you can read more by following huffingtonpost.com and follow her on twitter, @elisefoley. thank you. >> keep track of the republican-led congress and follow its new members through its first session. new congress, best axis on c-span c-span2, c-span radio and >> we are live at the national governors convention. today's event includes j johnson -- jeh johnson. johnson has had a busy morning, appearing on 5 of the 7 sunday morning talk shows. a bill to sign after fabric 27th is held up in the senate because

of the provisions that block president obama's executive order on immigration. the senate is expected to move the measure forward this week after three failed attempts over the last month.

>> the national governors association winter meeting expected to continue momentarily. hearing from secretary jeh johnson. he will be discussing cyber security efforts at the state and federal level. secretary johnson is there after appearing on the sunday morning talk shows. funding for his department set to run out this week. secretary johnson this morning called the debate over funding absurd, and he said he hoped to some in congress will quote, exercise some leadership it comes to finding a solution. he also said 30,000 workers would be for load if the fund is not approved. we could hear something about that today from secretary johnson.

>> if everybody can please take your seats, we can get started.

thank you and good morning to everybody. i want to thank the governors. i think we all understand the importance of cyber security not only to protect our respective networks, but also the huge job creating ability and cyber security will create for all of us. especially in our region, right, governor hogan? i want to thank you all. i'm terry mcauliffe, governor of the commonwealth of virginia and vice chair of the nga homeland security and public safety committee. i would like to call the meeting to order and welcome the governors. thank you for joining us for today's session. i'm honored to serve in this committee leadership this year with our committee chair. governor rick snyder of michigan -- unfortunately, governor snyder could not join us in person today. you be with us in video in a few minutes.

over the holidays, governor snyder decided that at his age he thought it would be a good idea to start exercising. his first half an hour created an achilles problem and a few other things. if you have not started exercising, think twice about it trade -- it. i don't think he would be offended by that. i like to begin with a few administrative issues. the briefing books for this meeting were sent to all the governors in advance and include the agenda, speaker biographies and background information. the proceedings of this committee meeting are open to the press, c-span and other networks are here with us today as well is open to all the meeting attendees. i would ask all of you, please take a moment to silence your cell phones or other electronic devices you may have. seated behind me is justin stephens, the legislative director for the homeland security and public safety committee. see him if you need additional copies of the material or any other assistance.

he will also be available after the session if you need further details on any issues that we discussed today. today's committee session states leading on cyber security is the topic. we will focus on efforts of the governors, in their respective states. critical infrastructure from cyber attacks and meeting the needs of a cyber workforce. with our distinguished panel of speakers we will also discuss opportunities to leverage resources and strengthen cyber security partnerships with federal leaders such as department of homeland security as well as our national guard and the private sector. this discussion comes at a very important time. over the last year significant reaches at major u.s. companies have exposed the nations increasing risk from cyberattacks originating both at home and overseas. states have not been immune to

such threats with notable breaches of state government networks in recent years that have compromised millions of citizens medical records financial statements, and other personal information. the consequences of these breaches go beyond economic and privacy concerns and threaten the safety of our citizens and our national security. state networks control many essential government services including critical homeland defense and emergency response operations. critical infrastructure such as the electric grid, transportation systems, and financial networks are well known targets of cyber adversaries with potential long-term implications for both life and property. as governors, we play a key role and are responsible for ensuring the security and resiliency of our government systems and critical infrastructure within our states. in virginia, we have taken steps to ensure that the right

governance structures are in place an adequate investments are being made to secure sensor networks and develop a skilled cyber workforce. virginia is home to more than 26 cyber related federal university, and private r&d facilities, as well as more than 400 and 50 cyber companies. we have a first-rate higher education system drive the creation of the next-generation generation information technology and cyber workforce. we are also prone to a significant number of threats. last year, in our state alone, we experience more than 100,000 attack attempts per day. we blocked more than 271 million spam messages. those are staggering numbers, and the threats continue each and every day. that is why in february, for junior became the first state in america to adopt the national institute of standards and technology cyber security framework solidifying our

commitment to strengthening the security of our own networks and serving as a model for other states. also in february, i issued executive order number eight, creating the virginias cyber security commission and launching the cyber virginia initiative. i'm pleased to say that richard clarke, a senior security and counterterrorism adviser, is serving as the commission cochair, along with my secretary of technology, karen jackson seated behind me. we have assembled an outstanding group of cyber professionals to serve on the commission, including ms. alexander, the principal director of the cyber security division at aerospace company. cyber crosses many sectors. my secretary of public safety and homeland security brian ran is seated behind me as well. my secretary of commerce and trade in education are also actively involved in the commission. we are looking at ways to be

prepared and ready to respond to these threats by building capabilities leveraging resources like our national guard, and strengthening our partnerships with the private sector. there are no one-size-fits-all solutions trade -- solutions. the national governors association's resource center for state cyber security, which covers snyder and i, cochair is working with representatives from all liberals -- levels of government. it's our mission to provide thoughtful recommendation and bring stakeholders together to address the state's most pressing cyber security challenges. governor snyder and i are members of the present council of governors. the council's membership includes 10 governors and senior federal officials such as homeland security secretary johnson as well as the department of defense and the white house. through the council, states are working with the federal

government to improve national efforts to share cyber threat information, strengthen our preparedness and response capabilities, and leverage all available resources. the council had a great meeting on friday at the pentagon with secretary johnson on these matters, and i look forward to continuing those discussions today. in a moment we will hear a video message from our chair, governor rick snyder. before i do that, i want to discuss another critical issue facing every state's homeland security and that is the discussion going on right now in congress about funding for the department of homeland security. i am sure secretary johnson will speak on this issue, but i want to stress how tremendous an impact allowing dhs funding to collapse will affect every single governor in every single community. there will be real-world consequences for all of our

