tv Key Capitol Hill Hearings CSPAN May 23, 2015 5:00am-7:01am EDT
areas that we can be responsive or wait until the calendar says fire season begins in alaska? >> we do not wait. >> okay. that's what i need to know. >> reposition resources where nay are needed. >> okay. >> senator cantwell. >> thank you. i wanted to go back to the question i asked before. we did not get a chance to get to that and that is the amount of funding available versus, you know, the amount of need that we have on the -- in the urban -- inter -- urban interface. sorry. so what -- where do you think we need to go in getting resources and what do you think the add vent of a biomass program might be able to do to help? >> first, with the increase in funding we received this year for hazardous fuels and where the majority of our work is in
the wild land urban interface, that is going to allow us to expand that and have more acres. for instance, there's 2.5 million acres as the target for this year, and out of that, 2.1 of that occurs in the highest priority areas. the second part of it is with finding more use for the biomass and whether it's through an integrated wood product that can expand markets or to be able to use it for energy conversion and institute that for other energy sources, i think those are the things we have to continue to work on. i think where we've been able to use the authorities that subsidize the transportation of biomass, it's allowed for new facilities to be -- to come online and be able to provide additional support for those new businesses, you know and so those are the things we just need to, you know, continue to
be able to work on and then the program that we have to help folks be able to receive grants to do the economic analysis to put a business case together, so that they are in a much better place before they make the decision to make that investment, and then the last point has been brought up a couple times is the certainty. it's essential that we provide some level of certainty for the new operations so that that's the one thing they don't have to worry about. there is going to be x amount of biomass that's guaranteed to be available, you know for at least a ten-year period. >> why do i think of the set aside issue when you say that? the notion that, you know, the forest service needs to adhere to the set aside for small businesses? >> well, it's one of the things we're -- with our student contracting, it's an issue that -- thank you, again, for
making that permanent for us but we're working with the small business administration to be able to go through rule making to address the issue. >> okay. >> well, definitely i want to see us make progress and if you say part of this is getting, you know, a flow of the biomass to create these businesses but how much -- so of the -- you said 300 million, what do you think that represents as far as addressing need? is there a number double that, triple that you could do having the resources? >> well, i respond with what we requested if the budget for fy 16, to maintain increase in hazardous fuels we received last year to be able to expand the collaborative forest land scape collaboration work, to get more funding for our basic forest restoration work, and then also some additional funding to work with the states to be able to expand the work that they are
doing. those are things we asked for in the budget along with recognizing that our ten-year average for fire suppression went up 115 million dollars again just this last year. total the numbers together budget request plus what we need in fire sus presentation in the ten-year average, that comes up a little over $300 million. >> so when you say what you said today in the culmination of the testimony and questions, it sounds to me more -- not status quo, but sounding more we're on the right trajectory, and when i see the research report from your organization, it says something different. where are you on that research report? it is within the forest service. >> yeah, just was reading that, started a hearing. you know, the research you know they are just identifying what we are focused on.
the shifts we've made over the last few years to recognize the need to manage fire, not only the natural fire in the back country, but we'll have our fires where we are taking very active sus presentation on part of the fire and at the same time allowing another portion of the fire to be able to burn, to be able to reduce fuels good example of this was the rim fire years ago in california. suppression to keep the fire out of the communities, but allowed to burn up to the yosemite national park where they had done prescribed burning. we have to continue to do that. when i look at the research paper, to me it describes really where we are at, but we do need to expand. we're going to need to be able to use more natural fire to manage more natural fire. we have to increase our
prescribed fire and increase chemical treatments especially in the places that we need to do the work before we can you know, put fire into the landscape. the other opportunity -- challenge we have, and it's pointed out in the paper for our communities to really understand what needs to occur. when we're managing fire in the back country, there's a lot of concern, and at times i think some of our communities, they are scared. they are worried about where that fire's going to go versus if they know that they see the planes flying and resources and stuff, so we need to do a better job to work with our communities so that they understand the actions we're going to take and that they recognize the work that we've done to reduce the threat to their communities but to build more support for it. the other thing that's not been mentioned yet at the hearing, we're going to have to work together with the states to be able to address smoke management. there are times when we're going
to have to i think put up with a little more smoke, you know, from a managed fire low severity fire, to reduce the catastrophic situations. it's something that i think we have to work together to be able to provide that flexibility so that there is less impact not only to the communities but i think about the loss of tourism, the loss of economic activity when we have these large fires and you saw it in your own state with the carlton that those communities, there was nobody going up there to go fishing or float the rivers. so that's another reason why we need to, you know, increase our pace and scale with this work, and i think an incremental approach like what we're taking with our fy 16 budget is the right way so we continue to ramp this up, and then i know i'm over time, but i have to mention
