Partner at a Consulting Firm and helped start a private Security Company that did things like penetration testing, helping businesses, manufacturers defend their Digital Infrastructure from attackers. Host how has that benefited or affected your work in congress . Reallyrd it has been important. One of the values i bring his a unique background and experience on issues of National Security or Cyber Security, and having spent a good deal of my adult life chasing terrorism, dealing with al qaeda, looking at Iranian Nuclear proliferators, this has helped. I have direct experience in some of the most pressing National Security issues. Having been in the private sector and seeing what the private sector is doing in order to defend their Digital Infrastructure, some of our banks, their ability to protect themselves from attacks every day is important. That and bringee that experience as the chairman of an id subcommittee has been invaluable. Takes toand what it defend a digital network, the difficulty of it, but also the basic best practices of good digital hygiene. Theg able to recognize current state that many of our agencies are in, and what the future state should be, and having an idea of how to get there, i think, is very important. It is especially important, the oversight ruled that congress plays. The u. S. Government is spending approximately 80 billion a year in technology and Cyber Security all stop are we getting Cyber Security. Are we getting our moneys worth . Rep. Hurd no. Your viewerstuff would think is old and outdated. That is absolutely outrageous. This is an issue that i spend a lot of time on. I. T. Pair. I. T. Procurement that is not a sexy topic. The reality is, the way we can reduce the size and scope of the federal government is how we purchase goods and services. The way we make our government more efficient is to utilize the latest technologies, and we have to make sure that the folks defending our networks are using the latest techniques, the latest tools. The pushed Security Administration as a perfect example. This is an agency that has information on every american, and a lot of information on our seniors. We need to make sure that information is being protected. Is department of education another example. It has so much information on our students from all across the country, and that information can be used in order to make fraud, and can ultimately create longterm problems for our kids. Host joining her congress joining our conversation today, tim stark covers Cyber Security for politico. Good afternoon to you. That is intended to improve some of the problems you are talking about. Explain the importance of that law, in particular to how it would apply to security . And how do you think agencies are implementing it so far . Rep. Hurd so far . Rep. Hurd this law was ultimately designed to empower the cios within these various agencies. Is, theoretically the cio was supposed to be the one to have the responsibility to implement i. T. Projects, to direct and spend, but that was not happening. The law was designed in order to strengthen the cios role, and also to make sure they are doing things like agile development, that when you have these big, expensive projects, you are realizing victories and deliverables over a sixmonth period, rather than spending half 1 trillion over four years overlfatrillion dollars four years. The scores are based on new information that the agencies are providing to us themselves. This is their own information. They know exactly how the score is arranged. The reality is, out of 24 agencies, we had one agency get a b, one agency get a f, and everybody else was in between. This has focused the conversations on things Like Data Center consolidation. The federal government has almost 11,000 data centers. Facebook am a one of the world, facebook, one of the Biggest Companies in the world, has four. Four agencies have realized 2 billion worth of savings over the past two years by moving into the cloud. These scores were designed to shine a light on some of these problems on some key elements that if we get right, we can improve the efficiencys insecurity of the federal governments Digital Infrastructure. Farther, ciowe go is an acronym for chief information officer. Tim stark. You talked about, if i recall correctly, the last four shows a number of agencies moving up. Do you think they are moving up fast enough and showing the kind of progress you would like to see . Rep. Hurd i believe six agencies moved up. That was a good trend. I would like to see it faster. Realitiesy is, these in which the chief Information Officers are operating are pretty large, so i dont think we can do to improve security fast enough. There is no Silver Bullet when it comes to protecting Digital Infrastructure. The reality is, you have to begin with a prescription the presumption of a breach. You detect, can them, quarantine them, and can you kick them out of your network, and how fast . Been years ofs mismanagement, of not investing in current technology. This is an important reason that scores, to continue to shine a light on this, continue to put pressure on these agencies and make sure they are doing the right thing in order to protect our Digital Infrastructure, so that we dont have Something Like the opm hack, or 23 million records of folks who went through a security background was breached. We are not moving fast enough. We also need to make sure these agencies have the flexibility. If they have savings, but they are able to use that savings on other issues throughout the networks. Of, the president has his own proposal to deal with some of these issues. The i. T. Monetization proposal, money that he hopes by investing will eventually mean more billions of dollars in savings. That