it shifted it to our favor and put it where it needed to be. dave petraeus said that turned iraq around. it shifted it to our favor and put it where it needed to be. 22 cryptologist have lost their lives in iraq and afghanistan. they are the heroes. not the media leaker. they are the ones that pick the flag up for the folks in new york and he did what our nation needed them to do. but they did more.

it is almost like the ginsu knife. that is a joke. [laughter] they did more. we understand our job is to defend this country. it is a noble mission. i look at the folks that do this every day and say, these are great americans. what they have done is they can see what the terrorist's are trying to do coming into the country and what we were blamed for as an intelligence community was not connecting the dots. the fbi had one set of data, the cia, nsa, and other intelligence agencies, another. and we were blamed for not connecting the dots. so we said, we need the ability to connect the dots. we came up with a couple of

programs. business record fisa is the key to connect the dots. that is the one we need to focus on here today. what is that all about? how do we connect the dots with this? what is it? it has been sensationalized, that we are listening to americans phone calls and reading e-mails. that is flat wrong. under fisa, we would have to have an individualized warrant to do that. our job is foreign intelligence. what we do need is detailed records that we get into 15.

we need those to connect the dots from what nsa can see overseas, to get that to what the fbi can seek -- see here in the states. those detail records include the two, the front, the duration, and the daytime call. there is no content. there are no names. just the numbers. that is it. that is all we asked for. that is what the courts gave us. judge egan wrote a great 29 page opinion on this. you ought to read that. what do we do with that? terrorist are trying to do something in this country and we can come up with a reasonable suspicion. we can then take the number, open up the box that has all the data in it and look into it.

in 2012, less than 300 numbers were looked at. that is it. that is what we need to connect the dots. that will tell you, although i cannot go into detail, it provides us the speed and agility in crises like the boston marathon. and the threats this summer. what is hiked up in reporting is when we are listening in phone calls, we are reading e-mails. that is not true. there is a great saying. all that it takes that will be able to triumph is for good men to do nothing.

we have to connect the dots. we live in a great country. we really do. we are blessed. we really are. in the last week, over 950 people were killed in kenya, syria, iraq, yemen, and afghanistan. by terrorists. we are discussing more esoteric things here. because we have stopped terrorist attacks here. we are fortunate. it has not been luck. it is our military and the intelligence community back

here. it is nsa, cia, dia, and fbi working together with military and state and local law enforcement. they keep us safe. they cannot do without tools. so we are going to have a debate in the country. do we give up those tools? i am concerned we will make a wrong decision because the facts are not on the table. you have to help us get the facts out. one of those sets of facts is, what about compliance incidences? what is one and what do you mean? what are you doing? it sounds to me like you are out of control.

i get this a lot. there are two sets of authorities we operate under. overseas, we call it executive order, 1, 2, triple three. over the last decade, we have had 12 willful violation in the area. where people, normally sitting overseas, have used the cryptologic system inappropriately. all 12 people were held accountable. most of them opted to retire or resign. two were given article 15's, reduced grade, and lost half a months pay for two months. you want to know the interesting part? most of it was against foreign nationals. not against american people. they did something wrong and we held them accountable.

we did the right thing. it is interesting for our allies to understand this system we have and share with our allies, if we make a to stay -- a mistake, whether with a u.s. prison or foreign person, we hold ourselves accountable. we report it. i will tell you something else. nsa is the best technical agency in the world. bar none. many of you are saying, "what about the leaker? we trusted him and he betrayed that trust. he was an i.t. administrator, responsible for moving data to a common website. he stole some of the data. we trusted him and he betrayed it.

that will not happen again. we have fixed that. but that does not make him a hero, stealing our data, going to china, going to china, and doing what he has done to the country. the people who learn from this are the ones who will hurt this nation and our people. they will learn from it. the tools that were so effective over the last past decade will not be as effective in the future. there is also a port -- 2767 incidences. if you think about those, what does nsa do with those incidences and why do we need to

discuss that? we are a technical agency. the networks we are operating on are always changing an hour. -- job is to confirm we are complying with the law. if we make a mistake, we self- report and call those incidences or violations. some people immediately jumped that to privacy violations. that is wrong. of the 2007 2007 hundred 76 incidences in that report, 20 south -- 20,065 are roamers and those who came into the united states. the department of justice and the courts do not call that a violation. but nsa tracks that and endeavor to always do better to get out. at least 711 over a year. the majority of those are foreign. of the 27 -- they are u.s. persons.

those are considered typing in the number. many of you hopefully have passwords on the computer. how often do you do that again? every one of those would be a violation. here is the key for our privacy in the area. if we do, make a mistake, we report it. any data we collect is purged and we have to prove that to the court. we self-report to the dni. dod. department of justice. congress. and to the courts.

in every case, we do not step back. some of these, as you have read, are ones that would make you say, i would not like to have this one get out. but we will do the right thing. in every case. that is what we have done. what that means for you and the american people is that you are guaranteed that we will do every we can to protect your civil liberties, privacy, and to defend this country. that is our job. that is what we do. as i look out, in all of this, and i think about what has gone on over the last three plus months, we have had a lot of discussion but very list -- very little has been nested in the

facts. congress is back in session. this will pick up. the american people have to weigh in and have to help us get the tools we need to defend this country and protect our civil liberties and privacy. what i can tell you is we are trying to be more transparent. it is hard for an agency that, for the last 60 years, has been

invisible. now, we need to be transparent. we are working to do that. but i will tell you, when you look at what nsa has done for the country, has done with our armed forces, they are the noble people. they have earned your respect. think about that. 24 hours a day, seven days a week, they are there to defend us. they need the tools to do it. you have to help us get there. those are my thoughts on the media leaks, not that i feel strongly about that. [laughter] i would tell you another thing. i need to address two other portions of this. for many of you in industry, this is a compelled relationship from the courts to industry to provide the data we need. industry is not driving up to nsa and dumping off foreign

person data to us. they are providing what the courts have directed them to provide. which is, ironically, the same information other countries demand of industry in a compelled, lawful, enforcement venue. our industry folks have taken a beating and it is wrong. they are only doing what our nation is at -- has asked them. what other nations have needed from them, and what we have done together. we talk about 54 terrorist events that have been stopped. 13 in the united states, 41 overseas, 25 in europe. it would not have been possible without that capability. so industry has done what we have asked them to do. they save lives, here, and

abroad. our allies have benefited from that. many people have asked me, how has this impacted your relationship with allies. here is what i get. keep looking with us. the intelligence you get us to defend our country is what we really need. that is the fact. that is what i get. they say, we see a lot of political stuff out there. please do not stop. we need your help. you know what? we need their help to. we have to come up with a way of working together. in all of this, there are a couple of things i would put on the table. that comment about what is necessary, it -- a couple of things i am really proud of.

this country stood up on syria. that is the right thing to do. 1400 people were killed in a chemical attack, or more. we stood up. now there are discussions. it would not have happened without our nation standing up. in the partnership with al ally our allies, it is important. one of the things the director of national intelligence and the white house and others have asked us to look at is options put on the table for how to work with allies in the future. i think that is important. i had to start with the media leaks. if we were going to have a serious talk on cyber security.

let's shift to cybersecurity. when you look at what is going on, it is the same network, same technical still -- skills. debbie will be here after me and she told us to hike this. it is an honor and privilege to work with great people like debbie, who run information sick insurance director for the past five or six years. absolutely superb. they are the ones who, if you look back in our history in 1945, used and created cicada, our encryption capabilities not broken by the enemy while we broke -- broke enigma. they do that today for our country and government. they do an absolutely superb job. thank you for you do. answer every question i failed to answer.

good luck with that. [laughter] cybersecurity, save networks, same technical skills, same legal framework. a lot going on. two things that can hurt us. terrorism and cyber. ciber is the easiest one to get at us. look at what has -- happened in the past year. 300 service attacks on wall street. we saw the script -- to struck if attacks in august 2012.

we have seen descriptive attacks against south korea. what that says to me is this is going to pick up. it is going to get worse. we have to get a number of things done to protect the country. i want to talk about five different areas that nsa and cyber command are working together that i think are important to our country and that the top priorities, i will start our -- start out with trained and ready force. the most important thing we can do is train our people. the best in the world. that is what the american people expect of our military and intelligence community.

that is what we are doing. y echo in this area, technical skills really matter. they really do. we are engaged in a multiyear effort with services to train our forces. they have trained approximately one third of the force in 2013 and one third in 2014 and 2015. a huge step forward. the service chiefs have stood up and pushed the forces forward, despite sequestration and all the battles going on in the pentagon. they have stood up and all agreed this is a threat we have to address as a military, for the good of our nation. we have teams that are fully operational now, working side- by-side with the nsa. we have also activated a cyber national mission had orders. this is the one that would react to an attack on the defense department. we will ensure we

have the best force anywhere in the world. i will tell you we are also conducting exercises, such as cyberguard and cyber flag that includes the combatant commands, the regard, and the reserve, and interagency participation, to develop the tact is, techniques, and procedures, and working relationship needed for defending the nation and conducting operations in cyberspace. cyber command provides cyber support elements to every combatant command today. we aren't refining our operational concepts and commanding control. in doing that, the second part, coming up with the operation concepts is vital for the future. how does a force like this operate? how does an essay and cyber command work with fbi and dhs? great partnerships.

a callout to both fbi and dhs. peck outgrew will be here later. absolutely superb harness. it takes a team to do this. our job is to defend the nace. -- defend the nation. the fbi is inside the country defending it. dhs is setting standards. one of the things we have to fix in the defense department, and i'm not sure if you will talk about this, but i will enter into it and hopefully i will not steal your thunder. we need a defensible architecture. the legacy architecture that we

have today has a number of problems. we have 15,000 enclaves. it is almost impossible to see what is going on in every one of those. think of this as all the tables in the room. you want to know what somebody is writing in their notes and they are 10 pages over. there is no way to know. that is a good thing. but there is no way to see attacks coming in. if they get to one table, everything else is open. our architecture needs to be redefined. i think the cloud architecture that has been pushed forward the joint information environment and the intel communities i.t. environment, is where our nation needs to be.

