nevada centennial, i helped seal a time capsule that is now. at the capital. the contents capture a snapshot of the nevada family today. to be presented to a 200-year-old nevada in 2064. i wrote a letter to nevada's bicentennial governor. as i wrote, i realized the success or failure of the governor and the people of nevada in 2064 will largely >> ladies and gentlemen, we stand at a unique moment in time. having just completed the centennial, with probably celebrated our state's history. tonight we begin writing the next chapter of that story. we must decide if that chapter is about getting through the next two years or about creating

a new nevada for the generations to come. now, the most recent chapter of our story required strength and perseverance. as we weathered my -- one of the worst economic storms in our history. these times are even more challenging because they coincided with too long and difficult wars. even of a said it could not be done, we laid the foundation for a new nevada. nevada became one of only six national training sites front meant eating vehicles. we attracted tesla in one of the most competitive selections in our nation's history. we became home to dozens of

other national brands who now employed nevadans in the industries of the future. cybersecurity, medicine, aviation, renewable energy manufacturing, data storage, and more. during my first "state of the state" message in 2011, nevada led the nation in unemployment. we set a goal of 50,000 new jobs. we have almost doubled that. [applause] today nevada's job growth is third strongest in the country. we have cut our unemployment rate in half. we have the second fastest-growing population in the united states of america. [applause]

we're adding good jobs in a most every sector with business services, manufacturing, health servant -- health services, in tourism leading the way. and yet, the success of our state is inextricably linked to the well-being of our most vulnerable citizens. i believe we have made significant progress in this regard. two years ago 23% of nevadans lacked health insurance, the second worst ranking in the nation. today, that number has been reduced by more than half to 11% . and we are the fourth most improved state in the country. [applause] even better, the uninsured rate for our children has dropped from 15% to 2%.

[applause] nearly three fourths of arab medicaid and nevada checkup is covered by management which saves the state and insurers that nevadans receive timely, cost-effective, and appropriate health care. in 2013 our behavioral health system was in a crisis. individuals waited days to access inpatient psychiatric treatment, and emergency room's were overflowing. to the work of the department of human and health services the specially created health and wellness council, and many others there have been dramatic improvement. for all of you that have been associated with that i thank you. [applause]

we also focused on education. we expanded full-day kindergarten. we created for english-language learners. we increased funding for special education, supported school choice in the creation of a charter school authority, and dedicated ourselves to college and career ready standards and assessments. our colleges and universities modernize their funding formula rewarding performance and success. [applause] we accomplished much in the worst economic crisis since the great depression. because of our collective effort i believe that we stand at the threshold of a new nevada , a nevada prepared to take its place among the most innovative visionary, and well-educated states in the nation.

[applause] and although we can never lose our focus on job creation in the economy, we must now turn our attention to nevada's generations to come, the youth of our state. now i featured them in my inaugural for a reason. they are incredibly talented, hard-working, and determined. it is they, it is they, who will live with the decisions we make during this legislative session. i know this view is shared by all of you a symbol. i am relying on the leaders of this institution. assembly woman kirkpatrick among them to work with me on what must be done. we have already started, and i thank them for their leadership. [applause]

it's no mystery nevada's new companies will need a highly skilled workforce. our historic industries will as well. improving our public education system must therefore begin with modernization. and modernization requires investment. but our investment cannot be by more of the same. we have two on the fact that our case-12 -- k-12th system must improve. responded to issue similar to what we face today.

implemented a sales tax in 1955. governor russell with the assistance of the legislature went even further, consolidating over 150 school districts into the current 17 based on county lines. this made sense in 1955. nevada's entire population at the time was just 237,000 people roughly two thirds the number of students in the clock county school district. in 1967 educational needs are again required leadership. the legislature enacted a nevada plan for school finance. this plan sought to stabilize state funding to local school districts. in that year nevada's population was roughly 450,000, less than today's total enrollment in all

public schools. not only was the silver state less populated 50 years ago nevadans were financially better off. from the end of world war ii until the late 1960's nevada's per capita income was among the highest in the west. in contrast, today almost one out of every four children and nevada lives in poverty. our population is also much more diverse. nevada is a different place. america is a different place. the world is a different place. yet we rely upon the same public education governance and financing models established 50 years ago. i submit to you this evening that an education system for this century requires bold new ideas to meet the reality of our time.

i am asking the legislature to join me in beginning the work of comprehensive modernize asian of our education system to meet the needs of today's students and the new nevada. this work begins with our youngest learners. nevada has the lowest preschool attendance of any state in the nation. thanks to a recent federal grant and matching funds provided in my budget, we will improve this worst in the country statistic by doubling the number of seats for those children. [applause] my budget also finishes what we started two years ago. the expansion of all-day kindergarten to every school in the state of nevada. [applause]

these two efforts provide a foundation for the future success of all our children. but we also must improve children's reading skills. a study shows that a child's chances of graduating from high school are cut in half if they are not reading at grade level by third grade. i will therefore work with senator becky harris and the senate committee on education to introduce a bill to help ensure every student is reading by third grade. [applause] my budget includes nearly $30 million to support this literacy effort. [applause] my budget also begins modernizing my classrooms through instructional technology.

today we invest less than $4 million over the biennium in school technology. my budget will launch the nevada ready 21 plan. this plan will put digital devices in the hands of middle school students throughout nevada and ensure teachers have the necessary training for this new environment. nearly $50 million will be invested. [applause] as we expand technology we must take steps to protect privacy. i encourage this legislation to work with various stakeholders to a neck legislation protecting student data. [applause] our most troubling education statistic is nevada's worst in the nation, high school

graduation rate. we have to do better. my budget includes a new grants program designed to ensure students are college and career ready by graduation. [applause] as well as a significant expansion of career and technical education, jobs for america's graduates, and stem education. [applause] in total, this effort will make over $20 million available to our high schools. [applause] now, we must remember that the new nevada will be different in other ways from 50 years ago. our students are different. and their needs are different.

