investigations incident that is ongoing. as soon as we can narrow the data that is involved if that incident we will make appropriate notifications for that one as well. rep. chaffetz: i recognize the gentlewoman from new york. >> i want to thank the chairman and ranking member for calling this hearing and all of our panelists for your public service. as one who represents the city that was attacked by 911, we lost thousands on that day and thousands more are still dying from health-related causes from that fateful day, but i consider this attack, i call it an attack on our country, a far more serious one to the national security of our country. and i would like to ask mr. ozment from homeland security, would you character size this

as a large scale cyber spying effort? that's what it sounds like to me. what is it? dr. ozment: i think to speak to who were the this is a spying effort, we would have to talk to any understanding of who the adversaries were and what their intent was. >> you do believe it was a coordinated effort? they appear to be attacking health records, employment records, friendship, family, whole background. this seems to be a large fear of information not only from the government but private contractors, individuals and sometimes it appears targeted towards americans who may be serving overseas in sensitive positions. would you consider this a coordinated effort? can you answer that or is it

classified? dr. ozment: i would refer that to classified. >> i will be at the 1:00 briefing. thank you. i would like to refer to this article. i would like to place it in the the record. i think it is an important one. it came from abc news. it reports that they seem to be looking at and gathering information on an sf-18 form, a standard form 18 which is required for any employee seeking classified security clearances. so that would be people in important positions in our government. and won't ask a question on that. i'll just wait until later. it is classified, but i am extremely disturbed. this article also points out it is not only individuals that they are going after.

they are going after contractors and those that serve the government and it mentions in other reports lockheed martin where they went after their secure i.d. program. is that true, mr. ozment? dr. ozment: i can't speak to whether any adversaries have gone after private sector -- >> others say they were hit by cyber attacks and other government contractors. now one that probably hit congress is one in 2013 where the f.b.i. warned that a group called anonymous hacked into the u.s. army department of energy, department of health and human services and many agencies by exploiting a weakness in the a-- the adobe system. i have that in my office.

they could have hacked into my office and probably every other congressional office. then they talk about going into healthcare. they go into the blue cross, blue shield system of all the federal employees. it seems like they want a comprehensive package on certain million s of americans, many whom are serving our country, i would say at negotiating tables, commerce state department, probably defense and every other aspect of american life in the world economy. but mr. scott, you have been before this committee before, and you announced you were going to review the agency's cyber security programs to identify risks and implement gaps. i wonder if you could report on what you learned from this review and any specific changes in cyber security policies, procedures or guidance, if you

can report on that or that may be classified too. anything you can share with us on what you have been doing to act to build some firewalls. mr. scott: sure. thank you for the question. we're conducting regular cyber stat reviews with each of the agencies. it is along the key lines with many of the topics we have talked about here. to factor patching, minimizing the number of system administrators, all are called hygiene factors that we think lead to good cyber security. >> my time is expired but anything you want to give to the committee in writing we would appreciate it. rep. chaffetz: i recognize the gentleman from north carolina. >> thank you mr. chairman . ms. archuleta, you have been in

your current position since 2013? is that correct? ms. archuleta: i was sworn in in november of 2013. >> so in 2013, you, according to your testimony, made cyber the highest priority. i think that is how you opened up your testimony that the security of federal employees was your highest priority. is that correct? ms. archuleta: yes, sir. >> so help me reconcile then, if it is your highest priority, how when the most recent report that came out that took security from being a material weakness is how it was characterized before you got there, to significant deficiency, how would you reconcile highest priority and

significant deficiency as being one and the same? ms. archuleta: thank you for your question. as i mentioned earlier one of the first things that we did or i did for o.p.m. was to develop within 100 days an i.t. strategic plan. the issues that the i.g. just mentioned in terms of i.t. governance and leadership as well as i.t. architecture agility, data and cyber security, were all strong come opponents of this i.t. plan and the i.g. regular parts of the plan and the i.g. recognized that. >> i only have five minutes and i can't let you just ramble on with all of these things. let me ask you how if he recognized that, would he still characterize it as significant deficient sis? ms. archuleta: as we were

instituting the improvements we were making, he was at the same time conducting his audit. his audit was conducted in the summer of 2014 when we were beginning to implement our strategic plan. the i.g. has continued to work with us and we have taken his recommendations very seriously. >> you have taken them seriously. have you implemented all of them? yes or no? just yes or no. ms. archuleta: we have many of them. >> have you implemented all of those? ms. archuleta: as i said sir, i have implemented many of them and continue to work -- >> so you will implement all of them. ms. archuleta: we're looking at each of those recommendations. >> not looking. can you assure the federal workers that you are going to implement all of what the i.g. recommended to you? ms. archuleta: we are working very closely with i.g. >> i will take that as a no. let me go on further. i'm very concerned.

we have not notified most of the federal employees that have -- we have known about it. they continue to not be notified. and yet here you are saying that you have different priorities. when chairman chaffetz asked you about why did you not shut it down, you said well o.p.m. has a number of other responsibilities. is that correct? that was your answer to chairman chaffetz . ms. archuleta: we house a variety of data. not just data on employee personnel files. we also house healthcare data and employee other records. >> you're saying it was better that you supply that and put federal workers at risk versus making it according to your words the highest priority to make sure that the information was not compromised? if it is your highest priority, why didn't you shut it down like mr. chaffetz asked and like what was recommend? why didn't you shut it down?

ms. archuleta: in our opinion we were not able to shut it down in view of all of the responsibilities we hold at o.p.m.. >> so in your opinion protecting federal workers then could not have been your highest priority because they were competing i guess priority, you said it was better that you continued on with the others versus protecting the federal workforce. ms. archuleta: the recommendations that the i.g. gave to us are ones that we take very seriously. i don't want to characterize that we didn't. that in fact we did take -- >> there is a quote -- ok. there is a quote that says what we occasionally have to look at you know, no matter how beautiful the strategy, we have to occasionally look at the results and the results here are pretty profound that we have got security risks all over and i would encourage you to take it a little bit more serious and indeed make it your

highest priority. i yield back. thank you, mr. chairman. rep. chaffetz: i recognize the gentleman from massachusetts for five minutes. >> i want to thank the panel for your help. i want to associate myself with the marks and the ranking member which doesn't always happen. >> duly noted. >> i would like to ask -- excuse me, the national treasurery employees union and also a letter from the president of the american federation of government employees, aflcio. i want to also -- i want to read the first three paragraphses. this is a a letter from the president of the aflcio to the honorable archuleta. it says i'm writing in

reference to the data breach by the office of personnel management. this was dated last week in in the days since the breach was announced, very little substance or information has been shared with us despite the fact that we represent more than 670,000 federal employees and agencies throughout executive branch. o.p.m. has attempted to justify the withholding on the breach with the claim that it restricts your ability to inform us of what happened. what vulnerabilities were exploit, who was responsible for the breach and how they might be compensated. we believe that the data file was the targeted database and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree. we believe the hackers have affected every person's social

security number, military record, address, birthday, job, paid history, life insurance email, pension information, age, gender, race, union status and more. we believe the social security numbers were not encrypted. this is absolutely indedefensible and outragets. were the social security numbers, were they encrypted? ms. archuleta: o.p.m. is in the process -- >> is that an i don't know? ms. archuleta: i don't believe that -- >> could we just stick to a yes or no? this is one of those hearings where i think i'm going to know less coming out of this hearing than i knew walking in because of the dancing around that we're all doing here.

