reversed. the military surplus weapons can go to local police departments. they just have to apply and show some kind of loose need but where it gets weird is then when they get these tanks and ak-47s, they have to use them within a year or the government threatens to take them back. so, you know, it's like who was it chertoff said if you put a gun on the stage, it has to go off. >> that's what happens here we need common sense reforms. it's gratifying to know that the police department is listening to especially african-americans who have led the call for more responsible police practices. >> i agree with that. i mean the images that were presented initially out of ferguson, you thought you were witness something going on iraq or syria. >> we don't think we treat our citizens that way. but it turns out that we do. maybe some jurisdictions, you know, big cities need some of

this armament, but ferg season it seems very much over the top and they seem like they are not at all trained to use it. tazer. a tazer would have been much more effective in dealing with michael brown but they say tazers aren't 100% effective. maybe they ought to make them more effective plus the fact there was a second police officer in the car with them, with wilson, i believe. >> could be the baku with the gun. i think there is going to be some definitely review of the procedures they used in ferguson and whether those are the ones they were trained. also, a story came out that t theple was with another police department which was so ineffective and so apparently arrive with racism that they fired everybody in the department and hired a new. some of the people, you could apply for the job, but this particular officer instead got a job in ferguson. you know, that doesn't

necessarily say that he was part of the problem there. but we are beginning to learn a little bit more about him and, the training that he might have gotten. host: armstrong williams? >> it would be an incredible high bar to ever justify using that military equipment anywhere against american citizens. for children to understand, azle nor mentioned what that represents when you look to iraq and afghanistan to places like syria, that's war. we are not -- we don't have -- these are not war zones here we may have out of control intiingsz they are not war zones. they have recalled all of this equipment because they are shipping it to iraq because the equipment is needed to carry out the new mission. to me, there is never a reason. when i watch that on t.v., i was confused as to what i was watching. i couldn't believe it. for flooerz, they are like kids,

excited to use this equipment. they got an opportunity to use it. so here we go. and they walk around but they don't understand how that further insights chaos in those communities. >> this seems to be an issue that liberals conservatives are both kind of jelling on. >> crist justice reform, it's not that unusual for there to be this bi-partisan support. so, if you think of the number of people who we are locking up in the state, we lock up more people than any other country in the world, lots of conservatives understood that's a problem because it's inefficient government spending. we are not getting the bang for the buck, lots of faith-based conservatives have come on board because it's about redeltion and giving folks a second chance. we see libertarians like senator paul who are appalled by the way that we are treating american citizens like they are the enemy. it is an issue where there is a

huge -- there is a huge consensus there. we need more effective criminal justice. host: carol, 52 years old, hinesburou gh, illinois. >> caller: hi. i live in hinesborou gh, south of the champagne-urban a lot na my situation, my father, while he was world war ii and he was in the korean war, he was a bigot. not only towards african-americans but also towards he he had a name for every kind of race if you understand what i mean. he was in the navy for 20 years and i think some of that is

generational. th i think a lot of the race relation problems are fear-based. i grew up on the east coast. having a father who was a bigot was very disturbing to me growing up. i was embarrassed. i worked at the va for 22 years and working at the va, i met so many people of dye verse backgrounds, staff, but patients as well. and various backgrounds. i had that experience. i am a good person. i love to learn about different people and is ask them

personally about what that their cultural believes. what kind of things sdmrfrp carol, do you think america's race relations have changed in any way? caller: yes. they have changed. i have hopes for the future because i don't know whether in my lifetime. i find it to be more geographical as to where i am living now and, there are no people of color in this little town i live in. the next town over, maybe very few. i find that people who have very limited experience with people

of dye ver of -- of diverse backgrounds are fearful. their minds are not open. they are not open to expanding their experience with other people. host: thank you, ma'am. eleanor clift, she referenced you early on? >> she said her father was a bigot. my father was an immigrant. actually, i don't really any bias against african-americans. it was mostly against other ethnicities and kind of this need to feel like you were on the top. i think he came from a tiny island that was originally danish and became german. and i remember a lot of sunday dinners and my punch line always was, jesus christ was a jew. i thought, you know that was -- that just ended the debate as

far as i was concerned. so, i think i probably learned some of my arguing skills at the sunday dinner table. so, i think my father for -- i thank my father for that. he had a lot of other qualities. he is long since gone. he came here as a teenager and made his way working in delcal cat he delicatessen. i don't remember him ever taking a vacation. work ethic, he had thathat. >> did you ever hear your parents say something about white people? >> of course. >> that's what we can say. >> that's not what you can say. of course. of course with the inter-racial dating, yeah, but it's the tone in which this is spoken and how it's conveyed to children who

