Frameworks over time to help us address the issue of escalation in the more kinetic traditional role, cyber is in a different arena. Do you think you addressed sufficiently and for instance this event, are there others that give you concern that it leads us down a dangerous path, that everybodys looking for ways to deter, weve seen dangers, these attacks can cause, but you do want to raise the cost but you want to see the followon sort of cycle, are you comfortable we have a handle on how to deter americas adversaries from cyberattacks without creating a further problem . I think clearly the concepts of deterrence in the cyber domain are relatively immature. I dont think we are where we need to be, where we collectively need to be. This is still the early stages of cyber in many ways. So were going to have to work our way through this. Its one of the reasons why quite frankly im interested in forums like this because im interested in a broad set of perspectives, many of which are going to be different from what i bring to the table. Im interested how do we collectively as a nation come to grips with some fundamental concepts like deterrence in the cyber arena, how are we going to do this . You look at the threats were facing in cyber continue to grow. No question. Lets look at the bigger threat. You have iran where there is history back and forth. You have russia, frequent attacks in the private sector and government sector. And china, i have been in china where you have enormous costs to the business communities and the tens of billions of dollars plus, as we know, they target government institutions and pay leernt apparently have success stealing secrets. P. J. Talk about the coming cyberwar, it looks to me we are already to lowlevel war. These have real capabilities. Clearly i would argue that history has shown us to date you can name any crisis, you can name almost any confrontation weve seen over the last several years there is a cyber dimension to it. Whether, we saw in georgia, where what we saw in the ukraine, iraq, the challenges associated with isil. This is not something isolated. I think among our challenges as we move forward is, so if cyber is going to be a fundamental component of the world were living in and the crisis and the challenges were trying to do with, how are we going to work our way through that . What were trying to argue is, over time if we can get to the idea of norms of behavior, if we can develop concepts of deterrence that lead us to collectively to get a sense of how far can you go, whats aggressive, whats not aggressive, what starts to trip response thresholds, those are all questions of great interest i would argue, for all of us. It sounds like were not there, we have not developed concepts of deterrence we have a long way to go. I think i used the word immature. We are not where we need to be. No doubt about that. I want to ask you leon panetta used a phrase which im sure youve heard cyberpearl harbor. What does a cyberpearl harbor look like . My concern is an action directed against in my case as a member of the United States military, an action directed against infrastructure with the United States that leads to significant impact, whether thats economic, whether thats in our ability to execute our daytoday functions as a society, as a nation thats what concerns me. And youve seen some you look what happened with sony, you look at what weve seen nation states, something against u. S. Financial websites for some number of years now, those are all things were they take that financial piece, were that successful, where our ability to access funds, if that were really contested, think of the implications of us as a nation,s a individuals how to deal with that. Which states are capable of carrying out such an attack like that . Well, we previously talked about, you know, the big players in cyber, if you will, nations that we see active. Its a matter of matter weve talked about china and what theyre doing in cyber. Clearly the russians and others have capabilities. You know, were mindful of that. In general you wont see me going through a well, heres my assessment of every nation around us. No, i understand. Thats two right there, china and russia, already capable of carrying out such an attack. Thats concerning. Do you find in some of these smaller scale attacks there was one that went to the white house computer system, not the Defense System but still, do you find on the one side kind of showing off their ability a little bit and on the other side testing finding the weak points . I think nation states engage in actions in penetrating of systems in the cyberarena for a whole host of reasons. Among the two you identified. Whether it be the theft of intellectual property. I think depending on the source you use as nation, you lose somewhere between 100 billion to somewhere approaching 400 billion in the theft of intellectual properties. Certainly in the department of defense, its an issue thats been of great concern to us for sometime as we watch nation states penetrate some of our key defense contractors steal the enabling technology, if you will, that gives Us Operational advantage as a military. If i can we have a cyber audience here and i want to go to the cyber audience and give everybody a fair amount of time, but if i could touch on a couple other topics related to the patriot act expiration of 215 on june 1, i want to set aside the Privacy Concerns which are severe from some quarters. I would comment very legitimate. Those are very legitimate concerns for us as a nation as we try to figure out how we strike that competing requirement for security and acknowledging at the same time our rights as citizens as foundational to our very structure as a nation. It goes to who we are and what we are. Do well, let me ask you since you brought that up do you think that current for instance metadata collection, do they get that balance right . I think number one the metadata collection collects does generate value for the nation. Is it a Silver Bullet that in and of itself guarantees there will be another 9 11 or there wont be a successful terrorist attack and my comment would be no. If thats the criteria you want to use, i would be the first to acknowledge its not the Silver Bullet. Its the one component of a broader strategy designed to help enhance our security. At the same time we also realize that in executing that phone record access that we need to