Israel. But it takes two to tango. And the rest of the arab world has to get in the game. We are under no illusions about how difficult it will be difficult to achieve. Some of you in the audience have said why do we even talk about it anymore . Well, its going to require hard steps on both sides whether its in all of our interests, israels interests, United States interests, the interests of the palestine people. We have a profound interest in peace. To use the expression of a former president , bill clinton, we have to get caught trying. We have to get caught trying. So we remain. We remain deeply engaged. As president obama has said, while there are those who question whether this goal may ever be reached, we make no apologies for continuing to pursue that goal, to pursue a Better Future and hell make that clear when he goes to israel later this month. We are also mindful, we are also mindful that pursuing a Better Future for israel means israel confronts the myriad threats it faces in the neighborhood. Its a tough neighborhood and it starts with iran. Not only in israels interests i know you understand this, but its not only israels interests, but iran does not acquire a Nuclear Weapon. Its in the interests of the United States of america. Its simple. And as a matter of fact [applause] its in the interests of the entire world. Iraqs acquisition, acquisition of a Nuclear Weapon, not only would present a threat to israel, it would present a threat to our allies and our partners and in the United States. And it would trigger an arms race, a Nuclear Arms Race in a region and make the world a whole lot less stable. So we have a shared strategic commitment. Let me make clear what that commitment is. It is to prevent iran from acquiring a Nuclear Weapon, period. Period. End of discussion. Period. [applause] prevent, not contain, prevent. [applause] the president flatly stated that and as many of you in this room have heard me say and always kids me about this and well be in the security room, and i know that debey Wasserman Schultz hears it, he says, and hell turn to other people and say, as joe would say, big nations cant bluff. Well, big nations cant bluff. And president s of the United States cannot and do not bluff. And president obama is not bluffing. He is not bluffing. [applause] we are not looking for war. Were looking to and ready to ready to negotiate peacefully. But all options, including military force is on the table. But i made clear at the Munich Security Conference just last month, our strong preference, the worlds preference is for a diplomatic solution. While that window is closing, we believe there is still time and space to achieve the outcome. We are in constant dialogue, sharing information with the israeli military, the Israeli Intelligence service and israeli political establishment at every level. And were taking all the steps required to get there. But i want to make clear to you something. God forbid the need to act occurs, it is critically important for the whole world to know we did everything in our power, we did everything that reasonably could have been expected to avoid any confrontation. That matters, because god forbid if we have to act, its important that the rest of the world is with us. We have a United International community [applause] we have a United International Community Behind these unprecedented sanctions. We have left iran more isolated than ever. When we came to office as you remember, not because of the last administration, just a reality, iran was on the up in the region. It is no longer on the up. The pressure is not to punish, it is to convince iran to make good on its International Obligations. Put simply, we are sharpening the choice that the iranian leadership has to make. They can meet their obligations and give the International Community iron clad confidence in the peaceful nature of their program or continue down the path theyre run to further isolate and mounting pressure of the world. But even preventing iran from acquiring a Nuclear Weapon still leaves them a dangerous neighbor, particularly to israel. They are using terrorist proxies to spread violence in the region and beyond the region putting israelis, americans, citizens of every continent in danger. For too long, hezbollah has tried to pose as nothing more than a political and social Welfare Group while plotting against interests in eastern europe, from european europe to southeast africa and south america. Hezbollah is a terrorist organization. Period. [applause] and we and me, we are urging every nation in the world that we deal with and we deal with them all, the start treaty, as hezbollah, as such, naming them a terrorist organization. [applause] this isnt just about a threat to israel and the United States, but a Global Terrorist Organization that has targeted several people on several continents. Well say and do our part to stop them. And we ask, we ask the world to do the same. Thats why we have been talking to our friends in europe to declare hezbollah a terrorist organization. This past month, i made the case to the european leading european heads of state as president obama and israelis know we have to counter hezbollah where it sows the seeds of hatred. The United States and israel have a shared interest in syria as well. Assad has shown his fathers disregard for human life and dignity, engaging in brutal murder of his own citizens. Our position on that tragedy cannot be clearer. Assad must go. But, we are not signing up for one mud rouse gang replacing another in damascus. [applause] thats why our focus is on supporting the legitimate opposition not only committed to a peaceful syria and a peaceful region. We are carefully vetting those to whom we provide assistance. Thats why why putting relentless pressure, we have also designated the front as a terrorist organization. And because we recognize the great danger of assads chemical and biological weapons, we have set a clear red line against the use of the transfer of those weapons. And we will Work Together to prevent this conflict and these horrific weapons from threatening israels security. And while we try to ensure the end of the dake tatorship in syria, we will support a genuine trns is into democracy. We have no illusions. We know how difficult this will be. And how difficult it is. Theres been obviously a dramatic change in egypt. A lot of us has given us hope and pause and fears in other quarters. Its not about us. But a profoundly affects us. We need to be invested in each of the stable success of the region. We arent looking at whats happening in egypt through rosecolored glasses. Our eyes are wide open. We have no illusions about the challenges that we have face, but we also know this. Theres no legitimate alternative at this point to engagement. Only through engagement, egypt, with interest egypt that we can focus its leaders, respect the obligations including its peace treaty with israel. Only through active engagement we can make sure that hamas does not rearm through the sinai and put the people at risk. Only through engagement we can concentrate egypts government on the imperative of confronting the extremists. And only through engagement we can encourage egypts leaders to make reforms that will spark Economic Growth and stabilize the democratic process. And its all tough. And theres no certainty. Theres no certainty about anything in the arab spring. I expect president obama to cover each of these issues in much greater detail. I learned one thing as i was telling the president , i learned its never a good idea to steal the president s thunder. Its never a good idea to say what hes going to say the next day. Im not going to go into any further detail on this, but much greater detail, he will discuss when he goes to israel later this month just before passover begins. I have to admit, im a little jealous he gets to be the one to say this year in jerusalem. But im the Vice President , im not the president. When i told him that, he didnt know whether i was serious or not. But any way [laughter] as it comes to know surprise to you, the president and i have not only are partners, we have become friends and he and i have spoken at length about this trip. And i think he is looking forward to have a chance to hear from the people of israel and beyond their political leaders and particularly the Younger Generation of israelis. And i must note, i must note, just as im getting a chance to speak to 2,000 Young American jews involved and committed to the state of israel in relationship to the United States, but he is as anxious to do what i got a chance to do. When i was there the last time, i got to go to the university to speak to several thousand young israelis. The vie bransy. The optimism, the commitment is contagious and looking forward to seeing it, feeling it and tasting it. The president is looking forward to having conversations about their hopes and aspirations, about their astonishing, worldleading technological achievements, about the future they envision for themselves and their country and how different the world they face is different from the one their parents faced even if the threats are the same. These are really important conversations for the president to have and to hear and for them to hear. These are critically important. I get kidded again, to quote debey and she kids me sometimes, everyone quotes democrats and republicans, tip saying, all politics is local, with all due respect, i think thats not right. I think all politics is personal, and i mean it. All politics is personal. And building personal relationships and trusts and exposure, talking to people that really matters, particularly in foreign policy. Ladies and gentlemen, let me end where i began, by reaffirming our commitment to the state israel. Not only a longstanding moral commitment but a strategic commitment. An independent israel, secured in its own borders recognized by the world is a practical and strategic interest of the United States of america. If there were no israel, we would have to invent one. Ladies and gentlemen, we also know that its critical to remind every generation of americans as youre doing with your children here today, its critical to remind our children, my children, your children, thats why the first time i ever took the three of my children separately to europe, the first place we went to dakau. Its important. That all our children and grandchildren understand this is a neverending requirement. The preservation of an independent jewish state is the ultimate guarantor and only certain guarantor of freedom and security for the jewish people in the world. That was pointed out to me [applause] that was pointed out to me when i was a young senator making my first trip to israel. I had the great, great honor of getting to meet for the first time and subsequently i met her beyond that, golda, the Prime Minister. Someone said, you cant be that old, senator. [laughter] but seriously, the first trip i ever made. You know the double doors going into the office and the blond furniture and the desk on the left side if my memory serves me correctly. And golda as the Prime Minister and defense minister, she had those maps behind her, you could pull down those maps like you had in geography class in high school and she sat behind her desk and i sat in the chair in front of her desk and a young man was sitting to my my right. And she sat there chained smoking and reading letters, reading letters to me, letters from the front of the sixday war. And told me how this young man and woman had died in this family and this went on for i dont know for how long and she could tell i was advicebly moved by this. And i was getting depressed about it, oh my god and she suddenly looked at me and said, i give my word and she looked at me and said senator, would you like a photo opportunity . [laughter] i looked at her and i said, yes, madam Prime Minister. And we walked out those doors and stood there, no statements and we are standing next to one another, looking at this array of media, television and photo journalists, take snapping pictures and we are looking straight ahead. Without looking at me, she speaks to me and said, senator, dont look so sad. We have a secret weapon. We have a secret weapon. In our confrontation in this part of the world. And i thought shes about to lean over and tell me about a new system or something. And i you can see the pictures, i still have them i turned to look at her and we were supposed to be looking straight ahead and i said she never turned her head, she said our secret weapon, senator, is we have no place else to go. We have no place else to go. [applause] ladies and gentlemen, our job is to make sure theres always a place to go. That theres always an israel, and that there is always a secure israel and that an israel that can care for itself. My father is right, you are right, its the ultimate guarantor of never again. God bless you all and may god protect our troops. Thank you [captions Copyright National cable satellite corp. 2013] [captioning performed by national captioning institute] coming up in 35 minutes, we will take you live to the white house. President obama will sign the violence against women act. It was passed by the house last week. Well have live coverage when the ceremony gets under way. Back on capitol hill, a joint hearing between the Senate Homeland Security Committee and the Senate Homeland security and commerce committee. They will hear from secretary Janet Napolitano at 2 30 eastern. The white house spokesman said the United States is capable of defending against the north korea missile attack. And heres a look as they gaveled in this morning at the u. N. Today the Security Council unanimously adopted resolution 2094, strongly condemning north koreas highly february 12 nuclear test and imposing significant new sanctions under chapter 7 of the u. N. Charter. The strength, breadth and severity of these sanctions will raise the cost to north korea of its Illicit Nuclear program and further constrain its ability to finance and source materials and technology for its Ballistic Missile, conventional and Nuclear Weapons program. First, resolution 2094 imposes tough new financial sanctions. When north korea tries to move money to pay for its nuclear and Ballistic Missile programs, countries must now block those transfers even if the money is being carried in suitcases full of vault cash. Likewise northern banks will find it much harder to launder money for the Nuclear Program. Todays resolution also imposes new travel restrictions. If, for example, a north korean agent is caught making arms deals or selling nuclear technology, countries will be required to expel that agent. Countries must also now prevent the travel of people working for designated Companies Involved in the nuclear and missile programs. States will now have new authority to inspect cargo and stop north korean arms smuggling and proliferation. If a country has cargo on its territory that might be carrying prohibittive items like nuclear or ballistic materials, this resolution requires that the cargo be inspected. It will also make it harder for north korean vessels to offload such prohibited cargo if a ship refuses inspection on the high seas. Thus forcing it to return to its port of origin. And airplanes carrying smuggled items can find themselves grounded. This resolution will also counter north korean efforts to abuse diplomatic privileges to advance its nuclear and Ballistic Missile activities. It will now be much harder for such diplomats to procure technology or divert funds to the Nuclear Program without being detected and expeled. Resolution 2094 further bans the transfer to and from north korea of specific Ballistic Missile, nuclear and chemical weaponsrelated technology. It lists new prohibitive prohibited items and calls on states to block any item at all that could contribute to these activities. It names additional North Koreans and north Korean Companies whose assets will be frozen and those individuals will also be subject to a travel ban. This resolution lists a number of luxury goods that cannot be sold to north korea. As a result, north koreas ruling elite who have been living large while impoverisheding their people will pay a direct test. This can be found on the u. N. Mission web site www. Usun. State. Gov. These sanctions will bite and bite hard. They increase north koreas isolation and raise the cost to north koreas leaders of defining the International Community. The entire world stands united in our commitment to the denuclearization of the Korean Peninsula and in our demand that north korea complies with its International Obligation s. If it does not then the Security Council committed today in this resolution to take further significant measures if there is another nuclear test or missile launch. We regret that north korea has again chosen the path of prove occasion. Instead of the path of peace. Far from achieving its stated goal of becoming a strong and prosperous nation, north korea has instead again opted to further impoverished its people and increase its isolation. We hope instead that north korea will heed president obamas call to choose the path of peace and come into compliance with its International Obligation. [captions Copyright National cable satellite corp. 2013] [captioning performed by national captioning institute] just a reminder coming up at 1 5 , live with the president signing the violence against women act. Live on the hill, Speaker Boehner said the president s outreach is a hopeful sign. He spoke to reporters today. President obama had dinner last night with republican senators and this afternoon, lunch with the budget writers, including republican paul ryan. Good morning everyone. Wheres your tie . I would like to start this morning by letting the American People know that the United States capitol is open to visitors. We would love to have the American People come and visit their capitol. Even though our budgets been cut like everyone elses, thanks to proper planning, we are able to avoid furloughs amongst capitol workers and tours are going to remain available for all americans. I think its disappointing that the Obama Administration didnt follow our lead and find savings in other parts of their budget. I think its silly that they have insisted on locking down the white house which the American People actually own. Yesterday, the house passed legislation to keep the government funded for the rest of the fiscal year. Its a straightforward bill that includes a bipartisan agreement between the house and senate on improving military readiness. Everyone has something they would like to add to this bill, but the house is not using this as a vehicle to advance other agendas and i would hope the senate, too, would avoid doing so and either pass our bill and make straightforward changes. Senate democrats try to load up this bill with extraneous provisions, partisan riders, budget gimmicks, we will be prepared to move a clean continuing resolution through the end of the fiscal year. I dont want to do that. I dont think that would help our troops. I would urge democrat leaders in the senate to not get greedy and get carried away and try to put forward the possibility of a government shutdown. Our goal is to cut spending, not to shut down the government. The c. R. Left in place the president s sequester. As i have made clear many times, sequestration will remain in effect until cuts and reforms are put in place to