You. Thank you. Pedro joining us for the conversation, tim starks and john donnelly. To you gentlemen, thanks for joining us. Tim starks, you start the questioning. Tim as you know, the big story of the past week or so has been this global out of the wannacry ransomware. Im wondering, twopart question, is there anything that congress can do on that front to confronting ransom ware specifically . And because this was apparently caused in part by a leaked nsa hacking tool, is there Anything Congress can do to refine the process for when the government discloses vulnerabilities to companies . Rep. Langevin first, i dont think that theres Anything Congress can do right off the bat that i can think of that would prevent this type of situation from happening. Really, its up to individuals and companies to patch their systems, to make sure that their Software Updates are updated. That they download their security patches. And that they turn on their automatic updates. I would say to anyone listening or watching right now, you know, go away from your television for a minute turn on your computer , and update your computers and download your security patches. Also turn on your automatic updates. That is going to be the thing that keeps everyone the safest, i believe. Were never going to prevent 100 of the vulnerabilities or the attacks that we are facing. But there is a High Percentage of them that can perhaps be prevented by good cyber hygiene. Pack your systems and put on your good automatic updates. Tim anything on that vulnerabilities equities process where the government decides what to share with companies what it has discovered and whatnot . Rep. Langevin i was briefed on the vulnerabilities process and how that works with the government. Quite frankly, it works pretty well. Theres probably never a perfect way to handle these things. But theres an overwhelming majority of vulnerabilities that were discovered that were shared with industry and patches are developed. I have confidence in that system. Right now i cant think of a better one off the top of my head as to how we would handle that better. Tim understood. Another somewhat the story of of late has been the continuing russia probe and the role it had in hacking, in interfering in the election. Friday morning, there was a briefing with Rod Rosenstein with the house. What did you learn from that . Rep. Langevin unfortunately thats an hour of my life im never going to get back. I didnt get a lot out of it. I didnt think that it was particularly helpful in helping us to understand what was happening in terms of the memo than hewrote, other reaffirmed, basically, to have confidence in former fbi director mueller, which i do. A person of stellar integrity. Impressive background. Both a prosecutor and former director of the fbi. I believe he will conduct a very thorough probe. But questions we asked of the deputy general he wasnt , particularly helpful or forthcoming. Congressman, you are a Senior Member of the House Armed Services committee. Im wondering if you can talk about the role of the Defense Department, in particular, or any of the other federal agencies. You said they were the frontline in Cyber Security. But as you look at how the Defense Department is organized and how their people are trained and equipped are you thinking ,of any ways they might do things differently . There is talk of possibly even having a Cyber Service of some kind. Is there anything legislatively that congress can do . Rep. Langevin let me see if i can answer your question and if its not we want to go, we can revisit it. There are kind of three that we need to look at. How we protect our networks and how we protect the. Mil network, the. Gov network, and the. Com network. The nsa is charged with protecting the. Mil network and they do a very good job, they are well organized there. They have the training, the personnel, they are getting up to speed, its not were they want to be yet, but they are getting there and i have high confidence in their ability to defend the network. Personnel and training are always going to be the key to continue on the trajectory they having gauged in. The department of Homeland Security is responsible for protecting. Gov network, and it is a work in progress. We have to continue the work at Getting Better as well, but certainly they are trying to Work Together there. The other challenge is how they protect the. Com network. Its all in the hands of the private sector, including critical infrastructure. I would be curious to see what the most damages that can be done from a cyber attack. The most damage will be done in the. Com world, protecting the electrical grid, applications, whether it is treatments for those types of things that we have to continue to encourage the private sector to step up and do more. Comes down to we have the great processes in place and plans, but if you dont have the people to execute the plans, thats where we are going to because short. I know that depending on it, its always going to accrue to the pentagon is always looking to recruit new cyber talent. The pentagon has a program that they have been able to use greater tools with to track and give scholarships in that area. Also, breaking down barriers for the pentagon and the private sector for a time, for a year or two, so they dont this is fairly have to compete with Silicon Valley for the best in the brightest. They can bring those people into the pentagon for a time and also allow people in the military to go into the private sector and in thehe best practices private sector for a while. On the other side, we have the cyber corp. Program. A program for College Students who, who they can apply to cyber corps. It pays for the junior and senior year and gives them a stipend of about 22,500 per year. They agree for, for two years, to work at the local or federal level for Cyber Security purposes. We have to encourage more of our young people to think about Cyber Security as a career field. There are programs in place, but we need more people, we are woefully under resourced in the Cyber Security talent that we have across the country. We have to get better. We are under resourced there. There are 200,000 Cyber Security jobs unfilled. 