in last 12 months we have had three cybersecurity summits. treasury worked closely with us to pull toes h those together. we have industry participation, from financial services coordinating council, sifma, tch and others. also mr. secretary, had very good support from the ffiac cybersecurity critical infrastructure group. they have done a nice job as well. so we've been able to so far develop a comprehensive plan that has 60 deliverables of in five areas. these plans are to enhance information sharing, improve analytics, enhance crisis management and resiliency, improve core components of cyber ecoand r & d and improve executive communication and advocacy. three areas you may be interested in where we're making really good practical progress is, one is what we call internet top level domains. so the ican which controls the international allocation of domain names about a year ago made everyone aware it would be allocating some new domain, domains that could be controlled and so the fsr in working with the a about a has been working very hard

the last 12 months we have had three cybersecurity summits. treasury has worked closely with us in pulling this together. we have great industry participation. also, mr. secretary, we have societyport from the security infrastructure. have developed a comprehensive plan in five areas. these plans are to enhance and.mation sharing improving in communication and advocacy. three areas you may be interested where we are making progress is what we call internet top level domains. what controls the international allocation of domain names, about a year ago, it made everybody aware that it was allocating some new domains that could be controlled. working with the been working together. it has been a huge deal today because everybody's information and insurance information comvels over the dot- network. think of it as a 24-lane highway, people going 90 miles an hour. a lot of chance for people in that scenario. this is a much more controlled domain and will allow a four-lane access to a highway so your information sharing will be much more confidentia

king that cybersecurity is an ongoing issue. that demands close coordination and partnership among all of the agencies and various private sectors including critical role in the link of the telecommunications sector and various financial market utilities. again i think this is another area where treasury and fsoc can play important roles. thank you. >> thank you. are there other comments? if not i would ask that we move to the next item on our agenda and thank cyrus and kelly for those presentations and for making this an ongoing effort because it truly is an on going issue that we have to deal with and keep dealing with. thank you. next item on the agenda is to have the head of our office of federal research, director, dick burner, provide us with a review of the recent research and analysis. >> thank you, secretary lou. i appreciate the opportunity to report to the council on progress on some of our key initiatives. i will discuss three broad areas of our work. first i will describe tools we use to assess and monitor threats t

cybersecurity is a priority for regulators. in addition, the council as a whole has been briefed on cybersecurity and other operational risk matters. this was a focus of the council's 2013 annual eport. broadly speaking, the financial regulators addressed cybersecurity to regulation and guidance, supervision, and participation in incident response. information security procedures and testing, adequate backup systems, and emergency business continuity and recovery plans. an important goal of these activities is to ensure that each firm under supervision has adequate policies and procedures n place to protect itself from cyber attacks and potential consequences. for example, the federal financial institutions examination council have over the years established uniform principles and standards for the examination of financial institutions during the examinations rely on manuals developed for this very purpose and for other relevant literature, including publications on standards. earlier this year the working group was convened to

cybersecurity is a priority for regulators. n addition, the council as a whole has been briefed on cybersecurity and other operational risk matters. his was a focus of the council's 2013 annual eport. broadly speaking, the financial regulators addressed cybersecurity to regulation and guidance, supervision, and participation in incident response. information security procedures and testing, adequate backup systems, and emergency business continuity and recovery plans. an important goal of these activities is to ensure that each firm under supervision has adequate policies and procedures n place to protect itself from cyber attacks and potential consequences. for example, the federal financial institutions examination council have over the years established uniform principles and standards for the examination of financial institutions during the examinations rely on manuals developed for this very purpose and for other relevant literature, including publications on standards. arlier this year the working group was convened to up

the cybersecurity public awareness act of 2013 takes up that challenge. building on legislation i praoefpl introduced with -- previously introduced with senator kyl it will increase awareness of the cyber threats against our nation and do so in a manner that protects classified, business-sensitive and proprietary information. the bill addresses several different elements of the cybersecurity awareness gap. it enhances public awareness of attacks on federal networks by requiring that the department of homeland security and the department of defense report to congress on cyber incidents in the dot-gov and dot mil dough mains. as we work -- domains. as we work to protect people from cyber attacks we must first understand the nature of attacks on our own systems and what we can do to ensure that those attacks are not successful. the bill also tasks the departments of justice and the f.b.i. to report to congress on their investigations and prosecutions of cyber intrusions, computer or network compromise or other forms of illegal hacking. those reports also mus

