what do you put in the clinical service bucket that isn't payments to physician? >> that's mainly emergency care centers and ambulatory centers. >> it slightly goes to physician owners and their involvement in investment? >> it could. >> thank you, i have a question about -- >> please identify yourself. >> jeff young with the huffington post i wanted to ask about the individual insurance market. to the extent to which premiums for exchange plans maybe higher than products currently on that market. do you expect to see a measurable effect on the rates of premium growth or the rates of car sharing among people with insurance over all in future

years because of changes happening in that market. or is it too small piece of the pie to make much of a difference? >> that's another one we wouldn't have indication of right now. we're still not sure of the impact that would have. we have to wait until we see data which would be -- 2014 data won't be available for two more years. at this time, we don't have the answer to that question. >> john with npr. it seems to me, people who might want to take some comfort from this decline in the rate of growth and healthcare should not take comfort because it basically what's happen historically after a recession. price growth stabilizes.

maybe we're near record lows because we're through a record great recession. is that the case? are you saying there's no change in the long term trends here? >> what we're saying in the article is that the relatively low rates of growth that we've seen over the last four years are consistent with the historical tend. we don't characterize those trends. it's consistent with what we've seen in post recessionary periods in the past. >> do you expect difference between gdp growth and rate of growth in healthcare to go forward with 2.2%? is that no change there? >> as i mentioned, this is a historical project.

we only have taken the data and estimated it through 2012. what we've seen through 2012 is consistent what we've seen in the past. >> i know this is looking into the future again and this might be a little bit granular. is there anticipation that will allow you to start accounting for differences in payment policy and hospital outcomes and differences in spending due to your drugs and medical devices. the reason i ask because, there does seem to be more emphasis on payers on therapeutic and diagnostic products that change outcomes. the great hope you can cut down on readmissions.

if you don't have that kind of data and analytical tools, is there any anticipation you might acquire that in the future? >> we use high level data drilled down. in house we only have medicare and medicaid data we can drill down to claim controversial explore the type of things you're suggesting. we leave the research and other things up to the experts. our top level basically originates from the census and we supplement them with other national data sources. depending on how low we can go into the data, sometimes we can't and sometimes we can't answer those questions. >> revision in gdp was affected by the department of commerce last year.

how much did that drop share of health expenditures in over all gdp? >> health spending share would have been 17.9%, due to the revision, it was 17.2%. >> "washington post." i have a quick clarification. you mentioned the affordable care act less than .1%. what that .1% applies to? is that the rate of growth? >> no, that was on the level. it was referring to a dollar level. over three years from 2010 through 2012, .1%

>> .1 percent or .1 percent point? >> .1%. >> the amount we're spending on healthcare is possibly as much as .1% less over the three years? >> actually it added to spending. >> got it. so we're spending .1% as much as .1% more on healthcare than we would be without the affordable care act? >> correct. >> thank you. >> one other clarification about share of gdp taken by healthcare. in 2011, it was 17.3, does that number reflect to adjustment in gdp? >> yes, all of our shares are revised to 1960. the bureau of economic analyst published their new gdp. >> last question.

>> i wondered, do you have any additional data available that breaks out the sponsor spending by type of household? you know that household spending has remained constant over the last few years. i wonder for medicare household, is that different than privately insured households. >> under household, we can't break it up like that. we do have a couple subcategories that you can get some additional detail. like payments. we know what amount households are paying to their private health insurance. we know how much households are paying for their medicare. we know what they're paying

towards for their employee share private insurance. what they're paying their share of payroll taxes and then what is out of pocket costs. from that you can figure out where the households are falling. >> presumably, if there is more cost sharing going on in the individual market, for example, that maybe offset by other things happening in medicare. you're not really able to pull out sort of what is going on out of pocket spending really. >> most of our data comes in top down. you would have to go to another survey or another research.

>> okay, if there are follow up questions, is there an e-mail address? anybody like to volunteer to field. okay. any questions, she'll funnel them to c.m.s. we thank you for your presentation, your data and we'll close. [captioning performed by >> "washington journal"

continues. host: we're joined now by janet ."d of "wall street journal give us your idea on the biggest

issues facing lawmakers. do democrats really want to spend most of this are focusing on economic issues that look at the inequality between rich and poor and measures like unemployment insurance and minimum wage to redress the imbalance. republicans want to keep the focus on the rollout of the dr. law. neither one of those seem destined to produce a lot of legislation. so keeping the government open agenda is the baseline of passing your basic fiscal bills that congress needs to keep the government running and from going into default. one of the biggest parodies in defense legislation? guest: one of the biggest parodies will be to put together a defense appropriations bill. at the end of last year the budget deal restore some of the pentagon's cuts under

sequestration, but the pentagon is now going to have to come forward with the budget plan. the relevant committees will have to go through that and also make some cuts, some more targeted cuts, but that will be a big focus, especially in january. thomases focus in 2014? janet, we spent a little time this morning talking about unemployment insurance. guest: democrats have introduced with the support of one republican a legislation to extend unemployment -- emergency unemployment benefits for three months. these benefits actually laps at the end of december, but they have a bill that would restore them retroactively and restore

them for three months. the bill needs to first pass a procedural hurdle that require 60 votes to invoke cloture. it is not clear whether the democrats if they get all 55 of the democrats and independents, than they need five more republicans and the only republicans who have publicly so far endorsed the bill is the cosponsor dean heller from nevada. there could be lots of republicans who might want to extend unemployment benefits, but their big complaint is that it is not 84. they think it should be adding to the deficit. once a vote is taken, it clears the cloture hurdle than it will be on the floor for a little while. host: harry reid was asked about this on cbs this weekend. let's take a listen to what he had to say. >> it would seem to me that five republicans in the senate should agree with the republicans around the country.

