later, jackie kucinich talks about the religious freedom debate and what it means for the republican party. " washington journal is live every morning on c-span. >> the national council on u.s.-arab relations hosted a discussion on the violence and instability in yemen and the future of the country. see this live at 10 a.m. eastern, here on c-span. >> this weekend, the c-span cities tour has partnered with cox communications to learn about also, oklahoma. >> he was very much more than that. he was born in 1912 in oklahoma.

we are very proud to have his work back in oklahoma where we think it belongs. he was an advocate for the disenfranchised, for the people who were migrant workers, from oklahoma, kansas, and texas. they found themselves in california literally starving. he saw this vast difference between those who were the haves and the have-nots and became their spokesman through his music. woody recorded very few songs of his own. we have a listening station with 46 songs in his own voice. that is what makes the recordings that he did make so significant and so important to us. woody: ♪ this land is your land and this land is my land from california to the new york island ♪ >> saturday on book tv and also

on sunday. >> next, house homeland security chair michael mccaul talks about cyber security attacks, recent attacks on u.s. companies, and the role of the government in securing cyberspace. this was part of an event hosted by the strategic international studies center. host: good morning. i will be hosting this event. we are very fortunate today to have a real expert, michael mccaul. in 2007, a couple of us had the idea that maybe we should do a report on cyber security. he has been concerned with this and an expert in the field for years and years.

this is longer than almost everyone else in washington. a true leader in the field. this is his sixth term. i don't know how he does it. running for election every two years, he was a former prosecutor, did counterterrorism , and is a fourth-generation texan. is that really true? chairman mccaul: yes. host: he is one of the true experts in the field and we are grateful he took the time to talk. the format will be chairman mccaul will make remarks, and then we will go to questions and answers, which hopefully everyone in the room will be energized about. with that, thank you. [applause] chairman mccaul: thanks, jim.

for whoever the next president of the united states is going to be i'm going to talk about the president's proposal on cyber and what is happening in the congress in response to that. i'm glad he is providing leadership on that. you said an old friend, i know that my hair is getting w hiter, but we do go way back. when i was working as the attorney general, i had the idea in 2001 of doing a summit on terrorism and cyber security and a guy named dick clark was going to be my keynote speaker. that was september 12, 2001, the day of the event. it was a little profession, but we ended up rescheduling that. a little background on this issue, the former director of

nsa, a very good friend of mine, over time, and we have come a long ways. it is to the point where this issue finally has the attention of the american people and the congress. i formed the cyber security caucus to get the attention of members and educate them on this issue because it is so important out there. i do want to thank jim and the denise for your latest report on cyber security. a good job as always done by csis. i don't normally do text, but in this case it is recommended that i do that. and then i will open it up to the questions and answers. i enjoy having live discussion and dialogue. as a nation, we are finally beginning to grasp the magnitude of the cyber challenges we face,

and particularly as they start to hit home with north americans. last month, our country sector ond largest health care provider, anthem, announced it was a victim of cyber intrusion. the attackers gained access to a database containing sensitive records of 80 million individuals, including names birth dates, and social security numbers. nearly one in four americans may have been optimized by that attack. this is a wake-up call that are cyber adversaries have the upper hand and the consequences will get worse if we fail to reverse the tide. today i want to discuss three issues with you. including the scope of the cyber threat our nation faces, the government's cyber defense role, particularly the department of homeland security and how we

have been enhancing it, and finally some of my legislative goals this year to defend american cyberspace against destructive attacks and costly intrusions. first, we must recognize that a silent war is being waged against us in cyberspace. and that we are losing ground to our adversaries. the cyber landscape has shifted quickly. at the dawn of the digital age our nation saw endless opportunities to generate prosperity by connecting our networks to the world. today, american prosperity depends on much as defending those networks as it does on expanding them. we cannot tolerate accept cyber vandalism, cyber theft, and cyber warfare especially when they put critical infrastructure and secrets at risk. and when they compromise american innovation. yet are cyber defenses have proven week in the face of agile enemies.