a thin, virtual cloud environment. it offers great capabilities for the future. first, think about patching these tables. if we were just to pass cars around and we do started to patch, how long it would take should we get those cards amongst all the tables. then think about 15,000 enclaves trying to patch their networks at network speed. by a series of system administrators that work for each enclave, what is the probability somebody will make a mistake? one. 100%. or, that they will be too long and the adversary will find that vulnerability and penetrate the system? the way we are set up today is

not where we need to be. in the thin virtual cloud, you could essentially fixed the entire network within a few minutes. you could push that out, do all the patching, all the vulnerability scanning and everything you needed, in a few minutes. it could be done centrally and you could remove humans in the loop and put them where they need to be in protecting the networks. there are other things you could do in this as well. by having a thin virtual architecture, each system is a system we see being scanned by an adversary. we can write that down and put

it in a new place. you can jump networks, databases, and your actual on system and make it very difficult for average terry's to adversaries to exploit. i think it is the wave of the future, something vitally important for our country. shared situational awareness is another thing we need to do. we need to address. what do i mean about shared situational awareness? this is something interesting. if you were asking somebody to say, show me what that looks like, because i just want to understand what happened. they will talk about the main controls. it is almost like a pilot. they show you this coming in. they say, ok, it is like this and then this happened. and bad things. and we were had. it is bad.

it will take weeks, months, years to get them out. how does it look? you say, how will we fix it? how are you going to systematically repair that and get the adversary out? it is a big problem. if you cannot see it, and you cannot get the humans to understand it, how do you get them all on the same sheet of music to accomplish those goals? and if you widen it and say come where is the adversary coming from and how did they get into the country, what is an essay's role and how do you see that? how do allies see that how do we work together? the answer is, nobody sees it. today, we do not have the shared situational awareness we need. this is going to be a key

capability for the future. we are developing a common operational picture. i think that is important for our nation and our defense department for cyber command for nsa. we are sharing it with dhs, fbi, cia, all the combatant commands and allies. it is a great way to go in the future. i spent a lot of time on media leaks upfront. i did that for a couple of reasons. in cybersecurity, we need to work with industry. we absolutely need to work with industry. industry owns and operates 85% of our networks. here is the issue we have on --

on the table. let's say bank one is being attacked and they fire back from the point where they think the attack is coming from and they wipe out that capability. whoops. that was just a network the adversary was using. in a neutral country. they took it out. that is what they would see from there and. what that would create is a problem in physical space. we have problems. what we will quickly get to is this is the responsibility of our government to respond back. it is the president and

secretary and their responsibility to tell us when and what we should do. we have to work with industry because we cannot see it. we get right back to that. if we cannot see it, we cannot respond to it. the attacks on wall street, we can tell you how they went down and how bad they were. if we cannot work with industry, if we cannot share information with them, we will not be able to stop it here and we have to do that at network speed. we have to share what we know about threats. we have to -- they have to tell us what they see. this is where the internet

service providers are critical to this. not just here but with -- as allies and others. we have to come together and figure out how we will do that. it takes industry. if you think about the problems with media leaks, and the issue we have there, we have to resolve that, because industry is critical to defending our country and the partnerships is critical. congress is working their way. i will tell you that the senate select committee on intelligence, by senator feinstein, and the cochair, and the committee on intelligence chair by congressman mike rogers and congressman dutch, are superb to work with in both sides of this.

they stood up on the media leaks when it was not popular. they are pushing for cyber legislation and trying to resolve the things industry thinks they need and what our government needs for us to work together. we will have to do both. it will be critical for our country. what i would say, as we look at what is going on with media leaks, and what has happened to industry, as a consequence, we need to fix this. industry has done the right thing. they are doing what our nation has asked them. we need industry to work with us.

makes pretty good sense. if the united kingdom could clean that part, we protect this part. we have the basis of an alliance. france, mark, spain, we ought to figure out how to partner with them. we are working that. i want to talk about authorities. i gave you a couple of issues we need. we need the tools to protect this country. in cybersecurity, we need authorities. we have worked with partners to find clear roles and responsibilities. that is between fbi, dhs, and cyber command. i think we have clear lines. we need to work with congress on

additional legislation regarding cybersecurity and private industry. that specifically is how we will share information and how we will provide liability protection to them. those are the key issues we have to come out with this. we also have to clarify rules of engagement. what is expected of us? this is a if a cult topic. we do not want nsa and cyber command doing something irresponsible. on the other hand, we do not want nsa and cyber command waiting for authorities while wall street is taken cyber. how do we work that?

hat -- i will tell you the folks at u.s. cyber command are working within the defense department to work -- to look at the authorities we need. it very closely follows what you would expect us to do, as if this were a missile attack on our country. how do we set up the conference calls? out to we go to the secretary of defense and president and get the authorities we need and get the options? we are working our way through that. the government has done a great job moving that forward. there will be more we need and that is legislation. to sum up on the cybersecurity side, no single public or private entity has all the required knowledge, resources, authorities, or capabilities. we have to work together and i think we have to do that between government and industry and with our allies. and we have to address these issues as a team.

so, i want to -- i'm going to stop, i know the clock is counting down here. i want to just address a couple things to summarize where we are. we talk about a team. this is a great country that we have. it really is. look at, you know, i have 15 grandchildren. and we were talking about that with bill and the folks here. you know, and one of the 1-year- old got an ipad, she was almost 2, but to show you that girls are getting faster than the boys here. she grabbed one of the ipads, she could grab that ipad, go to a netflix thing and pull up the cartoon. and she can't hardly talk but she can do that on the ipad. it's amazing. look at where these children will be in the future and the capabilities. look at what industry has done in this area. it is absolutely superb.

it would not have been possible if we didn't have the military and the intelligence community protecting this nation. 950 people were killed over the last week and look at our country. look at what we enjoy. and it's not by accident. it's by a lot of hard work, people behind the scenes that are doing what our nation expects them to do. they do it because it's the right thing. they do it as part of a team. that military and intelligence team that defends this country, it is the greatest honor and privilege i have ever had to serve with them. because they're doing what the country needs them to do. it is phenomenal to see some of these young folks come in, know

they have stopped a terrorist attack and they can't tell anybody. other than us. and you know what they say? that's good enough. we save lives and people over there will never know that they were at risk. we got to partner with the f.b.i., the greatest law enforcement agency in the world, and they stopped something and american people will never know how bad it could have been. think about what happened in 2009. the new york city subway. both of those authorities were used to help stop that. those people are now in prison.

team america did it. great partnership, just what you would expect. now, here's the deal. we need tools to do that. both in the media side and our counterterrorism and in our cybersecurity. we can't do that without your help. that's what our nation needs. that's my ask of you. you are the american people. you know, there's a lot of people out there screaming and yelling. we're not listening to their phone calls, we're not reading their email. we're defending this country. we'll do it right. we'll hold ourselves accountable. we'll reorp -- report every

incident. but we need tools to protect this nation. if you take those away, think about the last week and what will happen in the future. my concern is if you think it's bad now, we get some of those things that happened in nairobi in this country and we have a whole different ballgame. and good men can't act without intelligence. we need that information. and we need your help in doing that. so, with that let me open it up to questions. >> thank you very much. if i could please ask you to address your questions on cards and please raise your hand. we will pick up the notecards and please, please do address them and i just would like to make a quick announcement. as the questions arise, if i might. just want to thank those who

made today's event possible. the lunch sponsor, our diamond sponsors, r.s.a., rating on, guidance software, hewlett- packard, general dynamics, and others. our exhibiters, information security solutions, net i.q., air patrol and ieee. and we also have our media sponsors, homeland security day, cfsi and set aside alert and thank you for allowing me that opportunity to thank those who made today's event possible. questions, please do raise your hands. and i would welcome them. do you have one here? >> so before we get the questions you might have thought i was a little emotional on the media leaks part. actually i went in for dental surgery and it's just the pain. i really did have the dental surgery.

but i do feel strongly about this country and what we ought to be doing for it. >> and it's very good do and thank you for all you're doing to secure our country. we're honored. first question regards the area of spear fishing. spear fishing poses a threat and with cybersecurity awareness starting in a week, what advice would you give executives in the room to mitigate the spear fischer threat? >> what's pernicious? just kidding. i'd keep those pernicions out of here. spear fishing. most of this is somebody's got your credentials, right? you've got to come up with a way of defending on the perimeter, understand how the spear fishing is going to get in. this is where they've put something in an email and they send it to you. if you get an email and you click on the attachment and it's

saying, hey, i've got $1 million for you and you click on it. there ought to be something that jumps up on your screep that says you're an idiot for doing that. [laughter] now, here's what, you know, just to show you the sense of humor our folks have. they do that on mine, every time i click on that, they stop it and just put on there, you're an idiot, don't do that. but you'd be surprised at how often that works. now, the interesting part is it's not always, hey, i've got $1 million, would you just reach out and i'll help and i'll share it with you. often times it will be things like medical care. a change in the medical care program for your agency or your company. and they send it and it looks very real because they've done the research. and so you do have to be careful of what you click on. because once that happens, the

payload or the capability that the adversaries created has dropped down on your system and once that happens they're in. part of that is by setting up in your defenses and not letting attachments through or sterilizing those detachments and many of the antivirus communities already do that and they provide great capability. next question. no more? oh, good. >> we have a question on where the small business community -- for those small businesses that represent the innovation and much of the innovation and the growth in our economy, and -- but those companies often don't have the resources of a large company. what would you suggest to small businesses, particularly in our c-span audience who might be listening today? >> well, that's a great question. i can remember this with bill akins. i gave him the set of cards, he was one of my bosses once and he

would always grab the notecards and say, i don't need to read them ahead of time, i'll read them on the stage. on the third page i wrote out, you're on your own. so he reads the first two pages, he gets to the third one, it goes, you're on your own, he looks up and goes, now what? for small businesses, you're not on your own. i think there are some great capabilities. in fact, i know debby's going to hit on part of this. one of the great things that these agencies and other governments working together, with the information insurance directorate, has come up with, the sand institute on the top 20 things you should do to protect your networks. version 4.1, is that right? version 4.1 of the sands institute has the top 20 things