as a matter of fact, i wish that you were as strenuous and hard working at keeping information out of the hands of hackers as you are keeping information out of the hands of congress and federal employees. it is ironic. you're doing a great job stone walling us but hackers not so much. so were the social security numbers, were they encrypted? yes or no? ms. archuleta: no, they were not. >> there you go. there you go. now we're getting somewhere. that is pretty basic though. that is pretty basic. encrypting social security numbers. all of this happy talk about these complex systems we're going to come up with, you're not even encrypting people's social security numbers. that is a shame. let me ask you about this standard form 86. for those of you obviously you know standard form 86 is what we require employees to fill out if they are going to

receive security clearance. these are people who have sensitive information. we drill down on these folks. this is a copy of the application. it is online if you want to look it a. it is 127 pages online. we ask them everything. what kind of underwear they wear. what kind of toothpaste. it is a deep dive. we want to know when people get security clearance that they are trust worthy. there is information have you ever been arrested? you have financial information in here. there is a lot of information on this form. they hacked this. they hacked this. they got this information. on standard form 86. so they know all of these employee who is -- and everything about them that we asked them in the standard form 86. is that right, ms. seymour? ms. seymour: i believe that is a discussion that would best be held until this afternoon, sir.

>> i think you have got to be honest with your employees. i think that we need -- in order to protect them, we need to let them know what's going on because they have the email addresses in here as well. several, you know, your first, your second, your third email address and all of that information is out there. so we need to be a little bit more -- not a little bit more, we need to be more forth coming with our own employees. these are people who work for us. a lot of them deserve a lot more protection than they are getting from the united states government and the office of o.p.m. i see that my time is expired. i yield back. rep. chaffetz: i recognize the gentleman from south carolina for five minutes. >> thank you mr. chairman. many of us are uncomfortable asking questions in this type of setting. we don't want to ask questions the answers to which should be

kept confidential. i encourage you in advance if i ask you something we should talk in another setting, that that be the answer. let me start with this. the follow up question that mr. meadows asked of ms. archuleta. he asked if you were going to implement all of the i.g.'s recommendations. whether or not that was a yes or no answer, i agree that it was probably closer to no. can you name for me some of the i.g. recommendations that you are pushing back against or that you're not interested in implementing? ms. archuleta: i don't have the specific recommendations in front of me. i would be very glad to come back and talk about that. what i would like to say sir, as we look at the recommendations by the i.g. we work with him and so that he can fully understand that, where we have moved in our security efforts and also to

understand his observations and that is normal audit process and we continue to go through that on a regular basis. >> that makes perfect sense. what bugs me mrs. archuleta is back in the end of 2014, they recommended, in fact, it was their third recommendation that all active systems at o.p.m. have current authorization and your response was we agree that it is important to maintain all systems but we don't believe this rises to the level of material weakness. you believe that your opinion on that has changed since november of 2014? ms. archuleta: i appreciate all of the information. and the recommendations that the i.g. has given us and we will continue to -- >> you believe knowing what you know now that did not rise to the level of material

weakness? ms. archuleta: we are working with a legacy system. it has the recommendations he has made to us, we are working those with the best of our ability. >> that's what frightens me, ms. archuleta, that this is the best of your ability. let me see if i can get some information here as i go back and try to explain to folks back home. i heard it is just people in the executive branch. are we still saying that the only people whose data was exposed were tpwholings worked within the executive branch of government? ms. archuleta: sir, this was an ongoing investigation and as we uncover new information, we are happy to share it with you. we have -- we are not necessarily restricted to the executive branch because there are people who worked in the executive branch today who worked in -- >> i got the notice and it says

if you worked in the executive branch or ever have worked in the executive branch then there is a chance they got your data. if you never have, then you don't have to worry. are you still comfortable with that statement? ms. seymour: no, sir, this is an ongoing investigation and we are learning new facts every day. >> the original number we heard was 4 million. is it still 4 million? i heard 14 million. what is the current number of previous employees who have been affected? ms. seymour: approximately 4 million is the number we are making notifications of today. we continue to investigate so that we can understand that data and begin to make notifications there as well. >> have i a question. i don't think it has been asked yet. i think it is for mr. ozment or whoever else understands the i.t. systems. we used to differentiate between someone who hacked into our system is and someone who stole something from us. there is two levelses of love jment there.

-- involvement there. have you been able to make that distinction where things were exposed and where possibly they actually downloaded data? dr. ozment: that is an important distinction and one that we spent a lot of our investigative time examining. for the personnel records approximately 4.2 million records, the incident response team led by d.h.s. has concluded with the high probability that that data was exfiltrated, meaning that it was removed from the network by the adversary who took it and we continue to investigate the information. >> i appreciate that. i don't mean to cut you off. let me ask one more question. i heard about the data. i heard mr. lynch ask about the social security numbers. health data. why -- do we collect health

data on our employees? if i come to work for you, for the government, do i give you my health records? ms. archuleta: not your health records but the information regarding your healthcarier is the information we receive. not your health. >> it is not specific medication or specific conditions. it is just who my health insurance company is? ms. archuleta: exactly. rep. chaffetz: i recognize the gentleman from virginia. >> thank you, mr. chairman. in bloodless and bureaucratic language, we're talking about the compromise of information for federal americans. the most catastrophic compromise of personal information in history of this country. social security records. ms. archuleta, you mentioned not health information but healthcare. that is a road map to other information that hackers can get.

security clearances. security clearances are deeply personal and often involve do they not, ms. seymour unconfirmed negative information. even rumors. i think so so and so has a drinking problem. that gets in that report even if the it is not confirmed. is that not correct? ms. seymour: sir, i'm not a federal investigator and i'm not familiar with all of the data. >> let me confirm for you. it is correct. it is -- how do we protect our employees? dr. ozment, when i heard your testimony, it almost sounded like you were saying that the good news here was we detected the hack. but the object here is not effective detection although that is part of the process.

it is to protect our citizens including federal employees. you talked about einstein and you championed his merits. was einstein in place at o.p.m. when this hack occurred? dr. ozment: sir, i share your deep concern about the loss of this information and agree that that is a terrible outcome. >> a terrible outcome? dr. ozment: absolutely. as a federal employee whose information itself is a part of this database. >> it might even be personally devastating, dr. ozment. not just a terrible outcome. dr. ozment: that is correct, sir. what i would tell you on this is that einstein was critical in this incident as o.p.m. implemented their new security measures and detected the breach -- >> was einstein in place at the time of this breach? dr. ozment: one and two. three was not yet available.