president obama mentioned cybersecurity for the first time never the state of the union.ted to rea line our entire policy. which is has damaged significantly economically and if you will recall from a tiny perspective president obama's meeting with the president of china that weekend in june and cybersecurity was at the top of the agenda. the leaks come out and the entire agenda is now in shambles and we can no longer have moral high ground to confront the chinese on these topics. >> woodruff: go ahead and finish your point. >> yeah, from the impact on a private sector there is great concern amongst the private sectors of companies like google, apple and others from companies saying we can no longer trust the government and work closely with the government as we have in the past. >> woodruff: general. >> yeah there are three bode as of folks out there worried about this program. one is foreign governments. i really don't have a great deal of concern about that. the other are privacy advocates. although they're very serious, i actually think the commission report points ou

. > verizon, the director of cybersecurity and public safety. we have a unique position to see hat happens when security fails. as we travel around the world, it leads to ultimate data theft. share and need to research that perspective with the rest of the world. o we put out a data report every year. you can get it from verizon.com. dvir.e prior to that, i was with the service. so today's conversation, i've been involved in investigating on identity theft since 2001. 've been sharing insights from the law enforcement component as well as our time in verizon. >> thank you. i'm abigail davenport. we're a public opinion and research firm. i do research on a wide variety topics and have the privilege to doing safety and on-line institute in the past few years on parent, teen, their about privacy and security and safety and identity theft, particularly most recently in the fall. did a survey of teens looking ore specifically about their attitudes regarding ietdty theft, what their behaviors are, hat they're doing to protect themselves. what they mig

i was involved in cybersecurity before i got here. what is striking is when i meet with agencies or bankers, and that -- it doesn't matter if you are small or large, this is a issue on your radar. we have more progress to make. we need to work that the right people have the right clearances. that we have information flowing smoothly where it needs to. i think the point you make is remus the case -- is very much the case. at thetrying to work limit of what the executive order permits. i would like to invite for members of the council if there are questions or comments. >> thank you. consistsairman, which of the federal reserve system and the state members of the state bas on committee, i thought it might be helpful to on what thete committee has been doing. the ff ice did establish a cybersecurity goal infrastructure working cruel and this primary goal is to comprehensively assess and analyze the security and resilience of financial institutions and technology service providers and to provide information to other entities. one of the p

and cybersecurity brian fitch under this.ng into anticipated problem where no problem exists and have yet found any incidents of a hacker breaking into a car? hurting somebody, no. >> automobile industry is a target of cyberattacks for intellectual property. dennis: what could hacker care about getting in my car? >> if you are an individual of interest and they want to track you and know what you are doing for business purposes, the chinese version, or are there ways to activate vehicle controls and take command of your phone, download information, it is another method of economic espionage. dennis: are you worried about a risk of well-meaning calls public attention to a thing like this, inviting hackers to give it a try? >> that is the possibility bleated delicate balance if the industry isn't paying attention, a letter that may force him into action but if there is no problem and give somebody an idea about vulnerability that is an issue as well. there isn't much interest going against cars. and not going to get that by con

one of things i mentioned in my opening statement was cybersecurity, and i know that's also an issue that's very important to mr. waxman. the thing is that smart be grid gives us -- smart grid gives us a tremendous opportunity to gather information so that we can become more reliable, so that we can predict grid behavior and gives us an opportunity to deliver renewable energies reliably and so on, but it gives the utility companies a tremendous amount of information about individual users, it opens up grids, utility companies for cyber attacks and so on. ms. lafleur, you said just two weeks ago the excision or pass -- commission passed cybersecurity standards. could you talk about that a little bit? are those mandatory standards, or are they voluntary? let's hear a little bit about that. >> well, thank you very much, mr. congressman. yes, they are mandatory standards. all of the bulk power system along with the nuclear plants are really the only part of our critical infrastructure right now that have mandatory standards. and what's new about the critical infrastructure standards we a

