cyber security agencies blame russia but moscow denies involvement. in 2015 a security breach was discovered at the u.s. office of personnel management hackers stole the personal data of more than 22000000 people many of them government employees in 2016 both the democratic national committee and hillary clinton's presidential campaign were targeted more than 40000 e-mails were leaked many containing confidential information and over the past decades many private companies have been hacked including yahoo sony adobe and linked in some breaches lead to millions of people having their personal data compromised that includes passwords phone numbers and credit card information u.s. president joe biden is making cyber security a priority he's hiring more experts and plans to boost funding we've elevated the status of cyber issues within our government including a point of 1st national deputy national security advisor for cyber and emerging technology we're launching an urgent initiative to improve our capability readiness and resilience in cyberspace. all

present leadership at the national telecommunications and information administration, the cyber security agency and the deputy national security advisor for cyber and emerging technology in the new administration. while we make it a priority to coordinate externally, we're also going to have to do the same thing internally. so my office is exploring changes to the fcc process for reviewing matters related to national security that right now are sideload in -- siloed in the various agencies and burros. we need a dedicated interagency and cross bureau team of experts advancing a comprehensive approach to securing our nation's communications. that work is under way and i look forward to that. i want to thank pam, elizabeth, brian, billie, and ryan. of the wireline competition bureau. patrick, alex, tanner, ken, julia mchenry chuck, eric, emily , of the office of economics and analytics, and marlina, michael, rick and bill richardson of the office of general counsel. we will now freed a vote on the item. commissioner carr? >> of proof. chair: the chair votes aye. would any of my colleagues like to

distinguished service award and a special commendation from the national security agency for his achievements in national security and cyber security. among his numerous responsibilities, mister mayorkas led the response to these he got and evil outbreaks. a relevant and timely experience that he will bring to dhs during this pandemic. earlier in his career mister te mayorkas served as senate confirmed us attorney in california. the national president of the fraternal order of police enthusiastically and doors mister mayorkas and i quote, his professionalism, integrity and commitment to just and fair enforcement of the law may seem an ideal candidate to lead the department . mister mayorkas is pursuing criminal wrongdoers and his protected the rights of the innocent with indefatigable vigor. his work reflects all that is right in government. mister mayorkas is an outstanding nominee to the secretary, to be secretary of homeland posecurity. his experience, qualifications, deep expertise and integrity will serve our nation well in this important and challenging position . steady leadership at the department of homeland secur

chris krebs, former director of the department of homeland security's cyber security and infrastructure security agencyhank you so much. the perfect person to discuss this. let's get right into it. i want your take on what we heard at the senate hearing on the capitol riot because a disinformation campaign isn't over. we saw what senator ron johnson did. he's trying to rewrite history right in front of ore ur very e in front of our faces. what is disinformation doing to democra democracy? >> thank you for having me on. i didn't see the clips including senator johnson's remarks. i was working on another hearing in the senate on cyber security. but nonetheless, it was a weird moment when i first saw the comments from senator johnson. i wasn't quite sure if they were from yesterday or they were from earlier. if you recall in january, you had members of both chambers of congress saying that, no, in fact, antifa or, you know, costumed, you know, performance players were not, in fact, responsible for the insurrection. it was the president's supporters driven by the president. so i don't know where that infor

present leadership of national telecommunications and information legislation, the cyber security and infrastructure security agency the deputy national security advisor for cyber and emerging technology in the new administration. now, while we make it priority to coordinate externally we're going to also have to do the same thing internally as my colleague commissioner starks has pointed out in the past. so my office is exploring changes to the fcc process for reviewing matters related to national security, which right now are siloed within the agency's various bureaus and offices. we're going to keep pace with the growing threats to our communications. we need a dedicated interagency and cross bureau team of experts advancing a comprehensive approach to securing our nation's communications. that work is already under way, and i look forward to the improved decision making that will result. for their diligent work to protect our network security and national security, i want to thank pam arluck, brian, elizabeth, and ryan palmer of the wire line competition bureau, skrulia mchenry, chuck needy, michael carlson, li

