next on kqed "newsroom," president obama's plan to protect americans from data breaches. >> we want cybercriminals to feel the full force of american justice. >> what it will take to stop cyberattacks. plus, kamala harris is first. but she won't be alone. the battle to be california's next u.s. senator. and the "san francisco chronicle" makes headlines and history appointing its first female editor in chief. her plans for the paper's future. >> it's a complete evolution. we're trying new things. ♪

good evening and welcome to kqed "newsroom." i'm thuy vu. target ebay jpmorganchase sony pictures. those are just some of the companies attacked by hackers last year. in fact 2014 was the worst year on record for cyberattacks. thieves stole personal information on millions of people. and in the case of sony at least leaked damaging documents and copies of films. during his state of the union address next week president obama will lay out plans to protect americans from cyberattacks. proposals he previewed on monday. >> we're introducing new legislation to create a single strong national standard. so americans know when their information has been stolen or misused. >> and the white house has planned a cybersecurity summit at stanford next month. bay area researchers and companies are at the forefront of efforts to combat hacking

attacks. joining us to discuss these efforts, tom pageler, chief security officer for docusign a company that allows businesses to sign and send documents securely. kurt stammberger, senior vice president of market development with norse corporation, which tracks cyberattacks in real-time. and aarti shahani, npr's tech correspondent. and kurt stammberger, you want to begin with you. your company's website, norse, there is a map showing live attacks as they happen. let's take a look at it. and if you can describe to us what we're looking at here. >> well, what we're looking at here is a live map of attacks under way on the internet right now. we have a worldwide deployment of about 8 million sensors in 50 countries around the world that emulate about 3,000 different types of devices. everything from cash registers to atm machines to medical devices. so we can deliver very fast intelligence to our customers about who's being attacked, where, and what types of devices

are being targeted. >> so for example, if you see a lot of attacks on credit card companies, for example, then you can alert credit card companies that this is going on and you need to batten down the hatches. >> right. exactly. it's a little like a real-time internet weather report. >> tom, with docusign, how often are cyberattacks happening? >> how often? every day. we're seeing something every day. but i think the thing is we're also getting more awareness around it so people are seeing that this is happening and they're more willing to share. it used to be it would happen you wanted to hide it, you don't want people to know. so companies are more willing to come out. and i think also employees shareholders, stakeholders, they're starting to take more due diligence in making sure they kind of protect the data. people are more aware of it. which is a good thing. we're starting to see best practices in just securing some of the things they need to. >> you say these attacks are happening every day and i just want to quote a study real fast because the numbers are startling. a price waterhouse cooper study found that nearly 43 million

cyberattack incidents last year 48% increase over 2013. and that breaks down to more than 117,000 attacks coming every single day. >> well, it's also -- think about it we're becoming more digital, right? more devices are out there. there's more connection to the internet. more companies are going digital. obviously, even my company docusign-s a digital transaction management company. we compete with paper. we want things to be digital. there's more attacks more areas to go after. more things to use, more -- yeah. sorry. >> and i think that one thing to keep in mind, that when we look at these kinds of numbers is that the attacks are tens upon thousands a day. could be more or less -- the volume is extraordinary, but what we care about are the attacks that are successful. that actually penetrate into a system and -- >> how worried should we be, then? because it seems like quite a few of them are penetrating systems. >> it seems like we should be worried. if last year was any indicator. >> i can tell you that absolutely we should be worried. because not only are the volume

of attacks increasing but the success rates of attacks are increasing. and these attacks wouldn't be happening if there weren't a lot of money behind it. the fundamental nature of hacking has shifted in the past 20 years from someone showing technical prowess to one of their buddies to organized crime and snags states going after valuable assets they can sell. >> you're not just flexing for your geek friends. you're actually trying to make a living this way. >> aarti's point i think you really want to look at the ones that matter, the ones that fraud's happening. you don't want the white noise. there is something happening every day. there are things that happen. you get data that doesn't really matter we don't want to overreport. we want people diligent about it but you want to care about the ones that actually matter. >> let's talk about something that does matter. it's easy to laugh it off, right? sony. because a lot of gossipy stuff came on. but that was a big data breach. and i know that norse has been working with the fbi on this issue. and you know, people have said,

well north korea. but you're seeming to say that it's more of an insider job. what are you finding out about that? >> yeah, well, i can't comment 234 much in much depth because this is still an ongoing investigation with the fbi and we're still cooperating with law enforcement officials. but still to this date the data and the telemetry that we've been analyzing don't trace back to north korea. in fact, the evidence that we see indicates that the initial intrusions and exfiltrations of the data happened as early as july and that malware was all written in english. there were no korean components in it. >> so that leads you to believe it was an insider. >> right. in fact i say that a lot of malware is kind of like a roomba. it's kind of like a little robot that bounces around and runs into furniture and turns right and runs into something else and turns left. and when it turns into a piece of dirt it collects it. the sony malware was a lot more like a cruise missile.