states if dhs funding runs out. 30 hard-working the edge -- dhs employees will be without paychecks. many of these grants support local police, firefighters, and emergency managers. they fund supplies, materials, and preparedness training to make our states so we can respond to homeland security threats and hazards, including the threat of ebola. a lapse in dhs funding could affect port operations around the country, something our economy cannot afford today. it's time for congress to get together on this and act. they should not let partisan politics threaten our homeland security and the economic security of so many who depend on their paychecks to put food on the table for themselves and their families. i look forward to discussing this in more detail with secretary johnson, and i

appreciate you coming here today. mr. secretary, i know you made all five morning shows today. i would like to turn it over to our committee chair, governor snyder, who has sent us a video to tell us about a few ways michigan is leading on cyber security, and to set the stage for today's discussion. >> hello. i'm sorry i could not be with you in person. this meeting is an opportunity to address concerns and raise awareness about cyber security. a critical issue in michigan and around the nation. in michigan, we blocked more than 700,000 cyberattacks daily. to combat these attacks, we launched the 20 15th michigan cyber initiative rate -- ini tiative. raising public awareness leveraging our state's awareness, and creating partnerships to create a cyber threat alert network. this issue cannot be taken lightly. when i present my fiscal year 2016 budget, a recommended $7

million investment to strengthen our cyber security efforts. every day state governments face threats to their computer systems and online networks. as cochair for the nga research center for state cyber security, and working with others to address these threats on a national scale. it is imperative that we understand the growing threat of cyber security in our country. by moving forward together, we will be able to better protect our citizens from technological threats. next you will be watching a video about how easy it is for a third to attack a state network. this video was put together by a program designed to prepare cyber security professionals for real-world situations. thank you for inviting me today and i hope you have a great meeting. >> you can say doing business

online is more important today than doing business in a brick-and-mortar building. securing buildings we have been doing it for thousands of years. most people have a good commonsense grasp of what it takes to keep it building safe. if you see a broken window, you might meet somebody has gotten inside. but securing a website, surfing the web, a bit more recent. not a lot of common sense out there. that's good news for people like me. let me walk you through how someone like me can make big problem's for someone like you. it always starts with an employee. colin edwards chester send. he's a busy man. always on the go, moving between meetings. every day and goes to the office says high to his assistant, drink say little coffee, and gets to work. guys like me, we make our own

hours. i'm not some kid sweating it out in mom's basement for it i'm a professional. this is how i make my living, off of ed and people like you. ed doing spreadsheets, shifting paradigms and scoring circles while talking on the phone playing some candy from crush. me, on the other hand, i'm looking for opportunities. let's say i find a story about ed in the business section of some blog. looks promising. i will check out his social media presence, look at your website, search around to find a bit of ed's personal history. i'm taking notes, e-mail at dresses, phone numbers. ed's got to go to an off-site visit and meet with the board of fancy trousers think -- inc. i'm getting to work too.

all the information i've collected so far. the attack has begun. ed regularly attends a few conferences every quarter. one of his favorites is coming up soon. a web search gets me some logos. i put together an e-mail from an airline asking ed to confirm. he sees the e-mail on his phone and forwards it to his assistant. she opens the e-mail, looks legit, clicks on the big red confirm button, goes back to work. that's all it takes. that confirm button launch the remote access rojan -- trojan. having access to her system is the same as having access to ed's system. having access to ed's system is the same as having access to your system. spreadsheets, documents,

projections, confidential anything. i even have access to ed's candy farm crush game now. now i can dig through everything he has access to. everything on your desktops, laptops, servers, anything online is at my fingertips. ed barely had to do anything. all it took was someone with access to his inbox to click on a little red button. still a little scared? you should. who says you can't get rich quick? to everyone out there, your employees, you, the people using the wi-fi in your building, get up to speed on this --until that happens, my job outlook is pretty rosy. >> i'd like to turn to our distinguished panel of speakers

to discuss how we can better protect ourselves from cyber threats, vocus our energies toward preventing future incidents, and give the governors of best practices they can implement to respond to and recover from a cyber incident. our panel today includes the honorable jeh johnson secretary of homeland security since december of 2013. prior to joining dhs secretary johnson served as general counsel for the department of defense. secretary johnson's career has included extensive service in national security, law enforcement, and as a corporate attorney. secretary or johnson was general counsel of the air force from 1998 to 2001. lieutenant general edward cardone, commander of the u.s. army cyber command. prior to assuming command he

was commander of the second infantry division based in south korea. the lieutenant general has commanded at every level from company through division. he was born in texas, raised in california, and commissioned as an engineer officer from the united states military academy in 1982. the principle director of the cyber security subdivision of the aerospace corporation -- ms. alexander also serves as a commissioner on the virginia cyber security commission, and is chair of its economic development committee. in her current position in the private sector, ms. alexander oversees engineering support research for cyber network and information security services all across the defense intelligence community civil and commercial sectors. in addition to her position on virginia cyber security commission, ms. alexander also serves on the national research council's committee on future research goals and directions for the foundational science in cyber security.

