a lot of explaining to do. they should give the money back. if they want to take a position on women's rights, it by all means do. use it to take advantage of young women in the workplace. she paid an $800,000 fine for sexual harassment. he admitted to it in one court case and has been convicted in the public place for the other sexual harassment. >> finally, four years in the senate. expected?job you >> sometimes. it can be a tiring job with all of the travel. it is exciting to be in the middle of a body that we have had since the beginning of our that debates important constitutional questions. i think there needs to be a voice for those of us who believe in privacy and individual liberty. sometimes a voice has not been there. i've been excited to read >> senator rand paul -- i've been excited. >> senator rand paul, thank you for being with us.

>> thank you. thank you for joining us. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2014] where >> you can watch "newsmakers" and with newsmakers today at 6:00 p.m. eastern here on c- span. her online anytime at c- span.org. -- or any time online here at c- span.org. >> is afternoon on c-span, the house oversight committee's hearing on the alleged targeting of political activism and groups by the irs. that is 240 -- that is at 2:40 p.m. eastern here on c-span. >> he has the guts to stand against her. he should be swept from this.

parliamentary expressions. a few weeks ago the prime minister seem to recall the error. i cannot remember the details of it now. a whole lot of expressions. it was the lying. nobody can ever find that.

it is probably a mess. >> homeland security outlined jeh johnson his agenda involving cyber security issue in legislation. it was his first major address since his confirmation in december. he spoke at the wilson center and washington, d.c. jane harman gave the opening remarks. he spoke for about one hour and 10 minutes. [applause] >> good morning and welcome to the wilson center. you are just some of the folks who are about to listen to this.

there is a worldwide audience. there are overflow rooms. you are here for the right reasons. let me recognize a few of our special guests in the front row. dr. susan demarco johnson is secretary. she is right in front of me. some of the dhs leadership, including alejandro mallorcas. is julia pearson here? the forced director of the u.s. secret service, who happens to be a woman. the fema director -- you should applaud for that. [applause] the fema director -- r that. [applause] the met to rector craig few gate. and thomas michalski. -- he spoke here recently on strategy.

a number of ambassadors and the aspen two groups, institute homeland security group is in the front rows, and the homeland security advisory council. these are folks who in various ways, including make, i am a cochair and i am on the other group, are trying to give our best advice. leading dhs is a tough job. some of us were the founding mothers and fathers. blending the culture of 22 agencies reporting to more than 100 different congressional committees and subcommittees -- dod only reports to 36 -- and keeping americans safe is daunting. security is my bag, as i said.

as a nine term member of congress who chaired the intelligence information sharing and risk assessment subcommittees, and who represented some of our most vulnerable infrastructure, including lax and the port of los angeles, i can tell you that one decade after its establishment, the department remains a work in progress. but, significant progress has been made. lots of it has been showcased here at the wilson center. in the past year, we have welcomed former secretary of homeland security, janet napolitano, to discuss the efforts to include the private sector in our cyber security efforts. a washington post columnist on government capacity against terror threats in a borderless world. and we hosted an event on the vince in north america. past three years, we

have hosted the winter meeting of the aspen institute homeland security group. that is cochaired by former secretary michael chertoff. me and -- we met with the secretary this morning about a report we have produced to recommend some action he might take. we hope to be useful in the future. so, today, i am pleased to welcome secretary jeh johnson for his first major policy address since taking office on december 23. as a former assistant u.s. attorney, general counsel of the air force, and later dod, he has been on the frontlines of counterterrorism policy, from desperately needed reform at guantánamo bay to our u.s. drone policy. more said later. the oxfordspeech at union in 2012, he said " we must be able to say to ourselves that

our efforts should no longer be considered an armed conflict against al qaeda, rather, eight counterterrorism effort against individuals who are scattered remnants -- who are part of groups unaffiliated, for which the law enforcement and intelligence resources of our government are principally responsible in quad operation with the international community." that was his tryout speech for secretary. he is thoughtful and courageous and he will need be skills as he confronts the threats of today and those of the future. he will outline those threats in his speech, so i am skipping the stuff that i have put here. i want to say that 2014 will be a pivotal year. it surely is as we speak. in syria, and in other places. the secretary is here to help us understand what is on his agenda. these welcome secretary jeh johnson. [applause]

>> thank you, jane. before i begin with my remarks, i want to acknowledge to other people in the audience here today. the first is fema administrator e, who everyone agrees has done a wonderful job in leadership of that agency. --o not like to acknowledge the commandant of the coast guard. he is a strong, solid leader. that a number of people are very proud of his leadership. he is retiring in may. after a distinguished career in public service in the defense of our nation. i begin by thanking the woodrow wilson center and the aspen

homeland security group for inviting me to speak here today. i also want to thank jane harman for your leadership and continued service to our country. your willingness to be a supporter, mentor, an adviser to me, and to numerous others around this town. when jane harman advises, i listen. as many of you have heard me say beef or, september 11 is my birthday. was inember 11, 2001, i the private practice of law in new york city. like millions of others, i was an eyewitness to the events of that day. i watched in shock as the beautiful, serene, and ordinary in anay was transformed instant to one of the worst days in american history. well thousands of people, and ultimately the nation, hosted a

tragedy that their 24 was unimaginable. the department of homeland security was born. it was out of that day that my personal commitment to the mission of homeland security was born. for the next several minutes, i would've to take the opportunity to attain has provided me to spell out my vision for the department i am privileged to lead. too often used is that we are in a time of transition. the department of homeland security must always be any time of transition. we must be agile and vigilant in continually adapting to evolving threats and hazards. we must stay one step ahead of the next terror attack, the next cyber attack, and the next natural disaster. the most important part of my day as secretary is the morning intel brief which ranges in scope from the latest terrorist plot to a weather map.

we monitor world events in real time and take action when necessary to confront and respond to these threats. in support of russian authorities, we are keeping a close eye on the sochi olympics. they are beginning pretty much as i speak. within the last 48 hours, we have out of an abundance of caution, issued advisories to air carriers and others based on what we have learned. we have adjusted tsa security measures and are continually evaluating whether more is necessary. also, within the last 48 hours, in response to a very efferent type of hazard, fema has issued 95 generators to the state of pennsylvania. several hundred thousand people are without power due to the snow and cold weather. in the homeland security world, no news is good news.

no news is often the result of the hard work, vigilance, and dedication of people within our government. we prevent bad things that you never hear about, or at least help the public protect itself and recover from the storms we do not prevent. our overall challenge within the department of homeland security and within the homeland security learn from- is to and adapt the changing character of the evolving threats and hazards we face. in 2005,ricane katrina the underwear bomber in 2009, the deepwater horizon oil spill 201210, hurricane sandy in , the boston marathon bombing in 2013 -- they illustrate these evolving threats and hazards. the terrorist threat that we face is increasingly

decentralized. it is self-motivated and may be harder to detect. the cyber threat we face is growing and poses a greater concern to a critical infrastructure that is becoming increasingly interdependent. natural disasters are becoming more severe and causing significant economic loss. there are more variable consequences driven by climate change and aging infrastructure. the basic missions of the department of homeland security are and should be and should continue to be preventing terrorism and enhancing security. securing and managing our borders, and forcing and administering our administration cyberspace,arding safeguarding critical infrastructure, and preparing for and were to natural disasters. know, at the time dhs was created in 2003, it was the

most substantial reorganization of our government since 1947. in my opinion, the creation of the department of homeland security in 2003 was long overdue. many other nations face threats similar to ours. they have ministries of the interior or home office with the same basic mission of bridging national and domestic security, counterterrorism, and border security. perhaps because our nation was fromcted by two big oceans many of the world hotspots, we thought that the one department -- we thought that one department devoted to the mission of homeland security was unnecessary. that thinking obviously changed on 9/11. further, consider where all of the 22 components of homeland therity existed before creation of the department in 2003.