the medicare patients against applicants are the odds of a desolate set is designed to safely cybersecurity not seen fit to do so could jeopardize of gun security and up to eight billion dollars a year in forty eight was saying that the gop house addicted to see as fun as i think she ever did get assigned a bid to secure the sta video cuts to hear this to happen soon in order to move slowly declining. as of june afghanistan in the suspect's mother in the uk can get into that. we just love since i'm a student asked if us and that the fishes have warned that if a site does not sign the security deed that the united states compete for washington on the undying with up to the fill void to fill the gun is done by the end of two thousand fourteen and abundant than skin deep the kind of dating pool is open on the thousands that that comes into its midst. not today for cl has eighty four thousand troops in a guy's done the majority committee can not do is winding down called the dough creations funding responsibility to apply to the dog about to give guns with almost one in combat forces put out by

this is where you said that choose to be sicko the commission passed, i think you said, cybersecurity standards. could you talk about that? are those mandatory or are they voluntary? lets you a little bit about the. >> well, thank you very much, mr. congressman. yes, they are mandatory standards. the power system along with the nuclear plants are really the only part of our critical infrastructure right now that have mandatory standards. and what's new about the critical infrastructure standards we adopted to go, or we proposed to approve -- we did in a fun rule of group two weeks ago, i'm sorry, is that for the first time they cover not just the supercritical aspects, but all elements of the bulk power system received some level of protection. because as you indicated with the increasing digitization of the grid, even smaller assets can potentially be a problem. >> the wind of those standards take effect? >> they take effect in general in two years, but because of the process of getting ready, but there are standards in place now the earlier generation, and the new generation becomes

. >> to weigh in cybersecurity wih the atlantic council, good to speak with you. first of all, what do youthere . this is more than i was expecting. >> it indicates what, they take a serious the programs that they would critique them. i'm surprised what they were able to come up with. >> one was to end the storage of so-called metadata. does this make it more difficult now if it's accepted by the president for the nsa to cross reference or rrs in nsa'se limitless collection of what they want. >> the spying on tech companies of google and apple, have they recommended limits there as well? what do you think of what is let's look at every one and make sure that they're a good idea. >> one more. well, kind of two questions in one. what are your thoughts on the recommendation? i think its important that there be a public advocate to the fisa court, and that the next head oe cybersecurity. >>> we spoke with glen greenwald, the first person who filed reports on the leaked documents. >> the u.s. uses terrorism as an excuse for doing everything. from invading iraq, putting

today they are discussing cybersecurity. you can watch the meeting live bloomberg.com/tv.time we will be focusing on cutting-edge gaming and cross-platform engine technology, the match that flannery is betting on. the coo is with me now. glad to have you with us. i know you are developing 3-d social online games and the catch is that people can play on any platform, correct? >> thing you for having me. our technology is to deliver our users, wherever they are. i os, android, smart tv, pc, anywhere. >> how is this different than some of the other competitors you are facing? >> we are basically developing a that requiresame high-end quality graphics and at the same time, we want our users to play anywhere. many companies can deliver it to any device. so, we optimize our engine to any device. so, we have the technology. it is very exciting. you make of this shift, back-and-forth, away from consuls, away from the living room, to mobile and social? that seems to be the larger trend, but i know that there are products out there trying to bring gaming back to the living room. how

many companies see cybersecurity as another line item, another expense. be thinking about it as an investment and how they get from managing the chaos of my cybersecurity and using those intelligence inities that i have invested a driving that to make intelligent decisions and drive revenue. >> what is the opportunity for a public/private partnership ? we have been talking about public-private partnerships for a long time. outlook not good, you can see it on his face. >> that's one of the reasons why i left the government, to take the skill sets i learned and give them to the private sector. a lot of what the government says is the private sector is out for itself. has certainly made strides to help through dhs and some executive legislation but things move at cyber speed and things change rapidly and the government is very slow to change laws and policies. >> maybe the companies will want to do it on their own. thank you so much stasio. . coming up, health caregov may be fixed but now comes the hard part, insuring millions of new customers in the new yea

>> my name is andy bonillo, i'm from verizon, director of cybersecurity and public safety. at verizon, we handle hundreds of data breaches for our clients around the world and we have this unique position where we get to see what happens when security fails. so as we are traveling around the world investigating crimes that leads to ultimate data theft and we felt the need to share and research that perspective with the rest of the world. we put out a report every year. it's a data breach investigations report that you can get from verizon.com, just google dbir, data breach investigations report and you'll be able to get to it. prior to that i was with the secret service, so part of today's conversation -- i've been involved in investigating and consulting on identity theft since about 2001. i will be sharing some insights from the law enforcement component as well as my private sector time at verizon. >> hi, i'm abigail davenport. i'm with hart research and we're a public research and strategic research firm. i do research on a wide variety of topics, but have had the privi