put us on a path to balance the budget over the next 10 years. There are smarter ways to cut spending and thats why the house has acted twice over the last year to replace the sequester. Unfortunately, the president and Senate Democrats have yet to recognize that we have a spending problem. Yesterday, i released a list of 170 economists who have agreed that spending the problem. Over the last 24 hours, 10 more economists have signed on to this letter. We have to start digging our children out from this mountain of debt, not continuing to add to it. Thats why next week under chairman paul ryans leadership and republicans will begin to advance a balanced budget that would promote Economic Growth and create american jobs. Our plan would cut wasteful spending, fix our broken tax code to create more jobs and increase wages and strengthen priorities like medicare. Every family balances its budgets. Washington should balance its budget as well. Democrats talk an awful lot about balance, so heres my question to them. Where is their plan to balance the budget . There is nothing about a balanced pugget that doesnt actually ever get to balance and i think the American People support our efforts to balance the budget over the next 10 years. And i would challenge president obama and Senate Democrats to embrace this commonsense reform and offer their own plan to balance our budget. Is the debt ceiling going to increase in may and july . Yes. What about the idea of possibly changing [inaudible] paul ryan, and Budget Committee members have been reaching out and listening sessions with our members over how do we get to our plan to balance the budget over 10 years. And they have done a very good job of listening to people and still continuing to make their tweaks as they get ready for next weeks markup. When they are finished, ill see it when you do. Comments have been made [inaudible] this is a disgraced congressman who went to jail and made a lot of baseless and false accusations in order to sell a book. Its sad. Reaching out to number two republican senators, we went through campaignstyle events all eefer over the country and i had a discussion with the president last friday. And this week, we have gone 180. Now after being in office now for four years, he is going to sit down and talk to members. I think its a hopeful sign and im hopeful that something will come out of it. But, if the president continues to insist on tax hikes, i dont think he will get very far. The president doesnt believe that we have a spending problem. I dont know if we are going to get very far. But im optimistic. You think that [laughter] are you hopeful they can do what you guys were not able to do, going around you, meeting with ryan without senate leadership, thats the strategy . As i told the president last week, the more members that we engage in this process, i think the better off we are for a couple of reasons. There are a lot of people with good ideas around this congress, both in the house and the senate. And secondly, if you are ever going to pass a major bill that will begin to address our spending problem, we are going to have to grow this support and its going to have to be an organic process. I think its a hopeful sign and maybe something will come of it. On that point, is there any worry that there will be a deal coming up in the senate and push you guys to the wayside . We have a process in here that both chambers have to pass a bill and if we disagree, we go to conference, thats what i would expect here if we were in disagreement. You have been so adamant, i encourage the senate to take up the house bill. I have talked to a number of people on this side of the building that it would be tough if they make changes. That is their prerogative to do so. They could risk a shutdown but some people might blame house republicans. Listen. I cant decide what the senate will or wont do. Trying to predict what they will or will not do is like trying to predict the weather here in washington d. C. My forecast was closer than anybody elses around here. Do you support representative gomes amendment to ban obamas golf trips until the white house brings back tours to the public . I know he was talking about offering something, but as you know, i dont typically vote on the house floor and i didnt yesterday. Two questions. Are we to understand you are cool with the idea that the president in the sense going around you . I dont feel like the president is going around me. You look all the president s i have worked with in the years i have been here, each president has engaged the leaders and members on an ongoing basis for some time and i think its somewhat hopeful sign that the president now in the second term , even the leaders have to have support of the members and if you look at regular order, those come through committee where there is a process and bringing them to the floor and you are right about what happens in committees and more members understand it. It is an organic process to move a bill through each chamber. Is ryan bringing a message at all . Have you spoken to him . I have spoken to chairman ryan yesterday a couple of times. Hes not carrying a message from me to the white house, no. Are there any provisions that will curtail any aspects of obamacare that you intend to attach to musthave legislation in this congress . The house believes that obamacare will drive up the costs of Health Insurance in america and make it more difficult for employers to provide it. We have voted several times to defund obamacare and im sure we will again this year. There are other provisions in obamacare having an effect on employers today. The employer mandate starts january. But there are lookback procedures in the law that are affecting the way the employers hire their staff today. There are a lot of effects of obamacare that we are starting to see and the house, i expect, will have extensive oversight hearings on the devastating impact of this law and the American People. [inaudible] well look at them when we get there. Will that go into the budget . I dont know that. Last one. Have you worked out a schedule when it comes to conference . Im not the president talked about coming up and having a conversation with our members. Im not sure when that conversation will be. As you know, he is getting ready to empark on a trip to the middle east and thats one of the issues hell want to cover. But im sure the issue of sequestration will come up as well. We are going to welcome the president to come up and talk to our members and im looking forward to it. Wednesday morning . When we are ready to announce it, youll know. [captions Copyright National cable satellite corp. 2013] [captioning performed by national captioning institute] and House Democratic leader nancy pelosi spoke to reporters today. Her comments coming a day after the house approved a shortterm federal spending bill that keeps in place the sequester budget cuts. This is about 20 minutes. Good morning. Good morning. Good morning. We are tired. We were up watching the filibuster. We always like people who can hoot with the owls and sore with the eagles the next morning, now that its that early this morning. This week, we saw something quite remarkable. The stock market soaring to new heights. At the same time, we see productivity keeping pace with all of that. We see great heights, but we dont see income for americas middle class rising. In fact, its been about the same as since the end of the clinton years, for about 15 years, income is around the same level in terms of rate of growth, productivity and now the stock market. This impact on the middle class is a big one, especially when its taken in the context of all the other challenges the middle class has faced. The near depression coming out of the bush years, the lowering of value of their homes, pensions and savings, using their savings because of other because of unemployment and the rest. And so we have a situation where if we are to honor our commitment to the middle class, which is the backbone of our democracy, we have to reflect that in our that intention in our public policy. Thats why im so glad this week, George Miller and senator harkin introduced an increase in the minimum wage. When we increased it in 2007 in our first 100 hours, first time it was increased in 11 years. Its time for it to be increased again. They propose raising a fair minimum wage to 10. 10, index future wages to inflation and put more money in the pockets of working families and its important to note that more than 64 of minimum wage earners are women. This has a big impact on the Financial Security of our women. Now, this week, the house passed a continuing resolution. For some reason, its hard to tell from the debate on the floor, they decided to put into law the sequester. The sequester exists. We have to deal with it or do away with it. We do not have to reinforce it in the legislation. Those who understand on the republican side its damaging impacts on our National Security and our Economic Security said it Means Nothing to have it in the bill. It Means Nothing to have it in the bill. Then why is it in the bill . Is it to get votes . Is it to harden the position on the republican side . And this is its so sad because the continuing resolution, the responsibility we have to keep government open and i look forward to taking that vote when the senate acts upon the continuing resolution next week. Why are we in this situation . The main reason we are here is because the republicans have refused, refused to produce more revenue. Are there any loopholes not sack row sank the . They said we would close. I thought we were lowering the deficit. This is just about shuffling money among their special interests. Im very willing to look at how we lower rates to increase revenue and closing loopholes. Lets review that as we look at tax reform. But in terms of closing loopholes to reduce the deficit, the republicans say no. And what does that mean . That means the sequester that shows the choices they have made. They have chosen to protect tax breaks for corporate jets, at the same time losing 4,000 meals on wheels for our seniors. They have chosen tax breaks to send jobs overseas by losing 750,000 jobs, a minimum of 750,000 jobs in the sequester. They have chosen tax breaks for big oil instead of education for little children. Title 9, head start, you name it, education affected for our little children. They have chosen to protect without making millionaires and billionaires pay their fair share, it comes out in the sequester to military, the health of our military families and the training our troops before they go into the theater of war. Thats what their priorities are in the sequester, because they will not close loopholes to lower the deficit. To lower the deficit. The speaker even said when he was that the 800 billion in deductions that could be addressed in order to produce revenue. I think its 1. 1 trillion. Our whole budget is 3. 5 trillion. And so when we talk about reducing spending, we certainly must and we certainly have. 1. 6 trillion in the previous congress. 1. 2 trillion in the budget control act. But spending is also related to tax cuts. Tax cuts are spending. Tax expenditures, they are called. Subsidies for big oil, subsidies to send jobs overseas, breaks for corporate jets, they are called tax expenditures, spending money on tax breaks. And thats the spending we must curtail as well. And if we do, we could come closer to the oneonone of tax cuts, revenue and cuts in spending. We know they want to raise the age of medicare recipients because they wont touch these tax breaks for the wealthiest and the special interests in our country. Its just plain wrong. So democrats have put forth a fair and balanced plan. Congressman chris van hollen, the Ranking Member on the Budget Committee. We have tried over and over again to have it come up on the floor of the house but its been rejected every time in the rules committee and rejected on the floor to even bring it up. I dont know what theyre afraid of. Maybe theyre afraid of their own members voting for something so reasonable. That makes everyone pay their fair share. It has a revenue piece and has spending cuts and will be legislation that will promote growth. So, with that, i would be happy to take any questions. Supreme court going to take you up [inaudible] at the end of the month. Separate from everyone elses prediction. Thank you for asking this question, because we have spent a lot of time on this. I believe that youre speaking to the doma. In the house was 100 and how many 412 house and senate 212 house and senate friends of the court in the doma case. I believe doma is unconstitutional and i believe the republicans know it. In the 204, before we won the majority, republicans were still at that time in the majority, they would pass bills that were called court stretching bills. It was back to what they were trying to do years ago, like goldwater and smith rejected it. There was an element in the Republican Party that marbury versus madison was wrongly decided that judicial review was not a core responsibility, judicial review being review of laws passed by congress for their constitutionality. They passed doma in the 1990s. So around 4, 5, that we are running around with these bills and one of the courtstripping bills stripped the court of judicial review was specifically on doma. So aware were they that it could not withstand judicial review that they wanted to pass a bill and the purpose of the bill was to strip the court of the power to review constitutionality of doma. They probably would they put it on doma and maybe they werent thinking at the time, probably wouldnt have gotten a president ial signature for doma. But because they themselves wanted to shield doma from the review of the court, i think they know its very weak and that it will fall. How about the justices . Well, theres always that. I keep praying. I keep praying on that. I know its unconstitutional. The question is i think its a pretty good case. On doma or both . I think doma falls is not strictly speaking make a prop 8. There are still some issues. But i think we have to get doma to fall. Prop 8 to me is ridiculous and i would hope but i just dont know as much about the law that was passed in congress in terms of their thinking. I know that prop 8 in my state of california and how irresponsible it is, but i cant read into the minds of the justices, that i can, but if theyre consistent, if they are consistent with their beliefs, i think we will be ok. This is a twopart question you dont have to call on me. The debate within the party whether or not entitlement reform should be part of this grand bargain that could come down in the next year and whether you would support some entitlement reform. The progressive caucus said no. Where do you stand on that in the grand bargain negotiations over the next few months . I have always said when we have a commitment to the promises we have made to the American People, and that is economic and Health Security for our seniors and their families who may be beneficiaries for medicare and medicaid and Social Security, but that these should be on their own table. Certainly we know that the demographics are clear. The baby boomers have arrived and will continue to arrive. And so we have to look, how do we make Social Security fiscally sound and there for people as we go forward. That has nothing to do with giving doing something there that might yield the sources that will be used to continue subsidizing tax expenditures to special interests in our country. Two different tables. Tax reform table over here. Social security table here. On medicare, we already instituted some reforms in the Affordable Care act and im pleased to note i dont have it here but the rate of growth of medicare is down to. 4 . That is the low end of the rate of growth and that was our goal in the Affordable Care act to decrease the rate of growth in health care costs. Medicaid the cost of medicaid did not grow. The Affordable Care act in that regard is working. And there are more bills, studies from the institute of medicine that will talk about how we get more value and less volume in terms of the quality of care versus the quantity of care. And theags the whole issue that was a big discussion in passing the affordable carle act. Regional disparities until we resolved it in a way that said we will respect the findings. So we already have that in the mix. If people and as i said in a recent meeting of some of the leaders, if the purpose is to make medicare stronger and more fiscally sound, were happy to talk about that, because we need to do that. If the purpose is to take a scalp, doesnt raise any money, just raise the age, were not in for that. Yes, certainly, i have always said, every dollar we spend we have responsibility to the taxpayer and beneficiary to make sure it is spent well. So if were here to some lid file and make more fiscally sound and honor the guarantee that medicare and Social Security will be there, lets sit down and talk about that. Trophy taking, thats not what we are up to. So i think i dont say that in disagreement with what the progressive caucus is saying. I think we are all pretty much the same place that we have to do it, not at the expense of beneficiaries, but, in fact, for the benefit of the beneficiary. One more. President obama had dinner with republican senators and today he is having lunch with paul ryan and chris van hollen. What do you make of this overture . Do you think it will produce any results . I hope so. They are talking about immigration, debt limit, issues of that kind. I hope so. I think that that is always good. As one who has been a leader in the congress for a while, i think its always important to understand the motivation of members and what the possibilities are in terms of courage. And so i think its important that they all get to know each other better. [inaudible] do you think the inability to come to a grand bargain before by not reaching out to members in the past . This president has been so respectful, given so much time to the republicans and their views to the point that one point in one of our meetings, i said to the president , mr. President , im busy and i dont have any more time for this. You have to be the biggest person in the world. If and when they come up with a new idea, why dont we just call you back into the room, because he has tried so hard to listen, to accommodate, to be respectful of their points of view. No, i do not think this is why we are going to reach a grand bargain. The speaker of the house walked away from the agreement that he and the president arrived at probably because he couldnt sell it to his own caucus and i dont care what anybody else says about that. [laughter] i know you always have a question. Rand paul did a filibuster last night and was joined by one of the democrats who raised his concerns about whether the administration has the authority to use drones to kill americans on american soil. You served on the Intelligence Committee for a time. Do you share that . What i share and certainly that congress has sufficient oversight over the executive branch when it comes to issues that relate to the security of our country or any issue for that matter. But this is where the great coming together that our country, our founders experienced in their own time, because they were always under threat, witness the war of 1812, and the challenge to balance freedom and