anglo-american cooperation in the last century have been when there is not only a close relationship between british and american leaders, but also the readiness could not -- to conduct a vigorous debate between them. that is that we have conducted ourselves, what being clear that in matters of intelligence, nuclear weapons, our diplomacy, a close alliance with the u.s. will remain indispensable to the united kingdom. we have also imparted a frank message when needed. in my first speech as shadow foreign secretary in washington in 2006, i argue that in standing up for the rule of law, we must be careful not to imply methods that undermine it, and the reports of prisoner abuse leading to the torture of suspects it resulted in a loss of good will to america. the conservative party fully supports the foreign policy initiatives so far enacted by

the obama administration. we are ready to work with our counterparts in washington. central to that work and the single most urgent priority in foreign policy when we come to government would be the american british and wider nato commitment in afghanistan. the conservative party supports the deployment of our armed forces in afghanistan. let me be clear that we are not in afghanistan to, for that country, but to bring about a situation where afghans can provide for their own security and livelihoods of not present a danger to the rest of the world. in consequence, we believe our political objective in afghanistan should be tightly drawn and regularly reviewed and that ever greater priority needs to be attached to the role of the afghan forces. currently only 10% of them are deployed in helmand, even though 40% of the fighting is there. nato forces cannot be in afghanistan for ever, but the acceleration of the training and buildup of the afghan army and other security forces would

mean time would work against the taliban instead of in their favor. alongside our priority to bring success to afghanistan will be the emphasis we give to working with our international allies and friends to help pakistan transform itself into a stable, prosperous, and democratic state, capable of controlling terrorist threats inside and outside its borders, committed to a secure afghanistan, and actively working to limit the extent of further nuclear proliferation. the multiplicity of british connections to pakistan, to hundreds of thousands of families, as well as pakistan's leaders, gives written a particular role in supporting pakistan does the democratic future. we will also see to buttress american efforts to give new impetus to the middle east peace process, emphasizing the need for a freeze on all israeli settlement activities and adherence to the principles by all palestinian leaders as essential prerequisite for successful negotiations.

will also continue the process i have begun on our own behalf two years ago of robust dialogue with syria, working to ensure towards playing a constructive role in the region and closer to a lasting peace deal with israel. the third bottle theme of conservative foreign policy is of pressing and beginning of alliances outside europe and north america, an approach which is vital to the maintenance of british influence in the world. on his visit to india in 2006, david cameron said he believed it was time for britain and india to forge a new special relationship, focusing particularly on fighting terrorism, protecting the environment, and globalization. india is also leading member of the commonwealth, an organization which has been neglected and undervalued under the labour government in britain. in last year's strategy documents, the only mention of the commonwealth was in the title.

it is extraordinary -- it is the unique network of 53 country spanning five continents with 35 of the world's population -- 3 favre% of the world's population. -- 35% of the world's population. a good example of how it could be used is to encourage to take a leading role in addressing state failure, like coordinating a future rehabilitation package for its former member, zimbabwe. if the commonwealth is not the only group of countries where rican recreate historic connections on a new, modern basis. i have long argued that britain should embark on the elevation of its links with many of the countries of the middle east and gulf, not only diplomatically but in matters of culture, education, commerce, and security. this should be done as a cross party initiative, pursued

consistently over many years. it is strategically vital to strengthen britain's links with many friendly muslim ages do muslim nations, and not only for political reasons. it is vital to make the most of opportunities to expand our trade and investment. it is this kind of strengthening with our allies as willy -- as well as dealing with potential threats. critics will say they do not conform to all of our own democratic and liberal values, but it is a vital part of understanding the world we are facing in the coming decades, that we will not be able to prescribe the form of government in all the countries with whom we need friendly relations. british leaders will always argue that democracy and freedom are the soundest basis for national security and international peace for other countries as well as our own, yet in foreign policy, idealism

must always be tempered with realism, even those countries like many of the gulf states which are making democratic reforms will do so at varying paces, and sometimes over an extended period. it is in our strategic national interest to have a strong relationship with china. relations with china are often characterized by tensions over human rights. our approach has always been to be consistent in raising such issues and not to shrink from debating them with chinese leaders. at the same time, if we believe that the spread of nuclear weapons and the urgency of dealing with climate change are the greatest threats to the future of humanity, we must acknowledge that we cannot hope to solve these problems without working closely with china's leaders. a conservative government will therefore promote sustained dialogue and close understanding with china and the relationship in which even when there is sharp disagreement, neither side

will walk away. it is similarly not in britain's national interest to be in permanent confrontation with russia, but a sustained improvement in those relations will require major effort on both sides. i made a criticism of the labor government with poor relations with russia, for a wide range of issues. improved relations have been impossible in recent years. britain must remain firm in its believe that countries such as georgia must be free to determine their future. the reset button pressed by hillary clinton provides the energy for improved relations between moscow and other western capitals. the perot -- the proliferation of nuclear weapons is an issue difficult to deal with without a working relationship with russia. it is within russia's national interest for such issues to be dealt with a.