cyber security vulnerabilities, voter registration systems, voting machines, and systems that tabulate and display results. i am pleased the commission has worked closely with dhs's cybersecurity and infrastructure security agency and cyber command to make sure state and local officials understand better the threats they face and how to mitigate them. i hope these partnerships between the federal government and election officials continues to grow. i do not want to see the heavy hand of washington bureaucrats dictate to local officials how their elections must be administered or what equipment to used. keeping the administration of elections in control of the states is part of the bedrock system that has served america since its founding. i also believe states should be responsible for funding the costs of voting machines and election execution. not only does it incentivize effective management and decision-making, but with our national debt in excess of $20 trillion, it recognizes the harsh physical trajectory faced by unbridled spending. we need to be targeted, and direct federal tax dollars to the areas of greatest need. i think the chairman for holding this here men. i look forward to hearing our witness, a

the industry, transportation, cyber security agency and emergency management industry are said to haveg "squawk box" and this is cnbc. ♪♪ ♪♪ use a single hr software? nope. we use 11. eleven. why do an expense report from your phone when you can do it from a machine that jams? i just emailed my wife's social security number to the entire company instead of hr, so... please come back. how hard is your business software working for you? with paycom, employees enter and manage their own hr data in one easy-to-use software. visit paycom.com for a free demo. hon? first off, we love each other... want to save hundreds on your wireless bill? with xfinity mobile you can. how about saving hundreds on the new samsung galaxy s21 ultra 5g? you can do that too. all on the most reliable network. sure thing! and with fast nationwide 5g included at no extra cost. we've got you covered. so join the carrier rated #1 in customer satisfaction. and get a new samsung galaxy starting at $17 a month. learn more at xfinitymobile.com or visit your local xfinity store today. >>> welcome back to "squawk box. bitc

working today general paul nakasone, who is the head of the us cyber command and the national security agency in fort meade. so i think we've come pretty far from the time when we were considered to be as as even as as us citizens, but because of our ancestry we're considered unfit to serve. we've come a long ways and there's still a ways to go. i reflect now on the these great opportunities that i had to serve this country, but i can't help to remember and it really hit me hit home to me. i'm in the last few years of of service as we were promoting and and becoming more open about the the way that diversity enhances our mission. and i had no idea that. all these men what they endured in the 442nd and the 100th regiment are the 100 infantry battalion, but they they made these sacrifices for their families for the freedoms that their families didn't have at the time, but they also did it for this country is to prove their loyalty and and there hasn't really been another group that has had to do this whole scale. effort in war to to prove their loyalty to the united states and these men did do

cyber security vulnerabilities, voter registration systems, voting machines, and systems that tabulate and display results. i am pleased the commission has worked closely with dhs's cybersecurity and infrastructure security agency and cyber command to make sure state and local officials understand better the threats they face and how to mitigate them. i hope these partnerships between the federal government and election officials continues to grow. i do not want to see the heavy hand of washington bureaucrats dictate to local officials how their elections must be administered or what equipment to used. keeping the administration of elections in control of the states is part of the bedrock system that has served america since its founding. i also believe states should be responsible for funding the costs of voting machines and election execution. not only does it incentivize effective management and decision-making, but with our national debt in excess of $20 trillion, it recognizes the harsh physical trajectory faced by unbridled spending. we need to be targeted, and direct federal tax dollars to the areas of greatest need. i think the chairman for holding this here men. i look forward to hearing our witness, a

cyber security vulnerabilities, voter registration systems, voting machines, and systems that tabulate and display results. i am pleased the commission has worked closely with dhs's cybersecurity and infrastructure security agencyand cyber command to make sure state and local officials understand better the threats they face and how to mitigate them. i hope these partnerships between the federal government and election officials continues to grow. i do not want to see the heavy hand of washington bureaucrats dictate to local officials how their elections must be administered or what equipment to used. keeping the administration of elections in control of the states is part of the bedrock system that has served america since its founding. i also believe states should be responsible for funding the costs of voting machines and election execution. not only does it incentivize effective management and decision-making, but with our national debt in excess of $20 trillion, it recognizes the harsh physical trajectory faced by unbridled spending. we need to be targeted, and direct federal tax dollars to the areas of greatest need. i think the chairman for holding this here men. i look forward to hearing our witness, an