are so impressionable and want to emulate their parents. my parents were careful in how they explained these things. my father said, which is interesting, boy, my brothers and sisters, i always wanted to own my own farm, i want you to have a different experience, working for your father because it will better prepare you for life. he said he worked hard to buy that land in 1944 to make sure that never happened. host: paul butler, personal experience with your parents? >> my parents, but other members of my family were, i think, rightly very suspicious of white people. so the message was that i shouldn't trust them because, you know, no matter -- basically they wouldn't have my best interests at heart even in a northern city like chicago where i grew up. but the important thing is that that kind of behavior, those kind of racist attitudes are

learned and they can be unlearned. and now, we are coming up with ways to train police officers to know about what we call implicit bias and to unlearn that. now, officers are more likely to shoot at an unarmed blackman than they are at an armed white man. it's about -- i am learning racism not only, you know, for a kum ba ya moment but for cops' safety. host: let's hear from arthur. we lost all of our calls there sorry about that, guys. >> that's the ends of our show. >> okay. host: a bad segway there at the end. i apologize. i thought we would have one more caller. thank you. i am chad williams. eleanor clift, paul butler. we appreciate you all being on,

>> the american bar association

held its ninth annual homeland security law institute last week. homeland security undersecretary for national protection discussed changes in cyber security and critical infrastructure. this is just over an hour. thank you to those who are here i know on a daily basis care about and in many cases work to

achieve our shared objective of ensuring secure, safe, resilient communities where our ways of life can thrive. it's really like dan the, my counsel, said this is like a class reunion and in many ways it is. i bring greetings from secretary jay johnson. like me, he is a recovering ttorney.

we are well aware and appreciate the rule of law and the rules of lawyers as a vital part of our team as we go forward to accomplish this mission on behalf of the american people. i am aided amy counsel dan sutherland and the secretary has a wonderful general counsel in dan's boss who i believe you're hearing from later in the program. so we're really quite fortunate in our legal counsel at the epartment.

>> i want to talk about three key elements of how we view our mission at the department of homeland security, particularly for the national programs director, for whom i have the honor of being the undersecretary. the name itself tells you very little about what we do. our overarching mission is to strengthen the security and resilience of the nation's critical infrastructure. we do that in the context of an all hazards approach. he look at the threats, vulnerabilities, threats, and mitigation across physical, human, and cyber. we are working very hard each and every day to make sure that we are not still piping our approach to that mission of the security and resilience of critical infrastructure that

our cyber ninjas who are really smart on the cyber front and the folks who have gotten really good over the years that had understanding, cascading, consequences and injured -- interdependencies of the physical world, and the folks who are looking at human sick -- security from a biometrics side, are understanding their own interdependencies. we are able to achieve that and get better and better at that each day, because we have very talented people at the department of homeland security. i will talk a little bit about that. i might talk a little bit about the role of technology, and that is particularly important and a challenge on the legal front. for those of you in this room, i think you will -- i think some of the challenges i want to talk about their will resonate with you. one of the most important aspects of what we do, the public-private partnerships. that phrase has been with us for at least a couple decades now in this context. a lot of people roll their eyes and have refused to even ention the phrase anymore. it is a reality that we benefit rom every day.

i will start by talking about my favorite aspect of this, which is the talented people we have working for us. we have always had the benefit of being led by people with xtraordinary talent. i continue to be amazed by the extraordinary talents of the people we are able to attract at the department of homeland ecurity. a lot of that is due to the people in this room who were there at the creation of the department, and folks who have helped shepherd it along the way, who have made this an exciting place for people to come to work. we are very fortunate to be led by secretary jeh johnson who in addition to being a lawyer, most recently came to us after having been general counsel at the department of defense during a brings not only the experience he had in private practice representing usinesses, private sector, entities of all sizes, which is

a critical part of what we do, but he also has brought to the department that post-goldwater ichols sense of unity. those of you with experience in d.o.d. who have been watching this know that about 40 years after the department of defense was created, congress passed the 1986 goldwater-nichols legislation to bring greater unity of effort to the department of defense. as a talk about this to my colleagues at dhs, i remind them that it took about 40 years for the department of defense to get where they needed to get to begin on unity of effort. we do not have the 40 years to get this right at department of homeland security. it helps you to keep in mind how young we are as a department. but secretary johnson has come with a sense of urgency to bring the lessons learned from the department of defense with

