there is something to hope for and there is something even to be optimistic about, that if we organize in the way we now have the capacity to organize, there is the chance, not the certain the, the chance that we can restore this inequality of citizenship again, for once, maybe it has never been here then for once, but for all of us, that is our obligation -- the moral obligation, and obligation it can inspire all if it is understood to be something that speaks to the best of our tradition, which is including and expanding and building a democracy. that expands the capacity that we have.

thank you very much. [applause] >> thank you, i'm happy to take questions, eager to take questions which i understand there are mics at both sides. >> sitting in the middle, please come to the aisle, thank you. question over here.

>> so thanks for a great talk. my question is related to how you get everybody and their individual issues to align this greater issue, right, whether it's either health care, environment, the lists go on. it seems like there is an emotional piece. how do i place my emotional fervor around climate change and if leslie, the bigger issue is the first issue. it's hard for me to get emotional about this bigger one and take that same emotion and pour it into this underlying piece. that is my discussion, my question. >> right. so and this is a general problem that people have described around this reform movement for many years. i think the first step is to recognize something about how you cannot get what you want.

i don't think it's enough to think about how i can't get what i want. i don't think the personal selfish perspective is sufficient here, even if your selfish perspective is about a public policy issue that you think is great for the world. i think the other part about it is to recognize why it is wrong and when you see why it is wrong, when you see that it is wrong because it has disenfranchised us. it has taken from ordinary americans a fundamental part of what a democracy is, equal representation, it has taken that away. there is a certain anger that grows with that. think about the protest in hong kong again. that was a purely procedural protest, purely about procedural issues, they didn't have the democracy yet. the very idea that they would be excluded from the first stage of the election was enough to motivate them to say to hell with this, we are not going to accept this as a democracy. and so the conception of it

being unjust and wrong was what motivated as much as them thinking they couldn't even map out from the perspective you were talking about which issues they wouldn't get past right. it was the injustice, the immorality about that way of thinking about it. i think it's not hard to see why our system is like that. what's hard to do is to get people to be as passionate about changing it, not because they don't see it's wrong, but because they don't see it's possible to change it. and so if you, if we can find the way to link the recognition, heck, i'm not going to get anything anyway with, and there is some thing, this is insult added to injury. then i think there is a chance to begin to coordinate. now i don't want to convince you to give up your work on solar or climate change. those are incredibly important issues. regardless of what the issue is, i don't want to convince you to give it up. i do want to convince you to

tithe. i want you to give 10% to this cause. if you can get everybody to tithe, to give 10% to this cause, then there is enough to imagine this cause taking on the fight that it has to take on. and this fight in the end is actually not as hard as other fights we have taken on and won. for example, racism, which, of course, we haven't won, but we spent a long time making extraordinary progress with a really hard problem because you don't just wake up and no longer -- are no longer racist. it takes generations to put that out of the d.n.a. of a society. this issue is just the problem of the incense incentives of running a campaign. there is no candidate running for congress today who would lament giving up the world

where they sit like a pigeon in a cage and peck on the phone to get the person at the other end to give them the money they need. nobody likes this system. it's just about creating the incentives where they can see they can win in a different way. so this is not as hard a problem in some very important sense. i think if we can get justice recognition beyond the simple injustice, something beyond the simple injustice, i hope, i think that's the only way we can make the progress happen. >> you have been fighting for the mic again. >> i don't have any additional questions. thank you, i'm convinced on like the tithe of the 10%. i've been convinced for some time. it was just hard to -- not just do both, but that there's an emotional piece there and i think there is something great about everybody working together on that underlying piece, so thank you. >> thank you. >> next question on this side.

>> hi, i can't think historically of any government that isn't built to protect the interests of the elite and even then the grass where there was better income distribution -- that was where silverlight's -- civil rights were certainly not in place for many, many people who lived in this country. i'm wondering if you could address that and whether some of the people's movements in this country, the occupy movements or the current marches all over the country after the shooting deaths aren't a more effective way of scaring politicians. >> i don't think there is a golden history. there are particular periods which worked better, but didn't work better for all issues. even at a time when i think congress was not as captured by money as i think it is now, it certainly was incapable of dealing with civil rights because of the vietnam power of democrats in the senate from the south. so there is never a point in our history where you can look

back and say things were just grand. what do we want to thank follows from that point? because i do think we can see in our history ideals which still resonate with us, many that we have discarded fortunately like disenfranchisement of women or the failure to recognize the equality of race. those are gone as ideals. but the ideal of this equality of citizenship was from the founding an ideal which we can still collect and use. madison, when he described our democracy, he said we would have a branch that would be "dependent on the people alone." we do not have that now. we have dependent on the people plus dependent on these funders. the one on to be clear and he meant "not the rich more than the poor." so that is an ideal that we can use to point to the democracy we should be pushing

for. now, you ask a fair question. are more radical revolutionary changes more effective? and so far, i do not think so. now that anything has been affected, but so far i think that we have seen is that when pushed to the extreme like that, this enormously powerful system responds in an incredibly brutal way. we could look at what happened in even occupy east bay or forget occupy. think about the brutality of the response to what aaron did. this system is enormously powerful for dealing with what they view as deviation. that is what commits me to inside the norm -- the morals of the system -- we have to use the system to change it.

now, i'm happy to be proven wrong and the more radical solution to achieve what we all are aiming for. i'm not saying that people should give up on the more radical, but i think we need to recognize a path that doesn't require tearing down everything. there is the path. i think it's possible and doesn't require, indeed even invite people to give up fundamental commitments. i could give a version of this talk to a group of republican, -- conservative republicans and i think find a way to show them as much the commitment of ending the corruption of the system as much as people care about climate change or whatever people on the left would care about. i don't think it is as extreme in the brutality in this system which could be done if we found a way to speak across the divisions and push in a way that united in the way that i'm

trying to describe. >> question over here on the right. >> i guess i want to go back to the article 5 conventions that you were talking about earlier. what i get from a lot of the political changes that were promised like financial reform campaign finance reform, we get promised one thing and it works it's way through and by the time it's done, it's gutted of any actual power or real meaning. my question is what does this amendment you're envisioning look like and how do we get the change that we're actually demanding? >> so you're describing the product of a system where money has an enormous influence because it's learned how to exercise its influence over the system. the thing they are afraid of when talking about an article 5 convention, no one knows how to control over that entity.

that is not to say there is no reason to believe that that entity would produce fantastic ideas. in fact, there is a lot of reason to worry about that entity producing terrible ideas. what i described here wasn't the product that the great ideas would come out of that process, but instead that that process puts enormous pressure on congress to try to stop that process and it does that by giving the political movements what they want. so the last time we came close was a balanced budget convention calls in the 1970's and 1980's. we became very close. congress adopted a whole series of reforms that responded to that push and stopped the push by that response and so all that i'm saying right now is that we should recognize this as another tool to create the

kind of pressure for reform that right now doesn't seem to exist because they're happy to run the system the way the system has been run for the last 20 years. and the best evidence of that is, we have an election, the first thing that happened after the election is a passage of a bill that basically undoes the financial reform that the dodd frank, critical part of the financial reform -- the derivatives, raises the contributions you can make to parties from individuals so you can give millions of dollars to parties that you couldn't before. all of that is done by democrats and republicans recognizing they need to do this to return the favor to those that just brought them to power. that can't change unless they are terrified about the consequences of that. one dimension of that terror is coming from that unspecified power from an article 5 convention. >> next question on the side. >> thank you so much for your

time and all of your work on this issue. at the crux of it, you said we need 15 senators and 45 representatives to flip. i think it is feasible and tough in this pulls live -- polarized political environment. two questions from that, tactically is it better to insulate this issue from the p are best policy -- here based politics or try to channel those forces behind this issue? second, most more thanly on a more actionable level, to build trust between members of congress to try and bridge that gap, what sort of informal mechanisms or institutions can we establish? exchanging constituent letters to the editor, it may be too california for you, but maybe a group meditation session. [laughter] >> look, i was here for nine years. i can get the meditation stuff too. this is a really critical point that it is hard especially for progressives to embrace that we need more than progressives to win.

