nerc approved a first set of cybersecurity standards in august 2003.as the chairman just mentioned, we just -- ferc just approved the fifth generation of those cyber standards. they encompass the entirety of the bulk electric system, and they adopt risk-based security methods that are captured in the nist standards. we have a very robust audit and compliance program that we go out and monitor companies through our eight regions, and we have been very active in insuring that the companies are mitigating and addressing issues, so a lot of work has been accomplished in the area of cybersecurity. and it's also important to note that the electric industry along with nuclear is the only industry, as was mentioned previously, that has mandatory cybersecurity standards. we have another little-known standard that requires companies if there is a physical or cyber incident -- sabotage even suspected -- that they must report it to nerc, and they must report it to law enforcement. in response to the ferc order of march 7th, we've been working very hard and very qu

if there's a criticism of cybersecurity practice in general, it's that it's always reactive. that it's addressing the last incident that's a more tangible thing to address than the potential incident next week or next year or in five years. so how has the cyber crimes, cybersecurity practice changed for you in terms of preparing for a potential attack in the future as opposed to reacting to what happened last week or target in the last year? >> a lot of it has to do with you take away the, what occurred and why it occurred, and then see if i can fit into other areas that might be compromised. and it has to be prevention, education, response and mitigation. those are the main issues you need to focus on when you are trying to sort the next attack -- fort. unfortunately, that takes a little bit out of it. but not few and far between but hopefully we catch them with that type of business plan in place and were able to remediate the threat. >> as the technology evolves, you all heard of dynamic defense because the tools are advancing. the tools are advancing and baby, tools that

my cybersecurity threats that has been around for many years. utilities take these but the sheer size with the remoteness of the infrastructure requires we prioritized and concentrate on the bonds of damage would have the most severe impact on reliability. simple risk mitigation plan cameras and blocks to help address routine problems but the key is defense that relies on resiliency, redundancy and the ability to recover should this event to occur. while the systems are built to sustain and to build redundancies and to the system with the most critical assets but we have over 45,000 substations prioritizing the most critical assets it is extremely important. in recent months a few high-profile attacks have drawn increased scrutiny one such incident took place in california at the metcalf substation. that is not uncommon but this incident demonstrated above follows sophistication not previously seen in our sector and we have been working to understand and share the lessons learned. industry and government conducted a series of briefings across th

so a lot of work has been accomplished in the area of cybersecurity. him and it's also important to note that the electric industry along with the nuclear is the only industry as was mentioned previously that has mandatory cybersecurity standards. we have another little-known standard that requires companies if there is a physical or cyber incident, sabotage even suspected, that they must reported to nerc and they must report to law enforcement. in response to the ferc order of march 7 we've been working very hard and very quickly. i think the order demonstrates something i've been saying for quite sometime is that the commission does have the authority, if needed, to direct nerc to do standard that they feel is in the public interest. they did it previously with the solar magnetic disturbance standard order and of the physical security order. i think it's a good order, focuses on the most critical assets. it provides for a risk-based approach and it provides for accountability and verification to the industry is behind the standard development. they'r

a lot of work has been accomplished in the cybersecurity. and it's also important to note the electric industry along with nuclear is the only asked you as it wa was mentioned that has a mandatory cybersecurity standard. we have another little known standard that requires companies if there is a physical or cyber incident sabotage even suspected they must report it to nerc and tomball and enforcement. in response we have been working very hard and very quickly. i think the order demonstrates something i've been seeing for some time the commission has the authority is needed to direct them to a standard they feel is in the public interest. there's a standard order and now the physical security order. i think it is a good order. it focuses on the most critical assets. it provides for a risk-based approach and it provides for accountability and verification. the industry is behind the standard development supporting us in gettin and getting it done have taken steps to abbreviate the process so that we can get the standard done in the 90 days. m

the cybersecurity breach now at universities. my own university of maryland hopkins, they, themselves, prime time schools are hacking, stealing identities, and from steals our trade secrets to the kind of thing that's going on, we need to know what do we need to do and what are the resources in cyber security? every day we count on the justice department to fulfill its mission and to protect our lives and protect our way of life and to protect our constitution. we need to hear from you, what is the right funding that we need to make sure we do justice to the justice department. i turn to my vice chairman, a strong advocate of the national security and also in supporting our local law enforcement and particularly appreciative of his efforts op behalf of women and children. >> thank you, madam chair. welcome to the committee again, attorney general holder: today we'll hear about the department of justice, justice in the 2015 budget request. michael harowitz, part of the chairperson, already said, will testify about his work, and th