as i speak, government computer systems are being hacked proprietary data is being stolen from american companies, and the computers of private citizens are being compromised. most of it is being done with impunity. criminals, activists, and nationstates have managed to exploit networks by staying at the cutting edge of technology. meantime, our defenses -- these intruders change their tactics and escape justice by masking their identities. usually they are operating beyond the reach of u.s. authorities. china, north korea, iran, and russia are among the most advanced of our cyber adversaries, but even terrorist groups like isis are working to develop or acquire disruptive cyber attack capabilities. it is obvious these threats are escalating in sophistication and destructive potential. we are confronting almost daily

frightening new precedents including nationstates launching cyber attacks on our own soil. this happened at least twice in the past year. the director of national intelligence james crawford, recently revealed iran was behind a devastating 2014 cyber attack on las vegas sands corporation, the world's largest gambling company. nine months later, north korea more famously used a digital bomb to destroy computer systems at sony pictures -- an attack that was not only destructive but a cowardly attempt to intimidate americans and stifle freedom of speech. the impact of cyber intrusions are felt across america, from kitchen tables to corporate boardrooms. the recent breach at anthem illustrates how easy it is for ordinary americans to become attacks victims. this followed intrusions and

targets of nieman marcus come and j.p. morgan. all of which were designed to steal the personal information of private citizens. but our cyber adversaries are not just seeking to steal american identities, they want our security secrets and innovative ideas. we were reminded of this over the weekend when the state department was forced to shut down large portions of a computer system in an attempt to expel hackers who invaded our diplomatic networks. a are believed to be tied to a foreign country. digital espionage extends into the business world. we know that chinese hackers continued breach -- continue to obridge corporate networks to get their own companies a global advantage in the economy. in states like iran, they have targeted major u.s. banks to shut down websites and restrict americans ability to access their bank accounts.

make no mistake, such attacks are costing americans their time, money, and jobs. keith alexander, the former director of the national security agency, describe cyber espionage and loss of american intellectual property as "the greatest transfer of wealth in human history." but the threat extends beyond the industrial engine that drives our economy, to the critical infrastructure that supports our way of life. our adversaries are hard at work refining cyber capabilities that can shut down critical infrastructure, and they want to use these tools to threaten our leaders and intimidate our people in both times of peace and conflict. a major cyber attack on our gas pipelines or power grid, for instance, could cripple our economy and weaken our ability to defend the united states. these scenarios sometimes sound alarmist, but we must take them

seriously because they grow more realistic every day. we saw a preview of this in 2012 , when iranian-backed hackers hit saudi arabia's national oil company, destroying 30,000 hard drives. simultaneously hitting our financial sector in the same year. in fact, iran is attempting to penetrate and a full trade our financial sector every day. to combat these threats and live up to our obligations to provide for the common defense, our government must secure cyberspace. we cannot leave the american people and our companies to fend for themselves. the digital frontier is still very much like the wild west. at this moment, there are far more cyber outlaws then convicted cyber criminals, a clear sign we have a lot of catching up to do.

we are in uncharted territory. not since the dawn of the nuclear era have we witnessed such a leap in technology without a clear strategy for managing it. to establish order and defend americans interest in the digital domain, we must map out the rules of the road and clarify responsibilities inside and outside the government. we are not quite there yet. i would argue we are at a pre-9/11 moment when it comes to cyber security. in the same way that legal barriers and turf wars kept us from connecting the dots before the 9/11 attacks, cyber threat information sharing and the lack of it is leaving us vulnerable to enemies. between the government and private sector, we have the information needed to limit cyber threats and stop fresh attacks. but we are not sharing that information. critical information is not

disclosed efficiently enough to stop cyber intrusions before they start or to shut them down once they happen. the danger of poor information sharing is really not a hypothetical, it is real. this month, the head of the u.s. cyber command, admiral mike rogers, warned congress that our adversaries may be leaving cyber fingerprints on our critical infrastructure to signal their ability to attack our homeland. he believes that before he retires, we are likely to see a destructive cyber attack against critical infrastructure. if we are not swapping information about these threats, their impact is guaranteed to be more widespread and more severe. but the reality is that 85% of the critical infrastructure and the threat information is in the hands of the private sector.

