in other cases, contractors were found overbilling the government with markups ranging from 2300% to 12,000% for good and services. this is a course of action that cannot and must not continue. i hope this congress, led by this committee, can accept the commission's recommendations and put measures in place necessary to showhow do we make the case h those folks who are saying, here you go again? he wants to spend additional resources. he wants to spend additional money. what do we say to them? >> we say to them, you will save a lot more than you will spend.

you just mentioned it yourself. we are talking about not just $900 items. we are talking about fraud with payments to protection payments and protection rackets in afghanistan that some estimates put over $350 million. our report documents case after case of projects in the millions and sometimes in the billions. if you weigh the small amounts of money you are talking about against the huge amounts, it is a no-brainer. >> the commissioner spent lots of time on chapter three. captain 3 dealt with the intention that -- chapter 3 dealt with the contention that contracting deals with more contacting.

we limited him to 40 cases. it could have been many more. you read that and you do not go through the argument that you are presenting. >> if i could just add to that, this is the perfect time to be making these sorts of investments. as we are looking at the department of defense and the state department and how they can best positioned themselves for the future with your resources, this is the perfect time to set, we can make investments and we can reallocate some of our resources to prevent this waste and get a better return on the best we make. i would argue, this is the time to be making these sorts of reallocation decisions. >> i thank the chairman for his kind remarks. i assure him that his editing

improved the product. the good stuff is in our report. if we had the personnel and a limited amount of money and more personnel, we could save a lot of money. we have died contracts that come to an end. we should complete them right then. -- we have had contracts that have come to an end. because we did not have the personnel to compete now, that that extended on a sole source basis of a -- got extended on a sole source basis. >> thank you. i see that my time is expired. >> thank you for the long and tedious work you have done.

the section you have in the chapter 7 is interesting to me, complexity and suspensions and debarments. couple of questions i had on that. when you are dealing with the suspension environment, are you dealing with foreign contractors, u.s. contractors, or both? >> we are dealing with both. we did not deal with domestic non-war contractors. we wanted strong reforms, but for overseas contract thing. techniques that reduce the amount of procedure. we are not trying to impose them on domestic, non-wartime contract and. >> recommendations on how to be able to resolve that. that is not just an issue we deal with in contingency operations.

we deal with that government wide, how often they are used and how they are applied? are there recommendations coming out of that as well? >> there are several. in appropriate cases, it should be suspended and debarred without holding a mini-trial domestically. we have seen cases where it is impossible to get witnesses domestically to do a suspension trial. >> with your permission, sir? >> yes. >> when i served on the committee, i was stunned by the white we -- the rights we give contractors when they worked for the government. it took us years to adjust what we paid them when they should be paid.

if private business wants to engage a contractor, they are limited by the contract. they do not have privileges before them. we give privileges during, before, and after a contract. this committee needs to examine, in times of war, should we be giving contractor so many rights and privileges that can drag out the decision for one year. what the government agencies decided to do was that it is not wait -- it is not worth it to wait a year to resolve it. we will just get rid of them. >> when there was a sole source and you saw a need for a suspension and debarment, were you saying we are -- they are essential? how do we get around that? is there a matter of we do not have enough competition or is it something governmental and we are outsourcing the

contractor's? >> it is all of those things. the lack of organic capacity. there is limited competition among contractors. there is limited oversight capacity among the government and the inspectors general. that is why these recommendations are all a pack is. it is important to put all of these things together to solve a problem -- that is why all of these recommendations are a package. >> you remember the september 2009 in this and at thinkable embassy with the partners part -- at the embassy with tea partiers embarrassing us. they said we are bringing in our own people to provide security. that contractor stayed there 18 months after that incident still

in place, still billing the government and still operating. that is unacceptable. >> have they been debarred since then? was there a process in place where there would be no future contracts? >> i believe this was a low bid contract and the government was required to have low bid contracts for security for embassies. >> you have a contract for human trafficking. that is a stark comment that some of the things being done in iraq and afghanistan is being done by slave labor. how extensive do you think that is? >> we understand it is quite extensive. they bring people in and hold onto their passports and lock

them up as prisoners. it is virtually slave labor. >> the united states government and the people on the ground are aware of that? >> everybody is aware of it after our report. a lot of people were aware of it before our report. to get to the point about suspension and debarrment, what are we going to do? bring these people in? we need to suspend these people. they are not even americans, for god's ssake. >> there is a lot more to this story that anybody has confronted. >> i recommend -- i recognize the gentleman from massachusetts. >> thank you, mr. chairman. we could be here for a week. you have done a great job and that is what we ask you to do.

first of all, thank you for continuing the argument on the special inspector general. i am tried to convince my friend the chairman that his name would be valuable as a sponsor on that bill. this person would be able to cross different agencies. that is essential. the other thing is, lessons learned. we failed to learn the lessons of iraq when we set up another body in afghanistan. a contingency inspector general would be able to go in with that knowledge and those lessons learned and would have a repository of those maintained. i think that is important. don't you? >> i agree with that. that person would be in place at the outset. >> if that person is smart, they would use that person to set up. he made a point about the organizational restructuring

that needs to happen at the department of state. part of that means giving value to those positions. people go into those positions thinking, that as bookkeeping, accounting -- accounting, and overseeing. we have to find a way to give value to those positions. it is an important position to have if it is going to save us money. we are looking forward to your work on that define that how we can work with congress and change that factor. if we try to do too much, as the congressman said, and we cannot manage or oversee its, maybe we should rethink the mission. that is a lot of what is going on here, whether we should be there or not or be there in the way we are. it should be dictated on what our capacity is and the ability to do it right. we ran into this on the wartime risk-management that we were

dealing with the other day. we recommended debarrment as a result of our our investigation. we find that at the second amendment -- the second hearing that, not so much. they could not do trucking contract and they were not doing them any more anyway. the war lord got off on a flimsy notion that he did not know what the people were talking about during the investigation. we have a lot of work to do to make sure there is accountability and competition and the whole notion of food and oil. the idea that we have not done a good job legally in getting contracts that are many faults. if you have a situation like we did in the trucking matter where there is no inside and no vision -- contracting for a bunch of middlemen who did not have security agents and we did not retain the right to look at

those subcontractors or to get any of relation with respect to them. that is a notion you were helpful in pointing out. thank you and kudos in all of those areas. my question is about sustainability. what does congress have to do to make sure we do not invest in projects that cannot be sustained by the host government? >> i will respond to that because it relates to your point on the mission. sustainability is important enough. it is a chapter in this report. we also have an entirely separate report on that. we make the point that you should be cancelled a project that will not be sustainable. that is something that can happen right now. we recommend you go in and it died with the project we are putting money in right now and canceled -- and evaluate the projects we are putting money in right now and can do once we cannot sustain. >> we also recommended -- and

this is central to your concerns -- and your reports about the whole contingency contract area. that would give you a vehicle for double taking -- double checking sustainability. you have an opportunity at the single year to catch them. >> thank you. >> what is stunning to us is the number of ways we have determined. many think it is close to $60 billion. we think the non-sustainability question will equal the $30 billion. it is another about we need to add to our waste figure. can i respond to the special i.g. point you are making?

you are in the best position to see this. you know sometimes the armed services committee, because of it relationship they have with the military, is not looking at things they need to look at. sometimes the international foreign affairs committee of congress is not going to get at something -- you know you need to look at because of the relation they have. develop's relationships. there are certain things they are willing to do and certain things they are not willing to do. for a lot of them, it is a club. they do not want to defend the department they are in here -- not want to offend the department they are in. we did not look at something i wanted to look at.

my staff did not want to look at it. the armed services look at it and it was a huge issue. thank goodness they looked at it. sometimes we look at issues they did not look at. i think the chairman is in the best position to see the value of this. >> the department of defense, the inspector general, they have a full plate without contingency operations. they have a full plate all the time with the money they are in charge of. contingency operations is a whole different ball game. >> one of the things we learned in our work -- the state department set up a middle east regional office to do work overseas because they had such a demands for it. three years later, they get a preview to see how their audit quality was. it was not good and they had to stand it down. they do not let well to unique circumstances. >> one last comment to make.

this committee should consider using our members well. each one will want to tackle one of the recommendations to see if we need to translate that into legislation and if we need to do follow-up with the agency so that this is not one project that sits on the shelf. it fit squarely in the over arching part of this and gave us something nonpartisan that we could work on together that i think would be a great notion that a great example for congress three. >> i recognize the gentleman from michigan for five minutes. >> thank you. we thank you for the work that you did do.

we trust that it will have beneficial outcomes. along with the cost and the problems with the contracts, while they are in operation, the general accounting office just released a report in september documenting that at least 58,000 contracts awarded between 2003 and 2010 need to be review and closed out. they waste millions of dollars as an improper payments, waste and fraud. they become impossible to detect and recoup. aisles are lost and memories fade and contractors disappear. let me ask this question. how important our time the contract closeouts to prevent

waste, fraud, and abuse? >> if you not close oua money spe. yg people needs to be done in the weave en c interest of this country and its taxpayers and politics do not enter into it. >> politics do enter into it. they do. you can come to the house and watched some of our debates. often, we seem to know the cost of everything in value of nothing. the estimate of loss is $31 billion to $60 billion. why such a wide array?

how much would you attribute to lost money indigenously? you hire local trucking companies and they take off with a cargo? >> we applied a broad definition of ways to look at opportunity cost, how much money spent on other things. we include in our definition excess of requirements that were not adjusted afterwards. we include work that was acquired on poorly done jobs, pork projects that did not fit the local cultures or low -- poor projects that did not fit the local cultures or local politics. we include questionable payments to contractors and questionable oversight. as was mentioned earlier, we do not include sustainment costs. why such a wide range? you cannot do a bottom up study

of this because we do not have enough information on this. we do not have enough information to build a bottom-up number. we found a lot of examples that are in chapter 3. the top down estimate is insufficient. if he wants to do a proper estimate -- our number is 10% to 20% of $206 billion -- if you want to have all the parameters you could not do it because it would not capture the individual projects. that one does not work either because of the point you made. we do not know how much has been siphoned off by all of these

crooks. is hard to get to. it goes to something the commission is concerned about, this ability over subcontracts. those are the people who are paying these crooks off. you saw on page 73 of our report, we show a bill that the commissioner and i were given a copy of but when we were way -- copy of when we were in afghanistan. they say, if you want protection, here is the number to call. it is like something out of hbo. >> one of the things that extended the a ray of waste is it changed from iraq to afghanistan. in 2008 when you set us up and sent us out, iraq was the big contract in problem. the problems are different. you have to pay off protection to insurgents in afghanistan. the commissioners were looking

at that and they led the way. you have a country that is so cannot sustain what they are building when we are gone. we have a new set of problem. >> thank you. i recognize the gentleman from idaho for five minutes. >> thank you. i find your comments to be fascinating and i want to explore it a little bit. we are doing to and much. could you elaborate on that a little bit. >> there was a dialogue that took place among the members. at first we thought, we have to manage these contractors better. if we manage them better, we will not have ways. then we realized that it was more than that.

if we could not manage them better, maybe we should not do as much because we cannot manage them. then we began to realize that, even if you can manage them, we began to see so many things happening. when you have a wonderful contract in afghanistan that cost $18 million doing agricultural work and the federal government decides they are going to decrease the program to 315 million --

>> it was by opening to see what we are doing and what we are trying to accomplish their and the money we are wasting. i can see why you are angry and every member of this panel is angry. this is not just, we are mismanaging. we are wasting the money of the american people. i am frustrated. i get frustrated when i hear from members on my side of the aisle that we cannot do anything about fraud, waste, and abuse in its military we should look at the other areas but we cannot manage. we are doing too much.

which of the specific recommendations hits at the heart of your concerns. >> we have tried in our report to start to have people accountable. the dual-headed person who would have to be approved by the senate. that person in charge of this

are going to -- is going to feel responsible for say, we are doing too much, we have to waste money and i will have to take the hit. >> your hope is that these people say we are doing too much. it seems that we are doing nothing, at least on our side. we are doing nothing to tell the military or other agencies that we are doing too much in these areas. >> i think this committee is a little more willing to look at d.o.d. in a fresh way and say you are also part of the mix. i am not quite addressing the answer. >> if i could just add one thing to this that might be helpful, i think our present fiscal situation is helpful in this regard. the fiscal situation the country

finds itself in today is different from it was 10 years ago. we cannot afford to undertake the range of missions now that we could 10 years ago. this kind of question, whether we should engage in it at all, whether it is contractors or organically, will be preceded by the question of whether we should undertake it at all given the state of our finances now. >> thank you for your answers and your work and thank you for being here. i wish i would see that more in members of this congress. i see too members -- too many members in this congress who say we should give the military a pass. we could do much by making small changes. >> i now recognize the gentleman from vermont. >> thank you for your work and we appreciate the cooperation

and the remarks of my colleagues. mr. shays, welcome to you and all of the contractors. you have done a great job and it is refreshing to have content that we can put our arms around and find common ground to get something done. was up but would prefer to get something constructive done. you have established a platform. the general comment is if we assign this huge job like he wore in iraq or afghanistan to the military and they have limited resources, contract allows the illusion that there is the capacity that does not exist. all we have to do is throw money at the problem. obviously, it does not work. the bill discipline has to be what it is that we expect and what assignment we impose on the

military and whether we are going to address the capacity question/. it will result in failure the matter how much of the site we have. getting that pile up water from here up through pakistan through afghanistan, attorneys you have taken many times to that forward operating base. whatever has to be done by the military to get that bottle of water to our soldier on that " would operating base, they are going to do and deal with all of the chaos and the mismanagement and wasted money afterwards. understandable, but that is not our problem. thank you for focusing on that. on a couple of specific questions coming up -- we are transitioning in iraq. among the tasks we will be asking the state department to do our activities traditionally

done by the military and seen by most of us as a governmental function. they will be serving as a quick reaction force to rescue hostages or to respond to attacks on the road. does the omb guidance applied to the state department and its contractors? >> yes, it does. the devil is in the details on how they interpret the words in the guidance. the question is what agencies do with that guidance. the state will perhaps argue to you that we do not do, that what that we do not support d.o.d. who does combat. that is all well and good, but it leads to the conclusion that the embassy in kabul is like it

and where and can be guarded by contractors. >> what about combat security in afghanistan? would that be appropriate for contractors under the new guidance. >> security operations as part of a larger integrated armed force. it seems to me they are in direct support of combat operations. >> i want to thank each and everyone of you. >> one thing is getting lost

that we do not want to get lost. inherently governmental means the government should do it. it is not inherently governmental does not mean the government should not do it. we look at risk. if the risk is high, we would be leaning toward suggesting that a government do it. what is disconcerting about ambassador kennedy's response is that d.o.d. is leaving iraq. they are transferring their responsibility to state and state is saying, we are doing it but it is not inherently governmental. they do not want to appear that they are not abiding by the law. >> that all of you. i look forward to being a lieutenant for you and the ranking member.

