so that forces could be activated much more quickly. the american public has begun to expect overwhelming force delivered instantaneously. it takes time to get a ship from hampton roads to galveston. it takes time to activate air rescue teams. after a short amount of time, we were able to put forces in place very quickly. whether a national disaster or a complex catastrophe, the nation relies on dod support of dhs. fema is an agency with a huge check book but not capability. it is the expectation that we can reach across the river to the pentagon and find those forces in place. there are no other agencies in the government's who do this kind of planning. no one else takes a look at what these scenarios might be or allocate the resources that could respond to a disaster or learn lessons and tight ends up those plans. no other capability of the government exists to do that. dhs and its components and in dod. when the rubber hits the road, it really comes back to a few agencies that are capable of responding. it will have a chilling effect on the national preparedness to be able to respond to these disasters. will dod respond? i am sure they will them back what kind of time delays? i am quite concerned to see sequestration and other events that may hamper the operational capabilities we have come to expect. thank you. >> mr. secretary? >> thanks. i thank the heritage foundation for hosting this discussion and my colleagues for their service to the nation. thank you to the women and men to protect our nation's security. i want to talk to you about the understanding we have now of the problem set, what would constitute a complex catastrophe. i got a big wake-up call thanks to fema for an exercise. that exercise was built around a scenario of a 7.7 earthquake occurring along the mississippi river just as occurred in 1812. that scenario would have produced destruction on a scale that would different from hurricane katrina. first of all, on a quantitative scale, we would have had many more casualties. over a much wider geographic area that occurred from hurricane katrina. and a quantitative scale cannot much greater devastation. there is a second dimension that i believe it is more important. a qualitative difference between hurricane katrina and this exercise. the department of energy and other partners determined that a seismic event scale would produce a long term loss of power. a loss of electric power from weeks to months over a multi- state region. hurricane katrina, much less disruptive in that regard. try to imagine the cascading failure of critical infrastructure that would flow from a loss of electric power over several states for weeks to months. gas stations are not going to work. water is going to be in short supply. electricity brings that water so citizens can drink it and firefighters have pressurized water to put out wildfires that would be creating a confederation in the city of memphis due to burst pipes. we would have a situation that would be much more challenging than hurricane katrina. that is the problems that we are looking at. that me thank you for the strong analysis you provided, also looking at the lessons learned from the fukushima nuclear power plant to understand the additional difficulties for providing defense support to civil authorities. dod is always going to be in support of civil authorities in these types of activities. how can we be better positioned to do so? there are two activities that we have under way to strengthen that preparedness. the first i'd like to talk about is getting ready for the devastating effects of such an event before it occurs and building resilience against it especially in this round of failing critical infrastructure. in other scenarios, including a separate attack that took down the functioning of the electric power grid or a similar event that could create this large a failure in infrastructure, a responsibility is to ensure that we can still execute the core missions of the department that the president assigns to us. the electric grid is owned by the private sector. the challenge that we have is in sharing mission insurance in the department of defense. we have a new strategy to do so that takes into account the need to build resilience not only within dod facilities critical to executing our war fighting missions but also understanding that dod ultimately depends on all of the private sector critical infrastructure that allows the defense industrial base to function, that allows our work force to get to work, to serve the nation. we need to not only strengthen insurance inside facilities but look far beyond those the '70s and partner together with dhs, the department of energy, all of the lead federal agencies, and especially partner with industry to build resilience in the electric power grid and prepare against the cascading failure of critical infrastructure that would undermine the ability -- the responsibility that we have to execute our missions in a matter what. the second initiative that we have underway is -- it is not a question of if a catastrophe is going to strike but when. we need to continue to improve our business practices, our capacity to provide support to civil authorities when the call comes. it is a core responsibility of the department of defense, to provide support when we get the request. that is a commitment that we take very seriously. secretary leon panetta recently approved a new initiative that is going to enable us to bring all dod capabilities to bear in support of civil authorities from all components of the total force said that we can be faster and more effective in meeting the life-saving and life sustaining requirements that we are going to get from fema or whatever agency is giving us those requirements. in the past, we have not been able to utilize the title 10 preserves even though they have terrific and abilities. we have not done enough to imagine how the skills of our into a tree personnel might be able to apply in extremes at a time when american lives are at stake. we have a broad range of initiatives that will be led now to figure out how to take advantage of the total force to save lives when a complex catastrophe strikes. we are looking to all of you for assistance in this effort. we are reaching out to all of our partners. again, to be able to partner together under fema's leadership with industry, faith-based organizations, with everybody that is going to be able to partner together to save lives -- let's figure out how to improve that today so when the inevitable happens, we will be better prepared. thank you. >> thank you. >> i think a really legitimate question is why are we talking about this? i don't know anybody else in washington or anywhere in the country that is discussing this. we could not think of a clever way to tie it into the olympics. if you were paying attention to the news, there has been an lot of news this summer that would say this is something that we ought to be talking about. one example is we had this situation where 600,000 people in india lost power. a large swath of that population was not dependent on electricity. the headline in india -- 600 million people inconvenienced. if we had an electrical outage in the united states, it would be a complete catastrophe because we are completely dependent on the electrical power. when you think about large complex catastrophes, heavily dependent technologically dependent societies with these interlocking systems would be much more fragile and much more at risk in a large scale catastrophes than society's that are more basic. ironically, that is not what the evidence shows. the studies i have looked at stay technologically sophisticated or what we call developed countries are actually more resilience. why is that? it is because they are developed and have these enormous capacities. they do rebound much more quickly. that was validated by the reports we looked at of the response to the disaster in japan. if you scale that to something equivalent in the united states, it would be something much more bigger than hurricane katrina. japan is actually pretty resilient. when you have a large scale failure in a highly developed society, it really is your fault. because the capacity is there to recover. what we saw in hurricane katrina and in many ways in the shortfalls of the japanese response, it is the failure to use the capacity you have in an effective manner that makes a difference. that is with this subject becomes so vitally important because military capacity that you can bring into a large contingency makes that difference in terms of efficiency and speed of recovery. in a sense, to get back in the game pastor, the military is one of the few things that you could throw at society that actually allows you to ratchet uback up more quickly. why is that? in many respects, maybe some technical capabilities -- there is nothing that you could have in a civilian capacity that would not bring the same thing to the table. when you look at -- one of the worst things you can do in a disaster to help survivors is to send people in to help survivors. those people are competitors for food and water and buildings and everything else. so, if you are here to help, you actually have to be able to help. whether you are a faith-based organization, fema, or the coast guard -- one of the key things to help is accountability. it is a big deal. the second one is sustainability. when you send someone in to help, you do not want to be taking food away from the survivors to be the responders. as we saw in hurricane katrina, we cannot put any of the survivors in hotel rooms because the responders are here to help the survivors. these are things that we struggle with when we look at volunteer respond because normally -- one of the great