would be that much greater. turning to monetary policy. the implications for money tear policies for the supply side issues. so for the near term, my baseline expectation whether that our economy will continue on the path of growth at around 2%. to confirm that expectation, it will be important to see a significant strengthening in growth in the second quarter after the apparent softness of the first -- of the last two quarters. to support this growth narrative, i also expect the ongoing healing process in labor markets to continue with strong job growth, further reductions in headline unemployment and other measures of slack and increases in wage inflation. as the economy tightens, i expect that inflation will continue to move over time to the committee's 2% objective. so the if the incoming data continue to support those expectations i would see it as employee to gradually raise the federal funds rate.

another rate increase may be appropriate fairly soon. several factors suggest that the pace of rate increases should be gradual. including the assem tri of risks at the zero lower bound, downside risks from weak global demand and gee political events. a lower long run mutual funds rate and the apparently elevated sensitivity of conditions to-mile. uncertainly about the location of supply side constraints provides another reason for gradualism. there are potential concerns with this gradual approach, however. it's possible that monetary policy could push reoutly sayings too high and inflation could move to temporarily above target. in an era of anchor expectations undershooting uh employment should result in only a small and temporary increase in the inflation rate. but running the economy above its potential growth rate for a extended period could involve

extended risks even if inflation does not mean meaningfully above target. a long period of low interest rates could lead to aggressive risk taking and high asset prices and credit growth. macro prudential and other policies are designed to the severity of consequences if it does occur, but it is not certain that these tools would prove adequate in a financial system michigan much intermediatation takes place outside the banking sector. thus, developments along these lines could ultimately present a tradeoff for monetary policy. so wrap up, with the support of monetary accommodation, our economy has made substantial progress. my view is that a continued gradual return to monetary settings will give us a chance to make up lost ground. thanks very much, and i look forward to our suggestion. [ applause ]

>> that's me. that's me. . >> thank you so much, jay. we obviously have a very expert audience and a lot of people waiting to ask you questions. but if i could, i'd just like to pose a couple to start. towards the end of your speech, you mentioned the idea of -- i'm trying to find the exact words so i don't end up saying something wrong -- the apparently elevated sensitivity of financial conditions to monetary policy. that leads me to two questions.

first is, it's interesting to juxtapose that with an apparent diminished sensitivity of real investment to monetary policy. i mean, that seems to be the big up hill battle central banks have been facing for the last few years. is there, given particularly your financial markets background, what do you think leads to this divergence to monetary policy seeping to have more effect on asset markets and less effect than passed on -- past investment? >> o ok. so what i was referring to there and there's so many different ways to try to relate changes in financial conditions to changes in expectations about monetary policy, but this was a statement

based on one look which is to look at the differences between expectations -- forward expectations for rates in other advanced economies in the united states and look at changes in the spread and look at the effect that would have on the dollar. and it seems that that affect has been higher than expected, so by that particular measure -- and that would explain some of the quite large move in the dollar since the middle of 2014. you're asking, though, about the tension between that and really low capital investment in the face of very low interest ritz. so as i mentioned in my speech, we look at it in sort of standard accelerator model terms and other frameworks as well, and you know, come pretty much to the view that low capital investment is explained largely by weak demand. businesses don't have to invest because command is weak. it's no more complicated than that. i would say also, based on my

long career in dealing with private sector companies, if you put yourself in the seat of someone responsible for management of a company, you know, they see weak demand. they cut costs, they can buy back their stock and they can make their numbers that way for a period of time. so investment is low, but it's a way for you to make your numbers without taking a lot of risk. >> right. j if you think about where that takes you over a period of 10 to 15 years is kind of a hollowed-out economy, so it's not a great trend. but we don't see a reil sid yul to explain our basic framework for investment. >> great. and secondly you raised the issue of the dollar. obviously i'm not going to ask you to comment on any particular level or intervention, but just more broadly, we're being forcibly made aware of various other countries' concerns about the dollar, their reactions --

the reactions of other central banks to the dollar. in the same spirit as my last question, how do you think about the chatter sometimes that the federal reserve can't raise monetary policy as much as they would like -- tighten monetary value as much as they would like because the dollar effects are so large? >> let me begin by echoing your point that, of course, we don't have anything to do with managing the level of dollar. >> no. >> i'm just getting that disclaimer out of the way in case there are treasury people here or watching. i think what happened is since the middle of 14, financial conditions tiedened significantly and not through the traditional channel of interest rates. so in effect, we had to tighten less is what happened. it's not to say that we can't tighten policy. the point is to tighten financial condition action, not to raise interest rates, right? so we do what we think is

appropriate. and i think we have the freedom to do that. but we have to take into consideration, you know, conditions around the world and one of many financial conditions, we've got to evaluate is level of the dollar. >> great. thank you very much. i'm now going to open it up to our audience for questions. the -- some very simple ground rules. please wait to be recognized. if you're recognized, please identify yourself, please pretend you are asking a question. if you do something that resembles a speech, i will cut you off. in practical terms, we have a traveling mike up here up front, which chris is holding, and people towards the back can feel free to stand at the standing mike. who would like to go first under that horrible threat i just issued? right here. >> so one question i had was -- >> identify yourself. >> sorry. jonathan pingle from black rock. the arguments for caution and

facing the problems of asymmetric policy response near the zero lower bound sound reasonable as sort of a justification for proceeding gradually. however, trying to understand exactly ha that means for the path forward, say, maybe one hike or two hikes this year, maybe three or four next year, or does that mean two next year? it's difficult to see out of the next two, three years how we intercept that relative to, you know, a historical hiking pattern which would have been, say, faster, or does this mean something incredibly slow? for example, just thinking about the dot plot, the median dots for 2017 have four hikes priced in. how do you reconcile that with assem tri and gradualism? i mean, is that gradual in your view? does that incorporate the inability to respond to downside risks? i mean, how do we reconcile this

gradualism with what we see in the dots? is the dots gradualism? >> or as i would put it, do the dots matter at all? >> so the dots really represent -- i'm sure you know -- individual participants' estimates of appropriate monetary policy, given and in consideration of a moti, will e forecast. so i would say that anyone's ability to forecast much beyond the next few months is really not so great. just the standard error is around everyone's forecast are quite large. so you -- the way to think about it is not a promise, it's not a statement of an intention. it's statement of what someone would think monetary policy would be -- what would be appropriate given that motile forecast. that's the only way to think about it. if you think of it as doesn't that sound like a lot?

no that doesn't sound like a lot if the forecast is realized and if other financial conditions are about as kpmtd. we had a conference about this in new york a couple of months ago. the kmejs of communicating around the dots are substantial. people do tend to take them more as promises and sort of not see the conditional ality. i'm not saying you're doing that, jonathan, but they're not without challenges. >> very nicely put. who would like to go next? please, the gentleman over there. >> thank you. my name is sanch. i'm the obara of mozambique. il wand to thank you for the opportunity and for this illuminating presentation. in your presentation, you mentioned i would say by passing the geo application, if geo

plik, political events, and i wanted to hear a bit more about the impact of politics here in the united states. this is an election year. what effect, what impact that will have on the economy? because there was quite a lot of economics in the presentation. i understood most of it but, i mean, part of it -- not most of it. i'm not an economist. but i wanted to understand the impact of the politics on the economy. >> so i'm now in my fifth year. i'm one day, frankly, into my fifth day at the fed. so this will be my third election cycle and i can say that politics plays absolutely no role whatsoever in our deliberations or in our decision. so we -- you know, the focus inside the fed is very much not partisan politics or elections.

it's very much economic fundamentals, so it can be very jarring to emerge from the fed and talk to people who think of politics -- think of economics in political terms, which i referred to earlier. honestly, it has no effect. you know, we announced a quantitative use program in 2012. we just don't think about it, and i can say empirically, i find that to be the indication, not just the rhetoric. >> please. >> my name is joe marie greasegrabber. i'm with new rules for finance. i wanted to ask you about the hollowing out of the middle class of the united states and how that syncs with your view that wages are rising and the real level of employment is going up, how are we going to return the middle class to a demand engine? >> let me first echo that there's a on the of research that supports what you've just said, that it's really the

middle-skilled jobs that have suffered. david arter at mit has done work. so have many others as well. it's been partly related to the globalization and sort of the plateauing of u.s. educational attainment compared to our competitors. it's a serious problem. it's not really in the wheelhouse of monetary policy. we have one tool, which is monetary president obama. it supports demand at the aggregate level. it doesn't support distributional policies or, you know, or policies that might provide training or might address all of the issues that you talk about. those are really matters for the elected branch of congress and they're more the management of demand which is what we're more focused on. but it's not something we can

take a role in other than by maintaining -- >> can i follow up on one piece of that. you mentioned globalization and a relatively competitiveness. i think david and other people would suggest technology has played a role. leaving that i a side, clearly part of what you describe when you're talking about monetary policy and any good banker would talk about how much you would worry that if we fall behind the curve will expectations become unanchored. does it enter your own personal views or your expectations that labor really is weak now? that for whatever variety of reasons, labory doesn't have the bargaining power, so maybe the risk of an inflationary spiral is less? or is that just not something that would come up in the discussion?