i know that this is a focus of this panel on cybersecurity and we have also talked about reliability and i would really appreciate your willingness to move forward and i would like to ask a couple of reliability questions because we have some great experts here who could maybe give us a preview of what we will hear and also for us to hear from industry folks. the first, mr. chairman, i would like to hear from you about what you think we ought to be doing in terms of reliability and price spikes of last week. you were quoted as having said that i'm also very concerned about the price and when you see these spikes it is a simpson that is causing this issue. can you elaborate a little bit on the two and is that an act of quote? >> it was in the context. they said we are mainly here worry about reliability and not price. and they are closely related because when you see this in january and february, that means the grid operates with very unusual things and that usually goes into the customer's pocketbook or its we need to look at what is happening and why. so we are in the middle of one

however, ports are not required to address cybersecurity in these plans. and without a requirement, many of our ports have not addressed this issue, creating a gap in our nation's port security. last july the brookings institute released a report stating our nation's port cybersecurity awareness is remarkably low. without requiring ports to address this vulnerability, we risk exposing our nation to a disruption that could devastate our economy and grind the flow of commerce to a halt in matter of days. that's why i offered an amendment to this bill that would have required that ports address cybersecurity in their port security plans that they submit to the coast guard every five years. unfortunately this language was not included in the final bill and it's my hope that it is put in the bill during the conference as it was intended. by requiring every port to begin to address cybersecurity in their port security plans, we can help avoid a potentially devastating attack that would leave our nation's freight network crippled beyond repair. i appreciate the c

cybersecurity has to start at home. has to start with us. >> commissioner pai. >> congressman, with respect to internal systems used by the fcc, i agree that cyber security is critical. under the law the fccs authority with respect to cybersecurity is relatively narrow, and so i see the fcc's role in the overall public dialogue about cybersecurity is being more of a supporting one. i think other executive branch and independent agencies might be a better place to take a leading roll. >> how do you work with other agencies? >> so, we are part of an interagency working group on this. we also are the home of mull by stakeholder processes. which guess in exact point to what the chairman was talking about, how do you get the people themselves to worry about it rather than walking in and saying, i'm smarter than you, here's how to do it. for instance, we have what is called -- a working group on security and reliability of networks that includes all the major network providers and suppliers. they have come out with voluntary

if that makes you worried about your financial information, one cybersecurity exert says it shouldn't -- experlt says it shouldn't. >> you do have a lot of updates already so you probably can function without the added protection of the antivirus and the fire wall. >> we talked with another cyber-security expert, says this is where you should be nervous. health care facilities. especially in rural areas. >> ten to 20 times worse than what you see for credit card data on the black market. >> consumers using xp will be out of luck but users with deep pockets have more time. j.p. morgan chase, have paid billions to microsoft so they can get tech support for their atms for another year. allen says he will plunk down $100 for an upgrade, eventually. >> it will have to happen. >> a calculated risk he's ready to take. andy roach, al jazeera. >> now there's a program in california trying to help out for those in foster care. >> welcome back to al jazeera america. i'm del walters. these are your headlines in this hour. hollywood icon mickey rooney has died. the actor started in silent movies,

so if you talk about big swings, fireeye and cybersecurity, definitely one of the poster children. back over to you. >> i'll follow up on that and say that of the 12 or so cloud computing fames on my screen right now, none are up this month. the one down the least is real page, down 3.5%. cornerstone, demandware and service now all down more than 15% in april. >>> coming up next, one man who called today's pullback. he said yesterday's rally didn't make sense, and it looks like he's right. larry kudlow joins us next. >>> we just referenced it, there's your vix. up right now 10%. so the fear, a little bit higher. we've got more on your market selloff after the break. mine was earned in korea in 1953. afghanistan, in 2009. orbiting the moon in 1971. [ male announcer ] once it's earned, usaa auto insurance is often handed down from generation to generation. because it offers a superior level of protection. and because usaa's commitment to serve current and former military members and their families is without equal. begin your legacy. get an auto insurance quote. usaa. we know what it