proposal does not seem to have any money in any of the spending bills in the house or senate. Im wondering if you think that is a good idea, and in particular, do you think it is something that might be happening before the president leaves office . The concept is a valuable concept. We need to make sure our agencies are monetizing. But heres the reality. You have to constantly stay ,ptodate on the latest trends tactics, techniques, and procedures in developing your network. The reality is, it is hard when you are already spending 80 billion a year on purchasing i. T. Business services. When 80 of that is on legacy systems, it is hard to justify another 3 billion. Why not use the 80 billion more successfully . When you do certain things to realized savings i talked earlier about how quattro agencies, moving into the cloud has saved 2 billion. Agencies, it four moving into the cloud has saved 2 billion. Imagine if agencies had funds to where they can do monetization in their network. The cios are planning their budgets, they have to be thinking about longterm and how they can move aged systems into the future. How can they get rid of old systems . We had a bipartisan and bicameral letter that was sent out to all the agencies that asked for hardware on Software Hardware and software that was no longer supported by vendors. The information we got back is staggering. There are programs that vendors are not providing support for back from 1993. So the government can continue to do the right upkeep to patch the software, to understand the vulnerabilities, i think that is unrealistic. Moving forward on monetization tant, but this should be a daytoday thing for our cios nrc isos cios and our cisos. Many argue they are proposing oversight mechanisms. Do you think those can help . Rep. Hurd if you get a cio the realizedty that they savings and are able to use that over multiple calendar years, i think that is a good tool. In reality, when you talk about some of those big projects with in the federal government, the problem of the federal government has is scale. Many of the products you are talking about projects you are talking about are huge. That takes a different mindset. To try to realized savings in one calendar year and use that in the same calendar year is hard to do. Cios have that the that capability, freedom, and flexibility is important. I think part of the plan is to within the federal government placed in the omb. I think that is a plausible step. Scottrrent one, tony , he has great experience in the private sector, knows what it is like to defend networks, and he has been able to leverage that experience in the government. Having someone like that who is focused specifically on security is a good idea. Ciso congressman heard, stands for . Rep. Hurd chief Information Security officer. Host you have heard the current one say that the Current Situation with Cyber Security is a bigger problem than y2k. Do you agree . Rep. Hurd absolutely. Heres the reality. The number of hackers coming after us are increasing, and the level of sophistication is increasing all stop as we move to a more interconnected world, that increases our surface area of attack. The full set have the capabilities to get into our system is large. Have thethat capabilities to get into our system is large. The reality is we can also be learning from our private sector colleagues, and information sharing is important. Cyberss passed the security act of 2015, a very important legislation that will make sure we have the tools in order to improve information sharing between the federal government and the private sector. You have informationsharing , usually within a particular industry, that try to share information along comes amongst themselves. But if we try to share information between the five it the private sector and the federal government, that is great. We know there are Russian Hackers in moscow that are making the next level of malware that will be used to penetrate our Digital Infrastructure and our banks. There Financial FinancialServices Industry might know where ther attacks may come from. Gete are able to information to the private sector in order to help them defend and get one leg up on the attackers, this is one way we can take our defensive game to the next level. Another one of the things the administration wants to do to respond to the changes you are talking about israel 41, which changes of the government will get warrants for its own hacking. There was protest recently about that. Congress has until december 1 to block it if it chooses. Where do you fall on the scale of that being a threat to privacy versus being necessary . Rep. Hurd heres the reality. We can protect our Digital Infrastructure and our Civil Liberties at the same time all stop Civil Liberties are not bourbons. A make our country great. At the same time. Ivil liberties are not burdens they make our country rate. Tocan still take the fight those trying to attack us. A lot of these attacks are ining from offshore countries that do not have rules for this kind of behavior. The hackers know that, the countries know that. There are tools we can be using, and we can also work with these countries to pass several security legislation, to make this kind of behavior illegal. That is another way we can press on this. Again, the devil is in the details, and we have to make sure we are protecting Civil Liberties while doing everything we can to take the fight to the bad guys. Rep. Hurd tecumseh degrees of security, does it comes to degrees of security, does the and i say and other do do the nsa and other departments need the same level of security . Rep. Hurd good question. The concept is called defense that. Depth. It is really hard and expensive to do. When you design