that you should do to protect your network. if you do that, your network go going to be pretty darn secure. it's going to be tough for someone to get to. if you're a small business, that's all publicly available information. i would just reach out, get that. if you're i.t. people -- your i.t. people, your information intelligent noling people, don't understand that, they can reach out to players. there are great folks at sands institute. there's great folks at d. shmplet and n.s.a.'s information insurance. we have a public website on that. you can grab that from that website. it's all free. and it's created by -- just follow that. >> thank you. question regards the information sharing area. what is the -- regarding information sharing -- what rules of engagement do you find are necessary in that? >> well, let me talk about

information sharing and i'll expand on your question a little bit. what do we need to do between government and industry to share information? and what's the kind of information that we're talking about sharing? we're not talking about sharing our privacy information. we're talking about sharing vulnerabilities and threat information. so it has nothing to do with civil liberties and private and privacy and everything to do with protecting our systems. so think about the great companies like mcafee, is a man tech and others that have all these antivirus capabilities. all this malware that they've detected. well, the government has some too. we have a few good people, more than a few, that have great technical skills, that know

classified information about what our adversaries could do to this country. how do we share that classified information with industry? so here's my thought, here's our thoughts on that. if you look at the networks of this nation, they ride over the internet and the internet service providers are the ones that provide the basic help for this country. so, they're the key point of defense. at&t, verizon, sprint, l-3, centurylink, those are the companies that own and operate the underlying networks of this nation. so how do we share with them and they help protect? what's the relationship there? and the interest, we've got to share it with them and other companies and to to lengthly -- potentially other countries and and provide that information that says, when i see this, i'm going to tell n.s.a., cybercommand, d.h.s. and f.b.i. we got a problem and do it at network speed. so they can react. they can also call out and say, we need help here, or i see this

new interesting thing, piece of malwear over here, and share that. in the information sharing environment, they -- we need the authority for them to share with us and for us to share with them . parts often times can be classified so we need a way of protecting it. and when we give them something to protect the networks, and we make a mistake, they shouldn't be held liable for it so we need the liability protection. so we need that way of information sharing for the country. next question. >> we have two questions regarding the cloud. the first one is, how do you balance the advantages of centralized architecture such as cloud computing with the risk of having all of your security eggs, as the question says, in one basket? >> that's a great question. and there's a couple of issues

that we need to put out here on the cloud vs. the legacy architecture. there is an assumption that having all your stuff diversified in 15,000 enclaves is more defensible but that's just the opposite. in this case, i'm not talking about putting everything in one bank, but the cloud is in itself a distributed architecture that we would expect. now, there are some things that we need for this country to defend ourselves in cyber. to defend you in cyber. everybody in this room has either an iphone, an android or some mobile device on them today. what does that communicate with and how do we protect it? think about that. that's step one. where's the cloud in this? and what can we do in the cloud that ensures the protection of

mobile environment and the cloud environment? and there are things that we can do in the cloud that we can't in our legacy architecture. specifically we can encrypt data sets, we can come up with ways of acknowledging who you are, having a secure set of encryption that sees where we are today. we can identify when actors are trying to steal data in realtime. media leaks would have been stopped by that capability. these are great attributes. and you can encrypt it. so when somebody steals it, all they get is encrypted ones and zeros. this is a great thing forward where we need to go. and there's going to be a lot that's going to go on in this area. i think it's the future and it's

something that we have to embrace and figure out how we match that cloud environment with the mobile environment. because that's where we're all going to be operating. and i think what's coming out of there is exciting and good for our country. and as part of that future architecture that the defense department and the intel community are doing it and i'll tell you one thing, n.s.a. has developed a secure cloud called the cumulog. i'm not selling it, it's free. you can get it yourself. it's openware. and it's got a security layer and a real-time tipping and queuing capability and it's free. >> thank you very much. i know you're under a tight schedule so i'll limit it to two more questions. the first regards what specific actions can and will meet -- will most likely be taken to avoid future media leaks? i know you've mentioned and i might elaborate the systems administrators and particularly the two opinion person rule and the obstacle that might be posed by removal of the media. so if you could just take a shot

at that question. >> well, there's a number of things and you hit a couple of those right there. first, removable media. two-person rule on this. system administrators need removeble media to boot systems and stuff. so we have to now put in a two- person and a have implemented a two-person rule, even for system administrators. but there's more that goes on here. when you red-team it you say, well, if you fix the removable media, all they need to do is go into the server room and take a disk. so you need to put a two-person rule on the server room, so we've done that. there's a lot that's going to have to be done. because one person has betrayed our trust and confidence. that's the right thing to do, let's go fix that. our technology direct rate have

done a -- direct rate have done a phenomenal job -- directorate have done a phenomenal job in securing our network and we shared that across the intelligence community and the defense department and with other agencies. and i think those are steps to the future. and they've created some new tools. to watch what people do on the network, to ensure that nobody does what this leaker did again. and i think that's great work and again that's all going to be shared with our partners out there. >> thank you. the last question regards our critical infrastructure. to protect our country's most critical infrastructure from destructive cyberattacks, what authority do you feel u.s. cybercom, the n.s.a. and/or the private sector needs that they might not have now? >> i think the most important thing that we need is we need the ability to share information with industry. right now we can't see what's hitting industry.

we have no realtime tipping and queuing capability between industry and the government. and i don't say that that has to come uniquely to cybercommand and the n.s.a. i agree that if we do this in a transparent process, send it to the government all at once, d.h.s., f.b.i., n.s.a. and cybercommand, that way everybody will know we're doing the right thing, it's transparent, and we get that information at network speed. f.b.i. can look at it to see if it's law enforcement, criminal- related. n.s.a. can look at it to see if there's a foreign nexus and cybercommand can look at it and say, what do i have to do to defend the country given this information? but you have to know the information. and right now what happens is the attack goes on and we're brought in after the fact. i can guarantee you, 100% of the

time, we cannot stop an attack after the fact. those are quoteble quotes. ok, so after all we're going to do is forensics. we can come in and say, it was really bad, and you can agree with us and say, yeah, it was really bad. you're probably going to have to do your whole network. yep. it's going to be a long time. yep. it's going to cost a lot of money. wish we had something up front to stop this. maybe information sharing. so that legislation that we're pushing for is absolutely important for our country. so, just to summarize if i could, thanks for taking the time to listen. there's the one ask i have of all of you and that's help us get the tools that we need to defend this country and protect our civil liberties and privacy. we'll do our part, we'll hold ourselves accountable. we'll protect civil liberties and privacy and we'll defend this nation and we will do it right. thank you, folks. [applause]

[captioning performed by national captioning institute] >> we are honored that you joined us today and thank you very much for all you you are doing to secure our country and i think the standing ovation speaks for itself. thank you again, sir. >> thank you. i would like to now ask our come to the stage good segue on the infrastructureal isd bob begman, the stage yours.

>> okay. have your attention. i know a number of you are hallng from the exhibit and if i could have you take your seats, please, we will next keynote.e introduce tod to you dr. patrick gallagher. many of youer as know is the director of the nationallen student of standards and technology and the undersecretary of commerce for standards in technology at department of commerce. highga gallagher provides level oversight and direction know, gaineds you

additional authority with the with thehment -- development of the cyber security framework. pleasure of attending dallas justp in several weeks ago and was and always so impressed by the professionalism and dedication integrity of niff led so well by dr. gallagher. would like to pass the podium along to dr. gallagher for our keynote. >> thank you very much. good morning, everybody. busyderstand you had a morning already and it is a delight to be here, tom, thanks invitation. always great to attend one of bringvents because you together such a great group. i wanted to make a few remarks

today mostly on the executive order process but before i that let me step back a little bit. this may sound a little bit odd technology guy, but when you think of the internet you may be tempted to terms of itsin technology. it is built on a powerful engine of commune youcation and computational technology but if you really think about what is our society and the world around us the digital builtmy it is enabling is more than anything on trust. foris predicated on business success and for consumers on the understanding that it provide data will be used correctly, that business sensitive data will be protected, that e-commerce transactions are reliable and trustworthy and that even government users who use

and the technology internet will meet their mission needs and still protect provide -- protect the public trust. security, of course, is a fundamental building block of ensuring that trust. it is what enables us to ensure that the digital information the required confidentialallest, integrity and availability to immediate that we areeds after. ensuring that trust is actually everyone's responsibility. all the way from every end user on the system and includes the companies that develop, own, use these technologies. it depends on the community, the multi-stakeholder organizations that govern and manage the internet, that set thisstandards, that shape technology. and it certainly includes the role of governments as well. governments around the world.

certainly within governments includes law enforcement and national security organizations because can, will,those that and do seek to use this do us harm.to so in that broad sort of role, whatn deck nist do? u.s. is part of the department of commerce. probably the nation's oldest backonal laboratory going to 1901. known in the late 1980s as the standardsbureau of and contributes to this enterprise in three ways. first, as the nation's measurement laboratory. we are responsible for providing the underlying science and engineering that is -- that underpins our system.ment in the context of cyber security we contribute our science, engineering and technical support to how do you atasure and assess and look

cyber security performance. two other roles that are standards related. the first under the federal act andent security nist has the responsibility to you what are called processingformation pro f.i.p.'s. for mandatory standards. the corresponding role to national security systems is given to the national security agency. so for within government use settings a standard role. one of the things i want to emphasize to you is this is very unusual. this is one of the only areas that nist is a standard-setting body. this is not widely understood. almost allted states standards are set by the private sector. federal agencies look to private sector standard setting bodies for their own

use. the third role that nist contributes is a much more which is we support standard-setting organizations. we provide that technical support and consulting and we act as an interface between agencies and the standard-setting bodies. i will come back and touch on that. in the context of the three roles let me touch on something newspaperseen in the a lot in the last couple weeks leaks. context of the first of all, you can see by our mission this is designed to collaborate. key part of our role collaborationudes with every technical contributor to the work. scientifict of the and research community and to carry that out we have to be a and vibrant part of that. so this means yes, we the nationalwith security agency.

