Nsa. He is now the ceo of iron at, a Cyber Security consulting firm. Here he is in an interview with emily chang. We have seen in the last year, exploits against target, home depot, the attack against sony, when you look at it, the changing landscape is growing significantly. Part of that is attributed to the rapid change in Technology Part of it is treated to the Global Landscape when you look at what is going on with russia, iran, north korea. And terrorism, all of those combined this a tough area, and one where i think good thoughts about conferences like rsa, we need Tech Companies to come together and figure out a better way of addressing these problems. We have not done that yet. Is everyone is being attacked, the solution that the cyber teams are putting together is insufficient. One of the good parts about being here is looking at addressing new ideas, wrestling with those and seeing how you could partner more together and provide a conference of solution. Emily the president of rsa says security has failed. The Security Industry has failed. How much do you agree . General i agree mostly. The reality is we have let it languish. In the past it has been one that we have written over so he did not have the big draw for new boards, what happened to target and home depot, everyone said, we now would need to look at this at the ceo and board level. We need to make that type of change in something that we now need to look at from a tech perspective, lets put the solution on the table to get a conference of approach to Cyber Security that does not put it back on the i. T. Professionals. If they are getting hacked, it is because they do not have the tools and training. It is not because they dont want to protect their networks. Emily what they want from Tech Companies . They say there has never been a backdoor, they will never open one. General it is different, what the Tech Companies need to do is, how do you now bring an integrated approach . It has nothing to do with backdoors. You dont need to protect the company, backdoors, any of that. What you need is a way of understanding when malware enters your network. How you do that . In the past it has been Antivirus Solutions. When you see a Security Company say, Antivirus Solutions alone are insufficient, they are right. What you need is a more copperheads of solution. Comprehensive solution. That brings in Something Like mcafee and others, a firewall and others, look at how you can integrate it into a comprehensive approach. This is where teams cyber on the civilian side could present a much better product or products that would help these companies. Emily if the Iran Nuclear Talks fail, what can we expect . General i am concerned if those fail on two fronts, iran and russia, you see at times their way of fighting back on sanctions this to you cyber. Im concerned of those fail, there will be cyber repercussion for us. Emily how drastic . General if you look at 2012 and 2013, there were service attacks and also destructive attacks against saudi aramco that destroyed the data on over 30,000 systems. My concern is if those come together against any of our sectors, we have a problem. Part one, lets exceeded its. We can do a better job. Two, i think we need cyber legislation. We absolutely need that between governments and Ministry Industry so that the government knows when industry is being attacked. Going back to your backdoor thing, government does not see networks, does not want to see in them, and does not know when a company like sony is being attacked. Emily really . Did you say be documentary about edward snowden, it won an oscar, the take away is the government sees everything. General one of the things that you and others can do is get the facts on a table. What is interesting as we sat down for the president ial review, we actually had a board member from the aclu look at what nsa really does. That was Jeffrey Stone would probably get begin to get him here at some point. What he found was that not only was nsa doing what they were asked to do, but they were following the law and had great integrity. Yet that is not normally come out. What comes out is someone a sensational life of that and claims there on your networks. Consider how Many Networks are out there. How many businesses . You see Something Like santa claus can see every child in the world. That is a nice thought, but not correct. The same within the nsa and other agencies. The real question becomes, how do we let the government no when a company is under pressure. Cory well have more with the general Keith Alexander after the break. Cory this is the best of bloomberg west, im cory johnson, we have more with emily chang costs interview with general Keith Alexander. Theyre talking about the relationships between the nsa and Big Companies. General alexander if you are talking to the nsa under fisa, the government would require a warns to track your communications. Think of these are the case which is public this is the guy that was going to blow up the new york city subway, what nsa had to do, under the 702 program was get a court order to allow them, which is a 702, to get information on the Communications Going home and to a zogby. That is what the program is geared towards. Nsa was before inside, not domestic. The perception that nsa was reading your emails this false, unless you are talking to a terrorist who is overseas. Domestic, it would be the same thing with the fbi, they have to have a warrant or some reason of probable cause to go after you. Emily what about dragnet . General alexander this is the 215 program, lets go over that. Emily this is information you collect, right . General alexander this is information the government compels them to provide, only