>> i have only got two minutes. i want to understand your answer. you didn't successfully detect that a breach had occurred? dr. ozment: it did not detect the breach that o.p.m. caught on their own networks. we are focused on -- you first have to have the threat information. once we had the threat information, we used einstein one and two to detect a separate breach that we were able to work. >> i'm sure every federal employee who has had their information compromised is coming forted by your answer. ms. archuleta what is the time gap between discovering the breach and the actual breach itself? ms. archuleta: we discovered the breach in april of -- >> this year. and when did this breach occur?

ms. archuleta: we expected it happened earlier in 2014. >> sometime late last year? ms. archuleta: yes, sir. >> ok. so they -- whoever were the hackers, presumably an agency of the chinese government, according to published reports confirmed by u.s. officials, it is not a classified piece of information, but the details of it may be. our government i believe has confirmed without at bution in public records that it was a systematic effort by the peems lib -- people's liberation army which is notorious for hacking. they had four months in which to do something with this data. is that correct? maybe five? ms. archuleta: i can't make a comment on the -- on at

butions. >> i didn't ask you to. i just asked whether they had four or five months to do something with this data. ms. archuleta: the period of discovery from the time we believe the breach occurred and our discovery, yes. >> i'm going to real quickly if the chairman allows mr. scott one last question. the director said if agencies implemented three steps we could -- 85% of breaches. new inventions and technology, ms. seymour talks about new legacy systems. i had always hoped that the chinese didn't know how to log into it. minimize privileges and continue to add software and this did not go on. what is your take on those

three recommendations? >> i think those recommendations are great and there is a number of other things as well some of which i talked about today. i think the one point i would make is there is no one measure that you could say that's going to preevent all attack or even prevent an attack. it is really defense and depth is your best measure and that's what we're really looking at emphasizing. >> thank you mr. chairman. i recognize the gentleman from north carolina mr. walker for five minutes. >> i agree with my colleague from virginia in his description, this is a catastrophic compromise. ms. archuleta it appears that o.p.m. did not follow the very basic cyber security best practices specifically network segmentation and encrippings of sensitive data. should the data have been encrypted?

can you address that? ms. archuleta: that the data was not encrypted and as dr. ozment has indicated encryption may not have been a valuable tool in this particular breach. as i said earlier, we are working closely to determine what sorts of additional tools we can put into our system. >> you said may not have been. but it doesn't answer the question, should it have been encrypted and could it have been another line of defense? ms. archuleta: i would turn to my colleagues from d.h.s. to determine the use of encryption but i would say it was not encrypted at the time of the breach. >> an adversary that is credentials to the users on the network, they can access data even if it is encrypted. that did occur in this case. encryption in this case would not have protected this data. >> let me ask this.

what consequences should c.i.o.'s face for failing to meet such a baseline of cyber security standard on their networks? may >> i believe the cio is responsible for the implementation of a solid plan and we have been doing that. we are working with a legacy system that is decades old. we are using our financial and human resources to improve that system. we are -- cyber security is a government wide effort. we must work together to improve the systems we have. >> i am not sure the american people are content with how we are working together. i want to speak to einstein. i have had -- heard several components. even if it is part of defending

the system the private sector is moving on. is that a fair question? dr. ozmet: is a necessary but not sufficient tool. we need a defense in depth strategy. we are supplementing it with litigations. we are looking at taking what is a signature focus system and adding capabilities to detect previously unknown intrusion. as you do that, he received more false positives. you receive more notifications that an intrusion occurred even if it did not. mr. walker: it seems to be that you are more excited or confident in the einstein three a version? is that going to be more solid?

dr. ozment: it will help us to tech and block adversaries. mr. walker: i heard you say something about how that system needs to be supplemented with others. dr. ozment: that is correct. no single system will solve the problem. mr. walker: it says it prevents malicious traffic. should we be understanding that before the hearing? why are we just now getting the information? dr. ozment: i cannot speak to the webpage but i believe we

need a defense in depth strategy. mr. walker: who is responsible for the information? dr. ozment: i will look into that and get back to you. mr. cartwright: thank you and i think the chairman and ranking member. i know there have been bigger data breaches than this. i share the sentiment of mr. connolly from virginia. this is extremely troubling. we are talking about 4 million plus federal workers people dedicating their lives to our country. another information has been compromised through no fault of their own. if i understand your testimony the personal information of

about 4 million current and former employees was potentially compromised. do you believe the number is going to be bigger than 4 million? >> thank you for your question. i described two incidents. mr. cartwright: it is a yes, no or i don't know. >> the first incident is 4.2 million. an ongoing -- mr. cartwright: you know what it means when i say yes or no? do you think it could be more? >> yes, sir. mr. cartwright: your professors discovered it in april. they believe the hack may have

begun in december, am i correct? >> yes, it began in 2014. mr. cartwright: the contract revealed they were targeted in an earlier cyber attack. contractor that does the majority of the background check investigations. and my correct? >> they do a number. mr. cartwright: the attack was successful. personal information was compromised, correct? >> yes, sir. mr. cartwright: the article says, hackers who recently launched a massive cyber attack on the u.s. government, exposing sensitive information, may have

used information stolen from a private government contractor to break into federal systems. the article goes on. the particle -- hackers entered the office of personnel management system after first gaining access to key point government solutions. it continues. authorities believe hackers were able to extract electronic credentials or other information from within key point systems and somehow use them to unlock opm systems. they rummaged through separate segments potentially compromising personal information of not only be 4 million current and former employees. ms. seymour:, i know we are having the classified briefing

later. but can you comment on the reports? did they get what they wanted? so they could then go after opm itself? ms. seymour: i believe that is a discussion we should have it in a class right setting. mr. cartwright: we know their other contractor was briefed and their information was also compromised. can you tell us if those hackers got information that they were then able to use in the attack against opm? ms. seymour: again, that is a discussion we should have later. mr. cartwright: i understand. i want to close by asking a final question. federal agencies and private companies are only as strong as their weakest link. we start reaches of two contractors. now we have reports that they are getting into opm information

because of what they learned in those attacks. agencies have leverage over there contractors. i want to ask each of you, how can agencies use that leverage to improve cyber security practices of contractors so they do a better job of safeguarding the information they are entrusted with? go ahead, right down the line. starting with you. ms. archuleta: what we can do with the contractors that we engage is make sure they have the security systems that match the federal government. they are using the same systems. in addition, i want to make sure i understand your question three and the contractors we employ as individuals or companies? mr. cartwright: as companies.

ms. archuleta: with the companies, we are working to make sure they are adhering to the same standards that we have in federal government as outlined in our rules. dr. ozment: one example, they have been building additional cyber security requirements. i would also point you to the fed a ramp effort to establish a baseline of requirements for cloud contractors to the government. >> i think as my colleague and i testified, we also are strengthening the federal contract procurement language and creating language any agency can use as part of their -- >> i think it is about beefing

up security clauses's they cover the extent of what we need and then doing the monitoring and follow-up to ensure the contractors are adhering. ms. seymour: i would agree but i would also add site inspections are important. as well as continuous monitoring. looking at a system every third year is not ample. that is not a best practice and we need to move towards more security controls. the other option we do use is ig. >> i agree with what the other witnesses stated. like she said, we go out and do audits of contractors, health insurance companies. we can be used and see ourselves

in that role. mr. cartwright: i want to note they were invited. >> we have classified we have to go to. thank you. >> i now recognize mr. russell for five minutes. mr. russell: i am baffled by all of this. upon receipt, upon your appointment of the directorship of opm director archuleta stated she was committed to building an inclusive workforce. who would have thought that included enemies? in the testimony, we heard statements we did not encrypt because we thought we might be able to decrypt or decipher. that is by fling -- baffling.

