As a significant as it was during katrina . Holy cross, it came and went. Here it stayed and stayed for weeks and weeks. Was this middleclass . High net worth. You can see theres a little mentioning even in a house leak that, actually a house like that was 250,000 which is a lot, and you know, considering. These nights maybe these newer ones and closer to the lake, the more expensive. But yeah, these are 350, 400,000 houses. And some of you know, the two story ones, the pool. Not like a neighborhood no this neighborhood is very challenged because again, severely, severely damaged, however, they have a very strong neighborhood association, and they have done a lot. Weve been working with them. Weve been working with them quite a bit. And south lake view, in fact, is a Historic District that is coming back. Lakeview will be back. It is going to take a while because of the amount of damage. But most of the people over here, they had insurance, they have more means. And this land always going to be valuable because of where it is. Again, thats, you know, when people say just give us category 5 levees, well do the rest. It is, and had is where the wealthiest people lived. I havent gone anywhere, and a almost afraid to go and visit other family members and other cities or go out of town. Because i dont to know, feel normal again. Until were normal here. Because i dont to ga to normal life and, you know, everything to be perfect. Because i guess i dont to be influence that i might not want to come back. But im staying, and if i was to car compare this time six months ago, nine, leive months go we have come a long way. I couldnt believe what i was seeing even when i came back a month after. Look at it, we got cars on the road. This was a road where people were sleeping and dying. We got rush hour. Never thought i would be happy to say it. But weve got traffic. Weve got stuff open. So when youre happy when you think about the future of the city . Im very optimistic. I wouldnt live here if i wasnt. I do have family in other cities i could live in and perfectly good cities. Like atlanta. But very optimistic that the city will come back and be strong and attract business. And prosper economically, the thing that i personally worry about is will we preserve that culture and, you know, our architecture, our culture, our food. Can we preserve that . Because the city is not insular little city anymore. Weve got people coming in from everywhere. And this city will change. I just, you know, we just want it to change in the right direction. We want to preserve all of the great things about this city an fix things that should be picked and i think we can be a best practice for urban planning. This has never been attempted before. No one has ever had this, you know tragedy of opportunity like we have in new orleans. Which is you never really havent since the civil war in modern times wiped the slate clean and start off with how should the city be planned and how should the city function . So this is an opportunity very unique in the United States. I dont to see in which you wouldnt recognize ever was a historic city. Or frankfurt i think that we can see you know, that that looks like new york, and in a small way. So i dont the fabric and character of the city to change. Thats what i loved about it, why i came here. Sue thank you very much. Well coming up in about 15 minutes or so love coverage on the Homeland Security hosted by the American Bar Association it is about 25 minutes. That discussion will focus on National Security and antiterrorism. More Hurricane Katrina anniversary coverage live tomorrow as former president bill clinton, new orleans mayor lisp landrieu members of congress and residents will all take part in a commemorative event. Live coverage is on cspan starting at 6 p. M. Eastern. And now until 3 30 or so a force of the todays washington journal of the 10th anniversary of Hurricane Katrina. Nowl joining us is former mayor of new orleans, and National UrbanLeague President mark moriel good morning youre quoted this morning in the Washington Post as saying with regard to new orleans of the rebuilding were at halftime. What do you mean by that . What i mean by that is thatt the city hasnt been fully populated all neighborhoods have fully come back. Pendinghb reimbursement claims that the city had with fema, rebuilding the renaissance, resurgence of the city has still quite a distance to go, and we at the urban league applaud progress that has been made. But weve also pointed out bye. Way of report release by the urban league of greater new a orleans this week about the continuinggr challenging of poverty, jobs, income and education that still plague this city and confront this region. So in understanding where we are, ten years later, it isre important that people not spike the ball, not pop the cork on the champagne bottle but really applaud the work thats been done but commit to this continuation. It took San Francisco 25 years to come back after a the devastating earthquake in the early a part of the 1900s in this rebuilding of new orleans i still believe is going to another 10 to 15 years to be full and to be complete. Where is some of the successes in your view and where is some of the not so successful areas in so i think that successes have been that lots of Public Interest has been rebuilt. Theres a new levee system. That levee system is considerably better than the levee system of ten years ago n with new engineering floodgate and storm gates. Secondly there are 38 brand new Public Schools that have been built. Because the old schools were destroyed. Thirdly, many people through a combination of government conformro says, private insuranu their own savings, their own sweat equity, have built their home. Theyve rebuilt their businesses. And its visible in many parts of the city. So i really think the real underscore should be that the perseverance, the commitment of people because of the culture an history of new orleans has been theec driver of all that weveor seen up until this point. 22 is area code 8,000 if you livear in new orleans you want o talk to former mayor mark morial about the current condition of the city. En mr. Mayor, did you face any large hurricanes when you were mayor and what was your reaction . I faced several hurricanes perhaps most serious of them was hurricane georgias in 1998 which required us to call for a voluntary evacuation of the city, and required us to use the dome in the Convention Center as shelter of last resort. Hurricane georgias which was bearing down on the city and could have been katrina diverted as many hurricane its do at thed an hit the gulf coast of mississippi. That hurricane i think was the most serious threat on the city in quite a bitur of time. And new orleans is also had flooding incidents, occasioned by heavy rainfall. And we had one or two memorable flooding incidents as a result of rainfall. Nothing of the scale of katrina. Because it is important to emphasize and reemple that the fail ad flood wall, the drainage canal, and the failed flood wall along the Industrial Canal were large contributes factors to flooding that really took place after Hurricane Katrina had passed by the city. So we face that. It was indeed a challenge. I made it my business during the years that i was mayor from 94 to 2002 to be briefed extensionively on hurricane preparedness each and every mayi because i wanted to make sure that the city was indeed fully prepared. There waspa nothing of the scale of katrina an i would emphasize that in a major disaster, federal state and local cooperation is essential, and it isnt that, quote, one branch of government or the other branch of government is fully responsible because the assets you need. The response required, with requires a tremendous evacuation if theres the response needed to people who may be stuck, i thine now the Lesson Learned theres got to be a Transportation Plan to help those who may not have automobiles, those who may not have private transportation to evacuate when theres a threat of a big hurricane. The black population in new orleans decreased 118,000 sense katrina. Whats the significance of that . This significance is that it is important to recognize that the city still remains this cultural gumbo, this mix of people, and that still approximately 60 of the population remains africanamerican with remainedder being white, asian american, vietnamese and latino. I think what it reflects is for those that were renters those that did not own their own homes coming back was very difficult because many rental units were not quickly or even to this date not fully restored. Secondly, many of the black middleclass was displaced. There was a layoff of some 7,500 teachers. And areas of the city like park and new orleans east has been to some extent they got a very slow start primarily because there was i think, an effort by some a suggestion by some and a plan be some that those neighborhoods should tin deed not be rebuilt. So they are playing if you will, catchup in the rebuilding process. So its been difficult now you have a large if you will new orleans in place like baton rouge. Houston, atlanta. Some of the river plants, many people who evacuated, remained if youn will in the region to such an extent that butten rouge