a senator: mr. president? the presiding officer: the senator from georgia. a senator: i ask unanimous i ask unanimous consent to remove the quorum call. the presiding officer: without objection. a senator: i ask unanimous consent that the senate proceed to executive session to consider the following nominations: calendar number 115-122 and all nominations -- oh 122 and all nominations placed on the secretary's desk in the air force army, marine corps and navy. that the nominations be confirmed the motions to consider be -- to reconsider be considered made and laid upon the table with no intervening action or debate, that no further motions be in order that any statements related to the nominations be printed in the record the president be immediately notified of the senate's actions and the senate then resume legislative session. the presiding officer: without objection. mr. perdue: mr. president, i ask unanimous consent that the environment and public works committee be discharged from further consideration of h.r. 1690, the senate proceed to the consideration of it calendar number 64, s. 261 and calendar number 65, s. 612 en bloc. the presiding officer: without objection. mr. perdue: i further ask consent that the bills be read a third time and passed and that the motions to reconsider be considered made and laid upon the table en bloc. the presiding officer: without objection. mr. perdue: mr. president, i ask unanimous consent that the senate proceed to the immediate consideration of calendar number 81, s. 501. the presiding officer: the clerk will report. the clerk: calendar number 81, s. 501 a bill to make technical corrections to the navajo water rights settlement and the state of new mexico and for other purposes. the presiding officer: without objection, the senate will proceed to the measure. mr. perdue: i ask consent that the bill be read a third time and passed and that the motion to reconsider be considered made and laid upon the table. the presiding officer: without objection. mr. perdue: mr. president, i ask unanimous consent that the help committee be discharged from further consideration and the senate now proceed to s. res. 168. the presiding officer: the clerk will report. the clerk: senate resolution 168 recognizing national foster care month and so forth. the presiding officer: without objection, the committee is discharged and the senate will proceed to the measure. mr. perdue: i ask unanimous consent that the resolution be agreed to, the preamble be agreed to and the motion to reconsider be laid upon the table. the presiding officer: without objection. mr. perdue: mr. president i ask unanimous i ask unanimous consent the judiciary committee be discharged from further consideration of s. res. 109 and the senate proceed to its consideration. the presiding officer: the clerk will report. the clerk: senate resolution 109 acknowledging and honoring brave young men from hawaii who enabled the united states to establish and maintain jurisdiction in remote he can to herrial islands as prolonged conflict in the pacific led to world war ii. the presiding officer: without objection, the committee is discharged and the senate will proceed to the measure. mr. perdue: i ask unanimous consent the resolution be agreed to the schatz amendment to the preamble be agreed to, the preamble, as amended be agreed to and the motions to reconsider be considered made and laid upon the table with no intervening action or debate. the presiding officer: without objection. mr. perdue: mr. president, i ask unanimous consent that the senate now proceed to the en bloc consideration of the following senate resolutions which were submitted earlier today -- s. res. 185 s. res. 186, s. res. 187. the presiding officer: without objection, the senate will proceed to the measures en bloc. mr. perdue: i ask unanimous consent that the resolution be agreed to, the preambles be agreed to, and the motions to reconsider be laid upon the table en bloc. the presiding officer: without objection. mr. perdue: mr. president i ask unanimous consent that the appointments at the desk appear separately in the record as if made by the chair. the presiding officer: without objection. mr. perdue: mr. president i ask unanimous consent that when the senate completes its business today, it adjourn until 9:30 a.m. friday, may 22. following the prayer and pledge, the morning business be deemed expired, the journal of proceedings be approved to date and the time for the two leaders be reserved for their use later in the day. following leader remarks the senate then resume consideration of h.r. 1314. finally, that all time during the adjournment of the senate count postcloture on the bill. the presiding officer: without objection. mr. perdue: if there is no other business to come before the senate i ask that it stand adjourned under the previous order. the presiding officer: the senate stands adjourned until 9:30 a.m. tomorrow. fbi director james comey on cybersecurity. the director of efpa james cumis is one of the most urgent threats facing the u.s. is isis recruitment via social media. his remarks are part of georgetown law schools third annual cybersecurity law lot institute. this is 45 minutes. >> thank you. we are now coming up on two years as director of the fbi. if you could talk a little bit about the biggest threat facing the fbi today. >> i think the biggest threat and the most urgent threat the one that takes my time every day is the one that isil presents especially coming at us through social media trying to motivate trouble people in the