the 40-year-old nevada plan for school finance must be modernize its -- must be modernized to consider the needs of individual students. [applause] a better alternative uses weighted formulas were students with different needs would receive additional dollars based on a percentage of the base amount. in the second year of the coming biennium my efforts will establish the first of these funding categories in special education and then work toward a final weighted formula. other categories will follow in subsequent years. last session we introduced for the first time additional resources for nevada's english language learners. we created the zoom schools. early indicators point to the kind of success we expected. my budget doubles the original

investment, and we will put a total of $100 million in the zoom schools. [applause] but english language learners are not the only school population with different needs. my budget includes $50 million for students in the most impoverished parts of our state. [applause] these schools require a solution to win the struggle that students face every day. i propose calling them victory schools, signifying our commitment to help the students overcome diversity. [applause] we have also -- we have also historically neglected our

gifted and talented learners, allocating less than $200,000 per year for the students. my recommended budget provides $10 million to establish a true gifted and talented learner allocation. [applause] these initiatives represent a down payment on total modernize asian of a nevada plan. -- total modernize asian -- modernization of a nevada plan. increased transparency in the funding model, sure money reaches the classroom, and modernize equity allocation. the hard reality of nevada schools today is that they are simply overcrowded and need maintenance. imagine, imagine, sitting in a high school in las vegas with

over 40 students and no air-conditioning. the need israel. -- the need is real. therefore i will support legislation for the construction and maintenance of our local schools with state oversight. [applause] while some must recognize the hard truth that our education system will not improve without more funding others must accept the reality that improvements will not be made without

accountability measures. collective are getting reform and school choice. [applause] our new investments must come with performance measures and accountability. we will only pay for programs that make a difference in the lives of students. [applause] i will again support opportunity scholarships giving tax credits to businesses that provide to wish and based scholarships for at risk students to attend private schools. [applause] to the leadership of assemblywoman melissa woodberry the assembly on education will

introduce this legislation, and i will sign it when it reaches my desk. [applause] i support legislation that increases the quality of public charter schools. [applause] my budget provides $20 million in matching funding to encourage successful proven charter school organizations to open more schools in nevada. [applause] and based on recent events, i have concluded that local school boards should be appointed, not elected. [applause] although well intended, some of these boards have become disconnected from their communities. i will therefore support legislation to provide for the appointment of members

of local school boards. now, we must also recognize that nevada's school districts may be too large or too small. today they range in size from 74 students in esmeralda county to over 318,000 students in clarke county. i will introduce legislation that allows local governments to create smallest will districts in our urban counties and consolidate school districts in our rural counties. [applause] i will also support legislation to enact true collective bargaining reform in our school system. [applause] in 2011 i asked the legislature for more balanced approach to

contract negotiations. most bills never received a hearing. i stand here ready to work with you to ensure that employee compensation is fair but also recognizes the need for reform. [applause] we cannot expect the governance and financing models alone will address underlying issues that prevented many students from learning. achieving meaningful public school reform means addressing the environment in which our children learn. our first lady has long been a champion for our youth. in recent months she has focused her energies on hunger in our schools. responding to the recommendations from the food security task force my budget includes $2 million to expand breakfast in the classroom and

legislation [applause] -- and legislation will be introduced to leverage federal spending in this area. the onset of the internet, texting, twitter, snap chat, facebook, and other technologies has introduced new stressors in the lives of our youth without necessary coping skills. many have nowhere to turn, resulting in lower grades, school absence, and in worst cases, violence and tragedy. the price paid by some is staggering. with us tonight, from las vegas

are mary brian, and others whose children were the victims of bullying. [applause] unfortunately, these parents are not alone. over 4000 incidents of pulling and cyber bullying were reported in nevada during the last school year. i will work with senator parks and assemblywoman spiegel champions of school safety and anti-bullying efforts to

propose legislation this session to reform nevada's anti-bullying laws. in addition, a new office for safe and respectful learning will administer $36 million in grants for social workers in our schools as recommended by the behavior and health and wellness council. [applause] teachers and principals who lead our schools also deserve our support through investments and accountability. we must empower them. that is why i am introducing legislation to strengthen the current pay for performance laws. we will require districts to set

aside money to reward the very best teachers and principals and attract them to teach at underperforming schools. [applause] i have also substantially increased the state's commitment to professional development through a great teaching and leading fund. these funds will be used to improve the teaching profession attract new teachers, and train the kind of school leaders that we need. [applause] finally, we must ignore knowledge that far too many of our schools are persistently failing. tomorrow our department of education will release a list of underperforming schools. the list includes 10% of the

schools in our state. many have been failing for more than a decade. we must draw a line in the sand and say no more. i am there for requesting the creation of achievement school district. this unique school district will manage failing schools without regard to location. i have asked former washoe county superintendent pedro martinez [applause] . i have asked former washoe

county superintendent pedro martinez to help with this initiative as a superintendent in residence in the nevada department of education. [applause] pager, i thank you for your leadership on this issue. [applause] ladies and gentlemen, this is my plan to improve education in the state of nevada. we will make investments from early learning through high school graduation. we will support and enhancements in technology, students at risk, gifted students, teachers and principals, school choice, and construction. we'll tie those investments to performance with targeted grants wherever possible. there will be no blank check. will revise [applause] we will revise collective-bargaining laws. we will also modernize and

transform the system. and we will ensure that all, all of our students are ready for success in college and careers every single one of them. [applause] today only one out of three nevadans have the benefit of education or training after high school. yet we know, we know that the jobs of the future will require two thirds of us to have post high school credentials. the new nevada will need more scientists machinists engineers, computer programmers, welders, and other stem workers to grow our new industries. our colleges and universities are the key. [applause]

last session we took steps to introduce performance funding to the nevada system of higher education. the institutions responded. and tonight i am pleased to announce additional investments in our colleges and universities. [applause] my budget includes new operating funds in the amount of $76 million for higher education plus $24 million in bond funding for capital construction. the nevada system of higher education sees a growth of over 8% in state support for the next budget cycle. [applause] eight unlv hotel school is funded with $24 million. there is no reason why the best

host health school [applause] las vegas also needs a medical school. it is the largest metropolitan area in the nation without one. [applause] the board of regents is recognized we need and i am pleased to provide the first $9.3 million for the iphone cost of establishing the u.s. -- the initial cost of establishing the unlv medical school. [applause]

although we will establish a medical school at unlv, nevada needs more doctors now. my budget includes $10 million in new funding for graduate medical education to attract and retain the best doctors in america to train and stay in nevada. [applause] all in, all in. from preschool through graduate school, the proposals i have outlined would best hundred $82 million to invest it -- would invest hundred $82 million in education -- $882 million in

education. [applause] ladies and gentlemen, i don't proposals lightly. i know they changed the way that we approach education. but i also know that our system must improve and that every child deserves a chance to succeed. the investment in our children and the transformation of the educational system is absolutely necessary so tonight i ask for your help in creating the funding base for it -- to pay for it. we're told the line on spending that -- have held the line on

spending. we to get nevada working again and we did it. businesses got back on their feet and plan for the future. we caught red tape and improved state government -- cut red tape and improved state government. but infrastructure needs please new pressures every single day. in the current fiscal year, despite an improving economy, we would be unable to pay bills without significant adjustments to the approved spending plan. this year alone, we are $150 million below forecasts and this is in a time of economic recovery. revenue structures do not keep up with growth. the economic forum said that

available revenues approximately $6.3 billion. biennial budget is 6.6 -- $6.6 billion. for the current cycle, before its revenues will be slightly more -- three forum predicts revenues will only be slightly more big-budget seven years ago. by contrast, and that 10 years the population has increased by 335,000 people. k-12 enrollment has increased by over 55,000 students and the number of nevadans and social service programs has doubled. the budget but i am proposing includes $7.3 billion in general funds pending, significantly

less than agency requests. but the strategic investment in the education -- but it begins the strategic invest in the education we require. we must also consider sensible reform to the public employee retirement system and the pay state employees -- way we pay state employees. my budget will no longer require a state employees to take furloughs. [applause] state employees have made great sacrifices and i want to personally thank them for their service to the people of the state of nevada. [applause]

correct, -- tonight i am asking the legislature to work with me to ensure that nevada moves forward. close the gap between revenue and spending, i am offering a two-part solution. but so many of the new proposals, it provides an opportunity modernization. -- four modernization. first, the sunset taxes must continue. the provide revenue not only for the general fund but also be distributed school with account. it is time. it is time to be honest with ourselves. these revenues are part of the comprehensive budget. second, we must identify new sources of revenue.

