To train government and private sector cybersecurity experts at control technologies at Idaho National lab and help them to develop an understanding of what they can do to minimize and mitigate vulnerabilities. So we all know that cybersecurity is going to remain a challenge as far out into the future as we can see. Secretary moniz and i have made this a high priority. Indeed, were going to put over 100 million this year and next year towards cybersecurity of the nations electric grid. In closing, i want to speak directly to the students here today. Can you raise your hands . I understand there are a lot of you. When the president of the United States and many cabinet members and ceos of Important Companies come to your campus, we hope were going to inspire you to pursue careers that give you a chance to find a way to do public service. That can take many forms, and you will blaze your own trails. Indeed, my 17yearold son richard will join you here on campus as a member of the class of 2019 this fall. [ cheers and applause ] its my hope that he will take up this call to action alongside you because we need your minds your talent, your innovation and your energy. The problems were discussing today are some of the toughest that we face as a nation and that makes them the most worth working on. So i encourage all of you to use the privilege of being at this Extraordinary University to find ways that you can play a part in inventing solutions that will help us keep our great country strong and safe. Thank you. [ applause ] thank you liz. That was great. I didnt even know her son was coming here next fall. Thats terrific. In the few minutes we have remaining, i wanted to ask one or two questions. Mark, let me put the first one to you. Youre our cybersecurity expert in the private sector as part of your firm, which is a rapidly growing firm in this area. The Companies Represented up here kaiser permanente, pacific gas electric, American Express are probably pretty sophisticated themselves, Large Public Companies in terms of cybersecurity. What is your assessment of how Smaller Companies, smaller firms are doing in cybersecurity these days . I think its a challenge for everybody no matter how big you are. Its a challenge that you may need more resources, but its the same threats that are hitting Large Companies and Small Companies. Bigger companies, like tony for example, has definitely designated Critical Infrastructure by your organization, but if you go ask a ceo or an owner of a Small Company, they definitely consider themselves critical. So theyre just as worried and concerned about this and rightfully so because they are the subject of attacks. When a Small Company believes theyre not under attack just because theyre not a large company, thats a mistake in assumption, and they need to protect themselves in the process and its becoming evident. This is where Something Like information sharing is very very powerful for Smaller Companies because theyll never be able to bring to bear the resources that some of the Larger Companies can. We all work together, Large Companies, Small CompaniesPublic Private. A lot of information were talking about, that benefit will get to the Small Companies which employ more people across the United States than the Big Companies do so its important for all. Thank you very much. In the 32 31 30 seconds we have left let me take the moderators prerogative to close it out. I want to comment on something my Fraternity Brother said. We talked about constancy of values. Let me say to the audience, particularly the students here, we in Homeland Security recognize and believe and this is certainly true of myself, that Homeland Security, whether its border security, cybersecurity, counterterrorism, means striking a balance between basic physical security and the things we cherish as americans. Our values our values in terms of freedom to associate privacy, Civil Liberties. We cherish diversity in this country. We cherish our heritage and so part of Homeland Security is preserving the things that really make this country strong and great. Id like to tell public audiences we can build higher walls, we can interrogate more people, we can screen more people, we can erect more cybersecurity, but we should not do so at the cost of who we are as a nation. Thank you very much for listening, and thank you panelists, for the terrific discussion. [ applause ] ladies and gentlemen, please welcome the panel on improving cybersecurity practices. Well thank you for having us here today. First of all, i am thrilled to be back on campus. Im a graduate of the law school and the business school, so this weather is not a surprise to me nor a shock. And its lots of fun to be back home. And my other comment about the Previous Panel is i really had no idea that secretary johnson was such a comedian. And im looking forward to asking his Fraternity Brother a lot about his room when they were in the fraternity. Secretaries go back and forth with one another. But, any way, we are thrilled to be here today to talk about cybersecurity and how it affects the private sector. A year ago and a day, our administration released something thats been referred to earlier today called the nist Cybersecurity Framework. Nist is the National Institute of standard technology, which is part of the department of commerce. We knew then when we released the framework as we know