that's not to say we have to compromise anything, but to the -- but it is to say that we have to recognize that fundamental reform only ever happened at the constitutional level if it's cross partisan. that's to say i don't want to get these 15 senators not by saying we're going to kick out 15 republicans and get 15 democrats even if democrats would love that, we only get 15 senators or 10 maybe, maybe it's enough for 10 if we can get republicans to begin to talk about this issue. what we know is that if you talk, get republicans in a context where they're not worried about losing the seat to a democrat. to choose between a republican

candidate who cares about reform and a renteria candidate who doesn't, the reform candidate does better. the strategy that suggests is begin to think about safe republican seats where there is a chance to talk about republicans who care about reform. so one example is dave bratt who beat eric cantor, a completely safe republican seat, a guy who spent almost no money called eric cantor a crony capitalists. those are fighting words for a right-wing republican -- crony capitalists is evil. that's exactly what this corruption is, it's the production of crony capitalism. it corrupts government and capitalism. that is what right-wing republicans think about it. that credible fight complicated by other issues like immigration that people on the left are very upset about, i am too, that way of framing it makes it a credible republican concern as well. i think the only way we win is if eight to 10 republican victories happen around this not because democrats have beaten them, but because republicans have begun to generate their own version of this. this election cycle, the pac supported the only republican

candidate in a nation to make elections funding and to propose public funding of elections. that was an essential part of what jim rubin's campaign in new hampshire was about. and that influence has now begun to spread. republicans have talked about introducing a very large voucher bill, a $200 voucher bill which would radically change the way these campaigns are funded. this is the slow progress for things to happen on the right. if a slice of republicans, not 40, 50, 20, even 10% were to begin to open up the possibility of that as a feature of their platform, then the coalition to win is possible. that's how it's always been. think about the progressive era -- teddy roosevelt is a republican. bob lafollette is a republican. taft is a republican. the progressive movement is democrats and republicans, not just a bunch of democrats.

democrats have very conservative southern democrats who are not progressive in any sense at all. so that recognition of the need to find a way to knit together different political perspectives focused on this fundamental issue is what we have to discover. it is so counterintuitive to us and it's not even clear organizationally, it's possible, i often think that the business model of progressive organizations is inconsistent with the business model of winning because the way we want to talk about this issue is designed to make the other side hate us. so we want to talk about it, how terrible corporations are and how evil it is to have money in the system. those of might be true statements, but if you talk like that, you're certain turn off 40% of americans of what you're talking about. is there an authentic and true way to talk about this that

doesn't necessarily turn them off? the parallel that becomes more and more parallel to me about this is think about the civil rights movement. so the late 1950's and early 1960's, there is a fundamental divide in the civil rights movement. one part, the part we associate now with malcolm x thinks the way to win is to build as much fury american african-americans -- among african-americans for their cause as possible. if that includes violence, it includes violence. god knows there has been violence for hundreds of years against african-americans. that's what it takes, that's what it takes. the other part of the movement which we now associate with martin luther king is the part that says, look, we have to speak so the other side can hear us. if we go out there and engage in violence, the other side doesn't listen anymore. they say let's deal with the violence. if they go out there with nonviolence, engage in a way

that celebrates the best of our traditions, they have to listen to us. so when you watched -- our parents and grandparents watched african-americans being hosed and bullied with dogs and beaten on the bridge in selma, they responded by recognizing this was inconsistent with values that they had. they were speaking in a way the other side had to hear. i think that's what we have to do here. we have to find a way to talk so the other side has to listen and hears us and agrees. as i have done this, i have spoken to people on the right about this and there are people here on the right, there is a recognition that this common problem -- this is a common problem. we have a common enemy even if we don't have common ends. we have to find a way to organize against that common enemy and that objective

includes recognizing, it's not about beating republicans. it's about bringing republicans and democrats to recognize the corruption of the system. >> question over here on the right. >> i loved your speech tonight. i have been with you for eight months and i'm sticking with you, but i've a question because the first half of a talk explained that i've absolutely no chance of making any change. i'm in the bottom 90%. the top .02% can veto any issue they want to veto. the second half you explained to me that in three or four years we could probably push through the one issue that the the top of .2% most wants to veto. what you left out was what the top 2% was going to do to stop us. that's also what got left out before the last election. i didn't hear much about it. i'm not going to ask you to fill in that blank. what i'm going to ask you to

do, ask you why is you don't remove the filter between the top of mayday and the bottom of mayday because i cannot find out what your discussion intellectually up top and how you make your decisions and i cannot contribute to it. i have tried. you have nice people that deal with my emails, but there is a real strong block just like in our democracy. >> well, let's separate the issues for a second. let's talk about how it's feasible first that the group that is disadvantage, the bottom 90% or whatever you want to call it, can mobilize and have power to destroy the thing which the top might care to most preserve. let me start by reinforcing the intuition that it's a really incredibly hard problem. my friend, jim cooper, a democrat from tennessee, described capitol hill as a farm league for k street, k street where the lobbyists

work. what he means is there is a common business model among members of congress and staffers in congress to become lobbyist. they make more money, they make tons of money as lobbyists. the annual salary increase was 1,452%. if you're on the inside and you imagine your future as a lobbyist, somebody comes along and they say, yeah, we have an idea of changing the system fundamentally so lobbyists can't be paid that much anymore, you're not likely to be encouraged to support that reform. the insiders have very strong power to resist that reform. i completely agree with you. it might well be that there is nothing to be done, might well be. so what do you do in the face of what might well be? i get from many people all the time the argument can't be done, so don't do anything about it.

that's a really tempting idea because it's really costly to do something about it. it's really painful. it's really hard. i have got young kids. they're not happy that i'm trying to do something about it. let me tell you, when i look at the temperature in new hampshire next week and this is a nice idea, let's not do anything about it. something you might know when i was a kid, i was a republican. i grew up, but i was a republican when i was a kid. [laughter] here is what you hear republicans say all the time. we love our country. as i have gotten up and grown up and being a liberal, i hear liberals say it, too, it's not just republicans. we used to chant that, we love our country, love our country.

as i have become a law professor and looked at the great parts of our tradition standing next to the terrible parts, but the great parts, i feel that love, i feel that love. what i know about love and you know about love is what love means is you never give up regardless of what you face. i wrote this at the end of my book, the story of this woman standing before me in a dartmouth speech saying you convinced me, professor, there is nothing that can be done. it is hopeless. there is no change we could ever achieve. as i said in the book, i was terrified it was a total fail because i don't want to produce that reaction in people, but the image that came to me was of my son, my then only son who i love and imagine a doctor saying to you your son has terminal brain cancer and there is nothing you can do. so what would you do?

