value of the u.s. dollar. from our perch in west port connecticut we discussed how economic destableation in asia could protect larger regional securities. what would it mean for relations. china and taiwan. what would it do to radical separatists lake guam, indonesians, and the philippines. it was the malaysian prime minister at the time, what he was saying that really got us thinking. he directly pinned the blame on international financiers. saying they purposely sabotaged the malaysian economy. he used the words attacked and

said the economic fires were no accident. but a western conspiracy to rule the world until other countries have run their affairs. we discounted the malaysian-specific diatribe rhetoric and thinly veiled semitistm if you remember that part. we thought back on america's use of economic warfare against the nazis and then against the soviet union. we began to think if and how the u.s. would need to think differently about the threats and capabilities as the world financial markets became more automated and integrated. over the next decade, the conversation waxed and waned. and then came back as evidence started piling up on u.s. banks, u.s. defense contractors, u.s. intellectual property electric

grid, our health care system, the most sensitive parts of our government. were we seeing something new. there has always been economic warfare. one goes after the economy to another to effect and weaken its overall strength. but the rise of the global electronically networked economy and the growing cross porter integration and interdependence has produced sizable opportunities for various actors to develop new methods and strategies of economic warfare. increasingly could contemplate new possibilities for using pernicious cyber economic assets and systems in order to cause harm to a target state security capabilities. so we label this new class of security threats cyber enabled economic warfare. the attempt at achieving political and security goals through cyber enabled economic

aggression. and in this type of warfare the united states is particularly vulnerable. as former dni said if we were in a cyber war today, the united states would lose. it is not because we do not have talented people or cutting-edge technology, but we are the most dependent and most vulnerable. so we started this project with a few organizing questions. one, within the escalating cyber attacks is there lurking a new type of action. a strategy to undermine the u.s. economically. two, are there adversaries whose strategies are specifically designed to cause economic harm to weaken or significantly debit tate u.s. security capabilities. three, is the u.s. prepared to identify and address such strategies effectively. and four, if not, what can and should be done. so we did not attempt to provide

definitive answer through the monograph and the seminar. rather what we wanted to do is start a robust, much needed debate on this topic. the chapter authors and those who have participated in some of the seminars we have held have been willing to put novel and creative approaches on the table. some workable some might not yet be workable. but critical for new ways to be explored to address this problem. to a person we are certain that u.s. intelligence, defense, treasury, and homeland security departments and agencies appear to be inadequately constructed or attuned at present to address the way these threats are evolving. the u.s. system for detecting evaluating and addressing cyber enabled economic threats seems structurally in adequate and in sufficiently focused on the matter. this raises concerns about america's preparedness for identifying and responding to existing economic warfare threats. even more so that its ability to match the rate of their evolution. all right. and with that i want to turn to

our first panel that examines the evolving nature of this debate. we're honored to have three highly knowledgeable and well regarded individuals. so our format is that each will speak for about 10 minutes. and we will open it up to q&a for another 20 30. so first up is the honorable juan zarate. my good friend. first ever assistant secretary of the finance. he served as deputy assistant to the president and deputy combatting terrorism. his phenomenal book "treasuries war" discovers the new economic era of war far. so thank you. >> thank you very much. thanks to all of you for coming. this is a wonderful turnout and wonderful event. i want to thank the hudson institute.

mark dube wits. thank you for shepherding the authors in the production of this very important piece of work i think. i would commend all of you in the room and those watching online to pick it up and to read it. the contribution, at least from the other authors are incredibly important. and i'm honored to be here today, especially with steve and mike to discuss these issues. i want to thank sam, too. because she gave me an opportunity to write more about some of the details i explored at the tail end of my that i think are critical as we look forward. i want to discuss with you and maybe open up the discussion for the panel to talk about the convergence of financial and cyber warfare. sam has laid out one of the interesting dynamics of the 21st century is how dynamic fluid, inter connected both the global financial and cyber domains have