for two reasons. one, they are a deep reservoir know-how in cyber aecurity activities but have unique parallel role to ours in protecting federal systems. is not a problem with n.s.a.ollaborating with the role is to provide the technical evaluation of methods and when nist says that something is a sound practice thatood conclusion should be based on the technical merits alone and else.ng that integrity of process is is critical to our mission. integrity wehat must be transparent. we have to operate and seek full peer review and we are fully committed to doing that. nist isbe clear, committed to the highest levels integrity. and this is in our bone marrow at

nist. i am completely confident that fully intact, is it is sound but in light of all of the concerns and press we are re-doubling our efforts to look at our transparency and operate sothat we openly that everyone else can be as confident with our integrity and process as we are. so in that light if we find anything and there is any question about whether any technical document or standard doesn't meet this high that we of standard have internally we will do what we have done. for public-open it comment and address it in an open and transparent way. after all, if we are to contribute to the dialogue of securing and providing trust to the internet, you know, everyone has to be confident that our technical work stands merits.own let me also then talk a little bit about about the standard-setting processes. and a particular one that has

talked about and that, of course, is the executive order to look at tober security practices protect critical infrastructure. so this is an interesting role because in the -- if you are a cyber security person you may see this as a new role for nist because you are probably thinking of us in the fisma context. traditional role for nist. 136-36he executive order called on me to do, it directed me was to lead an effort in collaboration with the private sector to develop a framework of practices that would be critical in fra structure. it directed us to work with industry, academia, other government agencies to develop network of standards. policy of "it is a the united states to ensure the security and resilience of the

nation's critical infrastructure and maintain a cyber environment that encouragings efficiency, innovation and economic prosperity while promoting, safety, security, and business privacy andlallity, a civil liberties." these goalseve through a partnership to improve cyber security, information sharing and collaboratively develop and implement risk-based standards. was quite clear. and with regards to me, the directed me tor develop a cyber security framework that shall include a set of standards, methodologies, procedures and isocesses that align, this quite important, align policy, business and technological approaches to address cyber risks. i will give you a quick update been on the have eight month journey on the cyber security framework next.ss and what happens immediately after the president signed the executive order last

february, nist issued a request for information, a public call for input. produced 245 comments from companies, large and small, federal agencies and laboratories, local governments, utilities, critical infrastructure and those comments helped us the starting point. for example, we heard it was framework tor the be flexible enough to work on companies of all sizes. hadheard that the framework to be scalable in the global marketplace because these companies were operating and selling goods and services around the world. and we should keep in mind it have a global impact. industry told us that the risk-basedshould be and not prescriptive. not compliance-based. existing approaches standards and best practices to avoid coupelycation and new conflicting requirement abouts.

confined tonot be the c.i.o.'s. be in greated into the antual practice of running organization. those responses led us to start the framework and then build on with a series of workshops and we have been pleased, in fact, delighted with the amount of input we have received. would not be successful if that had not happened. so far, more than 1500 people have attended our workshops in person. many of you i know have. i want to thank you for that. another 2,000 have participated webinars and online streaming of the workshops or online participation. we heard many different points of view and they have all been developing the draft. in fact, at each point in the have openly we published the current state of the draft and it served as a

that the block so development of the effort would build on the previous conversation. no secrets really about what is in the framework either. today, the drafting phase that was called for in the executive essentially complete. the nist team has completed lastr work, reflecting the workshopm the dallas workship and will shortly go into a clearance process in time for a release that is called for in executive order. let me talk about what happens after the preliminary framework out because two things will happen. forst of all, it goes out public comment. and second of all, we need to putting iting about into use. and so let me talk about each of those steps. thest of all, what is framework and what does it look like? basically does exactly what the executive

says. it lays out a series of practices, methods and so forth adoptions designed for because in the framework it was these collection of practices practice wouldto be protective of our nation's infrastructure and has to have this wholistic view and this integrated with business aboutthat we heard in the public comments. there are really two major framework.ts to the someone a collection of existing standards and practices. you will recognize many of them. they are there by reference and they he are reflecting all of the input. major element is the structure. a framework in the true sense of the word that organizes those practices and provides really a set of tools that support the use and adoption of those standards and practices. and so what does the structure look like? really there is three structures in the framework. the first is an organization by type of activity.

five functional categories in the framework. identify, protect, detect, recover.and and varied best practices in the functional categories are indicated. further more, each is further divided into categories of actions that can be selected and used to implement those functions. other organizational premise in the framework is implementation maturity. it identifies a set of implementation. implementation tiers. that may beadoption highly maturedbased to a high organization. of it as words, thing analogous to a cultural approach. have seen in safety management and other risk management activities

within business where you go a compliance rule-based approach to a fully integrated withinanagement culture the organization and the framework supports that. and finally, the framework profiles which is a way, a tool for companies and assesszations to themselves and identify ways to tiers or to up the address weaknesses in the levels.ntation a key construct of the framework is there it no threat proofing. magic bullet here. about not eliminating the managing this is about it. what is different in the framework from previous approaches, it reemphasizes the risk management and it points out very emphatically that risk management must be intergreated throughout the organization from the c suite everybody in the organization and it also points out that this really is a continuous improvement process.

isn't a do something and you are done. this is about basically self--improve all the time and moving up that maturity so it becomes baked into the way the organization operates. as the executive order points framework, no matter how good it is, if it only exists on paper we haven't done our job. it has is to be about put into adoptive phasehe begins really now and it has parts.major first, organizations have to themselves.thin businesses and organizations practices,ke these map it into their own situation, find out where they are at, use the profiles and into practice. this can't simply live on the i.t. security department. it is vital that it permiate of the organization and in principle we are quite engaging the

business leadership, the c suite executives who have an overall responsibility in these companies and the large part of our effort now will focus on that outreach and adoption. the second thing the framework has to do is it has to be integrated into the marketplace. good cyberords, security really has to be good business. frameworks that the integrated into business to business. contracts. service level agreements. look at customer engagement. it also means that we have to adoption.lobal our frame work should be integrated into worldwide standards and practices so it is compatible with activities world. the this may include conformity assessment vehicles.

conformance testing or certification or other types of product identification so understand ands can identify conforming practices in the market. and it also includes the discussion that many of you heard about, of course, which is the incentives. toat are the barriers adoption? where are the places where the howket doesn't behave and do we promote that? and finally, the framework needs to be evolved on input from early adopters. in other words, if the framework process we just did eight months is a once through and we are done, we also failed. dynamic.nology is too i don't believe the framework is perfect. we expect companies that adopt it and put it into use are going to identify places where makes no sense and has to be adjusted, where there is gaps that have to be addressed and so we have to now operationallize the collaboration we built and turn

framework into a tenuous process. right away we need to start framework 2.0. and those early adopters, those companies and organizations the challenge and start about putting this to use are going to play a key role shapese they are going to the framework and i think will governancedrive the of that framework process. that has to be an industytry-led effort. of course, you are not alone if you are adopt the executive calls for a whole set of actions in support of this. directed all federal agencies look at incentives that could include a legislative address key barriers. directed regulatory agencies that are already regulating parts of critical infrastructure to evaluate practices andout directed d.h.s. to develop a program to support voluntary adoption. so the support system is there. saying west finish by

are at the end but we are only at the end of the beginning. really this is about -- this is much closer to the beginning of ares process and now we really focus canned on taking remarkableeen a effort and translating it and driving it into practice. me, the litmus test of going to be the extent to which this framework integrated with the way we operate. it just becomes part of doing business. going to end with a splash. a beingoing to end with baked in. for that to work, all of the alignwork and trying to with business practice is going to be a key ingredient. i know many of you contributed in this effort and i want to thank you for that and i look forward to the phase. so, with that let me conclude and see if there is any

questions. thank you. >> thank you very much. [ applause ] implementation question in the three parts. initially some key visiblyations have to step up and say we are going to adopt. we are hearing through the itself thereocess is a number of companies that are on the verge of doing that. heartening when somebody says don't change the framework any more because we

intoalready putting it use. but i think engaging business c.e. o.'s and understanding what this means to them ising did to be key. the next step is the international and the marketplace. all of you are are watching yout is happening inure republican and other areas with regard to cyber security practice. thewe are going to shape way the international markets look and you want it to look weything like the framework need to drive this practice into the international arena. play a keydraft can role in shaping those practices. finally, on the governance piece, we really have to have some serious discussions about, you know, nist will continue to frameworkhe the process but we really want this to be a self-operating entity of you who worked with us on smart grid and some of standard-setting area, now we need to start thinking about how do we

ourselves so the collaboration we have been doing over the last eight just part ofso doing business. >> thank you very much. the next question is how do you deal with the federal quote unquote whipsaw of funding that to be going forward government-wide? great agillity. [ laughter ] >> the new normal. so it is difficult, of course. i mean in this environment as any manager in the federal government will tell you, what is your ability to do long-range efforts. in this particular case notthe framework has been very well kept secret. nist started this effort with no new budget authority, no new same staff we always had. what made this work is we turned the problem over to industry and said let us be a convener and organizer. the thousands of people that supported the development of

the privateme from sector and i think that is both necessary just to get the work done but, frankly, it is necessary that the outcome be driven.y if it was a government product it would not be acceptable in international markets, right? it will not be able to be driven into business practices and so it was imperative from both perspectives. case, we will continue to look at ways that we support your effort with technical programs, the nist center for cyber security, excellence that national lab type activity where we can can work collaboratively with industry. of efforts are happening across all of the federal agencies. meantime, we can certainly stand behind industry's efforts. >> thank you. tie-in question and we have one last question. could you please expand on the specific tie-in partnership between the department of nist?and security and

>> so, if you look at the executive order, the choreography between d.h.s. and nist was integrated in the executive order. the reason for that is pretty simple. asitical infrastructure defined in the executive order assets and operations if they were attacked and harmed would cause grave or economiccurity harm to the country. that mission to protect those a mission given to the department of homeland security. so, as a country we all agree that this can't, you know, harms are a public good protect andt therefore d.h.s. had a clear role to do two things. define a level of performance, what would it take securityve cyber performance in a meaningful way and the purpose of that role

was to make sure that the framework that everyone was working on was responsible to that need. d.h.s. has been involved broadus, in fact, a very interagency effort. daniel might touch on that this afternoon, definen what the framework had to support and then the second d.h.s., and they have been involved as well, is adoption.g the envisions ark i voluntary program. industry doing what it does very often and very areas.n a whole host of look at consumer product safety and industry self-regulation does things through its own best practices standards. it can be very muscular and the abilityh.s. has to support the adoption of that program.