we have a good committee. >> i now recognize the former chairman of this committee for five minutes. >> good seeing you again, buddy. wish you were back. i have just one question and any of you can answer this. i was on the foreign affairs committee so i apologize. you said there should be some kind of a commission to oversee these issues. it seems to me that that seems like another layer of bureaucracy that we have to deal with. if the people who are supposed to review these contracts and what toper waste, fraud, and abuse and there is a buddy-buddy relationship, it seems we should

get rid of them and replace them with somebody who is not biased in any way. to come up with another layer of bureaucracy to oversee the ones who may be buddy buddy with the contractors does not make sense, especially when we have these fiscal problems. we are not talking about a lot of money. these things have a way of mushrooming. i would just like to get your comment on that. if we had commissioners like you who talked about specific problems where they are not policing agencies properly we could make the request that that person be replaced and there would not relationship you are talking about. i would like to get your comment on whether we should have this new layer of bureaucracy. >> i will take a shot at that. i think what the commissioner

was referring to is the in thedual i.g.'s agency's getting too close to the management of those agencies. what we saw in the contingency operations is there a month the agency labor. it is not just one agency that is spending money. across the government, there are 70 agency's spending money in afghanistan right now. what we are looking for is not another layer as much as an individual authority we would replace the special inspector general for iraq. we would replace the special inspector general for afghanistan. those offices have done some good work that the individual agencies were not able to do because they did not have the authority. it is meant to be and it efficient way to look at the

money that the u.s. government is spending in these contingencies. >> mr. chairman, that is the only question i had. thank you very much. >> i recognize the gentleman from illinois for five minutes. >> thank you. it's good to see you and to note that you are involved in public and press and public service activities. i want to thank you and other members of the commission would be tremendous work you have done. looking at this report affirms for me a lot of things i had bought but did not necessarily have the information or the data to go on. i thought it. then when i read it, i said, yes, that is kind of the way it

is. that is how difficult it is. i thought of some societies and some communities and some nearby live in different places throughout the world. there is a say, it hit by a supper, -- sucker, bump his head. that is the way the culture evolves. there are lots of people who become involved in one way or another who see business an opportunity, -- and opportunity and feed from the the trough -- from the trough. my question becomes whether or not this has been seen as

policy, that we hire if we are in different countries and we have war taking place -- do we hire all lobbies contractors as a way of mollifying some of the elements that might be there that makes it possible that we can function and operate. >> we do have policies as you describe them. they are called iraqi first and afghanistan first. you can hire locally. it is wanting to hire locals and another thing to flood a country with money. when you are putting as much money into afghanistan or virtually as much as its entire domestic projects, you have a

problem. there is money coming out of the trees as far as the afghans are concerned. lesson number what is maybe you should look more carefully about -- at how much a country can of sort. if you are going to have people who will not be alienated by your presence, supervise them. that is what we highlighted in the commission report. whatever circumstances in the united states in the peacetime, when you are involved in a contingency and you are using local subcontractors, the united states government should be able to look at their books. their books are not clean, we should be able to throw them out. >> what he said is exactly right about the afghan contractors and

the iraqi contractors. you find in our report recommendations to have stronger controls over foreign contractors because the kuwaiti contractors, they took us to the cleaners. it should have been american businesses if someone was going to go in wartime. there were small kuwaiti businesses that grew to a large size. public warehouses have been a diamond with the press has estimated that to settle the case would cost -- public warehouses, where the press has estimated that to settle the case would cost $124 million. the kuwaitis took us to the cleaners. in our report to augment that, i would say we want the ability to

look at all foreign contracts, not just the ones in theater but kuwaitis and anybody else, anybody lu is doing business with the denial -- which the united states. they should be able to be audited. >> thank you. >> i now recognize mr. murphy of connecticut for five minutes. >> thank you. congressman shays, i want to thank you for your work on this committee. we see some concrete proposals before us. it is not often the committee gets to see this kind about it for good, forward-looking work. i want to build on the representative's question about sustainability. is key. i am so glad you focused on this

issue. your suggestion is a pretty radical suggestion. your first bullet point says essentially what you have already repeat it. we should have examined current projects for risk of sustainment failure and take actions to cancel or we design these programs. he pointed out that in the next year, we will spend $13 billion in the building up security forces along. the total revenue coming into the afghan government is $2 billion. that is not enough to cover 1/6 of the expenses of the security investment alone. there is a lot of hope for some long-term new revenue sources related to mineral production. that is a long-term buy in the sky prognosis. -- pie in the sky prognosis.

what are you recommending here? the suggestion that you cut off all programs that cannot sustain themselves is perhaps a recommendation to stop funding the buildup of the afghan national security forces. it is a prescription to end support for a lot of the main core missions we have been doing here. the other side of this is just to admit that the american taxpayer is on the look for a lot longer than we are. that is the of this side of this. you have to have a clear understanding that we are going to be into paying for particulars for security forces much longer than the american public may understand. i am tried to get my hands wrapped around how radical a recommendation is the idea that we should end projects that are not sustainable. >> why don't i start? your analysis is right on. a lot of these projects cannot

be sustained. absent continued american investment. either the united states government continues to undertake these projects if we conclude that they are not essential to our national security and we have to stand down. >> when the government can respond, it will respond. if we focus carefully on these projects and decide that we do need them, as we need to train the afghan forces, we can cut these projects down to size. that is what the general is doing.

>> it is a tremendously insightful question. we cannot just eliminate everything that we think they cannot sustain. we have to reduce the amount or the size of projects to save our capability to sustain them in the future. >> let me go to one specific issue you raised. there was a particular point made by our commanders in the field in terms of building out support amongst the community. you raise an important point. there is a different analysis on whether it is important for the here and now in building local support and what it can be sustained in the long run. the recommendations on how better to control key usage of the funds because this will be a major debate.

i would be interested to see if there are specific recommendations to make sure sustainability is part of the commander's approval process. willingness to's say, we can do that. give us the resources to do that. even if it is not their core mission. it was on the order of $180 million in seized iraqi assets. we are by a generator complex for $240 million. look at the capacity of the agencies who should be doing those things. they have the mission. they do not have the money. d.o.d. has the money and the ability to send forces to go and do that. look at the existing agency who might be doing that mission if they were more fully staffed.

don't let things get out of control. no one thought it would be used to be a de facto development program, a long way from $100 per door and $300 for the -- $300 billion for a power plant in kandahar. >> we ask a question of different agencies, have you all come together to talk about the military timeline? the development timeline they are trying to work on is much longer. we got no answer back from the agency, are you working together to bring the knowledge to the resources that we need to to get done the mission. it is clearly something that we found that was one of those missions when you throw more money at it and it will be

fixed whether that is or is not the case. >> i recognize the gentlewoman five minutes.o for >> i recognize my good friend and former colleague christopher shays. just yesterday, the bill we worked on went into effect for the victim's compensation fund. thank you for your service in so many areas. i compliment you on this report. you make a number of recommendations that i think are important. so many reports come back to us and they never say what you should do. you are clear in your recommendations to increase competition. in your written testimony, you decry the fact that even after a 8 years in iraq, there are contracts-- 8 years in iraq,

there are contracts that have never been completed. lost inre $60 billion dollar waste, fraud, and abuse. some of these contractors are being treated like they are too big to fail. on the thigh to services committee, we passed legislation to end -- on the financial-services committee, we passed legislation to end too big to fail. we cannot afford it. there are huge contracts for items that are easy to produce and get to the troops. fuel, logistical support. these are things that i think many of my constituents in new york, and probably was in connecticut, would like the opportunity to bid to provide

these services. you have some recommendations. mr. chairman, let's start implementing. some of these contracts to see if we can lower the cost to the american taxpayer. there were a sole source contracts. when we bid them competitively to the lowest responsible bidder, it saved literally hundreds of billions of dollars with the city of new york. in the federal government, where it says you are spending $200 billion in contracts along on logistics, we could save a lot of money. this has been the jurisdiction of this committee. my question to you is, is there any understanding of how much this would save in the taxpayer money if we were able to competitively bid them?

how difficult is it? we have people moving food and fuel all of the country. why not let other taxpayers have a chance to bid to see if they can abide it at a lower price, probably more efficiently and effectively. i agree with your report that it is ridiculous to give these sole source contracts. once you get it, you had it for life. that is not the american way. in afghanistan and iraq, we should be watching every dollar. i agree with the commissioner who says these contracts should go to an american company. we should be providing these companies and growing american jobs. my question is, have you done any studies on what would happen if we competitive lead -- competitively bid on the cost of

fuel? >> i will ask my fellow commission to respond to this question. he will give you a good answer. >> i will start by saying there is a great bipartisan tradition about competition on this committee. this is the committee that wrote the competition in contacting act, which is still the central lodestar in the contract thing. >> when we are looking to save dollars, there is absolutely no reason why we cannot read did all these contracts and save the taxpayers money. >> we need to figure:% of the amount of money that could be saved. -- 11% as the amount of money

that could be saved. among the particular things that concerned us, loopholes and the competition and contracting act, the logistics contract in afghanistan, the one that is hold but only to companies, they have a 5-yearlong contract. >> when you say logistics, does that include fuel and food? >> it is not both commodities, but it is the dining halls. the preparation of the fruit. the providing of the food to the troops. -- the preparation of the food. the providing of the food to the troops. >> what about importing the food? >> that is separate.

>> because the agency says it does not have the personnel to compete it -- complete in three years. which is absurd. >> i agree that it is absurd. i think this committee could direct the personnel be shifted of the there said that we could compete it. are there other contracts that we could compete and see if there are savings? it is ridiculous to give a sole source in the situation. >> [inaudible] what was most disconcerting for

us was when you start the process, he will have to deal with one contractor. after you are into the second and third gear, then we wanted to see a lot more competition. we had evolved. there is a lot more competition. the sole source is not the rule, it is the exception. it seems to be the exception on the bigger the dollar items. just to provide some perspective. >> why don't we change that, commissioner? this commission could direct to competitively bid the larger contracts. i believe you would save money by the billions. we are in a financial crisis. >> we were concerned that they allowed to continue. we voiced our concern. we do not have the cloud that you all have. -- clout that you all have.

looking at worry have had success, seeing where we have not yet -- >> to stop it when you try to make these changes? -- whose stops it when you try to make these changes? >> we are at war and so be it. >> thank you. we will start a second round. if you want to come back, i will recognize you again. i would like to recognize myself for a couple of follow ups and then we will be close to it the end. there is something dramatically wrong -- at the department of defense. we have been doing this for a long time. we talked about we do not want to offend people and they get too cozy in their relationships, i want to go a little bit deeper. maybe you can start to, what specifically do we need to do get them to work?

i do not buy be answered that it is always more money. they have hundreds of billions of dollars at the department of defense. the numbers are absolutely staggering. i know you have a whole report, what else can we do to get these chargeddo what they are to do? >> first of all, we need to fill the vacancies that exist with regards to the statutory ig's. we need to make sure that those of three or effectively resource. they have the necessary resources, money, so they can hire the people with the requisite expertise. this is another example where our present economic state is helpful.

we also believe that it is critical that there also be a special inspector general position for a number of reasons. that person might have entered agency jurisdiction. -- enter agency jurisdiction. that special inspector general would focus specifically on contingency operations. all these recommendations are a complete package. we have to do all this at the same time. it would save the government money ultimately. >> i would like to add a different perspective. et al. modification. -- a little modification. we clearly support the need for the oversight. i would also argue that better management would help a lot. you would not need as much oversight if you could get the

better management. because of that, we have recommended new positions be created in the executive branch to realize that managing contractors and managing contracts and deciding whether or not to use the contractor work force is something that is part and parcel of a court mission. it is not -- a core mission. it is not the back office, administrative, business, let them take care of it, it needs to also be incorporated into management. >> the obama administration is about to see a major surge in contractors. 5500 private security contractors. aren't we putting a little bit of a shell game? are they prepared to do with what is going to happen in less than 90 days? >> are recommendations were that they need to pay more attention to getting those contractors in place and overseeing their operations.

>> we have been following this closely for time -- for some time. it is fair to say that we are very worried. we think there needs to be oversight. >> what are those worries? >> the war is a very simple. what is going to happen? -- the warriors are very simple. what is going to happen? some contractors go after somebody they think is shooting at them. there is a mob scene. the contractors are killed. everything's been out of control. it is a nightmare. when you have 17,000 of them as you say, you are asking for trouble. they cannot hire these people, they cannot train them. >> if you are a contractor in iraq, who is your commander-in- chief? who do they report to? >> in theory, they are reporting to the embassy.

the deputy chief of mission and the ambassador is not going to be managing operations. you have got to have people accompanying them, government civilians will keep an eye on them and ensure that nothing untoward happens. without that, we are simply asking for trouble. it is going to happen. >> when everybody takes the blame, nobody is responsible. i get that " right? let's talk about these 5500 security contracts. the was ultimately responsible for those people? -- cote is ultimately responsible for these people? secretary of state? >> in theory, it is the ambassador. >> a legal point here, it there is a giant loophole as far as legal accountability, as part -- as far as security people for doing something like this. the current statute clearly it

covers up the military who are outside the united states. the contacting industry has taken the position that that statute does not apply to state department contractors. we recommended that we did we are not the first comic goes back to 2007. we recommend -- we recommended -- and we are not the first, this goes back to 2007. the people there cannot be criminally prosecuted even if they committed homicide. >> one of the things that the state department did that made a lot of sense of years ago, we had contractors providing security for state. we had problems. the state been put in charge an agent, one of their own agents,

in charge of every convoy and so on. the amount of incidences were reduced significantly. they cannot do this to the extent now. they are being asked to do something that i do not know how they will do it. they are being passed to do what the military did. my complaint is that they are not in the knowledge and that it is something that the government should do. by not big knowledge in it, you are not putting the information that you need to say, we have got a very serious problem. they are saying, none of this is inherently governmental. that is simply wrong. they're asking people to do something they should not be doing. >> this is one of the big concerns that we have. we can see it coming and we know it is about to happen. we're playing a little bit of a shell game.

i truly do worry. we do have an upcoming hearing about the transition, and we will continue to provide more information trade i would like to recognize the gentleman from new york. -- a gentleman from new york. >> i do have questions. if we are in these countries, i think we should bring our men and women home, you say that in the contract, they do not adjust for the ability to competitively bid in the future. should the impact on future competition be factored into decisions about how the design the initial contract? should we do a contract from the beginning that requires competitive abating in another year? would that help -- competitive bidding in another year?

how hard is that? i could even run at the food, the logistics. >> i think it will be the rule, but there will be some exceptions. >> in the beginning, but you could put some time frames on it. in your testimony, you argue that the wartime environment brings tremendous additional complications. the same rules apply yet whether an agency is bidding for laundry service. the same basic rules. did these additional complications suggest the need for special contacting regulations tailored to the wartime environment. >> yes. >> do you see any reason why we could not take, for example, a food contract. why can we take the food contract and competitively bid it?