with a conservative government, the door will be open to improve relations with russia. we shall see of a door opens in return. the fourth theme of conservative foreign policy is one in which across party consensus in britain is very strong. allowing international cooperation in the face of the threats i have outlined to be enhanced. this is true in the economic area, where the focus of economic decisionmaking clearly needs to ship war to body such as the g-20. it is true of the united nations on which the conservative party shares the view of the current government. we have no illusions about how difficult it will be to bring this about. the european union is also one of the institutions which much adapt to the changing distribution of world, economic,

and political ways. this is not a speech about european policy. our belief that the european union needs to focus on the issue of global competition, policy, and climate change is well known, as is our opposition to the great centralization of power as embodied in the lisbon treaty. we see the treaty as leading to institutional conflict within the eu, for instance, between the president and a high represented on foreign policy, and a loss of democratic decision making in nation states, a profound problem that the german constitutional court has raised in its recent decision on the list entry. institutional centralization will not supply and is even a displacement activity for what europe really needs to develop in world affairs, which is the political will to use its collective weight effectively and to focus on practical results. this is true of its relations with russia, but also starkly true of the situation in the

balkans, where the eu is often failing to exert itself effectively, even in relation to countries which many of us hope will one day be its members. there been any positive developments, but some of the countries of the western balkans, most notably bosnia, are still tilting unsteadily between their past and their future. a lack of persistent international focus on the region, until these countries are fully and irreversibly on the path to joining the eu and nato, determine the success -- could turn the successes of the last decade into the failure of this decade. a conservative government will sharpen european boat was on the balkans, which will see is a major test of what the you can accomplish in foreign affairs. within each military force in bosnia, a special representative with the executive powers and a

full-scale police mission, the eu has more leverage in bosnia than any other country. what will it say about the you if we will not -- about thateu if we do not act to stop this from happening? grand visions and ambitions are vague if the eu cannot demonstrate effectiveness in its common policies in its immediate neighborhood. we will check in such effectiveness. it is vital that the eu does not give up on enlargement. a europe that turns its back on turkey would have made an immense strategic error. it includes the updating of international treaties, of which the most important is the nuclear nonproliferation treaty, due for a major review conference in april and eight next year, possibly at the same

time as our general election. i have given to lectures on what needs to be done to strengthen the treaty and the powers of the international atomic energy agency. i have discussed this with the new u.s. administration. this may well be the main opportunity to fend off the nightmare vision of the effective collapse of the treaty and the rapid spread of nuclear weapons, a nightmare which would see the middle east, the world's most unstable region, festooned with the world's most destructive devices. in my view, the current british government have been slow to develop ideas and provide international leadership on the reform of the npt, leaving it until the end of their third term to push any determined initiative of their own. the future of this treaty requires the maximum possible effort to persuade or deter iran from developing nuclear weapons

capability. again, we have long argued for a new american opening to iran that has now been made, but also that it will need to be followed if unsuccessful by far tougher european economic measures to show iran that there is a serious price to is . -- a serious price to its defiance. securing such a policy is one of the highest possible priorities for whoever is the british foreign secretary at the end of this year and early next. the fifth and final theme of the conservative approach to foreign affairs is that faced with so many threats to our security, it is essential for us in britain to of hold our own highest values. i have accepted in this speech that our power to dictate to other countries how they should uphold democracy or human rights may actually diminish over time. in many ways, this makes it all

the more important for britain to be among those countries that sets an example that can be inspiring to people across the world who are denied liberty or power over their own lives, just as it may encourage in the right direction those who have that power. 200 years ago in his shortest speech, my hero, william pitt the younger, set in berlin has saved herself by her exertions. in the future, we have to recognize that if our exertions may not always have the desired effect, our example must never be absent. this means that a british government must always be an advocate for political freedom, human rights in their broadest sense, free trade and democratic decision making. we must always understand that terrorists who are motivated by contempt for our society will only be strengthened if we weaken the values that hold it together.

it is a consideration of huge importance we consider recent allegations of complicity in order. our values also include playing a role in the eradication of poverty and the spread of prosperity to less fortunate nations. we fully support president obama's vision of engagement in africa, by more than just the dollars we spend, but whether we are partners in building transformational change. we have to work at african country so that aid and investment are a force for economic growth and political stability, rather than a permanent lifeline that just helps the needy scrape by. our conscience and our common humanity dictate that we must help those at the mercy of disease, conflict, and poverty. that is why david cameron has reaffirmed our commitment to spending on eight by 2013. however, aid should not be the only driver of our policy towards africa. we must focus on good

governance and fostering democratic institutions that are the bedrock of more prosperous societies, and resolving the differences without resorting to guns. in this context, development along with the beckham diplomacy is one of the tools of conflict prevention and needs to be used more effectively. we would conscious that relatively small sums of money spent on conflict prevention and avert the need to spend vast sums on intervention or reconstruction aid and is in line with our moral as well as national security duties. an approach to foreign policy based on british values also means the work of organizations such as the british council will remain essential and that the foreign-language services of the bbc should always be promoted and defended. these organizations are not part of implementing our foreign policy, but they are an important part of britain's contribution to open is an understanding in world affairs. these are the foreign policy priorities that a new

conservative government would bring with it, a major change to our decision making, the nursing of the transatlantic alliance, the freshening and deepening of new relations beyond america and europe, a determination to assist the reform of international institutions and treaties, and the upholding of values and principles we hold dear here at home. my argument today has been that it will become more difficult over time for britain to exert on world affairs the influence which were used to, but not impossibly difficult to do so if we make the changes and selected the priorities of which i have spoken. to do so will be to ask -- act not only in our national interest, but in the enlightened interest to which i referred. we have responsibility to others as well as ourselves. britain will not disengage from trying to shake global events. in trying to create and maintain a more peaceful world, will always be at the forefront,

but we will soak position and prepare ourselves that if the skies darkened and use storms arise, we will be ready for them. thank you very much indeed. [applause] >> thank you very much for that quintet of priorities. we look forward to your questions and comments. >> if it could stand, and the microphone will come to you. please state your name and affiliation if you think it relevant. [unintelligible]