things about a military blunder is those are three questions that you can pretty much forget about. they are going to have accountability and sustain themselves. it is a package of resources in terms of capacity and technical skill that you can throw at a large scale problem pretty dependent mly. it is not as if the military is going to walk in and take over, but in terms of helping a modern society jump-start to where it was, this is one of the most important aspects you can bring to the table. that is why i think it is an important discussion to have when you talk about preparedness and resiliency. there was a report done for us by paul's predecessors. [laughter] we asked paul to go through and i think he did a great assessment of evaluating where we are today and raises some concerns which i think are valid. he has some recommendations which i think are important. where we go in the future is really going to be dependent upon whicwhat the defense department's budget is. one of the lessons from vietnam is it regardless of what you think about what we should have done in iraq or afghanistan, they probably wish we would have done the counter insurgency mission better at the beginning. in a large part, that did not have been. we just said we are now going to do that again. we purged the experience, the capability, and the training. part of the reason we did that was not just because of the stain of vietnam. it was because we were going into a hollow force period. anything that was not about fighting pretty much fell off the table. the reality was the u.s. military is always going to serve its nation in many different capacities. you always wind up being a swiss army knife. the reality is, you are going to do these other missions whether you want to or not. if you are not prepared, you are going to do them poorly. we experienced that in iraq and afghanistan having lost a generation of experience on counter insurgency operations. we are facing a time going for that could be very difficult. this is not just talking about the sequestration. $55 billion a year. it is cut across pretty much all the programs. everything would get a decrement somewhat. i think that is a problem because what is going to fall off the table? it was very, very difficult. steve and paul can talk about this. the many missions that we have for the defense department today to get them to remember this is a core mission as well. even though it is stated in the strategy and the reports, when it comes to the end of the day if there are not enough resources to go around, some think is going to get cut. if history is any exemplar, this mission is going to get cut them back we're not going to have the robustness that we need to do that. how big of a deal is that? before we got to the current unpleasantness, i used to ask people what they thought about the third infantry division. if you think about the third infantry division, between the 1930's and the 1990's, we used them about three times. we use them for a year or so in korea. part of it for a day and a half in the iraq war. we have this division sitting around for almost a century and we only use them about three years. that is not a very good investment, right? when the nation really need them, they need to respond and get it right the first time. we can have catastrophic defense forces. we may not use them a lot, but i am telling you when we have a complex catastrophe in this country, we are going to want tthem to get it right the first time. i think that is the strategic challenge that this country and whoever the next administratino ons is is going to face in the years ahead. the answer is we need a robust defense that can meet all its missions. if we carry pick missions, we know how that one is going to end up. >> we are now going to do the q & a. i am going to exercise my prerogative and ask the first question. it is no fair answering yes or no. the question is, is the nation today ready for the next big catastrophe? not just dod, by the nation. -- but the nation. is dhs ready to face that next catastrophe with potentially diminished dod help? who would like to go first? >> i would have to say that after hurricane katrina, they are always asked if you already. i think the answer is always yes. once you give the answer is yes, you think, what did i just say? the total consequences are enormous. at this point in terms planning and coordination and relationships between dhs and the department of defense, secretary stockton and others in terms of the capabilities and the national guard, i think the forces there to make a response within is judged adequately and timely, the scenarios are much broader than they were a few years ago. states have been heavily impacted by their budget and they are looking more to the federal level. i am concerned about a hollow force and a hollow capability to be able to say yes and mean it in terms of a large complex catastrophe. >> my answer is yes, we are ready today. but i think a lot of the credit for that goes outside of the pentagon. the administrator at fema, the governors of the nation who have led the charge to make sure we have unity of effort between federal and state military forces, that is so important. it is hard to exaggerate the degree to which that will make like saving efforts effective. -- life-saving efforts effective. within my organization and the pentagon, we are very mindful of further opportunities in progress. we are going to press forward very aggressively. >> i would say we are not as ready as we should be 10 years after 9/11. i would have hoped that in terms of integrated planning at the local, state, and federal level , that we would be further down the road. we did not get as far as i think we hoped we would have gone. you always show up with what you have. it is a crime when you can not be as efficient. i think we lost a lot of that momentum. the state became -- we did not think about this at the front end. there would be periods when states would be flush and times when they're not. we didn't plan for a kind of system that would be sustainable during times when we were throwing a lot of money at the problem and during times when we are not throwing a lot of money at the problem. we should be a lot further on than we should be. a good example is integrating the reserves into the response and the debate back and forth between governors. it is hard to believe it took us that long. i think shame on us for not being further down the road. my concern is not so much the answer today, but the answer a couple years from now. what if we continue to not make the progress that we need to make in terms of responses and we are in a time with diminished dod resources? >> ok. let's start with the gentlemen back their. please identify yourself and ask your question. >> thank you for putting this panel to get their. assistant secretary, a separate attack has demonstrated the same consequences you outlined. but there is a more defined beginning and end. we can see it and feel it. what kinds of involvement does dod have with more cyber focus? how does dod assess the cyber threat? >> in the exercise, the department of defense played an important role in support of the department of homeland security which is the federal lead for ensuring businesses get the support they need for protection of critical infrastructure against attacks. it is an important support all that we play. we are going to welcome an opportunity to continue to extend that support to the future. let me thank the entire emergency management community for everything that emergency managers are doing to help answer that question that steve first gave us, to be better prepared. i am looking forward to the convention in seattle. when you talk about who deserves praise for strengthening our preparedness, the national guard is at the top of the list. >> than kyou. obviously, catastrophes are not going to stop at national quarters. we have two partners, one in canada and one in mexico. where are we in disaster, catastrophe planning, relationships with mexico and canada? >> i am going to ask for help in answering this question because you made an important point about we have one grid between canada and the united states. the power system is deeply integrated. we need to build resilience more than just within the united states. the north america reliability corp. includes canada and the united states as well as a small portion of mexico as well. we need to be prepared for collaborative efforts with mexico and with canada. so nice to see you. and the very recent joint board of defense between the united states and canada, the president and ceo of the north american energy reliability corp., the umbrella corporation -- he was the keynote speaker for taking this on. not only between our two defense establishments, public safety canada and the department of common security and energy as participants. industry partnerships, voluntary collaboration with industry would be vital in this regard. >> i think it is an important point. you cannot really talk about their resiliency of the electrical grid unless you're having a u.s.-canadian discussion. that is one area where it is not even worth having a conversation talking about the u.s. electric grid. cyber is another. it is cross-global. having a discussion about that does not make a whole lot of sense. when you talk about public health issues like an epidemic, a u.s.