there was another statement i heard earlier that said, had we not established the systems, we would have never known about the breach. that is tantamount to saying, if we had not watered flowerbeds, we would have never seen muddy footprints. that is absolute negligence that puts the lives of americans and also foreign nationals at risk. of particular concern are the forms of which i am for money with. we had sean gallagher who summed it up test. he said this was the result of another shot, a lack of internal expertise, and a decade of neglect. director archuleta, why did you not shut down 11 of the 21

systems that had no security assessment and authorization? ms. archuleta: as i mentioned before there are numerous priorities that go into safety and security including making sure our retirees receive benefits. our employees get paid. there are numerous considerations. mr. russell: israel have those diaries encrypting social security numbers did your strategic plan included leaving half of the systems without protection when you formulated it? ms. archuleta: no, sir. mr. russell: why was it not made a priority? ms. archuleta: the systems that

were referred to, those systems he recommended we shut down, he recommended we shut them down because they were without authorization. all our systems are authorized and are operating. we are looking at systems that are very old. we can take a look at encryption and other steps that can be taken. we are doing that. as we look at the system, we are having to deal with decades -- mr. russell: there is an old saying we had in the military. poor is the workman who blames his tools. missions can be accomplished even with what you have and measures could have done had this been made a priority. what i see now is, whited opm have no multi-factor authenticityation?

if they get into the system, they have free reign. ms. archuleta: we have implemented multifactor authentication with a remote users. mr. russell: when was that put inn, before or after the breach? ms. archuleta: this was begun in 2015. prior to the time of two factor authentication it takes time to implement these tools. i am as distressed as you are about how long the systems have gone neglected. when they have needed much resources. it might ministry should, we put those resources to it. we have to act quickly, which we are doing.

we are working with our partners across government. as i said before, cyber security is an issue all of us address. mr. russell: was a priority made that these systems would allow -- ms. archuleta: would you repeat the question? mr. russell: was a priority made that once they get in, they would have a free run. ms. archuleta: it was a priority but legacy systems, it takes time. mr. russell: it did not take our enemies time. >> i recognize the gentleman from california. >> under your watch, database containing the crown jewels of american database -- intelligence was breached. this year, another database was reached. -- breached. the igs says your technology

systems are either weak or deficient. my question to you is, do you accept responsibility for what happened? ms. archuleta: i accept responsibility for the administration of opm and the important role of our i.t. systems delivering services. i take very seriously my responsibilities in overseeing the improvements to a decades old legacy system. mr. lieu: i don't know what that means, i asked for a yes or no but that is fine. i will reserve the balance of my time to make a statement. having been a member of this committee, and as a computer science major, it is clear to me there is a high level of technological incompetence across many agencies. we have held hearings where

federal agencies could not procure or deploy i.t. systems without massive bugs or cost overruns. we have had hearings where at least one agency, in this case fbi, had a misunderstanding of technology and continued to believe they can put in backdoors to encryption systems just for the good guys and not for hackers, which you cannot do. we had over 10 federal data system reaches last year. there is a culture problem and a problem of civilian leadership not understanding we are in a cyber war. every day, we are getting attacked. the u.s. military understands. that is why they stood up an entire u.s. cyber command. until the civilian leadership understands, we will continue having more data breaches. you have heard their unencrypted

social security numbers. that is unacceptable. look at the reports. and then look at last year's report last year which says, as of november of last year, opm had not done a risk assessment. that is ridiculous. you knew in march or system was breached. that is a failure of leadership. this goes beyond opm. you have only been here a few months. i want to know, why was it not until last friday that agencies were ordered to put in basic cyber security measures? why was this not gone last year? there is a failure of leadership. when there is a culture problem, what have we done in the past? in the area of national security, you can't have the view that, this is a legacy system. national security has to be zero saw lawrence -- zero tolerance.

that cannot happen. when you have a culture problem as we have had to, in the past, leadership resigns or they are fired. at the dea leadership left. we had this happen at the secret service and veterans administration. we do that for two reasons. one, send a signal the status quo is not acceptable. we cannot continue to have this attitude where we make excuse after excuse. the one word i have not heard is the word sorry. when is opm going to apologize to 4 million employees? when is opm going to apologize? federal employees who had personally devastating information released. when there is a culture problem

we send the signal that the status quo is unacceptable. that is because we want new leadership that is more competent. i am looking here to stay a few good people to step forward except responsibility, and resign for the good of the nation. i yield back. >> will said. -- well said. i now recognize the chairman of the i.t. subcommittee. >> thank you, mr. chairman. it is my hope is that every agency and cio are listening or watching war will read the testimony after this event to read the first thing they wake up tomorrow. pull out the gal high-risk report that identifies areas they have problem with. take and start working to

address the remediation's. i have been at this job for 21 weeks, similar to mr. scott. one of the things you hear from people, they are frustrated with their government. intentions are great. ms. archuleta:, you said security is per month. i.e. believe you believe that. but the execution has been horrific. intentions are not enough. we have to have execution. my question, let's are with you did the hackers use full ability to get into your network? ms. archuleta: i think that would be better answered in a classified setting. mr. hurd: if it was a zero dave wohl nerve ability, i hope

everybody should -- zero day owner ability, i hope everybody is notified. what i heard is einstein detected the breach. my question is, how long did somebody have access to these? why did it take that long to get it into einstein's system? has that been promoted to every other agency using einstein? dr. ozment: we loaded it into einstein immediately. both to detect and look back through history to see if any other traffic back in time indicated a similar compromise. that is how we found in

intrusion into opm related to this incident that led to our discovery of the breach of the personal records. we also put into einstein three so agencies would be protected against a similar activity moving forward. we held a call with all the federal cio's and asked them to search their networks. mr. hurd: you talk about legacy systems. the difficulty of protecting those. what are some of those? what programming software is used to develop them? ms. archuleta: these are systems that have been around for going close to 25-30 years. cboobol systems.

director archuleta and i were brought here to address some of these problems. i started my job in december, 2013. mr. hurd: why did we wait for two factor authentication? ms. seymour: these are two decades in the making. we are not going to solve them in two years. mr. hurd: how much overtime have you signed off on? ms. seymour: my cio team works 20 47. -- 24/7. >> i am very proud of the

employees working on this issue. mr. hurd: you have inherited a mess. we are looking to you to ensure things like this do not happen. to make sure agencies are implementing recommendations of the ig, the gao. we will continue to drag people up here and answer these questions. that is our responsibility. i recognize that, you are not going to stop everybody from penetrating your network. how quickly can you identify them and kick them off? those are metrics we should be using. we are woefully and adequate i yield back time. >> thank you, mr. chairman. ms. archuleta:, you said, we have confirmed that any employee

from across branches of service may have been compromised, even if there personnel file was not stored. what do you mean by service history? ms. archuleta: their careers they may have been in a different position earlier than perhaps -- as they move around government. it may be someone whose current job would not be any system, but because of their service history, it would be dated back. >> potentially broader beach. with the sf 86, i remember filling it out as a young officer in the navy. it is the most intrusive form i have ever filled out. it took me days. i had to do research on myself. it is not just that you are doing personal sensitive data

about the individual applicant. the sf 86 asks about family members, friends spouses relatives. where you lived. who you knew. it also asks you to come clean about anything in your past life. to me, people have said this is crown jewels material in terms of blackmail. this is a very serious breach. my question for ms. archuleta:. were level officials implicated in this breach? ms. archuleta: this would be better discussed in a classified setting. >> what about people in the military and intelligence communities? ms. archuleta: this is something we should respond to in a

classified setting. >> you don't disagree with my classification of the sf 86. theoretically, that is a major breach that will have ramifications for our country. ms. archuleta: we will discuss this with you in the classified setting. mr. desantis: china now has a list of chinese this is -- citizens in close contact with american officials. they will use that for espionage purposes. what our security implications? that could be for anybody. >> that is a question we will discuss. >> some reports say that not