>> it does not imply either of those. we are skeptical, for reasons i have outlined about developing european defense regimens that do not duplicate nato. one of that test who will to achieve in this area is things like the development in the balkans. i was disappointed to hear all the discussion about withdrawing remaining european forces from bosnia, which i think is absolutely the wrong signal to send to the various entities involved at the moment. it signals a lack of commitment by the international community. our attitude will partly be determined by test cases such as

that, whether it is possible for your to add to its capabilities by having -- i think we will be guided by experience on that, but we will never be supportive of anything that undermines nato, that excessively duplicates nato, that threatens to undermine the strength of the trans-atlantic alliance. we start from a very skeptical position, but we want to see whether this works, and the balkans is going to be a test case. >> [unintelligible]

>> yes, we just call the debate in the house of commons last week. we discovered that would not vote the way they indicated they would in the past, so the government maintained its majority. and that today, we are dissatisfied with the extradition arrangements. we want to explore what needs to be done in this area. we are not at this stage of making a specific proposal. but clearly, we are not happy with the way it works at the moment. >> [unintelligible]

>> welcome cooperation. the new group and the european parliament has already secured the chairmanship of the internal market committee, an indication of some of the things that we will be able to do. our colleagues are people who were part of the solidarity movement who oppose communism, who helped to bring about democratic transformation in poland. some of the people sitting in the socialist group in the european parliament are among the supporters of communist regimes in the past. i do not think we take any lessons from the left in politics about who we should sit with, and we welcome that cooperation.

this is the party of president of poland, and we think this will certainly be successful and stand the test of time. >> what is your view of the benchmarks to gauge success in afghanistan? the agree that the dialogue with the taliban -- >> it depends on what you mean by the taliban, which of course is a term applied to many different groups and many different forces in afghanistan. i think it has always been part of our strategy to make sure that some of the people who have been fighting on the wrong side in the past cease to do so. that has always been the approach that local level and

must be the approach that the national level as well. i don't think we will see anything new or particularly controversial there. i think these benchmarks include the attainment of clear military objectives and particularly include the continued acceleration of the afghan army and the creation of an effective, non corrupt police force, clearly not an easy thing to do, as experience over the last few years has shown. the strategy has to contain within it -- has to provide for the knowledge that nato forces cannot be there forever. we would give a quarterly statement to parliament about our objectives in afghanistan, about whether we have attained, about the military situation there. we do not think there has been enough openness about that by the current government.

they have been a stronger position if they gave more regular, open reports to parliament and the nation about what is going on in afghanistan. we would take that approach. >> you mentioned the relationships with russia. [unintelligible] >> it is important to have diversification. that is understood by people promoted alternative pipeline routes now into europe. it is something we have to be much more conscious of in britain over the next decade then we have been over the last

10 or 20 years. we have left ourselves with a period of energy exposure, toward the necks of the end -- for the end of the next decade. we are did it dependent on some a bit in liquefied form, and long journeys overseas in a number of cases. we have to build that into our policies. that is part of what our national security council approach is designed to do. that means being able to have an excellent businesslike relationship with russia. that is a sort of thing we would want, which is difficult to obtain for the reasons i have described. european nations including britain having other supply as well. that is the common sense answer to that.

>> [unintelligible] >> it is a longstanding commitment that david cameron made when he stood for the leadership of the party. there is a consensus in british politics about it. we do not want to break that consensus. it would become a matter of immense controversy if any party were to do so, and i think it is right for us to continue with the commitment that he has made. after all, this is part of a very long-term commitments. it is true that our gross national income looks set to be smaller than it would be in 2013, so the absolute levels of expenditure in this regard will be smaller. but our commitment to help

developing world to implement policies on africa that i was describing earlier should not change as economic concessions or recoveries come and go. that is something david cameron feels very strongly about and the rest of the shadow cabinet supports him and feeling strongly about. we felt it right to restate that commitment for 2013 and beyond, notwithstanding the current economic situation. >> it seems that the elections will be held next year [unintelligible]