-canada-mexico discussion -- those are things that we ought to think about in terms of response and building resiliency. the other issue that we brought up is a i think an important issue that we did not see is the u.s. capacity to accept foreign assistance which is something that we really do not think about because we are always helping others and not taking assistant. we saw this in japan. there are cultural issues, logistical issues. again, in these modern complex societies with this enormous capacity, you can bounce back much more quickly and the bounceback is based on the efficiency of your ability to put resources to solve the problem very quickly. foreign assistance in a large complex catastrophe could be about quantity. if you do not have a system in place before the catastrophe, it is very, very difficult. this is something that -- we actually were very -- i always thought highly of the japanese response system. there were some glaring shortfalls, particularly their ability to receive aide. we probably have not come as far as we should have in accepting foreign aid on large-scale issues. do we do -- have we ever done a major exercise where people come here? >> that was an important component of the exercise where we will able to exercise that. let me pour on a little gasoline on the fire. we discovered back then in terms of credentials and insuring people who conduct urban search and rescue from abroad in a way that we can understand, we identified important opportunities for progress and we are continuing to work tha tnow. this is an area that we need to be better than we are. there is an opportunity across the western hemisphere now to ensure the next time the united states, haiti, or some other nation needs substantial assistance from abroad, we have built that system and advance to be able to provide for the flow more expeditiously. we will be pushing for that in the conference in october -- at the conference in october. >> i wanted to echoed those comments. rather than fema go alone in terms of focusing on natural disasters, we've linked up with north, and found our issues are interlinked with their issues. fema si linked very tightly with northcom. we are awfully proud of our deployable resources that have gone around the world. those teams in japan are pretty sharp. noe of the key elements in planning in terms of fives states for the length of time that would be debilitated by a the serious earthquake, part of the time is bringing in other teams from other countries. >> thanks, ray. >> my question is primarily directed to secretary stockton. it is a variation of dr. bucci's question. all we prepared for an emp attack either from than adversary or from the sun, and what is dod doing to prepare for this type of attack? >> a signature of an emp is different than what we would receive from a large scale solar event. the recurrence of an event could have devastating effects. although engineers sometimes disagree about the degree to which those effects would be long lasting. we need to be prepared for these kinds of destructive effects on the electric power grid. it is another opportunity where from a dod perspective, my responsibility is to ensure my department can execute the missions that the president of signs to it. the risk from an emp or a solar event, there could be destruction to not only a electric systems but the broader critical infrastructure on which we ultimately depend. it is a big challenge and a challenge with the lead federal agencies are going to need to continue to assist us and out -- to industry. again, absolutely vital in this regard. industry realize this is a challenge. we are working together with new collaborative mechanisms to build a shared approach to this event so we can assist industry in developing a design basis for the grid of the future that not only takes into account threat factors but new factors including cyber threats, and a better understanding now of solar events and emp. >> explain to folks who might not be familiar with these kinds of phenomenons. it is a pulse of the electronic radiation. if you detonate a nuclear weapon high in the atmosphere, the energy would propagate out. anything from cell phone towers to satellites to the electrical grid. depending upon the location of the weapon and the altitude and its size, the range of destruction in terms of knocking out infrastructure and that kind of thing. replacing parts of the electric grid could take months or years. the solar event is the natural analogy of that. we continue to have solar flares. carrington was the astronomer who spotted the one in the mid 19th century. we have not had one of those since the world really has been electrified. we are concerned about that. there is some work at the national science foundation which put out a report and a congressional commission on the effects of electromagnetic pulse on u.s. infrastructure. if folks are not familiar with those things, they can get more information on that. >> other questions. right here. >> i am not sure if i need this or not. i will use this. for secretary stockton, thank you all for your service and coming over and participating. with regard to the military's response, support for a single event, what are you most afraid of in the military's ability to respond? and do it in ineffective -- do it in an effective way, not so much in terms of loss of life, but what kind of event most scares' you? what kind of event would make the hair on the back of your neck stand up? >> that is an easy one. it is precisely the complex catastrophe scenario that i described from any hazard. the risk of cascading failure of critical infrastructure in a way that we might not even understand fully until the event occurs. that is what keeps me up at night. the opportunity to strengthen preparedness against an event that has large scale, a very long term loss of electric power. we are working very hard with our partners to ensure that there is sufficient fuel for backup generators to sustain critical operations. if you look around the nation, many operation centers and other critical facilities -- they have 48 hours or more fuel stored on site. a large-scale outage for weeks or months, that is at issue. i think we need to know more about single points of failure. where we have redundancy and systems that breaks down because we have single points of failure. there is a lot of work still to be done here. we are ready today to do a good job. if it keeps me up at night, the gap between where we are today and where i would like to be if we can sustain progress under these new issues. >> i think the nation's psyche is ready for a natural disaster. we had 211 different missions at dod in the last decade. they have been every three or four years. i think some event could be coming up on that kind of a cycle. to think about spaces in our country that would not be usable again and then we made a lot of progress in areas for preparedness of natural disasters. i think we would be woefully inadequate to respond to something like that. >> i agree that you have to focus on large-scale, catastrophic things that could stop the heartbeat of america. parts of the nation could handle anything. just a couple of thoughts. there is the time factor. if you are critically injured, they say you have about an hour to get to somebody. then someone vulnerable in the 72-hour window. if they can live past 72 hours, unless we are talking about weeks or months, not a big deal. saving a lot of lives early on, you have a very tight window. that is one thing to think about. the second thing is -- and a lot of times, people really do not need help. they can take care of themselves. they just need to feel that it is going to be ok. if people feel there is a structure there -- government is going to be back and electricity is going to be turned on again, stress levels are much lower and the fear factor is lower than that in many ways, people go and take care of things. people just have to believe that eventually people are going to take care of things. nobody in the coliseum was dying during hurricane katrina. it was the perception that no one was in control of things and it was falling apart. military intervention was less about bringing capacity and logistics'. that is one of the reasons -- you have that time line issue. the legitimacy issue is very important. we do not want the military to take over. the military is not the answer because they do not have capacity to do everything. it still would not be enough military assets. having said that, if you can use your military assets under a legitimate political system in which officials are doing their appropriate jobs, that adds a sense of calm and restorative power that is very important. they did this whole thing on -- they asked people their perceptions about what does a big disaster look like. they describe what they see in the movies. a bunch of military guys showing up in gas maks. the reality is, that is not with the military does it during large-scale disasters or what people see during large-scale disasters. they are happy that they are there and they bring normalcy to the environment. that is really, really important. it is the legitimacy of the response in addition to the tiem thing. when you scale those problems to the large, complex catastrophes that we talked about, that is a big challenge, a huge challenge and is going to be very difficult for dod to get a ride unless there are resources to do that. we talked about the use of the armed forces and the dod. there is an armed force in the department of common security and that is the coast guard. their assets and capability are in many ways more vital and important. we are going to decrease the number of national security cutteres that the coast guard has. what does that have to do with homeland security? among the many missions that they can perform, that may be one of the most important assets that you have in this environment. when you are in a c bearing environment, you may not be able to base an operation on land. these are very, very critical platforms. that deeply worries may, emblematic of a larger scale of you have to have