And let us defend the second amendment. It is simple to me. [applause] i believe that was the last question because i want to have a chance to shake as many hands as possible. Thank you so much for your warm welcome. When i started this campaign there were a lot of people who said it could not be done. And i knew it could be. Because i have a lot of faith in people. I have a lot of faith in people. And i know that all of you agree with me. And so many people across generational lines, gender lines, party lines, so many people have been watching and paying attention, and saying we can do better than this. We need to do better than this. Every wound we have can be healed. Every problem can be solved. What it is going to take now is leadership and citizenship. But truly, we have everything we need. We have the potential of the people of the greatest nation on the face of the planet. Help me, support me, talk to your friends, talk to your neighbors. Go to carlyforpresident. Com we can make sure this will be the greatest century for the greatest nation on the face of the planet. Thank you so much. God bless you all. [applause] [indiscernible] [captions Copyright National cable satellite corp. 2015] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. Visit ncicap. Org] announcer now, a discussion on u. S. Phone her ability to cyber attacks. This is 35 minutes. Good morning, thank you for being with us. Lets talk about the office of Personnel Management and this cyber hat, headlines say that china is the leading suspect. Lets go through the numbers. 19. 7 Million People applied for a background check 1. 8 nonapplicants impacted, so total of about 21. 5 million current and former employees. And after and people that applied to opm for any sort of clearance that included topsecret clearance. Including fingerprints including 1. 1 million fingerprints. It is an indicator that, in many ways, is the Gold Standard for authentication. That is a tremendous breach. I have been talking to different people about what that means. And who might have been behind it, different people in the administration and around this town will tell you Different Things about attribution members of the senate and congress are going to be more vocal in saying we understand that it was probably china. The nsa dont assume attribution to be china. At the same time, that has not been something that the administration has formally declared, which i think is interesting. The next question becomes, what is the person or entity that took that information going to do . There is a theory that it would be compiling an enormous database of different people who have applied for positions within the government or have positions in the government and different ways to reach them. It can be used for different sorts of online scams. Katherine archuleta is the former director of personal management. She had been in the job he claimed that they were making great steps in trying to make sure that this could be prevented. Is she a scapegoat . In many ways, because she is a person where the buck stops, you have to say, why didnt you take steps to encrypt data on the database and sooner . Wise why wasnt there a Better Program in place to analyze mall where malware. The country spent close to 1 billion on a detention intruding system that was unable to detect this particular malware. At the same time, it is a legacy system. Different people respond to Different Levels of urgency around them. This was not a priority. How did this happen . How easy was it to hack to the database . At this point, they are thinking they had to have nation state to nation state support. Einstein three, the system they were using to diagnose and detect intrusions in real time, it failed. It is not an on complex system. Uncomplex system. The malware mimicked traffic. It was incredibly sophisticated. Why would china want this information . There are Different Things you can do with it. I spoke to a former cia operative, who brought up that personal information, and some of the form c would fill out for topsecret classified clearance that could be used in different ways to reach out to intelligence professionals and in many ways, look more familiar to them. The real value of this is for what might be called social engineering. Getting more passwords later learning about different people that operate within the levels of government and convincing them that you might be a trusted entity when you reach out to them through email or in real life perhaps you are familiar with where somebody went to school you might no pet names are Different Things about them that you can use to create a sense of familiarity. That was one of the things that the operative i spoke to said he was concerned about was that it makes intelligence assets at the point this becomes part of broader fronts teams, broader fraud schemes. The most logically commercial thing to do with this actually becomes easier. If it is merely stealing a database, we are not sure how or when this will be used. Patrick tucker will be with us and told the hour. We have a phone set aside if you are a current or past federal employee. That number is 202 7458002. Otherwise, we are divided by lines regionally. This past week the testified before the committee. Here is what james coney had to say about the hack. James coney it is a huge breach. A huge amount of data. Former employees. People who applied for federal employment. We have to assume it was looked at the endor filled. We are talking about millions and millions of people affected by this. The challenge is, i am sure the adversary has my ex86 now. It lists everywhere i have lived since i was 18yearsold. All of my family. Their addresses. Not just my identity is affected. My siblings. My kids. The numbers quickly grow far beyond federal employees millions over the last 20 years. It is a big number. It is a huge deal. Patrick tucker one of the things that has been very interesting about director coney and his adventures this week. He appeared before the Senate Intelligence committee and he was pulled to a question about the scandal by mark warner. His original intent in being at that Committee Hearing was to argue against and to end user and corruption and different steps commercial companies have taken to safeguard information in transit from companies and their devices. Apple, google, facebook, they now offered these services. What he was there to argue against was the allowance of