>> i do not think we should be reconsidering sanctions, in fact we all hope for some tightening of eu sanctions for european nations as well as britain. you are right that the effectiveness of such policies is in decline. their effectiveness will be much let's reject much less and another 10 or 20 years. at the moment, i do not think we have an alternative to those policies with regard to burma. my experience with meet people from burma who are in opposition to the regime there is that they do want us to maintain the u.k. and ease sanctions that we have on burma at the moment, and if possible, intensify them. i think we have to be predominately guided by them in that situation. they would seek relaxation or abandonment of sanctions as taking sudden pressure of the burmese regime, so that will not

be our approach unless the views of people in burma on the subject were radically to change. . . whose responsibilities include the commonwealth, yes, and even that is not clear. that is not to say they will only deal with the commonwealth,

but, yes, that is the designated duties of one of the ministers, and yet, a lot of good work has gone on with this. excellent work by my colleague who was here somewhere. he has really championed the idea of doing more with the commonwealth, and the central insight is that in a networked world, this is a remarkable network, and it is important to draft the notion that this is not an imperial idea anymore. britain is, of course, no longer in that position. the queen is there, but britain is one of many leading nations of the commonwealth, and in a networked world, this is one of the most remarkable networks that exists on the planet, and so, the example that i gave in my speech was about zimbabwe, and that is the kind of thing

that we have in mind. who is that playce? to help the people after robert mugabe is gone? the construction? the economic framework? security forces? a properly functioning democracy? the commonwealth nations are in a superb position to deliver that expertise. that is exactly the sort of thing the commonwealth should be doing and should be working on now, and the british government and others should be pushing that idea within the commonwealth, and in practical ideas like that where it comes up, the commonwealth is a tool to be picked up and use. not to be oversold, and i am not claiming it can be turned into some other international body, the eu, the international

nations, but there are some tasks that we can perform, and we will look for someone to perform those tasks -- some way to perform this task. >> [unintelligible] >> i will just refer you to the statement about the approach to china where i talked about the dialogue and close understanding. i talked about vigorous debate at times, but we have that, of course, with chinese leaders, but i talk about the importance of a strong relationship with china, particularly, on nuclear weapons, particularly on environment and climate change and in the economic area, and it was there in the speech i have just given. >> just one question. i saw at least one member and

some current members set up in your chair -- in their chairs the and -- and some current members sit up in their chairs. are you talking about resurrecting certain capacities that may have been lost in certain times and that may need to be rebuilt? >> i am mainly talking about the working relationships between the foreign office and the rest of the government. clearly, i see the foreign office and the form of his ministers in a leading role in the framework that i have outlined -- and the foreign ministers in a leading role in the framework that i have outlined. there is the last 12 years of labour and government. i think, therefore, -- the last

12 years of labour government. it may also be the with the foreign office works internally, and i think it has been through some difficult periods. there was a staff serve a two or three years ago that produce very negative results about whether people thought they were recognized or rewarded within the foreign office -- there was a staff survey two or three years ago. i do not want to come in with a blanket condemnation of what has been happening there, but i think it has been through a period of difficult morale, sometimes of low morale, and that is why i said the ministers that come in to be in charge of the foreign office need to ensure for the long term that it will be a great institution as well as to exercise the proper data influence and the government and across government

through that national security framework. >> thank you very much again. >> he spoke about the conservative policy at the international institute for strategic studies this summer in london. most recent polls show the conservative party in the league. with national elections expected next spring. you can watch this and more c- span programming on british politics by visiting our web site, c-span.org. [captions copyright national cable satellite corp. 2009] [captioning performed by national captioning institute] >> coming next, a discussion of government efforts to protect the internet, and then, we will show you a forum on how to improve a student's readiness for college. then, -- to improve student readiness for college.

then, education secretary arne duncan. military and foreign analysts look at the future and current capabilities of the russian military. live coverage from the hudson institute forum on c-span2. george mason university president -- university's president, alan merten, m&a, on c-span2. >> how is c-span funded? -- monday, on c-span2. >> donations. >> i do not know where contributions come from. >> how is c-span's funded? america's cable companies created c-span as a private business initiatives, no government m&a, no government money.

>> and now we did no government mandate, -- no government mandates, no government money -- no government mandate, no government money. >> and now, our program. >> good morning. good morning, everyone i m&a director -- good morning, everyone. i am a director. before i turn at our program over to our moderator, i have just a few brief announcements. first, i would like to recognize the sponsors of today's breakfast. we have six great companies with us today, and i would like to tell you a little bit about each of them. first, we have to light --

deloitte. next, another group where users can proactively identify and recover from a death threats. next, we have ibm, blue dogs clients develop value through greater efficiency, -- we have ibm, with clients developme values through greater efficiency. juniper enables a responsive and trusting environment for mission-critical programs.

another equips customers with a layered security defense, and last but not least, we have veracode, to manage applications' security risk. this includes internal and developed, purchase, outsourced, and other applications. -- purchased, outsourced, and other applications. if you have not already done so, please quiet yourself funds. -- please quiet yourself funds -- nor celyour cell phones. last but not least, if you know somebody who was not able to make it today, this event will be broadcast later today, and

with that said, i would like to turn the program over to the person who introduced today's panel. -- who will introduce today's panel. >> i am going to ask them to give us a few comments on how you feel we are doing, so to speak. >> first of all, i want to thank the opportunity to speak today. i am from the department of defense, specifically in the office of the assistant secretary for defense for networks and information integration. this is headed by another person.

my focus in that office is a program that has been ongoing now, a pilot program, for 1.5 orix two years, and it deals with the defense industrial base, cybersecurity. and so, you can see by the name there, it as an outreach to those companies that dod deals with in the private sector, and the effort is to collaborate with the company's on improving network security on the defense industrial base, on classified networks, and so, this effort is in a private stage.