regard to bringing that unity of effort across those elements f dhs. a very important part of what he is doing. and it is perfectly consistent with what i have been doing, trying to do, since i came in october of 2011, to bring that unity of effort i talked earlier about to make sure that our folks are fully leveraging data, resources, capabilities, understanding, knowledge across this elements and that we are happy for the secretary to leverage that across the department. -- helping the secretary to leverage that across the department. we are fortunate with regard to our deputy secretary who was a component head, the head of citizenship and immigration services, has moved up to be the deputy, and i have to tell you it really is wonderful to have someone in that position who has led one of the

components of the department and understands that relationship and how important that is between the department of homeland security headquarters and its operational components, and really captivates the kinds of things that need to be pulled up and centralized and managed from headquarters and those things that really need to be distributed out to the components. it is interesting as i watch that because it is the same sort of lessons that i take back as i look at the relationship of the what i am, which is headquarters, and our component, and have the same kind of discussions about what needs to be centralized and distributed to create an effective, dynamic and efficient organization. so that is happening, so we are seeing changes at the departmental level in an effort

to create a unity of effort to enhance efficiency and at the same time i'm doing this same change. the challenge we are facing is to make sure we are in sync with each other. so far we're doing pretty well. it is in large part thanks to the great leadership we have at the department. we were incredibly fortunate and excited to recruit our cyber under-secretary some onths ago. she no longer can use the -am-new-here card, but she has been outstanding and for those of you who do not know phyllis, she comes to us from the private sector. she was the chief technology officer at mcafee.

she's somebody who comes with an understanding already of the importance of policy because she was chair of the board at infraguard, a private group managed by the fbi, and with the perfect frantic analysis ever up -- forensic analysis in pennsylvania, outside of carnegie mellon, the center for technology and analysis, i hink it is called. she has been in touch with a lot of people on the hill. she has hit the ground running for us on the cyber front. she also helped us to recruit for our assistant secretary for cyber security and communications, a ph.d. in computer science, and an understanding of the gency.

prior to joining us, he was at the white house. he has come in and provided some outstanding leadership along with his deputies. we have an outstanding team in place working on these cyber issues for us. they continue to attract the best and the brightest. we have a turnover which is to be expected. when you are recruiting really top talent, particularly in the cyber crime context. it is not surprising that the private sector might be able to lure some of them away. it is always a loss and we are always sad to see them go. we lost a couple of our key leaders. the head of our outreach and education program. we know that we have top talent lined up, ready to come in and join the fight.

that is really a wonderful feeling, to know that we will continue to be able to recruit the best and the brightest to come and join us on this really important mission. we have great leadership and i quickly want to highlight patterson. he leads our service. they are in charge of security, over 9000 facilities across the country. they do work very similar to what our protective security advisers and our detection doing in the private sector. they also manage a private force that stands guard at those buildings. the insights we can get from that, day-to-day interactions.

it is something that we are working to bring back in, again get out to the private sector to help enhance the work we do for the private sector. our federal protective service folks are increasingly aware of the interaction with cyber and physical. so, our cyber folks have responsibility for the gov. -- .gov. we lead the civilian.gov effort of cyber security. again, one of the things we're doing is saying, this is a real owerful combination. we have asset systems and network. we are increasingly looking at

that in a holistic way, how can we leverage those authorities? we bring the powerful combination to there. - to bear. to be able to bring the knowledge in, whether it is from what we are seeing and what we are seeing at our tools and programs from what we're seeing in the physical realm together to provide those insights to our .com takeholders. so, that issue and insight into what we are talking about unity, that is the kind of thing we are talking about. how do we bring all of these things together to help all of our stakeholders by leveraging more fully the kinds of things

we are doing. eric patterson is doing a great job leading the protective service. we have great leadership in our office of biometrics and identity management. they are taking a leadership role to look across the department to see how we can etter leverage biometrics. the office of cyber security and infrastructure analysis which is a real institutionalization of that looking across cyber and physical. and that group is doing rate -- great work bringing together our cyber ninjas, particularly those that have unequaled expertise in understanding industrial console systems. together with the people that can say so what. so, our industrial console systems can say, this is the way that somebody could hack into our systems and industrial

control systems, here is what you can do with equipment processes that are controlled by those systems. the folks who understand how to model and understand those nterdependencies come in and say, here the consequences. that is a critical part of prioritization. for all of us understand that we have limited resources and limited time. particularly in the case of an ncident or a crisis. whether it is superstorm sandy or a cyber attack. something that is on the scale that they are worried about. it is going to demand prioritization and understanding where you can keep generators going.

