russian artillery you in ukraine. i would not want to speak to an individual instance today, but it certainly has been a pattern whereby we have seen firing from within russia into ukraine, and we have seen disturbing movement of russian artillery and military equipment into ukraine as well. this takes place in the context of the separatists dramatically losing support in eastern ukraine and the military making gains. the way, however, to respond to that situation and the humanitarian need, the legitimate humanitarian need in eastern ukraine is to pursue a path of deescalation, not to move forward of further violations of ukraine's sovereignty. which has only alienated russia from the people of eastern ukraine and isolated russia in the international community. >> on the islamic state, jed general democracy said islamic

state can only be defeated if the fight is taken to them in syria. does the president agree with that? if so, how does he intend to undertake it? would it mean a significant change in the mission against slatic state? >> we certainly agree any strategy to deal with the isil organization has to deal with both sides of the border, iraq and syria. the strategy we are already undertaking does address that. in the sense that we are providing training and eequipping and assistance to the iraqi security forces and kurdish forces fighting them on the ground in iraq. we are also providing support and military assistance to the moderate syrian opposition, what we would like to see is those efforts squeeze the space where isil operates. but there are other elements to our strategy. one is to encies the support of partners in the region and international community because

this poses a significant threat not just to the united states and to the iraqi and syrian people, but the entire region. there are things we can do with partners to mobilize communities in places like iraq to work to expel isil. then there's the quell of u.s. military action. the president has already authorized u.s. military action on the very specific missions of protecting our people and personnel and our facilities in baghdad. he's also authorized military action to deal with the humanitarian crisis on mount sinjar. as we look ahead and look forward, we are going to do what is necessary to protect americans. so if we see fighting against americans, we see a threat to the united states emanating from anywhere, we stand ready to take action against that threat. we have made very clear time and again that if you come after americans, we are going to come after you, wherever you are. that's what's going to guide our planning in the days to come. >> has the president signed off

on air strikes against isil in syria? >> again, i want to get ahead of decisions. the president has been presented with specific military options outside of those that are carrying out the kurd missions in iraq, but we would certainly look at what is necessary in the long-term to make sure we are protecting americans. again, the long-term strategy will have to take people on the ground taking the fight to isil. that's iraqi and kurdish forces. that's syrians who we are supporting on the ground. if we have a need to protect americans and to take action when we see plotting against the united states and our interests, we'll reserve the right to do so. but i'm not going to get ahead of those decisions. >> it's fair to say you are actively considering air strikes against isil targets in syria? >> again, you heard the president say we'll be relentless against isil. we'll do what's necessary to protect americans and see that justice is done for what we saw

with the barbaric killing of jim foley. we are actively considering what's going to be necessary to deal with that threat. and we are not going to be restricted by borders. we have shown time and again that if there's a counterterrorism threat, we'll take direct action against that threat if necessary. >> last thing, on ukraine, the russian convoy, do you see that as a direct invasion of ukraine? >> well, at this point again we see this as part of a pattern of flagrant violation of ukrainian sovereignty. a direct incursion into their territory. they continue to have masses of military forces on the border, too, that would be a further escalation were they to move into ukraine. we are giving the russians a clear message that they need to remove this convoy from inside of ukraine's borders. if they don't, we'll be making determinations with our international partners about how to ratchet up the cost and consequences on them. clearly, again, this is not something that is started today.

from the arming and training of russian backed separatists, to the chutedown, we have he seen escalation and that escalation in a dangerous way. the russians should take a path to deescalation, if they don't, they are going to find themselves further isolated. not just from the people of eastern ukraine but the entire world. >> the way the administration, including yourself, is talking about isis today, it's a big jump from what the president himself said in january calling isis j.v. players. would you still agree with his assessment a few months ago? >> i think what the president was speaking to a few months ago was the fact of the matter is you have many different groups operating across the middle east and north africa. as we shift from a situation in which the counterterrorism threat emanated from al qaeda core, we are going to need to evaluate which of these groups pose a threat to the united states. which of these groups pose a threat to our personnel. and which are more localized,

militia-type forces. potentially dangerous but can be handled by local security forces. clearly isil, which has a long history and origin dating back to a.q.i., al qaeda in iraq, has gained capacity in the last several months, as the fighting in syria has given them safe haven there. as they have advanced across iraq and gained heavy weaponry and become better funded through various funding streams, including what they are able to sell in terms of oil and gas. the ransomes they have been able to obtain. that has developed their capacity in a way that has increased the threat. they pose greater threat today than they did six months ago. we are taking it very seriously. that includes the direct military action we are taking in iraq. that includes the support -- increased support we have provided to the iraqi and kurdish forces and the syrian opposition. we are going to do what's necessary to deal with this counterterrorism challenge.

>> the former deputy director of isil's . said, quote, first terrorist attack against the united states. do you agree with that? >> absolutely when you see somebody killed in such a horrific way, that represents a terrorist attack. that represents a terrorist attack against our country and american citizen. have the all of us foley family in our thoughts and prayers. we have seen isil seek to advance too close to our facilities. certainly for our own comfort. the president's decision to take military action a number of weeks ago was out of direct concern if they were able to get into arbil they could pose a threat to our personnel and conflict there. we have seen them pose a threat to our interests in the region, to our personnel and facilities

in the region, and clearly the brutal execution of jim foley represented an affront, an attack not just on him but american. we see that as an attack on our country when one of our own is killed like that. >> how would you assess this threat to americans living in the united states? do you take their threats seriously? >> we have to take their threats seriously. to date they have operated much like an insurgency. in syria and iraq. again they are deeply rooted in -- the insurgeycy in iraq we have faced for many years. they have of course posed a huge threat to the people in that region. it's important to underscore. as the president did the other day, that it's not simply the threat they pose to the united states. it's the threat they pose to the entire world. they have killed thousands of civilians and muslims more than

any other faith. so whatever pretense they have to establish themselves as speaking for the muslim world i think is completely disproven by their actions in that part of the world. for americans, what i say we monitor very closely whether or not isil will seek to develop plots that are aimed at the west. aimed at beyond this geographic area where they have been operating. we are doing that. we are actively consulting with european partners about how to watch the threat they could pose to the west. we take their threats seriously because they have to take every threat that's made against the united states seriously. we are going to deal with that through the action and strategy we have in the region to squeeze them. we are also dealing with it through homeland security and the president's going to convene at the head and state level a tional security council --

u.n. security council meeting because we are concerned about foreign fighters coming from western countries. >> are they capable of a 9/11-type attack? >> to date we have not seen them focus on that type of planning. that doesn't mean we are not going to be very mindful they could quickly aim to pivot to attacks against western targets outside of the region. again this is something we are going to monitor very closely because we certainly take serious lith fact that this is an organization that has a cadre of fighters who are clearly willing to do horrific things, as we saw in that video, and as we have seen as a massacre, innocent civilians in iraq. they have significant stream of funding that they have acquired over the last year or two. and, again, if they show the intent or they show plotting against the united states, we'll be prepared to deal with that if necessary.

