mr. mandia. our next guest is mr.baker from 2005 to 2009 the first circuit -- assistant secretary for policy of the of the stages of department of romance security. and intelligence lawyer also general counsel to the national security agency and the commission that investigated weapons of mass destruction intelligence failures prior to the iraq war. thank you. >> and then turned to the question of the role of the fbi and justice department could be slashed should be. i will let spent too much time as kevin demonstrated the are not likely to defend our way out of this problem. defenses play an important role with the legislation but is as though we try to solve the street crime problem by a telling pedestrians to buy a better body armor. we have to find the criminals and teacher them. i don't have to preach to either of you of the importance of that. but, in thinking about back, how can we best reach the threats that are most troubling to americans today which is the government protected attackers? and it seems to me b

mr. mandia this point, we will not catch everything. in the face of a sophisticated attacker that is well resourced, that is very deep roots of sponsorship, we will not be able necessarily to address those kinds at a pta and threats. so it has to happen is really a mash or standard risk management approach. we've got to address this through, and risk management principles that includes technology, training of personnel, awareness of critical infrastructure owners and operators that this threat is real. they're starting to get that now that we have more high-profile conversations around this with events like the recent code issue with the breaking of more than 30,000 constraint system devices they are, and major pipeline. they're starting to have this awareness on this search around the importance of it. a couple other areas we need to address and that is information sharing. information sharing is a tool, but it can certainly help but the warning and preparedness at this critical infrastructure owners and operators in the common standar

mr. mandia, any thoughts on the pursuit versus static delivery problem? you deal with a lot of these companies as well. >> when you look at legislation commits a complicated matter. i've had these discussions on how to legislate benchmarks. the private sector is doing a lot of that themselves. what i've heard here makes a lot of sense. if you push for an agile defense mechanism in the united states that companies can take intelligence shared with it and not the type knowledge in these processes to do something with it. that's a great next step to cover the security guy. a hodgepodge of standard legislation covering 80% of the problem. when you have to do with the nationstate, 10% to 20% of the problem is the means for the government to share intelligence with the private sector. the dirt without enormous liabilities doing so can start that information sharing in a codified way, where we make it quicker. >> all three of you agree among the operators of critical infrastructure in this country, it you can find companies that are not doing that they should be