i know at least one of you has tight schedule. all right. i want to briefly introduce our first -- not so briefly the first witness. tom ridge and i came to the house together in 1982. 30 years ago today we were both in our mid 20's. maybe early 20's. but we ended up serving on the -- we served in the vietnam war together. he had a real distinction. just a hero. and very modest about it. we ended up on the banking committee together. i think in the 102nd congress we ended up leading the banking committee, we had a subcommittee on economic stabilization and people said to me, tom, in the past years, what did you accomplish in those two years that you and top ridge led that committee? we lead the foundation for the longest running economic expansion in the history of the country. we stepped down from our responsibilities. in 1993 we were on our way to

eight glorious years. he went on to become after that become governor of pennsylvania. our neighbor to the north. and first secretary of the department of homeland security. since stepping down as governor, he's not only led the department, but he's also served as chairman of the national security task force at the chamber of commerce and on boards of the institute of defense analysis, the center for studies of the presidency and congress and chairman of the national organization on disability. meanwhile, he travels the world as head of his firm, ridge global, and any other number of entities. somewhere along the line he convinced a woman named michelle marry him. they have two wonderful kids that we've been privileged to know, leslie and tommy. delighted to see you and thank you for your friendship and extraordinary serve service to our country. next, jane harman, former congresswoman from california, 36th district. during her tenure in the house

of representatives, congresswoman harmon distinguished herself as one of the top national security voices in the house servicing on the house armed services committee, intelligence, and homeland security committees. she's also one of the principal authors of the intelligence reform and terrorism preventionability of -- act of 2004. congresswoman harman serves as director of the woodrow wilson center. also member of the external advisory board for the department of defense, c.i.a. and does a million other things. so it's great to see you. we welcome you warmly. our next witness is one with facial hair. i wouldn't have recognized you had i not known it was you and you were coming today but it's great to see you. and you are a hero in this country, the hero in the coast guard and department of homeland security. enormous respect and affection to you as you know. thank you. i wish you as well as i

at boozman xecutive hamilton. and the admiral recovered from hurricane katrina. after the first couple of weeks, the initial response was the deepwater horizon oil spill and for that service and a million other things that you've done and continue to do, we welcome you. i want to thank your family for our ing you to serve country. -- are you ess, partner -- i understand you have a book out. author of a book. i love the title "skating on stilts: why we aren't stopping tomorrow's terrorism." in his position, mr. baker established the department's policy office. he led successful negotiations with foreign governments over

data sharing, privacy and visas. established a secure visa-free travel plan. what years did you serve in the bushed a -- bush administration? thank you for that. and i want to thank, again, all of you for being here. your entire statements will be made part of the record. feel free to testify. we'll lead off with governor ridge. i want to say to senator, nice to see you. welcome. it's a pleasure. our senator from new jersey, great addition to this committee and to this body. governor. congressman. >> thank you to my former colleague and my friend, it's a great pleasure to appear before you. senator coburn, as you say, let me associate myself with the gentleman's remarks with regard to a risk-based approach, with regard to consolidating the incredible labyrinth of

jurisdictional maze that the secretary and his or her department have to continually respond to up here on the hill. i mean, one of the recommendations of the 9/11 commission and 10 years later that one and the other recommendation they made with regard to a broadband public safety network, that's 10 years in the making. there's some legislation a long way from execution, so i really appreciate your words in those regards and other members of the committee, it's a pleasure to spend this morning with you on this historic day and important day. i appear before you in a wonderful personal capacity as a private citizen as well as the chairman of the u.s. chamber of commerce's national security task force. the task force is responsible for the development and implementation of the chamber's homeland and international security policies. frankly, it's a voice for businesses across america. it certainly informs my perspective on many issues, but it doesn't dictate it because strictly voluntary.

i'm happy to advocate when we share them. i welcome the opportunity to appear here to examine the ways which we can secure america's future. since we have limited tied, i'd ask permission to revise and extend my remarks. before i begin, i want to on this anniversary acknowledge the families that lost loved ones on september 11. we all know where we were. i had the opportunity to visit shanksville a couple hours after that plane went down. so the reason we're here is to work together and to do our best to ensure that such events do not happen again and that other families don't have to suffer like the families of our 9/11 heroes. with your indulgence, i'd like to make a few general observations first and what i believe is a cross-cutting issue that both d.h.s. and the broader federal government has faced in the past and has the potential to complicate our security forevermore.

first of all, briefly, it's becoming clears that members of this body is attempting to pass some immigration reform. i think it's relevant. d.h.s. components can be expected to play a significant role in implementing these reforms. my position is that the time has come, the time has come to grant status to those who wish to enter our country legally, to work lawfully, to pay taxes and deal with the issue that we talked about for 10 years and that is the undocumented individuals who are here. i think we can be done. i hope this congress does it. but i also think congress has to balance this responsibility with providing adequate resources to the department of homeland security in order to affect the outcomes that the broader american public want to achieve. we can talk about reaching consensus in washington, but unless any reforms are resourced appropriately, d.h.s. components will be saddled with an impossible mission in the

critical area of border security. i'm not going to discuss my deep and abiding concern about the number of critical senior level vakeansies at d.h.s. it's been -- vacancies at d.h.s. it's been addressed. it's disconcerting that an agency that's perceived by our government, united states government, to be as important as i believe it is, to have 15 vacancies or whatever the number it is at any time. and these have lasted for quite sometime. you are aware of it. i just urge the administration to fill the vacancies quickly and the senate in a judicious manner and timely manner to exercise the responsibilities and fill these vackansies. let me discuss the challenge of information sharing which i think goes to the heart of the homeland security's responsibility. we don't generate intelligence. we are assigned from the enabling legislation to share it in a defensive -- provide

whatever defensive measures we need to protect america. information sharing is an issue that's been with us since 9/11 and cuts across a range of challenges that have and will continue to confront the dedicated men and women of d.h.s. we all know the nature of the terrorist threat has changed as we've seen in iraq, afghanistan and today in syria. our enemy is no longer just al qaeda but like-minded organizations and nation states that are willing to ally themselves in order to harm their common enemy, the united states. in my opinion, this will require the intelligence community to work with one another than ever before. congress in its oversight role should ensure that d.h.s. specifically remain plugged in to the federal intelligence communities horizontal, across the board. for if intelligence indicates a physical or cybersecurity threat against the homeland, d.h.s., by enabling legislation, is the agencies required to work with our partners along the vertical,

required to work with the state and locals, required to work with the private sector. that's embedded in the enabling legislation. further, we should ensure that the great progress that's been made for information sharing with our state and local partners such as the establishment of fusion centers, continues to be nurtured. no discussion of the d.h.s. threat environment or about information sharing can be complete without discussing cybersecurity in greater detail. there's no part of our national economy, infrastructure or social fabric that is not in some way connected to the internet backbone. our critical power and communications, transportation, product supply chains and financial systems. and d.h.s. owns many of these sector-specific relationships. let's face it, the cyberthreat is not new emerging. in fact, when i was secretary, in 2003 a full decade ago, the first u.s. national strategy to secure cyberspace was released. greater awareness of this

threat may be emerging, but the threat itself has been with us and will be with us for the rest of our lives. as first secretary of homeland security, i have a particular perspective on this issue. learned after 9/11 and we learned after katrina and keep learning after all these incidents that information and coordination sharing could have been better, and some people cyber pearl ital harbor. at least in that instance, historians will say, we had no notice of the emerging threat. i don't think this is a cyber pearl harbor. we have noticed and it's not an emerging threat. it's a constant and ever-changing dynamic threat. and so i'm more inclined to say it may end up being a cyber katrina where we had notice but we weren't as prepared as we should have been until thaad allen got there and cut -- thad

allen and began to address the situation that he confronted on the ground. i've got several more pages of testimony. i see my time is running out. i hope we get to this area in the q&a. at the end of the day, the sharing of information between the u.s. government and the private sector, specifically, and i can refer to the enabling legislation that says that d.h.s. has a very significant legislative role, it's absolutely critical. and not in a printive form. it cannot be -- prescriptive form. it cannot be in a prescriptive form. there are many regulations. in fact, the president's executive order asking this to set the standards is something that we all welcome and we engage but we hopefully give it a chance to work and assure that the private sector is involved and engaged because it's that kind of collaboration that's absolutely essential. and you're never going to defeat the cyberenemy, whether

it's a nation state, organized crime, any organization by having the private sector check the compliance box. we did all that congress wanted us to do. that's inadequate. it's grossly ineffective. it has to be timely and continual information sharing horizontally with the federal government with the d.h.s. and down to the state and locals and particularly down to the private sector. the federal government relies on the private sector in order to function. as i said before, we have some lessons to be learned about the inadequacy of what of the federal government is doing to protect its own information. i think it would be helpful not only when we repair that but make sure we facilitate the day-to-day engagement in information sharing with the private sector. i thank my colleagues who are on the panel, distinguished patriots as well for the opportunity to peer with them. i thank the chairman and the committee for the opportunity to share these remarks this morning. >> thank you for those remarks very, very much.

congresswoman harman, please proceed. >> thank you, mr. chairman. as i think every member of this committee knows, i have great affection for this committee. i work very closely with your prior management during eight years on the house homeland committee and another eight years, some of them overlapping, on the house intelligence committee. later today at the invitation of colorado governor, i'm flying to denver where senator lieberman and i are appearing on a 9/11 panel in denver this evening. >> i hope you'll give him my best. >> i shall. as my youngest daughter would say, your former ranking member, susan collins, is one of my bestees. we stayed good close friends and we work together on the intelligence reform law of 2004. i also have great affection for all of us testifying before you today. worked very closely with everyone on this panel on homeland topics. and we continue to stick together, which i think is a

good thing. 12 years ago today as the towers were falling and the pentagon fire was burning, i was walking toward the u.s. capitol. my destination was the intelligence committee rooms in the capitol dome, the place most consider was the intended target of the plane that went down in shanksville. my staff called to alert me that the capitol had just been closed as were the house and senate office buildings. so most of congress, including me, milled around the lawn in front of the capitol. there was no evacuation plan. we had no road map for response. part of the solution which some of us recommended was to create a dedicated homeland security function. and that function we thought should be in the white house and tom ridge became its first coordinator. along the way the white house proposed a much more ambitious concept, and in order to get this function as part of law, we embraced that concept. then there became the

department of homeland security. now, in its 10th year, i'm proud of my role as one of the department's founding mothers, and i think we should acknowledge today the thousands of d.h.s. employees who serve us daily, around the country and the world. as we speak, customs and border patrol agents are in megaports like the port of due pie and they're screening u.s.-bound cargo for dangerous weapons and material. investigation agents are in diplomatic posts everywhere in the world and they're reviewing suspicious visas. and t.s.a. screeners are depriving al qaeda and other terror groups of the ability to turn more aircraft into weapons, a tactic we know they are continuing to attempt. today, as tom ridge said, d.h.s. remains a work in progress, but the efforts of its people are its backbone and our backbone. we have a safer country because of them. a year ago i testified here,

and i noted some of the things that were going well at d.h.s., but i also noted challenges. and they include an anemic intelligence function, something tom ridge just touched on, the need for d.h.s. to focus more on its relationships with critical infrastructure owners and operators, something that's now happening because the cyberthreat is increasing. and, as mentioned by you, mr. chairman, the failure of congress to reorganize its committee structure. today, as you mentioned, there is a very good op-ed in "the new york times" -- i buy the print edition, i want you to know, by tom kane and lee hamilton. lee preceded me as president and c.e.o. of the wilson center and we served as colleagues many decades ago in the house. i don't want to touch on all of this, but het me just briefly scope the good news and bad

news since last year. bad news, we failed to thwart the boston marathon bombing. an, poe nention increase in cyber-- an exponential increase in cyberattacks, edward snowden al qaeda is in the boonies in yemen. there is good news. one, information sharing is improving. i know there's much to continue. second, resilience. we showed resilience after boston, in particular, after the boston marathon bombing. and common sense is emerging in the way we approach homeland security, and to senator coburn's point, i think there's more support and there should be for a risk-based approach. collaboration with the private sector on cyber, that is happening, and credit should go to the -- i guess she's just retired -- to the secretary of homeland security, janet napolitano, for personally