republicans around america want us to do something to extend these benefits. it is good for the economy. it is good for the country. everyone of these people as long-term unemployed, they get one of these checks, they spend the money. they don't put in the bank could help small business. that is why small business favors this. they wantn why something done about minimum wage. the notice good for the economy. background checks, 90% of americans want that. republican congress opposes it. ,xtending unemployment benefits 75% of americans want that done. republican congress opposes it. for us and it down ivan to the politics for this issue. guest: one thing we can't get away from him talking about 2014 is the midterm elections. there'll be a midterm election in november. that cuts both ways. both parties will be angling for

the various positions and playing to the bases, but some issues cut across that in the sense that if enough of the this, i thinkwant you can see them coming together to pass something like that because all the memories of the house are up for reelection in november. one third of the senate will be as well. all these issues will be fought in the context of the coming election. host: let's go to congressman peter king. janet we will get your take. for a brief. myself, speaking for i've always had a dollar is a dollar. but there has to be some compromise coming from the democrats. i don't want this permanent state of unemployment insurance. there are people who are looking for work and need some help. i would like to find a way to get a compromise to extend it unemployment insurance for a

brief time. but the democrats should make compromises as far some burdensome regulations because the ultimate answer is not unemployment insurance, the answer is more jobs. as a temporary. of time, i couldn't see the extension of unemployment benefits. restrictions are so that we don't have a permanent class of people on unemployment trends and it doesn't become an impediment to jobs and doesn't create a state of dependency. host: what is your take? can actually hear some windows of opportunity for compromise. he says if it is temporary, he is also talking about offsetting the cost. is onee to remember he of the most centrist republicans in the house. speaker boehner has said that he would entertain it if it included an offset and some kind of job creation component. i do think that the key is to look to the republicans in states where unemployment is still high. it is no accident that dean

heller is he only republican in the senate endorsing it. nevada has the highest of unemployment rate in the country. i think that is where proponents arehe bill in the senate looking. tennessee has a high rate. a strictlyust partisan issue. there is an economic component that varies state-by-state. host: the next call on a republican line is from maryland. my question is since more people are waking up to the scientific evidence proving that building seven was brought down in a controlled demolition on we're going to stick with the topic of the agenda for congress in 2014. we have a call from new jersey aaligned from democrats -- call from new jersey on our line for democrats. caller: i think we need to

consider one very important thing and that is that 60 votes are needed every time a new issue comes up. there is an automatic acceptance. not only on the part of the press but even senator reed, that the filibuster is being acted on. i think this is an outrageous condition that we have to put up with in this country. it is one the reasons that congress is getting such low ratings. host: your response. guest: senator reed has been challenging missile presumption that everything needs 60 votes. with a great deal of controversy he engineered a rules change at the end of last year that reduced from 60 to 51 or simple majority the threshold needed to bring an executive branch nomination for cabinet officials and other appointees and judicial nominations. that was a big break in that assumption. question was raised when senator reed was interviewed on tv

yesterday whether he would think about dialing back the filibuster on legislation as well. he said well, i am not thinking about that now. but it sounds like he left open the possibility. brian want to ask you briefly about the nsa. what is next for congress? guest: i think on the national security arena, another issue is the fallout from the n s a leaks. senator paul is one of them who is deeply concerned that nsa is doing things that shouldn't be doing. that is american -- that is invading americans privacy. congress should know more about the process of how this information is gathered. that the congress is

going to let the courts do their thing before they step in and do anything drastic. theret necessarily think is a lot of agreement in congress on what to do. they tend to defer to the national security agencies when it comes to stuff like this. because it is something the courts are dealing with, they will wait and see how it plays out. guest: i agree with brian. with the courts offering such diversion views, everybody has somebody to root for in the courts, depending on what the point of view is. one thing about congress is if there is any excuse to not act on a hard thing like this they may take that excuse. next we will go to schaumburg, illinois. i want to talk about the proposed immigration reform. one of the things that concerns me is that nobody talks about what it really means and what will be within that reform. everybody wants to focus on the

illegal immigrant problem, which is a problem, but i would like to focus on what they think our immigration policy should the going forward. another thing that concerns me is the political media class does not like to link immigration with high unemployment and declining wages in america. they are definitely related. those problemsth of high unemployment and low wages, we do not need to flood the market with labor. we need to limit immigration. i would say we should only allow immigrants with a college degree to enter the united states. i think we have had too high a level of immigration. that is why we have the problems we have. talk about what is in the reform , ok? let's expand what is in this bill. average every situation where is nancy pelosi, let's pass a bill to find that within it. guest: i think the caller

expresses the frustration a lot of people feel. at the senate passed last spring, the immigration components.ny i think that a lot of it was discussed at the time. the idea that no one is talking about it is not exactly accurate. of differents components besides the path to citizenship for illegal immigrants. it involves a very strict regime of increased border security, visas for high-tech and more , i guest worker program for agricultural workers. the connection between immigration and on an ointment is hotly debated as an issue. i have to say that from the perspective of the high-tech visas and the guestworker visas, they are being sought i employers because they say that there are not enough american workers to fill those jobs.

budget deal brokered by patty murray and paul ryan, some of the big sticking points there have been jobs for military retirees of working age. ryan, i want to start with you. talk about what is ahead for -- what is ahead for legislation. one very controversial piece of the budget deal that was reached before christmas was the fact that retirees in the military, their cost-of-living -- itment will be shrunk will increase at a slower rate. that is very controversial. these groups spend a lot of time lobbying washington for benefits and i think that that is one piece of this budget he'll that you could see the congress this year go back and tweak a little bit. i think they are going to get more pressure. the pentagon argues that it is a necessary reduction.

that the people costs, as they call it, have risen tremendously. a lot of that is the retiring community getting health care and benefits. i do think it is quite possible that you could see these committees addressing that pretty quickly. either reducing that or maybe even going back to the way it was. >> what are you hearing? about theng controversial provision is that it does not kick in until 2013. they have -- 2015. they have 20 of time to look for alternatives. there was a big outcry about it. my guess is there is some way to change it. but i thought it was interesting about how hard it was to change any kind of entitlement, especially if you are just picking and choosing. there are only two industries or constituencies feeling the pain, the outcry is particularly loud. thought theeveryone best way to cut the deficit was in a big way where everyone

feels the pain. >> charles, republican line. caller: my question has more to do with logic, maybe. referring to harry reid's comments a little while ago about putting money into the and that increases everything, ok, if that is the logic, then why don't we simply just give everybody in the $10,000 -- we are borrowing it from china anyway -- and now when everyone has $10,000 the economy will be just great. i do not understand that logic at all. let me get a comment -- is it logical to do something like that? thank you. >> the logic of what harry reid was talking about is that it gives $10,000 to up or person, they will spend it. $10,000 to a millionaire? they probably will not. that is the logic.