let me turn it over to you secretary johnson. thank you for being with us today. amoco -- >> i appreciate that we're having this discussion here. i appreciate the leadership of those at the state level around the table. some of you may notice that i have five layers of stage makeup on. as governor mcauliffe put it out, i have been on all five sunday morning news shows. the army has a saying, we do more -- i have done more before 11:00 a.m. than most people do in a day. been on cnn, fox abc nbc. it's pretty remarkable i made it here on time. talking about the impact of a potential shutdown of the department of homeland security. i want to say word about that

before we launch into the cyber security discussion. we have just five days. midnight friday night funding for the department of homeland security, the third-largest department of our government, and the department of our government that interfaces most with the american public runs out. we are looking at the impact of a potential shutdown. it will look like this. if the department of homeland security shuts down, we will require some 85% of the workforce to come to work. order security, coast guard, cyber security, law enforcement, the basic law enforcement, homeland security missions of the department, but they will not be paid. the working men and women of my department will not receive a paycheck for the period of time

of the shutdown, which, if you are a working man and woman trying to make ends meet with a family, is not an easy thing to ask of our people. that includes the united states coast guard, deployed as far away as places as the arctic. in the midst of a very harsh winter right now. approximately 30,000 employees of my department will be for load -- furloughed if we shut down. most of those are headquarters personnel. to give you a sense of the impact of that, at my headquarters i am pressing my staff continually to stay one step ahead of groups like isil, aqap, al-shabab, to stay one step ahead of the weather, stay one step ahead of daily cyberattacks we face, to stay one step ahead of what is working on our southern border

to detect potential increases in illegal migration on our southern border. i have been pressing our staff to do that. if we shut down, are headquarters staff scales back to a skeleton crew. untold from the 2013 shutdown when we furloughed are headquarters personnel, we are still feeling the impact of that a year and a half later because of the things we were not able to do. then simply furloughing 30,000 people means taking people off the front lines and realigning their responsibilities. we will see impacts across the entire department. from your perspective, the thing you need to know is if we go into shutdown, our grantmaking activity, two states, cities urban areas to support your homeland security law

enforcement efforts comes to a standstill. it is shutdown. i'm sure each of you at the table appreciate the extent to which we rely upon our homeland security grants for your own homeland security law enforcement and public safety missions. for the most part, that grantmaking activity either comes to a standstill or it is greatly reduced. in terms of border security there are things we have put on the southern border to enhance our border security efforts going back to last summer which congress still has not paid for. if we going to shut down, we are greatly compromised. across the board, we are greatly compromised. fema that workforce, must be for load -- furloughed at 80%. 80% of the permanent appropriated workforce of fema will need to be furloughed, in

the midst of a harsh winter in the northeast and across the south. we will be unable for the most part to process claims, requests for disaster assistance. that will come to a screeching halt or a snails pace, if we have to furlough these people in the midst of a situation that a number of your round the table face with the winter. -- around the table face with the winter. our grantmaking activity for 2015, new grants, we cannot fund . to governors, mayors, sheriffs and the like. order security -- border security is compromised.

there are things that may need to be paid for that are not paid for, things the secret service needs to do. the bottom line of all of this is the department of homeland security needs a feel -- full year's appropriation. we need a fully funded department of homeland security. you can see daily some of the challenges we face in homeland security, whether it's the u.s. government, state government city governments, and so forth. we need a fully funded department of homeland security. there are four working days this week for congress. i will be on capitol hill continually to urge congress to pass an appropriations bill for our department before the end of the week. having said all that, let me talk about the good work of all of us about cyber security. cyber security must be a shared

effort between the u.s. government, state governments, and the private sectors. it must be a shared effort given the nature of cyber security and cyberattacks. i want to commend those of you around the table and those of you who are members of the council of governors for your fine work in this regard. governor snyder has established a resource center for state cyber security. governor mcauliffe has appointed a cyber security commission. governor mead of wyoming has been very active in putting together a cyber security summit last week. governor haslam of tennessee has received briefings from dhs as has governor bullock of montana, governor sandoval of nevada. we salute and appreciate the partnership in cyber security at the state level. we urge that we do more in this

regard trade at dhs, we facilitate new cyber exercise opportunities for states provide states with information about cyber security and dhs and we ensure states help to contribute with the development of policy documents. congress has provided us with new legislation in the area of cyber security. late last year we had the national cyber security protection act of 2014. congress does something to pass legislation once in a while, which gives dhs explicit authority to provide assistance at the private sector, and codifies the cyber security and communications integration center as a federal civilian interface with the private sector. we have enhanced hiring authority as a result of legislation passed last year to hire cyber talent. there was a federal information security modernization act of

2014, which codifies our responsibility to assist other federal civilian departments and agencies of the government. last month we put forward our administration's proposal for new cyber security legislation that would establish our national cyber security to medication's integration center as a single portal for which the private sector should provide the government with cyber threat indicator information. we contemplate providing the private sector, those that provide that information with limits on civil and criminal liability for the act of providing that information. we have suggested in legislation a federal data breach notification department for victim related cyber crimes, and the enhancement of penalties for cyber crime. we are active in this area, and we salute the governors here at the table for your work as well.

i come back to where i started, which is that this must be a shared responsibility, and we are glad that you governors are involved in this. >> thank you. >> thank you. it's a true honor to be here on president washington's birthday. i can't think of a more important subject. over the 18 months i have been in command, attacks are increasing. barriers to entry are dropping. i want to highlight on three main points today first to echo secretary johnson, the importance of partnerships -- for my view the federal government has really worked well here over the last several months between the department of

homeland security, department of justice, fbi, and department of defense. the key is to get that same level of integration with the states. there's a number of states that have best practices. some of you are familiar with the red teams. in kansas, there's a fusion center that allows them to take federal level intelligence and bring it down to private industry. in michigan, with the idea of using training to get ahead, and here and virginia, there is a national guard unit that has been working from headquarters that has been established for and a half years. if we can take these best practices and work information sharing between the federal state level, as will create yet another full level of fabric to help the cyber security. which brings me next to governance. for the army, the army national guard is critical.