scattered across the department of agriculture, energy, justice, treasury, transportation, defense, health and human services, and the general services administration, including departments that do not have national security or law-enforcement as their core mission. weeks, i have already seen the wisdom of combining a number of these capabilities within one department of government. ton i convene a meeting discuss how the latest terrorist threat might penetrate homeland, the participants include dhs's intelligence and analysis office, border protection, tsa, immigration and customs enforcement, citizenship and immigration services, the coast guard, and the national protection program erector. theanother way, with creation of dhs, a terrorist searches for weaknesses along

our air, land, and sea borders or ports of entry. there met with one of federal response from me. preventing terrorist attacks on the homeland is and should remain the cornerstone of homeland security. through our counterterrorism effort in both the bush and obama administrations, we have put al qaeda's core leadership on the path to defeat. the threat has evolved. since 2000 and nine, we saw the qaeda affiliates, such as al qaeda in the arabian peninsula. they have made repeated effor ts to export terrorism to our homeland. working with others we must deny them a safe haven, a place to hide, training to launch attacks. we're focused on foreign fighters heading to syria right now. based on our work and the work

of our international partners, we know individuals from the u.s., canada, and europe are traveling to syria to fight in the conflict. at the same time, extremists are actively trying to recruit westerners and indoctrinate them and see them return to their home countries with an extremist mission. last night, i returned from poland, where the attorney general and i met with my counterpart from the u k, france, italy, and poland. syria was the number one topic of conversation for them and for us. syria has become a matter of homeland security. dhs, the fbi, and the intelligence community to continue to work closely to identify those foreign fighters that represent a threat to the homeland. we face threats from those who self radicalized, to violence of so-called lone wolf.

they did not train overseas or became part of an enemy force. they may be inspired by radical ideology to do harm to americans. in many respects, this is the terrorist threat to the homeland. it was illustrated last year by the boston marathon bombing. i worry about this the most. it may be the hardest to detect. it involves independent actors living within our midst, with easy access to things that, in the wrong hands, you come to old of mass violence. vigilant inin encountering all of these threats. at the department of defense, i was witness to the extraordinary efforts of our military and the other national security and intelligence components of our government encountering terrorist threats overseas. here at home, given the installing -- evolving threat, i

believe it is critical over the next several years that dhs continue to build relationships with state and local governments. the first responders in those governments -- we must also continue to encourage public participation in our efforts on their behalf. through the nationwide suspicious activity reporting initiatives and campaigns such as if you see something, say something. that was on prominent display at airports and even at the super bowl five days ago. homeland security is a team effort. border and port security is indispensable to homeland security. good water security is a barrier to terrorist threats, drug traffickers, transnational criminal organizations, and other threats to national security and public safety. in my first month in office, i visited our southwest borders. smuggling organizations are responsible for almost all of those across the border

illegally. i saw the south texas border on the rio grande. the shallow places and that river were someone could walk about 200 feet across without getting their knees wet. by helicopter, isolators on the border. there's a fort isabel detention center near brownsville. i saw detainees, only 18% of whom were mexican. the rest represent over 30 different nationalities who migrated to mexico in an effort to get to the united states. in arizona, i visited the ranchers who live and work on the border, frustrated by damage to their properties caused by those who cross the border illegally. i have met a number of groups and individuals who represent a wide range of views about the border. i will make it a practice to continue to do so. addition ofent funding for staffing and surveillance, we have made great progress in border and port

security. there is now more manpower, technology, and infrastructure on our borders than ever before. we must remain vigilant. the answer is not simply to build longer or taller fences. my predecessor used to say, show me a 50 foot fence and i will show you a 51 foot ladder. ander patrol experts preach intelligence driven, risk-based approach that focuses resources on the places where our surveillance and intelligence tells us the threat exists. we must be prepared to move. i believe in this approach. it is a smart, effective, efficient use of resources. i also believe in smart and effective use of our resources when it comes to removals. we must prioritize our resources on those who represent threats to national security, public

safety, and border security. in the senate confirmation process, i pledged to continually evaluate our priorities to ensure that we get this right. i have already begun this process. we must also continually review conditions that test at our detention facilities to ensure that they are safe and humane. we are gratified by the support that congress has provided to our border and port security efforts. we need the additional border and port security resources that immigration reform, such as legislation, would provide. in this regard, the republicans recent statement of principles on immigration is a serious step forward on reform and contains recognition that immigration system is broken and needs to be fixed. this should not be an issue used in one way or another for political advantage. define commont

sense solutions to a problem that we all know we have. business and, the labor communities, people of both parties and others, all recognize the immigration reform is a matter of economic growth. immigration reform is also a matter of homeland security. estimated 11.5 million undocumented immigrants living in this country. they are not going away. they're not going to self deport. most have been here for years. many have come here as children. as a matter of homeland security, we should encourage these people to come out of the shadows of american society. pay taxes and fines. be held accountable and given the opportunity to get on a path to citizenship like others. this is not a special path to citizenship. opportunity to get online behind those who were

here legally. this is not rewarding people for breaking the law. it is giving people the opportunity to get right with the loss and it is preferable to what we have now. when reform legislation is enacted, dhs must be prepared to implement reform. to prepare for this potential outcome, i have already directed the deputy secretary of homeland security to coordinate the process to ensure that we are ready to implement the law. effortss must continue to address the growing cyber threat. it is illustrated the real, pervasive, ongoing series of attacks on things like stores, banks, e-mail services, power substations, and the public that defends on it. the key to the government efforts is to build trust with the private sector. we must attract the best and the bride -- brightness to come and work for us.

people like our deputy undersecretary of cyber security who came to us six months ago from the position of chief technology officer at mcafee. i'm going on a talent search. next week, we are traveling to georgia tech. phyllis received her phd. we will recruit more like her. cyber studentn of volunteer initiatives, which allows volunteers to come and work for dhs in support of cyber security. it allows us to educate them for our mission. through the president's on cyber order,1636 security, and presidential policy on strengthening security and resilience of critical infrastructure, both issued a year ago, we are making good progress furthering our partnerships with the private sector. there is more to do.