it had user credentials digital certificates, server addresses, preprogrammed into it. and those are things you can only get access to if you're an insider. >> what's the key takeaway from these data breaches? sony, which people like i said had fun with but you've also got the case of home depot where 56 million customers were affected. you have target where 40 million card numbers were stolen. >> when we look at the huge hacks that are now household names. if you're listening today, if you're watching today you know sony, you know target, you know home depot. you probably got a call about your credit card numbers taken at some point. and that's why i think it's interesting the massive problem we're facing now and then the public policy conversation around it. i don't know what you guys think. >> i think what's really important here su think about the enron scandal, the financial crisis we had before. we came out with sarbanes-oxley. we really went after a big change. you have obama coming together and bringing a group together.

why don't we do that for cybersecurity? why aren't cisos reporting to the board? >> security officers. >> chief security officers or chief security information officer or chief risk officer. the person in charge. i report to the board at my company. there's transparency. my ceo signs off every year what we're doing cybersecurity. we might not be perfect. everybody can make mistakes. but at least all the stakeholders know exactly what we're doing. and i think obama needs to push for something like that. we need something like sar baipz oxley. >> speaking of president obama, he is taking a accept in this direction. this week he announced new measure to prevent data breaches. aarti, what are some of the key pillars and do they go far enough? >> there are several key pillars that have to do with informationing share and change in criminal justice code. one thing i really want to focus on because i want us to be attuned when we hear it. obama said consumers have a right to know within 30 days when their data is taken. that's consumer protection. we need consumer protection with all of these breaches happening. now, i'm a consumer. that sounds good. if i get hacked i have a right to know.

and you target or home depot or bebe the clothing store that got 40kd ha i shop at i have a right to know. the thing is when you talk to people in the industry is that telling the consumer that their disposable credit card number has been taken doesn't really solve the root problem. the root problem is are companies investing in security infrastructure? are they looking for malicious code attacking their systems? are they telling each other? >> it's a white noise -- sorry. it's a white noise problem. i think there are mechanisms to share information. we have the fsi sack. information share sharing alliance protected by the government. but there's always the risk when you start communicating with the company. i did hear when he was talking about this. is allow for companies to share information. so we can talk to each other, we feel comfortable, we can compare notes. >> but the concern you have is he's missing the mark it sounds to me. >> he's missing the mark. 30 days. when does it start? >> in 30 daysuq:qu) credit card has already been sold 100 times

over. >> or the white noise too. if i have to report. and let's just say law enforcement's involved and they say we have an idea here but we need you to not report yet. am i allowed to do that? maybe not. and when does 30 days start? when i suspect it, when i know it, when i confirm it? as a company i'm not going to take any chances. >> what is a consumer to do though? because i'll tell you what, a pew research poll finds that 91% of americans say consumers have lost control over how their personal information is collected and used by companies. so what is a consumer to do? yeah, like you said okay, so a data breach happened. you're notified within 30 days. you have all these passwords already. you change them regularly. they're hard to remember. are there technologies out there that will help this problem? >> i would say that on the consumer side the apple icloud hack to me really illustrates the need for consumer responsibility. when you're putting your stuff on the cloud, nothing on the cloud is private. keep that in mind. pay attention to whether data's being encrypted. use passwords that are actually strong.