the salt river, the partnerships that are coming together from, you know, communities, water companies that recognize that it's a good investment to be able to change the conditions so that they don't have to deal with the aftermath of a catastrophic fire. we're seeing that spring up across the country where people are willing communities, water companies, water boards willing to make that investment to be able to change the conditions on the land scape. >> thank you. >> you are listening intently. do you have comments about that? >> no. i'm admiring his knowledge of the material and the only comment i would add to some of the observations you made is on the wild urban interface issue, we've tended to define that has a wild land problem that affects
communities, but you can pick up the other end of the stick. isn't this an urban fire problem with funny landscaping? if you think of it that way, we know how to keep houses from burning. we've solved that problem before. in some ways it's a definition issue. if we start thinking about these as little fragments of cities, then we start applying the same solutions we've had, and we can solve it technically. >> even in the extreme situations like carlton? because it was such a blow up you know because of weather, wind and everything. >> yeah. i think you can. we know how to harden the communities. we know how to solve some of that. through the truly extreme conditions, there's damage not going to stop everything, but think of it as a hurricane of that. we know how to prepare and take action. in some ways i think we're misdefining it, and struck how often with photos of the
communities burned, the houses are reduced to the concrete slab but you still see so many trees around it surviving. you're struck by this is a house, an urban fire problem with funny landscaping, not just a wild land fire problem. we need to do both but i would put more resources thinking about the other half of that equation. >> so you're describing the teros because the houses, in a malter of minutes, burned down to the foundation, but why saying there were trees because -- >> well, i'm not familiar enough with the carlton complex. there was a lot of dispersed stuff, but thinking of comments from colorado like black forest fire, waldo canyon, others, looking at the overviews of these repeatly that's what you see in forest situations, communities. the fire is going house-to-house. it's going along the ground of the house, and you wonder why
are the communities burning? there's a a house problem. that's an urban fire problem or ex-urban fire problem, not just a wild land fire problem. >> thank you. thank you, madam chair. >> thank you. you know, chief i'm not going to go back to fairbanks and tell them they have to suffer through more smoke. as you know, we have just some extraordinary summers where there's no soccer that's being played. you -- there's a health alert every morning and some mornings it's so dense you literally need to have your headlights on during the summer time and it is an issue that we deal with. fairbanks has some of the poorest air quality during the winter because of inversion issues, but in the summer it's because of the wild land fires all around and so it is -- it's something that we struggle with
most certainly. i listened to some of what you said in terms of the average that we spent last year. i think you said about 150 million more than it spent on average over the last ten years. i've seen something that says almost 200 million more than spent on average, but what we've seen is that there have been less than half the number of fires, less than half the number of acres burned, and less the number of houses burned, so again, it just -- it speaks to the issue that we have here where we are experiencing skyrocketing suppression costs, and i think we get to a point where we can't continue to throw everything that we have at every fire whether it's effective or not. you just can't be kind of a blank check approach to fighting
the fires. it's not staepble. economically or perhaps ecologically. that's something we have to look at. we have to address the fuel accumulation problem in our forests, integrate fuels, management objectives into the wildfire management operations. i don't think we can have fire management divorced from land management. i think we heard that from several of our witnesses here today. clear, we have -- we got a great deal we have to do. it sounds weak to say it, but i hope for our sake from a budget perspective, that it is -- it's not going to be a bad fire season. i hope that for the sake of those who have properties or perhaps concerns about their own
safety that it is not a bad fire season. i certainly hope for the men and women who in the face of pretty serious danger are willing to go out there and battle forest fires. for them, i hope it's not a bad fire season, but that's not -- that's not a good policy to hope that we get lucky, that we don't have a bad fire season. i think we're seeing things set up for a tough year, this year, with the drought in the west, low snow pack, everywhere, it seems, except here in the east, so we have some real issues to deal with. i think, again you've got a real commitment to figure out how we can deal with this fire borrowing, because we can't get to the fuel treatments. we can't get to the important aspects of what we can do on the
preventative side if we don't have dollars in the budget, if they have been spent on these sky high suppression costs, and so we've got some work to do and i think you've got the commitment from many around thehere to work with you and those who traveled to be here this morning, you may not have gotten the bulk of the questions know your testimony and your input is greatly appreciated as we look to resolve issues that have considerable impact, particularly to those of us in the west. with that, we stand adjourned. thank you.