do it in a way that engenders a measure of confidence in our citizens, that its being done in a lawful basis, with a specific framework and that there are measures in sight, in place tone sure that n. S. A. Or others arent abusing their access to metadata and thats fair and right for us as a nation. Let me ask you a question because id like you to quantify the value that is generated for the nation. Early on when the program was revealed, i was reporting this heavily at the time, the administration banded about a figure 50plus thwarted. Over time that figure was windled down by among others, whittled down among others senator Patrick Leahy the metadata, even down, he would argue, to zero, where the metadata itself was necessary where other programs could not have accomplished the same thing. Can you identify a specific plot that without the bulk collection we wouldnt have been able to have identified . In large and classified forum, im not going to do that. Does one exist . But i will say this, i base my assessment on the fact that i truly do believe it has generated value for us. Can you prove to me without this you wouldnt have forestalled an attack, if you didnt have this you wouldnt have been able to forestall an attack, the criteria i would argue, if you use that then it would argue things like, well, why do we maintain fingerprints . If you dont prove to me collecting fingerprints would forestall criminal activity, why do it . I would argue thats not the criteria to use. Dont you think theres a higher standard for this because we dont fingerprint everybody in this room, you fingerprint when you have a reason to fingerprint . If you look at the amount of frint information. Global entry. Set aside the Privacy Concern for a moment, because it is others its officials from inside the National Security not industry but institutions of government, f. B. I. And others who are concerned that they will lose tools that they find extremely useful go after tangible things, Hotel Records etc. , in the collecting phone metadata information, quoting f. B. I. Officials than myself, see as less important . To be honest, i never heard that argument. Nor is it a conversation that the director of the f. B. I. And i have. We talk regularly. You dont and other issues. You dont think the fight over metadata could hold up, particularly when we speak of the renewable or extension of 215, other tools in fighting . Yes. The value of this effort and the Legal Framework to continue it is a conversation we need to have in an of itself. So what do we think . And does the program as currently with the amendments that were directed by the president or changes that congress may remember this is all derived from a law passed by congress, patriot act, specifically section 215 of the act. And should congress decide as at the look at because no action is taken, the authority expires on the 31st of may 2015, in that case the first of june we will no longer be able to access this data and generate activities overseas and potentially activities in the United States. Remember thats what drove this in the first place. In the aftermath of the 9 11 attack, if you read the 9 11 investigative report, one of the comments made in the report was, hey look, you had in at least one instance phone kecktift between one of the plotters who connectivity between one of the plotters who was in the United States to those back overseas. Guys, you should have had access to this you should have connected the dots. You should have realized there was an ongoing plot in the United States. That was the genesis of the idea of how can we create a Legal Framework that wean able us to make a connection between known activity overseas tied to a nation state group, a set of individuals, how could we try to take that overseas data and see if there is a connection in the United States and how could we try to do it in a way that protects the broad rights of our citizens . That was the whole idea behind it. So i would urge us in the debate on this, and its important that we have a debate, not to forget what led to us do it in the first place. What are the prospects for renewable extension, 215 specifically . To be honest, this is where im glad to be a serving military officer. I have no idea. This is just beyond my expertise. I realize its a complicated issue. If you lose that will that greater hamper your ability, the n. S. A. s ability to thwart terror attacks . Do i think if we lose it makes our job harder, yes. On the other hand, we respond to the Legal Framework that is created for us. We at the National Security agency do not, do not create the Legal Framework we use. That is the role of the legislative branch and we as we interpret the legalities of the law that whatever framework thats developed well ensure it was executed within the appropriate Legal Framework. Thats what i know as director of the n. S. A. Let me turn to counterterror. A lot of talk when i speak to intelligence officials they will acknowledge that terror groups have altered the way they communicate, post note. And thats made a difference. I wonder if you could quantify or describe how much thats hurt your capability . I would say that it has had a Material Impact in our ability to generate insight as to what terrorist groups around the world are doing. Id rather not get into the specifics because i dont want them to have any doubt in their minds, we are aggressively out hunting and looking for them and they should be concerned about that. I want them to be concerned, quite frankly. Im concerned with the security of our nation. Im concerned about the security of our allies and their citizens. So anyone who thinks this has not had an impact i would say dont have dont know what theyre talking about. Have i lost capability that we had prior to the revelations yes. How much does that concern you . It concerns me a lot. Given the mission of the National Security agency, given our footprint around the world, i mean, us as a nation. When i think of our ability to provide insights to help protect citizens wherever they are, whether they be out there doing good things to try to help the world, whether they be tourists whether they be serving in an embassy somewhere, whether they be wearing a uniform and find themselves in the battlefields of afghanistan and iraq today, clirle im very concerned clearly im very concerned. As well as our key allies. Do you develop new have you found yourself