is largest city in the state of louisiana. Lets take some calls for you. I want to show you facts from the New York Times before we do that. Property taxes have doubled in new orleans since katrina. Flood insurance rates have tripled. Tr watersu bills will more than 2020. By and home prices in some historically black neighborhoods have doubled as well. Marc morial is our guest. Larry is with boeing green, kentucky. Good morning. Ky challenge the chief and ths is what i have to say. Why is that accomplish arrogant donald trump take you bars to his wallet and do good down in new orleans. Thank you cspan. Mr. Mayor do you have any comments of that . All ill say it is interesting donald trump actually proposed a highrise Apartment Building if i recall in new orleans right after the hurricane. But it didnt get built. He has a hotel down there, though, doesnt he . I think hes got one down in the cbd okay. Im not sure of that. But interesting, but im going to stay away since hes the president ial candidate and stay away from commenting on president ial politics this morning. If youre in new orleans yowpghts to talk to former mayor, for you to call steven in st. Louis, steven youre on with marc morial. Good morning, gentlemen, federal employee up in st. Louis here, i have watched all of the town Hall Meetings all through the week. 2 in the morning, 11 00 wherever theyve been on, and i remember very vividly. I tried to actually go down there and do volunteer work, and i didnt get selected but i have two very quick comments. Ive been seeing and i remember this back in 2005, there was a lot of comments about people,ab poor people couldnt get trade, fema was slow there were bodies all overrule the place that we lost all of these people. I needed some understanding this was a catastrophic just looking at some of the pictures this morning, i cant even imagine what those poor people went through. I dont to use the blame game thing. But what was some of the problems back then. I know that people were utterly frustrated and heart goeser outo them. Thats the first o thing. Second thing is the job issue. We need to get these young peopled to work, i mean, ill e quite honest with you. I didnt have a job, no way to get i a job, i might be selling drugs myself or doing something illegal. Im going to be quite honest about that. Theseal young people, this is or livelihood. This is our future. Th and i put down the politicianings. You get elected it to office, oe of your main goalses is to be a salesman. To get companies, to come into your area. Thats a difficult thing ive never been in sales so maybe im dish shouldnt be saying that. But i look at our politicians, theyve got to hit that road get therecompanies in somehow. So that we can get these young kids to give them some hope. Thats my comment. Steven in st. Louis. Ill take his question. I agree fully with steven, with the idea that there is no more important issue in America Today than trying to provide Employment Opportunities which lead to positive quality of life for young people. And what the country has to do is step away from the traditional, political conversation which says, well, is it a government responsibility . Is it a private sector responsibility . Va is it all about education . Its about all of the above. It is a private sector responsibility, and in my work at the urban league, we encourage the private sector to invest in understand the greatou hope and possibilities of americas urban communities which is seen tremendous disinvestment over the years but i think it is also a government responsibility. If we can spend a trillion in iraq and if in afghanistan, if welcome spend significantsp front money to public dollar and foreign aid to assist othero countries, if we can provide tax incentives, some of which encouragenc investment abroad, then we can, if you will spend and invest in providing Job Opportunities for the young people of america. Youve got to do better with schools yeah weer have to do th. But some of them is also a by young adults. And young adults who do want to work, do have the capability of working. And there isnt enough opportunity for them. I give everyone a number. Between 16 and 24. One out of every 5 young peoe is neither working nor in school. One of 5. Thats approximately 7 million pipe. So we at the urban league have an initiative, jobs rebuild america where weve increased the work we do to help provide job training for young people. Weve got programs in new orleans, and in several communities, many, many communities around the nation. And we do this work, however, we have long lines of people whoon want to be part of our programs, and so were fighting every day. For more if you will, investment to fund more job training slots in Community Across the country. Next call from marc morial comes from stephany in wiltonn pa. Me oh, my. Stephanie were listening to you turn down the volume on your tv. Ph go ahead and start talking, okay . Im just im just you know what stephanie im go ahead and move on tog all of the callers once you get on, turn down the volume on your tv you can hear everything through your trch and if you leave your tv up then we get the feedback, and it slows the g program down a little bit. Jeanie is in new orleans, jeanie youre on the air. Hit, my husband and i returnedch to new orleans in 206 i wrote a neighborhood column which i was asked to do because i started kind of a blog after the aftermath. But one was things that reallyof bothers me here is that the insurance that people are paying for their properties is justpr horrendous, and nothig has been done to help get that under control. This is caused so many people to lose their homes, and yes there are new people who have come in here and are building and were grateful to have them. But a lot of the people who were here before katrina and came back and tried to rebuild, havee been not only unsuccessful. But have lost their homes. People who were in their 60s and were tired and, you know, their house was almost paid for and suddenly they have an enormous mortgage because of the failure of both the governmentrt and the banks. For not helping people to be able lnk to get back on their ft without causing them suchbo distress were talking abouts middleclass people. Can you give us an idea of what the insurance cost changes have been, and what neighborhood do you live in, in new orleans . I lived in lake view, and i can tell you our insurance just for basic and i mean basic and not great insurance but basic insurance cost over 6,000 a year now. And with property taxes, the way they have gone up, its about 10,000 a year just on those two items. Which are ridiculous. I mean, its just has really hurt the people who came back early on in this. And we saw many of our friends who have lost their homes because of this. They couldnt afford to live here anymore. Thank you maam lets hear from former mayor im glad jeanie raised this issue i think all of the numbers show that the cost of living whether youre paying a mortgage, or rent, plus insurance, housing costs have dramatically increased in thisdr community. But what i would say to jeanie is that Insurance Companies in the state of louisiana are regulated by the statesat commissioner of insurance. And i would encourage him to ben invited to come on this show and talk specifically about increases in Homeowners Insurance that really is making it difficult for people who have returned to stay in the city and for many, many other it is to come back. This is why i have called this a continuation. Because the city, the region, neighborhoods continue, continue to face challenges. Lakeview is one of those great communities of homeowners, tightly nit, many of whom camef back, some who tore down old homes and rebuilt new homes, and these issues of the increase in cost of insurance certainly need indeed to be addressed and ive said to people look, Southeastern Louisiana is always going to be at risk of a severer weather event. Er but so is coastal mississippi. Coastal alabama, coastal florida, all of the way around south carolina, north carolina. Over to texas the beauty of the coast is that it gives us beauty, it gives us abundance, fisheries, it gives Us Offshore Oil and gas, but also the gulf of mexico in the summer time because of the warmth of the waters is really, really a feeder that strengthens hurricanes, it is a community that is going to be just this insurance issue needs to be idressed. Certainly by those first line whoos are responsible and i thik thats the state, the commission of insurance, and i think members of the legislature have to raise this as a higher priority issue. Gh clifton is calling in from rochelle, georgia, hi clifton. C good morning. The best i remember there was some 2 billion and credit card fraud that went on during the hurricane. It like to know how much money of that money have been rocovered and how many people have been prosecuted for that fraud and til take that there,ff and you have a good day. Mr. Mayor i dont know what the number is, and im not thew best person to answer that question. That should probably be directed to the Law Enforcement authorities and districtte attorney perhaps the United States attorney here. To determine what, in fact, may have occurred with that. But i couldnt address