i think a lot of economists agree that the money spent on unemployment benefits is not just to help the individual, but it is a stimulus to the economy. it's pirg, pennsylvania, charles is on the line for democrats. caller: good morning -- pittsburgh, pennsylvania, charles is on the line for democrats. the unemployed people who are not receiving checks at aren't theyecember, both republicans and democrats? , then why dos true the democrats have to give up beething for there to resolution in the unemployment issue? why can't republicans and democrats work together to help the unemployed republicans as well as the unemployed

democrats? i would say two things. number one, there is the philosophical difference between the parties over how you stimulate the economy. the republican view would be just giving a lot of unemployment benefits are a disincentive for some people to find work. far as democrats and republicans both being unemployed and seeking these benefits, i think that is true, and obviously i do not have the numbers, but my guess would be that the democratic constituencies have larger numbers of people in the unemployment pool who are seeking an extension of these benefits. i think that that is why the democrats are pushing for more and the republicans seem to be digging in their heels and want something in return. guest: the biggest disagreement is how to run economic policy

and how does this fit into the bigger debate about what you need to do to stimulate the economy? that is where we have a high level of gridlock between democrats and republicans. there is one piece where there might be some potential for compromise. talking about sanctions, there was a lot of energy behind that when we close out 2013. is that still the case in 2014? absolutely. certainly there could be hearings, legislation on iran and a push for sanctions. even as the obama administration seems to be making progress to get iranians to the table for some sort of deal that would curtail their nuclear ambitions. clearly you have members of congress in both parties and there is a case where there is a bipartisan agreement that we

need to keep the pressure on. you could see, still, some movement perhaps on tightening sanctions. this is all connected. i also think that next door to iran is afghanistan, an issue that congress will have to deal with this year. the obama administration plans to wind down the u.s. military presence by the end of 2014. it is still not clear what the lead behind the force would be, how many troops would stay there , i think you will see much more than you did this year some hearings in congress looking at the bigger picture in afghanistan. what did they accomplish there? what more needs to be done? how prepared is the afghan government to continue what is still a shooting war? a the line for independents. -- on the line for independents. , banking the

united states, the united states has been picking up american debt. -- whatlike to know does the debt ceiling do? february 12? february 16? do we need 60 votes to raise the debt ceiling? is only $10,000, let's see if they can get the country out of debt? if every person was given $5 billion with a federal agency paying the banks every five years, yes, we could all be doing better right now. not just the banks. and on obama's watch. , i am tired of the democrats looking out for the little guy. we are all in this together.

365 days, they work 116 days? white men. [no audio] host: your take, janet? is talkingcaller about the upcoming debate on the debt limit. right now the treasury has the authority to issue bonds and borrow money to pay government bills up through february 7. that is the deadline that was set in the last budget agreement , officially when the debt ceiling gets reinstated. there are extraordinary measures that the treasury can make to continue borrowing so that the government does not default for another couple of weeks or months. after --ctually january is when congress will be taking a vote on providing appropriations for the government. after that they have to vote on legislation to raise the debt limit to avoid default. forrepublicans often ask

something in exchange. we will not raise the debt limit unless you do something to reduce spending. the democrats argue -- this is just paying the bills we have already incurred. it is just not clear yet how far the republicans are going to go in demanding any kind of concessions. the last couple of times they have tried they have not succeeded in getting the big deal they had in 2011. i think that everyone is kind of gun shy regarding the brinksmanship involved in that kind of negotiation. >> next we have stephen in oklahoma, on the line for republicans. >> thank you very much for taking my call. pert of all, $10,000 for a -- for a poor person? of course he will spend it, he is poor, he has no choice. second of all, if we enforce the laws on the books now, we would not have an illegal immigrant problem. we do not enforce our laws. third, if this health care system is so good, why don't the

congressmen and senators have the same health care that we are going to be stuck with? , all of usll americans out here are watching and it isment at work actually not at work. we are not going to take our government serious until they run the government like we run our households. we cannot spend more than we make. that is my point. until our government runs the government like we run our house, we are not going to take them serious. not you all, the government. take the government serious because they are not serious. that is my comment. i do thank you for taking my call. host: your take, brian? getting tocallers this widespread feeling in the country that washington is broken and washington does not work. there is plenty of blame to go

around. they blame congress, the white house, the executive branch. i do think that because it is an election year this year that we angst,e a lot of possibly a lot of energy at the polls. i do think that there is an even that washington is not working for the average americans, that they are engaging in partisan fights in the minds of many voters over little issues that do not move the ball very much. series called broken city we looked at all the different ways in which washington seems to have ground to a halt. is a real challenge. a real challenge for members of congress, who tend to focus on and on whatcts their voters think of them, but do not always think of the

bigger picture, which is that congress, last i saw, had an approval rating of nine percent, which is pretty awful, and historically low. you cannot talk about any of these issues, immigration, the economy, national security, without this broader context, which is that most americans think the government is failing them. i do not know that anyone in this town has a good answer on how to fix that. congress, set to get very little done this year, less last year, is that your take on big legislative movement? one ray of hope is that the whole year will probably be political posturing, but if you want to be -- if you want to see thertisan working together,

book fast, janet yellen will likely be approved today. approval of the appropriations will will be a very big deal, past likely with a bipartisan vote. there is a sense that sometime in january the conference committee will kick out a new farm bill that will revamp the way that agricultural subsidies work and save some money. that is where the pollyanna thing stops. but if you look quick think they will be doing some stuff this month. a little bit of a ray of sunshine there. mike, independent line, ohio. caller: what i have to say is more or less referring to the money with everyone is meeting. this is an example. you go to work every day. you are in a paycheck. you cash the paycheck. you turn around, you go home, you put groceries in your

refrigerator. and not on yours. clothing on your neighbors children, none on yours. you put gasoline in your neighbors car, but none in yours. host: do you have a question for us this morning? caller: this is the united states and us going with the , quit giving money out .o the countries overseas if you did that there would be more money here for the .nemployment norms god help the troops. thank you for having me on the line. the callers referring to .oreign aid

this is a long-running debate in american political history. i think it is often oversimplified. the united states, if you look at the percentage, we do not give that much money to foreign countries. billions, certainly, and it is significant, but i think that if we ended the foreign aid budget oforrow and just allowed all that money back into the economy, i do not think we would measurably solve our problems. i think it is also important to point out that much of the foreign aid that we do give out leads to dividends here domestically, whether it is through trade or things like a zero-sumis not game. if we stop funding our allies, stop helping to provide global security, we would probably have deeper problems. again, i do not think that keeps trackgn aid

of the problem. the united states, john kerry saying that they stand ready to help iraqi on the ground. from what we have heard, he has not said what the aid or the assistance would look like. can you give us your read on that? as far as conditions for 2014, the new crisis in the very wellt, it could be a rack, which seems to be descending fairly quickly in terms of its security situation and the onslaught of these out cato linked militants who are .eeking control there were some drones, some missiles.

john kerry is right, the american people will be quite wary, tuesday released, about getting involved again on the ground in iraq. but never say never. is right next-door to syria, which is in the middle of the civil war that no one, including john kerry, seems to know how to solve. both of those countries and what is going on there are related. al qaeda linked militants have been going back and forth us that border, wreaking havoc. in syria,ment obviously, but then the iraqi government is our ally.