force to develop new capabilities to make up for the lost capabilities . Right. To be successful we have to be an adaptive, learning organization. As the profile of our targets change, we have to change with it. I wonder if i could turn to i want to give time to the audience this time back to intelligence reform to some degree. So recommendations 24 and 25. We havent talked about it. This was big news a year and couple months ago. As often happens in washington i have not memorized it. Neither have i. I just happen to know it was 24 and 25. One was splitting cybercommand, military leadership, civilian leadership to the n. S. A. Of course we have you. Right. Do you think thats a problem . No. I would argue where u. S. Sign remember command as many of you may be aware, i am both the commander of the United States cybercommand. So an Operational Organization within the department of defense. As charged with defending the departments networks as well as if directed defending Critical Infrastructure in the United States. Thats my u. S. Cybercommand role. In addition im also the director of the National Security agency. In that role two primary missions. One is foreign intelligence. And the second is Information Assurance. Given the cyberdynamics were seeing in the world around us today that Information Assurance mission becoming more and more critical importance. So discussion in the past about a year ago now little bit longer, about so should you separate these two jobs . Should you have an operational kind of individual running u. S. Cybercommand and then have an intelligence kind of individual running n. S. A. . The decision was made at the time which i fully supported it when i was asked as being interviewed for potentially to fulfill these jobs, my comment was given where u. S. Cyber command is in its maturity and journey it needs the capabilities of the National Security agency to defend u. S. Infrastructure and defend the departments networks. Combining both intelligence and operations in the same way we have seen and the lessons of the wars in the last decade that integrating these almost seamlessly generates better outcomes. Thats the case here in my mind. And the president obviously has come to that conclusion. Has come to that conclusion. Do you think the pressure is off to some degree . You remember this pressure. This is when your predecessor was still in the hot seat. This was enormous focus from inside, outside washington. I know we have this deadline coming up june 1, but its not the same tenor. Do you feel the pressure is off, that worst fears and concerns have either been forgotten . I wouldnt say forgotten. People would say, ok, now weve seen this work under two different individuals. We seem to be comfortable that the construct is generating better value if that were to change we would have to clearly relook at it. Thank you very much. Im still going to ask you questions. I want folks to ask some questions as well. I know we have a microphone going on. I know we have questions coming in via social media ill wait for those. Why dont we start with the crowd since you took the trouble coming here today if i could right here in the center of the audience and shes coming right behind you. Yes admiral, thank you for coming. We were talking about the sony attack earlier and we heard the Justice Department is investigating it as a criminal matter and weve seen sanctions. What is exactly your role in this . Not just identifying this, but do you see any action that you intend to take or have taken in response to this . Well, im not going to get into specifics what, as a member of department of defense, putting on my u. S. Cyber command role, if you will, what we may or may not do. I think the president s comments about were going to start with economic peace and then we will look at over time the potential of additional options or different applications capabilities. That the Positive Side i think is the immediate actions. Remember, the hack the destructive piece occurred in late november. On the Positive Side several months have past and we have not seen a repeat. I think it was part of the entire intention, look, this is sun acceptable. We dont want this to this is unacceptable. We dont want this to happen again. In the near term it has had a desired effect. As i said coincidentally, i was testifying in the house. I said, look, its only a matter of time we see this destructive offensive actions taken against critical u. S. Infrastructure. I fully expected, sadly in some ways my time as commander of the United StatesCyber Command the department of defense will be tasked with attempting to defend the nation against those kinds of attacks. I didnt realize it would go against the Motion Picture company, to be honest. If i could just follow on that. During this one phenomenon in a way in regards to north korea, china has come around on being alarmed by some events inside the political structure there. How much help did you get from china, if at all, knowing internet is routed north koreas internet is routed through china. We reached out to our chinese counterparts. This is a concern to us and it should be concerned to you that in the long run this kind of destructive behavior directed against a private entity purely on the basis of freesmed expression is not in anyones best interest, that this is not good. And so they were willing to listen. Well see how this plays out over time. On the Positive Side we were able to have a conversation which we were grateful for. Was the u. S. Behind the retaliatory attack on north korea . [laughter] lets make some headlines. Not going to go there . Not going to go there. Did china offer any material help other than listening . Ill be honest. I didnt work that specific aspect of the problem. My knowledge of the specifics of the p. R. C. s response it wasnt an area that i worked. Ok. Over here. Sore eye. Microphone is over there well try to get to the other side of the room. Good morning. David sanger from the new york times. Good to see you today. David, how are you doing . I apologize, i did not read the new york times. Only my mother reads me early in the morning. My question to you goes to the question of encryption something that has come up here recently. You saw in the fall when apple turned out a new operating system for the iphone 6 it basically put all the Encryption Keys into the hands of the users and said if they get a request either a