. >> the challenge we face as highlighted by the target breach is that these cybersecurity criminals are getting more sophisticated. and it really does call for more sophisticated solutions to prevent breaches like this from happening in the future. >> both target and the credit card companies we reached today said that customers who had unauthorized debits on their account, jeff, would not be responsible for the fraudulent charges. >> terrell brown, thank you very much. >> up next, where is this young american journalist? he went missing in syria almost 500 days ago. >> jeff: 2013 has been another deadly year worldwide for journalist, 5 -- were killed and 211 impri sound. according to the committee to protect journalists, in syria alone at least 23 members of the press were killed and 30 are currently missing. that includes austin tice, who went missing 500 days ago this thursday. >> tice was a 31-year-old georgetown law school student when he traveled overseas to court conflict in syria. the native of houston, a former captain in the marine corps, tice was supposed to travel from t

. >>> there's a disturbing, new report on cybersecurity. according to the firm trust wave, hackers in the netherlands have accessed more than 2 million user names and passwords from thousands of popular websites including facebook, g-mail, yahoo! twitter and others. laurie segall is joining us. sounds like a sophisticated operation. how did it work? >> wolf, absolutely was. something called pony malware. you get a link, looks look something you'd click on. malware would be on the computer, they'd look at your browsing history, get many passwords. as you said, 2 million accounts affected. the scope of the hack was huge. >> what surprising outcome, people using weak passwords which is a big no-no, as far as this situation is concerned. tell us about that. >> absolutely right. what happened, this didn't happen because the passwords were weak, people clicked on a link. what we gathered from the hacks people have weak passwords of the 2 million accounts affected 15,000 people, most common passwords is 123456. and looking at iterations of the 123

most likely the hackers came from eastern europe, says one of the world's top cybersecurity experts. >> all the big crimes come from offshore because there is almost no penalty of being caught. there is no penalty of going to jail. so if you live in some parts of russia or some other countries, the fbi or the secret service is never going to be able to get their hands on you. you can make a lot of money with very little risk. >> reporter: the good news is that target says it has identified and resolved the issue that allowed the breach, and calls this a sophisticated crime, but for those people whose information was compromised, the question is what to do about it. check your bank statements for sure, but don't just look for a bogus charge at target. someone that has your information can try to use it anywhere. target would not comment on speculation that cash register information had somehow been compromised or that this was an attack on their servers. wolf? >> what a story. joe, thanks very much. let's bring in a top cybersecurity expert right now, kevin mandia, founder and ceo of

we talked to him a lot about cybersecurity. good to see you. you say this is a symptom of a much bigger problem that the world is facing. explain. >> i think that that's right. what happened here is that it appears that these are home computers that were compromised by this malicious software. they implemented keystroke loggers so everything that somebody typed into their computer was captured by these adversaries. user names and passwords for those accounts that you just described, linkd in, et cetera, going into a server where those accounts can potentially be accessed. not a breach into those companies but into people's home computers. it is indicative of a much larger problem and that's because we store and transmit data electronically. we don't keep it in file cabinets anymore. it's done electronically in an infrastructure that is inherently insecure. our adversaries know it, they know what the value is and are constantly targeting our data. 24/7, 365 days a year. >> so let's go small and then big. people watching at home, what should they

we can make to what levels while reinvesting in some of the more important growing areas like cybersecurity and space operations to support security and intelligence surveillance and reconnaissance. >> your predecessor is the head of the space agency. so you have a little bit of an in there. >> a great friend there. >> exactly. >> you flew one of your career fighter pilot. you flew the f104. there is another lockheed aircraft. the jsf that you have been a founding partner on as well. there has been questions about whether that is going to go into service in canada. what's your view? >> i don't know. what we see certainly is a commitment by the government that is extant to replace the cf18 in coming years, probably around the 2025 area, and that whole project is being looked at now amongst all of the aircraft that could potentially fill that role i know that it will be one of those contending for that. i sit back confident in the knowledge that the government will ensure we are provided the equipment we need to look after those duties. >> there has been a lot of financial uncertainty in wash