this is a case in point where the department has taken this seriously and is working with those companies in the private sector, so i would say from the dod standpoint, we understand that there is the needs, and the collaboration has begun through this power -- pilot program. >> ok. jim? >> you want me to describe how i got into this? >> sure. >> it is easy. i was coming back from central america, and i worked for a guy named dick clark, who you probably have heard of, and he was walking down the hall, and i was walking down the other way, any estimate about programming, and he told me that he wanted me to go to the pez meeting, and i thought, what is that, candy? and since then, >>--

>> this is supposed to be about response, recovery. that was part of the title, and this is another dick clark story, and he gathered a group of people that he called the dirty minds project. the project was called "dreamliners," and its purpose was to figure out -- the project was called "dirty minds," and it was to figure out what people

would do. he had really great people, and he brought me along to observe, because i certainly was not in their league, but these are people understood how the network worked and where the vulnerability points were, so are was sitting there -- so i was sitting there. it turns out that it was not the problem. the way the united states -- the vulnerability points to the united states was not the technology. it was the idea that if the attackers did it in ways, and this is more true today than it was then, the attacker does it in ways rather than an attack. the defensive the near of the entire network infrastructure of the united states is one person's been but one person thin, -- the defense of the

entire network infrastructure of the united states is one person thin. we talk about automation in defense, but in the end, what has happened to cybersecurity is that it has ceased -- it has become a human capital issue, and we have completely missed the human capital part of it. it was said weeks ago that it was time to focus on the human capital side of this. >> well done. i m&a redskin fan born in texas, so i have an opinion on everything, and i am happy to be here with you today. we are in your debt for joining

us for breakfast. you are the ones on the front line for this important challenge, so it is critical that we support you as best we can, thanks for joining us this morning. i am retired from the united states air force. i spent over 30 years there. and i entered this field in the late 1980's as a part of the recognition of the technologies that are emerging, which opportunities that our nation needed to understand and begin to see both our vulnerabilities and the opportunities that existed in those technologies. thinking about that for some time, we divide the information assurance strategy, which emerged from there. i talked to dick clark everything he knows. -- ipods and dick clark everything he knows. -- i taught dick clark everything he knows. [laughter] i would like that to get back to

him. >> we have seen all sorts in the news about the electric grid being taken down. it is all over the news. is the threat increasing, or is aware and is increasing, or is it both? and what is driving that? we will start with you down there on the end. >> the framework for me is yes, yes, and no. yes, the threat is increasing, but, for the most part, it goes back 20 years -- is the threat increasing, or is the awareness increasing? we have come to understand the threat which is much more effective for all the technologies which industry and government have developed, so there is an emerging better understanding. the downside of all of this, in my view, that is simply the tip

of the iceberg, and so the no part of that is that we still have a total lack of understanding of the strategic context. so, yes, it's competency is increased -- its competency is increased. we are not coming anywhere near of understanding the strategic implications of the threat. >> what he said is exactly on target. there was an interview with pete rose or something. something was said that was very moving, and that is we are at a strategic point in warfare, not unlike the inflection point we

had in the 1940's and we understood that nuclear weapons were going to change warfare. we did not know exactly how, but we narrow it would. this is something they're using all of the time. it is not just whether people have their accreditations and certifications done. there was a letter from the head of mi5 to the head of the largest companies in england, where it said, "if you're doing business with china, your company computers are being attacked with the same techniques, these sophisticated techniques, that are being used against the military, and that is because npra has an economic mission as well as a military mission -- because the pra has

an economic mission as well as a military mission, so they are getting your playbook, and the people are negotiating with no more about what you're willing to do than you do, because they have all the background data." so this is not we are worried about the government. this is across the board. and you have heard about this industrial base. this is not because we are interested in it. it is because it is lost some of the most sense of information you have seen in our country, and the negligence is palpable. we are trying to make it better, but the losses are amazing. it is a strategic inflection point. >> so what is it, jim? tell us what to do. >> gee, that is a hard one. in answering your question, i will ignore alan's. what has really changed?

two things have changed. first, the opportunities have increased for the components. we are a target rich environment. sometimes in the last five for 10 years, the internet and the computers and the digital infrastructure went from being sort of an add on to a central pillar of how to govern and how we produce -- of how the government and how we produce, and they have been quick to pick up on that. there has been tremendous payoffs in productivity, economic growth. hopefully, those will be occur at some point in the future. at the same time, while we have been taking a manager the internet for economic reasons and for communications, we have created new vulnerabilities that people are not shy about exploiting. the other thing is that we have entered into, i do not know what you went to college, an international environment. we do have competitors.

we do have competitors and other nations. some are harder to identify, because they made the allies in certain situations. we are competing with them in a new way. conventional military forces may not be as important. we are in a new kind of strategic situation. even our technology has not adjusted to take into account, so we keep trying to shoehorn the cyber conflict into old boxes, and we are surprised it does not fit. we are not the only ones to do this. i was asked recently if there was a cyber race in space, and i said, "what does that mean? in a new laptop?" before we think of a new way to conceptualize this, we will always be running a little behind, and we are the most honorable. we are like the fastest kid in school, challenging everyone to a foot race.