this week, the chair of the vest rans affairs committee discusses issues affecting american's veterans, sunday at 10:00 p.m. and 6:00 p.m. eastern on c-span. this is a handy guide to the 114 congress with color photos of every senator and house member plus buyio and information and a pull out map capitol hill and look at congressional committees, cabinet, federal agencies and state governors. order your copy today. it's $13.95 plus shipping and handling at c-span.org. this sunday night at 8:00 eastern, on "first ladies:
influence and image," we look at the lives of anna harrison julia tyler. anna never step foot in the white house because her husband dies after a month in officer. latis is ha becomes first lady when her husband assumes the presidency, but she passes away a year and a half later. the president remarries julia tyler, the first photographed first lady. anna harrison latisha tyler, and julia tyler on "first ladies: influence and image" examining the public and private lives of women who filled the position of first lady and influence on the presidency from martha washington to michelle obama sunday at 8:00 p.m. eastern on c-span3. as a compliment to the series, the new book "first ladies: presidential historians on the lives of 45women." available as hard cover or e
book through your favorite bookstore or online book seller. fbi director addresses the cybersecurity law institute at georgetown university this week saying the fbi faces increasing difficulty in unlocking encriminated phones, computer, and other devices. his remarks were 50 minutes. >> you are now coming up on two years as director of the fbi. i wanted to start with you, talk about the biggest threats facing the fbi today. the most urgent threat that takes my time every day is the one that isil presents, especially coming at us through social media, trying to motivate troubled people in the united states to engage in acts of violence.
travel to the so-called kill where they are. this is a place where cyber and counterterrorism merge because they preach this push poison through twitter and other vehicles trying to motivate people, and then moving them to encrypted platforms to communicate with them to give them instructions. the threat we face has morphed. it's a chaotic spider web, increasingly invisible to us because it's being -- the operational communications happen in an encrypted channel. that consumes most of the days trying to -- it's not an impossible task, but it's very, very hard so we spend a lot of time on it. >> so that's one threat of the cyber threat of course,(ç we got nation states and criminals and other actors that present very cyber threats to the country. talk about the fbi's strategy for addressing the various cyber threats that face the country. >> yeah. i think of it, and i've been mocked for this metaphor, but as an evil layer cake.
[ laughter ] yeah, it's right that i be mocked for that, but i'm staying with it. [ laughter ] at the top layer of the cake are nation state actors. the next layer down are criminal terrorist use of cyber as a vector and then organized criminal syndicates, the big online marketplaces for criminal cyber tools, and the rest of the case is creeps frauds, stalkers, and pedophiles. the bureau is trying to -- given how big the cake is, focus our resources where we think our footprint around the world and abilities make the biggest impact, and so we're trying to focus our resources on the nation state actors, the large criminal syndicates, the big bon nets and terrorists' use of the internet. we are trying to deploy differently as part of the focus. normally when the bureau
assigns work, they ask the question, where did it happen? that makes sense to ask that talking about a bank robbery or an explosion of a bomb but it's a question that starts to lose meaning talking about a threat that's moving at the speed of light where the particular location or manifestation of theft or intrusion is not meaningful. we are trying to, instead of assigning the work based on a notion that it happened no ohio or it happened in florida, figure out where is the talent in our organization? we have divided up the nation state threat, the terrorist threat through the interpret, and the major criminal threat into various slices signing it where the chops are in the bureau, where the best analytical talent and operational talent is so little rock may be assigned a threat that is manifesting someplace else in the country through an intrusion, and so what we do is assign the threat where the talent is, and then we allow up
to four other offices to help, to assist it, and we do air traffic criminal from headquarters. that is a big change for us. we're trying to approach all of cyber with attitude of humility. we stand in the middle of the greatest change in human relations every. we're trying to understand we may not have it right. try this. get feedback, and it rate, and the second key part of the strategy is try to impose costs.-ww we all share a sense -- i bet the people in the auditorium do as well, that criminals and spies and anybody coming at us through the internet thinks of it as a freebie. in our minds's ieeye, it's walking out with your identity. we have to impose costs on the other key boards so we are working very very hard to deploy resources around the world to lock people up. we have to send the message that this is not a freebie. we are trying to name and shame. you've seen us doing that as a