i use something called last pass which is a password manager. it costs like 20 bucks a year. it gives me some crazy 52-digit password that automatically puts into my -- >> we use another one called 1password. >> we should move away from passwords. you use the same password you steal the password and get to multiple sites. you should do two-factor identification. it should be i know who you are, i know your pattern, i know your phone, i can text you, we should be moving away from that type of stuff. >> interestingly enough i feel one issue with this question of how to protect consumers is you see a collision head on between what politicians are talking about and what obama particularly is talking about right now and what's best for consumers. for example obama and the prime minister of the uk were talking about having better access to data on the cloud or messages on what's app and whatnot for terrorism investigations. so they want to be able to more easily get data that is interchanged between individuals. meanwhile, companies like apple and google want to hard encrypt all of the data that's being stored and make it harder for

law enforcement to access. so i think we're actually going to see in this next year a real butting of heads between consumer protection and law enforcement. >> and i want to ask you real quickly, though to wrap up this segment, if it's possible to keep up with the hackers, especially when a lot of it is coming from overseas. you've got some of the leaders in this space you know china, russia eastern europe. is it possible to stay ahead? >> it's a treadmill, definitely. and at this point the hackers are winning. they're ahead. and it's something that -- it's a problem we're never going to solve completely. but it's something -- >> a united front will help. i think getting together and tackling together, that's how we're going to do it. >> i'm going to have to leave it there. all right. thank you. thanks to all of you. tom pageler with docusign also aarti shahani npr's tech correspondent, and kurt stammberger with norse. thank you all. >> thanks. >> well, coming up an unprecedented move at the "san francisco chronicle." but first, the race to replace

u.s. senator barbara boxer is on. this week california attorney general kamala harris became the first to throw her hat in the ring. harris will not have to compete against lieutenant governor nachb nus gavin newsom, who surprised many by saying he would not run. but she could face a primary run from other democrats including venture capitalist tom stier and republicans who have long coveted barbara boxer's seat. scott shafer addresses the race ahead with reporter marisa lagos. >> marisa lagos, welcome. >> thanks for having me. >> you bet. so what a week in politics in california. on monday gavin newsom says he's not running for barbara boxer's seat, and then the very next day kamala harris says i'm running you know, full speed ahead. what do you make of the way it unfolded? that sort of one-two punch this week. >> well, we in the political world heard rumblings that they would be kind of sitting down to discuss both of their futures. they share a political consultant. they share the same donor and sort of political base. i wasn't that surprised. i think that those positions

make sense for them to be pursuing. gavin newsom was an executive in san francisco. he likes being the sort of star in the room. he likes being controversial. that's kind of what he's made his namt on. i think kamala harris is a better fit for that world too. and i think she probably sees it as a launching pad to even higher office. >> although there was also talk they both wanted to be governor. and newsom coming out the way he did, did it pre-empt her? did it force her hand in a way, do you think? >> maybe. but i would bet that she knew that was coming. i don't think she heard first on facebook the way a lot of us did. >> do you think there was some kind of deal? there was a lot of speculation as you suggested they would sit down and work it out, divide up the kingdom. but they both sort of say that's not what happened. >> i think they're going to say that. i don't think they want the voters or the public to perceive that they think either of them is a shoo-in for either race. they're not.

these are going to be very contested seats. but i am sure they had discussions. and whether or not somebody pushed somebody else, who knows? but i heard a few weeks ago that this might be the way it shook out. >> so kamala harris is the first one in, and surely will not be the last. there's talk, for example that former los angeles mayor antonio villaraigosa is thinking about it tom steyer, the billionaire environmentalist who's given money to candidates who support his position on climate change, also thinking of running. what do you think of the considerations for deciding whether or not to jump into this race? >> well, i think kamala harris is hoping her jumping in is going to be a huge consideration. money is clearly a huge issue here. i've heard everything from 20 to 40 million dollars as just an entry point to really be a player. which obviously makes someone like tom steyer a natural fit. >> he'll find that in his sofa probably. pocket change. >> and villaraigosa has national connections and has done a lot of work with the democratic party nationally.

so i think he also has sort of that ability at his fingertips. but you know -- >> let me ask you a question about him, though, because he made his money in finance. he's gotten very involved in environmental issues. can somebody like that -- there's the old saying that california politics is littered with rich people who ran for statewide office and lost. al checky is the classic example who ran in 1998 -- >> we don't have to look back that far. meg whitman. carly fiorina. >> exactly. >> i think that's something that steyer has carefully considered. he has waded in more slowly than some of those folks did. but i think that's why he's putting his feelers out to see what does the democratic base think where is the support? because i don't think he wants to be another one of those. >> those on that list. join that list. so of course you have to say, and both party leaders are saying that this is a tough race, even though it's two years down the road, for a republican to win. nonetheless, there will be republicans in this race.