the data that is flowing across your network, you have to think, what are the most important things that need to be protected, and make sure that you design your system to protect that and have the tools to protect that. The nsa has certain things that need to be protected to a certain level, congress may have some too, but we cant think of a onesizefitsall solution when it comes to Cyber Security. Thats why we have to make sure our cios are involved in the planning. What is the most important thing to protect, how can we protect that, and continue to allow the movement of information for people to do their job and provide services, but this is something we need to make sure the folks that are involved in ourect in protecting Digital Infrastructure understand. This is a philosophy that has been around in the private sector for some time, and we need to see more of that in the federal government. Tim are you finding the agencies eager or reluctant to upgrade their technology and Cyber Security . Rep. Hurd one of the frictions that you see is, many of the cios across the various agencies understand what they need to do. They are getting pushback and friction from some of the cfos, because they feel like they are authorityosing some and power. Thats not what this is about. This is about making sure the technical experts are involved in defending those networks. That is one aspect to this problem. I think the cios, it has been good to see how some of these agencies have been reaching out to the department of Homeland Security and the folks involved testlping to defend and some of the networks within the federal government. That partnership is new, it is growing, and it is working. Happy to see that those kind of relationships are happening. Ciothe reality is, if a thinks they can do this all by themselves, or have all the tools and dont need help from anyone else, they are wrong. Making sure that they are going out and asking for the help when they can. Tim i want to return to the two things you said. The role change, you said you are still studying at . Is that what i am picking up from you . Rep. Hurd yeah, this is accommodated issue, and we need to spend more time studying it. Tim understood. You also mention russia. They have been in the news lately. Congress and the administration have either introduced legislation or have had talks, or have issued sanctions, or have threatened sanctions against north korea, iran, china. Has the administration and or congress taken its i off the ball in russia, kind of having a targeted agenda with cracking down on cyber hacking . I think this administration has taken its eye off russia on many fronts. Nobody should be surprised that the russians were involved in hacking american systems in order to try to get a leg up on potential future negotiations. The reality is, though, what is a digital act of war, and what is the appropriate response . There is not a government answer or response to that. Different parts of the government have an idea of what that means, but the reality is, if north korea launches a missile into san francisco, we know how we think the u. S. Government will respond, and the North Koreans know how we will respond. That is a physicalonphysical attack. Digitalondigital attack . Maybe it is physical, maybe it is sanctions, but there is not clear understanding and agreement on what is an act of war and what is an appropriate response. Until we have those conversations and red lines, it is hard to have a conversation about any individual actor, because we have not agreed upon what is a redline. , there was a recent eyeort by the company fire saying cyber hacking has dropped things the administration has done. Is that your understanding, and if so, why do you think it is happening . Rep. Hurd that is my understanding of that report. The question is, that is a perspective of one entity on their networks, and they are a very well respected organization. I believe what they are saying, what the question is, have we seen the same level of potential dropoff in attacks on federal infrastructure, on military infrastructure, on National Security infrastructure . Thats the question i do not know. But the reality is, when you do hey,bution, when you say, we got hacked by these folks, that is a method of deterrence, too. I think in escalating some of these attacks and talking about her the chinese were involved, i think that is a deterrent in kind of decreasing what they think they can get away with. This is an ongoing conversation, and again, we cannot be lulled just because we have ada overbay handful ofta over a months that suggest attacks have come down. The reality is, we should not make any longterm assessments on that information until we have years worth of that data. Heard, ressman congressman hurd, you mentioned the office of personnel attack. What are the revocations the ramifications we have seen . Rep. Hurd the ramifications are that there are still assaults where we may or may not know that the information was stolen. It is hard to pinpoint whether some individual that experienced fraud, if that was because of their information getting stolen and that opm hack. It has in a year been a year since the American People have become aware of that hack, and there is still a lot more information that we need to understand in order to have a longerterm assessment. Is a lot ofecords records. Some of that information you dont have to take advantage of right away. It can be used three or four years from now. My fear is that a couple of years from now, we stopped talking about opm hacks, and thats when the bad guys who took the information start using that to conduct fraud and things of that nature. Congressman, you used the is not a very sexy issue. How do you get the