become and how inter dependent they are. and the reality is the more dependent u.s. economies become on those globalized inter connected cyber systems the more vulnerable we also become to the potential asymmetric impact of those who may try to attack or effect u.s. interests. what i want to do is talk a little bit about what that convergence looks like, starting first with a discussion about the nature of the threats. and then what this means strategically. i think where we are now is we're facing very dynamic and shifting threat landscape. but also a dynamic and strategic landscape where the threat of asymmetric capabilities is really on the u.s. it has been identified by the u.s. intelligence community. so let me start with the threat landscape itself. and in particular, the actors

involved in the space. it's clear that actors around the world show asymmetric tools economic warfare to their advantage. to think about the use of these. it was really dominated by financial dominance but a dynamic where the u.s. found creative and innovative ways to use financial power and influence and reach in situation to isolate rogue actors and activities from the global commercial and financial system. we are seeing this play out obviously in the negotiations

with iran. we're seeing this play out to a certain extent in the dearound russia. the ability to isolate rogue behavior has largely been the province of the u.s. government and u.s. policy. but u.s. competitors and threatening actors realize that those very same is tools, those very same mechanisms, some of the same strategies can be used against the u.s. for asymmetric advantage. so you see a full spectrum of actors playing out in the space realizing this dynamic. super empowered individuals, hackers and activists for political or other reasons profit often using these tools to go after the financial system. in particular, banks. sophisticated organized crime groups using deep expertise found easily on the internet beginning to infiltrate banks in

the financial system. intelligence services figuring out how to use these tools for profit and political services. and some of them major powers, russia and china others marginalized like iran, north korea. we have seen plenty of examples of that. one of the advantages to these actors is the low barrier to entry. as we often say, it's not very costly to get into this game or to be on the offense. it is incredibly costly to be defending against these. but there is a supply of expertise available on the internet. often sold to the highest bidder. there is the dark web that provides access to those willing to play in the dark alleys of the internet and to connect with those with expertise. open source protocols and programs that allow individuals

and small groups to have global reach. and weak defense globally. whether it's at opm or in other systems around the world where small or relatively weak actors can gain access to prized information. and so you have a spectrum of actors with a spectrum of capabilities that provides a load barrier to entry and begins to challenge the u.s. system and dependencies. now, the tools of disruption and potentially even destruction are many fold. you have spear-fishing techniques and attacks, which are common in the cyber security space. you have seen d dot attacks. you have seen malware begin to evolve in pretty dramatic and important ways.

in particular attacking the sector. and trojan horse attacks which may pore tend malware attacks. these are not just hypotheticals. we have begun to see them. the jpmorgan attack last summer. a good example of the potential for vulnerability as well as destruction. the dark seoul attack. the denial of service attacks led by the iranians and syrians against western banks, which continue to this day. the gaos attack in 2012. nasdaq hack which has not been fully determined or figured out in october 2010. >> matched with significant infrastructure attacks like ramco and other.

portend a real series of attacks on a financial system in a way that is systemic and important. now, let me just move very quickly to discuss why the financial system, and in particular banks, have become such an interesting and important part of this landscape. as i have often said in many ways, the international global banks are now at the center of the cyber storm. and that's for a few reasons. one, banks in the financial system is where the money is. if you want to profit, if you're an organized criminal ring that just wants to make money you want to engage in fraud, that's where you hack. that's where you attempt to get access to data and to money. it's also where intellectual property sensitive data reputational data that's important to banks and intellectual property important to deals and companies engaged in mergers and acquisitions and attempts to enter new markets. so that information becomes

valuable to a whole host of actors. banks over the last 15 years have also become protagonists and many of the debates that effect rogue actors and countries. so the very isolation of iran, for example, from the global financial system has been driven in part by what the western banks decided to do or not do in terms of business with the revolutionary guard or iranian companies and fronts. and also actors in the space the full spectrum that i described, that the banks and financial system are part of the key vulnerability and systemic risk for the west and the united states. some actors no doubt, the most destructive among the spectrum would find it incredibly advantageous, if not helpful to destroy the trust at the core of the international financial system. what hank paulson called the