>> you have avoided my question entirely. i agree with everything you said. >> i have taken the first part which i'm saying what would we do. >> i said that wasn't my question. >> so you don't want me to continue the story. [laughter] >> low strike a deal. quid pro quo. great. so the point to this is, should be obvious, the point is if you feel this, you're going to do their going to do this regardless and we are going to work and you said you are going to work, too. the second part, how do you organize and regulate this one entity trying to help in this project? >> i think we're not permitted inside right now and we will win if you harness the rest of us. >> right. so what i described and dropped the sxsw project on top of was

a process that will invite exactly this project to figure out how we recruit. i think the only -- there is no justification. the only explanation that i would offer is just understanding the incredibly -- incredible constraints of ginning up and executing in a month a project that tried to take on what we tried to take on. there is a million mistakes to learn from. we're trying to learn at least from half of those mistakes as quickly as we can. i eagerly want to find a way to bring in as many as possible. but i also know from the staff that was there, that there is only so many hours and only so much we couldn't get it done. i take your question and that i answer it as a pledge from you as a quid pro quo that you step up and be a part of that.

that's exactly what i profess the shift has to be. it's how to recruit people to do the work person to person as opposed to how do we recruit television stations to do the work and -- yes, i agree, thank you. >> we have time for one last question, but before we get to that, i just want to invite everybody immediately after the program to join us in the atrium for a dessert reception and it book signing. we have time for one last brief question. >> i am both a donor to mayday and a donor to the pack. in 2008 as getting marijuana legalized was a sideshow ignored, presidential candidates did not want to talk about it. and because of the ballot proposition, we now have five states in which it is now legal. i'm curious about how come a similar strategy isn't being

used for campaign fans reform so -- campaign finance reform so the state has a real system and, wow, this works really well, we can emulate this in other states and get something on the ground kneeled instead of waiting for congress. >> is a great strategy. it's being pursued to push at the state level to create, and the local level, to create the these anticorruption ordinances. they succeeded in tallahassee and they're pushing ones in montana. i totally support this idea. i also believe we don't have time. we don't have time for 40 states to come around to get their local house in order before we take on the challenge of congress. we don't have time because we don't have the opportunity, a way to address the issues to motivate everybody to want to turn out and do something here like climate change or health care or equality or some way of finding a common purpose again, these are not things that can wait. so as much as i am eager to see those things succeed, i would not say that means we shift our focus and not also try to

pursue this. we recognize that that might mean those don't move as quickly, but i think as they move together, they feed on each other. i think what we saw out of the victory in tallahassee was an extraordinary revival of the belief in part of the country that there was change possible. that helps us to work at the national level, too. so it's a great strategy. it's just one more complementing strategy we got to be able to adopt. i'm incredibly grateful you would come out and spend your time with this. i'm hopeful that you will carry some of this forward to others and join at least one of these maybe two, all three, and yes, there are some boots left in new hampshire waiting for people to fill them, so come join us if you would like. thank you very much. [applause]

>> thank you. [applause]

spending bill. this is about one hour 20 minutes. >> how are we doing? >> great. >> thank you and good morning to everybody. we have a great show of governors this morning. i think we all understand the importance of cyber security not only to protect our respective networks, but also the huge job creating potential

that sever security will create for all of us. especially in our region, right, governor hogan? i want to thank you all. i'm terry mcauliffe, governor of the commonwealth of virginia and i am the vice chair of the nga homeland security and public safety committee. i would like to call the meeting to order and welcome the governors. thank you for joining us for today's session. i'm honored to serve in this committee leadership this year with our committee chair. governor rick snyder of michigan -- unfortunately, governor snyder could not join us in person today. he will be with us in video in a few minutes. over the holidays, governor snyder decided that at his age he thought it would be a good idea to start exercising. his first half an hour created an achilles problem and a few other things. word to the wise -- if you have not started exercising, think twice about it. [laughter] i don't think he would be offended by that. i like to begin with a few administrative issues. the briefing books for this

meeting were sent to all the governors in advance and include the agenda, speaker biographies, and background information. the proceedings of this committee meeting are open to the press, c-span and other networks are here with us today as well as open to all the meeting attendees. as a consideration, i would ask all of you to please take a moment to silence your cell phones or other electronic devices you may have. seated behind me is justin stephens, the legislative director for the homeland security and public safety committee. see him if you need additional copies of the material or any other assistance. he will also be available after the session if you need further details on any issues that we discussed today. today's committee session, states leading on cyber security is the topic. we will focus on efforts of the governors, in their respective states. to secure government networks, their critical infrastructure from cyber attacks and meeting

the needs of a cyber workforce. with our distinguished panel of speakers, we will also discuss opportunities to leverage resources and strengthen cyber security partnerships with federal leaders such as department of homeland security, as well as our national guard and the private sector. this discussion comes at a very important time. over the last year, significant reaches at major u.s. companies have exposed the nation's increasing risk from cyberattacks originating both at home and overseas. states have not been immune to such threats, with notable breaches of state government networks in recent years that have compromised millions of citizens' medical records, financial statements, and other personal information. the consequences of these breaches go beyond economic and privacy concerns and also threaten the safety of our citizens and our national security. state networks control many essential government services,

including critical homeland defense and emergency response operations. critical infrastructure such as the electric grid, transportation systems, and financial networks are well known targets of cyber adversaries with potential long-term implications for both life and property. as governors, we play a key role and are responsible for ensuring the security and resiliency of our government systems and critical infrastructure within our states. in virginia, we have taken steps to ensure that the right governance structures are in place an adequate investments are being made to secure sensor networks and develop a skilled cyber workforce. virginia is home to more than 26 cyber related federal, university, and private r&d facilities, as well as more than 450 cyber companies. we have a first-rate higher education system drive the

creation of the next-generation generation information technology and cyber workforce. we are also prone to a significant number of threats. last year, in our state alone, we experienced more than 100,000 attack attempts per day. we blocked more than 271 million spam messages. those are staggering numbers and the threats continue each and every day. in february, virginia became the first state in america to adopt the national institute of standards and technology cyber security framework, solidifying our commitment to strengthening the security of our own networks and serving as a model for other states. also in february, i issued executive order number 8 creating the virginias cyber security commission and launching the cyber virginia initiative. i'm pleased to say that richard clarke, a senior security and counterterrorism adviser, is serving as the commission

cochair, along with my secretary of technology, karen jackson seated behind me. we have assembled an outstanding group of cyber professionals to serve on the commission, including ms. alexander, the principal director of the cyber security division at aerospace company. cyber crosses many sectors. my secretary of public safety and homeland security brian ran is seated behind me as well. my secretary of commerce and trade in education are also actively involved in the commission. we are looking at ways to be prepared and ready to respond to these threats by building capabilities, leveraging resources like our national guard, and strengthening our partnerships with the private sector. there are no one-size-fits-all solutions. but there are a number of strategies and best practices that will benefit each governor with us today. the national governors association's resource center for state cyber security, which

governor snyder and i cochair is working with representatives from all levels of government. it's our mission to provide thoughtful recommendation and bring stakeholders together to address the state's most pressing cyber security challenges. governor snyder and i are members of the present council of governors. the council's membership includes 10 governors and senior federal officials such as homeland security secretary johnson as well as the department of defense and the white house. through the council, states are working with the federal government to improve national efforts to share cyber threat information, strengthen our preparedness and response capabilities, and leverage all available resources. the council had a great meeting on friday at the pentagon with secretary johnson on these matters, and i look forward to continuing those discussions today. in a moment we will hear a video message from our chair, governor rick snyder. before i do that, i want to