>> billinger picture -- bigger picture what we are doing in iraq, is the united states now engaged in a broad counterterrorism effort to defeat isil? >> the iraqi government is certainly the front of the effort to defeat isil inside of iraq. we are providing them with support to do that. i think the strategy is one that we want to evict isil from their safe havens and squeeze the space they are operating in. and ultimately again push them out of that space. our contribution to that will come in many ways. it comes in the form of the air strikes that are protecting baghdad, that have given space for iraqi forces to push forward against isil. it comes in the form of military assistance and advice and intelligence sharing that we have with iraqi and kurdish forces on the ground. it comes with our political support in service of a new and inclusive iraqi government, which should be able to broaden the coalition against isil so we

see more of iraq's neighbors, again working with, for instance, sunni communities, to evict isil. this is going to have to be a team effort. but we have very unique capabilities we can bring to bear and supporting those on the groundworking to fight against isil on the frontlines. >> basic question. is it the objective of u.s. efforts here to -- [inaudible] >> our objective would be to see an organization like isil defeated. our military objectives, i'm just separating out, the fact that we have military objectives that the president's articulated, that aim to protect our facilities in iraq and prevent human catastrophe, in that long-term strategy of working for defeat of isil, we'll participate not just through our military actions but training, eequipping of iraqi security forces, kurdish security forces on the ground. ultimately they are the ones who

are going to have to work to evict isil from their communities. again their efforts to form an inclusive government in iraq i think will go a long way towards enlisting the support of those communities who have been somewhat disaffected from the government in recent years. >> i would like to get you to foley's michael comments -- inaudible] >> mr. foley and entire foley family, can i not imagine how it must feel to lose a loved one and in such a horrible way. i certainly understand that any family would want to make sure that we are moving heaven and earth to find and bring home american hostages. i can assure you that we have done everything that we can possibly do to try to bring home our hostages. it's an incredibly difficult

circumstance in a place like syria. again where you have such violent conflict raging. we have used all of our military, against, diplomatic resources that we can bring to bear to try to find out where our hostages are. to try to rescue them. when we saw an opportunity to try to work with any country that might have any means of locating them. and tragically we weren't able to rescue mr. foley. but we are going to keep trying for all of our hostages, not just in syria but around the world. out of respect for the fact that there are sensitivities involved with that, but this is a small number of hostages who are held within syria. and we are going to continue to do whatever we can to try to bring them home. every day that they are in custody, they are -- is a day hey are at risk.

inaudible] >> i think the president has spoken to the fact that our military objectives in iraq right now are limited to protecting our personnel and facilities and addressing humanitarian crisis. we have to be clear this is a deeply rooted organization. they have been there for 10 years. when you go back to a.q.i. it is going to take time, a long time, to fully evict them from the communities where they operate. we can do things, though, in the immediate term, to address the threat to the united states and our people. and to push them back. and to get space for these security forces who are taking the fight to them. we can create a coalition that can support iraqis and moderate syrian opposition in their efforts to squeeze isil. that's what we are dofplgt it's going to take time when you talk about an objective like the ultimate defeat of isil.

it will take time to dislodge a group that has been operating in this part of the world for the better part of a decade in an insurgency. what we can do is address the threat to the united states. give the security forces the space they need. go on the offense. push them out of the communities they are in. and then work towards that ultimate goal of defeating isil. this is a cancer that has to be eradicated. that's how we look at this. we have to have our near-term goals that put the safety of americans front and certainty. then in the long term we'll work with our parters -- partners to efeat this organization. so, yes. as you're doing that, you need to make sure that if there is a threat to the american people that we have the ability to take action. that's what the president did, for instance, when they were bearing down on our facilities in narbil. we are already pushing them back. you saw after we began our air strikes, for instance, the

kurdish forces with our support were able to make advances and retake a big piece of critical infrastructure in iraq. so that's the dynamic that we are seeking to foster. one that doesn't just contain but that allows those forces on the ground to go on the offense. >> inaudible] >> necessary to deal with an outbreak like ebola that we have seen. we have prioritized getting people and resources on the grouped in places like liberia and sierra leone. so we are working to strengthen their public health

architecture. there are clear steps they can take to contain the outbreak and make sure that people are getting appropriate care. that's what we focused on with the c.d.c. and other u.s. agencies. if there are opportunities for us to do additional things, we'll review those. but the best solution in our mind is to put the public health infrastructure in place in those countries to contain this outbreak, treat those who are suffering from it, and ensure it doesn't spread beyond their borders. i don't have any upstates for you on additional military resources. we focused on public health resources to date. >> the president announced the what's kes in iraq -- happening, what's going to happen, not going to happen, do you believe that that statement

it de if -- inaudible] >> first question, mike, the president it always keeps the american people updated about the status of any military action and major foreign policy and national security actions. even since he announced those air strikes earlier this month, i note he has spoken a in of times to developments in iraq and developments associated with our efforts against isil. so clearly i think any additional action that he would take is one that he would explain to the american people, whether it's in iraq or anywhere else.

and we will keep the american people fully informed. i think the american people understand that this president's very deliberate about the use of force. he doesn't rush towards the military option. e takes very seriously when we put u.s. military action on the table. when we have our pilots flying missions like the air strikes we are undertaking in iraq. however, i think the american people also understand that there are some threats that have to be dealt with. and we are dealing with the threat from isil in iraq by protecting our people there. and as we have done against al qaeda around the world, we'll take whatever action is

president obama has shown he'll do that. whether it's in pakistan -- we'll take direct action even as we develop long-term solutions that empower part nerts on the ground. with respect to legal matters, i wouldn't want to prejudge an action we haven't taken. i would say that the actions taken in iraq are consistent with the president's onstitutional authority. the actions we took in syria because we were trying to save mericans were imminent danger. i think any additional actions we take we'll consult with congress. >> the things you have drawn about iraq is you were invited in. you mentioned syria -- [inaudible] >> hypothetically that action hasn't been taken. to take the example of what we d. you don't need to be invited in if you're trying to rescue your people from imminent danger. that's the basis we took to try to rescue our hostages.

we have a legal justification for any action we take. we would consult with congress. this is again a problem that we have to deal with as a nation. and so whether it's our ongoing operations in iraq or additional steps that may need to be taken against isil, we would carry those out in very close consultation with congress about their support and their role in providing support for our efforts. thank you. >> if we obviously understand that americans who have loved ones who are in harm's way want to do anything to try to bring them home. we provide support in any way we can have our military, diplomacy, intelligence resources, law enforcement resources. but as a matter of policy, we do not provide ran some -- ransom

or any funding for terrorist organizations. we feel very strongly that it is not the right policy for governments to support the payment of ransom to terrorist organizations. in the long run, what that does is, it provides additional funding to these terrorist organizations, which allows them to expand their operations. it incentivizes the kidnapping of foreigners. in ways we have seen, frankly, with organizations like isil and some al qaeda affiliates. so again, as a matter of policy i think the u.s. government remains committed to the notion that we will not provide funding for terrorist organizations that we believe that only creates perverse incentives for those terrorist organization who is have gone forward and the source of funding and we are going it cut -- to cut off and choke off their source of funding. we'll use all the resources of u.s. government to find and if possible bring home those americans missing. as i said, that will include our

military, our intelligence, our law enforcement, and our diplomacy. hanks. >> before we get started. a quick note, mostly of appreciation as we wind down our past few weeks here on the vineyard. it's been a busy few weeks. i appreciate your patience and flexibility as we move through a lot of breaking news and developments, both up here in washington and around the world. appreciate you working with us. appreciate your flexibility and feedback as we try to make sure we are getting you the best and accurate and quickest information we could. with that i will answer your questions. >> going golfing this week. explain why he does this. >> i am not going to get into the president's mindset on that.

i will say that generally i think that sports and leisure activities are a good way for relief and clearing of the mind for a lot of us. >> has there been any consideration, any discussion of maybe take a day off of golf. -- ly yesterday inaudible]

eoot president did give a powerful statement in this auditorium wednesday afternoon. i think that anyone wondering his views on both the situation with isil, that video or his concern for the foley family should go back and review that statement. it was delivered from the heart. it was candid. it was honest. and it was open. i think anyone trying to assess how seriously he takes the graphity -- gravity of that situation should listen to it again. > no doubt about that. inaudible] >> i understand you're asking about the optics. let me take a minute to explain

how we approach this. first and foremost the president is set on doing his job. to us that's paramount. what i think you see, just because the president is in a different location doesn't mean he's not doing his job. i don't think anyone in this room who's been covering this or following the president for the past few weeks could deny that the president's been deeply engaged on issues both domestic and abroad. it's important for us to understand, and i think that's been evident, is that the issues the country's facing both on the international stage and back here at home have absolutely captured the president's attention while we have been here. > a quick follow-up. inaudible]