we have been working with on how the voluntary support program will look in framework.he they have been really hand in glove with us from the very beginning. >> terrific. thank you very much, dr. gallagher. >> thank you very much. [ applause ] >> thank you so much. >> i hope you are enjoying lunch. i want to extend my thanks to our luncheon sponsor, to northrup grumman corporation for being the sponsor for the lunch. year for thank you very much. with that, i would like to you the chief

officertion security for northrup grumman. for youpass the podium to introduce to you mike daniel, the white house cyber security coordinator. thanks very much. and mike? [ applause ] >> thanks tom and thanks for year.g us again this northrup grumman is pleased and proud to experience the luncheon event and we look forward to continuing to work with you. always one of those guys who can attract a great crowd of people.ht we appreciate that. speak of having the right people in the room, let me introduce the keynote speaker for the luncheon event. michael daniel. the special assistant to it the president and cyber security coordinator. that is in the national spot light and michael has great view points and i was talking

it in the lunch. a great idea about cyber security that he is going to with you and he just has vantage point that most people don't get. it is interesting. a couple of degrees from a few you may have heard of. princeton and harvard. so well respected by the industry and private sector and government alike. michael daniel. [ applause ] for thats, michael, introduction. i appreciate the opportunity to be here at the fourth annual cybersecurity summit today. one of the really great things about this job and the perch i have is in fact the ability to go out and engage privatelot of the sector partners, international partners and partners across seat and local government. does provide a great vantage point and a great

opportunity for me to learn a lot. and as i said, i currently serve as section assistant to and cybersecurity coordinator at the white house. around washington awhile in your heard you are the word cat coordinatorhere for because that is an accurate description of my job. an overview of what the is onistration thinking cyber security and the challenges we face and then highlight a couple of the key we are taking to try to address the problem in a little terms.oncrete you have been discussing for several days, today and in your that cyberthreats levels ofose for all government for our businesses and for our economy. i would like to highlight three from ourhat perspective make the cyber particularly troubling. first, the threat is becoming broader and more diverse.

and by that i mean we keep hooking more and more stuff up to the internet. pretty soon your coffee maker will be a threat factor. your refrigerator. worry aboutve to whether somebody is hacking in, right. as we go to the internet of as we hook more and more diverse kinds of thing its up space that makes the defense challenge that much harder. doing cyberrd time defense in a world where it the network desktops. do it where it is desktops. laptops. mobile. devices.s of other sensors. cars. washing machines. is.tever it heterogenous surface that we have to defend. challenge is becoming much more sophisticated and at the same time easier for the bad guys to execute. your spamow that

folders are full of the fence that would like to send you money. spearfishing is much more sophisticated today to a point where a human can't identify it. to be a codeve do malware.to some even provide 24/7 help malwareo that if your isn't working properly you can help a them desk and get on it. that makes the problem that much worse. malicious actors are showing an increasing willingness to move up the spectrum to actual destructive attacks. we have seen this in what the south korean aramco.nd saudi

as we think about how to counter that threat, there is one other factor about the cyber space that i would like to highlight for you that i think is particularly relevant. traditionally a lot of the writing and a lot of the talk and the discussion about cyber space is about how it has no borders. and how that is a strength in sense that the free flow of information drives economic benefits and growth and a problem because it allows freedomus actors great of movement. i would argue that is not quite right. lotsuld argue it there are and lots of borders and boundaries in cyber space. informationthat the moves easily across the boundaries and borders. evergy where that you have a node and ad a boundary and a server.

challengingit a environment is the fact that there is no interior. we think about trying to set up a perimeter around our networks but that is false. there is no -- there is no protect. to everything is at the border. we all live at the border. live at the edge in cyber space. some profound implications for how we as a society organize ourselves to the cyberconduct security mission. and how i actually have to do my job as the cyber security coordinator. for example in the physical world we assign the role of border security, we as a society assign the role of border security to the federal government. can't do that in cyber space. if everybody lives at the living, if everybody is simultaneously at the border you can't assign that mission society.one element of and that means that for us the has to be oney that is truly a joint partnership between government and state and local

between the, and betweenernment the government and the private sector and between the government and our foreign partners. it really does in fact have to be a shared partnership and a shared endeavor and the truth is that have a lot of really good models for how to go about doing that. and so i think what you are seeing right now what we are all participating in is hammering out and the building of those models, rolesonstruction of those and responsibility of who is going to do what and be in cyberble for what space. my perspectivem that is both terrifying and a opportunity, right, that we are all sort of present at of these new models. some of the things is are i havey clear from what been saying which is that cyber security is inherently a team

sport, right, it as shared responsibility. you can can see this within the federal government. is no one agency within the federal government that has the monopoly on the ability and carry out a to cyber security mission. it is a shared endeavor. we also must be in true partnership with our othersry colleagues and in order to actually make progress on thissish sue. now, if you were hoping that my speech was going to be the answer to the raisedon hes that i just i'm afraid i'm going to have to disappoint you on that. i don't have any complete and i don'tthat think anybody actually does. submit that in our typical way, we as americans an immediateo solution. we are going to hammer out these roles and responsibilities through practice,tation, some some vigorous debate, one could argument there, as we work through how you we should actually carry out these

missions. in some ways we have been working on this for ten or 15 thers and begun to lay foundation for those partnerships and you can see publicit in the various vivat efforts we had to date, been of which have successful and have continued to grow and evolve. over the long-term you will see lot of new ways of doing business between the government and private sector or between government -- between our government and international governments in this space and how all of that fits together of our lot multi-national corporations and all the way down to the private citizen. will see a lot of those roles and responsibilities ten to evolve over time. -- continue to evolve over time. as we work out the answer answo questions we still have to make progress on cyber to makey and try meaningful improvements to our cyber security because unfortunately the bad guys don't stand still while we are doing this. this is not like a martial arts

they conveniently wait for you to get ready before they come in wither that attack. give you some specific examples of what from the administration standpoint that to try to acress questions while making progress against the broader questions that i raised. we areticular, how implementing the president's executive order and what we are doing in the international space and some of how we are looking to the future. as many of you know, the signed an executive order in february to help strengthen the protections for infrastructure. are it is really designed to focus on three things. sharing.ion private cipro texs and the adoption of best practices, cyber security best practices and standards. a whole. laid out series of specific actions with deadlines for most of them and to sort of talk through a little bit what we space.een doing in the

with respect to information sharing, this, the e.o. really improve the to quality, the time limits and accuracy of information that we the federal government are privateng to the sector. and we have been in the process of actually doing that through number of steps including trying to accelerate the provision of clearances to critical infrastructure owners and operators and we are making on that front. of course, we will never actually clear our way out of this problem. never have enough cleared individuals in the to meet all of the needs so we have to make sure that we push more can intoion that we the unclassified space. we also have to find ways to deploy our classified more effectively and we are doing that through enhanced cybere security services program. we now actually have two fully operational cyber security service providers in this space memorandums ofigned member

agreement. the program is in the process very think moving out in a row best way. >> when it comes to the adoption of the cyber security practices and standards, i think you heard from dr. pat gallagher at the national institutes of standards and technology which has really been tasked of leading the industry process is to develop that cyber security framework. four public workshops. the most recent one of which just a couple is of weeks ago and we had just phenomenal participation from sector and private our partners in that development process. have had a huge number of responses to the various requests for information that we put out. nist published a draft of

published a draft online of the framework and the next one will be coming out in mid-october. the deadline specified in the e.o. is october 12 so that is hard to are working meet. and i think we will be able to get athat unless we vacation next week. the -- that might actually slow little bit. i think that we will still be on track for sometime in october forgetting out the framework.y a couple of other things we had going including developing the of critical infrastructure at greatest risk from cyber threat. completed its analysis of the infrastructure and we are in the process of entities on the list. as you might imagine we will not publish the full list so we intend to actually give our adversaries a target list work with then at this times on that list so they

we cane are there and have those discussions. we are also working on the incentives for the adoption of the framework. the departments of homeland security, commerce and treasury provided reports this past summer to the white house and now in the process of looking at how to move forward areas.se that includes everything from helping to spur an insurance cyber security, working on how you build cyber the the grants that the federal government makes. looking at streamlined regulations. recognition programs. all of these will be built into voluntary program they are putting together. so, in the last area in the privacy, the president also direct that the agency a hardy officers take look at everything we are doing under the cyber security back ons and report this coming february on how you

ensuring they are baked into everything that we do about in the cyber security area. sum, i will think for in terms of how the executive isder is going, i think it going incredibly well and i'm ofry pleased with the level participation from industry that we are seeing and how you that is developing. on two other ton points briefly before turning it over for questions and answers. i think the on the international front you know we theognize that none of issues that i touched on today and almost no issue you that i domestich has a peerly as about pec aspect to it. most of our critical infrastructure, businesses are international in some way. we take this and very much into account in snapping the security policy and our discussions with other nations. really continue to engage our allies and partners around

the norms to solidify of behavior. those actions that we want do and to not could in cyber space during peace time and try to really ensure remains annternet open interoperable, secure, place to dotable business following what is the international strategy for cyber space. we need to move to an environment where we are routinely able to take and quickly respond to requests for action by our partners and act in concert with them in cyber and we will continue to encouraging our foreign partners to do the same. >> lastly, i would highlight forwardslin to look the future. how you is it that we he make it inherently part of cyber space. easier. move onioned user name and is terrible.ch most of our passwords are awful and we all know that.

move past that? is the the things national strategy for trusted identities in cyber space. enabling you to know who is on your networks and what is happening on your networks. we look toward the future we want to do that in partnership. thes is not something that federal government is driving on its own. edded to spur theedded to purr private market to get that started and then want the system to grow up organically. especially interesting time to be working on cyber issues. the issues are complex and challenging but really present some unique opportunities to shape the future for a long i look forwardnd to continuing to engage with all of you in the dialogue as hammer outard and these roles and responsibilities.