security. I dont think that the administration has any intention of using drones in the United States against american citizens or otherwise. So i dont have that fear. But i do support and have been a fighter for whoever the president is, congress having sufficient oversight over the actions they might take in relationship to the balance between freedom and security. Senator paul said [inaudible] im the last person to ask about what paul has and whether that would rise to the level of sufficient. I know senators they have an Intelligence Committee. According to the law, members of congress, through the committees must be informed of certain things. Certain other level of classification, only the Ranking Member member and chairman and certain other leadership members, the gang of four, the gang of eight, must be informed of certain things. I dont know where he falls into that, but i have a suspicion that senators do not think it should be confined to the Intelligence Committee. I dont know enough about him to know if he is on the Intelligence Committee. But suffice to say, every one of us, rank and file, house and senate, we all have to take votes on certain measures. So we all have to have enough information to make an informed vote, whether its about the budget of our intelligence and security agencies or whether it is about the policies that spring from those budgets. Did you watch any of the filibuster . There are certain things that fall into the category of life is too short. [laughter] i myself had four speeches to make last night. I was doing my own thing. I had my own responsibilities. I took notes that it was happening. And let me say that i hope that democrats will use the filibuster sometime as welli hoe the filibuster some time as well in that way. I think we need to go. Somebody else is coming pretty soon. Thank you all very much. [captions Copyright National cable satellite corp. 2013] [captioning performed by national captioning institute] we are live at the white house waiting for president obama who is going to sign of violence against women act pillich it should get under way momentarily. The White House Briefing has wrapped up, and during that briefing the white house reiterated the president does not have the authority to kill a u. S. Citizen on american soil if the citizen is not engaged in combat. The attorney general made that assertion in a letter to randle paul. The kentucky senator has held up the nomination of john brennan as the cia director and held a 13hour filibuster yesterday on the floor of the senate. He spoke about the issue of the use of drums by the authority of the president. Here is part of what he had to say yesterday as he started. Will speak until i can no longer speak. I will speak as long as it tak takes, until the alarm is soundefrom coast to coast that our constitution is important, that your rights to trial by jury are precious, that no american should be killed by a drone on american soil without first being charged with a crime, withoutirst being found to be guilty by a court. That americans could be killed in a cafe in San Francisco or in a restaurant in houston or at their home in bowling green, kentucky, is an abomination. It is something that should not and cannot be tolerated in our country. I dont rise to oppose John Brennans nomination simply for the person. I rise today for the principle. The principle is one that as americans we have fought long and hard for and to give up on that principle, to give up on the bill of rights, to ge up on the fifth amendment protection that says that no person shall be held without due process, that no person shall be held for a capital offse without being indicted. This is a precious american senator rand paul from yesterday, part of his filibuster over the nomination of john brennan to be cia director. Harry reid earlier today said he would like to see he is working toward a vote on the senate floor today. No word on whether that will happen. In response to rand paul, the attorney general or the letter that said, dear senator paul, it has come to my attention that you have asked an additional question, does the president have the authority to use a weapon is drawn to kill an american not engaged in combat on american soil . The answers that question is no. Sincerely, eric holder. We are back live at the white house. The president is going to sign the violence against women act, which passed in the house last week. Earlier today in united nations, the Security Council voted sanctions against north korea because of their latest threat. Here is what it looked like. Today to Security Council unanimously adopted a resolution 2094m condemning north koreas highly productive their right 12 nuclear test and imposing significant new sanctions under Chapter Seven of the u. N. Charter. The strength, bread, and severity of the sanctions will raise the cost to north korea of its Illicit Nuclear program. And further constrain its ability to finance and source terrace and technologies for its Ballistic Missile, convention, and Nuclear Weapons program. First, resolution 2094 imposes tough new financial sanctions when north korea tries to move money to pay for its nuclear and Ballistic Missile programs, countries must now block those transfers, even if the money is being carried in suitcases full of block cashed. Likewise, north korean banks will find it much harder to launder money for that dprk Nuclear Program. Todays resolution also imposes new travel restrictions. If, for example, and north korean agent is caught making arms deals or selling nuclear technology, countries will be required to expel that agent. Countries must also now prevent the travel of people working for designated Companies Involved in the nuclear and missile programs. States will now have new authorities to inspect cargo and stop north korean arms smuggling and proliferation. If a country has cargo on its territory, that might be carrying prohibited items like conventional arms or nuclear or ballistic materials, this resolution requires that the cargo be inspected. It will also make it harder for north korean vessels to offload such prohibitive cargo if the ship refuses inspection on the high seas. Thus, forcing it to return to its port of origin. And airplanes carrying smuggled items can find themselves grounded. This resolution will also counter north korean efforts to abuse diplomatic privileges to advance its nuclear and Ballistic Missile activities. It will now be much harder for such diplomats to procure technology or divert funds to the Nuclear Program without being detected and expelled. Resolution 2094 further bans the transfer to and from north korea of specific Ballistic Missile, nuclear, and chemical weapons related technologies. It lists new prohibited items and calls on states to block any item at all that could contribute to these activities. It names additional North Koreans and north Korean Companies whose assets will be frozen and those individuals will also be subject to a travel ban. This resolution lists a number of luxury goods that cannot be sold to north korea. As a result, north koreas ruling elite who have been living large while impoverishing their people will pay a direct price for this nuclear test. A detailed fact sheet outlining all key measures in the u. N. Resolution 2094 can be found on the u. S. Mission website. Taken together, these sanctions will bite and a bite hard. The increase north koreas isolation and raise the cost to north koreas leaders of defying the International Community. The entire world stands united in our commitment to the de nuclearization of the north Korean Peninsula. If it does not, then the security compound it the Security Council committed today to take further significant measures that there is another nuclear test or missile launch. We regret that north korea has again chosen the path of provocation. Instead, of the path of peace. Far from achieving its stated goal, of becoming a strong and prosperous nation, north korea has instead again opted to further empoverish its people and increase its isolation. We hope instead that north korea will heed president Obama Pasquale to choose the path of peace and come into compliance with its International Obligations. That was susan rice from earlier today at united nations. Were live from the white house for the president who will be signing the violence against women act, the legislation first approved by congress in 1994, supporting a program that supports victims of Domestic Violence. House passed the bill last week. Vice President Biden will also make remarks at the signing, and the president will be joined by an number of lawenforcement organizations, womens organizations. It should get underway shortly here on cspan. [cheers] [cheers] [cheers] ladies and gentlemen, to introduce the Vice President of United States, please welcome diane millage. Good afternoon. In known as diane millich, and i am from the southern ute indian tribe in colorado. My nonindian husband moved into my house on the reservation. To my shock, days after my marriage he consulted me. After years of abuse more than 100 incidents of living in horrific terror, i left for good. During that year of marriage, i called the police many times. I called our 78 travel police department, but the law prevented them from prosecuting my husband because he was non indian. The sheriff could not help me because i am a native woman and the beatings occurred on travel reservation land. After one that beating, my ex husband called the trouble police and Sheriffs Department himself, just to show me that no one could stop him. All the times that i called the police that and nothing was done, only made my exhusband believe he was above the law and untouchable. My exhusband told me he promised us until death do us part, said that a charity. He arrived at my office armed with a gun. Im alive today on the because i couldworker pushed me out of harms way and took a bullet in his shoulder. For this crime, he was finally arrested. Because he had never been arrested for any of the abuse against me, he was treated as a firsttime offender. The state prosecutor reached a plea agreement of aggravated assault. If the bill being signed today were a lot when i was married, and would have allowed the prosecution of my abuser. When this bill is signed, the violence against women act will finally reached native american women like me. [applause] we thank the president for all he has done for women everywhere, and we thank the Vice President for his incredible leadership. He was the leader who wrote the original bill and was instrumental in this bill that reauthorize and strengthens this important law is now my honor to introduce vicepresident joe biden. Thank you. [applause] thank you so much. Thank you very much, diana. Diane. My view in the audience who are survivors know how much courage it takes to do what diane did. Every single time [applause] some people who do not know say she is just recounted what happened, but every single time you stand and recount what happened, it brings it all back, it brings it all back like a very bad nightmare. But you are speaking out now is literally sitting the lives of so many other women who will be able to avoid the abuse that you had to put up with. I want to thank all the advocates that are here today. I got a chance to meet in my office with some of you earlier. Not only those on the stage, who i again had a chance to meet with, but the many women out in the audience, as i look out and see some familiar faces like elly smeal and paulette from my home state and so many others. Those who have been around awhile with me know that i quote my father who would say the greatest sin that could be committed, the cardinal sin, was the abuse of power. And the ultimate abuse of power is for someone physically stronger and bigger to raise their hand and strike and beat someone else. In most cases, that tends to be a man striking woman, or a man and woman striking a child. That is the fundamental premise and the overarching reason why it john conyers and i and others started so many others so many years ago to draft the legislation called the violence against women act pick it p. It passed 19 years ago, and instituted a hot line where women could call for help. We did thatline and it was like, it will be useful, but i am not so sure how much it will be used. The truth of the matter is if has been used a lot and has saved a lot of lives. Over 2 million women have had the courage, the courage to try to get out of your shot of their abuser, escape from the prison of their own home, to pick up that phone and call, call to a line that you have no idea on the other end who is on to answer and say, i am in trouble, can you help me . Can you help me . I love those men who would say when we started this about why dont they just leave. If they had 1 3 the courage of those women, those 2 million women had, who picked up the phone and called, not knowing what to expect, it would be a whole lot better nation. We build a network of shelters that are immediately available to women in need because we found them vast majority of children who are homeless on the street, and nancy knows and others, are there because their mothers were abused. Imagine fleeing for your life with a only the clothes on your back and your child in your arms. The shelter is their only lifeline, and it has worked. We all have specialized Law Enforcement units with trained prosecutors, the victim advocates, you understand the unique challenges, because of all of you in the audience who are here today. We have been able to train judges and train intake officers so when the frightened woman shows up at the family court and says, i want to tell you eak up, will you well, and they turn around and walk away, because theres only a very brief window after a woman screws up the courage, the courage to ask for help. All these links of the chain had made a difference in the lives of women. It is one woman, one that girl, one person at a time, one case at a time. You providers know that better than any. With all of lots success, there are still too many women in this country who live in fear of violence, who are still prisoners in their own home, too many victims who we have to mourn. We knew from the outset in 1994 that there was much more we could have done at the beginning if we were able to get the votes. But we did what was necessary and important, but we knew more had to be done to reduce Domestic Violence, Domestic Violence homicides, to provide new luke tools to protect native american women, to address the perplexity of dating violence against young women, and so much more. But because of the people on this stage and in this room, every time we reauthorize the violence against women act, we improved it. Every single time we have improved it. [applause] and we did this again, first, we have given jurisdiction to travel courts over those who have abused women on reservations regardless of the status of their spouses. We are providing more resources in the state so they can be trained and out to collect evidence, particularly in prosecutions for rape. We have all focused on the tragic gun violence that has been in the news lately, but i want to put something out from 2009 to 2012, 40 of the Mass Shootings in america, other than the celebrated ones you have seen, 40 four or more people have been shot, the target has been a former intimate partner or close family member. They go into the office, it is like that young man or woman who stood in front of you when your husband came with a loaded pistol, to shoot you. 40 were a consequence of Domestic Violence. With created a strong anti violence program. Campuses will have more tools to educate students about sexual violence. [applause] when Congress Passed this law, they did not just renew a commitment to protect our mothers, daughters, sisters, a strengthened it, and i want to thank them. I hope i did not lead in the body appeared, i want to start out with pat leahy, who chairs the committee. And mike crapo. Mike, this would not happen if you have not stepped up. Lisa murkowski, who was not here, but my friend, who i do not want to get in trouble, but senator collins. Seriously, it was republicans coming and standing up and saying this has to be done in the senate, so we owe you. We owe you big. [applause] ad by the way, if you ever want a partner to get anything done, called nancy pelosi. Call nancy pelosi. And steny hoyer and congressman moore, and i hope i do not let anybody out, but my old buddy, john conyers. [applause] i am sure i am leaving someone out for which i apologize, but we have a lot more to do, but we will continue to make progress, and one of the reasons we will continue to make progress is we will have 43 more years the president of the United States, my friend, barack obama. [applause] thank you. [cheers] [applause] thank you. Thank you, everybody. Thank you. Please, everybody, have a seat. Have a seat. I want to thank all of you for being here. I want to thank secretary salazar, my great friend, for letting us into the building. [laughter] make sure everybody picks up their straight soda cans and stuff. I want to thank attorney general holder for joining us. He is doing a great job. [applause] we usually host these bill signing over at the white house, but there were just too many of you who helped to make this happen. [applause] and you all deserve to be a part of this moment. I want to thank everybody on this stage. Joe just mentioned the extra very work that each and every one of these leaders of both advocates as well as legislators and i left out congressman tom cole. They you go. Lets give tom some applause. [applause] but everybody on this stage worked extraordinarily hard, most of all, though, this is your day, the day of the advocates, the day of the survivors. This is your victory. I love you i love you back. And this victory shows that when the American People make their voices heard, washington listens. So i want to join joe in thanking all the members of congress from both parties who came together, about this bill across the finish line. A lot to say a special thanks to pat leahy and mike crapo. Thank you, guys, for your leadership. [applause] and i want to give much love to gwen moore who worked so hard on this. And i also want to take a minute before i begin to think the senators who just a few hours ago took another big step toward sensible gun safety reforms by advancing the federal gun trafficking bill. [applause] the Senate Judiciary committee sent legislation to the senate floor that would crack down on folks who buy guns only to turn around and funnel them to dangerous criminals. It is a building in part for a person who was murdered in chicago earlier this year. She marched in the inauguration parade and a few weeks later was gunned down about a mile away from my house. I urge the senate to get that bill a vote. I urge the house to follow suit, and i urge congress to move on other areas that have support of the American People, because we need to stop the flow of illegal guns to criminals, and criminalshideas and to many do r families rreally deserve a boat. Finally, i want to thank joe biden for being such an outstanding vicepresident. [applause] that is right, you can stand for joe. Stand for joe. Give it up for joe biden. [cheers and applause] joke is a hardworking Vice President. Joe is a hardworking Vice President. He said i want just to be i do not want to just be sitting around. I