in superstorm sandy, there is a communications hub that people are not paying attention to. if it is running out of fuel and its generators, up and down the eastern seaboard. we have got to get fuel, a generator. that is the kind of dynamic prioritization that our folks of the office of cyber analysis o during a crisis. the growing expertise is actually increasingly being recognized by outside observers. for example, i mentioned two of our outstanding women in cyber security and communication. they were recently recognized

as two of the top 50 professionals in government. my colleagues have won major awards from organizations such as the government technology research alliance and the ecurity education. phyllis has been leased to gain an understanding about the wonderful expertise and the talent that we have in government. she came from the private sector and has professed that there was a lot of talk about the private sector had better talent than the government. and she had said time and time again that she had never worked with smarter, more professional people then she has here. we recently got kudos from our stakeholders out there, from a company that we had sent one of our teams out to assist who wrote back and said that he had

never worked with a more professional and talented team that had come out. so, those are nice things to hear, particularly for a nice organization that is still building and growing. -- young organization that is till building and growing. for those of you who have been with the department, i just wanted to really emphasize that how proud you should feel that that you helped to stand p. the second point that i want to talk about is the role of echnology. we are particularly at risk. the ecology advances, challenges and opportunities to look at vulnerabilities.

it is also a challenging for the lawyers. they have frequent conversations. our adversaries are not slowing down in their evolutions of technology and techniques, you ave to be equally agile. i typically draw a matrix. this is the destructive intent. this is capacity. the line is like this.

they would have the greatest destructive intent and have less capability. this top point is everyday moving to the right. those who have less capacity today are constantly gaining capacity. this bottom point depends on what is happening in the world. at any point, it could slip up. that is the threat picture, it is very dynamic and we are aware that it is very dynamic. a lot of that is because of technology. the good news again is that just as our adversaries are dealing with advances and taking advantage of advances in technology, the department is looking at and making great strides in terms of the type of echnology.

science and technology directors had very innovative programs underway. those of you who are familiar with the metcalf incident at the electricity substation in california understand the importance of transformers and that they are a long pole in the tent. our science and technology director has been working with their private sector colleague to develop transformers that can be produced much more quickly and transported much more easily. that is a really important effort that they have underway. that is a significant vulnerability. our colleagues who are also involved in our cyber

activities and do terrific work on forensics and to uncover and prosecute kernel activity online. they are constantly innovating and using technology to get faster and better at the ways in which they are able to do that forensic activity. secret service is crippling international cyber crime. becoming increasingly innovative not only in the ways in which they do prosecution but also really working hard and one up -- rolling up their sleeves to see how they can carry out a successful prosecution while sharing information without -- with us to share to our government and stakeholders as quickly as possible to prevent further ctivity.

the secret service and the fbi are working hard. we have terrific stuff going on in our cyber center. the national communications and cyber security integration ervice, it is 24/7 center. it has on the floor of that center, not only our colleagues across the dhs but also our colleagues across the interagency including law enforcement and the ntelligence committee. our colleagues come together and with increasingly sophisticated technology and tools that our colleagues come together and with increasingly sophisticated technology and tools. also, understanding how to detect and stop and block those ntrusions.

they do this with their colleagues who are developing the tools. we have deployed our intrusion detection and are working on deployment of our intrusion prevention technology, also the diagnostics and monitoring which is going to revolutionize the way in which we assess the health of our government etworks. right now i'm a under the -- under the fisma, this produces he client checklist. what cdm will do is within a matter of hours scanning your network, assess your network and help you prioritize. it is really truly remarkable.

an example of the ways in which the department is taking advantage of technology to try to stay ahead of the game. this is an illustration of what i will talk about in a minute in terms of public-private partnership. they have responded to nearly half a million incident reports and they have put out over 26,000 actionable alerts. i will tell you that these are making a difference. we just got word from our private sector company that they had gone on alert. some of the information came from the u.s. secret service. we put that information out. this got that alert about a

possible malware, and they said to their tech folks, we have got to figure it out. they went and looked and indeed they did. they had a problem which they were able to identify and begin immediately to take mitigation measures for that. and that is exactly what we are about. we are all about giving that -- getting that information out, making sure it is actionable and trying to prevent and mitigate the consequences of cyber and physical intrusions. technology is impacting the laws as i referred to earlier. as you can imagine, dan and his team are dealing with a number of really cutting edge issues in the long. -- law. a number of them have to do with technology and you all understand this. here is a disconnect between

the incredibly rapid pace of technological change and the intentionally deliberate speed with which the law changes. the law is intended to be thoughtful, careful, buildout over time. whether you are talking about the development of law through the judicial process which can take a long time or developments law through the congress which can sometimes ake forever. which is often runs the risk of being swrout dated as soon as it's enacted. so this is a huge challenge. it is one with which we wrestle. so what you wind up doing is you are going to laws for legal guidance that were written that didn't actually envision perhaps the technological context in which you currently find yourself.

