Good evening and welcome to kqed newsroom. Im thuy vu. Target ebay jpmorganchase sony pictures. Those are just some of the companies attacked by hackers last year. In fact 2014 was the worst year on record for cyberattacks. Thieves stole personal information on millions of people. And in the case of sony at least leaked damaging documents and copies of films. During his state of the Union Address next week president obama will lay out plans to protect americans from cyberattacks. Proposals he previewed on monday. Were introducing new legislation to create a single Strong National standard. So americans know when their information has been stolen or misused. And the white house has planned a cybersecurity summit at stanford next month. Bay area researchers and companies are at the forefront of efforts to combat hacking attacks. Joining us to discuss these efforts, tom pageler, chief Security Officer for docusign a company that allows businesses to sign and send documents securely. Kurt stammberger, Senior Vice President of Market Development with norse corporation, which tracks cyberattacks in realtime. And Aarti Shahani, nprs tech correspondent. And Kurt Stammberger, you want to begin with you. Your companys website, norse, there is a map showing live attacks as they happen. Lets take a look at it. And if you can describe to us what were looking at here. Well, what were looking at here is a live map of attacks under way on the internet right now. We have a worldwide deployment of about 8 million sensors in 50 countries around the world that emulate about 3,000 different types of devices. Everything from cash registers to atm machines to medical devices. So we can deliver very fast intelligence to our customers about whos being attacked, where, and what types of devices are being targeted. So for example, if you see a lot of attacks on Credit Card Companies, for example, then you can alert Credit Card Companies that this is going on and you need to batten down the hatches. Right. Exactly. Its a little like a realtime internet weather report. Tom, with docusign, how often are cyberattacks happening . How often . Every day. Were seeing something every day. But i think the thing is were also getting more awareness around it so people are seeing that this is happening and theyre more willing to share. It used to be it would happen you wanted to hide it, you dont want people to know. So companies are more willing to come out. And i think also employees shareholders, stakeholders, theyre starting to take more Due Diligence in making sure they kind of protect the data. People are more aware of it. Which is a good thing. Were starting to see best practices in just securing some of the things they need to. You say these attacks are happening every day and i just want to quote a study real fast because the numbers are startling. A Price Waterhouse cooper study found that nearly 43 million cyberattack incidents last year 48 increase over 2013. And that breaks down to more than 117,000 attacks coming every single day. Well, its also think about it were becoming more digital, right . More devices are out there. Theres more connection to the internet. More companies are going digital. Obviously, even my company docusigns a Digital Transaction management company. We compete with paper. We want things to be digital. Theres more attacks more areas to go after. More things to use, more yeah. Sorry. And i think that one thing to keep in mind, that when we look at these kinds of numbers is that the attacks are tens upon thousands a day. Could be more or less the volume is extraordinary, but what we care about are the attacks that are successful. That actually penetrate into a system and how worried should we be, then . Because it seems like quite a few of them are penetrating systems. It seems like we should be worried. If last year was any indicator. I can tell you that absolutely we should be worried. Because not only are the volume of attacks increasing but the success rates of attacks are increasing. And these attacks wouldnt be happening if there werent a lot of money behind it. The fundamental nature of hacking has shifted in the past 20 years from someone showing technical prowess to one of their buddies to organized crime and snags states going after valuable assets they can sell. Youre not just flexing for your geek friends. Youre actually trying to make a living this way. Aartis point i think you really want to look at the ones that matter, the ones that frauds happening. You dont want the white noise. There is something happening every day. There are things that happen. You get data that doesnt really matter we dont want to overreport. We want people diligent about it but you want to care about the ones that actually matter. Lets talk about something that does matter. Its easy to laugh it off, right . Sony. Because a lot of gossipy stuff came on. But that was a big data breach. And i know that norse has been working with the fbi on this issue. And you know, people have said, well north korea. But youre seeming to say that its more of an insider job. What are you finding out about that . Yeah, well, i cant comment 234 much in much depth because this is still an Ongoing Investigation with the fbi and were still cooperating with Law Enforcement officials. But still to this date the data and the telemetry that weve been analyzing dont trace back to north korea. In fact, the evidence that we see indicates that the initial intrusions and exfiltrations of the data happened as early as july and that malware was all