magnificent glass house. and so the banks, the financial system, find themselves in the middle of the cyber storm at a time when the asymmetric environment is evolving. evolving in some interesting ways. as sam mentioned and as the report lays out u.s. vulnerabilities increasing over time, not decreasing with our defenses not keeping up. with hybrid warfare and gray zones of warfare beginning to evolve as part of national doctrine. we see this clearly with the russians and how they think about the use of proxies as well as cyber capabilities. and you see this as well in the environment where there's much more fluidity than in the past with rogue actors able to profit with and for each other. they claim deny blts of those attacks. the syrians and the iranians developing their own

capabilities, perhaps relying on others. and north koreans developing capabilities, as seen in the sony hack attack of last year. so due to the technologies, due to the global connectivity of the system but also strategically with these rogue actors challenging states thinking aggressively about how to use these tools. and i know the next panel is going to get into some of the defensive dimensions. but i do think it is worth mentioning at least some of the ideas that i put forth in my piece and i know what we will discuss here there has to be a new way of thinking about this strategy. there has to be a new way of thinking about these tools in ways that mott only puts us on the defense but also on the offensive. and private and public partnerships paradigms.

using financial tools like the president's executive order from april april 1st. perhaps cyber warrants when the government gives license to the private sector to protect its systems, go and destroy data that's been stolen. or maybe even something more aggressive. and then finally, developing the redundancy of our systems so it becomes less attractive as a strategyive cool tool for our adversaries. it is a much more dynamic not just in terms of the threats. >> i look forward to both the q&a from this panel and rolling into the next one to discuss some of those things that juan laid out at the end. next up we have steve who is

general counsel and chief risk officer for the cyber security technology firm crowd strike. prior to joining crowd strike he served over 15 years with the fbi, where he helped shape many of america's cyber and infrastructure protection laws. as deputy of the fbi cyber division he helped oversea fbi strategies, intelligence analysis budget and policy development and execution and major outreach efforts protecting united states from cyber attacks. steve. >> thank you. those remarks were so good all you left me to do is really a tour deforce as an overview. where you ended is where i'm going to start. strategy. where are we? where should we be? we actually have a failed

strategy. the way we know it is we put more people more effort, more policies in place and the problem keeps getting worse. it doesn't compare to where the threat is going. that keeps getting further. and i want to address why i think we're there. i want to summarize my view what those are doing to us from an economic warfare. what we are doing in response that makes this worse and what it portends to our future. it goes across a full spectrum of activities from stealing highly sensitive information intellectual property that gives our businesses not only fair

market condition but over time we have seen a lot of us become economically powerful enough to sustain our military capabilities. and private information about individuals that we're seeing can be used both to defeat consumer and citizen confidence as well as used against some people depending how sensitive information can be used for blackmail and extortion. the ability to capture information also shows the ability to change information destroy information. the ramco case, a couple in the middle east, wakes up to find 30,000 computers essentially destroyed overnight. but it is not only about data. it is is about physical systems being run. so if you change the integrity of nuclear enrichment which we have seen capabilities that

could be used, which could be used against it. and changing chips components going into military fighters which we have seen through supply chain attacks. what that shows you is there are a number of ways for adversaries to react to come out of and how they get into systems. it can be remotely. you hear about the fishing. it can be through the supply chain. products being created all over. either in the design, the manufacturing, the delivery stage. or insiders sent to our country. in terms of work visas. so the vulnerabilities are enormous. and now let me step back to how we have responded to that. economically we have responded in the worst possible way. what we have done is we have sunk billions of dollars into

our budget into the least probable success for cyber strategy. we are expanding through the internet of things. biomedical devices could be hacked. one brand that the other day u.s. government told all hospital toss use a particular type of infusion pump. they are worried through the hospital's enterprise network hackers could get in and start changing the delivery of medicine to patients. and the demonstration of a car being taken wildly off course. and vulnerability mitigation is a full errant against determined sophisticated all spectrum actors of the type that we are up against. and it doesn't work in the physical world. what we do in the physical world is you do a certain amount of vulnerability, you lock doors,

windows, maybe change the quality of your doors and windows. there is a point where if an adversary wants in badly enough, getting through the roof cutting through the ground and we change quite quickly to threat deterrents, which juan also mentioned. the idea that we concede the ground. no longer is this about me protecting myself. it will be about me going after you. it involves detection. if you don't know they're there it is pretty hard to deter them right. we are seeing routinely organizations, agencies corporate industry very mature taking in excess of 200 days to even know there is an attacker on their system. you have to be able to attribute it down to the person, who is behind it. we don't know if it's you but you're responsible for stopping it because it's coming from your area. and then penalties.