legal request from Law Enforcement or one from you, all they could really hand over from the phone itself would be jibberish. Youd have to go break the code. They made it pretty clear in recent times, even when the president was out in california last week, that they planned to extend that encryption eventually up into the cloud and so forth. And weve heard the f. B. I. Director say this is creating a dark hole thats going to get in the way of their investigations. We havent heard very much from the Intelligence Community on this. I wonder if youd talk a little bit about this whole phenomenon of basically handing the keys to users how it would affect your own abilities, whether or not the computing capability youre building up now is designed to be able to try to break that and what other solutions you might have. Broadly i share the directors concerns and im a little perplexed is the wrong word the debate ive seen is its all other nothing. Total encryption or noin encryption at all. Part of me is, can we come up with a Legal Framework that enables us within some formalized process a process that neither n. S. A. Or the f. B. I. Would control to address within a Legal Framework valid concerns about . If i have indications to believe that this phone, that this path is being used for criminal or in my case foreign intelligence, National Security issues, cant there be a Legal Framework for how we access that . Now, we do that in some ways already if you look at, for example, weve come to a conclusion as a nation that exploitation of children is both illegal and something that is not within the norms of our society. So we created both a Legal Framework that deals with things out there that would pass as photography and imagey, that reflects the imagery of the exploitation of children, weve told companies for example, that you can screen content, thats unacceptable. That it violates not just the law but a norm for us as society. So from my perspective we have shown in other areas that through both technology, a Legal Framework and a social compact that we have been able to take on tough issues. I think we can do the same thing here. I hope we can get past this, well its all encryption or nothing. That we got to find what are the levers we can create that would give us the opportunity to recognize both the very legit mate concern as privacy which i share as a citizen and the very valid concerns of, look this is the path that criminals, Foreign Terrorists are going to communicate, how do we access this . We have to work our way through that. I walked to the other side of the room so i can get the microphone. Thank you. Theres been reports by cybersecurity analysts and the snowden documents that United States is engaged in spyware for purposes of surveillance. How significant is spyware to the n. S. A. s surveillance capabilities . Well, clearly im not going to get into specific of allegations. The point i would make is we fully comply with the law. Ppd28 provides a very specific framework for us about what is acceptable and what is not acceptable and what are the Guiding Principles that we have to keep in mind when were conducting our foreign Intelligence Mission. And we do that foreign Intelligence Mission operating within that framework. Thats the commitment that i make as the director. We got a Legal Framework and we will follow it. We will not deviate from it. Hes taking the microphone. Bruce schneider, we havent met. Answer is yes, very significant. And your own question, its not the Legal Framework thats hard, its the technical framework. My question is also about encryption. Its a perception and a reality quefment were now living in a world where everybody attacks everybody elses systems. We attack we attack systems. China attacks systems. And im having trouble with companies not wanting to use u. S. Encryption because of the fear that n. S. A. , f. B. I. , different types of legal and sarpetishes access is making us what can we do to convince people that u. S. Products are secure, that youre not stealing every single key that you can . So first of all we dont. Number two my point would be thats the benefit to me of that Legal Framework approach. Hey, look, we have measures of control that are put in place to forestall that. I think its a very valid concern to say, hey look, are we losing u. S. Market segment here . Whats the Economic Impact of this . I certainly acknowledge that its a valid concern. I just think between the combination of technology, legality and policy, we can get to a better place than we are now. Realizing we are not in a great place right now. On that point its not just encryption but you speak to hightech executives. They speak about tens of billions of dollars in loss, cloud computing, etc. Should that not be part of the costbenefit analysis of Something Like phone metadata collection, etc. . Frankly, its not really a question for you. Its a policy question. But im asking you anyway. Youre recognizing those broader impact costs should be part of the decision. I think we certainly need to acknowledge there is impact here. I say, look, lets not kid ourselves. There are entities out here taking advantage of all this to make a Better Business case for themselves. There are entities out there using this to create jobs and economic advantage for them. Lets not forget that dimension at all, even as we acknowledge that it is a dimension to this problem. Just to move the microphone around. Do we have question from somebody in the do we have a social media at all . Fine. Well wait for a little bit. Lets move the ok. Thanks. Patrick tucker with defense one. Couple reports have come out in recent weeks about isis using the dark web to raise money through bit coin, a dark web, basically a bunch of anonymous computers and people that are able to find each other. Can you speak a little bit to that problem in terms of intelligence collection of the dark web, what does it mean to you, and how are you going about finding a solution to some of these really big problems of how to find people using that that dont want to be found but are effectively using it for fundraising particularly isis . Well, clearly im not going to get in the specifics but let me just say this. We spent a lot of time looking for people who dont want to be found, that that is the nation in some ways of our business. Particularly when were talking about terrorists, were talking about individuals engaged in