Putin did this in georgia. He did it in moldova. That went for those who want to look west ward. I think for so long as you do not have offensive weapons along what is the Eastern Europe part assigned to europe, then russia is in a position, if you put offensive weapons, that changes the dynamics for russia. If all youre talking about is a defensive possibility, im not quite sure why that evokes, you know, putins actions. And well before any discussion of nato, the conversation was about ukraine looking towards European Union session more than nato. And i think for putin and his eurasia view, and new russia view. Ukraine is an essential element of that. It is not about defense or concerns. And without ukraine it is difficult to envision the type of new russia. So i dont think it was a mistake to enter into those negotiations. And i dont know which one of us is willing to suppress the aspirations for the same freedoms we enjoy in the United States. Senator menendez, im watching changing parties. Fascinating discussion. Thank you so much for joining us. Appreciate it. Thank you. Well, american Officials Say the the u. S. And cuba will start talks for full diplomatic relations. Theyre looking to open an embassy in savannah in the the coming months. Thats part of an agreement that includes the the releels and three cubans jailed in florida for spying. The the u. S. Says mr. Gross was not a spy. President obama will explain in the afternoon. Cspan will have live coverage of the president s statement at noon eastern. Hell open the phone lines to get your take on that situation. And there is reaction from capitol hill. Senator dick durbin tweets out today, expected announcement of opening the door with coup bar for trade, travel and the exchange of ideas will create a change for cuba. And Lindsey Graham says this is an incredibly bad idea. Well, coming up at 1 00 eastern, well bring you live coverage of a conference on coal as an energy strategy, including its economic competitive neness and viability as an energy source. And. And now coverage of the wall street journal ceo Council Annual meeting with Michael Daniel and the roles of the the government and private sector in preventing Cyber Attacks. This is about half an hour. Good afternoon. I hope youre ready because were going to ask for your participation in the session. Cyber attacks used to rarely be spoken about. But over the past year theyve dominated the headlines. We had major breeches starting with target, home depot and now most recently at sony, as the attacks have grown, confusion has also grown about the relationship between companies and the government and what that should be an how they should Work Together to prevent Cyber Attacks. And here to sort it out is Michael Daniel, special assistant to the president and Cyber Security coordinator for the white house. Michael, is it our imagination, or are the the attacks growing in both frequency and sophistication . Well, they are certainly growing in sophistication. You raise an interesting question about the frequency question. And its one that we debate quite a bit inside the government about whether were seeing an increase in frequency or our ability to detect them. I think its both. The rate of cyber intrusions is growing, but also our ability to detect them. And so thats why this sort of almost looks like exponential growth that were seeing. In terms of their sophistication i actually think its two factors happening. One is they are becoming more technically sophisticated. If you look at the kinds of m malware that we are seeing. They all show a greater degree of sophistication than ever before. But whats more interesting is the organizational sophistication that were seeing. If your image of the hacker that were worried about on the government side is the guy in his pajamas living in the grandmas basement, that could be annoying and a nuisance. But thats not what were worrieded about. Particularly in the criminal world, theyve taken a page out of the Business World and have applied Business Operations and Operational Research ideas to how they do their business. And so organizationally the hackers are much more sophisticated than they were several years ago. And that poses a significant challenge. What role did the state actors play in this . In 2013 they attacked the financial institutions. The russians, the chinese. You had several indictments of chinese firms earlier this year. How close is this link eed to t governments of the countries . Certainly when you look out across the array of Cyber Threats that were facing, you definitely see a significant chunk of them are state sponsored. The dni jim clapper said this in open testimony to congress about the threat that we face from china, from russia, from iran, from north korea, from other major cyber actors. And i would say in many cases the line is blurred between those individuals that are carrying out and operating for criminal organizations, those operating on behalf of governments, some that are operating with a wink and a nod from their government. And so its a very sort of, i would say rather than being discreet camps, what you have is a continue continuum of actors, like anonymous and things like that, all the way up through state level actors. And its not sharp divisions for any of them. Can we talk about china . You were at another conference happening today in washington. Joint clearance between microsoft and the chinese government. What was your message to the chi niz officials there . Sure. I mean, i think that the key core part of our message an our relationship with china is were at a very interesting point