that. I want to read two tweets to you mr. Mayor and get your view on this. This is the first one 52 of black males in new orleans aremp unemployed yet obama fights to give 5 million illegal aliens work permits followed by this one, what impact has the new influx of illegal aliens had one the availability of low cost housing for those who would like to return . Well i think its important the tweets sort of suggest obama is fighting to give, quote, undocumented immigrants work permit, undocumented immigrants receive work permits is something that has been happening for decades, and the people who request work permits for undocumented workers are businesses. Restaurants, sometimes hotels, Meat Processing plants. If you will, large farming concerns. And the law gives these businesses under the current law the right to ask for work permits. Secondarily many of the Immigration Reform bill would involve a tightening of the eligibility for work permits, and i know at the National Urban league, we fought for a systemte where less work permits are available for businesses when unemployment is high in the United States. Ta and i think its important if you will to recognize that the main proponents of work permitsi are many Business Concerns in the p country. Not president obama. Virginia youre on withew former new orleans mayor marc morial. Yes, sir. I understand as a marine that new orleans is a major port city for a lot of imports through the gulf. However, i grew up just northwest in state of oklahoma and moore, oklahoma, since 19 99 has hit has had three f5, f4 hurricanes and theyve had very, very little federal support. But they have rebuilt on their own. So what is the issue with new orleans besides at the major port city, and one of their major sources of income, of course, is not only the port but tourism . So you want to see how a city rebuilds, they have rebuilt three times since 1999 up there in oklahoma. Andey thats my comment except that you know, i understand new orleans has had this issue, and also i can go on about this for ten years. But also the crime rate in new orleans dropped almost 75 after a katrina, and in houston it went up over 50 . Ve so i would like for you to address those issues. Thank you. Let me say this, you know, Many American communities have faced Natural Disasters. New orleans faced a Natural Disaster and a manmade disaster, the flooding, the devastation that took place in new orleans took place because with of failed levees. Levees which were improperly engineered. Constructed and maintained. A but for the levee breaks, we would not be having this conversation about new orleans. Now, we would about southern mississippi because southernbo mississippi also received a brunt and much of alabama received a brunt and coastal alabama, the brunt of Hurricane Katrina also so it is important to recognize that fact. And it is also important that under normal circumstances, when you have such a manmade, manmade or man caused negligence people would have gone to federal court and saw compensation through the Civil Justice system. In this instance army corps of engineers is immune from most lawsuits involving how they design, how they engineer, how they construct and how they maintain the levee systems in the Flood Control systems arouni the United States. Thats a fact thats got to be clear. I think secondly, if i said ten years ago, i say now, i think that if people are suffering i would suggest that most people who suffer from Natural Disasters dont realize that the federal government has probably played a role if theyve been victimized by flooding that they may not realize the flood the Flood Insurance system is a federal system. Theres an automatic right under the stafford act in a Natural Disaster for public infrastructure, to receive compensation for people to be rebright light. I think a lot of times there maybe federal support that people may not if you will, realize. People in the gulf region, new orleans, mississippi, i think have rolled up their sleeves and really worked hard to rebuild, an mayor landrieu here in new orleans has also been very upfront about thanking the philanthropist, the volunteers, the faith based organizations, the communitybased organizations, the foundations from all over the world that have helped the gulf coast in a time eve great need, in a time of an extraordinary. Katrina was an extraordinary catastrophe for this nation, and for this region and for this city. According to fema 738,000 households in louisiana were approved for assistance after katrina. 274,000 in mississippi. 55, 56,000 in alabama. This is on the fema website if you want to see these facts and figures for yourself, here is a map of the city of new orleans. Red dots is where bodies were found 1073 is death toll from katrina. This down here is the Garden District over here is the french quarter. This is the Central Business district in this area here. And over here is the lower 9th ward, and lakeview is up here. In the new orleans. Christopher is in palm bay florida hi christopher youre on with marc morial i wanted to thank you for your words. You know, im africanamerican male [inaudible] through the rest of this washington journal segment on our website go to cspan. Org, and now to the American Bar Associations home lapd security conference, and a panel on cybercrime. Just getting underway. [inaudible] c cspan so ask that those of you in the audience that have novel phone rings please suppress those rings for the benefit of everybody else, and also as you go in and out of the room keep the noise down but we know you have to exit for food and other things. So i want to thank the presenters on the last panel and im sure the other panel was great in the room was great sorry i couldnt be in the same place. But it was a continuation of this program. We end with a panel today that we put this imagine purposely at the end. Because we felt like it was so critically important that we wanted to keep you rivetted in your seat and skdzed in keeping many of you with us. Thank you for staying with us you get full cle credit for being here the entirety of the program so thanks for making it possible to have you with us. Next panel is on cybersecurity, and youve seen your Program Welcome another person is listed thats with a conflict and luckily we have an all star thompson who is moderating this panel, and when i when lucy is in a room and i back into that room i believe lucy is the brightest person in that room because shes so capable and knowledgeable about cybersecurity people in the aba American Bar Association looked to lucy to generate wonderful product and so much of it lucy gets credit for, but other people also take credit for lucys work so i want to take credit in advance for lucys work today. And i know shes going to do a wonderful job as moderator. Lucy is founder and principal of washington, d. C. Law firm with legal issues at the intersection of law and technology. Particularly those related to cybersecurity global data privacy and compliance and Risk Management. Shes the science and a Technology Law technology section. Shes a member of the aba house of delegates, an shes part of the Cybersecurity Legal Task force shes currently cochair of the Security Privacy and information law division, and is a founder again and past cochair of the Homeland Security committee. Its a great pleasure lucy to introduce you so you can introduce our next panel. Thanks. Well, thanks joe, and congratulations on the final portion of the really oustanding twoday program, and thanks to all of the audience for staying with us to the last bell. I think youre going to find this program packed full of information. Its hard to capsulize cybersecurity into one hour. So were going to try to give you some insights that you might not have thought of, and help you understand the questions that you need to ask so that when you go back to your offices youll be the most knowledgeable person in the room when dealing with the i. T. People. So the focus of this program is on the u. S. Intelligence committees community of 2015 worldwide assessment that contains sobering of global and regional threat. Notably, cyber is first topic on list of eight threats. Take a look at that strategic summary of the Global Threats this report provide an analysis of risk to companyings and Government Agency as cost to our economy, and describes the threat actors who are responsible for massive data breaches that have been in the headlines this year and in past years. Today, our panel will delve into the details of the report and provide insight on three main topics. One is the current threat matrix. Second one is readiness and Risk Mitigation. What do we do about the cyberprogram, problem, and the third one about is about insurance. Whats the scope of available cyberinsurance, and whats the role of insurance in Risk Mitigation . So im very pleased to introduce you to my colleagues who will be on this program today. Frank to my left, your right is an associate Vice President as the George Washington university where he directs the center for cyber and Homeland Security hes codirector of gw cybercenter for national and economic security. And along with the school of business, he launched the universitys world executive nba and cybersecurity program, prior