because of this collaboration between the government and industry is vital to homeland security. admiral rodgers had it right when he said cyber security is the ultimate team sport. no single entity in the government or private sector can tackle these threats independently. each stakeholder must have skin in the game to prevail against attackers. this is where the unique mission of the department of homeland security comes into play. dhs serves as the primary civilian interface for sharing cyber threat information, and for good reason. dhs was created to stop terrorist attacks after 9/11 by connecting the dots and is well positioned to do the same to stop cyber attacks. the department's key tool in the national cyber security and communication's integration center is quickly becoming the tip of the spear for cyber

threat information sharing between the government and private industry. last year alone, dhs estimated it received nearly 100,000 cyber incident reports detected 64,000 major vulnerabilities issued nearly 12,000 alerts or warnings, and responded to 115 major cyber incidents. we cannot measure its effectiveness in numbers alone. it actually improved stand -- improved and increased information sharing, and it needs to be a trusted partner to the private sector. its job in doing this is made easier by virtue of the fact it is not a cyber regulator. they cannot prosecute you and it is not a spy agency. it is a civilian interface. accordingly, it has no authority to do anything more with the information it receives other than use it to prevent and

respond to cyber attacks and enhance our cyber posture. during the last congress, i led efforts to strengthen the cyber security foundations, including landmark legislation authorizing information sharing. we managed to get five cyber security bills passed into law for the first time in the history of congress. this is now a starting point for our efforts in this congress. importantly, we passed legislation supported by both industry and advocates for privacy and civil liberties. it was called a pro-security policy bill. very few bills in congress where we can say that. first we established a federal civilian interface to facilitate information sharing across 16 critical infrastructure sectors and with the private sector.

second, we lay down the rules of the road regarding how information is shared. third, we are sure to americans' rights and personal information will be protected. fourth, recognizing human capital will ultimately determine our ability to succeed. we position dhs to improve its cyber workforce and enhance the department's ability to prevent respond to, and recover from cyber incidents on federal networks. this brings me to my cyber agenda for this year. we have made a lot of progress in 2014, but we still need to remove obstacles to information sharing while protecting the privacy interests of americans. right now, the lack of liability protection for the private sector is a problem. companies are hesitant to share information about cyber threats and intrusions that take place in their networks.

they fear that doing so could put their customers' privacy at risk, expose sensitive as this information, or even violate federal law and the duty they have to their shareholders. as a result, the vast majority of cyber attacks go unreported leaving others vulnerable to the same intrusions. this is an urgent problem that needs to be solved now. the bottom line is clear -- if no one cares, everybody is at risk. that's if no one shares, everybody is at risk. information sharing should be encouraged, which is why we need to create legal safe harbors for companies to be about to exchange threat information without fear of being sued. moreover better information sharing improves industry to safeguard our personal data by allowing them to keep the prying eyes of hackers outside of our digital health records and bank accounts.

i'm pleased to announce we are aiming to resolve and strengthen our cyber security foundations further. this week, i'm releasing the draft of the new bill that would further enhance the role as the primary federal-civilian interface for the sharing of cyber threat information to enable timely, actionable, and operational efforts between the federal government and the private sector. this draft bill would give protections for the volunteer exchange of cyber threat information, including government to private and private to private sharing. if a major bank calls -- falls victim to a major cyber intrusion, it would not be held back of sharing details of the attack with either the government or other banks and businesses. as long as the sharing is done through appropriate channels and does not compromise the private information of customers and citizens.

moreover, the draft bill would give liability protections for companies to monitor their own information system and use defensive measures to prevent intrusions. in the current environment companies do not feel they have adequate legal protection to take these measures. we are not incentivizing to be a participant in the safe harbor and ncic. i am working with the house judiciary committee on crafting a liability exemption standard that addresses these issues and will be used in other cyber information sharing legislation in the house. with this legislation, i also plan to continue our laser-like focus on privacy protections so information sharing can be done without risking exposure of personal data. my draft bill would ensure when information about a breach

changes hands, whether it is provided to the government were exchanged between companies that it is thoroughly scrubbed for personal information so americans do not have their sensitive data exposed. it would also require them to destroy any personal information that is unrelated to cyber security risks or incidents. and i take that issue very seriously. for chile, dhs has some of the strongest privacy protection mechanisms in the federal government. it has the first privacy office. it is important reason why dhs is the leading civilian interface for these exchanges. privacy advocate's have already endorsed the role as an information sharing portal. the changes made by this draft bill will increase what we know about digital threats and

enhance american security. today we have a dangerous incomplete picture for the cyber west him's being used against us. more rapid and frequent information sharing about these threats will give us the ability to head off cyber adversaries before they can do more damage both to the public and to private networks. the president has proposed steps to enhance liability protection and i was pleased he did so because it moves the debate and the discussion forward on both sides of the aisle. i would submit that it does not go far enough on liability protection, which is why our bill creates a more robust liability protection piece. the committee on homeland security will mark up this hill in the next few weeks. meantime we will continue meeting with industry and private groups, as we always have, to ensure we are getting