>> we support that during much. -- we support back very much. the current practice has not only ben -- has not only been that they automatically get option year. we found no serious review of decisions whether to give the fourth year or the fifth year. the extension contract, $3 billion level example, is sole source to the contract in for the previous five years. the contract was extended.

ae could very well put t contract strategy in place that would not let that happen. >> let's go over what the contract strategy would be. first of all, it would be to make a list, advertise, and make a list of 10 qualified bidders. these are people providing services and the united states. you have a qualified list. let the qualified list bid on the contracts. the lowest bidder would win. i would bet my right arm that we would save billions of dollars under that scenario. is there any way to improve that road map? >> i would say that to they are providing -- they may be providing food, but they are providing it in an area where

the logistics requires them to have some unique capabilities. we would not always advocated lowest bidder. we would want the low bid. >> lowest responsible bidder. >> exactly. i would feel terrible leaving and acted like, providing food in afghanistan and iraq is the same as providing it summer alps. it is not. >> commissioner, -- somewhere else. it is not. >> do you believe that other american companies are not capable of providing translation logistics, fuel? >> you and i do not have a basic disagreement. i just want to qualify your comment to make sure we realize there are some unique parts to this otherwise -- i think the

commission would look foolish making an assumption. >> i would like to do things and not just talk. could we see if the commission could take one area of these $3 billion contracts, probably the simplest but the less complication, and go forward and see if we could competitively bid it? >> we no longer exist and we ended our work in september. we are on to new things. >> congratulations on your report. >> thank you. >> i recognize the chairman of the committee. >> i want to follow up on what i heard. professor, commissioner, obviously, there is bipartisan support for reform. isn't there a bigger problem that when americans or not

americans under the m american umbrella operate overseas, we do not have a uniform standard today, period. our military men and women have one standard. our state department covered employees have another. our contractors have yet another. we could go into a couple of other the three victims. in any reform we do, not just closing the loophole, not just assuring that a contractor who violates law overseas can be held accountable, should we also try to have a uniform presentation of what an american or an agent of america would expect in a foreign nation while doing the bidding of the american people? >> on the main aspect of what you are saying, that is exactly right. this patchwork system has been

moved one way one time, and other direction. yes, there is no uniformity and consistency. let me mention it -- >> it was a rhetorical question to get you to go forward. >> thank you. what but we want to put a patch on a particular hole right now? right now, there is no immunity justice for the security personnel in iraq? and they have this attitude, they will be controlled, prosecuted, they are under american law. >> they could be court-martialed for not paying their just debts. >> given a choice, i would much rather be in civil court than

court-martialed. what is going to happen if there are incidents involving these civilian security contractors for the state department, is that we will have this choice. we can either lead iraki -- let iraqi justice proceed or we can hustle them out of the country. >> good point. i want to follow on one last question. you have made the point of some funding those people from dod to state if that allows us to have this governmental job be done by trained, experienced, prepared government people to understand the rules of engagement and can make such

adjustments. if you could elaborate a little bit on -- let's assume for a moment that that is a model not just in one country where we agree to remove our uniformed armed services -- service, but taken to all of burk -- all other hot spots. how could we did that in a way that protected that status that normally the uniformed military has to the state department? >> as a gesture from my colleague, it is -- as you just heard from my colleague -- for my colleague, it is complicated. we have been speaking as a commission. >> wants a commission, always a commission. >> we are still living with the

1883 civil service act. it is crazy. one of the problems we face is that we simply have not updated the role of civilians and the 21st century. your concern as part of that. we ought to be able to have some in uniform code of civilian justice. that applies to all civilians, wherever they are serving, whoever they are serving. once you do that, it becomes a lot easier to augment the state department or any other agency. we have a patch work and nothing more. >> you have seen dod in your two roles. these are active-duty military personnel who would like a military liaison officer would

run a garrison out of uniform, but still active duty military. that is the only instant fix we would have the eye could see for replacing -- that i could see for replacing dod in our current situation. do you see any way for us to dot the i or turn a circle into a box. i am concerned that another square in iraq could turn into a real problem for the state department. the question is, are these military or federal employees who have the full faith in somebody in the chain of command or is it to " you hired a bad

contractor and now we have to deal with that"? it is a question of we will be responsible for those people even if they are contractors. how will we ensure that all the way to the secretary of state and president, there is some accountability for an army that is larger than most units i served in in the army myself? >> mr. chairman, there has to be a way to figure out along the continue one of indices, there are some that are low threat, low risk, some that are medium. as long as the management controls are in place for contracted security, and they are trained and certified contractors, there is this idea about a third-party certification. that makes a lot of sense. another idea is do not require the state department -- they

must choose low price, low bid to contracts. given the ability to say, i want to do best value security in that high risk circumstance. when it gets beyond high risk and it gets into combat, that is the province of the military. they have to be able to figure out without subordinating state or making it -- nobody wants that. there needs to be a way to operate a separate agencies recognize the gate guards who were attacked on september 13, the issue this policy died on september 12 that says, security and compact, here is a list of other ideas. the day after the embassy was under attack for six hours, and seven people were killed, if that is not combat, i do not know what is.

they have to be able to figure out to operate more seamlessly for us to have an effective foreign policy apparatus. >> in the other youth -- any other guidance you could give this on something we could legislate? >> i would just add something on this question. there are other train security forces to about the civilian side of the u.s. government. one of things we saw in looking at iraq and afghanistan is that the rest of the civilian government was not participating in a way that we thought was useful. for what is a common u.s. policy. >> thank you. >> i think the commissioner ray is a lot of good points. it is very different. i am not questioning the standard, but what happens when we had a net multi million dollar contractor fact is

exclusive provider of a potential -- of a service that is needed. say there is some serious abuses that were alleged against some of the providers. what happens when there are some serious abuses? who is accountable and dad? -- in that? >> say you have a contractor providing an essential service. there are serious abuses that become international outcries. who is responsible? and the contractor or how do you handle it? in certain cases, that they said, we are private contractors and nobody was accountable.

>> we have the guards who work aboard an off-duty, -- cavorting off-duty, ultimately, they besmirched the reputation of the united states. that is the very definition of high risk. we do not want to have our foreign policy at risk because of the way a low bid contractor performs in a combat zone. >> thank you, mr. chairman. >> again, on behalf of the committee, thank you for your great work. a lot of talent and work and effort going into this. >> thank you, mr. chairman. i want to jump in just for a second and say, the general

public wanted the military to be the tip of this year. -- spear. it does mean that you cannot go to work -- this commission is not besmirching the fact that we have contractors. that was by design. what is of concern is that the qdr hardly makes mention of the fact that we depend on contractors, we need to integrate them. we are saying that we think we're over dependent on contractors. that is another issue. we clearly understand that we have them and we need them. my colleague made this reference to the fact of the concern about the number of civilians. the fact is, we have a huge number of military, a huge number of contractors, and that

was released on the bottle low level of civilians, government employees. there is such a difference. i became even more stunned -- we have to entice civilians, civil servants, i mean, to go thereby doubling their salary, giving them hardship pay, overseas pay, over time. it is amazing the number of employees who make twice what they made year. that is an issue and we did not really address. what do we do to get more civil servants taking a role in that area? if i could get the attention of -- mr. chairman, i want to say to you, in closing, thank you for your opening words.

i want to thank you for your concern about this very issue. i appreciated the work you have done. reaching out to the republican side to establish this commission. my co-chairmen did a terrific job. he encountered a huge serious illness in his family that caused him to pay great attention to that. he lost family members, he missed both hearings because of being with family at a time of some great grievance. he did not have the opportunity to prevent -- present here. i want to be on record saying how much we value his work. and then to say that i have never had such an easy job being

a co-chairman. i worked with such a strong group of people. in conclusion, i think congress for giving me the opportunity, the speaker for giving me the opportunity, and mitch mcconnell for being -- for allowing me to be the co-chair as well. >> thank you, but i did note that you got an upgrade. >> i found myself gone there, but i thought i'd better back off. we do have one criticism of this committee. we had a very fine counsel, the next thing we knew, he decided to raise the status of his position and work for this committee. we miss them. >> we do not pay a lot, but we offer a long-term employment. something your commission could not. thank you. blogs thank you again. the committee stands ed -- >>

thank you again. the committee stands adjourned. >> monday, army secretary addresses the annual meeting. he is expected to talk about possible cuts to the defense budget. that is live at 10:30 on c- span2. tonight, highlights from the aspen ideas form. >> millionaires think they should pay more. the middle class, republicans think. what is the problem? >> why have you given up on the country and decided to campaign

full-time instead of doing what the american people sent us all here to do? that is to find common ground to deal with the big challenges that face our economy. >> we have not dealt with social security and medicare on a long- term basis. you cannot save enough at the defense department to solve the debt problem. if you take too much out, it will do serious damage. >> conversations, tonight on c- span starting at 8:00. >> during deliberations, the only people allowed in the supreme court conference room are the nine justices. who gets the door? >> i was paying very close attention to the discussion and i failed to hear the knock on the door.

they both got up and answered the door. it made me feel like i was about 2 feet high. one of the most important jobs in the junior justice is remember that you are a doorman. >> john paul stevens on his new memoir. sunday night. >> next, can it burns on his new pbs series " -- ken burns on his new series, "prohibition." it became a social experiment for legislating human behavior. this is about an hour.

>> for more information about the national press club, we invite you to visit our website. and to donate to programs offered to the public. we've been by you to look at the website there as well. on behalf of our members worldwide, i would like to welcome our speaker and those of you attending today's event. iowa should this reminder at all events. -- i issue and this reminder at

all events. he will hear applause in the audience today. the it is not the lack of a journalistic objectivity. i would also like to visit our c-span and public radio audiences. you can follow the action on twitter. after our guest speech concludes, we will have questions and answers and i will ask as many questions as times comment. it is time to introduce our head table desk. i would ask each of you to please stand up briefly as your name is announced and will begin from your right. stephen ellis is a principal with sailor company public- relations. cannot grant is a board member and head of our broadcast committee.

she is bureau chief and senior white house correspondent w. bob cardin, sharon rockefeller, rachel ray, pat harrison, melisaa with newshook media. this month of october at the national press club may bring some of the best speakers we have had in our history. that is all due to her work. let's get over our speaker for a moment, we have the washington bureau chief of cbs news. the president and ceo of pbs and

guest of our speaker. a graduate student in media and public affairs at the george washington university. betsy fisher, a longtime executive producer with "meet the press. " allison is still as reporter for bloomberg news. roberts, able to get away today even though he is political research director for cnn. please give me one more round of applause -- please give them a warm round of applause. [applause] thank you. you know the signature style when you see it. the slow zoom, the narration of a familiar voice, like tom hanks or morgan freeman. the sounds of banjos in the back. all set against a backdrop of an historic american tail.

it is literally called the ken burn effect. our guest today is the creator. he is the automaker best known for leveraging american history. the baltimore sun rudbeckias not only the greatest documentarian of the day, but the most influential film maker. that includes the likes of george lucas and steven spielberg. our guest today joined us in part to launch his latest series, which began airing last night on pbs. i hope that many of you had the opportunity to see it. this three part series examines the rise and fall of the 18th amendment to the u.s. constitution. the series entitled "prohibition."

with the release of this series, this veteran filmmaker is taking the opportunity to call for a new national discourse on stability and democracy. that is relevant as prohibition errors in the midst of this heated presidential campaign season. with a prolific record of film, in addition, and documentary work, his films have won 12 emmy awards and two academy award nominations. among his numerous accolades, our guest is the recipient of the academy of television arts and sciences lifetime achievement award. this brooklyn built -- brooklyn born filmmaker catapulted on the scene in 1981. that film, "brooklyn bridge. " it was his landmark series in 1990 that was to become the highest rated films series in american public television history.

that is "the civil war, " of course. it is the 22nd documentary for the public broadcasting system, marking a 30-year collaboration with pbs. the pbs partnership may rival that of our guest relationship with the national press club. he stood at this podium and no fewer than six times. for our members who might have missed sunday night's first broadcast, the press club will screen episode one during our special speakeasy evening of stairs. once again, let's give a warm welcome to mr. ken burns. [applause] >> my goodness, what a generous and kind introduction. i thought the press is supposed to be balanced and agnostic.

he jumped right into a speakeasy night, i see. let's raise our glasses and toast. to unintended consequences. [laughter] i would be remiss if i did not thank the very important people that bring me, compel me, to this table and to this podium. that concludes our corporate underwriter, bank of america, who has been with us for five years. has been the most enlightened underwriters that we have ever had in more than 30 years of making films. we also enjoy the support of the davis foundation, thand a new group that we started call the better angels society.

we also have longtime support from the national endowments for the humanities. there were instrumental in has been able to finish our film on the brooklyn bridge way back in the late 1970's. they were instrumental in making sure that beaver able to finish this film. two other sponsors -- that we were able to finish this film. two other sponsors, without them, we would not be standing here. the public broadcasting service itself, led by my friend, a few has made a long-term commitment to our femmes. not only this, but others that we have in a storm -- store. the corporation for public broadcasting takes the cake. they have been supporting as since the very a first down. i think they have been involved in all but one of the films that we work done since we started

making films. i am so very grateful to the corporation for public broadcasting and to its current ceo for their unwavering support. during the last 30 years, i have enjoyed one of the most distinguished and important affiliations and that is weta. if you are not familiar with how public television works, it is a bottom up model and which we depend on local stations to produce the programming, which is sent upstream and distributed by pbs. it is not a monolithic central number that decides what they will show and when they will show it. for those last 30 years, i have enjoyed, not only the partnership with, but the friendship with sharon rockefeller. it is great to share this table with her. she is a dear friend.

we could not leave home without them. we make a cliche to filmmaking that it is a collaborative medium. it is. it is important today to acknowledge the negative space of creation. a sculptor brings a block of stone to for studio and works on it and what we get to see is the finished product. what she understands in her heart and in her got is that all that is lying on the floor of the studio. the negative space of creation. that is true in almost any creative process. it is true in filmmaking, where we might have 40 or 50 times as much material that we filmed or collected then can actually make it into the final film. this is the shooting ratio. i happen to live in new

hampshire. it takes 40 gallons of sap to make 1 gallon of maple syrup. this is very much like a documentary filmmaking. two people are not here. michael director and co- producer has been in every -- michael director and co-producer has been in the equal in every decision that we have made. i wish that she was here. to be able to share in your attention this afternoon. i would also like to acknowledge our co-producer sarah.

not dispensing with those, but acknowledging those very real supporters, let me try to begin and tell you first of all how honored i am to be back here. at the national press club and how honored and delighted i am to be talking about the special messages, are common heritage. it directs our way. let us listen. let us listen. too often as a culture we have ignored this joyful historical noise. i am interested in that power of history and i am interested and its many varied voices. certainly, not those voices that have recently entered our studies. boyce is it suggested that

american history is only a catalog of white, european. that is unafraid of controversy and tragedy, but equally drawn to those stories that suggest an abiding faith in human spirit. and the unique role this republic seems to play in the positive progress of mankind. that has been my mantra. you know, i have to admit that in a way, we have made the same film over and over again. each film asks one deceptively simple question. who are we? who are we? who are the strange and complicated people like to call themselves americans? what does an investigation of

the past tell us where we have been and where we might be going? while each film tries to answer the question, it can actually never answered it fully. one hopes that with each successive project, you have the possibility of deepening the question. who are we? american history is a loud, raucous, exclusive collection of noises that combine to make the sweetest kind of music. we have tried to listen as much as we can to this music in putting together the films we have made. it is a kind of emotional archaeology that we are attempting. listening to the echoes of an almost an expressively path that paradoxically points as confidently towards those future horizons that will determine our destiny. that is what i am interested in.