whole of government approach and then do things like impose economic sanctions to make clear to nation states and criminal actors there are costs associated. there's elements to the strategy. we have to be better with the private sector. we can talk about that. we have to help state and local law enforcement. they are crying out for assistance in raising their digital literacy, right? the good old days where you worked a crime scene, do a search warrant and find paper, you know the idiots would have written in a composition notebook that shorty gets this much, joe gets this much take it, copy it, and you were good to go. now any detective finds pdas, thumb drives laptops digital literacy is required to do all the work criminal invest itigateors do. we don't have time to get to this. we have to have our brothers and sisters in state and local law enforcement get the training they need to be literal and
respond and investigate. all our lives are online. all the threats to our lives children, money, or infrastructure is now online. all of us have to work together to raise the digital literacy of investigations. >> you mentioned the private sector. turn to the private sector for a minute. some of the questions that you hear when you are in discussions like panels like here at the law institute, you hear concerns from the private sector that if i report an incident to the fbi i'm going to lose control of this incident and what i need to do to protect my company. i'm going to face a regulatory action if i report this to the fbi. i don't know what's going to happen if i report this to the law enforcement agencies. talk about how the fbi approaches the private sector when they report incidents of cyber security compromises. >> yeah, good questions, questions i asked myself as a general council at two companies. what happens if we give the stuff to the government?
there is no doubt it's the truth. you will lose control of the information, but we treat it as what it is which is evidence gathered in the course of a criminal investigation, so it's subject to all manner of controls as part of the investigation. there's no doubt that there is app incremental risk in sharing information with the government if you've been a victim. i happen to think that the benefits dramatically outweigh the risks, and i think we've proven time and again, in sony, that cooperating with us early is in the company's interest and that we treat the information very, very carefully and protect it. we want to, obviously, we have statutory obligations to protect information. we're getting it using a grand jury subpoena so we protect it. we also understand that we don't ever want to create disincentives for people to share information with us. with that said, you know if it turns out, you know, there's
something awful revealed in information someone gives us they lose control of that but that strikes me as a corner case. if someone invades your home and harms your children, you call the police. they are going to investigate. there may be circumstances people worry about calling the police because they run a meth lab in their house okay, those are corner cases, but most enterprises in the country are not running meth labs in the companies or houses so it goes smoothly. the other thing people need to realize is we very very rarely need content of communications. we don't -- almost never need memo memos or e-mails. we need digital dust and fingerprints, the indicators, 1s and 0s showing us, who was this? how did they come in? how did they attack? what can relearn from it? how can reattribute if? that's content people worry about. >> we talk a lot about the private sector and their
concerns about sharing with law enforcement, but, in fact, i understand that many thousands of notifications are done by the fbi every year to the private sector where you knock at the door and they don't know they had an incident in your learn them to that. any thoughts on how the private sector can both better prepare itself to prevent incidents and what to do to praep sorp prepare to respond to the incident in coordination with law enforcement and protect their company? >> first predicate to the question is right. we have gotten a whole lot better in the last few years. i would point to 2012, so many financial institutions in the united states were hit by denial of service attacks. at that moment, we got better at pushing information out to the private sector. in my view we're not good enough, but we got better at pushing out flash reports, which
are share indicators with a great movement in the bureau and government as a whole to knock down classifications, those of you who know the business, to get things in a tear line to a place where we share it quickly. again, the companies do not need to know the sources and methods that led to us figuring out the indicators. they just need the indicators, right? it's the flip side what of what we talked about earlier. we are getting much better at that. the challenge for us is we have to figure out a way to move at machine speed, and that's a challenge for a bunch of different reasons we can talk about, but my advice to companies is which they get now, is you got to invest in it. you have to have a world class chief investment officer equip him or her to buy the right stuff, whether it's consultants, software, whether that's hardware, you have to invest in it. you invested for years in badges and gates and guards right to protect the parking lot and
protect the building and neglected, so many companies did, the basic hygiene of information security. it's shocking sometimes. we're not talking about particular companies, but discovers that people have a network that's utterly unsegmented. come in one corner, and, oh, wander through the entire place. there are not logs so people cannot figure out what was exfiled from the systems. the hygiene is well-known easy to find people, they are making a lot of money now, but it's easy to find people explaining to you here's how you protect the house. my advice to them is that. and we actually don't -- once we knock on a door and tell people we've seen this thick there's an intrugs going on i don't have any constructive suggestions cooperation. the cooperation we get is outstanding because people are grateful, and they also want to find what's going on inside their enterprise. yeah.