another hot area is cybersecurity.enlo ventures is playing that theme with bit site which rates a company's security on a daily basis and can tell how vulnerable to fraud. there's also some concern that we could be heading into another dotcom bubble here in silicon valley. ganasen isn't worried. >> what i always try to tell about technology is that first you have the inventors. then you have the imitators. then you have the idiots. and when the idiots show up, the bubble is in full show. i think we have a long ways to go. >> so no signs of idiots just yet according to ganesan. sara, back to you. >> no signs of idiots. >>> coming up on "power lunch," the nasdaq is up almost 40% this year. some big movers this hour, we're going to name some names for you in just two minutes. >>> plus -- >> you get a lot more for your money in big "d." we're talking real estate in dallas, texas, next. y'all come back now, ya hear? [ male announcer ] this december, experience the gift of unsurpassed craftsmanship and some of the best offer

done in thes to be way of cybersecurity. >> that has been clear for several years.t is still something the private sector is struggling with. the data about the decreasing prices, it is sort of like the price of drugs on the street. you can get a sense of the effectiveness of your countermeasures and on supply and demand by watching. the data is very important. today,the judge's ruling what the nsa has been doing may be unconstitutional. what of that? rex there are many of -- >> there are many opinions in the judiciary and they often disagree. this judge is disagreeing with the ruling in 1978 and with the ruling of the fisa court, which is a special part of the judiciary, which actually has access to all of the classified information. the judge that ruled today does not have access to that classified information. it will wind its way into the process. i think that is -- the judge knew that, which is why it was immediately stayed. >> do you know how long this can take? >> there are similar cases in multiple federal district. this is one -- only the fourth case along

it will be cybersecurity.he big crisis i do not think will be in an ansell services. >> number two is the blackrock president. he says it is time to be a little cautious. time, people are very concerned about their future investment. they have seen the stock market do pretty well. they are concerned about where bonds are. they're looking to squeeze more return out of their assets. how much more can they squeeze when they have the finger on the button? we have an institute that an exhaustiven way. over half of our senior portfolio managers think that lower growth for longer is where we're going to be. let me describe a little bit about what that means. people think they are diversified in their risk. bonds and stocks have , they may notted be as diversified in risk as they think. we are looking to get them to think about a 2.5% gdp growth which is fairly slow. stocks are being priced more about the price of momentum versus the earnings. revenues are not coming in where everybody thought. pretty top asng far as

which was the first major cybersecurity case in the post wiki leaks world. essentially the d.o.j. extracted from this plea deal one plea to a felony count and what's important about that is that allows the f.b.i. regardless of whether that felony count gets you know actually withdrawn in a year time it allows the f.b.i. to count on their sister statistics for cyber crime so this is really about the lack of debate that we've had a year ago two years ago about online protest about the fact that culture is conducted predominantly online especially amongst. many politically active people today or younger people too and that we need to really actually examine the economic and social logical landscape that we currently exist in and not rely on models from twenty years ago to try to discuss the first amendment the freedom of the press and what's at stake for larger society i couldn't agree more aspersions and seeing what's happening with actual just regular protests outside of the complete militarization the police i mean it really is time to reevaluate the whole concept of the alexa tha

it was well written read the focus of discussions on he shows that the dprk see leah cybersecurity and was keen understanding of china's blueprint for keeping wish for. anybody know. now this is happening under the cloud of its air defense though and i think that there's enough attention to both of these things to reassure allies in the region us allies and to try to build the new positive relationship with china and the us and china have many common interests were close trading partners were trying to develop a global economy together and i think that's gonna be a big part of the message is not just a newbie about the crisis over in her defense though i would say that joe biden isn't that the condition of mediating pensions. this law might i add the rice and all. what kind of united states may not fully agree with each other it's a bloody and eighty i see both sides say that a moment to calm the situation calls for sustained high level gauge. i'm sad it's all about. this is about twenty four inches. major concerns on cctv. they did. french the issues you more. ril has arrived in beiji

of the critical infrastructure protection standard that covered the bulk electric grid against cybersecurity incidents. they are not perfect. we did ask some question as we approved of them, things we wanted modified that it represented a substantial step forward from the protections that were in place before. we've also started a rulemaking to require standards to protect against geomagnetic disturbances that can be caused by solar storms and human actions. a real example of high impact low frequency threats to reliability that we need to get ready for before they happen. finally, i want to touch on the subject that congressman waxman raised, the physical security of the assets that make up the grid. protecting them from tampering, vandalism and sabotage. in general our approach in this area has been based on cooperative efforts with industry and with other government agencies, dhs, fbi, dod and so forth, to try to develop best practices and communicating with industry to make sure their implement in those best practices. thank you very much for the opportunity to be here today, and i look