only were hackers pursuing information on federal employees, but also password and encryption keys that could be used for trade secret theft and espionage. i guess you will have more to say in a classified setting. for this forum, can you say that that is a significant risk, that is that the type of information we would want the enemy to have? and it can be damaging, correct? dr. ozment: again, we will defer discussion of that way classified briefing. rep. desantis: i get that. i will be there, i will listen intently. it concerns me, because this is a treasure trove for our enemies, potentially, in the fact that this was hacked and we didn't know about it for a long time. that is really troubling. i think the american people, if you ask people to want to serve in these sensitive positions and they think like filling out

the forms, they will put themselves and family members at risk because the government is not competent enough to maintain that secretly, that is a major problem as well. the information can be used against the country and you will have a chilling effect on people wanting to get involved if they don't get a handle on this. i look forward to hearing from witnesses and a classified setting. i yield back the balance of my time. >> we recognize the gentleman from alabama. >> thank you, mr. chairman. this seymour does the exposure include others, or just people who filled out form 86? ms. seymour: our investigation is ongoing. >> i have two employees who have never filled out the standard form 86. i have a letter from you informing them of the possibility that their data may have been compromised. i will ask you again, and this is a yes or no, does it extend

beyond the people who filled out the sf-86? ms. seymour: yes. we have come here to talk about two incidents. >> why didn't you answer yes? ms. seymour: you were talking about sf-86. >> i made it clear. you said the investigation was ongoing. apparently you have investigated enough to send a letter to employees who didn't fill out those forms. thank you for your yes answer. is there, in your judgment, miss archuleta, how likely was it that the hackers were able to access these personnel files through employee accounts? ms. archuleta: sir, we will be able to discuss that with you during the classified setting. >> let me be more specific. are you familiar with the wall

street journal articles that indicated that it was possible that the breach occurred through personal e-mail accounts because employees were using the federal system, and early in 20 11, immigration and customs enforcement agency noticed a significant uptick in infections and privacy spills. they asked for a direct, they put out a directive that federal employees could not use the federal system to access their personal e-mail. the american federation of government employees filed agreements with the federal arbitrator claiming that was something that needed to be bargained, needed to be part of the collective bargaining agreement. the arbitrator dismissed the security arguments in 75 boards, claiming exclusive discretion to

manage i.t. systems. they were not able to shut that off. do you have any comment? ms. archuleta: those are issues we will be able to discuss in the classified hearing. rep. pal is beingmer: discussed in the wall street journal. >> what are the risks associated with not having a valid system authorization? >> the risks are evident, not having a valid authorization essentially could be a system, a symptom of weak controls over operating systems and applications, and lead to things such as a breach. >> with all the things we are talking about here today ms.

seymour, you were fully aware of these risks, and opm was aware of the risks. ms. archuleta: i was aware of the reports. >> i hate going back to this. it has come up several times already. i am waiting for an answer. the inspector general put out his report last november expressing great alarm recommending that opm consider shutting down the systems because of the risks that you knew about. and that ms. archuleta knew about. yet, they were ignored. i will come back to you with this, because quite frankly ms. archuleta has tried to dodge this question. i want to come straight up to you. why were those recommendations not followed? ms. seymour: two reasons.

what is an authorization to operate, that is merely the documentation of the security controls of a system. and their effectiveness. that does not mean sibley because you do not have an authorization, that those tools don't exist. as they were doing the audit we were taking all of those vulnerabilities into play. we had already developed a security plan and we were in the process of implementing. the ig admits in their report we were in the process of implementing many of those controls. >> did that plan work? obviously, it didn't. would shutting it down have worked? ms. seymour: the controls we put in place allowed us to stop the remote access to our network and they also allowed us to detect this activity that had occurred prior to the ig report.

rep. hice: the vulnerability was still there. your plan failed. ms. seymour: there are vulnerabilities in every system. we do risk management. we look at the vulnerabilities as well as the business that we must conduct. rep. hice: what currently are the consequences of an opm system, currently? what are the consequences now if they operate without a valid authorization? mr. essen: there are no consequences. will we report that in audits? other than that, there are no official sanctions in place. it is something that gets publicized.

rep. hice: it sounds to me like this is not being taken seriously. why are we still operating without authorization? ms. seymour: i have extended the authorizations we have in the systems because we put a number of security controls in place in the environment. we have increase the effectiveness of the security around those systems. mr. hice: there are no consequences for operating on a system without authorization. how serious are you taking it? ms. seymour: they are consequences. those consequences are, if you are not doing assessments, documenting them, while that is evident that those assessments have been done, the assessments themselves are more important. the scanning of the network -- rep. hice: what are the consequences? ms. seymour: we report to omb on

a quarterly basis about the status of our security and our network. rep. hice: that sounds like just reporting you were supposed to do anyway, that's not consequences. again, are there measures that need to be taken to get the whole thing up to the standard it ought to be? is there anything you would recommend? mr. essen: we recommend the cio, the agency, take the steps that, in a lot of cases, they are beginning to take. the centralization of the i.t. governance is well along the way. what they also need to do is get a full inventory of the assets they are responsible for

protecting. the shell project that ms. seymour has alluded to is also something that we support we also have concerns about the way the project has been started and manage. overall, we support the idea behind the shell project. >> we recognize the gentlewoman from new mexico. >> thank you, mr. chairman. i want to take -- thank the panel for taking questions so seriously. in new mexico, we sophistication and

frequency of cyber attacks continue to be a threat. after my election, one of the key briefings of a national lab in my district is the continuing, growing concern with cyber security issues, and their aggressive responses, to be proactive as much as they can be, and to appropriately be reactive once you have an identifiable breach. given the data breach, at the opm and at home depot and target, and thumb, it is clear to me that not only does the federal government have a role in protecting federal employees and the information you have, but we have a role in working to protect the public in general from these serious and

continuing cyber attacks. i recognize also that this is a challenging effort, and there is not a simple solution. if there was, we could stop this hacking altogether. we could have the magic bullet. as much as i want you to do that, i don't want to minimize the fact that i recognize that is more difficult to do then to it is easy to say, not so easy to do. my concerns are growing, given that even the best in the country are facing significant cyberattacks including a lab we rely on for innovative and appropriate technologies to implement. so, given that diatribe, and given all the questions you have had about accountability and the serious nature, here's my question. federal government is not known for being, and i mean no disrespect, it is not a proactive or reactive body by

the nature of how large it is, how broad our mission is, and how we are dependent on whatever the resources are, and the priorities are, at any given time. given that climate, and the rule to protect the general public and your role to protect federal employees'information, what can you do to make a difference that puts you in a position to be much more proactive particularly given the nature of cyber attacks? quite frankly they have already hacked in as you are making the next modifications. anyone on the panel. mr. scott, that made primarily before you. mr. scott: i can think of several things in the short run that actually we already have underway. probably long-term, the biggest thing is to double down on

replacing these legacy systems these old systems we have. one of the central problems here we have old stuff that was just not designed or built in an era when we had these kinds of threats. in some cases, it is very hard to duct tape and band-aid things around these systems. doesn't mean there is nothing we can do but it is old architecture that needs to be replaced and security needs to be designed into the very fabric of the architecture of the hardware, the software, the networks, the applications, and the faster we can do that, the faster we are on a better road. >> giving your role to do that in federal government, i am clear -- i am not clear what percentage of old platforms we are still operating under, in which departments are more at