0 unemployment, if people are thinking or they want to do for a job or study . Cyber security is a field where a fieldyou and it is full of job prospects. Tom those numbers are public and private, right, jobs . It sounded like you thought the government is on the right trajectory until the end there, when you said woefully under resourced. Do we need to step up the funding for this . Im thinking of the service in the Defense Department. Creating Cyber Services will certainly look at the pentagon, talking about like a reserve type entity, it has cyber talent. In rhode island we have the 102nd quadrant, which is basically a unit of Cyber Warriors who actually work with the regular military in performing Cyber Security functions. In some ways, we already have that, but im certainly open to new ideas as to how to create a broader pool of talent that the pentagon can use, with people going into government. Tim if we could move it from Something Like agency level to the white house level, i know it is still early, but what do you think of what donald trump has done so far with Cyber Security, what he has done well, what you would like and to see like to see him do that he has not. Rep. Langevin one of the few bright spots in the Trump Administration, and there are not many, is what hes doing regarding Cyber Security and the executive order that he just issued. His new Homeland Security advisor has great talent and expertise in cyber fields. Coming from nsa, he has a great skill set as the Cyber Security advisor. What we dont have, unfortunately, is people across the government right now at the top levels who have been appointed. The vacancies still exist in pretty vast numbers across the government at the top levels. For example, we dont have permanent directors, we have acting, we dont have permanent replacement there. The administration really needs to step that up getting people in there who are responsible for Cyber Security area i like the executive order the president recently issued, it seems they are moving the ball forward and building on the successes that have been achieved, both under the clinton and Obama Administrations, and the bush administration, to move the bill forward. Tom what about your personal congressional agenda, if you will . Cyber security, defense, and anything you might put at the top of the list for the caucus that you cochair . Rep. Langevin i would say there are two things. Right now it looks Like Congress is in a wait and see mode. To see how the Cyber Security information sharing bill, how that law is working. Right now it is too slow for my liking. The ideas this is a way to allow for more robust information sharing. What we became aware of, it could be shared at network speed. There are barriers to sharing information, there are service that will be worried over antitrust violations. There were a lot of nervous corporate attorneys, for example, that were worried that it would lead to antitrust violations. If they were to share information. We have brought those barriers down and encourage information sharing. But its not robust enough. An attack in one place, we would have to share the signatures in realtime, machine to machine as quickly as possible to inoculate a whole sector where an exploit could be carried out as a significant attack. We want to prevent that from happening, but in order to do that, we have to look at information sharing, so we have to get that data. The other thing im looking at is metrics. Framework, whoe is using it, how they are using it, is it effective . I will be drafting legislation for a bill that sets of legislation. So some entity is responsible for metrics deciding what is working and what is not, how widely used as the framework. Tim what is your time frame on that . Rep. Langevin soon. In a matter of weeks. Tim to clarify, what is this . rep. Langevin this is the National Institute for standards and technology. Cyber security is not a problem the government can solve alone. Private sector cannot solve the problems and challenges of Cyber Security alone. It really does have to be a Public Private partnership. It was during the Obama Administration, there is a yearlong process where you had government and industry come to the table and Work Together to ist framework. Basically it is a series of best practices of how to do Cyber Security the right way. Its a process they make and have in place so that you are doing what you can, the best practices for how to do Cyber Security the right way. Pedro representative jim langevin has been our guest, and he is the cochair of the Cyber Security caucus and is joined by tim stark a politico and john donnelly, cq roll call. What do we do about actors in Cyber Security from other countries question mark will we always be taking a defensive posture . Against the actors who perform these acts against the United States . Rep. Langevin obviously we want , to have cyber defenses as strong as possible , but there are things that we need to do to better protect and inoculate us from Cyber AttacksGoing Forward. I would love to see more International Operation in developing the rules of the road, if you will. It is not going to prevent everything, but it would help us to better coordinate with robust information sharing, country to country, like