discuss another critical issue facing every state's homeland security, and that is the discussion going on right now in congress about funding for the department of homeland security. i am sure secretary johnson will speak on this issue, but i want to stress how tremendous an impact allowing dhs funding to collapse will affect every single governor in every single community. let me be clear. there will be real-world consequences for all of our states if dhs funding runs out. 30 hard-working dhs employees will be without paychecks. and grant funding to every single state could be significantly impacted, even in the event of a continuing resolution. many of these grants support local police, firefighters, and emergency managers. they fund supplies, materials, and preparedness training to

make our states so we can respond to homeland security threats and hazards, including the threat of ebola. a lapse in dhs funding could affect port operations around the country, something our economy cannot afford today. it's time for congress to get together on this and act. they should not let partisan politics threaten our homeland security and the economic security of so many who depend on their paychecks to put food on the table for themselves and their families. i look forward to discussing this in more detail with secretary johnson, and i appreciate you coming here today. mr. secretary, i know you made all five morning shows today. i would like to turn it over to our committee chair, governor snyder, who has sent us a video to tell us about a few ways michigan is leading on cyber security, and to set the stage for today's discussion. [video clip] >> hello. i'm sorry i could not be with you in person.

this meeting is an opportunity to address concerns and raise awareness about cyber security. a critical issue in michigan and around the nation. in michigan, we blocked more than 700,000 cyberattacks daily. to combat these attacks, we launched the 2015 michigan cyber initiative. this effort is focused on detection raising public , awareness, leveraging our state's awareness, and creating partnerships to create a cyber threat alert network. this issue cannot be taken lightly. when i present my fiscal year 2016 budget, a recommended $7 million investment to strengthen our cyber security efforts. every day state governments face threats to their computer systems and online networks. as cochair for the nga research center for state cyber security, i am working with others to address these threats on a national scale. it is imperative that we

understand the growing threat of cyber security in our country. by moving forward together, we will be able to better protect our citizens from technological threats. next you will be watching a video about how easy it is for a third-party to attack a state network. this video was put together by a program designed to prepare cyber security professionals for real-world situations. thank you for inviting me today, and i hope you have a great meeting. >> you can say doing business online is more important today than doing business in a brick-and-mortar building. securing buildings, we have been doing it for thousands of years. most people have a good commonsense grasp of what it takes to keep it building safe. if you see a broken window, you securing buildings, we have been might meet somebody has gotten inside. but securing a website, surfing the web, a bit more recent.

not a lot of common sense out there. that's good news for people like me. let me walk you through how someone like me can make big problem's for someone like you. it always starts with an employee. colin edwards chester send. he's a busy man. always on the go, moving between meetings. every day and goes to the office, says high to his assistant, drink say little coffee, and gets to work. guys like me, we make our own hours. we work remotely. i'm not some kid sweating it out in mom's basement for it i'm a professional. this is how i make my living off of ed and people like you. there is ed doing spreadsheets, shifting paradigms and scoring circles, while talking on the phone, playing some candy from crush.

me, on the other hand, i'm looking for opportunities. let's say i find a story about ed in the business section of some blog. looks promising. i will check out his social media presence, look at your website, search around to find a bit of ed's personal history. i'm taking notes, e-mail addresses, phone numbers. ed's got to go to an off-site visit and meet with the board of fancy trousers, inc. i'm getting to work too. all the information i've collected so far. the attack has begun. i notice on his workplace social media page ed regularly attends , a few conferences every quarter. one of his favorites is coming up soon. a web search gets me some logos. i put together an e-mail from an airline asking ed to confirm.

he is a little busy, not playing -- paying close attention when my e-mail comes in. he sees the e-mail on his phone and forwards it to his assistant. she opens the e-mail, looks he is a little busy, not legit, clicks on the big red confirm button, goes back to work. that's all it takes. that confirm button launch the remote access trojan. having access to her system is the same as having access to ed's system. having access to ed's system is the same as having access to your system. spreadsheets, documents, projections, confidential anything. i even have access to ed's candy farm crush game now. it is all mine. now i can dig through everything he has access to. use his identity for bigger export. whatever. everything on your desktops, laptops, servers, anything online is at my fingertips. ed barely had to do anything. all it took was someone with access to his inbox to click on

a little red button. still a little scared? you should. simple attack like this cost the u.s. $5.9 billion in 2013. who says you can't get rich quick? to everyone out there, your employees, you, the people using the wi-fi in your building, get up to speed on this --until that happens, my job outlook is pretty rosy. >> i'd like to turn to our distinguished panel of speakers to discuss how we can better protect ourselves from cyber threats, focus our energies toward preventing future incidents, and give the governors of best practices they can implement to respond to and recover from a cyber incident. our panel today includes the honorable jeh johnson, secretary of homeland security since december of 2013.

prior to joining dhs, secretary johnson served as general counsel for the department of defense. secretary johnson's career has prior to joining dhs, secretary included extensive service in national security, law enforcement, and as a corporate attorney. secretary or johnson was general counsel of the air force from 1998 to 2001. he served as assistant u.s. attorney for the southern district of new york until 1991. lieutenant general edward cardone, commander of the u.s. army cyber command. prior to assuming command, he was commander of the second infantry division based in south korea. the lieutenant general has commanded at every level from company through division. he was born in texas, raised in california, and commissioned as an engineer officer from the united states military academy in 1982.

ms. alexander also serves as a commissioner on the virginia cyber security commission, and is chair of its economic development committee. in her current position in the private sector, ms. alexander oversees engineering support research for cyber network and information security services all across the defense intelligence community civil and oversees engineering support commercial sectors. in addition to her position on virginia cyber security commission, ms. alexander also serves on the national research council's committee on future research goals and directions for the foundational science in cyber security. let me turn it over to you secretary johnson. thank you for being with us today. >> i appreciate that we're having this discussion here. i appreciate the leadership of those at the state level around the table. some of you may notice that i have five layers of stage makeup on.

as governor mcauliffe put it out, i have been on all five sunday morning news shows. the army has a saying, we do more -- i have done more before 11:00 a.m. than most people do in a day. been on cnn, fox, abc, nbc. it's pretty remarkable i made it here on time. talking about the impact of a potential shutdown of the department of homeland security. i want to say word about that before we launch into the cyber potential shutdown of the security discussion. we have just five days. midnight friday night, funding for the department of homeland security, the third-largest department of our government and the department of our government that interfaces most with the american public runs out.