the challenge is there's different authorities. that is well established for disasters. it's less well established in each state for cyber. some states have done less. it's one thing to say when that soldier is on state active duty, what true authority they really have -- this is a complicated issue. i know i have three lawyers to keep me straight. there is a lot of policy of law in this area. the last subject i would like to talk about is the cyber mission forces. hindered a little bit by the

training pipeline. what are we doing about that? first, we already have national guard soldiers working for my headquarters and we are working equivalency packets that have been approved by u.s. cyber command. we are working to get them i credited to u.s. cyber standards -- accredited to u.s. cyber standards. that will give us a degree of interoperability across the states. they need facilities. a lot of the information needed in the future will have to be information sharing from dhs or dod. that will require intelligence, which requires the right kind of facilities to handle that. each state is already authorized a cyber network defense team since 1999. not every team has stood that

capability up. the army will create 10 cyber protection teams. we have organize these the same way we have organized the active forces. there's only 10, and there's 50 states. i know the competition over where these go, that is a national guard sorting it out. the question would be is, how can we use those to support states? we have already for disasters the idea of dual status commanders. are there ways we can organize this collectively to give us better cyber security? i think this problem is going to continue to grow. a lot of the issues we have right now, not just in capacity, it's getting ourselves aligned. there's a lot of capacity. to operate at the speed that we will have to operate in this domain we will have to get a lot of this stuff done much

earlier than we do now. if you go back to hurricane katrina, it took us 10 days to stand up that task force -- we can't have that. all the processes are in place that will allow us to operate a network speed. >> ms. alexander? >> thank you, governor, for the opportunity to speak on this important topic. i will address cyber security challenges and recommendations. let's recap some of the services we have at the state and federal level across the public and private sector. we have read about the infrastructure, cyber command operations, banking, finance and a host of others. it's important to keep these services in mind when we talk about cyber security. sever security is the enabler to ensure that these services are available when we need them.

even a refrigerators and televisions are now internet-enabled. we welcome this technology growth. they actually help us enhance services we are providing. if we have a mobile device in the hand of an early responder, we can provide the responder with situational awareness of what data they need, what the situation might entail, and where they're back up resources are. we keep that in mind as cyber defense errs. as a cyber defender, we look at this as a very complex and broad attack surface, readily available. it's important we take a systematic perspective. we need a framework. in that framework, we need to be able to define what that entails, and find ways to ensure those services that are most needed, when needed, and protect

the most sensitive data. this morning i will talk about the items in that framework and highlight how smug activities and virginia are addressing those needs under the leadership of governor mcauliffe and secretary jackson under the cyber commission. the first item in the framework is to have a strategic plan. we cannot address everything. we have to define which of those services and which functions in those services are most critical. we also then have to look at the information supporting the services, whether personal information. these services are implemented across various systems. we need to know the architectures, processes and procedures and lamenting those critical services. in virginia, we are baselining the infrastructure to perform cyber security gap analyses. these gaps can span research

technology workforce. with that baseline in place, within need to develop a roadmap. the roadmap is were we take the resources that are available and the resources in the community, and prioritize addressing those cyber security gaps. in virginia we have several initiatives we started. we have recently stood up a cyber security unmanned aerial vehicle consortium. we are taking the cyber security may -- community and coming together to look at what are the challenges of securing the control systems, communications up to the vehicles, as well as the vehicles flying themselves. we are working to hold the cyber security showcase. that showcase will bring industry large and small innovative solutions, academia as well as state and federal government to actually visualize, demonstrate the cyberattacks on this uav space

as well as any innovative defenses. in the manufacturing community, we are making strides. our manufacturing systems are now internet connected. the manufacturing systems developers to not take that into account. there's a way that we can attack, get effects for these cyber physical systems we did not anticipate. by working together and increasing the awareness, it helps us provide better defense. once we have that roadmap another important aspect of the strategic framework would be to increase the cyber operations center. we don't just have these in the military, but we have them at many levels. what is important as we enhance the cyber operations centers and the response teams that operate there is we target and focus on the systems implementing those critical services, which takes us back to that strategic plan. we have seen monitoring going off of many systems.

in virginia, we have a joint cyber security operations center. we are going to bring together the analysts from the various systems so they can have shared awareness. we are also going to introduce collaboration opportunities with the private sector on some of the techniques to respond. another activity in the cyber operations arena is cyber testing. that was mentioned. those are critical. it also highlights the importance of sharing incidents. when we think of a cyber incident we should think of in terms of a lesson learned. we do want to share information about the attacker and the exploitation methods. with that information, we have now a huge repository available. the best way to understand how we might operate under contested cyberattacks is to conduct these

types of exercises. the national guard will be working in virginia with us to conduct such exercises. finally, i would like to talk to you about the resources you have heard today. you heard about the nga cyber security resource center. when we apply these guidance as well as a risk management framework, what is important is we tailor it and tie it back to the subset of services that are most important trade we cannot protect every resource. when we apply a checklist, we need to keep in mind that priorities, set of services, and do them in a determined and priority fashion. thank you, governor. >> thank you very much for that. let's open up to questions. .