numbers, no content. It has the duration of the call. Your name is not in their. No content is in there. No names, no content, just numbers. What that is used for, lets say the earlier case, there was actually a number in that communication, sba fbi knew the number and we now know who was talking to al qaeda. Under the rules, one of 35 people could look into the database and go out to see who youre talking to. There were able to see one of the people in new york had downstream connections to other terrorist. All they saw were numbers, and that resulted in numbers overseas. Nsa gave the number to the fbi fbi with a security letter could look that up. Nsas job was to connect the dots, not to listen to your communications or others. One of the things that is really wrong is context. Emily the problem the public has is that nsa is connecting dots. General alexander under nsa there are authorized to get the business records. For they cannot look at it unless they have this reasonable suspicion. Every time a look into it or touch it, it is audited. It can be overseen by the courts, administration, and a number of laces in the administration. What they all found was that no one was misusing that data. The real issue, how do we do it better . If there was a better way to protect the country i am all for it. I think that is were the Tech Community and the government need to work together. Emily be tech communities have insisted they are not going to sacrifice privacy. They are not going to work with the government. You have larry page and tim cook, and zuckerberg saying this personally. General alexander i step back and say what is needed for the country . We need a way to stop terrorist and protect privacy. The courts have found this was the best approach. I would put back to the Tech Community, including myself, is there a better solution, can we come up with a better solution . More importantly, we should look at only not only our country, but europe and others. Emily what is your ideal solution . General alexander i have not come up with a better one. That is the problem. Weve wrestled with this. We could not connect the dots and 911. The Intel Community took a hit. That resulted in 911. We dont want to know the 911. Is there a better way than the meditative program . If so we should put it on the table. If you are to look at the data and say who is the best . The companies he mentions, google, apple, facebook, others, they are the best, why dont they join in and say lets come up with a solution that is both. Emily are you saying apple, google, facebook could stop the next 911 . General alexander i am saying if they could come up with the ideas, it is better than what we are doing today. If they do, it would require government and industry to work together. We have a great Tech Community we ought to bring them in. We have to figure out, how do we cross the divide that was created post note there is a lot of this information. We need to fix that. That is where folks like you can help emily you told the new yorker last year, im really concerned something bad could happen, i dont want to be chicken little but i want people to know we are at greater greater risk and a lot more could come our way. What do you think it happen . General alexander im concerned isis and other terrorist want to hurt our country and europe. It is in their best interest to have a big attack. It helps them recruit more people. We are trying to stop that. We are doing every thing we can. Telling the bad guys how we stop them only helps. Think about what happened with enigma and the early parts of the war when he germans went from a third to fourth rotor, we started to lose the war in the atlantic. Im concerned the information post snowden gives in and get advantage to them. Now is the time for all of these companies to help protect our people and our Civil Liberties and privacy. The government cannot do this alone. Emily how concerned are you about another 911 . General alexander most all of my time is spent on Counter Terrorism and cyber. I didnt have time for anything else. The tools they have, the approach we are taking, you see big data and crowdsourcing, is there a way that we could actually take some of these techniques with courts, congress and the administration involved, come up with a better Legal Foundation for doing that, and a better Technical Foundation . Nobody has put a Better Process forward. Part of that is because two caps, there is a divide, technology and the government. We cannot have that. Cory Keith Alexander with emily chang. Cory i am cory johnson, this is the best of bloomberg west. The department of homeland securitys opening a office in silicon valley. Lawyers from the department of justice have been at the rsa conference. Emily chang set down with john carlin, to discuss the complex relationship between washington and silicon valley. John what we see is value has shifted from the analog world to the Digital World area he spies, terrorists, those who would harm us are seeking to harm us through cyberspace area that means my job is transforming to meet those threats. Emily who are you meeting with . John so many people innovating on the security side. That is an important conversation to have and learn what they are doing to defend against attacks. We are also meeting with power and gas, small and Mediumsized Companies here, Entertainment Industry and others. The message is clear, you need to be prepared for a major cyber attack. Some of that information has to be coming in, and being prepared to talk to Law Enforcement so we can respond. Emily what about Companies Like apple, facebook, general alexander made it clear that they need to cooperate. They have made it clear they do not want to