that. Because, he says that endtoand encryption equipment gets in the way of law investigation groups and groups like ices. One of the important things about this opm that had to come out is that user data was not encrypted on the database. It is not the same issue, but it is related. We have not begun to think about all of the different ways we interact with this technology on a consumer level and the highest level of governments. Host could the president have been impacted . Guest if he had filled out one of these forms, yes. It is not inconceivable. Different things that would be used probably exist out there around the president with the exception of very personal information, like Social Security number. The president is not going to be subject to Identity Theft or fraud. People know who barack obama is. He is guarded enough that it will not have any effect on him in terms of national security. What is at stake here, the vulnerable targets, are people that have intelligence assets listed as contacts in foreign countries. Those people that wind up in these forms who have actually it nothing to do with applying for a job in the government. As director coney mentioned, his travel is listed. Laces he is gone. People he has met. Show up on these forms. In terms of national security, that is what we are worried about. Host harold is up next. Caller i am an independent taxpayer. It sure seems to be a problem with this administration in particular. All we get is apologies and this happens again and again. I mean, the Civil Service seems to be more concerned with how to apologize the into getting a clue against taking action. I will take your response off the air. Guest i think that is a feeling filled by a lot of different people who are thinking of the ramifications. It is clear there are a couple of things that could have been done to keep this information more safe. Now they are going to lose out. The thing about personal data as it is entered into any computer system, a matter what part you are part of, there is mauled her ability there. It is a fact of life. If data is collected it is going to be used. If it is used, it becomes vulnerable. Independents, republicans, democrats, it affects everybody. It is the way information moves in the 21st century. Host kathleen says the government should hire my navy son because he makes backups. Of course, that was not the case in new york in Lower Manhattan on wednesday. Guest this was an odd incident. You had this enormous grounding of uniteds entire fleet for not too long, but long enough to cause serious alarm. A few hours after that, the New York Stock Exchange shutting down for more than two hours alarmed and what people. It is not the the u. S. Stock exchange does not have backups. Brazilian see is something we think about. Admittedly, one of the best diagnostic and for an sick diagnostic forensic pieces of evidence is we rushed to put software into these incredibly complex systems. We rush to put new software on top of old. If you are trying to deal with this as an engineer, you are dealing with a lot of legacy software. The source code is a mystery. It is the continual application of different technological bandaids and bandages to systems that are incredibly vital. More complexity in any one person cannot fathom. They run continuously at a incredibly high rates of speed and we keep learning them without any understanding of exactly how much they can stand. We can preach redundancy for backup and resiliency for the event of an outage so that businesses elsewhere might work. At the same time, we demand more from these sorts of systems then we are in many ways able to accommodate. And we have not appreciated that. Host a quick update from monty. Is there a 100 percent secure cyberspace . Hackers and their toll seem to be evolving at a high speed. Guest that is what the commenters are upset about. Is there a 100 secure cyberspace . That links to the internet. We have agencies that are dedicated to cracking it so they can intercept intelligence. Do we want them to do that . That is what the mandate says. Having said that, there are tools that you can use to communicate much more safely and anonymously online. One of them is onion writing. It is called tor. It was developed to allow people to communicate with one another while remaining anonymous. It is used by dissidents. It is also used by child pornographers. It is a tool. Tools like that help keep the broader internet safer because it keeps Information Secure and prevents passwords from getting out and prevents future hacks. But also, as director coney would say, secure communication creates in enormous Law Enforcement challenge in that is when he is trying to tackle. Host were talking about internet and defense vulnerabilities. Patrick tucker is here. Good morning. Caller i hope you can and lightest and lightness on an article that was in the wall street journal. Employees behind the firewall being able to go to their personal gmail or yahoo email accounts to read their personal mail and at attachments there may be a source of insertions. The wall street journal article basically said the government tried to, several years ago, is eliminate this and the federal employees union went to court and the courts ruled in favor of the federal employees union said the people such as me would continue to have access to their personal gmail and email accounts. That is the way i understand the article. I am hoping your guests could clarify or enlighten us as to that area of discussion. Thank you. Guest i have not read that particular article. This is an ongoing concern though. Ensuring information across networks. Certainly for military. You skip between different email accounts. You might have devices you bring with you. You might have the devices given to you. The temptation not to move from one account that you know a specific for that particular device to another one so you can check personal email, that temptation is too great. I think it is completely understandable to the extent that happens with people with dedicated devices, it happens a lot. I know i am surrounded by devices. Im checking all of my accounts all of the time on all of them and not is just the way it works. I have not read this article, i am not sure what conclusion the article writer reached, but this is one of the reason people say that endtoand Encryption Services on devices like the Android Phone or the most apple phone are so important. That