written in english. There were no korean components in it. So that leads you to believe it was an insider. Right. In fact i say that a lot of malware is kind of like a roomba. Its kind of like a little robot that bounces around and runs into furniture and turns right and runs into Something Else and turns left. And when it turns into a piece of dirt it collects it. The sony malware was a lot more like a cruise missile. It had user credentials digital certificates, server addresses, preprogrammed into it. And those are things you can only get access to if youre an insider. Whats the key takeaway from these data breaches . Sony, which people like i said had fun with but youve also got the case of home depot where 56 million customers were affected. You have target where 40 million card numbers were stolen. When we look at the huge hacks that are now household names. If youre listening today, if youre watching today you know sony, you know target, you know home depot. You probably got a call about your credit card numbers taken at some point. And thats why i think its interesting the massive problem were facing now and then the Public Policy conversation around it. I dont know what you guys think. I think whats really important here su think about the enron scandal, the financial crisis we had before. We came out with sarbanesoxley. We really went after a big change. You have obama coming together and bringing a group together. Why dont we do that for cybersecurity . Why arent cisos reporting to the board . Security officers. Chief Security Officers or chief security Information Officer or chief risk officer. The person in charge. I report to the board at my company. Theres transparency. My ceo signs off every year what were doing cybersecurity. We might not be perfect. Everybody can make mistakes. But at least all the stakeholders know exactly what were doing. And i think obama needs to push for Something Like that. We need Something Like sar baipz oxley. Speaking of president obama, he is taking a accept in this direction. This week he announced new measure to prevent data breaches. Aarti, what are some of the key pillars and do they go far enough . There are several key pillars that have to do with informationing share and change in criminal justice code. One thing i really want to focus on because i want us to be attuned when we hear it. Obama said consumers have a right to know within 30 days when their data is taken. Thats Consumer Protection. We need Consumer Protection with all of these breaches happening. Now, im a consumer. That sounds good. If i get hacked i have a right to know. And you target or home depot or bebe the Clothing Store that got 40kd ha i shop at i have a right to know. The thing is when you talk to people in the industry is that telling the consumer that their disposable credit card number has been taken doesnt really solve the root problem. The root problem is are Companies Investing in security infrastructure . Are they looking for malicious code attacking their systems . Are they telling each other . Its a white noise sorry. Its a white noise problem. I think there are mechanisms to share information. We have the fsi sack. Information share sharing alliance protected by the government. But theres always the risk when you start communicating with the company. I did hear when he was talking about this. Is allow for companies to share information. So we can talk to each other, we feel comfortable, we can compare notes. But the concern you have is hes missing the mark it sounds to me. Hes missing the mark. 30 days. When does it start . In 30 daysuq qu credit card has already been sold 100 times over. Or the white noise too. If i have to report. And lets just say Law Enforcements involved and they say we have an idea here but we need you to not report yet. Am i allowed to do that . Maybe not. And when does 30 days start . When i suspect it, when i know it, when i confirm it . As a company im not going to take any chances. What is a consumer to do though . Because ill tell you what, a Pew Research Poll finds that 91 of americans say consumers have lost control over how their personal information is collected and used by companies. So what is a consumer to do . Yeah, like you said okay, so a data breach happened. Youre notified within 30 days. You have all these passwords already. You change them regularly. Theyre hard to remember. Are there technologies out there that will help this problem . I would say that on the consumer side the apple icloud hack to me really illustrates the need for consumer responsibility. When youre putting your stuff on the cloud, nothing on the cloud is private. Keep that in mind. Pay attention to whether datas being encrypted. Use passwords that are actually strong. I use something called last pass which is a password manager. It costs like 20 bucks a year. It gives me some crazy 52digit password that automatically puts into my we use another one called 1password. We should move away from passwords. You use the same password you steal the password and get to multiple sites. You should do twofactor identification. It should be i know who you are, i know your pattern, i know your phone, i can text you, we should be moving away from that type of stuff. Interestingly enough i feel one issue with this question of how to protect consumers is you see a collision head on between what politicians are talking about and what obama particularly is talking about right now and whats best for consumers. For example obama and the Prime Minister of the uk were talking