this as a superior court judge in california that was undeniable. it is not just drugs. he ran as the libertarian candidate for senate in california. i think he does a terrific job when it comes to articulating libertarian ideals and beliefs because of back to the criteria for a candidate that needs to be the number 1 criteria. this is your choice. i recognize that this is your choice. all i am asking you is to just to give jim gray a lesson. if you will do that, you'll understand what we have come to the conclusion on. a this -- this affords us the best opportunity to win.

thank you very much. thank you, thank you, thank you. [applause] >> we will have more from the libertarian party's convention tonight at 9:00. >> this week, the white house cyber security coordinator howard schmidt talks about the attempted cyber attacks against the dyu.s. >> howard schmidt, what is your responsibilities at the white house? >> i am the cyber security coordinator. when we look at the broad issues of security around technology, my role is for the -- is to coordinate this across the government to make sure we are

working with the private sector and international partners. >> how do you do the threat -- the threat of cyber theft? >> we look at state versus nation states, there is an increasing threat from some countries around the world. on the other end of the spectrum, we start looking at credit card fraud, identity theft. as we move our lives online, that threat continues to grow as well. >> why is a cyber attack at sony and national security issue? >> you look at the massive numbers of people that were involved. many people said, it is a gaming system. those same operating systems, that same authentication mechanism, they are not justsony's.

they are in government systems, financial services. if it can happen with them, it can happen other places. >> also joining us is gautham nagesh, an editor at " congressional quarterly." >> you reference the need to address the various levels of cyber security. the house passed a package of cyber security bills, including the one built which is aimed at increasing information sharing between the public and private sectors. the white house threatened to veto that bill. can you tell us why? >> let me back up a little bit to what we submitted last year. when we start looking at all the issues that we have talked about, we looked at what are the things that we really need the

legislative branch to help us with? we submitted a proposal last may looking at a number of things, including enhanced criminal penalties for interfering with critical infrastructure, looking at things around organized crime, information sharing. that was where we started from. that was based on a lot of work from external partners. when we saw this proposed legislation, we believed the government has to give some ability for private sector to share with the government and with each other, but we cannot do that at the expense of privacy, a civil liberties, liability. when we saw that after a lot of discussions that that was not meeting the threshold, we said, are advisers to recommend a veto if that goes forward. >> the bill did undergo some amendments.

have those amendments address those concerns sufficiently? >> they have not. that is the challenge we have. some people say we are looking for to hide of a threshold. when it comes to privacy for american citizens, corporate liability, and the ability to share information, good enough is not enough. we have to have a higher threshold. that is why we continue to say, if you do not take care of the things similar to what we have put we would recommend a veto. >> you mentioned the senate bill and regulations that would address core critical infrastructure. the house has expressed a great deal of resistance to anything that smacks of a mandate or regulation. do you believe will be possible to get something akin to what was in the white house proposal through the house?

>> as a nation, we have a long history of bipartisanship when it comes to national security issues. i continue to hope and so confident that we will get the smart people together and say, the small regulatory regime we're talking about, corp. critical infrastructure, during much built on international best practices on the things that corporations should be doing for their own business purposes. we do not see that as asking too much of anybody. we start getting all of the people together, there is that need to say fix this one small piece of legislation. >> in your administration briefing, -- administrative presence -- briefing to the president, you say the following legislative changes are necessary. a voluntary government

assistance, voluntary information sharing with industry. is that what the senate bill says? >> we are talking about two different things. in one piece, it is court critical infrastructure. not everything that is out there. we are talking about the voluntary peace, there are a lot of different pieces of art and the structure that are not corte critical infrastructure. -- core critical infrastructure. we need to have -- let me give you a good example. if you look at a natural event, an ice storm, a tornado. the governor, elected officials, they have to deal with that. they have to worry about paying overtime. in those economic times, if there is something we can prevent insider, that is what we care about.

within those jurisdictions, we have small and medium-sized businesses. if they cannot move the goods back and forth, they are impacted as well. >> do you think that companies have a responsibility to report cyber attacks to the federal government? or to the department of a homeland security? >> when we look at critical infrastructure, absolutely. any of us, as citizens or government entities want to say, we hope you are doing the right thing. if something happens, you may or may not tell us. we need a higher level of assurance than that. the citizens deserve it. >> leon panetta, last year, he said that we could face a cyber attacks that could be the equivalent of pearl harbor. do you agree with that assessment? >> it is difficult when we start attaching physical events.

can we experienced some tremendous disruption through cyberspace, whether it is intentional or accidental? yes. that is why we have to get ahead of this. fully understanding that we can never 100% secure everything, but we can reduce the risk. >> is it tough to compare the world of cyber to physical events or of the incident happened in the past -- or events that have happened in the past? >> it is difficult. that is one of the challenges that we run into all the time. people will say, how do we compare that to cyber? first and foremost, cyber is connected to everything that we do. communication, entertainment, transportation. there is nothing we can say that it fits into the same box as everything else. if we'll lose some capabilities, it could affect banks that we have direct knowledge of.