$132,000 -- $150 million will be found through changes to i'm that will help with structural issues that -- law and that will help with the structural issues that i have outlined. but we must invest in the education system. by modifying the existing business license fee to a graduated scale, we will generate over $430 million in the next two years funding equal, equal to the investment in pre-k-12 grade i am proposing in the budget. i realize that these decisions are difficult. i know that i am asking for a lot from the business community. i have explored every option and

find this to be the broadest, the least complicated, and fairest solution. business license fees will be immediately available, something that is critical for our budget. this revenue will grow as the economy grows in the years ahead. i know that this approach will cause debate. [laughter] you will find, you will all find but there is no perfect solution that there is no perfect solution. but we must agree that another generation of nevadans cannot move through our resources choice, and reform and that we must modernize the revenue system. [applause]

together, we must establish a plan to continually improve the sober state. -- silver state. we have an opportunity to show that nevada leads. that is supposed to lead the nation in the technology sector -- nevada is posed to lead the nation in the technology sector. we will bring focus to our step strategy and coordinate ste-- stem strategy and coordinate so we have access to technology. will the minister that we will administer -- we will administer stem grants as envisioned by the brookings center.

tonight, i am pleased to announce the expansion of a homegrown technology company swicttch. the world's largest data center is posed to expand, bringing $1 billion of investment with it. [applause] switch also plans one million square feet of new space in las vegas for a total investment of $2 billion. [applause]

this will make nevada the most digitally connected state in the united states of america. [applause] the list of companies wanting to do business in nevada keeps growing. but the unemployment rate is still too high. much of the persistent unemployment can be attributed to construction jobs which were cut in half in the last recession. get a housing construction back to prerecession levels create thousands of new jobs -- would create thousands of new jobs. i am calling on the legislation

to reform the housing market and bring jobs back to nevada. [applause] we can lead by spurring construction and other areas as well -- and other areas as well. project neon will invest $20 million to improve southern nevada's interstate 15 reduce congestion, and create construction jobs. other statewide projects would use to $30 million -- $230 million for construction and maintenance of planning. the convention in business authority is helping us -- and business authority is helping us

remain competitive. this will help out technology -- add competitive technology that dimensions demand and add millions in revenue every year -- conventions demand and out millions in revenue every year. this project is critical to marketing las vegas as the entertainment and convention capital of the world. threats to the ecosystem and impact to the oral modest offer another area -- to the wildlife offer another area where nevada can lead. i will support the cap in your plan to protect the habitats. [applause]

long history of cultural preservation provides another opportunity for nevada to lead. my budget includes funding to begin planning for the stewart native american historic experience. [applause] now this project will restore the store to be in school in carson city -- stewart indian school in carson city and create a welcome center focusing on nevada tribes. [applause] rival leaders are with us this evening -- flyballtribal leaders are with us this evening and i think these heads of state

-- thanks these heads of state. would you please rise? [applause] i am keenly aware that autism spectrum disorder impacts one in every 68 children. estimated projections indicate that nearly 6000 children in nevada have autism spectrum disorder. we must meet the needs of these children with early diagnosis and treatment and life-changing consequences. through increased state support and federal use of federal -- better use of federal resources funding will increase from $1.8

million to $73 million. [applause] my administration is also proposing to centralize 11 agencies within the department of business and industry into a convenient one-stop shop, the nevada state business center. [applause] this las vegas complex will reduce costs and provide better service to our business community. nevada also leads through service. i proclaim 2014 to be the year of the veteran. as was a part of the green joint initiative -- this was a part of the green zone initiative, a nationally recognized effort.

veterans cemeteries have received billions of dollars of grants to continue to provide dignity and honor and respect for our fallen heroes. we doubled, all of us, we doubled the number of veterans service officers and as a result, nevada veterans received additional $50 million annually from the amount from three years ago. -- annually, crippling the amount from three years ago -- tripplinling the amount from three years ago. but the southern center is at capacity and northern nevada has no center of its own. the budget includes $14 million in bond funds will be northern -- who build the northern nevada veterans home. [applause]

our veterans deserve nothing less. seated among us tonight are six veterans each representing a different conflict from our nations history. and they embody the spirit of how nevada leads. radioman first class bill parsons of sparks served in the submarine service during world war ii. [applause] retired first sergeant chuck

over reno served in world war ii and korea. -- oh you know served in world war ii and korea. please stand sir. [applause] erwin served as an army infantry man in vietnam. [applause] air force master sergeant b.j. served during the gulf war iraq, and afghanistan. [applause]

amy over reno served in the coast guard during the global war on terrorism. [applause] national guard captain denise las vegas deployed three times twice toward iraq and wants to afghanistan -- once to afghanistan. [applause] ladies and gentlemen, let's give one more nevada thank you for these nevada euros. -- heroes. [applause]

ladies and gentlemen, nevada stands at a threshold. we live in a state that is transforming before our eyes. the 21st century companies jobs, and technologies that place is at the forefront of innovation -- us at the forefront of innovation in the new economy. but we already begin result funding systems and educational structure that will eventually grind us toward an inevitable halt. i know that we have the dedication to do what is necessary. we all i know we all want to tell our grandchildren that we were the architects of the new nevada, that we were here when

nevada needed us most. those before us rose to the challenges of their time and build a foundation of the state we all love. the sesquicentennial celebration highlighted those achievements. but tonight, as we close the chapter on 150 years of history this is our time. and we must resolve to make our own history. now i am a son of the silver state. i love our people, i am proud of who we are, and i am optimistic about what we can become. i truly believe that nevada's best there is are yet to come -- datys are yet to come and i

know you all feel the same. we may stand for different causes or were different political jerseys. we may have different beli fs. -- beliefs. we are united in the desire to move nevada forward with susan livable communities, a vibrant economy, and an efficient and responsive state government. [applause] with our spirit and perseverance encourage, we must -- and courage, we must dare to write the next chapter of the nevada story, a story that nevadans, in 2064, will look back and say

they got it right. i ask all of you rise above that which seems easy. i asked us to leave -- i asked us to lead so that nevada can lead. god bless you. [applause] god bless you, and god bless our great state of nevada. thank you. [applause]