this right and crafting the best solutions possible to combat the surgeon cyber threats we are all witnessing. our plan is to take this legislation to the floor of the house by next month. when we do so, we will be forward-leaning and reaching across. this will be landmark. this will create how we deal with cyber security for the next decade. and now is the moment to take action. these threats are not just looming on the horizon, they are not hypothetical. they are real. they are already inside of our networks and they're putting prosperity and security in peril. safeguarding the digital frontier is one of the leading national security challenges of our time, and our generation will not back down from that challenge. it is clear we have been losing ground against our adversaries in cyberspace. but better cyber threat

information sharing will help us curb the tide and defend our networks against instructive -- against destructive intrusions. think you very much for having me. i appreciate it. -- thank you very much for having me. [applause] host: i will say a couple of years ago that chairman mccaul told me he was going to pass multiple bills. at the time this was the start and i thought, that would be a good trick. but he delivered. when he said we have a new bill i would probably bet on this one. i do not bet the last time. with that, i have loads of questions. we will start with the audience. one in the back? >> good morning, i'm a retired navy captain. i'm glad to see you guys wearing green ties for st. patrick's day. my question is, how do we combat

insider attacks, which seems to be one of the biggest problems we are facing? there are all these outside guys come up with air insiders, and with the u.s. being a global company and business and so forth, there is a lot of openings for that kind of attack. chairman mccaul: it's very hard. we are being infiltrated not only in cyberspace itself, but also human capital. human capital intrusions. that is a matter more than human security measures, to ensure through clearances and things like that that we have properly vetted individuals to our participating in this process. but it is an issue that i think is open to -- i mean, we are vulnerable in that regard, just like any spy who can penetrate any federal agency in the physical realm, they can also do it in cyberspace.

in our bill that we passed last congress, we called for more clearances. we heard that complaint over and over, that we need to issue more clearances. i would argue that the information we are giving is kind of like when i worked with the joint terrorism task force. we had terrorist threat information, we do not give the sources and methods, just the threat information. the same is true here. we are not giving sources and methods, but the actual malicious codes themselves. if you've seen them, it is just ones and zeros. that is why the privacy piece is so important. it does not share the private information. the filtration by human spies is very real -- the infiltration by human spies is very real and you cannot be totally secure from that. host: we have multiple questions. let's get the ones in the front. >> i've been in the cyber realm

almost three decades now, and looking at homeland security and recruitment, you look at workplace retention and satisfaction scores. in terms of getting people to join homeland security and dod in the agency, what you recommend in terms of changes to recruitment policies and strategies? chairman mccaul: the bill that we passed enhances the workplace, being able to hire and retain more highly credentialed individuals. i would argue with an dhs, this is probably one of the most innovative, most vibrant offices within the department of homeland security. if any of you have been over to ncic over the last five years their capabilities have really stood up. the head of that and the

undersecretary both came from mcafee. they bring extraordinary experience. we have a partnership with any nsa -- within nsa where they can learn their expertise. with the legislation that we passed last congress on enhancing the workplace there we are going to get more and more talent. the problem is keeping them. i remember i went to work for the justice department because i wanted to check that box and move on to something else, and that is what i did, but you have to recognize it's a great place to gain great experience, but we also want the more experienced people. you cannot keep them forever. it's hard. even nsa has a hard time keeping good workers because the private sector is so attractive and it's

one of the most lucrative fields out there. cyber security. that will always be a challenge. i will tell you of the last five years they really have well credentialed individuals. anybody watching this podcast, i would encourage them to look at the department of homeland security. we have several portals and this is going to be the primary civilian interface with the private sector. the future of the ncic and dhs and legislatively, too, because it has been authorized, it's a bright future for the department of homeland security. host: that is actually the fourth question all my list. but we have three more in the audience that we will take. >> my question is, as your team

drafted this bill consideration that it will be legislated, what consideration has been given to include other countries who are probably considering legislation to support information sharing? and if you could talk about that in the context of u.s. multinationals that also have foot prince in those countries and is there any consideration for when countries ask for information sharing. chairman mccaul: that is a great question. i'm really glad that you brought this up. i think the rest of the world is watching the united states right now to see what we do. the other countries are not as far along with legislation as the united states, and as i

