goodwin, author of the bully pulpit. you can watch them all at c-span .org. >> monday night on the communicators, we spoke with two industry executives at the consumer electronics show in las vegas. the senior vice president ericsson and cisco senior vice president talking about their companies and the technology on which the cloud operates. >> you talk about the network society. it is a society where everything that can benefit from having a connection actually has one. be put a vision forward in 2009 in barcelona, during the trade show going on there. of 50 billion connected devices in 2020, which has gone very

well in the world. that i think is close to many people's minds. that no industry is limited to smartphones, the devices we carry around. it is a great technology to connect so many other things and build a better society based on those kinds of technologies. >> the internet started with this thing that people needed to get somewhere or somehow. we brought the internet from that thing somewhere to your home. he brought that internet from being your home to being in every device that you carry around. the next age of the internet is about taking it from mobile devices and connecting not just people, but things with people, information with people, processes with people, so we can create an internet of everything. i think we are at the early stages of building the internet of everything. >> monday night at a clock eastern on the communicators on c-span2. >> from the winter meeting

homeland security -- secretary jeh johnson talks about cyber security. than a discussion on the impact of government policies on the internet. later, lawrence lessig outlines changes to the campaign finance system. the nation's governors are in washington dc this weekend for the annual winter meeting. among the panel discussions cyber security efforts at the federal and state levels. speakers include homeland security secretary jeh johnson and lieutenant general edward hardin. the governors also passed a resolution calling on congress to pass a homeland security spending bill. this is about one hour 20 minutes. >> how are we doing?

>> great. >> thank you and good morning to everybody. we have a great show of governors this morning. i think we all understand the importance of cyber security not only to protect our respective networks, but also the huge job creating potential that sever security will create for all of us. especially in our region, right, governor hogan? i want to thank you all. i'm terry mcauliffe, governor of the commonwealth of virginia and i am the vice chair of the nga homeland security and public safety committee. i would like to call the meeting to order and welcome the governors. thank you for joining us for today's session. i'm honored to serve in this committee leadership this year with our committee chair. governor rick snyder of michigan -- unfortunately, governor

snyder could not join us in person today. he will be with us in video in a few minutes. over the holidays, governor snyder decided that at his age he thought it would be a good idea to start exercising. his first half an hour created an achilles problem and a few other things. word to the wise -- if you have not started exercising, think twice about it. [laughter] i don't think he would be offended by that. i like to begin with a few administrative issues. the briefing books for this meeting were sent to all the governors in advance and include the agenda, speaker biographies, and background information. the proceedings of this committee meeting are open to the press, c-span and other networks are here with us today as well as open to all the meeting attendees. as a consideration, i would ask all of you to please take a moment to silence your cell phones or other electronic devices you may have. seated behind me is justin

stephens, the legislative director for the homeland security and public safety committee. see him if you need additional copies of the material or any other assistance. he will also be available after the session if you need further details on any issues that we discussed today. today's committee session, states leading on cyber security is the topic. we will focus on efforts of the governors, in their respective states. to secure government networks, their critical infrastructure from cyber attacks and meeting the needs of a cyber workforce. with our distinguished panel of speakers, we will also discuss opportunities to leverage resources and strengthen cyber security partnerships with federal leaders such as department of homeland security, as well as our national guard and the private sector. this discussion comes at a very important time. over the last year, significant reaches at major u.s. companies

have exposed the nation's increasing risk from cyberattacks originating both at home and overseas. states have not been immune to such threats, with notable breaches of state government networks in recent years that have compromised millions of citizens' medical records, financial statements, and other personal information. the consequences of these breaches go beyond economic and privacy concerns and also threaten the safety of our citizens and our national security. state networks control many essential government services, including critical homeland defense and emergency response operations. critical infrastructure such as the electric grid, transportation systems, and financial networks are well known targets of cyber adversaries with potential long-term implications for both life and property. as governors, we play a key role and are responsible for ensuring the security and resiliency of our government systems and critical infrastructure within

our states. in virginia, we have taken steps to ensure that the right governance structures are in place an adequate investments are being made to secure sensor networks and develop a skilled cyber workforce. virginia is home to more than 26 cyber related federal, university, and private r&d facilities, as well as more than 450 cyber companies. we have a first-rate higher education system drive the creation of the next-generation generation information technology and cyber workforce. we are also prone to a significant number of threats. last year, in our state alone, we experienced more than 100,000 attack attempts per day. we blocked more than 271 million spam messages. those are staggering numbers and the threats continue each and every day.