courtney reagan went to the conference in las vegas where the big eggest names in cybersecurity are looking restore consumer confidence. >> reporter: the transaction associations bring every part of a payment together, credit card, banks, regulators and retailers, all talking about securing spending while pointing fingers at each other for bearing the cost and liability. many retailers have had payment and data security teams in place for years and have been migrating, albeit slowly, the payment system is capable of using emv technology. this allows systems to read ships and pin cards currently used outside the u.s. visa and master card are giving retailers until 2015 to put the emv system in place. otherwise, the liability for fraudulent purchases shift s to the retailers. >> there will be enormous activities getting it done until 2015. it is not going to happen. >> although the world's largest retailer says it is already in the process of converting its system. as of two weeks ago, walmart turned on software enabling them to use the cards, they will be ready to accept emv card's before th

with his chinese counterparts to discuss a range of strategic issues including north korea on cybersecurity pay tools to raise charges series regarding territorial disputes with neighboring states such as japan alliance in east china sea which equate to russia's on stage ukraine's crimean peninsula they did also became the first foreigner to get the torch on this test at croft area as taught by dr with a strong superpowers to put trust and understanding they do want to join in from japan is scheduled to spend ten days in asia. his next job is done to mongolia which to strategically between russia and china . the chief of troops them switch to more small drop in on it which has played out thousands of lights and to top what was to postpone the crux of the right to place two more work ahead of that it was all the die off cos i've got millions of people visit the wisdom or two guys and courteous polite and be a living which impress some pieces up like a white student of the action stunts there's a pit stop because his aikido people have in the past the wind speed racing the requests from god g

through with big mike is attributable to both market adjustment the government regulation the new cybersecurity but discover last week. nicknamed hardly has been described as the greatest threat to ever surfaced on the internet major portal websites in china have been implementing fences but no one knows the extent of damage. his latest madness has highlighted the need for china to upgrade its cyber security. kumble has this story. these ears snooping into your passwords and has no information. partly it is the means no security flaw in the vanessa is now an encryption technology designed to protect online accounts for emails instant messaging and e commerce the bar can be used by hackers to deep creek sick or going communications and could name names and passwords credit card numbers and now the priestly formation of a risk. read the last week it has the magic leaping around in snowfall around two years well he died a few odd don't you let me give you an example you can go to a bank where you normally only have access to your home press the information. it is able to provide you with other peo

>> we all spend a fair amount of time and energy on our company's cybersecurity. our company and other companies in the industry have made large investments in that arena and we know that is constantly changing. the threat environment that we're dealing with is constantly changing. so it is just a constant battle. just as it is for the department of defense and most of the federal agencies. >> but you must have some special way, is there anything you can tell us to do on our little computers comparable what you do to stop being intraded by foreign power? >> change your password often. >> okay. there are, let's say, five very large aerospace defense companies in the united states, you might say. and over the last couple of years the pentagon has not encouraged anybody to make acquisition of each other. they want to have i guess what we have now but there were many more defense companies in previous years. now they have consolidated down but do you think as a result of the defense cutbacks we're likely to see there will be more consolidation among the large defense

it supports industry and government efforts to enhance the cybersecurity of control systems being used throughout the electric industry, not only the electric industry but also oil and gas industries. thirdly, they have a wireless test bed and indeed we started improvements on the wireless test bed and we're going to continue to do that. and as we all know, there are more and more every day components that are being connected to the grid that are wireless. so this wireless test bed is extremely important. , as we move forward with grid security. and, lastly, and this is important particularly in light of the metcalf incident, that has been talked about here, and they're in the early stages of this but the, they are working on working on a project to develop security, security protections, physical protections and others for substations. so that's going to be extremely critical also. we're very proud of the work that is done at the idaho national laboratory. like i said they are reknowned when it comes to nuclear energy but there are these new areas that they are developing and grid sec

in the past three years, israel cybersecurity industry has grown from a few dozen companies to more thanms. one of them is aroto. the startup has received funding from eric schmitt's firm innovation endeavors and from investors in companies like kayak and angry birds. bloomberg's middle east correspondent spoke with the c.e.o. and asked him why the company thinks it could have caught edward snowden. >> basically profiled them and literally build the profiles like you have in facebook. and based on those profiles would create an interaction graph between all the entities. again, as you have in facebook, when you're posting a picture or making someone your friend, behind the scenes, facebook creates an interaction graph to find friends very quickly. we build the interaction graph to find abnormal behaviors in tax and securities issues but we need to connect them into a story and provided our customers the entire story and not a one-time, single event about the security. >> and you're in a spot to set it up after a bank contracted you and you kind of hacked into the bank's active directory