much. you very [ applause ] >> daniel, thank you very much. those who have questions, if you could please write them on cards and you can can -- we colleagues who are around the room and can pick them up do address your questions. i would like to start off you market-based the market-based incentive and in particular.e your views on that and what it portends for the insurance industry. >> sure. areaink that the insurance is one of the incentive area we weentified as a key area would like to see developed. we would love to see a very robust market develop in insurance and cyber security insurance.

ofu can see the beginnings how that might work from what has happened in the data breach p.i.i.n terms of about needcan see what we really to be able to do is develop the actualial tables to actuarial tables. to take the step that we can to try to encouraging that market to grow and to do that enables us to have the kind of data that we need while still protetting companies about' information and people's privacy as well. a very fruitful area to pursue. >> great. elaborate this question asks on how the government shutdown or potential one could slow framework development, if, indeed, it would? mean just the reality, of course, is that if we move into a shutdown that

people whod be just will be furloughed. and some of those are the folks working on the framework. and this will need to clear pieces of the framework and pieces of the framework and get it into the register. if that happens if we are in that situation that is an example of one of the bad happen.thatle it is not something that the american public has a lot of visibility into and not overly visible but it is one the and would be one of the consequences of that. ultimately we will get there. and we will get it published, slowyou it is -- it could it down a little bit. >> okay. thank you. next question is what does the n.s.a., u.s. cyber command do quote unquote actionable information after it has been

shared? >> to answer that question you actually have to broaden the question. cyber security within the federal government is really a team sport. i know that general alexander earlier this that morning about how really within the federal government you talk about it really being a partnership between the department of homeland security, the department of justice and f.b.i. and d.o.d. and n.s.a. and we really have thoseing all of capabilities to bear as we -- whenever we get malicious indicators. bring all of the capabilities of the federal government to bear on the it.blem to try to address so i think it is really a broad question about how we actually to take that and then determine what is going on, who it might be targeting and how communicate with those individuals and what we do about it. >> thank you. the next question addresses topic we were discussing over lunch. averagebvious that the american network user is both the weakest link and the post

lucrative target for the threat. how do we raise the cyber averageication of the american? >> i think that is actually a really interesting question and this overalking about lunch. i see this as an area that, frankly, i would actually like see more research done. if you think about this problem thatany ways, we know there is a giant threat out there and raising the awareness it is certainly among the things that you can do to help the problem that the questioner identified. to a large degree we know what to even do about it. much of it is not rocket science. and yet we don't do it. somethingy there is that is missing in the incentive structure and in the structure of how this area that we don't actually to fix an solutions known problem. i think that i personally

would like to see more work we can change the incentive structure to flip that on idaho head. we -- on its head. how do we make that so that to work to beave secure, they have to work to be you start fromat a foundation of security. how is it that we can build the easierstem so that it is to even find out solutions when you have a problem. i think all of those are -- are key questions and a lot of which don't have good ready-made answers. i know that we need to continue the education efforts that we working on and trying to raise the general awareness and how these things occur in the general population but you that is not be enough. we have to do additional steps as well. >> thank you very much. it is interesting. question is there has been a lot of talk about threats, challenges and

assurance. the u.s. policy on stopping the threats? policy, our deterrences in other words? >> i think that that is, you see in the policies that we put out it is clear from the administration standpoint that we pursue efforts of network defense and enforcement as our primary go-to efforts first. is also something that we talked about with our allies about how toners actually build the structures to taker space, collective action. for example, discussions we were having about how we could actually take down the globally distributed botnets and do that fashion across multiple countries at the same time. how we can actually bring to all of the different pieces of our government to actually address those -- to

address those threats. and i think the -- and also working on the peace time norms in cyber space. so i think all of those things coming together to have that discussion and talk about actually carry out some of those missions. >> very good. thank you very much. we appreciate it. >> thank you. [ applause ] >> thanks so much. we appreciate it. >> c-span three is covering two hearings thursday.

[captioning performed by the national captioning institute] [captions copyright national cable satellite corp. 2013] tuesday, president obama sat down with former president clinton for a discussion about healthcare. addressedhe comments the government shutdown that could happen on october 1. event beginsng with remarks by hillary clinton. clinton.ry rodham ♪ afternoon, b everyone. >> well, thanks. thank you. thank you. thank you very much. great pleasure to speakerse our next two who are about to have a conversation concerning healthcare. and i thought hard about how

introduce these two men. and the more i thought about it. realized they have in common. they are both left hand. they both love golf. fanatic sports fans and go to great length to about be in front of the tv or on the side of the court or the field. they both are master politicians. each of them has only lost one election. they are both democrats. they have fabulous daughters. they each married far move themselves. [ laughter ]

and they each love our country. and so, please join me in welcoming number 42 and number 44, bill clinton and president barack obama. [applause] ♪ >> mr. president. >> are you interviewing me? that was a good thing you did. [laughter] thank you for coming. >> it is wonderful to be back

and let me start by saying to all the people who have for years now supported the incredible efforts of cgi. thank you. wherever we travel, all across the globe am a we see the impact that it's making every single day. and we are proud of the work you do. let me say that we still miss our former secretary of state. [applause] and i should add that there is nothing that she said that was not true. [laughter] particularly about us marrying up. >> that brings me to my first health care comment. this will be a conversation about domestic and international health and america's role in it. i want to begin by telling you that i think the first lady has done a great job in this fight

against childhood obesity. we have been honored in our foundation to be asked to represent her effort in 18,000 schools where we have lowered the calories in drink being served in schools by 90%. she has been great on that. the other thing i think is that i was a little upset, and as you know, karl, one of your administration members, when you got to -- i read an article that said you didn't have a dig initiative in africa. and i said -- i can't say exactly what i said. [laughter] but it is inaccurate. that is the sanitized version of what i said. when the president took office, our programs was giving medicine to 1.7 million people because of an agreement that i made with president bush to use generic drugs that were approved by the fda.

drugs are being purchased in that way. under president obama, we have gone to 99%. we are treating more than 5.1 million people, three times as many for less money. [applause] that is a stunning legacy so that more money is put into malaria and bed nets to so you save more money and save more lives while doing it. i want to thank you for that. it's important. [applause] maybe at the end of this conversation, we can get back to some of your current global health initiatives, but let's talk a little bit about the health care law. we are about to begin on october 1 open enrollment for six months and i'd like to give you a chance first of all to

tell them why, when you took office and teetering on the brink of a depression, you had to start the recovery again, why in the midst of all this grief did you take on this complex issue? many people were saying why not just focus on the economy and leave us alone? so tell us why you did it.

. .

>> it is hard to get a large audience of mostly women quiet, isn't it? i'm happy about that though. welcome. thank you for being here. my name is elizabeth baker. i'm vice president of "the atlantic." welcome to washington. i also want to welcome the viewers that we have on our live stream, as well as c-span. we are welcome to have a larger audience outside. "the atlantic" covers women and family issues and women professional issues in the pages of the magazine with articles like -- on our website, there is a channel that covers a lot of these issues. i thought i would bring your attention to our latest issue, including one i thought particularly interesting as a

mother of three, "my daughter's homework is killing me." [laughter] this is about a father who decides to do his daughter's homework. 3-4 hours of homework per night and sleep six and half hours. not necessarily a good thing we're doing for our teens and tweens. we try to bring women's issues to life. this is the fourth program we have had this year so far following janet napolitano. we want to shine a spotlight on the careers of some women have done really well in washington to hear the personal stories and hear the career stories as well.

we're very pleased to welcome senator patty murray as our guest, who is chairman of the senate budget committee. before i invite patty up to the stage, i want to give a special thank you to exxon mobil. they have been partners on this program since the beginning. we came up with a get together to try to bring together a community of women leaders in washington. exxon mobil has supported the program since offset. our partner terry is vice president and is the leader of the washington office for mobile. she joined the firm in 2001. prior to that, deputy assistant at the department of energy. a few housekeeping notes -- we encourage you to be part of the conversation.

you can tweet comments. the hash tag is #atlanticww. we will also have an opportunity for q&a at the end. we are taping and live streaming. silence your cell phones please. i'm very happy to introduce senator patty murray. senator murray was born and raised in washington. she never imagined a career in politics. she got into it as a mom. she was advocating for one of her children. she made the trip to washington and was told she couldn't make a difference. she turned around and made a grassroots organization that

indeed made a difference. they were able to reverse cuts. she was selected to the washington state senate. in 1992, she went for the u.s. senate versus a 10-year veteran. she was selected as a senator. she was reelected in 2004 and 2010. in addition of being the first female senator from washington state, she serves as a chair on a committee. serving as a member of the senate credit leadership since 2007, she has established herself as an effect if leader on education, transportation, security, and veterans issues. welcome. interviewing her will be karen. she is new to the seat.

thank you for doing this. welcome. she has a full-time role at msnbc. it is on air saturdays and sundays. she has had a long career in washington, in politics, working for presidential campaigns and at the white house and and in the new york senate race. she has been a commentator in the hill. again, many thanks to karen and senator patty murray. >> thank you. [applause]

>> i thought where we would start is the story about the school is one. one of the things that i thought was so remarkable and by wanted to start their is when you look at the hearings this year on military sexual assault, so many women there are asking questions and comparing that to that picture of anita hill being questioned by all of these men. it felt like we have come such a long way. >> it is a good place to start. >> absolutely. looking forward to hearing your thoughts and comments as well. i remember it like it was yesterday. i was a state legislator. we were working passionately on issues i cared about.

preschool education got me into politics to start with. issues around family and fighting for things that i cared about. i remembered hearing about a nomination back of the nation's capital. the entire nation keyed into what was happening in d.c. i turned on my television to watch the united states senate committee interrogate this poor woman named anita hill. i kept looking at this committee. god. all men. not saying but i would say. i felt disoriented. i went to a dinner where

everyone was talking about that. i will have to run for the senate. i didn't hear anyone say what i am saying. [laughter] it came from that. i felt passionately that you can sit home and complain about what is going on, but sometimes the only way to change it is to say, ok. i will do it. i went to the senate in 1992. no one gave me a chance. i was out 3-1. i was kind of the quotation at the end. no one believed me. no one at the time -- they felt they needed someone who would be their voice. i came in. i came in in the year of the women.