some penalty-based deterrents. the worst that can happen to a hacker currently from what we are seeing in the advanced phase is they get caught and they get to drive again. they don't succeed at first but they try, try again. that model has to change. on the physical world, we put up alarms. and so that immediately says it's for deprotection right? you put up cameras for attribution. when your alarm rings at 2:00 in the morning and goes to the monitoring company the monitoring company calls the police. they don't call the locksmith. because it's about penalty-based deterrents. and you'll note from an economic perspective that what we have done to our response in response, we are bleeding ourselves dry financially with our response because it has led to two. one is diminishing returns on our cyber security investment. meaning it is no longer worth the same amount as when you start off. at the beginning of a program,

just like in the beginning of physical security, it might be worth $100 of protection or even more. maybe $100,000 worth of protection. it inches slowly and slowly to have a dollar represent a dollar's worth of security. that's the dimensions return aspect we are seeing. we are now in the system of negative returns. meaning every dollar is actually making things worse. it has proliferated and escalated the problem. and we see this every day played out in the newspapers. those of us seeing victim clients as the bad guys, when you defeat them, they tonight just give up. okay. i used to have a life of crime. now let me he see life of law. is that a phrase? it doesn't happen. they find alternate routes. they are using codes based in pictures in twitter accounts for

botniks. we have spent our money. it resulted in an escalation of the problem. similar, for example if someone were to break into your place of business and the response was, why don't you put up a 10-foot wall at the price of a million dollars around the complex. and then they go up and purchase a 15 foot ladder for $30. and then the response is you know what, 15 foot ladder. make it a 20 foot wall. we all know what is happening next. that is happening to us here. not only are we falling victim but our intellectual property is being stolen. our banking and finance is vulnerable, as is the rest of the critical infrastructure. but our response has furthered our economic dependencies at a loss of viability for our security. so where do we go from here?

that's really where the second panel will answer the questions. but certainly that threat deterrents have to be the predominant focus using all hours of national. and consideration of private sector's role. it can be very influential. that is not just a u.s. problem of course. and as we think about that strategy the other thing that we really have to be concerned with is how the political and economic warfare that we're facing can result in a crisis of confidence in our country, which could of course be a severe or more severe than actual consequences. i think we are facing real potential of a crisis of business confidence, the ability to be protected in today's global economy.

consumer confidence. the ability actually to do anything on line any longer, to take advantage of technology. injection pumps. automobiles. right? so the economy that's being driven through technology can pay for consumer confidence backlash. unfortunately citizen confidence if we feel the country cannot protect us. and it's actually subject to extortion at any given time. in this country organized criminals are breaking into police force computers and telling them if you don't pay us our ransom we will delete, destroy it or never have access to your records. they are paying extortion to foreign criminals. what happens when that happens against us? is it already happening and you

just haven't been apprised of it. and with those remarks, we'll pass it off to the distinguished congressman. >> good afternoon. we are pleased to have chairman mike rogers addressing us today. former member of the u.s. congress, 8th congressional district. fbi special agent. mike really is in a unique position to shape the national debate on a wide variety of issues, including this one. he hosts the nationally syndicated something to think about, house wood 1. and he chaired the powerful house intelligence committee, was a member of energy and commerce. mike built a legacy of his tireless and effective leader on cyber security counterterrorism and national security policy. we welcome you mike. >> thank you, sam.