. >> from the bottom line to brand reputation, cybersecurity can pose a huge threat to businesses. 2013that more data records were lost than ever before. the report released later today show security breaches grew 62% over the course of last we're and can have a devastating impact on large organizations. joining us from new york to discuss the report is vp of the information security group symatech. you describe an explosion in data breaches, including mega data breaches where 10 million data records are exposed. why are we seeing such an explosion and who specifically is being targeted? >> i think it's best summed up by willie sutton's quote, why do people rob banks because that's where the money is. as more and more digital assets move to the internet fabric, at tackers are moving there. the attack landscape is booming with these types of things. in fact, we saw over 91% of targets attacks over the last year in terms of increase. what that really demonstrates is a shift in behavior of these attackers. they're moving from target of chance to target of choice. big game hunting. >> i saw

would better share intelligence across agencies, that we would fund new technology efforts like cybersecurity. thirdly, i can't give enough credit to the 9/11 families who participated in the birth of the 9/11 commission and how it got through congress. it was a bill that john mccain and i worked on in the senate and the house. we never would have gotten it through congress if it hadn't been for the tenacity and the loyalty and the hard work and the love of those 9/11 families for their lost ones; children, family members. they worked tirelessly to try to make sure that something was done constructively about their losses. another reason that the 9/11 commission and other commissions succeed is about the clarity of the mission, the statutory mandate, so to speak. i think this committee, the staff has given us a very clear mandate. it's broad, it's aggressive, but i think it's clear to us what we need to do over the next several months and, hopefully, with your help and the fbi's cooperation, we're going to be able to get to the bottom of the facts and give you and the american people a good r

the by partisanship you fostered with a committee unparalled, passing cybersecurity legislation and proposingm that ends bulge collection of metadata and increases privacy and civil liberty and priest serves a morn capability. the committee will miss you and your leadership. we have you until the end of this congress and we know you will continue to roll up your sleeves and continue the work americans expect from this bipartisan committee. we know that there were many heroes and many people that suffered gray loss that day. we mourn the deaths of ambassador chris stevens, sean smith, tyrone woods and glen doherty and we honor the men and women who acted courageous to save the lives of others. no one left a comrade behind. we owe it to them and countless others to defend america to find out what went wrong to make sure it doesn't happen again which is what we're doing today. the independent accountability review board headed by admiral mike mullen and ambassador thomas pickering completed comprehensive have review of the situation and issued 29 recommendations. the government is implementing t

work of the committee overseeing the committee passing intelligence authorization act improving cybersecurity in the meantime let me say thank you for being so willing to come before the committee even after you have retired. your service to the country over 30 years has been exemplary and we know you and the people in the cia that led especially those deployed in hotspots around the world determined instead of gratitude. mr. chairman, thank you and i yield back. >> thank you for the kind words. one thin big of the committees e have a bipartisan way and we will continue doing that in the remaining months that he will be the ranking member and i will be chairman. thank you for that. before turning to the witness, this is an investigative hearing. we are going to swear the witness said before he testifies. this is the prerogative of every committee chair. while it is always against the wall to provide false statements to congress, the act of swearing in a witness impresses the gravity of the and the need to tell the truth. with that i would ask if you would please stand and hold on let me make

something that we didn't involved with long before the term cybersecurity became a popular term. our involvement of course came about through our work with the federal government and the need to protect the networks of the federal government. i am very concerned about this particular area come in several dimensions. first, it is an area where when you look around the globe, the status of the threat profile is pretty advanced. and i won't name countries or go into the fine details of that, but it is asymmetric. it takes a fairly small investment on the part of an adversary to put at risk large investments that we have as a country. so we have to be very vigilant about this. i'm pleased to see the even begin in this years president's budget proposal to congress that there's a large investment on the national security side for cyber defense and cyber protection. my biggest concern though as we look forward is we really aren't yet to a place where we are thinking about the broader society impacts of cyber, and this is stepping up to really deal with that level of issue and that level