-- we are like the fastest kid in school -- fattest kid. >> brian? >> this has exposed our networks, on the database is. -- on the databases. one of the ways to deal with the threat is to arrange an industry with companies that have the resources and are putting the effort to tackle this it as aggressively, and one way is to

raise awareness from companies big to small and so we can increase the security across the board, so i think a lot of it has got to do with capabilities in terms of detection, just capabilities inside industry in terms of some pretty advanced and some still just trying to catch up. >> great. >> before you leave this topic, just for this audience, if i were the view, i use the analogy of the iceberg. the unstructured threat on the tip of the iceberg. what we see with hackers and the denial of service. it tends to attract our attention.

the structure of the threat is the core of the iceberg caught. the structure threat is actually threatening the survival of your activity to do whatever needs to do, whereas the unstructured threat simply degraded and so on and so forth. then you should think of your investment in terms of dealing with it from the bottom up. rather than as a discussion from the top down. that will deny the operating sanctuary that the threat has today and will then begin to business success that you need to have. >> ken, what do you mean by " structured strech"? >> it is what the rest of us have talked about. -- what do you mean by "structured threat to it be? -- ."structured threat"?

this is opposed to the unstructured, which is typically treated in the news, because that is where we have spent most of our time the last 10 or 15 years, investing in technologies. >> how do you manage the risk? which is what really comes down to? i will for that to all of you in case there is someone who wants to jump in there. ok. >> there was some work done at state by a man named john.

he has built a risk index so that he can measure improvement. i think you're going to move forward, you have to have numerical measures that are reliable and that can be i--- meaning, if you do them, in matters, as opposed to and nobody gives a hoot, and john more than anybody else has figured this out, not perfectly, and he is the first guy to say not perfectly, and this is how you measure it, and the grassie shows of the reduction of risk in the embassies around the room is really amazing. so if you are looking for a model for where we go -- and it shows the reduction of risk. i think this is something we can build on as a government.

we are basically saying, "do everything you want. >> if i remember correctly, that was based on the consensus guidelines. >> yes. they took the work that n.s.a. had done first of what the most important controls were, that if you do not do these, you ought to get fired, is the way i describe it. these are the things that matter. if you take the whole amounts of pages, if you take the 140 they say our top priority, it is still hundreds and hundreds of pages. this says 20, but it is probably 50 or 60 controls that the guys to understand offense, the defense, the cyber crime center, the people understand how the attacks are done, they have agreed on the ones that have to be done first, because if you do not, the structure of threat would kill you, so those are the ones, and what john did is the

figure that out to measure and monitor, and what he got was when he did the measurements, organizations reached out to fix it. usually, you are shoving people and beating them out on the head, but by having a reliable metrics and sharing that everyone is doing across all of the embassies, he got the embassies to fix it without having to beat them over the head. it is a way to beat them over the heads, but the way john does it as you do, he looks for heroes' rather than looking for catching games. -- he looks for he rose -- he rose -- heroes rather than looking for gotcha games. >> when you wake up in the morning, you are not secure, so we are not avoiding this activity, to use the term "avoiding the risk." the suggestion here is that we

are never secure. you have to get on the other side of that line in order to have a set of activities. in that case, everybody in the company wakes up thinking security, not just the security person. it starts with the president. it starts with the ceo, the office chief, but we all wake up with that on our minds. then, the question is, how do you want to create the conduct of way of doing those analysis so we can figure out what we're going to do? so if you like sports analogies, we are going to play soccer, not football. we are all playing offense and defense. we are not all just defense in this, and all of the technologies to and all of the technologies that are going to occur are designed port -- for us to play on that field. >> brian? >> a good enough effort to secure their networks, and what

we have tried to do on the program we are on now is try to -- it does have to have the attention of not just the cio's or others and it company but the leadership, so from the beginning of a program at the deputy secretary of defense level, he has met with the ceo's of companies in several sessions, so the idea is at the top level, there are sensitized to this issue, and that then helps make this something that is able to be integrated across corporations as opposed to just in a security niche off to

itself, and that is the key, and it is thought of as part of the overall program, not just something that is added on as an afterthought. >> that is a key challenge. coordination with industry. i was quite to jump to this a little later, but i think this was a huge factor. industry, my impression is that really wants to work with government on that, but there are some challenges associated with that. does government regulate industry? is industry setting itself up to be held accountable in certain circumstances. is information protected? so how does the government corning with industry, a partner with industry, in a true sense. anyone?

>> i have already told you that i am a texas redskins fan. how do you turned as vulnerabilities into shared opportunities? and you do that by creating a relationship where that shared opportunity is where industry can go in there and provide you with product, services, and technologies that deal with those, abilities, and we share that, and so, the federal part of that in my view is to set up the standards, whatever is necessary so that as industry comes in, they blend into the infrastructure but add new

technologies, products, and services, so the role of the government is not to build product, or to make those standards but to create specifications. separately, there has to be an authentication process by which i can certify that what i am getting meets the criteria that the product, service, or technology that has been built says that it will do. there is a shared opportunity, and then, lastly, if it is all global, stupid, it is not just american. so all of the good work that everybody at this table is doing to create alliances that deal with that are important, so in making those shared vulnerability is, the role of the government is to create building codes and standards. is the assumption here is as we want to talk about, we want to

work and the bottom of the iceberg, we are not building them that way right now. >> does government need to regulate how they protect themselves? >> remember what i said, i said government can establish the specifications. there is no regulation issue. there is a shared vulnerability that needs to be a shared opportunity, and the certification process, it just has to perform. we may need different levels of authentication, an industry finds its way on that model based on whatever the mission essentials things are. >> absolutely.