. >> whitaker: chris inglis spent 28 years commanding the nation's best cyber warriors at the national security agency-- seven as its deputy director-- and now sits on the cyberspace solarium commission, created by congress to come up with new ideas to defend our digital domain. why didn't the government detect this? >> inglis: the government is not looking on private sector networks. it doesn't surveil private sector networks. that's a responsibility that's given over to the private sector. fireeye found it on theirs; many others did not. the government did not find it on their network, so that's a disappointment. >> whitaker: disappointment is an understatement. the department of homeland security spent billions on a program called "einstein" to detect cyber attacks on government agencies. the russians outsmarted it. they circumvented the n.s.a., which gathers intelligence overseas, but is prohibited from surveilling u.s. computer networks. so the russians launched their attacks from servers set up anonymously in the united states. this hack happened on american soil. it went through networks based

. >> national security experts talk now about cyber threats facing the u.s. and what government agencies can do to prevent attacks. >> the committee of homeland security will come to order. the committee is meeting today to receive testimony on homeland security, cybersecurity, cyber threats and resilience. without objection, the chair has authorized the committee in recess at any point, the gentlewoman from new york shall assume the duties of the chair in the event of technical difficulties. good afternoon, we are here today to begin, what i hope, will be a bipartisan endeavor of the 117th congress to make cyberspace more secure. during the trump administration, efforts to raise a national cybersecurity progress were stunted by leadership from the white house. in contrast, from day one, president biden has treated cybersecurity as an urgent, national, economic security issue. the president has been surrounding himself with experts to advise cybersecurity policy. he has confronted vladimir putin about russian election meddling and the solar winds compromise. cybersecurity of the federal

new york times a man by the name a david, a former hacker for the national security agency essentially went on to become a cybermercenary an american contractor that had business with the united arab emirates in dubai where he was stationed. and he was tasked with hacking into qatar and eventually doing so and eavesdropped on a private conversation between the government of qatar and the first lady, michelle obama. and i was horrified, how could an american contractor, be allowed to drop in on the private conversation of the first lady and be involved in cyber operations against either the united states or an eye lie of the united states like qatar. two questions how can this be allowed to happen and how can we ensure that this never happens again and this question can go to either mr. daniel or miss gordon. >> i'll start. it's a horrifying scenario, it's a slippery slope. people with expertise developed in government institutions will leave periodically and we don't want their knowledge to not be used. so you know, prohibiting them from doing anything or from advancing the state of the art is not something tha

. >> tech company executives testified about last year's cyber security breach that left several federal agencies and businesses vulnerable to hacking. this senate intelligence committee hearing focused on how the cyberattack occurred, why it took so long to detect, and what can be done to prevent a similar situation in the future. this portion is an hour and 45 minutes. careman to thank you for your partnership and friendship. i'm confident we'll be able to keep working together in a bipartisan way in the 117th congress. i'd also very much like to welcome our witnesses today. the president and ceo of solar winds, brad smith president of microsoft, and i believe remotely george curts, president and ceo of crowd strike. i would like the record to note also we asked the representative from amazon web services to join us today, but unfortunately they declined. but we will be expecting to get a full update. we've had one update from our friends at amazon, but it would be most helpful if in the future they actually attended these hearings. today's hearing is on the widespread compromise of public and

exposed some vulnerabilities here in our systems on hopefully, ah lot of agencies are going to be beefing up their cyber securityng forward after this very close call in florida really appreciate you coming on to give us some insight into what happened here. that is neil dust juanico, director of stanford university's advanced cybersecurity program. thanks for the time. how to provide commentary alex a big focus on safety ahead of the upcoming lunar new year, coming up the advice for police after a serious of violent attacks on asian americans around the bay area, and still ahead here on the four, the cdc says fully vaccinated people will no longer have to quarantine if they're exposed to the virus. we'll talk with the health expert about why this new guidance is on lee for the first three months ♪ we always have a big party, it's a big thing for us. everyone gets together... to just have fun. the happy chaos... a lot of noise and... for me, i just enjoy it all... ♪ ♪ ♪ ready to take your immune support to the next level? nature's bounty is here for you. ♪ the number one herbal supplement brand has everything yo