there's talk about neal kashkari, of course who ran for governor. millionaires, right? fresno mayor ashley swearingen. also she ran and lost for controller. what's at stake do you think for republicans and the republican party in putting up someone who's credible? this should be a seat theoretically that they should be able to win, but it's tough. >> it is tough. and i had i it's also important for california that we don't have just a one-party race. the dynamics we're going to be talking about a lot is the open primary system and the fact it could be very likely that there isn't a republican in the november election. >> i'll just say what that is. it's the top two where parties don't nominate a candidate anymore, it's the top two vote getters regardless of party affiliation. >> right. i think that's one thing that back to kamala and gavin they were looking at do we want to -- this could be a two-year knock-down-drag-out race. so i think the republican party's going to be looking carefully but there's a lot of schisms within that party in california and i think that's why there's sort of this laundry list of folks with nobody really at this point rising to the top.

>> what has kamala harris done to say hey i'm ready to be u.s. senator? what's going to be her main are talking point, if you will? >> clearly the law enforcement angle. she came up as a district attorney first in alameda san francisco. she's worked very hard over her first four years as attorney general to really build relationships with law enforcement around the state who did not support her first run. the mortgage settlement that she and a handful of other attorneys general intervened to nationally really bucked the obama administration on is going to be huge for her. and i think she's going to talk about the sort of nitty-gritty stuff she's done in the a.g.'s office to make it -- bring it into the century on a technology level, to improve the crime labs, to assist in investigations. but i think that's a good question. she has a fairly narrow scope. >> and just quickly, what do you think -- what should california be looking for in a u.s. senator? barbara boxer's been there since 1993. you know, what does it take? >> well i think what you've

seen with our two senators is very different approaches. right? finestein i think has been a little more middle of the road. boxer's been more about talking about things. she's been a progressive voice. >> she's an advocate. >> she's an advocate. and i think likely if someone like kamala harris wins that seat we'll see that continue. but yeah, the scope of experience is important. i think their ability to connect with other people within both their party and across the aisle is going to be important. so those sorts of, you know, abilities to really navigate what's going to be a very different world in d.c. than in california -- >> and of course the ability to either raise or write a check for 30 40 50 million dollars. >> unfortunately, yeah. that's the entry level point, he will really. >> marisa lagos thank you very much. and i don't want to let you go before i say welcome because today's your last day with the "san francisco chronicle." you're going to be joining us here at kqed covering california politics and government. so i'll be able to call you a colleague in just a few hours. >> i'm very excited. thank you for having me. and we'll be talking more i'm sure about this race and many others. >> no doubt.

thanks a lot. >> thanks, scott. >> and speaking of the "san francisco chronicle," the paper made some news of its own this week when it appointed audrey cooper as editor-in-chief. she's the first woman to hold the position in the paper's 150-year history. cooper joins the "chronicle" nine years ago as an assistant metro editor and has been rising up through the ranks ever since. she takes on her new role as the newspaper industry struggles to redefine itself in the new media landscape. audrey cooper is here now, and welcome. >> thank you so much. >> first of all, congratulations on your new post. >> thank you. >> you're taking on this job during a time of great disruption in the newspaper industry. what are the biggest challenges the "chronicle" is facing? >> i think our biggest challenge is probably our need to reach new readers. we have a very loyal readership in the bay area right now, but like anybody if we want to grow we're going to have to get people who are just coming into their civic consciousness who just now want to know about

their community and do something about it. so really it's reaching those people and telling them why we're the best source of news for them. >> how are you going to do that? >> i think you have to do it lots of different ways. once upon a time we could deliver a newspaper to everybody's doorsteps. you can't do that anymore. we have to reach them through e-mail, through their phone, through whatever device they want to read it on and we have to make it really clear what is differentiating us. >> many of your paper's offerings, from sports to entertainment to weather, even politics are easily found in other multiple online sources. given that why do you think people should read the "chronicle"? >> well we have the largest newsroom between the tehachapi mountains and seattle. i don't think we do a very good job of explaining that to people. we have more people covering the news than any other media outlet. and i think that's really important because there's power in numbers. we have that influence to demand answers from people in power and to demand answers even from, you know movie stars and movie