>> i'm not going to do too much -- i think the president spoke about isil 38 hours ago and the brutality they committed, barbaric acts, and everything the president is going to instruct the united states government both again military, diplomatic, and intelligence in order to see justice served. so i don't think there's any despite right now -- dispute right now, discrepancy right now because he spoke with you a few days ago about that. [inaudible] >> this is beyond anything we have seen. it seems to be these big depending who you

are talking about. can you iron this out? >> sure. i'm happy to iron it out. the president a few days ago in which he said isil has rampaged across cities and villages, killing innocent and unarmed civilians. they abduct women and children and subject them to torture, rape, and slavery. they murd -- they have murdered muslims,, they target christians and religious minorities, driving them from their homes, murdering when they can for no run, they have declared their ambition to declare genocide against the people. i don't think we are parsing our approach on this. >> in those terms is that beyond anything we have seen? i think that -- addressed this a little bit ago.

i'm not going to be here to paragraphs the differences -- pars the differences between al qaeda and isil. both are clearly terrorist organizations. both want to do harm to innocent people. i think the president's record on counterterrorism speaks for itself. >> agree with secretary hagel's assessment? >> what? >> this is beyond -- a threat beyond anything we have seen? or isis is a force beyond anything we have seen? >> i think how the president views isil has been articulated a couple times now. >> on domestic policies, can you ive us the white house fundraise -- [inaudible] >> today the administration took several steps to ensure women whose coverage is threatened receive coverage for recommended contraceptive services through

their health care plans at no additional cost as they should be entitled to under the affordable care act. while continuing the administration's goal of respecting religious beliefs. the rules, which i believe you are referencing, are in response to recent court actions and balance our commitment to helping ensure women have continued access to coverage for presensitive services according to their health, while respecting the administration's goal of respecting religious belief. > the nonprofit -- >> the administration believes the accommodation is legally sound, but in light of the supreme court order regarding wheaton college, the departments are augmenting their regulations to provide an attorney for objecting nonprofit religious organizations to provide notification, while ensuring enrollees of such planned organizations receive separate

coverage of contraceptive services without cost sharing. >> i know there's two separate rules, one for the nonprofit and closely held protchts. i'll refer you to h.h.s. on how those are implemented. i'm not sure. i know -- first and foremost we want congress to act. that's going to be our bedrock principle on this. we believe congress and should act to ensure any women affected by recent supreme court actions get the same overage, options, everyone else is offered. legislative action is the quickest and best way to ensure that women get access to the services they need and we call n congress to act quickly. >> this particular step -- a few steps along the way. so i'm happy to get back to you on that.

inaudible] >>'s not going to surprise you to know that we strongly disagree with g.a.o.'s conclusion. the we reject the implication that the administration acted unlawfully. the president has the constitutional responsibility to protect the lives of americans abroad and specifically to protect u.s. service members. it's important for everyone here to understand that the g.a.o. report expressly does not address the lawfulness of the administration's actions as a atter of constitutional law. >> i could tell you that the administration's actions

occurred only after the secretary of defense determined that the risk posed by the detainees to the united states or u.s. persons of interest was substantially mitigated and the transfer was in the national security interest of the united states as required by the national defense authorization act for fiscal year 2014. at the time you'll recall the president was very clear that our commitment to men and women serving overseas to leave none of them behind is a bedrock principle for him. one that doesn't come with caveats. that's why he acted in that matter. >> let me understand the impact. >> you asked the white house's reaction. i have given that to you. in templets impact of the g.a.o. heck with the g.a.o. inaudible] >> the president has been in touch with the attorney general

since the attorney general was in missouri. i think it's fair to say that we have been encouraged by what we have seen the past few days. the president last week and on monday i believe called for a deescalation in the tensions. that was pair month for him. so far we have seen the developments of the past few days. to answer your question, the president has been in touch with the attorney general. the president and many of us at the white house are closely monitoring and receiving regular briefings on the situation in ferguson. as you know the department of justice opened an investigation, an independent federal civil rights investigation into the death of michael brown, and both the president and attorney general have committed to a fair, thorough, and independent investigation. >> what does the attorney general -- >> i'm not going to get into the internal communications. i think the department of justice has put out a lot of readouts of that trip. i know it's well covered by your

colleagues. i can tell you that the president felt that the attorney general had a very good and worthwhile trip to ferguson. he met with members of the community, the congressional delegation, local officials, along with f.b.i. agents and d.o.j. personnel conducting the federal criminal investigation and received an update on each of the progress. he also met with the parents of michael brown. -- f i could just ask [inaudible] >> any scheduling announcements at this time. i do think you have seen the president speak about this again so very openly and candidly over the past few days at length about how he views the situation in ferguson. the attorney general went out there earlier this week. so he -- he's continuing to monitor this. his first and foremost priority is with the safety of those in ferguson. >> can you update us on where

the president is in terms of his -- [inaudible] on i think you'll recall june 30 the president spoke to you in the rose garden. that was on the heels of being informed by speaker boehner that the house republicans were not going to bring up immigration reform for a vote. as you may also recall we believe that bipartisan bill passed by democrats and republicans in the united states senate should be brought up for a vote. we are not even asking house republicans -- the house leadership to vote for it. we are asking for them to bring it up for a vote. because i bet you a good deal that that would pass. with both democrats and republicans in the house. that said, speaker boehner did inform the president we are fairly forthcoming in that. and the president announced in the rose garden he was directing

the director of homeland security and attorney general to identify additional actions the administration can take on its own within the president's existing legal authority to do what congress refuses to do and fix the broken immigration system that's been plaguing our country for many years now. if congress is not going to do their job, the least we can do is ours. the president expects the recommendations by the end of the summer. i don't have any additional updates for you to read out at this time. >> i'm not sure the status of the recommendations in coming to the white house. can i tell you the president has put great a deal of thought into this already as you have heard many times. and as soon as we have anything definitive, any announcements -- is the president open to

going that far [inaudible] >> the numbers are in newspaper the ere not put out by administration. we are preserving the integrity of this process to allow the president to receive those recommendations from the attorney general and the department -- secretary of the department of homeland security. we are going to review those. as the president said he wants to act by the end of the summer. >> one final question following p. [inaudible] >> i think, again, what the president made clear at the time of the guantanamo transfer was

that his commitment to the men and women that serve overseas is that we will leave no men or woman behind. that's what he's been keeping faith with and is unshakable for him. as we made previously clear the administration determined it was lawful to proceed with the transfer in order to the protect the life of as you us service member held captive and in danger almost five years notwithstanding the congress didn't receive the 30 days notice. again we disagree with the g.a.o.'s conclusion and reject the implication the administration acted unlawfully. it is with great regret i do not have a week ahead for you. despite my best efforts. we'll have that on paper later today. >> thank you. >> this isis you have talked about, how much of that would you attribute to the payment of ransom by other countries? how much would the administration be working with

other countries or pressuring them not to keep paying these ransoms? >> our policy is clear. the united states government has a matter of long-standing policy does not grant concessions to hostage takers. doing so would put more americans at risk of being captive and be a funding stream for these terrorist organizations. let's be clear this isn't just u.s. polcy, this is a growing international norm. in javen this year the security council unanimously adopted resolution 2133. an unprecedented resolution which identifies kidnapping for ransom as a source of terrorist financing, preckses the council's determining to secure the safe release of hostages without ransom payments or political concessions, and calls upon all member states to prevent terrorist from benefiting directly or indirectly from such concessions. >> each friday night this monday

month. c-span's american history tour travels the country to explore historic places while also hearing from authors about some of the events people, and places that shake the nation. among the stories we'll hear, the life of civil rights activist medgar evers who was murdered in 1963. the curator of his house in jackson, mississippi, talked about what inspired medgar evers to get involved with the movement. here's a look. fun fun--- [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2014] >> medgar said, i'm sure he was a little angry, frustrated. he was hurt. so getting away from mississippi, medgar enlisted in the army when he was 16. he served in world war ii. he talked about as he traveled about, he said that sending america, it didn't matter about the color of his skin until he