>> >> you have a unique perspective, now director of the fbi, and a former u.s. attorney in the southern district of new york. you worked with a lot of general councils, a lot of companies, talk a little bit given that perspective, having been a general council and occupying high level positions in the government about what you see the role of the general council inside a company is in relationship to the cyber security in relationship to the chief information security officer of a company, the cio, the board, and the ceo. >> they are mostly obstructionist weenies. [ laughter ] i was. [ laughter ] it's one of the reasons why we as a country and congress is making good progress on this have to offer clarity to the gcs, right? the chief information security officers think about the world the way we do right, security
professionals, and the general councils are rightly worrying about things like liability, and what happens again? if this leaks, what happens? is this used against us in a competition? right? if a government contractor supplies something, what happens to that? is there an incentive not to reveal things? antitrust questions people raise. those are the gc questions, which are -- i asked them myself, good questions, and i think congress has to give comfort to those general councils to remove those concerns from the information sharing pipeline, and they are well underway. that's fairly easy to fix. harder to fix will be -- not fix -- but develop will be machine speed sharing and hard education of all frankly, the cultural impediments i attribute to the post snowden wind. there's a lot of people who don't want to be seen with us. you know, i'll meet you out behind the 7-11 in the dark but i don't want to be seen as cooperating with the government.
that's, you know, that's hard to get back. that requires time and lots and lots of conversations to explain to people, well no here's what we do. here are our authorities. here's how they are overseen but there's a wind still blowing in the wake of that, that it's a cultural impediment to sharing. that's part of -- one of the impediments to affect cooperation. >> that raises the issue of what you spoke about in terms of the fbi going dark. explain what is is referred to talking about the fbi going dark and what's done to address the issue? >> yeah, what i mean by that is increasingly communications at rest, sitting on a device or in motion, are encrypted. the device is encrypted communication is encrypted, and, therefore, unavailable to us even with a court order.
so i make a showing of a probable cause in a criminal case, to the judge, that the content of a particular device or communications stream should be collected pursuant our statutory authority, the judge improves, and increasingly we find ourselves unable to read what we find or unable to open the device, and that is a serious concern. i'm actually -- encryption is a good thing. there's tremendous societal benefits and that's one of the reasons the fbi tells people, not just lock the cars but encrypt things important to you. but we have a collision that's going on in the country that's getting closer and closer to an actual head-on which is our important interest in privacy which i'm passionate about and important issue in safety. the logic of universal
encryption is inexble that our authority under the amendment, an amendment critical to ordered liberty with the right predication and oversight to obtain information is going to become increasingly relevant. as all our lives become digital logic of encryption is our lives are covered by encryption, and, therefore, all our lives, including the lives of criminals and terrorists and spies, will be in a place that is utterly unavailable to court ordered process. that, i think, to a democracy, should be very very concerning. i think we need to have a conversation about it. again, how do we strike the right balance? privacy matters tremendously. public safety matters tremendously to everybody. fair-minded people have to recognize there's tremendous
benefits to a society from encryption. there are tremendous costs to a society from universal strong encryption, and how do we think about that? a group of tech companies and some prominent folks wrote a letter to the president yesterday that was depressing because the letter contains no acknowledgeable that there's societal costs to encryption. i recognize the challenges facing the companies, competitive challenges regulatory challenges overseas all challenges. i recognize the benefits of encryption, but fair-minded people have to recognize the costs associated with that, and so i read the letter and think, oh, these people don't see what i see or they are not fair minded. either thing is depressing to me. i have to continue to have the conversation. i don't know the answer. i don't think a democracy should drift to the place where law enforcement people say, well, actually, the fourth amendment is an awesome thing, but we can't access any information. we have to have a conversation
long before the logic of strong encryption takes us to that place. smart people, reasonable people disagree mightily. other people say it's too hard. my reaction to that is, really? too hard? too hard for the people that we have in the country to figure it out? i'm not that pessimistic. we have to have a conversation. >> speaking of authorities, having a conversation, section 215 of the patriot act expires june 1st in about 10 days, and there's a legislative process going on right now. we don't know what the outcome of that is going to be. wonder if you can talk about the impact on the fbi, what the consequences, if any, would be if you were to lose section 15 authority, which is often talked about in the context of a meta data program, but use the by the fbi, broadly in a variety of ways. is there impact in losing 215
authorities if allowed to expire? >> yes. significant impact in ways we are not talking about much that i'm trying to make sure we do talk about. the focus is on the nsa's meta data data base, with the nsa, be held by individual providers accessed by the nsa. that's an important discussion a useful tool to the fbi. it's a conversation that i care about. there are critical tools to the fbi that are going to sunset on june 1 that people do not talk about. first is, section 215 is the vehicle through which the nsa data base was assembled, but we use section 215 in individual cases in very important circumstances, fewer than 200 times a year. we go to the court, in a particular case, and we get particular records that are important to a counter intelligence investigation or terrorism investigation. if we lose that authority which i don't think is controversial with folks, that is a big