stop to medicare patients against applicants are the odds of a desolate set is designed to safely cybersecurity not seeing failure to do so could jeopardize of gun security and up to eight billion dollars a year in forty eight was saying that the gop house addicted to see as fun as i think she ever did get assigned a bid to secure the sta video cuts to hear this didn't happen soon in order to move slowly declining. as of june afghanistan in the suspect's mother in the uk can get into that. we just love since i'm a student asked if us and that the fishes have warned that if a site does not sign the security deed that the united states compete both washington and the undying with up to the fill void to fill the gun is done by the end of two thousand fourteen and abundant guns to be the kind of shameful was a fatality thousand to ten thousand soldiers. not today for cl has eighty four thousand troops in a guy's done the majority committee can not do is winding down called the dough creations funding responsibility both liking that the divine to get guns with almost one in combat forces put out by

a legislative counsel where she focuses on cybersecurity and government transparency. started by asking the letter was more of a political statement said the companies have cooperated in the past. >> what may have prompted the new movement is the recent revelations in the last month is they are not serving the companies with court orders, but they are hacking into their systems overseas where our laws do not apply. it may have pushed him over the edge to get involved. >> the people who run the companies are powerful people -- mark zuckerberg, larry page. google accounts for a large part of the united states economy. how is the government likely to respond? >> this has adds a whole new voice to the privacy debate. privacy advocates and members have taken a principled stand. we have the companies weighing in. congress does listen. the president is expecting a report. early next year, we will see action on it. >> president obama said he is to get the nsa to impose self- restraint. let's take a listen. >> i will be proposing some self-restraint on the nsa and to initiate s

however, brian cribs, a cybersecurity expert who broke the story says he's identified someone in easterne who is behind the website that's been selling the target data. that doesn't mean he knows who the hacker is, but it's a possible lead, a number of cybersecurity experts said early on the initial attack probably came from russia where several groups are pretty good at this thing. >> bottom line, if you have one of these debit cards, get a new one. >> yeah, or change your p.i.n. code. that's another precaution you could take. >> joe johns, thanks so much. >>> the nsa's bulk collection made on nearly every phone calls is legal, that's the ruling of a federal judge. just last week another judge called the surveillance program almost or wellian, and said it's likely unconstitutional. let's sort this out with cnn's senior legal analyst jeffrey toobin. these two decisions are like night and day. so make sense of this for us. >> impossible, can't be done. no, this is a very unusual situation. two very respected federal judges addressing exactly the same issue within a week of each other, and

major companies and enterprises have been spending billions of dollars on cybersecurity.t snowden showed more graphically than anything else is that how a highly expert motivated insider can get sensitive data out into the open. that is what he did and that is what corporate america is terrified of. >> how ironic. for all of the billions spent on security, one guy can take down the system. it.hat is the essence of a highly motivated insider can hurt you now in ways that are beyond any set of outsiders can imagine doing. >> the question snowden is trying to put forward -- does anybody need this amount of data on individuals? >> does anybody need it? there are a number of companies that have masses of information on you. social media is based on you and users dividing data in exchange for a service. the basic deal is that you give them your data and you benefit from an interested -- interesting experience online. it is something you can send it to. >> we talked about this on tuesday. amazon is not going to show up at my door with a warrant or break down my door or come in a

you have been doing cybersecurity since the age of 16.hould companies be spending more money on thersecurity, specifically retail industry? >> absolutely. the retail industry and industries in general are governed by regulatory laws. companies need to spend smarter. there has already been a significant investment. you move toward hiring firms that do attacks against your company to find out where your vulnerabilities really are. that is the smart investment. as for retail needs to start spending money. kansas -- what is canada's describing these? what is canvas, for example? >> and this is a program, a software suite designed by my company, a community. show it provides high-quality exploits for vulnerabilities. your computer updates every month with vulnerabilities and patches for them from microsoft. what we do is write programs that take advantage of those vulnerabilities for our customers that allows tracking attacking totion demonstrate that these motor abilities are real and serious to their customers and that will hopefully and ver