>> it comes up indirectly. if you look at the relationship between slack in the economy and price inflation and then look at the relationship between price inflation and wage inflation, both of those relationships have weakened very substantially oef the past 20 years, so to say it differently, wage inflation which has been weak no longer affects price inflation as much as it used to and price inflation is no longer as response sieve to the economy getting title. so you can be at full employment and you don't see much inflation. this is very different than the world we grew up with wage spirals and such. all of that is i think consistent with a world in which companies maybe substitute capital labor and share goes down. and it's not something we can -- i mean, it's in the numbers but it's not something i feel we can target directly. >> great.

at the back, mike, and then over there. >> hi. from voice of america. thank you for your comments. i've got sort of a flee part question. the first one is are we now seeing a coordinated effort by members of the federal reserve to signal a possible rate hike soon? the second would be how would you vote in june 15th about -- for a rate hike in june, and what do you see as the risks of not acting quickly enough? >> ok. concerted effort, no. i mean, adam will confirm that we scheduled this speech i think it was -- >> two and a half, three months ago. >> wasn't even that. it was late last year, a while back. so there was no thought at that time. it just lapse to be now, and it's -- happens to be now and it's a coincidence. i'm the first board member to say anything about this, actually. a lot of the bank presidents

have been talking and some of the other board members will be speaking next week. but no. how would i volt. the great thing is i don't have to decide until june 15. and i think you discard the opportunity to evaluate incoming information when you decide too early. so i really do legitimately and not just in theory think that there's important incoming data not just about the real economy but about the balance of risks that will come in between now and then. so i don't know. the risks of waiting are frankly not so great. this doesn't feel like an economy that's bubbling over or threatening to break into high inflation. at the same time, i think you have to balance -- really, i think the right plan, as i said, is a gradual sort of rate increases over time and you've got to balance the risks of, you know, the relatively modest risks of running the economy too hot and having to move more sharply, perhaps causing

recession, and you've got to take into account the fact that we've made tremendous progress. we're close to full employment. again, you don't want to wait doing but you don't want to be in a hurry. >> rate hike in june? >> will you please. doug and jason and then we'll go to the back. >> thanks. doug red earnings ker. jail, sort of a two-part question. you mentioned the international applications and how those weigh on your thinking. i wanted to ask you to expand on that. one thing that you didn't mention is the concept of financial stability and a broad question for you, just how do you think about financial stability concerns as they relate to monetary policy? >> on international concerns, i was rereading a paper by barry ikengreen where he talked about the history of the federal reserve. it sort of comes in and out of focus. i think there -- here lately i

think our public communications have had more than the usual amount of communications among them because of important factors. i think that's because of the position we're in. the u.s. is in position to consider removing accommodation gradually and other josh economies are not in that position. so we stand out -- i think global growth inflation are weak, so it's a time when those things are particularly important for us. in terms of financial stability, you may have seen in the last several minutes, if you don't have that much to do, you might have read the minutes and seen that we had a long discussion of monetary policy at the last meeting. i think the conventional wisdom is generally that, you know, that macro prudential and other supervisorsry regulatory tools have against financial instability and that monetary policy is for stable prices and

full employment. i think it's not easy for many, including me, to be particularly comfortable with that. the scenario is the one i mentioned in my speech, which is what if it's monetary policy that is over a long period of time, what if rates have to stay lower than we think they will for a long period of time? upward pressure on asset prices and growth and it's because of monetary policy. we don't see that today at all. the last thing i'll say is at the board and pretty much everywhere, you you have a heightened focus on issues of financial stability since the crisis, and it's a very, very deliberate focused effort to build up the core of the system. i think it's made frankly great progress and more to do on that. >> great. jason here and we'll go to the back mike. >> jason cummins from brevin. i want to turn your attention back to your discussion of

inflation expectations. which you briefly touched on. i detected, although i'll have to read the speech carefully, somewhat a greater measure of concern about risk to the iranian side inflation expectations in the speech compared to some of the other discussions i've seen recently. that certainly reflects some of the same concerns i've had about the same subject. in your mind, when you think about normalizing monetary policy, as you've described you're trying to tighten overall conditions. how do you explain to the public as you're removing accommodation, that you're still concerned about maintaining the sanctity of the no, ma'amle nal anchor when the public -- it's not clear, there's no, sir one public out there. but the surveys or what we're getting from the markets, there seems to be some concern about whether inflation expectations are as stable as they have been in the past. it's never going to be an easy job to raise rates and get inflation to go up at the same time. we've never done that in monetary policy before in the

united states. so what do you do alongside the normalization process to convince people that inflation will be going up anded the fed will be concerned about that without promising an overissue without just repeating gradualism over and over again? >> so it starts with where inflation is right now. and core inflation is at 1.5% and is probably being held down by 30 or 40 basis points, by the effects of the strong dollar and a little bit by the effects of lower oil prices. so if you add 30 or 40 basis points in, you're at 1 money 8, 1.9. pro forma in my former world of pro forma finance, it was a context. pro forma, you're not so far from 2%. in theory all you've got to do is wait for all things held equal for inflation to return to that level. so that's why i have some comfort in moving at this time,

is that i don't think on an underlying basis we're all that far. i also -- you know, we've spent time on this. the issue with inflation expectations, take -- if you take break-evens, market based, and there's a lot of decomposition of what's going on there and many make the case that it's about liquidity and not about people's expectations. i don't want to sound like i accept that at face value and -- i mean, i don't. i get that. when inflation -- when five year forward inflation expectations are down as much as they've been since the middle of 14 and stay there, i think you should be worried about that, and i think it's something to focus on. again, i do think that inflation -- i would still say they are -- they are anchored, inflation expectations, but i would say that it's important that the public see, as you've suggested, that we are committed to returning inflation to 2% and keeping expectations anchored.

>> all right. >> we have quite the lineup at the back mike. >> hi. thank you very much for being here. this is an excellent panel. >> who are you, please? >> my name is goodman. i would like to ask you a question regarding the data dependent monetary policy. so we know that the monetary -- the effects of monetary policy comes with legs. it takes time to see results after the decision. so that's why we hear that the monetary policy should be forward looking. and at the same time, we hear the members emphasizing the data dependensy every opportunity they get. so i'm just curious how the fed can achieve forward looking monetary policy by looking at past data as they are -- their

main factor in deciding, you know, the monetary policy. and also, my second question is, last year at this time we were talking about the possibility of a june rate hike and it didn't happen. the fed had to wait until december and i was just curious, what is the likelihood of having a deja vu this year and what can cause it? >> should have stuck with one question. >> do me a favor. remind me of your first question. >> how can you be data dependent and forward looking? >> ok. thank you. so as you probably know, we -- each member of the flmc, each participant, all 17 of us, gets to write down a forecast, a three-year forecast of the economy. and so -- and then write down what we think appropriate

monetary policy is to achieve that path. for the economy. for the economy. so that's -- so it is very -- you know, it is forward looking. policy is always forward looking. really and it's depending on incoming data, too, because it tells you the state of the economy. it confirms or doesn't confirm your expectations going forward. but policy is of course completely forward looking. you know, in terms of what will happen, i don't have any projections for you. i told you how i think about the problem and what i expect will be appropriate given what i expect for the economy and for risks an if it doesn't pan out, if the conditions that i've laid out don't happen, then i suggest that the committee could move faster or slower. >> very good. >> thank you. >> second question in the back. then we'll come to the front. you can put down your hand. >> jeremy, uc berkeley. in your presentation, you showed us the decline in the growth

rate of potential gdp. yo i also mentioned the decline of the rate of interest. so i was wondering how much of that decline in the neutral rate of interest you think is linked to the decrease in the potential growth rate of gdp. >> soy think they're fairly closely linked, you know. i don't have all the potential models in my head this afternoon, but, you know, i think it's almost a one for one decrease in the neutral rate from estimates of potential growth going ing forward. certainly close to that. >> over here, please. >> thank you, jay. i wanted to ask you -- >> identify yourself, please. >> christian gutob. i wanted to ask you about the upcoming vote and how it influences how you think in the near term about your policy choices and the benefits of making a decision at one meeting

relative to another meeting. is it your view that if the odds of a -- vote going in favor of exit were declining in markets were therefore ponding in a risk positive way in the run-up to your meeting, that would essentially allow the committee to set aside that consideration and focus only on the domestic data and so forth. or would you need to see that risk fall to an immaterial level in order to be comfortable making a policy call at next meeting in. >> let me piggyback on that question. one of the things coming out of the spring imfo bank meetings g7, g20, fed, all this was some repeated statement that breg was at systemic risk. now, don't get me wrong. i love the united kingdom probably as much or more than any other american. but i've never understood how this becomes a systemic risk. so in your view, why is that a

concern? >> i would -- taking christian's question for a second shgt i would break it into two questions, the first of which is how does the vote come out and the second is in the event of a leave vote what are the -- i think it is possible to -- we don't dush know, it's still some weeks until our decision on june 15th. it is possible that we would learn important information between now and june 15th on the first question. i don't really think it's possible we would learn much about the second question, which kind of goes to adam's point. and that is, you know, you -- i mean, there's a modal expectation maybe that there would be some presenting a

factor in favor of caution about raising rates in june. >> interesting. at the back, please. >> thank you. i think from your analysis, mr. powell, there seems to be a disconnect from the real side and the financial side so there a there's capital dipping and labor productivity growth. and don't you think that perhaps monetary policy might be contributing to the death of investment and to that kind of situation allowing the companies as you say to make the numbers

without investment? >> i do not think that is the case. i think that monetary policy is supporting demand in the face of, you know, still significant risk aversion and headwinds in the wake of a global historical economic event called the global financial crisis and the resulting recession. i think we're still digging our way out of that. i think it's still echoing down the years and i think it will do so for some time. so i don't really think -- i think monetary policy on net is contributing to the recovery not pulling it back. >> thank you. >> thank you. another question from the audience. >> dave stockton peterson institu institute. i want to return to the longer run themes of your remarks and the observation that we're seeing longer potential output growth that's probably been associated with a decline in

either the equilibrium or natural rate of interest. i think given that, the implication that we're going to be running in the low nominal interest rate environment for quite some time if that's going to persist, is it time for a more serious reconsideration of the 2% inflation objective? >> i think in theory and in -- you know, that is a logical margin upon which to adjust. it's not at all something that we're considering at this time, and i frankly think that, you know, jerry yellin took that question on in great detail, dave you may remember in a speech i want to say late last year about inflation dynamics and came down strongly that you know when you embrace an inflation target and expectations get deeply anchored as they clearly are now the costs of trying to move that are uncertain and potentially high.