united states to engage in acts of violence. the so-called caliphate or killed where they are. this is actually a place where cyber and counterterrorism merge because they are preaching this, pushing this poison through twitter and other vehicles trying to motivate people and then moving them to encrypted platforms to communicate with them to try and give them instructions. so the threat we face has morphed. is it chaotic spiderweb through social media increasingly visible to us because it's being being, the operational communications are in an encrypted channel so that consumes most of our days trying to, i don't think it's an impossible task but it's very hard so we spend a lot of time on it. >> the cyberthreat of course we have nationstates and criminals and other actors that represent cyber stretched to the country. can you talk a little bit about the fbi's strategy? >> i think i've been mocked for this metaphor but as an evil layer cake. [laughter] it's right that i've been mocked with that but i'm staying with it. the top layer the cake or nation-state actors. the next layer down our nascent criminal use excuse me terrorists use of cyber as a vector and organized criminal syndicates the big botnets, the big on line marketplaces for criminal cyber tools and the rest of the cake is manner of creeps and stalkers and pedophiles. with the bureau was trying to do is give and how big that cake is try to focus their resources on what we think our foot and around the world and our abilities can make the biggest impact so we are trying to focus their resources on the nation-state actors, the large criminal syndicates, the big botnets and the terrorist use of the internet and we are trying to deploy differently as part of that focus. normally the bureau when it assigns work asked this question. where did it happen and that makes sense to ask when you talk about a bank robbery or an explosion of a bomb but it's a question that actually starts to lose meaning when you talk about a threat that's moving at the speed of light where the particular location or manifestation of the theft or intrusion may not be all that meaningful, so what we are trying to do is instead of trying to assign the work on based on some notion that it happened in ohio or it happened in florida is figure out where is the talent of the organization? we have divided up the nation-state threat the terrorist threat through the internet and the major criminal threat into various slices and we are signing up or rethink the chops are in the bureau. the best analytical and operational talent is so little rock may be assigned a threat that is manifesting someplace else in the country through the intrusion and so what we are doing is assigning the thread where the talent is and we allow up to or their offices to help to assistant and reduce air traffic control from headquarters. that is a big change for us. we are trying to approach all of cyber with a attitude of humility as we stand in the biggest change in human relations ever so we are trying to understand we may not have it right. let's try this and get feedback and then iterate. the second key part of first raduege has returned. we all share a sense and all but the people in this auditorium do as well the criminals and spies and anybody coming at us through the internet thinks of it as a freebie. when in our minds it's the equivalent of kicking in your front door walking out with your tv set or your very identity so we have to try to impose costs on those at the keyboards. so we are working very hard to deploy resources around the world so we can lock these people up and send a message, this is not a freebie. where we can't lock people up here trying to name and shame. you have seen us go on the whole of government approach and impose economic sanctions to make clear to nationstates and criminal actors that there are costs associated with this behavior. there are a bunch of other elements to our strategy. we have to get better with the private sector which i'm sure we can talk about we have to help state and local law enforcement. they are trying crying out for systems and raising their digital literacy. in the good old days you could work a crime scene do a search warrant and fine paper. the idiots would have written in a composition notebook joe gets this much and he had to take it and photocopy it and you are good to go. now any detective finds pdas, thumb drives laptops digital literacy is required to do all of the work that criminal bus to gators do and we don't have time to get to a whole lot of this so we have got to help our brothers and sisters in state and local law enforcement get the training they need to be digitally literate to be able to respond and investigate. all of our lives are on lines all the threats to our lives whether a children or to our money or infrastructure is now on line so all of us have to work together to raise the digital literacy of investigations. >> you mention the private sector. let's turn to the private sector for a minute. some of the questions you hear in discussions on panels like the georgetown law institute are concerns from the private sector that off i reported the incident to the fbi we will lose control of this incident and what i need to do to protect my company. i'm going to face some type of regulatory action if i report this to the fbi. i don't know what's going to happen if i report this to law enforcement agencies. can you talk about how the fbi approaches the private sector when they report incidents incidents of cybersecurity compromise? >> those