working on this issue. and we are getting ahead of privacy concerns. let me just touch on these very briefly, because my time's running out too. information sharing, tom ridge talked about it. but the committee should take credit for the fact and the department should that homeland security grant money was critical. according to the boston p.d., it helped make sure that the city was trained to share information rapidly during the emergency. d.h.s. also participated in something called the multiagency coordination center, the m.a.c., that was operational before and during the bombing and it was critical once the bombs exploded. resilience. a very important factor in our country's ability not to be tare rised. it's not -- terrorized. t's not that we won't -- if we fail to be terrorized, then the

terrorists lose. the agency distributed almost $11 million to boston, just to pick boston, through its uasi mission. it upgraded 5,000 portable radios for first responders, install a communication center inside the boston tea and conduct two city-wide simulator disasters. this is a very good news story. similarly, in hurricane sandy, which went fairly well, fema activated in advance a national response coordination center which was critical in terms of preventing more damage and speeding the recovery. collaboration with the private sector on cyber. d.h.s. will never own the cyber mission but it is responsible for a central piece, which is critical infrastructure protection, and in the past year d.h.s. has tracked and responded to nearly -- get this mber -- 200,000 cyber inns nts, a 68% increase from a

year before. we will never get a handle on this. as janet napolitano said about six weeks ago, she said that's happening. kudos to the department. finally, getting ahead of privacy concerns. the department itself has a privacy and civil liberties office. that office has trained many in the fusion centers, 68 out of 78 fusion centers have received some training. there's enormous complaint out in the boonies about the invasion of privacy and it's important we do two things. one is protect the american people and two is to protect the american people's privacy. it's not a zero sum game. it can be handled with proper training and finally, the administration has fully populated the privacy and civil liberties oversight board which was created by the 2004 law and which was never functioning until may and that should be

helpful too. let me just conclude by saying d.h.s. will continue to face difficult challenges, including al qaeda's enormous ability to evolve, the rise of lone wolf terrorists, the constant increase in the type and sophistication of cyberattacks, especially the risk of exploits in software and privacy issues. but most attempts to attack understand since 9/11 have been thwarted for which thousands of selfless d.h.s. people deserve our thanks and so do our former secretaries of homeland security, starting with governor ridge over here. and so do members of this committee. thank you very much, mr. chairman. >> congresswoman, thank you so much. admiral allen, your whole statement will again be made part of the statement. please summarize as you see fit. >> thank you, mr. chairman, senator coburn, members of the committee. thank you for the opportunity to testify this morning. like secretary ridge, for the record, i'm not representing

any particular entity. i'd note, however, that the op-ed piece that was published by lee hamilton and tom keane was part of an aspen sponsored part of the department of homeland security and i'm part of that task force, as part of the disclosure. i'm here to be comrades jane harman and stu baker. these are people i've worked with over the years and consider them friend and role models. glad to be here with them. it's hard not to sit here this morning and not recall the events of 12 years ago. and what's transpired since the interim. i was the coast guard on 9/11, and what happened that day was something i never thought i'd see and that is a coast guard cutter off manhattan with the guns uncovered. it was a chilling sight. we closed the port of new york. we closed the potomac river north of the woodrow wilson bridge and resupplied ground zero because there was problem getting vehicles in and out.

this was a consequence event for the coast guard as well. and i, like the members of the panel here, passed on our best regards to the families who were impacted by that terrible event. i have testified before this committee on several occasions since my retirement, and in each of the tms, including today, i've -- testimonies, including today, i've done a retrospect of where the department is at. i will say i was the chief of staff at the coast guard when the department was established and led the transition out of d.t.o. into the department of homeland security. i've spoken over the years on many occasions on the conditions which the department was formed which was bureaucratic light speed in a little over three months. in association of trying to bring that all together, including it was in the middle of an appropriations year, it was between sessions of congress. i think secretary ridge was confirmed the day before he became secretary if i remember correctly. that's a lot of stuff going on at the same time but i think we have to move beyond the aggregation of entities that came within the department and try to get beyond that.

you can talk about that as a means for why the department kind of is the way it is. but i think 10 years later we have to actually sit down and say what is going on here and where do we need to go? i need to associate myself with the remarks made by secretary ridge and jane harman. they talked about the what. i'd like to talk about the how, because ultimately we need to, moving into the future, how to tackle these problems and the best way to do this. the occurring theme you're hearing is information sharing. because information sharing is the precursor to unity of effort and more integrated operations at the "in depth." not only in mission execution but in mission support. all the back room operations that actually enable folks who put boarding teams on, have t.s.a. inspectors screening people and that's h.r. operations and so forth. i'd like to talk in general about the border, resiliencey, counterterrorism, law enforcement and cybersecurity. as been previously referred to.

regarding the border, there's a lot of talk right now about the southwest border in relation to comprehensive immigration reform. while we move forward and define what the policy is going to be and what's going on with the number of illegal immigrants in the country right now, i think we need to remember we have a border that's very complex and goes well beyond what i would call a geographically and described borer. it's a functional border which includes the analysis of data and the movement of cargo that are never touched by human hands but are virtually carried out and we have to carry out our functions as a sovereign government in a global common in a variety of ways including air, land, cyber, sea. as we look at border security, i'd urge the committee to understand it's a combination of functions and it's a system of systems and it can't be reduced to oversimplistic fixes like fences or more border patrol agents. we have to figure out what is the nature of the problem and what is the best way to deal

with with all the tools we have available. including the aggregation of data on all border functions into a fused picture that senior leaders can take a look at. i'm talking about all the different license plate reader programs, passenger information, information on private arrivals of aircraft and vessels and so forth, bringing that together and putting that where there can be coherent analysis. and i think sensory information is incredibly important. we need to build an architecture that allows us to do it so we can understand how to react to them on the border. we need to visualize that for our leaders so they can understand what we'll call a common operating picture and that in turn can be discussed with folks here in the congress regarding oversight. and i think we need to look at along the southwest border, not every part of the border is the same, and boots on the ground and fences are not the way to control the border. we need to look at areas where say there was no traffic and conversations i've had with

some folks in the department using satellite imagery and going back and taking several runs at a time and if there are no movements, you can pretty much say that's a low-risk area and start concentrating on where there is a risk involved there. i think in that way we can probably do a better job of how we're managing the border. congresswoman harman talked about national resiliencey. i think it's extremely important and important because we need to look at it way beyond natural disasters and what fema does for a living inside the department. risk assessments, focused on the most likely and consequence events that occur, easterly natural or man built. and that is population densities and risk they present and we need to figure out how to look at building codes, land use, going beyond current floodplain legislation and regulations associated with that and try and look at the behaviors that need to be influenced to change how we think and act at a local level.

i think we need to improve our incident management doctrine. hspd-5 is a general framework for the secretary to manage incidents. but frankly when you have these large complex incidents it's very hard to subordinate one cabinet to another in a very overarching way, especially in complex events. i think it's extremely important. if you look at the possibility that we could have a combination of events that starts with a cyberattack that gets into industrial control systems that produces a consequence kinetic effect, all of a sudden you have fema, mppd, the f.b.i. to the ncgi, a.t.f., and you have the overall management, we don't have a clear doctrine on how to move forward on that. and finally we need integrated national operation center for homeland security. the national response coordination center at fema is an excellent operation for what they do.

the coast guard has an operation center. one of the big challenges in the absence of being able to consolidate on a campus of st. elizabeth is the inability to coordinate an operation center there to be able to coordinate and direct operations. i have some other points but i see my time is up. i'll submit that to the record. i'll be glad to answer questions. >> thank you. mr. baker, please proceed. welcome. >> thank you, chairman carper, ranking member coburn, members of the committee. it's really an honor to be here with members of the committee and members of a panel, all of us made promises to ourselves and to the country 12 years ago that it's a pleasure to be here to have an opportunity to continue and rededicate myself and the rest of the panel to those promises. there have been a lot of achievements in those 12 years,

and d.h.s. has contributed to many of them. it has many successes that we've heard about from other panel members that couldn't have been possible without the department. it also has some failings that i think you are talking about addressing quite directly. re-authorizing legislation is an excellent idea. the idea of reducing the number of committees that provide disjointed oversight to portions of the department would be an excellent approach as would be building the equivalent of the defense department's office of the secretary of defense. we've had three great leaders of the department who, when they are focused on a problem, ave made the entire department sit sing like a chorus. but when they've had problems that they can't spend one day a week on or one meeting a week

on, the components tend to drift off. there's no stoonl -- institutional mechanism for keeping the department in tune and on the same tune when the secretary is pulled off or the deputy secretary is pulled off in another direction. so finding ways to build the office of policy, the office of management into effective managers of many of those second tier issues would be very valuable. i want to talk mainly about an issue where i think most opportunity for progress is offered, and that is in cyber. this is a terrible crisis. we are not solving it. we are falling behind. many of the ideas that have been proposed are rather divisive. but it seems to me there are at

least three issues that the department of homeland security could contribute to that may rm a basis for less divisive solutions. what seems to be clear is that while we are falling farther behind we have also learned that we have more information about the people who are attacking us than we actually expected to have five years ago. we know what their girlfriends look like. we know what blogs they write. they are no more able to secure their communications than we have been able to secure our networks. and in that offers some opportunity for actually bringing deterrence to bear, not simply defense. we cannot defend ourselves out of this cyber crisis. that's like telling people that we're going to solve the street crime problem by making pedestrians by better body armor. that's not the solution.

we have to find a way to actually capture or deter or punish the people who are attacking us. how do we do that? it seems to me that one of the ways that we do that, law enforcement's very familiar with the idea of deterring and punishing attackers, but prosecuting the people who are attacking us, many of them overseas, many of them associated with governments, is probably not the most effective measure. what we need is new ways of bringing sanctions to bear on the people that we can actually identify, and d.h.s. can lead that. if we use the law enforcement capabilities that the department has at i.c.e., at the secret service, integrate them into a smaller group, maybe on an experimental basis, with mppd and the defense capabilities and the understanding of the attacks,

we could gather much more intelligence about these people and then bring to bear new forms of sanctions. again, something that d.h.s. can take a lead in developing. many of the companies that support these hackers, that hire them after they finish their service for government, the universities that train them need and want visas to come to the united states. i don't know why we are giving them visas if we know who they are. we should find a way to come up with sanctions of that sort, or frankly sanctions of the sort that treasury uses today to deal with conflict diamond merchants or the russian officials who oppress the human rights of one. e have attacks on human rights right here in the united states. cyberattacks on tibetan activists and the like, we

should be treating those attacks on human rights that occur in the united states every bit as seriously as we treat the russian government's abuses inside russia. and again, d.h.s. could be authorized to go looking for ways to bring those sanctions to bear. and then finally, with the private sector, it seems to me the private sector knows more about the attackers inside their networks than we will ever know. they are more motivated to find the attackers and to pursue the attackers who end up as their competitors, which is often the case. what's being stolen is competitive information. it must be fed to the competitors, and those competitors are operating in our markets. and if we can gather that intelligence and close that loop, we can bring to bear criminal and other penalties on the beneficiaries of these attacks. that is not something we're doing now because there is not

enough integration between the people who have the resources and the incentive to do that, individual companies who are under attack, and the law enforcement agencies that are totally swamped by the nature of the task. if we gave, if we experimented with giving the companies that are under attack more authority to investigate their attackers under the guidance and supervision of the government, we could make more cases and impose more sanctions on people who are attacking us. so those are three pretty concrete ideas, plenty more in our testimony which i will ask that you read into the record. thank you. >> your full testimony will be made part of the record. thank you very, very much for your testimony today. i want to return to a comment, dr. coburn, several of you, governor ridge, and the issue -- i call it -- it's not just d.h.s., it's not just the

department of homeland security. we have too many vacancies throughout the federal government. the administration released an extensive list of nominees. we welcome that. one or two are in this department. we are looking for -- senator johnson knows we are looking for an i.g. we need someone to fill that position in this department and a bunch of other i.g. positions that are vacant. this is a shared responsibility. the administration has the responsibility and give us names of excellent people, honorable people, hardworking people. we have an obligation to hold hearings, vet those nominees and with the extent they do a good job, move them promptly. the administration needs to do their job. we need to do our job. we'll keep focused on that. governor ridge and i wore different uniforms, he in the army, me in the navy. there was a popular movie called "five easy pieces." if those of you remember, jake