so it's not something that i would be look at doing in the near term. >> it's interesting. when i got to co-author with bernanke and -- a book on bank targeting now a while ago, then future chair bernanke signed on to passage sin the book that indicated the inflation target should be moveable, that we would expect it to move as conditions changed. now, i have sense said publicly and i won't presume to speak for any of my co-authors you know that that was a mistake on our part not from a normative sense that we were wrong but that we were foolish. we should have realized like an exchange rate target zone that once you put in the number people are very scared to get off of it. but that's obviously a very different place than what you're citing chair yellin's speech

saying that it would be bad to move it inherently. i mean, i'm not trying to press you on this. it's just very striking how ex-post the profession seems to have decided it's risky to move the inflation target where -- they were designed to be reset. >> yeah. i mean, again in her telling it and many people's telling of it, it took many, many years to get inflation expectations anchored. when they wsht, we knew there would be a shock and inflation would go up. they would just move around. it's a very costly thing. getting then anchored was a costly thing and took a long time and moving them around is something that, you know, if you -- it kind of undoes the whole psychology of them being anchored and you have to go through the process again. i get that. but at the same time that was all done in a rate of 4% to 5% nominal federal funds rate and

equilibrium. this is not that world. >> thank you. >> question here, please. thank you. i'm from goldman sachs. in the last couple of years we have seen an increase in the amount of information that the fed communicates to markets with the dots and all of the rest of the data and the s&p. and increasing the speeches and in the content of the speeches coming from fymc participants and yet if you take, for example, the reaction of the markets to the march meeting or the reaction of the markets to the minutes of the april meeting the other day and you do a couple of fancy calculations you can see that there were very large surprises from the point of view of the market reaction. so do you worry about this? and what are we collectively missing in terms of understanding the fed's thought process and their reaction

function that has changed? or is it just a fact of life? and we have to live with it? >> so i have thought about the question of are we doing too much communication and also about the difficulty of doing less, which there's not much track record of people reversing gears on that. so i think your -- my main point would be that you're still at a time of extraordinary accommodation and decisions are highly fraught and attract a lot of attention. and that's part of the issue, this would be -- the next interest rate increase will be the second one and it will be important. and it just gets a lot of attention. but i will say that the march sep as i'm sure you're aware had two rate increases this year. i think any number of bank presidents were out saying that two rate increases and things have probably gotten a little

better on balance since march, two rate increases is what the committee thought so, yes, the market was apparently surprised by the minutes but i think it was there in a way. it's not easy nor is it essential that the market understand every word that we utter. >> thank you for that. well said. >> we need to do what is right for the economy and let the chips fall within reason, we need to be doing that and not focusing too much on short-term reactions. >> please tweet that. at the back, mike please. >> jacob keir ka guard from the peterson institute. i first want to commend you for actually putting up the employment rates data in your presentation because i think if i'm not mistaken the fed mandate talks about maximizes employment, and your data clearly shows that the situation is abysmal. i mean, there is no other word

for it in my opinion. so i guess i just would like to have your comment on that. i mean, when you correctly point out that prime age employment in the united states is below that -- or participation is below that of a number of european countries, that is historically unprecedented. so how do you basically -- how do you square that with a policy outlook that suggests that you are close to meeting your employment mandate? i would suggest that you're pretty far from it. >> well, some of this isaddressable on monetary policy and some is not. decline and participation by prime age males has been a trend for decades now, and, you know, the -- it is -- we can -- what we can do is support, as i suggested we should, economic activity with accommodative

monetary policy as long as inflation expectations are stable and inflation is close to target. so we can do that, and i'm pretty confident we will do that. that's not going to turn around these long-run trends txtd's not. as i mentioned in my speech, there are things that need to be done on the policy side much more important things by convict frankly and maybe at the state level that we don't have responsibility for. now, we don't do fiscal policy and we don't do partisan politipoliti politics so i don't want to roll out my personal suggestions here today, but there's a lot that can be done. if you look at all the marmgens of potential growth and productivity, there's a lot to do in terms of education, in terms of encouraging labor force participation rather than punishing it for those of who, for example, are receiving benefits from the government. there are things to be done with tfp, with basic research. every one of those areas has things that can be done, which

is why the focus on the next interest rate increase is just not that important compared to the long run potential growth ever the economy. that's what we ought to be talking about. >> unless you're a fed governor. >> anyone else? this is a rare opportunity. okay. you get a second shot. if everyone else wimps out, you get a second shot. >> i want to ask, when you look at the market implied path for federates going a very, very long way with a forward rates and so forth and compare that with the sort of trajectory that is envisioned bradley speaking by most participants in the sep, even allowing for some difference between the base case outloong in the sep and the risk adjusted path priced into market, it seems like the market is saying that the neutral rate

is lower today than you think it is and it's going to rise much more slowly than you expect it will rise over the coming years. that's the only way i can really make sense not of the june versus july type debate but of this broad difference going out several years. what makes you and your colleagues confident that, given the experience of the last few years where we've overforecast the recovery in the natural rate, what makes you confident that the broad sep world view is a reasonable base case as oppose to the market implied view? >> to make you feel better before you respond, i've already been hoisted on my own petard on this. when i was on the monetary policy in the banking and i kept saying you can't believe these crazy low productivity numbers, it's not like every worker in britain woke up with their left

arm missing. this doesn't make any sense. but then we get to year six or seven of real low productivity numbers and i had to start saying, well, you know, maybe it's not going to pop back up. so just to say this is genuinely hard and lesser beings like me have certainly screwed this up. so what do you think? >> so you're right, of course, there is a significant gap between the committee's most recent dot plot median expectations and between what the market is saying. i haven't looked in the last few days but i would imagine it's closed just a tiny bit. and that can be a function of a couple of things. one would be, of course, there's term premiums as you get farther away from zero, which would account for some of the difference. you also mejsed the difference between -- we're showing the mode and that's really a risk weighted mean. there seems to be for good reason -- people seem to be looking at long duration securities as a hedge against

downside cases because they are very nice liqueur layly correla those outcomes. so you're seeing a lot of that. that explains a part of it. another part of it has to be implicitly or explicitly a lower estimation of the end point which is at the end of a cycle which is our start. so none of that is, you know, in the nature of making anyone -- making me comfortable with the difference. you know, it's hard to know. we have to do our jobs. i've got to do my job, and market has to do its job. and i'm one who is inclined to think that one should listen to what the market is trying to say, not that the market is always right but there may be something wornl saying. i think those are some of the explanations and we'll just have to see. >> great. anyone else? yes, please.

>> thank you very much. my name is ken from the embattscy embattssy of japan. as you know, you are talking about raising the interest rate whereas you know the bank of japan daintroduced negative interest rate and so ecb. and the difference is -- leading causes of the stronger dollars so my question is, to what extent, if any, do you take into consideration of monetary policies outside the u.s. and monetary to what extent dow take global economic outlook including the slowdown of the

chinese economy into considerati consideration. thank you. >> so we're charged with stable prices and maximum employment in the u.s. economy. that requires us to take into consideration all of the factors both financial and real that would affect that. and certainly in this environment, as i mentioned earlier, that does include, you know, financial developments around the world and the fact that other major central banks are adding accommodation at this time. so all of that gets, you know -- is under consideration. i think international concerns as i mentioned are particularly high here in the last year or so. but that's simply because i think of the divergence of growth patterns really between the u.s. and big parts of the rest of the world. so i think our -- so our job, we're not assigned with anything but stable prices and maximum employment in the united states, and ultimately that's our focus.

but of course you can't do the job without engaging with awful the global factor that's you mentioned. >> well, we had a bit of an exchange about whether there's been, for whatever reason, too much communication out of the fed. but such a calm, clear, sober and informative speech certainly is the kind of communication we want to retain from the fed. so on behalf of the american public but also on behalf of the peterson institute, let me thank you very much for your time today. this was terrific. >> thb thanks again. >> i really appreciate it. thank you. >> on friday donald trump holds a campaign rally in san diego ahead of california's june 7th presidential primary.

we'll have live road to the white house coverage on c-span at 5:00 p.m. eastern time. and this weekend, the libertarian party holds its national convention in orlando, florida, where several candidates are vying for their presidential nomination. c-span has live coverage beginning on saturday at 8:00 p.m. eastern time with a candidates debate. and on sunday at 9:45 a.m. eastern, watch as delegates elect the party's presidential and vice presidential nominees. part of our road to the white house coverage on c-span. >> this sunday night on "q&a," u.s. senate historian betty coed talks about various events in senate history and the work her office does. >> i came in june of 1998 as a newly minted senate historian. my colleagues dick baker and don richie said to me, oh, it's going to be nice and quiet. we have an election coming up. you'll have lots of time to

settle in and read and get comfortable in your job. and within a few weeks the house had decided to impeach bill clinton and we got very busy very quickly. and had to do a good deal of research on impeevement trials. we had not had a presidential impeachment since 1868 and the senate leaders at that time trent lott and tom daschle really wanted to follow historical precedent as much as they could. >> sunday night at 8:00 eastern and pacific on c-span's "q&a." on tuesday, virginia senator tim kaine discussed cyber security at the center for strategic and international studies. he addressed the challenge in balancing privacy with national security needs. after his remarks, a panel discussed strategies for defending against cyber threats. this is an hour and 40 minutes.