them intively put power. it is a mess over there. host: frederick, south carolina, joining us on the line for democrats. caller: hello? host: go ahead. caller: the stock market is doing fine. slave wages and everything. them on the road, that is the prescription for everything. in the senate they are doing a good job. doing a fine job.

particularly the stock market, they are doing fine. fallujah, lindsey graham, the republican party, when they ,oted to have tax cuts extended they wanted to cut taxes from the military and they told the people in falluja to leave because they did not have the money to support the protection. they decided to stay there. lindsey graham, all the republicans, all of those people were dying in falluja. guest: the first part of the callers question gets to this divide that we talked about , which is income

inequality in this country. is a backdrop for a lot of the debates that take place in the congress. clearly, though it is a cliché, the rich are getting richer and the poor are getting poorer. there is data to support that. even though corporate profits are skyhigh, when it comes to the average american family i think it is getting harder and harder to make ends meet, let alone save money for college. our futures. wages have not kept pace with inflation. american buying power seems to have shrunk over the years. the democrats see that as a main issue that needs to be addressed in this country. president obama, as he spoke , has is different

philosophical approach to the republican party, which is that if we do the right things and unleashing the economic power of corporations in our technology sector, etc., that the rest will follow, the good jobs will follow. i think the democrats would say that that is simply not true, unless you give people the training, the ability to take some of these higher paid jobs, that that is what is going to happen. i think it is one of the reasons why a lot of americans believe that washington does not work. in many of their own lives they do not see their elected leaders as really helping them live the american dream, if you will. you aboutnt to ask health care, really briefly. what do you expect to see from republicans in congress? i thinkne thing that has happened is a whole agenda of repealing a law is now above

the board. republicans that see as much opportunity for them to focustical issue on, as they roll it out, highlighting the problems in taking a few more approaches to the legislation to fix problems, if only to highlight them in the first place. the house will be voting on a bill that requires disclosure of security breaches to take place. hhs says there have not been any. concerns the level of about a system that has already been kind of problematic. i think you will probably see republicans talking and

cspan was on cnn, there was a top hispanic leader and we keep being told -- and no one seems to want to put it out -- it is not 10 million to 12 million, they say that there are 50 million and they have to know how many there are when they contact them for their rallies and all. one week later, i could not believe it. one of the top hispanic group

ladies said that there were 55 million. now, can you imagine what that would do to our economy? plus we are not getting sweet little families, we are getting drug cartels, people that kill their own people galore. and when they say they will not get health care, that they will not get this, you talk to the hospitals. you talk to the people in the hospitals. talk to the people at the local grocery store. it has a very nice meat market in it. host: your take? guest: the estimates of how many illegal immigrants are in the united states are hard to be precise about. it is not surprising that you hear a lot of different numbers. there are a lot of them and they are not blowing up the markets, a lot of them are working in low-wage jobs, trying to wait -- trying to raise families. i think the caller is expressing a sentiment that is a why, in , as people feel that

the country itself is not on track. that if we are willing to cut the budget and we cut the budget by trimming back benefits, it seems like skewed priorities. the caller was referring to the military benefit cut, the pension benefit cut that brian was talking about earlier, and i do think that that is probably going to be changed. host: michigan, democratic line. hello, how are you? thank you for taking my call. i wanted to make a comment -- i think that, just like the gentleman, cannot remember his ,ame, commented so many times our congressmen and leaders have forgotten their primary mission. they are supposed to help the americans and not be up there bickering and using things as

differentnd holding things as hostage, instead of helping our americans. it is just not right. they need to change. i also believe that we need to have the ability to hire and maintainingstead of offices, like they do. if they knew that they could lose their job in the workplace, they would not work against us so much. what is your take on that? a quick comment from each of you guys. this will be our last call for the segment. guest: one of the things that the boston globe, the washington bureau look that last year. does congress not seem to

answer to the problems that they want solved? there is the problem of redistricting in the states, which has locked in a lot of these incumbents so that they have a very easy time getting elected. the second part is the nominating process and the national parties, which tends to elevate some of the more extreme voices on the left and the right . i think that redistricting and the nomination process of the parties is something that political scientists have been talking about lately as to things that you could perhaps modify or change that might have some consequences in washington in terms of lessening the partisan divide. i will remind the caller that there is a way of hiring and firing politicians, which is elections. in some districts it is much harder to unseat an incumbent, but that is the focus of whether you want to keep the politician in office or not. host: briefing, it is available

on our website. .o to www.c-span.org live at the brookings institution, a group of analysts discussed >> making it hard. institute hosts this two-hour event.

>> hello, everybody. we are here at brookings. i work for a magazine called "foreign policy." i am really honored and i am really excited to celebrate the launch of a really interesting book, which i have right here in my hand, "cybersecurity and cyber war," which has already been endorsed by everyone from the former commander of nato to the head of google to the producer of "24 and homeland."

we are going to talk today about some of the big issues in cybersecurity. what are the policy implications? what are the policy responses? what can we do with ordinary folks? peter, as i am sure you all know, is the director of the center for 21st century intelligence here at brookings. alan is now a visiting scholar at the cybersecurity policy research institute at george washington and was here at brookings for three years. it is interesting to me -- just to kick things off -- this book is coming out now. he have had -- we have had a stream of cybersecurity stories, mishaps, even sit in the last five years. -- events in the last five

years. i'm curious as you guide -- curious as to why you guys decided that right now was a time to go back to basics and to lay out a primer for folks about what they need to know on the topic? >> i first want to thank you and thank you all for coming out. it is an exciting time for us. that actually links to your question did -- to your question. e-book is a journey. it is coming out now but it shows the journey of almost two years. the idea behind it and why we think it is particularly relevant right now is -- i would argue there is no issue that has become more important and less understood than cybersecurity. when i say more important, more important in terms of its policy implications, whether you work on classic military issues,

national security issues, to legislative questions and the to your own role as a medicine as a citizen. the issues at play here are we tea -- are weighty as to the future of politics and your kids on what they are doing on snapchat. we can see a gap in lots of different ways. the former director of the cia described it as he has never dealt with an issue where there was less knowledge from people around the table making decisions. 70% of business executives have made a cybersecurity decision for their company. thoughts of these percent -- not 70% of cto's. no major mba program teaches it as a regular management issues.

the way we handle our self online in terms of our favorite story -- the most popular password is still "password." the joke was that is what i use on my luggage. to what we -- to all these different issues popping up, whether it is the an essay or the like, that the nsa or the like -- whether it is the nsa or the like, it goes back to basics. it gives you a primer for all the key questions from everything from how does this work to how can we do it? we are emphasizing what everyone needs to know. as long as we have the internet and we are using it we will have issues of cybersecurity and cyber war.