nicholson. great movie. i think a comprehensive -- a comprehensive cybersecurity policy is not five easy pieces but maybe six. i want to mention them and then i want to ask a question each of you about one of those. one of the pieces -- critical infrastructure. are we -- best protect our critical infrastructure, that's a shared responsibility as we know. another piece, information sharing. i think every one of you touched on that in your testimony. third is we call it protecting the -- federal government's networks. fourth piece is work force. governor ridge and i talked about this recently. how do we make sure that d.h.s. is able to attract and retain the kind of people they need to do their job in this arena? research and development would be a fifth piece. another one falls outside our jurisdiction but important one is data breach. how do we reach to those who

breach data, it affects a lot of people's lives? that would be the six not so easy pieces that we're dealing with. i over the past couple years, the department of homeland security has been playing an important role in protecting our federal networks and working to try to secure our crippled infrastructure. unlike the specific statutory authority that defines the f.b.i.'s, our n.s.a.'s work in this arena, the department of homeland security's authority comes really from the patchwork of presidential directives. it comes from policy memos. it comes from vaguely written laws. in fact, one way i heard it described, as far as cybercapabilities go, if the n.s.a. has a doberman, the f.b.i. has a german shepherd, then d.h.s. has a chihuahua. nothing against chihuahuas, but

they need a bigger dog because this is a big fight. we need to figure out what to do. while i say d.h.s. is much further along in developing cybercapabilities, some people give the department credit for, i think we need to provide the department with clear, statutory authority to carry on their current activities so it can be compared to something a lot stronger, a lot more formedible than a chihuahua. let me just ask each of you -- do you believe that it's important for the congress to empower the department, this department with clear and explicit statutory authority to arry out its current cyber activities, these activities include working voluntarily with the private sector to protect against, to propair for and recover from cyberattacks? and would a better defined statutory mission of the

current cyberactivities, current cyberactivities, help to strengthen the department's cybercapabilities? governor ridge, lead it off, please. >> senator, i think the enabling legislation that created the department of homeland security and embraced in a strong bipartisan way with the house and the senate basically set up conceptually the very idea that d.h.s. would really be at the ep center of engagement down to the -- epicenter of engagement down to the private and local sector. with the original intent of congress in terms of the role that d.h.s. plays. secondly, i think any gray that exists in the alignment of d.h.s.'s relationship with the private sector, particularly, probably creates a great deal of confusion. right now i think the private sector is reluctant to cooperate from any reasons even to share information because of

the absence of liability protection of those sorts. i realize you aren't asking that. i think if there is a gray area that can be cleaned up and there is a direct line of responsibility -- by the way, you have the opportunity to hold them accountable that are not doing their job. you have been assigned some tasks. we don't think you're providing these very well, you can hold them accountable. thirdly, i'd say, by the way, it would be important to do two things. one, it would be important to resource the department appropriately. look, the men and women in d.h.s. right now that are working on cyber, government generally, let's face it, probably a lot more potential lucrative opportunities out there in the private sector. we have some real patriots. they're working hard on cybersecurity matters because they believe it's their contribution to their family's security and their country's security as well. we probably going to need to look at some kind of compensation adjustment to keep some of the best and brightest with us for some time. one is enabling legislation.

two i think clarity would enhance the kind of voluntary collaboration that i think is absolutely critical between the federal ctor and the government, vis-a-vis d.h.s. and if it will be a mandate they need to be properly sourced. >> congresswoman harman, the current cyberactivities help strengthen the department's cybercapabilities? >> my answer is absolutely yes. the administration did issue an executive order last year which is somewhat helpful but it would take legislation and secretary ridge outlined a lot of the issues. there's been a difference of opinion among people up here about how robust d.h.s.'s authority has to be, but the bottom line problem is that the private sector doesn't trust d.h.s. that has been overcome to some extent by the really impressive

efforts that secretary napolitano has made in the recent months to reach out for industry and there literally is a floor at the d.h.s. headquarters where the secretary and others are working together on cyberthreats. that's a good start. just want to add a robust endorsement to your point about swiss cheese. there are a couple of nominations that have been made by this administration, and one of the nominees i know very well much she's been nominated for undersecretary for nppd which is in charge of the cyberfunction, and i just mention her to all of you. her name is suzanne spalding. i hired her to be the staff director of the minority on the house intelligence committee, worked with her for years. before that she was executive director of the national commission on terrorism on which i served which was then brimmer, as ry

many of you know, a commission that predicted the attack on u.s. soil. not paid a lot of attention to. i would recommend the guy to my left as new secretary of homeland security. thank you. if anyone wants the nominations closed. there is no shortage. we need the administration to pick one and send us a great name. suzanne spalding, i think we have a hearing for her next week and my hope is we'll move that nomination quickly. she's an impressive nominee. admiral allen. >> it's a tough statement to follow but i'll try. i think there are three things we need to look at. i don't think you need to look at d.h.s. authority and isolation. the first one is the current status of fizz ma which is

basically a regulatory compliance tool to try to ensure that proper information security is being dare carried out in the federal government. they are trying to move away from a checklist mentality to include mitigation and measurement at the gateways so we actually know what's going on. that will be enhanced shortly by a dash board which will pull that information up, allowed it to be shared across the agencies. that's a phenomenal step forward but been largely done through the congressional and appropriations process where money was provided to actually go out and solicit for that work to be done. i think we need to move forward and figure out how we'll transition from fisma to continuous monitoring of our circuits and how to move that information around. secondly, as jane mentioned, the executive order on the cybersecurity and infrastructure protection has lay out a number of very important steps, vug a framework for the private sector that's been formed by nist right now.

we need to go beyond the e.o. regarding liability and what are the prohibitions that keep the private sector from being involved. you have the fisma revision. you got the e.o. on cyber, which is going to take legislation to completely solve that. i think both other panelists have said that. finally, what are the authorities and the jurisdictions that d.h.s. would need to do? if you put all three of those together i think you have the complete package and i think legislation is needed but it should not be separate from legislation that addresses the issues with the private sector as well. >> thank you for those comments. lastly, mr. baker, better define statutory mission of the current cyberactivities that d.h.s. helped strengthen that department's cybercapabilities? >> yes, i think in a couple of ways. first, the technology is always evolving and yet the law that we're operating under is 10 years old, at least, in many cases. authority was simply transferred. and fisma is a great example.

doing security checks that would take -- occur on paper and take months to accomplish. yet, the department is now actually rolling out technology that will perform much of the fisma checks in three days. and it's important to revise the law so it takes accounts of those capabilities and all of the security measures that are being developed in this area. i would certainly support the idea that working with the appropriators is the best way to do this. having a single unified appropriations process by the department is the saving grace for department. and the more of that that can be done the better. similarly, the second point that i'll close on is that in many cases, the authorizing legislation needs to make clear that while the national

security agency has a big dog, it's an important participant. i used to work there. very supportive of it. but everyone in the country needs to be reassured that when we're talking about cybersecurity, it's d.h.s. that's setting the policy and dealing with the data, not the national security agency. so what i would say is maybe d.h.s. doesn't need so much a bigger dog as a leash. and authorizing legislation can provide that kind of reassurance to the american people. >> thank you for those comments. how do we better honor the loss of all those lives 2 years ago this morning? do -- 12 years ago this morning? do we join some of our colleagues on the steps of the capitol for an observance or do we better honor their lives and their loss by continuing to do our work here today? we believe the best way is for

us to continue doing that. we'll continue going through the 11:00 hour and give us a chance to really drill down on some of these important issues. with that having been said, let me yield to dr. coburn. >> well, thank you, mr. chairman. couple points on what i heard here today. the homeland security budget is twice what it was when you had it. everybody knows we're resource poor right now. and the question is how do you put metrics on what homeland is doing? number one, there's 45 opened areas from o.i.g. that have not been addressed by the department of homeland security on recommendations that they essentially agree with but they've not acted on. i don't know if that's a priority problem or a resource problem. but that list is growing. econd thing on fisma, bobby is a great leader at homeland security. if we had 100 bobbys, we could

all sleep great at night. but the fact is fisma is going backwards according to the last o.m.b. report, not forward. so i'm hopeful, based on what you said, admiral, what you said and you, mr. baker, in terms of improving that. the other point i'd make, i asked c.r.s. to give us what statutory authorities homeland security has. they had most of the authorities they needed for everything. as a matter of fact, when secretary ridge was secretary, he had them start all these things under these authorities. so we need to fair it out what we need to do to give increased authority. the things that i'm concerned about, first of all, we can't afford to duplicate things we're doing at n.s.a. we heard from all of you, we do need -- every time we've seen a problem since 9/11 is because of either a stovepipe or an

individual judgment that was made in the wrong direction. even with boston. i mean, if you go to the intel on all that, what we know was we had some errors made by individuals and/or by process, rather than have flat, good horizontal communication that was real time. and so tom and i -- tom carper and i don't disagree what the goals are. the question is -- the disagreement is how do you get there and how do you hold people accountable? so information sharing is the ey for us to be flexible and highly responsive when it comes to threats for our country -- to our country and how we respond to that is important. jane, you said something that i think is really important. the confidence level by the public and the private sector in terms of d.h.s.'s capability to handle this is a key hurdle

we have to get over. and what we have to do is we have to walk before we run. and we've been crawling, and now i think we're walking, and i would attribute some of that to the most recent secretary, bobbie and her crew and what is going on there. we've seen that. but we had a lot of problems at fusion centers with privacy. we put out a report that showed that. and they responded. they were starting to respond before that. but there's no privacy policy associated with the drones, with d.h.s. right now. we have an open letter that hadn't been answered. what are you doing about it? and yet there was no consideration of privacy as they made the policy moving forward use of drones. there are big problems for us to address. i guess what i would ask is -- and by the way, i need to make a correction. the president has nominated four positions out of the 15,

not two. so i stand corrected on that. fice of general council, nppd. so the question i'd ask, how do we make -- what do we do -- how do we incentivize to make sure we have real-time sharing across all the branches, one? number two is, how do we reform congress' oversight of d.h.s. to where we limit the committees? tell me how we do that so that we can make them reactive in a positive way and not spend so much time up here on the hill but have good, clear communication and single authority coming out. we have most of the authority for homeland security, but that's not true in terms of a lot of other subcommittees. so your comments on those. i'd like each of you to address that if you could. >> i'll be happy to volunteer to begin the conversation.

i must tell you, senator, that i think your frustration with the growth of the department in terms of personnel and dollars is something that i share a little bit. more is not necessarily better. i remember my first year as secretary, well-intentioned congress on both sides of the aisle wanted to give me more money. i said before you give me more money, better take a look at it and say if we're doing an effective job with the money we already have. i think you and senator carper bring that mindset. some would be from 180,000 to 240,000. i have no idea where the additional bodies needed. notwithstanding the increased ersonnel down at the border, c.b.p. and i.c.e. the failure of this institution of congress and the united states to consolidate jurisdictions so there are no d runs to protect vested

interests that have been -- that have been existing in silos for a long time. i think the only answer to that s the will of this body to effect a change. so a small group of republicans and democrats in both chambers with nearly exclusive jurisdiction, you're going to see through the process, it's a little busyin teen, everybody has allies in every committee, both in authorization and appropriation levels, we really need to do that. i think if you can consolidate that responsibility, i think you can effect the kind of change you're talking about. it's amazing to me that the congress would ask two of america's great public servants -- lee hamilton and tom kaene, to spend a year and a half, two years, take all that testimony and say we as a congress want new ow how we can help the

department mature and how we can make our country safer, and two of the most obvious and needed recommendations made 10 years ago, consolidate jurisdiction and provide a public safety broadband network so police and fire and emergency responders can handle future crisis, and we're not there. >> risk-based rather than all-hazard. >> third is risk-based. they're starting to do it at t.s.a. i mean, i'd like the preclear program. i know john has done a great job. moving in the great direction. quit arguing about a fail-safe border, security platform. you'll never make an absolutely secure border. what we want to do is reduce the risk. we have to risk manage the border. we have to risk manage commercial aviation. we have to risk manage everything across the board. i think at the end of the day, senator, if you're looking to achieve the outcomes that i think generally shared on both

sides of the aisle, the commitment's that strong, i think the republican and democrat leaders in both chambers have to sit down and say enough is enough. one final antidote. and i say with respect. i can't tell you how many times we've been working for a vote and leaving a subcommittee hearing and there would be lament among the members, geez, we have five or six hearings today and we have to run from here to there and everybody decries the pressure on legislators to do their job effectively in all these committees and subcommittees but nobody wants to relinquish the seat on the committee or subcommittee. may not be voluntarily relinquished. if the leaders in both chambers say, it's done. homeland security doesn't report to 100. it will be reported to five or 10. it's done. you have to get leaders in both

chambers and both parties to agree. it's at the epicenter of solving the problems you addressed. >> strong letter to follow. >> mr. chairman, let me apologize in advance. i have to leave at 11:00 because i serve on foreign policy board to the state department which has been rescheduled three times but it is today and the meeting with -- >> we understand. >> 11:30. all right. so i apologize. let me just address reorganizing congress, which i think is absolutely essential and will be very difficult to do. . i was in the painful discussions, maybe senator baldwin remembers back in the day about the need for more jurisdiction for the house homeland security committee and the pitch was made and people nodded and then someone from the house commerce committee stood up and said oh, no, this option

of interoperable broadband network is central to our jurisdiction. so, no change. and people in this institution on both sides earn their power through their committee positions. and giving up power in this institution is not something people will do voluntarily. so i agree with tom ridge that the leadership will have to basically require it, however. the leaders earn their powers through the loyalty of their members and making members shrink their own power is not really helpful to leaders holding power. so i don't know how the thing changes but until it changes, we won't have the robust homeland function that we should have. just one other comment as i kind of implied 10 years ago.