i want to commend the administration for the executive order signed last week for the federal government and private sector to come together. we saw in the last two weeks a major health care provider, saw hacked 80 million pieces, bits of information from individuals including one hundred 10,000 of the commonwealth of virginia employees' personal data. it was a critical bridge that affected everybody in our state government. how would the governors around this table and the country, how do we best access this new private sharing of information? how do we work together to make sure you're providing is what we need at the state level to make sure we have that information? >> the question. -- good question. i guess the vision i have for how we would work together is

something along the lines of how we work together now in the counterterrorism field where we have joint task forces and fusion centers situated around the country. we have fusion centers in every state. some are smaller than others. they share information on a variety of homeland security efforts. i would like to see us build out more of that when it comes to cyber security, given the direction we all need to head. whether that is working together in washington or in your respective states, that is the vision i have and the direction i would like to see us go in. second, sharing about best practices and notification of cyber breaches. there are some very sophisticated actors in the private sector to understand

cyber security and have good cyber security protections in place. some are way more sophisticated than others. there's still a lot in the supply chains further down that needed a lot of help and a lot of learning. we ought to figure out a way to work with the less sophisticated cyber security actors together to ensure they are observing best practices. in terms of specific incidents governor mead and i had a discussion about this on friday where there is a cyber security breach that occurs in your state, and you have equities. you and your constituents have equities. the private actor comes to dhs and says i will share with you what i know on the condition that you don't share it with anybody else. that is an awkward spot to be in. i want that private actor to come to us, to tell us about the

attack so that we can assess it, we can assess whether there is a broader implication to it, but i also realize that state governments have equities here have reason to know. one of the ways we could go about that is to devise a protocol where if we see state government equities, we say to the private actor, you should not form a state government as well. we need to work on that as well build out a protocol for that type of situation. i do recognize that there are situations involving cyber attacks were a state government has huge equities. >> mr. chairman? >> the commonwealth of puerto rico, the states have news

everyday about this issue. if you allow me, i want to go back briefly to the first point. puerto rico is an island in the middle of the caribbean, and we are neighbors with the united states. you can imagine what the coast guard represents to us, as well as some oh and the state of hawaii -- amosamoa and the state of hawaii. it's huge for us. i don't know if you guys know that 40% of the cocaine the gets to the united states gets here through the caribbean border. not through the mexican border.

we have been able, working together, dhs, puerto rico, to increase in 300% the interception of illegal drugs that are on their way to the mainland. we will not be able to put together a plan and to implement the plan against illegal drugs that are on the way to the mainland if dhs is not fully funded. i know we need to work and we need to go as far as we can in cyber security, and i just want to highlight as governor of puerto rico, of key importance

that dhs is fully funded, permanently funded. we have been able to reduce the crime rate to the lowest level in more than 20 years, and we need to keep going. anyway that we can to make clear the importance of this issue. >> governor? >> thank you, and good morning. i am from the u.s. virgin islands. i am new in my administration. there are two things i would like to bring to the secretary's attention. the government of the virgin islands was successful in receiving some grant money's as well as going to the bond market

and doing tremendous infrastructure investments in fiber optics across the territory for the purposes of connectivity. seven intercontinental shelf undersea cables come into the western st. croix and provide the largest broadband capacity in the northern hemisphere except for new york-new jersey. this platform is now being used and made available to the private sector as well as government. the infrastructure is placed under a governmental instrumentality. my concern is security of this platform, and the ability of the private sector and government to be able to use this powerful piece as we grow and expand our economy. is there any benefit in moving this infrastructure out from

central government control or private sector control under the national guard in terms of providing more and effective security of the system, or do you provide a service to secure it as it is notwithstanding who its owners are? that is my first question. i would like to get some direction on that. >> it's going to be a bit complicated, i think. anything on u.s. territory actually falls under the department of homeland security. we are in support of the department of homeland security. this is what i was talking about with best practices, where they have worked it out in the state in the way that they could assist. there is some merit there.

my personal belief is 85% of the networks are privately owned and i think it should remain that way. that is the nature of our system. the question is how do we better security. -- secure it. i would have to look at this in a lot more detail the way you describe that, but there are ways to do this. we would first turn to homeland security. they have the lead on .gov and support to .com, and then we assist as necessary. >> the general is correct. it's a complicated question. we would have to study this, and we will take that for evaluation. >> i will follow up with your office to get that done. it's fairly new and it's

branching out. we want to make sure it's very very secure. i want to join with the governor of puerto rico and the chairman and the concern about funding for dhs. the virgin islands, and just for your acknowledgment, and we will follow up with the nj with usthis -- the virgin islands is in proximity to the british virgin islands which is in close proximity to a number of caribbean islands going down the chain. we have a chairman this issue with human trafficking through the u.s. virgin islands, particularly in the evening. in some instances, where the island of st. john is located -- i'm not exaggerating -- you can literally cross from one country to the next on an inner tube. our local police department have picked up koreans, asians, folks

from europe, chinese coming through there in the evening. they come right into st. mark or antigua and make their way up to the u.s. virgin islands. we had our [indiscernible] contact dhs to see what assets were available to interdict some of this human trafficking. and of course, to assist in terms of the amount of drugs that come through those channels. we haven't been very much successful in acquiring any federal support for this problem. we are going to need to reach out, because that is a weak link in the chain as we're concerned about terrorist activities and the different things that are happening that can affect the country. that is a significant hold that is open because of the number of

keys and islands and their proximities to each other, but they belong to different nations. the question is whether some assets can be put in place from the national system, and the virgin islands is fairly willing to do its part. we simply do not have the resources to undertake that responsibility to deal with it. we can provide the numerical statistics on the number and nationalities of individuals that the local government have detained coming through the neighborhoods there and coming on shore. >> we saw a brief spike in cuban migration on the high seas in the southeast. the coast guard responded pretty aggressively. additional cutters off the florida coast, and so forth.