came back home to mississippi. on his 21st birthday he tried to register to vote. he and his brother, who was also a veteran, and other veterans. he said these group of white men turned them around with shotguns. ran them off with shotguns, and medgar said we ran. we did not go up against those men. it made medgar get serious. >> that was a portion of an event held in jackson, mississippi. you can see the entire event tonight at 8:00 eastern on -span. >> all this month while congress is in recess we are showing you book tv in prime time. tonight at 8:00 eastern, it's in-depth with author reza aslan, he spoke about his life and career and best-selling book "zet lott, the life and times of jeesuffs nazareth." and on c-span3 american history tv with programs on how hollywood has pore trade the

civil war and issue of slavery. we'll start with remarks from history professors on the dediction of slavery and films since the 1930's. after that a look at the recent film "lincoln" and passage of the 13th amendment which abolished slavery. finally, a discussion on the film, "gone with the wind" whether or not it's a source on southern culture. see these programs tonight at 8:00 eastern on c-span3. >> this month, c-span presents debates on what makes america great. evolution and genetically modified foods. issues spotlight with in-depth looks at veteran health care, i.r.s. oversight, student loan debt, and campus sexual assault. new perspectives on issues including global warming, voting rights, fighting infectious disease, and food safety. and our history tour showing sights and sounds from america's historic places. find our tv schedule one week in

advance at c-span.org. let us know what you think about the programs you're watching. call us at 202-626-3400. or email us at comments@c-span.org. join the conversation. like us on facebook. follow us on twitter. >> today the american bar association holds its annual homeland security conference in washing, d.c.. -- washington, d.c. coming up at 3:10 p.m. eastern a discussion on cybersecurity issues an challenges. watch the event live here on c-span. until then, our series on president johnson's great society continues with a look at the 1967 national commission on product safety. this is from today's "washington journal." >> "washington journal" continues. host: today we wrap up our weeklong series on president lyndon johnson's vision for a so called great society.

we are discussing the 1977 commission on product safety. it is the commission from which today's consumer product safety commission was born. talk about it, robert adler joins us. he is one of the commissioners sc.h this etf see -- cp we want to talk about the proposed national commission on product safety. he says that host: can you talk about the role of product safety pre-1967?

guest: it is a fascinating piece of history. it goes back to john kennedy and the new frontier. in march of 1962 he sent a special message to congress where he first spelled out the right to be informed, the right to choose, the right to be heard, and the right to safety. that is a team that was picked up and really expanded during the mid-1960's to the mid-1970's. we often call that the consumer decade. just a thing the safety legislation that was passed during that period. you can go to 1966, when the national traffic safety and administration was set up, 1967, the national transportation 1870, therd, environmental protection agency and the occupational safety and health administration, and then finally in 1972, the consumer products safety act was passed. all of those had as a theme safety. safety became the watchword of the day. host: what was this commission

charged with doing when it was created? guest: it was charged to look into 4 aspects. first was federal legislation, which they felt was piecemeal and random and intermittent. they'll were also to look at the product liability system to see if that effectively protected the public. they wanted the commission to look at the industry's self-regulation and wanted to see what state and local laws applied and how effective they were in protecting the public. that was the mandate to the national commission on private -- product safety. those state and local laws and how they were protecting the public were also the subject of the message to congress that you noted earlier. quotery 16, 1967, to lyndon johnson's words again

host: so who specifically was in charge? was this mostly a state effort in 1967 when comes to product safety? guest: in those days, yes. there was federal legislation but it was fairly small. there was, for example, in 1956 a piece of legislation that i still think is the best safety standard ever, gate -- ever promulgated, on refrigerator doors. not until 1953 -- excuse me, 1960 -- did we get more legislation addressing consumer hazards. so the state and local legislation was not very effective, and the federal legislation was not comprehensive enough. we have a mandate over roughly 15,000 product categories that congress passed legislation dealing only with a small number

of those. host: robert adler is commissioner with the consumer product safety commission. he joins us as we are talking about president johnson's vision for a so called great society. when he set up this commission in 1967, was the goal always to create the independent agency that you are a commissioner for? guest: yes. get been told they couldn't congress to enact legislation, so they did what is often done in washington. you set up a commission and stack it with people that you know are going to reach a preordained conclusion. they certainly did that, and the commission very strongly recommended the astonishment of an independent consumer product safety commission. host: we are asking our viewers to call in on this segment. if you have questions on the consumer product safety commission, we will appear stories and interactions with the cpsc and products that are regulated by the consumer product safety commission.

mentioned the 15,000 products that today's consumer product safety commission covers. i've seen it read in some of your testimony to congress that what isn't covered is guns, boats, cars, trains, drugs, and food. why were some things included and other things not included? guest: there are interesting stories about that. first, you don't address the stuff that is already regulated under federal legislation. back in 1974 we work additioned to -- we were petitioned to exercise jurisdiction over tobacco products. haveess did not want us to jurisdiction over tobacco products, but there is a loophole in the law that they pointed to and they said we think you have jurisdiction over tobacco products, and of course, we did have jurisdiction over tobacco products. fast forward another six weeks and we were conditioned -- petitioned by a group to ban not and weut bullets,

exercised jurisdiction under the federal hazardous substances act. if you can imagine, this fledgling agency within the space of a couple months is told it has jurisdiction over tobacco products and bullets, 2 of the most controversial products you could imagine. the fascinating thing about that is that if you think congress can be deadlocked, they weren't deadlocked then. several weeks later they enacted removedion that tobacco products and bullets jurisdiction from us conclusively. host: and guns as well? guest: we never had euros diction over guns, they made that clear -- never had a jurisdiction over guns, they made that clear. host: was that clear in 1967? guest: it was. and theery small agency controversy surrounding guns is so much of a distraction that if you were going to give jurisdiction to an agency, you would want to give it to an and hashat is bigger

more staff than we do. we are a very, very small agency. host: 15,000 products that the cpsc is in charge of regulating product safety for. what is the budget and how many people does it take to do that? guest: as i said, we are a very small agency. we have a budget of $180 million. i want to put that in context. several years ago i was looking at the fda budget and i noticed that they had added field staff. in that year, about three years ago, they added more field staff and then we have staff. rent what our total budget is. we are staffed with extremely competent technical staff. we do as good a job as we can with limited resources. i think we have done quite a job over the years. host: you talk about agency resources. here is a chart showing the budget baseline for the cpsc

over the years. in 2014, the budget, $118 million for comedy people? -- how many people? the moment.taff at when the agency was set up we had almost 1000 staff. if you look at the precipitous drop, you see in particular from 1980 to 1982 great congress came in and they were very unhappy with regulation in general. there was a deregulatory movement, and we probably more than any other agency lost staff and funding. between 1980 and 1982, a 33% drop in staff and 25% drop in funding. we have struggled over the years to come back to parity, but in terms of staff, we are roughly half the amount of staff today that we had back when the agency was first set up. host: what was the regular story concerned -- deregulatory concern, that the cpsc was keeping products from the market

or keeping business from growing? it was not limited to the consumer product safety commission. the sad fact for us is that we were the first agency whose reauthorization was cut at the height of the regular story fever -- height of the regulatory fever so all the forces concentrated on us. the concern was limiting choice, limiting freedom, driving prices up. there was big concern about inflation at the time. all of those were factors that people took into account when they were planning to regulatory agencies. we were not the only regulatory agency under attack. we just happened to face that timing. host: some members on capitol hill, especially republicans, are concerned about this issue is one it comes to regulation. what are some of the interactions with had? -- you have had? guest: those are concerns that we at the consumer product safety commission chair as well.

our mandate is not say to get rid of all risks whatever cost. it says to get rid of unreasonable risks. part of the calculation for unreasonable risk is can we reduce it at a reasonable price without interfering with its utility or availability? these are concerns we share with members of congress, and there is a spectrum of views on the hill about the benefit of regulation and wisdom of consumer product safety commission. i think that if you were to look at statistics of products we have been involved in, you would find that the cost-benefit ratio of our actions has been very favorable over the years. host: how have the general public, folks who may be watching this segment, interact with the cpsc on a daily basis in a way they may not know? guest: we have a hot line where people can call in with complains. we read all the mail cemented to us. big -- submitted to us.

