ms. caldwell, but -- i'll defer to you. >> yeah. i think that the maximum sentences under most of the statutes are adequate. i don't think we need any kind of mandatory minimums because we have been seeing judges imposing sentences around the seven, eight, nine-year range which i think is a substantial sentence. there are a couple other things we would like to see that right now there's no law that covers the sale or transfer of a botnet that's already in existence. and we've seen evidence that a lot of folks sell botnets. they rent them out. and we'd like to see a law that addresses that. one other thing which is a little bit off point but i think is still relevant to botnets is we -- right now there's no law that prohibits the overseas sale of u.s. credit cards unless there's an action taken in the united states or unless money's being transferred from overseas to the united states and we see credit card -- situations where people have millions of credit cards from u.s. financial institutions and never set foot in the united state

ms. caldwell, but -- i'll defer to you. >> yeah. i think that the maximum sentences under most of the statutes are adequate. i don't think we need any kind of mandatory minimums because we have been seeing judges imposing sentences around the seven, eight, nine-year range which i think is a substantial sentence. there are a couple other things we would like to see that right now there's no law that covers the sale or transfer of a botnet that's already in existence. and we've seen evidence that a lot of folks sell botnets. they rent them out. and we'd like to see a law that addresses that. one other thing which is a little bit off point but i think is still relevant to botnets is we -- right now there's no law that prohibits the overseas sale of u.s. credit cards unless there's an action taken in the united states or unless money's being transferred from overseas to the united states and we see credit card -- situations where people have millions of credit cards from u.s. financial institutions and never set foot in the united state

ms. caldwell on the civi civil/criminal aspect of this, what would you like us to do to help. >> one is the one i already mentioned which is -- >> shut my phone off. >> changing the civil injunction ability so that we will have the ability to enjoin bot nets other than those who are engaged in wire fraud and tapping. he'd like to be able to could that. >> do we need increased p ed penalties. >> that's an interesting question senator. i think we've been seeing increased penalties being imposed by courts. >> statutorily, do we need to change any statutes to make this bite more? >> i will defer to ms. wallcald. >> i think the maximum sentences under most of the statutes are adequate. i don't think we need any kind of mandatory minimums because we've seen judges imposing sentences ash the seven, eight, nine year range. there are a couple of other things we'd like to see. right now there's no law that explicitly covers the sale or transfer of a bot net already in existence. we've seen evidence that folks sell bot nets. they rent them out. one thing which is a little bit off point but still relev

ms. caldwell? >> yes. i think -- i'm sorry. i think any online database is vulnerable. some obviously have more security protections than others. and as you indicated, senator kuntz, the health care databases have a lot of sensitive personal information so we've seen i know in some of the botnets that we have seen over the years including if i'm not mistaken game over zeus some of the victims were hospitals so that's a very serious area of concern we're concerned about. >> one other question. as senator whitehouse referenced, we have a warfare squadron of the national guard. they've stood up and grown and developed this national guard capability which takes advantage of the fact that we have a fairly sophisticated financial services community. we have credit card processing and as a result there's a lot of fairly capable and sophisticated online security and financial services security professionals who can then also serve in a law enforcement and national security first responder context through the national guard. what lessons do you think we could learn from that par