the capacity there and it has to be ready to go. otherwise, it is going to look like this new tv show, "revolution." they are remaking "red dawn." >> the gentle man in the back with the white jacket. >> would each of you be willing to share more about your experience partnering with the faith-based community? does anyone have any commentary about baptist-led assistance? >> we have done a lot of work looking at faith-based response. it is very, very important. if you actually look at the result from katrina for example and you look at the surveys of people who got assistance, the highest rated assistance they got was from take-based organizations in part because they are people they know and are close to the community. the other critical role of these organizations is faith-based leaders are very good at collaborative decision making and collaborative things. one of the real problems you face in a large-scale disaster -- we saw that for example in the oil spill, hurricane katrina -- want to get to the immediate issues of whether we are all going to die or not, what is our community going to look like when we come back from this? that is a very stressful and hard thing to work through. kansas is a good example with the entire town is wiped off the face of the earth from a tornado. it is about the community deciding where we are going to go from here. faith-based leaders have an important role to play because as collaborative leaders who have a high degree of trust, they are very well placed to help people bring the stakeholders together to decide where we go from here. >> i think it is an excellent question. we focus so much on what the response is to an event, and when the response is over, it is like falling off a cliff. that gets an awful lot less attention. what lasts longer? in a natural disaster, a short amount of time focusing on the response and a shorter amount of time focused on the recovery. fema is there for the duration. their consistency, empathy, the resources that they bring to bear -- it get down to the individual americans who need the assistance and have been overwhelmed by many different aspects of a disaster. whether it is the baptist kitchens which are phenomenal, catholic charities, the range of faith-based organizations are just phenomenally unimportant. the value they bring every day is just immense. >> i totally concur. i actually had to convene a meeting between dhs, fema, and dod's disaster response folks with some of faith-based organizations. it was interesting because there were a couple guys in the room on the government side who thought these folks will show up for a hurricane, but if a nuclear weapon goes off, they are not going to show up. we explained to them yes they will. they will show up. it is really incumbent on the different parts of the government to harness that. you do not want them showing up for the first time when the event occurs. there has to be pre-crisis coordination with those organizations. that is occurring now because we all have learned the importance of that sector of the response community. >> other questions? this gentleman right here and then the one in the back row. >> what impact if any does the revision of the national response framework and the addition of the mitigation prevention framework protection from mark all under president to policy directive eight have on dod's role on homeland defense? >> that is a great question. it is enormously helpful to us that the administration has led the integration of all of these lines of efforts including recovery that we knew were important, that we knew where dod could make important contributions but we lack an over arching from work that the white house needed to lead in order to provide for defense support to civil authorities. we benefited from the opportunity to participate in the development of these new policies. it is great when you are in support to be given the framework in which you are going to be able to operate and serve. that is what we have today. it is enormously helpful. >> does the government have computer modeling systems similar to what the teams of the national football league have when they are preparing to play on sundays? they have a computer system that can go back and analyze every play from their opponents in every situation. that helps them prepare a game plan. does our government have computer modeling that takes datapoint from past disasters whether they be earthquakes, 9/11, hurricanes, and then matches up those data points to a preparatory game plan? >> well, we have automated many of our decision making processes. we have a management system that is absolutely terrific now which we rely on when, not if, whenm catastrophe strikes. although there are some predictable hazard to out there, we also need to make sure we have enormous flexibility. so when we are taken by surprise, we have the ability to have to bear this that can be brought to bear no matter what. that is automated, a pre- scripted approach, can only get you so far. like for the vikings who marched toward their undefeated preseason -- [laughter] we need to be prepared for strategic surprise. >> hope is not a plan. [laughter] >> there are two things that come to mind. first is logistics'. the approach used to be how much stuff can you send somewhere. it did not matter how much you thought you might n we found whether it is water or ice, we would be competing with other providers. how can we all go to the same sources to bring the same thing? i think the logistic system in fema right now is just phenomenal and how they can coordinate, plan, and pre- positioned to work they do. just phenomenal and how they take the approach. one thing that is building on what we are doing is reaching out to the private sector. how can we both work together to hasten the pace of response? the second thing is the modeling that we went through with transcom. when you think about evacuate and the city of new orleans, it did not happen in a week. we had buses and trains and airplanes. how many people have no vehicles and would need assistance? i think we did a good job modeling that out. i think our estimate initially was 45,000 people needing assistance. the modelling of aircraft and where they can go to and how they can get back in time to pick up another load of people, how far a train can go before it can return to pick up a group of people -- all that was done by doing modeling. to the extent that we can forecast those specified event, we do pretty well. to the extent that we can forecast out the size of a disaster or what the flood map program would be in fema, different heights of elevation of search, all of those models are in advance. there is an awful lot of work done going into planning for these natural disasters. we look for suburbia events and at the time frames talked about. all of that has been planned out in advance. there is more simulation to make us better prepared as a nation. >> the closest partnership with the department of homeland security -- we have been working together with fema and fema anticipate order to participat the kind of challenges. there are natural hazards where we are just waiting pour them to happen. the sania fault, francisco bay area -- we have predictable events that we need to be anticipating and planning together with fema and dhs. and coast guard where sea suppoo be absolutely vital as you pointed out. there is another opportunity that we are working very hard, and that is to look at population centers and imagine, regardless of what the source of the catastrophe is, we can begin to plan more effectively for the kinds of large scale resources that are going to be required based on population size and the threat they are going to face. fast. let's go fast, go big, and go smart. that is the mantra. we are working closely with secretary napolitano and the state and local team to make that happen. they are tight with their communities, public safety and localities. that is the way we're going to make progress and why i am so grateful to general jacoby for leading the charge. >> this gentleman here, and then one. >> i was wondering what sort of challenges exist in sharing information between the federal, state, local and international level, and how can industry continued to assist in these sharing efforts? >> right off the bat, i would say that when i hear a question like that -- not that i am supposing the reason you asked a question -- a lot of people assume that information sharing is just bad, and how can we take something bad and make it better. from my experience at fema, the sharing of information's is almost always on the leading edge. talking about modeling, a strong surge, and the access of jeer- information to assess damage. california wild fires, we flew in military aircraft. looking into the fire, simulating maps down to real time. in that moment, not like tomorrow, but like right now. there is -- fema has just expanded that, with technology, with the rapid availability of information. and all of that is shared at a joint field office. the governor is right there. they are co located with the state coordinating office. the information is better than most people can expect. there is a readiness, almost a desire, to bring it to bear in a disaster. i think we have made leaps and bounds in the last couple of years in declassifying it and making it available to whoever needs it. >> i will just take in that when the present director of national intelligence declassified open source data, they send this big high-speed trailer to a disaster site. they show up, find the incident commander and say we are working for you now, what do you need? faced are downloading more stuff than anybody can consume -- they start downloading more stuff than anybody can consume. >> the