espionage or anybody against our nation or our allies and friends. In terms of what were trying to do broadly, i mean, first, i would acknowledge clearly its a concern. Isils ability to generate resources, to generate funding is something were paying attention to. Its something of concern to us. It talks about their ability to sustain themselves over time. It talks about their ability to empower the activity that were watching on the ground in iraq, in syria libya, other places. So its something that were paying attention to. Its something that were also doing more broadly than just the United States. This is clearly an issue of concern to a host of nations out there. I wont get in the specifics of exactly what were doing other than to say, hey, this is an area were know cussing our attention on. As we move across here, just to follow on that question regarding isis. Because when we speak to counterterror officials they talk about isis supporters here in the u. S. Different level of the problem than you have in europe, for instance, and certainly the middle east. Since the web is the principal form of radicalization for a lot of these particularly lone wolves, right folks that travel, it must be pretty easy to track is it not . If its happening on the web, etc. Can you identify pretty quickly and easily someone who is going down that path . I mean, its not quick and easy. Remember, as the National Security agency, we are a foreign intelligence organization. A foreign intelligence agencies. Not a domestic Law Enforcement or surveillance organization. So when it comes to the homegrown kind of in the u. S. , thats really not our focus. Our focus is on the foreign intelligence side, attempting to find the connections overseas and then quite frankly partnering with f. B. I. And others to say, ok if we generate insights of activities were seeing overseas hey, how does this tie into activity we may or may not be able to detect in the United States . And thats why partnerships are so important to us because were a foreign intelligence organization. Folks here that make contacts with folks over there, thats my its not as easy as it sounds. Its not easy but something we Pay Attention to, something we track. Its something we partner with the f. B. I. And say, ok weve seen this. There may be a u. S. Connection here. Hey, this now becomes a Law Enforcement problem. Ethan chow. Hey ethan. As director of n. S. A. And United StatesCyber Command, do you think were positioned effectively to address the new cyberspace as a new domain of war fighting . And how does that differ from land air and sea and do you think we need improvements and in what aspects . So do i do i think were where we ought to be . No. No. Part of that is just by culture. As a military guy, you are striving for the best. You are striving to achieve objectives. You push yourself. I would say were in a better position in many ways than the majority of our counterparts around the world. We put a lot of thought into this as a department. U. S. Sign ber command, for example, will celebrate our fifth anniversary this year. So this is a topic that the department has been thinking about for some time. In terms of what makes it challenging, what makes it difficult is lets look at this from a defensive standpoint. One of the points i like to make is, so were trying to defend an infrastructure that has been built over decades literally and most of which was created at a time when there really was no cyberthreat, that were trying to defend infrastructure in which redundancyy resiliencey and defensibility were never design characteristics. It was all about build me a network that connects me in the most efficient and effective way with a host of people and lets me do my job. When we designed most of these concerns about peoples ability to penetrate those networks, to manipulate data, to steal data really wasnt a primary factor. So theres also a component in the department as were looking to change our Network Structure to something that those were really core design characteristics. So thats a challenge. And clearly were trying to work our way on the offensive side through it kind of goes to one of the questions, jim, that you had previously asked. How do we do this within a broader structure that jives with the law of conflict. When you look at the application as cyber as an offensive tool, it must fit within a broader Legal Framework, the conflict, international law, the norms that we have come to take for granted in some ways in the application of kinetic force dropping bombs. We got to do the same thing in the offensive world and were clearly not there yet. The gentleman has been patient over here. Admiral, my name is hugh retired naval cryptologic officer. I was confering with another colleague, who may be here, that we were having the same discussions 20 years ago. There has been progress. Theres n. S. D. , f. B. I. But why is it taking us so long to grapple with this as compared to the advent of Nuclear Weapons and we have the National Security act of 1947 . Well, my first comment would be, a guy who was a crypt tolks 20 years ago, i sure dont remember having those conversations. Can you say the last part about it again . You were talking about duration, why is it taking so long . I do not want to minimize the progress and your position i view as progress but it is taking us a long time. If its not 20 years then its 15. And that compared to a much more compressed time scale for other cataclysmic changes in National Security in the middle of the last century. Well, take, for example, the nuclear example you used. We take for granted today the nuclear piece is something with very established norms of behavior, well established principles of deterrence. My comment was you know how long it took to develop we take for granted now because we look at over almost 70 years since the Actual Development of the capability. We take it for granted now, but if you go back in the first 10, 20 years we were still debating about, what are the fundamental concepts of deterrence . This whole idea of mutually assured destruction, that didnt develop in the first five years, for example. All of that has taken time. Cyber is no different. I think among the things that complicate this is the fact that cyber really is unsettling in terms of the way we often look at problems. So if you look at the military, we often will use geography to define problems. Its why we have