the concept for the homeland department is more ambitious than some of us would have wished. it was the white house to put agencies and departments together. some of us thought of a more modest function between the coordinator and the white house. but we took it because the administration was behind it. so it's a daunting task to make this thing work. at this point, i don't think we should rearrange the deck chairs in the administration. but if there is a way and maybe the members here have more power than members i have observed back in the day, if there is a way to reorganize congress to give the committee more power, i think this country will be more afer for it. >> thank you, mr. chairman.

spent stated earlier, i several days out at the annenberg foundation with lee hamilton and tom to produce the report that was set out today. my proposal would be attached to the record because there is a detailed discussion rather than take the committee's time here. i wouldn't have served on that task force if i didn't subscribe to that. there is a subcommittee for the coast guard there. i spent four years as commandant of the coast guard without an authorization bill. fishing vessel safety to unregulated small boats and never were able to be addressed and if they were, committees would assert jurisdiction. very, very time consuming. if you look at some of the issues we haven't been able to address and some of those are in the aspen report, there is a lot

of issues on the record that have been raised, the issue of security for general aviation aircraft. only other point i add to senator coburn's comments, what we are trying to do with flood insurance, it's very instructtive. those that bear for the risk don't pay for the risk. we have an extraordinary amount of liabilities trying to pay off he claims from hurricane katrina. on the other hand, you start to let the flood insurance fees rise, you have issues with local communities. and what you have to do in the long run is get ahead of all of this and change behaviors on land code and zoning use which is a more strategic way to deal with this but you can't do this with four, five committees asserting jurisdiction over the problem. >> i fully support the idea of reducing the number of uthorizing and oversight

committees. let me talk about two ways we can address senator coburn's concerns about the budget and some of the other issues. it seems to me that proper authorizing legislation can set the framework for actually saving money in the budget. and i'll give you two examples and you raised one. the question of duplicating n.s.a.'s capabilities makes no sense for d.h.s. to try to do that. n.s.a. has built up capabilities for over 50 years that d.h.s.'s mission will never be funded. they have enormous capabilities. at the same time, both the american people and the department of homeland security wants some reassurance that if they lean on d.h.s. to use those capabilities that they won't discover that policies being made defacto, privacy policy in

particular by the people that they are leaning on. so language that could create an that zing legislation sets aside d.h.s.'s authorities and leaves it in control of this area, drawing on n.s.a. for talent and for tools and technologies that it already uses, you will end up saving money by relying on existing capabilities. and creating at the same time, reassurances for people about how that reliance will work sm the same thing, it seems to me is true if you can build a planning process, a budgeting process that uses integration, office of secretary of defense-type capabilities to say how can we reduce the budget effectively, how can we

eliminate redundancies by looking at the authorizing language and if we do that, we will be building the capabilities of what i described as the second tier so that the secretary doesn't have to sit down and get out and start ag asking about the 14th line about individual components. but that is being done by a staff that is trying to eliminate redundancies. by creating the right kind of authorizations for those central staffs, you set the framework for reducing the budget. and last tied to that, it seems to me that until it comes when we have eliminated many of the authorizing issues, one of the things that this committee can do is build a relationship with the appropriators so when the appropriators are asked about legislation that arguably is authorizing on appropriations,

they know that this committee has looked at those ideas, have thought about them, has vetted language, creating authorization language that may in a pinch end up in an appropriations bill, is worth considering at least the short run until we get to the promised land. i realize we have senator baldwin. we have gone well beyond the five minutes as you know and i thank you for your patience. i thought it was important for us to allow this panel to answer these questions in the thoughtful way we have done. we have spent going from one place to another, in and out as you know. and this was a very helpful series of questions and responses. senator johnson is next.

this is an excellent hearing and i'm pleased the way it's going. jane, we'll give you the first rights and then you can leave. >> thanks to this panel for being here today. mr. chairman, i join everybody in remembering the families many from my state that were tragically impacted from the events of 9/11. certainly watching this in new jersey. the most recent events that we have seen that really get to the issue we are talking about today, the bombing at the boston marathon. and at the time -- and i have read this issue before when we had commercial davis and others to talk about those events. and i was serving as attorney general. i remember being in my office

and learning that there were contacts as to what was going on there in my state. and i remember -- and our state police and everybody did an unbelievable job that turned that around to make everybody proud and we want to make sure that event doesn't occur. and i would like you to answer first because you have a time constraint, do you think we have the appropriate -- currently have the appropriate client among the people that are responsible for having developing and sharing the information necessary so that that information is flowing appropriately to get secretary idge's point, we aren't overly siloed. be it from a cyber perspective, a terrorism perspective, whatever these perspectives, it is making sure the information

gets to where it needs to get. and i ask you to talk about your thoughts on the current climate of the way that information is shared among the people that are responsible for sharing it. >> thank you, senator. i would give us, as i just said, congress.e-organizing it is sad that congress has a 19th century structure to deal with 21st century evolving-threats against our country. but on information sharing, it is a b. it's not an a. b. not an a. but the challenge was to break down silos and to create opportunities for people to actually know each other, which is one of the ways you build trust and enable information sharing. yes, there were mistakes in the boston marathon case. the tide list didn't get to the

right folks and the f.b.i. didn't follow up and a little of this and a little of that. however, once the event occurred , boston -- the surrounding p.d.'s, the state of massachusetts and all of our federal law enforcement agencies and homeland came together in almost a seamless way in using video, including people's hand held phones, they were able to focus on them quickly. that's why i say it's a a. after action, it was an a. before action, it was probably a c. this is improving. i want to mention that we haven't talked about and something i know a lot about based on my role on the advisory committee to the d.n.i. and some of these other intelligence places that i stay connected to, and that is the dark side of

information sharing is that it enables snowden or others to get too much information and to use it for evil purposes. our goal is to build the trust and horizontal arrangements and put in safeguards so people with bad not iffs inside or outside our system can't abuse it and i don't think we mentioned that and that is part of the challenge going forward. >> thank you. secretary ridge. >> well, i would have the great pleasure of working with congresswoman harman and grading on a higher curve than i would giving everybody a b. i'm not going to give them a grade but i'm going to address something i find troubling. going to the perception that d.h.s. didn't do its job. i remember after the detroit bomber and d.h.s. was criticized after letting the individual on

the plane and secretary napolitano was taking some heat. d.h.s. doesn't rely to provide information. and if the state department didn't give it to d.h.s. and customs and border protection, d.h.s. should not be held accountable but it seems from me to time they were. fort hood, the f.b.i. in two different venues that hasan was e mailing the radical cleric in yemen and d.h.s. takes the hit. why didn't they do more? that wasn't in their spot. they have to ask why they didn't do more. with regard to boston, i don't think that the f.b.i. is on a speed dial arrangement with the kremlin and i would like to know how often the kremlin picks up the phone and says you have a

couple of terrorists in your midst. i don't know how thorough that revelation was many within the f.b.i. i'm not faulting the f.b.i. i don't know whether or not the federal government germly including the f.b.i. took russia , the russian intelligence communication as seriously as it should have. there may have been other agencies that should have been involved. i think the response as congresswoman harman said was phenomenal. there were grants that wept out and program training that went out and done under d.h.s. but that is after the incident. and that's why information sharing is critically important. and to take this little step further. let's assume you break down the silos and there is better information sharing, someone has to look at classification. the easiest way for the agency to deny access to -- and i'm

concerned about state, locals and private sector to say it's top secret. no one want to look at it. i have seen a lot of things that were classified, top secret that i know you could have shared with folks that wouldn't do harm to sources and methods and i think classification is very important particularly if we are serious about information sharing down to the state, locals and private sector. attorney generals have to know more information. i'm one of those folks you can't secure the country from inside the beltway and the alphabet agencies have to trust high-level law enforcement members in all 50 states and territories with information about what's going on in their respective states. i venture a guess that you have no idea that all the investigation when you were attorney general of the

potential terrorism activity in your state. it is a huge mistake. people say somebody may reveal that information that was shared. we need to expand the network with fell o'-- fellow americans. can't keep all that information. that's my response to that inquiry and we need to look at classification because it's overly classified which is reason not to share. you have to trust fellow americans to help keep the country safe and secure. >> i know that my experience was that -- thank you very much. >> mr. chairman, i know we are out of time. we had the opportunity to be briefed and attorney general's jurisdiction is different. mine was different. and i think to get to your

point, others have made these relationships -- first time you are talking can't be after an event and talking before and having some trust and having seen somebody is invaluable once the event starts so there is no hesitation because that stuff has to get to the decision makers and to the rescuers and whomever else is involved. i appreciate your thoults. i'm over my time and i don't want to hold up senator baldwin, but i would like to hear from the other panelists, too. >> are you ok if the other panelists respond? are you ok with that? let's do that. we have a good flow. >> rather repeat some of the points that are valid that jane and the secretary made, let me take a different spin on this. when you look at counterterrorism and organized crime and illicit trafficking,

there are growing linkages there. whether you are a terrorist or a criminal, you have to do a couple of things that are advice i believe. you have to talk, move and spend money. and every agency operates on a case doctrine on how you manage hat and that case is usually confidential informants, sources and methods. they are trying to protect that. the problem is that our law enforcement structure in this country has evolved in this country against business lines of the bad guys, drugs, alcohol, tobacco, firearms, counterfeiting, intellectual property, all managed by a law enforcement agency. we are dealing with illicit networks that generate cash to perpetrate their regime and you have to attack the network with a network. the greatest case for information sharing and greatest case for a more and better

integration not only in the d.h.s. but domestically and internationally is to look at these challenges as network challenges and how do we move across dealing with their business lines which means you are taking down one franchise and not the root of the problem which is how the network sells threat financing, how the money moves and how they communicate. that is the number one cause for action on information sharing in my view. >> three thoughts on this. one that i offer only tentatively because i don't know the details, but i do remember when the old star nevada brother came back from russia, he came back from the russia and we had a chance to look at his electronics and we didn't do it. my impression is we didn't do it because the f.b.i. had closed

its case. and one of the questions i wonder about if d.h.s. deferred too much to the f.b.i. we have an independent responsibility to protect the united states and the fact that the f.b.i. closed its case is not necessarily a reason not to ask questions of somebody who has gotten the kinds of intelligence reports that tsarnaev earned. second, one of the things -- >> elect me correct the facts on that. your statement is in error. it was sent to the joint terrorism task force in boston but was not related to customs control at kennedy. >> there were failures of information sharing that cost us something and something significant. second, we learned after boston how valuable cameras can be.