now, that cybersecurity remtspresents a challenge not just for Critical Infrastructure which is how the framework was originally created, but also for economic security, and as weve heard for our National Security. We recognized then, as we still do today that the most effective way to combat the growing threats on our cybersecurity space is through a Strong Partnership between industry and government and the civil society. And thats who we have here today. I represent the government, some of our panelists are from industry and some from civil society. So with the recent highprofile attacks that weve had from sony and anthem its clear that cyber risks continue to grow and that we as a nation need to do more to strengthen our cybersecurity. Thats why Congress Must pass information sharing and data breach legislation and update our criminal code without delay. Thats why the department of commerce is working with other federal agencies and with our educational institutions on something called the National Initiative for cybersecurity education, which is aimed at filling the 210,000 open cybersecurity jobs in the United States today. Thats why president obama made cybersecurity a priority in the state of the Union Address last month, and thats why our administration has convened this summit. So our panel today is focused on the perspectives of leading american businesses and their ideas on helping firms to align their policies, their technologies and their daytoday operations to better protect themselves and their customers from Cyber Threats. All of this room all of this is about the urgency of the problem that we know exists today, yet a recent Price Waterhouse cooper survey found that only about 35 of ceos are extremely concerned about cybersecurity threats. I have to confess, im amazed its not 100 . But our nist Cybersecurity Framework creates a common language to discuss Cyber Threats and a way to measure success for Senior Executives and their it professionals. The goal of the framework is to help companies organizesations institutions protect their it from security threats, ensure their confidentiality, safeguard their privacy and Civil Liberties and capitalize the cybersecurity marketplace in the process. At its core, the framework serves as a bridge between Business Leaders and Information Security professionals within their own organizations. It is through the framework that we designed, you know, with Critical Infrastructure in mind. Any business, though can use this framework to help manage your cybersecurity risks and many are already doing so and were going to hear from our panelists about that. Im someone who spent 27 years in the private sector so that i know, as all of you in this room know that good Risk Management is essential for a successful business. And thats why companies from a variety of sectors are using the framework to help manage their cybersecurity risks, including probable cause ter probable causecter gamble, walgreens, qvc, kaiser permanente, all of them are here with us today and its also why major auditing firms like deloitte and Price Waterhouse cooper are using our services today. The fact is its in our society, our businesses and our daily lives. As we know, there are 3 billion households worldwide and somewhere between 7. 5 and 10 billion items, from toasters to thermostats to phones, all on line. And the preliminaryimplications of the cybersecurity threat given those facts are vast. So our discussion today is going to explore how Business Leaders and their boards are moving cybersecurity concerns to the forefront. This is an opportunity to learn how this critical issue is part of Corporate Planning part of corporate communications, part of Corporate Governance part of corporate operations. So i am really thrilled today to be joined by a number of Business Leaders. Brian moynihan, who is the ceo of bank of america. Asha banga who is the ceo of mastercard, peter hancock, who is the ceo of aig renee james who is the president of intel. Leo connor who is the leader of technology. So lets jump into this. My first question renee, is for you. What is your vision for how technology can create a more secure environment and protect data . Thank you. We have been working on improving the baseline of security and computing for about the last decade. Billions of dollars of investment. So our vision is really wed like to get just get a baseline of security for everybody, and to that end weve made significant investments in the security industry, but more importantly, are moving forward with initiatives like giving away free mobile security, putting in multifactor authentication into all new computers, things that we really think will help consumers if its just there and its available for them instead of forcing them to have to go out and make decisions about what security what they should put in what are these crazy things. Just make it easier for them and just raise the baseline so we can get everyone. One of the statistics that was most concerning to me even just two years ago, more than half of the computers in the world that go out go out with the security turned off, basic firewall, basic virus scanning, so those are the kinds of things weve taken a lot of steps in our technology and in the industry as part of the security industry, as part of the computing industry to move that forward, to get a baseline. Does that mean then, that