in february, virginia became the first state in america to adopt the national institute of standards and technology cyber security framework, solidifying our commitment to strengthening the security of our own networks and serving as a model for other states. also in february, i issued executive order number 8 creating the virginias cyber security commission and launching the cyber virginia initiative. i'm pleased to say that richard clarke, a senior security and counterterrorism adviser, is serving as the commission cochair, along with my secretary of technology, karen jackson seated behind me. we have assembled an outstanding group of cyber professionals to serve on the commission, including ms. alexander, the principal director of the cyber security division at aerospace company. cyber crosses many sectors. my secretary of public safety and homeland security brian ran is seated behind me as well.

my secretary of commerce and trade in education are also actively involved in the commission. we are looking at ways to be prepared and ready to respond to these threats by building capabilities, leveraging resources like our national guard, and strengthening our partnerships with the private sector. there are no one-size-fits-all solutions. but there are a number of strategies and best practices that will benefit each governor with us today. the national governors association's resource center for state cyber security, which governor snyder and i cochair is working with representatives from all levels of government. it's our mission to provide thoughtful recommendation and bring stakeholders together to address the state's most pressing cyber security challenges. governor snyder and i are members of the present council of governors. the council's membership includes 10 governors and senior

federal officials such as homeland security secretary johnson as well as the department of defense and the white house. through the council, states are working with the federal government to improve national efforts to share cyber threat information, strengthen our preparedness and response capabilities, and leverage all available resources. the council had a great meeting on friday at the pentagon with secretary johnson on these matters, and i look forward to continuing those discussions today. in a moment we will hear a video message from our chair, governor rick snyder. before i do that, i want to discuss another critical issue facing every state's homeland security, and that is the discussion going on right now in congress about funding for the department of homeland security. i am sure secretary johnson will speak on this issue, but i want to stress how tremendous an impact allowing dhs funding to collapse will affect every single governor in every single

community. let me be clear. there will be real-world consequences for all of our states if dhs funding runs out. 30 hard-working dhs employees will be without paychecks. and grant funding to every single state could be significantly impacted, even in the event of a continuing resolution. many of these grants support local police, firefighters, and emergency managers. they fund supplies, materials, and preparedness training to make our states so we can respond to homeland security threats and hazards, including the threat of ebola. a lapse in dhs funding could affect port operations around the country, something our economy cannot afford today. it's time for congress to get together on this and act. they should not let partisan politics threaten our homeland security and the economic security of so many who depend on their paychecks to put food

on the table for themselves and their families. i look forward to discussing this in more detail with secretary johnson, and i appreciate you coming here today. mr. secretary, i know you made all five morning shows today. i would like to turn it over to our committee chair, governor snyder, who has sent us a video to tell us about a few ways michigan is leading on cyber security, and to set the stage for today's discussion. [video clip] >> hello. i'm sorry i could not be with you in person. this meeting is an opportunity to address concerns and raise awareness about cyber security. a critical issue in michigan and around the nation. in michigan, we blocked more than 700,000 cyberattacks daily. to combat these attacks, we launched the 2015 michigan cyber initiative. this effort is focused on detection raising public , awareness, leveraging our state's awareness, and creating partnerships to create a cyber threat alert network.

this issue cannot be taken lightly. when i present my fiscal year 2016 budget, a recommended $7 million investment to strengthen our cyber security efforts. every day state governments face threats to their computer systems and online networks. as cochair for the nga research center for state cyber security, i am working with others to address these threats on a national scale. it is imperative that we understand the growing threat of cyber security in our country. by moving forward together, we will be able to better protect our citizens from technological threats. next you will be watching a video about how easy it is for a third-party to attack a state network. this video was put together by a program designed to prepare cyber security professionals for real-world situations. thank you for inviting me today, and i hope you have a great meeting.

