dr. amoroso to answer that, please. and we don't have much time. >> well, first of all, we're already talking to the cloud provider and some of us are cloud providers. i do think the conversation is well underway. we're familiar with the challenges. if you think about it, the term cloud is a rather generic term that is probably misunderstood. it can mean a number of different things for different type of customer. and so therefore i would say we continue to include them in the conversation. as we have everyone else at the table as partners. the solutions you're looking for will have to be integrated across a wide platform. i would say that you want to keep them in the conversation. >> thank you. >> so my mother has a pc at home that at this instant i'm sure is like attacking china or something. it's probably going -- because it's not administered properly. and she's got, you know, big tower with verizon fios, the whole thing. she doesn't need that. she'd be better served to have a cloud provider take care of that for he

dr. amoroso talked about this malware so respectfully, and how eloquently it is put together. is there anybody can tell me who we're talking about? >> i think if you take a look at the most recent investigation conducted by the fbi on the dns changer malware, you'll see it was a group of individuals operating out of estonia that basically sent malware to individuals in various forms and e-mails, and you clicked on it, and it infected your computer in a way that it directed you went you went out to do a dns type search, you were looking for amazon.com or some other company, you really went to their servers. their own servers were embedded in various locations in the united states. so these are organized groups. they figured out how to capitalize on the money you can make with the malware. >> are these people, for example in estonia, are they part of a mafia, underground, an organization? it's larger than just estonia, without you revealing any -- >> these are no longer just individual hackers. the individual hackers are out there. but now they've actually formed themselves into

dr. amoroso. you suggested in your testimony that congress defined the roles of the various executive branch agencies in cybersecurity. where do you see the sec -- fcc playing an individual? >> i don't think there's an agency right now that is in a good position to come in and solve a problem that we can't solve ourselves. if it really was a case where you could write out these five things that we should all be doing, and for whatever reason negligence, ignorance, whatever, we're not doing it, then you really do need somebody in government to shake us, you know, into action. the problem is that we don't know what it is that you should be telling us we should be doing. that's why we are going to innovation as the key. so it's almost kind of a moot question whether it should be whomever, because i'm not really sure what they should be telling us. that's the problem. there are some things, like i'm part of the team trying to make recommendations. i don't want to lead you to believe that we're just ki

dr. amoroso answer that, please. and we don't have much time. >> first of all, we are already talking to the cloud providers and some of us are in fact clout providers. so the conversation is well under way. we are very familiar with official pledges, and if you think about it, the term of cloud is a rather generic term that is probably misunderstood. it can mean a number of different things for a different type of customer and so therefore i would say we continue to include them in the conversation as we have everyone else so to speak at the table as partners, and the solutions you are looking for are going to have to be integrated across the white platform so therefore i would say that you would want to keep them in the conversation. >> thank you. >> so, my mother has a pc at home that i am sure is attacking china or something because it's not administered properly and she's got big tower with the verizon, the holding. she doesn't need that. she would be better served to have a cloud provider just take care of all

dr. amoroso, the advanced persistent threat, these are remarkably sophisticated adversaries. they are slow and patient and will lurk on your system for years. we had a large company go out of business, nortel, and part of the attribution of that is loss of their intellectual property to a foreign state level adversary, ciphering secrets off their network. when you look at that, this is as serious concern -- five years from now you'll probably be looking at that. that's how advanced they are. it's great that you're looking at it now, congressman, because the snret -- threat is real, it's persistent today and a threat to jobs and the economy. >> thanks him for his 30 years for f.b.i. service, as well. thank you for all the time you put on the target, sir. >> you would think rogers was a former f.b.i. agent himself. let's go to mr. stearns now. >> thank you, mr. chairman. let me take my questions a little along the lines that my from michigan talked about when he talked about advanced persistent threat. dr. amoroso, when you did your opening statement, you were speaking quite el

dr. amoroso, i love your name, amoroso, and mr. olsen. >> sure thing. thank you. i'll go first. i mean, we provide a comprehensive list of guidelines for configuration of the device. so our administrators have white papers and information they can access on the website. our goal is to make sure that your administrator, your i.t. organization that looks after your device, if it's a blackberry device has full control over that device at all times. so there's a comprehensive set of policies, more than 500 of them, that a administrator can send to control all aspects of the platform including preventing access to information or disallowing you the information of software on the device. so we try and do that as i think will be a common thread here. there's a lot of education in this industry. and we have to do it on a daily basis and a lot of risk that is really difficult for people to understand. we're trying to offer as much transparency and help to our customers through publication and forums like this. >> as i understand, one way to prevent potential bots activity is to block i.p

dr. amoroso. i haven't considered fat. >> i can't comment on that either. >> gentlemen, i have read with some interest in mr. olsen's testimony that, and i quote, the ongoing evaluation for metropcs' security program is based on a periodic internal and third-party assessments and auditing. what your respective companies object if such audits were government mandated, yes or no? >> we already provide all those things. we already do that to get >> i think we would not checked. >> you would object? >> then we come back and ask you to explain that. >> we probably object but we do that anyway. >> now, those who've indicated no, would you please explain briefly? >> i can explain. when you write a law, we do paperwork. so i take people away from giving their day-to-day work and sit and do work one of our favorite things to show people in the operations lab is a long one of the walls we have about a mile ellsworth of the ring binders and they always say there's the government paperwork filed by a lot of c

dr. amoroso's team on areas of commonality between rim and at&t where we think we have issues that need to be addressed that impact the security of our customers, but we don't necessarily get that feedback from the government about what do you see that we need to be aware of. and if there is anything i could ask for, it's a more transparent, more realtime information sharing mechanism to let industry know what government knows so that we can act to protect our networks and by extension protect your information. >> thank you. mr. gingrey, thanks for your patience. as we have gone through the hearing, you're the last. >> mr. chairman, you took the words right out of my mouth. exacting the last measure of patience out of the last member to ask a question. i moved down here early in the hearing because i couldn't hear very well, even though the chairman said speak right into your microphones. but i'm glad i did move down close because i knew it was going to be interesting. i knew that all five of you experts were going to have a lot of useful information to present to us. and quite honestly, a

dr. amoroso. i spent my entire adult life and cybersecurity. in fact, even as a teenager, my dad was a computer scientist, so i was walking on when i was a little kid. so i have been in and around this forever. i started work at bell laboratories and found the car was actually a pretty good hacker and had been doing that ever since. now i'm the chief security officer, so i kind of come at this with, you know, every practical perspective on threat. there's three things i want to share with you that i think our observations that might help you as you develop legislation, and they are based on empirical day-to-day dealings with security issues with our mobility network and our white airline network and the entire fortune 1,000 lots of different countries we deal with. i do that all day long and i wanted to share it and the first one is about innovation. we are being held in a faded by our adversaries. that's basically the case. i don't know if you ever bought a piece of furniture and taken it home and admired the handiwork and furniture. that's wh