. well, thanks to everyone for for coming out this morning. we should go ahead and get started. ooh, it's live. our speaker today is senator tim kaine of virginia, and he just has too many accomplishments to mention. it would take almost the whole period for me to go through his whole bioso i'm going to hit some highlights. he's been a missionary, civil rights lawyer, a teacher, and an elected official, including governor of virginia for those of us who live there, now the senator. he serves on the armed services, budget, foreign relations and aging committees. he's the ranking member on the readiness subcommittee for armed services and the foreign relation subcommittee on state

department management which must be a trial in itself. his work in armd services focuses on crafting smart defense strategy, reduction of unemployment among veterans. he's done a lot to keep the navy at 11 carriers, which some of us think is important. on foreign relations he's focused on the middle east and latin america, which is close to our hearts i think. he's the leading voice in expanding the role of congress on foreign policy and improving the way that the president and congress consult. and was one of the authors of the bipartisan effort to revise the war powers resolution of 1973. we seem to have this penchant for elderly legislation here in the u.s. he co-authored the iran nuclear agreement. i'm going to do it all. he's done so many things. one more thing. founder and co-chair of the career and technical education caucus, which i think is really

important when you think about workforce issues, how it links with the issues with veterans. an exceptionally distinguished career. we're exceptionally grateful that he took time out of his overwhelmingly busy schedule to come here and speak at csis. [ applause ] >> good morning. thank you. it is good to be back, and i want to thank jim for his kind p words. this is a pretty amazing day at csis. i knew i was going to be here. there's going to be this great panel to follow me that will really dig into these issues. but you've got a speech later in the day, marty barren is coming to talk about press freedom in the americans which is the issue of the deepest importance, something i'm passionate about. you have a speech later on today about higher education in russia. since higher education is sort of a bellwether for predictions about the future of the economy, that is a really critical topic. if i just didn't have pesky votes and committee hearings i would just sit here all day long. but i'm anxious to come and get

this started and talk about cyber. the title of the discussion that the panel will address is cyber security after information sharing. i'm not going to talk that much about the congressional information sharing bill. i'm going to talk about other issues, issues that remain for us to grapple with but we can't just assume that the information sharing bill is going to be implement, no muss, no fuss. there's a lot of implementation issues and i think you're going to hear some of those from the panel as well. but it is good to be back. the last time i was here at csis i was here to talk about the role of the president and congress and especially in my view the add vocation of congress around war powers issues. i'm very happy to be back to talk about cyber security. so i'm a good virginian and when i was here talking about war powers i talked a lot about madison. so let me talk about jefferson. two great quotes of jefferson that i love. one that was in his notes on the state of virginia, this wonderful book that he wrote when he was ambassador to paris

that really was the i think the first work of true american literature that has stood the test of time, and this is a quote that was incorporated into the virginia constitution. progress in government and all else dependence depends upon the broadest defusion of knowledge among the population. jefferson couldn't have imagine a digital world where all knowledge was digitized and internet search engines and servers where it could be at your fingertips to have that broadest possible of diffusion -- he was still talking about the world that we live in and the notion that diffusion of knowledge to all democratically would be great for the individual but would be great for society. would be a guardian against terror if information was available to all rather than just kept to some. he also said light and liberty

go together. openness and freedom go together. secrecy and tyranny go together. so those are two interesting thoughts as we contemplate this cyber challenge we have. the express of bias toward that dif fus fusion of knowledge is both good for individuals and society. there is also a bias toward transparency rather than secrecy. so as we grapple with some of the cyber questions working with privacy versus national security, jefferson had a strong bias towards transparency rather than secrecy. but secrecy is different than personal privacy. jefferson was also a strong believer in individual rights and that the individual should have some sphere that would be secure against any intrusion of government. that is also a jeffersonian principle. and so as we tackle these hard, hard questions, some of those are just original wisdom of the greatest virginian i think most

of us would feel that about jefferson, a flawed person and we're all flawed people but in terms of conceptualizing the future that we live in and beyond, very, very farsighted. i want to offer three observations about signorer after the information sharing bill. about congress and cyber policy but first let me do a quick commercial for virginia since i've started with jefferson. to tell you why this is important to me as a virginian and many of you are virginians in this room. we're an epicenter of a changing daij tal lands scape. obviously many of the key federal agencies that work on cyber policy are headquartered or have significant presence in virginia as do their employees. we have a private sector in the cyberspace that is second to none. it's a great hub for i.t. and cyber innovation. virginia is second in the nation in the percentage of the workforce that's in technology jobs. it's kind of an interesting stat because our biggest industry sector in virginia is still ag

and forestry. to have ag and forestry the biggest by ggdp shows you something about the evolution of an older economy to a new one and frankly now ag and forestry is heavy technology jobs, too. but the workforce that we have is a workforce that is very connected with the cyber questions. we have strong colleges and universities, institutions training that workforce. and this is huge for virginia. we're the hub of internet traffic in the world. 70% of the world's internet traffic passes through loudoun county, which has the highest concentration of data centers in the world. and that really started probably to attain great critical mass with aol and even though, you know, we're now many chapters beyond aol and the kind of digital space, that really helped defense contractors, other federal agencies aol really helped ground that industry heavily in virginia.

and lastly and sadly, we also have a lot of cyber attack victims, the opm breach that took ougall of that data from government employees but also contractors who were doing work with the government has affected virginia very dramatically. and i know probably everybody in congress and the senate has had to deal with the aftermath and questions and people mad about it. but in virginia we got a lot more people who are mad about it than other states. the three issues that i want to spend my time on today and they're the issues that i'm grappling with in my own committee assignments are basically these. cyber doctrine, the debate over the security and privacy balance and then third cyber security investment. let me just tackle three. cyber doctrine. so i'm a member of safk and foreign relations. and have an opportunity in those committees i'm not an intel but sask and foreign releases have an opportunity to do a lot of cyber related hearings. and let me just give you some snapshots of hearings that i've

attended in my time in the senate. an armed services hearing they had a cyber command who was testifying and talking about cyber and used the phrase and you know in some instances a cyber attack could lead to war. so when it came time for me to ask questions i said, okay, so a cyber attack is by definition not war? it's something short of war? it's like electronic vandalism or graffiti but isn't war itself? i could hypothesize where a cyber attack could do as much damage to our nation or others as any war would do. and the witness says, well, i wasn't exactly sure that that's what i meant. but at least kind of in the just description of the key decision maker, cyber attack was somehow short of war. recently we had a hearing in armed services again with cyber command. this was a posture hearing we had in march. and this was the way the hearing was set up.

the testimony was heavily about all the cyber attacks that we've been subject to, the targets and the opms and the sonys, the big ones were discussed at length. then there was also statistics given about the number of cyber attacks we're subject to every day. i'm still relatively junior on the committee so i'm really late in asking questions and everybody asks questions before i do. and this testimony was just frightened us all with all the attacks we're under. so i decided i would play a trick on my witness and when the questioning got to me i said, okay, you've told us all about these cyber attacks we are subject to, the numbers and particulars. give me a great example of an instance with the u.s. effectively responding to the cyber attack. he sewed, and i knew he'd say that, we'll have to do that in a classifiy eied setting. i said, really? you've been really willing to talk about the particular attacks we're subject to, many of which are in the news and even the numbers of attacks, and when we have other hearings in this committee about the war

against isil, we will talk to the number how many bombing runs we've conducted, how many troops are deployed, how many dollars we've sent. so we will talk about what we're doing in other areas and we'll talk about the attacks we're subject to, but you won't even share one example publicly of how the u.s. has responded to something in cyber? well, no, we're going to have to do that in a classified setting. well, can you imagine the american public if they're only hearing publicly of the attacks we're subject to rather than what we're doing? they would feel like pretty anxious about this? they might feel like their government really isn't doing anything? that they're not really responding? of course we are, but if you don't share it, what confidence are you giving your citizens that you're on top of it? we've had other discussions including in this one where senator king has been really focused on this issue. if you're not willing to talk publicly about what you do, do you have a deterrence doctrine? is there such a thing as a deterrence doctrine that you

keep secret? if you keep it secret, is it deterrence? you know, we had a deterrence doctrine and have one with respect to nuclear and other military doctrines but if it's all kind of on the downlow with respect to cyber, then how are we deterring attacks? so we've had extensive areas where we've kind of challenged the administration over deterrence. and then when we have the commander of ucom in and we talk about nato, here's another question we've asked. when is a cyber attack, when would it triggerer the article 5 elect defense under nato. obviously if vladimir putin crosses into a nato jurisdiction with russian military assets that's one thing. tanks or frooptroops. but what if there is a well documented or clear effort to destabilize the network or destabilize an election. there already has been effort to

do that. when does that rise to the level of an attack that would trigger a u.s. defense obligation? and when we asked that question, we're basically told, well, we're starting to have those discussions, but we don't really yet have an answer to them. so i think the real issue and in some ways it's funny because this is what i talked about last time i was here, i talked about doctrine. the real question and in that instance the doctrine i was talking about was war powers doctrine. we're doing things, we're steps, we're reacting. but the doctrine that tries to rationalize what we're doing is sorely laking and i would say the same in the cyberspace. swha a proportional response to a signer attack? how do we make plain we will under take it either in the cyber domain or other domain? and what the right role for the government to under take steps including proportional responses when the cyber attack is not on the government but on a private sector actor like sony? i think those are big questions.