the spike did not last long. the numbers are back down again. in the southwest, across the land border, in january we had a total of 21,512 apprehensions on the southern border. apprehensions are an indicator of total illegal attempts to cross the border. 21,512 is the lowest monthly number we have seen since december 2012. it is considerably lower than it was january of last year. that number last year was 28,668. the january before was sixth out ashtray 6000 921 -- before was 26,921.

that i believe has a lot to do with the additional resources that we put on the southwest border. border security is not -- there are a lot of additional things that i have put their over the last several months that still have not been safer by congress. and there are a lot things more that we want to do that we need to have funded. two it goes back to the original point i made. the other point i will make is the general point, which is true whether you're talking about puerto rico, the virgin islands or the other states around the table, which is that through our urban area grant and our grants to states, your states received millions of dollars every year in homeland security funding. but because we are on a continuing resolution when it comes to new money for 2015, four not disastrous items, none of that has been funded. we are about to start month five

in the fiscal year and we have not been able to fund your homeland security activities. as long as we are on a continuing resolution. so i just wanted to make those two general points. >> general herbert. >> i like that title, general. thank you for doing such a great job in convening this meeting on cyber security. i applaud the administration mr. secretary, on those very important partnerships, bringing in the private sector. i think you're right on target there. i also want to share your concern about the funding for dhs, as a former homeland security official. i have a high regard for those out there, whether it is coast guard or border agents, in terms of the work that they do and the importance of it. but i did want to ask you that it is my understanding that there are some serious policy issues that are being debated in

congress to and that the administration basically disagrees with a restriction on the application of the executive order. so there is a conflict, in terms of a policy issue, and in politics, as you know, the art of compromise is sometimes important. so what we wanted to be -- we wanted to be funded, but what is the administration putting on the table in order to resolve this disagreement on policy? for example, can the administration withhold putting into play the executive order until it is finally resolved by the supreme court? because this issue is ultimately going to be resolved in the courts. so what is the administration putting on the table to resolve the current impacts? >> well, governor, my response is that we encourage, we want to have a debate in congress about immigration.

we have been wanting that debate for years now. the senate passed a comprehensive bill in 2013, we were hoping the house would do the same. the house did not act. and so we come in november, issued a number of things that across the board would reform the immigration system. and it is not just a new deferred action program, it is added border security, a southern border campaign strategy for arizona, new mexico, texas. it is getting our immigration enforcement personnel a pay raise. it is helping to facilitate employment and high-tech. so there were nine different initiatives. that we launched in november. all of which, there is nothing to fund. not just a deferred action program for the parents. under point, my point is that if

congress wants to have debate about -- about our executive actions, about immigration reform, let's do that. but don't tie that to the entire budget of the department of homeland security. which includes the coast guard the secret service fema, cbp ice, cas -- cis, and so forth. so that is why i of fighting -- why i am fighting for a clean fully funded budget here because there are real consequences to my department's ability to pursue its mission, to our grantmaking to -- grantmaking, to your states, and to homeland security as long as we are on a continuing resolution and as long as we face the prospect of a complete shutdown of my department. >> there is no cover must. >> look, when congress comes back in the town, they will have

to decide how to break this. the president has said that he will veto an appropriations bill that comes to his desk that the funds our executive actions to -- that defunds our executive actions. the litigation plays a factor, i'm sure. we have said we will appeal. and that will play itself out. but we just need to break this impasse. i'm hoping that over the covering -- coming week, we'll figure out how to do that. >> thank you. >> thank you, again. this is a timely subject. i appreciate the fact that we are discussing cyber security. probably the emphasis ought to be that we are making sure we are partnering together, there are good medications. it is a state working with the

federal government, and certainly engaging the private sector. i know in our state, we have millions of hits a day of hackers try to break into our state government computers and information. and i cannot imagine how much is going on out to the private sector. it is kind of the new frontier for crime. so again, timely subjects and i appreciate being here with you today and discussing this issue. i do want to belabor the point but governor hutchinson has said something like it is important. and that is -- i would say it this way. there is not a governor here that block to the national governors association that does not want to see the department of homeland security fully funded. i have not heard anybody here say that. again, the politics that go on in congress is kind of beyond our domain. we have it in a smaller setting in our own states.

but we all would like to see a funded. we also would like to see the congress addressed the immigration issue. and it is disappointing and freshening to all of us that they cannot address that. we have set amongst ourselves can't we at least agree on one thing and secure the borders? build a tall fence we talked about? then we can start working on maybe widening the gate, maybe a data that functions. so it is both. it is congress and the executive branch having to find a way to work together on this, which is causing, you know, the breakdown. i know there is a bill that has been proposed and passed by the house that is fully funded for homeland security. when they come back in session the senate can pass that. but the problem, as i understand it, is that it does not fully fund the immigration executive order. we can fully fund you, the

question is about the executive order. cap we come together on some kind of resolution -- can't we come together on some kind of resolution on this? and get the congress and the executive branch to work together? and fully's fund -- fully fund the department of homeland security? we have encouraged both sides to come together and resolve this. it can be done. it should be done. so we appreciate your efforts in trying to bring that to pass. thank you. >> thank you. >> mr. chairman, mr. secretary i thank you for being care. i would echo the comments of the two previous governors. hopefully we can figure it out. let me -- in the discussion and sharing information, it is critical. i think you are exactly on the right track. i hearken back to my days as the u.s. the turning right after