is what allows a somebody with a device like a personal account and a federal account to use all of that safely. That would be the argument in favor of that. And, we not exactly sure what the attack vector was on this particular attack. Because, it was discovered long after it began. Long after it was in the system. Almost 80 year. I get, we have not even been honest about attribution yet. Weve not been able to know who will want to entity was behind it. Knowing exactly what federal employee did write to open the flood gates, i think that will be a mystery for a little while longer. Host you can follow the work of tetra tech are at defense one. Com. Richard is next. Good morning. Caller mr. Tucker, mr. Scully asked you a question as to whether she was being used as a scapegoat. On the Steve Kornacki show there was a reporter who was claiming, and hopefully he was right about it that it was businesses that do not have the cyber qualities that to the federal government has and also that on the board of these people were several generals. In, my question would be, i hope that you people look into the real situation and not to use people as scapegoats just to satisfy your ego. Host thank you, richard. We will get a response. Guest this problem will persist. So, in terms of the effect that larger businesses have on nationwide Cyber Security, this is something that remains an ongoing debate between the Obama Administration and different parties. Many people say that what would be best would be to have a mandate that Different Companies report different malware intrusions to the government and then the government can, through dhs, share that information more broadly. Right now that mandate, there is opportunities to do it voluntarily. But the mandate does not really exist. So, there is a lot of discussion between great pink business and government about how to pursue as a nation better Cyber Security. Business would prefer the government provide Cyber Security as a Service Really to almost all businesses, particularly those associated with infrastructure. The government says that is a unrealistic unless we can figure out some of these issues with reporting. At the same time, if you are a company and you report a big region and you do not have liability protection, youve intentionally face a big celloff. It will not be good for the company if they report a big reach. Host you talked about united airline. Exactly what happened and how did that result in them shutting down operations for several hours . Host guest we are hearing it was a router. It is not one that is associated to how you would look online. That was my originally thesis because you can enter that system for affairs if youre someone who is cybersmart. You can learn different search query language. Search engines on Different Airlines and discover funeral surcharges and different routing. That is sort of like a hack. And that is not the case here. We know as a single router connected to the reservation system triggered a series of human responses which was the shutdown. Nothing mechanical was wrong with the planes. Nothing wrong with the navigation system, for instance. The reservation system outage made they could not verify people showing up for not on a nofly list. They could not verify the contents of the manifest. The faa ordered the stoppage. I think a the idea that a single router was the culprit is remarkable. But the fact that this happened on the same day as a major New York Stock Exchange outage is why am talking about it today. Host do you think it was a coincidence . Guest at this point, that is what the evidence suggests. I was thinking perhaps this is the thing though, online reservation systems for airlines is in attack viktor. This one, at this point in time, appears to be a coincidence. But, the online reservation systems is a pretty constant factor of attack. As mentioned, you can use different data about it to gain from fares. That is a continual concern. At some point, if you break it in a particular way you trigger a human response which is, that an entire airline is grounded for the time being. In many ways, that same thing is sort of true about the New York Stock Exchange. You can game the Stock Exchange and all of the high velocity logarithms on it for shortterm gain. This is what high velocity trading is. There are a couple ways you can do it illegally by frontloading by or sell contracts which will then canceled. In many ways, this was blamed on the 2000 12 2012 flash crash. So, both of these things really show that these systems that we all use a lot, they are going to be the subject of continual lowlevel scam and intrusion attempts no matter what we do because there are ways, there are ways to manipulate information going into them for shortterm monetary gain. This is to be expected. Host we welcome our listeners. Our guest is Patrick Tucker of defense one. We are focusing on Cyber Threats and vulnerabilities of United States technology. You can get more Information Online at defense one. Com. Don is joining us from wisconsin. A federal employee. Current or former . Caller former. I was in the washington, d. See i was in the washington, d c. C. Area. Right now, the government, at least not for the last couple years, the mission is not to go find the most confident people to deal with the problem. They look to diversify the workforce and so they are going to have to have so many people of different ethnic backgrounds were male or female. The government keeps a quota on these things. Sometimes people get moved into jobs in their completely not qualified. In then, i kind of watched this a little bit on maybe some of your former coverage on cspan, there was a lady who just resign. I do remember the numbers. Then there was the one who was the cio. You would not have no context of the interview but just the way she answered the questions, it is obvious she is over her head in the job she is in. They had another gentlelady on there and i think she was a contractor, and you can tell the way she qualified the answers she knew what she was talking about, but she was not the person making the decision. Host it the now former head of the office of the office of Personnel Management, correct . Color she is the one who resign. The one who was the cio, i think her name was suzette. I dont remember what her first name was. Color that sounds familiar. The name escapes me at the moment. I cannot speak to whether or not , you know, a