in our relationship with china. And im sure that we were listening to ambassador rices remarks backstage. And clearly thats an incredibly important relationship for the United States. But part of the message that we were talking about is the behaviors were seeing is putting us in a position where its raising friction in the bilateral relationship with them. And weve had really important recent successes. Including the Climate Change agreements, confidence Building Measures that have been put in place. Its clear we can operate and get things done with china. In the Cyber Security area, thats a great challenge right now. Are you convinceded the government itself is involved . Its clear were not getting the response we need to have and the conversation we need to have. Its not happening in the way we need for it to be as productive as it could be. We are continuing to search for ways to talk to the chinese government, and you know, weve seen promising openings recently, and i very much am sbregsed in following up on that. But this is a particularly challenging issue for us, and its one in which i expect there to be continued disagreements for some time and some friction, but i dont think that means that we shouldnt look for areas that we can make progress in. You know, for example, as china grows in its wealth and in its st stature in the world, it too will become a target of cyber crime and cyber theft. So they have a clear interest in addressing that. And i think thats an area that we can find some Common Ground to Work Together on. I want to move closer to home here. But before i do that, i would like to ask the ceos out there a question. Ment if we could get our first question up here. Has your company suffered a cyber attack over the past 12 months . A, yes. B, no, or c, i dont know. So where are we legislatively as we wait for them to answer . The president issueded an executive order on Cyber Security 2013. The house passed a measure twice. The senate has two weeks to go. Is there any hope of any kind of cyber legislation . Well, one of the things ive learned in 20 years in washington is i dont make prognostications about what congress will do or not do. But i do think we continue to work very hard to get legislation passed. I do think theres a possibility that congress could reach an agreement on less controversial pieces of legislation that theyve been working on. I do have to say that its hard for me to see exactly how they get to closure on several of the more controversial pieces. And we were working with them as closely as possible to make that happen. Okay, in terms of the percentages here, wow, 65 of the ceos say their company has suffered an attack in the past 2 months and 23 no. Talking to ceos over dinner last night, theres a sense they might get a call from the government if theyre being attacked. But pretty much theyre left on their own to defend themselves. Would you agree with that assessment . I dont think thats entirely right. I mean, i think one of the fundamental issues that we have to come to grips with when we talk about what were doing in Cyber Security, theres a fundamental nature of cyberspace. And one of the issues that i frequently face is a discussion about roles and responsibilities and who is responsible for wha. In Cyber Security. And one of the key things i think emerges, the argument you will often hear people make is that cyberspace has no borders. And that information just sort of freely swashs around the globe. And i would argue thats not entirely accurate. Cyberspace has a lot of borders. We have routers and firewalls and peering points and all sorts of edges and boundaries to networks. I would argue what cyberspace lacks is an interior. And the reason i go through this is it means our traditional model for security, where we assign the federal government the role of Border Security for example doesnt work when you try to map the physical world into cyberspace. Theres no iowa in cyberspace. Theres no interior to the country in cyberspace in that way. Its like it took everybody in the United States and made them live on the the rio grande so now Cyber Security is a mission inherently shared between the government so that means we have to work out some new partnerships between the the government and industry. And these relationships are not going to be the traditional regulatory relationships that weve had. Theyre not going to be the the traditional contractual relationships. So what is it . And that is one of the defining challenges we will face over the next three or four years. And actually working out what that relationship is going to be. And so we are trying on the government side to put in place the mechanisms to interface much better with the private sector. And build up our capability in the department of Homeland Security to interface with our critical infrastructure. Within the department of treasury to interface with the Financial Sector. With epa for the water sector, for example. And republican build the connections on the back end of the government to enable us to operate more effectively with the private sector, and i really think that Going Forward this is going to be something that were going to have to do in very deep partnership with our private sector. How can you address the liability issue . Home depot suffered a major breach. They are subject to 44 civil lawsuits. Dozens of f investigations. Theres an issue of trust that seems to need to be addressed here. Sure. Although i would like to distinguish between the investigations where we are trying to figure out what happened and how to do attribution of the intruders, which