this new project on prohibition is no different. i am. you're 21 years ago for the very first time. i stood at this podium and i told to that i had been working on a film project about the imperial presidency, about new weapons of mass destruction at a level unseen before, about unscrupulous military contractors who sold shoddy goods to the government at exorbitant prices, about a growing feminist movement, he would tell me, you have abandoned history and you are working on the present moment. bills for only a handful of the themes that compelled the stock -- those were only a handful of the things that compelled the history of the civil war. i come back here to begin to tell you that the we have in our minds safe and familiar images of prohibition, that now have been distilled down into our

children's textbooks to a paragraph or two. and they seem to be model t's careening around chicago streets with machine guns blasting. or the bobbed hair, short skirts, flapper dancing on the table of the speech easy in this new expression of the literally or and 20's. we will have ignored at our peril bus central theme that for us broad as to the project and seemed to reverberate today. if you know your bible, in ecclesiastes, it says, what has been will be again. what has been done will be done again. there is nothing new under the sun. ladies and gentlemen, let me tell you something about prohibition. this is the story of single

issue political campaigns that metastasize with horrible unintended consequences. this is the story of the demonization of recent immigrant groups to the united states. this is the story of on funded congressional mandates, a loss of civil discourse, and of smear campaigns during our presidential election cycles. about the whole group of people that feel sincerely they have lost control of their country and want desperately to get it back and will do anything they can to take it back. this is the story of the role of government. what is its precise and corrupt relationship to its citizens? this is the story of wiretaps, this is the story of a growing and developing feminist movement. does it all sound familiar? these are only a handful of the themes that animated our

interest in the prohibition story. we have made a three-part six- hour series. it began broadcasting last night. the first episode is called "a nation of drunkards." did lead up to the passage of the 18th amendment. we were drinking five, six, seven times the amount of alcohol that we now consume. the problem of drunkenness, not alcoholism, was a huge social problem being addressed by the clergy and later by a new group of people, who were feeling their first agency in this new republic. they did not have the right to vote and had no rights, but it's due to their support, began

to find that voice. they began to achieve that agency. that movements was hijacked by those who fought total abstinence would be the best thing. of course, a new modern, a single issue movement was born. it blotted out efforts of the women's christian temperance movement. taken over by the single most effective and powerful lobbying organization in the history of the united states, a group that i had never heard of. the anti-saloon league. its leader was as powerful as any human being has ever ban. i had never heard of him either. he could make the senate of the

united states sit up and bag and he did, and they did. it is an interesting and fascinating story. they wanted only one goal, the elimination of alcohol and worked tirelessly to do it. they were willing to compromise on it nothing and willing to make alliances with anybody if it levant's their goals. -- advance of their goals. when the governor of ohio said he thought that to local talent should have a voice in what they were doing, the league got him unelected. the democratic challenger was elected in his place. it is a fascinating story, which seems ultimately moderate in

every respect. they were turning out tons of anti-flicker -- liquor propaganda every month. it is a fascinating story. what is more fascinating is how a majority of americans came to embrace the notion that we needed an amendment to the constitution that absolute limited human freedom when every other amendment has expanded human freedom. that has been the american model. we have moved forward into an uncertain future by extending to our citizens more rights than they had before. this is the only amendment that curtailed those rights. by the turn of the 20th century, we found a huge collection of people who work

for prohibition in some way, shape, or form. progressives were for it, as well as the dairy conservatives. democrats as well as republicans. prohibition came to be seen as a way to solve all of society's ills. we could swallow this magic bullet that would solve everything. every family would be improved, the slums, if this amendment went through. industrialists were for it because they thought that alcohol weekend the output of their working man. the wobblies were for it, too. they saw a prohibition, based on alcohol as a capitalist plot to destroy the working man and

joined this odd band wagon toward prohibition. we had the naacp was for it. booker t. washington argued always and passionately for a black advancement and advance and of a black middle class and he saw the optical alcoholism -- the obstacle of alcoholism as a huge and a problem that they needed to join the bandwagon. then the coup klutz klan was for it, too. there were anti-catholic, anti jew, anti-black and the last thing they feared was a black man with a bottle in one hand and a ballot in the other. everything coalesced around it and as we move into the second decade of the 20th century, two things made a reality. the first was the 16th amendment. the anti-saloon league shrewdly allied themselves, many say cynically, with progress of

groups interested in the redistribution of wealth in the united states because there was in that time as we are to end debate today, a huge disparity between haves and have-nots. the gilded age and the robber barons had squeezed the middle class and the poor rising in their ranks and the rich were getting richer. they thought the best way to redistribute wealth was to pass an amendment to the constitution that would initiate an income tax. strangely, the anti-saloon league joined with them because they knew that by supporting this amendment, they would insure that the liquor industry, the bruce and distillers, would no longer have a symbiotic relationship that had with uncle sam because up to that point, fully 70% of all internal revenues for the federal government came from taxing beer and spirits.

despite local prohibition movement, the beer and liquor industries were confident that they would never be disconnected from the person most addicted to them which was the federal government, the income tax proved them wrong. they found themselves in deep trouble. the second event, not of the anti-salim league doing is the first world war. that made all germans and in this country, the second or third largest immigrant group, the enemy. you could in essence equate beer with treason and they did. the government's propaganda office and the anti-obsolete working almost and and and were able to convince people of the threat that came from the hun not just from without but within the united states. we stone doxepin's to death. german american citizen was

killed for no other crime than speaking german over a backyard fence to a neighbor. we renamed sauerkraut, liberty cabbage [laughter] . sound familiar? it only took a few more votes and we had passed by overwhelming majorities a prohibition on man-to-man. -- amendment. we had come to see since the civil war that the constitution was much more than a handbook, emanuel for making this country run. it was a place in which we could fulfil our utopian dreams. this notion of a city on the bill, a more perfect union, as the preamble suggests, was an unbelievable windmill to tilt at and we had begun to initiate an amendment which we thought would do good. the prohibition amendment fit into that. it passed overwhelmingly by the

house and senate and moved on to the states to ratify it which they did in record time. the west had truly -- had shrewdly given the drive seven years to do it and they did it in 13 months. the west had been confident that no amendment could work its way through all those states and passed with the kind of majorities required in all of those states and become law but it did in 1919 and it would go into effect exactly one year later in january of 1920. i have just given you a short synopsis of what you missed last night. [laughter] tonight is an episode called a region [laughter] "a nation of scofflaws." tomorrow night, the third episode which details the second half of the nearly 14-

year rule of prohibition is a called"a nation of hypocrites'." these are titles we did not enclosed in the material from the comfort of our present position as amateur historians and documentary film makers. this is what came out of anxieties and descriptions of that period. a nation drunkards, in national scofflaws, nation of hypocrites. what resonated after -- out of every month of working on this film was a sense of how little we knew about p thiseriod. i spent a lot of time in the 1920's in jazz and the baseball series. i had never known to dimensions of this. i spent a lot of time in the 19th century and knew that the temperance ran alongside emancipation and new in the family made about women's rights the way in which suffrage was made mainstream by its attachments to temperance, the idea that if you gave women the vote, they would help to vote

against alcohol. all of these things i thought i knew. we were staggered daily by the sense that we did not know anything. as harry truman once said," the only thing that is really new is the history you don't know." this was an extraordinary and fascinating journey into another territory. i hope you have an opportunity to see this because it is a different kind of takes. we've got those gangsters and we've got those flappers and we think the film is sexy and exciting, and wonderful and dangerous and all of those stains. it is a deeper dive because after a while, the focus on al capone makes us forget that ordinary citizens, probably most of us in this room, had we been alive then, would have broken below. ordinary citizens did. journalists and filmmakers -- [laughter] doctors, and lawyers and

lobbyists and the guy on the corner and a guy around the. all were breaking the law. one thing our chief creative consultant told us is that while thebolstead act which was the law to apply the amendment was draconian in one sense, it to find alcohol as one half of 1% content which made german chocolate cake and sauerkraut, liberty cabbage, illegal. it also had unusual loopholes for medicinal purposes. lots of doctors wrote prescriptions that only alcohol could cure. we also had a loophole for sacramental uses. congregations and temples would grow by tenfold. [laughter] while there is often a very

precise set of guidelines of how you become a priest, in the catholic faith, there is not so certain a route in the jewish faith. who is to say who is not and who is a rabbi? there were lots of rabbis and named a osha and and and calais [laughter] . this is american ingenuity at its best for an unintended consequences are so impressive and exciting that we have to think about them and consider them as we wonder about drugs, as we look at the horrible record of organized crime, not just in that brief. but is still with us. we would not have organized crime without prohibition. of course, female alcoholism and jumped severely. what we are reminded of, too, and what has compelled a good deal of our conversation around the country as we take the film

around the country is this sense obol loss of a civil discourse in our country i asked why the civil war happened. it happened because we failed to do what we have a genius for. americans like to think of themselves as uncompromising but our genius was to compromise and when that failed, we nearly destroyed each other. it is loss, the periodic loss of our ability to compromise, our willingness not to see that the moral absolute tests have it right that it is all black and white right and wrong but a strange and wonderful combination of all sorts of people struggling for one part of the truth. george will said democracy is the politics of the half low. you never get it all. in prohibition, we saw an example where we had a group of self righteous people absolutely convinced they knew what was right and what was wrong. they were unwilling to

compromise their by doing their noble -- so-called noble experiment to failure. the lesson of prohibition i think whether it is a single issue policy in this loss of civil discourse, in all the ways i described, the demonization of recent immigrants because many of the people doing the demonization today or themselves once the victims of that very discrimination. prohibition stands as one of the most effective teachers i have ever come across. i so enjoy the opportunity to be able to work in it and dive into a sensitive american psyche that is both generous and greedy, sincere and hypocritical, prurient and puritan, a saturday night and sunday morning, all at the same time and not just between groups which is the easy way in which we distinguish between ourselves today. we are to dialectical preoccupied pointing out red state or blue states.

young or old, black or white, like everything we need to superimpose something like the label of someone else, we forget how much we share in common. i think the opportunity that pbs provides me to do a film like "prohibition," we are reminded of how present the past is and what a great teacher it is as well. thank you for your attention. [applause] >> thank you and thank you again for coming back to the press club. our many members and members of the audience here are anxious to hear you speak as you just did also to pose some questions. we have those now. let's take it really from where you left off. when documentarians many years

now try to frame history in the current moment, what do you think they will say let us up to this particularly argumentative time in our history? >> i think we understand that a wedge issue which in retrospect looks to us to be abhorred is actually expedients and politically effective. quite often, the shortest distance between what you think you want and getting what you think you want are those sorts of tactics. as our politics have become enlarged matter due to our complicity, hours within the established of the media world we live in, has fed this beast. it becomes easier and easier for us to become independent free agents and not participants in the democracy willing to compromise. as long as that happens, we will see the kind of gridlock and

lack of compromise and the lack of progress that every citizen wants regardless of whatever point on the political spectrum that come from. >> you said before hand today that in many ways, this seems very parallel to other parts of our history. since we are inhabiting this time, we have a tendency to want to make it the most something. can you put it in that context in your view? how does it rank compared to other portions of our history? is it as dramatic as it may seem to those of us who are living now? >> we are always, because we are living in it, in the most dramatic times ever. this is our bias of the great arrogance of the presence because we are alive and it is happening to us. this is the most important time in those people in the past could not have lived as full lives as we do. that is one of the things that history has that ability to lift that veil.

they make the distant past. not just our distant past, our pre-revolutionary colonial history, but 10,000 years ago, we can lift the veil on that and extend to those human beings their humanness who lived and loved, hated and were in the same capacity that we do. this is not as tough economic times. we have done many times on the depression which was the ultimate ander of prohibition. in that very desperate time, in some cities, of the animals in the zero were shot and then be distributed to the poor. when that happens here, please let me know and we can now begin to change our description from recession to depression. the election of 1928 in which al smith was so effectively in eviscerated by the dry forces and other intolerance forces in america stands as one of the worst election campaigns i have ever seen. it looks very similar to the election of 1800 between john adams and thomas jefferson. we have had a lot worse and we

have had a lot better. i don't like the fact that historians often like to say that things are in cycles or what ever we don't remember we are content to forget. that seems an obvious corollary to the central theme i hope i have made which is that human nature never changes. we are the same kind of people we were 10,000 years ago. the greediness and the generosity, the hypocrisy and a sincerity existed in equal measures between but within us. that has to become our struggle. the question of who are we is a convenient step to the real question we all face witches who am i? what am i doing here? what is my purpose? what will i leave? >> having studied the

prohibition era, do you think any of the modern efforts to implement constitutional bans like a ban on gay marriage or abortion canner might be successful? >> one of a lasting positive legacies of prohibition has been our now natural suspicion of the next new good thing, the next new magic bullet which will cure everything, the next panacea. i think we have become rightfully suspicious of those amendments. if you just pass something, everything will be okay. those single issue groups that feel they can see all of american history and the american political system and sell all our problems through the narrow lens of this single issue and by doing it, everything will be all right. as billy sunday said, hell will forever be for rent. with standing room all in lying to get into hell because of the loopholes and enticements that

the unintended consequences prohibition sponsored has been a healthy american thing. we have gone back to amendments that are merely mechanical. they are about how you keep the machine going and how often you add oil to it and how often you do this or what the presidential succession is and when you will inaugurate a president. we are no longer tinkering in the same way in large part because we have this deep suspicion of people will try to sell us that solution. the country prohibition. >> someone is asking and maybe you answered this, do you think the 18th amendment was the product primarily of a conservative or liberal political ideology? >> let us remember that alcoholism was a huge social problems in the early 19th century. it was a huge social problem in 1920 when we passed prohibition. it is a huge social problem

today. we as a community, as a government, what ever you would like to say, have obligations to address this problem. the reason why prohibition initially was passed is because no matter what peoples of terror models work, people sincerely thought we could take this big problem off the table. this big problem is suffered by 10% of our population. we made the abortion decision to apply the solution to 100% of the people. it did not work but it does not leave us free of the moral obligation to try and improve society. that is the role of government. that is the role of organizations. that is the role of individuals. that is the role of churches. that is our role. this is not an issue that is left or right. this is a human issue. >> here is a personal question. now you have been dealing with

this subject matter for so long, you have been asked on the road whether you or a teetotaler or something more energetic and the consumption of alcohol. has your own research and production of the film had any effect on your thoughts about that? [laughter] >> i have spent a good deal of my professional life as a teetotaler. i have had to wear so many hats that we tend to work long days and i always found that stopping for a drink when everybody else was was not conducive to continuing network. -- continuing in that war. in the course of prohibition, just as i did when i was making a film on the cell that religious sect, the shakers -- [laughter] i conceive with my co-producer on that film my first of all four daughters. [laughter] it was important for me to balance out the teetotaling aspect of so many individuals in our film that i felt compelled

to drink and drink significantly. [laughter] [applause] >> all in the name of creativity. >> absolutely, professional responsibility. >> my next question frightens me [laughter] we had a presidential candidate vying for the republican nomination who is an advocate for legalization of marijuana. what parallels do you see with the violence in mexico and along the border with the prohibition era? >> that is a wonderful question. as lynn and i approached it, we assumed that's what we would be dealing with. we thought the parallels would extend that far. they were pushed aside by all the other parallels that i spoke to you about. that seemed more to our essential character. these comparisons is still remain and they are not insignificant and we should talk

about them a lot. we should use the occasion of history, that table around which we can still have that civil discourse to may be engaged questions of marijuana. it is our largest cash crop, more than soybeans, corn, and wheat. we look in difficult economic times of a source of potential revenue of if it is taxed and regulated. we hope there could be a concurrent to ammunition of the violence attending to its distribution. i would say that we have to step back a second and realize that alcohol has been consumed by human beings as long as there have been human beings. there is broad acceptance of it in all manners of society. drug use is more and marijuana to be specific is more a sub- cultural manifestations. it comes and goes in various places at various times. that is quite different.