>> you can say doing business online is more important today than doing business in a brick-and-mortar building. securing buildings, we have been doing it for thousands of years. most people have a good commonsense grasp of what it takes to keep it building safe. if you see a broken window, you securing buildings, we have been might meet somebody has gotten inside. but securing a website, surfing the web, a bit more recent. not a lot of common sense out there. that's good news for people like me. let me walk you through how someone like me can make big problem's for someone like you. it always starts with an employee. colin edwards chester send. he's a busy man. always on the go, moving between meetings.

every day and goes to the office, says high to his assistant, drink say little coffee, and gets to work. guys like me, we make our own hours. we work remotely. i'm not some kid sweating it out in mom's basement for it i'm a professional. this is how i make my living off of ed and people like you. there is ed doing spreadsheets, shifting paradigms and scoring circles, while talking on the phone, playing some candy from crush. me, on the other hand, i'm looking for opportunities. let's say i find a story about ed in the business section of some blog. looks promising. i will check out his social media presence, look at your website, search around to find a bit of ed's personal history. i'm taking notes, e-mail

addresses, phone numbers. ed's got to go to an off-site visit and meet with the board of fancy trousers, inc. i'm getting to work too. all the information i've collected so far. the attack has begun. i notice on his workplace social media page ed regularly attends , a few conferences every quarter. one of his favorites is coming up soon. a web search gets me some logos. i put together an e-mail from an airline asking ed to confirm. he is a little busy, not playing -- paying close attention when my e-mail comes in. he sees the e-mail on his phone and forwards it to his assistant. she opens the e-mail, looks he is a little busy, not legit, clicks on the big red confirm button, goes back to work. that's all it takes. that confirm button launch the remote access trojan. having access to her system is the same as having access to ed's system.

having access to ed's system is the same as having access to your system. spreadsheets, documents, projections, confidential anything. i even have access to ed's candy farm crush game now. it is all mine. now i can dig through everything he has access to. use his identity for bigger export. whatever. everything on your desktops, laptops, servers, anything online is at my fingertips. ed barely had to do anything. all it took was someone with access to his inbox to click on a little red button. still a little scared? you should. simple attack like this cost the u.s. $5.9 billion in 2013. who says you can't get rich quick? to everyone out there, your employees, you, the people using the wi-fi in your building, get

up to speed on this --until that happens, my job outlook is pretty rosy. >> i'd like to turn to our distinguished panel of speakers to discuss how we can better protect ourselves from cyber threats, focus our energies toward preventing future incidents, and give the governors of best practices they can implement to respond to and recover from a cyber incident. our panel today includes the honorable jeh johnson, secretary of homeland security since december of 2013. prior to joining dhs, secretary johnson served as general counsel for the department of defense. secretary johnson's career has prior to joining dhs, secretary included extensive service in national security, law enforcement, and as a corporate attorney. secretary or johnson was general counsel of the air force from 1998 to 2001. he served as assistant u.s. attorney for the southern district of new york until 1991.

lieutenant general edward cardone, commander of the u.s. army cyber command. prior to assuming command, he was commander of the second infantry division based in south korea. the lieutenant general has commanded at every level from company through division. he was born in texas, raised in california, and commissioned as an engineer officer from the united states military academy in 1982. ms. alexander also serves as a commissioner on the virginia cyber security commission, and is chair of its economic development committee. in her current position in the private sector, ms. alexander oversees engineering support research for cyber network and information security services all across the defense intelligence community civil and oversees engineering support commercial sectors. in addition to her position on virginia cyber security

commission, ms. alexander also serves on the national research council's committee on future research goals and directions for the foundational science in cyber security. let me turn it over to you secretary johnson. thank you for being with us today. >> i appreciate that we're having this discussion here. i appreciate the leadership of those at the state level around the table. some of you may notice that i have five layers of stage makeup on. as governor mcauliffe put it out, i have been on all five sunday morning news shows. the army has a saying, we do more -- i have done more before 11:00 a.m. than most people do in a day. been on cnn, fox, abc, nbc. it's pretty remarkable i made it here on time.