>> it seems to me 2013 was the year of the leak in terms of cybersecurity. i don't know if you heard but there was a contractor who got his hands on some documents. when you see 2014 -- where do you see tony 14? -- where do you see 2014? >> it is going to be like the past, but more so. one of the interesting things about 2013 was it was the first year that no major person in the policy world gave a speech that amounted to -- the problem with the internet is it was built without a security and line. -- a security in line. ultimately we want to move from an area where cybersecurity is something that is seen as unique and separate and cut out a whole

new cloth into an issue that is integrated into everything. a manager cannot just say, i will call my cyber guy. one thing we expect to see is boards of directors are going to start demanding briefings. they are going to say -- how are recovered? -- how are we covered? we are going to see more creative attacks, moving from taking advantage of human error and finding new challenges. one of the largest questions that is always at the intersection of the technical and the economical and political. who bears the responsibility of securing your cell phone? is the manufacturer of the phone, manufacturer of the operating system, or yourself on company? in 2014 those questions will come to head and we -- or your cell phone company?

in 2014 we will see those issues come to head. we will work towards a more coordinated approach. >> i am going to ask a couple of more questions of these guys and then we will open it up to the audience. get your questions ready. both of us have worked around pentagon types for a while. it always seems like the answer to any cybersecurity question is more offense. if we are being hacked, the answer is to hack them back 100 times more. do you see that trend continuing in the government, that everything has to be about offense? secondly, does that trend, so far, make any sense? >> it is a big question of consequence and we think about

not just what we are spending on but the potential to spiral out in directions that we do not want it to or we lose control over. this notion of cyber offense is very appealing. it is appealing in terms of -- if someone attacks me i will attack them first. the best way to defend yourself is a good offense. we can see its implications and assumptions that we are being -- that we are starting to bake into our military doctrine. there is a pentagon statement that says, "in cyberspace dominance will -- cyberspace --" in our next panel we are going to hear from experts on it.

to do something like that is quite difficult. we have not seen senior pentagon officials describe it as -- they are a couple of teachers -- a couple of teenagers sipping red bull. and they can pull off a weapons of mass destruction style event. no they couldn't. to do some of the more effective stuff, it is not that easy. the defender has a series of steps they can take to make cyber offense difficult. it is not as easy offense. when you start to connect both the technical side to the military site to the policy side to the history side, you see some lessons crossing back and forth. every time in military history were someone has said the

military offense will be dominant, history had a great way of teaching them that it played out the office -- layout the opposite. the next problem is where do these assumptions sometimes take you? we have seen this in what we are spending on right now. it depends on which study. roughly 2.5 to four times as much on cyber offense research as they are on cyber defense research. if you go back and connect to security studies, it is a lot like thinking the best way to protect your glass house from a gang of roving teens is to buy a stone sharpening kit. that is the implication here. we need to come to balance on not only how we talk about how we assess these threats, but also a balance in what we are

spending on and how we approach it. >> just from a political perspective, one of the things that i think is a novel aspect from the international conflict prospective is we talk about attacking their systems and they talk about attacking our systems. they are the same systems. we are using the same platforms. often we are going to be faced with a decision of do we exploit the other guy or two we work towards defending ourselves? once you realize it is not just us first them -- us versus them, you find many different ways and the many different them's. we are all better off if we move toward security. >> i think one of the reasons people are outraged is because they're not just undermining access to e-mail accounts of terror suspects that they are undermining the fundamental

security protocols that work for all of us. >> i think that is a key point. we don't want to overstate it. there is a headline in "the washington post" this weekend that's at the nsa is trying to this weekend that says the nsa is trying to break our phones. we want to make sure that other national goals for diplomacy, for commerce, for trade are balanced in the government's process. i think that is why many people around the world said, what does this mean for us? that does not lead to a very stable world. >> i was doing some policy work here.

frankly it relied on trust in the government that i feel i cannot take anymore after the snowden leaks. maybe talk to me a little bit about how those leaks are affecting policy prescriptions across the board. >> i think the challenge of what was disclosed is the massive scale of it but together a variety of things. in talking about the leaks -- i categorize them into three types of activity. the first was smart, sensible espionage against american enemies. there was a series of activities that was disclosed that way. the second category i would put in terms of questionable -- legally questionable, politically questionable, a sickly efforts that involve u.s.

citizens -- a sickly efforts that involve u.s. citizens -- basically efforts that involve u.s. citizens. to be blunt and direct, a third category we could call "unstrategic" or "stupid," which is collecting close intelligence on american allies. we have these three categories out there so when people talk about this issue and how upset they are about what the government is doing or upset they are with snowden and should he get clemency or not, they usually focus in on one of those categories. in turn it is effective in the way we have talked about it. we have defended these programs to the public in what matters in the lyrical discourse is category two, the legal and questionable stuff in -- and the political discourse is category two, the legal and questionable stuff. angela merkel is an category

three. the real effect is not just in terms of how it has changed the political discourse here, but the long-term impact of it is probably going to be most felt in two ways -- one, american business will lose as much as $180 billion of revenue because of disclosures around these activities. the second is -- it goes into these 2014 questions -- the ongoing debate of the future itself and its governance. we talked about these issues and looking at the itu. these questions are around internet freedom. frankly, the internet freedom agenda the state department has been pushing seems almost dead. in the years ahead there will be some big decisions to be -- decisions to make.