is still a difficult task. Versus investigations into wrongdoing itself. You know, i think the liability question is one that is, for me as a Public Policy geek, someone who spent a long time in the federal government. Its a thorny problem of how you get the right amount of Liability Protection to encourage companies to engage in the kind of behaviors that we want. Without actually having it be so broad that you incur a moral hazard in that space. Its proved challenging to its proved challenging to write in our discussions with the hill. I do think we are working on a couple of ore efforts. We are really trying to get the insurance mark market. We are working with treasury and the Insurance Companies to figure out how to get the Cyber Insurance market to really take off. Its there but some of the data has been lacking. The underwriting has been lacking. And were working on ways to try to improve that. So one of the ways we would like to deal with that is to have a much more robust market. Should government do more to protect companies from Cyber Attacks by sharing more information about threats . A, yes. B, no. One question as theyre voting. If the senate doesnt pass a cyber bill in the next two weeks, is there a fear that youre going to have to essentially start over . Well, in some ways give tennessee way the legislative cycle works, we wont be starting from scratch. And so we will certainly look to build on our previous work in this area. Okay. Well, this is a pretty resounding 97 would like the government to do more. One of the the elephants in the room here is Edward Snowden in the nsa. We were discussing backstage. The president s executive order in 2013 and snowdens disclosures in june of that year. How much more difficult has ma made it . In terms of which player should be the head agency in dealing with the private sector. So theres no question that the snowden disclosures made our lives more difficult in this space. The degree to which it on the level of the sheer bureaucratic level of the amount of time and effort it took senior levels of the government that meant they werent spending time on other issues. That alone is something that caused damage to us. So what was interesting to me is, for example, is that it did not derail if derailment of the Cyber Security framework best practices and standards. That in fact industry participation in that process, if anything, grew after that. And many more companies became involved in building that framework. As we really look at how the government is sfruktured one of the other lessons weve been taking away is trying to put one agency or element of the federal government in charge is not going to work either. How do you build organizations that are agile and processes agile enough to process that . Its the same in the Business World. Organizations that do more cross cutting teams and things like that. And you had to build into large corporations the ability to work across stove pipes. We have to do the same thing. Were just slower because were the government. But we have to catch up and do the same thing, and i think the same lessons are having needing to be applied in our area as well. So when i look at the teams that we have to deploy to deal with say a major cyber incident. Were going to pull from dhs. Were going to pull from fbi or secret service or law enforcement. Were going to pull from nsa and the Intelligence Community. You need all of those skill sets to really look at what are we doing in terms of network mitigation and Network Defense . Of the investigation . What do we know about the bad guys . We need all of that information to do a good job . Is the nsa playing a smaller role than it did heading into this . I would say no. The other agencies are playing a bigger role and have really increased their capability in many ways. The fbi is much has continued to grow in its capacity in this area. And dhs has really, with the National Cyber integration center, has really stepped up and has a much more robust platform to participate in things. And you have the other agencies. Many of whom didnt realize they were Cyber Security agencies, such as treasury, that have now sort of realizeded the deep importance, you know, i dont think you can get jack lew to give a speech where he doesnt talk about Cyber Security in the Financial Sector right now. So and i would say the same thing is true of the secretary at hhs. Those are two agencies that have become deeply involved in the Cyber Security issues. So youre one of the Many Companies that involved in a cyber attack. Do you cooperate with the government or do you not . What mistakes do you see Companies Make . Theres a bit of a sense that you wont be fined as much if you cooperate with the government. As bad as it is having fbi agents all over the country, its better than trying to hoond l it on their own. I think a couple of things that i can say on that score. We are very much in the government side, from the white house side, we are wanting the to build that partnership with industry. And companies to come and talk to us about whats going on. But even if you dont want to start an investigation having some sort of intersaction with dhs, or the big Cyber Security firm. Theres a plethora of them that are very good. Crowd strirk and others that can also help you think through and make sure that you have your plans in place and you can actually execute on a response and recovery plan. All of those are incredibly important aspects of this. And the most important thing is that Companies Respond proactively and aggressively to cyber intrusions. Do they have a choice whether or not to co