they aren't valuable in stopping crime, but valuable in catching the people who carried them out. we learned that from the two bombings in london. and yet for a variety of reasons including privacy campaigns, a lot of cameras have not yet been installed in city centers. we don't need them hooked up or don't need to be watching them but need to be recording so if something bad happens we can go back and find out what events led up to that. we should be encouraging the installation of those cameras and if people have privacy worries, we should have them continually rewrite over their hard drives as opposed to send the data anywhere. and third, on the information sharing point, i thought jane harman was exactly right. information sharing creates

isks, creates snowdens and mannings, but they look a lot like the chinese hackers who have compromised computers. and same tools that help us to provide better cybersecurity and will provide us better audits and will protect as well because we will be able to tell whose accesses information improperly. one of the things that this committee could do, that d.h.s. could do is make it clearer to the state and local entities that get grants that they can use that money for cybersecurity, audit technology that will allow them to meet all of those requirements. >> thank you. >> senator baldwin, thank you for your patience. take as much time as you want. >> thank you, mr. chairman,

ranking member for holding this hearing. i thank our panelists and congresswoman harman for your service to our country. and i appreciate each of your sharing your analysis and appraisal of where we have come in the last 10 years and where we still have to go. i want to focus my questions in on the larger issue of cybersecurity and incredible increase in cyberattacks that we are experiencing. and i would like if you could and start with you, mr. baker, to talk about any distinctions that we should appropriately make with regard to economic cyberattacks versus the threat of cyberterrorism where the goal might be to take out part of the power grid, for example. and i would like to focus in --

you ended your testimony a little bit with the private sector being in a position where they have more intelligence on their potential competitors, but i think you were talking about economic cyber attacks in that arena. so the question i have is, what can we do better with existing authorities? and then the second question that i would like to hear from all of you about is, i don't know how long the journey will be until congress actually passes legislation on this topic to supplement the executive order and to respond to many of the issues that have been raised, but there has been lots of comment and secretary ridge, you talked about don't make this prescriptive or regulatory. i wonder if there is a

distinction we need to make when we talk about critical infrastructure because people depend upon that and it may be private, but it is to the public benefit without question. and should there not be some additional obligation, some prescription, if you will, because of the level of importance of that critical infrastructure? if you don't mind, mr. baker, i would like to start with your reflection on those questions. >> there are two big worries in cyber. e is what you might call economic espionage in which all of the attacks are aimed at stealing information. and we have seen enormous amounts of that aimed at practically at everybody who might be of interest to any foreign government with any capabilities in this area and

probably everybody on this panel and certainly everybody on this committee has been attacked in an effort to gather that information. that is a serious pandemic problem right now. sabteage or cyberwar, designed to break systems so they don't serve us is a very serious possibility. i'm not so sure about terrorism. i'm not sure it has been healthy for al qaeda leaders to use the internet in the past. but state-aided terrorism, if we actually did attack syria, i think you would have to worry that iran or hezbollah or some organization assisted by them would age in cyberattacks in the united states designed to cause failures in financial or industrial control systems and those could be very serious. all of those attacks tend to use the same basic techniques. you break into a standard

commercial network and try to hop to the industrial control network that you can break and cause serious damage. and so stopping the espionage attacks, making it much more expensive to steal secrets is our first and highest priority. under existing authorities, we do have authorities to investigate -- first, companies know a lot about who is in their network. i represent a lot of them and experts that they hire will say, oh, yeah, this is this unit of the peoples liberation army or some other criminal gang. we know by the things they're doing, and the code they are leaving behind who it is and will tell you what their tactics are going to be for the next 24 hours and what they are trying to steal and why. they know a lot just looking at

the activity on their network, something that may not be available to law enforcement. what they can't do is go to the command and control septemberers being used to steal the information. you need law enforcement authorities. law enforcement doesn't have all of the background information. we need to find a way to use existing law enforcement authorities and the existing resources and information that individual companies have to actually track those guys back ome and then begin looking for reasonably creative penalties that can be applied again, using existing authorities we can deny visas for any good reason. the president and congress can impose financial sanctions on individuals who have committed this kind of crime. we have lots of authorities we have not yet used. >> i think the progress that has

been made with the executive order that was timed by the president regarding cybersecurity and protection has taken a step forward. until you start dealing with the issues about proprietary data there is a hesitancy of the private sector to get on board. the conversation has been started in the last two weeks with the release of the draft, voluntary framework by nist is going to advance that discussion further. there are some critics that have said that is too general and not detailed enough to be effective. my position is you start with a 1.0 version and go to 2.0 version and having that conversation and involving the private sector is what is needed. if you look at this problem, this is a classic case of macroeconomics and what's the inherent government role and what should the private sector be doing. and there is not a consistency in the country about where those roles are.

whether the government will control that is a command and control system. i think to figure out a way to share the information that is held classified within the government and get it out to the people that need it if they are attacked and get the information out of them and potential civil or criminal penalties associated with that. i will say this and there are a lot of people out there trying to work this problem. i have had the opportunity over the last couple of years to work with an organization in pittsburgh. -3-c organization. and local f.b.i. office and have eveloped a way to create a metaphorical switzerland and the le of walking across

hall and undering the protocols and building trust and so forth. we have to figure out a way for the parties to come into an area where they are free of risk, organizational risk, to provide that information and exchange it. work. t going to and of all the conversations i have had regarding this complex problem. the organization has come closer to figure out how that works. and i would suggest the committee may want to reach out nd talk to them. >> quite a bit of progress has been made since the establishment of the department with regard to addressing cybersecurity, although we have to admit in 2003 when the enabling legislation was created, there was no one, i don't think, that was as totally as concerned about -- some may have been -- the emerging threat

about cybersecurity. we commercialalize the internet in 1992 or 1993 and it's the backbone of everything we do. so the sensitivity and concern with regard to zrishing between what is and economic inet and what is a defense or offense-oriented is a legitimate one. you have nation states, you have terrorists, hackers employed by nation states, organized crime. there are multiple challenges in dealing with this. even if we can attribute, if we actually attribute who the attacker was and maybe the determination of the consequences, what do we do about it? what do we do about it? that speaks to the kind of collaboration that focuses on information sharing in a true public-private partnership with the private sector rather than

compliance. with due respect to my profession, as an attorney, i don't see compliance lawyers as being the best means of assuring that we have enhanced our security in this country, because a regulation means there will be a checked block. and you did what the federal government did what they wanted you to do. and frankly, the technology available today, offensive and defensive as we speak is changing and it will be different tomorrow and the years ahead. i think the best insurance right w is to take the embrace whether it is pat gal ager from -- gallagher from nist who said let's continue down this path of setting voluntary standards that both the federal government and the private sector agree upon

and see how well they do about taking those standards and did he advising the kind of defense sfrarbg they need before we start thinking about regulations because i'm afraid -- i'm going to say this, congress, four, five years ago, appropriately gave to d.h.s. chemical facility, anti-terrorism standards and regs. three, four years later, there are a lot of people working hard on it. but that delegation of authority doesn't mean it was executed in the appropriate way. i'm simply saying for the time being, i think president obama said -- set it up with his executive order. we ought to let it come to fruition before we think about regulations. i might add, three or four critical sectors and i think you were alluding to them, financial services, energy, transportation. i must say from my experience,

these sectors have spent and will continue to spend hundreds of billions of dollars sometime on their own, sometimes in cooperation and collaboration with homeland security. but we have evolved a long way. i remember we created an emergency response at carnegie melon because this was a problem in 2001 and 2002. we will be dealing with this forever more. forever more. i don't think we will have a regulatory compliance scheme that will keep up with a dynamic environment. my recommendation, even though i think your question is important, i think we need to let the nist standards play out and push to far more public and private collaboration. my company deals with significant private sector companies that deal with cyber issues. and one is a multinational corporation and said, we have been hacked. and they said we know.

we are a tax paying group of folks, don't you think we should sit down and work together on it. focusing on collaboration and sharing rather than compliance is the best approach for the time being. >> do you want some more time? , want to preff as, -- preface you mentioned pat gallagher pat galer from nist and he said every now and then witnesses showed great wisdom and in his testimony before us, he said, we'll know we're on the right track when good cybersecurity policy and good business policy are one. that's what he said. that's pretty good. pretty good advice. we have gotten a lot of good advice here as well.

we also preface my next question by saying it's the anniversary of the 9/11. here we are maybe days before the u.s. could launch limited cruise missile attacks at some targets in syria. here we are knowing we are under attack, cyber front, 24/7. and we have an acting secretary of homeland security and we have an acting deputy secretary of homeland security. and just cries out for the administration and for us to do our jobs to make sure we have in place the kind of confirmed leadership that we need capable and confirmed leadership. that having been said, let me turn to a topic i just mentioned that is on our minds and that is the potential for military action, limited military action

in syria unless the country relinkishes its chemical warfare and dismantles its capability to create more chemical weapons. the prospect of using military force is a serious matter. the president visited our caucuses yesterday, the senate, both democrat and republican. i want to ask, as we are prepared to make whatever decisions we need to make in the days ahead in conjunchings with the president, it's important to get answers to a few more questions and i would like to ask this seasonned panel of national security experts for some of your thoughts. if the president does choose to take limited military action against the assad regime, what impact do you think that might have on homeland security? at should d.h.s. be doing to

preparing to prepare for potential consequences that would flow from u.s. action, even on a limited basis, against syria? mr. baker if you would like to lead off, that would be great. >> we absolutely need to prepare here by taking on syria. we are also taking on hezbollah and iran, backers of that regime, and if they choose to ry to make the united states regret the sanctions it imposes, they have very substantial capabilities. hezbollah has its own cruise missiles. and so a terrorist organization with that kind of capability certainly can develop and use cyber attacks or can send people to the united states to carry

out attacks. so we would have to go on a pretty substantial alert basis. they would be biting off a lot. they're already on alert against israel and fighting in syria themselves so they may decide it's not prudent to attack. we need to be worrying about defensive capabilities and for the first time we face the risk we will have a cyber attack in getting us to quit in engaging in military action. iran is widely blamed for a series of attacks on our financial institutions that have been advicebly punch-pulling exercises in which the attackers announce how the attack will last and what day it will happen. and obviously, they could do more and cause more damage. and again, iran having blamed us

for stocks net is going to be less constrained about using that kind of weapon against the united states on behalf of an ally like syria. so we will have to up our game both physically and virtually. >> thank you. admiral allen. >> let me start with the caveat. it has been several years since i sat up in the tank so i'm going to speak in general. in 't want to speak comments that wouldn't be appropriate. in regard to cyberthreats that could be generated by this, one of the problems, we are trying to evolve these structures and we talked about them extensively here today. it's tough to talk about how you would deal with one of these things when you talk about what you need to do and haven't done yet. advanced persistent threat is

discussed internationally and relates to what stewart was talking about. there are foot prints that are left regarding behaviors that go on out there that are indications of something that's going to occur and one of the things that changes need to be made and continue to be looked at in the executive order and in the standards and everything else is we need to move to continuous monitoring and after that we need to continually be able to look at the precursor or he contks being set for an a ttack. any threat situation and this one specifically, i think there ought to be a fine-tuning of our sensors of what's being talked about in social media and what type of activities are taking place. after 9/11, we talked about

chatter. we have a much better capability now -- we have a mismatch in computation, spectrum and band width management. we don't utilize against these problems. in this case, we will be looking at advanced persistent threat. they had to put the mechanism in place to do it. >> i appreciate the question and i must tell you, we have had long conversations about topics of national interest, i'm going to resist the opportunity to tell you how i think we got into this mess and how i think we ought to get out of it and answer your question exactly. it reminds me of the national security council over to what was then a small core staff between the time i was sworn in as secretary and the intervening six weeks before we opened the door on march 1, 2003, first day

of the department of homeland security. couple members of the national security staff came over and said very confident at the time we are probably going into iraq. we know you don't have a department but maybe think about the potential blowback in this country and what can we do to minimize the effects. it is appropriate to play the what-ifs and then respond if the if occurs. we have learned a lot since liberty shield. i think frankly, the state and locals are far better prepared. e know the many maligned colored-coded threat warning system, at least we know there are certain levels of security that are embedded in the federal government and even within with the state and locals and private sector, number one. number two, i think the most likely pushback would be in the

cyber realm. and to that end, again, it's a great place to suggest that this is precisely where the federal government should be sharing the preoccursors that it may know or the addresses that it has seen as it relates to the digital incursions that we have been hit with from the syrian army, perhaps hezbollah and the like. this is a classic example where we are more familiar with the electronic incursions directed at us from russia, from syria, et cetera, and precisely the time that that information should be shared with not just state and locals, but with the private sector. so long-term, i think we are far better prepared to respond to an attack because i think the word has been used, we are far more resilient than we were 12 years ago. this is an excellent opportunity

for the federal government to share the information that the private sector would like to check -- check that information against what they see occurring on the grid, the financial institutions and transportation, et cetera, to see if they are missing something and be better prepared if there is an electric thronic attack or digital attack if we go into syria. >> thank you for those thoughtful responses. governor ridge will take the color codes to his grave and the leadership we provided, i'm not so sure you can work that into tombstone. i say why do you spend so much time on postal reform. reform kidding on postal