talking about the impact of a potential shutdown of the department of homeland security. i want to say word about that before we launch into the cyber potential shutdown of the security discussion. we have just five days. midnight friday night, funding for the department of homeland security, the third-largest department of our government and the department of our government that interfaces most with the american public runs out. we are looking at the impact of a potential shutdown. it will look like this. if the department of homeland security shuts down, we will require some 85% of the workforce to come to work. border security coast guard, , cyber security, law enforcement, the basic law enforcement, homeland security missions of the department, but they will not be paid.

the working men and women of my department will not receive a paycheck for the period of time of the shutdown, which, if you are a working man and woman trying to make ends meet with a family, is not an easy thing to ask of our people. that includes the united states coast guard, deployed as far away as places as the arctic. in the midst of a very harsh winter right now. approximately 30,000 employees of my department will be furloughed if we shut down. most of those are headquarters personnel. to give you a sense of the impact of that, at my headquarters i am pressing my staff continually to stay one step ahead of groups like isil aqap, al-shabab, to stay one step ahead of the weather, stay

one step ahead of daily cyberattacks we face, to stay one step ahead of what is working on our southern border to detect potential increases in illegal migration on our southern border. i have been pressing our staff to do that. i press them almost daily about aviation security. if we shut down, are headquarters staff scales back to a skeleton crew. i am told from the 2013 shutdown when we furloughed are headquarters personnel, we are still feeling the impact of that a year and a half later because of the things we were not able to do. then simply furloughing 30,000 people means taking people off the front lines and realigning their responsibilities. we will see impacts across the entire department. from your perspective, the thing you need to know is if we go

into shutdown, our grantmaking activity, two states, cities urban areas to support your homeland security law enforcement efforts comes to a standstill. it is shutdown. i'm sure each of you at the table appreciate the extent to which we rely upon our homeland security grants for your own homeland security law enforcement and public safety missions. for the most part, that grantmaking activity either comes to a standstill or it is enforcement and public safety greatly reduced. in terms of border security, there are things we have put on the southern border to enhance our border security efforts going back to last summer which congress still has not paid for. if we going to shut down, we are greatly compromised. across the board, we are greatly compromised. fema, that workforce, must be furloughed at 80%.

80% of the permanent appropriated workforce of fema will need to be furloughed, in the midst of a harsh winter in the northeast and across the south. 80% of the appropriated workforce will leave their post and can only be called back in the event of a real life threatening disaster. we will be unable for the most part to process claims, requests for disaster assistance. that will come to a screeching halt or a snails pace, if we have to furlough these people in the midst of a situation that a number of you around the table face with the winter. as long as we are on a continuing resolution, we also have considerable drawbacks. our grantmaking activity for 2015, new grants, we cannot fund. to governors, mayors, sheriffs

and the like. border security is compromised. there are things that may need to be paid for that are not paid for, things the secret service needs to do. the bottom line of all of this is the department of homeland security needs a full year's appropriation. we need a fully funded department of homeland security. you can see daily some of the challenges we face in homeland security, whether it's the u.s. government, state government city governments, and so forth. we need a fully funded department of homeland security. there are four working days this week for congress. i will be on capitol hill continually to urge congress to pass an appropriations bill for our department before the end of the week.

having said all that, let me talk about the good work of all of us about cyber security. cyber security must be a shared effort between the u.s. government, state governments, and the private sectors. it must be a shared effort given the nature of cyber security and cyberattacks. i want to commend those of you around the table and those of you who are members of the council of governors for your fine work in this regard. governor snyder has established a resource center for state cyber security. governor mcauliffe has appointed a cyber security commission. shortly after taking office, governor mead of wyoming has been very active in putting together a cyber security summit last week. governor haslam of tennessee has received briefings from dhs, as has governor bullock of montana, governor sandoval of nevada. we salute and appreciate the

partnership in cyber security at the state level. we urge that we do more in this regard. at dhs, we facilitate new cyber exercise opportunities for states, provide states with information about cyber security and dhs, and we ensure states help to contribute with the development of policy documents. congress has provided us with new legislation in the area of cyber security. late last year we had the national cyber security protection act of 2014. congress does something to pass congress has provided us with legislation once in a while, which gives dhs explicit authority to provide assistance at the private sector, and codifies the cyber security and communications integration center as a federal civilian interface with the private sector.

