employment training office. their energy resources to create millions of good paying jobs. reform the tax code and make america globally competitive and create more jobs here. make government less wasteful and more leaner. and force immigration policy -- .nfore immigration policy eliminate every regulation that is not needed and that destroys jobs. finally, we must balance the federal budget. these steps will empower americans and not the government. they will promote family not bureaucracy. they will create a future in which the central bonds in our lives are not government rules,

but the loyalty we have for one another. >> the annual gridiron dinner is being held at the renaissance hotel in washington, d.c. all additions and journalists are gathering for speeches and site tiatire. only president who has not attended was grover cleveland. president obama will be here. he is scheduled to make remarks. he will also visit capitol hill. he will meet with republicans and democrats of both chambers to discuss the deficit. we will take a moment to watch at the scene at the renaissance hotel.

you are looking at the scene where the gridiron club is hosting its dinner tonight. cameras are not allowed inside the dinner. they are allowing one journalist to report on the evening.

you can watch the live stream of arrivals live at c-span.org. and now c-span's "the communicators." >> last week, michael daniels was our guest. mr. daniels is the president of cybersecurity cordy nader and his -- coordinator and is talking about the executive order the president recently issued. this week we have two members of congress to discuss the order and get reaction from capitol hill. joining us is a republican from texas, member of the intelligence committee, and in the last august, task forced chair on cyber security for the speaker. when you look at the president's executive order, what is your initial reaction? >> that it is ok. there are some things that clearly need to be done with an executive order. some things can only be done with legislation.

part of my reaction is that i wish the president had put as much effort into getting some legislation passed and then come out with executive order rather than the other way around. one of my fears is that it will take some momentum out of the effort to get legislation passed. >> how similar is the president's executive order to that task force recommendations that you made in the last congress? >> some things in executive order are exactly as we recommended that the administration do. for example, the federal government being more careful about the computers it buys and having higher standards within its purchasing power. that is a help. . we talked about having voluntary standards for private industry so that they can know what they need to do.

they can tell how close they were to reaching certain goals. i think that is the direction that executive order wants to go. what we do not know is the standards that they will come up with and how it will be enforced. there is still some anxiety about the administration trying to do too much by direct regulation rather than voluntary incentives that get market forces working to improve cybersecurity. >> what about the definition of critical infrastructure? is there agreement there? >> i think it is one of those things that most of us know what some critical infrastructure is -- electricity grid, etc. exactly how the administration chooses to define specific industries and then what comes up that, i think we do not know yet. the executive order sets up a process that is just beginning. it will take several years to complete.

that is why on its face, there is a lot that we think is going in the right direction, but the way it is implemented what tell us a lot about it is effective or not. >> we want to play a little bit of michael daniel, the white house cyber security coordinator from last week, talking about the executive order and federal regulations. here is mr. daniel. [video clip] >> if they believe it is not efficient in that area, they could impose new regulations or executive actions that would require infrastructure to be brought up. up for the most part, you will find it be a voluntary process for companies to participate. >> representative thornberry? >> i think he was referring to existing regulators of industries can put new requirements to improve

cybersecurity in the industries it already regulates. that general approach is exactly what we recommended in our task force report. you do not need another regulator to come in and regulate the cybersecurity part of the electricity industry. it has existing regulators erie it you would need to work through them to improve cybersecurity -- it has existing regulators. you need to work through them to improve cybersecurity. we have got to be careful about too this this on direct adulation. -- regulation. these are threats that come at the speed of light. threats chainge just about as fast. the idea of too brigade regulation can solve this is misguided and wrong. we need is a voluntary incentives for industries to keep up with it on their own. there's there's no way that government process will ever be

able to do that. >> what about liability issues? >> the key concern for liability is if an industry has information it would like to share some of that with the government, there is a fear that they could be sued by shareholders or customers for sharing information with the government. this is one of the areas that legislation is required. you still need to have privacy protections. you do not want to give away people's personal identifiable information, but there has to be a way for information sharing. that is the only way that our country can be more secure. there will need to be some changes and protections in the law in order to facilitate that sort of exchange. >> are there limitations on

information sharing between companies? >> sure. absolutely. there are liability laws that limit that. some of the regulations from the regulators limit some of that. again, this is always a balancing act. you do not want companies in the same industry to share so much information that you get into serious antitrust issues. on the other hand, we do not want to let the theoretical be the enemy of the good. there has been a lot in the news lately about attacks coming at major u.s. financial institutions. they need to be able to share that information about those attacks so they can better or tech themselves. making sure it -- better protect themselves. making sure there is no legal concerns facilitating that exchange is part of where we

need to go, i think. >> when it comes to cybersecurity, how do you see the role of the federal government in protect in private institutions such as banks, etc.? >> that is an evolving question. on the armed services committee, there was a hearing. if a bunch of bombers are coming to bomb refineries, we know what we would expect the federal government to do to protect them from being destroyed. i think the role of the federal government in defending the country in cyberspace, especially against sophisticated state-level actors is evolving where i think the government has to be at ugly involved in defending -- actively involved in defending us.