problem. because we will find ourselves, the circumstances, where we can't use a grand jury subpoena or national security letter, unable to obtain information with the court's approval that i think everybody wants us to be able to obtain in individual cases, so that's a problem. the second one that's a big problem is the roving wiretap authority expires june 1. this is an authority we had in criminal cases since the early mid '80s, where if a criminal drops phones repeatedly, we have authority to intercept the individual's communications no matter what device they are on so we don't go back to start the process each time they dump a phone. in 2001, the patriot act extended authority for terrorism investigations. that is not a controversial thing. that's going to go away june 1 unless it's reauthorized. there's one other provision that matters, the so-called lone wolf, not a term i like, but
that's what it's called by most people. that is, if we -- we can establish probable cause that someone in the country is up to terrible no good there is probable cause to believe they are an international terrorist of some sort, but we can't prove what particular organization they are hooked up with. this provision allows us the judge, to authorize the interception, even if we can't say, oh they are al qaeda, isil, no aqap. that's important. uncontroversial authority, these go away june 1, and i don't want them to get lost in the conversation about meta data. >> returning to the evil layer cake where we started for a minute in terms of the threats facing the country in the cyber security area. at the top of the layer cake you talked about the sophisticated nation states. are you concerned about trends in i remembers of cyber security threats, proliferating down to the layer cake, people like isil
isil other people, had drugtive ive destructive attacks in saudi arabia, and now we've had the sony attack coming to the shores of the united states. are you concerned about sophisticated malware proliferating the cake, and are you seeing evidence of that? >> i'm definitely concerned about it. constructive malware is a bomb. terroristsment mentwant bombs. logic tells me that terrorists are -- would have said two years ago -- are going to wake up, but in two years, i have seen them wake up to the idea that as hard as it is to get in the country physically, they get in as a photon at the speed of light. yes, i'm concerned. i don't see it yet in the hands of these terrorists, but it just making too much sense that it is a tool that they will eventually turn to. i see them already starting to
explore the things that are concerning, critical infrastructure, things like that, but the logic of it tells me it's coming and so, of course, i'm worried about it. >> if they don't have it right now, do you see an interest among the groups in obtaining these types of tools? >> yes. >>e, we talked about -- you mentioned that the fbi is working to get flash messages out quicker. variety of information sharing programs across the government, what types of information sharing programs does the fbi have to offer, and what shauld they consider joining in private sharing information useful to them and for the government? >> our primary information sharing vehicles are through two programs, one called domestic security alliance council made up a security folks frts biggest private enterprises, and then we
are called -- physical security threats, large enterprises. this focuses primarily on the cyber threat. i encourage -- backing up from that -- we have fbi offices in every community in the country. we have 56 feel offices. we have 400 resident agencies. we are every place. if you run an enterprise make sure you know someone from the fbi in a cyber squad leadership, wherever you are. i told the field commanders, make sure you know folks. low tech as it seems, the best communication and notification is a phone call, we have a problem, send someone over. wholly apart from the organizations i talk about, you should know people in your local fbi office and we can be intimidating, right?
we are behind locked doors, work, and they know mandate is to get to know you, and that knocks on the door that will open. dsac and this guard are very important. what we do is part of the guard with thousands of members pilot something -- i talked about the importance of getting to machine speed sharing. we are piloting something called the malware investigator which is this. inside the fbi we've long had a data base of all the malware ever seen. the investigators in a case query in to see the piece they encounter in a particular place was seen someplace else, what is known about it and connect the dots similar to a fingerprint data base. we are trying to make that resource available to the private sector starting with the trusted partners allowing them to connect directly to the data base and input their own samples and get a result within seconds
or minutes that says this was seen in los angeles, connects to the thing, and this helps them to start to connect the dots. we think that's smart in their interest. we think it's in our interest too because more people enter more samples of malware, there's more dots to connect. we have started that. see if your company participates in that. there are a lot of crazies -- could be crazies -- but we want trustworthy crazyiescrazies, hooking up to the data base, to give than them an online password and they have an online portal connect to it and query the data base. my vision of that should continue to grow, continue to
scale, and without limit frankly. the limit is we have to make sure we know who the people are, who are connecting to it. >> given, as you discussed the fact that our digital lives are central across everything that we do, of course, you have lots of departments of the government covering dirvet areas in different missions critical infrastructure programs that you run, the national cyber centers that run secret service and there's data breeches, concerned about the defense industrial race talk about how you and fbi coordinate with the agencies in dealing with the private sector and a variety of programs out there.