steve was an fbi agent to catch smart criminals. i was the one apparently to catch the dumb ones. as a matter of fact, i have had the opportunity to meet and spend time with all of your panelists you will see today and all the authors of the book. and i highly recommend this. i've read a ton. this is to the point. provides you unique talking points. out of the box. i love that thing. when i walked into the room with all the panelists it struck me that the iq on average went down 15 points. now, i don't know why that happened. oh, come on, people. lighten up. i know it's pretty serious. two things happened in the last decade we don't want to talk about. we have strategic erosion in our dominance in both cyber and

space. in 2007 when the chinese took out a rocket at about 11,000 miles per hour and hit the target thankfully their own, a whole host of activities, including killer satellites, americans dominance in space came to an epbt. end. you think about how reliant we are on space for everything we do in our economy. that was a fundamental change. we had to figure out how do we step up and counter that? now you have to launch a satellite that not only can do its mission set but protect itself. that is a whole new ball game when it comes to space. about half of all the satellites up there don't belong in the united states. some are up to pretty nasty things. then you take cyber. we watched this problem happen

year over year over year. here's the thing. here's the good news about the former mcconnell's comment if we were in a cyber war we would lose. if we were in a cyber war, we would lose. that's the good news of it. here's the bad news. we are in a cyber war in the united states, and we are not winning. it's that bad, and it's getting worse. so you think about where we are today. most of our financial system is under attack. some successfully. some not we now know, and you will hear from other panelists, how the new generation of technology, which we pride ourselves in, making a car do amazing things, is now suspectable. airplanes have been hacked. our electric grid has been pen straighted. it is susceptible. and what they don't tell you in the second part, don't worry, nothing to see here, we've got it fixed. why? because we don't. the fbi just came out with an

interesting report that 13 -- year 13 over year 14 there was a 53% increase in economic targeted american business espionage. 53% increase over one year. and the bad news was it was outrageously bad the year before. why? no consequence. all right. they have been absolutely been able to get away with it. china has built an entire economy on stealing intellectual property not only from us but our asian allies. anybody with intellectual property is subject to getting it ripped off. and likely they have. and so we have watched this problem get worse. and i get worked up about this. i just read today where department of homeland security issued a letter in opposition to the one piece of legislation the senate is ready to move here

called sisa. for those of you who are familiar with our bill called sisa. it tells you we have problems with acronyms in congress. for the one reason that it allows companies to go to intelligence agencies to share malicious threat code. which by the way, has been happening intermittently in the past. the one thing we looked at and says here's the problem we have to foster sharing. sharing is the key word. if we can share malicious code in real-time at light speed, we might, might be able to put a dent in this. what you are seeing and is there is a bill out there that can be protective. companies can feel comfortable knowing their information is safe and saying we have this malicious source code. you have to help us with this. we don't know where it came from.

now our own government will work against itself for god only knows how long again for details on how we come up with the cyber sharing regime. i think the first bill was passed in 2013 in a bigbie partisan bill in the house. likely three years. we still can't come together, the white house can't talk to the congress the senate can't talk to the house, the house can't talk to the senate. in the meantime, how many trillions of dollars have we lost in potential economic game and real dollar loss. billions. billions and billions and billions of dollars. and the one trump card they will throw down, and they did it in the dhs letter to stop the legislation is "we have privacy concerns." that stops everything. in the meantime the russians the chinese, the iranians and now unfortunately the north koreans, we could list 15 other nation states are already on

your networks. they are stealing your information pretty much daily. at ease again, with no consequence. so think about where we are today versus where we were 10 years ago. space, we are no longer the dominant player. our technology is better clearly in many cases. now we have to worry about the security safety and survivorability of the old systems and some so fast new systems we launched into space. big problem for any business anywhere in the world let alone how tied we are to the economy. on cyber getting our clocks cleaned. now the intelligence community is is going to set up its own version of a cyber center to try to -- by the way, this is probably a good idea. we didn't know all the capabilities of our own intense. why? people talked about privacy and we stopped everything for two years. we couldn't get intelligence community to share information in a real and meaningful way.