risk than others. what is the timeframe for getting that done? what is a reasonable course to take to make sure we have accountability in federal government to move forward exactly in that effort? mr. scott: first thing is, we will be very transparent with you in terms of the omb reports in terms of where we are at on that journey as we go through our work over the course of the year. several of the members of this committee have said they will pay close attention to that. i encourage that. >> our time is so tight. we would like a full and complete answer. there will be questions for the record and we will continue to follow-up. i hope you understand. we need to give time for the gentleman from wisconsin. >> i am glad we establish the federal government is not a proactive-reactive body. we must always remember, no matter what goes around here that is something to member. first question, this is kind of

a significant story here. out of curiosity to seal the government operates, has anybody lost their job over this? are there any incrimination's in that regard? >> no sir. >> next question. as i understand, it took months for the state department to root out the russian hackers and their unclassified systems. apparently, the chinese hackers are known for leaving behind time delayed malware. do we know for sure these people are out of the system by now? or could be still be floating around? -- could they still be floating around? x we have a team led by dhs, with participation from the fbi and nsa. they have fully removed the

adversary from these networks. it is difficult to have 100% certainty. >> it could be, but you think. dr. ozment: yes, sir. >> there are rumors that people are now selling some of these files. is this a threat? do we know if it is going on? if so, are we doing anything to counter that? dr. ozment: the impact, and those questions are better suited for a classified briefing. >> i yield the remainder of my time. >> i think you understand on a bipartisan basis how seriously we take the situation. to the federal employees who are affected, one of the things that should come out is, in the letter, the very end of the letter, if you received one of these, it does note that the

office of personnel management will not call you. they will not contact you to provide additional information. there will be some very bad actors that will try to take advantage of this that situation, and exploit it for their own personal gain. they have already done that. they will do it again, and there will be others that will try to do that. to federal employees please, do not fall victim to some but he will send you an e-mail or make a call and try to prey upon you further. that was noted in the letter. it is worth knowing from the pulpit. we look forward to the 1:00 classified briefing. the committee stands adjourned. thank you. >> here is what's ahead over the next few hours on c-span. donald trump announces he is in the race to be the nation's

president. secretary of state john kerry participates in today's state department reaping. the first since he had leg surgery. then at a house hearing, the director of the office of personnel management estimates that 4.2 million federal personnel are affected by recent data breaches. >> on the next "washington journal congo johnson a new -- j ohn sununu on a book he wrote. and, chris murphy on u.s. policy towards isis. his thoughts on american ground troops in iraq and syria. that is part of our spotlight on magazine series. managing editor of a magazine will discuss a story on whether any of the republican presidential hopefuls will cut

government spending. washington journal's live every morning at 7:00 eastern. you can contribute to the program on facebook and twitter. >> donald trump announced today he is running for president. this is after years of teasing the idea, saying he might run. the businessman and reality television personality says he has the business acumen to put people back to work and outsmart nations like china and mexico. the announcement from new york city is about one hour. [applause] ivanka trump: welcome, everybody. today i have the honor of introducing a man who needs no introduction. his legend has been built and

his accomplishments are too many to name. that man is my father. most people strive their entire lives to achieve great success in a single field. my father has succeeded in many. at the highest level and on a global scale. he's enjoyed success in a vast diversity of industries because the common denominator is him. his vision, his brilliance, his passion, his work ethic and his refusal to take no for an answer. i've enjoyed the good fortune of working alongside my father for 10 years now and i have seen these principles in action daily. i remember him telling me when i was a little girl, ivanka, if you are going to be thinking anyway, you might as well be thinking big.

and that is how he approaches any tasks that he undertakes. he thinks big. my father has employed a of -- tens of thousands of people throughout his career and has inspired them to do extraordinary things. he has the strength to make hard decisions and motivate those around him to achieve the impossible. he is an optimist who chases big dreams and sees potential where others do not. he leads by example and will outwork anyone in any room. my father is the opposite of politically correct. he says what he means and he means what he says. [applause] ivanka trump: he is also the best negotiator i have ever met. countless times, i have stood by

his side and watched him make deals that seemed impossible to get done. he understands what the other party needs and gets exactly what he wants. my father knows how to be a fierce opponent and also to be a very loyal friend. when it comes to building bridges, he can do so figuratively but also has the rare ability to do so literally on-time and under budget. [applause] ivanka trump: throughout his career, my father has been repeatedly called upon by local and federal government to step in and save long stalled grossly overbudget public projects. whether it is building a skating rink in central park, restoring

the exterior facade of grand central terminal, enabling the development of new york city's convention center, creating a championship public golf course for the city of new york, or redeveloping the iconic, but totally underutilized old post office building on pennsylvania avenue in the heart of washington, d.c. -- my father succeeds time and time again where government has failed before him. i consider myself fortunate to have learned from the best. both as an entrepreneur and as a parent. my father is a man who is deeply grounded in tradition. he raised my siblings and me to work hard and to strive for excellence in all that we do. he taught us that we have a responsibility to make a

positive contribution to society. here today, my father is again leading me by example. my generation finds itself at a crossroads. our leadership has been mired in bureaucracy of its own creation. if we don't adapt politically and economically, our country will be left behind. to address the many challenges we face, we don't need talk. we need action. we need execution. we need someone who was bold and independent with a proven track record of successfully creating and building large and complex and complicated organizations. in the process, enabling many, many americans to better their lives. i can tell you that there is no better person than my father to have in your corner when you are

facing tough opponents or making hard decisions. he is battle tested. he is a dreamer, but perhaps more importantly, he is a doer. ladies and gentlemen, it is my pleasure to introduce to you today a man who i have loved and respected my entire life. my father, donald j. trump. [applause] ♪ ♪ there is a warning sign on the

road ahead ♪ ♪ there's a lot of people saying we'd be better off dead ♪ ♪ keep on rocking in the free world ♪ ♪ keep on rocking in the free world ♪ ♪ keep on rocking in the free world ♪ ♪ keep on rocking in the free world ♪

♪ i see a woman in the night ♪ ♪ with a baby in her hands ♪ ♪ and an old streetlight near a garbage can ♪ ♪ she puts the kid away and she is trying to get a hit she hates her life and what she's done with it. there is one more kid that will net -- never get to go to school, never fall in love, never get to be cool. ♪ keep on rocking in the free world ♪ ♪ keep on rocking in the free world ♪ ♪ keep on rocking in the free world ♪ ♪ keep on rocking in the free

world ♪ donald trump: wow. whoa. thousands. so nice. thank you very much. thank you. it is great to be at trump tower in a wonderful city, new york. it is an honor to have everybody here. this is beyond anybody's expectations. there has been no crowd like this. i can tell you some of the candidates did not know the air-conditioning did not work. they sweated like dogs. they did not know the room was too big because they didn't have anybody there. how are they going to beat isis? i don't think it is going to

happen. our country is in serious trouble. we don't have victories anymore. we used to have victories, but we don't have them. when was the last time anybody saw us beating let's say china in a trade deal? they kill us. i beat china all the time. all the time. [applause] mr. trump: when did we beat japan at anything? they sent their cars over by the millions and what do we do? when was the last time you saw a chevrolet in tokyo? it does not exist, folks. they beat us all the time. when do we beat mexico at the border? they are laughing at us, and our stupidity. and now they are beating us

economically. they are not our friend, but they are killing is economically. the u.s. has become a dumping ground for everybody else's problems. [applause] mr. trump: thank you. it is true. these are the best, and the finest. when mexico sends its people they are not sending their best. they are not sending you, you. they are sending people that have lots of problems and they are bringing those problems with us. they are bringing drugs, crime they are rapists and some, i assume, are good people. i speak to border guards and they tell us what we are getting. it only makes common sense.