[applause] >> thank you, mr. chair. i've moved the committee who extended vote of thanks. >> i second the motion. >> you have heard the motion. all in favor signify by saying aye. the committee shall escort

governor sandoval. everybody please rise. [applause] [captions copyright national cable satellite corp. 2014] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org] [applause] >> the state of the state address in nevada, governor brian sandoval. if you missed it, we will have it in our video library at c-span.org. next, sony pictures in a conversation about cyber security. in the remarks by the director of the imf followed by house speaker john boehner and mitch mcconnell from the gop retreat in pennsylvania. >> president obama delivering

the union address to the joint meeting of congress on tuesday. we will get your reactions live starting at 8:00 p.m. eastern on c-span as well as c-span.org and c-span radio. newly elected i was senator joni ernst -- iowa senator joni ernst will deliver the republican response. she was elected in november and is the first woman to represent her state in congress. we'll have that live on c-span tuesday night. >> dr. anthony fauci>>, our guest on "q&a" is only frontline battling infectious diseases. >> we have drugs that if they are given to someone that is hiv-infected -- i can show you the dichotomy. in the 80's, if someone came in

with aids, the median survival will be six to eight monks, meeting half of them will be dead in eight months. -- monks, eating half of them will be gathered eight months -- monthsm,s, meaning half of them will be dead in eight months. now we can do modeling that if you are taking your medicine regularly you could live in additional 55 years -- an additional 55 years. to go from eight months to you can live a normal life span, just a few years less than a normal lifespan, that is a huge advance. >> director of the national institute of allergy and infectious diseases, dr. anthony fauci.

>> former intelligence officials talked about cyber security and the cyber attack against sony and north korea's possible role. newly or from former cia director jonathan hayden and intelligence chair mike rogers. the event is an hour and a half. >> afternoon everybody. thank you for coming this afternoon to our event on the owner cyber attack any strategic -- sony cyber attack and strategic implications. here are the bipartisan policy center. four years ago, i had the pleasure to work with general hayden and others to put out

cyber shockwave which you can find on youtube. the idea was to the idea was to simulate a cyber attack at the national security council cabinet level and see how the united states would react, and see if we had the policies in place to actually be able to, if not prevent, than to react in a reasonable way to a cyber attack. one particular exchange that stuck in my mind when we did the simulation, the person playing the attorney general at the time said mr. president, we don't have the authority to do what you're looking to do, which at the time was to turn off people's cell phones that had been infected with malware. and stewart baker, who is always selling his book, which is a great book if you haven't read it, who was playing the white house cyber czar, founded the desk and said if the attorney general doesn't have the authority he should actually go and find the authority.

i am not sure we have found the authority. but something has changed in the conversation we have been having this last week. new proposals suggest that perhaps we have turned a corner and are finally going to see some policy and legal changes when it comes to cyber security. it's interesting. i know that in trying to move the needle, we put a show on about a cyber attack but it took a cyber attack on a show to get things to start changing. to figure out what the impatiens are and to look at some of the controversy around the way the u.s. government specifically has reacted, whether it is a question of attribution, a question of severity, we have an excellent panel today. to -lead that discussion -- if you follow cyber security, you have surely read her articles, as i have. she knows more about cyber issues than probably 95% of the policymakers in washington. maybe 96%.

>> thank you very much, and thanks to the bipartisan policy center for putting on a very timely panel. the panelists don't need much introduction and you all have their bios, so i will keep it brief. he was the chairman of the house intelligence committee. he is now a radio talkshow host doing commentary on important issues of the day on "something to think about with mike rogers" on westwood one. a retired air force general, former cia director, and as a director, director of national intelligence, history major and now principal at the chertoff group, he is now writing a book about his career. then we have dr. paul stockton the former assistant secretary of homeland defense at the pentagon. the panelists don't need much introduction and you all have their bios, so i will keep it brief.

he was the chairman of the house intelligence committee. he is now a radio talkshow host doing commentary on important issues of the day on "something to think about with mike rogers" on westwood one. a retired air force general, former cia director, and as a director, director of national intelligence, history major and now principal at the chertoff group, he is now writing a book about his career. then we have dr. paul stockton the former assistant secretary of homeland defense at the pentagon. he helped lead the department's response to superstorm sandy and the deepwater horizon crisis. he guided the critical infrastructure protection

program and is a managing director at an llc. i want to open by saying that we at the "washington post" have a cyber security summit every year. for a couple of years, we created our own war games which we came up with fictitious oil and gas companies and banking firms that were attacked by fictitious middle eastern and asian countries sending viruses to cause oil disruption and create chaos in the economy. but never did across our minds to have north korea target a hollywood movie studio for a film about a cia plot to assassinate kim jong-un. did the koreans want brad pitt to play kim? what were they angry about? >> i thought it was funny. >> thank you. seriously, we have had countless

intrusions into the u.s. critical infrastructure and companies dealing with intellectual property saying this is the biggest transfer of wealth in history. we have seen penetrations into the white house and pentagon but it took a hack into sony for the government to come up with a firm response, unprecedented really. and to actually name north korea. obama named north korea, and vowed to punish the country. so, we are going to go over the attack and the implications. briefly, what happened at sony. you are all familiar with this. just before things giving, sony discovered viruses in the system.

then the guardians of peace, as they were called, began posting embarrassing e-mails online, showing executives making racially insensitive remarks. that started to get a lot of attention and become a problem for sony. about mid december, the hackers ratcheted up and put a threatening message online threatening violence against theaters that showed the film and alluded to 9/11. at that point, theaters get nervous. they talk about not wanting to show the film. sony decides they have to cancel the planned release for christmas day, and that leads to a huge controversy. the very next day, president obama convenes a meeting in the situation room with his national security council.

they decide, based on unanimous recommendations, that they are going to publicly name north korea, give attribution, say north korea was behind it and we are going to take a proportional response. so, that is the scenario. i want to turn to you, chairman rogers. how do you view the attack and do you think the president made the right call in naming north korea? >> you forgot to add that i decided to take four days off and i spent three of it on a beach dealing with this issue, so no one is angrier about it than me and my wife. this marks a significant change. we have seen cyber attacks before, clearly.

we have seen denial of service attacks before. we have never seen a nationstate use its capability -- albeit somewhat limited -- in a way that actually destroy data. so, they went in to a company, and not only did they play the fun and games part, cause embarrassing pr problems, all of which was significant. they destroy data. they destroyed intellectual property that made it very difficult for sony to operate. there was a time when it was very concerning as to whether they would be able to function as a business. it was more than a little disruptive. it was on the verge of economic calamity for a company like sony. that was a very different game. we have seen other countries do it.