many have expressed a willingness to help in cyber security. we appreciate those efforts. our basic legislative goals are one, new hiring. two, modernizing the federal affirmation managing act to reflect new technology. three, additional clarity and codification of dhs responsibility to protect the federal government civilian networks. dhs canal clarity that provide assistance to the private sector when requested. five legal clarity that the private sector may exchange security information with the federal government. six, enhanced criminal penalties for cyber crimes. we can also support some form of limitation on potential solo liabilities for private sector entities. provided it is narrow and targeted and away necessary to

protect networks. we must continue to be vigilant in preparing for and responding to disasters. wildfires,loods, tornadoes, hurricanes, and, most recently, chemical leaks lick the one in west virginia. that threaten to the water supply of thousands of people. fema has come along way since the days of katrina. we have improved disaster planning for public and private sector. nonprofit organizations and the american people -- we have learned how to pre-position a greater number of resources. we have strengthened the nation's ability to respond to disasters and a quick and robust fashion. we are helping communities and cities recover and rebuild faster. we will continue this progress. finally, we must be mindful of the environment in which we pursue these missions. we operate in a time of severe

budget constraints. us inys when those of national and homeland security can expect more and more each year to our topline budgets are over. obligated toe identify and eliminate inefficiencies, waste, and unnecessary duplications of efforts and expenditures. while pursuing important missions, such as recapitalization of the coast guard fleet. operates at a time when the public's confidence in the government's ability to function and work for them is well written dhs is unique among federal agencies for their long daily engagement with the public. in airports, seaports and lan ports of interest. the attitude toward the entire federal government can be shaped by we must be mindful of this as we seek to put support for our

work. this is why i am pleased to announce that the commissioner of border protection will soon make the use of force policy public. we must do a better job of highlighting the good you do a half -- we do on behalf of the american. a new tsa rechecked application center at dulles airport. it illustrates the risk-based approach to homeland security that i talked about earlier. it is smart, effective, as an efficient use of resources and taxpayer dollars. in december we extend the benefits to all military including those serving in the coast guard, reserves, national guard during by permitting travelers to provide information about themselves ahead of time, we expedite the process for them in airports. with better focus resources to the pool of people we know less about.

this advances aviation security and should be popular with the republic. lastly, i am mindful of surveys withinflect the morale various components of dhs. our greatest asset is our people. each and every day the men and women work hard to fulfill our critical and noble mission. they dedicate themselves to the security and advancement of our nation. i will be a champion for those men and women of dhs and will advocate on their behalf. morale also depends on good leaders in place of each of our components. we must inject any energy. arts withrship sto recruiting new leaders to help run the organization. with the help of the white house and congress, we're bringing in some terrific people to bring in the large number of senior management vacancies that exist.

i spent a part of almost every day on this. i am pleased that in december, congress conference arnie deputy secretary and in october our new general counsel. to the forward confirmation of suzanne spaulding to be the under secretary for national nationalng -- rejection of programs directory. leon rodriguez to be the next andat of u.s. citizenship immigration services and dr. ritchie brothers between next undersecretary for science and technology. we are actively recruiting telik -- talented people to be undersecretary for intelligence and analysis, director for immigration enforcement. the next chief financial officer and other key positions. finally, we will also continually reinforce among all the men and women of the

department the common unifying mission of homeland security that binds us together. homeland security security is the most important mission in the government can provide for its people. in new york was city on 9/11. for years, my secretary at the law firm i was with in manhattan was a woman named gina teachey ichiari. she works about 50 hours a week, raises two weeks, the wife of a retired new york city police officer, plays by the rules and never makes wages. in 2000 love and she was walking into the world trade center with her three-year-old daughter -- in 2011 she was walking into the world trade center with earth real daughter when the plane plowed into the building above her.

gina picked up her daughter and inher walked or ran with her her arms all the way to 14th street. anyone who knows manhattan knows that is a long way even to walk empty-handed. motherge of a 5'3" running for the life with her mother -- with her daughter in thousands of displaced americans at the louisiana superdome during katrina, the image of the finish line at the boston marathon turning in an instant to a blast zone, the should be constant reminders of the urgency and the importance of our homeland security mission. i am aware that there is another component to my job. in the name of homeland security, we cannot sacrifice our values as a nation. we can build more walls, install more screening devices, ask more

questions, expect more answers, and make people suspicious of each other but not at the cost of who we are as a nation of people who cherished privacy and freedom, celebrate diversity, carry our flag at the olympics and are not afraid. thank you very much. thank you for listening to me. [applause] >> i got teared up as i think others did by the close of your speech, mr. secretary. let's remember that most of this this room are in sons and daughters, spouses, many are parents. usthat day on 9/11, many of knew people who parish of people erishede at risk -- paris

of people who were at risk and suffered with a scar that in some ways will never heal. i'm going to ask you some questions in a friendly manner. we know you were born on 9/11. i'm told you wanted to be a subway conductor in new york city when you grew up. is my next life. i will be a subway motor man on the number seven train. >> in case you don't know this, the new york subways are protected to a substantial extent by dhs assets. let at this. -- look at this. your background is assistant guy who hasy and a

a lots of experience in the department of defense. now to take on this awesome responsibility to fore principal spokesman our u.s. counterterrorism policy? >> i lead a terrific inanization of men and women the people that are there as leaders. we will be doing a terrific job in the next couple of years. the department of defense, a lot of people ask me if dod is like dhs, are they different? how are they different? it is essentially a military organization. dhs has people in uniform. we have the coast guard.

most part dhs as a civilian organization. it is a different culture. like the department of defense, it is a lars decentralized whonization with components are capable of running themselves. dod, i the at privilege of working with two terrific secretaries of defense, bob gates and leon panetta. i was part of their management team. i saw them a decisions. when you are the general counsel you have purview over the entire department of defense unlike almost everybody else. i was part of the management team. health solved a lot of problems. i was involved in a number of difficult issues. involveded, it national security. i came back to government in february 2009. i have been the eyewitness to

many historic events that occurred and were involved in some of the decision-making here in washington. i would say that the thing that comes to mind first when you ask a question like that is i have a passion for the mission. i left government a year ago and was i was done settling back into private life. the president asked me if i would do this job. it ever occur to me that i would be sitting here, that i would be asked to do this job. i have a passion for the mission. i believe deeply in the mission. i want to serve the country. that is why i am here. >> good answer. own shot outget my to suzanne spaulding was the director of the national commission on terrorism formed by congress in 1999. it is one of three groups that predicted a major attack on u.s.

soil. i was part of that group. people started to pay attention. she is very well trained for the mission. as are many other people who work with you. since i mentioned congress, let's talk about congress. >> i love congress. [laughter] >> good start. >> i do. nobody believes me. -- you'llget not bird get a lot of opportunity to do that. was on ther day i hill. i said let's do some drive-bys. let's stop often see friends of mine. >> are you sure? >> do make appointments? we can do that. i just stop and say happy new year.

it is relationship building. that iers of congress know and respect. >> i'm pleased to hear you say that. chertoff was the director, he would routinely invite me as the chairman of a subcommittee down here for breakfast. we would talk about issues. we formed a professional relationship which just developed into a friendship. i know you are having fun. it is a fact of that 100 committees and subcommittees of the united states congress, this is not an exaggeration. they have some piece of the homeland security mission. i think of is on the national journal cover and look like a where's waldo picture. it showed all the different jurisdictions. the 9/11 commission was a member

of that recommended a number of wings which congress did in the president did except there is one glaring gap. that gap was to reorganize congress in a way that would streamline the homeland mission. get numerous to request to testify across the board. that is one issue in terms of the time snap for you. the other way is when you are a member of congress, you want to do something legislatively. pick one. reduction of overclassification of materials. are on a committee. they have a piece of jurisdiction but not the whole thing. it is very frustrating from end to do something.