mentioned, what we do this year will change cyber for the next decade. it also has an impact locally because the other nations are watching to see how we are crafting this. it will be a model i think for the rest of the world. and they will take what we do and try to apply it in their own countries, and there is an opportunity for an exchange of information. our view is within the civilian interface, there are several streams of information. you have the intelligence community, the department of homeland security, and the fbi all funneled through the civilian interface. i think that is a model that will play well, and i think the rest of the world will appreciate that model particularly post-snowden. i find that the high tech company's preferred the civilian interface because they do not want when they do international business they don't want the

idea that the nsa is in their networks. it is important for them to have a civilian interface. now come if somebody wants to voluntarily work with nsa to get information, you will see legislation providing for that. so we will have that portal and the dhs portal, depending on which portal that you prefer. but again, talking to the tech companies that i deal with, they look forward to the civilian with the privacy protections when they do international business. but that's a great point to make, this will impact the rest of the world. not to get into all the other -- i am on the foreign affairs committee, too, but after sony that raised so many issues about proportional response, what is an active cyber or fair to grapple with -- what is an active cyber warfare, that is something that is being grappled with. we are working on legislation to greater define when you have a

nationstate attack, like in the case of sony, which is north korea, when you have a nationstate, what is the proportional response. >> chairman mccaul, thank you for your comments. in dhs today, undersecretary general taylor is probably one of the most knowledgeable and understanding individuals relative to information sharing, and with his time at dhs, with his time at the state department the overseas security advisory council and the private today, undersecretary general taylor sector, how does he accomplish this when he has a staff of 300 people? he cannot process the information that he needs. the fbi has 10,000 analysts, he has 300. it seems he is a much larger task in front of him but does

not have the resources necessary to accomplish it. what can you do to help them make that happen? chairman mccaul: frank taylor is doing a fantastic job. the challenge for intelligence and analysis is not to compete with the intelligence community and duplicate efforts, but rather provide a unique product that dhs can provide primarily through intelligence that we get through overseas tsa screening at airports and customs and border patrol and secret service. that intelligence can create a unique intelligence product. you start trying to compete with the cia, you will get destroyed. in times past, that was the failure of dhs. frank taylor is taking this to an innovative, new place. to answer your question, i think the white house has proposed sort of an intelligence sort of

a melting pot, if you will, of information, similar to the and ctc, the national cap terrorism center, but it would be for cyber threat information. that could greatly enhanced dhs' capabilities in general taylor's office by providing this other into the back can synthesize this information and feed it to dhs to be shared. one important point that was not in my remarks as the real-time sharing is absolutely vital. if we cannot do it in real time it's worthless. you have to stay ahead of the threat curve, and if you cannot you will lose in this game because the threat is always evolving. real-time sharing, we are looking at machine to machine. we're trying to take out human error. this is really sharing machine to machine in real-time. host: we will sweep across the room. let's start over here. >> i'm from the council of

scientific study presidents. we have a long-term view of how we look at the world and far into the future. you are writing a bill that you say will essentially be the holder of the places we are going for the next decade. i think one of the most important things that we have to focus on are the personnel who will be doing this kind of job over the next decade. they will not be the people who are trained as computer software engineers. they will be people who can think ahead many generations of thinking and jump to the areas where problems are not currently seen. connect the dots that are not quite there yet. there may be 10, 15 centers in the united states that have that capability, but they do not have any support to do it. is that possible to put into your legislative thinking? chairman mccaul: yeah, i mean,

again, we had a bill to enhance the talent in the work place last congress. that is an interesting point. right now the discussion will go around. i agree with you that you need creative talent, innovative talent that can think outside of the box on this one. because the threat is ever-evolving, and it's not just a software guy, although that you need that. you also need the critical analytical thinker to put in there who can look outside the box for solutions. if there is ever an area where that is really needed, it's this one. so i take your point very well. host: while we are waiting somebody asked me about proportional response. they said how about we close down a north korean movie company. i replied that people would probably be grateful.