think our technologies have raced ahead of our doctrinal effort to provide answers to these questions and then make them public so that our citizens know we have a doctrine and can feel some comfort thereby and our adversaries know and hopefully feel deterred i do think in this first area that chairman mccain and the other sask members are really starting to focus on this. and as i've had discussions with folks especially at dod and the intel agencies i think they're running to catch up on the doctrinal questions. there are discussions going on in nato about these doctrinal collective defense obligations but more work in the area is absolutely critical because technical solutions and tactical decisions should ultimately advance an overall doctrine rather than being one by one or one off case by case reactions. so i think the first issue i want to put on the table and hopefully will lead the panel discussion is the need for more dongt rin and the sat status of

those discussions of. the secretary thing i want to talk about is the balance between privacy and security which is raised so starkly by the fbi/apple case but there are many other cases that raise it as well. i just want to offer you an observation about this. and i guess my punch line is, though congress is ultimately responsible for legislative activity in this area, we're uniquely unqualified to make these decisions. uniquely unqualified. let me explain why. there's two principle approaches right now being discussed on the privacy/security balance in congress. senators feinstein and burr have a proposal that would require a person or company to provide law enforcement with information or technical assistance upon a specific court order. it would be a defined proposal to try to avoid using the all ritz act which is more generic and not necessarily tailored to this kind of information. and that is a proposal that is within intel on the senate side

right now that's being bandied about. another proposal that's a little bit different is a bi-camera one, proposal from senator warner and chairman mccall on the house side, to propose a 16-member digital security commission to assess the broad issue of digital security not just the encryption question. obviously that would be part of it. but the broad issue of digital security and then make recommendations to congress. hopefully in a relatively urgent time horizon. this is modeled after the 9/11 commission and it would include hopefully technology experts and privacy experts and folks from the business sector who understand if we make changes how that might affect both u.s. companies and u.s. technologies, would it chase people to other technologies. and obviously national security leaders. and the idea would be the commission that could grapple with this and make a recommendation. now, i know there's kind of a reaction to, oh, man, another

commission. just what we need. but i actually think it would be a good idea to do that commission that could then forward material to congress. and i'm good to tell you why i like that. i would prefer to do that rather than jump right feinstein/burr i'm going to give you a reason that you may not have thought of but as soon as i say it you'll get it. the question of privacy versus security is about a careful balancing of really important interests. and as i said, while members of congress should have the ultimate responsibility for voting on legislation to try to strike that balance, wre sort of uniquely unqualified to do it for this this reason. there is no area where a member of congress is more different from the american public than in a reasonable expectation of privacy. members of congress, the 535, we're different than the american public in a whole lot of ways. but i would argue there is no area we are fundamentally more different in that we have long ago surrendered any expectation

of privacy. and we have forgotten what it is to have an expectation of privacy. you know, i started in politics in 1994 and it was pre-youtube and essentially pre-internet in its current -- so i still at that point as a city councilperson had some expectation of privacy. but i have none now nor does anybody else in my line of work. and so if you give us the task of striking the balance between privacy and security, first, we will overvalue security. and of course we should. that should be the top priority of everybody in congress, to protect national security. so we will be be extremely diligent about that, and we should. but we will undervalue privacy because we've forgotten what it's like to have any privacy. and so if trying to strike that balance is something that is for congress, we're going to strike it in a way that i don't think will fairly take into account

the legitimate privacy interests of american citizens. now, that question, what is a legitimate privacy interest of the citizenry, the private citizenry, is a very complex question. it's not easy. there's got to be some to strike the right balance expectation of what is a reasonable expectation of privacy. most citizens knowinglior or unknowingly surrender that privacy every day in the commercial owe sphere and there's sort of an issue of how relevant is that repeated surrender to the question of how much privacy vis-a-vis governments individuals would be entitled to. so there's all kinds of challenges as you get to trying to decide this issue about the scope of a legitimate individual privacy interest. but congress is just not the right body to do that, and we would really be benefitted by a commission of people that include folks who can remember what it's like to have a private

sphere. and who would then -- and would also respect the national security interest trying to set that balance. so rather than rush into a solution where we haven't really sussed out the scope of that individual legitimate privacy interest i would say we should get that done and hopefully get it done with some dispatch because i think those recommendations back to us would really help us grapple with it. so that's my second thought. my third thought is in the cyber security investment area. we have to invest more in cyber capacity, and i think this is one of the areas of government that has been most affected by budgetary uncertainty. if you look at sequester, shutdown, furl los, continuing resolutions instead of budgets it's had effect on everything we do. but i would argue that it might have had as much or more effect on cyber as anything else because it's first coincided with the time where the need and the acknowledged need for

increased cyber investment has really been ramping up. just as that's been happening, we ran into march 1, 2013, going into full-on sequester and then needing to figure it out. the cyber workforce is incredibly in demand right now and so some of the budgetary austerity or budgetary uncertainty if people are looking at career paths and they're going to look at the one with other opportunities, i worry that our budgetary uncertainty is basically chases talent in another direction. on the budget committee i came into office with sort of two goals in mind on that committee. first, a very state centric kind of governor's type goal which is i really like two-year budgeting. every state does two-year budgets. at the federal level we do one-year budgets when we do budgets. but states do two year budgets as they do that because it's good for predictability. predictability is wonderful for

our own people. predictability is even more wonderful for the private sector so that everybody can understand the parameters of what they're going to be dealing with and adjust accordingly. we have now done two two year budgets in a row. it was ulgly getting there. the first one only happened after the shutdown of the government and the second one only happened after the speaker decided, i'll resign and do a two year budget deal. i don't think we can rely on a cataclysm every year to get a budget deal. but at least we're moving toward some levelful predictability. but i tell uf when i go out and talk about budgetary issues to virginians and i try to make the case for why sequester and budget caps the bca strategy that was voted on in august of 2011 and the caps that went into place in march of 2013, when i try to tell them why it's bad i always use cyber as my example. so the bca caps basically in sequester sort of held harmless safety net spending and core war fighting expenses.

those were held harmless. everything else nondefense discretionary and defense other than core war fighting were all affected by sequester so it's kind of like artificially we're just going to hold everything down. and people say, that's great. we should save money. i said, okay, how many of you think we're doing too much on cyber right now? of course no one raises their hand. how many thinks we need to do more on cyber? everybody raises their hand. why should cyber when it's not core war fighting get affected like everything else? the notion of across the board anything is foolish from a management standpoint, especially areas where there's a wide recognition that we're doing too little not too much. so the first thing that we need to do on the investment side is hopefully get this bca and sequester behind us for the third year in a row in the nda markup on the senate side i've gotten included anti-sequester language calling for an end or dramatic mitigation of sequester both on the defense and

nondefense accounts. a lot of work we do in cyber obviously is done in dhs. that is not a non-defense account. do the extent the can caps hit dhs, cyber gets affected. so the ndaa which will be taken up on the floor starting later this week and then after memorial day in the senate, i'm really going to try to do again what we've done in the last couple of years which is if not eliminate at least lift or mitigate the effect of cyber cuts. and if we do that, then we have to make the right investments and the right investments are at least two foerld. then i'll be glad to open it up and take some questions. the first one is work force. when jim introduced me he talked a little bit about work that i do. virginia is a center for technology workforce. not the only center. there are other state that's have a huge expertise in it, too, maryland, california, other states. but even as a center of a technology workforce, second in the nation of percentage workers in technology jobs, earn even? virg irnlg there's human gaps. there's only one candidate for every three cyber security

positions that are open in virginia and there is in the state with the technology workforce. so we have a dramatic need to get more people into this field. this is one of the reasons among others that when i came into the senate i didn't get put on the help committee, health education labor pensions it was a committee i really wanted to be on. but i realize you don't have to be on the committee you just have to pick an issue that nobody on the committee is championing. i picked career and educational -- i ran a vocational school in honduras third 5 years ago. and u.s. sort of systemically downgraded the importance in technical education over the course of a few generation but now there's a renaissance and it's coming back and cyber is one of those areas where trained technical talent does not necessarily have to have a college degree. there are other ways to get the skills, the verified validated skills that you need to be a player in this area.