administrator of the man and his staff have total access to what is classified or unclassified -- of fema and his staff have total access to what is classified and unclassified that might make a difference. >> last question. >> this is directed to the secretary. you touched on the national guard and the army reserve capabilities. is there any traction on the idea to merv the -- to merge the two components? >> my personal view is that there is no need for such a merger. what we need to do is strengthen the procedures we have to provide for the mobilization of the title x reserves for a no notice natural hazard. thanks to the leadership of the governors, the 2012 national defense authorization act finally has given us an opportunity to access the terrific capabilities of the title x reserves for natural disasters, and now we are peddled to the metal in the department of defense to ensure that when the real hurricane season begins, we will be able to access those title x reserves in the communities where they can serve so effectively. those are the kind of challenges we are working on very quickly now to meet. the bigger questions might be something to look at in the future, but today, we can provide greater capability through other approaches. >> can you also talk about the dual padding? quite sure, be a pleasure to. >> is like in your straight man. >> again, a lot of people, including those at this table, have been helping for a long time to make this possible. one of the lessons learned, as harvey can emphasize, from katrina, is that there was not adequate coordination from state military forces, the state national guards, and the federal military forces that came in at the request of the governors through fema. we need to do a better job of making sure those forces can operate seamlessly, but still recognize that under the constitution, the governors are the commanders in chief of this date military forces, while at the same time, the president -- of the state's military forces, while at the same time, the president is the commander-in- chief of the federal military forces. how can we get things done while maintaining that chain of command? the suggestion is to have a general officer, almost always a national guard officer, who will simultaneously serve in both duty statuses, federal and state. where two hats. where a state half, reporting of the chain of command to the governor, and simultaneously, where a federal hat -- wear a federal hat, reporting to the president in his role as commander in chief. the coronation was noticeably absent in the event of katrina and was so beneficial last year in hurricane irene. >> can i just throw in a plug because our legal analysts has done a lot of work on this? the constitution authorizes the state to have militias. everyone understands the component of the state national guard as the militia of the state. fewer than 30 states also have additional state defense forces that organize under the state, are equipped by the state and follow whatever the constitution and the laws of the state required. these forces are assets which i think are also very important. on our website, there is a survey of the capabilities. some of them are very extraordinary. texas is a good example. california is a good example. they provide not just a backstop to the state guard, the day provide additional capabilities and are an important piece of the equation that deserves more attention. >> in the corner, mark. >> homeland security business defense council. i cannot think heritage enough for putting this on. it is an absolutely essential discussion. i want to get your thoughts on the nature of a think tank and the kinds of issues that you jim, and steve are kind of going over in terms of the things we have to be aware of, the priorities we have to set, and the obstacles, the human component, the technology component that to a certain extent are represented in the public sector and the private sector. the deacon fxion is how do we pay for it? -- the deep conviction is how do we pay for it? how do we get our budget in line both at a time of tightening at the state level, the private sector and the federal level to make sure our priorities day in focus? do we just go toward catching what we can and reacting, or is there any room for pro action in the nature of the budget situation? >> that sounds like a political question. >> the answer is easy. congress should enact the president's budget request. cracks in my current role -- >> in my current role, i am in the private sector and will not talk that much about the federal budget. i do appreciate the comments about the coast guard. i know you all know this by heart, from as dead sure to arctic zone, to europe and far east -- from aztec shore to our deep zone, to europe and far east -- come on, join me. the coast guard has chips that are the oldest ships in the world in terms of the navy. when i graduated from the coast guard in 1975, some of them were old then. the budget of the coast guard is in peril, and i think about that every day, what can be done to help the coast guard. i think that is magnified in other respects. as you take note of these issues, i hope you will keep the coast guard in mind. >> that is the arm i worry about the most in terms of modernization and future capacity. this goes back to my comments before about very wealthy nations being much more capable of dealing with large-scale disasters. we are a rich, powerful nation. our problems are with policies that we put in place. not to put a plug in for heritage, but in competition with several other think tanks we did a long-range budget plan called saving the american dream. it does not raise taxes. it balances the budget in 10 years. it cuts into the deficit. if fully funds the fence and homeland security for decades. it is not -- defense and homeland security for decades. it is not an academic exercise. illustrated by cdo and other agencies. cbo id it was greeted by a s and other agencies. the kind of problems on the scale we are talking about, regardless of how many hours a day paul works or the wisdom, if you do not restores the missions adequately, as they are not going to get done. we are only going to be able to resources emissions adequately if issues larger than the one we are discussing, if those issues do not get addressed, then we, no matter how smart we are and how hard paul works, at the end of the day, the nation is going to come up short. >> all right, gentlemen, i am going to give you one minute each to make any concluding remarks you want to make and then we're going to -- >> i yield the balance of my time to the secretary. >> i will make it short and sweet. thank you to the heritage foundation for your sustained focus on these important issues and for the opportunity to share perspectives looking forward. >> i appreciate the forum. i think this is a vitally important issue and i'm glad you're here and others are here to give focus to it. >> ladies and gentlemen, i think you have seen a lot of candor, a lot of openness, and a lot of really important thought that has gone into the remarks you have heard this morning. paul is the one still sitting in the seat with the tough job. we all lived him and his people of because i have to tell you, i worked in that shop and it is not a lot of politics. it is about helping america in the most basic way possible and helping our neighbors as well. i would like to ask you to join me in thanking the panel for their remarks. [applause] tomorrow at 11:00 in the same room, we will be having another panel with the former assistant secretary of defense for homeland defense and security affairs, paul mchale, and a former deputy commander of north, and former director of the national guard bureau, who will be discussing the price every state must pay, the effect of sequestration on the national guard which, as we mentioned, national guard is a critical piece of homeland security and homeland defense. we hope you can join us tomorrow. thank you. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2012] >> paul ryan told seniors at a florida retirement village today they have nothing to fear if the republican ticket wins the white house. he was campaigning with his 78- year-old mother and he told the audience the republicans have the best chance of keeping medicare and social security solvent. president obama was in new hampshire today. he talked about his economic plan and compared it to the plan put forth by paul ryan. that is tonight at 9:45 p.m. eastern. republicans meet monday to begin choosing the party's priorities for the next four years. we will have live coverage beginning at 1:30 p.m. eastern through 6:00 eastern and again tuesday beginning at 8:00 eastern. you can also find the events at c-span.org. >> which is more important? or honor? it is not as was said by the victors four years ago, it is the economy, stupid. is whether we have the honor to deal with economic questions. all things do not flow from wells or poverty. i know this first hand and so do you. all things flow from doing what is right. >> look at what has happened. we have the lowest combined rates of unemployment, inflation and home mortgages in 28 years. looking at what happened. 