>> there's cybersecurity concerns, republicans say they're concerned about new greenhouse gas regulationsg out older cole plants and moving away from coal too quickly can bring overreliance and put the grid at risk during extreme hot or cold. however environmentalists and green executives say new sources of energy with the grid should be just fine. back to you. >> rich, thanks for that. and stick around, coming up it's day one of the master's. how exciting. who's topping the leader board? >>> and beef prices are skyrocketing. not going down any time soon. a cattle rancher explains what's going on? [ laughter ] smoke? nah, i'm good. [ male announcer ] celebrate every win with nicoderm cq, the unique patch with time release smartcontrol technology that helps prevent the urge to smoke all day long. help prevent your cravings with nicoderm cq. that helps prevent the urge to smoke all day long. my dad has aor afib.brillation, he has the most common kind... ...it's not causedy a heart valve problem. dad, it says your afib puts you at 5 times greater risk of a stroke. that's why i take my warfar

over the weekend a cybersecurity firm uncovered that major bug, which could let hackers gain control of your computer. now, microsoft says the hackers are targeting internet explorer versions 6 through 11. that's practically all of them. they account for more than half of the world's pcs and half of the world's internet access. the tech company is investigating working on a fix with some sort of security upda update. >>> meanwhile, apple is offering to replace the power button on the iphone 5 that doesn't work properly. the company says it accidentally shipped an unknown number of phones with faulty power buttons. the buttons stops working after a couple uses. if your phone has this problem you can enter the phone's serial number to apple's website and see if you are eligible for a replacement. >>> the series all tied up at 2-2 thanks in part to a 33-point performance from steph curry yesterday. he drained seven threes to lead to an impressive victory. game five is tuesday night and tipoff is at 7:30. now, before the warriors hit the staples center, it will be the sharks taking cente

there is one cybersecurity expert, he said on a scale of one to 10 this is an 11. agree with that? >> yeah. this is pretty painful because it has been around for two years. we're not aware of exploits during that time period but one would assume. and it hit such a massive part of our economy. i mean it's roughly somewhere between 60 to 80% of all websites use the core code that is at issue here. liz: looking at amazon web services, okay cupid, yahoo! mail, vulnerable. netflix we're talking about. facebook, we already mentioned. dropbox. this will take a lot of work. david was saying i need a day off to do something like this to update these passwords. >> without a doubt. you know when you look across the spectrum, the entire i.t. industry is rallying right now to update all of their environments. we've had the fix for 24 hours now. most of us have deployed to our critical environments. and now we're working back with our customers to make sure they upgrade their process. but it really goes to show the value of protecting yourself in the future. we can't have one pa

cybercrime and hacking hitting an all-time high last year according to a report released by the cybersecurityec. the number of data breaches rose 62% from 2012, exposing more than 552 million identities. liz: we all keep doing things on tablets and smartphones. it is growing. maybe the holes are growing? what are hackers targeting? how can you protect yourself? joining us now, symantec's information security group vice president. this is the report. and there's some fascinating things in here but let's just get right to the top here and talk about why we've seen such a jump. the internet of things, we talked about that with the solutions ceo in the last hour. we're all connected to much. does the hole become bigger because of that? >> i think if you look at velocity and variety and volume of attacks, it is directly correlated with the value of information. the lifeblood of many organizations is their data, is their information. and with that, so exists a monetary underground where that information can be exchanged. you have hacktivists after their five minutes of fame. you have organized crim

let's talk about a cybersecurity company, fire eye. a month ago, it traded 97, now it's at 54.y lower than where it closed the first day of the year. if you held on to that stock, you have now round tripped it and have no gain at all. now you may not have to pay any tax on fire eye whatsoever, but that's because you may be turning a winner into a loser and pay no taxes on losers. when you have losers, they offset the gains for your winners. but given if it's already april, if you didn't do your tax loss selling at the end of the year, it's too late to do anything about it now. but we may circle back to this subject in december, because people love this get a plan stuff so much. i'm not saying you'll ever give up your gains every time -- you'll give up gains every time you decide to hold on to a stock for tax reasons, that would be extreme. but i am saying you should never keep holding a stock so you can avoid paying the higher short-term capital gains rate. that's not because i have a problem with tax avoidance, tax avoidance is great. you should avoid all the taxes you can leg