natural disasters, electricity goes out and you cannot get water or fuel, we know what that is like in the real world. it does not make any difference if it is a cyber event or a physical event. >> i want to go back to peter's question. he mentioned that april harbor -- that is the sort of argument we have heard on the hill. i ask this question recently, are we at the position -- at the place now where a cyber attack from a foreign state after or criminal organization could cause a catastrophic damage to our economy or significant loss of life? >> are you asking me the same question? the issue is yes. that potential exists. that is why we have to protect against it. having an and the structure out there that is owned and operated by the millions of people,

thousands of corporations, and having this within our day-to- day life, disruptions could be very bad. i have challenges with associating with a particular event and sent it to be the next digital whatever. we still recognize there is significant risk out there. those risks are growing. we are doing a lot to mitigate some of those. i think we can do more. >> the thorny part of this issue is that the issues -- the industry's are mostly of lobbying fiercely against this sort of requirement. it would open up the cost of implementation and potential liability concerns. how would you address those concerns? where is the common ground? is there any flexibility with incentives?

where can agreement be reached? >> -- where can agreement be reached? >> the insurance community. if a company receives a benefit from doing the right thing and giving -- getting an insurance benefit from it as well, that is a good incentive. the bigger picture is what we are looking for, these are things that businesses should be doing anyway. and electrical companies do not get paid, stepped meter is spending. -- unless that -- is spending. there is a business reason to do it. the second piece, but we have proposed is to not create some new regulatory scheme if you already have a response -- we need to make sure dhs has the

availability -- has the visibility. >> it is only fair to report one hefrom the export side of thing. some of that lobbying has resulted in exemptions in the senate bill. is that a concern for the white house in terms of raising the bar to hide? >> we start looking at any exemptions out there now, that will be reconciled as the bill moves forward, but crafting core critical infrastructure may have some exemptions to that. >> you probably sell this. i want to get your reaction to john boehner scopes in the new york times. the white house believes the government ought to control the internet. government ought to set standards and government ought to take care of everything.

they are in a camp all by themselves. >> i could not disagree with that more. it is quite the opposite. the administration specifically has worked very hard to make sure that internet governance is an international peace. we are not looking not to say, here is the government standards you have to adhere to. there is iso. private-sector has put forward a lot of these. that could not be further from the truth. we want to make sure it is available to everybody. having a collaborative effort to secure cyberspace. >> you talked about nearly crafted to national concern. who is left out of that? >> you mentioned different businesses. the things that are nine core --

those are the pieces we have to look at. the legislation looks to have a dialogue with private sector to identify and define a process on how we define what business process, what company, what sector has to be a part of this. >> some have described the current cyber security legislation as the patriot act. there are some privacy concerns and some freedom concerns. >> that could not be farther from the truth. we were very deliberate and putting privacy protections in there at all levels. making sure that we have independent bodies, making sure they are a part of the process. it has been very -- there has been a lot of work and a deliberate effort to make sure

those things that you mentioned do not occur. >> this is "the communicators." this week, our guest is howard schmidt, the white house cyber security coordinator and special assistant to the president. gautham nagesh is the editor of "congressional quarterly." he is our guest reporter. >> we have seen the democrats in the white house come down on the side of the department of homeland security as a civilian agency. however, we have heard from republicans that would like to see the intelligence community had a more active role. can you explain why? >> ever since my office was established, that is the

viewpoint we have had. the department of defense has tremendous capabilities. they were one of the early adopters when it came to moving networks into an ip-based environment. the law enforcement has an investigative role and a counter intelligence role. department of common security, by congressional law, has said, you are the body that works with private sector to help protect infrastructure. as well as there is the implementation as well. we support that, we think that gives us the best ability to leverage the other components of government. i would also like to add the department of homeland security has not only had tremendous leadership from the secretary, the deputy secretary, a number

of undersecretaries, but has also recruited and retained some tremendous talent. they come from private sector, a background that says, this is not all about the government. >> you spoke directly to my next question. we have seen the dhs hire new officials in the last month. do they have the credentials? >> i used to have a discussion with some of the industry experts. they would say, i thought about a dh and tos, but i am not quite sure they are ready for someone at my level. my response has always been, if you are not -- if you think they are not ready, by going there, you would help them get there. we brought someone that was with the energy sector, ran a cyber

security for a couple of states, we have the talent. it is very competitive. >> what do you think of john mccain's approach? no mandate. protecting infrastructure, according to ham. >> that is the challenge. the idea of saying, i will do what i'm supposed to do, but did not ask me to prove that i am doing it. that is a challenge. coming from a private sector background and a background with venture-capital and folks that work in that area, we always have somebody to say, if you are going to ask me to invest in you, you have to give me some sort of level of assurance. we have the responsibility. >> is there a size of a business that you would say, we do not

care about that 10-person company. we are not gone to make them report to the department, and security. >> absolutely correct. things that affect major metropolitan areas or affect health and safety in certain areas. the small company that is doing great business, helping on e- commerce. there is no desire to interfere with them. making sure they have the ability -- so they have the information. we care about them, but they are not part of this discussion. >> why is -- why should sony be part of this critical infrastructure?

