mr. schneier? >> i'm also a fan of standards. and i think -- your question's a really important one -- how do you do it properly as to not -- >> a balance, right. >> and i think it's to make them technologically invariant. i tend to look at the pollution model as something, what works and what doesn't. and what works is, you know, here is the result we want. figure out how to do it in the most cost-effective way possible, rather than legislate, here's the process, here's the technology. the standard has to be technologically invariant. and i know you had a driverless car hearing yesterday. and i think it's somewhat similar. we're going to make standards on the driverless car manufacturers to do things properly, but we're going to assume an environment where there exists malicious cars out to get you. so we'll have to deal with the rogue devices. we can't assume that everything on the internet or everything on the roads is going to be benign and secure. but standards will raise the tide. yes, we hav

mr. schneier, thank you for being here. we look forward to your testimony. >> thank you, chairman walden, ranking members. committee members, thank you for having me and thank you for having this important hearing. i'm bruce schneier, a security technologist and while i've been a solution with both harvard and ibm, i'm not speaking for any of them am not sure they know i am here. [laughter] >> it's a secret. nobody on the internet knows either. [laughter] >> as the chairman pointed out, there are now computers and everything but a want is just another way of thinking about it and that everything is now a computer. this is not a folder this is a computer that makes phone calls, or refrigerators is addicted to keep things go. atm is a computer with money inside. your car is not a mechanical device. it's a computer with four wheels and an engine. this is the internet of things and this is what caused the ddos attack we are talking about. i come from the world of computer security, and that is now everything security. i want to

mr. schneier? >> i actually think we need a new agency. the problem we're going to have is that you can't have different rules if it has wheels, propellers, makes phone calls or is in your body. that's just not going to work. these are all computers. we're going to have to figure out rules that are central. >> wait. we have a continuing new majority. so i don't think they want to create an agency honest thely that this thing needs to get done. they don't like that stuff. >> so i think -- >> new agencies, new regulations, we're dead in the water. but we can't leave this issue to be dead in the water. our country deserved much better. and so i'm really not joking. it is a little bit of fun but, you know. >> i don't think it's going to go that way. >> oh, good. >> they're getting involved regardless. the risks are too great and the stakes are too high. nothing motivates a government into action like security and fear. in 2001 we had another small government, no regulation administration produce a new federal agency 44 days after the terrorist

mr. schneier and dr. fu and mr. drew, what would it look like? what would it look like? we place -- i'm giving you a blank slate. what would you write on that slate to be placed in the national infrastructure bill? >> so -- >> whoever wants to start. mr. schneierp? >> i think we actually need a new agency. the problem we're going to have is that, you can't have different rules if the computer has wheels or propellers or makes phone calls or is in your body. that's just not going to work. these are all computers. we're going to have to figure out rules that are central. >> we have a continuing new-new majority, so i don't think they want to create an agency, but this -- >> for every one we create, we delete two. >> they don't like that stuff. >> so i think -- new agencies, new regulations, we're dead in the water. but we can't leave this issue to be dead in the water. our country deserves much better. and so i'm really not joking. i mean, it's a little bit of fun, but -- >> i understand, but i actually thi

mr. schneier, and dr. fu. i have to admit last night i lost a little sleep preparing for this hearing all because we focused on september 21st of this year when a botnet launched a strike that on the crest on security over 600 gig bits per second swarmed them. and then a month later oerbg, o october 21st, the same bad actor in dine. as a naval aviator, working as senior staffer for two texas senators and four terms of the house, i know the biggest threat to our security and our prosperity is not bombs, it's not missiles, it is cyber attack and cyber security. ones and zeros. but bothers me most about what happened earlier this year, is the execution was exactly what coach mchugh told me when i was 9 years old on the football field he drew a line in the sand. here's a defender. here's two of them. we'll swarm them. score a touchdown. that's exactly what these guys did. nothing hard. nothing new. yet they had the success of having 600 gig bits per second swarm nonsecurity. and so in this environment you can't be

mr. bruce schneier and mr. kevin fu and mr. drew, what would it look like? iem giving you a blank slate. i think we need a new agency. the problem that we are going to have is that we can't have different rule rules if they hae fields or propellers or fixed phone calls or your body. that just isn't going to work. it's all computers and we have to figure out rules that are central. >> we have a continuing majority so i don't think they want to create an agency honestly don't this thing needs to get done. they don't like that stuff. new agencies and regulations, we are dead in the water but we can't leave this issue to be dead in the water. our country deserves much bett better. the risks are too great and the stakes are too high. nothing motivates the government into action like security and fear. 2001, we had the government, no regulation administration producing new federal agencies 44 days after the attacks. something similar happens and there is no cyber security expert that will say sure that could happen. i think that he will have a similar response. re

mr. schneier's written testimony, he called the dyn attack failure and we should not be content with failure any longer. i want to thank the chairman for listening to our request for a hearing and we have to continue our work on this issue in the months and years to come. >> gentle lady yields back her time. we thank you very much for your request. we share in this concern, obviously. it's a bipartisan issue. we look forward now to the testimony from our expert witnesses. we're glad you're all here and we'll start with mr. dale drew, who is the senior vice president, chief security officer for level 3 communications. mr. drew, welcome. thank you very much. turn on your microphone and have at it. >> chairman walden and burgess and ranking members eshoo and schakowsky, thank you for the ability to testify. regarding the recent cyber attacks on our landscape and vulnerabilities found in iot devices. level 3 is a global communications company serving customers in more than 500 markets in over 60 countries. we have a significant network footprint in the amount of traffic we handle on a daily basi