[laughter] host: is proportional difficult. >> for many of our dod customers that we serve, one of their biggest challenges is situational awareness and one that is understandable all the way from the basic 18-year-old soldier straight out of tech school through advanced defenders. you mentioned some portals they haven't dhs and other efforts. what efforts are you making said that i is a private industry can go somewhere and understand the vector threat and how to react even if i have not made a significant investment in i.t. of for structure to handle that? chairman mccaul: the good news is that you just hire the former head of the nct to help you. michael wider is one of the most talented security experts in the country.

i was encouraged companies to sit down with the doctor and look at it. your abilities are more unique. it is very open, open information sharing portal that is there for no other reason than to share information. it is not there to do offensive work, it is not there to prosecute, it is not there to spy. it is there to provide threat information to the private sector. i would just say to anybody an invitation to tour the ncic. it's impressive. i took a freshman member of my committee, i gave them a tour

last week, and they came back very impressed with the operation. >> mr. chairman, i'm recently retired from booz allen, where i lead the business with the intelligence committee, so why will out myself a little bit by saying snowden was in my group. prior to that time i was a lifelong intelligence officer. do you have a position on the programs that he exposed? not the ones against foreign intelligence of the things that are referred to as domestic spying? i would not call it that, but --you know, what is your position? if you think they should be modified, how would you modify them? chairman mccaul: he did extensive damage. my hometown of austin, texas, he appeared by skype and got a

standing ovation. i consider him to be treasonous. >> i think we are aligned on that. chairman mccaul: the damage he is done to the national security of the united states and the amount of money. i read the classified report from dia, and maybe you have as well, and it is very extensive very damaging. it goes across a lot of different areas. in reading the document, it was clear to me he did not think this up on his own. because of the areas he targeted to steal and then release, it appears to me he was directed by a foreign country. a lot of the stuff, it deals with china and russia primarily as you know. in fact, he is in russia. he'd affected to china, he is

now in russia, which says a lot. the irony is he is exposing, mr. civil liberties, exposing our government is so, where russia is a police state and there is no privacy. so it does not make any sense to me. he has done great damage to our national security and done great damage to this advancing of these policies in this town and advancing this legislation. as a candidate, the one thing i'm more about as we present my bill and house intel presents its bill, which will deal with nsa, and i talked with the chairman, the political environment in the post-snowden world, how is that going to hamper our ability to move this legislation forward. what impact is snowden going to have on this. i would argue my bill, i think i

have an easier load. all am doing is adding liability protection and more privacy. i think i have an easier challenge in front of me. i would argue house intelligence, it's going to be more difficult because they have never codified the information sharing with nsa. now, i support that. i think we stand any portal that companies want to go to on a voluntary basis, we should support that. we don't want turks and cylons we want a complete information sharing. but i would say he has done great damage economically and to our national security, and he has done great damage to advancing the policies we are discussing here and potentially to the legislation. host: and a couple months, we're probably going to do a series that tries to put the snowden revelations in the context of

crimea and syria and isis, because it's a very different world then when that stuff first came out. >> hi, good morning. on that line of questioning what about companies that have said in the past about information sharing bills they don't want to entertain the idea until they see nsa reform? is that another factor this time around, getting a bill signed by the president? chairman mccaul: yeah, i mean, you will have this law take place before pfizer reform -- before fisa reform. if there is any overall strategy, which is kind of hard to find in congress these days i think the idea to tackle this piece before fisa reform comes

down. is that the cart before the horse? the ideas we do cyber security first and then tackle that, but your point is well taken. >> good morning. i'm from the rand corporation. many of us regarded the sony attack is something quite new in the sense it was an attack by a nationstate directly on our constitutionally protected liberties. i'm wondering if you have any thoughts about proportionality of response in light of this attack and when it happens again? chairman mccaul: i completely agree. i think sony -- look, we had attacks in the past, but sony really captured the american people's attention and curiosity because it involved hollywood. let's be honest. and it involved free speech. you are right it was a direct

attack on our constitution, free speech. and in addition to being a nationstate threat and it was very highly destructive with the data. you going your office, turn the computer on, there is a skull and cross bones, and all the hard drives were completely completely destroyed information stolen, a lot of private information stolen that was leaked. that was very sophisticated highly destructive attack on our constitutional way of life. what is a proportional response? i don't know, jim talked about their motion picture industry. it is a hard question to answer, but i think it response is necessary, whatever that is. maybe you have all the tools in the toolkit that you look at but you have to have some response. i would say hitting them economically would be a good response. you talk about stocks net, and i -- you talk about stuxnet