so it takes creative lawyers like dan and his team to make sure that we are staying true to the public policy interests that lie behind those egislative enactments. you're familiar with a number of the questions and the areas in which this debate takes place. right? speed. i referenced that. that's one of the issues. quantity is one of the issues that we are increasingly confronted and that you are seeing play itself out in supreme court cases and lower court cases. right? are we in a place where it is really true that a difference in quantity becomes a different in kind? the amount of information that technology allows us not only to gather but to understand and make sense of. so it's both the sensing and the sense-making part of technology that has presented

some interesting new issues for our courts and for our lawyers as they look at those issues. the boundaries, the buckets that we conveniently as lawyers have put these issues. right? whether it's breaking things down between international and foreign and domestic, between nation state actors and nonstate actors, between criminal actors and nation state actors. and these lines that have served us pretty well in the past to try to understand who has the authority and how that authority is going to be implemented and how just exactly how the fourth amendment applies, et cetera, those things are being challenged, as. we know. and those questions are being asked. do we need new kinds of buckets? how do we make sure that our

legal framework is keeping up with the changes in the world? and one of the ones that we deal with again on a daily basis, and that is roles. and particularly the role of the government and the role of the private sector. those of you who, like me, came up in the traditional national security world, you will remember that we basically had -- if we interacted with the private sector, it was generally in one of two contexts. they were either a contractor providing you a specific good or service pursuant to a contract, or they were a potential victim about whom you had specific and credible threat information and you were warning them. so this notion that the department of homeland security was in part stood up to implement of treating -- recognizing the private sector as a full partner in achieving that security and resilience

that is our fundamental mission, that is a new concept. again, despite the fact that we have been talking public-private partnership it seems like forever now, it's actually a very new way of thinking for traditional national security folks. and i have watched as folks have sort of begun to get their head around it. but it is a challenge. and it is something that we again work on day in and day out at the department of homeland security and mppd and that we go to the traditional national security table having to constantly remind our colleagues that the private sector actually is part of the security solution. so, for example, we have a private sector clearance program where we can clear folks in the private sector not pursuant to a contractual relationship but pursuant to this partnership.

and so we can bring in critical infrastructure, owners and operators, with top secret clearances, show them all the intelligence that we have, and say here's what we think we see in this intelligence. here's what we think this is saying. what do you see? what are we missing? and most importantly help us to craft the unclassified alert that we can put out through our appropriate channels to all of our critical owners and operators across the country so they can take action. tell us what in this classified information you would really need to know as the chief security officer of a piece of critical infrastructure or as the ciso. and that gives us information to go back to either the intelligence community or the law enforcement community and say this piece of information is really important.

our critical infrastructure owners and operators tell us this is what they need to be able to take the action that we look to them to take as our partners in addressing this security challenge. and that's a really powerful combination. and just one example of the way in which that plays out. which leads smoothly into the next topic, which is that public-private partnership. because we really do recognize that we are not going to achieve the security and resilience of critical infrastructure. we are going to do everything that we can to assist the owners and operators of that infrastructure, whether they are federal facilities or public sector utility owners and operators to make wiser risk management decisions. so traditionally that meant that the government would provide the threat information. right? and we still do provide significant threat information

as i just described. but increasingly, particularly in the cyber context, the private sector is developing threat information and in some cases better and more threat information than the government. certainly with respect to what's coming at the private sector. so we are in a situation where again we are having to think about this in a very nontraditional way. how do we share threat information not just one way but bye directionly? how do we do that in a way that is appropriate and consistent with private sector -- with privacy and civil rights and civil liberties? that task is made easier for me and at the department because we have a statutory privacy security officer. and i have my own privacy security council and she has a team and they are a full part of our team. they are with us at the development of programs, we don't go to them afterwards and

say we've built this program now tell us how to make it consistent with our privacy. they are there right from the get-go to bake it in from the very beginning. we do that for a lot of reasons not only do we have some legal obligations to make sure that we are complying with privacy laws but our privacy counsel helps us to focus our efforts. and again, in a time of scarce resources we want to make sure that we are really focusing on the things that really matter. so they are helping us accomplish our mission of strengthening this security and resilience of security infrastructure. and perhaps most importantly that close relationship and doing this right is essential to that trusted relationship that we have with the private sector. that is again that is our reason for being. we are only here to assist our stake holders in that security and resilience of critical infrastructure mission.