we are looking at the impact of a potential shutdown. it will look like this. if the department of homeland security shuts down, we will require some 85% of the workforce to come to work. border security coast guard, , cyber security, law enforcement, the basic law enforcement, homeland security missions of the department, but they will not be paid. the working men and women of my department will not receive a paycheck for the period of time of the shutdown, which, if you are a working man and woman trying to make ends meet with a family, is not an easy thing to ask of our people. that includes the united states coast guard, deployed as far away as places as the arctic. in the midst of a very harsh winter right now. approximately 30,000 employees of my department will be

furloughed if we shut down. most of those are headquarters personnel. to give you a sense of the impact of that, at my headquarters i am pressing my staff continually to stay one step ahead of groups like isil aqap, al-shabab, to stay one step ahead of the weather, stay one step ahead of daily cyberattacks we face, to stay one step ahead of what is working on our southern border to detect potential increases in illegal migration on our southern border. i have been pressing our staff to do that. i press them almost daily about aviation security. if we shut down, are headquarters staff scales back to a skeleton crew. i am told from the 2013 shutdown

when we furloughed are headquarters personnel, we are still feeling the impact of that a year and a half later because of the things we were not able to do. then simply furloughing 30,000 people means taking people off the front lines and realigning their responsibilities. we will see impacts across the entire department. from your perspective, the thing you need to know is if we go into shutdown, our grantmaking activity, two states, cities urban areas to support your homeland security law enforcement efforts comes to a standstill. it is shutdown. i'm sure each of you at the table appreciate the extent to which we rely upon our homeland security grants for your own homeland security law enforcement and public safety missions. for the most part, that

grantmaking activity either comes to a standstill or it is enforcement and public safety greatly reduced. in terms of border security, there are things we have put on the southern border to enhance our border security efforts going back to last summer which congress still has not paid for. if we going to shut down, we are greatly compromised. across the board, we are greatly compromised. fema, that workforce, must be furloughed at 80%. 80% of the permanent appropriated workforce of fema will need to be furloughed, in the midst of a harsh winter in the northeast and across the south. 80% of the appropriated workforce will leave their post and can only be called back in the event of a real life threatening disaster. we will be unable for the most part to process claims, requests for disaster assistance.

that will come to a screeching halt or a snails pace, if we have to furlough these people in the midst of a situation that a number of you around the table face with the winter. as long as we are on a continuing resolution, we also have considerable drawbacks. our grantmaking activity for 2015, new grants, we cannot fund. to governors, mayors, sheriffs and the like. border security is compromised. there are things that may need to be paid for that are not paid for, things the secret service needs to do. the bottom line of all of this is the department of homeland security needs a full year's appropriation. we need a fully funded department of homeland security. you can see daily some of the challenges we face in homeland

security, whether it's the u.s. government, state government city governments, and so forth. we need a fully funded department of homeland security. there are four working days this week for congress. i will be on capitol hill continually to urge congress to pass an appropriations bill for our department before the end of the week. having said all that, let me talk about the good work of all of us about cyber security. cyber security must be a shared effort between the u.s. government, state governments, and the private sectors. it must be a shared effort given the nature of cyber security and cyberattacks. i want to commend those of you around the table and those of you who are members of the council of governors for your fine work in this regard. governor snyder has established

a resource center for state cyber security. governor mcauliffe has appointed a cyber security commission. shortly after taking office, governor mead of wyoming has been very active in putting together a cyber security summit last week. governor haslam of tennessee has received briefings from dhs, as has governor bullock of montana, governor sandoval of nevada. we salute and appreciate the partnership in cyber security at the state level. we urge that we do more in this regard. at dhs, we facilitate new cyber exercise opportunities for states, provide states with information about cyber security and dhs, and we ensure states help to contribute with the development of policy documents.

congress has provided us with new legislation in the area of cyber security. late last year we had the national cyber security protection act of 2014. congress does something to pass congress has provided us with legislation once in a while, which gives dhs explicit authority to provide assistance at the private sector, and codifies the cyber security and communications integration center as a federal civilian interface with the private sector. we have enhanced hiring authority as a result of legislation passed last year to hire cyber talent. there was a federal information security modernization act of 2014, which codifies our responsibility to assist other federal civilian departments and agencies of the government. last month we put forward our administration's proposal for new cyber security legislation that would establish our national cyber security to

medication's integration center as a single portal for which the private sector should provide the government with cyber threat indicator information. medication's integration center we contemplate providing the private sector, those that provide that information with limits on civil and criminal liability for the act of providing that information. we have suggested in legislation a federal data breach notification department for victim related cyber crimes, and the enhancement of penalties for cyber crime. we are active in this area, and we salute the governors here at the table for your work as well. i come back to where i started which is that this must be a shared responsibility, and we are glad that you governors are involved in this. >> thank you. >> thank you. >> it's a true honor to be here on president washington's birthday.

i can't think of a more important subject. over the 18 months i have been in command, attacks are increasing. vulnerabilities are increasing. barriers to entry are dropping. i want to highlight on three main points today, first to echo secretary johnson, the importance of partnerships -- for my view, the federal government has really worked well here over the last several months between the department of homeland security, department of justice, fbi, and department of defense. the key is to get that same level of integration with the months between the department of states. there's a number of states that have best practices. some of you are familiar with the red teams. in kansas, there's a fusion center that allows them to take federal level intelligence and bring it down to private industry. in michigan, with the idea of

using training to get ahead, and here in virginia, there is a national guard unit that has been working from headquarters that has been established for and a half years. if we can take these best practices and work information sharing between the federal, state level, as will create yet another full level of fabric to help the cyber security. which brings me next to governance. for the army, the army national guard is critical. they are in every state in the union. the challenge is there's different authorities. that is well established for disasters. it's less well established in each state for cyber. some states have done a lot of work, some states have done less. it's one thing to say when that soldier is on state active duty, what true authority they really have -- this is a complicated

issue. i know i have three lawyers to keep me straight. there is a lot of policy of law in this area. the last subject i would like to talk about is the cyber mission forces. any of you know the department of defense is building a defense that will be complete in fiscal year 16. the training pipeline is full with active-duty forces and the civilians that support them. we are establishing army reserve capabilities, but the training is hindered a little bit by the training pipeline. what are we doing about that? first, we already have national guard soldiers working for my headquarters and we are working equivalency packets that have been approved by u.s. cyber command. we are working to get them i credited to u.s. cyber standards -- accredited to u.s. cyber standards.

that will give us a degree of interoperability across the states. they need facilities. a lot of the information needed in the future will have to be information sharing from dhs or dod. that will require intelligence which requires the right kind of facilities to handle that. finally, i would say the organizations during each state is already authorized a cyber network defense team since 1999. the army will create 10 cyber protection teams. we have organize these the same way we have organized the active forces. so they can be used in a title x role. there's only 10, and there's 50 states. i know the competition over where these go, that is a national guard sorting it out. the question would be is, how

can we use those to support states? we have already for disasters the idea of dual status commanders. are there ways we can organize this collectively to give us better cyber security? i will close with i think this problem is going to continue to grow. a lot of the issues we have right now, not just in capacity, it's getting ourselves aligned. there's a lot of capacity. to operate at the speed that we will have to operate in this domain, we will have to get a lot of this stuff done much earlier than we do now. if you go back to hurricane katrina, it took us 10 days to stand up that task force -- we can't have that. what we need now is standing things so when a state is attacked all the processes are , in place that will allow us to

operate a network speed. >> ms. alexander? >> thank you, governor, for the opportunity to speak on this important topic. i will address cyber security challenges and recommendations. let's recap some of the services we have at the state and federal level across the public and private sector. we have read about the infrastructure, cyber command operations, banking, finance and a host of others. it's important to keep these services in mind when we talk about cyber security. cyber security is the enabler to ensure that these services are available when we need them. these services are implemented across a wide range of technology. we have a wireless mobility, unmanned systems. even the internet of things. even our refrigerators and televisions are now internet-enabled. we welcome this technology growth. they actually help us enhance services we are providing. if we have a mobile device in the hand of an early responder we can provide the responder

with situational awareness of what data they need, what the situation might entail, and where they're back up resources are. we keep that in mind as cyber defenders. as a cyber defender, we look at this as a very complex and broad attack surface, readily available. it's important we take a systematic perspective. we need a framework. in that framework, we need to be able to define what that entails, and find ways to ensure those services that are most needed, when needed, and protect the most sensitive data. this morning i will talk about the items in that framework and highlight how some of the activities and virginia are addressing those needs under the leadership of governor mcauliffe and secretary jackson under the cyber commission. the first item in the framework is to have a strategic plan. we cannot address everything. we have to define which of those services and which functions in