aboutre you have thought this. how are you personally going to navigate this? nothing it should simply be get off my back. there are a lot of people interested in the homeland security mission on both sides , how canow can i help i work with you? how can i support your mission? morningy remarks this was to try to answer that in the cyber security world by spelling out the legislative priorities. some of them might have a better chance of passing than others. to spell out what i think the legislative goals of the cyber security mission should be. there are a lot of committees and subcommittees who have a piece of the department.

committees do not often seek jurisdiction. very protective about that. beginning i want to build relationships on the hill. at some point we will have to have a discussion about realigning the jurisdiction of congress. it does require a lot of time and attention by the secretary and the senior leadership to go back and forth in response to committee testimony or individual visits. time that is useful, valuable time for a senior leader. i do find it useful to know what is on the minds of members of congress. the confirmation process is what it is. i have a relatively good experience. it is an opportunity to find out

what is on their mind. there are a number of very thoughtful members of congress who are embedded in these issues, who gave me a lot of insight in that process. you are right. there is a tremendous amount of oversight. and used to be realized at some point. -- it needs to be realized at some point. i will ask our colleagues on the hill to help. >> it will help. there are many good people who serve on capitol hill on both parties. the business model needs a lot of work. the committee structures from the 19th century. their are opportunities, especially if you invest personally in changing at least some of the dynamic. let's just moved to cyber security. you carefully identified issues in your remarks.

congress tried hard but failed to pass cyber security legislation. >> 2012. >> two years ago. most people think that we are enormously vulnerable to cyber threats. basicallye sector controls at least 85% of our cyber systems. a lot of them have to do with critical infrastructure. the president issued an executive order which goes part way toward solving some of the critical problems of aligning the private and public sector. how urgent do you think it is to pass legislation? you as the leader of the homeland department over, what huge objections

before, the private sector did not have confidence that homeland had the capacity to handle its risk possibilities on cyber? not a cyber security threat. it is a cyber security ongoing series of attacks are different , arces on banks, substations servicesices -- e-mail to a different degree of intensity. it is no longer just a threat. i think the key aside from the help congress can give us are breaking down trust with the. .- with the sector i'm developing ideas with what business groups, what private

sector entities we should go to. also a talent search. theink the resources, talents are there, particularly among our young people, and graduate schools, people who are just out of school. we were talking earlier about the cyber talent that exists in the military. military recruits from a very early age. the military is very good at identifying those within the security have a cyber talent and bringing them into the cyber security world. we had to build that holland from either with in our civilian or tracked from the private sector. part of my job in the cyber ealm will be to

look for ways to attract private talent. i know it is there. >> would it also help for better management for the department as a whole? it is a huge task to integrate the cultures of 22 different agencies and departments. if you had better management to mirror the good management and many private sector firms, could that help instill confidence? the big objection two years ago was it is not a well-managed department. this was the objection. we are wary of cooperation with its. >> i want not disagree with the. when you talk about cyber security, we have an office within dhs headquarters. components also have a cyber security mission. for example, the secret service.

it is into cyber security. secret service is very involved right now in the effort regarding the target stores. he to -- one of the dilemma isswer the visible leadership. good leadership but also visible leadership. good leaders bringing in good leaders. we have to be fairly transparent to become familiar with the private sector to become so that with the public we build trust. that is one of the reasons we're here today. get outu have plans to and about? i know you said you have traveled to the southern border. we are working on redeveloping some ideas right now. in all parts of the country. >> turning to a few other issues.

threats,the homeland one of the things that was clear to me when i was in the roles i had in congress was how ofortant the mission vertical information sharing was to the department. it is not just a role played here in federal government land sharing information among the federal agencies. down getting information to first responders who could be privateou also could be citizens who smell something strange in the house next door or something weird anywhere. mission is going much better. i am looking at charlie allen who at one point was the head of the intelligence function. this.ked a lot about one of the improvement i think that congress insisted on was setting up something called the

inter-agency risk assessment and coronation group. it was a teach for america group of state and local law enforcement folks who would come temporarily to the department of homeland security and the national counterterrorism center, which was created just about at the same time. on what thedvise bulletins should look like that go vertically from the department of homeland security down to first responders so that first responders could understand what to look for and what to do. are you aware of these outreach efforts? do you think they need support? >> absolutely. given the evolving terrorist threat which is

becoming more decentralized, , less of ae traditional al qaeda or al qaeda like command control structure, we have to be more concerned about homegrown threats, the lone wolf, the person who self radicalized is. that is going to require that we continue to build relationships with first responders. in the boston marathon bombing, it was a perfect illustration of this. we need as a department in a federal government to build relationships with state and local law enforcement and government. the federal government cannot be everywhere. the fbi, the department of homeland security cannot the

everywhere. that is critically important. that is something i hope to advance over the next couple of years here you are also correct that homeland security is a team effort that involves the public. we do not want to scare people. we do not want to take people. annoyed. --do not want to make people to make people. annoyed. it involves -- paranoid. it involves public participation. that can result in very constructive, positive teams if there is public awareness -- things if there is public awareness about what is in the trash container at the bus terminal or what is in a backpack that was left at the gate or something like that. if people are willing to note these positions package and report it to the nearest

aviation security person or law enforcement officer. back can have a tremendous effect. we all hope it never gets that far. verticalrticipation is . we never get to the point where innocent civilians have to take matters into their own hands to save their own lives. do,s your secretary had to such a compelling story. part of that is building trust with the public. it is a function i think you as the counterterrorism spokesperson have but so do local police departments. there have been very successful outreach efforts in minneapolis were there were improvement -- improvement of folks in al- shabaab. in loss angeles with the sheriff's department has had some very good cooperation with the muslim community. it is not only the muslim community that has problems.

if you something -- see localing at the supermarket, you think saying something to law enforcement or just -- or the fbi to somebody who will get the information where it needs to go is inappropriate thing to do. >> that is correct. the i went on my trip to southwest border, i spent a lot of time meeting with mayors and and policeiffs chiefs for exactly this reason. it, we need to continue to emphasize that this is a collective effort that involves

multiple levels of government and the public. >> moving to border security, you mentioned comprehensive immigration reform. , inlmost passed congress case anyone remembers this, in 2007. president bush very courageously , michaelrd a proposal chertoff was heartbroken when the bill failed. aw the senate has passed comprehensive immigration reform bill. those conversation in the house that the house version might be different. you commended the congress in your remarks for the effort it is making. there is a news, comment from house speaker john boehner that it may not happen this year. greatk it will be a disappointment to many communities across our country who were hoping it will and to our efforts to rebuild our

economy after the most serious recession since the great depression. do to persuade john of steps he might take in this election year to get this thing back on the right track? he was one of the one for said he wanted to make this happen. >> i do not have a crystal ball. there are people who talk to the speaker about this and other issues. i am sure he is getting no shortage of advice right now. in 2014ope will happen is that there is an emerging, evolving realization that this should not be politics. this is a problem that we have in this country that needs to be fixed. of us here in washington

who represented the american public ought to do what we need to do to fix the problem. everybody agrees we have a problem with immigration, with enforcement and administration of our immigration laws. everybody knows we have millions of undocumented immigrants in the country. are not going away. they're not going to sell the poor. i do not know exactly what the statistic is. 80% of these people have been in this country for years. to either 2004, 2008, something like that. they're here. they're not going away. from my homeland security perspective, i would rather encourage them to come forward, the accountable, pay whatever taxes and fines they owe, go through the background check, and if they are able to,