and we can only do that if we have the trust of the critical infrastructure owners and operators and of the american people. and so we are extremely grateful to have this team helping us with the privacy and civil rights/civil liberties issues from the very get-go and all the way through. the importance of our private sector partnership is reflected in the national infrastructure protection plan for 2013, and i expect a number of the people in this room have been involved in previous iterations of the nip. and so you know what a huge undertaking and what a huge challenge it is always to develop this document. we had tremendous collaboration and input from the private sector, folks who worked incredibly hard and for whom this was not really their day job, who have other things to do but who rolled up their sleeves across our critical infrastructure sectors and helped to make sure that we got this right.

so the subtitle of that plan for 2013 is partnering to enhance the -- to strengthen the security and resilience of critical infrastructure. and it reflects the lessons we have learned and continue to learn day in and day out as we strengthen those relationships and that interaction. so i am going to wrap it up. the bottom line of my message is we're from the government and we're here to help. and that's a pretty guaranteed last line. but it really is true. i think increasingly our stake holders are coming to see that we really mean it and that in fact we have a lot that we bring to the table to help in what is increasingly seen as a shared mission. to preserve the functionality

f those services and goods that underlie our way of life. and that's -- when we talk about critical infrastructure, that's really what we're talking about. we're talking about all those thing that is go into our day-to-day that we depend upon to sustain and enrich our ways of life. that's critical infrastructure. it is that broad. and traditionally, 85%, we say 85% is owned by the private sector. one of these days we will figure out whether that's true. but it is somewhere around that number. in any event, the vast majority is owned by the private sector. so that relationship is very important. we have things we bring to the table. so as lawyers out there, those of you in this room who work with clients in the critical infrastructure owner and operator arena, you know

lawyers are always very cautious and i think appropriately so. that's what we get paid the big bucks for. but i want you to know that we do come when we come and knock on the door and offer to do a vulnerability assessment, when we respond to a call that says we think we have seen an intrusion or breach, those of us who are coming from nppd, we are coming for no reason other than to help you. we don't have a law enforcement mission. our colleagues in the secret service go after organized crime and financial crimes. but we don't have a law enforcement mission and we don't have an intelligence collection mission. our mission is just about helping strengthen the security and resilience of critical infrastructure. and so i would encourage you to encourage your clients to feel comfortable in reaching out.

information is protected under the pcii, the protected critical infrastructure information regime and we've never had an unauthorized disclosure of information that is protected under that regime which was set up when the president -- the department was first created. you have important roles to play as lawyers engaged in transactional activity. i've been working with the american bar association to see if we can't get a more clear statement about the responsibility of lawyers who are doing due diligence in transactional activity -- mergers and acquisition -- to include cyber security as part of the risks that they're assessing and analyzing. i can't tell you how many companies we talk to that have grown through mergers and acquisition that is have acquired companies and later find out after they've connected all their networks

and systems that that company they acquired did not have good cyber higene and was riddled with problems and has now infected the entire network. lawyers need to help with that, auditors need to help with that. venture capitalists, if you're investing in a company, you're investing in large part in that intellectual property. and if you haven't done the due diligence to assure yourself that they have good cyber higene, you are throwing your money down a rat hole because that is going out the back door. attorneys in this room and your colleagues work with these folks on a daily basis. i need your help in spreading the word. he more secure any one of us becomes, the more secure all of us are. this is a joint responsibility. and only by working collaboratively and together will we meet this challenge.

but i am confident that those of you in this room understand that. that's why you're here today. that's why you're going to be here many of you for the next couple of days. and i thank you again for the work that you're doing and for all of your help as we tackle this significant challenge. thank you very much. [applause] so i do, i talked longer than i meant to for which i apologize. but i am happy to take a few questions. i see david in the back of the room, which reminds me why you should never try to recognize people, because i certainly meant to call out amongst the talented people that we have of ssint secretary many you know and has really been with us i believe since its inception if not the day of

certainly very shortly thereafter and brings tremendous expertise to that role and energy and passion. and david, who works with her iscd, ead of the infrastructure security and compliance division, which is ts. office that manages cfa and david and caitlyn have done an outstanding job of turning around what was a very troubled program that had a very difficult time getting off the ground and i am here to tell you that within the last two years they have with their team gone from having a proved 0, no site security plans for highest risk chemical facilities across the country, to having just signed the 1,000th approval. so they've gone from 0 to 1,000 within the space of two years. and they are on a great trend line to get through what became

a pretty significant backlog of plans to be approved to raise the security for the country with regard to these highest risked chemical facilities. they are making a difference each and every day. thank you. i know you're going to hear from david. i wanted to brag a little bit about him. >> a few questions. >> yes. > we have a microphone here. i'm not shy. let me ask a question, if i could. i know you can't look into a crystal ball right now and think about, it's been more than ten years since the department was created. but if you could sort of project ahead what we might be seeing in this sector possibly over the next 10 the next 10 years.