to joining gw frank served as a special assistant to the president for home Homeland Security and was strurmtal is developing administrations priority and initiatives. To his left is matt, who joined 8th in 2014 as National Product line manager for aces network Security Privacy, and technology product. In this role hes responsible for the cybermanagement in the United States and he plays significant role in aces global cyberpractice, and at the end of the table is Tom Mcdermott who was the dhs assistant general counsel for infrastructure programs. He oversees the provision of legal advice in connection with the department of protect u. S. Critical infrastructure. In the areas of cybersecurity and voluntary efforts, to ten chance the security and resilience of Critical Infrastructure from terrorism and all hazards. Youve heard a little bit it be what his team does within and hes going to delve into the details of what the National Cybersecurity and Communications Integration center does as well as that National Infrastructure coordinating center, and some more about dhs programs including einstein and enhanced Cybersecurity Services and continuous mitigation and diagnostics. So well begin by asking frank to please give us some information about the cyberthreat environment. And well refer to these strategic assessment and ask prank to tell us who are primary actors in this cyberwar, what are their intentions and capabilities . How would you prioritize adversaries and what are primary targets . If we go through this program well invite your questions as we go. So frank well turn it over to you. Thank you lucy, and thanks to all of you who are real troopers, 78 degrees, no humidity. Friday afternoon in the middle of august in washington washington washington, d. C. So thats impressive that youre all here. And congress congrats to aba for a two days. Very is briefly i think it is important to recognize that not all hacks are the same nor are all hackers the same. You read the headlines daily and sometimes it is difficult to discern what really matters. And the one consistent take away i think, is that the initiative continues to remain with the attacker. And theres a lot more that needs to be done to shore up our cybersecurity with large, and in terms of the threat actors specifically, they come in various shapes, sizes, and forms. At ranging from nation states at the high end of the spectrum all the way down to activists and everything in between foreign terrorist organizations, criminal enterprises, and the like. But when we talk about nations, about there too just like the threat actors are diverse so to are tpps the actual capabilities and intentions of the various earkts. So when you talk nation state a lot of intentions differ between country to country. For example, if you were to look at those that are at the very highest level of our threats spectrum youre talking about countries that are integrates Computer Network attack and exploiting into their war fighting strait ji and doctrine. Think russia, think china. Theyre building out very sophisticated Computer Network attack capabilities but deeply involved in Computer Network exploit in the difference between attack and exploit think of it as a war fighting weapon and exploit is more espionage. Clearly if you can exploit if the intent is there, you can also attack. Because theres been a lot of exploitations that havent led to attacks shouldnt mac you sleep a whole lot better. But when youve got russia and china perhaps on the very high end of the threat spectrum you have other countries that are investing significant resources into building out their cyberwar capabilities and im not crazy about the term because it means Different Things to different people but at the end of the day building out offensive capabilities, in this case think primary north korea. Think iran, whriel they may not be at the level of capability as russia, china, or the United States, they more than make up for that capability in intent. And they are increasingly turning to cyber as a means to as a means and a weapon to try to level some of the playing fields. But when you look at the percentage of gdp and of this country theyre investing heavily there. Why . I think theyve recognized theyre not going to be able to defeat the United States an allies in a traditional warrant and congressional battle field tank for tank, plane for plane and cyber provides that equalizer in some ways, and unfortunately it is not costly to build out a cyberdrive by shooting case ability to have a disruptive effect. Underneath nation state you have foreign terrorist organizations, clearly we know what their intentions are. Fortunately their capabilities dont meet necessarily their intentions. But unfortunately were starting to see a number of troubling and discerning and disconcerting trends, for example, if we just note how successful isis has been in their social media efforts and their social media campaign, we shouldnt think that theyre not going to look forward toward building out their Computer Network attack capabilities. One trend were seeing right now that theyre very active in that i think is troubling is their backing military officer and Law Enforcement officers using social media to identify individuals and threatening their family members. This is this is making conflict personal, and whereas technology will change, unfortunately human nature remains consistent so anything that happens in the real world is a cyberanalogy in one way or another both for god and for bad. Underneath foreign and, obviously, when youre looking at foreign terrorist organizations, about theyre he havely dependent upon sign beer a mean to facility their craft, to recruit, to fund raise, to radicalize, et cetera, et cetera,est underneath ftos you would put criminal enterprises again, theres many capabilities as there are criminal enterprises. But at the end of the day, youre starting to see capabilities in the criminal underground that used to be in the hands of only country and governments. And many governments are turning to criminal enterprises as they dont want to bring it back to you name it. So at the a end of the day here youre starting to see some really sophisticated activity especially out of russia, and that out of the former soviet individuals and theyve hired guns, in other words they can rent their services, you can buy their tools, and it is getting chopper and it is becoming more and more user Friendly Point and quick. Activists i dont think that you can generallyize there. Anyone with a special interest. Good, bad, across the spectrum that they too are investing to their target companies and the like soy probably went on too long since ive never had an unspoken thought and it is a friday but i thought i would leave it at that point now and turn it over to my colleague. That is just great. W e79ed to show you some resources that you might want to refer to later and bring to life some of the things that frank was saying. This graphic comes from a website called information is beautiful. Net and this is an awesome website, this shows data breaches in 2015, 2014 range and if you go to this website you can sort by data breaches, by year, or by type of attack, or by sensitivity of data, or o by those they call have interesting stories, and when you click on each one eve these circles youll see the details of these breaches that weve read about in the paper. So this is a phenomenon that was highlighted in the threat report which is that dni expects series of low variety sources over time of cyberattacks so have some fun with this when you go back to your office. And then the next one is one of dhss best products they have an organization calmed the dhsics search, and they collect incident information. About Industrial Control Systems, and this graphic shows for 2014 the 244 incident report that dhs received, and you can see that the critical Manufacturing Sector in the Energy Sector are potentially greatest risk of incidents. So theres an icf monitor on the dhs website that is published quite frequently and has really great information about icf breaches. So that brings us to dhs, and youve heard a a lot about the good work that the general counsels office is doing and the Client Agency is and dhs comments will tell us is the more depth the kinds of work that his group is doing to help prevent data breaches, and coordinate among the federal state, local, private sector organizations. Thank you. And thanks to joe in the aba for hosting this event again this year. So if you have anything in the last panel on a friday afternoon is being on the last talking about what were doing in response to the cyberthreat after youve heard the sort of tremendous description of the scope and breath of the cyberthreat. And mentioned the cyberthreat is sort of everywhere and it means Different Things in different places. Dhs or at least my client the National CybersecurityNational CybersecurityIntegration Center focuses on two specific areas that is the protection of the. Gov so federal civilian networks also security of Critical Infrastructure. I understand that other people earlier today and yesterday sort of talked about some of the developments over the last year for dhs cyber but i want to hit things briefly before i talk about things that my client does to help entities secure themselves against the cyberthreat. 