10 million new jobs, over half of them highway -- high wage jobs. workers getting the raise they deserve through the minimum wage law. >> c-span has aired every minute of every party convention since 1984. we are in the countdown to this year's conventions. you can watch every minute of the republican and democratic national conventions live on c- span, c-span radio, and streamed online at c-span.org, starting monday, august 27th. >> i was in a training program after i got out of the army. >> this sunday on q&a, "washington post" columnist walter talks about his various jobs as a journalist, his views of extravagant spending overseas, and his criticism of the defense department's budget priorities. >> it is about 40 people with separate rooms for everybody. if you spent four million dollars on an elementary school, i bet somebody would raise a question. >> more with walter pincus sunday night at 8 on c-span skew and a. >> on tuesday, the armed forces communications and electronics association hosted a discussion with keith alexander, the commander of cyber command. he says the government and industry need to work together to share information on a malicious software and fiber operations. from the baltimore convention center, this is about 45 minutes. >> please welcome to the stage, lieutenant general retired [no audio[inaudible] >> ladies and gentlemen, we know it is a joint conference. the rate for the marine corps. as we take a look get where we are today, we started off with a senator, senator mikulski from the great state of maryland. she gave a very powerful welcome to those of you who are here. for those who missed it, you missed an opportunity to hear someone who is very, very interested in the subject of this conference as well as taking care of men and women in uniform and those who support them, military civilians. we had colonel chris howard and a commander. general hernandez is with the chief of staff of the army and will return to be luncheon speaker on thursday. the panel you just heard under the tutelage and moderatorship of admiral dave simpson, a great job, a great panel. we are focusing not just on the department of defense, not just dhs, but bringing commercial partners into this. this is everybody's fight, if you will, and an opportunity to share what the companies who are represented here today and represent some of the over two hundred 20 companies that are exhibiting here and others with other degrees of sponsorship. with that, what i want to do of this moment is introduce our keynote afternoon speaker. general alexander's intent was pretty clear to me. we go back a few years together. he said keep it short. let me put it this way. the penultimate intelligence officer, served in combat, served in europe, has had staff assignments and a, by the way, in his spare time, four master's degrees, having graduated from west point. with that, please give a warm welcome to general on standard. -- general alexander. >> thank you for that short, sweet -- i just found out i was in artillery. just kidding. dan, bob, colonel smith, i cannot believe steve that they let you in here still. it is an honor and privilege to be heard to talk about a topic that i think everybody in this room knows more about than i do. so i'm going to talk about quantum physics. even the playing field a little bit. entanglement. superposition. i think that will be a topic 10 years from now. and between, we have to get there. when you talk about quantum computing and stuff like that, look at what is going on in our world today. when the lockout -- how many here have a kinect? how many have an iphone, ipad, mobile devices? look at this. i am a fairly young guys. i have 14 grandchildren. i am trying to help populate the country ourselves. the average age of these kids seems to be two or three, and every one of them can operate a ds, and iphone, and ipad. they know how to skype. you saw the new car by google that drives itself. you sit in the backseat. nobody to yell at. i wonder what my wife will do. ok, she is not in the audience is she? whew. that was close. do not record that part. cut that part. i have a hyundai car that has marred cruise control on it. you put it on 72, go down the highway, i get behind a car going 55. in the old days, you just hit them. now, they slow down, you slow down. they speak up, use the death. it is amazing. look at all the opportunities we have -- they speed up, you speed up. it is amazing. look at all the opportunities we have. our country leads the way in this area. it is tremendous opportunities for the military, for industry, for academic and, for our kids. absolutely superb. we have led the way in building all this stuff. as you look out, look at all the problems we have. there are some figures out there. i am going to give you some figures and tell you where they come from. is like the scores at the baseball game last night, 2-4, there is a close one. three-four. i'm just kidding. i'm not going to do that. can you stay up with me, here? too slow. mcafee talks about the global impact of cyberspace operations on industry, cleanup and all of that is about one trillion dollars a year. bite net sense about 85 million -- sends about 85 million spam e-mails a day. when you talk about the number of cyber attacks, they rose on mobile systems some 44% last year. dhs reports the number of attacks on our critical infrastructure has risen from nine in 2009 to 198 in 2011. when you talk to companies like google, verizon, at&t, they are tracking the mobile issues. mobile, now where? you look at the mobile device, you have two computers in there. when it helps you communicate, and one that runs your apps. two sets of vulnerability. the problem is, the software that connects those two is not normally secure. we were to put out a secure form of android operating system, an essay did, and now we are looking at, how do you -- nsa did, and now we're looking at, what are the things we can and should be working on? in the meantime, cyber attacks on google and android have grown more than 500%. why do you think this is? if you go back and look at all the things going on in our area, the good things, the bad thing is the attacks of people coming at us are growing exponentially. all the adversary has to do is find a way in, and finding those ways in are getting easier, not harder. so we have got to work together to look at how we can close those gaps. that is one of the things i want to talk about today. the first thing i am going to do is ask a question. how many of you have heard of backtrack? pretty good, pretty good. backtrack is something you can get on the network. it is a downloadable system for penetration testing, hacking. many of the folks i work with say kevin, you guys all get hit coming get up on backtrack. why do i want people to get up on backtrack? let me tell you from my perspective. here is why i am learning it. i am convinced that we do not train our people to a standard that is high enough to defend our systems. we do not. we say we're going to operate as a team, but each component of our team is trained differently. our signal community is trained to operate and offend. our intelligence exploitation team is trained and cleared at a different standard, and normally this information cannot be shared, top-secret level information cannot be shared with folks at the secret level. then we have an attack community, and everybody is trained to different standards. so, if you look at what is going on in these networks, the offense has the advantage. the harder part is defending them. but what we are doing is we are training the defense community, not on the attack capabilities or the export capabilities out there. we're training them on how to operate and put up a network without really integrating and all the benefits that the exploit any attack community have. so, if you think about it, you can go on line -- and there is a book, it is called "the basics of penetration and testing and hacking." it is a good book. i do not get a discount on this. i actually got a note from them. a professor has written a book on how to do penetration testing. i thought this was really useful for me as the commander of cyber command and the director of nsa to look at how we set the standards for how we're going to train our force as one team, not three teams, because it does not make sense to me that the defender only defense, exploiters only exploit an attacker's only attack, because it is one network. we would never have come up with that paradigm. you do not have infantry guys who you are in the defender infantry, you are the re-con infantry, you were the attack infantry. think of how ludicrous that is, but that is what we have an hour networks today as a military. and the department of defense is different than any other department in our government. we have the responsibility to provide offensive capabilities and to defend this nation. so we have to train our folks differently. when you look at what the book teaches you on it, one of the things it talks about is the first step is no your adversary. this is like the art of war. know your enemy. somebody might say you ought to know yourself too. we will come back to that. know your enemy. what does the adversaries network look like? how do you do reconnaissance? they teach you things from google to all the things you can do to look up and find the i.p. addresses. i am ashley practicing this myself. i set -- actually practicing this myself. i set it up on my system. i had to set up two virtual site so i do not get in trouble. rare for me. we practice canning. you practice reconnaissance, scanning the second set. in this offer that you can download free off the internet, there are about 830 exploits. you can get windows service pack two, there is an exploit their. you can penetrate the system if you have not passed it. it took me less than 10 minutes to do that. i was able to then drop a key log down on it, grab the send thoseff of it, passwords to a john the ripper program, break the passwords. i was lucky, i was racing and i won. i just want to put that out there. theresa lost. that is why people hate to ride on the aircraft with us because it is biased towards my network. all of that in about 20 minutes. then it shows you how to maintain persistence. if you look at and you think about what we are just talking