we have seen iran do it to saudi arabia. but for a nation to decide it was going to have an impact in america by attacking an individual company, we have never quite seen that before. this is a whole new day in cyberspace for a host of reasons. now the united states is going to have to show that it will not tolerate it because everyone is watching. iran is watching. russia is watching. china is watching. every international criminal organization is watching. these are the steps we are going to have to work through as a country. naming them, i thought was an important thing. there are other things we need to do to move ahead and it needs to be smart. if we are talking about this six months from now, we will have made a serious mistake. >> sony is not a critical

infrastructure company. it is a hollywood studio. it doesn't fall into the critical infrastructure categories of oil, gas, banking. general hayden, take us into the situation room. how would you have assessed the attack and what would your advice have been? >> first of all, this was an arc that was predictable and i don't think any of us were surprised. this was going to happen. it happened then to these actors. it's all a continuum and a very protectable continuum. this is a nationstate attacking an american business. loss of profit is a big deal and a relatively new deal. that's one.

the second point is yes, north korea did do this. i am quite comfortable with the government assessment and i am glad that the president said that. i would probably have tried to strike the word per portion all. i don't think we should give them comfort that the response would be proportional. i think it should be a response of our choosing. the president did say at a time and place of our choosing, but i think a word proportional gave them too much comfort. north korea is a nationstate doing destructive things, not for profit, but to coerce. these are all new flavors. and then finally, i am going to take responsibility for this because i have 39 years in

government, our government is kind of feckless and our response. we are going to get around to our usual effort here, which is to beat up the victim. we will get to that directly and sony will have to answer a whole bunch of questions. >> so, you were surprised that the government came out and gave attribution? >> i was pleased. i would have struck proportional. this has implications beyond cyber stuff. this is a pathological little gangster state that wants to hold at risk different things of value to different people in the world and we have allowed them to take their game into a different domain. if i could just for a moment -- again, not particularly cyber related -- north korean foreign policy has been kind of like the instructions on your shampoo bottle, provoke, accept concessions, repeat.

provoke, accept concessions, repeat. but it has not been along a stable line. it has been along this line. they have taught us to tolerate ever more provocative actions. i really would've fought to get the word proportional out of the talking points. >> i agree with what you said about this being a game changer. the game changer in another way as well, and that is, we know now that a nation with .001 of the u.s. gdp has weapons they can use to launch an effective attack against the united states. that's very different from seizing control of the power grid or the natural gas system. nevertheless, we have had a wake-up call here. the trend is one way and that is toward nations acquiring increasingly sophisticated cyber weapons, increasingly

destructive, and a growing number of nations being able to acquire these weapons. i am going to disagree with my old friend general hayden for just a moment here. i think it is terrific that the president has emphasized the importance of proportionality. we are in an era now where cyber conflict is burgeoning and we lack the rules of the road derived from armed conflict. we have to begin to think about this in a new era. i think proportionality is a standard the united states ought to be espousing.

i think we need to be standing up the laws of conflict in the cyber realm that are going to be good for the united states and good for security in the long haul. i believe proportionality is an important principle, and that the legitimate military objective doesn't cause disproportionate suffering in the civilian population. we can imagine how an attack on a power plant might affect the nearby military facility, but if that attack creates mass civilian casualties, as it could, if it is an attack on a hospital, those are not legitimate plans of attack in a cyber conflict.

>> people often get up in debates about what is an act of war. what this attacker had showed in a sense is that even ask that fall below an act of war can have significant impact, national security issues, and cause a u.s. government response. do you think this is a teachable moment in that regard and that maybe, to your point of creating norms, are we working toward articulating clearer norms about what is acceptable behavior in the realm of cyberspace?

>> i think we know what is unacceptable. the problem is, we wrestled with this for years. what is the appropriate response? i mean -- >> it's hard. >> i think you're both right and i am not even in congress anymore, so that's hard for me to say. i think the general is trying to say that you don't want to advertise what we do believe we have the right to do in a case when a nationstate attacks a u.s. company. that's what i thought i heard you say, and i think that's exactly right. i think the debate has to happen on what exactly are appropriate responses. we had this argument ad infinitum behind closed doors. how much authority do you did of our capable ready cyber forces who are ready to go? they were ready to go on a sony case.

they were absolutely ready to go, just waiting for the right instruction. and we never got to what the right instruction was, which i think is why we find ourselves where we are. you have to establish your defenses first. if we don't have some way for the government to at least assist the private sector in protecting their networks, it makes very little sense to try to create offensive trouble anywhere. they are not going to go after government works. they are going to go after private companies. that is a small case of what we see with sony. you start multiplying that with companies that are in the supply chain of critical infrastructure and you don't even have to go after critical infrastructure.

you can go after the supply chain. now you have a whole other discussion. you can understand how layered this problem is and why we are not ready. i argue to dig in, put on the helmet, strap it on, and then we can have a conversation about how to move forward. >> do you think if the theaters and sony had not canceled the release of the film, would you still have advocated public naming of the state responsible, north korea, and then taking some sort of response in response to the destructive action alone? >> i would have. you saw the congressman kind of dance around -- iranians did massive denials of attacks on banks. you cannot find someone currently in government to say the iranians did that, but they did. i think that gets wrapped around a whole lot of macro, political -- right. now that i have said it, we can move on. i was heartened that we said what we said about north korea.

of course, the principles of proportionality, distinction and necessity apply at the tactical level when you use a weapon. i am talking about proportionality in state response. we don't have to tell them we're going to limit our response. i want them to think we have a lot more power and we feel free to use it. to your question. what was it? hard to say. we have not yet worked out a taxonomy in the cyber domain that mirrors the taxonomy we have in the physical domain. they tried to do some heavy lifting at the nato center of excellence a few years back where they actually did try to

suggest definitions. it's not even an official nato document. it's certainly not u.s. policy, but it reflects the struggle we now have. how do you categorize events in the cyber domain in a way that frankly, tells you what is or is not a legitimate response? we haven't done it yet. >> what do you think, doctor when you were at the pentagon for a number of years when they try to come up with scenarios and appropriate responses? >> i think there has been important progress on exactly the line that you mentioned. the important of understanding that the resilience of privately owned infrastructure makes a very important contribution to deterrence of attacks against the united states. we need to be able to create doubts in the mind of the attacker as to whether the attack can succeed and whether it is worth the retaliation that is going to come.

moreover, if we are going to retaliate, we need to believe and understand and our adversary needs to understand that if they escalate and come back in our infrastructure at a more intense level, we can handle that. how are privately owned infrastructure is sufficiently resilient that we can except that attack and we will not be deterred from retaliating the way we need to be retaliating in the future. >> deterrence by denial. the important of understanding that the resilience of privately owned infrastructure makes a very important contribution to deterrence of attacks against the united states. we need to be able to create doubts in the mind of the attacker as to whether the attack can succeed and whether it is worth the retaliation that is going to come. moreover, if we are going to retaliate, we need to believe and understand and our adversary needs to understand that if they escalate and come back in our infrastructure at a more intense

level, we can handle that. how are privately owned infrastructure is sufficiently resilient that we can except that attack and we will not be deterred from retaliating the way we need to be retaliating in the future. >> deterrence by denial. >> deterrence by denial. the pentagon is making progress in that direction. >> let's talk a little bit about the response the obama administration chose. they announced new financial sanctions on three north korean entities and 10 individuals. how likely do you think are these to get kim jong-un and others to change their behavior? >> i think they are pretty light, symbolic at best. we have had sanctions in the

past that have worked. i was in government when it happened. we were all surprised it worked so well. the sanctions imposed last month are not that. >> what more is there to be done? have we done the most far-reaching sanctions we can take? >> now, i was not in the meetings. i have been in the meetings. these are hard. there are always second and third order effects and you have to be careful. but looking at what is in front of us, we have been pretty light in our response to date. >> exactly. there are a whole series of second wave of events that i think we ought to engage in. and the longer this goes, by the way, the worse off we are.