2015, or at least fiscal year 2015 has been a big year for dhs cyber. Congress passed three pieces of legislation that are extraordinarily helpful to dhs and really cementing the role of dhs in the federal governments approach to cyberand cybersecurity. I think you guys heard if the National Security thane was a hub of sharing of information and providing Technical Assistance and infinite response to federal and nonfederal entities. Second, the federal Information Security modernization act of 2014 or fisma revamp the way that government is approaching security for federal agencies and a gave dhs a much more active and operational role in helping agency it is to secure is themselves. And lastly, the Border Patrol agent pay reform act. Also gave dhs additional cyberhiring flexibilities so allowed to talk stopes kind of match some of the authorities that dod has to cyberprofessionals. Addition, the president visited to announce administrations information sharing proposal, and really pointed to the example of what happens when you bring what can happen when you bring the government in a private sector together in a shared space to approach a problem that is really a shared responsibility across the civilian and government sectors. And finally, in february the president issued executive order 13691 signed at the summit in stanford, university and goal of that is to increase sharing of information within the private sector but between a private sector and the government. That executive order encourages private entities to ban together with orr like minded entities to share information about the shared risk and again one of the things that i think frank really hit is the risk is not the same for everyone. Depending on sort of where with you sit, the risk looks very different if youre a control system. If youre, you know, a chemical facility. The risk that you worry about is not the same risk that a bank worries about, or that entity that has a large amount of personal information. So these information sharing announcement organizations or i apologize for the acronyms i try to avoid them but impossible for a government lawyer. These are intended to allow like minded entities with similar problems and similar risks to share informs that is of most interest to them. Amongst them, amongst themselves, and these can serve a valuable function both from the government perspective they can act as small suppliers so when government has information this they want to get outside broadly these help us reach out to entities who can then reach out to their members to get that information out gladly. And conversely they can act stymings as a filter between particular entities and the government or any of these who want to be able l to share information but dont necessarily want the fact that it came from them to be broadly known so they can about as sort of of a buffer between private entity and the government. That directs into a nongovernmental entity to accept, and that goal herm is really to help define what a mature information sharing organization looks like. Focuses on capability technical and privacy protections and take other steps that the governmenting and more importantly that private sector members would sort of expect such an organization to be able to fulfill. Lucy if you can go back to the bubble slide, the information is beautiful, slide. Just to speak to what were doing. We talk about information sharing. But what does that really mean . If you look at breaches i would say 90 of those are private companies. 95 maybe even more. Couple are not. So really what have we learned and take this into account, and act on it . As part of the dhs effort, what ill refer to as acronym only in washington that i know c dog which is cyber analysis and working group basically on a regular basis different insures who were involved with cyberrisk, ill give a general summary of where we are with cyberrisk and cyberrisk insurance, the industry is growing for obvious reasons. It is almost 2. 2 billion of premium on annual basis. And the biggest towers towers as in a risk specific entity buying insurance is over o 500 million. The demand is higher, so that need to get information and actually aggregatings in or make good decisions is there. We do it our os with our own data and incidents and ask questions of entity so i think a lot of what we talked about i sat only the private Partner Partnership cybersecurity session. Some of the questions who has control . Who assesses risk, what really matters . You know, risk looks different for everyone. Were starting to think and by any ways were not we dont have all of the answers but were starting to get some indicators of what really risk means on a risk specific basis. So from the Public Private partnership standpoint, what weve done with the c dog is a working group is really talked through making sure that we have common language so in the insurance world, we have our own odd language. In the government world, we have acronyms, we have our different language and then especially where this is relevant to cyber we have the Technology Community with their own vernacular that no one truly understands outside of the Technology World unless you live it on a daily basis if youre in kind of Financial Services or as a cyberrisk underwriter. Were working together and defining what we mean by each distinct and why this is important is that you have small businesses, you know, main street america, who hears about the big breaches that you see here. But they really dont know what to do about it. The Insurance Industry is in kind of a transition pongt of realizing we have to share is our order in order for companies to understand that this is risk. And what we realize even with a lot of these incidents which on personally level it goes back to awareness level in the United States and elsewhere is not at leafl that it should be, and the more that we Work Together i would say from from sharing incident information thats when people realize i can twailg actually fix this or at least attempt to fix this. At the same time some insurance may cause a problem if youre not underwriting to a specific risk you may be almost encouraging the problem. I always use historical analogies i know it is friday but historic kalg understanding of insurance you go back to Fire Insurance in the 1800s and first question that they thought was an indicator of risk was how many trees do you have in your front yard . As a risk for a fire. Clearly they were way off. What were hoping to accomplish with the partnership is basically making sure that our own internal data is an indicator that is not accurate. So if were asking the wrong questions in cyberrisk world, then we would quickly identify it with more had information that we gather. It is not the sound defeat, but when you look at the fire model prevention was at its very core. Im not sure were ever going to be in a place either technically policy, or work force level to present prevent everything. Welcome minimize consequences. Minimize the impact. Segregate our systems. Segregate our family jewel and most Important Information so that it serves as sort of a deterrent in and of itself. The approach is not, lets just write insurance and bear the brunt of the incident. We focused on litigating losses and i use the fire analogy on purpose. You have sprinklers but you have arsonist too. You cannot prepare for an arsonist to come into the building but you can enable your organization to make sure they cause the least amount of harm. Frank and matt have done the perfect segue into the second topic of readiness and Risk Mitigation. Can you introduce yourself and tell us who you work with . I am a researcher, analyst, and bloger. I do a lot of research and i was researching individuals and corporations. For me to be prosecuted with the club that is high up and i went back and said if they are doing this in ohio why cant you investigate it in america. I did have a valid point and they were trying to look at on that. When you know where the hack likely started but it is the cost and efficiency. So america has a long way to go but we are making progress. If you could answer that that would be great. I will start. I think a lot of the concern and bad actors from an insurers standpoint the attribution we realize a private company has to deal with then Law Enforcement and government decisions we can thought control. Private companies are bearing the consequences from a liability perspective. I will refer to you as consumer in that contact. Consumers bringing suits against companies that have been hacked. The challenge to find new solution to bring to bear. It is exploring what we can do on the criminal side. You present an interesting case where we have, you know, a foreign actor, but some u. S. Server action taking place, and you see Companies Like microsoft which is extraordinary active and you see them going to court for use of its software and equipment for various accomplishs activity. This slide is one of the findings from the dni report and one of the things they say is the motivation to conduct Cyber Attacks will remain strong because the relative yeas of these operations and the