those services are most critical. we also then have to look at the information supporting the with her that is personal or missing -- mission information and prioritize data sets. once we have a plan for cyber security, we can start a baseline of security posture. these services are implemented across various systems. we need to know the architectures, processes and procedures implementing those critical services. in virginia, we are baselining the infrastructure to perform cyber security gap analyses. these gaps can span research technology, workforce. all the challenges we have heard mentioned this morning. with that baseline in place, we then need to develop a roadmap. the roadmap is were we take the resources that are available and the resources in the community, and prioritize addressing those cyber security gaps. in virginia we have several

initiatives we started. we have recently stood up a cyber security unmanned aerial vehicle consortium. we are taking the cyber security community and coming together to look at what are the challenges of securing the control systems, communications up to the vehicles, as well as the vehicles flying themselves. we are working to hold the cyber security showcase. that showcase will bring industry, large and small innovative solutions, academia as well as state and federal government to actually visualize, demonstrate the cyberattacks on this uav space as well as any innovative defenses. in the manufacturing community we are making strides. our manufacturing systems are now internet connected. the manufacturing systems did not take that into account. there's a way that we can attacked -- get attacked in ways

we did not anticipate. once we have that roadmap, another important aspect of the strategic framework would be to increase the cyber operations center. we don't just have these in the military, but we have them at many levels. what is important as we enhance the cyber operations centers and the response teams that operate there is we target and focus on the systems implementing those critical services, which takes us back to that strategic plan. we have seen monitoring going off of many systems. in virginia, we have a joint cyber security operations center. we are going to bring together the analysts from the various systems so they can have shared awareness. we are also going to introduce center. collaboration opportunities with the private sector on some of the techniques to respond. another activity in the cyber operations arena is cyber testing.

that was mentioned. those are critical. it also highlights the importance of sharing incidents. when we think of a cyber incident, we should think of in terms of a lesson learned. we do want to share information about the attacker and the exploitation methods. with that information, we have now a huge repository available. the best way to understand how we might operate under contested cyberattacks is to conduct these types of exercises. the national guard will be working in virginia with us to conduct such exercises. finally, i would like to talk to you about the resources you have heard today. you heard about the nga cyber security resource center. there is excellent information on best practices, check with, security resource center.and how to operate cyber response teams. when we apply these guidance as

well as a risk management framework, what is important is we tailor it and tie it back to the subset of services that are most important. we cannot protect every resource. when we apply a checklist, we need to keep in mind that priorities, set of services, and do them in a determined and priority fashion. thank you, governor. >> thank you very much for that. let's open up to questions. . before we go to all the governors i want to commend the , administration for the executive order signed last week for the federal government and private sector to come together. we can do all we want at the state and federal level, the private is a huge player. we saw in the last two weeks a major health care provider, saw hacked 80 million pieces, bits of information from individuals, including one hundred 10,000 of

the commonwealth of virginia employees' personal data. same in many of the states that use the same health care provider, which was a critical breach that affected everybody in our state government. how would the governors around this table and the country, how do we best access this new private sharing of information? how do we work together to make sure you're providing us at the state level with information to move forward accordingly? >> good question. i would say a couple of things. one, i guess the vision i have for how we would work together is something along the lines of how we work together now, in the counterterrorism field, where we have joint task forces and fusion centers situated around the country. we have fusion centers in every state. some are smaller than others. they share information on a variety of homeland security

subjects. i would like to see us build out more of that when it comes to cyber security, given the direction we all need to head. whether that is working together in washington or in your respective states, that is the vision i have and the direction i would like to see us go in. second, sharing about best practices and notification of cyber breaches. there are some very sophisticated actors in the private sector to understand cyber security and have good cyber security protections in place. some are way more sophisticated than others. there's still a lot in the supply chains further down that needed a lot of help and a lot of learning. we ought to figure out a way to work with the less sophisticated cyber security actors together to ensure they are observing best practices.

in terms of specific incidents governor mead and i had a discussion about this on friday where there is a cyber security breach that occurs in your state, and you have equities. you and your constituents have equities. the private actor comes to dhs and says, i will share with you what i know on the condition that you don't share it with anybody else. that is an awkward spot to be in. i want that private actor to come to us, to tell us about the attack so that we can assess it, we can assess whether there is a broader implication to it, but i also realize that state governments have equities here have reason to know. one of the ways we could go about that is to devise a protocol where if we see state government equities, we say to

the private actor, you should not form a state government as well. we need to work on that as well, build out a protocol for that type of situation. i do recognize that there are situations involving cyber attacks were a state government has huge equities. >> mr. chairman? >> i think that the commonwealth of puerto rico, the states have news everyday about this issue. if you allow me, i want to go back briefly to the first point. puerto rico is an island in the middle of the caribbean, and we are neighbors with the united states. you can imagine what the coast guard represents to us, as well

as samoa and the state of hawaii. we receive $10.5 million in investment for the coast guard. so it's huge for us. i don't know if you guys know that 40% of the cocaine the gets to the united states gets here through the caribbean border. not through the mexican border. we have been able, working together, dhs, puerto rico, to increase in 300% the interception of illegal drugs that are on their way to the mainland. we will not be able to put together a plan and to implement the plan against illegal drugs that are on the way to the

mainland if dhs is not fully funded. i know we need to work and we need to go as far as we can in cyber security, and i just want to highlight as governor of puerto rico, and i know this is the same for the governor of hawaii and guam and the governor a similar -- of samoa it is of key importance that dhs is fully funded, permanently funded. we have been able to reduce the crime rate to the lowest level in more than 20 years, and we need to keep going. but we need them as partners and need them fully funded.

in any way that we can help you there is importance of this issue or it thank you. >> governor? >> thank you, and good morning. i am from the u.s. virgin islands. i am new in my administration. there are two things i would like to bring to the secretary's attention. the government of the virgin islands was successful in receiving some grant money's as well as going to the bond market and doing tremendous infrastructure investments in fiber optics across the territory for the purposes of connectivity. seven intercontinental shelf undersea cables come into the western st. croix, and provide the largest broadband capacity in the northern hemisphere except for new york-new jersey.

this platform is now being used and made available to the private sector as well as government. the infrastructure is placed under a governmental instrumentality. my concern is security of this platform, and the ability of the private sector and government to be able to use this powerful piece as we grow and expand our economy. is there any benefit in moving this infrastructure out from central government control or private sector control under the national guard in terms of providing more and effective security of the system, or do you provide a service to secure it as it is notwithstanding who its owners are? that is my first question. i would like to get some direction on that.