it was a change or the country and the responsibility of being part of that. fast forward to the hearings now where every single committee has a woman on it. i can see my voice being reflected time and time again. i think that is a great piece of progress for our country. it is one of the things that has really changed our country. >> one thing that is notable is not only that we have 20 women senators but women senators in positions of power. >> you have to be here and work your way up the ranks. we have been here long enough to do that. diane feinstein is chair of the intelligence committee.

people always say women's issues. intelligence, agriculture. barbara boxer with the it department of environmental works. we are not just a voice, but we are a player, making sure the passions we care about, the priorities we care about, the voice we care about is from the legislation. >> we are going to talk a little t outhe ama. everybody has got to have their moment. senator jill a brand -- senator jill a brand -- gillibrand is a friend of mine. sometimes we need to get away from the testosterone and get something done.

i wonder if you can talk about how women's leadership has changed the way things are working. >> we all felt the weight of doing a good job, not for ourselves, but for other women so they would be in politics and do our job. we found we are our best supporters and could share things. our team leader brought us together for the first one, and we found this camaraderie to be able to say, where's the dry

cleaners, or i'm trying to work on this legislation for women in rwanda, and i don't quite know how to do it, or i have got an issue going at home, and i need to get is done. -- get this done. we were our best supporters. we have continued the tradition for 20 years. we welcomed new women from both parties. we really do go and then talk about everything from somebody's new grandchild or where the best place to get fast food is late at night or how we can focus on the budget crisis. we have every one of those discussions. i think it has been helpful for us, and our goal still remains

the same. if we can help each other be successful, other women will be able to do the job. >> there is a lot of talk. when you hear stories from back in the day, people knew each other. there was a personal relationship, and it seems like it is the weapon carrying on that tradition. -- women carrying that tradition. >> you find kids in your school, and you find common ground. we do the same thing. >> there is a dinner you had with president obama, which we are curious to hear about. >> it was one of my favorite because he invited 20 women to the white house to have dinner with him. we were looking at the white house lawn, and we shared

everything. we talked about finding a solution. we talked about small issues and big issues. sort of towards the end of it barbara boxer said i am looking out the window, and i am thinking 100 years ago when women were fighting for the right to vote they stood out of that window and were arrested because they tried to get the right to vote. i am pretty sure that 20 women around this table would have been the 20 women protesting. it remind us of what we get so frustrated with the political

process that a lot of progress has been made. our country has changed in a lot of ways. we are a country with great change, and we need to embrace that. >> a little bit of drama on the hill. and a non-filibuster to slow down this process, maybe you can tell us where we go from here. >> he uses the time available, and that's fine. here's where we are.

we all know that finding a solution to our nation's budget was probably the top priority for all of us right now. we go without having any continuity. we wrote our budget last march, passed it in the senate, and normally you would go to a conference committee and work out the differences. surprisingly, the minute we did, they objected. everyone is going to be upset, and we will do something that

keeps us running. here we are. it really is unfortunate. democrats and republicans have got to sit down at the same table and give. that has to be done, and our nation deserves that. >> it strikes me that over the summer we saw this buildup, and we had some are republicans -- this buildup, and we had some republicans saying it was never going to happen. now we seem to be at the testosterone filled movement, and it will go back to the

house, and there is a ping-pong between house and senate, but you are already hearing about house members having a list of demands for increasing the debt ceiling. how is that going to get us out of this crisis to crisis zone? we are talking about a continuing resolution. we aren't even talking about a budget. >> the house passes a bill that is completely unacceptable. we're not going to take away the progress we we have made for providing health care in the country. we are going to take it in the senate. it will be sent as a resolution. i think it's important to remember that we are talking about the government while we keep this issue. this is how we manage ourselves.

they decided to make a temper tantrum about that. that's where we are. the debt ceiling, what are we going to do? i cannot believe the republicans would use the debt ceiling to throw our country into economic turmoil when we know we are just getting to feel stable again, when we are all beginning to feel we can go to work and not get a pink slip, that wall street is not going to collapse, and they are going to throw the country into turmoil? i cannot believe they are going to do that. the rational thing to do if there were a group of women in charges we would keep the government running for the next several weeks, and we would say, we are going to pay our bills, and let's do what we have to do and pay our debts.

that will take the leaders of both parties coming together and giving. which is how democracy works. >> who are the leaders on the republican side who can make that happen? we have seen a lot of frustration with john boehner's ability to negotiate. it does seem mitch mcconnell has been less willing to be out there because he is worried he is being primary back in his home state of kentucky. we have all these. who do we negotiate with? >> i think the republican -- the problem is republicans are being controlled more by the tea party part of their group. they really don't want our

democracy to function the way it is. harry reid uses the word anarchy. i don't know if i would go that far, but they came here to vote no. how do you function? that is what speaker boehner is dealing with. you're right? who do we -- you're right. who do we bargain with? more republicans are saying to me they feel strongly their party has to stand up to that faction, and i agree. i am a democrat. i want democrats to be in the majority, but in order to be a good country, we need a republican party who can negotiate with us, and we don't have that functioning right now,

but i predict we will have a better republican party. >> so by midnight on sunday. >> you're going to get a continued resolution. i cannot imagine the republicans want the face of their party to be that they cannot come to an agreement on small things. i cannot believe that even with the faction that is hard to deal with a would want that for republicans. >> we have seen this idea that perhaps they will try to shift the conversation and get something done there but then really focus on the debt ceiling and the list of demands and other things they are going to

insist upon, but shutting down the government is horrible. the debt limit is a very serious threat. >> i think they are making a mistake if they are saying to the american public that they are going to put our entire economy at risk in order to get their projects, even if i agree with some of them. think about the precedent that sets for the rest of our lives. every time someone is in the majority or the minority they use the debt ceiling or the economy to get what they want? we cannot run the economy that way. it's one thing if you have defenses about women's right to choose or differences about how much funding should the for education, but to put our entire

economy at risk when we are at the global marketplace where other countries are competing for the same thing we are and we look like a third world country that cannot manage itself, i think that's very dangerous. >> does it take leadership from the president to make that happen? >> the president is clear he will not negotiate over the debt ceiling. >> where do we end up if he is not willing to negotiate and they aren't willing to budge? >> they are apparently working on christmas tree filled demands to raise the debt ceiling. they haven't been able to get the vote for everything they said they wanted either. what they are saying is i know you will never vote for the debt ceiling, but if i put in a pipeline, will you vote for it? let's wait and see what they get together.

we will send it back clean because that is the responsible thing to do. they are going to have to live with their willingness to throw the economy -- i go back to the 1990's, when newt gingrich shut the government down. i got on a plane to go home, and people said, what are you doing here? i went in my office and answered the phone to people in tears who were not going to get their social security check. they were not able to pay their rent. if the republicans take us off that cliff and companies lay off people and folks are not getting their social security check, they are going to sit there very long.

i don't think they to put us in that place. they are going to sit there very long. >> what about the business community. it strikes me that the shutdown in the clinton white house it was -- i was nonessential. it strikes me that part of the dynamic was something everybody could understand, but the debt ceiling, for a lot of folks in ohio and pennsylvania, it's a harder conversation and an easier message from the republican side to say we are standing on our principles, and we aren't going to raise the debt ceiling. >> i think businesses in america are really concerned house republicans would but our economy into a crisis.

first of all, many of them do business overseas. when they lose out because someone says your debt is no longer good or we don't trust you, they are going to lose out to other countries. their business overnight can be flipped by this economic policy. i think businesses are putting a lot of rusher on republicans. -- a lot of pressure on republicans. they put themselves in a real bind, so they have to figure out how to get through that. i would hope the business community stands up. the last time we talked about not raising the debt ceiling, our credit was downgraded. >> there is a list of other

stuff that needs to be done. we have got syria. there are so many other issues. how do we get through this and focus on those issues? >> everybody here knows the way you get to a budget agreement is that we sit down and hammer it out. i am going to have to say, i will take that back to my caucus and get the vote on it. the republicans have to say the same on their side. i will tell you the 12 people on the supercommittee were really good people, and we spent a lot of time walking through details and talking about what we could put on the table. i had the ability to say i can't bring my caucus with me.

what i didn't have was the republican chair who could say the same thing. he had to go back to boehner, who went back to the tea party. we need the people in the room who are willing to stand up and be the leaders on the democratic and republican side, to say i am going to make the best eli can for my party, and then i am going to take it back and sell it because that's what our party needs. >> let's talk about the other issues. let's hope we get a settlement by midnight on monday. talk about veterans affairs. there has been a lot about the backlog issue, a lot about concern for mental health. that was raised again with the navy yard. talk about that.

>> my own father was a veteran. he was injured. seven kids in my family and my mom didn't know the extent of his injuries and what he went through, only that he was a veteran. when i was in college, it happened to be during the vietnam war, and most of my friends were protesting. i was trying to get through school, but i was in my senior year and had to pick somewhere to do my internship. i chose the veterans hospital to do it. i am taking an elevator to the seventh floor, going on to a

locked ward to work with men and women my age suffering from posttraumatic stress disorder, although that word was not used at the time. this to me was really vivid. i am dealing with these young men and women dealing with mental health aspects of serving our country. i just remember thinking, somebody has to be a voice for those people, never knowing later i would be elected to the united states senate and be there when we have thousands of men and women coming home serving not just one term but 4, 5, and six times with the health issues -- with mental health issues and being in a position to fight for them. the country wants to help.

it's unlike the vietnam war. i think our country respect these people. i think our country feels that way today. we want to stand up and provide services, but often the stigma of mental health -- you have to be the warrior saying you have challenges -- is not easy, and critically, it is fighting the culture of our military who don't want to accept that mental health is a challenge we have to deal with, so changing the culture of the military, changing the culture of us as a country, not saying i feel bad you have eds the, but i'm not going to hire you. that's a bad attitude.