beginning in march 2011, we established a database where people who have incidents of harm or potential harm can complaintsents or either through the phone or by writing letters or three ma -- through e-mail. saferproducts.gov. they can access the database to see if the problem they have with their product has been shared with other folks. host: what is a specific example of how that has worked? guest: well, someone who has, for example, a heater in their could look toted the database and see whether that problem with their heater was idiosyncratic, or whether other consumers had similar problems with the heater. database isthat our accessible to anyone. on a regularorts" basis downloads all of the complaints from the database and tried to put them together in an organized fashion so that they can report to their readers what the leading complaints are and

the leading safety concerns are. it is accessible to anyone, and i think the public uses it in a fairly good manner. host: you brought up refrigerator doors earlier in the segment. what is the biggest victory for the consumer product safety commission over the years, the most impactful ones? guest: if you look at the product safety picture over the last century, it has been a favorable one, and it is not obviously due to the consumer product safety commission alone. a lot of it is due to better production methods. -- i taught in a for 22 years, so i think better production methods are very well-known, and they have helped enormously. i think the consumer product safety commission has played a big role in that. can pick up products such as residential fires, they have dropped over 50 percent, you can look at electric you should, they have dropped over 70%. one of the big success stories for the commission is the poison

prevention packaging act. fatal poisonings over the years have dropped by 87%. is a serious concern for everybody because cribbs is infantsere most d most of their time. it has dropped over 90%. enacted safety act was in 1956 will stop there have been a grand total of no fatalities. it has been that effective. the technology to a dress refrigerator doors, and i think most consumers would know what, is just magnetic strips around the doors so that if an infant crawls into a refrigerator, they can open it easily from within, and it turns out magnetic strips last longer and are cheaper than the latches that were on refrigerators, so it is a wonderful safety standard. i will not pretend that all safety standards are that good. host: viewers, if you have had

any interactions with these products, we are talking about consumer product safety commission, concern about specific products, we are talking with robert adler, a commissioner with the cpsc, talking about the history of the work of the consumer product safety commission. phone lines are open, republicans can call (202) 585-3881. democrats (202) 585-3880. independents (202) 585-3882. we will get to your calls in just a moment, but i wanted to rise ofabout with the so many foreign products coming into the united states, former foreign consumer-products, how does the cpsc monitor those? do foreign copies have to be held to be same standards as american companies who are trying to put products on the market? guest: that is a question for top i have been at the commission for many years with a 25-year gap, but i was there in the early days of the commission. in the early days, imports, which is not an issue for the agency, when i came back, the

vast majority of recalls with withommission were imported products, and yes, imported products must meet precisely the same state he me safety -- sa standards as domestic products will stop there trying to ramp up surveillance at ports so you can stop products that are defective and dangerous before they get into domestic consumption. host: does that include individual inspectors at points of entry? guest: i wish. we have a very limited staff, as i said, so we have actually fy2016ongress for our budget to give us expanded resources so we can cover more ports, but we certainly cover the busiest ports, and we stopped millions of dangerous products over the years, and it is an ongoing effort. host: how to you get your arms

around all of the produce coming in? do foreign countries have to register their price with the cpsc? i know there is testing domestic abuse have to go through before they bring products to the market. guest: if you are going to import a product, you have to list that with custom so customs does all of the product's coming into the country, and we have a system that surveys incoming products, and we look to those where we either have had somebody who has brought in effective or dangerous products in the past and we target those, or we target products that we know often present serious hazards. for example, very often clothing will have drawstrings, so we look in particular for drawstrings chokee drawstrings can little kids. or we look to hairdryer's that if't have protection against they were dropped in a tub. so we look for product that we know present serious hazards. host: we are talking about the

history of the cpsc. a tweet -- how much did ralph nader's book "unsafe at any speed" help the agency? guest: i think it played a great role in the consumer movement. the led to the passage of national highway traffic safety administration, and safety was the watchword. mr. nader was very much involved in the drafting of legislation of the consumer product safety act, so the whole consumer movement helped from it as they come and as i say, that led to what a lot of people call the consumer decade, which lasted roughly from the days of the great society through the middle of the 1970's. host: a call from frances in new york on our line for independents. good morning for stop you're on with robert adler from the consumer product safety commission. caller: good morning. door in sliding glass my room, and the threshold is so

, iterous, when i step on it slices my foot. how can i do something? out, and they gave a contract, but i complained about it to the commissioner and the contractor, and i got nowhere, but it is a dangerous door. guest: it is interesting you raise an issue with a sliding glass door because one of the first issues raised with with a product called architectural glass because if you walk into it and it breaks, it used to break and very dangerous shards

and cause horrible injuries to consumers and two young children in particular, so we actually have a standard that requires architectural glass to be safe. it does not sell my status your problem. it sounds like the actual foothold of the sliding glass door is the problem. ray area for ther commission. we look at summing that is a fixed permanent lead to the floor. what i would urge you to do would be to write a letter to the consumer product safety cpsc.gov and go to submit a complaint, and i will see if i can have somebody follow up and investigate that. host: we are talking about the history of the cpsc. some sets dating back to the beginning of the commission, back to 1957 on product-related injuries -- 100 25,000 injuries

a year when it came to heating devices, 100,000 injuries a year on automatic clothing ringers. glass doors, which we talked about just now, 40,000 injuries back in 1967, and wall sockets and extension cords, 30,000 injuries that year. you have a specific interaction with clothing ringers as i understand. >> i am one of the statistics, as they turned out, and i was surprised to see that back in 1968, they were still selling hundreds of thousands of washers with ringers. when i was a two-year-old, a dog was bothering my brother, my mother ran out to protect my brother, and i stuck my arm and the ringer of the washing machine. i will not show your viewers, but i have two very large scars on my right arm, so that is a matter of personal interest to me, but i think we know that washers with ringers are no longer sold or at least not sold widely. e-mail question from ron in massachusetts. the cpsc has multiple testing

facilities and staff. the authorityhave to mandate to u.s. and foreign commercial entities under penalty of failure to conform the standards and twisting -- and testing protocols they are required to follow? guest: that is an excellent question. and if you look at the act, you will see that congress was concerned about foreign manufacturers and also domestic manufacturers, and what they said was with respect to children's products -- and the reason we are so concerned about children is pretty obvious -- children are involuntary read ands, they cannot heed warning, so we really walk the extra mile to protect children. what congress did was something i thought was quite clever. they did not require companies that are making children's products to submit them to the consumer product safety commission for testing and approval. they said the commission must accredit test laboratories that you must submit children's

product of if it is covered by a rule or regulation how to test a, and then the manufacturer bet certify that it will safe. the answer is at least for children's product if you are either a foreign or domestic manufacturer, you must have your product tested in an independent lab, and then you must certify that it meets the rules and regulations. host: the third-party testing. guest: that is exactly correct. host: can you talk with the situation in 2008 that congress can't together to pass a consumer product safety improvement act? guest: yes. yes. that was triggered by a number of retells in 2007. in fact, people caught 2007 the year of recalls. were millions and millions of products recalled when they found a particular imported products were coming in with levels of lead on consumer products, and even large importers, large manufacturers ack apparently gotten l

in their self tests, and there were thousands of recalls by enacting the consumer product safety improvement act. they set very stringent products on lead in children's products and lead in paint on all products, and they established this third-party testing regime that i just discussed. by the way, they also added one additional thing in honor of a young man named danny kaiser, who had died in a play pen that had been the subject of two recalls, but somehow this one had still eluded those recalls, and he suffocated in the playpen. parents were wonderful folks come a lobby their state legislature and the congress to pass legislation to expand rulemaking for children's products, and so we are mandated to write to safety standards a year for what are called the rubble infant products, and we have been chugging along doing that for several years now.

cpsc'shat are these see enforcement powers? guest: we have the ability to seek i

tell us how it protects the u.s. public. >> this goes back to the passage of the packaging act in 1970.