machine to machine. nobody is raoeldingeading e-mails. couldn't quite get ourselves there. and the last part of this, in 2014 was a huge policy shift we all as americans kind of moved along. we had two nation states. not the most capability we worry about. makes the calculated decision they were going to use their nation state capability to exact a punishment of a single united states business. now, normally if somebody went in and blew up somebody's warehouse and if they fired a missile or sabotage group across the world into the united states to do that, it would be an act of sabotage, act of war, or act of terrorism. a political entity destruction to further its political gains. clearly fits in the definition of terrorism. both cases are public.

one is is the san resort casino. and one is sony case. the problem, and i think what all the panelists said, where is the deterrence to doing it? there is no deterrent. they're not going to start. they're actually going to increase their ability to have the capability to conduct those kind of attacks. and they will continue to pick companies of which they find vulnerable to do economic and real destructive harm. and if you think about the sands resort, the ceo gave a speech biff iran should not get a nuclear weapon. they decided they would use their nation state capability to attack the sands resort casino. they ended up penetrating a casino in pennsylvania and worked their way back to their headquarters. it took a long time to do it. they were determined to do it.

before they did millions of dollars of damage for a political purpose. america's response? not much. so we have yawned at this motion we have this problem that as long as i can get to bucks with my a app and pay for my parking on my iphone, everything must be okay. the problem is every day we erode our ability to protect a growing and more complicated system. lastly, we are getting ready to add 28 billion billion new applications to the internet. the internet. everything from your garage door opener, and i don't know about you but every time i walk by my refrigerator i think it's working against me already. this is a huge problem for us. you will hear a little bit about this on the second panel especially with the automotive focus. we will add all of these devices.

not one ounce of security prevention has been planned in any of it. one of the biggest things that happens to you when you have an application on your network, if you talk to security folks, they probably don't know a that application is on their network. it is harder than it sounds. nobody has completely 100% mastered it there are a couple that are close. on your private sector networks there are huge vulnerabilities work in. they spend $250 million a year on cyber security a year. $250 million. they get penetrated. why? it's because the complicated nature of network how you manage the network and understanding what application is on it. i always say this is not just a technology problem. it's an a anthropology problem

too. it's a people problem. if you wonder why the chinese have stolen as much data that isn't related necessarily to a criminal act, anthem medical, and the list is pretty long. we could be here an hour going down the list. certainly opm. lots of really detailed personal information. why would they do that? >> 85% of all the success rate of a chinese penetration of your network comes from a fishing e-mail. imagine the e-mail i can create if i know everything about you for the last 10 years. and i mean everything. and i also know the last time you went to the doctor and exactly what you had done at the doctor and what your billing status is. imagine that e-mail that says last week you had your knee looked at. i think i screwed up on the billing cycle. would you verify this was your x-ray and not that guy. yeah. i was there. the e-mail came from my doctor.

at least it looks like it came from my doctor. i click on it. they're in. 85% of the chinese success rate. they just increased their target by 53%. i'm not the smartest guy in the room. but in the fbi we would call that a clue. we've got problems approximate brewing. i appreciate the discussion and thanks for including me. >> that's fantastic. we have about 15 minutes or so to really open up for questions focusing on the evolving threat. and from this panel the evolving threat is both from our adversaries and against ourselves as well. i don't know if someone has a mike or if it's a small enough room. sir? >> is is there any difference in approach between the public and

private sector? can we say all private sector goes one way and the private sector goes one way? any difference in the approach to that? >> and i have i think a little bit of a different perspective than some of my panelists. so this should be an interesting discussion. in worry about this. 85% of the networks in the united states are private. and contrary to popular belief the national security agency is not on those networks. they're not. not unless they have a warrant to be there. and that is highly unlikely. what happens is you have this intelligence services overseas trying to come back and protect the government. what we want to do is share it in real-time so the private sector can protect itself. it's not working. sharing is terrible. no one wants to do it for liability reasons. a whole host of reasons not to share. here's the problem with the private sector saying the heck