a central command. Its why we have a european command. Its why we have a southern command, for example. Cyber doesnt recognize geography. If you look at the attack from north korea against sony picture entertainment, it literally bounced all over the world before it got to california. Infrastructure located in on multiple continents, in multiple geographic regions. Cyber doesnt really recognize this clear delineation we as a nation have generated over time whats the function of the private sector, whats the function of the government and how does this whole National Security piece . Cyber tends to blur that because the reality is for example, if i go to work and im using at work literally the exact same software, that same devices im using at home on my personal system, it just has blurred the lines so that makes it very, very complicated. I share your frustration in the sense its not as fast as i wish it were, but it isnt from a lack of effort and its not from a lack of recognition, if that makes sense. Oh, you got one. I thank you, for coming. Alex thomas, c. S. O. At yahoo . It sounds like you agree with the f. B. I. Director that we should be building defects of encryption into our products so the government that would be your characterization. [laughter] i think Bruce Schneider and ed felton and all of the best public cryptographers, its like drilling a hole in a windshield. I have worldclass guys at the agency. I talked to some of the folks. We dont accept this premise. Well agree to disagree on this. [laughter] if were going to build golden master keys for the u. S. Government, we have about 1. 3 billion users around the world, should we do so for the chinese government, the russian government the Saudi Arabian governments . Im not going to the way you frame the question is designed do you believe we should build back doors to other countries . My position is hey, look, i think number one that this is technically feasible. Now it needs to be done with in a framework. Im the first to acknowledge, you dont want the f. B. I. And you dont want the n. S. A. Unilaterally deciding. What are we going to access and what are we not going to access, that shouldnt be for us. I believe that this is achievable and we have to work our way through it. Im the first to acknowledge there is International Implications to this. I believe we can work our way through this. So you do believe that then we should build those for other countries if they pass laws i say we can work our way through this. Im sure the chinese and russians will have the same opinion, sir. I believe we can work our way through this. Ok. Nice to meet you. Thanks. [laughter] thank you for asking the question. I mean theres going to be some areas where well have different perspectives. It doesnt bother me at all. Why i believe in doing things like this, when do i that i say, look, there are no restrictions on questions. You can ask me anything. Because we have got to be willing as a nation to have dialogue. This simplistic characterization of one side is good and one side is bad is a terrible place for us to be as a nation. We have got to come to grips with some really hard fundamental questions. Im watching risk and threat do this while trust has done that. No matter what your view on the issue is or issues, my only comment would be thats a terrible place for us to be as a country. Weve got to figure out how were going to change that. For the last technologically knowledgeable, which will describe only me in this room today, just so were clear, youre saying its your position that encryption programs there should be a back door to allow within a Legal Framework, presumably approved by whether it be congress or some civilian body the ability to go in the back door . Back door is not the context i would use. When i hear the phrase back door, it sounds shady. Why not go in the front door . It would be public. We need to create a Legal Framework to do this. This shouldnt be something we should hide, per se. Downtown want us unilaterally making the decision. I think im the first to acknowledge it. The capability. I do want to get to the back. But do we have a social media question . We have a selection. Fantastic. We have 13 minutes to go. Why dont we do a couple . I see you in the back so ill get to you as well. I would note, according to the internet and some of our five profile twitter users in here we are now trending. So newamcyber , you should continue to tweet. Where are we in relation to birdman . Ok. Here is the selection based on the previous comment about back doors for russia and china. Christopher c. Segoyan, i may pronounce this incorrectly are our phones secure and if so i apologize. Are Foreign Governments spying on our cell phones in washington, d. C. . Are our phones secure or what should be done . Do i think there are nation states around the world that are attempting to jen right insight as to what were doing as individuals, i think the answer to that is yes. The second question is do i what do you think we should do about it . Well, one thing i remind people dont assume theres a reason why we have unclassified system at the department of defense. The reason why we have classified systems and unclassified systems and so for d. O. D. Users, i always remind them hey, look, were potential targets. Make sure youre using your cell phone in an appropriate way. Just why i use mine. The standard of encryption we talked about. Im not arguing that encryption is a bad thing neither where i say security is a bad thing. Im a u. S. Person, im a u. S. Citizen. I use a cell phone. I use a laptop. I want those systems to be every bit as secure for me and my children as do you. Im just trying to figure out, how do we create a construct that works us between those very different viewpoints. Im sure that question came out of the concept of encryption of commercial cell phones. So on that point from Russell Thomas what can be done institutionally to make collaboration between the private sector and the government marginally better on cybersecurity . I mean, i think clearly i would second the thought. I think clearly this is an area of significant improvement. I think on the government side we got to simplify things. One thing i constantly tell my counterparts is, look, lets be honest. If you were on the outside looking in at the u. S. Government in the area of cybersecurity, we can be very complex. We got to simplify this. Weve got to