they are sending us not the right people. it is coming from more than mexico. it is coming from all over south and latin america and coming probably from the middle east. we don't know because we have no protection and we have no confidence. we don't know what is happening and it has to stop and it has to stop fast. [applause] mr. trump: islamic terrorism is eating up large portions of the middle east. they have become rich. i'm in competition with them. they just built a hotel in syria. can you believe this? they built a hotel. when i have to build a hotel, i pay interest. they don't have to because they took the oil that when we left iraq i said we should have taken. now isis has the oil. and what they don't have, iran has.

and -- i will tell you this -- years ago, i said, and i love the military and i want to have the strongest military we have ever had and we needed more now than ever -- do not hit iraq because you will totally destabilized the middle east. iran is going to take over the middle east. iran and somebody else will get the oil and it turns out iran has taken over iraq. they are taking over iraq and they are taking over big-league. we spent $2 trillion in iraq. $2 trillion. we lost thousands of lives thousands in iraq. we have wounded soldiers who i love, i love. they are great. all over the place. thousands and thousands of

wounded soldiers and we have nothing. we cannot even go there. we have nothing. every time we give iraq equipment, the first time a bullet goes off in the air, they leave. last week i read 2300 humvees -- these are big vehicles -- they were left behind for the enemy. you would say maybe two, maybe four. 2300. sophisticated vehicles, they ran and the enemy took them. you are right. [applause] mr. trump: last quarter, it was just announced our gross domestic product, a sign of strength, right? not for us. it was below zero.

whoever heard of this? it is never below zero. our labor participation rate was the worst since 1978. think of it -- gdp below zero. horrible labor participation rate. and our real unemployment is anywhere between 18% and 20%. do not believe the 5.6%. that is why a lot of people cannot get jobs. they cannot get jobs because there aren't any. china has our jobs and mexico has our jobs. they all have the jobs. but, the real number, the real number is anywhere from 18% to 19% and maybe even 21% and nobody talks about it because it is a statistic that is full of nonsense. [applause]

mr. trump: our enemies are getting stronger and stronger by the day. and we as a country are getting weaker. even our nuclear arsenal does not work. it came out recently, they have equipment that is 30 years old and don't even know if it works. i thought it was horrible when it was broadcast on television because that sends signals to putin and all of the other people that look at us and they say that is a group of people and that is a nation that truly has no idea what they are doing. they don't know what they are doing. we have a disaster called the big lie. obamacare. obamacare. yesterday, it came out that

costs are going up for people 29%, 39%, 49% and even 55% and deductibles are through the roof. you have to be hit by a tractor to use it because the deductibles are so high it is basically useless. it is a disaster. remember the $5 billion website? $5 billion we spent on a website. to this day it does not work. a $5 billion website. i have so many websites all over the place. i hire people. they do a website. it costs me three dollars. $5 billion website. >> [chanting] we want trump.

mr. trump: you need somebody because politicians are all talk, no action. nothing will get done. they will not bring us to the promised land. they will not. as an example, i have been on the circuit making speeches and i hear my fellow republicans. they are wonderful people. i like them. they want me to support them. they don't know how to bring it about. they come to my office. i have a meeting with three of them in the next week and they don't know -- are you running, are you not running? can we have your support? what do we do? how do we do it? i like them and i hear their speeches and they don't talk jobs or china. when was the last time you heard -- china is killing us. they are devaluing their currency to what level you would not believe. it makes it impossible for our companies to compete.

they are killing us. you don't hear that from anybody else. you don't hear it from anybody else. and i watch the speeches. thank you. i watched the speeches of these people and they say the sun will rise, the moon will set. all sorts of wonderful things will happen and people are saying what is going on? i just want a job. just get me a job. i don't need the rhetoric. i want a job. that is what is happening. it is going to get worse because remember, obamacare really kicks in in 2016. obama is going to be out playing golf. he might even be on one of my courses. i have the best courses in the world. if he wants to -- i have one on the potomac. if he wants to play, that is fine. i would love him to leave early and play.

that would be a very good thing. but, obamacare kicks in in 2016. really big. it is going to be amazingly destructive. doctors are quitting. i have a friend who is a doctor. he told me the other day -- i have more accountants than i have nurses. it is a disaster. my patients are besides themselves. they had a plan that was good and they have no plan now. we have to repeal obamacare. and, it could be replaced with something much better for everybody. let it be for everybody, but much better and much less expensive for people and the government. and we can do it. [applause]

mr. trump: so, i have watched the politicians. i have dealt with them all my life. if you cannot make a good deal with a politician, then there is something wrong with you. you were not very good. that is what we have representing us. they will never make america great again. they don't even have a chance. they're controlled fully -- they're controlled fully by the lobbyists, by the donors and by the special interests -- fully. they control them. i have lobbyists that can produce anything for me. they are great. you know what? it won't happen. it won't happen because we have to stop doing things for some people, but for this country, it is destroying our country. we have to stop and it has to stop now.

now, our country needs -- our country needs a truly great leader. and we need a truly great leader now. we need a leader that wrote the "art of the deal." we need a leader that can bring back our jobs, manufacturing our military. can take care of our vets. our vets have been abandoned. [applause] mr. trump: we also need a cheerleader. you know, when president obama was elected, i said, well, the one thing i think he will do well, i think he will be a great cheerleader for the country. i think he would be a great spirit. he was vibrant and young.

i really thought he would be a great cheerleader. he is not a leader, that is true. you are right about that. he was not a cheerleader. he is actually a negative force. he was not a cheerleader. he was the opposite. we need somebody that can take the brand of the united states and make it great again. it is not great again. [applause] mr. trump: we need -- we need somebody -- we need somebody that literally will take this country and make it great again. we can do that and i will tell you i love my life. i have a wonderful family. they are saying dad, you are going to do something that is going to be so tough.

all of my life i have heard a truly successful person, a really successful person, and even modestly successful cannot run for public office. it just can't happen. that is the kind of mindset that you need to make this country great again. so, ladies and gentlemen, i am officially running for president of the united states and we are going to make our country great again. [applause] ♪ mr. trump: it can happen. our country has tremendous potential. we have tremendous people.

we have people that are not working. we have people that have no incentive to work, but they will have incentive to work because the greatest social program is a job. they will be proud and they will love it and it will make much more money than they would have ever made and they will be doing so well and will be thriving as a country. thriving. it can happen. i will be the greatest jobs president that god ever created, i tell you that. [applause] mr. trump: i will bring back our jobs from china, mexico, japan some of the places. i will bring back our jobs and money. right now, think of this -- we owe china $1.3 trillion.