said, i promise you, i will not let you just sitting around. He has not paid he has played a key role in forging the gun safety reforms by working the survivors of gun violence and their families trick he forged the violence against women act 20 years ago. Never forgetting who it was about. So on behalf of an brittany here and all the lies that you have had a positive impact untouched to the violence against women at, the survivors who are alive today because of this law, the women who are no longer hiding in fear because of this law, the girls were growing up aware of their right to be free from abuse because of this law, on behalf of them and all their families, i want to thank joe biden for making this one of the causes of his career. [applause] as joe said earlier, we have come a long way. Back when joe wrote this fall, Domestic Abuse was too often seen as a private matter, best hidden behind closed doors. Victims too often this dade silent or felt they had to live in shame that somehow they had done something wrong. Even when they went to the hospital where the police station, too often they back home without any real intervention or support. They felt trapped, isolated, and as a result, Domestic Violence too often and it in greater tragedy. One of the great legacies of this law is that it did not just change the rules, it changed our culture, and our people to start speaking out, it made it ok for us as a society to talk about Domestic Abuse, and made it possible for us as a country to address the problem in a real and meaningful way. It made clear to victims that they were not alone, that they always had a place to go, and the always had people on their side. And today because of members of both parties worked together, but we are able to renew that commitment. Reauthorizing the violence against women act is something i called for in my state of the union address, and when i see how quick it got done, i am feeling [laughter] [applause] it makes me feel optimistic. Because of this bill, we will keep in place all the protections and services scribe, and as he said, we will expand them to cover more women, because this is a country where everybody should be able to pursue their own measure of happiness and live their lives free from fear, no matter who you are, no matter who you love. That has got to be our priority. That is what it is about. [applause] today is about millions of women, the victims of Domestic Abuse and sexual assault. They are out there right now looking for a life line, looking for support. Because of this bill they will continue to have access to all the services that show first established 19 years ago, the national hot line, a network of shelters, protection orders that carried across state lines, and because of this bill, which are expanding Housing Assistance and no woman has to choose between a violent home and no home at all. That is what today is all about. [applause] today is about all the Law Enforcement officials like police chief jim johnson. [applause] they are the first to respond when a victim calls for help. Because of this bill, we are continuing all the chains try we are continuing all the training and support that bridge the gaps in the actual enforcement of law so we can actually bring more offenders to justice. And we are giving our Law Enforcement better tools to investigate cases of rape, which remained consistently under reported crime in our country. Helping Police Officers deliver on the most important part of their job, prevented harm and saving lives. That is what today is all about. Today is about women like diane. I am so grateful that diane shared her story. Tragically, it is a common story. I know we have trouble leaders here today, and i want to thank you all for fighting so hard on behalf of poor people to make this bill and reality. A reality. Indian country has some of the highest rates of Domestic Abuse in america, and one of the reasons is is when native american women are abused on tribal lands by attacker who is nonnative american, the attacker is immune from prosecution. As soon as i signed that bill, that ends. That ends. [cheers] that ends. [applause] tribal governments have an inherent right to protect their people, and all Women Deserve the right to live from fear, and that is what today is all about. Today is about all the americans who face discrimination based on sexual orientation, and gender identity. [applause] i want to thank sharon who is here where did she go . The work she is doing, great work she is doing with the anti violence project, but sharon and all the other advocates who are focused on this community, they cannot do it alone, and now they do not have to. That is what today is all about. That is what today is all about. Today is about women who come to rosie hidalgo, before support, immigrants who are victims of Domestic Abuse. Imagine the to london for so many, if youre immigration status is tied to a husband who beats you or abuses you, if you are an undocumented immigrant, you may feel theres too much to lose by coming for it. The violence against women act already had protections for the victims to call police without fear of deportations, and those protections saved lives, and because we fought hard to keep them in place, they remain a lifeline for some many women. That is part of what today is all about. Today is about young women like who was brought into the sex trade by a neighbor when she was 12 years old. She was rescued with the help of an Organization Led by trafficking survive is. Today she has enrolled in college, is helping atrisk girls stay out of the sex trade. I could not be more proud of her. [applause] so proud. With this bill we have reauthorize the trafficking victims per tactician victims protection act. That is what today is all about. Today is about all this survivors and all the advocates who are standing on this stage. It is also about the millions more they represent, that you represent. It is about our commitment as a country to redress this problem, in every corner of america, every community, every town, every big city, as long as it takes, and we have been incredible progress since 1994, but we cannot let up, not when Domestic Violence still kills three women today, not when one in five women will be a victim of rape in their lifetime, not when one in three women is abuse by parketner. I promise you, not just as a present, but as a son and husband and father, were going to keep at this. I know Vice President biden is want to keep at it. My administration is going to keep at it for as long as it takes. And i know that all the advocates up here, all the legislators, republican and democrat, who have supported this, i know they could not be prouder of the work that they have done together, and i think i speak for all of them when we say we could not have done it without you. So with that, let me sign this bill. [cheers] [applause] a bunch of pens. A bunch of pens. When you are dealing with one letter a time [indiscernible] [indiscernible] what was that . [indiscernible] [cheers] [applause] the violence against women act first passed 1994, and the reauthorization just passed last week. Will take you live to capitol hill where a hearing has just gotten underway and the president s as a kid of order on dealing with cybersecurity threats. On your screen, senator thune, one of the members of the Senate Homeland Security Committee holding a hearing with Janet A Paula tel no janet molotov. Napolitano. Theft cannot be allowed to continue unchecked. We Must Find Solutions that leverage innovations in the private sector as well as the expertise to help by the federal government. Given the nature of the threat, we should look for solutions that will have an immediate impact. One thing we must do is strengthen the partnership between the government and private sector. As one of our witnesses observed in his testimony, timely information sharing between government and industry is key to this collaboration. The chair of the house Intelligence Committee has said according to intelligence officials allow the government to share classified information with private companies can stop up to 90 of Cyber Attacks on u. S. Number trick even if the figure was only up to 70 , the return would be worth the effort. Improving development and research is an area where our focus can improve the cyber debate in. We should not underestimate the value of r and d. A celticd to note and a university has been designated as a center of excellence in cyber. It is my hope and i suspect our share hope that we can avoid another stalemate in this contest, and todays hearing represents a start. This issue crosses the jurisdictional banderillas of many committees, so it is a program that we have joined with our colleagues on the Homeland Security committee today. Given the importance of this topic and i love hearing from multiple stakeholders, i look forward to additional sustenance as we seek consensus on this vital matter. Ari today place against a backdrop of an order on cybersecurity and policy directives. Even although i was skeptical about action, this may provide an opportunity to find common ground. We must also conduct meaningful oversight of the sale of orders implementation. I look forward to hearing from secretary in the pot on the today secretary Janet Napolitano today. I am interested in hearing about how the order builds upon or enhances mechanisms for Public Private cooperation. I will be interested in the use of our g8 o willis gao witne ss. I thank you and i thank all of our witnesses for being here today, and i look forward to hearing their testimony. The senator from oklahoma. They get, welcome to all the witnesses. I appreciate you being here. Senator carper and i had a demonstration or presentation on the executive order yesterday, and i was impressed with the furnace and presentation of its. I am highly disappointed that omb did not release the report, and theres no reason for at other than it shows significant criticism of our ability to manage critical information within the federal government, and i will apologize vociferously if in fact my assessment of that report but to not put it up before this hearing is absolutely ridiculous. We all know and the gao will testify today is the status on how well we are doing, and it is unfortunate that we have chosen not have a critical piece of information that analyzes a report card on us for this hearing. I am appreciative of the leadership of the president and his staff in doing this executive order. I think it was timely and appropriate. I will speak to the issue that nobody wants to speak to, the reason the bill did not go to the senate is because there is a disagreement on the Liability Protections for business and industry when they share their information to protect them against frivolous lawsuits. In the hearings that senator carper and i have had, there has not been one person who a specified, all the administrative witnesses, who do not agree that those protections are going to have to be there for us to accomplish what we need to do for our country. What we have to do is we have to get past that one issue and we have to get address the issues of frustrate the other thing i would like to emphasize is the fact, and the senator spoke about that, and senator rockefeller and senator carper care about it, and that is the intellectual property this country loses this year. General alexander said it is around 400 billion a year, and if we do not create a workable situation, what we are doing is taking the investment we spend every year that we want to spend in terms of r and d giving it away. We have to find a way to solve this problem in the senate, and we have to work across the aisle at across the special Interest Groups that do not want certain things because it might create a lack of the supreme benefit for their cause. What we have to do is what is in the best interest of the nation, and i think the president has shown real leadership with this executive order, and that we need to come behind and firm up. I appreciate senator rockefeller, his corporation on the witnesses for this trip of what to think republican for that. Having a hearing on cybersecurity and not listening to the expert at gao would be inappropriate, and mr. Wilshusen is here and he is knowledgeable, and i look forward to his testimony in the second panel. I think, senator coburn. And we now go to our first two witnesses and apologize to them were just glad theyre here. The hon. Janet napolitano is secretary of the department of Homeland Security. I see you in more hearings, on more television, than anybody else within a 10mile radius of washington, d. C. Fortunately you are here for us. Please proceed. Thank you, thank you, chairman rockefeller, Ranking Member, and members of the committee. I appreciate the opportunity to testify regarding our cybersecurity efforts at the department of Homeland Security, and i also want to thank undersecretary gallagher with our partnership with the department of commerce. This is an urgent and important topic. As you know, dhs is responsible for securing an classified federal civilian, Government Networks, and working with owners and operators of Critical Infrastructure to help them secure their own networks. We also coordinate the National Response to significant Cyber Incidents and create and maintain a common operational picture for cyber space across the government. This is critical timesensitive work, because we confront a dangerous combination of known and unknown cyber vulnerabilities and adversaries with strong and rapidly expanding capabilities. Threats range from denial of service attacks to theft of viable intellectual property, to intrusions against Government Networks and systems that control our nations critical in for sharp retreat these attacks come from every part of the globe, they come every minute of every day, they are continually increasing in seriousness and sophistication. To protect federal networks a dhs is the Point Technology to protect and blocked cyber intrusions, and we are developing continuous diagnostic abilities while providing guidance on what agencies the to do to protect themselves. We also work closely and regularly with owners and operators of Critical Infrastructure to strengthen their facilities through onsite Risk Assessment, in addition, an Incident Response, and sharing risk and track information. We provided classified cyber threat briefings and Technical Assistance to help banks improve their defensive capabilities following the recent spate of attacks. Dhs is home to the National Cyber Security Integration center. It is and around the clock Cyber Situational Awareness and Incident Response center, which over the past four years and that is as old as the this responded to nearly 500,000 incidents and released 26,000 alerts to public and private sector partners. Last year the Computer Emergency Readiness Team result approximately 190,000 cyber an incidence and issued more than 7450 alerts. In an of itself, a 60 increase from the year before. In our Industrial Control Systems, cyber member is the response team, it responded to 177 instance was completing 89 site visits, the 0. 15 teams to significant private sector to other incidents involving control systems. Since 2009, dhs opponents have prevented 10 billion in potential losses to cyber crime investigations. Whenever arrested more than 5000 individuals in connections with cybercrime, and we have partnered closeness with justice and defense to ensure that a call to one six call to all. While each agency operates within the parameters of its authorities, our overall federal response to several incidents consequence is coordinated among the three agencies. Where Agency Authority over lops overlaps, which coordinate and support each other. This synchronization shores that all of our capabilities are brought to bear against Cyber Threats, enhances our ability to share timely and actionable information with a variety of partners. While our compliments are significant and cybersecurity remains a priority for the administration, in order to be able to best meet this growing threat, we need congress to enact a suite of comprehensive Cyber Security legislation. I appreciate the efforts made in the last congress to pass a bipartisan and legislation, but the inability to get this done has indeed required the president to take executive action. The e. O. And approving critical cybersecurity supports sharing of information with the private sector. It directs dhs to develop a voluntary program to promote the adoption of a new Cybersecurity Framework and assist the private sector in its implementation. The accompanying president ial policy directive on Critical Infrastructure, security, and resilience also directs they say the branch to strengthen our capability to understand and share information about how well Critical Infrastructure systems are functioning and a consequence of potential failure. And it calls for a comprehensive research and development plan, to guide the government bus effort to enhance marketbased innovation. These two documents reflect input from stakeholders of all viewpoints across government, industry, and advocacy community. Their ideas and lessons were inc. , as work progressed protections for individual privacy and civil liberties. The e. O. Calls us for to work with incurred a car is an increased interest corp. Privatesector. It does not grant any new Regulatory Authority or establish additional incentives for participation in a voluntary program. Nonetheless, we continue to believe a comprehensive suite of legislation is necessary to build stronger, more effective publicprivate partnerships in the realm of cyber. Specifically, congress should enact legislation to incorporate privacy and civil the brevets safeguards into all aspects of cybersecurity, for the increase information sharing, and establish and promote the adoption of standards for Critical Infrastructure, and give Law Enforcement additional tools to fight crime in the digital age, creed and National Data reporting requirements, and give dhs hiring authority equivalent to that of the nsa. We no threats to cyberspace and the need to address them do not diminish because of budget cuts. In the current fiscal climate, which do not have the luxury of making significant reductions to our capabilities without having significant impact. Sequester reductions will require us to scale back the the bombing of critical capabilities for the defense of federal cyber networks. It will disrupt longterm efforts to grow our Cybersecurity Work Force and delay the implementation of e3a by one year. In addition, sequester has resulted in canceling major Cyber Security exercises by which involving international, federal, state, local, private sector partners. We actually work through the scenarios we confront. The American People expect us to secure the country from a growing cyber threat and to ensure the Critical Infrastructure is protected. Further action is needed by congress, including immediate action to address the sequester if we are to meet our responsibilities. We must act now, not years from now. So i look forward to working with both committees to make sure we continue to do Everything Possible to keep the nation safe. I thank you for your continued guidance and support, and for the opportunity to be with you this afternoon. Thank you, secretary. Now the hon. Patrick gallagher, undersecretary of commerce and director of the National