cannot go into detail about that, but i think a cyber attack merits a cyber response. it's a deterrence. if they do that with impunity, without any response, it's just like my kids, you have to have discipline and a deterrence to stop them from continuing doing this. i think at one point at some point we have to talk about it like we did with the csi document about other nations would comes to cyber attacks. are we going to have a nato-like alliance. if a nation gets hit with a nationstate cyber attack, is that an attack on all the alliance members in the cyber world? that is really forward thinking, but we have to look at this and as a global event and an international issue, and i think

it calls for an international response. china and russia and iran, north korea, they do this, there will be consequences. without consequences, they will continue. >> hi, i'm from politico. with the bill that you are working on and the hips he bill how will those be blended on the floor, and are you saying that your bill, no information going to dhs will be shared with other agencies? chairman mccaul: no, the information that dhs will have to share through the civilian portal will come through the intelligence community, fbi and dhs. the information shared by the private sector, and this is a piece we have not discussed, and it is an important one the information that we gain from the private sector will be shared with the federal

government to protect and defend this country. i have been very encouraged by the sense of patriotism of companies that come into my office and say, mr. chairman, this is such an important issue it is not just my company anymore, it is about the united states of america, defending the nation, and i want to help and be part of this information sharing process. that information is a two-way street. 85% of the information we don't have come it's not shared private the private, it's not shared with the federal government. that can be used to better protect our defenses and our nation from attacks. as you know, every federal agency is being hit, and country is under attack. >> what about the other part? chairman mccaul: i cannot really speak to hipsi. i do not want to get out of my

jurisdictional lane, other than i know that it has been marked up in the senate. i anticipate the house will markup a similar type bill that will have other portals and there. we think dhs is the primary portal, the lead portal because of the civilian interface the fact you cannot be prosecuted, it is not a spy agency. we think this is the place for the safe harbor. however, if a member company wants to go to nsa as a portal we will allow for that as well. so i think house intel will deal with some of these other portals, and is a being one, the other being treasury. i know the financial sector members like to go to treasury. there is no reason why we would want to stop that. we want to preserve current relationships of information sharing that exists, and not

shut those down and say there is only one portal you can use. i think it is important that there are multiple, several portals, and we want to enhance that information sharing through those portals, through the liability protection peace. that is the cornerstone of this legislation that will enhance the information sharing in greater and fuller participation. host: maybe i will do a final question and if we have a little time, which is you are the chairman of the committee. you are one of the recognized leaders in cyber security. your been doing it almost longer than anyone else in washington. i say this in a positive way. what do you see the dhs agenda being the next couple years? what would you like the department to do, which is they focus on? not just ciber, but across the board, which a dhs's priorities and agenda be?

chairman mccaul: dhs, a lot of it is about travel and preventing travel. the talk about kinetic threats foreign fighters going through turkey into syria and iraq keeping them out of the united states is a number one priority. jeh johnson, who i've respect for, we call it the dual threat. you have the foreign fighter and the homegrown extremists. or you have a paris-style attack on the summit he was gone there to train and comes back, or the westgate shopping mall, the ak-47's in shopping mall, doing a lot of damage. we are very concerned about keeping that threat outside of the united states. in addition to the group in syria, premier bomb makers within al qaeda, very sophisticated. they already have nonmetallic ied's and they're trying to get these things on airplanes.

that is a great challenge for dhs at a priority in terms of protecting the american people. the border obviously is a big issue as well. but then the area that has no borders, and a think the future that is not arty here, is the cyber piece. that is one of the more exciting innovative things coming out of the department that i think will have lasting consequences for the department of homeland security as it is moving forward. ncic i think will evolve into being not only the primary but the go to place in the future for the private sector. so that is how i see the kinetic threats on one hand from isis and al qaeda, and i see the cyber threats. particularly as rogue nations and terrorist organizations gain cyber capability, we have to stay ahead of that. it's going beyond theft and

espionage to more terror and destruction. you can buy a lot of this stuff already on the internet. so i think this is the area -- they say, will keep you up at night, there are a lot of things. cyber, the probability is getting higher, but the consequences are very severe too. so the probability of getting attacked is high, but the damage is that itself, but relatively low casualties, but it is human casualties. the cyber piece is higher probability, but the consequences could be extremely severe and damaging. with time it will get worse. host: great. chairman mccaul: it is great news, isn't it? host: we always feel good. but i'm really grateful that you came and talked to us, took time out of your schedule. you