. >> charlie: cybersecurity is an issue, too, isn't it? >> it has been for a long period of time. it obviously represents a tax on our business and other businesses, but it's fund meany important that we excel at it and the last thing you can do is get relaxed at all. so we built up our capabilities. we've got to stay one step ahead of, you know, that kind of risk. >> charlie: this happens to be today's financial time. >> yes, it is. (laughter) >> charlie: you've read this story, i'm sure. >> i have. i haven't seen the hard copy. i've read it on my ipad. >> charlie: that's what you should have done. nasdaq's investors patience being tested? >> i don't believe they are. we had a great run up on our stock last year, up 59% for the year. and a strong 2014. i think the controversy with respect to the book had a head wind on our stock, i think it's a temporary blip and obviously will perform quarter after quarter, year after year and that will carry the day. but at least couple of weeks have been not the best. >> charlie: what is this between you and turtles? >> well, you know, i heard

he studies risk analysis and a e cybersecurity and he will be working for block chain info this coming summer. he serves as the captain of the air force association cyber patriot competition steam which he led it through the nationwide competition with 16 teams competing to test how well one can secure from viruses, trojans, etc.. his team was a 16th place. so not a bad for the work that he did. in 2012 with the northrop grumman corporation on the cloud research, which i won't even ask about. we also have mr. jason healey who is here, the director of the cyber statecraft initiative. as the director for cyberinfrastructure at the white house from 20032005 he helped advise the president and coordinated critical infrastructure immediately after the attack as the vice chairman of the financial services information sharing and analysis center created bonds between the sector and the government have remained strong today. and i think most recently he edited a book called the fierce domain conflict in cyberspace 1986 which is the first history of cyber conflict. it's an interesting book with

we held a round table last week on cybersecurity to emphasize that with respect to the public companies to bring together the government agencies to are charged with dealing with this cyberthreat in the coordination of the government agencies the department of homeland security with the national security issue is the coordinating agency among the federal agencies and the emphasis there that is so critical to have a public-private partnership the government needs to be better to share information or get security clearance but with disclosure to commend the staff of the sec they put up guidance to public companies to disclose cyberrest if they were material it was regarded as helpful guidance the staff has followed up with think they have improved would it is a continuing process and priority. >> chairwoman plight i along with my colleagues many of whom are here sent you a letter asking for an update on actions after the round table back in december. us you no to such firms one of which is in the process of being sold 97% of the market has actually become defacto bears in the united state

it seems the threat some cybersecurity is fairly widespread.he report suggested nearly 200 different countries that raised red flags for you. it seems an awful lot of different variables to contend with. >> akamai, we deliver about 30% of the traffic on the web. through that wide global distribution we're able to look at the trends on the internet and understand what's going on. security is really an emerging trend. we see more and more attacks over time. they're coming from everywhere and the interesting thing is that even though we can say the source of attacks are coming from one particular country or another, that's where the machines are doing the attacks from. it's not always clear where the bad actor is coming from. what's very clear is the attacks are getting higher in volume and more and more prevalent. >> that's an interesting point you raise. there's been a lot of criticism around china. are you saying china is not the biggest offender, it's just that internet systems are routed through that country? >> one of the major problems in s

we're seeing a systemic problem in cybersecurity that hahas now led to a two-part problem. fraud. the tax fraud just is another element of the overall problem that we're experiencing. stuart: let me stay with the tax fraud angle for a second. i think i saw a projection just the other data this problem is not going away, that $4 billion was mistakenly sent out as bogus tax refunds. that was last year. in the next four or five years, it's going to be over 20 billion. is that accurate? >> we're on that trajectory right now. and, again, not only on tax returns, but on other types of fraud. the amount of information that the criminal element has -- and it's becoming much more sophisticateed -- in exploiting that information presents a much, much greater problem to the irs, to tax-filing services. so we're seeing throughout the united states companies just are not prepared to defend themselves against a wave of information that appears to be accurate. it's just it's being used fraudulently.st. should i, the consumer, right now change every password that i've got? should i do it?

the problem is, this has been around, heartbleed for at least two years but cybersecurity experts discovered know about it? we have a editor at large for mashable.com. encryption that when my brain starts to shut off. what is different from this bug or bugs in general? >> it is scarier. it is not local but on all servers that run millions of sites across the internet. just about any site you can think of, from news sites, banking sites, to social media. the service offer is apache and open ssl is on inside of this and millions and millions of websites. jenna: less about hey, my website got hacked and more about this is a server all these major websites go through. what websites? >> just about any. "new york times," any of these major sites might have some apache server in there. right now you can go to lastpass.com to check whether or not the sites are clear, what is really important to understand here, this is supposed to be what was attack and what is the big vulnerability is the area that is supposed to be most secure. ssl, stands for secure socket layer. it is handshake that is supposed