we may have lost certain key swing states that were with us previously. if we don't watch out in the year ahead, the internet that all of us have grown to know and love will not be the ones that our kids inherit. that will be because of why? >> it is the idea that there is very different visions about the internet and how it should be governed, so to speak, and what should be the role of states versus multi-actor layers of responsibility. an informal set up we have right now has worked so well. we see this push by authoritarian states. when you try to enter in an

address that doesn't go where you want, not -- you want, that could very much be the future. that is different than the nsa the monitoring side. is to different state problems. in the politics of it they got wrapped together. >> they have been tied together. so you have genuine concern about the process that peter mentioned, that ad hoc -- which, to be fair, seems close to human interests. we set up this organization and it works well. if you look at the structure on paper from a political perspective you say, that's not fair. let's move away from a representative style. the problem is while that may sound good from an organizational perspective, the consensus seems to be that it will really empower two types of countries, those that want to throw up barriers around their

own national network for national security regions and countries that want to throw barriers around for economic reasons. they longed to go back to the local telecom monopoly style. this discussion has been pushed since last december. it came to head at a conference in dubai. united states and its allies, including brazil, held off on this. we lost the vote but maintained enough to keep the status quo working. i think if that vote had been taken shortly after the snowden leaks, i don't know how many european allies would have voted with america. we risk a vulcanized internet, were each country sets of its own policy level and says we want to make sure our technology is in the network. we are going to have national level policies about what kind

of crypto algorithm you can use the at everyone making this technology needs to make a separate chip for each country. that is really going to hurt the pace of innovation and change how this whole cyberspace evolves. >> there are two things out -- on the domestic side we see the classic security questions. one is what this has done to the politics of cybersecurity on capitol hill. we have not had major cybersecurity legislation passed since 2002. that was five years before anyone heard of the iphone. because of this and a number that and a number of other factors -- because of this and a number of other factors it will be a number of years before we see this come to fruition. it is trust in the computer labs and silicon valley, which -- i met with a senior leader of a

silicon valley company who described it as an arms race with their own government, with the u.s. government. in the book we talk about the importance of finding the i.t. folks and how we deal with this capital problem in cybersecurity. our government agencies now have a major issue at the same time where we need to do a better job of recruiting cyber talent. by one measure we are only getting around 10% of the cybersecurity we need. >> i would like to take some questions from the audience. please raise them in the form of a question, not a rant, statement, or diet try. have a? at the end or have your voice turn up at least. -- have a question mark at the end or have your voice turn up at least.

>> it has been said that this is as much of a threat as an attack where in the administration does this issue about governance reside? many people believe that the current model is too u.s. centric. where in the administration does this reside? >> like a lot of cyber issues, it covers a lot of ground. the question of internet governance covers everything from how we get new donor naming names for top-level tone name names -- new domain names for top-level domain names. that is a trademark issue. it is versus the very real

question of how to be secure the domain name system? how do we allocate the remaining ip addresses? those cover very different issues and this has been in the department of commerce traditionally, who has the contract to negotiate the head of the internet in the domain name system. we talked about this in the book. there is a nice graphic to help you understand it. what the past administrations have been successful in doing is working to make sure that this is not a purely american question. at the same time, the organizational questions of who is going to be in charge globally is a question of international diplomacy, with people lobbying on either side. >> part of the challenge when it comes to the policy is to keywords, ignorance and in balance.

-- and in balance -- and imbalance. the people who can make the policy decisions are not equipped to deal with these issues. we have all the wonderful and great anecdotes on this in the book, whether it is a senior diplomat about to go to negotiate with the chinese on internet issues, who asked us what and i at -- what an isp was. i am kind of mocking this but my mom does not know what an isp is and does know what and i cpm is. -- an icpm is. the former deputy of homeland security had talked about how she had not used social media for over a decade.

you have that level of ignorance. it is just there. the imbalance site is also there. this may be as big a policy issue as there is. yet that is not talked about when it comes to the notion of cyber attacks as opposed to a structural problem. i would argue the massive campaign that is going on in the u.s. right now may be as much as $1 trillion worth of value lost. that matters far more than the narrative that is out there. a half-million times we talked about cyber 9/11 or cyber pearl harbor or the 30,000 magazines talking about cyber terrorism, despite the fact that no one has been hurt or killed by cyber terrorism. it is a lot like "shark week turcotte we access about sharks even though we are 15,000 more

times -- "shark week." we fantasize about sharks even though we are 15,000 times more likely to be hurt by the toilets. squirrels have taken down the power grid more times. whether it is our spending when it comes to budget to the decision-making questions -- in the white house you have 12 people on the national security staff working cybersecurity questions. you have one on the economic side, who also has responsibility for things like copyrights. we very much need an approach that is both informed and balanced. >> next question, over here. >> thank you.

i am richard downey, a strategic consultant. you mentioned a little bit about corporations and how they protect -- how well they are or are not protected. intuitively you would just assume that large corporations or banks have lots of resources and would do what is required to protect themselves against these kinds of threats. it is a cybersecurity maturation model that measures how prepared organizations and even countries are against these kinds of threats. an ex-wife axis, zero is defenseless and the curve goes up to -- and ask why axis -- an x-y axis, euros defenseless and the curve goes of to resilient. -- goes up to resilient. >> there are a number of approaches like that.

i think it helps us understand the issue a little bit. probably the leaders in developing the senses and working together how the risks are connected in the financial sector, why? the financial sector vases very real threats from criminals. why do you go after banks? that is where the money is. the financial sector has learned to work together am a developed good defenses, and also understand it from a risk perspective. they don't have to stop every single attack. i have some models to understand the relationship between how much to invest and what they're given. most companies in the broader economy do not have that. they do not have that for a number of reasons. one, we do not have a good way of understanding what our loss

is good -- loss is. often when we talk about the theft of competitive data we think about the special sauce. when coca-cola was hit in 2010, an attack that was later to be did to a group associated with the chinese government, did the bad guys go after the secret formula for coca-cola? no. no one really cares about that. what we do know is less than 10 days after the attack happened, the chinese government rejected coca-cola's bid to buy the largest soft drink bottler in china. this was a bid that everyone in wall street thought would go through. we have to think about what is at risk from a very broad perspective. the challenge is actually understanding what is at risk and how to defend ourselves. that is a really big job. it involves having a holistic view of what is at stake in an

organization. that has to come from the board, top-down. it also has to come from thinking about the risks we face. the managers will say we have immediate losses we can tie to failure to act. that may come from the markets, it may have to come from a more interventionist government approach. >> one of the main lessons of the book is that -- as opposed to how this is often framed and talked about, this problem area, whether you are talking about it at the national level all the way down to you as an individual, it is not about the software. it is not about the hardware. it is about the people. it is about the incentive that drives them, the organizations they are in, the level of awareness. it is all about people at the end of the day.

in turn, in your question you used an important word, which is "resilience." one of the ideas we want to push is the idea of a resilience model. someone has the secret sauce solution for all your problems or i can hack back and i will solve all the problems -- no, all we need to do is build up and a vaginal -- and i that build up an imaginable defense. it is the idea that bad things are going to happen. it is how you bounce back from them. your body doesn't have an exterior layer of defense.\ it figures i was important, it recovers. think about the psychology side.