about there, how are we going to train for the future and how do we start bringing things together? that is one thing i would like you to think about is how we train our force. now, one of the things that we jointly have worked out with the 24th air force, fleet cyber, our cyber. what are the five key things that we have to do? as cyber command, component command, what is the defense department, the intelligence community have to do? we came up with five key things and i want to talk about those for the next two hours or until somebody passes out and falls out of their chair. first, build a defense of all architecture. second, improve situational awareness. third, build and train a ready cyber force. four, transformed the way we organize and operate. fifth, prepare ourselves with the right authorities. i want to start at the beginning, start with the defensive all architecture. -- defenseable architecture. we make this really hard. we have 15,000 enclaves. think about that. 15,000 enclaves, each individually managed. if you were with sysco, you would not operate your network like that. think about it. if you were with google, ibm, microsoft, amazon, you would not have 15,000 independent enclaves, but we do. and the consequence of that is each one of those is patched and run by a separate fiefdom, and those responsible for defending them cannot see beyond the fire walls. so, situational awareness -- practically speaking, situational awareness is nonexistent. the consequence of that is the adversary only has to find one person to make a mistake out of those 15,000. the probability that someone is going to make a mistake is one. you can bet on it. so, we have made some -- i think -- some significant errors in putting together the network the way we have it. we have to change that. from my perspective, finn, a virtual cloud, where you can update and patch instantaneously, reduces that a tax service in a significant way and is something we should all push -- attack service in a cigna the way and is something we should all push for. -- in a significant way and is something we should all push for. we can take people and make them the cyber force our nation needs. we are working with all the services and i.t. efficiencies to make that happen. the second part is a trained and ready force. trained to a standard. from my perspective, this means if your signal, crypt analytic, cyber attacks, computer scientist, we ought to all be trained to the same standard, to operate on that as one team. so that there are not secret amongst the different enclaves, but everybody on that team knows what the other players are going to do. when you go to the national training center or you go to any joint exercise, the biggest part of that is learning what all the members of the team are going to do. what we do not now, today, is what the other components of the team are doing. because we have a defend and operate team separate from an exploit team, separate from our attack. we have to get one trained and ready force. situational awareness. how do you see cyberspace? right now, when you think about it, if you ask everybody to draw a picture and then show me where the adversary is coming in and how are you going to stop that, nobody has a real good way of drawing that picture. as a consequence, if you cannot explain what is going to have been, how do you explain how you are going to defend it? we cannot see it. we are trying to explain to our young folks how they're going to stop it, and they are looking at us like what is he talking about? i get this from my daughter's all the time. that is a joke. i am sorry. i will go slower. how do you see what is going on in cyberspace? we have to build the situational awareness. it has to exist at networks be. it has to take in billions of the events and make them humanly digestible, along with decision logic, but something we can see. there has to be a set of those activities that machines can operate on that our policy driven, and then there is a series of things that we are going to use to move our forces in cyberspace. that picture is what has got to bring us all together. that is the third part. transforming the way we organize and operate our command and control. from our perspective, i think the first big step on that was setting up cyber command and subordinate command. now it is how we reach out to the geographic combat and commands and their components. what are the elements we are going to put out there and how do we do that? in the fifth area, authorities. what are in the authorities we need to operate across the full spectrum? from dod's perspective, let me tell you the hardest authority. when we look at cyberspace, everybody in acknowledges that it is dod pose a responsibility to defend the nation from an attack. ok, good. let's say they attack wall street. when you say defend the nation from an attack, is that to defend dod's network or the nation? there is a pause, always a pause, while they consider that and say that is a good bank question. -- a good question. not sure the answer. what do you think? if it is dod, we are good to go. we can solve dod. this is like a missile coming in. if a missile is going to hit fort meade, we are ok. we can block that. if it is going to hit baltimore, too bad. should have had the fort boundary bigger. going to hit fort bragg, we are covered. fayed it will, too bad. they could use some -- fayetteville, too bad. they could use some road work down there any way. it is ludicrous to think we would not have the authority to defend the nation, but here comes the question. they attack wall street. those of us in uniform say ok, that is not a military thing. let them take it down. there goes all your money. you forgot. we are in the military. we do not have any money. it is your money. now we are even again. we would not let them take down wall street. we have to have a way to defend against it. you cannot see wall street. in cyberspace. we have no sensors. so part of the legislation pushed on both sides from both parties is how do you share information so that we can see, somebody can call up and say hey, they are attacking wall street, would you please make it stop? and we would consider that and say, just a minute, i'm thinking. which part of wall street? yes, of course we would. in fact, the key is, they probably would not call me anyhow, knowing how indecisive in. they would call somebody like george and they would do it right away. so, how do you get a tip from industry or the internet service provider that an attack is going on at networks speed that we can react to? that is one of the things we need for legislation. so that authority has to be there. then the second part is you wanted to stop. so this is like a missile that is coming in. this actually happened, and you have to have a great sense of humor in this. a few years back, the german cause me out and says we are going to have the disk -- the an calls me up and says we are going to have a discussion about cyber. we want you to create a briefing and tell us what options we have on day one. on day two we will present the briefing. on day three, we will take it to the white house. i am thinking out loud, cyberspace, a speed of light. roughly 133.x milliseconds. that is your decisions based. inside their we want to wrap in 34 milliseconds ford generating the briefing. 34 milliseconds for going to the white house. stop the action. i suspect they had not considered the speed at which this goes. i pointed that out. they do not have the sense of humor we do. but they did get the message. we have to come up with a new paradigm. think about missiles coming in from russia and how our missile defense and air defense system, norad, how all that works. missiles are going a lot slower speed. you have 30 minutes. we are talking a cup of coffee, when to shoot it down? not yet. let it come a little closer. ok, now. in cyber, you're talking about the speed of light. you're talking about knocking down something before it can impact wall street. we have to come up with a mechanism that gives us the standing rules of engagement and the authority to operate. i am not saying let's cyber command beat up on some countries that attacks us, tear them up and start something big. i'm talking defense of the nation. those are the kind of authorities we need. one of the considerations we have to put on the table is how do you make a more defensible infrastructure for our critical infrastructure. because all of our networks ride over commercial networks. in the power grid. so, you know, if all the lights go off and the networks go down, the defense department cannot communicate. transportation command cannot flow forces. we have a problem and we have to solve that problem and bring the team together. i think the most important point when you looked at these five is the team that we talk about. i started out with the cyber command dod team, what we do. but the reality is, there is a government team that is bigger than the defense department, and that includes the department of homeland security, fbi and others. but the key players, homeland security, fbi, nsa and cyber command, those are the key players and those are the ones we have to get out the rules and responsibilities. that is the government team. they can hit about 10%. industry is the big player in cyberspace. we have to have the construct for industry and government to work together, a way of sharing information, especially on malicious software, in a way that does not give away some of our most important secrets. and we have got to have a way to leverage industry's capability on what they see as the defense of government networks. we have to bring in academia, and then it is important to bring in our allies. in cyberspace, if you look at the eastern