we have enhanced hiring authority as a result of legislation passed last year to hire cyber talent. there was a federal information security modernization act of 2014, which codifies our responsibility to assist other federal civilian departments and agencies of the government. last month we put forward our administration's proposal for new cyber security legislation that would establish our national cyber security to medication's integration center as a single portal for which the private sector should provide the government with cyber threat indicator information. medication's integration center we contemplate providing the private sector, those that provide that information with limits on civil and criminal liability for the act of providing that information. we have suggested in legislation a federal data breach notification department for victim related cyber crimes, and the enhancement of penalties for cyber crime.

we are active in this area, and we salute the governors here at the table for your work as well. i come back to where i started which is that this must be a shared responsibility, and we are glad that you governors are involved in this. >> thank you. >> thank you. >> it's a true honor to be here on president washington's birthday. i can't think of a more important subject. over the 18 months i have been in command, attacks are increasing. vulnerabilities are increasing. barriers to entry are dropping. i want to highlight on three main points today, first to echo secretary johnson, the importance of partnerships -- for my view, the federal

government has really worked well here over the last several months between the department of homeland security, department of justice, fbi, and department of defense. the key is to get that same level of integration with the months between the department of states. there's a number of states that have best practices. some of you are familiar with the red teams. in kansas, there's a fusion center that allows them to take federal level intelligence and bring it down to private industry. in michigan, with the idea of using training to get ahead, and here in virginia, there is a national guard unit that has been working from headquarters that has been established for and a half years. if we can take these best practices and work information sharing between the federal, state level, as will create yet

another full level of fabric to help the cyber security. which brings me next to governance. for the army, the army national guard is critical. they are in every state in the union. the challenge is there's different authorities. that is well established for disasters. it's less well established in each state for cyber. some states have done a lot of work, some states have done less. it's one thing to say when that soldier is on state active duty, what true authority they really have -- this is a complicated issue. i know i have three lawyers to keep me straight. there is a lot of policy of law in this area. the last subject i would like to talk about is the cyber mission forces. any of you know the department of defense is building a defense that will be complete in fiscal year 16. the training pipeline is full

with active-duty forces and the civilians that support them. we are establishing army reserve capabilities, but the training is hindered a little bit by the training pipeline. what are we doing about that? first, we already have national guard soldiers working for my headquarters and we are working equivalency packets that have been approved by u.s. cyber command. we are working to get them i credited to u.s. cyber standards -- accredited to u.s. cyber standards. that will give us a degree of interoperability across the states. they need facilities. a lot of the information needed in the future will have to be information sharing from dhs or dod. that will require intelligence which requires the right kind of facilities to handle that.

finally, i would say the organizations during each state is already authorized a cyber network defense team since 1999. the army will create 10 cyber protection teams. we have organize these the same way we have organized the active forces. so they can be used in a title x role. there's only 10, and there's 50 states. i know the competition over where these go, that is a national guard sorting it out. the question would be is, how can we use those to support states? we have already for disasters the idea of dual status commanders. are there ways we can organize this collectively to give us better cyber security? i will close with i think this problem is going to continue to grow. a lot of the issues we have right now, not just in capacity, it's getting ourselves aligned. there's a lot of capacity.

to operate at the speed that we will have to operate in this domain, we will have to get a lot of this stuff done much earlier than we do now. if you go back to hurricane katrina, it took us 10 days to stand up that task force -- we can't have that. what we need now is standing things so when a state is attacked all the processes are , in place that will allow us to operate a network speed. >> ms. alexander? >> thank you, governor, for the opportunity to speak on this important topic. i will address cyber security challenges and recommendations. let's recap some of the services we have at the state and federal level across the public and private sector. we have read about the infrastructure, cyber command operations, banking, finance and a host of others. it's important to keep these services in mind when we talk about cyber security.