. >> national security experts talk now about cyber threats facing the u.s. and what government agencies can do to prevent attacks. >>

should you be confirmed for coordinating much of our cyber security, and the cyber threats are growing, both to the public sector, our government agencies, but also to the private sector. this massive cyber attack called solarwinds is an example of that, and omb's critical word needing -- coordinating role here is very important to us and the committee as was mentioned by chairman peters. we should also cooperate to build on the economic and regulatory progress we've made over the past several years. we have prioritized reviewing the efficacy of regulations and trading processes to ensure that the administrative state is engaged in rigorous cost benefit analysis. i spoke to ms. tanden about this. i know she agrees with cost benefit analysis, and that's important, because it's been one of the reasons we've seen some economic gains particularly a more opportunity -- more opportunities in our economy . going into this pandemic we had not just relatively low unemployment, but we had the lowest poverty rate since we started keeping track of it back in the 1950's, so we had a number of things going right, and part of it was because of the reg

security. and one of the proposals is to make this agency kind of like the federal cybersecurity cop. they will oversee all of the federal government, just like the u.s. cyber command for the u.s. military. so i think we're going to see a lot more action on the in the near term than some of the others. peter: you're watching the communicators on c-span. ashley, over the years on this program, a couple of the industries that we've talked about include broadcast and cable companies. are we going to be talking about broadcast tv, ownership, cable companies, rights, etc. in this congress? ashley: i think so. the most recent development here on the hill was occurring yesterday on misinformation on traditional cable news networks. specifically, the democrats are concerned about fox news. they're concerned about one american news network, newsmax, the channels that popped up in the trump era. there is messaging says it's not just these platforms. it's on the tv they watch, and cable companies are just as responsible as tech companies for allowing this misinformation to spread. so, there's a lot of concern around democrats -- among democrats on that issue. the anyt

the massive cyber security breach affected more than nine government agencies and roughly 100 differents at a hearing yesterday that its researchers believe at least 1,000 very skilled, very capable engineers worked on the breach. joining us now, member of the armed services intelligence and rules committees, independent senator angus king of maine. great to have you. >> senator king -- >> good morning. >> the line that mika just talked about was the most concerning and what came out yesterday that is the fact that the head of microsoft said that this looked like a generational effort, part of a generational effort and that at least 1,000 very skilled engineers appeared to have been working on this hack. this is obviously russia's -- one of russia's means of warfare moving forward. how are we going to defend ourselves? >> well, this is the most serious external threat that this country faces is cyber. ironically you just had mike gallagher on. mike and i were the co-chair of something called the national cyberspace solarium commission for the past two years working on this very issue. a

solar winds cyber attack that braechd multiple federal agencies is including the pentagon was launched from inside of the united states. that is the word from president biden's cybersecurity securitye says it is still likely that russia was behind the attack, and as of right now the hackers broke into at least nine government agencies and 100 private companies, but there could be more. >> the hackers launched the hack from inside of the united states which further made it difficult for the u.s. government to observe the activity. due to the fsophistication of th techniques that were used we are in the beginning of the understanding of the scope and scale, and we may understand the scope and scale and the technologies that were used for compromise. >> and charges were announced against three north korean military hackers accusing them of the scheme to extort more than 1 billion of cryptocurrency and cash of companies and banks around the world. cnbc's eamon javers talked to one the lead investigators on the case. eamon? >> yes, one to lead investigators told me that the north koreans are the world's leading bank robbers, but the u.s. government knows exactly who is conducting all o

secretary of security anne newberger is offering up the scope of the solar winds cyber breach we saw over the last few months and she called it likely russian origin and said nine federal agenciess 100 private sector companies have been compromised as a result of this hack. that is the first time that we have been given the scope of the damage here. she said that about8,000 entities downloaded the malicious software at the core, and even more malicious than the ones that have been compromised as a result of the attack. the u.s. government is formulating the response, and not clear when the government is going to name russia if this is who it was, as the entity if this is who it was and respond it to, and the government is tightening up the cyber defenses and closing up the loopholes that allowed this malicious software to get access in the first place. so a sense of the scale of this, and the 100 private sector companies is important, because we have not seen the public disclosures from nearly that many public companies. so it is potential that here the damage to corporate america is much broader than the investors may know at least so far, jon. back to you. >> thank you. deepl