, i think it is a 13 , get to a path to citizenship if they are able to do so. we need to deal with this problem. that, and i really do see the signs for this. i thought that was a very thoughtful statement of principles of the speaker and other spent a lot of time thinking about. i do not know to what extent it has the widespread the port in the republican caucus. they are identifying a problem that we have in this country and seeks to address it. that is a very positive step to see both major parties recognize that we are to deal with this. a message that i would like to convey and emphasize is that

from the homeland security perspective this is something we need to do because of the added resources that commonsense immigration reform provides an so that we can encourage people is notaccountable, which giving them a pass in some way. it is encouraging them to get right with the law. for my homeland security perspective, i hope people in congress and government will finally wrestle with this problem and we can deal with it. questionre comment and on this. i think the right term is "earned legalization." people have to go through a lot of hurdles in the get in the back of the line and 13 years law passes it this they can become citizens. as sayingr was quoted the american people do not trust

the reform we are talking about it was implemented as intended to be. should people trust you and your department to implement the current law? >> we've already begun thinking if the legislation that is contemplated in various different forms it comes law, we will have to implement it. we have complimented the limitation. it is not like it will happen tomorrow. it will happen over years. we are beginning to think about what we need to do to get ready for this. this is an advanced planning whateffort to anticipate the department needs to do, when and if this legislation passes. we will have comprehensive immigration reform. and you have a crystal ball on the timetable -- i do not have a

crystal ball on the timetable. i believe it will pass. i am assuming it will pass. i am optimistic. we need to prepare for it. we are he started that process. you mentioned syria. you said syria has become a matter of homeland security. you did amplify that, it a bit. i think the audience might be interested in any additional comments you want to make about why syria has become a matter of common security. -- homeland security. over theave stated last couple of days, we are concerned about the foreign fighters going into syria who are leaving syria. they are encountering all sorts of radical extremist influences there.

we need to be concerned about that. to it as a i refer matter of homeland security. it is not just this country. our european allies are very concerned about this issue. collectively we are determined to do something about it. i think people do need to understand that there is a variety of terror groups in seyria. some of them have expressed a desire to to train fighters in syria to attack fighters in the west. it is a threat to people being radicalized here, moving to syria, conducting terror acts there and in coming back here. towe need to do our best

take close attention to any balding situation. >> you were very careful in the way you talked about self radicalization. audiencexperts in this who have studied radicalization carefully. tryat the think some of us to do in congress was create a multidisciplinary commission to advise congress on what the someone who has radical views which are protected by our constitution, turning into someone who is prepared to engage in violent acts which are a crime and finding that nexus. in the last minute it became controversial. at least in my opinion.

a hallmark of some of these homegrown lone wolf type as they have clean records. violente not created acts before. many are on the internet looking at sites on how to build bombs. there is a lot on the internet there. some of them also intersect people either in our country or travel abroad who most think it takes human intervention. this is the focus. how should the american public think about this? i wanted to convey the answer to that question in my remark. governments,

first responders, law enforcement in local communities in to be vigilant. we are building that he read we are building those relationships. because of the -- of that. we are building those relationships. because of the nature, we risk reading suspicion, fear among people about those that are different from them. that was really the purpose of the last part of my remarks. thinkinge charged with about homeland security, whether state homelandhe security adviser to the governor or police commissioner, you can build walls. you can build something that is so secure that you make everybody. knowledge. you deprive people -- you make everybody paranoid.

you deprive people of the basic freedoms this country is all about. we cannot do this. it is a delicate balance. do we have to writit right now? probably not. a basic responsibility for those of us charged with homeland security and law enforcement and national security is to find that right balance and to be sensitive to it. we can go too far. there are instances where we have done that. we need to be mindful of that insensitive to it. >> in my opening remarks, i commended you for your speech on whichnamo and on drones got a lot of attention and was a very courageous act for someone in the general counsel. you say in the name of homeland

security we cannot sacrifice our values as a nation. we can install more screening devices and make people suspicious of each other but not at a cost of us as a nation. it is notve that enough just to take out guys, although sometimes we must do that. very courageous people have very carefully try to do that. dohave to win the argument

you agree with that? >> i do. things i said the at the oxford union. we have to be sensitive to our actions. one of the things i think we will do, and i think we have begun this process, one of the things we will do is develop how we can adjust this issue in the homeland. to the to be sensitive fact that there are people who, while they live in this country, hate this country. they want to do harm to others who feel disassociated and

disconnect it and are influenced by forces beyond our control. address thery to audience in some way or another to get at this exact issue. i want to begin thinking about this issue. we have arty started developing ideas for how we can go about the living a better job for that. >> i personally commended that thought. i want to underscore the last part of the last sentence. we are a nation of people who cherish privacy and freedom, celebrate diversity, carry our flag at the olympics and are not afraid. statement ofyour our values as a country is a big piece of your job.

if you are to become and you will become the face of warning about the terror threat it will be wonderful if you're also the face of reassurance that our country will survive this. we will be resilient. said you're going to boston on the anniversary of the marathon bonding. there was a place where a horrible thing happened but a community pulled together very quickly and never lost its stride. we do not do it that well on 9/11. we did it that well in boston. boston is strong. i would hope that those are , not just can learn we the people listening on the , but that we can learn the department of homeland security can learn and can teach

and can help inspire others to teach. i would just like to close this has been a i think wonderful honor for the wilson center. and an example of the kinds of things we do here. when john brennan was a terror adviser in the white house came to talk here. >> i was sitting right there. event, was wonderful not? yes it was. as we close this event, let me tot offer you the last word any last thought you had. shots.ing thank you again for your leadership. here.you for bringing me thank you for your mentorship and support. this is a terrific organization.

it is educational. it is sober. it is a place for thoughtful, intelligent escutcheon. >> it is nonpartisan. partisan. is non- when you talk about national and homeland security, it should not be partisan. i believe that fervently. thank you for the terrific work you do here. will see you again. >> i thank you. are not going to check the party registration before they blow us up. we should focus on this as a country. thank you coming as un-american to talk about a challenge -- as an american to talk about a challenge as an american. like thank you. [applause] [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2014]