games they bring to the perpetrators are great. There are several reasons why companies are having trouble. One is the technology and in Industrial Control Systems there is a convergeance because the physical aspects of the system and the software. This is a complicated area. It is called publication 80082 and lifts all of the vulnerability in the industrial control system. But companies are continuing to implement these vulnerabilities. This is a distressing and disturbing aspect of the situation. And the other one is these data breaches, many of the massive data breaches, involve known vulnerabilities and violations of wellaccepted security practices. Lots of people say this is too complex to understand, the attack tactics the attackers are using are almost the same. They use a fishing attack and direct people to websites where malware is downloaded. So a lot can be done to shore up the security if a systematic approach is taken. I would argue there has been no penalty which invites the advisary to continue to come and come and come again. I want to pull on a point my colleague brought up earlier. I am a big proponent of the executive order to start looking at economic sanctions, but what good is having these executive authorities and powers if you dont follow through on them. To me, there have been a number of red lines that have been crossed in many different domains. Opm being the latest one. If that doesnt demand a response i am not sure what does. There is nothing worse than putting markers in the sand and then having them cross, cross, crossed again. And they have their work cut out because we heard dhs has responsibility to oversee to a certain extent some of the agencies. And we know from opm testimony that the hacker in opm stole passwords from a contractor and then they were allowed to have brute access to the system meaning they immediately got in and took over the entire network. Well that is an unacceptable security practice that should never have been alloweded to happen. I would say is they asked specific Technology Questions and that should be an answer on the spot you answer. But the reality is an individual at the company is not specific and not raising the awareness bar you have to look back and see this isnt a technology problem. With you talk about fishing, not complicat complicated. But companys approach to fishing training is click the box do you have fishing training, yes. Or they say we have behavior changing training. Did you go through an actual fishing exercise with all of the employees . Did they click on the link . Learn from it . That is important. This isnt just a straight away specific granular with the secret sauce. It is that Risk Management approach. I think what is important is when based with questions like what would have prevented this. If you look at the bubble chart, we have answers on what happened prevent that and that is what we need do get out into the open to change the mindset of the general public. We have answers. We dont necessarily have the best way to provide them for them to make the best decision. [inaudible question] that is a good question and i think frank wants to say something. I want to note the Energy Sector that dhs works with has come up with an innovative approach which is a precurement model that is a series of requirements. It says if you are a Company Buying software or product from a vendor you should have these provisions in your contact. You may want to take a look at this. It is very new and very well done. It is basically almost a Technology Requirements document. That is one solution. It is called the cybersecurity procurement language. It is on the departments website. It is very new and a good approach. Dod is always levied the department of defense a whole new set of requirements that elevate this. And i think our Critical Infrastructure might be used the same. We use the term lease. It is not all equal. Chemical, finance, and banking are at the top and i think we ought to be doing more. Matt hit it spot on and lucy mentioned this the vast majority of cases are Identity Management tlechlt there is no Silver Bullet to solve this problem. There is a lot of low hanging fruit and amenities in truly critical sectors with a lot of people. What is dhs approach to manage the cyber risk . I would say one of the main prawns of that is helping entities to understand the scope of the myth is it has been a useful way and it talks about Identity Management and it is easy to walk through the missed framework. Dhs has, on the website, you can find a number of tools available. Many are available for download for entities to use as self assessments. You can arrange for dhs to do a facilitated assessment. A lot of schools walk through the framework to help entities think about where is the low hanging fruit and what is a prioritized risk base approach to what i should do. Part of that is understanding my crown jewels. If you are a bang or website bank you need to focus on securing things different than the electric sector. You need to focus on the reliability of the grill. Post incident when they happen typically with the regulatory enforcement is happening it simple. If you have a company for instance that hasnt had an incident and cant answer three simple questions that is the idea. It is thinking like a hacker and what data do they have. It is more advance than this. I am not trying to simplify what we do. What data, how is it protected, and what would you do if it is breached or discovered. We have a lot of companies talking about how important it is to enterprise Risk Management. If you have a company that truly understand the simplicity of it and can stat around the framework they will have something to work with. Raise your hand if you wanted to be a Computer Scientist when you went to law school . A lot of us find ourselves in different places than where we started out. But the aba passed a resolution urging all private and Public Sector to implement and maintain a Proper Program that complies with ethical and legal obligations and it is tailored to the nature and scope of the data and systems to be protected. The various members of the panel talked about a security program, a Risk Assessment, these are very structured analyses that all Companies Need to do to get a handle on the risk. The Risk Assessment framework that nift did is excellent because it provides a common language for all companies to use. There are very important questions that Everyone Needs to answer. And lawyers can do Risk Assessment. This is an important area for you to get involved in helping your companies. And then in terms of low hanging fruit, there is an Organization Called stand and they published what they call 20 critical security controls. It is a priority list of things that Companies Need to do in terms of Security Solutions in order to lower the risk as low as possible. And these are very concrete steps that people can take to avoid a lot of these hacker attacks because hackers just troll the internet all of the time looking for places where they can break in. If companies have taken steps that are reasonable they are going to deter a lot of these bridges. We have a slide up here that is very interesting because it talks about, if i have the right one, this is about russia. And talking about low hanging fruit. This is about the other spectrum. This is about initiatives that russia is taking. And they talk about compromising the Industrial Control Systems. It said these specified actors have successfully compromised the chains of three icf vendors so customers download exploitive malware from the vendors website along with routine Software Updates according to private sector cybersecurity experts. In terms of changing technology this is frightening. There is a low hanging fruit and the zero day attacks and things these foreign actors are doing that Companies Need to ramp up the analysis in order to be able to detect and prevent against. Maybe you might have insight into how to deal with these kind of very sophisticated attacks. Thinking about it philosophically you would like to get to the point. We will never prevent everything. It is a risk based approach we need to look at nationally and then Companies Look at individually and sectors collectively. And it would be nice to get to the 80 solution where some of the very basic steps, if everyone did take, would then let the government focus its limit ed resourceed on the highest threat end actors. They cannot be in between the various actors because they are looking at it in different ways. But if we could get to the point to calibrate the governments collection in a smart way and share that without compromising others in a way with information sharing environments i think that will play a major role. One thing to think about, i am not sure if i brought it up. The difference between Computer Network attack and Computer Network exploit. According to the press, headlines in every newspaper, our electric grid has been penetrated from the battlefield. They identified the various data systems and mapped that. That has zero value from an economic espionange standpoint. It is only used from a war fighting perspective. Why would would they be mapping some of these critical infrastructu infrastructures . It is a