government focus on diversity had any effect. I dont think it does. In that sector, you find a lot of ceos who are over their head on a pretty regular basis. This was preventable but that is something that hindsight gives us. It was preventable. Exactly how it would have been prevented and the context of what unfolded is trickier. It was a concert at effort is some nationstate to create a very sophisticated piece of malware or a very specific purpose. On one hand, we should be expecting that. On the other hand, if we had been detecting that from this book particular malware act, there wouldve been another one. You have to assume the Data Collected is going to get out. On the one hand, i think the lot of feeling of frustration direct did are legitimate. Theres something legitimate about that. There are a lot of gaps in the way our folks communicated with people. The fact that, you know, just last week, even a few days ago the director was saying there was no reason for resignation. The continual growing of the numbers. That is what is odd. To go from, we imagine 4 Million People affected up to 21. 5 Million People affected. Host were getting ahead of the story. Guest exactly. You begin with the idea that information that you collect is going to get out. You start with the idea that as many as 22 Million People might have been affected. If you started with that on day one, some of it politically may have played out differently. Host we have another federal employee. Good morning. Caller good morning. I want to make a general comment. To clarify i am looking at the letter i received. I assume most of the employees received. The cio of the opm. She may have stepped down. My concern is, this letter says, i was just reading it again, it says that all affect did individuals, will have 1 million worth of Identity Theft insurance and full restoration by cs id and till 1217. I just read that this money. I thought, that means, after that date, if something were to happen, we are on our own. What is also interesting is the letter says that, pretty much, any alleged issues concerning opm or the United States by the issues covered by the letter are determined solely in accordance with appropriate law. Nothing in the law makes me think the government as accepting liability. Very concerning. At this point, all i can do is hold my breath and keep my fingers crossed that nothing comes my way. It is disheartening to note that essentially, they are looking out for us through the 16th, but what if something happens after that date . Host when did you get the letter . Caller i guess i got this may be a month or so ago. It allows you to go online to, you know, to establish that you want protection. The letter also says that even if you choose not to, you automatically have the coverage. Of course, i logged in, set up a password, and allows me to check periodically to see if it has had any, you know, impact to my account. It is very disheartening. It makes you angry. I am like, really . My gosh. There are people on the street that could probably do a better job of protecting our information. I mean, you have got these highend hackers. The government ought to call them in to get them to figure out ways to protect our information. It is very disheartening. Very scary. Host thank you. Test i think that is a really valid frustration felt by a lot of different people. The idea of providing some protection some insurance with an end date because that is what you figured you can afford week is that is what the level of risk demands, this is a little a political and budgetary consideration. You can imagine a classaction lawsuit and damages resulting from this. It is hard to say. I think, at the same time, that the question of how to protect personal information that is put onto a form if you gave opm any information after the year 2000 it is now just out there with everything else. More a question of how to protect information in the world we live in where we are creating more information almost exponentially by the day is not one that i think we are dealing with in an honest way. There is only so much you can protect. The goal then he comes to decrease and destroy the value of the information almost at the moment it is taken. Some of the things that hopefully the government is doing now and i know that people in the there, what they sometimes do is go through the database they know was copied and attempt to reduce it to cryptographic hashing and then out of that information as the data makes its way onto the dark web, socalled, where potential fraud sales may happen later, that is something that could happen here on the weaned of these dealing party, that limits its utility and value as a stolen item. Of course, you cannot change your associations you cannot change or pass and you cannot change your Social Security number, but you can change your password and you can change what email you use and those are good steps to take. It is certainly worth looking at different habits to monitor whether or not your information is being used to intentionally imitates your identity online. It is like a fact of life now for perhaps as many as 22 Million People. On the next washington journal, can blackwell on how religious organizations plan to respond to the ruling on samesex marriage. And the editor and publisher of the nation looking at progressive politics in 2016, including the campaign of bernie sanders. As always, we take your calls and you can join the conversation on facebook and twitter. Washington journal. Live on cspan. Next weekend, on cspans road to the white house, two major current political events. Friday night at 8 00 eastern, we will be live for the hall of fame dinner. It will be the first time that to all five president ial candidates are sharing the stage. Then the family leadership summit. Where nine candidates are scheduled to speak. On cspan, cspan radio, and cspan. Org. Cspans road to the white house. We take you there. Next q a with Kristen Soltis anderson. That is followed by prime ministers questions. After that, a house hearing on the Construction Costs for the u. S. House in kabul. Brian this week, our guest is conservative pollster commentator, and pollster Kristen Soltis anderson, author of the selfie vote where millennials are leading america and how republicans can keep up. Brian Kristen Soltis anderson in your book, why did you tell us there have been one billion downloads on something called candy crush . Kriste