about having better access to data on the cloud or messages on whats app and whatnot for terrorism investigations. So they want to be able to more easily get data that is interchanged between individuals. Meanwhile, Companies Like apple and google want to hard encrypt all of the data thats being stored and make it harder for Law Enforcement to access. So i think were actually going to see in this next year a real butting of heads between Consumer Protection and Law Enforcement. And i want to ask you real quickly, though to wrap up this segment, if its possible to keep up with the hackers, especially when a lot of it is coming from overseas. Youve got some of the leaders in this space you know china, Russia Eastern europe. Is it possible to stay ahead . Its a treadmill, definitely. And at this point the hackers are winning. Theyre ahead. And its something that its a problem were never going to solve completely. But its something a united front will help. I think getting together and tackling together, thats how were going to do it. Im going to have to leave it there. All right. Thank you. Thanks to all of you. Tom pageler with docusign also Aarti Shahani nprs tech correspondent, and Kurt Stammberger with norse. Thank you all. Thanks. Well, coming up an unprecedented move at the San Francisco chronicle. But first, the race to replace u. S. Senator Barbara Boxer is on. This week California Attorney general Kamala Harris became the first to throw her hat in the ring. Harris will not have to compete against Lieutenant Governor nachb nus gavin newsom, who surprised many by saying he would not run. But she could face a primary run from other democrats including venture capitalist tom stier and republicans who have long coveted Barbara Boxers seat. Scott shafer addresses the race ahead with reporter marisa lagos. Marisa lagos, welcome. Thanks for having me. You bet. So what a week in politics in california. On monday gavin newsom says hes not running for Barbara Boxers seat, and then the very next day Kamala Harris says im running you know, full speed ahead. What do you make of the way it unfolded . That sort of onetwo punch this week. Well, we in the political world heard rumblings that they would be kind of sitting down to discuss both of their futures. They share a political consultant. They share the same donor and sort of political base. I wasnt that surprised. I think that those positions make sense for them to be pursuing. Gavin newsom was an executive in San Francisco. He likes being the sort of star in the room. He likes being controversial. Thats kind of what hes made his namt on. I think Kamala Harris is a better fit for that world too. And i think she probably sees it as a launching pad to even higher office. Although there was also talk they both wanted to be governor. And newsom coming out the way he did, did it preempt her . Did it force her hand in a way, do you think . Maybe. But i would bet that she knew that was coming. I dont think she heard first on facebook the way a lot of us did. Do you think there was some kind of deal . There was a lot of speculation as you suggested they would sit down and work it out, divide up the kingdom. But they both sort of say thats not what happened. I think theyre going to say that. I dont think they want the voters or the public to perceive that they think either of them is a shooin for either race. Theyre not. These are going to be very contested seats. But i am sure they had discussions. And whether or not somebody pushed somebody else, who knows . But i heard a few weeks ago that this might be the way it shook out. So Kamala Harris is the first one in, and surely will not be the last. Theres talk, for example that former Los Angeles MayorAntonio Villaraigosa is thinking about it tom steyer, the billionaire environmentalist whos given money to candidates who support his position on climate change, also thinking of running. What do you think of the considerations for deciding whether or not to jump into this race . Well, i think Kamala Harris is hoping her jumping in is going to be a huge consideration. Money is clearly a huge issue here. Ive heard everything from 20 to 40 Million Dollars as just an entry point to really be a player. Which obviously makes someone like tom steyer a natural fit. Hell find that in his sofa probably. Pocket change. And villaraigosa has National Connections and has done a lot of work with the Democratic Party nationally. So i think he also has sort of that ability at his fingertips. But you know let me ask you a question about him, though, because he made his money in finance. Hes gotten very involved in environmental issues. Can somebody like that theres the old saying that california politics is littered with rich people who ran for statewide office and lost. Al checky is the classic example who ran in 1998 we dont have to look back that far. Meg whitman. Carly fiorina. Exactly. I think thats something that steyer has carefully considered. He has waded in more slowly than some of those folks did. But i think thats why hes putting his feelers out to see what does the Democratic Base think where is the support . Because i dont think he wants to be another one of those. Those on that list. Join that list. So of course you have to say, and both Party Leaders are saying that this is a tough race, even though its two years down the road, for a republican to win. Nonetheless, there will be republicans in this race. Theres talk about neal kashkari, of course who ran for governor. Millionaires, right . Fresno mayor ashley swearingen. Also