there is a microphone right behind you. >> i was going to say that. in this discussion, i cannot resist. many people view industry as the bad, you guys who are sitting on their octopuses -- tuckuses. there is an awful lot of work going on now as we sit here today collaborative laid between industry and government. the people who are of the network operators are fighting this 24/7, 365 days a year, and generally, it supports mission critical activities and is resilience. there is a lot more we can do, but i just want to offer and asked the panel, there is a lot that is being done now. what do you see as the role of government from your perspective in facilitating the collaboration so the recognize there is a common mission here

in improving national, homelands, and economic security, and we are in this together. there is the prevailing majority, the critical infrastructure, and yet is not treated as a full partner at either the strategic level, or the tactical level in how we deal with this issue. >> we can have a good fight here. we are fighting every day. we are fighting, and we are losing, said that is what we have to ask. we have a bunch of games in 46 year-old to play soccer. maybe we can do better as a nation. i do not know. but there are some problems that are just too hard for america to solve these days because they are tied up with personal interests and ideology. it will take us a long time to work through this, and if you want a parallel, look at health care. we are at a serious disadvantage as a nation because we spend twice as much as any other.

you are not going to be competitive if you are not innovative. we are not want to be able to fix that. it is just too hard for our political system. the other parts, too, is getting back to this idea. we have sort of a foxhole mentality. if you're a soldier, you would say that my foxhall is secure, and i do not care about the other is. we do not want to overestimate the threat. we are not unique. how do i work with industry in a way that it's a socially good outcome? it is just point to be hard to

do. -- in a way that is a socially good outcome? in the mid-1990s, in the second clinton and administration, we had this notion that we would set up these things, and information sharing would be a way to cooperate, and this is where the ownership of the infrastructure came out, and we are still working on that model from the late clinton administration, and maybe it is time for a new model. >> alan? >> i think there is a tiny spark that might need blowing on to make a fire, but i think there is a tiny spark to a new partnership, which is along the lines of what ken was talking about, which is that the

government has knowledge and it does not share very well about what the actual threat level is. it has its own team. in a certain knowledge that only one other organization in the world has, which is visa, because they clean up after all the major attacks on the credit card companies, but they are at the center of excellence that does not get into product, and what if they were to change this for the products we buy and the services we by on a continuing basis?

there is knowledge about the attack. if you do not have something to fix it, it is time to fix your product instead of whining about not being invited to the table, said this is a moment where there is a lot of spark. they are saying maybe they know enough to buy this intelligently, and when you talk to be really smart people in industry, the release smart ones who have the technical -- be really smart ones who have the technical and other -- the really smart ones, that is the only way you will solve this problem. you have to drive us to deliver the secure product. >> ok. frank? >> information with respect to

the threat. this can be used by companies in terms of improving security across their enterprise, and at the same time, we were part of this program the first time because we are in day 24/7 world. it is the dod that is the focal point for defense. they are the front door for industry and also coordinate, so we have got one organization that pulls it together. but at the same time, reporting coming in from industry is the end going back out to the broader industry, so people are

seeing quickly what is happening to other companies, so this is a formal process that is under way, and it is something that the company's -- companies ask for, and we have shaped this to accommodate them. in terms of getting information, that is a key part of what they wanted, and that is how we have tried to shake this. i think we will have a better perspective of what is happening at this point in time, so if something happens, you're going to get indication of it pretty rapidly, and you need to be able to do that rapidly in a very correct -- quick time frame. otherwise, you're going to find yourself on the short end of the

stick. >> you know, a related question and something that is -- coordination touches on that. so much is classified. they cannot access the intermission federal government and has and, therefore, cannot do their jobs. how do we necessarily deal with that? ken, i will start with you, because from where you come from, you have dealt with this.

>> bob makes a great point. they are on the front lines every day. nobody knows more about the threat and industry as commissure, they can do some morning around the sharing of industry -- nobody knows more about the threat than the industry does. -- an industry does. -- than industry does. to use the analogy of the cold war and nuclear weapons, we had norbeck, which was a north american -- we had norad. we do not have the north american view of our vulnerabilities from an industry perspective and reporting that would go into an entity like that. having said that, there is no

question that the government needs to share more about emerging capabilities, the classified peace that deals with the emerging capabilities and was responsible for those. they need to share that in a broader context than it does now. i think that you're starting to see some movement, and i would change the nation of the discussion from need to know, which is what you started out with, and change it to a need to share, so in the very beginning, there needs to be the definition of what information this room thinks needs to be shared with industry, and from the very beginning of the classification process, it would document that, to me, that is a two-way street. >> you know, what some people would call in other contexts the csi effect. people see the show. the show this case is probably "24."

they assume there is this huge pot of knowledge, right, that is not being shared with them. police chiefs from big cities or something. they say the same thing. the u.s., the federal government, knows huge things that it is not sharing with them, and that is not the case, right? one thing we need to do is we need to work through and say there is no one size fits all. there is no such thing as the federal government, right? it is these different agencies, and what dhs knows and others know is different. they are not giving you the information from nhs. hello? we may want to sit down and think what it is we need to share and with whom. what you tell the big phone companies and the big service providers, the i.s.p.'s, that is one set of information. what might have to go to the local information, that might be another said.