it's a complex problem to have the services available and to have us of the country doing everything we can, not just saying thanks but really being there. >> it strikes me that the affordable care act is a place we could change the conversation given that it would provide services and treating it like any other illness. that could be a place where you have republicans fighting against the affordable care act, talking about the need to address mental health issues not just for our veterans that when you are looking at things like gun violence. >> mental health the person themselves have to ask for help. but there is somebody to answer

the call when somebody asked for help. this young man was not silent about it. the question we have to ask is did we give him the right things? >> do you think we are making progress on military sexual assault? >> i want that to be better. we stood up and held a three- star general. i think what's great is we have women in the senate who are not going to say, it's taken care of. i think the military recognizes it, and the military recognizes they need people to come into the military. if we say i don't want my son or

daughter serving in the military, we aren't going to be a strong country. the military has to change. this is not a topic where we say ok, we took care of that. >> in terms of the issue of do these get handled in the chain of command, what resources are available outside of the chain of command. where do we end up? >> the good he is we are actually about the solution. we are having a really good debate about that. we will figure that out, but the good news is we are having a debate about that. we didn't have a debate 20 years ago.

we are saying it is not working. we want to get it right, and i think we will. >> we are going to take questions in a few minutes. let's switch to education. let's start with early childhood education and the president's proposals regarding headstart. where do you see that going? >> i am the only preschool teacher in the united states senator here -- united states senate. i know how important it is for our young children to have the ability to be successful, and there is a huge difference between those who have some kind

of support in terms of the six feels we need as americans and being able to work in a group, and we have left the hind the vast majority of young kids today. we have left behind many competitors. we have decades of experience, and every country in the world has shown we need to invest in early childhood education, and we have not done it. a teacher told me 80% of her kindergartners come to school on the first day and don't know how to turn up page in a book. what were they doing? a lot of parents don't know to read to their kids, and a lot of parents do.

we need to give them the skills to say, reading to your children is not just fun. it is important to their brain development. i am 100% behind our country really focusing on those young kids. you know who is with me on this? police chief. they tell me the vast majority of people in their jails never had early education. for me this is a no-brainer that i am passionate about. >> is their support on the republican side of the aisle? >> i believe there is. we are looking at the overall budget. what are the priorities? we have spent so much time talking about the deficit that we haven't talked about education. we haven't talked about transportation infrastructure.

we also have to deal with these other deficits and get that investment. >> there is talk about increases in military spending. we know that the miniscule amount of waste, fraud, and abuse -- >> you cannot teach a child to come to class hungry. for our young people to be participants in the community, you have a group of 24-year- olds, and they have not had something to eat in a couple days, they aren't going to learn anything.

i am mad about this. >> there is a level of conversation we have been having. we are talking about $40 million, and we are not talking about investments in early childhood education. how do we shift and find partners on the other side to make those investments happen. >> first we give them courage to take on the tea party. there were a lot of republicans who worked with us. they really understood the need for early childhood education. right now those kinds of

republican senators are so fearful of being eliminated in a tea party primary all they think they should talk about is how they can cut back. we need to give republicans a way to work with us to lower the cost in our jails when we invest in early childhood education, to have a group that are healthy and well-educated. we need to get back to that topic. >> one of your roles has been working to recruit candidates to run in the senate. i wonder why we don't have more women running and what is the argument you make to them to have more run?

>> i think it is important we write more policies and repeat back to their constituents what it is. if you have all men creating legislation, women will turn them off. you need women explaining it as well. nordstrom's understands that. i have women and men who are sales people on purpose. having diverse body is important. why is it important for women to be in politics? we bring issues to the table, but we help america understand why we are fighting for what we are fighting for. i do think it's important, and it's great to see people. i would tell you i have chaired

the democratic committee twice. you don't recruit people into politics. you open the door for them. men the first thing they say is, how much money have you raised? they can speak to them. i think they need to know that one enlisted to them while they speak. >> a question to the left? >> i want to thank your staff

for their interest in looking at how we can capture savings from budget processes, and i am wondering your thoughts on that and how we might move forward. >> that is a huge amount of affordable care, refocusing us from paying huge amounts for all the things that cost more. we have got a huge disconnect when we look at it. insurance companies cover you until you are 65. insurance companies have never been interested in doing prevention for those diseases you normally spend a lot of money on after you are 65.

it is somebody else's problem. we need to make sure the health care system focuses on prevention. it's what the affordable care act does by providing health care coverage for people so they do have mammograms on a regular basis. if you have knowledge and make the decisions about yourself, then you make the decisions about yourself. if you don't have the knowledge, you are going, if i had just eaten more vegetables, or whatever it is. we need to help people do that. a lot of businesses are looking at wellness.

>> it's not just having information but having access. there isn't always this understanding that some people don't have the opportunity to make a good choice. >> go back to those kids who come to school and don't know how to turn a page in a book. if they haven't been read to, have they ever had immunizations? have they ever had simple care when they were young that helps them be healthier? probably not. we have to make sure we work with those communities and provide them with the knowledge they need. parents want to do the right thing, but it is helping them get the knowledge. >> other questions?

>> i work for government services. you mentioned several times congressman boehner and other republicans need to go back to the tea party to get permission to get legislation passed, and i think it has been well established that the tea party is not a grassroots organization at all. it's basically funded by people like charles and david coke. how does the senate stop something like the tea party from holding the rest of america hostage? >> i hate to give advice to my republican counterparts, because i want to stay in the majority, and i want to win, but i would

say, you need to stand up to the tea party. people will admire that and respect that. people want their legislators to work from a point of courage, not the point of fear. that is were tea party members are winning. if you have republicans that look fearful versus a strong person who says they are going to go for it, you will lose, but if you say, i disagree with you, and this is what is important, they are going to start winning. >> i've had private conversations with republicans in this town. there were so many republicans who thought what rush limbaugh said was terrible. i said, why don't you say that? they said, we cannot speak out

against rush. similarly, you hear the conversation about tea party people. as much frustration as they have, it deems like a are -- like they are looking at their colleague. >> that's leading from the point of fear. people don't support fear. whether you are a ceo or a legislator, they need to be confident in their leaders. if you are confident in your self people will be confident in you. they need to take them on. >> i am peggy. i am a congressional report are

for hispanic outlook. i have to cover all sides and all issues. i have met a lot of republican women. very often everyone thinks the same. there are a lot of african american women who don't approve of gay marriage. i am worried about people becoming less tolerant. the press is making it hard to work with tea party people. how do you work with them? she and i have introduced legislation to gather. i have a tremendous -- together.

i have a tremendous amount of respect for her. she was great speaking out. she took on her own leadership. we need to reward that in america and in the press. often that gets lost. >> with the democratic women, there is diversity of opinion. >> i come from a big family. we recognize i will not agree with kelly on certain issues, but we don't have to debate that all the time.

let's find out what we agree with. i think it's important to say, we have a budget in front of us. what can we do? that's how we come to compromise and how we are willing to do that. i think the reward of encouraging people to do that is what we have lost and needs to come back. >> is that a function of how women lead? >> we chair the transportation committee. we both work closely together. i realize there are things she needs i may not agree with, but

i am willing to put that in the bill so she has something she can bring forward. we wrote the bill. we were told we would never get it out of subcommittee. i think i may be your only republican vote, and we ended up getting six or seven republican votes, and we brought it to the senate floor only because mitch mcconnell thought we weren't going to pass any appropriation bills. susan and i respect each other. she respects what my values are. we know what our common ground is. we know when we disagree. we don't need to focus on our disagreement. often we are moms. we have kids. we know we cannot give them what

they want always, but we listen to what we can give them. that is another trade. >> a good experience for working in the senate. >> i want to say thank you for all the leadership you have demonstrated for children with disabilities and our veterans. it has been a joy to work with you on making sure they get what they need. we come from the radical position that people need health care to live independent lives. one thing we have been proud of is market reforms, no pre- existing conditions for kids. we think all those things are good for the middle class and families.

we are frustrated by 41 or 42 votes in the house. we think that's silly, but what are the implications of all these votes from your perspective? >> we are very clear. if we want to keep government running we are supposed to repeal the affordable care act. are there parts we can make better? of course there is. but are we going to take maternity care for women in this country and go back to a place where pre-existing condition is being pregnant and you don't get health care? are we going to go to a place where kids reach their cap by a- year-old and are denied health care? a woman was saying to me -- they were lamenting the health care

bills. i didn't have to say anything. a woman stood up and said, i have to tell you, my son is severely disabled. he has never been able to buy insurance because of that. i am getting older. i am so scared. i could not sleep at night, but he can buy insurance. he is going to be ok. don't take that away. i think as more people see that we will get past the temper tantrum. they can say it didn't work. >> one more question. this woman on this site? -- side?

>> i am the mother of a preschooler. i am really curious. it strikes me how antiquated it is. i have to go to the fields and harvest them, and over the summer inner-city kids are not getting as much food. they are falling further behind. i wonder when we are going to have a conversation about basic fundamentals. let's teach art and things so kids have a way to learn and we can do our job.

most of us are not farmers. i wonder why we have a hard time tweaking a system that is so wrong. >> there are a lot of creative things being done to deal with that. every woman who is a professional and has a child at home has to address that. we need to allow women to choose to do both. we need to allow women who want to stay home to stay home, and we need policies where women who want to focus on a professional life are supported by that. that's what we want. making sure our kids are ok is so critical for the nation. we do a better job when we know our kids are ok. when we have to pick them up at noon or we get charged twice as much, those things make a challenge to do our job.

let me throw one thing out i am seeing happen as a result of women speaking out, and that is the issue of daycare. it makes our stomach turn. there is a group of educators working with daycare folks to give them curriculum so they are actually giving them curriculum that will help them be a better daycare person. i don't care if you have three kids or 20. the daycare providers are ecstatic. they are being told their job is perfect -- important, and here is how you can do it better. helping those people feel they are a critical part of our country and giving them the skills to do it is going to help all of us in this country.

there are some great skills. i wish we had done that. >> take you. >> thank you. we are going to close our program. [applause] >> thank you very much. >> thank you very much, senator. we know you have a lot going on and it was wonderful for you to break away and share your thoughts and experiences and 82 msnbc's karen finney. very special thanks to exxon mobil supporting the series now on the fourth year and for all of you, keep an eye on the website, the atlantic.com and our event channel for news on upcoming programs and we will have one more women of washington before the close of 2013. thanks again, and enjoy the rest of your afternoon. [captions copyright national cable satelle