>> it's got better, the coordination. when i left government in 2005, i visualized it as 4-year-old soccer dr i have five children. this is everybody knows the ball is the cool thing and so they follow the ball in a big clump. you know, ten years ago, cyber was the cool thing, everybody was following it in a clump. we're to a place where we're probably college level soccer, understanding positioning, lanes, passing, defense, and offense. it's not good enough, frankly. the adversary plays at world cup speed. we have got better. among things that helped us get there, the most important vehicles is something that is a task force outside washington, d.c. a joint task force, where 20 agencies sit together and
among other things, deconflict. talk about the intrusions, visual visualize, share information, see it in a room there, and figure out, okay who does what about this. here's what i conceive of the responsibilities, which is probably a met fore, but holding that in my head, if i imagine the country as a neighborhood my job is to deal with people breaking into your homes. stealing your stuff, looking to harm your family, and so i patrol that neighborhood, respond to 911 calls to catch the bad guys, patrol the neighborhoods to see who they break into to make the neighborhoods safer. dhs's responsibility thinks in a
sis systematic way. is there better lighting? better signs? safer parks? better patrolling? we have to be in the same space, patrolling that neighborhood, with different focuses. secret service with dhs. they respond to burglarlies, worried about who stakes out the banks. we have got a lot better at it. we have made great progress of working together in the last couple years, so much work to be done that it makes sense to work together. dhs, as a whole, and fbi, i think, we have a better understand of of each other in our roles, and so we are patrolling the neighborhood in a way of what we see, although it relates to different objectives in a much better way.
nsa has a responsibility for the neighborhood. if you imagine the neighborhood as an island, nsa figures out who comes on and off the islands, on the island neighborhood we inhabit, and we need their visibility because a critical part of the neighborhoodsystematically, is who lands on the island? what criminals come to the island? those are the three players touching the neighborhood. one of the ways we have accomplished effective patrolling is sitting together. sitting -- it's hard to hate up close. fbi, what a bunch of jerks they are. except for the guys or gals in the next cubicle from you, they are okay. the others are jerks. if you get enough of that you
start to blend people together. there's missions they understand and appreciate each other. we spent a decade blending in that way. still got a ways to go, i think sometime, we have a little bit to understand the mission but ten years ago, it was 4-year-old soccer. that's how i think of it. >> so back to the -- and of course, many talk about it, and require cooperation from a variety of other nations, for the fbi to be able to encriminateencrypt or take other actions particularly where gangs and other threats are emanating from. >> they -- other nations understand that cyber threat is
the factor that is cyber blows away away, that we are neighbors on the interpret. what i find when i travel many foreign partners many, many visitors come to see, all of those conversations are people saying, we have to figure this out because the keyboard may be in my company that's not good for any of us. figure it out. what they are hungry for is training, equipment, and information. what we do as a country, fbi in particular, is forward deploy more analysts and more cyber special agents. put them in those countries where the police and the domestic national security apparatuses are hungry to try to stop the threat, visited romania recently where one of the things invested in was technical education. he had a huge number of people with great technical jobs and then you had a lot of
unemployment people susceptible to criminal groupings. they are hungry to step it out. they don't want romania known as a place a source of criminal activity. we equip them with information and training to help us respond to that. all part of the imposing costs. there are nations around the world who remain nameless who are not enthusiastic of working with us to try to stop cyber criminals and thieves living in the borders but nay are the exception. that's one of the good news stories, i think of the last decade or two. the internal cooperation and that international cooperation. this is a feature of every conversation i have with a foreign counterpart. >> any overhang from the post snowden world on international cooperation? >> it's continued. when i travel i wear a sign that says not the nsa. [ laughter ] that goes over well.