concern. It differs from what we are seeing in russia versus china. Ris russia engaged in attacks in estonia, in georgia they blind and deafened the physical tanks before moving in and did it in the ukraine as well. What we are dealing with from the chinese is they are trying to make the moral equivalent argument of i am shocked gambling is going on casino. We are not sharing that information with companies they are saying which is what is playing out in china. I think there is a difference between what is being collected and how and for what purpose. One more example about what is going on and then we will turn it over to talking about the insurance. But this finding about the focus of the Foreign Espionage attacks. Those incidents focused on stealing data of individuals and companies. Decision making by senior government officials, corporate executives, investors and others will be impaired if they cannot trust the information they are receiving. So now we have people trying to destroy, degrade, compromise, and we can talk about what they can to to help us. The privacy of the information, the integrity, and where the Insurance Falls in is across that. C confiden confidentiality. One area where the Insurance Industry is not willing to play is the value of property. When you have nation states getting information, fairly high profile nation states, stole from a private entity. We struggle where we dont have the right amount of information. If we use from a private company perspective, there are reasons not to value that loss data in the context of a theft. You have assets on Balance Sheets and value. That is great. If it is stolen that value skyrockets. And that is where we struggle. Business interruption. If you suffer an attack, and interruption results from that, we can address. Outsource provider, business int int interruption. Lets say the entire u. S. Infrastructure is down for three days . That can be purchased and bought. It is a concern from an insurer standpoint also. And the integrity of information and the deletion of data is a significant problem for companies if that is what is happening. I can tell you from historically we are focused primarily on a claims perspective on confidentiality. Business interruption hasnt happened but that is one of the concerns. What happens when the socalled mass outage event happens . That is why we are focused on sharing as much information as we can to get a handle on that as far at what that means for each companys balance sheet. You had interesting graphics. If anybody from the audience has a question we have a few minutes to take it and then ask the panel for the important takeaways about what to keep in mind as you go back to your office. It is 4 30, friday, pie chart, one thing i want to make sure is clear, this is over ten years of claims data. We are actively sharing this with clients to make good or bad decisions. Two things i always want to make sure is known is that when you see hacked at 27 , we talked about high profile, bad actors, malware and fun stuff we deal with and suffer the consequences of. That is a quarter of ten year claim status. That is clearly going up. We are focused on making sure the items we can underwrite and improve are fixed. They are fixable. So we can get a company at least a better risk and what we find is the reason i use the arson example, is i think, over time, what we will be insuring is the incident that truly the insured did have every method they could in place, provided we are underwriting to it, and they can make decisions based on that information. The other thing and the applicability of using information, sharing information is great, but how the company uses is, we have slide data and this is claim information that is real. This isnt just pie in the sky stuff. That basically shows by industry the threats are very different. And you may laugh, health care at 7 , after two breaches in the first part of 2015, everybody thought health care acts were the big one but we are adapting to this information. We see retail hacks was a significant perage of claims in 14 and the underwriting standards were raised and the availability of insurance changed. The demand changed and retailers accepted the fact they are vulnerable to hacks. The supply went down. It is coming down to incentvising. If you have a risk that has better control in the Retail Sector without questions the Insurance Industry should adapt and make the right decisions. We can make decisions with the data we have which i would say is credible and actually over time we have that data. But the only way to get this message out and most of what we see simple, easy to fix problems. I go back to knowing where your data is. Fishing training. Pen test assessments, preparedness, table top exercises when you have an accident is important. Let turn to tom because you have extensive experience. What is your take away to the audience about how to deal with Cyber Breaches . I will not answer that question but instead i will close by sort of observing what an interesting time it is sort of in the cyber arena and cyber legal arena. We heard about sort of how unsolvable the problem seems to be in some respects but we are going to have to find a way to solve it or at least solve pieces of it. You know, certainly dhs is working hard to help companies understand, mitigate and respond to the risk. We recognize the Insurance Market is an important piece of that and a Market Driver of better security. We are seeing a lot of activity by the scc and the fcc and we had the Third Circuit opinion earlier with the speaker in the windham case. Other cyber related areas. We are seeing lots of activities and interesting discussions especially for the lawyers in the room. And then the topic of active defense and things like deterant strategy. Lots of amazing opportunities and interesting things for the lawyers to sink their teeth in and get involved and be part of the solution. Thanks, tom. Lets see what greg can offer. I will be brief. I am optimistic here at the end of the day policy, technology and people and right now the biggest vulnerability tends to be the workforce but there are steps that can really be taken to turn that into a companys greatest strength. I think you are in a good space. For the lawyers in this space, you will have business for a long time. So i will leave it at that. Great. I want to suggest that even though the technology is complicated this is something we can all learn. We cant solve a problem we dont understand. So we need to understand how these breaches actually unfold, how a hacker can deal with this, what is the vulnerability of the information and what are the vulnerabilities in the system and hopefully all of the lawyers will consider this is no more complicated than a big trial that you can definitely master. Hopefully we can continue this partnership and prevent these breaches. My job is to now declare this conference adjourned. Thank you for coming. Have a safe trip home. [inaudible conversations] here is a look at the prime time schedules tonight. Repark marks from the Democratic Candidates at the the summer meeting. And books written by candidates as well. And America History tv and look at immigration. Tomorrow marks the 10th anniversary of Hurricane Katrina making land fall. And three hours of your phone calls and tweets and a special line set a side for people who were affected by the storm personally. Washington journal begins live at 7 a. M. Eastern on cspan. There is a lot to watch this weekend on cspan. Polit politics, books and history. Tomorrows Hurricane Katrinas coverage all day coverage and the live coverage of the new orleans celebration goes on. At 10 p. M. Eastern tomorrow evening on booktv, our after Words Program talking about the book undocumented. From the homeless shelter to the ivy leak league. And on sunday, on cspan 3 we go to james town island, virginia for a tour of the trenches where digs are conducted and a visit to the lab where the actifartif are studied. Senior fellow from the Brooking Institute talks about the building in afghanistan. The u. S. Did achieve improvement in security but depending on how it ends, i hesitate, but question myself because we dont know how it will end. That is the moment of truth. It is possible that five years down the road we will be back in the new civil war in afghanistan. Isis is fully emerged and it is much worse than the taliban. The taliban is deeply entrenched. If they end up in a new civil war in afghanistan and new save haven for the taliban and isis i would say it wasnt as successf successful. Earlier today, former military officials discussed the implications of the Iranian Nuclear deal. This is about 90 minutes. Can you hear okay . Without a mike, you sound good. Thank you. Good afternoon, thank you very much for coming to Hudson Institute for what i know is going to be a very interesting and important panel. I want to welcome our cspan audience as well. This panel, i have been here at hudson several years doing these panels and this is probably one of the most important. We will continue to have panels and this is special and this will focus on the joint plan of action and i think one of things in this panel and discussion and these gentlemen will be able to do is fillin a clear