the defense industrial base needs another, -- that might be another set. we have not done that yet. i think we are moving in that direction, so i think there is some good news there. the stuff that alan talked about is a good place. what is the threat you are facing? what is the profile? what is the likely attack? and if we can get that sort of specificity for the network, defenders, that is really great. you know, on the political side, because i see this as a political problem to a large extent, and we do not have the political formula for solving cybersecurity, and the formula on the hill -- where were talking about this before. when you talk to congressman, is like, "get out of my way. what are you bothering me with this cybersecurity nonsense?" after they had the briefing,

they were, "is it safe to do on- line banking?" part of what we need to do it as a government is start to think what is the information that we need to get to which set of customers to make them do better. >> this has been in the news quite a bit. we see quite a bit of infighting, which is a terrible words, but is there enough -- which is a terrible word, but is there enough sharing? this touches and several groups.

brian, why did you not start us off? >> i mentioned that the dod cyber crime is the operational focal point, so it was part of their efforts, under the national cyber crime initiative, and they are interfacing on a daily basis with the u.s. -- the n.s.a., the dod, a law- enforcement peace. -- the law enforcement piece. what is happening inside dod is also factored in, so that goes on on a day-to-day basis, and, obviously, you have got

different agencies, different departments working. we have made this effort work, so from the output going to the defense industrial base is an effort, a private, that is coordinated across the government. similarly, what is coming in from industry, those are also being shared with department of homeland security and other agencies, so i think, here, it is working. like i said, it is a challenge for the director of their on a day-to-day basis to work through the issues, because if we are going to share with industry -- is a challenge for the director over there on a day-to-day basis.

this process is working, and i think it is what people would expect to see from the government in terms of a coordinated effort. >> all right, great. alan, i know i've spoken to you about the role of dhs with coordination of sadr response and a lot of the cybersecurity issues. are they on track? would you say? i know they have had some leadership changes. >> they have that four phenomenal steps forward and one it huge step backward. great people went there. bruce, greg, and some others, but michelle is leaving, and that is a problem. >> michelle and u.s.

cdert, -- cert. >> they gave it to an organization that had no knowledge about the threat and no access to knowledge about the threat. and that is a huge national error, and as we start to think about that -- >> i was just laughing. as we start to think about what we did wrong, it is not just dhs or n.s.a.. i think the coordination between those two agencies is exactly what the nation needs to bring to have that knowledge brought to the fore. we have to fix that. either they have to change their people or they have to change what the agency is responsible,

because you cannot have somebody who does not know how to build a building setting building standards. you just cannot. >> why not? >> well, you might have a holey and government. >> i agree with the general sense that this whole sharing issue is under control, people are doing the right thing, it is turning in the right direction. you can always find a direction that you are not happy with, but it does not characterize the whole. the idea that it should shift from sharing it to integration. just like we turalked about earlier. the next front to cross is integrating all of that, and we are held back. these are done in the sense that

they will work out. they do good things, and they are smart, so i am ok with that, but the notion of integrating that is the next frontier for us to talk about. that has implications on the federal and private and public sides, and it has implications for all the things you will be doing in this room, because you, essentially, will be leading that due to what goes into what you do, but integration, in my mind, should be the next discussion point. >> and that is largely a technology challenge, is it not? i know that they worked for a long time in their own little silos. >> is processes and technologies. you have to envision yourself in the concept of operations or something where what you do has to integrate with others. there is the process. and then, you need a process to allow that integration to occur. >> now, and a president obama as

well as d.h.'s has been talking about an official coordinated cyber response. that is one of the things that obama announced not so long ago. i know under the bush administration, we had cyber storm. we had cyber storm two. they have done several simulated cyber attacks and have asked both industry and government to respond, so how should this be different? when did we miss in the efforts that really needs to change and this plan that they are trying to put together now? and, let's see. who will we start with? alan, why do we not start with you? >> let me start this differently, and what i would do is use the answer for the previous question and just reformat it. coordination is going better in government, right? we all know that.

that is good. the problem we have is what if the people we are pitted against do not think like us? and what if they do not work like us? so what if they are doing things -- we have people, and are cooperating well. it is better than it used to be, right? but what if the guys we are approaching -- what i see is a weakness in this is this is a new kind of fight. here we are. we are talking about national security. we are dragging in state and commerce. these all have an important role in this, and this is where we are not thinking, one, how to coordinate that, and, two, how to drag them into the exercises we have done. the way we are attacked by our opponents may not be the kind of scenarios that we have used in

the previous exercises, and so, one of the things we need to do is step back and say, "if i wrote was chinese -- i am just one to pick on china now -- if i was chinese, and i woke up in a bad mood, and i said, "i want to kick those north koreans or the u.s. or russia" that is what i would say. how do we realize this as a bigger, strategic problem. >> in cyber storm and a cyber storm two, whether vulnerabilities were they targeting in that case? do you know? was anybody involved in a cyber star africa? ok. >> the attacks were fundamentally standard attacks, meaning that you have a ddot attacke. you have a problem with data. you have a problem with the systems down. they have been compromed