compromise users privacy. Had he find a balance . John there is a difference of issues depending on the sector that you are discussing. One of the key threats to privacy are crooks and spies that want to steal their information. We are seeing time and again companies penetrated by either criminals, or nationstates oversees that are stealing information for economic value but also to cause embarrassment or coercion. The sony attack was a real wakeup call and a message we have been trying to deliver for a while now. It does not matter your industry, you are at risk. Emily what our companies doing wrong . John for too long the cyber risks were confined to the i. T. Professionals. The ceo and councils did not understand it as a risk. I thought if you have the right tools you could block attacks. There is is no walls you can build that is high enough to keep them out of your system. We are not perfect and government. Lately there has been a big push to make sure the cabinet actor terry, or deputy secretaries are in the room when talk about Cyber Security risk to government systems. For too long and government, it was a cio issue. Part of it is language, those talking in bits or bite and they try to talk to the ceo, they do not want know what youre talking about. We need to learn how to bridge the gap between the technical and the business risk. Emily one of the biggest risks are there and own employees. They are in fact the biggest threat. Edward snowden was a government contractor, how likely is that there will be a nether snowden . John i am glad you brought that up. When we talk about the risks to a company, they are still sending traditional spies here. A case we had a new york with Traditional Russian spies, what were they looking to do . There are looking to use greed sects, revenge as motives to get information. These traditional techniques loose lips, and they combine that with trying to breach your company through cyber enabled means. Because it is digital, if they are able to. Succeed, the amount of information they can steal his vast the harm they can do is much greater than it was 1015 years ago. Cory that was emily chang and john carlin. I was also an attendant at the conference, i had the chance to talk to retired coast guard admiral, thad allen. He had a deal with edward snowden. I asked him the difference between plugging the oil leak and data leak. Thad what happens is when an event gets complex, it hurts to stretch the limits of your operating procedures and policy. You have to think about what you are doing. The focus should be focusing on the problem. Cory are we talking about oil or data . Both. Cory it seems like a great struggle for companies. Some Companies Shut down networks, they stop sharing with other entities. What is the right response . Thad you need to think about to be severity of a breach that could occur. You need a response plan, you need to practice it and involve senior leadership. You need to have a point of accountability. Cory i cannot imagine every company with every shape and strike deciding to devote lots of resources for an event that has not happened yet. Thad the problem is when you look at a breach a lot of people say that is in the purvey of the i. T. People. In fact there are legal implications, regulatory implications, issues related to the brand of the company and reputation. All of that needs to be handled at a level higher. Are we seeing a change . The head of target is gone, the head of sony is gone. Thad you become self indemnified if you dont do this up front. The right way to handle this is to think about it in advance. Cory is this the role of the chief Information Officer you need to know how the systems are. That can only be done by the person that runs i. T. There needs to be a more holistic approach. You need to do that with someone more senior. Cory retired coast guard admiral, thad allen. Well be right back. Cory you are watching the best of bloomberg west. I am cory johnson. For the First Time Since 2012, facebook did not hit a home run with it quarterly earnings. Up 42 to three and a half billion dollars, profit did fall, 20 over the year. Facebook continues to post huge user numbers. Monthly active numbers on mobile 1. 2 5 billion. We talked to the senior analyst. There is not the same excitement on facebook. If you look at the engagement numbers like you mentioned, we broke out where instagram is at an messenger and whats at, all of those numbers are progressing. If you take the long haul approach to this, yes fx had it impacts. There is nothing that concerns me about owning this for next year. Emily i set down with Mark Zuckerberg and december and talked about the broader strategies for whats at an instagram. Take a listen. Mark our strategy is to build things that people want to use. Facebook is the most used apps whats at an messenger and instagram are some of the next most used. Emily whatsapp has 800 million users, instagram has 600 million Facebook Messenger has 600 million, at one point to does facebook not become the core experience . Cory i love that interview. Point number one, the dumbbell approach works. Mark talked about this at the conference he said essentially will have mother ship facebook. Your mobile device, that will be the mother facebook. The experiences of facebook and data will come from varied sources like messenger whatsapp, instagram, oculus perhaps someday. Facebook will know a lot about people, even though the principal Revenue Source will be big mother. You can see part of these results, point number two is the results they put up today are spectacular. Maybe some analysts had higher numbers, maybe it has the game of wall street, analyst but a bigger number, they are supposed to be those, t