cyber security is the enabler to ensure that these services are available when we need them. these services are implemented across a wide range of technology. we have a wireless mobility, unmanned systems. even the internet of things. even our refrigerators and televisions are now internet-enabled. we welcome this technology growth. they actually help us enhance services we are providing. if we have a mobile device in the hand of an early responder we can provide the responder with situational awareness of what data they need, what the situation might entail, and where they're back up resources are. we keep that in mind as cyber defenders. as a cyber defender, we look at this as a very complex and broad attack surface, readily available. it's important we take a systematic perspective. we need a framework. in that framework, we need to be able to define what that

entails, and find ways to ensure those services that are most needed, when needed, and protect the most sensitive data. this morning i will talk about the items in that framework and highlight how some of the activities and virginia are addressing those needs under the leadership of governor mcauliffe and secretary jackson under the cyber commission. the first item in the framework is to have a strategic plan. we cannot address everything. we have to define which of those services and which functions in those services are most critical. we also then have to look at the information supporting the with her that is personal or missing -- mission information and prioritize data sets. once we have a plan for cyber security, we can start a baseline of security posture. these services are implemented across various systems. we need to know the architectures, processes and

procedures implementing those critical services. in virginia, we are baselining the infrastructure to perform cyber security gap analyses. these gaps can span research technology, workforce. all the challenges we have heard mentioned this morning. with that baseline in place, we then need to develop a roadmap. the roadmap is were we take the resources that are available and the resources in the community, and prioritize addressing those cyber security gaps. in virginia we have several initiatives we started. we have recently stood up a cyber security unmanned aerial vehicle consortium. we are taking the cyber security community and coming together to look at what are the challenges of securing the control systems, communications up to the vehicles, as well as the vehicles flying themselves. we are working to hold the cyber security showcase. that showcase will bring industry, large and small innovative solutions, academia

as well as state and federal government to actually visualize, demonstrate the cyberattacks on this uav space as well as any innovative defenses. in the manufacturing community we are making strides. our manufacturing systems are now internet connected. the manufacturing systems did not take that into account. there's a way that we can attacked -- get attacked in ways we did not anticipate. once we have that roadmap, another important aspect of the strategic framework would be to increase the cyber operations center. we don't just have these in the military, but we have them at many levels. what is important as we enhance the cyber operations centers and the response teams that operate there is we target and focus on the systems implementing those critical services, which takes

us back to that strategic plan. we have seen monitoring going off of many systems. in virginia, we have a joint cyber security operations center. we are going to bring together the analysts from the various systems so they can have shared awareness. we are also going to introduce center. collaboration opportunities with the private sector on some of the techniques to respond. another activity in the cyber operations arena is cyber testing. that was mentioned. those are critical. it also highlights the importance of sharing incidents. when we think of a cyber incident, we should think of in terms of a lesson learned. we do want to share information about the attacker and the exploitation methods. with that information, we have now a huge repository available.

the best way to understand how we might operate under contested cyberattacks is to conduct these types of exercises. the national guard will be working in virginia with us to conduct such exercises. finally, i would like to talk to you about the resources you have heard today. you heard about the nga cyber security resource center. there is excellent information on best practices, check with, security resource center.and how to operate cyber response teams. when we apply these guidance as well as a risk management framework, what is important is we tailor it and tie it back to the subset of services that are most important. we cannot protect every resource. when we apply a checklist, we need to keep in mind that priorities, set of services, and

do them in a determined and priority fashion. thank you, governor. >> thank you very much for that. let's open up to questions. . before we go to all the governors i want to commend the , administration for the executive order signed last week for the federal government and private sector to come together. we can do all we want at the state and federal level, the private is a huge player. we saw in the last two weeks a major health care provider, saw hacked 80 million pieces, bits of information from individuals, including one hundred 10,000 of the commonwealth of virginia employees' personal data. same in many of the states that use the same health care provider, which was a critical breach that affected everybody in our state government. how would the governors around this table and the country, how do we best access this new private sharing of information? how do we work together to make sure you're providing us at the state level with information to move forward accordingly?