it really needed to have a more instantaneous impact, because it was announced, and shortly after it was announced, everybody buckle down, including the north koreans, and happened. of any real significance. i agree. the sanctions were light at best. there is no real financial grind they are going to go into to impact the people who are living well in north korea. most people don't even have electricity. one in 10 have electricity and that's not for 24 hours a day. so, if you're going to do this, you have to impact the people who are enjoying the nicety of life with no consequences. that's the challenge. i assumed after the announcement we would see a list of sanctions and then have some other series of events know it happen that would make the north koreans say you know that just wasn't worth it, and the movie wasn't that good either. >> have you seen it? >> i have not. i can't give them the money. >> china is north korea's only real purveyor of internet access.

what do you think of asking china or getting china to exert its influence over north korea in order to contain north korea's behavior in this area? >> chinese policy is self-defeating. i think it's contrary to chinese interests. what they need in northeast asia is a root canal, so they are afraid to go to the dentist, so they just pop in aspirin to deal with the pain. this is a dangerous source of instability for the chinese and will be as long as it exists but they have not quite gotten themselves to the position where they feel they have to go to the dentist and do something drastic. you would think when junior killed his uncle that would

have nudged them in a positive direction. but so far i think the president has enough challenges with his own transition, he is just not ready to strap this one on. we can cajole,, we can exhort, we can exert a bit of a price here and there. i just don't think they are ready to act. i think that is contrary to long-term interest. >> now that north korean troops are going across the chinese border, it happened yesterday in order to steal food from chinese civilian villagers, i think we see further evidence of instability that confronts china there. i am more optimistic that the sanctions the president has announced will have a fight. i think secretary of the treasury pointed out the other

day, third parties are assisting north korean agencies under sanctions in conducting business and flowing cash back to those north korean elites. that is the kind of fight that could be helpful. let me say one other thing. i don't leave that they launched the cyberattacks. they should automatically default to retaliating in kind, that is launching cyberattacks in response. we should keep our most effective cyber weapons in reserve. they are crown jewels. let's keep them until we face a much more severe threat. >> they don't have much infrastructure to attack. after obama just announced he was going to take a proportional response, their internet did go down for a few days. there was much speculation as to who was behind it and we heard

that the white house said, the sanctions were there first response. they implied they were not behind the shutdown. >> i think somebody tripped over the extension cord and the thing went down. it is not a very sophisticated system. what was interesting about this is that the north koreans didn't have some new technique, they did not have any source code. they just went around the net and took things that had already been exposed and put it together. there was some reengineering in the code and then they found ways to get it out of north korea this was not horrifically sophisticated, so when you talk about not using your best weapon, couldn't agree more, but that should really scare all of us. that a company that was attacked

in 2011 was penetrated by what was essentially known to the hacker community all over the world. you could get online right now and probably compile most of the malware that they were able to use. which tells you that a company that was hacked in 2011 did not secure intellectual property they didn't encrypt secure property to the tune of tens of millions of dollars. i think this one will be cost them about $30 million to make. they got through the shell, they obviously knew they were subject to being hacked. that is what worries me more than anything. >> and the hackers were in for at least three weeks before they were detected. >> that can be defined as part of the problem that sony will eventually be beaten up for. what were you thinking? what were your cyber defenses? again, a routine approach here is to beat up the victim. but, it was an attack by a nationstate, and that should affect our own government's calculation as to what the

government's appropriate role might be as opposed to a private enterprise out there on their own. >> the extension of that was, if a group in north korea can put together something to go after a company that has already been hacked, imagine a nationstate with capability that is far superior, and we know there is malicious code out there that not been seen to the public, imagine what they could have done. >> we have been cataloging cyber-sins here, let's go ahead and catalog cyber-sinners. you very powerful nationstates you have criminal gangs, and then, kind of like, the disaffected. i think in between, and this is what both the iranian and north korean activities are teaching me, in between the criminal gang and the powerful nationstate are these isolated, perhaps dispirited nation states who

have a lot less to lose in going deep in a cyber attack. let me explain. we imagine the scenario, chinese are turning out all the lights on eastern power grid, that's really bad. but i have allowed myself to make the statement, if that were really happening in the real world, that would probably be the second or third item on the nsc agenda that morning. there will be enough other stuff going on in the sino-american relationship that that is a subset. what scares me is the isolated nationstate with acquiring cyber capability that feels that they have nothing to lose. we just saw in north korea, the definition of the isolated nation state. iran is not quite as isolated, but let's play a scenario forward where the talks fail and

then somebody has a big idea as to what it is you do with the iranian nuclear program. this is an achievable option for them, to create great havoc. so it gives these, not even regional powers, sub regional powers a global reach that they have never had before, and perhaps a mindset where they are far more willing to use it then a more powerful, mature state that has more to lose. >> that is why i think we need to continue to encourage the private sector to adopt the cyber security framework that is put out by nist, the national institute of standards in technology. but that is not enough, we not only need to be ensuring that our networks are better protected from attack, we need to assume, precisely because cyber attack are getting better

and better, we need to assume that the maginot line, the perimeter of defense is going to fail. we need to be ready to restore the functionality of critical infrastructure. we need to begin thinking further about, if, for example the power grid was taken out over a significant chunk of the united states, how could government support the restoration of the power grid in the same way that the national guard supported the power restoration operations in superstorm sandy? what is the functional equivalent of clearing debris, providing security, everything else that we had as commonplace power restoration support? how does that apply in the realm of cyber? and not only for electricity but for wastewater, water, everything else that is lifeline infrastructure. we need to think not only about

better protections against attack, better perimeter security, but also how we can restore the functionality of critical infrastructure and how the government can actually be useful as opposed to being in the way. >> that is interesting question. it brings up, what is the role of the government, the federal government, in responding to attacks on critical infrastructure. i would like to know chairman rogers, what you think of that if there is a big debilitating attack, should be up to dod or dhs to rush in and get into the systems and try to help restore what has gone wrong or do you think that companies would say no, don't mess with my system? >> i think that if the power grid goes out in the eastern united states or whatever power grid you want to pick, clearly there is a public interest in restoring power. you want the fire truck to show up, you want the police to show up, in this case, you want the