she ran and lost for controller. Whats at stake do you think for republicans and the Republican Party in putting up someone whos credible . This should be a seat theoretically that they should be able to win, but its tough. It is tough. And i had i its also important for california that we dont have just a oneparty race. The dynamics were going to be talking about a lot is the open primary system and the fact it could be very likely that there isnt a republican in the november election. Ill just say what that is. Its the top two where parties dont nominate a candidate anymore, its the top two vote getters regardless of party affiliation. Right. I think thats one thing that back to kamala and gavin they were looking at do we want to this could be a twoyear knockdowndragout race. So i think the Republican Partys going to be looking carefully but theres a lot of schisms within that party in california and i think thats why theres sort of this laundry list of folks with nobody really at this point rising to the top. What has Kamala Harris done to say hey im ready to be u. S. Senator . Whats going to be her main are talking point, if you will . Clearly the Law Enforcement angle. She came up as a District Attorney first in alameda San Francisco. Shes worked very hard over her first four years as attorney general to really build relationships with Law Enforcement around the state who did not support her first run. The mortgage settlement that she and a handful of other attorneys general intervened to nationally really bucked the Obama Administration on is going to be huge for her. And i think shes going to talk about the sort of nittygritty stuff shes done in the a. G. s office to make it bring it into the century on a technology level, to improve the crime labs, to assist in investigations. But i think thats a good question. She has a fairly narrow scope. And just quickly, what do you think what should california be looking for in a u. S. Senator . Barbara boxers been there since 1993. You know, what does it take . Well i think what youve seen with our two senators is very different approaches. Right . Finestein i think has been a little more middle of the road. Boxers been more about talking about things. Shes been a progressive voice. Shes an advocate. Shes an advocate. And i think likely if someone like Kamala Harris wins that seat well see that continue. But yeah, the scope of experience is important. I think their ability to connect with other people within both their party and across the aisle is going to be important. So those sorts of, you know, abilities to really navigate whats going to be a very different world in d. C. Than in california and of course the ability to either raise or write a check for 30 40 50 Million Dollars. Unfortunately, yeah. Thats the entry level point, he will really. Marisa lagos thank you very much. And i dont want to let you go before i say welcome because todays your last day with the San Francisco chronicle. Youre going to be joining us here at kqed covering california politics and government. So ill be able to call you a colleague in just a few hours. Im very excited. Thank you for having me. And well be talking more im sure about this race and many others. No doubt. Thanks a lot. Thanks, scott. And speaking of the San Francisco chronicle, the paper made some news of its own this week when it appointed Audrey Cooper as editorinchief. Shes the first woman to hold the position in the papers 150year history. Cooper joins the chronicle nine years ago as an assistant metro editor and has been rising up through the ranks ever since. She takes on her new role as the newspaper industry struggles to redefine itself in the new media landscape. Audrey cooper is here now, and welcome. Thank you so much. First of all, congratulations on your new post. Thank you. Youre taking on this job during a time of great disruption in the newspaper industry. What are the Biggest Challenges the chronicle is facing . I think our biggest challenge is probably our need to reach new readers. We have a very loyal readership in the bay area right now, but like anybody if we want to grow were going to have to get people who are just coming into their civic consciousness who just now want to know about their community and do something about it. So really its reaching those people and telling them why were the best source of news for them. How are you going to do that . I think you have to do it lots of different ways. Once upon a time we could deliver a newspaper to everybodys doorsteps. You cant do that anymore. We have to reach them through email, through their phone, through whatever device they want to read it on and we have to make it really clear what is differentiating us. Many of your papers offerings, from sports to entertainment to weather, even politics are easily found in other multiple online sources. Given that why do you think people should read the chronicle . Well we have the largest newsroom between the Tehachapi Mountains and seattle. I dont think we do a very good job of explaining that to people. We have more people covering the news than any other media outlet. And i think thats really important because theres power in numbers. We have that influence to demand answers from people in power and to demand answers even from, you know movie stars and movie makers to sports figures too. So we really can be more definitive than others. So what will you do . What will the changes be . What can we expect under you to make that happen . Well, weve already started taking a really hard