Institutes of standards act knowledge, which is in the u. S. Department of commerce and which is just chock full of nobel laureates. It is one of the ultimate gems in washington, d. C. It is not used as it should be. Please proceed. Think, very much, and it is a pleasure to be here creek that me begin by thanking chairman rockefeller and members of both committees for the opportunity to testify today. Is a particular pleasure to be joining one of my critical partners in this effort, secretary to paul towne. But me briefly summarize our role and responsibilities to develop a framework for reducing cyber risk in Critical Path for schroeder. It may be a surprise to some, but an agency of the u. S. To promote commerce has been given this key role in cybersecurity. It has a long history in this area. Which provided to it as support to cybersecurity for over 50 years, working with the federal partners and also because it is a technical, but nonregulatory agency, which provide a unique interface to support efforts in technical and standards development. Today we have programs in a wide range of cybersecurity, including attended the management. As directed in the executive order, nist work to develop a framework that surprised supports guidelines established by Homeland Security. To be successful two major elements have to be part of the approach. Last month, i signed a memorandum of agreement with d. H. S. To ensure that our work was fully coordinated with d. H. S. Second, the Cyber Security network must be industry led and transparent. By having the industry to lead, it is aligned with their business needs. This approach has many advantages. It does not dictate specific solutions to industry but promotes industry offering their own solutions and allows solutions to be comp pat able. It brings more talent and expertise to tackle this topic. This is not a new approach for us. Weve utilized other approaches in the recent past, for example, smart grid. We know how to do this. Since this industrys framework our role is to act as a convener. By working closely with the federal partners we make sure their work is relevant to protect the public. What is in the framework . The short answer is to achieve whatever is needed in Cyber Security performance. It will align the business approaches to address the cyber risk for Critical Infrastructure. Let me stouch on the topic of standards and their success. By standards im using the term industry. This is agreed upon specifications or norms that allow comp pattabilitiests to achieve a goal. Industry standards are created through a process and it is this process that gives them the process. They can be changed and meet new performance requirements and new standards promote innovations. Mr. Chairman, i appreciate the challenge before us. A prep framework is due within eight months. We are active live inviting those stakeholders to participate in those processs. Over the next few months well convene a series of workshops because this allows the necessary collaboration. Our first work shop will be held in april 3, in may we will release the initial findings of those responses. By the eight month point well have a initial frame draft framework. The president s executive order lays out an urgent and ambitious agenda. I believe that this Partnership Provides the needed capacity to meet this agenda. It will give us the tools to managing the risk we face. I appreciate the hearing and i look forward to answering any question you may have. Thank you, sir. Im going to ask a question but well be brief because theres a lot of people here and were going to go to the early boird are bird rule. Im going to ask one quick one to both of you. A lot of people or there are some people that say the house basically has information sharing in its bill. It doesnt have much about work force or standards or doesnt have much about a lot of things, which i think is a critical to a good bill. It is in their bill and most people agree with that, if you want to get a piece of legislation you can hold back information sharing. I think that is insufficient. I dont think that is a wise, useful constructive approach to the kind of bill that we cant come back to each and every year. We have to do our full work this year. Im asking, starting with you secretary napolitano, do you think that information sharing relatively less than anything else is sufficient . No. I think you got it right, mr. Chairman. In terms of the house bill, even in the information sharing area, i think there were some deficiencies in it. There were no privacy protections it in and it resided almost all of the Cyber Security information, monitoring responsibilities within the n. S. A. Which is part of the military. Were talking about a totally different environment, the domestic environment. But beyond that, what were looking for is legislation that can, if necessary, put in statute that clarity of roles and responsibilities now contained in the e. O. So that is preserved moving forward. A bill that looks at the basis basic standards that we need. A bill that addresses fisma to one that embodies continuous diagnostics in real time and increased research and development among other things. As we kind of lay out the topics under the umbrella Cyber Security, information sharing is very important. Real time information sharing is critical but it is not the only concern we have in this arena. Thank you. Secretary gallagher. I think it is hard to add to that answer but Cyber Security does not lend itself to simple solutions. In the example that you gave, even with information sharing where youre going to provide threat information to the private sector they have to have the capacity to act on that information. To do that it involves the standards and the technology that were talking about in the framework. I think these go hand in hand. Saturday . I would like to go back in time with each of you. Go back to when the senate offered the earlier version of our legislation. In it you have the standards in it, the best practices for Critical Infrastructure, basically, you got it mandated. Somebody might be d. H. S. , they did not appreciate that much and the idea yuzz rejected. So we changed it. We came back and said why dont we say for Critical Infrastructure the best practices are not mandated. We ask the industries, the operators of the Critical Infrastructure to tell us what tell the department of Homeland Security of what the standards ought to be, which includes a dialogue between d. H. S. , f. B. I. , and others. In this roundtable they forgot what the best practices should be. It was a push back from the Business Community. It will end up with mandated standards. So we came up with this executive order. The executive order says, as i understand it, your dance partner, owners of Critical Infrastructure is not going to be f. B. I. Or Homeland Security, it is going to be secretary gallagher. They work with industry all the time that is stuff to that is related to this. What youve laid out here, this framework suggest to me that each time is a third major proposal here, each time it has been changed. It has been changed to reflect legitimate concerns or maybe not legitimate concerns. Weve moved a long ways and i think in smart ways. There are concerns about Liability Protection and my understanding is on the information sharing side it is not so much an issue anymore. I think they made a bipartisan agreement. I think there are questions about Liability Protection on the Critical Infrastructure side. Theres been a lot of movement, as i see it. From the administration to the birme part of the senator to meet the standards. Heres my question. Youve gone out and did good work in seeking information from the Business Community, what are you hearing . Is there any acknowledgment that changes have been made . I think the administration is negotiating with itself. What are you hearing in response to the changes, positive or not . Second, maybe more for our secretary, on the liability side . On the information sharing, most people say it is pretty good in terms of the Business Community. What do we have to do in terms of liability on the Critical Infrastructure side . Before those are answered, the vote is premature but it has started on john brennan. Were going to work a tag team thing here. Whether republicans or democrats make no difference. John who can run faster than i can. Someone just handed me a note the first vote is on the brennan nomination, if it is agreed to and im encouraged that it will be agreed to. It has already started. Were going to have two votes, fair enough. Two questions, please. Thank you. Let me give you the reaction im hearing from business. Generally, it is positive. Ic the origin of that reaction has to do with the tex that youve observed on negotiations how standards and requirements play off each other. One of the reasons that the reaction is positive is that senator rockefeller mentioned in his opening remark, the tricky situation here is if it fails it causes impact to the nation. But these type of standards and requirements also have business impact. They touch how business perform and they affect the markets. I think there is a rent sense to how the government impacts their business condition. It allows the ideal choreography. What what do we have to achieve from the Performance Review . Then has the businesses come up with that to meet the goal. In this complicated mix where you want this to take place, i think this is the best of all possible worlds. This is an ideal convener because were technical and were not in charge of anything. We can be neutral and be a partner with the business as they develop them. With respect to the liability, i think the administration is on record to have supported the targeted Liability Protections that were in the bill last year, the bipartisan bill last year. But the e. O. Requires us to look at other ways to insenitiize businesses to meet the standards that are seen as optimal. For example, exploring as we are, whether there could be a procurement given. Whether there could be a seal of approval that is given. Those are two ideas that can provide incentives. Recognize that the market in and of itself has not provided incentive yet for all businesses to voluntary raise their standards. All right. Thank you both of you for those responses. The vote started 8 minutes ago. Do you want to take a shot . I will. Well race over there together. The executive order directs the secretary of Homeland Security to provide performance goals for the Cyber Security framework. Were told the goals are to establish the level of security that the framework should meet. Doesnt the able to set the performance goals put d. H. S. In the driver seat for this process . Well, we already do this in the physical Security Side with infrastructure. We work with Critical Infrastructure in 18 separate sectors to work on commonly understood goals and standards. In a way, senator, this is extending that into the cyber realm. We intend and are pursuing a goal that is collaborative in nature. Our goal is to set performance goals. Then the agency establishes the framework and standards of how those goals are reachedpy by way of example, a goal might be for a major utility, its major server or servers is attacked and is nonfunctional. To have the capability to restore Service Within a certain amount of time. What the definition of that certain period of time is something we would work with industry of what makes sense, how do they do it, whether this there are options and so forth. That would feed into the framework that they would establish. Just to elaborate on that a little. How do you intent to ensure that those are obtainable by your private sector partners . E. O. Requires us to engage in a collaborative process and make sure all voices are listened to. Again, we will simply take some of the Lessons Learned from other things that weve done in the physical infrastructure realm and continue them into subte. Mr. Gallagher, how will you make sure that it does not conflict with mandatory led standards for each Critical Infrastructure . The way we would like to approach that is by having the industry and the Critical Community industry put it together themselves. I think weve done this approach in smart grid where those same stakeholders who are operating under mandatory or industryled standards are willing to put those on the table and this is the framework for the process. This is much closer much better thought of as a harm monization of presenting this. You mentioned in your testimony, im going to quote here many in the private sector doing the right thing to protect their systems and should not be diverted from their earths. How are you going to work with the d. H. S. To make sure the government is not diverting companies with new requirements . So i think the way this works is, in fact, the request for information we just put out asks companies and stake holders to share was their current practices and standards that they use. I think the way this framework is going to look at in the beginning, youre going to see areas of overlap or where theres maybe existing practices from different sectors that tackle the same problem in different ways. Theres areas where there are gaps. The road map is going to have an interesting the framework will have a road map characteristic to it. I think the way the Industry Needs to lead the discussions, not us. Conversely when we see areas where there are gaps then theres going to be the ability to organize and set priorities to address those gaps. I think the process is designed of to make sure we dont reinvent the wheel. One quick question, what is the threshold for participation in the Development Process . How are you going to make sure you receive enough Industry Input . Thats an interesting question. We havent had the problem of insufficient industry involvement in the past. Were anticipating the opposite problem, which is an enormous insurge of participation. I think what happens at the working level through most of these levels is you pick up on the industrys own standard and processs. The same type of criteria if the right stakeholders are participating applies there. I think the final analysis is going to look at the quality of their work product. If the right people are around the table then were going to have the most viable product. The final test of all is the market pickup. The real test of the framework is if it is put into practice. If sufficient involvement is there were not going to see that adoption. I think we have to go vote. Yes, we do. A short recease and vel be back in 10 minutes. Were in recess for 10 minutes. The hearing is taking a break for a couple vote opposite the senate floor. The white house says that president obama does not have the authority the use a drone to kill a u. S. Citizen on american soil if the citizen is not engaged in combat. Rand paul held a 13hour filibuster on the floor yesterday. It has come to my attention that you have now asked for an additional question, does the president have the authority to use a weaponized drone to kill an american not engaged in combat on american soil . The answer to that is no, that answer is from eric holder. He was asked about the letter today and he was asked about the north Koreas Nuclear threat and the relationship with congress. Hello, everyone. Sorry im running a little late here. Before i take your questions, i want to know an important bipartisan step towards implementing the president s plan to reduce gun violence in the country, the Judiciary Committee sent a bill to the senate to limit gun trafficking. The community has long identified the need to post penalties to gun traffickers. The president is pleased that the congress is taking steps to act. We look forward to working with congress on this and the other important pieces of legislation that are part of the president s comprehensive plan. With that i will take your questions. Can you respond to north koreas threat of a Nuclear Strike . First of all, i think it is important to note, as you probably saw in the united nations, the Security Council adopted resolution condemning north koreas highly provocative february 12 nuclear test. The strike and severerty of these sanctions though that is p5 and the rest of the council take seriously the north koreas threats. North korea will face new barriers to developing its ban of Nuclear Programs. It demonstrates to north korean leaders the increasing cost to defying the International Community. In its demand that north korea complies with the International Obligations. The Security Council also will take additional measures if there is another Nuclear Launch or test. It will further isolate north korea and undermine peace and stability in southeast asia. Do you believe that north korea is capable of carrying out this threat . Officials are claiming they have the missile on stand by that can leave washington engulfed in a sea of fire. What do you tell americans that are concerned about that . The United States is fully cape ability about defending themselves from any north korea attack. Our recent success in returning to testing of the ce2 will keep us on a good path. Were fully capable of dealing with that threat. On the dinner last night it is getting positive rerues from the republicans that were there. Senator talked about there was a discussion on whether they can have the discussions over dinner then turn around and have the president attacking them. I wonder if the president plans to change his tone at all in the Public Comment now that hes initiated this youch reach . Let me say a couple of things. I spoke to the president about this and he said that he found the dinner very constructive and pleasant. He said there seemed to be insere interest in avoiding conflict. Beyond that, were not going to get into details about these conversations. In part because were trying to help foster an environment where these conversations are productive and they help the cause of finding Common Grounds for bipartisan solution toss the challenges we face, whether they are reducing the deficit in a way that allows the economy to grow from the middle out, from the middle class and to be more secure. Or if it is to pass comprehensive Immigration Reform or to pass measures like the one that was passed today dealing with the problem in gun violence in america. The president , again, was pleased with the dinner. He thought it was cob instructive and pleasant , as i said. Hes having lunch with chairman paul ryan and chris van hollen. They are having lunch as we speak. Hes going to continue to speak to lawmakers of both parties about what he said in the inaugural address, which is we dont have to agree on everything. We dont have to resolve all of our differences in other words to move forward to finding solutions to the challenges that we face. Recognizing that there is a bipartisan consciences in the country and there is a bipartisan opinion in washington on how to move forward on many of these issues. Hes encouraged by the progress that weve seen on gun violence and Immigration Reform on capitol hill. He hopes to build on that moving forward. That is todays White House Briefing. The committee has gaveled back in with the secretary napolitano. Those that dont in effect have economy free rider effect. Is it not the case, particularly within sectoral industries that you may have because they have an enormous interconnection between them, may end up being an