make this easy for our citizens for the private sector and for us to interact with each other, to ultimately get ourselves to a position where we can share information real time and in an automated and machine way. Given the speed and complexity of the changes we have in cyber, thats where we got to get. We got to work our way to how are we going to do that and the u. S. Government, Homeland Security the department of Homeland Security clearly plays a central role here as both the director of n. S. A. And the commander of u. S. Cyber command, our capabilities support them and other u. S. Government partners in our attempts to do that. On that topic, as a journalist, i asked the n. S. A. Whether my Cell Phone Communications have been monitored in any way . As i submitted through proper channels, i got a response, we appealed. Why and we got a stock response which others have gotten. Im a journalist, i lived overseas for a long time. As part of my work i spoke to people who i would imagine you might want to listen to. Some in the terror community, etc. Why as an american a lawabiding american why wont the n. S. A. Tell me if they looked at my phone communications . Well, first if youre asking me directly, i dont know the specifics for you. But its a policy because they told others the same thing. The thing i would say, look its a matter of law to do focus collection against a u. S. Person i must get a court order. I have to show a valid basis for why we are doing that. Is there a connection with a foreign nation . I. E. , that person is acting as an agent of a Foreign Government . And yes, that does happen out there. Is that u. S. Person part of a group, in this case, lets say, isil as an example who is attempting to do harm . I have to show a court, a legal basis for the why and it cant just be, well, we dont like journalists. What . Thats not a valid legal reason. So if it were to happen you would have to have a court order. But thats something you wouldnt tell the person who was involved . No. Ok. All right. Ok. I have one more topic. One more and well go to the back. Ok. So from john the question is based on last weeks announcement or research that one announced there were there was news of firmware hacking. Has the firmware, repeaters been similarly hacked and if so would this compromise the architecture of the internet . Technical question. My quick answer would be no. In terms of id go to the first part. Im aware of the allegationes that are out there. Im not going to comment about them. But in terms of based on what i have read, does that mean lead me to believe that internet has somehow been compromised . No. Thanks very much. Back to the room on the left. Mike nelson professor of internet studies at georgetown and recently work for cloud flair which protects attacks, sells encryption. I was at the summit the white house did a week and a half ago and one of the topics you kept hearing in the hallways was about how American Companies are very uncomfortable sharing information with the u. S. Government if they cant share that same information with dozens of other governments. Id be curious to know how were supposed to decide which governments are ok to share with and how we deal with the fact that belgians and the french and the turks and everyone else wants to know what were sharing with you and our customers want to know that too. Again, this is another reason why that Legal Framework becomes very important here. To be honest, now youre getting into specifics that isnt my personal focus. I certainly understand the concerns dont get me wrong. But my comment would be that idea is not unique to cyber for example. Theres you name the business segment and just because we share something internally within the United States doesnt mean we do so automatically everywhere in the globe. So i would argue cybers not exactly unique in this regard, nor is the challenge it presents and its a challenge, i acknowledge that, unique to cyber. We got time for a couple more. Way in the back. Another area we havent to be geographically fair. Listening to the conversation today, one thing thats fairly clear and you mentioned it we need to decide what the social norms which we build the policy and Legal Frameworks, but clearly listening to Bruce Schneider and alex stamos and you, the social norms arent worked out yet. Whats the process by which we get the dialogue going to figure out what these norms are to see what the policy and Legal Frameworks are . Think interactions like this interactions with our elected representatives. Hey, they are the ones that create the Legal Frameworks we use. I encourage all of us as citizens to articulate our viewpoint, to help them understand the complexity of this issue and help them understand just what our viewpoints are as were trying to work our way through this. The other thing, at least for me, im trying to do outreaches well in the academic world because one of the things im struck by is and it goes back to your question, sir. If you go back and look at some of the foundational work that was done on Nuclear Deterrence theory for example much of that back in the 1940s and 1950s, was done in the academic arena. You read much of the original writings kissinger and others, there was a strong academic focus. So how are we going to understand this new thing called the adam bomb or Nuclear Hydrogen bomb. Im trying to see if there is a place in the academic world for this discussion. How do we get to this whole idea of the social norms and what are we comfortable with . Way back here. All the way in the back. You are so close. Thank you. Leandra bernsteen Sputnik International news. Was it leandra. I couldnt hear you. Your voice trailed you have. Apologize. Sputnik international news, russian press. So youve addressed the kirsprsky and there was another report on the n. S. A. , gqs hacking in a sim card provider. Can you respond to that . You said we need to have a discussion a public discussion. So how do would you get that harded by addressing these allegations. The first one is listen to these allegations for some period of time. This is something unique, per se. And, again, my challenge as an Intelligence Leader as even as we try to have this dialogue, which i acknowledge we need, how do i try to strike the right balance between engaging in that broad dialogue and realizing that compromising the specifics of what we do and how we do it provides insight to those that