>> it's going to be a bit complicated, i think. first, anything on u.s. territory actually falls under the department of homeland security. we are in support of the department of homeland security. how this works with the national guard this is what i was talking about with best practices where they have worked it out in the state in the way that they could assist. there is some merit there. my personal belief is 85% of the networks are privately owned and i think it should remain that way. that is the nature of our system. the question is, how do we better secure it? i think there are a couple ways to approach that. i would have to look at this in

a lot more detail the way you describe that, but there are ways to do this. we would first turn to homeland security. they have the lead on .gov and support to .com, and then we assist as necessary. >> the general is correct. it's a complicated question. we would have to study this, and we will take that for evaluation. >> i will follow up with your office to get that done. it's fairly new, and it's branching out. we want to make sure it's very very secure. i want to join with the governor of puerto rico and the chairman in their concern about funding for dhs. the virgin islands, and just for your acknowledgment, and we will follow up with the nj with this -- the virgin islands is in

proximity to the british virgin islands which is in close proximity to a number of caribbean islands going down the chain. we have a tremendous issue with human trafficking through the u.s. virgin islands, particularly in the evening. in some instances, where the island of st. john is located -- i'm not exaggerating -- you can literally cross from one country to the next on an inner tube. our local police department have picked up koreans, asians, folks from europe, chinese coming through there in the evening. they come right into st. mark or antigua and make their way up to the u.s. virgin islands. we contacted dhs to see what assets were available to

intercept some of this human trafficking and to assist in terms of the amount of drugs that come through those channels. we haven't been very much successful in acquiring any federal support for this problem. we are going to need to reach out, because that is a weak link in the chain as we're concerned about terrorist activities and the different things that are happening that can affect the country. that is a significant hold that is open because of the number of keys and islands and their proximities to each other, but they belong to different nations. the question is whether some assets can be put in place from the national system, and the virgin islands is fairly willing to do its part. we simply do not have the resources to undertake that responsibility to deal with it. we can provide the numerical statistics on the number and

nationalities of individuals that the local government have detained coming through the neighborhoods there and coming on shore. >> we saw a brief spike in cuban migration on the high seas in the southeast. the coast guard responded pretty aggressively. additional cutters off the florida coast, and so forth. the spike did not last long. the numbers are back down again. in the southwest, across the land border, in january we had a total of 21,512 apprehensions on the southern border. apprehensions are an indicator of total illegal attempts to cross the border.

21,512 is the lowest monthly number we have seen since december 2012. it is considerably lower than it was january of last year. that number last year was 28,668. the january before was 26,921. in january 2012, it was 25,714. our january number four apprehensions on the southwest border is the lowest monthly number we have seen in years. that i believe has a lot to do with the additional resources that we put on the southwest border. my point is that border security is not free. we need to pay for it. there are a lot of additional things that i have put their over the last several months but still have not been paid for by congress.

there is a lot more we want to do that needs to be funded. the other point i will make is that the general point, which is true whether you're talking about puerto rico, the virgin islands, or the other states around the table, which is through urban area grants and our grant to state, your state received millions of dollars every year in homeland security funding. but because we are on a continuing resolution for 2015 for non-disaster assistance, none of that has been fuwe are about to start month five in the fiscal year and have not been able to fund homeland security activities as long as we are on a continuing resolution. i just want to make those general point. >> the to general hutchinson and general herbert. >> thank you for doing such a great job in convening this meeting on cyber security.

i applaud the administration on bringing in the private sector. i think you are right on target there. i also want to share your concern about funding for dhs as a former homeland security official. i have a high regard for those out there, whether it is the coast guard or border agents in terms of the work that they do and importance of it. i do want to ask you -- it is my understanding there are serious policy issues being debated in congress and the administration basically disagrees with a restriction on the application of the executive order. and so there is a conflict in terms of a policy issue. and in politics, as you know the art of compromise is sometimes importance -- important. we want it to be funded, but

what is the administration putting on the table to resolve this disagreement on policy? for example, can the administration withhold putting into play the executive order until it is finally resolved by the supreme court? because this issue is ultimately going to be resolved in the courts. what is the administration putting on the table to resolve the current impasse? >> well, governor, my response is that we encourage, want to have a debate in congress about immigration reform. we have been wanting that debate for years. the senate passed a comprehensive bill in 2013. we were hoping the house would do the same, and the house did not act. and so, we in november, issued a number of things that, across the board, would reform the immigration system. it is not just a deferred action program.

it is added border security, a southern campaign strategy for arizona, new mexico, texas. it is getting our immigration enforcement personnel a pay raise. it is helping to facilitate employment in high tech. there are nine different initiatives that we launched in november, all of which there is an effort to defund. it is not just the deferred action program for parents. on your point, my point is don't tie that to the budget of homeland security, which includes the coast guard, secret service, fema ice and so

forth. i'm fighting for a clean, fully funded budget. there are real consequences to my departments ability to pursue its mission grantmaking, your states, and homeland security as long as he faced the prospect of a complete shutdown of my department, which is where we are right now. >> there is no compromise? when congress comes back into town, they will have to decide how to break this impasse. the president has said that he will veto an appropriations bill that comes to his desk that defense our executive actions. i believe that is the right position. he shouldn't tie one to the other. the litigation plays a fact or

i'm sure. we have said we will appeal. that will play itself out. we need to break this impasse it i'm hoping he will be able to figure out a way to do that. >> thank you. >> thank you. this is a timely subject. i appreciate that we are discussing cyber security. that ought to be we are partly -- it is the state working for federal government and certainly engaging in the. in our state, we have millions of hits a day hackers tend break into our state. it is a new frontier for crime. i appreciate being here with you

today to discuss this issue. i do not want to belabor the point. it has been said that it is important. there is not a governor here that logs to the national governors association that doesn't want to see the department of homeland security fully funded. i haven't heard anyone say that print the politics that goes on in congress executive ranch is beyond our domain. we have a smaller setting in our own states. we all would like to see you funded. we would also like to see congress address immigration issue. it is disappointing and frustrating to all of us that they cannot address that. we have said amongst ourselves can't we agree on one thing? secure the borders? build a tall fence?

we could talk about widening the gate. making sure that we have a gate that functions. it is both good it is a congress and executive branch trying to find would work together on this that is causing the breakdown. i noticed a bill that was passed the political and the homeland security. the senate passed that. the problem is i understand it is it doesn't fully fund the immigration executive order. we could fully fund you, but the question is about the executive order. can we come together on some kind of resolution and move things along? force congress and the executive branch to work together and fully fund homeland security? this is kind of common sense. encourage both sides to come together and resolve this. it can be done and should be

done. we appreciate your effort and trying to bring that to pass. thank you. >> thank you. >> thank you for being here and for the discussion. i echo the comments that two previous governors and hopefully we can figure it out. this question on sharing information, it is critical. i think you are on the right track. hearken back to my days as a u.s. attorney right after september 11. we had the same discussions as terms of counterterrorism and the sharing of information from the federal level to the local level in back-and-forth. there was serious disagreement and concern about how much to share, went to share it, who needs to know what. we have made great progress in finding a level of trust. your suggestion intrigued me.

there are ways we share with colorado. ways to figure it out. i encourage you down that path. in some ways, that was as difficult to fund them what we face now. i think that is the right approach. we could figure protocols to do that. if something is happening, we have the information and can be trusted with it. likewise, we will share information. my question is, as you and your team looks at the problem perhaps getting worse where is your vision in terms of technology and investments? obviously as part of that question, it is the weakling the technology front, or the

human length? in terms of the use of technology? just a general question and where we need improvements on the human side and technology site. inc. you again -- thanks again for being here. >> i think -- let me come out of a couple of ways. i think there is a lot of cyber talent in the private sector are right now. i would like to see more of them be willing to serve their country or their states even for a couple of years. it is difficult competing with the private sector. i could use more cyber talent people within our department of

the type that we see being developed in the private sector. i personally have been out there trying to recruit people went our graduate schools and so forth. i also believe that there's a lot of good technology out there in the private sector. but even the best technology cannot prevent against an act of spearfishing if an employee is willing -- is vulnerable enough to not know how to protect against it. we see this over and over again. some of the most sophisticated cyber attacks are simply because summit he opens an e-mail that he shouldn't have. that is a matter of awareness.