we do with israel. I was there last may in order to better understand how israel does Cyber Security. I think that Going Forward that will be helpful. I also support, under the Obama Administration, the actions we took indite chinese or iranian individuals who we had confidence were involved with carrying out Cyber Security attacks or exploits against our networks. In some cases, certainly, there may be more offensive steps that we take as a country that would be more appropriate to respond to a cyber attack and we can think of examples where Cyber Attacks were carried out and in some cases if we have to hit act with a cyber attack, that may be necessary, but we need to think those things through. I did right now they will be decided at the highest levels. Tom if we shift from cyber may security to the war against the Islamic State. The pentagon announced what they called a new approach to the fight that seems to be focused more on a clear stranglehold on the cities that the Islamic State holds as sort of sanctuaries. You may not have had a chance to look at the details of that at this point, but i wonder if you could give us your take on how the war is going. Things we are doing right, things were doing wrong, and things we might change Going Forward. Rep. Langevin i know that there has been a renewed focus on how we can we can isis and inhibit their ability to carry out attacks, where we can hit them working with International Partners in the region, we are hitting them hard. Certainly it put a stranglehold on their ability to function, getting supplies in and out, showing support. Also, cutting off their finances is another area where i know there have been stepped up efforts regarding the stranglehold on the financing of these terrorist organizations. So, you could deprive them of supplies, munitions, and target their leadership wherever possible. Tom will that require more american forces, more deployed footings and more airstrikes in syria . How do you see it playing out militarily . What i dont want to see is largescale boots on the ground in the middle east. We are looking for support from the american people. We dont want a largescale ground war. It does require a renewed focus with allies in the region. Isis is not just a u. S. Threat, but a challenger, threatening the stability of the entire middle east. Before we can work our International Partners, the better we will be against the war against the Islamic State. I think you are seeing those stepped up efforts. Tom this forthcoming week we are supposedly going to see a new budget request from the Trump Administration for fiscal year they will be proposing 2018. Something on the order ofs a 17 billion increase in the Defense Budget a above the caps on the law. They are proposing steep cuts. In the last fiscal year, 2017, something unusual happened area and the Defense Department got a raise. But it didnt come with a corresponding increase in nondefense programs. How do you see the politics of this playing out . Is the same thing going to happen . Will democrats insist on a one to one basis . They want to decrease nondefense spending to pay for pentagon increases. If the 2017n budget taught us anything, its that if we want to get a good budget to the congress, we want to do it expeditiously. Its going to require democrats and republicans coming to the table, rolling up sleeves and doing the budget in a bipartisan way. So i predict at the end of the day, that is what is good to happen with the fiscal year 2018 budget. How long it takes members of congress to really figure that out and also come to the table and just do the right thing is yet to be seen. I hope we will not be seven months into the fy 18 budget before you tell everybody you are not going to get a partisan budget through because the ultraconservatives are probably never going to agree with mainstream republicans and they are certainly not going to agree with democrats. What we saw in the fy 17 budget was basically democrats and republicans coming together. Youre going to get the vast majority of us in the middle that want to do the right thing. You did see increase in defense. But you also saw some increases in domestic spending as well including things like education and medical research at nih. Thats the same type of thing we can and should see in the fy 18 budget. I am under no delusions. A lot of times we wind up doing the right thing wants Everything Else has been tried. I hope we can do it sooner rather than later. Tom are you one of the democrats who believes that for every dollar increase in defense spending there should be a dollar increase in nondefense spending . Rep. Langevin i certainly fall in that category because security isnt just about guns, bombs and bullets. Security is a variety of things. It includes things like Homeland Security, economic security. Families dont feel very secure if they dont have a safe affordable place to live or enough to eat. Obviously Border Security and support for first responders, police and fire. Also fit into the category of security. I believe they balance security, and its not just all in the pentagon budget where we find security. Tim lets talk today about your role in the emerging threats of committee and your role being expert on Cyber Security. What threats are you looking at in cyber or physical that you are really worried about and we should be focusing on more . Rep. Langevin as i said earlier in the program one of the things , that i worry about the moose is a tax the most and that keeps me up late at night is attacks on critical infrastructure. You have the pentagon and in essay defending the. Mil network and i believe doing a good job. Homeland security protecting the network, and though i would really like to see