are questions i ask myself and the general counsel. what will happen if we get this stuff to to the government? the answer is there is no doubt it's the truth you he will to certain extents lose control of information but we treated as what it is which is evidence gathered in the course of a criminal investigation so subject to all manner of control is part of our investigation. there's no doubt there's an incremental risk and sharing information with the government if you have been a victim. i happen to think the benefits dramatically outweigh the risks and i think we have proven time and again most recently in sony that cooperating with us early is in the company's interest and that we treat the information very carefully and protect it. obviously we have statutory applications to protect information. we are frequently using a grand jury subpoena so we protected under rule six e. e. we also understand we don't ever want to create disincentives for people to share information with us. but that said if that turns out that something awful were rebuilt and information somebody gives us they will lose control of that but that strikes me as a quarter case. if someone invades your home and harms your children you are going to call the police and investigate. there may be circumstances where people worry about calling the police because they have a meth lab in their house. those are kind of corner cases but most enterprises in this country are not running meth labs in their houses so it goes very smoothly. the other thing people need to realize is we very rarely need content of communication. we almost never need memos of the contents of e-mails e-mails. what we need is the digital dust and fingerprints. we need the indicators. we need the ones and zeros that show us who was this and how did they come then, what was there better and what can we learn from it and what can we attribute it which is all stuffed it is frankly removed from content that people worry about. >> we talk a lot about the private sector and their concerns about sharing with law enforcement but in fact many thousands of notifications are done by the fbi every year by the private sector. any thoughts on how the private sector can better prepare itself to detect incidents and what it can do to prepare so that the fbi does not come the door and say they have an incident intimate that they can be prepared to respond in court nation with law enforcement protect their company? >> the predicate for your question is right. we have gotten a whole lot better in the last three years. i would point to an inflection point which is 2012 with so many unanswered institutions in the united states getting hit by denial-of-service attacks. at that moment we started getting material better -- materially better at pushing out information to the private sector. in my view we are still not good enough but we have gotten a lot better pushing out what we call/reports which our share indicators and there's a great movement inside the bureau and the government as a whole that knockdown classifications. those of you who know our business to get things in that line in a place where we can share quickly because again the companies don't need to know the sources and methods that led to his figuring out these indicators. they just need indicators. it's the flip side of what we talked about earlier. we are getting much better at that. the challenge for us as we have to figure out a way to move it cap machine speed and that's a challenge for a bunch of different reasons we can talk about. my advice to companies is which i think companies get now because you have to invest in it you've got to have a world-class security information officer and you have to equip him or her to buy the right stuff whether that's consultants whether that software, whether that's hardware you have to invest preview invested for years in badges and gates and guards to protect your parking lot and protect your building and neglected it the basic hygiene of information security. it's shocking sometimes and i'm not talking about particular companies that we discovered the people of a network that's utterly on segmented. if someone comes in one corner they go through the entire place. people don't have good logs so we can't help them figure out what was exiled from their system. the basic hygiene is wellman -- well-known. it's easy to find people. those people are making tons of dough now who can explain to you here is how you protect your house. my advice to them is that and once we knock on the door and tell people we have seen this thing, we think there's an intrusion going on i don't have any constructive suggestions for cooperation. the cooperation we get is outstanding because people are grateful and they also want to find what's going on inside their enterprise. >> do you have any perspective having been general counsel to prominent companies lock even rich water associates now is the director of the fbi and a former u.s. attorney in the southern district of new york and a lot of general counsel xing different companies. given that perspective having been in general counsel and occupying high-level positions in the government about what you see the role of the general counsel inside the company is in relation to cybersecurity in relation to the chieftains -- information security of the company the cio and the board and the ceo? >> they are mostly obstructionist. [laughter] it's one of the reasons why we as a country and congress is making good progress on this have to offer clarity to those gc's. the