on my tombstone and i thought what would be appropriate are these words, return to sender. >> it's a classic example, something that the congress will have to deal with, i believe. we know russia and china have cyberattacks as part of their warfighting strategy. this is a condition of not only military and diplomatic and business activity, international activity. but again, where you need the public and private sector to sit down and cooperate and determine if there is an attack, what are the consequences and who is responsible for returning it to sender. all of this has to be worked out. and again it just calls for collaboration and cooperation, communication and doesn't require for a regulatory scheme where you check the compliance

box and everybody feels safe after that. >> senator coburn. >> i think secretary ridge agrees with this. we spend billions on grants every year. is it your opinion that those grants ought to be risk-based rather than parochial based? >> absolutely. >> senator coburn, following the attacks of 9/11, i was the atlantic area commander. i was concerned about the posture of our ports on the east coast and put a team together that developed port security risk assessment model. we look at impacts trading off what you would protect in a port based on risk and consequence. i remember having a conversation with secretary chertoff about implementing that at a secretaryial level across the department to inform the grant

programs. and we had a pretty significant impact in doing that because there was logic attached to what we did. until secretary chertoff ran into the buzzsaw called new york city and we are stinging from that adventure couple years ago. i agree with you, it ought to be risk-based and conditions-based, based on local communities to adhere to the national incident management system. it ought to be linchinged on how they are making decisions on land use and reducing risk. there is every argument in the world to do that. >> one quick comment, i want to go back to the reorganization of congress and conjures up a couple of conversations we had where we are were trying to move it to risk-based. i think the department of homeland security and all of the agencies and the federal government is more susceptible to political medical willing and

interference. once we got into the second year of the urban security initiatives, we had the f.b.i. talk about in the intelligence community, really assess based on the prior year's intelligence gathering and try to come up with a risk-assessment models, the cities that were impacted. given the traffic. long story short. from one year to the next, we took several cities off because based on an analysis of the preceding year, they were no longer on the list. and human cry from congress that those who represented those communities, not deafening but fairly loud. not that we listened to it, but it ought to be risk-based and you are on something very important. but the whole system should be risk-based. >> one of the things that the president proposed is combining these grants together where you

have an efficient and effective grant program where you set metrics, transparency to it, you are following up and if they are not following what the grant was for, you jerk the money. so that we actually saved money by son doll dating the grant programs and -- consolidating the grant programs and have more money to go where the risk is and follow up with the money where the grant was for. they got a cold shoulder in congress and i got a cold shoulder when our committee marked up that we are doing things on parochial than risk-based. any recommendations on how we can accomplish that -- i don't know whether you agree with the president's recommendation of consolidating these grants and using them on a risk-based process. any recommendations, one, on how

we do that? and two, whether we should do it? >> one, without knowing the recommendation, it's very consistent with my thinking as of maturity10 years and 10 years of growth, growth hasn't met with becoming more efficient and effective. homeland security is about risk management and resiliencey and the dollars out the door are based on some kind of assessment and would be well to bring that philosophy to everything they do as well as the approach in terms of appropriating dollars to these grant programs. -- ight want to allow for i'm going to speak -- be interested in my friend and colleague, that had allen. i'm not sure we have done enough

with port risk, maritime risk. some of those may be two or three verticals and identify the greatest risk which would be the maritime industry and more on there. there are duplication of programs and oversight and everything out the door needs to be risk managed at this point. >> there was a port security grant program as well. and i would like to attack the larger issue that you raised. i was prone to support request for grants in areas where i saw that there was not only recognition of risk but a commonality of purpose and regional approaches and we saw some areas, one of them is houston where they came together and created a regional entity which they consolidated all their requirements that came in for a grant program. when you do that, that behavior ought to be encouraged. whatever you put in place and for, ll be a lousy meta

ut it's going to have a wall around it to be executed like the brac program. it's executed or it's not executed. and i don't know how you structure that in law but you are going to have a way to decide how it's going to be done, the criteria are established and the decisions are made, it's either up or down and can't be picked apart. the issues, i just -- i saw secretary chertoff get wire brushed up here, the political buzzsaw in new york. not to say that new york doesn't have problems, but that was a very, very difficult time for us in the department. >> i think admiral allen raises the point that is worth thinking about in terms of how much -- of your personal credibility and time you would invest in that because even after you've built

a pretty good risk system for grants, politics will not disappear and that risk system whatever it is is going to get distorted by the kind of politics that secretary chertoff encountered and others have. and so you may at the end of the day end up with a less mechanical system, but not one in which the politics have been eliminated. and at that point, it's possibly , you will ask yourself, how much did i achieve by introducing this risk concept. i believe in it, but in practice, i'm not sure that it works out as well as one imagine. >> thank you. my comment on that, is you need a backbone of the person who is running the agency and take the heat, but do what's right for

the country. when we have a bear cat garden newumpkin festival in keene hampshire and say what can we do to protect cybersecurity or advance, what else could be done? we are dividing up the pie and we are -- this country can't afford to do that. we don't have the pleasure of doing that. the next homeland security director -- secretary, that's going to be one of the equal fikes i'm looking for, are you ready to take on the fight to do what is best for the country and not what's best for the politicians. >> i think it would make the next secretary and future secretaries, backbone would be essential, but nice to have the institution that applies so much pressure, change in their jurisdiction so the fact that you can apply pressure

institutionalized, they are institutional-wide. you have a necessary oversight, it would be a heck of a lot of pressure if the decisions -- the legislative decisions that the secretary is obliged to follow is reduced rather substantially and therefore held accountable to senators coburn and carper. >> could i make one quick comment? there are a lot of different grants out there. i saw senator coburn making strong statements after the tornadoes in moore, oklahoma and respecting the earlier statement by jane harman in the passage of the emergency supplemental following hurricane sandy there were amendments to the stafford act that created more leeway and flexibility for local governments to deal with debris removal, where there was an

economic incentive for them to do what was best for them and preserve the funds and allow them for another use. there may be some utility in looking at what we were able to do. and i realize that was an unusual way to america the stafford act. but there may be insight to gain how you can empower local communities with an economic incentive for them to do what is right and build off a concept like that. and i congratulate everyone on that piece of legislation, by the way. >> it was back in march dr. coburn and i held a hearing to examine the progress that has been made and some of the challenges that still remain within the management of the department of homeland security. i'm sure that all of you are aware of the latest high risk report from g.a.o. that the department had made considerable progress in integrating its

components, moving toward -- actually having audittable financials. but the overall management of the department remains on g.a.o.'s high risk list. and i have been real impressed by the efforts of the department's leadership to address these management issues. with the changing of the guard, impending changing of the guard at the top of the department, there are still a bunch of questions about how the department can sustain and build upon the work of secretary apolitano and i hasten to add the deputy sec retear as well. what do you think are the most urgent steps the department should take to develop strong management institutions and practices, to further develop those practices? and are there any legislative

steps that come to mind that those of us who serve on this committee and our colleagues ought to take to strengthen the tools and institutions that the secretary needs to manage the department? and last quick question, you were there, i think, when we cugget the ribbon on the new coast guard headquarters, were you there? >> i was not. >> that was a special day, wish you could have joaned us. but how does the consolidation of the headquarters at st. elizabeth's play into management improvements? those three questions, if you'd loik to take a swing at those. hree strike three pitches. >> i'm not -- i'm familiar with the report, not the contents of the report with regard to management. i've often said that the

department of homeland security from the get-go had two responsibilities that it had to deal with simultaneously, one, build a safety and security platform to teal with risk and resiliency, the other was business line i want greags. it's a business. it's a budget that's doubled. you've got a couple hundred thousand employees and one of the way, one of the regrets, and it's something you couldn't do anything about, if up fwoning to merge 20-plus agencies with multimilli measur, multiple procurement requirements, etc., in the private sector, you would have had at least a year or so by the time you got all the federal state and regulatory approvals because homeland security is all about mergers and acquisitions and startups. and the situation around those hasn't improved. i frankly don't have an answer. i think we've had some really good people here trying to get

those things done but absent buy-in from some of the management changes and the restructuring they might recommend, and that is buy-in by the congress of the united states, it's difficult to make reforms. i think -- it's not just endemocrat toik homeland security. i just truly believe that there are still silos within that agency that will require -- that have to be merged and it can only be done with legislate i oversight and direction. i like the notion of con sol dating, i hope you find money to build out st. elizabeth's, because as secretary, when we would have periodic meetings with the leaders of really five or six muscular agency, they talk about 20 departments and bureaus but there were five or six that provided most of the employees, the rest were bits and pieces from other units of

government, and to troy to pull your leadership together a couple of times a week, taking them from their offices and bringing them over and sitting down for two or throw hours a couple of times a week wasn't a good use of their time or ours, develop the day-to-day working relationship that i think congress wanted when they put these agencies together. it was tremendous opportunities for disparate pieces of homeland security and it's condition been demonstrated with coast forward and border protection working with i.c.e., i think you've got better management if you get chief ads of the entit interacng on a day-to-day basis rather than pmeal. i think you get better management and efficiency if the restructuring that's been recommended by some -- some of us from the outside and department of homeland security is put into law. >> thank you. >> mr. chairman, this is an

area i've got a great passion about, so don't feeled a babt cutting me off hear. let he -- don't feel bad about cutting me off here. let me start with, we had the legacy departments but one thing that's been insidious for over 10 years, i know this from talking with staff and the appropriations committee, we took staff from the treasury, justice and so forth and moved them to a single committee. there's no comparability between the components of what's an operating cost and capital costs and you can't trade off on components where you want to make investments. i have said it in several hearings here and before the house, you have to get down to blocking and tacktology take on the issues in the department and the first should be to standardize the appropriations structure and how the budget is presented to congress so there's comparability.

congress can't make good decisions unless there's more transparency and comparability across the department that leads to financial management and a better insight into how you're spending your money thafle got a qualified opinion on their audit. the coast forward got a qualified opinion. the fers mill tear service to do that. that should be taken as the floor of the minimum expectation, it needs to move forward. you start to talk about the integration of systems, three major financial mat forms used in the department right now. there's going to be a look this next year at shared services, maybe a better way to do this. all that has to come on the teable. we've got to look at trying to integrate this enterprise and make it run efficiently like it would if you were running a corporation. regarding st. e's, i have to sit on my hands. i was the commandant when we made the decision to move and all i said was, i can support this, i'm behind it, but i don't want to go there without the secretary.

i'll leave it at that. the issue with the federal buildings funds, how this whole project has been funded, is used with the department of, the district of columbia planning entities, but the overriding imperative to have a central operations center from which the sec retear an corpte and make -- can operate and make decisionss a prary need in thisepartment. it is in my written testimony, i w't belabor the fact here, a national suation center, absolute imperative moving forward. >> all right, thank you. >> i certainly agree with admiral allen on st. e's. they say in washington that where you stand depends on where you sit. and i do think that if d.h.s. sits together, they're likely to stand together much better than they do today. and so the -- to the extent

that we can get everybody in one place, we're much better off. i, too, am reluctant to make suggestions were changing the the tail os management in a department i left a few years ago. i think that there are probably some opportunities with respect to the quadrenall homeland security review to turn that from an exercise in which we look at some very interesting and difficult issues into something that turn ours budget into a multiyear, thoughtful priority-driven exercise rather than something in which we say how much do we have and what can we cut? and to the extent that authorizing legislation can move it in the direction of actually influencing budget decisions, i think that would be an enormously effective way of dealing with the looming crisis we have with respect to appropriations for everybody.