with it. i'm going to flick whoever i think did this. determining and attributing that attack to a certain nation state or international criminal organization. there are capabilities all over the map. can some do it very well. some think they can do it very well. some don't have a clue how to do it but wouldn't stop them anyway. the government would be in the responsibility how do i protect 25 businesses have what would be the second order impact. right. if i attack you, you flick me in the forehead. i guarantee you they will not sleep on it overnight. why? they have already been trained there's not much of a consequence to doing this. i always argue you have to have a good defense before you go out and do something bad to your neighbor. if you're going to punch your neighbor in the nose hit the weight room for a few months first because he's likely to hit you back. the problem is is we have no good defense today for that 85%

of the networks. so the companies that got really good at it, they had be fine. a lot of companies i wouldn't have any problem doing that. what happens with when they take out the 15 companies that are their suppliers that can't withstand a cyber attack at all? now what do we do? we have an engaged private sector as we are watching as a government entity, what do you do? how do you stop the escalation? as a government entity we have all kinds of ways to deescalate any event. you have none of that in cyberspace. we have to get all of that right. >> just real quickly i just love being on this panel with these gentlemen. it's awesome. three problems. you identify a critical question. the adversaries don't differentiate between public and private, right? they, in many ways, the autocratic states, totalitarian, it's all one thing. their economic power and

influence is part of state power and influence. chinese have actually identified their banks as a strategic asset. so starting principle is that our adversaries in this space don't differentiate. if we think about national resilience, health our infrastructure is part of that. in some ways the clear divide public public private in many ways in this environment doesn't make a lot of sense. the third point i want to make is i think one of the challenges, and mike referenced this, is how we interact between the public and the private sector. information sharing is sort of a leading edge of that question. but also it's a fundamental question of our national security architecture. how do we enlist the private sector in a way that defending them and makes it part of a national resilient campaign when there is a clear blend? and one sort of way of thinking

about this maybe this is where mike and i disagree, i do think there is a way of thinking about this a bit more aggressively. we take it straight from our constitution. the founding our constitution, the found founding of our republic came at a time there was much un's about maritime security. we have a provision in this constitution for letter of mark and reprisal for the government to actually leverage private anothers in the maritime security domain precisely because there was this blend of threats and blended environment. i think we need to think a little more aggressively because the environment doesn't determine between public and private and we don't want to do damage to the private sector and pro- protect it and can't ignore whether the private sector, jpmorgan or others are part of our national security and economy. >> you want to add one thing? >> i want to add one thing on this matter. it's something that both the

chairman and juan talked about discussing the differentiation in our country what's public own d owned and private owned. it goes past that. in most of the western countries, there's a very hands-off view to the internet allow technology to innovate and governments have it as a philosophy to not get overly engaged in the infrastructure. that's not happening everywhere in the world. the countries we already mentioned get thrown out, china russia north korea they are already ball canizing it. they own the infrastructure, take it up turn it down have resilient approaches. that relationship we have with the private sector where handsoff but at the same hand it's not resulting in secure outcomes isn't being followed everywhere.

what we're seeing as the rest of the world, those who tend to be the aggressors are really lock locking down their infrastructure. we're going in exactly the opposite direction in a way that really would not be considered i guess obvious when we do other things. for example if i were to say i could develop one cell tower that has so much power all you need is one cell tower and you always have four bars wherever you are in this country the only problem it will give you cancer everyone would say that's a ridiculous invention don't use it. and if i build a car that can go 200 miles an hour but the only problem our roads aren't set up for it. but in technology you can sell anything regardless of the consequences to our country. we have to start thinking what

we are permitting and the relationship between the private sector and government has to common cause and health and safety and security. >> thank you we will take a couple questions. i want to say in both chapters, there are discussions about mark and interesting footnotes about law school articles that have been written specifically about mark in crimer i ercyber i commend you to. snow good afternoon. i want to follow-up on your last comment comments. a lot of focus is how do we make the network more defendable robust resilient how do we attribute the threat actor who hack the system. at what point do we flip the model and start holding the actual manufacturers accountable. because i guarantee you in most intrusion intrusions, whether sony or elsewhere, it may have come in