so this is one of the things we're working on, we put in an important technical and area rear technologies in the no child left behind. we're working on perkins act reauthorization do to do the same thing. higher eld act reauthorization we'll work on cte advances that will include cyber. in virginia the mcauliffe administration and i've got to mention that because my wife is his secretary of education my wife ann they're doing may yore work in the work force area to expand the cyber work force. the redesign of high school curriculum to include more cte and cyber courses. the effort to designate community colleges around the state as national centers of academic excellence and cyber tidewater community college down in ham ton roads just became the third virginia community college to receive that designation. we have to have both the federal and the private sector work force necessary to meet the challenge and some of that is going to be int gratly tied up with our work on perkins and

higher ed act reauthorization to promote this work force. in addition to the work force we just have to shore up our investments in technologies and platforms. i visited fire eye is one of the co-sponsors of today. they're a wonderful, powerful leader in this field in virginia. i visited their office in reston last fall and we had an extensive discussion about the problematic reliance of many federal agencies on unsecure systems that are legacy systems but they're unsecure because there hasn't been the dollars available to purchase the upgrades, to either make upgrades that can be made or to find new systems that would be more secure. and largely this has been because of the budgetary uncertainty sequester budgetary caps. so if we can find a path out of bca and sequester -- and i'm not talking about just for -- i am kind of a budget hawk. i do believe in the management of debt and deficit. i just don't believe you do it

by across the board caps. i think it that's foolish. i think you have to manage that through targeted strategies that involve both sides of the balance sheets, revenues and expenditures. but across the board reductions that hit accounts that are so important in the cyber world are very, very foolish given the need that's we have. so i'll just conclude and maybe take a couple of questions. the information sharing bill that we did was sort of in law we call it necessary but not sufficient. it was very important that we do that, and it was good to kind of have some discussion with folks working on this issue as the implementation is under way, companies are kind of starting to get used to the notion of sharing, companies are starting to get used to the notion that if they do share then they get helpful tips back about things they should, you know, prepare for or watch for. but there's a lot more of that to do and we hope that will rap p up. we have to talk about implementing it. but i do think these areas of further development of doctrine

grappling in the correct way with the privacy/security balance and then getting over some of these budgetary malpractices so that we can make the investments we need to do in people and systems are the next beyond information sharing issues that congress should tackle. with that, jim, i'm glad to take a few questions before i head up to my committee -- we have a committee hearing in foreign relations on the u.s./india relationship to prep for the visit. the u.s./india relationship, india does more military exercises with the united states than they do with any other nation. and the capacity for a good cyber partner, i mean, if you thought about somebody you would want as a cyber partner, india would be a fantastic part never. there's a lot in that situation so we'll be carrying forward this discussion up in the hearing room in a matter of minutes. but jim, i'll take a few questions. [ applause ] >> let me start. i'm going to cheat and call on my boss jon hammry to see -- since i know that doctrine is

dear to his heart, he and i fight about this all the time. >> well, first, senator, i thought it was a superb speech. thank youor for doing it. let me ask, rather, the hardest part we see is how do we get congress to get an integrated view on an issue that cuts across all of the committees? i mean, i think the hardest thing is we've seen efforts by different committees, but the stove pipe nature of committee jurisdiction seems to be blocking us getting an ind gr t integrated view. what can we do about that? >> that ace great question. ask the panelists the same question, too. i want to hear what they say. that is obviously an issue. look, we had an information sharing bill on the floor of the senate a year before and couldn't do it because the committees of jurisdiction, intel and judiciary were arguing with each other about, well, wait a minute, you put it on the floor it should have been us or we should have worked together. so the stove pipe effect hurts us and obviously we're not just talking about those committees.

you know, foreign relations and sask and the appropriators. it's very critical they be involved so this is a topic that cuts across domains. that's one of the reasons i like the warner/mccall approach because i think it will develop -- the idea of the commission and i think i read this right is it's not just about encryption. it's more of a look at digital security questions encryption is key but others as well from multidisciplinary stakeholders. so if we rush into being about a solution because of the apple/fbi case has grabbed everybody's attention as it should, we rush into being about the solution of that issue and we look at it narrow gauge. we'll almost certainly approach it in my view in kind of a siloed way that won't give it that integrated look that it needs. that's one of the reasons i like the warner/mccall approach. >> do you want to call them? >> yeah. introduce yourself, please, if you ask questions.

>> hi, i'm david smith of the guardian. what sort of relationship do you think you have at the moment with companies like apple and google? is it a bit too confrontational and do you think there's a way that you can mend that and cooperate with them? and secondly, if asked about would you like to be vice president, what would you say? >> well, i'm hoping nobody asks. now let me answer your first question. >> you can dodge that one. >> he said, if asked. i'm just hoping nobody asks. on that is it too confrontational, senator warner says this, mark's on intel, most of you know mark and i are really close, we've known each other in 35 years one of the virtues of being the two senators from virginia you do these xmeetds and i'll do those.

he's intel and banking and finance. i'm armed services, budget. they put me on the aging committee i don't know why just recently. but mark, his pitch on sort of fbi/apple is both sides are kind of claiming a moral superiority that is above their actual moral stature. so there is some tough rhetoric back and forth, and the apple/fbi case is the case that the law school professor would write it's got all of the features that the law school professor would write for the exam. and those features make it incredibly compelling for the fbi's case, you know, that it is a phone that was used by people who were actually carrying out attack connected with terrorism. it is a phone owned by the county that said, we give you permission to search it. so the facts kind of mill tate for the fbi's point of view. but when you dig into it, you really do get into even if you're strongly in support of the security imperatives, which

i am, the whole notion of, you know, getting into back doors into encrypted systems that could potentially chase users to other companies, to other technologies that would then end up hurting the law enforcement effort. so there isn't, you know, a complete white hat? black hat in this so i think that we can -- we should just diffuse that rhetoric and really grapple to the extent we can with nuances that will change. i mean, one of the things about this area is we are almost guaranteed in a solution we come up with to do a best effort and then still find the world changing around us and have to revisit it. but again, i would go back on your question about rhetoric to the point that john asked me. that's one of the reasons i like the warner/mccall approach. i think getting stake hoefrlds from different sides is more like think to gret congress do the informed thing rar than react to one really dramatic case and either miss elements or

kind of overcorrect. >> whoa, time for a couple more. maybe one more. how about that one right there. >> thank you. >> thank you, senator. my name is mark. my question is coming from a transatlantic perspective. what opportunities do you see to rebuild that trust or bridge that gulf that exists bween the united states and europe on cyber security, on data privacy? >> yeah. obviously, the trust was really damaged, again, at least facially, after the snowden publicity. some of the distrust was public pride of stations by people who are pretty aware of what was going on, but nevertheless that's real and there's a need to rebuild it. and again, the underlying issue was -- the revelations brought

to bear a spotlight on this issue of how do you balance the security and the privacy issues. you know, we look at some of these issues differently, but i think the gap between the u.s. analysis of these or our senseties to the privacy and security side and european sensibilities to the extent there's a gap i think that gap is closing pretty quickly because, you know, obviously and tragically european nations have had to deal with some very, very difficult situations in this space, terrorist attacks in not just europe obviously, not just paris and brussels but the sinai. we will know what we'll know about the egyptair flight. you know, i think as more nations are seeing the security versus privacy challenges in the same way that we are so i think that, as the security issues become more equal, some of

not necessarily that creates trust but it can kind of create a shared sense of mission for getting this right. even though i don't think they've answered the question, i mentioned earlier kind of the nato question we still have a ought of work to do to make this decision when would a cyberattack trigger a collective defense obligation. there is good work going on within nato. cybersecurity cooperation between nato allies and the united states. that's, i think, moved forward in an accelerated pace, that's probably helping. but sadly the security realities of the world are probably bringing all of our sensibilities a little bit closer together in terms of the urgency of answering some of these questions. >> how about one more on this side and we have to let the senator escape. how about this gentleman here. sorry. >> mike coming up the aisle.

>> adam powell with the southern california cybersecurity initiative. let's go back to the 15-person panel that's being proposed. might that be a way of addressing the stovepipe issue and might one of the outcomes be a renlation for a joint committee of some kind of the house and senate? >> possible. i think -- so everybody heard the question. it is possible that a solution might be some kind of a joint committee. you know, my -- i have proposed a similar joint committee on war powers questions, the war powers consultation act that senator mccain and i have been pitching to replace the war hours resolution of 1973 would establish a bicameraal, bipartisan consultation committee that would be -- permanent committee that would be in permanent dialogue with the executive over hot spots that could develop into needs for military action. and that could certainly be a possibility in this one, i think one of the things we'll want to

make sure, if i'm going to remember this right, i think the mccall warner proposal is 15 that sort of 8 by the house, eight by the senate, and one by the president. and i'm trying to remember if there are specified disciplines that need to be included. and i think it really is important to get that right because i want to make sure we've got the full group of stakeholders, privacy advocates, national security experts, business leaders, academics. you want to make sure you've got the full range of expertise around the table. but the larger issue that they're going to grapple with is not just encryption but digital security and if they would identify, and i wnt imagine they wouldn't, stovepiping as an on stack toll digital security then you would expect they would make recommendations to help us get over stovepiping. and stovepiping as you know it's not just an agency thing. it can be a congressional concern as well. and we've got to figure out ways to get by that. so that's a good thought for

what one of their charges could be, is structural reform both in the executive and legislature. you really have a good panel coming up. these are the real experts after me. thank you for letting me come and kick it off. i look forward to following and getting a readout on what the panel puts on the table and i look forward to continuing to work with csce, and thanks for including me today. [ applause ] >> truly insightful speech by the senator. if i could ask the panelists to come up now, we can go ahead and get started with round it. i'll take this one. this is an easy panel for me because so many of them are old friends that i was thinking if i introduce them the way i know them it will probably sound wrong. so let me introduce people quickly and we will have their bios on the website.

in the order they're on my list, andy grotto, senior director for cybersecurity policy at the national security council. we have two andys. they both have the same job, which is a little confusing. andy, before that he was the senior adviser for technology policy. secretary pritzker at commerce. he was very effective there, hearing from other people, including the secretary. and he of course was a professional staff member at ssci starting all this. after him we have kirsten duncan, house committee on homeland security. kirsten is pinch-hitting. for some reason the other speaker we had from the committee had to go to a meeting on tsa. i don't know what might have happened today that would call for secretary johnson to have an emergency meeting, but in any case, kirsten, we're really grateful for you being here and filling in. she handles cybersecurity infrastructure protection for chairman mccall. she works on cybersecurity and science and technology issues.