resilience, you can't go through life thinking things are going to happen. a resilient mentality and relationship is something that can deal with the bad things and recover. to go back to what we were talking about before, part of the problem of how and why we talked about this cybersecurity issue is -- we joke we turn the volume up to 11. get scared. i have all the solutions for you. the power grid scenario -- i guarantee you someone will lose power in the washington dc area within the next 48 hours. if we put the word "cyber" in front of it, we would suddenly have congressional panels asking who's is to blame and what is wrong. -- who is to blame and what is wrong. resilience, again, whether you are talking about the nation

down to you as an individual and how do you protect your cherished memories and files? you ought to be thinking about that for yourself. >> let's go here. >> thanks a lot gentlemen. i'm an attorney here in town. i focus on national security and human terry and law. -- and humanitarian law. i think the and this is a pretty easy whipping boy. there are problems with corporations not taking their own initiative. when the opportunities for leadership and policy move things forward in the absence of legislation, president obama signed the work -- signed the order on cybersecurity -- i am wondering what you three think or hear about its prospects of enhancing the resilience of security posture of the u.s. nation. does the executive order move us

closer and in the direction of where we need to go in the absence of legislation? >> the core -- for those of you who do not know, the core of the executive order is to develop a voluntary framework to implement existing standards for more security. this applies to all could go infrastructure, which is a legally defined but we think of it as the basic essentials -- light, air, water, things like that. the challenge of this framing -- we can think of the government as being good at some things like hitting people with a stick to do things. and they are bad at other things, like developing technical standards. one way to look at the executive order is we sort of flipped that. the government is collecting all the technical standards.

that is why able are skeptical. i think there is some reason to be optimistic for a number of reasons. this exceeded to get the right people in the room to pay attention paid representatives from all the major industries have stood up. they are watching what is going on. they are tying to figure out how we get ahead of this. the notion here is this is the last opportunity that industry has to fix the problem themselves. if we think about the executive order as "do it now," and i have a stick of regulation behind my back -- that is one area to identify where areas are not working. we do need to have a rising tide preach we need to find the tools to get various players to work together. -- rising tide. we need to find the tools to get various players to work together.

that sounds fluffy. that is where we want to be. cybersecurity should not be this sexy new thing. it should be the boring work of lawyers talking to other lawyers, economists talking to economists, and having everyone talk to each other. a lots of conversations -- lots of conversation so we can work together. >> let's go to another -- jim? >> jim hansen and -- jim hansen. security is focused on the permit her. you big -- you build bigger walls, make sure nobody can sneak in.

between him and snowden we did not make a whole lot of progress. no one backed a panel up to a data center and took off with all the servers -- backed up a van to the data center and took off with all the servers. are you looking at where they are stealing the data itself? >> you hit it exactly right. we are making a military parallel. walls never work. to go back to the past question of infrastructure, sometimes they will say they don't need a wall, they just need an air gap. i like an air gaps to those balloons that teachers would put between catholic school dances. they just do not work in the

end. the iranians had a wonderful air gap, keeping bad malware out of their nuclear research. it did not work. also following basic measures in terms of not only trying to keep dad out but monitoring what is happening on your own network, including by your own people. whether it is snowden -- those organizations are as sophisticated and well-funded as they were -- the u.s. military and the nsa, they were not following basic procedures that a cupcake store should have. when it comes to basic cyber hygiene, the most important

penetration of a u.s. military network happened because a soldier found a memory stick in a parking lot and thought it was a good idea to plug it into their computer. that is not cyber hygiene, that is basic hygiene. that is the five second rule. it carries across this. we were laughing that there is the same story of a major technology company who was hit when a guy picked up a cd that he found in the men's room. would you pick up anything you found in the men's room? he took it home. he did it with a cd. all of us go to conferences where you are given these memory sticks as favors. very basic hygiene. it goes that this notion of the standards. one study found they would stop 94% of all tax. 94%. what about the other six

percent? it may come from someone sophisticated. i would hate to tell you, but all of you are not being targeted by that six percent. even if you are someone with a sophisticated operation, go talk to your i.t. folks. if you do not have to spend 94% of your time running down the low level stuff, you can focus on the advanced stuff. the advanced stuff often gets into these low level things. my favorite recent story of this was a diplomat at the g 20 conference who got spear fished. they received e-mails that led them to click on a link where they thought they were downloading nude photos of the french first lady and they were downloading spyware instead. we can do a lot better and then

get to some of the more sophisticated technological responses. , does anyone else have a question about picking things up in the bathroom -- >> does anyone else have a question about picking things up in the bathroom? >> we have to stop talking in cold war frameworks, which is the main way this is talked about in this town. it is just like a wmd, which has been said about everything from national security to these data centers. if we are going to use these comparisons, the period of the cold war is not the only one to draw upon. we are in the early stages of the cold war where he did not understand the technology but we took characters like dr. strangelove seriously. >> i am a student across the street.

if you zoom out a little bit, people talk a lot about the u.s., russia, china. people don't talk often about countries like israel and the eu in a tear down -- in a tier down. a recent government report says very sensitive information was protected by passwords like "123," and very weak systems. what do you think of the place of those countries, the lowest tier, on cyber security in the future? luxe there are a number of different issues. >> there are a number of different issues. for example, the number one trader of malicious information on the internet is indonesia.

how did they it to be this -- it is a separate discussion, which is also interesting. this is a real issue for every country. there are some benefits to being small. you actually can have a trusted group of people. i know we have chatted here at brookings with some governments who have been the victims of cyber attacks and they set up a volunteer army to react in the case of crisis. that works at a small country. there also is a very real danger of cybersecurity ghettos, where more and more countries build a basic defenses and you will have more of those seeking to exploit infrastructures and have a much higher bar to make themselves more secure. so the downside of not having to

outrun the bear, just outrun you, we have a lot of people who are slower. korea has said of cybersecurity capacity building should be a priority for the world bank. they are trying to figure out how they can build that international cooperation to raise everyone up to at least above a minimum level. >> this is a space where you have sony different types of players. we fell into that old political science flaw of just talking about the states. yet this is a domain where everything from states large and small to nonstate actors that range from targeting google to anonymous to you and i all

matter. we all have levels of power. we all matter in this. we are talking about problems and solutions. we have to move out of that classic framework. that leads to back to the policy side -- we can draw lessons from other actors out there. there is an active debate in the u.s. military right now about what is the role of the national guard and reserve when it comes to cyber. we are approaching it in a very classic model versus a estonia's model. it may be far more effective. if we are talking about the makeup of the internet itself fundamentally shifting to the antidote -- to the anecdote where we illustrated the internet is changing -- "cute cat videos" are losing out to

cute panda and cute goat videos. it shows the power of chinese and african uses of the internet. their cyber security threats and concerns are growing with the number of videos that are out there. >> i am unaffiliated but i do have an atm card. how hard or easy is it to obscure r&d to forge a cyber attack? >> from whom? if you are trying to fool your basic cis abdomen -- basic sysadmin, very forward. you also have to have perfect operational security.