also, facilitating the kinds of defensive measures that we can take for ourselves and that companies can take for ourselves. those are the two roles, protecting against sophisticated actors and encouraging power state of cybersecurity unpreparedness for everyone else. >> i want to play a little bit more of michael daniel from last week talking about the private sector. [video clip] >> one of the questions we are wrestling with is what is exactly the government's role in providing cybersecurity to the private sector. at what point does the government intervene? under what conditions? those are still issues. we are still trying to figure out what those rules of the road are in cyberspace. >> how will those rules of the road be developed? >> the only way they can be developed is in consultation with congress.

there is a good deal of thinking going into this area. the administration has been talking with us. we also have been talking about the military role versus what is the civilian role in the department of homeland security, etc. there are complex issues to work through. my point is that no administration can sort this through on their own. they have to work with both parties in congress. it will take a lot more consultation working through in order to get us closer to where we need to be. we cannot afford to study this to death at the same time. threats come out as every single day. it is a serious, economic security and national security issue. >> what kind of conversations have you had with the white house? >> i have not met with mr.

daniel. i have met with some of the national security staff on what they're thinking is, especially for the role of the military. i have regular conversations with cyber command and others in the military and intelligence communities about their role. again, it is not a military issue. homeland security is involved. you have have a number of industries. the threats come at us at the speed of light. that is part of what makes cyber so challenging. it happened so quickly. it is not the sort of thing that our government and our systems are set up to deal with. >> the cybersecurity order emphasizes the department of homeland security. are you in agreement with emphasis on dhs? >> i think dhs has a very

important role, absolutely. the finding that role -- defining what that role is and how the dhs relates to other regulators is a key part of this discussion. we cannot have the department of homeland security become a second or even third regulator on a lot of these industries. it will bog everything down. we would never be able to get to where we need to go. >> what about a report that came out about china attacking the u.s. and u.s. industries? >> it was very disturbing. they give a great deal of specificity to a number of -- of a large-scale effort by china to steal information from u.s. companies. i think you have seen people in

the administration and in congress talking about this going on for some time. the report gave more specificity to it. it named names. that has made it more noteworthy. but it is a snapshot of what is happening now. the point i would want to emphasize is that it is getting worse. it is not getting better. it is disturbing, that snapshot. it is a threat to our country, our national security. stealing jobs away from us. that threat is only going to grow in sophistication and probably in overall quantity in the future. >> some of the pushback we have seen in the press regarding ragged entities and cybersecurity legislation were that some of the private entities have higher standards

than the government. there is a reporting standard and whether or not they meet the threshold. >> yeah. no doubt that some private industries have much better cybersecurity than others. i think most people would say gore knowledgeable that there is no industry that cannot be penetrated -- who have knowledge that there is no industry that cannot be penetrated. there needs to be a relationship between private industry with the government that we can protect the nation and our jobs and security in a way that we need to. if everyone is not working together, we will not get the job done. >> as a subcommittee chair on intelligence and a member of

the armed services committee, at what level does cyber threat become cyber warfare? >> i think people are grappling with terminology. i do not know that there is an agreement on that. certainly it is possible that through cyber, you can have physical consequences. you can destroy a building. you can destroy infrastructure. you could affect the safety and even take lives through the internet. clearly when you have as a goal consequences or when you destroy data, that has physical consequences. most people would say that is a form of cyber warfare depending on who it is. it could be cyber terrorism.

a lot of the terminology is still in flux. there is not agreement on it. >> finally, we began this conversation with legislation. do you foresee legislation in the 113th congress? i think so. in the house, we passed for bills dealing with cybersecurity. that way the senate can pass them or its own version. unfortunately, the senate was not able to. we will go back into the house and take another look at the four bills we passed last year. there might be other legislation we can pass. i hope that we can take cyber security in bite sized chunks so we do not have to solve lots of problems in a single 2000 page bill. we can take little slices of the problem. i think that is more politically feasible. it probably means that we will

do a better job in writing the legislation when we do not try to do everything at once. we have got to act. we cannot continue to do nothing. the threat is growing. it endangers us. >> representative thornberry, senator texas, thank you. >> senator jay rockefeller who is the chairman of the commerce, science, and transportation committee joins us. thank you for giving us your time. the president has an executive order out on cybersecurity. what do you make of it? >> it was good. he did out of frustration that congress was not doing anything. he put that out. it was very good, but he cannot provide of legal framework for all that you have to do in cybersecurity. there is a lot of congressional action that needs to take ways.