and most important for you in the room she was a pmf. which is the real seal of approval from the federal government. so thank you very much for filling in. andy ozment is currently the assistant secretary for cybersecurity and communications at dhs where he has, i didn't know this, a budget of more than 1 billion and 600 employees. that's like real money. right. and he's -- he leads the federal efforts to respond to cybersecurity incidents. and prior to that, he was also senior director for cybersecurity at the white house. and the thing you probably know andy best for in that role was e.o. -- the executive order on critical infrastructure protection that resulted in the nist framework. and he is that rarity in the discussions of cybersecurity,

someone with a ph.d. in computer science. so very rare. and finally, we have tom mcclellan, director national homeland security policy and government affairs at fireeye. many of you of course know tom from his previous work at nga, the national governors association where he helped really reorient that organization to think about s b cybersecurity. he led the resource center for state cyber security there and has worked in these issues as they relate to the state level and to cyber security and homeland security for a long time. so a great panel. what i told them we were going to talk about was cnap, the -- what's it called? >> cybersecurity national action program. >> how could i forget? and i have to admit when i saw this i thought gee, that's ambitious. that's kind of bold to do something this late in the administration. but as i look at it i think it might actually be something that

could work. we'll see. they have six months to deliver. firm deadlines are usually bad. this time it might be good. what i'm going to do is just go down the panel really quickly and ask people, what do they think of cnap, what do they think it ought to focus on and if you could take just five minutes or so and then you could lead to questions from the group and a few others. kirsten, i don't know if you wanted to start. >> sure. thank you for having me here. i appreciate it. let me begin by saying these are my words and mine alone, not representing others here. so cnap is a pretty interesting endeavor. i think reading it over again between -- looking at cyber -- well one of the things where i think -- i'm looking very forward to seeing is cyber incident response plan. that is something that was put into law several years ago. as you're probably aware,

chairman mccall has taken cybersecurity as an issue for the last several years. when i was work on the science committee i had the pleasure of working with him on the cyber enhancement act which codified this framework and the scholarship for service program. a couple of things we've already discussed here. also cementing sort of these workforce issues. getting engaged with the national science foundation. dhs uses the scholarship for service. that same year a number of other bills passed to authorize the nkick and to put force a workforce assessment for cybersecurity across the nhs and provide for more hiring authority at the dhs to make sure we can build up this cyber workforce. so i think cnap, we have the ability to build on a number of efforts that are already under way. i think one of the elements, as i mentioned, is the cyber incident response plan.

i look forward to seeing that. i think right now states and locals, we had a hearing back last month where a number of -- a fire chief, eye a. lieutenant with the police out in texas came and spoke with us and talked about their plans for cyber and talked about other training opportunities that they might be aware of for cyber incident response. we're doing another hearing today at 10:00 a.m. to sort of build on that state and local issue and i think that cyber incident response plan will help prepare all around. >> great. thank you. andy? >> so the cnap, the president announced it in the budget rollout february 9th. it caps more than seven years of determined effort by the administration to raise our cyber defenses, disrupt malicious activity in

cyberspace, and enhance our incident response capability. i thought i'd spend a couple of moments focused in particular on the sort of under the banner arrays of national defenses. there are sort of two pieces to that. one is sort of, you know, providing tools to the private sector and infrastructure to help them raise their defenses. second bucket under that is federal government cybersecurity. i want to focus for a minute on federal government cybersecurity because, a, it's really important. and b, does not get nearly the attention that i think it deserves in fora such as this. and last but not least, i thought senator kaine did a good job of teeing up some of the issues we're thinking about from a cybersecurity perspective. and also i know the president has asked the commission on enhancing national cybersecurity to look into it as well. so on the federal side this is where the connection to information sharing i think

really becomes clear. as you all know, this threat, you know, poses very unique challenges because many of the targets of malicious activity are in the private sector, be they critical infrastructure, be they financial information, be they health information. and that means that combating this threat requires this collaboration, both with the private sector with the government. with respect to information sharing, obviously, you know, with information sharing it's been a priority since the beginning of the administration focused initially on sort of intragovernmental sharing coming out of the cnci work. fast forward to december of last year and the cybersecurity bill finally passed. sort of surreal for me at least. i was actually deeply involved in the first -- one of the sort of beta versions of that bill when i was on the hill. title 7 of rockefeller,

lieberman, feinstein, collins legislation for those of you who remember that ancient history in 2013, or thereabouts. and since then, and this is another kind of point that senator kaine alluded to, passing the bill is just a step in the process toward building out our capabilities to both share more information with the private sector but also receive more information so that we can better understand the threat environment and in turn provide more support to the private sector and other entities. andy can get into this in a little more detail. but, you know, we're focused right now on deploying this capability called automated indicator sharing, aka the portal, for those of you who are familiar with that phrase. the -- we're finalizing clear and transparent guidelines for companies and individuals on how to share information through the

portal. the first draft of these went out a couple months ago. and andy's team is doing a tremendous job getting these materials finalized for public release, transition to the congress next month. i'll leave it to andy to elaborate on that. maybe i'll offer a couple of observations about how this debate on information sharing has evolved. at least in the six or so years that i've been involved. you go to 2011, 2012, i perceived at least, and i'm curious for y'all's reaction when we get to q&a, a pretty widespread sentiment among industry that info sharing was a silver bullet. that if only we could share more information with each other and the government would share more classified information with us we would be able to defend ourselves adequately from a full spectrum of cybersecurity threats. today i think that sentiment still exists in some quarters but i think there's a much finer appreciation within the

ecosystem that effective use of information has numerous critical dependencies. for example, you've got to know your network. pretty basic thing. but if you don't know your network how could you possibly put information to use? obviously, you have to know how to deploy information. you have to know which information to focus on and which is simply noise. today it seems to me that the main barriers to information sharing, if they were perceived as sort of like legal, liability issues, obviously the legislation has helped clear many of those away. so now we're left with barriers such as mainly business drivers. things like the cost of capability, the maturity of an entity's cybersecurity risk management program to be able to use information in a productive way. i think we're really seeing

this, and i think this will be a challenge that we will all need to collectively work on, both the government and our friends in the private sector, is trust. entities will not share information if they don't trust that the recipient of the information will use it responsibly, use it for the purposes that both sides agreed to, and the information will be protected from unauthorized use. so a big question in my mind is what can we in the government do to further build trust among the private sector that sharing information with the government is a worthwhile, important endeavor. i turn to andy for -- jim, if you don't mind me jumping tom, go to andy as a nice follow-up. >> is that okay, tom? >> go for it. just save me some comments. >> will do. will do. so i think it's useful to highlight where we are on the automated indicator sharing and

the implementation as andy, as the other andy pointed out. we're like a twin act here. andy and andy. we actually started this work in 2012. i had some very smart people on my team, one of whom is here in the audience, rich struse, who said we're going to need to share indicators in an automated way. there's no way we get the volume of information we need from the government to the private sector and back again unless we can standardize and automate this. so we had to have first standards. dhs led the development of two standards called sticks and taxi. and those two standards are what have enabled us to implement the legislation today. we started that work in 2012. we handed those standards over to a standards body oasis last year. so a normal industry standards consortium is now taking them forward. in 2014 we took those standards, we said all right, we've got to pilot this stuff. so we worked with the financial services sector and set up a pilot for sharing indicators back and forth. and it was very successful. so successful that the financial

services sector spun off a company to productize, to sell as a product the outcome of this pilot. and then of course we worked with the congress and with folks in this room to bring about the legislation. and i really thank the congress for the cybersecurity act of 2015. which gave private sector companies liability protection for sharing this information with the government. we formally -- the secretary formally certified our system as live on march 16th. and since then we've got about 30 entities right now, companies, federal agencies, state and local governments. part of that system, we're growing by a handful of companies every week. we've shared thousands of indicators to date. but obviously we're still in the early stages of that system. but it's working. it's live. and people are receiving value from it already. what i would say is my charge to you and the audience, is the only way we collectively succeed with this system is if we all

put information in and take advantage of the information that's in it. my message when i'm out talking to companies now is we built it, we've given you the tool that you've asked for, i need you to join, i need to you share back with us. that's really the next stage of where we are on the automated indicator sharing effort. with cnap, a brief additional comment, a lot of people are confused about dhs's role in government. and the analogy i've sort of settled on is i think of every cyberincident as being like an arson in the real world. and when you have an arson you want both a firefighter to be there, you want the firefighters there, and you want the cops there. we're the firefighters in that scenario. law enforcement has a hugely important role. fbi, secret service, hsi and all the other federal law enforcement arms. but you also want a firefighter there who's concerned with let's put out the fire and let's help you rebuild this building so it's more resistant to fire in the future. so we have is this role at dhs

and cyberincident response where we help victims, whether they're companies or the government, find the bad guy in their network, kick them off the network, and rebuild to be more secure. we are not law enforcement, although that's a hugely important role. our only customer is the victim, and our job is to make them more resistant to future attacks. as part of that i have a former firefighter on my team and i said how much time did you spend fighting fires on your job? he said almost, if you rounded it, we'd be about zero percent. i said okay, what did you spend your time on? he said our goal is for there not to be fires in the first place. and that's the same thing with dhs. in addition to doing this incident response we share information and we promulgate best practices to help companies and government agencies not have incidents in the first place. this automated indicator sharing is a key part of that. it's sharing the information that will prevent incidents from happening in the first place. >> great. my turn? >> yeah. >> great. >> first off jim and csis, thank you for having us here.