you have to remember that among the defenses that countries have is not just to let me look in this package and see the technical frame. they have been dropped -- and ease dropping on satellite and telephone calls. then you have to narrow it down they have been eavesdropping on satellite and telephone calls. then you have to narrow it down. it depends on what kind of attack you're worried about and what kind of resources you have to if you're trying to fool your local police department about who is spending all the money in who is sending all the money in a bank account to a foreign country, very simple. if you're trying to fool them in into a false flag operation, you need to do it a lot more carefully. >> you made a joke at the start

about your atm card. it is a great illustration of the earlier points. your atm card is a multifactor approach to security. it is something you have but then they also ask you for something you know, your password. and that points to two things. first it points to why does the bank have that structure as opposed to the way we approach security in other sectors and it goes back to what alan was saying, the differences of incentives in the industry -- oh, by the way, there is a legal framework that drives that price for them. they put in those kinds of security requirements that you think are quite simple and easy versus a power company that does not have these kinds of approaches. there are 87 -- 80% of small power companies that are under regulation right now.

it points to the value of the incentive but also how personally we should all be thinking about our own security. you have that multi factor for your atm, do you have it for your gmail? if you don't, you should. >> we have about 10 minutes (we are going to roll into the next panel with the talk to reporters 10 minutes left. we are going to roll into the next panel with top reporters. >> i am with the dutch embassy. i like very much that we have a colonization of the human factor. the space domain is getting extended not only to our digital age but our human nature. i want to talk about the last six percent, where a roll of the government could exist.

i want to give you three examples and ask your opinion. the first one are the black markets of the internet -- one of the main successes is the use of zero day exports. another example is the industry leading processes in chip manufacturing -- the underlying assumption is cryptography does not lie only in software but also on hardware. and it can have an origin in our industry, hence our government has a role in that. the last example is about the isp to i have seen the professor to a lot of research on isp.

these are responsible for a spyware version that lands on our blackberries. how you think about these -- what you think about these three examples with respect to the government's role. them i will jump on them real rapidly. first, on the black market, it is a very good illustration of the lessons to be learned from both contemporary security policy as well as history, not just within the cyber domain. thinking about current counterterrorism policy, playing like a mall is a loser's game for since going after the underlying structures. same thing in the book, understanding the parallels to piracy and privateers at sea back in the 1600s and 1800s. it was great pirate actors

versus privateers, state groups that give you deniability. it is like the example between classic cyber crime versus some of these more state linked efforts and patriotic cappers. by going after the markets and going after the structures, that is how you dealt with it, rather than try to chase every individual one. this leads to the isp question. it is a perfect illustration of by how going at the structures perfect illustration of by going after the structures, you have a cooperation that you don't think is possible. the u.s. navy and the british navy trained to fight each other in the 1800s. they had fought two wars against each other. they also cooperated in antipiracy campaigns. much like the u.s. and china,

there is a lot of issue for conflict. there are also areas we can work together. part of this is also facing the fact that we americans, we have some issues. one study showed 20 out of the top 50 cyber crimes viewing eyes peas are american -- cyber crime spewing isps are american. i would point to in a military example -- to a military example. it was revealed df-35 program allowed -- revealed the effort- 35 program allowed certain chips in -- we would be dropping certain waivers around them. >> i think these examples really cap sure how you understand -- you cannot address this issue without understanding the technical, economic, and political side.

different countries have looked into the options. should the isp tell me whether my computer is part of an international plot? the challenge there is on the technical side we don't know much about what's the likelihood of detection is and how we will respond. if you are going to be reinfected immediately, it is a waste of money and effort it on the black market side, i think this is -- and effort. on the black market side of your doing -- side we are doing great work with gsw. if i discover mall -- discover vulnerability in a major piece of software, what is the likelihood you, as an adversary, will find that vulnerability echo -- vulnerability? we need to understand the

technical details, how code is secured over time as well as the market side. >> we have time for one last question. >> i am an attorney in town. my question is about resources. i am thinking of the post-9/11 era where there was a lot of talk of soft targets. how do we stop people from going into movie theaters or shopping malls and stop them from blowing themselves up? there is not much we can do to harden those targets. have been fortunate that we have not seen many attacks. it seems to me, if this is a good analogy, there's a lot of opportunity for those soft targets. they can get my credit card

information from target or a cupcake store. we have all the resources we need? -- do we have the resources we need? >> i will give an example of the military implication of this. what is fascinating about this is how we have approached security within dod, which has heartened -- which has hardened the dod. we try to incentivize one part of the defense economy, the major contractors, to get much better at their security. they have seen these kinds of threats to their intellectual property happening. they are not facing the fact

that there is this wider set of targets out there that are quite soft because the incentives are not right, the awareness is not there because just as much implication -- to give an illustration, how our entire logistics systems is dependent on these companies. you have a perfectly -- let's imagine you have a perfectly hard and safe and secure u.s. military network. what happens when someone enters into the logistics company and changes the barcode numbers for the shipment of gasoline to toilet paper? you have that unit that gets a delivery from the supply train and it is toilet paper, not gasoline or ammunition. thinking about the defense industry, the big times have paid attention to getting themselves secure. did agree the small copies are not well protected. that is where we are going in.

-- typically the small copies are not well protected. that is where we are going in. we need to raise the level of resilience and awareness. >> very quickly, on the private sector side, it comes down to two things that we are still trying to understand but working towards. >> it comes down to two things one is how we think about return in investment, how we create investments, saying if you make yourself more secure, it will be in your interest. we need a way to communicate that. the second thing is scale. defense comes down to making it cheaper to defend van to attack here that means we need to raise the costs of the attacker and that is a technical question, but also in organizational question, an economic question, and it fundamentally is a question of politics and governance.

>> we have got time. i want you to join me and give me a round of applause. [applause] they will be signing books at our next panel. i would now like to ask a second group of panelists to come up to the podium and we ask you all to sit tight and be right into our next panel. >> thank you all. [indiscernible] [captions copyright national cable satellite corp. 2014] [captioning performed by national captioning institute] >> ok. so, peter asked me to put together this second panel of reporters. i just went ahead and fit four of my favorite reporters who are not only great on this issue but are just great in general.

and people, great hooks. [laughter] so, starting right here to my immediate left, a reporter with the "wall street journal," and the chief washington correspondent of "the new york times." tom of national public radio, and in the awesome news, we have, from the u.k., james call -- james pau