guy with the 80 pound head as well to get in there and fix your problem. the problem now is, and this is why many of us worry about sony, is the destructive nature of it. it wasn't just the fun and games of what rich hollywood executive s were saying about rich hollywood starlets. that was kind of tantalizing and good reading. the real game changer was the destruction of property. that is equally possible in our electric grid. so it is not just a matter of turning the lights off and then get in and flip a few switches to turn it back on. that would take weeks if not months, and sometimes it would mean bringing in new equipment. it is a new level of concern because of the destructive nature, and no matter what we say about russia, china, and others as rational actors. china doesn't want to cut off

our power because we owe them too much money. come on, that is pretty good. so if you think about this, we know by even publicly released reports that they are already on our electric grid. why are they there? prep the battlefield. you want to be in so that if you ever need the opportunity to flip the switch. this isn't some orwellian 20 years from now, we know that nationstates have penetrated our electric grid. some of the more capable nationstates do it so that they can be ready if there were something to happen, just the way they want to know where our nuclear weapons are, they want to be ready to be able to flip the switch. that's what i found so concerning, and now with this new destructive attack, you have a nationstate who is willing to put that much talent and effort on to one company. by the way, if a nationstate wants to get into your company i have bad news for you, they are going to get into your company.

that's where i think those of us who are saying, there has got to be some sharing arrangement between what we know in the classified space and what we can provide the private sector so that they can shore up their own defenses. >> president obama, this week announced legislation on information sharing and liability protection community to companies that share cyber threat data with the government, and in this case the department of homeland security. >> a cyber sharing bill that gives liability protection? what a great idea. >> you have never thought of that, have you? >> is it legislation that you can support? do you think it goes far enough? >> i've been in this fight many times. i know there is a lot of excitement right now, and a good change because the president is engaging, that is a shift. >> because he threatened to veto your bill twice. >> two years ago and then a year and a half ago. >> over insufficient privacy protections, right? >> that was their claim --

actually it was the liability piece. this is a good thing because now we will get into the debate. but i've been there before, and we are a long way from a cyber sharing piece of legislation. we have planted the seed and we will have to tend to it for a while before something comes up. there is still a lot of difference in the senate. i had a senior senator tell me who is now in the minority after the election, that they still have to get to 60 votes. which tells me that we are still in an uphill battle for getting something done that actually works. congress can pass cyber security -- it's really hard for me to say, which is a problem for someone going into radio. the problem is that it has no functional substance. it is truly like kissing your sister.

and in a day when they had nationstates destroying data, we best move on behind that very quickly. >> i will add, the two of us have had this conversation, he actually was trying to get this bill passed last congress and i said that is never going to happen. i also said, you are not going to get passed the next congress either. i think i'm wrong in the second part of my premise. what sony, and in a parallel way, paris, has done, we are probably now entering the post-post-snowden era, and things that were flash frozen because of that debate are beginning to thaw. >> you mean the pendulum is swinging back? >> i'm using temperature for my metaphor here, not a pendulum. but it froze the debate and now we are returning to it. that is a good thing.

where it ends up, we will see. but your point is, we at least are coming back to the question. >> in defense of that bill, all of the players in the house and the senate, they both collapsed friday before the week that we adjourned. it was still in play up to that friday. and then the weight of it collapsed on itself and people walked out of the room and it was done. i do think, it was that close. you can do it again, now you have new players, new fights and all of that will rejuvenate it. they may even do it in this year, but it is going to be a challenge. >> that will be wonderful, and it is not only more motivation as you point out. i think the president's proposal has some strength compared to previous legislation. i think the role of the n-kick a centralized portal for industry and government to share

information, that is a step forward. i think the proposed changes to the computer fraud and abuse act, to make it explicit that those who sell botnets to criminals or potential bad actors can be prosecuted. and not only botnets, zero day exploits. the sophisticated weapons that we need to be concerned about from a critical infrastructure perspective. so not only has north korea given us more impetus to pass legislation, but i think this is very strong legislative proposal. >> again, to somebody who's been through this, every ornament you hang on this tree becomes a weight and an anchor. someone will have a problem with every one of those issues that you talked about. that's why we narrowed it down so much. my argument, if they really want to be successful at doing this -- because we were working with the white house, it is doable.

that deal was there, it was on the table. >> how much good will it really do even if does pass? a lot of companies might not even have the trained personnel to make use of this information. >> i disagree, because you are targeting upstream. you want as much of that malicious source code out of the system. and it has to be, that is the one argument with the portal can you make it real time? it has to be machine to machine talking to each other at the speed of light. if it is not that, if there is any pickup in the system, it won't work. sony did a decent job in their external security. they thought they were good, and their security company said they were good. they penetrated the wall free for all. you have to hit that upfront, if you don't hit it upfront, it is not going to work. >> i have criticized the government for being feckless in its response and frankly -- by

the way, i am partly to blame for that with 40 years in government. but i think that is a continuing state. we have not, as a people, decide what we want our government to do or what it is we will let our government do in the cyber domain. so i really do think that in this domain, the private sector is far more the important actor than the government in both prevention and in response or resiliency. so when you pass a law like this that is about liability protection, when in essence that is doing, is the government unleashing the private sector to do far more than it has felt comfortable being able to do in the past. so i think it is a recognition that the main body in this fight is the private sector and therefore the legislation is on the correct course.

>> i agree. i think the private sector needs to be in the lead not only on prevention but on response with government in support. but we've only been talking about the federal level to this point. state governments and above all state public utility commissions have a vital role to play here. because if industry is going to make the kind of investments that are essential to build resilience against increasingly sophisticated cyber threats, they need to be able to recover their costs. and rates for electricity and other utilities are set at the state level. what we lack today are the criteria, the decision criteria of what constitutes a prudent investment against these increasingly severe threats. nontraditional threats. we understand what kind of investments ought to be recoverable against superstorm sandy type threats. how can, at the state level, at the utility commissioner level

we begin to build consensus to provide for cost recovery for the investment that is going to be essential going forward. >> i would like to open it up to questions, but before i do, i wanted to ask one narrow gauge reporters question. what can you tell us, maybe general hayden and chairman rogers, about bureau 121, the named north korean cyber hacking unit? how large is it, how sophisticated are its abilities? are they really trained overseas by the chinese? shed some light there. >> i can't talk about some of the specifics of your question but i can tell you some countries, like north korea, understood that early on they had to have this investment, because a very small investment can bring a very powerful tool to your arsenal. what we found was, that they had

their own limited abilities even from within their country to do certain things, so they had to go external to their country. but they were willing to put a program together that stretched beyond their borders both physically and their ability to put something together using proxy servers to get their malware on target. so, to me, this should be one of those teachable moments for all of us, that somebody like north korea where so few people have access to electricity was willing to make this commitment because it could have such a big impact for them. think of the impact, it almost took an american company off the map. i can't wait till the book is written on that. i think people will be surprised about the amount of damage done to that company. i think they've recovered nicely done a nice job getting the right folks in, and getting it

back up, doing all their functions again. but when you look at how close it was, it gives you a little beaded sweat. we are just one investment away from one of these countries or another organization with ill will towards the united states. so it is not huge, obviously they have a capability issue with access to the latest technology intellectually, but they got over those hurdles because they were so invested in it. the chinese have huge operation and they are getting bigger by the way. the russians have very robust operation. the north koreans don't, but they have this new capability that they decided is very important. their ability to inflict pain. >> i think that is the very important part.