>> good question. i would say a couple of things. one, i guess the vision i have for how we would work together is something along the lines of how we work together now, in the counterterrorism field, where we have joint task forces and fusion centers situated around the country. we have fusion centers in every state. some are smaller than others. they share information on a variety of homeland security subjects. i would like to see us build out more of that when it comes to cyber security, given the direction we all need to head. whether that is working together in washington or in your respective states, that is the vision i have and the direction i would like to see us go in. second, sharing about best practices and notification of

cyber breaches. there are some very sophisticated actors in the private sector to understand cyber security and have good cyber security protections in place. some are way more sophisticated than others. there's still a lot in the supply chains further down that needed a lot of help and a lot of learning. we ought to figure out a way to work with the less sophisticated cyber security actors together to ensure they are observing best practices. in terms of specific incidents governor mead and i had a discussion about this on friday where there is a cyber security breach that occurs in your state, and you have equities. you and your constituents have equities. the private actor comes to dhs and says, i will share with you what i know on the condition

that you don't share it with anybody else. that is an awkward spot to be in. i want that private actor to come to us, to tell us about the attack so that we can assess it, we can assess whether there is a broader implication to it, but i also realize that state governments have equities here have reason to know. one of the ways we could go about that is to devise a protocol where if we see state government equities, we say to the private actor, you should not form a state government as well. we need to work on that as well, build out a protocol for that type of situation. i do recognize that there are situations involving cyber attacks were a state government has huge equities. >> mr. chairman?

>> i think that the commonwealth of puerto rico, the states have news everyday about this issue. if you allow me, i want to go back briefly to the first point. puerto rico is an island in the middle of the caribbean, and we are neighbors with the united states. you can imagine what the coast guard represents to us, as well as samoa and the state of hawaii. we receive $10.5 million in investment for the coast guard. so it's huge for us. i don't know if you guys know that 40% of the cocaine the gets

to the united states gets here through the caribbean border. not through the mexican border. we have been able, working together, dhs, puerto rico, to increase in 300% the interception of illegal drugs that are on their way to the mainland. we will not be able to put together a plan and to implement the plan against illegal drugs that are on the way to the mainland if dhs is not fully funded. i know we need to work and we need to go as far as we can in cyber security, and i just want to highlight as governor of puerto rico, and i know this is the same for the governor of hawaii and guam and the governor

a similar -- of samoa it is of key importance that dhs is fully funded, permanently funded. we have been able to reduce the crime rate to the lowest level in more than 20 years, and we need to keep going. but we need them as partners and need them fully funded. in any way that we can help you there is importance of this issue or it thank you. >> governor? >> thank you, and good morning. i am from the u.s. virgin islands. i am new in my administration. there are two things i would like to bring to the secretary's attention.

the government of the virgin islands was successful in receiving some grant money's as well as going to the bond market and doing tremendous infrastructure investments in fiber optics across the territory for the purposes of connectivity. seven intercontinental shelf undersea cables come into the western st. croix, and provide the largest broadband capacity in the northern hemisphere except for new york-new jersey. this platform is now being used and made available to the private sector as well as government. the infrastructure is placed under a governmental instrumentality. my concern is security of this platform, and the ability of the private sector and government to be able to use this powerful piece as we grow and expand our economy.

is there any benefit in moving this infrastructure out from central government control or private sector control under the national guard in terms of providing more and effective security of the system, or do you provide a service to secure it as it is notwithstanding who its owners are? that is my first question. i would like to get some direction on that. >> it's going to be a bit complicated, i think. first, anything on u.s. territory actually falls under the department of homeland security. we are in support of the department of homeland security. how this works with the national guard this is what i was talking

about with best practices where they have worked it out in the state in the way that they could assist. there is some merit there. my personal belief is 85% of the networks are privately owned and i think it should remain that way. that is the nature of our system. the question is, how do we better secure it? i think there are a couple ways to approach that. i would have to look at this in a lot more detail the way you describe that, but there are ways to do this. we would first turn to homeland security. they have the lead on .gov and support to .com, and then we assist as necessary. >> the general is correct. it's a complicated question. we would have to study this, and we will take that for