thinking about the international peace -- one at work for tom hege, one of the comments made was that he spent a little bit more time on the international peace. he did, but so much of this is domestic, but if he could touch on the projection ahead in the international peace if you could. >> i will start with the international piece/ . it is a critical part of what we do. very much engaged in conversation and collaboration with their counterparts across the globe. we have a rich relationship critical five, the

ottowa five and any number of for him which these folks come together -- forum which these folks come together. dealing with the european union and people around the world. infrastructure across all , and anti-terrorism context and the cyber context. have very strong relationships between our readiness teams and many that are being set up around the world by countries. stood up aave pu fuller counterpart.

that is obviously essential. these threats, it is most obvious in cyber, mother nature does not really know borders. we contemplated the potential consequences of the aftereffects of the synonymy in japan. terrorism is a transnational crime. -- that tsunami in japan. terrorism is a tran snational crime. i will tell you my utopian vision for where i would like to heading and- see us where i would like to see us in 10 years. ofgoes back to the notion sensing and sense making. it is really all about better

understanding and taking advantage of our comparative advantages. it goes back to the partnerships with our stakeholders. interagency,deral state, local, territorial, tribal, and international. that we would all understand each other's capabilities, authorities, imitations -- limitations, and that we would have an ability through our , weed information exchanges would have tremendous situational awareness of what is going on in the world out there. we would be able to detect perturbation. we would be able to quickly share that across all of the stakeholders. we would understand inherently in can bring what to bear that challenge. as the situation changed, we now thederstand, ok,

situation has changed, you know have a comparative advantage, over to you. and that we would be able to, in that way, really bring all of the talent, the resources, capabilities to bear in a very efficient and effective way to address these challenges. that is a pretty utopian vision. i understand that. i think it is important to have some sense of where you would like to go, word you would like to be, as you build capability and as you build relationships. >> hi. dhs.t you mentioned you were working to encourage more due diligence on evaluating networks before they emerge. i was wondering if you could talk about the contours of how you are incentivizing this process. >> thank you.

i have been working most closely with my former colleagues at the ava standing committee on law and national security, but they are reaching out to the business law section and other portions of the aba. up a cyber task force and the american bar association at the aba annual meeting a couple of weeks ago and again encouraged them to put this on the agenda. there is an understanding that this is a fundamental part of their responsibility and what they should be doing. i don't think this is going to be a hard challenge to get lawyers to take this more seriously and stand up to it. there are a lot of lawyers who are doing this extremely well today and to have understood the

importance of this. the goal is to get those best practices out more broadly to folks. ,n terms of how do you do that it is the same kind of assistance we are providing directly to critical allrastructure and to sm and medium-sized businesses across the country. we are encouraging folks to use the cyber security framework. it was developed pursuant to the cyber security executive order. ae framework is not compilation of best practices only, which it is. it is taken from the private sector. what i think is most useful is the taxonomy. us a language in a way

of talking about and addressing a threat. identify the risks and the assets you need to protect an look at the steps you are taking to protect them, to detect things that might come in, to respond, and then to recover. pretty basic. gives have that framework us a way of talking about this. there is very useful guidance about how you would implement this in a business, with a meeting of your board of directors to provide high-level guidance, to make sure they understand the importance and allocation of resources. then to provide technical granular guidance to the technical team and then feeds it back out. veryf these elements are important. the department of homeland security has the responsibility in usinging entities the cyber security. we do that.

it is critical infrastructure cyber community because it really is a community effort here -- voluntary program. if you go through the u.s. , you will find links to the program, as well as ways in which you can also benefit from the alert mitigation guidance, etc. that we put out. that is out there for the legal community. law firms are increasingly targeted themselves because they hold customer data and intellectual property of clients, etc. thank you for giving me the opportunity to give that plug. wanted to ask you cyber question -- follow-up question about the cyber network. is the administration still

considering incentives to spur industry adoption of the framework and what of the next steps are you thinking about? >> thank you. we have got generally positive feedback from the private sector on the framework. they appreciated that right up front we made it clear that this is not a one-size-fits-all. the cyber security framework does not say here are the things you have to do to have good cyber hygiene or improve cyber security. assess your is cyber security, remember the risk step -- identify your and the things you need to , ssl you are doing across the spectrum -- assess how you are doing across the spectrum, come up with your aspirational profile. you are here today, where would

you like to be given your assessment of your risks, your risk management analysis. use this far right column, this compilation of best practices, to help you get from a to b. when folks really get into it and take the time to read it and understand it, the response has been very positive. there are a lot of companies out there that look at this and say, we are doing really well. we are really where we need to be. companies ofot of all sizes that don't know where to start or think they're in good shape, but when they go through the process, they relies they have not addressed -- alize that they have not addressed certain things. we have generally gotten good

feedback. we are doing everything we can to try to how companies and incentivize them -- help companies and incentivize them to use this cyber hygiene. we have talked to many who we think can help drive the market. we have done a lot of work looking at the insurance industry. how can we help to promote a more robust insurance industry? that is often the way you get things in place and get people to take and make wiser investment decisions. the insurance market has not worked very well and the cyber arena, for a variety of reasons. there is not a lot of data. we are working and identifying andchallenges teghhere identifying best practices and moving them forward in a more robust way.