makers to sports figures too. so we really can be more definitive than others. >> so what will you do? what will the changes be? what can we expect under you to make that happen? >> well, we've already started taking a really hard look at what we do. this last year we've totally redefined our business coverage. we added a bunch of new talent to our staff and gave a really hard look at with everything that's happening in the bay area with tech how do we do the best job of really putting the critical eye on that? to explain the benefits of the tech boom but also to say what's not so great about it so we can have a civic conversation about it. the other thing i think is absolutely critical is we really need to reinvest in our investigative resources. i don't know about you, but i became a journalist to speak truth to power. and we do that through our investigative journalism. so that's something you're going to need to see from us starting this weekend. >> the "chronicle" hasn't made money in years. in fact the whole newspaper industry is struggling right now

to survive. what will you do to keep the "chronicle" afloat? >> well actually, i'd correct you right there. in the last two years we have been solidly profitable. so we are making money. and that's a really good place for us to be right now. we're projected to make more this year than we did last year. so i'm really very bullish on it. i think there were some dark times and we're getting through them and you know part of it is to talk to people about what we're doing how we do it why it's better than everybody else so that they see value. we also need the support of our community like everybody. so you know, we want people to consume the journalism and if they consume a lot of it to pay for it. >> there's a lot of talk about digital models, and i know that you say the paper is making money. it's still operateing in a tough economic environment. print ad revenues down 50% in just the past five years. is there any thought of perhaps cutting back on the number of days that you have an actual

printed paper or eventually maybe going to an all-digital model? >> i mean, you can never say what's going to happen. but we will continue to print the paper as long as people want it. i don't know how long that will be. i think it's pretty safe to say at some point there will be no such thing as a printed monday through friday newspaper anywhere in the united states. i think we're pretty far away from that. you know the word i started to use recently that i never really had to in journalism school was diversified revenue streams. and that means we have events around our news coverage, we have an ipad app we have other apps. we have to have a lot of different ways to make money in this business right now. >> a lot of people think sfgate.com is your paper's website. but in fact it's not completely true. it's operated by the hearst corporation, your parent company. sfchronicle.com is your website. and it has the pay wall. how can your newspaper site

compete when sfgate is clearly so dominant? it gets something like 24 million people globally a month. >> well, sf chronicle has two websites. the newspaper, the people in 901 mission do produce sf gate. it's a place to go to get the temperature of the city. the snacky stuff the news you that don't have to spend 30 minutes digesting. sfchronicle.com is where we put i call the journalism with a capital j. and you're right. we've done a really good job over the last 20 years since we started sf gate of thoroughly confusing everybody. and we need to do a really good job of explaining to people if they want the best news then that's sfchronicle.com. >> a drop in the pay wall to get more people? >> i think you'll see in the next couple weeks some really interesting things happen there. i can definitely tell everybody we're going to start a free trial. so it will be a form of dropping

the pay wall. and i think we're going to experiment with a lot of things. we only started the site two years ago. it's a complete evolution. we're trying new things. the industry hasn't been very good at trying things and abanged them when they don't work or tweaking them had they don't work. i don't see any reason why we should be afraid to change things. >> and just quickly i have to ask you about willie brown. he's a columnist for the "chronicle" and until this month he was a registered lobbyist with the city of san francisco. are you concerned at all by the ethical issues that that raises? >> we -- i would say yes, but i'm confident in our editors that we put willie's column really through the ringer. he probably gets more editors' calls than anybody else on staff just to make sure that we're being ethically sound. i think our readers -- he's extremely popular, and i think our readers know willie brown is still a politician. but he is the closest thing we have to a current-day herb cain

and he's extremely popular. >> sounds to me like you're planning to keep him then. >> yes. i don't think we're going to have a lot of changes there. >> all right. well congratulations again. >> thank you. >> and you started during a great week. you also get to go to a birthday party. >> that's right. >> the "chronicle" actually turns 150 years old today. >> that's right. we're going to have some champagne and cake in the newsroom later today. >> good way to start your new job. good luck to you. >> thank you. >> and for more of kqed's news coverage please go to kqednews.org. i'm thuy vu. thanks so much for joining us. have a good night. ♪

>> the following kqed production was produced in high definition. [ ♪music♪ ] >> yes check please! people! >> it's all about licking your plate. >> the food is just fabulous. >> i should be in psychoanalysis for the amount of money i spend in restaurants. >> i had a horrible experience. >> i don't even think we were at the same restaurant. >> leslie: and everybody, i'm sure, saved room for those desserts.