we passed a bill in the commerce committee unanimously. it was a full cybersecurity bill. it is still the basis of everything that we are doing. it was the basis of his executive order. the president is going through so much. we got dragged down in the chamber of commerce policy and politics. it was said. this year we have a new crowd. because you and less partisanship to begin with. i am hopeful. >> there are some senators who turned it back. what is the difference this time around of what you want to get from it? >> i think the chamber of commerce might be the mess involved. they were almost fully

responsible for the fact we could not get anything going. they were very negative. they were against the national interest. they do not seem to care. i think their power has -- look, it has been around for a long time, cybersecurity. we finished talking about it. things are happening every single day. it is destroying our intellectual property. people are very casual about it. everyone is casual about it. but we are not. we have got to come through in congress. >> things like minimum security standards that are voluntary in nature come up from the industry. some are concerned about the voluntary measures commitment terry. how do you satisfy those concerns? >> you never satisfy concerns

before something happens. people always assume the worst. there has to be standards. you cannot just say, just do what you want. i have met with businessmen who i like very much and have known for a long time. i asked them about cybersecurity. i can tell it by their lack of apparent lack of interest. when that fx is ceo, you know you have a problem with -- when you know youa ceo, have a problem. everyone wants to look at the worst-case and i/o. -- worst-case scenario.

the worst case is that the chinese simply bankrupt this country's financial services or shut down our air traffic control and unleash damns that our computer run. affect our water system and g rid. that is what people should the scared of. everything is secondary to that. because of the danger of that, we have to have standards. their need to be standards. that is why a company is very good at getting together with the private sector and bringing their public sector entrepreneurial perspective. they are loaded with smart

people. it helps. they have got to get involved in this. we need standards. >> the other aspect -- >> we have to stop some people attacking us. they need to be sufficient standards. otherwise, there's no point going through it at all. >> some say that part of this is that you want us to share information on cyber threats. how do you set up a standard work companies will share and will not be afraid to putting it out there? >> it is in their own self interest. we have been through the same thing in the intelligence world. we had to pass a bill right after 9/11, allowing the fbi and the cia to talk to each other. it is embarrassing, but true. still, people are loath to leave

their jurisdictions and properties. >> what assurances do you provide? >> we cannot provide assurances. we drive for a level of standards of excellence. worry less about who feels like they're being stepped on. do what is right. >> our previous guest,m mac thornberry, talked about cybersecurity. talk a little bit about what the house is proposing on this. how is it matching with efforts on the senate side? >> it does not match with efforts on the senate side. they only do one thing, information sharing. it is important to disclose to each other -- for industries to disclose to each other that they have been hacked into. at 1.i got so question did i called up mary schapiro.

i said, requiring a website that anytime a company is hacked into that they simply have to report report that they have been hacked into. that is of interest to stockholders. people have to know you are running a safe line. they need to know you are venting a cyber secure operation -- that you are running a cyber secure operation. it does have an effect on the whole situation. >> as far as the information sharing site, what is missing on the house side? >> all the rest -- standards and training. we have a complete lack of people in math and science in general, especially in the area of cybersecurity. we do not have a lot of people who know what they are doing on

this. i do not mean to denigrate anything, that we have that lack. it is part of the american education problem. one of our witnesses said that we should start in kindergarten and elementary school teaching people about cybersecurity. set the standards and do it without being defensive about it. do in the the common interest of protecting america. everyone benefits by doing this cooperatively. everyone loses it we fight. >> what about the international community? we have stories about the chinese. what role do they play? >> they play a huge role. probably a major role, but they are not alone. there are other people -- russia, all kinds of places.

anyone who can work a computer can find a way to hack. >> had to make the case then? >> it is a hard case to make. you need standards that protect you from those attempts. the temps will never cease -- attempts will never cease. you need standards, walls that are secure enough to keep your intellectual property say. >> have you had a chance to speak with senator mccain on where you are with cybersecurity and his interest in working alongside with you on this issue? >> i have been in many meetings with him. he was overwhelmed. everyone seemed to be by the chamber of commerce's resistance to doing anything at all. if you were a republican, it was really hard. the chamber of commerce said we

are going to score this vote if you vote for this. we will come after you. i think mccain, it would be natural for him to be interested in having the u.s. government cyber secure and having the private industry cyber secure. " to beingo "good side unprepared. >> for your game plan going forward, do you see a bill coming out? >> there is a possibility of that. maybe we will do part of it. maybe we will do people training. maybe information sharing. if we segment ourselves into little compartments, then you lose the momentum for the big picture. we need to set standards. >> you would rather see a whole approach? >> absolutely. always. it is terribly complicated,