by a spear fish ging attack it was utilizing a vulnerability in adobe or flash or some other software running on that network. at what point do we hold them accountable and start running our own house? >> i think it's the wrong perspective. we don't demand perfect security in any other aspect of life. i would never dream if my house got burglarized i would go through the architect and tractors and say someone is tunneling through the ground. we are in sent vigz quick low cost to market products that don't have security problems. i'm not saying there can't be and i'm all for it. but it wouldn't change nation states and organized crime groups persistent and determined will always be able to break in sooner or later because it is impossibility based on

vulnerability mitigation efforts to secure a dynamic inter interoperable environment what we have in the internet. the only time you see it in this physical world is a bank or fortress. it doesn't move or change much over time, you could really secure it. once you say we will meet up with everybody and we're going to change all the time through updates and connections, that's the fool's errand. the real choice is how are we going to start taking some of this money and putting it into a robust conversation and intellectual analysis by bringing standards to actual analyses, when these things happen how do we build platforms necessaryily not necessaryily secure but better at detection, attribution and figure out what our policy choices are. we might find out despite -- you took the card i'll make it this one, some of the systems we need the best security for co in coincidentally and good co

coincidence have the least privacy concerns. the electric power grid -- if you work for -- forget about -- the electric power grid everybody who works there and owns it wants to have perfect knowledge who's on it at any given time. very low privacy. that's where i would start but not cleaning up what could be done but detection and real policy choices to give to our leaders in those areas that matter most. >> real quickly, i think there's a different dimension of liability. what we haven't enabled is this private sector bar and the plaintiff's bar to actually be a force in this environment. with the attribution revolution i think there is an opportunity to think about class action lawsuit lawsuits. key tam actions, victims of

malignant cyber attacks that allow victim companies, individual share hold others to go after companies taking advantage of this environment. chinese soes using stolen data, why aren't they subject not to just government action but even private litigation. i think the question of liability is an important one. i think we need to flip the model a little bit more and empower the private sector to be an actor and deterrent. >> i think we have time for one quick question. michael, quick. >> quick question to get you all on the record on this. >> great. >> just to get you on the record on this -- >> how fast the tables change. >> is it fair to say that the u.s. private sector in cyber has no right of self-defense according to the law that that is our policy they have no right of self-defense, in the same way there's a duty to

retreat they have no right of self-defense? i think i'd like to begin with juan because you advise banks on this. when you listen to the lawyers and lawyers seek to work with you on this do they feel the bank has a right to defend itself when it comes under attacks by either criminals or nation states. >> this is how you define defense passively, you say, of course, we have the right to defend, great layers and redundancies and a lot 0 criticism they haven't done those and cyber hygiene they need to do in terms of employing aware awareness, certainly they can do that. there is also a lot of reticence in the private sector to actually getting involved too actively. a lot of companies don't want the very idea of half back or active defenders of systems. they want the government to do it. they want more information the do it themselves. in that sense if you define

defense broadly, yes, they do. do they have an active defense role to play at this point and is there a legal structure for that? no. >> defense of person or property is a justification, right? it's an otherwise illegal activity. i think it's very uncertain. we haven't seen prosecutions against companies. that might be prosecutorial discretion discretion. we don't know what might happen if there was case taken up. unfortunately a lot is theoretical. there is no certainty in this area. businesses unlike individuals unwilling to roll the dice, businesses hate uncertainty. we're a nation that can't even get a national data breach law. we're stuck with dozens upon dozens of individual state laws of data breach notification, what's the chance of company figureing they have certainty of action even within the united states no less how that might be observed outside the country

where they are likely doing business? i think the short answer is do they they? there's no clear answer to that. that factor is enough that make big businesses responsible are not going to touch it. >> when you talk about extra toratorial defense, that's a loser from point go. if you don't have proper legal authority it's a disaster mainly because in ground circumstance you're dealing with a personal threat to your life. the way the law is written it has to fit that criteria. this, you could never make that legal argument here number one and number two when you decide you're going to breach territorial jurisdiction and go after someone, you have opened up a can of worms which is well beyond the scope of your threat. that's where i think we have to -- our policy is not there. we don't eve