intri point not only into their own operations but then into other firms because the firewalls between common Industry Partners are not as great. If both of you would like to take a crack at the issue of free riders, whether youre seeing it and seeing this emerging from the Business Community on this issue. So, thank you, senator warner. With we gad to the accountability in the standards framework, voluntary sometimes feels soft as if it is optional. But the term is used in business, in fact, standards develop through a voluntary consensus process that businesses can be fairly muscular. They can include schemes that are there to identify whether products and services conform to those standards. Those conformity assessments and vehicles like product marking and other things can be used their businesstobusiness relationships. They can be part of their own procurement requirements and so forth. That is why these standards have a powerful market effect because they drive these interactions. I dont think we should believe that because business is in charge of these standards environment that it is going to be weak. I think, as long as the accountability is there for the underlining Cyber Security performance i think they will make sure there is a robustness there. They can make sure their supply chain is not undermining their credibility. There will be uneasiness in adoption and that is one thing well continue to monitor with the stakeholders and with our federal partners. In some cases it might be willful and in other cases it might be the size of the company. Small businesses face different hurdles than large companies. Hopefully, that is part of the framework and the partnership. Before secretary napolitano answers, one thing i would come back at a little bit, the analogy breaks down. If you get the seal of approval, that helps you a competitive product that does havent the seal of approval doesnt cause you any risk, where as within an industry, again, Critical Infrastructure in particular, the weakest links could not only provide a way into your company even though you have the seal of approval. It could cause harm or in addition you might have the weakest link that causes such a problem there could be industry wide reprocushions because youre not going to have any provisions. Secretary napolitano . I think there is a risk here. The risk is the free rider risk that all who need to be involved wont invest in order to be involved. I think it is a measured risk compared to a process that is an open prosecution that involves industry from the getgo. That really aligns well with what weve done on the physical Security Side and with what they have done in terms of other types of standard seting. Why wouldnt a company participate . One reason is they themselves do not have the technology know how. They dont have the i. T. Personnel and the like to really be able to participate. One of the thicks we will be building and encouraging through this is the exchange of best practices. That exchange among those in the market, actually can help smaller entities are or those who have not invested what they should have already. Finally, as i mentioned in my opening, there is not just a Good Housekeeping seal of approval incentive that we can build, but again look at procurement preferences and acquisitions and the like that, at least the government is a consumer of these services can be helpful. As you identified, this is legitimately a risk. I believe that this collaboration ought to be industry led. I think there should be an enforcement mechanism and some legislation that was introduced last week, some legislation that had teeth to it. As mr. Gallagher said, you can have legislation with teeth that is industry driven but you have to have an enforcement tool. I want to followup with your question. Your statement. How do you make sure that they are able to get the intellectual product that is created by, you know, the large utility versus the small world utility if the large utility is spending lots and getting the best Cyber Security system in place. They may be reluctant to share that benefit with partners who are free riders. How do we get over that challenge . Their participation and the construct of the fame work. Because the agency is neutral in the ultimate framework but the framework itself provides a way of all entities involved to exchange information. I think weve seen that happen in other active tys the process itself could help active tys the process itself could help im not sure i got the answer there. Some are better than others. You got this to be constantly evolving. We get standards that are accepted and how do the new moves in that Cyber Security industry break in if you have a government established standard . Somehow we have to figure this out. Do you have any thoughts, mr. Gallagher . Thats one of the reasons we dont like to have government set standards in the United States. By law we have a preference where federal agencies look to the private sector standards. They tend to be more dynamic because they are going to keep looking at that. The attention that you pointed out that it is a com petive market competitive market. They are incorporating their market and standards because the market would accrue to them if it is widely adopted. But the standard processes have learned to adopt to those type hoff standards. That is the type of diplomatic standards. We will be not replacing that function. The framework process well be engaging existing standards in organizations and lev arging their expertise. I ran over my time. Im still not sure how we work that out. Very quick question and i will turn it back over. When we think about Cyber Threats, those intellectual property threats and those threats that could interfere turn on and off operations, do you prioritize nature of threat those that are passage stealing versus those threats that are able to shut down Critical Infrastructure, for example . Please be very brief in your response please. In some senses yes. I can explain later when there is more time. That was good. Thanks. Theres a second vote. Thank you. One of the things, you have this great big agency, do you feel like you have the authorities that you need right now in your position to actually accomplish what we need to do, especially when it comes to skibet Cyber Security for the government . I think some reform would move us out of the paperwork generation into the digital age. The ability to do hiring equivalentcy and the sort of hiring that the n. S. A. Could do, realize in this realm civilian capacity needs to be enhanced. Were going to manage most of this through civilian capacities, which some utilization of the n. S. A. We have those arraignments made. On that personnel side we will need legislative assistance. Do you feel comfortable, im not asking this question so you make a criticism of the executive order. You think we have the proper balance of protection Critical Infrastructure . Within the executive order. Were going to help that but what is your feeling about that . I think overall, yes. I think our key interests in this partially response earlier, the protection of the country to the cyber threat that could cause loss and in the worst circumstances endanger life. We need to be concerned with that. That kind of investment may not be as marketable or return on investment oriented, say the protection of your intellectual property. I think theres an easy economic case, this is better for us, this is better for our bottom line it is part of are and d process. In the security process there is an element that is not immediately reflected on the return of investment. We do the theft of the intellectual property, the counterfeiting, all of that, those kinds of cases, but where we are focused within the security of the United States is really on fundamental attack, that fundamental athach that could shut us down. You have all of these responsibilities and were coming up on the 10th anniversary of your agency. You have some real challenges. I mean, they are documented. Do you can you assure us that youre seeing improvements in those areas and youre making the management address those criticisms that have been rightly leveled in terms of difficulties within the agency. Because youre ability to respond to those has a lod to do with the a lot to do with the ability to carry out the executive order. In terms of management of a department that was brought together out of 22 agencies and is still relatively young. I think weve worked closely to tighten the Management Department wide. I can also share with you theres been no part of the department that has expanded so rapidly in terms of capability and responsibility than the part that deals with cyber and that is because of the continuing threat we face. Now with the e. O. , we will take on more respodgets, many of these are responlts many of these. I have been impressed with the employees and the people that have given us the briefings that we. There is no question to their service. Before my time is up, i would ask you leave people here to hear the testimony after you leave, if you would. I think some of this is spoton. Having this outline where they see the problems and having someone in your Agency Hearing it and reporting it to you i think it would be beneficial as you work to implement in what youre charged to do. Happy to do that, senator. Thank you. I second that request. Senator from massachusetts. Thank you, mr. Chairman. My first question secretary to you, i would like to say thank you for your testimony today and with your partnership. You and your team is very helpful to us. But the issue at hand, forgive me if i cover territory that was covered while i was away. I want to cover Cyber Security as far as the weakest link in the chain. Were going to hear testimony today about, this is my description about the platinum level of security or focus on Cyber Security that they employ. Thats a strong link in the chain. While that may be true of dow chemical eastern companies, is it fair to say that the failure of any Market Participant when it come comes to Critical Infrastructure, to improve their defenses on the Cyber Security side, leaves us all exposed and leaves us exposed to significant cost and also significant security concerns . I think our efforts are to have everyone raise to a certain base line standard. There might be entities that do more than that but to a certain base line. That should be attached with greater real time information sharing. Information sharing is a big part of this and exchange of best practices, new technologies and the like. There is no mandate per se in the executive order so we are getting at this through a cooperative voluntary regime. I just want to be clear, you do believe there is value in that minimum base line standard across all players in this critical sector. Is that fair to say . Yes, i think there is value because what were trying to to do is in a realm where theres increasing numbers of threats we need to be prepared to prevent or respond and mitigate any damage. And perhaps, a question to you mr. Gallagher. I talked to a number of folks with knowledge in this field about privacy and Cyber Security issues. The point has been made to me that the Market Participants should play an Important Role with the government in establishing base line standards out there and there should be the ability for the players to have significant influence out there. We may never get to a point that we address Cyber Security because of the difference in scale of entities and the difference of focus. Would you agree with that assessment . I think if it does not done quickly that could happen. I think the challenge is when they meet the standards that means theres an accountability to the private sector of that performance. In other words, its not the same thing as saying theres an obligation of rele spornl by saying we want their help in doing it. It starts with a process where we try to articulate the standard performance that we would like to engage on. Then industry who knows the market and understands the technology attempt to respond to that. In the final andal sis the private sector will have to evaluate if that meets the publics need to secure the u. S. Population and respond accordingly. We do this have often. I think it is not uncommon for Government Agencies and regulations to depend on the private sector. In fact, the private sector wants to be responsive to that generally because they want their efforts to be aligned with those needs. Thank you. Senator johnson . Thank you, mr. Chairman. Mr. Gallagher, i was actually pleased to see in your testimony that you said the approach did not dictate solutions but facilitate them. I think that is one thing that bogged us down last time when we tried to pass a Cyber Security bill. This is the a question for both of you. As you have gone around and talked, certainly my input was the last time around there was a presumption that the business had to be dictated to. I come from an industry, i think businesses want to protect their cyber assets and has a lot of valuable information. Can you give me your evaluation on that, how willing is business how often do they have to be moved along more forcibly . In general, the responsible business players recognize the multiple business involved and our work is furthered when there is a collaborative atmosphere. No one is benefitted when there is a major or successful cyber attack in the United States. Were approaching it from that dimension. This is a National Security issue, which is it. Were leaving it to a collaborative process to help resolve. That is a first. Usually when security is concerned it a government, topdown philosophy. This is a bold experiment in that regard. But i think this can work and well make it work. I will confirm that. I dont want to talk about the irresponsible players but my reaction in working with business leaders, particularly with Critical Infrastructure, they feel they have to protect the public. This touches on comments that senator warner raised as well, this will work best of all when good Cyber Security is also Good Business. When that alignment occurs, i think that is when the magic happens and this works very powerfully. That is related on this discussion on incentives. One of the things that can come out of this process, says this is an industryled standards effort, we will be monitoring those efforts where it seems to be a headwind that is related to maybe other incentives. I think that is where this wins most dramatically when good security is also Good Business. The last time around the regulations were stated to be voluntary but businesses viewed that as saying voluntary but pretty courtersive. What has changed because it sound like the reaction from the businesses has changed . I think one of the things that happened is there was a process led by the white house to engage business in the construction of the e. O. Itself. So it didnt just kind of spring from the head of zeus. The second thing i would mention senator, we didnt stop work because the bill failed. We were all ready, all summer, working on how do we make sure were looking at adequate cyber performance goals and what could standard setting look like in this regime. That gave assurance to some in the Business Community that were engaged in a collaborative process. One of my assumptions that the word comprehensive is makes things more difficult around here. It could be enacted in a step by step basis, do you agree with that, does it have to be comprehensive . I think you listed the five piece of legislative actions that are required but is comprehensive required . If it is not possible to get that can we go step by step . The problem with Cyber Security, youre talking about a system behavior so in the end you have a problem that is a chain of performance. Youre as strong as your weakest links. That is why you have to think about the whole. Youre right, i think you have to set priorities. The executive order and this process will allow that to happen. Clearly, part of this is dealing with known threats, known vulgar abilities just good cyber high jen. Some of this is putting in the tools that allow it to adapt to Cyber Security. Some of this is how do sectors specific organizations address their requirements in their context to protect the public, so it is a complicated challenge but you have to work at it in pieces. Thank you. Thank you been thank you to my chairman and Ranking Members. Im new to the senate and new to the homeland and senate committee. Back in my House Service i had the opportunity to serve on a committee where i started to become more aware and sometimes more alarmed of our need to protect our Critical Infrastructure and threats faced by cyber penetrations and etc. I look forward to the opportunity involved in this issue moving forward. Looking at it more broodly than just the broadly. In that, i want to start in your testimony you referenced the Cyber Security and integrations center, which is a 24 7 Response Center for potential Cyber Threats. I wonder if you could describe for me in greater detail the functions of this center, what sort of business it is seeing. If you could highlight a few stories of success that have been achieved through the creation of the center. We refer to it as a 24 hour watch center. It has 24 partners on the watch center. F. B. I. Is partners there and were partners with the f. B. I. And their center as we partner with the n. S. A. As well. When you think about roles and responsibilities the d. H. S. , the f. B. I. And the n. S. A. Have really figured out for themselves the lanes in the road and how to one call is a call to all. It is constantly getting information, it gets reports from the private sector, it sends information out, it deals with mitigation efforts, it deploys teams to mitigate damage, particularly in the area of Industrial Control Systems. It really is our Key Information collection sharing analysis area in the cyber realm. One recent area weve been heavily involved in is a state of attacks against the Financial Sector. Assisting them in responding and also helping them to work around the attacks they are experiencing. I would invite you or any members of the committee, we would be happy to host you so you can see what has been built out there. Thank you. You mentioned in your response working with industries that have industry control systems. I want to ask a related question. I was talking about my experience . The house i understand that the financial as much as industry has the best protections in place against Cyber Threats and certain other sectors that are protecting essential infrastructure have more last protections in place. I guess im wondering how the best practices from Financial Services industry can be applied to other sectors and to what extent the absence of Industrial Control Systems in that sector hinder the application of those best practices . What can go across sectors and be learned and the fact that they dont have the systems in the other sectors . One thing about cyber is that is not they about sectors, they are interconnected. We live in an interconnected world in every respect. There are things being done, the Financial Sector that will easily migrate to performance goals and even into our framework. Can you mentioned some of those so i get a clear sense of what can migrate easily . We would be happy to provide a briefing for you. Somethings migrate . And some that