as im buying a new piece of equipment that im going to be able to have my security just know its there or does it mean we have a long way to go still with the technology being ubiquitous and protective environment for our information . I would say i would give us a half in intel speak which is to say in the next generation were lucky to have a lot of collaboration from the software industry, from Companies Like apple, like microsoft, others that are actually putting in security thats you know, you can opt out, of course, but its there. Like us putting in mechanisms in hardware so its a lot harder to break makes the transaction safer. Im sure the gentleman on the panel will talk about some of that as well. But we still have a long way to go. Its not complete. Its measurably better in this next generation. I think the Telecommunications Companies are doing a great thing in pushing security onto the devices because mobile devices have been a big target zone. But to say that we were there would be, you know, a mistake at this point. I think we have a lot of work to do. And i do think that, you know, the conversation on information sharing, the conversation on the Public Private partnership is a big piece of moving that forward. So ashe let me ask you a question. There are numerous high profile and damaging cybersecurity incidents in 2014 affecting a broad range of industries and companies. How have your customers expectations about cybersecurity evolved, and how are you promoting what youre doing . So a lot of customers are people like the bank, so brian is a customer. Brian the individual also carries a mastercard around. There is the consumer customer there is the Bank Customer there is the merchant, there are telecomm companies in all parts of the spectrum. The fact is whether you pay with cash for stuff or youre paying with a card or foreign or biometric print, you want safety and security in the transaction forum. You dont want to make sure something coming at you would steal stuff that is yours. We want to interact in the last three years which is completely different from the past. Technology is changing the way people do business and shop and buy and the way things are done and everything else. Along with all those changes, the thieves are changing too. Theyre figuring it out, how to break into these security. The first one is stop trying to make me remember things to prove i am who i am. Because [ applause ] too many things to remember and by the way, these darn passwords because of security change are on a different day of the week. If youre working in a company and youve got nine passwords to change on nine different days and you cant use the same password nine times which basically means you write it down on a stickie and stick it on the computer, which is the worst form of computer. The password is gone. Its gone. What they really want is to identify in other ways is going that direction. The ones look at the heartbeat of you which identify wearing a bracelet and you tap the computer and youre fully live and connected, or you open your car with it and it starts and sets your map to your office, and on the way to Dunkin Donuts to buy coffee and pay with your mastercard automatically thats where its going. That takes away the pain of remembering the password to converting to who you are. I think that will be where this will end up finally. There are challenges of privacy there are challenges of a lot of information about you which you may not want, and those are real topics to be discussed which we began talking outside with our presenter, but the fact is thats the first one. The second one is you can use data and analytics in a clever way and a smart way to create a safety net. Its one of the things theyre launching to be able to protect wrong transactions that come through by them being fraud because of what they are. If you have enough data and enough analytics, you can do a lot with that. Thats the second thing going on. The third part is something we launched with a credit union to a number of employees in the Silicon Valley firms where youll be able to use a combination of voice biometrics and scans to get telecommunication remotely. If you do those three things together going beyond Digital Payments which has already been announced. This is the next stage of stuff going on. Is there really data that is not something that can be discovered . So the measure of the data we get is i dont use your name when i get your card. I get a card number, a dollar value, the transaction and a merchant call. I dont know its you. But could i, through collaborating with brian or someone else, find a way to try to get back to you . Probably. But you chose to have a relationship with bank of america and you took the card. You didnt choose to have a relationship with me. Brian chose to use a mastercard. My perspective is play the role with the consumer the consumer chose to have with you. If you chose to have a relationship with the bank or the merchant you deserve to know its secure. I dont deserve to know that he does. Im very clever with where my role is and where his role is and together we can make a lot of stuff happen and the merchant community. So, brian, the multistake multistakeholder process was used to protect the nist framework, and i think its been a big success but i dont think we have multistakeholder engagement going on. Im concerned tha