september 11, 2001. we did have the same discussion, in terms of counterterrorism and the sharing of information from the federal level to the local level and back and forth. there was serious is agreement and concern about how much to share, when the, who needs to know what's. but i think we made come in that effort, grid projects -- great project -- progress. your suggestion this morning. we ask we don't have a center, but there are ways that we share one with colorado. obviously, waste to figure that out. if in some ways, that was at least as difficult, if not a more difficult issue, then what we face now. so i think that is the right approach. i think we can put out some protocols to do that so that we come as governors, if something is happening in our state, we have that information and can be trusted with it. a class, we will feel free to share information back up to the federal government. i applaud you for that. my question is, you know, as you

and your team looks at where we are and the problems perhaps getting worse, do you have -- where is your vision in terms of technology and advancements and encouragement -- and encryption? of the week -- are the weak links -- in terms of the use of technology? just in a general question on your vision of the future and if we need improvements on the human side and the technical side. thank you for being here again mr. secretary. >> i think that -- let me come added a couple of ways. i think there is a lot of cyber talent in the private sector right now. i would like to see more of them

be willing to serve their country. or their state. even for a couple of years. it is difficult competing with the for good cyber talent in government, as i suspect a number of people around here know. so i could use more cyber talent people in our department. of the type that we see the developed in the private sector. i have personally been out there trying to recruit people in our graduate schools and so forth. in the private sector, even the best technology cannot prevent against an act of spearfishing if an employee is willing -- is

all normal enough to not know how to protect against it. we see this over and over again. some of the most sophisticated cyber attacks are just simply because somebody opened an e-mail that they shouldn't have. so that is a matter of awareness . and i will make the point i made earlier, which is if you're asking about weak links, i think there are a lot of private entities out there who are not paying attention to best practices. and they should. and the supply chain, smaller companies, smaller firms. that is what i think all of us can play a role in information awareness and so forth. i suspect there may be others around the table who have a view on that. but i think there is a lot of talent and a lot of good technology of their. but even the best technology cannot protect against an actor

who is not sophisticated enough to close the door when the door should be closed. so that is i guess how i see the vulnerabilities. >> yes, i would like to elaborate on that. secretary johnson is actually correct. when we look at many of the attacks have occurred at have been successful, the actually exploit pretty trivial and widely known vulnerabilities. it is simply do georgians. i think it virginia, we have tried to address that from several perspectives. increasing the basic awareness. it is not just her e-mail, it is the types of systems that you have and how you make sure that you are using the current version. and not a version that every attacker has basically an exploit that can come in and damage your system. but also, i want to highlight that some of these take legislation. and let -- in virginia, we have seven bills targeting cyber

security. and they support cyber crime. so being able to support her -- to exchange information, and address it, that is critical. we are also looking at increasing the accountability. cyber defenses can be defensive. so it is an opportunity to leverage what was the reference architecture that was successful? privately, we need to do this. and also in virginia, we recognize that we probably need to have accountability for systems to be maintained. >> governor, if i could just add, the people are everything in this space. it is the most important because technology right now is moving so fast. just look at the cloud technologies and start asking how a secure cyber -- it is new. i would say first, we really have to concentrate on the cyber talent. i believe there is a lot. on the second piece, timmy, the

offense will always lead to defense. you have to be hundred percent right all the time on defense. you only have to be lucky once on the offense. so i do look at it like that, i think the way -- core user patches, architecture, that will handle 90% of it. but a sophisticated cyber actor will need all of us here together in a partnership, all this information sharing, that is how we are going to find them. but we have to make it less easy for that part. but i go back to -- we have put enormous energy working on cyber talent. because we believe that is the future. we can train the technology to the people, but we are not going to be able to get invested in this with technology because we are already learning that may not be here two or three years from now. >> governor nixon. >> that is central to the question i wanted to ask you.

switching to offense, what kind of deterrence, look at of things can we do in our state law and in our law enforcement construct to go after people that benefit from this, that profit from this? as you go through standing up your significant assets, how do interact with law enforcement to hold accountable folks that are committing, you know, stealing things and whatnot? it seems as if we have gotten a large mentality in this country about explaining that there are these bridges and looking at what can do to stop them, but i think you made an outstanding point. i would like you, secretary, or someone to amplify on holding people accountable that are doing extremely illegal things to the great benefit financially, to themselves. and in our views, it is about time for a few walks in this area and show that there are penalties out there.

i know they exist, but so much time is spent on defense it is hard to go out on the offense of side. >> governor, i think the answer -- whether you're talking about a private act or state actor -- is making it cost prohibitive. we are not going to be able to prevent every single cyber intrusion in this world. but for the larger actors out there, we have to make it cost prohibitive. and one of the things we would like to do through legislation is enhanced penalties for cyber crimes. we have had some recent successes. for example, just last week, there was the arraignment in federal criminal court in new jersey of an international cyber criminal that we had extradited from europe. a secret service case. the secret service has terrific capabilities and cyber crime. it started off as financial crimes, counterfeit currencies but the secret service also has

a cyber crimes mission. and they and the u.s. attorney in new jersey but to just as a major cyber -- international cyber criminal who, basically with a gang of a handful of others, was stealing credit card information from private actors and selling that information offer millions and millions of dollars. so more good efforts like that, and enhanced penalties. but it needs to be on an international scale. they need to be cost prohibitive for private and state actors. >> we appreciate the hard work in that case, and many others. but organizations like anonymous and others can basically target colleges or whatever and shut down their operations. and it is very difficult to figure out who to hold accountable. >> any of the other governors have a question?