the reason they had acted that, they did not want to be presented between banning a dangerous product, even though warnings did not work. presented was to say let's permit a number of these products that are toxic to child resistant packaging on them so children can't access them. it has been a tremendous success. fatalities over the years have dropped well over 90% because of the poison prevention packaging act. i'm old enough so i remember back in the day if you try to get into a bottle of aspirin, it you needed pliers to do it, because the technology was not that good, but today, the technology for child resistant packaging is excellent, and adults have almost no problem opening packages, but children still do, and that is exactly the ideal approach you want. host: we will try jonathan again in greenville, mississippi. jonathan, good morning.

go ahead, jonathan. caller: hello? host: yeah, jonathan, go ahead. caller: yes, i'm calling about private sector from china in places, products and come from china, yes, products and come from foreign countries like china. host: jonathan, we will just move on. we need you to turn on your tv when you are calling in with your questions or comments. a question for you, mr. adler, who are the most at risk populations in the united states? you talked a lot about protecting children. is it the children? you have also testified about protecting the elderly population. guest: well, depending on the product, different hazard products have emerged, but you are correct i have in concerned by the elderly since i have moved into that demographic.

if you look at the statistics, the elderly over 65 constitute about 65% of the fatalities from consumer products, and the demographic is only growing. an interesting statistic i've run across -- we have more people age 55 and older than they have people in canada. as i say, this demographic is only growing, so it is an area that i have been particularly concerned about. when i was acting chair, i actually reorganized the agency to a small amount to put a mechanical hazard team to the elderly together. i think this will growing concern for this agency and other agencies as well. host: you talked about cribs when it comes to children. what products are the elderly population more at risk from? guest: falls. stairs, ramps, and landings, but the elderly suffer, and this may be different patterns of activity, if you look at

gardening equipment, elderly are injured at a greater rate. if you look to see cooking equipment, and unfortunately fires associated with the use of cooking equipment, slips and falls in bathtubs, so that we would like to see more railings in those products. here is an interesting point that somebody made to me that these beautiful new, very fancy and elaborate banisters on stairways are actually hazardous to the elderly. it is the old, very narrow rod that is the easiest to grab onto that the elderly probably should be using in their homes, so there is a broad array of products. one of my pet peeves particularly is ladders. i believe once you reach my age, you should not climb on a ladder that is taller than you are. the falls from ladders are extremely serious and quite frequent. host: some stats from the 2012 report on product related injuries.

in 2012, 2.8 million injuries in the united states when it comes to stairs, rails, landings. 742,000 when it comes to bed, mattresses, pillows. 603,000 when it comes to chairs, sofas, and sofa beds. 570,001 at comes to sports equipment. 466,000 when it is football injuries relating to football injuries. is it football industries -- injuries? guest: football related injuries. host: what are the new products that the cpsc is more concerned about? guest: new technology. even if they have been around a while. certainly computers and computer batteries present issues that we have never seen before, and as we see the evolution of products. for example, when i was growing

up, rollerskates were not at all like rollerblades now. rollerblades now are much, much more enjoyable to use, but they bring a whole host of different safety problems. we are also continuing to work on things like upholstered furniture fires. there has been tremendous improvement in upholstered furniture characteristics. it is still the leading cause of single-family homes in fires. we are looking at something called recreational highway vehicles, which are simply atv's where you sit side by side. we are looking at a variety of other products that have been a round for a while that we are still trying to address. one product i'm concerned about our table saws. there are about 36,000 injuries a year from tablesaws, and about a 10th of those, almost 4000, are amputation. what is interesting, table salts

have been around for a long time, but there is new technology that is, for lack of a better phrase, a flesh sensing technology that will shut the blade off immediately so you will get a slight nick but it will not amputate your finger. to see if we can get that adopted by the industry. host: robert adler is a commissioner with the consumer product safety commission, check them out online at cpsc.gov , and on twitter @cpsc. we appreciate you stopping by the "washington journal" today. guest: thank you. >> we are live this afternoon as the american bar association is hosting a discussion on cyber security including the obama administration's order and the government's challenges in addressing breaches. thomas mcdermott is among the

panelists. we expect this to get underway in just a moment. live coverage here on c-span.

>> we would like to get started in about a minute if everyone could take their seats.

can everyone hear me ok? we are going to get started now. i'm the last moderator on the best panel you have heard since this event began. i will say that proudly because you're the best audience for

staying here until the end of the panel. a lot of positive feelings going around. i am honored to be the vice chair and what i am not trying to support joe in this endeavor, i'm a partner and serve a managing director. that is about all you will hear from me. i'm excited to have three experts in three both the issues of cyber security and data security we are going to be talking about today. am going to give brief introductions to the panelists and then not giving them any time for opening statements. we are going into some interesting questions. we are going to talk about the tsunami of data breach we have seen lately and some questions around that. we are going to talk about what suzanne talked about the beginning of the event, which is

the use of public-private partnerships, which has challenges and opportunities. what is missing. so with that, the first panelist is steve who is the vice titlesnt and a few other of a big data firm and really one of the game changing organizations thinking about cyber security from a technology tip. steveusly, we worked with assistants the deputy at the fbi cyber division. law grad/.a duke we have atomic turn it to work that the department of homeland security -- we have tom mcdermott who works at the department of homeland security,

which is led by suzanne spaulding, we heard on the first today. the assistant general counsel. andis also a duke law grad has spent some time in the private sector. and last on the panel, definitely not least, is gus, who is a partner at goodwin and .as the acting general counsel always important we have as many general counsels as possible speak. known to most of us in here. more importantly we have a panel with three different perspectives on cyber. we picked it that way so we can have a conversation among ourselves. then we will have time for questions at the end as well. i'm going to throw out some questions. we are going to go, i will pick

because i don't think you are answering the questions. the first is, we really have seen what i call a breach tsunami in terms of reporting of events and what is happening in terms of cyber incidents. i guess from your perspective since everyone looks at this differently, what is causing it? is this a trend we will keep on seeing happening? do, what arewe going to be the things to change it? i will turn it over to steve. >> unfortunately the problem is getting worse over time. this is something that people who have been in this field find rather sobering, all of us want to mitigate the problem. we may have mitigated some of

it. the threat is so outpacing the worse everyblem is year. certainly we see more reporting. i don't believe that is a result of more incidents occurring. there is more visibility by companies. technology has gotten better at protection. been supplemented by budgets that allow for greater detention -- detection. and of course there are a flood of reporting obligations that did not exist previously, including health data, disclosures that we have seen play out the last few months. at the same time that is occurring, there is another confluence of events we realize is that we have become more reliant upon technology. of all times, whether holding data, processing data, processing critical systems in

the critical infrastructure. and adding to that, we are growing reliant upon wireless themology which come with a host of problems we have not even seen yet in terms of across thee electromagnetic spectrum. i think the problem is worse and i think it is going to get worse . i do not say that happily. i feel it is a failure over the last 15 years doing this, trying to make the problem better. thee is no doubt in my mind problem is outpacing our ability to course correct. because i am an optimist, while i don't disagree with anything steve said, there is some good news. there are some positive trends in the area of cyber security. .wo jump to mind

there has been a lot more awareness in nontraditional communities about the growing cyber threat. there is some hope that could drive us toward, if not a solution, at least better preparedness and mitigation against threats. the cyber security framework that came out last year was a good step forward in terms of creating a common baseline in a way the government and private sector could talk about the cyber risk and what steps we could take as part of a risk management framework to try to address that and manage that risk. -- created intent do have some kind of acronym with a superscript. the cyber security voluntary

program, which is an umbrella for a lot of the existing programs to try to partner and work with the private sector to mitigate and manage this growing cyber risk. one of the real focuses of that program has been the notion of different onyx or different audiences -- different products for different audiences. we have targeted the technologists. and now to have a conversation at a higher level. for ceos totions try to do outreach at the senior level so that ceos can start to ask the questions internally. one of the panels, of the earlier at the end of the day, money will drive meaningful change at those agencies and the private sector to step up and mitigate. in addition, the national