agencies trying to get these russian hackers out of their system. how big of a breach is it in your mind? >> people i listen to all who are the cyber security experts on wednesday are saying this looks like the worst compromise of cyber security in the history of the united states and of course what has donald trump told us western mark don't worry, it's 10. it's not that big of a deal. it's a very big deal when the state department and others get breached and monitored and compromised by a russian intelligence unit in the sdr. the civilian intelligence unit, by the way that the different intelligence is in the military tru had been hacked into the dnc so here's the deal. there's a supply, for those of you into corporate security this is a supply chain,. solar winds was one country that serviced all of those agents with network management had 300,000 clients around the world. in god's name on it was the right idea to have the same provider, same supplier across all of these agencies? think about your own company and the supply chain and how reliant you are on one single provider and whether or not there's continuity in crisis management if

security agency and the. [inaudible] issued a joint cybersecurity advisory noting a significant risk of cyber attacks is expectedcontinue during the current academic year. dr. anderson, have you heard concern about the cyber attacks? >> your muted, here we go. first of all thank you for that question. one of the things done most recently's have a full audit of our security systems. i would encourage that to free up and directing them to other matters that could be addressed. if we have those resources together everybody could actually do that. we really began doing some other matters to further protect our students and our staff as it relates to ensuring or open to the kinds of threats mood otherwise be open too. at some the ongoing audit as well. >> last congress the cyber security act during this pandemic and beyond, just like. [inaudible] cybersecurity staff and technology are an important part of modernizing american infrastructure. that's why the bill would authorize $4 million in additional funding. while this crisis shows vulnerability this cyber threat and k-12 schools remain even after we crush the coro

cyber security. last month it came to light that russia had created a back door into computers of at least 250 agencies for nine months and possibly still they have been able to monitor computer activity and steal data that has come to our attention. so, so a private company fireeye brought that to our attention, not the dod. this comes only after two years that our cyber posture review found that we had difficulties with dodcyber space operation ability to prevent malign activity from our adversaries. we had several hearings on this and we had lots of proposed changes. one proposal is to increase the role of the national guard so that cyber security experts could maintain their day jobs while also serving the country. do you think this is a tool that could be useful for this problem? >> senator, i think the national guard can bring specialized capabilities in exactly these types of areas where the commercial sector, to your point about fire eye where the commercial sector is sometimes out in front of the federal government. so, it does seem to be at first glance that the national guard could be helpfu

security. i was hoping that you would commit to really helping us build this technology workforce in the cyber strength within our department of labor to protect all of that. ... ... have better become an agencymore effective both on the ground level and technology, it will only help in the american industry. >> were going to try to get the internships, all the things we talked about, get people trained inle these jobs, it will move things forward thank you. >> thank you. we will turn now to senator -- >> thank you so much. thank you for holding this hearing today. thank you for joining us today, sir. congrats on your nomination and look forward to working with you to increase wages and apprenticeships and training programs and strengthen worker protections. my father, my late father was a union line worker. as you may guess, i'm a strong supporter of the protections orproviding workers with damage sustaining wages. i am concerned the conclusion of unnecessary labor subcategories department of labor's vocational service undermines the ability to establish a fair wage. would you commit to working with me to address these issues look at them within the process? >> absolutely. i'd love to work w

few government agencies and a handful of security or other private companies are in a position to be the first to know. i agree that doesn't seem right. you suggested that small group of cyber first responders could prevent or mitigate the impact of cyber incidence through sharing information quickly and confidentially. that is a very intriguing idea. how -- can you describe how you think that would work? >> you bet. there has got to be a way for folks who are responding to breaches to share data quickly to protect the nation, protect industries, and that would require, a, defining what is a first responder. and i think it is pretty simple. if you are trying to figure out what happened to unauthorized or unlawful access to a network, you are a first responder. and if you do that for our companies besides yourself, you are a first responder. and first responders should have an obligation to share a threat of intelligence to some government agency without worrying about liabilities and disclosures so we're getting intel into people's hands to figure out what to do about it. right now the unfortunate that the reality when you share threat intel, it is just a public disclosure.

. >> tech company executives testified about last year's cyber security breach that left several federal agencies and businesses vulnerable to hacking. this senate intelligence committee hearing focused on how the cyberattack occurred, why it took so long to detect, and what can be done to prevent a similar situation in the future. this portion is an hour and 45 minutes.