this is a country that survives by its ability to provoke. they were kind of running the table on conventional methods so they invested in nuclear weapons. and here is a country that has probably a half a dozen weapons, close to having a functional icbm and most of the population eats bark. that is a remarkable commentary on how committed they are doing this. the secret to their provocation is, they are surrounded by powerful richer countries. someone once described north korea as the house in the middle of a nice suburb where the law -- the lawn is unkempt their cars up on cinderblocks on the front lawn. the rest of the neighborhood wants to do something about it but they were afraid to because

they have threatened to burn down the neighborhood. frankly, getting these kinds of tools makes that kind of threat more realistic. besides all the things we're talking about in the cyber domain at just the northeast , asia geopolitical level, is very troubling. >> on that note, i will open it up to questions. yes sir, with the yellow tie would you identify yourself, please? >> steve crocker. i have been listening and i understand the passion. but let's imagine that all those constraints come off. the legislation passes, economic constraints and so forth, and we do this information sharing. i think ellen's question toward the end i want to ask again more pointedly. sony was vulnerable, north korea

had the tools to attack, what is all this legislation going to do to prevent that? i don't quite see how the pieces connect. suppose the government is given all the authority to do whatever it wants to do. what in fact is there to be done? you are sharing all the information you want, sony still gets wiped off the map. >> again, this was the biggest myth we couldn't get over when we were debating our legislation the last couple years. the nsa does not monitor private networks in the united states. i know that comes to a shock to most. they are not monitoring private sector networks. it is against the law. they don't do it. that is 85% of the networks. so with all of this capability

that we have invested in to protect ourselves, they come back with some pretty interesting stuff. if, by this, we can say now you can share with the private sector, and by the way, the private sector can share with you. this is really important because when they see some anomalies, they can fire it back and the nsa can actually get to see it and say that is bad, let me figure out where that is coming from. right now they can't do that. all they can do right now is that an fbi agent knocks on sony's door and says you had a bad day, i don't know if you know this or not but i am with the government and i am here to help. well, it is too late. they are penetrated, that means something is gone. so this spreads out the ability to do that. now the private sector, high up in the distribution chain at the provider level, can protect itself against really nasty stuff and then you have this mutual sharing.

so you have north korea sample somewhere else, somebody sees it and they share it with the nsa or whoever through this portal they look at it and say this is a problem, we are going to share this back out in a classified way so that if it hit sony we will see it coming. i do believe it would help. it won't help in every case. but it also allows your cyber security companies to focus on a whole other layer of problems. right now they have to fight everything. they are fighting china, russia, iran, now north korea, international criminal groups, and the only help they get from the government is when the fbi shows up afterwards. i think that is unacceptable. >> another way it is going to improve, precisely the sharing of the talking about, is right now in some sectors of infrastructure there is pretty good sharing within that sector. the electric sector, for

example. there is not enough cross-sector sharing. it is very important that this legislation will provide for organization that will allow for signatures that are hitting one sector to be shared to other sectors. >> one of the criticisms i hear from industry, though, and i've heard from some of the defense contractors, is even when the government declassified and shares threat data, they find that we already have the signatures and they are old, or they came too late. so, if the private sector shares this information with dhs who then shares in real-time with the nsa, and then the nsa says we will share something back how can we -- >> there is a mixed bag of capabilities in the private sector. there are some companies who are exceptionally good at this and would likely have a good percentage of that source code. i will tell you that there was

more than was not able to be shared. there were pieces that some of these really good, top-notch companies didn't have by the very nature of our ability in the intelligence sector to collect that information and protect its own networks. so they didn't get everything they got a lot. so in this case, it builds on capabilities. they have probably seen things that the government hasn't seen in some cases. you want to learn from them. the higher you build this wall the better off we all are. that's a terrible analogy because it is not that, but it is the better capabilities we build up on all levels. and now these good companies are saying, that's ok because now we are sharing that with everybody including your supply chain which is not very good. that's how they got into target they went after the hvac guy.

they are saying, you've got to be kidding me, i went to school for this trade and now we have to worry about somebody in eastern europe is getting into my system to attack my customers. this builds all of that capability so that guy doesn't have to worry about it. that is how this works. everybody is going to get better. the government will get better the great companies will get better, and folks at ground zero will have an exponential capability. >> i reinforce everything that has been said. if we do this well, we will advance along an important front, but only one front. by definition, sharing what is known with one another cannot protect you against a zero day.

we are all first-generation drivers. we think traffic lights are suggestive rather than mandatory. there is a lot of education that needs to go on. there are whole industries about ready to break into this domain that will make it better -- insurance, all right? the insurance industry has made automobiles safer. the insurance industry will make this domain safer. it will be to economic incentive. i do not want to pay this much i want to pay this much for insurance. internationally, at some point like-minded nations, and i include the chinese, because it is against their long-term national interest to foster a tyrannical regime.

like-minded nations will begin to develop international norms. it is lower-hanging fruit. let's take it and move forward. >> yes, sir. >> ohio state had a great defense when they played oregon, and that was a big enabler for them in that game. if ohio state had not had a good offense, their defense would have been on the field the entire time and oregon would have found a way to score big against ohio state. waiting in defense will allow someone to cut you in the face. what does the panel think about allowing both at the government level, at the corporate level, and at the individual level to have a more offensive capability, given each one of

those, i.e., have companies begin to offer rather defensive tools, but tools that raise the risk factor for those they are attacking? >> ok. >> a terrible idea. >> the chairman is mumbling this being a terrible idea. >> this is beginning to smack of cyber stand your ground legislation that cyber stand but i am not sure if i am 100% wrong. people who know this problem will start to get quaky when i begin to talk this way. i am predicting the government will be permanently late to lead. so the application of the computer fraud and abuse act, in equal measure to someone trying to defend their network compared to someone who is trying to

attack someone else's network, may be unwise. and there may be some space for the private sector to conduct what in the physical domain i would call counter battery fire, under very strict and limited circumstances, because it is difficult. what i would say, what people begin to get forceful in response, but i am willing to entertain the idea, and if you think it is really crazy, we talk about domain, in one of these other domains, the maritime domain, the government was also late to lead, and the constitution allows the congress to issue letters of marque and reprisal, which is the private sector doing what we consider to be a governmental function in this domain when the government was inadequate