dont. One of the things we will be working on is, these performance goals and as we engage in this process, what does a framework absorption by way of things that are interconnected and apply across the spectrum . When thou go to the senator, it will be the end of the first panel, we have come through here a long time. It was my fault, i apologize. I use that in the plural. Thank you for your leadership on this. Always good to see you. He mentioned something in your Opening Statement about the sequester. Some of the adjustment youre going to have to make this year. Can elaborate on that . Gosh the sequester applies count by count across the government and limits our flexibility in terms of where we put resources. The result, for example, we are looking at 10 12 reduction. In terms of being able to fill vacancies, we will have to delay the deployment of the next generation of security for the civilian aspect of the government, the e3a program. We are not going to be able to meet the deadlines given the lack of resources. Those are two concrete things i can give you. How are their impact from the sequestered . The reduction, the main role of executive order is one of convening in technical support. By pitting this so it is a driven process, i hope there is a minimal impact on the ability to deliver the framework. The real impact of the budget in this case is going to be a long term. I see the process of being a continuous one, and i hope it doesnt impact the ability to give technical support. That was my question for you. If we do Cyber Security, you and have an ongoing role, resources have to be a consideration for you. Have you thought through how youre going to manage that . He managed that by setting priorities. The priority in supporting standards coordination are to support the highest priorities of other agencies. The role in supporting standards is one of direct support. It is hard to see that Cyber Security is not going to be at the top of that list. I understand. That is a concern of the committee here. Next month, youre having a public workshop, i believe. What you hope to accomplish . How will that be the only one . It will be one of several. We anticipate of least for workshops over the next eight months to develop the framework. We learned from the Cloud Computing efforts, these type of robust workshops were a very powerful way of bringing together the stakeholders because you have got to put a mix of stakeholders in a room and hammer out some of the issues. There has to be direct negotiation in the end. The first meeting is organizational, how we set up the framework process to be productive. We will be looking at the performance objectives, how we organize the effort so that we can produce the initial framework. Is this a workshop for Public Sector or public and private . We will invite everyone that can contribute. In the case of these margaret, we had over 1600 People Fairly quickly. They could be quite large. Is that state in local government . Thank you. I think the chairman wants to say something. But stay for the moment. Thank you for coming, thanks for your work. Our reporter asked me if the executive order can be seen as an excuse for us not to legislate. I think it is essential for finishing the work that we began in the last congress, and i encourage that we have moved even further. Of course, we will get this done. I share the sentiments and i am grateful to you both. It is probably not the thing he most in joy in life, but you are very helpful, youre both very smart. Thanks a lot. Our second panel i pray that i get this right. Is that a thumbsup or thumbs down . Director of Information Security issues and the accountability office, and all of us. And also the chief sustainability officer, Business Services and executive Vice President , we welcome you. Are you friends . Why dont you go first . Thank you, chairman carter. I am the chief Information Officer and chief sustainability officer for the dow chemical co. And we would like to provide our view on the state of sever security today. If they regularly have to manage security issues, including corporate espionage, property theft, tax and our system, and the cyber criminals. The companies will also be prepared to mitigate terrorism than they have severe physical or financial consequences. As an example, we monitor and logged 300 billion generic Network Events that day. This is down to 300 investigations each day, it results in 10 mitigation that we have to address. We manage an incident a month with a team effort and a multi day event. Companies have a vested interest along with the duty to their stockholders, employees, and communities to protect their facilities and intellectual property against these intrusions. We must approach sever security to deploy an investor of an investigative event and criminals behind these events. The dow chemical co. And many other Chemical Companies have made significant investments in areas to improve security. The American Chemistry Council devised the Security Code that requires companies to be in the best practices for both cyber and physical security. The countrys infrastructure can be addressed by moving forward in a policy that strengthens collaboration between the federal government and the private sector. These principles are advancing more specific and timely information sharing between government and among industry peers. Reasonable protection for sharing threat in the attack information between the government and other companies. It will lead to aggressive pursuit and prosecution of cyber criminals. It is not specific legislation, technologies, or methods. Legislations that set up significant resources to comply with this kind of framework and addressing the risks we need for mitigation, issues around Cyber Security are in constant flux and require vast space responses. Complex mandates will only slow the advancement of risks and Management Systems. Effective sever security in physical sharing must be linked together and it must be timely, specific, and actionable. Information provided by the private sector government should be adequately protected. The protection afforded under the support by fostering Innovative Technologies for the safety act of 2002, we think there are appropriate for consideration for Cyber Security. I was asked to comment on the executive order to improve Cyber Security. The initiatives included in the order, i believe we need to do more in the long run. We want to provide reasonable protection for information sharing for a broader based sharing in the industries and the government. Leveraging and Security Standards is a good idea. I think this reflects a good sentiment approach. We need to recognize the specific approaches and a willingness to build private sectors are important and this cant be a one size fits all industry that were trying to manage. Section 9, the declaration of risk and the reasonable incident needs to be better defined because we create a large list of risk that is prioritized within a sector and pushing standards into that sector that is trying to manage the systems that they have to deal with for physical and Cyber Security. There needs to be more clarity on the position that the secretary shall not indemnify any commercial products or Consumer Information technology services. We need help making this a successful endeavor. The concept of a partnership is to Work Together on a common goal. It should not be measured by how many regulations we create but how much progress remake progress we make. Thank you. Now we go to greg. Chairman rockefeller, Ranking Member coburn, other members of the committee, thank you for the opportunity to testify on Cyber Security. Federal agencies at the Critical Infrastructure have become increasingly dependent on interconnected systems and carrying out the essential operations. This dependency also introduces vulnerabilities to cyberbased threats. They can have a potentially serious impact on operations and Services Provided by the private sector. We have once again designated federal security and Critical Infrastructure protection at the governmentwide highrisk area. There are several challenges to secure the systems and the assessment of the Cyber Security strategy. But before i do, alike to recognize several of my colleagues instrumental in developing the body of work by which the statement is based. With me, they are back in the second row. They made significant contributions. Cyberspace addressed the systems, supporting Critical Infrastructure and operations are evolving into growing. These come from a variety of sources including the other insiders, criminal groups, hackers, and these sources vary in terms of their capability, willingness to act, and motives. They can originate from around the globe and adversely affect economic and National Security. Over the last six years, the number of incidents reported by federal agencies has increased from about 5500 in 2006 to 48,562 in 2012. An increase of 782 . These incidents and the cyber based attacks against businesses underscore the need to bolster security at the critical fiber assets. The federal government continues to face challenges in effectively securing systems and those supporting Critical Infrastructure. Actions have been taken, issues remain. A longstanding challenge has been designing and implementing riskof based security programs at the federal agencies. Another challenge is identifying standards for Critical Infrastructures and other challenges that included detecting in responding to Cyber Incidents, securing the use of new technology, managing risk that the Global Supply chain. The federal government has identified a variety of documents that were intended to articulate a Cyber Security strategy. That has not developed a strategy that synthesizes the relevant portions of these documents or provides a comprehensive description of the strategy. In addition, they sometimes do not incorporate desirable characteristics that enhance their usefulness. It generally includes elements such as the definitions, goals, and objectives. The have not always fully addressed the milestones, the cost and resources of the responsibilities, and other key strategy documents. We recommended that the white house Cyber Security coordinator developing an overarching Cyber Security strategies that address fall pieces of characteristics will address the cyberchallenge area. The president issued the executive order on improving infrastructures and Cyber Security. The executive or is addressing challenges for Critical Infrastructure and sharing information. It is too soon to comment on effectiveness, the specific responsibilities in a specific individuals with specific deadlines provide clarity, responsibility, and a means for establishing accountability. Addressing the ongoing challenges and affecting Cyber Security in the government as well as collaboration with other partners requires the federal government to better identify and the strategy that addresses and identify as challenges for overseeing agency and risk management. This concludes my statement. This will be to either or both of you. This is a question of what i consider a desperately bad situation for Cyber Security across the nation. A Business Executive that was a very good friend of mine is a company that i know very well. They came to see me not about this subject but about what his company had a concern about. I ask you, how are you and how do you take care of yourself . He said we are flying. Fine. I know him well enough and i can read voice inflection. I do not believe he meant to say that. He meant to say it, but he did not believe it. His was one of the most vulnerable of all the industries that could be affected by the tax. By the attacks. I noted in my mind that there was a lack of selfconfidence and a lack of interest, and it was not believable. I might have been absolutely wrong. It leads me to this question. None of them come to anything unless there is a work force that is trained to the specificity of everything from standard to what you do about intellectual property. The whole range. When we were starting with the internet and people did not know anything about it, they knew it was important but they did not know anything about it. What should be done to get our country up to speed on training Cyber Security . I will take a first stab at it. This is an issue for the nation and for the federal workforce. We issued a report last year on capital work force issues as it relates to Cyber Security. One of the key things that came out was that while agencies were generally able to fulfill many of the Information Security positions, where we have the most talent was identifying those individuals that have the Technical Skills in order to effectively implement security at a technical level. There have been of a couple of initiatives under way that were intended to improve work force and insure a better training for individuals as well as improving Cyber Security early on through k12 and onward. One is the initiative that ran out of these. It is one of the areas that the Younger Generation is more technically literate than i was at that time. Grinning on the early curriculum and carrying out through the work force, making sure we have the appropriate Technical Training to develop and grow the work force to address the Cyber Security challenges of the day. I would say that when we lifted the force, it is very technically oriented in terms of scientists and we need to foster the development of that kind of capability. A lot of the aspects of science and technology, some of the early challenges, people address this as an enforcement issue and it is more security oriented than the technology underlying it. I think the general view of the skills that change over time, having a grounded background in computer technology, science, math, these are the things that you need to get people to work on this all these problems. We can invest in a lot of different aspects of prosperity. How many years will it take . Week and higher paying a premium we can pay a premium, we have contractors that work in this space. Getting the work force for the next generation in the next decade, i think that is the critical issue for the government. That is where we have to educate. Senator coburn suggested you may be a good witness and we thank him for inviting you. We know that dow has a significant presence in our state. I think the first question i will ask would be for either. I know a lot of people, you help us do our jobs. Before the administration showed the executive order, if you had known that when it will look like and created this kind of testimony, how would your report have changed . I do not know if it would change much other than identify this is a another strategy for the administration. It is one of the key challenge areas that have been identified in the past. It also will help in terms of the other challenges, particularly those in the private sector. Part of our strategy, focused on just one component of an overall strategy. There should be an overarching strategy that integrates this executive order with the other strategies. One of the things is that it assigns specific responsibilities to individuals. It also gives them specific deadlines in order to perform those activities. It remains to be seen in terms of to what extent those activities are implemented effectively. We can put the two together. And what we have done, that is a pretty good strategy. If i could, i think you mentioned the word protection and whether it is a chemical industry, i asked the secretary about liability, and you said it is more than liability. He might have mentioned expediting security clearance. Talk about what kind of protections that you are looking for and that they need in order to feel more comfortable with being invited to participate. I think the protection goes both ways. One of the things that we look out over the years is building a technology base. The thing to make this all work is that unique competitive intelligence. We dont have the resources or structure to make that happen. To get the government to share within the industry, specific areas, it is a critical issue. You should think about it in both ways tandwith antitrust. When there is an incident or an issue, there are some other areas. I think that view of liability, it actually can apply to cyber. You can actually get liability coverage and fall under that act for us. Report gaos recent already talked about and highlighted some of the persistent shortcomings of the federal governments management of its own Cyber Security which begs the question about them directing what the private sector should do. I want to go back to a 2010 report in which they reported the private sector expectations are not being that for the government. Only 27 of private sectors survey responded and met the expectations to a great or moderate stand. Of those receiving information, there was concern that it was not tailored to each sectors needs. Information to be useful. I would direct this first to you. In what areas has the government made progress in sharing information with the private sector . And do you have further recommendations . Click that is a good question. We have followed up on our information made out of that report. We have found that dhs has started to implement a couple of them, that it remains a challenge area. Dhs has taken a number of steps. The secretary earlier mentioned about the nkeg. That is an area in which it has started improve the sharing of information, through that mechanism. I also heard where dhs has issued a relatively large number of security clearances, which can help facilitate some of the sharing of information. But challenges still remain. We still find that, for example, it has not yet developed a predictive analysis capability, which would help lead to providing threat information, alert information, to private industry. As mr. Kepler indicated in his prior remarks, it seems like that is still an area of improvement that can be made on the part of dhs and other federal partners. Preks mr. Kepler, do you feel you are using mr. Kepler, do you feel you have timely and relevant information from the government . Likes we do not get spit we do not get specific information. When we get to the point that we can mitigate something, to get back to who it was and where it was, and how we can address it in the future, that is rarely, if ever, given or known. We talked about industrial espionage. There is clearly, from the governments viewpoint, nation sponsored espionage going on. I need the help of the government to address that. That type of information, and how to deal with that collaboratively, we do not get. Collects let me add an element to a comment that is probably missing, aching sure that dhs and federal partners have a Feedback Mechanism or loop, where they can solicit and receive feedback from private sector partners on how well they are doing and providing cyber information. Collects how important is information sharing appear among others in the industry dax how is that working today . How what is needed to improve it . Most of the industries in Critical Infrastructure the challenge is to start to work across industries. Obviously, you look at cascading issues with power, with i. D. , to be able to share information. To bridge those stovepipes needs to be improved. What is your biggest concern about the executive order implementation process . One concern is, to my point a