picture of what the Islamic Republic of iran has done throughout the middle east. Especially to american servicemen and citizens over the last 36 years. I think it is important to have a clear understanding of exactly what this regimes past relationship with the United States has been like. And what i think we should probably look for and expect in the immediate future. I will move to the panel. General keen is a commentator on fox news. Whenever i had to do an article he has been available and very helpful. Mr. Harvey is now at the university of south florida. He is a military intelligence senior executive. Without further ado, general if you could start us off. It is nice to show up on a wonderful summer afternoon in washington. We are not aware of this always so enjoy the great week pud. I hope it turns out to be the same. I sit here with two colleagues. Former Army Officers and career officers, i know the assessments from patreus in iraq in 20072008 and every few weeks at a time. They did the same in afghanistan. So we had a lot of unique experiences to say the least. That was provided by the senior counselor of the government, but because of an Intelligence Group thing going on, many are familiar and see it. So listen, that is a different subject. Iran in my judgment is an idea driven state subscribing to radical beliefs. We will drive the military out of the region and destroy the state of israel. It took 35 years to include this ye year. They use language that is in flam tory and also determined and consistent. The strategy with the iran broad core or commonly referred to as the kurds force. And overseeing science and financial issues. Not the chief of the military or the president. The only boss he has as you know is the supreme leader. They are fighting proxy wars and clients using terrorism. Lets consider what they have done to influence and they will capitalize their activities. The u. S. Embassy in kuwait, five dead, 86 wounded. In 1984, they went back to the u. S. Embassy in lebanon which is annexed, and we had 23 more dead and killed in that explosion and countless wounded. They began in the early 1980s, a ten Year Campaign to kid nap and assassinate. It is used by their guidance against u. S. Personal providing rockets, motors, and funding to the iraq Shiite Militia. Estimated dead is over a thousand and it is believed it could be closer to the 2,000. The u. S. Military did, as we know in 2011, this 35 year track record of using proxies to kill americans has succeeded but no u. S. President , republican or democrat, has never countered despite full knowledge of who the sponsor is of a proxy client. By that time, in 2006, i might say in iraq, iranian trained Shiite Militia were the number one killer of u. S. Personal in iraq. After a week long struggle, the Israeli Defense force with drew from lebanon in the face of humilitation. All fourstar generals were fired and iran continues to supply and arm the proxies. Many military leaders and soldiers from his regime joined the opposition and indeed the opposition gained momentum again the regime. One of this two star leaders was killed and they moved into syria 5,000 fighters from lebanon and thousands of iranian trained Shiite Militia out of iraq to prop up the regime and prevent it from toppling. They are all in in propping up the government while the United States commitment in the eyes of senior iraqi officials is inadequate. Now it is yemen with the kurds supporting and this is a strategic issue for sure. Iranian naval base in yemen with control the shipping lanes to and from the suez canal. That is their attempt. The 35 year score card is control over lebanon, syria, gazaa, iraq and yemen. It is the height of naiveness and arrogance to assume iran will not build on this success and use the elements of the nuke delta further their gop objectives. They have the ability as a result of the deal to buy arms on the open market in five years, and have the ability to develop and acquire Ballistic Missiles in eight years. And the terrorist sanctions relief with members of the kurds force is a major facilitator of what took place in the future. It is not so much about costing the leaders the ability to travel. Lets face it. The nuke deal takes doesnt help here. The regime and the kurds force is imbolded by the deal. It is foolish to provide our values with the consumption that iran may join the community of nations and abandoned their strategy that is working so well in achieving their strategic objectives. What we need, and i will say it briefly, is a regional strategy with allies and others who have a vested in the in security. And to work toward that, to counter radical islamic extremist. Thank you. Thank you very kindly general. You hit on a number of things i will want to come back to after the introduction. One of the things i am happy about and you brought it up is the fact no administration, democratic or republican, has made the iranians pay a price for the malseason in the region. Thank you for the Hudson Institute. I am glad to be here with friends on the panel. This is not a pleasant subject to talk about at all because the way the trends look as far as where this nuclear deal is going and what is in the deal. I have covered iran and interrogated code officers and understand their intent behind them. I worked hard to deal with the power and fluence in irans leadership and the multiple levels and personality involved there and how they see their paths to victory and how they want to advance their interest. It is important we understand who they are dealing with, why they think they are way do, and how they perceive moving forward and achieving objectives. If we dont have a clear eye perfective on this we will misread it. We are misreading iran because of hope we can move to another place. This reminds me of what we saw in misreading iraq with the nature and character of the regime, the structure in place, the influence of tribal networks. It was misread then. I think in some ways, we are doing the same thing here. My discussion today i will not focus on the technical aspects of the Iran Nuclear Deal but there are parts of the agreement that are concerning to me and have been the most concerning from the beginning. On these concerns, chairman of the joint chief of staff joined us in testimony last month to reiterate the same concerns on individual and business sanctions being moved along and not being effectively addressed in the deal. He was most concerned about the Ballistic Missiles. I am also very concerned about the misread of the nature and character of the regime and how the alignment of the hard line power blocks are actually operating and how this deal is in fact, i think, going to validate what they have been doing over the decades. This is success for them. They will get resources and trade and funds. And that will bolster the regime and allow them to spend money on addressing consumer issues and the like. But it will empower the regime and give them military capabilities that are going to be detrimental to our interest and our allies interest in the region. We dont have good evidence of the character and nature changing. There are reforms and people aligned that have been part of the green revolution, but they have been attacked, prison sentences, and abused by the government to reject opposition. Just because people have been to western schools and speak fluent english and are comfortable and i think again we are deceiting ourselves in, you know, projecting on to them things that are not there. I have seen this time and time again in dealing with Senior Leaders be it central command, cent com commanders or senior officials or others who see in others something that is not there just because they have a friendly relationship and can talk to each other. It doesnt mean these people are not aligned and focused on advancing an interest of their own. We have seen it in pakistan and saudi arabia and elsewhere. I worry a renewed and validated and better resource iran will continue the aspirations in the region. They have been very affected at sewing this order and using their capabilities to advance their interest. As the general said they worked through their proxies. And before i move on, i am going to hit on a couple points that do concern me. We hear about snapback sanctions. We can just renew the sanctions if they violate the agreement. What is the threshold for renewing the sanctions and how long would it take to reimpose the sanction. When you look at the agreement closer, you see there are really very large holes they can drive a truck through. It may by the regime today up until the sanction are snapped back they continue. They are not affected by snap back of sanctions. If you strike a deal to sell oil to japan for 20 years and snap back the sanctions in four years that oil deal stays. It is that type of thing we need to look at. That will impact the judgment of the leadership as to how much risk they will take in skirting the edges or pushing for a major breakthrough in getting around this agreement. There is little evidence whatsoever this agreement is going to moderate. They upgrade capabilities already and have a history the general laid out. They are going to continue to support expansionism and sustain clients in the region