there a lot of private entities that are paying attention to best practices. they should. i think that is where all of us play a role in information awareness and so forth you'd i suspect there are others who have a view on that as well. there is talent and good technology out there. even the best technology cannot protect against and after who is not sophisticated enough to close the door when the door should be closed. that is how i see the vulnerability. >> i guess i would like to elaborate on that. he is absolutely correct. when we look at many attacks that occur and are more harmful, they exploit widely known

vulnerabilities. it is simply due diligence. in virginia, we have tried to address that from several perspectives. have a portal where some of these best practices could be made available. it is the type of systems you have and make sure you're using the current version and not a version that every hacker has -- and can damage your system. i wanted to highlight that some of the mistakes -- in virginia we have seven bills targeted at cyber security. they support cyber crime. when you get an exploit and you can address it as critical we're looking at increasing the accountability. it's also cyber defenses could very. but was a best practice that was successful. privately we need to do this.

we recognize that we need to have accountability for systems to be maintained at a reasonable posture. governor -- nine >> governor, if i could add technologies moving so fast. look at the cloud technology and start asking how to secure cyber. it is new. i would say we have to concentrate on the cyber talent. the offense will always lead the defense here you have to be 100% right all the time. you don't have to be lucky once. when you look at it like that, for user practices, poor architecture that will handle 90% of it. sophisticated cyber actor is going to need all of us here

together in partnership. that is how we are going to find them. we're got to make it less easy. we have put enormous energy working on cyber talent. we believe that is the future pit we could train technology to peter we will not be able to -- we're learning it may not be there two or three years from now. >> governor. >> fetish i. -- that is right. what kind of deterrence or penalties can we do in our law enforcement constructs to go after people that benefit from this. as you go through -- how do you hold them, folks come accountable who are committing

or stealing things and whatnot? it seems as if we have gotten -- there are breaches. i think you made an outstanding point. hold people accountable that are doing extremely illegal things to the great financial benefit for themselves. in our view, it is about time to show there are penalties. so much is spent on defense. it is hard to go out on the offense of side -- offensive side. >> you're talking about private actor or even the state actor is making it prohibited. you will not be able to prevent every single cyber intrusion in this world.

for the larger actors out there, we have to make it across prohibited. one of the things we would like to do is enhance penalties or cyber crimes unit we have got recent successes. last week, there was the arraignment and federal criminal court of an international cyber criminal that we had extradited from europe. a secret service case. terrific capabilities. started office bank robberies. there's also a cyber crimes mission. they brought to justice a major cyber criminal who basically with a gang of a handful of others was stealing credit card information from private durer and selling the information offer millions of dollars -- private actors and selling the

information for millions of dollars. it needs to be cross prohibited for private and state actors. >> we appreciate the hard work. organizations could basically target colleges or whatever and shut down the operations. it is difficult to figure out who to hold accountable. >> the governors have a question? >> i appreciate this important discussion. we are all very concerned. we are also concerned about immigration securing our borders. it is a huge issue that we all deal with. i had a different question. we were very fortunate in our state.

people come together to share information. recently, i was watching one of our talk shows on tv. sometimes are accurate. sometimes they may not be. what is the danger to the states? will we receive information if there should be an iso-threat -- isil threat? any comments on that? >> i just had an evaluation conducted of the effectiveness.

i got report back on friday. i think there is tremendous value. there are ways in which we can improve our information sharing. i'm committed to working with the states to accomplish. terms of the terror threat, the terrorist threat is evolving to a new phase in that we no longer deal with one core group. and committing a large-scale terrorist act.

and the terrorist threat is more complex. we are living in this world we have a foreign fighter phenomenon should people travel from their home countries and go to iraq and syria or even to yemen and eventually they return and they come home. the fbi does a good job of interdicting them before they leadve. also, this is where i think we need to work together even more. because of their effective use of the internet and social media and publications, these terrorist organizations are able to reach into communities and try to recruit and inspire independent actors to follow

their example and committed an act of violence. we're seeing this in europe. i worry about the independent actor could strike with little or no notice without advanced warning to our intelligence community and without advanced warning to your state police are your city police departments. it is more complex in that there could be an independent actor who could strike at any moment. the last couple of times -- the last couple of times that issued statements and reaction to an event career enhancing homeland security, the federal protective service for enhancing aviation

security in response to an attack, iowa's put in their and there is no credible intelligence of a similar tack eating plant here, given how the threat is evolving, that has become a less and less relevant statement because you and i won't necessarily know about when the next actor is going to strike and try to murder several cops on the beach in brooklyn or some other place. that is why i think we have got to collectively engage communities where somebody may be inclined to turn to violence to build trust. i always have the local police chief and u.s. attorney sometimes the mayor, sometimes the senators, exercise building

trust but also to instill a notion that it is collectively all of our homeland security serious it is not just my job or your job to report an interdict. has got to be a public effort given how this that is evolving. >> thank you for this very lively discussion. it is important that us governors are up to date. i thank them. we will move to consideration of our policy decisions. they will consider policies. emergency management. cyber security. armed forces.

our staff has discussed this with all of you. obviously the recognition of public safety and jurisdiction to elevate cyber security and veteran affairs. any questions? this has been discussed up everyone. i consider these policies emotion -- is there a motion? is their second? -- is there a second ayes? the ayes have it. it is a critical these of business for all the respective states. i declare this meeting adjourned. please take your virginia peanuts with you as well. [laughter] [captions copyright national cable satellite corp. 2015] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org]

♪ >> this week on "q&a," our guest is jan jarboe russell. her new book, "the train to crystal city: fdr's secret prisoner exchange and america's only family internment camp

during world war ii," examines the unique nature of this camp located in southern texas, which was home not only to japanese detainees but also germans and italians living in the u.s. during the war. operated from 1942-1948, the camp was the center of the secret program called client passage in which hundreds were exchanged against their will for american diplomats, businessmen, soldiers, and others held behind enemy lines in germany and japan. >> jan jarboe russell, author of "the train to crystal city," who is sunni? >> sumi is the japanese-american main character of my book who was born in los angeles, and her father was a photographer. the most successful japanese photographer in los angeles. he was arrested as an enemy alien because he was a photographer.

during world war ii, photography was like the internet. anybody who had access to it could take photos of military bases and things like that. the 32,000 enemy aliens' fathers who were arrested were not arrested based on anything they had done as human beings but on their occupation, which could have been harmful according to the government to our war effort. sumi was this remarkable, plucky tomboy who was going to central junior high school in los angeles when pearl harbor was bombed, and her life changed in an instant. >> is she still alive? >> she is still alive. she is in her 80's, and she lives in oakland, california. she kind of is the mother of all the japanese-americans in crystal city who are still alive.

she operates a newsletter called "a crystal city chapter" that keeps people up to date on deaths, children's issues. she was critical to me because once she agreed to talk to me, all of her friends talked to me, as well. i began going around the country trying to interview as many former children who were in the camp. >> where is crystal city, texas? >> crystal city, texas is located 120 miles southwest of san antonio, which is my home, about 35 miles from the u.s.-mexican border. the lights of the internment camp could be seen from mexico at night, because the land there is incredibly desolate. it was, in fact, chosen as the enemy alien internment camp that