minute ago, this is cascading. When you think about a significant failure, which is part of the risk the executive order is supposed to address to me, the thing we have to rely on is the ip suppliers and government, to make sure the Communications Networks work. That means we are focusing more downstream than upstream on what the fundamental issue is. Most of the area needs to be around cyber, the infrastructure we are building around the internet, and how that is being managed. We all rely on that, including the government, to work. The standards have been talked about a lot. Transparency and how we are going to do Risk Assessment or is the gross risk of what could happen, but understanding what has been mitigated. I am concerned about how you develop a list of highpriority risk, to identify and start to apply the resources you are going to apply. You can create an environment where you create a list of generic issues, and risk things. We do not know how to get off that risk list. We have been under the physical side, and we have yet to get sites authorized, in terms of getting assessment against their authority. You add cyber into that. I think in the next half a year to a year, to try to get all that Risk Assessment done that is an area that can have unintended consequences, unless we think through that clearly. Let me follow up on that. As far as i am concerned, so far, it has been a failure. We have spent billions of dollars. We have very limited accomplishments there. It is not because we do not intend to. Ciber is five or six times more complex than that. If dhs cannot implement, and there has not been the same type of cooperative work in terms of standards in other words, one of the great things about the executive order is, the president did have the staff say, bring industry and tell us what to do. There was upward communication. That was somewhat lacking, in terms of the cfad, and is still lacking, in my opinion. What is your confidence level on dhs on cyber . I guess that is my point. If you look at the way it is laid out and put together, i think it is a sound thought process. We support the concept of cfas. Do you have the personnel to work on that . As it relates to realities out there in cyber, we have process control systems, technology, report cards. The issue is, do we have a confident structure to evaluate those risks, and then do the assessment and government to collaborate with it . That is where we need to improve. My impression is, it is more an oversight issue than a legislation issue. Mr. Wilson, i made, in my Opening Statement, a comment that we have not seen a report on fisma, or whatever you want to call it. You all found that only eight of 22 agencies are in compliance with that. That is a decline from 13 agencies in 2010. What is the problem . We are also looking forward to receiving ombs fisma report. It usually provides a lot of information, especially where the igs conduct overviews. That is one of the issues where, we have found, over the years and why we have been designating federal Information Security as a high risk area since 1997, because of agencies i wont say inability, but lack of success in meeting the requirements for securing their systems. Let me explain what that means, so everybody understands. Only eight federal agents, at this time, out of 22, meet the guidelines for securing their network. One of the statistics for assessing the risk, which kind of gets to mr. Keplers point. Agencies that is one of the challenge areas. It is not an easy job, in terms of implementing security over time. The environment is constantly changing. New technologies are being implemented into the computing environment. The threats are becoming more sophisticated. And Business Practices are changing. At the same time, it is important that the processes that agencies implement the appropriate processes. Based on that risk, cost effectively reduce those risks to unacceptable level to an acceptable level. Make sure they are tested and remain appropriate. If we do not assess the risk appropriately for the very beginning, has a cascading effect, in terms of other controls. Plus, it wastes a ton of money. In the federal government, we spent 64 billion a year on i. T. , and essentially 60 is wasted, because we do not contract appropriately. President bush issued hpsd7, pertaining to critical information and cybersecurity, including information sharing with the cyber sector. The us was 2310 years ago. It this was 2003, 10 years ago. It assigns dhs similar tasks to those the agency was given in 2003. What is different . A couple of differences is that hspd7 primarily focused on counterterrorism, whereas this particular executive order is looking at a more broadbased threat vector, if you will, including resiliency, and the light. The like. The other difference is that niv has responsibility for creating the Cybersecurity Framework. Hikes actually, they are responsible for creating voluntary standards that are going to be maybe not so voluntary after they are created. That are labeled voluntary for a Cybersecurity Framework. I believe it is up to dhs and sectorspecific agencies to develop a program to help encourage adoption of that framework. I am over my time, mr. Chairman. I would like for you to make a recommendation to senator carper and i on what you would see as the best oversight function we could have, in looking how the president ial executive and the executive order is carried out. This is a complex area. None of us are computer engineers or electrical engineers. And having that guidance from you would be very helpful for this committee. I would be happy to talk to your staff to do that. Thank you. We share that information as well with senator rockefeller. Next in order senator cowing is next in order, followed by the senator from new hampshire, senator ayotte. Thank you for your appearance and testimony today. My first couple of questions are to you, mr. Kepler. Thank you for coming in. I hope you did not mind me referring to you having a platinum system in place. A couple of things. I wonder if you would tell me if you agree. It has been said that 85 of our Critical Infrastructure is owned by the private sector. If that is the case, would you agree that if the owners of that Critical Infrastructure fail to harden their systems, and we are subject to a cyber attack, that disruption or destruction of those systems could carry catastrophic consequence not just to private industry, but to governmental sectors . Do you agree with that . Yes. There has been a lot of talk, and i think a lot of agreement, that there is a need for more and better information sharing, and issues surrounding that. Do you think are you satisfied, from your perspective you look at these issues not just for dow, but for private industry as a whole. You think if we have better information sharing, and some of those protections, we will have done enough to ensure that, at least at a minimum level, we are doing enough in the government and private sector to thwart Cyber Threats . I think the information sharing is the one that lacks the most. The reality is, if you think about how you mitigate risk in general, it is around applying technology, creating disciplines with standards and Management Systems, and having information sharing about what is going on externally. Over the last 10 years, we have built up capability, and the standards have evolved and not. The industry developing operating discipline around this is healthy. What is missing is a willingness to share technical information. We are getting attacked. We do not know who will. The threat has changed in the last five years. There are resources that need to be addressed. I think information sharing is a key area. I think the Management System around this we have a lot of rules. I think the Management System i think government has to help step up and address. In my prior job in state government, one of the things i had to do was to oversee the regulatory process. It used to tell the team that the agency has two, before you regulate, hesitate. Inc. About the cost and the impact think about the cost and the impact on businesses and others. When you think about overly prescriptive, what most concerns you that legislation might do . When you talk to Companies Like ours, big companies, you go to some of these sectors, and there are more than 50,000 companies you have to deal with. Muni structures, if you are in water. One size does not fit all. You have to be able to assess the risk. The infrastructure is not all winked. You have to prioritize this. For me, that is the key area you have to work with the sectors on. What enemy are we trying to fight . What problem are we trying to solve . What are the highest risks to work on . That is the key area that needs to be addressed, or we will be applying standards to areas with low priority risk in that approach. Do you have a viewpoint of whether if we had a floor, a baseline that everyone could look to or try to adhere to, that might better aid us to address the concerns . That is my point. You have to have some commitment, some base floor, on the product to provide people, and how they get configured, and a responsibility and operating base on how you work on it. Dow can bring these technologies in. But a Small Business that may be linked into a supply chain of Critical Infrastructure cannot do that. I think that is where some of the industries who supply those products have to be involved, because they are smaller businesses with the same technologies that consumers use. A question to you in the first indents instance, and maybe you can answer as well. Ticking up off the executive order the president issued last month, you spoke about the collaborative effort between industry and government to come together and Work Together on some issues. I wonder if either of you have an opinion about how useful it might be to create a task force composed of government, Cyber Security experts, researchers, and tech vendors to contribute to a database of Cyber Threats that could be accessed by industries in real time, or issue alerts . And you talk about information sharing, is that something you are thinking of conceptually . Preks conceptually, we have us cert. We have nyack. We have the standard committees to work through. I think there is a cultural issue on information sharing. Government does not want to share it. And business is reluctant to share it. I think the legislation passed to go with the cultural aspect, and deal with the issues that have been excuses and on our side. And the ip protection, and those things. Government, from an Enforcement Point of view, you are nervous about giving up your percent of the criminal. Government is nervous about trying to manage secrets. We have to create an environment where we can share Key Information on these threats. That is the critical issue. I would say there is precedence, to some extent, in that there is a database called the National Vulnerability database. It is not a database of threats, but it is a database of vulnerabilities that include, for example, software defects, defective software, and mis configurations. Many tools are used to scan devices. Draw from that database to look for configurations and systems. Thank you. Forgive my indulgence for going over my time. Thank you for coming early and staying late. Thank you, mr. Chairman. I want to thank the witnesses for being here today on such an important issue. I wanted to ask i have served on the Armed Services committee as well. Baa systems be ae systems bae systems are one company and our state, and they have invested over 100 million in their cyber defenses, which compared to dow is probably small. One thing they brought to my attention is that they believed that the interaction they had in the pentagon, with the pentagon, that they believed they had a word class world class ability to share information. They are a defense contractor, so that is a natural partnership, that there was a good collaborative model. One of the worries i have had, in thinking about this i am new to this committee, and learning. I know there has been a lot of work done by others, and i certainly want to understand that work. As i look at the gao report that was issued, i appreciate the work you did on that. You talk about information sharing difficulties in dhs. We have been talking about some of the concerns we have about dhss capabilities. Are we trying to use any models from the pentagon . Also, it worries me that we are going to have to replicate something that apparently, in the pentagon, we are doing fairly effectively. How do we take those lessons . Can dhs get to a point where it is, frankly, as effective as some of the work being done at the pentagon . That is an excellent question. Indeed, the Pilot Programs you are referring to, called the dib Pilot Program, meaning the Defense Industrial base, we issued a report over that program. As it happens, we have also made an a recommendation in a report that will be coming out soon, so i cannot really talk about it yet the executive order has a line in it, i think under the information sharing section, to look at that program, the defense program, and expand it to the other sector, or the other Critical Infrastructure sectors. That is one of the activities that is planned. Do you think that dhs will have the current capability to do that . The pentagon is obviously in a situation where they are dealing with a National Security threat , but Industries Like dow art dealing with interNational Security threats. What is your assessment on dhss ability . I understand there is a command to do that in the executive order, but how can we help them do that . What is your opinion on what the difficulties will be with that . I do not think any of us want to invest in replicating things that already exist in the government, given the physical constraints we find ourselves in. It is Good Practice to learn from the efforts of others. What did not work, as well as what did work, and apply those lessons as you perform your own. Certainly, there is a lot of in a fit to doing this, including for that particular Pilot Program from dod. In terms of dhss capability to do that, i guess we will actually find out. I must say that i cant really give you a clear answer on that , as we have not examined that particular issue. Their success in other programs previously has been, they have made some progress in several areas. As gao often reports, more needs to be done. That worries me. I hope that is something we talk about more in this committee. This is such an important threat to our country. It cannot just be, we are not sure. We obviously need to Work Together to make sure we can prevent the threats facing the country, and also our businesses, our Economic Growth. And i would say, mr. Kepler, one thing that i certainly, in reviewing the executive order, want to understand my prior life, i was an attorney general. Thinking about Liability Protection for the private sector, how does any executive order fully get at the type of Liability Protection that the private sector needs, in light of the fact that, presumably, it is not just Liability Protection between the government and the industry that is being regulated, but also the Liability Protection of third parties . I think that is the challenge. In my comments, i said that is an area where legislation may be needed to address that. If you think about major things like terrorism, i think there are vehicles you can use. I think there are a lot of issues around intellectual property and legal things that are not really defined, and you start looking at issues around espionage and nationstate sponsored commercial espionage. I think that is something you have to think through from a legislative point of view, not an executive order. When the prior legislation failed in the senate i think we all want a bipartisan way forward to address these issues. There certainly seems to be some areas i know the Liability Protection is something dr. Coburn has already talked about. We do a lot of comprehensive around here. If there are certain areas we can come to agreement on, we should move those immediately, and then come back to other areas we need to address. I hope his committee, as we Work Together, will do that, and move forward to having that cooperation. That is my commentary on it. I am sure that my time is expired, that i appreciate the both of you are here today, and i look forward to following up with you and learning more about how we can effectively accomplish that. I thought those were good questions. Thank you. We are going to have another round, if that is ok with you. But you have not finished. Another round is going to take 15 minutes. Does that work with your schedule . How about another two rounds . Whatever you need. One of the things i like to do at the end of the hearing is sometimes to ask witnesses what you have learned from our questions or some of our statements, what you may have learned from the other panel. What are your takeaways from this . The other thing i would ask you to share with us is, what should be our takeaways . When i speak to a group sometimes, i like to tell them what i have told them, and then i tell them what i told them. You have a chance to be part of that. Before you leave, could you sum up at the end . What are the Key Takeaways . For me, a key take away has been a friend said, i like when Cyber Security strategy is Good Business strategy. Then, we will know we have really gotten somewhere. There has been a lot of back and forth on information sharing. As senator ayotte said, she was attorney general for her state. I asked someone on her staff, why do we do a better job why dont we do a better job of information sharing . If you are the fbi, trying to bust a drug ring, you may let a deal happen, just in order to move up the food chain, and go after the bigger catches. I do not know if that is what is going on here or not. One of the messages for me, one of the takeaways, is information flow has to be a twoway street. I take that away. In terms of the capability of dhs, i have been hosting a series of briefings. We have dhs coming in. We have the fbi. We have the National Security agency coming in. We are looking for ways to improve the capabilities of dhs. His is not 10 years ago. They have gotten some good people and have enhanced their capabilities. Improvement is always under construction. Obviously, they have more to do. I know i can always do better, and certainly that is true for them. What are some good takeaways you would have us be reinforced with . I would follow your last point, to comment that i look at the scope of dhs, and the challenge they have it is daunting. I appreciate the work they are doing. I do agree that the competency of the organization has improved over the years. One of the challenges, i would say, is we do keep changing the rules a little bit on the number of commissions and structures and groups and things. I would like stabilization of that, and a little more oversight of the process, and learning from it. I think the things i learned i think we came in feeling that the executive order was in the right spirit of what we were trying to do. We certainly like the concepts of the information sharing. We are very big on standards. It has been very good to see how the senate is looking at embracing that, and the executive order has embraced that. I think they really listened i think they really listened well to the organization