>> the event that took place sony, we could see them in other, more critical areas. that is what we need to focus on. we see what happened and we can see it happening in other places. >> do you foresee a role for the pentagon? >> the expertise in the intelligence committee and department of defense, no one wants to try to duplicate it. to make sure the department of homeland security has the ability to leverage that >> you have mentioned the threat to companies. one of the press most cited is the threat from other nations. we talk about how to secure our networks. when does the u.s. feels it is necessary to respond? can you talk about the policy in that area?

>> when we released the international strategy for cyberspace last year, it was the first document that brought all these things together. when we start looking -- advance persistent threats, a couple of quick pieces on that. we use the term advanced, oftentimes, the successful rights of getting into these systems is not advanced. it is using spearfishing e- mails, pieces of mal-ware. that is not very advanced. that is packing 101. -- hacking 101. we know the vulnerability is exist. 85% of the successful intrusions into systems by nation states could have been prevented from basic.

we can focus on the top 15%. that gives us the ability to follow up with policy. the president has the ability to designate under any national emergency the tools and resources necessary to lot mitigate that. >> at what point does an attack from a foreign country on our nation's infrastructure constitute an act of war? >> i am not a lawyer. i want to make sure we are clear on that bridge we have to look at the totality of the circumstances. there is a whole myriad of things. all those things have to be part of the discussion based around a specific scenario that may or may not occur in the future. >> are using evidence that nation states are actively promoting the use of cyber attacks? >> oftentimes, we see all lot of

nation states talk about the threats out there, the military response, the national security response. it comes back to part of the international strategy. how do we established those norms in cyberspace? what are things that are off the table? we've read a lot about it, but the focus is, how the media spotlight those things -- how do we deal escalate those things? said the dramatic things for the worst-case scenario. >> we often read about the chinese, or the north koreans. >> there is an intelligence report that accumulates at things from their perspective. there are companies, individuals, but we cannot focus on just one piece of it. we are looking for a partnership with the international community. how can we bring this down a

notch to make sure we are not putting our country's and our citizens at risk because of all this rhetoric? >> it is a tool that the u.s. could use. >> the laws of armed conflict will apply in cyberspace just like they do in the real world. these are the things that our strategy laid out. here are the options available. >> do you have a paragraph or two from the president's daily reports that he gets on the cyber attacks to the u.s.? >> there are based on a lot of situations. i would not say there is any specific thing on a daily basis. when cyber issues priced to that level, the president would be briefed. >> if we identified your job as having three constituencies, and what level do you have their

attention? >> hawaii level on all respects. the present cares very deeply about it -- high level on all respects. the president cares very deeply about it. legislative branch, we have seen tremendous bipartisanship in the past. we have a lot of attention there. the industry community has really come forth and said, not only do we understand the threat, but here are the things that we are doing. we have a lot of efforts taking place out there. i would throw and the broader -- the entire executive branch. very much a part of the agenda. >> absent a compromise on critical infrastructure, do you anticipate some of these other measures from the house

addressing cyber security issues? is that something the white house would be receptive to? did they insist on seeing a comprehensive package? >> we put a lot of effort into taking all these ideas to say, these are the specific things we need congress to do. that brings all these things together. we cannot afford as a country to go part way. there has been a lot of discussion since 2003. it is time to act on it. that is why we need to have these all come together. >> would no bill at all be a better situation than some of the house legislation? >> we hope we will not be faced with that. we hope that cooler heads will prevail. >> howard schmidt, on an

international level, what is a country we could look at and see as a model of cyber security? >> many countries are facing the same things we are. government has a tremendous dependency on it. developing strategies. half a dozen national strategies coming out from canada, the u.k., australia. we have a good relationship with the russian government. there is a lot going on in the international world. we are starting at different places, but we continuously dialogue with each other. >> we have time for one more question. >> international is a good place to close. how large a priority is cyber security and intellectual property enforcement in trade talk when the u.s. is engaged

with our partners? we are speaking to some of these countries that are accused of attacking our networks. >> every facet of the dialogue the executive branch is having with our international partners, whether it is economic dialogue or security dialogue, these are part of the agenda. >> you have been watching "the communicators." howard schmidt has been our guest. along with gautham nagesh. thank you. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2012] >> sunday on "q &a," >> sunday on "q &a,"