association of corporate directors came out with a cyber-handbook for boards of directors to help them engage their companies'executives and technology professionals to understand the risks and continue this conversation about how to manage that. greenwald has stolen my thunder at lunch trade there have been a lot of improvements on the information sharing side. -- what he was talking about where a company came forward and acknowledged because of the government alert shared, they had gone out and look for malware and were able to identify a problem before it got worse. today, earlier panel there was conversation about the success we have seen with sector information sharing. it is not just the government sharing information but the

private sector finding ways to share information among themselves. we have seen real improvements there. area where we can drive to being able to better protect and defend against the risk is moving a lot of information sharing from human to human exchange or from sending e-mails to more machine to machine, real-time information sharing, so that information can be used more quickly to respond to the evolving threats. >> everything has been said. but i will say a few more things. >> as is a lawyer's prerogative. >> everyone has amply underlined what happened in the field since we gathered here last year. so many events, so many incidents, so many breaches. the framework, the executive of thethis is a result

increasing number and sophistication of the attacks we are seeing in our various capacities. i think it is an overstatement to say it is a silver lining. but in these panels year after year, someone would invariably say, this is not an issue for the server room. this is an issue for the boardroom because the board of directors needs to be involved in decisions where the company's reputation, finances, intellectual property assets and other assets are at risk. cybersecurity is the perfect storm of all of those issues. what i would mention as the silver lining in this situation that is very difficult to manage is i cannot imagine there is a corporate board of a public that in the last cyber year we have had has not focused on this issue in at least one

meeting. probably multiple meetings. ofbably has had a committee the board assigned to deal with this and other risks. that is all for the good. problem, and i think steve as stated it very well, is company with goldplated cybersecurity can still be the victim of a cyber attack because our adversaries are highly motivated. they know where the stuff they want is. it is on companies'servers. the advice we give to our corporate clients is this is not a one and done thing. you don't have one board meeting and say we have thought about cybersecurity. that is a good start. but the threat is dynamic and ever-changing. information a company stores on its own servers is different week after week and month after month.

the need for a company to do a risk assessment to figure out what is valuable and might be a target and how that is being protected is something a corporate board needs to satisfy thatf, on a regular basis, the folks in charge of that at the company are doing a good job in securing it. friendshiptest my with my panelist to the left, i'm going to ask a question i did not prepare them for. that is picking up on what gus just said about what companies should be doing. there is an aba cybersecurity playbook outside and other things written on this. i would like to start with tom and talk about what it is since dhs is in the middle of this providing a lot of information hat dhs is asking companies to do. what is it you are seeing companies doing at the company

level that are good? we will get back to the script after this. i would like to pick up on that because i think gus brings up a good point. i see in my practice there is a lot of good corporate behavior and some that is not so good yet. i think there is an opportunity. i know you all think about what we are seeing. >> i will take a first crack at that. the other panelists probably have a different perspective from the private sector. from what we have seen on the government side in working with private sector partners is there is more awareness of the issue. a lot more of a recognition that cyber risk needs to be considered by the company as part of its holistic risk management structure, looking but cybert cyber risk risk in the context of the overall physical risk. you need to understand what your

information is and why it matters. i think the way you defend it and structure your networks and systems is dependent on what the information is, who it is valuable too, and what would happen if someone were to gain access to that information. forof the subtle shifts those that don't live antigovernment planning efforts that wasy directives signed by the president a year ago february along with the cyber executive order was shifting away the government talks about critical infrastructure, from protecting critical infrastructure to enhancing the resilience of critical infrastructure. recognizing it may not be possible to make your systems bulletproof from the most determined adversary.

there may be a lot you can do to make their job harder. low hangingot of fruit on better security. it may not be perfect. it may not be possible to have the perfect security. start talking about resilience and understand what that means if your information is compromised and what that will mean to your business operations and potentially your continuity of operations as an entity. interesting the question was focused on what the private sector can do better and what the ones acting of best practices are doing. i will address that. i am hoping you are asking about what the government can do better as well. i will stick to the question. the first thing is exactly what tom said. you have got to be able to prioritize. companies that have not looked at their information as well as their data systems, is not just about the date on the systems, it is what visa systems do.

about the actual process, whether electric power generation or creating the next widget very the first thing is to prioritize and isolate and make sure those systems are not connected to every other system. our more sophisticated points are getting cyber intelligence and doing what tom said, no who would be interested in that type of information or system so you can understand how they fights you can deploy strategies to address those types of strategies your adversary uses. we are seeing that. i think after that, you're hoping you can detect quickly. you should be focusing your detection mechanisms. when i left the fbi it was specifically to a company building this next-generation a point detection doing continuous threat detection.

i don't know if any of you have looked at what continues monitoring meant. what shocked me was the term "continuous" did not actually mean constant. it meant periodic. that could be every week, every month, the recorder. me asmmediately struck not continuous monitoring. we need continuous monitoring. technologies are now developed and in use that are constantly looking for behaviors of the adversary. not what they look like. . piece of malware can change the vulnerabilities that allow someone into your system can change. it turns out the executions, were the bad guys tried to do, remain constant over time. it would be like trying to protect the hope diamond in the museum. it does not matter how you

stayed in the museum. it does not matter what allowed you to get to the hope diamond. when you see the diamond move off the platform, that is something that matters. is to detection and true constant monitoring is important. then it is containment. what do you have in place after detection to contain the problem question mark and then to mitigate it. technology is part of that. in this world, we talked about three different types of control. there are technical controls. you also have administrative controls and physical controls. physical controls tend not to be thought of a lot in the area of cyber because we think of this as a technical problem. but it is also a very physical problem. i remember not long ago hearing about a company that was very well protected in terms of its physical security in the daytime. they would not let anyone near the data servers. andwhen they left at night

the cleaning crew came in and had access to every square inch of the company, we started talking to them about that. what are you doing to ensure they are not putting something in your system? the answer was nothing. there is administrative security. companies have incident response plans and the tabletop exercises. they have penetration testing and try to determine what would happen if someone accessed, and are they really testing for that. you seeing the better companies are doing that. unfortunately as gus reminds us, even then, you can still see an incident. you are hoping the damage from that is mitigated by the early detection and isolation. points one of quick what the private sector is doing. my co-panelists has had on is prioritization. one thing many of us have

noticed is prioritization is not necessarily driven by the value of the information or the system being guarded. sometimes it is driven by external forces. a stat i am sure many of you have heard before is 47 state attorneys general, 47 states have legislation regarding breaches involving personally identifiable information. companies focus on things the law requires them to focus on. there has been an allocation of onources, a prioritization just the thing you have to disclose if there is a breach involving it. the problem with that is that up until this year, and i think this year has been unique in the history of cybersecurity, that has been the exclusive focus of a lot of private sector entities.

a lot of the news of breaches, and i would note the indictment of the five pla officers doj announced a number of months ago, have raised awareness of the other types of attacks possible, and other types of information the adversary is seeking. , why didle have asked eric holder do that? why was that indictment make? we will never have him extradited from china. i think the reason was in part to communicate to companies, to ceo's, to corporate boards that in addition to the things state law has compelled them to look at up until now, they should be looking at other things. they should be looking at the e-mail between the cfo and ceo about the next big the company is going to be making in and m&a transaction because that has incredible value to somebody on

the other side of that transaction. and thezation externalities is one point. the other is the interconnectedness and interdependencies of companies in information security. there is a natural focus on your own systems. but i think in every entity all of us work at some information, some process is being done outside. il or a cloud g-ma provider for storage or any number of contractors that have access to a company's information systems, being aware not only of the information and vulnerabilities in your own system but the information and vulnerabilities you keep on someone else's system is an important part of the process the private sector entities have to go through.

upt awareness has gone dramatically this past year. i would list that is a best practice. >> there has been a lot of discussion about public-private partnerships. i would like to spend a few minutes talking about public-private partnerships in cybersecurity an answer the basic question of, are we heading down the right path? to do that, i think we need to first understand what path that is and the role of the public and the private. off sinceke to start dhs is the hub and spoke of withc-private partnerships tom and spend a few minutes talking about cybersecurity in public-private partnerships. >> i would hearken back two things i said earlier.