>> a look now at some of the news this morning from the associated press very be u.s. is easing some of the rules for getting asylum. the department of homeland security say people who of may provided limited material support to terrorists or terrorist groups are no longer automatically barred from the u.s.. this is just one of the first changes to immigration policy

since president obama outlined several records during his state of the union address. monday,apitol hill on house gaveling in at noon eastern time, with legislative business starting at 2:00 p.m. they will be working on legislation that will allow the financial stability oversight counsel to set aside regulations that were issued by the consumer financial protection bureau. we can also see legislation to increase the debt limit this week in the house. the senate coming in at 2:00 p.m. eastern, and they will vote on reviewing military cuts to pensions. it is really an instrument of and that has, always been the case. the president is always the master. i mentioned in the book that

each come to view it as their personal posse, they converted to do it -- do things in secret, they do not have to worry about the appropriations process. and sometimesient in theseductive tool president's foreign-policy arsenal. >> from the shadows to the frequent center of political astroversy, the cia, tonight part of the tv on c-span two. women's history for beginners, and enter the chat room. more now on consumer data privacy with the head of the and thetrade commission'

head of the secret service. this part of the hearing is about two hours. >> good morning, everyone. we have an impressive two panels to testify this morning. our first are our government witnesses. i will introduce you each as we go down. i want to thank all of you for being here. and the way we do it, some of

you haven't testified for us before. others have. so i will begin my opening statement at this time. i want to turn your attention to an important issue. a string of recent data breaches at nationwide retailers, which resulted in the loss of consumer payment card data, personal information for millions of consumers. millions of consumers are seeking answers to questions about their personal and financial security. i'm grateful that both target and nieman marcus are agreeing to appear before our subcommittee today. it is my hope that they will be able to give the subcommittee a clear view as possible of what transpired, what was being done to protect consumer information before these breaches, what steps are being taken to mitigate the harm to consumers and what more is being done and can be done to prevent such breaches in the future.

we will also hear from a button private entities who are participating in developing standards, protecting consumer data and taking enforcement actions against the criminals who perpetrate these crimes. just like you don't blame the homeowner who has been broken in, we want to make sure that these do not become the new norm. it is worth a try to prevent these crimes to different degrees including with cooperation to different entities. there's more that can be done which is the reason for convening today.

i don't believe we can solve this problem by codifying details, technical standards or with overlaying cumbersome mandates. flexibility, quickness and nimbleness are all attributes that absolutely are necessary in cyber security but run contrary to governments abilities. we must encourage the private sector to keep improving on its consensus-driven standards that are built to adapt over time. i would like to yield to mr. olson at this time. >> thank you to our witnesses for coming this morning.

on the data breaches, it is a very serious matter. regardless of security measures taken to protect data, the bad guys are always trying to find new ways to grab that data. now that we have seen that bad guys can access data in less time than it takes to swipe a credit card. tonight, we have to fight. we have to win. as we say in houston, failure is not an option. i look forward to this discussion. >> mr. lance.

>> thank you, mr. chairman. i welcome this very distinguished panel. data security has been prominent in public debate dating back to at least 2005. 160,000 records were acquired by hackers in the choice point data breach. for the last eight years, 660 million records have been made public through various data breaches. data breaches occur not only in commercial settings, but also hospitals, financial institutions, banks and insurance companies. there is no doubt that every american can be at risk of a data breach. since our last data security

briefing in july, we have heard of additional data breach incidents that occurred in 2013. at target, nieman marcus, and michaels are the recent reminders that there are dangers that present in our economy. while that issue is still a paramount concern, equal if not more attention should be given to how to prevent in the first place. i look forward to examining the best practices for today's economy and for the safety of the american people. since the choice point a data breach in 2005, technology has evolved considerably. while hacker tactics have also evolved, so has the potential to provide greater security.

i am pleased to have before us today a distinguished panel from the public and private sectors with expertise and personal experience in these issues. i look forward to examining the issues before us today. >> the ranking member is now recognized for her five minutes. >> i'm really glad that we are having this important hearing on data security. i think it is of great concern to the public was watching carefully what happens here. i thank all of our witnesses for being here. i would like to take a moment to pay special attention and give special thanks to my friend lisa madigan who has been at the forefront of this issue since taking office in 2003, leading several efforts at the state level to defend against cyber crime and prosecute those responsible. she is also leading an investigation into the target,

nieman marcus and michael's data breaches. i look forward to gaining from her perspective on how we can better protect data and consumers in the future. the threat of data breaches isn't new. the recent attacks of some of this country's most popular retail stores should give us all renewed motivation to address data security and breach notifications. i think every one of our witnesses and every member of the subcommittee wants to make sure that we do everything we can to reduce the risk of future massive data breaches. the target breach alone could cost as much as $18 billion and analysts suggest that the company itself could be on the

hook for more than $1 billion in costs from fraud. there are also homeland security concerns that i hope we will hear about today. there's no full proof regulatory scheme. they are hard at work looking for new vulnerabilities. but just because we can't absolutely 100% guarantee the protection of consumer data doesn't mean that we should not do anything. there's currently no comprehensive federal law that requires companies to protect consumers or user data. nor is there a federal requirement that companies inform their customers in the event of a data breach. i believe that it is critical that the subcommittee will move forward on legislation that will

ensure that best practices are followed at all retailers and that consumers are informed as soon as possible after cyber theft is discovered. that legislation should be neutral in my opinion. in the 111th congress, i was a cosponsor for a bill that was bipartisan and chairman emeritus barton was a cosponsor. it had two main provisions. one, an entity holding data containing personal information had to adopt what we said were reasonable and appropriate security measures to protect such data. and two, that same entity has to notify affected consumers in the event of a breach. seems to me those basic requirements should come out of this committee.

i look forward to hear how we can better protect against cyber theft. i yield back. >> mr. upton, you are recognized for your five minutes and you control the time. thank you, mr. chairman. the recent data thefts and consumer information recently reminds us that we are in a connected economy. the rapid evolution of technology allows consumers to purchase goods and services on demand whenever and wherever they want. despite the new conveniences and efficiencies, the unfortunate reality is that it also facilitates the ability of criminals to commit identity theft and other serious crimes that could potentially injure

far more consumers. what originated as paper-based fraud or identity theft gathered from a dumpster or a mailbox has changed with the times and adapted to the digital economy. today, indeed, most transactions we conduct are transmitted or stored in a connected environment, ensuring almost every citizen has some digital foot rent or profile. the most sophisticated -- if the most sophisticated cyber criminals are successful in reaching data, the problem will not go away. congress recognizes the importance of protecting your personal information as the crimes of identity theft and financial fraud became more pervasive in our economy. it is the reason that we enacted laws specifically to address sensitive consumer data that can be used by criminals for identity theft or financial fraud coming hooting the grand lake act as well.

this year, we also empowered the ftc to address data breaches through the use of section 5 of the act in which they have settled several security cases. a handful of state laws mandate security for the date of their citizens and the private sector has developed extensive standards through the pci security standards council. yet breaches come identity theft, financial fraud continue. affecting virtually every sector from the federal government to merchants, banks, universities and hospitals. we must consider whether the current multiplayer approach self-regulation can be more effective or whether we need to approach the issue differently. in short, the title of today's hearing is an appropriate question to ask -- can data breaches be prevented? equally important, we need to

minimize or mediate the ability to commit fraud. americans should have the peace of mind that the government come along portsmouth officials and private industry are doing everything necessary to protect the government from future breaches. i yield the alice of my time to ms. blackwood. >> i thank the chairman. we are pleased to have you here. privacy data security is something that we are hearing about more and more from our constituents. i sum it up by saying my constituents want to know who owns the virtual you. which is you and your presence online. who has the rights to that? and i hope that, from listening to you all and talking with you today, we can gather some information to add to the work that we've been doing in our bipartisan privacy data security

working group here at the committee. what our constituents want to do is figure out how to build out this toolbox that will allow them to protect themselves online. they want to know what you are doing to provide the assurance of data security. ? what are those protocols they want to know the process will be and kind of a standard business process for data breach notification. what are the expect haitians. then -- expectations. and then they want you to meet and fulfill those expectations. so you have experience from lessons learned. you've made some mistakes, all of you. you are learning from those mistakes. and we are looking at how we take the rules there on the books in the physical space and

apply that to the virtual space and encourage commerce and the interaction, transaction and movement of data it in commerce. i'd yield back the balance of the time. >> as a 30-year i did professional myself before coming to congress, including a stint as a director of the cio staff where we have special operations command, i can tell you that i understand the complexes -- the complexities of data security. i am looking forward to hear from you folks today on what we can do to position both our commercial sector and our public sector to handle this problem. >> thank you. that concludes our time. now i recognize -- before i officially recognize, mr. waxman, ranking member of the full committee, made a surprise announcement and stunned all of us that he is going to conclude his time with congress at the end of this session.