applying the same sorts of things that we learn in prohibition may not be adequate. i would urge those, whoever they are, or considering best to proceed slowly and remember about unintended consequences. however, the single most difficult aspect of this, the violence that is intended to it is connected to cocaine and heroin trade. it is inextricably connected. by pulling marijuana out, you don't lose colombian drug lords. who knows what the unintended consequence might be of denying them the marijuana business? if you ask cocaine and heroin to join the same conversation as marijuana, an overwhelming majority of americans cannot go there. you are now back so much a

square one but at a very cautious experimental phase in which you try to figure out the ways in which the decriminalization of marijuana could take place. >> to the extent that your work ultimately involves a question of who are we, how honest are we with ourselves about the role of alcohol in our society for the good and bad at the present? >> i think we are rarely honest about anything in our society whether it is set to relative or faith, whether it is agreed or any of the things that have been tangentially the topic, the energy, if you will, of the subjects of our films. as someone not interested in making or scoring political points in the film but in sharing the conundrum of american human existence and hoping that the distance from

us to that moment provides us with some measure of perspective that we might be able to apply it however each individual of your wishes to apply it to the current situation branders your question just that, an excellent question. [laughter] >> thank you. i will take that in lieu of another answer. [laughter] i am told in 1998, you gave a speech entitled why you are a yellow dog democrat. you produced a video for senator kennedy paused 2008 speech at the convention. and light of all that, how do you separate your personal opinion from your work as a documentarian? how much do you want to separate? >> i want so passionately to separate it is. my own personal beliefs, whatever they might be and all of that question did was narrowly pickup some things. it does not describe friendships across the political spectrum or conservative

additions to myself that i suppose to be included in a fairer question. i am interested in the facts. the fact that the battle of gettysburg took place on july 1, 2, 3 of 1863 is not a democratic or republican question. it is a fact. the fact that the women's christian temperance union might be a progressive organization and the anti-saloon league might be perceived as a more conservative one by today's standards and how we would describe it is neither here nor there in terms of my own political calibration variant what i do in my spare time is my own business. i will continue to have my own business. all my work for public television has been free of that kind of bias or advocacy. that kind of film only preaches

to the congregation. it has been my mission since the beginning and the fact of the response of these guns that they have reached out across the very superficial definition of party lines to much more important things like that broadness and majesty of our country and spoken to people from every walk of life. if they were merely a reflection of isolated aspects of that question, the films would not have the power that i think they have had. >> there are some things upon which all of us a great and there are some things that perhaps none of us truly agree and are some things that are in the middle. when you are looking to present the story, how you decide that's one thing is ok and one is not?

>> we do what any good mutual fund manager would do. we average. we are dependent as a result of the grants we receive not only from the national endowment for the humanities but other groups. we have a variety of historical advisers. they represent a whole spectrum both politically but also academically on any particular subject. these funds are not window dressing. these are people we consulted at every juncture. they help to center it and remind you of other things. -- sen sort it and reminder of other things. we had discussions about prohibition where we were reminded that this was as much a progressive movement as a was a conservative movement. though it did get hijacked and became the agenda of a kind of

anti-immigrant thing, nothing sundays reforming as other people's habits, that is to say that this prohibition is for someone else and never woke up with the worst hangover without having a drink which it was for them as well as someone else. we permitted the extraordinary advice and influence of those scholars to make sure that gettysburg still remains on the first second and third of july, 1863. >> your career has been entirely devoted to producing material for public broadcasting. >> yes. >> in this politicized environment in which we live, there are real budgetary pressures from the congress and the president. how fearful argue that some aspects of the progress -- broadcasting fall to the budget act?

if it were truly an environment where everybody had to give something up, would it not be fair for public broadcasting to give something up as well? >> these are all important questions. i wish i had my friend william f. buckley who appeared on public television for 30 years and only on public television for 30 years to help me answer your excellent question. we have given up and we continue to give up again and again. that means the national endowment for the humanities as contributions to the civil war from approached 45% and now we often receive, when we are lucky and to the due diligence of producing the door stopper proposals that they still and quite rightfully require less than 10% and still receive the largest grant. we have given up and given up and given up. like prohibition, we sometimes fall prey to preconceived notions that permit the discussion to fall into the realm of the cultural wars, if

you will. it is so interesting that we are an organization that helps to stitch the country together. we represent a fraction of 1% of the budget. we are as central to the lives of red staters that we are to blue staters. no one can never actually show me the incidence of bias. during the 1990's, the friends i knew in the clinton administration railed against public radio and public broadcasting for their conservative bias. i think it is often our feels uncomfortable in the face of good journalism. inon't need to preach that

this cathedral. we would hope that people could understand that while we have nothing to do with the defense of our country, we help make this country worth defending. not everything has to be in the marketplace. when your house on fire at 3:00 a.m., you do not call the marketplace. we would like to suggest that this underfunded and quite often much maligned network, pbs and national public radio, in terms of my familiarity produces the best children's, the best science, the best major, the best parts, the best public affairs and i'm told the best history on the dial. when you've got five or 600 other channels as competition, that is a pretty good record. [applause] >> we are almost all of time. i do want to ask a question.

some do regard this institution as a cathedral to the first amendment. when newspapers are struggling so mightily and traditional news outlets have suffered, let's focus for a moment on newspapers. as one who has looked at newspapers as a source of material, how important is it that they continue to survive? >> it is negative is central to the survival of our republic -- it is important -- central to the survival of our republic. you would go on tours with the news from the size of a stadium filled with hundreds of reporters. 10 years later, the tumbleweeds were going through. this is terrifying. we now rely on an internet with

some notable exceptions where it there is a lot of rumor and innuendo. nobody is watching the civil -- city councilman to see if he has bought something adjacent to what they are about to buy. that is the role of newspapers. we have one newspaper in this country with a reporter in southern sudan. what happens there is really important to us in this day whether we note -- in this room whether we know it or not. we need to have the top to bottom possibility. the great terror of the transformation going on with the changes in our economic system, we are manufacturing less and servicing more. all of them suggest dangerous threats on this important institution. we know our founders sought it as central to the survival of our republic. anything that strengthens these institutions, and let us not be

afraid to embrace new forms of technology, but let us also be clear that the rumor and opinion is not the same as the dogged research. the person who really offers to push the opinion, idea or lie down the road is not as important as the person willing to do the difficult work to find out what the truth might be. that is one of the reasons why i have remained loyal to public television. i believe this is the place in which i can exercise whatever talents i have in this area with american history and do it to the best of my ability. i have been offered no other venue that would permit me to do as deep a dive into this subject i am interested in without interference from

sponsors or interruptions of commercials than any of the place in the country. >> very good. i know there are many journalism people who feel passionate about journalism who are thankful for those comments. we have a couple of routine housekeeping matters to take care of. on the fifth of october, congressman ron paul will be here. harveyn the month, tmz's levin will talk about the changing landscape in entertainment coverage. something you are familiar with, the tried and true tradition of appreciating you with a token of our appreciation. that is the national press club copy mud before we ask the last question. [applause]

>> i now have half a dozen. >> and we do not want to see those on ebay. >> my work has always been the bottom of history. we do not feel like top down is enough. today is actually your birthday. in that spirit of historical investigation, i would like for everybody to sing "happy birthday" to mark. birthday to you ♪ >> make a good wish. [applause] >> that certainly takes the cake. [laughter] thank you. i could not have asked for a better surprise on this day. i would not have rather than

anywhere else but with you and your today. i appreciate that very much. you live in the space of public broadcasting and weighty material. can you share with us perhaps a guilty pleasure that you share that we would not have known that ken burns is a fan of this? >> one biggest commercial television -- my biggest commercial television vice when i am stuck in hotel rooms without the benefit of getting around the many commercials that we still do not have in public broadcasting, i guess i am addicted as my oldest daughter is to "law and order." i do not mean the spinoffs. traight, neat, st

"law and order." it is such a perfect, elastic form that you can see things over and over again and still marvel at how they connect the dots. i remember doing that the other day when i have something much more important i should be working on. i was addicted to that. >> a round of applause for our speaker today. [applause] thank you for making this day even more special than i would have expected. i would like to think our staff -- thank our staff for organizing the event today. thank you. we are adjourned. [applause] [captions copyright national cable satellite corp. 2011] [captioning performed by national captioning institute]

>> millionairess think that they should pay more. tea party folks think millionaires should pay more. what is the problem? >> what have you given up on the country and decided to campaign full-time instead of doing what the american people sent us here to do? that is to find common ground to deal with the big challenges in our country. >> what is driving the debt are the entitlement programs and the fact we have not dealt with social security and medicare on a long-term basis. you cannot say enough out of the defense department to solve the debt problem. if you take too much out, it will do serious damage.

>> those conversations and more tonight on c-span starting at 8:00 eastern. on sunday, possible defense cuts to address the u.s. debt. presidential candidate michele bachmann will be in new hampshire for a town hall meeting as part of her three-day campaign tour. that will be live at 3:30 eastern on c-span. >> c-span radio is another way to keep up with politics and public affairs, offering a mix of the most relevant events from the three c-span network and some exclusives like the reair and sending news programs from the major networks.

you can listen to us online and on our apps. we are now in our 15th year. >> next, a hearing on the concept of cloud computing as a way to share government information and its potential security risks. you will hear from officials who testified including the chief information officer. the house homeland securities subcommittee held this one hour and 45 minute hearing.

>> we're going to get opening statements in, begin your testimony, and then will have to break. the subcommittee meeting will come to order. we're meeting today to examine the security implications of crowd -- cloud computing. we welcome our witnesses and look forward to their testimony. cloud computing enables convenient network access to shared pool of resources. cloud computing enables organizations and individuals to access website data and on-line programs without concern about the physical location of the server. it promises cheaper and more effective information technology. most organizations already utilize some form of it. online shopping and banking are

prime examples of the way cloud computing has changed the way companies interact with and provide on-line services to customers. improved technologies have improved capabilities and reduced costs. this new technology promises greater capability at reduced cost. the administration has issued a cloud first policy before making new investments. republican members of congress and our democratic colleagues are always looking for ways to reduce government spending. any savings from cloud computing would be welcome. in spite of the protective. the projected savings, we cannot ignore our responsibility to assure that government information will be secure in the cloud. the gao reported that security incidents rose 650% over the last five years.

our concern is that the cloud offers a target for terrorists and rogue nations. with cyber terrorism affecting every sector of the economy, aggregating important information in one location is a legitimate security concerns. security implications can not be an afterthought. they need to be considered as the technology is developed and deployed. yesterday the republicans released a recommendation for cyber security legislation. we intend to work with our colleagues on the other side of the aisle. this is not a partisan issue. it is one that we need more work on. i do believe there is a bipartisan commitment to provide that. speaker boehner has made cyber security a top priority. our committee will be a key player in drafting legislation. as we address our older melodies, we must assess new technologies to ensure full -- for their vulnerabilities will

not be created. some argue that since the data can be secure in the cloud. they argue that providers of resources to invest in sophisticated systems if necessary. different security levels can be designed for the different configurations. the private cloud is appropriate for the most sensitive personal data. sensitive data can use the hybrid model. non-sensitive model can use the public cloud. i.t. savings are important. we cannot ignore the information security risk created. assessing those risks responsibly will be critical if cloud computing will be widely accepted. the federal strategy is designed to ensure the security of government information and establish a trend. environment between clouenvirons service providers and the federal government. we have developed the federal risk and authorization management program.

it will facilitate and lead the development of standards. the strategy on the transition is an exercise in risk- management that entails identifying and assessing risks and taking steps to reduce it to an acceptable level. we look forward to the testimony. we intend to examine the benefits and risks of cloud competing and identify the security implications. i look forward to the testimony of the witnesses regarding this new cloud technology. i now recognize the ranking member of the full committee for any statement he might make. my statement,gin let me take off on your comments bout the republican caucuses' and the release of the cyber task force recommendations yesterday. it is an emerging threat that

warrants a timely bipartisan action from congress. the stakes are high. networks have seen a 650 fold increase in cyber attacks over the past five years. the president has submitted a comprehensive plan including a legislative proposal. we look forward to a bipartisan effort on this issue. i can assure you on our side that we will do that. with respect to this morning's hearing on security implications of cloud computing, cloud computing can and does mean different things to different people. the national institute of standards and technology has published a definition that provides a starting place for discussing and finding security needs. not everyone agrees with or conforms to nist's definition.

the federal government and industry have not reached agreement on uniform rules and standards to secure the information in the cloud. this is not something that can be left up in the air. i embrace technological progress. i also know every new technology presents great possibilities and challenges. in our eagerness to jump on the bandwagon, we often forget to ask about the destination of the wagon, the cost of the journey, and the route we will take a long way. as we embark on this new journey of migrating information to the cloud, we must not repeat the mistakes of the past. we must be about some of the claims that are made. i am told the cloud will produce -- produce cost savings and efficiencies. i am told the benefits will be achieved by eliminating the need

for data centers, computer hardware, and other public and private sector operations that employ thousands of people. i have to ask about these displaced people. every new technology creates displacement. it also provides opportunities. we must ask what new opportunities will be provided into will benefit. as cloud computing increases the ability of the federal government to communicate effectively, we must increase the ability -- we must ask how that will affect the security of government operations. without clear standards and rules, we cannot begin to evaluate how the security of government data will be affected by cloud competing. we must remember it must be aligned with the federal information security act. the federal government currently

uses the services of vendors to manage cloud operations. we must ask how the businesses will comply with regulations and requirements. industries cannot effectively compete without understanding the potential regulatory environment. there are many questions that must be resolved. i am certain our witnesses will be able to shine some light on the cloud. i yield back. >> thank you, ranking member, for the poetic opening statement. when the ranking member of the subcommittee appears, we will give her an opportunity to make an opening statement. opening statements may be submitted for the record. we're pleased to have a distinguished panel of witnesses today.

richard spires was appointed as the chief information technology officer of homeland security. he previously oversaw i.t. responsibilities for the internal revenue service, chief information officer and assistant information officer for business system modernization. before joining the irs, he served as the director of the software product bender. he spent more than 16 years at sra international. welcome. dr. david mcclure was appointed to the office of citizens service and innovative technologies in 2009. he recently served as managing vice president for the government research team. he served as the vice-president for e-government and

technology. he has a n 18-year career with the gao. he has spent over 20 years auditing of financial management and information systems. prior to joining gao in 1997, he was the senior systems analyst for the department of education. he held senior auditing positions with the u.s. army audit agency. thank you for being here. we have a rule of five minutes testimony. we have your written statements. they will be included in the record. we will ask you to go in the order i introduce you. mr. speyer's, the chair will now recognize you. -- mr. spires, the chair will

not recognize you. >> i will discuss the changes cloud competing is having in the government and apartment homeland security. i will discuss how dhhs is addressing the security challenges associated with it. cloud competing enables federal agencies to purchase on demand i.t. services using a consumption-based business model. we pay for the usage of the service itself whether it be per kilowatt hour or minutes of use for cell phones. many services are becoming commoditized and len themselves to such models. it is transforming the i.t. business because it does provide significant benefits to customers. it provides stability and rapid deployment, full transparency for managing costs, and reducing capital expenses. cloud competing simplifies the

overall administration and costs of i.t. infrastructure. early projections for the tests are cost savings of up to 10% when we transition to cloud infrastructure services. dhs has taken an aggressive approach to the use of cloud competing with 12 offerings in production, awarded, or in the acquisition phase. dhs is focused on two deployment models, the private cloud and the use of the public cloud. we manage sensitive information within our two data centers and use our in turner -- internal wire network. we have our e-mail service that we expect to have more than one had a thousand users live than 90,000 users on it by the end of this calendar year. it provides an informant linked to the production environment to

enable a successful deployment of new applications. expect to provision new servers within one business day with the new capability. the legacy model averaged up to six months. it will provide secure a virtual desktop access to support mobile devices. the service will better enable a mobile workforce to support continuity of operations. we are embracing the use of public cloud services to manage non-sensitive information. dhs has successfully deployed self-check in the public cloud and will consolidate public websites to the public cloud. to effectively manage security risks, dhs is leveraging the private cloud environment to manage sensitive information. the model bolsters sensitive

information to our strategy. the dhs product cloud can leverage existing security controls and the use of our continuous monitoring capabilities and trusted internet connections. by imbedding security controls in a private club, dhs -- in the private cloud, it will exceed that of existing legacy services. for the public cloud, there is a visibility gap between the provider and customer. they cannot see into each other's management, operational procedures, and technical infrastructure. to address security concerns of public offerings, the visibility gap must be reduced to a series of requirements for reporting come auditing, and monitoring to verify the provider and customer are meeting their responsibilities. the program will halt federal

agencies address the challenges as a leverage public cloud providers or establish their own private cloud. continued work on the security challenges will increase the defensive capabilities of the cloud offerings and the ability of public agencies to use cloud competing for more sensitive information. looking ahead five years, the market appears poised to grow exponentially. we must focus on preparing departments and agencies to welcome innovation and changes in the way we do business. we're seeing reduced time to market for new capabilities. we're reducing capital expenditures and gaining transparency into operational expenses while providing improved service. the benefits far outweigh the challenges. thank you.