work of overseeing the intelligence community come intelligence operation that's going to prevent cybersecurity. in the meantime, let me say thank you him and mr. morell for coming before the committee come even after you retire. your service for the country over 30 years of exemplary and we owe you and the people at cia that, especially those in plain hotspots around the world. mr. chairman, thank you and i yield back. >> thank you for the kind words, mr. wrappers berger. and the remaining months i know you'll be ranking member david chairman. before turning to the witness, this is an investigative hearing. we are going to share the witness him before he testifies. this is the prerogative of every committee chair. it has not been the custom here at the intelligence community. so while it is always against the law to provide ultimatums to the congress, the gravity of the preceding and the need to tell the full and complete truth. so what not, i would ask mr. morell if he would please the end. hold on. not too much longer. could you please raise your right hand? do solemnly spread that the testi

morgan wright a cybersecurity analyst. what would be the point?you have to look good driving something that stylish. for the money they threw at this thing this should be setting land speed records. when i gave you my notes, at a minimum it should support 500,000 concurrent users. there are games, online games, world of tanks, that can support 1.1 million active concurrent users. why we can't achieve these type of benchmarks after all the money has been thrown after october 1st is unfathomable. jenna: you're saying that healthcare.gov is worries than an online videogame as far as functioning? >> absolutely. there are people who have spent 1/1,000 spent on healthcare.gov that get 100 times the performance. just an example why the government and private sector trying to do a consumer play is not working. jenna: one of the reasons why we wanted to revoice think topic, morgan, as we see the number of enrollees going up and more people are using this portal. more people using portal we have to answer questions about security for these millions of peopl

right now new concerns of a growing cybersecurity threat.se the so-called heartbleed bug to create fake web sites and trick people into giving up personal information. adam houseley live from walnut creek, california, with more on that. adam? >> reporter: yeah, one hacker's already been arrested in canada for doing that. that threat's already been there, fake web sites trying to lure you to give information that they could use against you, credit card numbers, that kind of thing. what this does, what the heartbleed bug does is it allows them to set up even better fakes to gather information potentially from consumers. the best thing you can do as a consumer is to headache sure the web site you go to by looking at the address bar at the top is the right location, even entering it manually if you have to rather than taking a link. experts will tell you most of the mainstream, large web sites are aggressively going after the heartbleed bug. >> a lot of the vendors like shopping sites and banks have gotten really aggressive about patching this,

we actually held a roundtable last week on cybersecurity really to emphasize that. not only with respect to our registrants and public companies but to bring together the various government agencies , you know, who are charged with dealing with the cyberthreat to talk about, among other issues, the coordination among the government agencies. the department of homeland security which is a national security issue is in effect the coordinating agency among the federal agencies. and the emphasis there which is so critical is we must have a public-private partnership on this. i think the government needs to do better at sharing information with the private sector. obviously you need to get requisite security clearances. in terms of disclosure by public companies, you know, i think just to commend the staff of the s.e.c. in 2011, the staff of the s.e.c. actually put out guidance to public companies regarding their obligations to disclose cyberrisks and cyberincidence if they were material which of course is our disclosure regime. it's been i think -- regarded as very help

we're working to reduce the risks from cybersecurity attacks by helping to improve the financial sector's resilience to such attacks, and investing in treasury's own defenses and infrastructure. and we're requesting sufficient funding for the internal revenue service so it can provide the kind of quality service that american taxpayers deserve. as we consider what's in the best interest of taxpayers, it's important to note that it's been 5 1/2 years since fannie mae and freddie mac went into conservatorship. now is the time to reform our housing system and i'm encouraged that the senate banking committee is making bipartisan progress on this very complex issue. since the financial crisis treasury has played a central role in designing and implementing the most comprehensive reforms to the financial system since the great depression. one major piece of unfinished business is housing finance reform and we need legislation that protects tack payers, ensures continued guidespread availability of consumer friendly mortgage products like the 30-year fixed rate loan and provides liquidity during

a cybersecurity threat now affecting hundreds of thousands of web sites.steal passwords, credit card numbers and a lot of information from unsuspecting users. how can we all try to stop it and protect ourselves when we log on? adam houseley live in the washington with the details. >> reporter: actually, we're here in los angeles because this is where a lot of the computer companies are located. this has been around a couple of years, and also hundreds of thousands of web sites affected and hundreds of millions of users potentially affected by this. here's what we can tell you, we put together a list to give you an idea of what you need to know about heart bleed. it is a programming mistake, basically, you are all likely to be affected either directly or indirectly. the bug leaves no traces of anything abnormal, and has this been abused if we don't know. that's part of the problem. a german programmer today according to multiple reports has now admitted that he created heart bleed on accident, he inserted the bug accidentally when he was trying to improve t