no, because they see it as they should see it as a huge part of it it. it's stealing information identity money, increasely threats to children because our children play online. that's where people who want to hurt our children go. it's about pedophiles, frauds thieves, stalkers and, you know money launders all in the space. there's common cause, whatever frictions might be in the other areas, there's common cause in that kind of thing. like i said, we have productive conversations with the chinese about criminals trying to stop criminals who are using the connections between our countries. everyone can agree no one wants children harmed, nobody wants money stolen. >> talking about misperceptions, what do you hear from the
private sector that frustrate you or you want to correct in terms of what you hear from the fbi role in cyber security and responding to incidents? what are the big misunderstanding you hear from time to time? >> u don't with respect to the bureau, but i hear frustration addressed our country's not doing enough to stop, especially nation state theft wholesale theft of intellectual property. i hear that frustration a lot. we've been coved in conversations, and as i said earlier, trying to move us to a place where the norms and behavior would not encompass that thing. some of the imposing costs of sanctions, shaming and criminal charges is part of the effort to detour behavior. a lot of diplomacy is focusen odds that. the frustration i hear is real.
there is not an easy answer to that. >> the administration has taken steps in terms of trade sanctions, februarybi involved in criminal indictments of those participating in actions. is there actions to stem the theft of the property? >> well there's a variety that private folks often raise that thank goodness, i can avoid the conversation. it's not the fbi's thing but people ask why don't we do more offensively? go back up the pipe, smack people. oftentimes i have private companies say, why -- maybe we should go back up the pipe and smack people. i say that would be a crime. don't do that. but there's a frustration out there. that's palpable. there's not an easy answer to that. >> back up the pipe, talking about the private sector taking action against those stealing your data?
that's not something you're going to recommend? >> no. for a variety of reasons. first, i was not being facetious. your access to someone else's system without authorization would violate our laws, and it also would have all kinds of unforeseen consequences. it's hard enough for government actors to act in cyberspace in a way where you predict effects. if we had self-help going on all over the place, that's a recipe for disaster. >> let's return to the legislation for a minute. we talked about some of the things in the news, the section 215 of the patriot act issues issues of encryption. what has not got attention of course, there's legislation passed by the house of representatives, has been passed out of the senate intelligence committee, seems to have strong support in favor of congress coming together and passing this information sharing legislation to encourage the sharing of information both with the government and from the
government to the private sector sector. any thoughts about whether we're going to see a build there? >> yeah i don't know. i don't know the prospects for legislation. it makes good sense to me as i said, to offer particularly the general counsels, that level of comfort. although, frankly i see events running over the general councils anyway, in a sense. people understand the imperative for sharing information. i almost wonder -- i think the legislation is important and necessary, but it's actually less necessary than it was two years ago. because people get it now. anyone who did not get it gets it after sony. that whatever my concerns are, frankly, never got the antitrust concern with information sharing, but whatever concern i might have about how the government's going to use this, given that i'll be sharing it with the fbi in a criminal investigation, and begin what's in it for me to get the help the fbi offers, the general counsel's concerns are noted
but that being said, the legislation will give sort of a belt to those suspenders, i suppose. >> more of a cultural impact than a perhaps, addressing things like antitrust concerns and other things that you see as valid concerns in the past? >> well, look i don't mean to belittle it. there are general -- i used to ask, general counsels have legitimate questions about what's the exposure, what happens if we give the information. i'm just saying that people's sense of the threat has changed so much just in the last two years, that those concerns don't dominate in the way they might have two years ago. that's what i mean by the legislation in a way is going to fix the problem, but not as -- not in as an important way as it would have 24 months ago. there's risk associated with sharing with the government. this could blow up the company. share it with the government. get the help we need. >> how is the fbi in terms of cyber resources? there's such a demand out there
in the private sector for qualified cyber professionals, an you're competing with the private sector in that who offers things that the fbi can't in terms of salary and other things. how are they doing on resources? >> we're doing okay. it's a continual challenge. right? the advantage i have in a way is the value proposition is so different as against the private sector that there almost really isn't a competition. that is if people are interested in money, okay. i can't help you. at all. if you are interested in the life of meaning, i can help you with that. so the people that we are attracting are the people who do not care about the money, and so in a very real sense, my competitors are less people throwing buckets of money and more the rest of the government and so i need to beat nsa dhs and cia. and so i don't want to talk
IN COLLECTIONSCSPAN3 Television Archive Television Archive News Search Service
Uploaded by TV Archive on