and making sure that the cuts are much smarter than they otherwise would be. >> thank you. before we -- let me just telegraph my final pitch, that is, sometimes we have a hearing leek this. i like to invite our witnesses just to give a brief closing statement, just a couple of thoughts if you want to pull together or just underline a few things and leave those for us, i would welcome, i think we would welcome them. let me yield to dr. coburn for any last comments. >> mr. baker, do you want to give -- >> mr. baker, do you want to give us a closing thought or two before we wrap it up? >> nothing has made me prouder or caused me more frustration than my service at the department of homeland security. i am deeply fond of the institution and i believe that

it's making a major contribution to the security of all americans. it has changed our approach to the border in ways that nothing else could have and that has paid dividends in almost every terrorist incident that has been planned or launched against us since 9/11. we need the department but we need it to be better and we need it to be more organized, more consolidated, more coordinated. that's the biggest challenge that the department faces. we've gotten by with three great leaders, but we can't count on personality-driven unification forever. we need to institutionalize it. it's a big challenge, especially with the oversight authority that exists but it's a challenge that you have the

sword, i'm sure, of everyone on this panel in your effort to accomplish. >> thank you, sir. >> mr. chairman new york rashed to some of the mission areas we have talked about today, cybersecurity, comprehensive immigration reform and so forth a lot of that is going to necessarily involve the congress to do that. i sit on the advisory board of the comptroller general so i'm awear of the risk areas. i believe when it comes to internal management of the department of homeland security there are adequate authorities in the secretary, administrative space to operate, i think there needs to be a serious discussion about conditions of employment and a management agenda related to mission support activities and functional integration in the department for the next leadership team moving in. they ought to be clear and istinct and enforceable in the budget and laid out with met recks. i do not believe legislation --

legislation is needed to take kear of improvements the department could implement immediately. >> governor ridge? >> when we look back on those days, there was much debate on the hill as to -- we look back on those days when there was considerable debate in this town as to whether or not we kneed a department of homeland security. i remember my friends on my side of the aisle said we were creating a brand new bureaucracy of 180,000 people reminded them and hope they believed me that we were going to consolidate positions from units of government that had the responsibility of protecting our borders. long needed in the 21st century world when the interdependentcy of the marketplace and the information sharing for law enforcement purposes and the interdependentcy of countries with regard to security is part

of our daily lives and how we're going to live. we are interdependent. i think congress did the wise thing. enge two things, we brought together the right agencies. the department has evolve and matured and i'm reminded of sean o'keefe's phone call to me after he was the announced as the president's next nominee to be secretary of the department of homeland security, he said, a couple of decades ago there was a smallering a gation of responsibility that created nasa. decades latering i still see the vestiges of culture in silos in this entity and organization. so one, i don't think we should be surprised we haven't made as much progress as we all think we need. we're not as efficient as we need to be. we're not as risk managed and risk based as we need to be. i don't think nick is wrong with the management structure, i think there needs to be efforts to oversee the oversight of that structure to hold both the congress and the

department far more accountable for the outcomes we want. at the end of the day, enge you've touched on some very important issues and i'm proud to have spent time with these panelists. it is about information shearing, resiliency, it's a about a risk-managed approach. i would hope you can resolve these issues. i realize that again, ironically enough, the issues that i just raised aren't necessarily all within the excuse i purview of this committee. -- the exclusive purview of this committee, which i think speaks to one of the challenges the congress has. i'm proud to have been the first sec retear, i think they've made progress, i'd like to see more. i don't believe that just because it's gotten bigger it's gotten better. it's not due to lack of desire but i think it's clabreags between them and congress that

i think is essential. the goal is the same, make our country safe and secure and do it in a way that's consistent with the constitution and rule of law and the big challenge associated with that has been with us since 2003. with the snowden revelations and the vast impact of the digital world and cyberworld that challenge to maintain that -- the privacy of individuals and the protection of these rights under the constitution becomes more complicated for this committee and for the congress of the united states. i look forward to future invi takes to share my point of views with all of you committed to making a stronger and better department. thank you. >> we thank you for this day and thank you for your preparation for this day and for this conversation. and for your continued service to our country. i have a closing statement i'm going to submit for the record and i'll just say this, i think some remarkable progress has

been made in the 10 years that has passed. thank you for that initial leadership, tom, as this department was launched and for admiral hollan and mr. baker for your -- holland and mr. baker for your great leadership as well. this is as much progress as may have been made, there's clearly more to do. it's not a to imto rest on our laurels. i'd like to say that everything i do, i know i can do bert. clearly the same is true in terms of protecting our homeland. so we leave here knowing that on this very special day, we've learned a lot of lessons and i think we take a lot of the appropriate steps to secure, better secure our nation but obviously there's a whole lot ore we can do. dr. coburn gave me a good idea

earlier this year, that we should do a top to bottom review of the department and fund that to department. this is enormously helpful to us in this process. we thank you for all that and we thank our staffs for pulling this hearing together. you have done a great job, we're grateful to each of you. having been said, the record will remane open for 15 days until, i think, september 26 at 5:00 p.m. for the submission of statements and questioners in record. that, again, our thanks and our thoughts and prayers for those whose lives we remember today. god bless. thanks. we're adjourned. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2013]

>> at today's white house briefing, press secretary jay carney answered questions about the proposal that syria give up control of its chemical weapon stockpile and one we question was whether the proposal could be used as a delaying tactic. >> when you need to see diplomatic progress? >> it obviously will take some time. there are technical aspects involved in developing a plan for securing syria's chemical weapons and verifying their location and putting them under international control. secretary kerry is leaving for geneva, as you know, at the president's request, to meet with his russian counterpart, where they will discuss this matter and each side, the american and the russian side, will bring technical experts,

they'll bring a team a delegation, to evaluate the proposal and to assess paths forward. so i expect this will take some time. but we also are not interested in delaying tactics and we believe it's very important to hold assaad accountable. -- assad accountable. what is clear as the president made clear all along, the potential use of limited military strikes by the united states was in response to assad's use of chemical weapons. it was not as he said an effort to involve the united states militarily, directly in the syrian civil war. it was not designed to precipitate regime change. it was around the question of chemical weapons. and if assaad's chemical weapons stockpiles can be

secured and removed from his possession, absent military force, that would be a good thing. >> but -- in talking to experts it sounds like this could take month os years to carry out so don't we need to give some sort of firmer timetable for when you need to see progress? otherwise this could drag out and become a delaying tactic. >> this initiative has been presented only in recent days. we are deploying the secretary of state to meet with his russian counterpart in geneva and these discussions will take place. there are discussions in new york at the united nations around framing a united nations security council resolution on this issue and on the removal from assaad's -- assad's control of his chemical weapons stockpiles. i don't want to suggest, because it's certainly not the

case that we are interested in delay or avoidance of accountability here. and you know, there are steps in this process, if it were to succeed, and that is obviously demonstration of sincerity and verifiable way to secure the weapons, and remove them from assaad's control, ultimately to destroy them. and the fulfillment of that process would certainly take some time but the implementation of it, you know, could begin, obviously before its completion. and we're going to work with the russians, it would be irresponsible not to explore this potential diplomatic resolution of this very serious matter. >> learn more about -- now more about chemical weapons use in syria from this morning's "washington journal."

host: our conversation continues with congressman grijalva of arizona. what are your thoughts on the president's speech? guest: i thought it was necessary and appropriate he gives the idea of forceful diplomacy a wider breadth of the international community involved in disarming the chemical weapons assad has, looking for a negotiated settlement to that civil war, i think all those options are open now and many of us believe that relying solely on a military option was both -- in terms of foreign affairs a mistake and in terms of the country's will to do that, a huge mistake. host: "the wall street journal" differ this is morning, their eder to -- -- edtorial --

guest: i think that the fact that the united nations is involved, the fact that russia, the biggest enabler of assaad -- assad and china both understand that the option available was not a good option and that it's in the best interests of the region to disarm. i think we need to let diplomacy take its course here. that's what many of us asked for from the beginning, from the first initial conversation the president had about limited strike and military action that we had to let diplomacy run its course. i think we have history to look at. every pre-emption, every unilateral action in that

region by our country, has only deepened the quagmire we have there. and nobody defends assad that's opposed to military action. what he did was criminal, it was an atrocity against his own people and he needs to be punished. but for us to continue as a nation to be the sole intervener in that region is not the solution and while people may differ on the options before us now, initiated diplomacy by russia, it is a step that i think the president is wise to pursue. host: congressman, we'll pick up on that component you just made but first we want to go to the white house this morning where in washington and in new york they are marking the 12th anniversary of the september 11, 2001, attacks. we are expecting the president momentarily along with the vice president, the first lady and dr. jill biden to emerge for that moment of silence.

[bell]

bell] taps playing]

host: president obama, first lady michelle obama, vice president joe biden and dr.

jill biden along with their staff and the military observing a moment of silence, marking the terrorist attacks on september 11, 2001, 12 years ago, when the first tower in new york was hit, simultaneously in new york, they, too, observing this anniversary 12 years ago at the site of the memorial in new york city with families and crowds gathering there, they'll be reading the names of the victims from the 2001 terrorist attacks. we will have coverage of that as well if you go to our website, c-span.org and we'll be covering the pentagon memorial that will take place at 9:30 a.m. eastern time on c-span3, the president expected to atend that memorial as well and this afternoon the president will be taking part in a service project to mark the anniversary. back in studio here with congressman raul grijalva, democrat of arizona, let's get

your thoughts, congressman, 12 years later after the september 11 terrorist attacks, what goes through your mind? > you know, that -- that attack, i think, changed in many ways this country fundamentally. the effect of that attack has changed the way americans look at the world. and you can see it, the security, the readiness that this country goes through, the surveillance debate we continue to have, but through it all, i think the resilience and the persistence of the american people has also shown through. i was running, i think for the first time, and there was a forum, the day after, and nobody still understood the implications. i think one of the first questions was, should we go to war? i think the response i had,

against who? do we need to punish those who did this? absolutely. but if it's a nation state, which one is it? i mention that because that started this esnowball with iraq, afghanistan, and this whole debate about syria, you know, that memory still lengers. that history is still with us. and i think much of the resistance that the president received on this issue, and it was overwhelming opposition, was based on history, yes a little weariness and tiered but enge people looking for outcome. when are we done with this? and that's an impossible question to answer but at the same time, i think it's a legitimate question the american people are asking. >> before we went to the white house you had said you applauded the president for asking congress to delay this vote on a military strike, let the diplomacy maneuvering run its course. how long is that course in your

mean? >> i don't know. i really don't. i think there's benchmarks, a week, then adegreesal benchmark bus if there is significant, verifiable progress going on in both the december arming and the destruction of those weapons with oversight by the united nations, i think you set benchmarks and keep moving along. it is an opportunity that i think we can engage in a broader, unified front as opposed to a unilateral front. host: as it makes its way through negotiations and potentially through the united nations to some sort of resolution, if russia ultimately blocks whatever is put forth to the united nations, then what? guest: i think they've taken it a step too farring they've become willing partners in the idea of diplomacy and disarmament and for them to go

back to being enablers of assad without that enforcement, it's not only the opinion of the world, we've brought in the united nations, they've taken a step too far to back away. that's my sense of it. but this is something that we are so close to engaging in another military action in the region, everybody wanted to step away from it. there's self-interest for russia, a self-interest for china, that's part of diplomacy. and there's a great self-interest for the united states and that is to uphold the convention against biological and chemical weapons but also to be seen as a stabilizing force in the region rather than the military intervention, and our reputation proceeds -- precedes us on that question. host: if russia blocks any motion on this front, is that enough for you as a democrat to say, you've exhausted all the

ptions, i'll vote yes on attacking syria. guest: the military intervention for me isn't a last resort, it's a resort we shouldn't pick. host: for you it's not even on the teable. guest: hasn't been on the table from the againing, won't be on the table. i'm glad we're in this pause, for lack of a better word, because myself and other colleagues believe this can be done with diploma se, we'd like to see an opportunity for that to work, we believe it condition but by having the option of military action lingering out there takes away from diplomacy. host: you're co-cheer of the progressive caucus. do you believe the majority of the progressive caucus agrees with you that the military option should not be on the table at all? guest: i think the majority

does but like any caucus we have different points of view. we have differences on this issue, just like many of our colleagues. and a is an issue political spectrum that has opposition from my very tea party republicans to many of the -- the majority of us in the caucus to centrists and moderates as well. and i think we might come at it with some value issues attached but public opinion, anybody that was home on this break and spent the last two weeks at home as this issue began to grow, for nothing else, response to that public opinion is i think also motivation among a lot of my colleagues. i realy believe a resolution for -- that was on the table, up until yesterday, would have failed in the house. host: do you think the president ever has the vote in the house for military action? guest: i think the last

question you asked me if everything else fails, then what? if we get to that scenario it could be a different mixture. host: we're talking to raul grijalva, co-chair of the progressive caucus, in his sixth term in the house of representatives. if you have questions or omments for him call us. dave is up first, in new mexico. caller: how are you doning today? host: good morning. caller: i worked in the mideast and i'm familiar because of my military background with nbc which is nuclear, biological and chemical warfare. a lot of films we saw on the air, ok, were sort of -- didn't represent the nerve agent gas, ok, that they said caused the

problem, caused the deaths of the children, ok. my work in the mideast has taught me something, we can't think -- we can't think of the area, ok, can't think of it in terms of the way we think of it, we have to think of it in terms of the way people in the mideast think of the situation. right now, and i'll be honest with you, there are two things that come to mind, ok. one, ok, what they say in the mideast, the enemy of my enemy is my friend, ok, or my ally. ok. unfortunately, unfortunately, in the situation we have it, state sent sec retear of misrepresented it, the two major forces are al qaeda and -- they've come over from iran and iraq, ok, into syria, ok. and those are the factors of the rebels. so basically, using their own

way of thinking, the enemy of our enemy is our enemy. so either way we go, spending american wealt or american lives, ok, we're going to end up with the same situation we have in libya. host: all right, dave, i'm going to leave it there. guest: in terms of what happened to the 1,500 folks, 400 or 500 children, i don't doubt the veracity of secretary kerry or the president on that. don't at all. i haven't done a lot of second-guessing. it's a fact. and that fact is the decision to try to have military action, that same fact has consequences to it and like i said, understanding that that occurred, the violation of an international treaty with more reason, you need to have the

hague, the international court, the u.n., an the international community because this atrocity is against a fundamental treaty everybody believes in. i'm glad there's some international pressure building on that because it is an atrocity. with regard to the opposition, for lack of a better word, to the syrian free army, it's a mixed bag and i think our involvement in supporting the opposition of assad has to be a very well done support basis so we don't end up in a situation that the very people we supported as we've done in other parts of the mideast and afghanistan in particular, we end up fighting them after we armed and trained them. i think that's another historic lesson i think we need to be particularly conscious of as we assist the opposition.