seaboard, there are roughly 18 cables coming into the eastern seaboard today. roughly 12 coming in from the united kingdom, three from france, two from denmark, one from spain. if you want defense in depth, the united kingdom, france, denmark and spain immediately come to mind. that is where the partnership is so important here. when you bring that up to our partners in the u.k., as they say that is good, but that pipe goes both ways. our comment is, i did not realize that. we thought it only came to us. it goes both ways. so, they would like us to clean our side. they clean their side. there are some great opportunities for how we can work together as a team here. these are some of the things we have to put on the table. these are some of the things we have to resolve. i think within the defense department secretary panetta has made some great strides in pushing this forward, following on what secretary gates has done, and that has spilled cyber command and we have gone a long ways. -- built cyber command and we have gone a long ways. we have to get legislation at some point. we have to figure out the roles and responsibilities for how we're going to share information between government and industry, and how we help industry without being overly burdensome and bureaucratic. here is a fact. you know, what is interesting is nobody wants rules put down about what you have to do. but let's face it. we're all getting hand. -- hacked. there is a lot that we can share your between government industry 2 hartnett. -- and industry to harden it. critical infrastructure is learning. we have got to bring that up. we have got to fix that. or we are going to suffer a huge failure in cyberspace and wonder why did that happen. it is coming, from my perspective. it is only a matter of time. if you go back and look at that book, what you realize is there are significant vulnerabilities out there. you do not have to be a brain surgeon to figure out how to exploit those vulnerabilities or how to damage them. you can pull it in off the internet. anyone of you within 12 hours could pull that off. do not do this. do not do anything illegal. but if you went there, you would find tremendous vulnerabilities in the system. it is huge. we have got to get out in front of it. the government cannot do this alone. it has to be a government- industry partnership, and for us, government, industry, our allies and academia. so i am going to wrap it up there. i guess i am supposed to ask you a few questions das? or we can reverse that. see if there are any questions on your part. if not, i am out of here. >> sir, we have a number of questions for you. >> that was quick. >> what are the steps being done regarding the organization and training of personnel, and are you satisfied with the progress to bridge the gaps in training or does more need to be done? >> i am never satisfied. more needs to be done. here is the issue. when you think about training, i want to train everybody to the same standard so that the team, especially management, all understands the full spectrum of cyberspace. a linguist does not have to have the same training as an analyst, one who is going to operate on the network as one who is going to do digital network intelligence, reconnaissance, but they all ought to be trained to a series of standards that, from my perspective, brings our team up here. step one, i think the first thing we have got to do, and i give the navy great credit for it, and it really hurts me to do this, but i think the navy is bringing together -- the way the navy is pulling together is what all the services need to look at as a model. what that means for the army and for the air force, looking at our communications, a signal community, our critic analytic community, our computer science community and bringing them together as a team and calling that cyber. then we have to figure out how we then were fat between the crypt team and oni as the navy does. there is something in there we have to address, because if we do not, what we're going to have happen is the communications environment is going to drop pretty drastically. this has happened in the past, and of course people say i do not need that. if you think about radioteletype. i used to have a company of rat rigs. where are all of the rat writ operators? over here to my right? no, you do not see any. they are gone. we're going to look over here where our cyber team is supposed to be and we're not going to have either. what we have got to do is transformed that forced through that training we are talking about and make them all of one team. next question. i have read articles regarding cyber, becoming a unified combat and command. do you think this is an important step toward having the right authority to adequately defend our nation. if so, how does this decision get made? >> is a long, long process. it is not necessarily an authority issue as much as it is looking at how we are going to operate in cyberspace. it is interesting. in 2007, we drafted -- the royal we. i do not do any work. one of the folks drafted of paper at the request of the commander of staff, about establishing cyber command. what he was interested in was what do we do. do we do unified, sub-unified, a separate service or functional command? we sent some folks off to study that and came up with the paper in april-may-june time frame of 2007 and said, we probably need a unified command. the problem is, to get to a unified command is too big a step to jump, by pulling all these together to just make a unified command. the most logical is to set it up as a sub-unified and then grow into a unified. i think that is the process we're going to work our way through. it will take time, but it is important to know that as the nsa director, i report to the secretary of defense. actually execute authorities on behalf of the secretary. in cyber command, i report to strat com. half of me is reporting this way and half of me is reporting this way and not everybody knows what everybody is doing except for one of us and i am not saying here. i suspect it is the secretary. what we're looking at is how to streamline that process. they are working on that. i am sure will take more time. next question. >> an important and growing issue is the use of mobile devices and the fiber -- cyber threat associated with them. this brings of the realm of communication. there are now lots of networking wave forms entering the marketplace and being used by military members. the cybercom see our role for itself in integrating with electronic warfare efforts such as the integrated electronic warfare system? >> yes. would you like me to enlarge on that? i do think that as we go forward -- it is kind of interesting. go back to 2006 were you had digital and analog communications that were flowing through the network. eventually it tipped over to completely digital. now is you look at your networks, they are essentially digital. if you look at the electronic warfare, it is going to go through that same digital environment. it is a form of communication, and from my perspective, there is great opportunity for bringing those together down the road. i think that will naturally have been is not something you need to push on. -- happen. it is not something you need to push on. insider, we're talking about a system where whether you are on a mobile device, or radar, it is communications. it is radio direction and ranging. it has got an intentional paul's. you have fanned with, stan, all these things. dth, scan allned wi these things. when you think about how we're going to operate, especially in the military domain, what we're talking about is collecting, jamming and preventing signals. it is talking about getting into theirs and stopping them from getting into yours. both of those are going to go on in both domains. i think he will see those collapsed together. i think that will really help the ew community is that goes on. >> my last question is a final one. in your recent speaking engagement, you challenged hackers to join our team of cyber forces personnel. any takers? >> yes, we actually have. now they are working clearances. they did not bring up that part. that was a flip answer. the reality is, when you look at the hacker community and, from my perspective, 90% of the deaf, community are folks that are penetration testers -- defcom community are folks that are penetration hackers. they i understand the vulnerability of the system. what we need, defense department, our government, is understanding how to work together to solve those, block those, mitigate those vulnerabilities. we do need them to work with us on it. if you took all the people in defcom gave them a set of problems over two days, i am sure they could solve every one of them. there is that much technical talent. now the question is, how do we get them to help us solve some of the infrastructure problems our nation faces? those are the things that my feedback to the community and to all of you here is. how do we do that? as we leave here, one of the things i would ask you to think about is not just that question, but more, especially because we are looking at this for the defense department and the government, how do we train our people in this area. how are we going to train them in the future, and why do we not train everybody to the same standard? the practical reality is we should. it is the most important thing we can do, and when you look at those folks who are really trained on systems, and every one of you here knows, when you look at that guy, he is really good. that is what we want all of our people to be able to do, because if they are that good, they will be able to defend, exploit and attack and that is what our nation needs. the other part, for the industry players, help us