we are trying to generate knowledge of, who would do harm for us as a nation . So as a general matter of policy i have just said, hey im not in unclassified forums getting in the specifics in the very specific questions you asked. Im not going to chase it. I dont have the time. We need to focus on doing our mission but making sure window it within the legal and authority and policy framework. Thats the promise that i make to all of you. Thats what we do. When private Companies Make these allegations against you, can you address that impact generally . Im not going to get in the specifics. We got time for one more since its a cyberconference and were trending. Do we have another one on the web . [inaudible] ok. Fair enough. You are ruthlessly efficient. How about right here in the front . Probably be our last one. Thank you. Jim marx from politico. I want to talk to you about cyber com and n. S. A. Can be duo hadded. One of the process of building up cyber comm is moving them over to cybermission forces. Are you afraid youre not bringing up new people, new cyberexperts into the military and youre taking away some native capability that ought to be in the services . The short answer is no. I say that remember, in the job before this, i was also in my previous job before these two i was the navy guy. I was a service guy, responsible for developing the navys cyberforce. I lived in that service worm about how you man train equip, how you train a force. Now i find myself as joint commander with responsibility across the whole department. If i go back to when i started in cyber, in the department 10 years ago, our ability to recruit, retain and train and educate a cyberwork force over time i was really concerned, would this fit within the traditional d. O. D. Model about how we develop people, how we promote them . How we retain them over time. Fast forward a decade later and i have been mock on wood pleasantly surprised by our ability to do that. So for now my quick answer is no. Weve been able to gain access to the people we need that in so doing i havent been able to strip massive amounts of capability from other valid similar requirements within the department. Well have to watch this closely over time, though to see if that changes. Theres no doubt about that. Since times up final thoughts . None other than i thank you for your willingness to engage in a discourse. And i think its positive. Clearly these are important issues for us and yet were able to do this today without yelling and screaming at each other or pointing at each other and making accusations against each other. We have got as a nation to come to grips with whats the balance here and theres going to be a lot of different perspectives out there. I understand that. Im constantly reminding our force, our work force, be grateful that you live in a nation thats willing to have this kind of dialogue. Thats a good thing for us. And are there tensions along the way . Yeah. Its not unique to cyber and its not the first time in the history of our nation where we had challenges like this and it wont be the last. If we really are willing to sit down and have a conversation, we can move where we need to be. With that i thank you very much for your time. Admiral, thanks very much. Really enjoyed it. [applause] [captions Copyright National cable satellite corp. 2015] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. Visit ncicap. Org] while in los angeles, engaging a homeless individual to determine his veteran status, i asked the man where he served in the military released in a statement late monday night. He responded he served in special forces. I incorrectly stated i had been in special forces. That was inaccurate and i apologize to anyone that was offended by my statement. Well, secretary mcdonald is expected to hold a briefing with reporters this afternoon. Were unsure about what hes going to say but going to get under way at 3 00 p. M. Eastern. We expect to bring it to you live at 3 00. And senator Mitch Mcconnell tweeted out, today americas new congress sent the bipartisan keystone x. L. Infrastructure jobs bill to the president. And the a. P. Reports that president will veto that republican bill that would have approved construction of the keystone x. L. Oil pipeline. It arrived at the white house from congress this morning. The white house says the president will veto it by the end of the day. Its the third veto of his presidency. Also on capitol hill, secretary of state john kerry will go before the Senate ForeignRelations Committee this afternoon. Hes going to explain the state departments budget request for the next fiscal year. That plan includes 50 billion for states and for the u. S. International development agency. Cspan3 will have live coverage of that. It gets under way at 2 30 eastern. The cspan cities tour takes book tv and American History tv on the road traveling to u. S. Cities to learn about their history and literary life. Next weekend we partnered with comcast with a visit to galveston, texas. With the opening of the suez canal in 1869 sailing ships were really almost dealt a death blow. With theeping of the canal, coalfired ships had a shorter route to the far east to india, to all of those markets. So sailing ships really needed to find a way to make their own living so instead of highvalue cargo they started careowing lowervalued cargos, coal, oil cotton etc. So they found her niche carrying any kind of cargo that did not require getting to market at a very fast pace. Elissas connection to galveston is really unique in that she sailed and arrived here in galveston probably about 100 yards from where were standing right now back in 1883 with a cargo full of bananas and she came, again a second time later on in the 1880s and 1886 and it was real important for Galveston Historical Foundation to find a vessel that had a connection and the fact she was a sailing vessel was all the more important. Watch all of our events from galveston saturday, march 7 book tv and sunday, march 8, on American History tv on cspan3. And now live to the floor of the u. S. House for brief speeches. The speaker pro tempore the house will be in order. The prayer will be offered by our chaplain father conroy. Chaplain conroy let us pray. Loving god, we give you thanks for giving us another day. As we meditate on all the blessings of life, we especially pray for the blessing of peace if our lives and in our world. Our fervent pray