evaluation. >> i will follow up with your office to get that done. it's fairly new, and it's branching out. we want to make sure it's very very secure. i want to join with the governor of puerto rico and the chairman in their concern about funding for dhs. the virgin islands, and just for your acknowledgment, and we will follow up with the nj with this -- the virgin islands is in proximity to the british virgin islands which is in close proximity to a number of caribbean islands going down the chain. we have a tremendous issue with human trafficking through the u.s. virgin islands, particularly in the evening. in some instances, where the island of st. john is located -- i'm not exaggerating -- you can literally cross from one country

to the next on an inner tube. our local police department have picked up koreans, asians, folks from europe, chinese coming through there in the evening. they come right into st. mark or antigua and make their way up to the u.s. virgin islands. we contacted dhs to see what assets were available to intercept some of this human trafficking and to assist in terms of the amount of drugs that come through those channels. we haven't been very much successful in acquiring any federal support for this problem. we are going to need to reach out, because that is a weak link in the chain as we're concerned about terrorist activities and the different things that are

happening that can affect the country. that is a significant hold that is open because of the number of keys and islands and their proximities to each other, but they belong to different nations. the question is whether some assets can be put in place from the national system, and the virgin islands is fairly willing to do its part. we simply do not have the resources to undertake that responsibility to deal with it. we can provide the numerical statistics on the number and nationalities of individuals that the local government have detained coming through the neighborhoods there and coming on shore. >> we saw a brief spike in cuban migration on the high seas in the southeast.

the coast guard responded pretty aggressively. additional cutters off the florida coast, and so forth. the spike did not last long. the numbers are back down again. in the southwest, across the land border, in january we had a total of 21,512 apprehensions on the southern border. apprehensions are an indicator of total illegal attempts to cross the border. 21,512 is the lowest monthly number we have seen since december 2012. it is considerably lower than it was january of last year. that number last year was 28,668. the january before was 26,921. in january 2012, it was 25,714.

our january number four apprehensions on the southwest border is the lowest monthly number we have seen in years. that i believe has a lot to do with the additional resources that we put on the southwest border. my point is that border security is not free. we need to pay for it. there are a lot of additional things that i have put their over the last several months but still have not been paid for by congress. there is a lot more we want to do that needs to be funded. the other point i will make is that the general point, which is true whether you're talking about puerto rico, the virgin islands, or the other states around the table, which is through urban area grants and our grant to state, your state received millions of dollars every year in homeland security funding.

but because we are on a continuing resolution for 2015 for non-disaster assistance, none of that has been funded. we are about to start month five in the fiscal year and have not been able to fund homeland security activities as long as we are on a continuing resolution. i just want to make those general point. >> the to general hutchinson and general herbert. >> thank you for doing such a great job in convening this meeting on cyber security. i applaud the administration on bringing in the private sector. i think you are right on target there. i also want to share your concern about funding for dhs as a former homeland security official. i have a high regard for those out there, whether it is the coast guard or border agents in terms of the work that they do

and importance of it. i do want to ask you -- it is my understanding there are serious policy issues being debated in congress and the administration basically disagrees with a restriction on the application of the executive order. and so there is a conflict in terms of a policy issue. and in politics, as you know the art of compromise is sometimes importance -- important. we want it to be funded, but what is the administration putting on the table to resolve this disagreement on policy? for example, can the administration withhold putting into play the executive order until it is finally resolved by the supreme court? because this issue is ultimately going to be resolved in the courts. what is the administration putting on the table to resolve the current impasse? >> well, governor, my response

is that we encourage, want to have a debate in congress about immigration reform. we have been wanting that debate for years. the senate passed a comprehensive bill in 2013. we were hoping the house would do the same, and the house did not act. and so, we in november, issued a number of things that, across the board, would reform the immigration system. it is not just a deferred action program. it is added border security, a southern campaign strategy for arizona, new mexico, texas. it is getting our immigration enforcement personnel a pay raise. it is helping to facilitate employment in high tech. there are nine different initiatives that we launched in november, all of which there is

an effort to defund. it is not just the deferred action program for parents. on your point, my point is don't tie that to the budget of homeland security, which includes the coast guard, secret service, fema ice and so forth. i'm fighting for a clean, fully funded budget. there are real consequences to my departments ability to pursue its mission grantmaking, your states, and homeland security as long as he faced the prospect of