look at what we do. This last year weve totally redefined our business coverage. We added a bunch of new talent to our staff and gave a really hard look at with everything thats happening in the bay area with tech how do we do the best job of really putting the critical eye on that . To explain the benefits of the tech boom but also to say whats not so great about it so we can have a civic conversation about it. The other thing i think is absolutely critical is we really need to reinvest in our investigative resources. I dont know about you, but i became a journalist to speak truth to power. And we do that through our investigative journalism. So thats something youre going to need to see from us starting this weekend. The chronicle hasnt made money in years. In fact the whole newspaper industry is struggling right now to survive. What will you do to keep the chronicle afloat . Well actually, id correct you right there. In the last two years we have been solidly profitable. So we are making money. And thats a really good place for us to be right now. Were projected to make more this year than we did last year. So im really very bullish on it. I think there were some dark times and were getting through them and you know part of it is to talk to people about what were doing how we do it why its better than everybody else so that they see value. We also need the support of our Community Like everybody. So you know, we want people to consume the journalism and if they consume a lot of it to pay for it. Theres a lot of talk about digital models, and i know that you say the paper is making money. Its still operateing in a tough economic environment. Print ad revenues down 50 in just the past five years. Is there any thought of perhaps cutting back on the number of days that you have an actual printed paper or eventually maybe going to an alldigital model . I mean, you can never say whats going to happen. But we will continue to print the paper as long as people want it. I dont know how long that will be. I think its pretty safe to say at some point there will be no such thing as a printed monday through friday newspaper anywhere in the united states. I think were pretty far away from that. You know the word i started to use recently that i never really had to in Journalism School was diversified revenue streams. And that means we have events around our News Coverage, we have an ipad app we have other apps. We have to have a lot of different ways to make money in this business right now. A lot of people think sfgate. Com is your papers website. But in fact its not completely true. Its operated by the hearst corporation, your parent company. Sfchronicle. Com is your website. And it has the pay wall. How can your newspaper site compete when sfgate is clearly so dominant . It gets Something Like 24 Million People globally a month. Well, sf chronicle has two websites. The newspaper, the people in 901 mission do produce sf gate. Its a place to go to get the temperature of the city. The snacky stuff the news you that dont have to spend 30 minutes digesting. Sfchronicle. Com is where we put i call the journalism with a capital j. And youre right. Weve done a really good job over the last 20 years since we started sf gate of thoroughly confusing everybody. And we need to do a really good job of explaining to people if they want the best news then thats sfchronicle. Com. A drop in the pay wall to get more people . I think youll see in the next couple weeks some really interesting things happen there. I can definitely tell everybody were going to start a free trial. So it will be a form of dropping the pay wall. And i think were going to experiment with a lot of things. We only started the site two years ago. Its a complete evolution. Were trying new things. The industry hasnt been very good at trying things and abanged them when they dont work or tweaking them had they dont work. I dont see any reason why we should be afraid to change things. And just quickly i have to ask you about willie brown. Hes a columnist for the chronicle and until this month he was a registered lobbyist with the city of San Francisco. Are you concerned at all by the ethical issues that that raises . We i would say yes, but im confident in our editors that we put willies column really through the ringer. He probably gets more editors calls than anybody else on staff just to make sure that were being ethically sound. I think our readers hes extremely popular, and i think our readers know willie brown is still a politician. But he is the closest thing we have to a currentday herb cain and hes extremely popular. Sounds to me like youre planning to keep him then. Yes. I dont think were going to have a lot of changes there. All right. Well congratulations again. Thank you. And you started during a great week. You also get to go to a birthday party. Thats right. The chronicle actually turns 150 years old today. Thats right. Were going to have some champagne and cake in the newsroom later today. Good way to start your new job. Good luck to you. Thank you. And for more of kqeds News Coverage please go to kqednews. Org. Im thuy vu. Thanks so much for joining us. Have a good night. The following kqed production was produced in high definition. [ music ] yes check please people its all about licking your plate. The food is just fabulous. I should be in psychoanalysis for the amount of money i spend in restaurants. I had a horrible experience. I dont even think we were at the same restaurant. Leslie and everybody, im sure, saved room for those desserts