and i just want to thank him for his 40 years of service to the united states congress, to the people of california, and the united states. job well done. we may not agree on everything, but you are passionate. you are zealous. and you are very involved. you command respect from everybody, henry. thank you. >> thank you. >> you are recognized for five minutes. >> thank you for your kind words and for holding this hearing today. i think this may be the first of a series of troubling cyber attacks on prominent retailers that will tell us today about their experience and we want to evaluate how businesses and government can better protect the security of consumers' personal information. late last year, target moneymen marcus, and reportedly michael's target, neiman marcus, and reportedly michael's experienced

intrusion, putting them at risk for fraudulent charges. it involved not only haman card data, but also marketing data that can be used for phishing attacks which has now reported to affect between 70 million and 110 million people. roughly one third of the adult u.s. population. reports indicate that similar attacks have likely affected many other retailers as well. just last week, what logic, a major hotel operator, announced that it was investigating a potential breach affecting thousands of guests who stayed

in hotels under various brand names, including hilton, marriott, sheraton, and weston. -- and westin. i hope today's hearing will provide us with the facts necessary to move forward where consumers can be more confident that companies will keep their data safe. the scope and scale of these breaches is alarming. it affects the confidence of consumers who rely on retailers, banks, and payment card assessors and networks to safeguard their personal information, including their credit card and debit card information. millions of americans have had to contend with fraudulent charges on their financial statements. identity theft schemes in which criminals open phony accounts in their names and the fear and uncertainty of how criminals may use their information next. there are many unanswered questions about these recent attacks, including how they were carried out and, of course, who is responsible. these breaches also raise important questions about how well the industry polices itself. whether these companies responded to early warnings and

notify consumers in a timely manner. we also need to understand the appropriate federal role in both data security and breach notification. nearly all u.s. states and territories now have laws that require notice for their own residence when a data breach occurs. the effectiveness of these vary greatly. but several are quite strong, ensuring that concern risk receives -- received prompt, adequate information when their personal data is breached and providing them with resources to protect their financial well- being. there could be a model for a minimum federal requirement. after the fact, breach notification is only half of what is needed. the private sector must also take stronger steps to safeguard personal information that could be -- information. there could be a federal role in making sure they are proactive. there will always be bad actors

who try to compromise cases and strive for financial gain. we also need to make sure that companies are doing enough to prevent breaches because consumers are paying the price. protecting consumer data needs to be priority number one. i look forward to the witnesse'' testimony and to the discussion on this important topic. i want to apologize in advance because there is another subcommittee that is meeting simultaneously and i need to be at that subcommittee as well. but i am looking forward to your testimony. in the short time that i have left, does anybody in the majority was to take the 27, 26, 24 -- >> you said majority. >> did i say majority? [laughter] i was looking to the future.

i thank you for the kind words. of course, i will be here till december. we will be able to work together some more. >> very good. thank you, henry. time to introduce our first panel. edith ramirez is the chairwoman it is for mere is, chairwoman, federal trade commission. thank you for your second appearance before this committee. lisa madigan come attorney general for the state of illinois. thank you for coming. william noonan, deputy special agent in charge, no investigation division, cyber operations, united states secret service. and i said it all in one breath. mr. noonan, thank you for your appearance here today. lawrence zelman, director of national cyber security and commissions -- communications integration center, department of homeland security. we always go from my left to right. so we will start with chairman ramirez.

you are now recognized for your five minutes. >> thank you. chairman terry, ranking member should cows gate, and members of the opportunity to appear before you to discuss the federal trade commission's data security and enforcement program. we live in an increasingly connected world in which a vast amounts of consumer data is collected. as recent breaches at target and other retailers remind us, this data is susceptible to compromise by those who seek to exploit security vulnerabilities. this takes place against the background of the threat of identity theft, which has been that tc's -- been the ftc's top complaint concerned over the past three years. the commission is here today to reiterate its bipartisan and unanimous call for federal data security legislation.

never has the need for such legislation been greater. with reports of data breaches on the rise, congress needs to act. we support legislation that would strengthen existing data security standards and require companies and appropriate circumstances to notify consumers when there is a breach. legislation should give the ftc authority to seek civil penalties where warranted to help ensure that ftc action has an appropriate deterrent effect. it should also provide rulemaking authority under the procedure act and jurisdiction over nonprofits which have been the source of a large number of breaches during -- breaches.

such provisions would create strong, consistent standards and enable the ftc to protect consumers more effectively. using it's a -- using its existing authority, ftc has used resources to encourage companies to make data security a priority. the ftc has brought 50 civil actions against companies that we alleged put consumer data at risk. we fought the cases under authority to combat deceptive and unfair commercial practices as well as more targeted laws, such as the gramm-leach-bliley act. in all these kids, the touch tone of the commission's approach has been reasonable this. a company's data security measures should the delight of the sensitivity and volume of consumer information it holds, the size and complexity of its data operations, and the constant available tools to improve security and reduce vulnerabilities. the commission has made clear that it does not require perfect security and it is a -- and the fact that a reach occurred does not mean that a company has violated the law.

and number of pc enforcement actives -- enforcement actions have resulted in [indiscernible] the ftc settled allegations that security deficiencies are vented hackers from gaining information of tens of millions of the and credit cards. to resolve these allegations, they agreed to install a competence of security program and to submit to a series of security audits. at the same time, the justice department successfully prosecuted a hacker. as this case illustrates well, the ftc and criminal authorities share complementary goals. ftc action helped ensure on the front and that businesses do not

put their customers data at unnecessary risk while criminal enforcers help ensure that cyber criminals are caught and punished. this dual approach to data security leverages government resources and best serves the interest of consumers. and to that end, the ftc and criminal enforcement agencies have worked to gather to ordinate -- to coordinate our respective investigations. in addition to the missions enforcement work, the ftc offers guidance to consumers and businesses. for those consumers affected by recent breaches, the ftc has posted information online about steps they should take to protect them selves. these materials are in addition to a large stable of ftc resources we have for id theft victims, including an id theft hotline. we also engaged in extensive policy initiatives on policy and data security issues. in closing, i want to thank the committee for holding this hearing and for the opportunity to provide the commission's views. we look forward to working with congress on this critical issue.