bankruptcy.r they can't survive everything hey have to do get through a cybersecurity incident. shifting the focus on regulation law, empowering them on the first place. 86% of the organizations don't the briefs themselves, right? they don't have any control over heir response or over their public messaging, every communications strategy, you or would they would not approach a stradded ji of regulations, right? we should focus efforts not just around -- instead of focusing on liability, focus on mpowering organizations to be able to detect things on the road. >> who has the next question? >> you've fouched on this a little bit. but can you address more cliff the role of -- umer education and both which 3%. can be done else as consumer advocates? a great tool.s i don't think you can have enough of it. easier and easier to monetize and to leverage, i it's important for us to truly understand and train and the threats. not just the behaviors but the threat exists. awareness we can get around the front. so.can ask do it's one thing to say pass word must have all of these things. mic

they have to get three cybersecurity incident.ut to shift the focus from regulation and law to empowering organizations, we mentioned earlier that 60% of organizations do not detect the breach themselves. that means they do not have any control over their response they do not have any control over their public messaging or strategy. they do not have control over how they would or would not approach a strategy dealing of regulation of stop -- of regulation. we should focus on liability and empowering organizations to be able to detect things on their own stop we have to give them the ability to control how they will move forward full top back to life the next question? >> you touched on this a little bit. and you address this vividly the role of consumer education? has there been a success recently and what more can we be doing? >> certainly education is always a great tool. i do not think you can have enough of it. as the landscape for the cyber criminals is becoming easier to monetize and to leverage criminal activities, i think

. >> but other cybersecurity experts aren't so sure. >> target may be understating the significance.se in the past the criminals have actually decrypted the pins and used it to steal cash from consumers. >> some frequent tart shoppers feel the retailer's offer of free credit monitoring just isn't enough. >> as a consequence, we're the ones having to foot the bill for the extra effort. >> all this has come at a very crucial time for target, the holiday shopping season. shares have fallen 2.3% since news of the cyber attack broke, alex. >> yeah. so, gabe, what's the bottom line here? because we heard from a guy earlier in a taped piece that he had $1300 worth of airline tickets on a west africa an airline charge and it was traced to africa. if you've got stuff going on with your debit cards or credit cards, what can you do? >> yeah. well, alex, right now there is no way to know exactly how many instances of fraud there have been throughout the country. target says it is very minimal. many experts saying changing your pin isn't enough. if you shopped in target in late november, early de

. >>> one of the dozens of problems of the obamacare web site is the lack of cybersecurity built into the site. joining me now with tips how to protect yourself from being hacked while signing up for obamacare is white house chief information officer theresa peyton. nice to have you. >> thank you for having me. >> so, let me ask you, are consumers needing to be worried about logging on to the web site and perhaps giving out information that could be hacked. >> they do need to be worried. we have already been told by one white-hat hacker who looked at the site and found something that is considered the golden rule, which is you do security first, before you do that first web page, security first, and one of the things hi found that is very basic, we're all on the good, superbusy, we do typos all the time. the found if you type health care semi colon gov instead of health care.gov, you went to a hacker's web site. so when things like that are missing that tells me there's other more complex things missing at well. >> what should peel do, avoid the site? the president is saying, sign up,

the responsibility for cybersecurity should be split off from the responsibility for spying, which makes sense. we have seen that there is a tension there. on one hand they're trying to making occasions more secure, but that is in conflict with the mission of being able to spy on everything. last night there was a report about how the nsa was trying to undermine the security of one very widely used encryption toolkit. with a lot of his other reform recommendations, in a lot of ways this is consistent with the more drastic reforms that have been proposed. the proposals they are making do not look like the sort of stuff intelligence committees have said would be sufficient, basically small tweaks. essentially, they're saying this program, for example the most controversial program, the telephone phone records program, one needs to be ended in its current form. that is something all along the president has said no we are willing to look at reforms but we basically support the program as it exists. for his own review group to say actually, no you charges looking at this and we say no, that p

a discussion of cybersecurity and the financial markets. we will rear air but -- we will re-air the british house of commons on nelson mandela. another thing is you are going to be criticized no matter what you do. i would have been criticized for what i did, and i got a lot of criticism, but you learn to live with it. i never let it influence me.