>> thank you for having me here to talk about cloud computing and security. i wanted to make two critical points about cloud computing. it offers a compelling opportunity to substantially improve the efficiency of the federal government. when implemented with sound security risk management approaches, it can ensure more consistent protection of the government i.t. infrastructure, data, and applications. the practical use of cloud competing offers substantial performance benefits for government. there are tangible cost reductions with more efficient data storage, hosting, and analytics performed on the vast data repositories. it can enhance productivity by shifting work force to high- value process improvement activities, problem solving, and customer service excellence. it allows greater flexibility

and scale ability. there is the ability to stand up services within hours and days rather than months or years. in allows -- it allows and creates an improved self-service environment with purchasing for i.t. resources rather than a long acquisitions process. we are facilitating easy access to cloud-based solutions that meet federal requirements such as fertilization technologies, cloud e-mail, disaster recovery and backup, and infrastructure storage. our vehicles and sure agencies. allow agencies to evaluate viable options that meet their needs. let me turn to cloud security. cod computing like any technology presents known and new risks alongside the benefits it offers. different types of clouds

services create their own set of security challenges in the government setting. to address these risks in a more comprehensive manner, we will launch a new government-wide program. we have worked in close collaboration with cyber security and cloud experts in government and private industry. let me be clear. the intent is to strengthen existing security practices associated with cloud computing solutions which will build a greater trust between providers and consumers and accelerate appropriate adoption of secure solutions across the government. fedramp ensures consistency and

quality, security accreditation, it creates a transparent and trusted security environment in government that will incentivize security testing and authorization. it fosters the push towards a real-time security assistance monitoring. it does this by standing up six critical capabilities. it standardizes a minimal baseline for government wide security controls for low and moderate risk cloud systems based on existing standards and additional controls vetted with all interested parties. it manages a process for accrediting independent third party assessors to ensure greater competency, consistency, and compliance with required controls. it creates a joint authorization board comprised of

representatives from dod, dhhs, and gsa to grant provisional authorizations that can be leveraged by multiple agencies. it allows agenciesit allows it , with baseline control, already been competing work done by another federal entity. consistent with changes, it will provide continuous monitoring, especially for persistent threats, and eventually all the make the exchange of status information on specific controls on a near real-time basis. the controls and manages the instant response, mitigation, and proof of resolution for authorized cloud systems. last, it will create a secure data repository to facilitate government access to secure

packets, sample contract language, examples of clout service level agreements, best practices, and continuous monitoring information. we think the steps can really advance more secure cloud computing in the government. i am happy to answer any questions. >> thank you very much. >> chairman, mr. thompson, thank you for the opportunity to participate in today's hearing on a cloud computing security. i believe this is a vitally important topic. earlier this week, a gao issued a report in which we note that the number of security incidents reported by federal agencies increased by over 650% during the past five years. this helps underscore the need for effective cloud computing

security. today i will describe the security implications of cloud services. i will also discuss the gao reported on federal reporting and agency's actions to implement our recommendations to improve cloud security. first, like to recognize the assistant director for my staff, who are here, and also nancy, who is not here, for their diligent efforts in reviewing clout security as well as preparing my statement. mr. chairman, cloud computing has both positive and negative information security implications. broad network access, possibly economy of scale, and the use of self-service technologies. federal agencies for " we cited the prospect of on demand security controls, to persistent

application of this controls, and low-cost disaster recovery and data storage as potential benefits. 22 of the agencies were concerned about the risks of clout computing. these risks include the ineffective, noncompliance security practices of the service provider, and ability to examine controls of the provider, the prospect of battle leakage to authorized users, and that the loss of that if the cloud service is terminated. these generally relate to the assurances of the service provider and the sharing of computer resources. the gao review issued a report last year and we noted that federal agencies have begun efforts to address information

security for cloud computing. specific guidance was lacking and efforts remained incomplete. we also found that gsa has launched several government wide initiatives, but had not completed key actions pertaining to cloud computing security. omb had not finished its clout computing strategy or define how security issues would be addressed. in that report, the gao made recommendations to omb, gsa to take several actions to address these issues. since that report was issued in 2010, these agencies have made progress in implementing our recommendations, but additional actions are still needed to assist agencies and securely the plummeting cloud computing. in february, when be issued its clout computing strategy, which references security issues.

it does not address the need for agency-specific guidance, the use of standards for control assessment, cloud service providers, or the responsibilities between customer and provider. consistent with our recommendation, the gsa, in collaboration with the cio council, for there developed the grant as has been indicated in the opening remarks. they intend to issue additional guidance later this quarter. in addition, they've issued a three of the for guidance documents related to cloud computing and expect to finalize guidelines on security and privacy in the public cloud computing later this quarter. these actions and the issuance of appropriate guidance will help, yet the true test will be there effective implementation over time. to summarize, the use of cloud

competing offers the promise of efficient service but also carries risks. omb, gsa have taken steps to develop a strategy, processes, and guidance on cloud security. nevertheless, continued efforts will be needed to ensure that cloud computing his income that securely in the federal government. this concludes my statement and i would be happy to answer any questions. >> we will have votes in about 10 minutes, so we will see if we can get through some questions. if i were to summarize what i heard, it is that they have the glass half full approach. you have the glass half empty approach. can you tell me which glass i should take up? >> sir, i do have the glass half

full approach. i believe that cloud computing is going to transform i.t. the world is moving that way. we need to move with it because the advantages are so great. >> it is inevitable we move there? >> i think so. >> house secure can we make it, and if i were to just listen to what you were to say, i would be very pleased to secure right now or in the process of getting more secure, but the gentleman to your left is paid it to poke holes in arguments that people like you make and has poke some holes. sometimes things sound too good to be true. most of the time i have found that to be true. what assurance do we have as we move toward cloud computing -- let me put it this way, and

report that we issued yesterday, consistent with what we have heard before the committee, there is a suggestion that 85% of computer intrusions, unwarranted interference, etc., could be stopped by a good computer hygiene. which suggests we have a lot to do with public and private awareness. one of the key aspects to security on cloud computing would be awareness. how am i to be able to tell my colleagues and constituents that the awareness that evidently is not there now with the way we are doing things will be there as we move to compete in? isn't that the essential question? you can set up the best, most secure systems possible, but if there is no awareness of what you have to do, both in terms of what we're doing here, the ultimate users, the government employee, but also the vendor

and their employees, it will not happen. is that computed into what you said today? we have the awareness, we will have the word is, it is built-in clock? >> thank you, as greg notes, i used to poke holes as well. this is a challenging area. i think it is a half full, half- empty glass. we are never done in this area. i think we would all agree. we can put the best controls in place, the best policies, the best people, but you will always be advancing in your knowledge and ability to deter threats and vulnerability to your system. it is a given. that is one thing we need to do, to dispel the myth there is a magical control or formula we are not using and if we put it

in place we will be absolutely secure. security is an ongoing exercise. >> true, but how do we answer the skeptics of what we think we need to do that if you move in the direction of cloud computing, you are necessarily creating greater part-rich environments. if i can invade the cloud that has multiple more data points than a small network, i parted my energies on that. if i am successful, boy, i have a tremendous amount of information and connected information, where and may not have that if it is divided over 2700 different networks. that is the concern i have expressed to me. on the other hand i hear the argument, with a second, put more capital investment in clout technology, more up-to-date, more timely, the confined things more quickly because they have greater observation.

i understand that, but i think you understand the point about the greater part it rich environment, with the concern people have -- the greater part get rich environment, with the concerned people have the security of the cloud will be immeasurably better than the security of the system. >> i agree, that is the way forward. our problems and security are not unique to cloud computing systems. if you look at what we're putting in place, when the agreement on what the baseline controls are. i think we have achieved that by working across a huge community and the government to have that dialogue. second, we need to agree on the additional controls warranted and a cloud of environment, where there are extended vulnerabilities that are not necessarily applicable to traditional systems. we have tried to introduce new controls. third, i have to move to

continuous monitoring. we have to make sure agencies are ply managerial, technical, and operational controls to the systems, but but we need to report on a real-time basis the posture of the cloud security providers environment. we have to see and be able to take action and demand that a solution be put in place. then we can really move up the security posture to more tolerable levels. >> thank you very much. i either recognize the gentle lady -- no, whoever you want on your side. i think we have five minutes before we have to go vote. >> right. well, thank you, mr. chairman. i appreciate the ranking members' indulgence. clearly, the cloud is cloudy

right now to a lot of us, and we are trying to get better. as we go forward, i am concerned about how our government moves forward without the necessary safeguards in place. let's talk about one of my concerns. i understand that dhs is contract aed with a company cald cgi federal inc. to move their public website to the cloud. i understand this is not a u.s. company, am i correct? >> you are correct, we have contracted through the gsa infrastructure as a service vehicle for cgi federal to provide clout services. cgi federal is a u.s.-based company. the parent company is a

canadian-based company. >> it is a u.s.-based company, owned by a canadian company? >> that is correct. >> ok. does that cause concern? >> in awarding the contract and going through the evaluation, we followed all of the proper regulations. we worked with the organization and the gsa. we put a clause in to that contract that states that everyone who works on that particular contract needs to be a u.s. citizen unless they are granted a waiver, and i do not suspect they will grant a waiver, and all of the data that we would use running those public websites needs to be resident within the united states. >> can you provide the committee with a copy of that task order? >> we certainly can. >> none of the hosting or anything will be done and out of

the country? >> hosting will be done in two geographically diverse data centers located in the united states, sir. >> thank you. when you testified before the house oversight and government reform committee last year, you called security one of the most significant obstacles to the adoption of cloud computing. is that still your position, or have you modified it? >> i think it is the top challenge. there are others that we have alluded to. because of these issues this morning, the lack of consistent standards, the lack of the quality of the work to assess the cloud systems, the lack of continuous monitoring and real- time capabilities, it presents real challenges. we are addressing those. that is what we're trying to do.

i think greg may have mentioned this, there is portability. i parked my dad out on a cloud drive system, i either by choice or because they go out of business, i want to get my dad out of their system and into a new one, -- i want to get my data off of their system and into a new one, it is what they have to ask of their service provider. >> that is still a concern? >> absolutely. >> i am the stand there has been improvement of some services under these contracts. why have only four of those 12 fully is that it? is that issues around security? >> absolutely. once the 12 entities were found to be qualified and awarded business under that, the second

step is to go through security authorization process, which is controls and testing to make sure they meet all federal requirements. to date, four have, and the remaining are going through the security authorization. >> so another federal agency could not pick from the eight at this point? that correct. bacon pick from before. if they wanted to -- they can pick from the four. if they wanted to, they could perform the security assessment. we are doing that at gsa for all agencies to be leveraging off that rather than repeating it. >> i'm a little concerned that some of the vetting is not complete with some of the companies. have you looked at that? the you have concerns also?

>> we have not looked at the assessment process yet, but if we have not yet assessed the security controls over the cloud environment, if they use that environment, they are doing so at risk, at increased risk. >> alright, we are sick thing -- we are expecting a series of five votes. the subcommittee will stand in recess, reconvening immediately following the last vote. [captions copyright national cable satellite corp. 2011] [captioning performed by national captioning institute]

>> with the acceptance of the minority, i'm going to ask a few questions. then they will have the chance. so we can allow the first panel to go as quickly as possible. is me ask, mr. speyer's, how the department evaluating the different needs for different datasets? if we have an agreement there are different categories of clouds that are appropriate for different levels of security, based on the nature of the data.

what is the criteria of evaluating the different needs. >> we're starting off simple. what we would consider sensitive data, including data for official use only at higher sensitivity data, law enforcement, for instance, the classified realm, we're keeping that within the private cloud. that is hosted out of our enterprise data centers. it runs within our own network and we are able to control the environment. we are aggressively looking at

that public cloud for non sensitive data. the example i used was moving the public safety websites, like dhs and fema to the public cloud, and we're trying to get experience using the federal clout -- the public cloud. does that matures, we would anticipate overtime looking at how that criteria could change. i am a believer having been in the private sector that we always want to foster competition. we always want to have a choice. as we have more and more comfort over time, that public cloud services can provide the security levels and continuous muttering capabilities that we need, we would look over time to relax that criteria, shift its so more sensitive data would be able to be moved into the public cloud. >> what is the interplay between

the department of homeland security and gsa in terms of assurance of a cyber security as we move to the cloud? dhs appears to be the point agency -- i don't want to say looking over the shoulder, but looking at other government agencies and departments to make sure they are taking cyber security seriously. we have built office at the white house which i would suggest is my definition, sort of the focal point for policy, but dhs is the apparition appointed. how do you interface with gsa on something like this with respect to their responsibilities in the areas where they have authority? >> let me provide an answer.

first, i should state that ibm t cio for the park -- i am the cio for dhs. there is another department that has its mission to provide cyber security for the nation, in particular for the civilian government agencies. >> and hopefully you talk to one another. >> we talked to one another all the time. we're the biggest getting paid for what they want to do next, and i think we should be. we work very closely with them. they have the operation that gathers response information from through the government to share, analyze the information. that organization is working very closely with our organization and gsa as we look at how we will rollout the initiative. has that rolls out and we look

at continuous monitoring for public clout service providers, those fees would be provided to the department of homeland security for continual analysis, as well as the agency, so we could continue monitor the public cloud at possibilities real-time for use of the public allowed. >> it is a complementary relationship. at that has been revised with heavy participation from dhs, and also from greg shephard's office, which richard referred to, that does the operational monitoring and runs a lot of the u.s. capabilities. what we are doing is designed to actually incorporate the role of dhs into that process.