guidanceoking at grant across the federal government. to help companies improve and incentivize cyber hygiene. the courts are doing interesting things these days. there are a number of things underway that we are looking at. i'm with the agricultural retailers association and they do a lot of work with chemical security and i have been engaged in a private partnership for 18 years. considering the scope of the department of homeland security, the laws and regulations and the ever-changing technology that goes along with that, i was wondering if you had a quick gift list for congress to give you some of the laws in order

for you to incorporate those ideas and enforce some of the things that you want to do? >> aren't you nice to ask the question? [laughter] >> i know. [laughter] >> it is easy to criticize congress in this town and everybody does it. they are an easy punching bag. i have to give congress some real kudos in the cyber arena. we have seen some bipartisan progress on the cyber front, in the house and the senate. in getting out of committee and getting off the floor some important legislation that would significantly advance the ball with regard to cyber security. the senate has not gotten it to the floor yet and we are working hard with them to try to find a path forward.

there is no much time left. if they are willing to go for the things around which there is a stronger consensus, i think we could make something happen in this legislative session which would be remarkable. members have worked very hard, particularly the work of the leadership of the house homeland security committee and the senate homeland security committee have really rolled up their sleeves and worked in a bipartisan basis to advance legislation. what we would really like to see is a clarification of the authorities in this realm. as i said before, we are relying on statutory authority that dates back to the creation of the department in most cases. 2002. you know what this environment is like in the cyber arena. to not haveis time

fromly on polling language here and pulling language from your -- pulling language from here and pulling language from here that allows us to more collaboratively work with our stakeholders. we wanted to be clearer. clearer.t to be we need to act with the speed that this threat requires. we get there eventually. whether it is working on a threat like heart bleed or working with the technical folks , again, the role of the lawyer and we await to them -- owe it

to them to make it clear in statute. that would be one of the most important things. we have been working on a suite of legislation that would clarify the roles with regard to -- rules with regard to information sharing so that people are comfortable with bidirectional information sharing and is appropriate with civil rights and civil liberties protection. we are looking for authority to hire people more quickly and be able to really compete with both our interagency folks at the federal level and with the private sector more effectively. we are never going to compete on money, but we can compete on mission. we have to be able to bring in people much more quickly than the bureaucracy allows us to do currently. that is a lot of what we can get through in this section, we

believe. we are looking for ways we can strengthen the privacy understanding and protection in this arena. there are a host of things we would love to do, but our message right now is to urge least pass those things about which there is a stronger consensus. [applause] [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2014] >> now a discussion on the status of current and homeland security threats around. this is part of the american bar association's ninth annual homeland security law institute. this is about 40 minutes.

>> ladies and gentlemen, i am going to get us back underway. i know you are finishing your lunches. we will also hope that people in be hallway can rejoin us and as quiet about entering as you can. i think we need to get back underway. let me reconvene our program. we are very fortunate to have our next speaker as opposed to lunch speaker to discuss emerging and current threats to the homeland. one only has to read the newspaper or watch television for a few moments to up her she ate how important a subject has become again. america's memory is short.

hopefully people that work with frank as director of homeland security policy institute have long memories at the george washington university where his institute is located. fewk is our speaker in a moments. he is the associate vice president at george washington university. i'm sure he is a leader in many other regards here at george washington. think he is called upon to advise senior officials in the executive branch. on a variety of national and homeland security issues. hase's probably no one that a broader vision of homeland cilluffo.han frank he's published extensive live in journals. i remember frank from the early days of homed security, because not leavem rich did home without frank cilluffo with him. so frank was one of the closest

advisors to secretary tom ridge as the department was being stood up, in the early 2000's. the whitein office at house, called the office of homeland security, which is a shop. and grew into, as we her earlier, $40 billion enterprise the department of homeland security today. before the wows frank was involved with the center for strategic and international studies. could go on and on about frank's background and resume. let me now introduce our next speaker, frank cilluffo. frank? [applause] >> thank you, joe, for that overly kind introduction. if i were to introduce myself it sticker, franker cilluffo, he who displays varying delays