it's been a long time since seeing you but i know we go back quite a ways. i'm the private sector guy up here. i work with a company called fire eye. and we do incident response. you probably heard about us many times in the news. we also do services. kind of a big move. and it's an augmentation to the challenges out in the field with the challenges of workforce shortage and so forth. i'm also a late addition to the panel. i'm going to focus on cnap but also broader about some of the challenges with respect to information sharing. so just my background, i'll help you understand, i spent 16 years working on the state level with governors through the national governors association working on cybersecurity and cybercrime and so forth and also kind of was integral with the development as was andy on the development of the joint action plan for state and federal unity of effort. i come from a state policy background with this overlaid view of what the threat environment looks like.

i really have four opening comments with respect to both cnap and to the information sharing writ large. and the first is that in general the traditional approach that we've got in this country and elsewhere really isn't working all that well. and i think we really need to rethink our posture, we need to rethink our capabilities, and i think the cnap and the information sharing bill that's been passed really is a step in that right direction. but you've got to keep in mind that the adversaries are changing radically every day, every hour. so things like hygiene and firewalls. they're still important, but we've got to get more active. we've got to get more proactive. we have to get out in the networks and begin to hunt. and i think some of the steps that we've just seen, some of the bills that are going to help us get there, they're not going to get us all the way. there's another big step in terms of having a very proactive defense we're going to go out and hunt in our systems.

the second is i really view and have always viewed cybersecurity as a shared responsibility between states, locals, feds, the private sector, and ngos like the msi sack and some other groups that are out there right now. so when you look at the bills that have been pushed out there, cnap, cisa and so forth, one of the questions i have and having worked with states and governors and heard governor -- senator kaine, i worked with him when he was a governor. is that notion of what's the right missing between what the states are doing, what the locals are doing, what the feds are doing. it's not a criticism but just kind of observation that the cnap and the system, they're really kind of more focused on the federal level. and i do know that states and locals really want their own resources. they -- their needs are so esoteric with reblth to their networks, their critical

infrastructure. higher education is a tremendous target. health is a tremendous target. right now states don't have the resources that they really want. and i mean grants and dollars. people say what about the sisgap grant out there right now. it's been spoken for. so the states have resources they can draw through the federal level, through the msi sack, through a variety of things. but i do know states hunger to build up their own intrinsic capabilities. and the third thing i want to mention again is that privacy. privacy is paramount. and in this context what i mean by private isn't the right to be left alone. it's not the expectation of privacy but it's really that fair use of information. and so as companies begin to contribute to whether it's ais or some of the other sharing arrangements that are out there, they have to be very, very careful with respect to respecting the privacy insomuch of the fair use of the

information. a victim or victim company. and lastly i want to say that information sharing is a great goal but it is not enough. information sharing is a step in the right direction. and there are also some inherent challenges with sharing information. and the first is, and i think either one of the panelists or the governor or the senator mentioned it earlier, is the notion of the more information that's out there, the more noise you get for the same amount of signal. maybe get a little more signal. sought question is information has to be actionable that's being shared. so how you begin to take all the information when you're pulling in all these indicators to really kind of turn that into something that's actionable for the agency or for the individual or for the organization. and lastly with respect to the information sharing kind of thing is that notion of sometimes when you share information the bad guys know you're sharing information and they're going to change their ttps, their tactics, their techniques and their procedures. so that may also kind of push

the cycle faster. in and of itself, as a component of a larger strategy, information sharing is very good. our company, we just recently announced the development of -- or the launch of an information sharing network where we're sharing indicators of malware and atomic indicators. we certainly value that notion of sharing. but it's the end. what's next? >> when i look at cnap, five or six things kind of leaped out at me. as interesting. to kind of blast us out of the debate we've been having. since 2012. i can't do all the names, rockefeller, feinstein, collins and lieberman bill. boy, that is ancient history. >> five years ago. >> yeah, it seems like forever. so the five things i think that leap out are assurance, the emphasis on assurance and particularly it's interesting to look at some of the things that

might be done for internet of things. budget, manage services, the whole series of workforce efforts. and then maybe the rethinking of the nist framework. we may not have time to hit them all but i wanted to hit a couple right up front and see what the panelists thought. budget is always a good one in washington and the president's calling for 19 additional billion dollars. when's he going to spend it on? what do you think he should spend it on? anyone want to take first -- andy, that might go first to you. >> so yeah. so i mean one key element of the budget is this proposal that we offered last month for $3.1 billion information technology modernization fund. so taking a step back from cybersecurity, you really can't separate cybersecurity from i.t. acquisition and i.t. management. we don't do cybersecurity for its own sake. we do cybersecurity to support, you know, reliable i.t. and we use i.t. obviously to deliver mission and services to

our customers. and what the information technology mod urbanization fund is about, itmf for short, for shorthand, is, you know, we have a long list of legacy i.t. spread across the government. we can bubble wrap it. we can wrap it in duct tape. you know? these systems were not necessarily built with cybersecurity in mind, so what we are doing to protect them is kind of, you know, again, bubble wrap it and duct tape and what we're finding is in a lot of cases -- what we expect to find in many cases is that it is more cost effective both from an immediate budget perspective but also because today's legacy i.t. becomes -- we don't want -- potentially legacy i.t. in five, ten years. it's cheaper to replace it today than it is to keep bubble-wrapping it and duct-taping it. what the i.t. modernization fund does is provide a revolving fund

for agencies to basically identify systems that they have as eligible, potentially eligible for being replaced through this revolving fund. i think, you know, senator kaine mentioned -- i believe dr. amory as well mentioned the congressional angle here and how in particular -- the way we do i.t. budgeting, which affects cybersecurity budgeting. also has that same kind of congressional jurisdictional challenge that some of the more strategic issues that senator kaine discussed, meaning that one of the goals of cnap is to try to encourage and push and incentivize agencies to go to shared services because shared services are ultimately more efficient from a cost perspective but they're also easier to defend from a cybersecurity perspective. the challenge with that is, you know, right now each agency's i.t. budget for the most part is

authorized and appropriated in that agency stovepipe. sought real challenge for us is going to be working with congress to figure out how you actually get -- how you, you know, get to that -- get to that model of shared services. it's actually incidentally one of the challenges or questions that we've asked the president's cybercommission to look into, is this very question. >> i personally will be upset to see the government finally stop using windows 2000. but -- >> i know. it's a collector's item. we would just be missing out. >> we're using cobalt on some systems still. >> let's footstop. everyone hear that? they're still using cobalt. if you don't know what that is, we can explain later. talk about antiques. >> let me foot stop one point that andy made which is the i.t. modernization fund, the idea

here is, i'm running a legacy i.t. system. it costs me a lot of money to keep it running. and yet, congress is, you know, understandably reluctant to give me a pot of money to buy something new. they want me to have the same amount of money, run the old thing and replace it with something new and that doesn't work because when you're replacing a big system, you have to spend money to run the old one and build the new one and for some period of time you have to have essentially doubling the money. the idea hopefully is you end up with savings replacing the old one and for a period of time you have double the money and obviously an approximation. the fund is intended to bridge that. it will give agencies what will essentially be a loan to run -- while they pay for the old system with the current budget, it gives them a loan to build the new system and pay it back over time with the savings from having replaced that legacy system. that's a pretty novel approach to running things in the government from a budgetary perspective but i think it's a huge improvement and really the

only way we're going to be able to replace these legacy systems because there just isn't the money or the congressional will to fund us to run the old things even as we build new things. >> kirsten? >> from my perspective, i think following the passage of the cyber security act, watching how that is implemented, you know, our role and my role in oversight of that, not only the automated indicator sharing but also the growth and strengthening of tools like einstein and cdm. we haven't talked a ton about, you know, homeland security's role in securing federal networks or helping to secure federal networks arriving at tools to be readily available and one of the things the try to take on in the cybersecurity act was making sure that those tools are flexible, dynamic and can continue -- are not stagnant. we hear a lot that, you know, perimeter defense isn't only defense and i think watching

einstein, cdm grow, be implemented, what? the deadline is end of this year for everyone to be accessible in the federal government. right? so i think one of the things in cnap is to support those sort of activities. >> so -- but in terms of -- so from a budgetary perspective one of the things that my role, both -- prior to fire eye and now is really to educate state policy makers to rethink budgeting for cybersecurity, that it's not an opex or a capex where you're going out and buying things but you're buying infrastructure. when you look at the budgeting process for all of this, and, you know, the feds actually do a pretty good job about it for budgeting dollars for cyber. 12% to 15% of their overall i.t. budget. states are 2% or 3%. there's a number of reasons for that. so your question about budgeting is raising the awareness of are

we spending enough to buy down our risk one of the questions i would throw out to the andys is, you know, so as you buy these things, are you developing or buying? so the question is, you know, how do you leverage the private sector? how do you leverage some of the things that are already out there with respect to the development and the implementation of these new systems? because in terms of scale it's almost a defense industrial base for cybersecurity. you've got the big players out there that build ships and airplanes and they sell them and the question is how do you strengthen those types of partnerships and leverage things for cybersecurity in it represents a very different way of thinking about the relationship between the private sector, between states, between locals, between higher ed and so forth. >> that's a good bleed-in to managed services. let me start by saying i'm a big fan of managed services and i think the conversion experience for a lot of us was opm, where u