we owe japan more than that. they come in, take our jobs and our money and then we pay them back and interest. the dollar goes up so the deal is even better. how stupid are our leaders? how stupid are these politicians to allow this to happen? how stupid are they? >> [chanting] we want trump. mr. trump: i'm going to tell you a couple of stories about trade because i am totally against the trade bill for a number of reasons. number one, the people negotiating it don't have a clue. our president does not have a clue. he is a bad negotiator. they get five killing terrorists that everybody wanted over there. we get a traitor. no good traitor and they get the five people that they wanted for

years and those people are now back on the battlefield trying to kill us. that is the negotiator we have. take a look at the deal he is making with iran. he makes that deal, israel may be won't exist very long. it is a disaster and we have to protect israel. [applause] mr. trump: we need people -- i'm a free trader, but the problem with free-trade is you need really talented people to negotiate for you. if you don't have talented people, if you don't have great leadership, if you don't have people that know business, not just a political hack that got the job because he made a contribution to a campaign which is the way all jobs are just about gotten, free-trade is

terrible. free-trade can be wonderful if you have smart people, but we have people that are stupid. we have people that are not smart and we have people that are controlled by special interests and it is just not going to work. a couple of stories that happened recently. a friend of mine is a great manufacturer. you know, china comes over and they don't all of our stuff and i buy it. because frankly, i have an obligation to buy it because they devalue their currency so brilliantly and nobody thought they could do it again. with all our problems with russia, with everything, everything, they got away with it again. it is impossible for our people here to compete. i want to tell you this story. my friend runs a great manufacturer. he is very upset. i said what is your problem? he said i make great products and i said i know because i buy

the products. he said i cannot get it into china. they will not accept it. i sent a boat and they sent it back. they talk about all sorts of crap that had nothing to do with it. i said that is terrible, does anybody know this? he said they do it all the time with other people. i finally got over there and they charged me a big tariff. they are not supposed to be doing that. they do charge you tariffs on trucks. when we send trucks and other things over there. they wanted boeing's secrets before they agreed to buy planes from boeing. hey, i'm not saying they are stupid. i like china. i just sold an apartment for $15 million to somebody from china. am i supposed to dislike them? i own a big chunk of the bank of america building in 1290 avenue of the americas that i got from china in a war.

very valuable. i love china. the biggest bank in the world is from china. you know where their united states headquarters is located? in this building, in trump tower. i love china. people say you don't like china. i love them, but their leaders are much smarter than ours. there is -- it is like take the new england patriots and tom brady and have them play your high school football team. that is the difference between china's leaders and our leaders. they are ripping us. we are rebuilding many countries. you go to china now -- roads bridges, you never saw anything like it. they have bridges that make the george washington bridge look like small potatoes and they are

all over the place. we have it, but we don't how to use it. we don't even know we have the cards because our leaders don't understand the game. we could turn off that spigot by charging them tax until they behave properly. now, they are going militarily. they are building a military island in the middle of the south china sea. our country could never do that because we would have to get environmental clearance and the environmentalists -- we would never build in an ocean. they built this massive military port. they are building up their military to a point that is very scary. you have a problem with isis you have a bigger problem with china. the new china in terms of trade is mexico. this man tells me about the manufacturing. i say that is a terrible story. i hate to hear it.

i have another one -- ford. mexico takes a car company that was going to build in tennessee, rips it out. everybody thought the deal was that. it was reported recently. everybody thought it was a done deal, it is going into tennessee. great state, great people. at the last moment, this big car manufacturer announces they are not going to tennessee. they will spend their $1 billion in mexico instead. not good. now, ford announces a few weeks ago that ford is going to build a $2.5 billion car and truck and parts manufacturing plant in mexico. $2.5 billion. could be one of the largest in the world. ford, good company.

so i announced that i am running for president. [applause] mr. trump: one of the early things i would do probably before i even got in -- i would not even use -- i know the smartest negotiators in the world. i know the good ones, the bad ones, the overrated once. they think they are good. the newspapers get buffaloed but they are not good. i know the best negotiators in the world. we will do very well. very, very well. i would not even waste my time with this one. i would call up the head of ford, who i know, if i was president. i would say congratulations. i understand that you are building a nice, $2.5 billion car factory in mexico and that

you will take your cars and sell them to the united states, zero tax across the border. you say to yourself how does that help us? it is not good. i'll say congratulations. let me give you the bad news -- every car, truck, part manufactured in this plant that comes across the border, we will charge you a 35% tax. [applause] mr. trump: that tax is going to be paid simultaneously with the transaction and that is it. here is what is going to happen -- if it is not me in the position, it is one of these politicians we are running against. the 400 people. here is what is going to happen -- they are not so stupid. they know it is not a good thing and they may even be upset. they will get a call from their donors or probably from the

lobbyists from ford and said you cannot do that to ford because ford takes care of me and i take care of you and you cannot do that to ford? guess what? no problem. if they are going to build in mexico and take jobs away from us. under president trump, here is what will happen -- the head of ford will call me back i would say within one hour after i told him the bad news. it could be -- you might want to wait until the next day. he will say please and beg for a little. i will say no interest. he will call a bunch of political people and i will say no interest. i don't need anybody's money. i'm using my own money. i'm not using the lobbyists or donor. i don't care. i'm really rich.

by the way, i'm not even saying that -- that is the kind of thinking you need for this country. it sounds crass. it is not crass. we got $18 trillion in debt, nothing but problems, a military the needs equipment. we have nuclear weapons that are obsolete. we have got social security that is going to be destroyed if somebody like me does not bring money into the country. all these other people want to cut the hell out of it. i will bring money in and we will save it. here is what is going to happen -- after i'm called by 30 friends of mine who contributed to different campaigns, after i am called by all the special interests and the donors and by the lobbyists -- they have zero

chance of convincing me, zero -- i will get a call the next day by the head of ford to say please reconsider and i will say no. he will say, mr. president, we have decided to move the plant back to the united states. we will not build in mexico. they have no choice. they have no choice. there are hundreds of things like that. i will give you another example -- saudi arabia. they make $1 billion a day. $1 billion a day. i love the saudis. many are in this building. they make $1 billion a day. whenever they have problems, we send over the ships. what are we doing? they got nothing but money. if the right person asks them, they pay a fortune. they would not be there except for us. believe me, you look at the

border with yemen, you remember obama a year ago -- yemen was a great victory. two weeks later, the place was blown up and they kept our equipment. they always keep our equipment. we ought to send some real junk -- we should send our surplus. we are always losing this brand-new stuff. look at the border with saudi arabia. do you really think these people are interested in yemen? saudi arabia without us is gone. they are gone. and i'm the one that made all the right predictions about iraq. all of these politicians that i am running against now -- it is so nice to say i am running as opposed to if i run. i'm running. all of these politicians i am running against now, they are trying to -- you look at bush. it took him five days to answer the question on iraq.

i said is the intelligent? i look at rubio. he was unable to answer the question. is iraq a good thing or bad thing? he could not answer the question. how are these people going to lead us? how are we going to make a great again? they don't have a clue. they cannot lead us. they cannot even answer simple questions. saudi arabia is a big, big trouble. thanks to fracking and other things, the oil is all over the place. i used to say it -- this was during the worst crisis -- there were ships loaded up with oil and the cartel kept the price up because they were smarter than our leaders. there is so much wealth out there that can make our country so rich again. therefore, make it great again

because we need money. we are dying. we are dying. we need money. we have to do it. we need the right people. so, ford will come back. they will all come back and i will say this -- this is going this will be an election based on confidence. thank you, darling. somebody said to me the other day, a very nice reporter -- mr. trump, you are not a nice person. >> we don't need nice! mr. trump: that is true. actually, i think i am a nice person. people that know me, like me. does my family like me? i'm proud of my family. speaking of my family -- vanessa, tiffany, ivanka did a great job. [applause]