thank you. >> thank you, chairman. now the gentlelady from illinois. you are now recognized for five minutes. >> thank you, chairman terry. ranking member should house key and members of the subcommittee, i appreciate having an opportunity to address this important issue. over the past decade, we have faced an epidemic of data breaches that has affected almost every american man has inflicted billions of dollars of damage to our economy. the recent target breaches served as a wake-up call that government and the private sector need to take serious meaningful action to curb this growing problem. i will explain the impact of data breaches have on consumers, the role the states play in

responding to breaches, the data security we have seen in the private sector, and the steps the private sector and government can take to prevent future breaches. since 2005, there have been over 4000 data breaches nationally and over 733 million records compromised. the amount of money lost is also sobering. in 2012, 8 was $21 billion. over the last year alone, the number of complaints my office has received on data breaches has jumped more than 1000%. when these breaches occur, consumers are harmed primarily in two ways. first, there is the likelihood of uncut -- of unauthorized charges. second, they are likely to become victims of more costly identity theft. consumers must continually monitor their accounts for other charges. cleanup requires notifying their credit and debit card issuers to my closing accounts, canceling cards and waiting for new cards to arrive. and for consumers with automatic bill pay, leading companies with

new account numbers to prevent late fields -- late fees. those are the easy situations. victims of identity theft can spent months with reporting bureaus to restore their credit hearing and

by notifying consumer of breaches within a reasonable time to make sure they took reasonable steps to protect their data. is currently leading multi-data investigation into the breaches that have affected million of things. companies fail to take because except. -- basic steps. the notion they are doing everything they can to prevent breaches is false. instancesund repeated were breaches occur because companies allow consumer data to be maintained unencrypted. the reason breaches have led to discussions about can --

technology that was available but not deployed. they lead to disputes between banks and retailers. of when thisnt comes to security of our payment network. targeted by criminals. are toast time for the take data security seriously. consumers are rapidly losing confidence in the abilities to safeguard the personal information. i recommend that congress take the following action. this is not preempt the state law. congress should recognize the federal government should assist the are in the same manner it already does. congress should give it agency the responsibility to investigate large sick just dictated data breaches.

states have been on the front lines for a data will -- for a decade. not asking for state law to be weakened. they are panicked and they are angered. the companies are not doing more to protect their personal and financial information and prevent the breaches from occurring in the first place. i'm happy to answer any questions you have. thank you. >> thank you, general madigan. mr. noon nan, you are recognized for your five minutes? good morning, chairman terry, ranking member and distinguished members. thank you for the opportunity to testify regarding the ongoing trend of criminal exploiting cyber space to obtain sensitive financial and identity information as part of a complex criminal scheme to defraud our nation's payment systems.

our modern financial system depends heavily on information technology for convenience and efficiency. accordingly, criminals motivated by greed have adapted their methods and are increasingly using cyber space to exploit the nation's financial payment systems to engage in fraud and other illicit activities civets. the widely recorded data breaches of target and neiman marcus are just recent examples of the trend. the secret service is investigating the recent data breaches and we are confident that we will bring the criminals responsible to justice. however, data breaches like these recent events are part of a long trend. in 194, congress recognized the risks posed by increasing use of information technology and established 18 u.s.c. sections 1029 and 1030 through the comprehensive crime control act. these statutes define and assigned the secret service authority to investigate the crimes. in support of the department of

homeland security mission to safeselves guard cyber space, the secret service investigates cyber crime through efforts of highly trained special agents in the work of growing network of 33 electronic crimes task forces which congress assigned the mix of preventing, detecting and investigating various forms of electric tronic crimes. as a result of our cyber crime investigations, over the past four years, the secret service has nearly arrested 5,000 cyber criminals. in total, the criminals were responsible for over $1 billion in fraud losses and what we estimate our investigations prevented over $11 billion in fraud losses. the data breaches like the recent reported occurrences are just one part of a complex criminal scheme executed by organized cyber crime. these criminal groups are using increasingly sophisticated technology to conduct a criminal conspiracy consisting of five parts. one, gaining unauthorized access to computer systems carrying valuable protected information. two, deploying specialized malware to capture and ex- filtrate the data. three, distributing or selling the data. four, engaging in sophisticated and distributed frauds using the sensitive information that was obtained.

and five, laundering the proceeds of their illicit activity. all five of the activities are criminal violations in and of themselves and when conducted by sophisticated transnational networks of cyber criminals the scheme has yielded hundreds of millions of dollars in illicit proceeds. the secret service is committed to protecting the nation from the threat and we disrupt every step of the five-part scheme through proactive cremal investigations and defeat the transnational cyber criminals through coordinated arrests and seizure of assets. foundation ale at the the efforts are the private industry partners and as well as close partnerships with state, local, federal and international law enforcement. as a result of these partnerships, we are able to prevent many cyber crimes by sharing criminal intelligence regarding the plans of cyber criminals and minimizing

financial losses by stopping their criminal scheme. through our department's national cyber security and communications integration center, the ncic while protecting civil rights and civil liberties in order to allow organizations to reduce cyber risks by mitigating technical vulnerabilities. we also partner with the private sector in academia to publish information on cyber crime trends. through reports at mellon insider threat study, the verducci sizen data breach study, and the global security report.

the secret service has a long history of protecting the nation's financial system from threats. in 1865 the threat we were founded to address was that of counterfeit currency. as our financial payment system has evolved from paper to plastic now digital information so too has the investigative mission. the secret service is committed to protecting our nation's financial system even as criminals increasingly exploit it through cyber space. through the dedicated efforts of our electronic crimes task forces and working in close partnerships with the department of justice in particular the criminal division and local u.s. attorney's offices, the secret service will continue to bring cyber criminals that perpetrate major data breaches to justice. thank you for the opportunity to testify on this important topic and we look forward to your questions. >> thank you, mr. noonan. mr. zellman, you are recognized for your five minutes. >> chairman terry and ranking member and distinguished members, thank you very much for

the opportunity to be here before you today. in my brief open comments i would like to highlight the d.h.s. national cyber security communications center role in preventing, responding to and mitigating cyber incidents and then discuss our activities during the recent point of sale compromises. i hope my remarks will demonstrate the increasing importance of building and maintaining close relationships among a wide range of partners to address all aspects of malicious cyber activity and reduce continuing vulnerabilities, protect against future attacks and mitigate the consequences of incidents that already occurred. the importance of leveraging the mixes has been consistently demonstrated the last several years and is a part of broader frame democrats work used by the government and private sector.

as you well know, the nation's economic vitality and the national security key pend on the secure cyber space where reasonable risk decisions can be made and the flow of digital goods and online interactions can occur safely and reliable. we must discover, address and mitigate cyber threats and vulnerabilities. it is increasingly clear that no single country, agency, company or individual can effectively respond to the ever-rising threats of malicious cyber activity alone. effective responses require a whole nation effort including close coordination among the ncic, the secret service, the department of justice to include the f.b.i., the intelligence community and the department of treasury, the private sector entities who are critical to the efforts, and state, local, tribal, territorial and international governments. in carrying out its particular responsibilities, promotes and implements a unified approach which enables efforts to share cyber secure information in a matter which ensures the protection of individual privacies, civil rights and civil liberties. as you may already know, the ncic is a civil organization that provides around the clock center where key government and private sector and international partners work together in bo