>> mr. chairman, i appreciate this important discussion. and of course we are all concerned about dhs's funding. we are also consider not immigration, securing our borders. cyber security is a huge issue that we all deal with, whether it is a state government or in the private actor. i have a little bit of a different question. we are very fortunate in our states and in all the states to have fusion centers where all of our law enforcement, or homeland security people come together to share information so that we can stay abreast in our states. whether it might beats every security or other threats. but recently i was watching one of our talk shows on tv, and hopefully they are always accurate with information. but the comment was made that -- the person said that it was and 49 states in the united states. i don't know, mr. secretary, but

will we receive information if there should be an iso-threat in our individual threats -- states? this person said 49 states had some form of iso-in them. -- isil in them. >> first of all, i just had an evaluation conducted of the effectiveness of fusion centers. and i got the report back just friday. i think there is tremendous value in fusion centers. they are principally funded by the states, and i think the states continue to do that. there are ways in which we can improve our information sharing at fusion centers that i am committed to working with the states to accomplish. now, in terms of -- in terms of the terrorist threat. the terrorist threat -- global terrorist threat is evolving to

a new phase in that we no longer deal with one core group that trained operatives in terrorist training camps overseas and then dispatches them into a home led to commit a large-scale terrorist act. these organizations are much more decentralized, much more diffuse. and the terrorist threat is more complex. so we are now living in a world where we have this foreign fighter phenomenon, where people travel from their home countries, they go to iraq syria, or even to yemen, and eventually they return and they come home. so i am committed, along with our international partners, to do a better job of tracking the travel of these individuals. and the fbi does a good job of integrating them before they leave. and when they come back.

and we share information with law enforcement to do that. but also, and this is where i think we need to work together even more, because of their effective use of the internet and social media, and publications, these terrorist organizations are able to reach into communities and try to recruit and inspire independent actors to follow their example, commit an act of violence, and we are seeing this in europe, and canada a lot now, obviously. and so i worry about the independent actor who could strike with little or no notice, without advanced warning to our intelligence community, and without even advanced warning to your stay please or your city -- state police or your city police departments. so it is one of the reasons i am out in the committee's -- communities talking about pilot extremism. and so it is more complex in

that there could be an independent actor that could strike at any moment. in the last couple of times -- i'll share this with you -- the last couple times i have issued statements in reaction to an event where we were enhancing homeland security. the federal protective service. or we were enhancing aviation security in response to an attack. i always put in there, and there is no credible specific information of a specific attack being planned here. or something along those lines. giving how the threats are involving -- evolving that has been a less and less relevant statement because you and i will not necessarily know about when the next bad actor is going to strike. and try to murder several cops on the beach in brooklyn --

beats in brooklyn or some other place. and so that is why i think we got to collectively engage communities where somebody may be inclined to turn to violence to build trust in these communities. when i do these engagements around the country, and always have a local sheriff, a local police chief, a local u.s. attorney. sometimes the mayor or the senators. to exercise a bill and trust in here issues with -- issues that people might have with my apartment -- department. but it is not just my job or your job to report an interdict. it has to be a public effort. given how this -- this threat is evolving. >> well, i first of all want to thank secretary johnson for being with us for this very lively discussion. it is important that us

governors be up on all the issues that we face today. as it relates to our respective states. so i really thank them. for our final piece of committee business today, we will move to consideration of our policy positions. the homeland security and public safety committee will consider for policies. you have those. hsp has two, cyber security. hsp s three, armed forces. and number four, veterans affairs. our staff has discussed this with all of you. the status of these issues. obviously, -- to elevate server security and veteran affairs into a standalone policy. any questions? this is all been discussed with everybody. in the interest of time, i suggest that we can tutor -- consider these as a block in motion. to have a second? second. all those in favor say i. the eyes -- ayes have it.

i think everybody. i now declare this meeting adjourned. please take your virginia peanuts with you, as well. thank you. [captions copyright national cable satellite corp. 2015] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org]

click's the national governors association taking a break care from their winter meeting. you can find this discussion at c-span.org. we will have more live coverage from the nga later today. she will be part of an assessment -- a session, live at 3:00 eastern here on c-span. >> the guard towers are gone but the memories come flooding back for so many people who, until today, had lost such a big part of their childhood. for many released after the war some buried the memories. and with it, the history of this camp.

now more than 60 years later with quacks tonight on -- >> what she says is the real reason for this camp. >> so the government comes to the father's and says have a we have a deal for you. we will reunite you with your families in the internment cap -- camp if you agree to go voluntarily. and then i discovered with the real secret of the camp was. he also had to agree to voluntarily repatriate. to germany and to japan, if the government decided they needed to be repatriated. so the truth of the matter is that the crystal city camp was humanely administered by the ins. but the special or divisions -- war divisions used it as roosevelt's primary prisoner

exchange. >> tonight at 8:00 eastern and pacific on c-span. >> the academy awards are tonight, and coming up here on c-span, we are taking a look at some of the real-life stories of people featured in this year's nominated films. first, representative lewis talks about the civil rights movement. then, former navy seal, chris,, discovers -- discusses his autobiography. and later, a discussion with stephen hawking's, whose early adult life is depicted in the film, the theory -- "the theory of everything." the film "selma" occurs in alabama. the movie is up for best picture tonight at the academy awards.