in the presidential policy directive that came out last year that directed dhs to update the national infrastructure protection plan, which is sort of the doctrine and dogma by which dhs tends to structure its partnership with the critical infrastructure sectors and private sector in that area, i think there was a couple of things that were the focus of that document. one is recognizing the need to jointly set priorities. i think we've seen where public-private partnerships seems to work best is when both parties have identified something they want to jointly work forward towards. somethingve that be that is more defined and more tangible as opposed to a vague and academic and bureaucratic sounding. to of the priorities was

jointly set priorities and work towards those. in addition in terms of the government's role on the cyber ,ide, where the private sector i forget the number, it owns 80% of the critical infrastructure. is role of the government about enabling the private sector to better protect themselves. dhs has recognized in that the involvement of the government has to be before incident. it is too late when you have been compromised for the government to get involved. the government's focus on cyber has been the pre-incident engagement, helping to understand the threat. whether it is doing briefings for the private sector, the government has a couple of cases gone out and done sector

roadshows with sectors to help them understand what the threat is. provides a good baseline to have a conversation between the government and private sector about good cybersecurity best practices. then focusing on the information sharing and making sure the information the government has is of use to the private sector and made available as quickly as possible. the government can play a role in this to encourage the private sector to share amongst so people are at least positioned as well as they can be to defend themselves from determined actors. and heartfelt way, can a former fbi official share his opinion on dhs's comments now? >> why don't i start with what i agree with? i have obviously been working

this issue from a lot of different angles. from the public-private partnership perspective, i started in this area in 1998 and helped nationalize the and guard group.fra today it is over 50,000 people. it sounds like a success. the question is the metrics behind it and what is happening with those groups and what they are being used for. withtom said, i agree 100%, which is this notion of the government and private sector working together to determine the priorities. we were not particularly doing that with intergaurd. when i was in the fbi, we had great success with financial services. i think the story is so profound for this area that i think it is

worth retelling. what happened is we asked in a roomful of different government agencies, the financial services sector was there, we said, how is information sharing working between the government and private sector? there was this look like emma do you really want us to tell you? i said, yes, i really do, without the words being uttered, just facial extraction -- expressions. they said terrible. all of my friends were looking at me with daggers like what kind of litigator are you asking a question you jot --do not know the answer to. i knew the answer. when we get anything back, is hardly anything at all. by the time we get it back, it is not timely. we proposed a different model which i think is a good way of going forward and it is of the type tom described. it is not information sharing. it is collaboration.

when you talk about information sharing, you are behind the eight ball. aboutou talk collaboration, you're working together. we said, how about you come in and have representatives from the sector and we will show you all the cases we are working on? you decide couple of things. one, what is important to you. we believe we could determine what is important to you because we have been working with you for a long enough time. that, to this day, i still believe is true. if you know your partner, you can learn what is important to them. but the second question we could never know, which is, what is important to you? what don't you already have? that was the key. we could push so much information against them. but they already would have it. that it is just a lot of noise for them to get to that which was important. the idea of being able to say we show you everything and you determine what you don't have but is important, within a couple of weeks we were able to

put out a bulletin. there was automated clearinghouse transaction fraud that leveled off at about $400 million by the time we were addressing this with the banks. we thought we did not need to tell them because they knew the numbers. what they did not know was how the bad guys were defeating their best practices. the fbi did know that. a story for another day. the main point was we told them that, we said, why don't we write a joint product? in that joint product, we will show what we know and ask the industry to tell its own members how to act, what they should do about the problem. so it is not only relevant, timely, but actionable. the action item was to purchase a standalone $700 computer to do majorrk if you have amounts of value in your bank accounts, which these businesses do.

since that time, anyone who took the recommendation never suffered from this fraud. that is a pretty inexpensive resolution of what had been a $400 million problem. $700 for a company to get out from under it. the collaboration of figuring out priorities also reflects in the takedowns we've seen recently where the private sector and government are working together and with allies throughout the world on a common resolution with joint capabilities and resources. that is the right answer. where i comeing is in more conflict with what tom said. that is the role of the government is to provide information to the private sector so they can better defend itself. the role of the government is to defend people and corporations. it is not and has never been and god willing never will be accepted that the role of the government is to provide warnings to the private sector and not take care of the threat. that is where we are today.

i don't mean to imply you had all of that bubbled into your statement. but for me, it is because i have heard it too many times. in this area, the better public-private alliances, if we are really going to make a difference in this area, will be more reflective of what we see in security in every other setting, meeting every other setting other than cyber. when you think about security, you think about three possible ways to get to a better security situation. one is to lower vulnerabilities. another is to lower the threat. the third is to lower the consequences of a successful attack. in every other area of physical security, we use only modest measures for vulnerability mitigation. we will put locks on doors. don't keep the keys in your car. know is a point where you a determined adversary will be able to break in. the return on investment all of a sudden dilutes and you cannot

survive in any kind of interoperable environment with a system that focuses predominantly on vulnerability mitigation, meaning accepting information on the government on how to better protect yourself. what happens is we shift focus to threat deterrent. we put up alarms and put up cameras that say to the adversary, we acknowledge you can get in, but this time it is not going to be about us. it is going to be about you. we are going to detecting early. we are going to identify you. through our monitoring company, we are going to call the police, not a locksmith. company calls the police because that is the deterrent. that is how you get to a better security resolution. until the government realizes the public-private alliances, the strategies, policies, international elements have to be aligned to a threat deterrent

approach where the private sector works with the government to do detection and the government takes over the role of penalizing actors in deterring them, we will never be able to get out from under this. the guy upng to be here saying you don't have to worry about defense and vulnerability mitigation. of course you do. but there's a point where it has to be a different situation than we have now, which is that the bad guys get to keep trying until their successful. defense continues to try to be detect,is secure or contain, and mitigate 100% of the time. that cannot work but we keep trying to resource that very approach. so i am hoping over time, the discussion recognizes the risk model has been grossly distorted and we have to get on the right track. >> let me jump in quickly on

the. steve and i have more agreement than disagreement on most of what he laid out. steve knows law enforcement has been increasingly focused on the cyberthreat and trying to serve as that deterrent whether it is the fbi or secret service. there have been high-profile actions taken by law enforcement. prosecutions, arrests. that is part of the whole government approach of how we need to deal with cyber. >> ok. this is a hundreds of billions of dollars problem. when you think about the resourcing. the fbi has a few hundred agents who work cyber. state and local have few if any that can do intrusion's. secret service rings to bear maybe another couple of hundred maybe full-time. the international scope, we

have maybe two handfuls of agents stationed abroad. i do agree in the whole of government approach, it is not that threat deterrent is completely off the table. it is just that the balance has been so distorted. effortse the areas and we need to be pushing more resources into. i find instead we keep blaming the victims. this is a crime where the victims get blamed constantly. spendingcorporations millions on cybersecurity and still get intruded on. instead of trying to figure out what is happening with the investigation to figure out the people behind this and what nationstates are supporting them, with call in the ceo's of the company to explain themselves. they are victims. this has got to change. >> allow me for a moment. i'm going to come in on the dh side --dhs side eventually. i do agree with steve on the blame the victim mentality.

a result of the fact that there has not been any legislation in this area, and i don't know if that would be for the good or the ill, the federal government a schizophrenic. and ourdhs, fbi, friends in law enforcement who are generally trying to help those companies that have been victims of sophisticated cyberattacks. we have other agencies of the government that will have a knee-jerk reaction of hauling in the ceo or questioning the data privacy practices of the company that was essentially victimized. this is something i think the president, the executive branch, needs to address to have consistency between the help the victim and blame the victim mindset. that is the first point. the second point is what steve

boy, would that be great. but the problem we detected that problem we detected, i don't know if tom can speak about the networks we are trying to defend our private and contain information about citizens of the united states, companies within the united states that the ceos or those people and privacy advocates might have a problem having the government actively defend. be a wonderfuld topic for discussion between the private sector and the government to figure out a way to do that without setting off every alarm bell in the privacy community. until then time, we are in a world where information