we're working to reduce the risks from cybersecurity attacks by helping to improve the financial sector's resilience to such attacks, and investing in treasury's own defenses and infrastructure. and we're requesting sufficient funding for the internal revenue service so it can provide the kind of quality service that american taxpayers deserve. as we consider what's in the best interest of taxpayers, it's important to note that it's been 5 1/2 years since fannie mae and freddie mac went into conservatorship. now is the time to reform our housing system and i'm encouraged that the senate banking committee is making bipartisan progress on this very complex issue. since the financial crisis treasury has played a central role in designing and implementing the most comprehensive reforms to the financial system since the great depression. one major piece of unfinished business is housing finance reform and we need legislation that protects tack payers, ensures continued guidespread availability of consumer friendly mortgage products like the 30-year fixed rate loan and provides liquidity during

i know this is a focus, this panel on cybersecurity but we've also talked about reliability and a new the next panel can focus on the. i appreciate your willingness to move forward on figuring so quickly after your taking the chairmanship. i like to ask a couple of questions because we have great experts here who may be can give us a preview of what we're going to next also for us to be able to compare and contrast with her from some of the industry folks. first i guess, chairman lafleur i'd like to hear from you a little bit about what you think we ought to be doing in terms of reliability. you were quoted as having said am also very concerned about the price both the applet magnitude of price spikes and increase we saw this when it when we see the ice spikes it's a symptom protecting reliability is causing this issue. can you elaborate on that? is that an accurate quote? >> yes, but always in the context. we had somebody said we're mainly here to work about reliability, not price. i made the comment they are closely related. when you see the extraordinary price spikes as a science a

he studied security and risk analysis and cybersecurity.he will be working for block chain.info this coming summer in and accompanies elected office. he serves as captain of the cyberpatriot competition team which he led through a nationwide competition with 1600 teams competing to test how well computers protected from backdoor approaches and his team came in second place among the 200 teams are not bad for the work that he did. in 20:12 p.m. turned with the northrop-grumman foundation conducting penetration testing and cloud research when i will will -- which i want to ask them about it. we also have mr. jason healey who is here the director of the cyberstatecraft initiative that the brent scowcroft center. as director for cyberinfrastructure protection at the white house from 2003 to 2005 jay helped devise the president coordinated u.s. efforts to secure cyberspace and critical infrastructure. immediately after the 9/11 tat attacks his efforts as vice chairman of the financial services information-sharing and analysis center created ons

the warnings that you had for our nation's electrical grid for the power system, specifically cybersecuritye there'd been a lot written on this lace lathely, experts warning that the power grid is particularly vulnerable. is it? >> well, i think from a cyber secure perspective we have a great relationship with the federal government on that where we're using tools that the government has in place and also focused on security clearances and the systems in place to not only ensure reliability of the grid from a resiliency standpoint but also a cyber secure effort to make sure we're capturing those threats as they've come in. and certainlycertainly we've beo do that. >> how many threats do you detect over the course of a month or year? you must have some number about people trying to pierce your system one way or the other, some of them serious, some not. >> you have simple fishing xer siszs to other effort where is they're try og get at equipment or systems. and typically from the fishing exercises you can have thousands, but certainly less so from those that are trying to encroach into infor

investments in cybersecurity will expand across the enterprise to meet the demand and speed of actionrequired in today's world. as you know, nsa executes three distinct fund industry the cryptologic program, the information systems security program, and the military intelligence program. let me briefly describe our emphasis in each of these areas. the ccp enables nsa/css to bring the capability of a global cryptologic system to bear in support of our national policymakers and a war fightingg demands. innocent global intelligence capabilities, analytic trade craft, operational infrastructure and reporting mechanisms have been developed over time and have resulted in a successful delivery of mission requirements. i look for to provide some specific and recent examples of in a classified session that will follow. and as they see us as his information assurance investment plan response to the challenges of providing security solutions that keep pace with the fast moving technology sector and agile adversaries. we must know that cyberspace environment and its risks protecting information a