host: we have a tweet. host: daniel from waco, texas, a democratic caller. caller: good morning. host: go ahead with your question or comment. caller: do we have an extensive plan to get out of, like to go in and get out of syria in like, i mean, military strike, where does that end, really? know what i mean? host: congressman have you asked those questions? host: the progressive caucus sent almost four pages of questions to the white house, outcome, exit strategy, how long, what's the intensity of his, everything from cost both politically and diplomatically to fiscal costs. we asked those questions precisely to know what the end game is because i think if there's a unified criticism of

the discussion the administration has had on this issue, yes, there needs to be a punitive -- the point is there has to be a punitive attack on syria and the assaad government so they stop utilizing these chemical and biological weapons. given that, what's the end game. what is the end game for the united states, for the military, and quite frankly for the stability of that region and there's no answer. -- n twitter, guest: a senator said something him day, all eyes are on an his -- and his government. i think if there's a deterrent to assad in the future using these it is the fact that russia recognized as their

enabler that this is an indefensible position that assad has taken. and i really think that worldwide attention and now a more unified front against syria and the use of those weapons, i think that's a very, very effective deterrent. host: how many briefings have you attended? guest: one. host: what did you learn? guest: like i said, the verass the of what happened i don't question and enge that's what i took away from it. you know, what happens next kind of questions, and why -- what other options kind of questions that many of us have, the point was to promote an option which was a military streak, limited. some of us had other options that we wanted fully explored. host: will you attend more briefings? are there plans for me?

-- for more? guest: i think if they hold them, absolutely. enge it's our duty to be informed on this. host: let's hear from a republican, chuck. caller: we're facing an unprecedented debt ceiling in the united states. we're asking syrian rebels who we were supporting to overthrow assad. a lot of these rebels are al qaeda and we are supporting them. it's almost a double edged blade here. we don't have a clear enemy in this conflict. why do we have to play world peace? why is this our duty to spend american money and spend american lives to try to have world peace in a conflict that has nothing to do with us, has nothing to do with any of our interests at home? guest: i would generally agrow with you on the premise of the

oint you're making but i think as the leader of the world, this nation has an appropriate role to play in this country on issues of genocide, on issues of starvation, of human rights violations, if we could be a compass, morally speaking, to right some of those wrongs, then i think our diplomatic and humanitarian intervention on those issues has to be a constant. if we've learned anything from e syrian issue, it is that our partnering with the united nations in a more fundamental way, i think, is for the future. i also agree with you on one point, we have some domestic issues in front of us, the debt ceiling vote coming up, the continuing resolution on the budget and then we have

attempt at the grand bargain, sequestration hits again, march 10, additional cuts will go in place. and that's a huge domestic issue. and something that shouldn't be forgotten, which i think is equally a huge domestic issue, is what progress is going to happen with regard to immigration reform. those two domestic issues continue to be a priority and you know, this break, this pause, perhaps will allow the members of congress to refocus on those issues that are on top of us. host: on those domestic issues, writes hington times" this --

guest: i don't believe that. i don't believe the rejection would have occurred by the house of representatives of the syrian resolution to unilaterally bomb and have that attack would destroy the ability to move forward. you know the -- the point of contention is in the house of representatives with immigration and the budget. the point of contention is with the republican leadership in the house on both of those issues. and the roadblock and the barrier to move forward on those issues rests there. it rests with the majority of the majority, ideas, and not bringing something to the floor that congress can work its will. and i really belief if something rationalas brought to the floor on immigration

reform it would pass but it's got to come to the floor. no amount of anything the president can do to some extent is going to change that dynamic, which is house leadership avoiding two critical issues. we're going to fool around and pretend that -- use a gimmick to fry to pretend we're not funding obamacare in this next round. we still have sequestration numbers, which is going to cause the vast majority of democrats to vote against it again and also real issues that i think boish efforts and some conclusions to work it out in thed my very to happen soon and until that leadership realizes there is a will that needs to be worked out on the floor of the house, that's where the stopgap is. host: chad in nashville, tennessee, you're on the air with congressman grijalva of

arizona. go ahead. caller: congressman grijalva and the rest of the democratic party want to neuter network and say that under no circumstances, what he just said, it's always off the table to use military force. this is why america is losing face in the world. this is why we're not going to be able to stop terrorism. terrorism is going on right now , look at benghazi and fort hood, though they call it workplace violence, we know it was terrorism. we have an administration that basically agrees with this representative and you know, then he gets on here, wants to blame republicans for everything. until we can actually confront our enemy and do something about it, as long as we have people like this, we're not going to get it done. uest: you know, i believe that

a retaliation or military action on the part of this government is not a conclusion that i would never support. but you know, the prevailing rationale for it is not present here. if my friend will remember history, we've seen this movie before. president bush, unilaterally, iraq, weapons of mass destruction, all that proved not to be real. not to be factual. and there we are 12 years later trying to extract ourselveses from a situation that we didn't belong being in. so for me to always doubt, for me to second-guess and for me to want validation and verification of a military action, i think is not cowardly, it's prudent and smart.

host: don in indiana, republican caller. caller: congressman, thank you for your interspectives and sharing those with us. i have a question regarding u.s. efforts in humanitarian aid to the victims from the use f sarin gas. that gas is readily neutralized with an antidote and i would imagine that our military has uge stockpiles of that antidote and i have yet to hear anyone offer solutions to defend anyone against the use of sarin gas in syria and would like your comments on that and as well as an understanding as to why this matter has not really seemed to be of an importance from the humanitarian standpoint? it seems to me, rather than supplying the rebels with our

missiles, that it would make more sense as a frontline defense to supply them with an antidote to the sarin gas. thank you. guest: excellent point and i really don't have a good response as to why not and what the ongoing efforts are. it's a valid question and certainly something that, thanks to you, i'm going to spend some time finding out about that situation. the humanitarian support we need to give the syrians, two million in jordan living in camps plus the toll of the civil war and what it's taking on families and children all across that region there is a humanitarian agenda we haven't talked enough about and obviously the caller's point is well taken, that in any conflict and in any area in which we are seing the kind of military action back and forth in the civil war in syria, there are casualties and the

casualties are the two million in jordan, refugees, and the people affected by these attacks. i think that requires a lot more attention and i appreciate the call. host: have you heard from representatives of jordan, israel, turkey, those countries in the mideast that are being impacted by the situation in syria, have you heard directly from their representatives? guest: not directly from their representatives. obviously from constituents that have points of view, we heard from -- i heard from the syrian community that felt strongly that the attack needed to occur for the protection of people. jewish american folk that felt that the attack was necessary because it would proside some -- provide some protection and deterrent to iraq. e also heard very strongly the point of view that we shouldn't. it's a difficult question

because constituents do call us t representatives from those governments or organizations, no. host: we'll hear from glenda, next. where are you calling from in caller: arkansas. host: ok, go ahead. caller: ok, yes, my thing about it is all those children and women and those men that have been affected by the gas, how come we're not over there, we're talking about it. we're not over there actually oing something about it. do have a -- we do have military that can go out there. we do have everything set up. do have the antidote, we do have it all. why not go out there and help the children and the women? that's what the army is about. i was in the army, the army is about winning heart and minds

and souls of women and chern and all the public. so why are we not helping them when the simple fact is they're being infected by everything, the poor children, i mean, we help the hungry, why not go over there and help them? host: congressman? guest: there's a moral issue here and a humanitarian issue and my own onse to the caller is that, now that the united nations and the international community is positioning itself to intervene in a diplomatic way, part of the diplomacy is to provide direct assistance to victims and humanitarian support. i hope that becomes something we do. i think it's difficult for the united states to put boots on the ground in the middle of a -- involve itself in the middle of a civil war and think that we're going to easily be able

to extract itself from it. even the president said the strike was about an aerial strike a missile strike but not boots on the ground. i think that would be a huge mistake for us to physically have our men and women in uniform be part of a combat operation or a relief operation in syria. the messenger: mike on twitter has this -- guest: no. i think -- i've heard that outside of briefings. i've heard the role of iran and the support that their providing assad and that what s survival emboldens iran is doing or not doing. i think -- i said at the beginning of this discussion that it's a regional context we're dealing with here. i still believe that.

in terms of whose proxy war it is at this point, that's something i can't answer and i - i don't want to guess at it. host: tall has lee, frea, independent caller. caller: i don't think we have any business going in at all. i'm a mother. if they you know, were going to kill my child with some kind of gas that's going to upset me but me as an american and a mother and a taxpayer, i don't want to go in there and indiscriminately kill all these other women and chern. we're the bad guys. we did it. you can't kill people to save people. that doesn't make a lot of sense because we're the ones that are going to get blamed and we get blamed for everything all the time anyway. doesn't matter how much we try to help. this indiscriminate just going

in there, making a military streak and being responsible for killing these chern we're supposed to be trying to save, to me, is nonsensical. absolutely doesn't make any sense and it didn't take very long before i see that the congress and everybody is being blamed. showed obama what a leader does. that's why we're in this trouble. he's not a leader. he true the red line but now he opportunity want to take responsibility. guest: i think the administration has called it bad sequencing, how this thing developed. whatever you want to call it, i hink the fact remains that i admire the fact, in our business, you make a decision,

it's not going well, it is the wrong decision and people have a tendency to double down on the bad decisions. i think the president is stepping back from that brink yesterday, bringing the vote to congress, i think showed leadership because it showed that he has been engaged fully. i can imagine the conflict when you're going through something leek this, i think this pause this step back from the brink is a good development for all of us and we should take advantage of it. i also think that any time your only option is military intervention or a strike that you take in all the other options off the table, the veteran that called and said i've served and talked about hearts and meends, that's off the table. now all we have is military interveng. host: one last phone call, eric in california, independent

caller. caller: hi. i'd like to know if the congressman believes that if assad was to use weapons, chemical weapons, do you believe the president has the right to use force without the approval of congress and also at this component in time do you think that maybe the elimination of assad, i don't know if that's a primary thing for us any anymore -- for us anymore, just to have him get rid of the weapons is an important thing, especially in context of dealing with iran and them getting rid of their nukes. i'd like your opinion on this. guest: the second part of your question, a negotiated settlement to end some of the strikes in syria, we had winners and losers up to a few weeks ago and assad cooperating united nations, that's

an issue, enge that's a point well taken. we -- i n't think that think that's a component well taken. i also don't think that we as a country, are seen as leaders. , we are thentry harbingers of what happens next. we are willing to participate in a polite effort to end this and importantat it's leadership. it opens up an opportunity for us on a diplomatic front that did not exist until yesterday. >> thank you. up, the september 11 memorial ceremony in washington. common committee on national security threats. the naal