attention of appropriators, leadership, etc. . Rep. Hurd even though it may not be sexy, people realize it is important. I represent 29 counties in texas. Urban areas and rural areas. Donee last months, i have more than 200 meeting grades. There is a question i have gotten that everyone of those. The question of a ride of National Security, and other question is on Cyber Security. Theyre nervous that keep reading about these highprofile attacks that have happened almost every week. How many people have had to get a new credit card because their information was stolen somewhere . This is something that impacts everyone. Ofhink some folks are afraid the difficulty of the topic in the technicalities involved, but people definitely recognize that this is a threat, and that this has only become an increasing threat as we move into a more interconnected digital age. We can talk about the internet of things, where all of our devices Start Talking to one another, driverless cars. As we put more stuff into the cloud and connect to one another, that increases potential areas that people can attack. We can continue to grow and Leverage Technology for good, but we have to think and began with security in mind and how we protect that information. Issue you have been pretty active on, congressman, is something called the wass our arrangement. Arrangement. Individuals have gone to vienna things that address might hurt Cyber Security companies. Have you an update on how those would bet, and what the final thing you would like to see happen to make that better . Rep. Hurd i think this whole has been a success. A multilateral agreement was negotiated, and the u. S. Government is trying to figure out how to implement it. They got feedback from the private sector, and the private sector said there will be longtermoblems and ramifications that were not taken into account when this was negotiated. The department its kudos for recognizing this. Congress has a role in providing oversight and having a conversation on that, and the state department decides to go back and renegotiate the entire multilateral agreement. They decided to take private sector experts to europe for the negotiations. Victory, and what i have heard about these negotiations over the last couple of days is that the Technical Expertise of the came fromctor, that the private sector, was doaluable in discussing, how we have a multilateral agreements that helps prevent bad guys from getting some of these tools, but does not hurt international businesses, local businesses from doing everything to protect themselves . I think this is a good example of when strong oversight from congress led to something that was a good outcome. And finally, congressman, what can we expect from your subcommittee in the coming months or year . Rep. Hurd one of the things you can expect is talking about, what is a digital act of war . We are also looking at, how do chief Information Officers within an agency to utilize some of the savings they realized in their network for other projects . These are two big areas that i think are very important two areas that i think are very important. We continue to play our oversight role and making sure our agencies are moving in the direction of security of. Security. One thing i am passionate about is making sure there is true cooperatively between the carbon of the department of defense and the v. A. Soldier, sailor, airman, marine, should not be told to leave the vod to print out their Health Records and physically carry over them to the v. A. It is 2016. We should be able to hit a button. If they can achieve true interoperability, they could be a standard for the world. That will leads to a lot of great things, everything from , whereesearch code work you can do testing on drugs faster, where you can get lifesaving drugs to the market quicker. Where you can, as an individual, see all the doctors visits you have ever had. That will help you be healthier and live longer. Really exciting things, and the federal government can actually lead in this area if we get our act together. Congressman will hurd from texas is a freshman and a Cyber Security. This is the communicators. [captions Copyright National cable satellite corp. 2016] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. Visit ncicap. Org] sunday, Hillary Clinton speaks at the mayors conference in indianapolis. We will have live coverage of her remarks beginning at 4 00 p. M. Eastern. Cspans conversation with democratic president ial candidate senator Bernie Sanders of vermont. P. M. An see that at 6 30 and 9 30 p. M. Eastern on cspan. You realize, this is something i would not only love to do, but something i think could be really different from the kinds of books that have been written about macarthur in whichst, and the way in to really rethink and reevaluate who this person was, what his significance was, what his were that made him one of the most adored and agitated figures adulated figures were that made in american history, but what were his flaws and things that made him a really ways unpleasant and hated. Arthurer sunday night, herman takes a look at the life and career of Douglas Macarthur in his book Douglas Macarthur american warrior. I think thats one of the things about macarthur that you can say. He saw the future more clearly than he saw the present. Ofther it was the rise china, the split between china and the soviet union, which he foresaw, but also perhaps the fate of american domestic politics. 8 00ncer sunday night at eastern on cspans q a. Announcer tom wheeler discussed the future of wireless communication at the National Press club on monday. He stressed the importance of u. S. Leadership in the development of 5g, the next standard of cellular networks. This is an hour