we're not replicating, we're not eliminating anything that is clearly in dhs space. if you look at the recent change that requires agencies to do monthly reporting of continuous monitoring, fed-ram is simply building on top of that. >> either in the opening statement or an answer to question, you met answered that movement to the cloud it is something that needs to be done. does this need to increase in intensity? is a relatively new concept? is it one that has been implemented across the board and government agencies and departments? is it sporadic? given what you said about this being an essential, one would think it would be essential now.

one would also ask if it is treated as something essential now. >> absolutely. the issue with the continuous monitoring controls is the agreement upon the standard for the control and on the data elements that would be passed to show compliance. we want to make sure that has been agreed to with industry as well as inside government. that is the process under way now, establishing those standards for the controls and the continuous monitoring, and coming up with an agreement on the data elements that would be shared between entities to show compliance. once that is worked out, we begin moving to a near real- time view of what is happening in the provider space, whether internal or external provider. >> any comments? >> yes, thank you.

we issued a report this week on federal information security. one issue we discussed was continuous monitoring. it is a relatively new phenomenon within the federal government. it there was guidance issued that included it in the risk from work. i believe that came out back in february, perhaps, 2011, if i remember correct. right now, the experience of federal agencies in continuous monitoring is still immature, if you will. there is still a great deal that needs to be done. in some respects, it is required agencies have the capability to have automated tools in place to gather this information and feed it on a regular, near real-time basis. many of the agency so far do not have those capabilities over all of their assets. it is also important to know

that with continuous monitoring, there is the automated aspect of it, but there is still the need for testing and evaluation of the effectiveness of the controls to assure the information that is being provided through these automated tools is accurate and reliable. >> one of the key risks the gao report identifies is the dependency on vendor. there was mention in the first round of questions about the scenario in which you terminate a contract or the vendor ceases operations. in the idea how you protect against the vulnerability? what do you have to build and to protect the government's

essential needs at that point? >> that is a key risk to federal agencies. when we did our report last may, all 24 of the 24 agencies cited loss of information as a key risk should their clout service be terminated. in terms of being able to help mitigate those risks, it is imperative of agencies to establish comprehensive service level agreements that specify clearly up front what the role, responsibilities of the cloud service provider is, as well as what the customer is with regard to providing information, should they go out of business. it is also imperative that interoperable lee and portability standards be developed and implemented so that agencies have the capability to take their information that is being processed by a cloud service provider and use it either

internally or to another provider, should the need arise. >> is there anything technologically unique about cloud computers that causes more difficulty with this particular concern? that is, termination of services? >> not on a technical side, but i would echo what gregg said. one of our big concerns about moving into the public cloud is that, we want to be able to assure continuity of service to our customers in all events. we have to work the scenarios as to what happens in the hopefully of likely advent the cloud service provider can no longer offer their service. data archiving capability is, having a standard set. so that we can quickly shift to another cloud service provider if necessary. cloud into rubber ability

would presume that you have equal security measures out available. >> i think that goes back to the initiative, having these provisional authorizations in place for hopefully many clouds service providers so it makes it toh easier for us as cio's have choice and more easily be able to move services. going back to my competition's point earlier, it gives us a more competitive playing field which will drive down cost over time and provide better service. >> before i yield to the ranking member, the ranking member of the full committee brought up the question about the contract with the firm that is u.s.- based, but is a canadian firm. we are close to canada, but is

another country, as i recall. i think congressman thompson was burning up the question -- i do not know the visuals of that or how we tell the american people, yes, the government will use vendors that have clout competing with all of the assets but also the vulnerabilities we talked about, and it will be a company that answers to people who are not in this country. you answered it specifically. do you understand at least the question some people may have there? >> i think the more general point, certainly the department of homeland security, within my office, we would want to always make sure, sir, that our data is protected.

that for any sensitive data as we move forward. u.s. citizens only have access to that data, that it be housed, for sensitive information, that it is only house td in data centers on american soil. that is a given. all i can say is we follow the regulations at. we didn't open competition within the providers that work available to us through the gsa vehicle. based on the evaluation criteria, this firm one that particular task order. >> thank you. the gentle lady is recognized five minutes. >> thank you. and the key to the panel. thank you for your patience. we need clones around here.

that is all i can say. let me say, and the brief moments i have had in the hearing, i am not as concerned about our capability to secure the cloud. i say that simply because we were innovative enough to invent it. i believe that our knowledge, our capability, our skill will enable us to protect it. i want to be more affirmative. when i think about young people today and their level of curiosity, there innovativeness, i know that somewhere seated in some classroom today, is the person that is going to come forth. but they will enable us to do what we need to do to move forward with these innovations that we have as a civil society. i am coming at this not as a scary person but someone who is ready for the adventure.

having said that, i'd like to ask the question, did you look at the experiences of other federal agencies in using public cloud before undertaking this effort? if so, what lessons did you learn and how did you apply them? and what about state and private-sector experience is? were those also taken into account? >> ma'am, we certainly have within our strategy had numerous discussions with federal agencies, nasa, the veterans administration comes to mind, both of which have been aggressive looking at cloud capabilities. we have also talked to a number within private-sector firms, as well as my staff has been very involved in reaching out, as well as to advisory

services that worked in the i.t. industry. some of the lessons learned, and i think we're still learning these lessons, one of our biggest issues beyond security, this is fundamentally a different business model. a service level agreement, we're not purchasing hardware, licensing software, integrating them together. it is fundamentally how we procure this is very different. we have been working across the federal government. and a couple weeks, the federal council and the federal chief acquisition of officer council will be meeting together to talk about this very issue. how we work out the procurement issues, the business model issues so we put ourselves in the best position to leverage

this capability from a business perspective. that is where a lot of the lessons learned are. i think many of us are still feeling our way as to what the right business model is moving forward. >> when we conducted our review last year on cloud competing security, we went to a couple different agencies and looked at some of the pilot cases under way. we went to dod and looked at the rapid access to computing environment, and also looked at the nasa's nebula cloud environment. some lessons learned they experience had to do with just assuring having to reengineer some of their business processes to accommodate the use of cloud computing. they also found one of the challenges they had was clearly specifying and delineating the responsibilities of for security of the clariant

personnel at nasa as well as the cloud provider. in both cases, each of their implementations were private cloud implementations. they decided in each case to take a slow, cautious approach before jumping in and going to public cloud. but in both cases, they went with the private clout implementation, which generally has a lower threat exposure than the public cloud. >> are there any agency applications or services that should never move to the cloud come up with everything in agency does open to that move. in either case, why would that be the case? >> i will take an initial stab at that. there are probably implementations, information that is so sensitive, classified information, that needs to be protected. it should not be placed out into

a cloud environment, particularly a public cloud environment giving the security capabilities present. certainly, classified information published not be placed in the public cloud. >> would you say never? or do you foresee in the future that capability will exist? my question was never. welcome i was taught from a very early age never to say never. i think i will keep to that now. >> i think i have essentially the same answer. in the i.t. field, i have learned never to say never because things change so much. that said, i agree, it will be quite a while before we would have any comfort putting classified information into a public cloud environment.

i think it will be quite a few years before we would look to do that. >> the only thing i would add it is it goes back to what the agency sets as their requirements for what it is anding to do with its data service delivery. if the data demands protection levels beyond the capabilities of either in-house or out of house providers, you have to address that. the term public clout it is used pretty loose. there are instances where you will see federal agencies claiming they have things on the public cloud, but it is not the equivalent you may find as a consumer doing from our own homes. we have security requirements, record management requirements, all of these requirements that still these providers have to show they are able to provide, even though they may be called a public cloud solution. >> thank you very much, mr.

chairman. >> thank you, mr. chairman. what the new technologies, i think there is a possibility of increased risk on an infringement of copyright holders rights because of the nature of this, because it is faster, cheaper, and easier to engage with authorized. production and distribution of public performances. to what extent can the increased reliance on cloud computing services contribute to this kind of copyright infringement? is there an issue there? that is for the whole panel. >> i think it goes back to in any environment, private or public clout but regardless, you still have basic security and privacy standards that have to be met. access controls come to mind.

up to has access to information and the clouston format. if feet -- who has access to the information in the cloud environment. if you do not have controls in place, you are subject to losing information a matter what type of cloud. >> one of the things we are working on within homeland security is strengthening our identity credential access to information capabilities. we foresee in the future having a much stronger authentication model to protect against these very types of thing, whether copyright infringement or in our case being very concerned about privacy and civil liberties, access to the data we store. that transcends the cloud informant or just a more traditional system and data base. these are the things we're working on to strengthen the safeguarding side, yet still unable the right kind of

information sharing to protect the homeland. >> i agree that authorization and identification verification is going to be key in this respect. not to poke a hole, the responsibility for ensuring that the authorization is correct and the identity that it uses is verified may no longer reside with the federal government or the government agency but the cloud service provider. the effectiveness of their control and access controls come into play as well. >> ok, that is interesting. thank you. this may be a bit tangential, but in terms of government security, securing government data, does the use of flash drive products as well, is there any advantage or differentiation being made when you have that

kind of product? using a hard drive kind of system compared with a software authentication? do you get anything more from a secure basis out of the hardware kind of authentication to that type of product than just the software itself? where do you see it going? the u need both? is it find just with software? or is there a need for that going forward? out for secure data. >> yes, i think the hardware authentication and security is something that can definitely help protect information. particularly with flash drives and a thumb drives, it is a key risk. those devices can contain large volumes of information and they are extremely portable, as they are designed to do. some agencies like the

department of defense has prohibited their use on their systems because they also are carriers or can be used to carry malicious software onto an internal network. >> ok, i yield back my time. >> thank you very much. i want to think this first panel for not only testifying but understanding that we have votes that interrupt. i understand that takes up your day and we appreciate you being here and we thank you for your testimony. members of the committee may have additional questions we may submit in writing. we ask that you respond to those in writing. with that, i am happy to thank you and dismiss you and we will move on to the second panel. i will ask unanimous consent of mr. duncan, a member of the full committee, to sit on the second panel, and i have the privilege of introducing someone from his

estate when we get there. thank you, first panel. if the second panel would come out? >> ok, we have the opportunity to hear from the distinguished set at panel on cloud computing and the security implications. hehave mr. james' schiffer,

is a partnership with the irs in support of business maundering programs. prior to joining csc, he spent 27 years working on telecommunications in north america and europe. mr. timothy brown is the vice president and chief architect at ca inc. mr. brown has been involved in many areas of security including threat research, hon. the management, consumer and enterprise at and they, access management, network security, encryption compliance, and diminish security services. mr. john curran is the president of security at american registry of internet numbers. he is also the chief technology officer at xo communications.

he also has been an active participant in the internet engineering task force. it is my privilege to allow mr. duncan to introduce the next gentlemen, who had something to do with perdue university. since i went to notre dame, i would like you to introduce him. [laughter] >> thank you. this morning is my distinct pleasure to introduce one of my constituents. he is also someone from my alma mater, clemson university. at clemson, he leads efforts focusing on the high performance communications and collaborating with state and national government entities. under his leadership, clemson univ. has appeared at no. 60 in the world's top 500 competing sites, alongside their

computation center for mobility systems right at number 100. he currently serves on the advisory committee for cyber infrastructure, the advisory committee for assessment, and for the internet to board of trustees. he was the first vp of computing at perdue, where he was responsible for coordinating all information systems across the university. he has also served on other committees as well as national laboratory boards, and provide consulting services for major universities across the u.s. he has worked on cloud computing and provided excellent perspective on this issue from its academic research and experience. i look forward to hearing his testimony and thank you for having him here today. i yield back. >> i think the gentleman. we thank you all for being here. we thank you for your indulgence. i know that you had to wait as we went over to vote.

we have the procedure here that you're written remarks -- your remarks will be made part of a record in their entirety, and we ask you to limit your verbal f4 minutes. >> thank you. i have 29,000 employes who proudly serve and support of the mission of the federal agencies. i also recently served as the vice chair for the public sector for tec america foundation's on the leadership opportunity and u.s. deployment of the cloud. in july, we should report with 14 specific recommendations for the federal government to the accelerate the adoption of the cloud, and i respectfully request that document be entered into the record.

>> without objection. >> last year we had revenues of just over $16 billion. we're not as a leading global provider of i.t. services, and we provide cyber security to some of the world's largest companies and some of the most sensitive agencies. by leveraging shared computing resources, hardware, and economies of scale, cloud competing it is offering and a revolution. users pay for only what they consume. claude computing and the service delivery model allows organizations to cut their costs. it is a hot topic. it is only the latest evolutionary step in the field. it began with custom built computers, moved to mainframes, onto personal computers, then the internet. what is different about the cloud is the rate of adoption.

the economics are compelling, and the take up of this technology is much faster. the global nature of the cloud makes it a different kind of phenomenon. today's austere federal budget climate offers added incentive for agencies to adopt the cloud but also raises questions of trust. trust is more than just security. u.s. citizens and users must believe in the integrity and reliability of cloud competing in addition to security. the speed of cloud advancement requires new security policies and even new security technologies and procedures. the internet, the foundation of the cloud, was originally designed without a primary focus on secured a. we have had to play catch-up to make it secure. in the future it will require entrance sickly secure architecture. the second risk is that all required security standards are

not yet in place. the national institute of standards and technology and the clout security alliance are developing those standards. we believe they need to be global standards, not to standards in the u.s. cyber threats are serious and dynamic and becoming more an issue. threats are more severe than in the past and they are evolving swiftly. the risks and challenges to cloud computing are challenging but not insurmountable. fundamentally, cyber security must be integral to the architecture and not bolted on after the fact. we believe that it can meet these stringent security requirements. how should they be addressed? the key is to align the risk profile with various types of data and their uses with the level of protection required. one size fits all purchased

friday their effective security or cost. it -- one size fits all security provides neither effective security or cost. as an evolving technology, it is support to gain feedback. lessons will need to be shared across agencies. the department of homeless security is reaching out to foster more secure and resilience cyber environment. they're showing leadership and cloud adoption. dhs is increasing the productivity of its capital investment in computing and has also implemented a private cloud behind its fire wall. the department is an early and prevent a doctor. one example of the success of this approach is our assistance -- with our assistance at dhs,

we have plummeted a private cloud -- we have it implemented a private clout at dhs. cloud competing offers enormous opportunity to improve performance and reduce cost. security issues can be managed. the u.s. is a worldwide leader in the adoption and we must maintain that position. >> mr. brown? >> chairman and the members of the subcommittee, i thank you for the opportunity. we are one of the world's leading i t management software companies that provide software and services, enterprise government, and cloud providers. the height and promise continue to accelerate, but it is clear significant confusion remains about what cloud computing is and the risks and benefits. security is a concern cited most. when you consider the loss of direct control, these concerns are expected. they must be addressed for the clout to be successful.