someone in charge and have long been , creating athat directors position in the white house with Senate Confirmation to reach across government and compel departments and agencies to close vulnerabilities in the cyber networks, but on the. Com side, we do not have anybody in charge. What we need to do is see border cooperation between the government and the private sector. Thats why information sharing is so important. Robust information sharing to make sure our private sector is as safe and secure as it can possibly be. Added incentives to get them to do more, and it may even require some regulation. Where is vulnerabilities exist and they have not been closed, we need to give the authority to go in and direct that vulnerabilities be closed. Those are the things that i will continue to focus on and push for, but again, it has got to be a publicprivate partnership. Pedro our guest, jim langevin, democrat from rhode island and the Ranking Member for the emerging threats subcommittee. Thanks for your time today. Rep. Langevin thank you. Its great to be with you. Tim starks, as far as everything he said, concerning the attacks and response, it seems like there wasnt a lot congress can do. Does that ring true with you . People outt mean for there looking for congress may be to do more of this kind of issue . I haveat is one thing been asking lawmakers offcamera as well. The general part about seemswith ransomware to be probably nothing specifically that can be done. There is a sort of area of exploration about who is really responsible. On the vulnerabilities equities process, there is new legislation or people are trying to codify that process and make it persist beyond the Obama Administration and Trump Administration. Under the current rulings of the process the nsa is essentially in charge of how do we go about releasing or not releasing. This bill would put Homeland Security in charge. Has a completely different agenda domestically. And there has been a call for some hearings on how to potentially address the ransom ware side. Pedro when you take a look at ae actors involved, you got sense of wellbeing things happen. John donnelly, do you get a sense that maybe more is done or needed on the offensive side . John he is right that it has to be thought through. So much of this goes on in the classified realm that they cannot talk about. This is among the more hushhush things the government does for obvious reasons, so there is a that weubtedly going on do not know about, some of which we have had hints of, but hes right that we need to be very careful about how we as a country proceed on this. It is sort of like the beginning of the atomic age where they were coming up with concepts of Nuclear Deterrence and figuring out how to do this without screwing everybody over. We have the most to lose in terms of network technology. We are kind of in that same position historically now. Tim what you said was perfect, though i would like to just add to amplify your point, this nsa hacking tool that got leaked is behind us. That shows the difficulty of going on offense in cyberspace. There,u put it out everyone else has access to it, too, and then it is out of your hands. Pedro a quick question about isis. The answer the congressman gave you did you get a sense of what , he thinks . Or how the u. S. Is doing against isis . John he articulated one of the limiting factors which is the political pressure not to put too many boots on the ground. The Trump Administration looks like its going to push the envelope a little bit but not that much. I dont see a whole lot different happening impaired to compared to what we have been doing the last couple of years. Maybe a few little changes in strategy, but kind of around the margins. But having said that they have , made a lot of progress against isis and last year. They are said to be getting pretty close to i dont know about finishing them off, but certainly reducing them to a shadow of what they were before. Pedro we saw a congressman being briefed by ryan rosenstein. His response, he basically said i think the fraser was wishing he could get an hour of his life back. What does that tell you . Covered congress vinid congressman lange for a long time, he is not a flamethrower, so to get an answer like that, it must have been pretty bad. You might expect a lot of democrats to come out of a partisan, and be disappointed and critical. You would not necessarily expect congressman langevin to be someone who would do that. It has to do with expectations. When lawmakers going to these briefings, they expect to hear something cool they did not know about. They find out they had been briefed about something they read about on the front page of the newspaper the day before, so they come out disappointed sometimes. I agree with him that it is unusual for something as measured as congressman longer than to make as sharp a statement. Tim stark is on Cyber Security for a politico. Both gentlemen, thank you for joining us on newsmakers. Thank you. Thank you. S 2018cer the president budget comes out this week. Budget director and Mick Mulvaney is on capitol hill to testify before the house and Senate Budget committees. We spoke with a reporter for details on the week ahead. Jennifer shutt is appropriations and budget reporter for cq roll call. In your preview piece, the headline mulvaney to sell trumps budget request to the hill. You write the testimony by Mick Mulvaney, the budget director, next week will be eventful, rather eventful is what you write. What are you expecting . Jennifer when the white house releases its full budget request on tuesday, we are going to get how it wants to handle spending in the next fiscal year for mandatory programs like medicare, medicaid, and social security,