from a security perspective, any service that has access outside of an enterprise's direct control should be considered a cloud service. check processing and a 401k portal are good examples that been around a long time. it is not new, but the current momentum and explosion of new cloud the services gives opportunity to enhance cyber security. >> i think we lost your microphone. >> am i back? all right, we will move. we believe the responsibility for clout security ties with both providers and consumers. it is neither inherently more secure or less secure. security fears and arguments those fears are overblown have muddied the waters. i will focus on critical areas affecting security. first, it is important to know the cloud will not replace all

other technologies and service delivery options. the organization's move to the cloud, it will be one of many platforms. we should be wary when people say the cloud will replace all technology. at second, the responsibility for security rests with both the consumer and provider. what is important is transparency. customers and providers need to agree upon security expectations and to know the service deployed meets those requirements. customers must have trust in their clout service provider and have the ability to verify their claims of performance. customers need to be vigilant in their investigation, auditing, and oversight of their providers. providers must secure their data with the same degree of seriousness as the owner of the data. there'd, the strong and trusted security system is vital to

securing the cloud. many of the data breach as we read about today find their root cause and weak and needy and access management controls. the move does not create new security risks. consumers should ask the following, who has the need to access what? what can they do with access? what can they do with information have obtained? finally, what did they do with that information? online banking and bill pay services provide an example of transactions between different clout services that can be accomplished using strong at a giddy management. different online banking transactions have different risks. banks have of demented tiered security services. -- banks have and implement it different security services. if you want to authorize your bank to pay a bill, they made to offer is a bill payment service on your behalf. this requires the bank and the bill pay service have trusted

and transparent security practices that are audited. ca technologies contribute actively to the organizations such as oasis and collaborates. there are to ever talk like to highlight. we offer a promise that solutions can be accredited once and used many times across federal agencies. while we await the final draft, several questions about its scope and alimentation remain. we recommend congress continue oversight to ensure these questions are answered. the second is the national struggle before trusted identity. it is aimed at enhancing " trust by strengthening industry-based ad in the management practices and minimizing the proliferation of cast board comminations rigid of password combination online. we recommend that congress for this important effort.

finally, i like to offer several >> finally, with like to offer some considerations. congress should look at cloud computing not specific technology. they will become outdated as the new technologies emerge. congress should avoid adopting policies that create country- specific policy for the u.s. business, a global policy will enable industry to build solutions that can be delivered in multiple markets and enhance competitiveness. we recommend that congress support the important policy recommendation from the cloud ii commission. i would be happy to answer any questions. >> thank you.

mr. bottom, you are recognized for five minutes. >> mr. chairman, i with like to thank you and members of the subcommittee for the opportunity to present this testimony. located in clemson, south carolina, clemson university is a public land grant research in brazil with an enrollment of 19,500 students. research institute with an enrollment of 19,500 students. by allowing users to share resources, cloud computing enabled infrastructure to be right side, balancing user requirements with the information technology services rendered. cloud computing is both efficient and economical. however, we must ensure that our security tools, practices and policies grow in proportion to our use of this evolving

technology. clemson university has been in the cloud of business for 30 years, provisioning medicaid applications and services to the state and citizens of south carolina. three years ago as the recession intensified, we created a south carolina cloud experiment to see of several institutions could do things we could not do by themselves. today, our cloud is operational and involve the cooperation of educational institutions and commercial organizations, partner institutions include public and private universities, technical colleges, and historically black colleges and universities. many of these would not ordinarily have access to the resources as a stand-alone institution. our team is working with a fortune 500 company to build up a secure and comprehensive cloud computing environment. considering our diversity set of users that connect into the

environment, it is important to ensure identity and access management and address concerns over data se theft. our goal is to apply policies, procedures and controls letter seamless and transparent to the end user. it is my view that the benefits of cloud computing far are weigh the risks. a thoughtful strategy for burton way adopting the adoption of these services and facilitate the smooth transition to this dynamic platform. the transition should be complemented with a thoughtful and comprehensive in itiative. to increase security within the cloud, r&d is needed in six important areas. the first area involves the use of virtual machines. cloud computing is enabled by of fertilization. for the research is needed to

better understand machine operation and establish safeguards to effectively protect this evolving environment. second is authentication, opposition, and accounted. current security of purchase leverage best practices. research is needed to counter the threats including eavesdropping and tampering, after survey of the denial of services, network infrastructure vulnerability. third, r&d on security application should focus on the creation of applications that leverage the district of nature of that cloud. this research would result in a more secure environment that is resistant to both infections of individual host and the current generation of network-based attacks. another area is encryption for data processing. recent work has produced an encryption system allowing computers to execute in cryptic programs. research on distributive that denial of service protection and

control is needed. a ddos attack is the attempt to make a computer service unavailable. currently, there is not a good mechanism for ddos detection. tools inrotocols and place make it difficult for networks to be made available dynamically to match the elasticity in cluods. ouds. it is critical that we have a security-conscious work force. there's a gap that exists between what universities teach and what industry needs. universities teach theory and fundamentals, whereas industries' desire of personal experience. in addition, attention should be given to legal issues surrounding cloud computing. contractual issues regarding physical data protection, is in response,, facility, privacy, and security control, which are

important aspects in developing our relationship with the provider. on behalf of clemson university, i would again like to thank you for your time. >> i was just thinking that cloud computing is the only thing i have not heard being argued for the breakup of the big east or acc, and i suspect that maybe we will be hearing about that. >> will the gentleman yield? go tigers against boston college. >> i've got a neighbor who is a freshman at clemson university, so i said ok. >> thank you, chairman, for having me here today. you have my written testimony so i will keep my verbal comments brief. i want to focus on areas related to using the cloud over the public internet, because that is what is new. dr. mcclure indicated that the

use of public clouds poses new areas of risk, and i would like to highlight four of those that this committee should consider when looking at this issue. first, is the relationship of public clouds to other initiatives within the federal government for cyber security needs to be carefully considered, because public's clouds are using vendors outside the federal government, but the federal government has several government wide security initiatives that included hspd 12 for validation and of the rescission. this includes the trusted internet connections program. when we make fees for public clouds and vendors, they may not be familiar with how to use those initiatives, which our government wide. so the documentation and the approach to vendors so that they have everything that they need

when they design their public cloud to make use of government wide server security initials is essential. otherwise, our public cloud will not be participating. second is the issue of the physical location of the data and systems. the physical framework and physical security control profile always had an assumption within it of federal controls of facilities are systems. it is true about 10% of our federal inventory is outsourced to contractors, but it is outsourced in a way that puts it under agency controls of a vast majority of cases -- to the vast majority of cases. when we make this public, we have the idea of using a profile that is 10 years old to secure public clouds that may be worldwide in nature. the problem, of course, is that the question to be asked --

where is the data, where's the system? -- does not exist in the original profile. no, the proposed security profile of does have enhancements and it includes the personnel that are making use of managing the data. in the current, it does not include controls for whereas the data and the systems themselves. so we know in many cases that the systems are managed by u.s. citizens, but we do not know necessarily they are located within the u.s.. i give the agency can implement fmla's to cover that. what might be a better approach is making it inherently part of the profile so as gsa accredits organizations, they consider their systems are. so they have the ability to say, is that acceptable? the third matter is on migration. i guess this is most important.

the recovery that is provided by the profile works within the cloud. the cloud providers provides data to another data center. we need a contingency planning of one level higher up. you need to worry about the case where the club provided themselves is no longer able to provide the service securely any need to move not to another one of their data centers but to an entirely different provider purity might need to do that on rapid notice. -- you might need to do that on a rapid notice. so the migration is not just a question of cost or been able to get their data back. it is the security control. it is an inherent function that needs to be provided so that if

a club provider -- cloud provider is compromise, the ability to migrate is not a question we are asking. it is known to be able to move up to another provider in days or hours. finally, the internet itself is not static. it is changing rapidly. there are security protocols to secure a system an ip version 6, that need to be considered. we need to make sure these are part of the profile so that we do not build on the internet while the internet is changing out from under us. i look forward to your questions. >> thank you. thank all of you for your testimony. i'll yield myself five minutes for first questions. mr. schaeffer one of the things that struck me as he spoke was the idea that in the past with the internet, we did not build in security at the outset.

and we have to play catch-up. mr. curan outlined a number of things that do with building security into our advances in computer technology, including the cloud. could you comment on the comments he made? >> certainly, sir. i agree that we are in a position where we're using a technology and infrastructure that was not originally intended to be with the security issues in midn. nd. and i agree there are number of initiatives underway to address a number of those a vulnerabilities and issues. i think there has been good examples that exist within our intelligence community and within the secure side of government operations that point

in the direction there were able to build architecture sick can secure data and applications -- can secure data and applications in a private environment. the question is how will we do that in a public environment? i come back to the comments that suggested into we can do that, we have to be careful about what we put in the public domain. but the interest of the commercial sector is to, as quickly as possible, get to a point where they can provide there's adequate protections and the innovation that is going on in the commercial world will solve those problems in time. in the meantime, i would agree, we have to be aware, do what we can to build and standards and a purchase that will guarantee that those of older buildings and risks can be managed. but we will from a technological perspective solve those problems.

>> mr. brown, it appears that one of the messages from this panel is the dynamism of the i.t. world, that we make a mistake when we take a static view of things and that cloud computing is one evolutionary point in this utilization of advanced information systems. and so therefore, we've got to try and from our standpoint make decisions that reflect said. at the same time, there is this fundamental issue or concern that reflected in both constituencies and members of congress that there is something about possessing a system,

something about possessing your own information, something about fencing off your information from everything else which is perversely at odds with using the internet. >> right. >> and yet, people seek both the ease of access and the multiplication of recipients of their information that the internet offers with a heightened sense of privacy. so i think one of the great concerns we have to deal with, both legitimate aspects of it and let's say hide aspects of it, are that as you surrender your possession of the system ad moveve more toward cloud, which means you are cooperating with other systems in a way that your information i s not totally under your

control, how do we both overcome the fear that people have of a loss of security because of loss of possession, but at the same time, assure them that we do have technology fixes so long as we understand that that requires a sufficiency of information that the users have and a persistence in the use of what i'll call generally good cypbber hygiene? >> from an economic standpoint, cloud is coming. the reason why is that in cloud computing, we can do many more releases, put together more software that is better more quickly. we can test it in one

environment. we can get higher quality software are of our building and into the hands of consumers quicker. and if we do not, as the vendors, embraced cloud, we will be on a business. >> that is a strong imperative. >> if we do not embrace it, we will be out of business. i think the same goes for governments, that if you want to keep up and move quickly, embracing the cloud for the same reasons needs to occur. any time we have these types of changes, we have opportunities to become better or become worse. right? and we believe that cloud gives us an opportunity to become more secure. the things that need to happen is you need to have trust and the providers, you have to be able to verify. so you need to be able to have things like bed ramp that allow you to monitor those providers to make sure they are

doing what they say. you need to make sure you be cautious as you go into these environments to make sure that, in some cases, we will see a huge expansion of cloud providers and only a certain portion will survive. you need to have contingency plans to be able to move from one provider to another. so it is not a question of if it is going to have and. is going to happen. so it is a question of how we get enough trust in that environment that we can make move forward. and trust and the being transparency. ends up being with acceptance that this is what a club provider will go -- a cloud provider will do and the ability to monitor what they will do to ensure that they are doing what they say they need to do. >> i have a bunch of other questions. i will yield to ms. clark for five minutes. >> thank you very much, mr. chairman. i want to thank the catalyst for

letting their expertise today. my first question is, many potential agency users of the cloud believe it is not secure enough for their needs. from your perspective, are they right? >> well, excuse me. i'm a provisioner, so i say amen to everything mr. brown just said, and it is a question of building up trust. i think with the relationship we have, that is essentially how we got there was through building the trust of the end user and the community that we are provisioning for. the first thing i did five years ago when i went to clemson university was consolidate 43 i.t. departments into one. that is building a cloud for 43 departments. so over time you have to build

that trust and that true performance. i think directly answering your question -- is it secure enough -- we get tested in a number of ways. i think the end user has to figure are how the trust but verify. and i mentioned that we run the medicaid system for the state of south carolina. we give planned visits, audits, and we get on planned visits and audits. so we have to be ready at all times. and it is a matter of communication, policies, people working together. i think, you know, to me, the cloud is, you know, we just call it something different every decade. it was time sharing in the 1980's, the grid in the 1990's, and we did a project with notre

dame. basically, that is essentially what it is is a matter of people working together and creating a trusted informant. -- environment. >> i will pick up on the comments of the earlier panel. what we need to do is make sure that the mechanisms that we put in place give the agency ceio enough information to make the determination. the program is a profile of controls that we make public cloud useful to cio's. right now there is a number of pieces that a cio has a filly. if you when your data in the u.s., that is your sla. if you are worried about migration, that is not in the profile.

the answer is, it is it suitable today for an ambitious agency that an decides to take this on and fill in those pieces? the question is whether we can make a federal program where there is functions are provided for, already documented. that does not mean all of the data needs to be in the u.s. an agency whose workers are around the globe doing aid might want data centers that are close to where the people are. someone else is doing sensitive work might want to know that the itsd he's using has set servers in the continental u.s. it is making sure that information is in the system, so the cio has the information he needs. i think it is possible today. i can think it could be much easier use with work. >> one of the other important points, is that we specialize

cloud services for special purposes. if there is enough money available for someone to produce a service that is all for secure, altar of -- ultra secure and ultra resilient, somebody will produce that service as long as the economic model fits. you'll see other economic models that take less security and less resilience. and all those types of models are ok as long as they transparently tell you what their models are and what they can provide. >> let me thank you all for your answers. so many questions come to mind once you read that question and you get the answers. so it is a totally new space. it's a lot of pressure on a cio. and you start thinking about

does this become an issue for litigation as we begin to build those areas of trust. and so does that become a whole another practice within the legal field and an understanding that that work that we create? my time has elapsed. i want to thank you once again for raising the consciousness and the congress of what we need to do. thank you. >> there are so many questions, but you have been very good about it. let me just ask one general question. is it, when we look at all the positives of cloud computing, however we, want to defy it, is it a canard to suggest that with cloud computing you create more target rich environments? that is, if i could go after a

larger bit of information or a larger universe of data that involved a number of different players, it might be worth my while to put more capital investment time to go after it? >> same idea is fort knox. so, can we protect the gold? that is the question can we have a proper safeguards to protect that information? when you look in some systems what they have done, your data is not stored in one central location . little pieces is stored in many servers all over the world. they cannot be reconstituted into one piece. because the data happened to be stored in the cloud it takes advantage of technology that makes it harder to compromise one data center. you have to compromise a system. there are technology advantages to moving to the cloud.

but you are right about a target. as you have more data in one place, it is more of a target, but it is one of those things you can centrally protect. >> i want to thank all four of you for testifying. this is an issue that we are scratching the surface on. i think there is a lot of confusion about it. i guess, but even fear because this is a new notion to the larger public, cloud computing. and i think one of our obligations is not only to help clear up that confusion but understand the reality is best weekend. i think you suggest is make sure that all the moving parts are related. if we do something on the government side where we think we have certain protections that that is not only communicated with, but is operational with public clouds as we work with them, and that we anticipate

these things instead of doing patchwork approach is later on. i want to thank you for your testimony. members of the committee may have additional questions for you, and we would ask you if you would please respond to those in writing. the hearing record for members would be held open for 10 days. and the subcommittee stands adjourned. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2011] >> republican presidential

candidate ron paul won the value some estoppel in washington today. he remains in the single digits in most national polls, but he garnered 37%. herman cain came in second, followed by rick santorum and third. current gop front runner mitt romney ranked sixth. tonight on c-span, highlights from the aspen ideas for . >> millionaires think they should pay more. tea party folks think millionairess should pay more. >> mr. the president, why have you given up on the country and decided to campaign full-time instead of deciding what -- doing what the american people sent us to do, which is to deal with the big challenges that

face our country? >> i think what is driving the debt are the entitlement programs and the fact we have not dealt with so security and medicare and so forth on a long- term basis. you cannot save enough money and the defense department to solve the debt prices. -- crises. the conversation as well as chris matthews tonight on c-span tonight at 8:00 eastern. tomorrow, are road to the white house coverage continues with