Transcripts For CSPAN3 George Washington University National

CSPAN3 George Washington University National Security And Cybersecurity Conference May 10, 2016

Viewers this morning. My name is frank salufo. I direct your center for im really excite d for what wil be a rich and long day covering a whole host of issues that our center zeros in on ranging from counterterrorism to Homeland Security to cyber to obviously the integration between federal, state, and local and obviously with the integration between the public and the private sector as well as some of the international issues. Couldnt think of a better time to host this than sunday was the fifth year of our successful raid of Osama Bin Laden in abbottabad in pakistan and obviously serves as a good time to sort of take stock in terms of where we are, how the threat has changed and what sorts of capabilities and capacities we need to be able to get ahead of the curve. Our conference is titled securing our future, and it is meant to be a strategic set of issues that looks across our various portfolio issues. Let me ask everyone to please put their phones in quiet mode and, when you do have questions, please identify yourself and allow time for a mike to find you. I am going to very quickly introduce one of our board members, mike balboni, who will moderate the first session this morning with the deputy secretary of dhs mayorkas. Mike balboni is a longtime friend, coconspirator on a whole host of issues. He serves on our board and, more importantly, has served in numerous roles related to Homeland Security including the Homeland Security adviser to two different governors in the state of new york, a former state senator in new york who really picked up and advanced a lot of the Homeland Security issues from the state assembly. He also resides from my hometown, long island. He represented long island. As you can see i am wearing my islanders colors today. So go islanders tonight. But without further ado let me introduce mike balboni, who is ceo of redland strategies. You see him a lot on our tv screens throughout the country. And mike, the floor is yours. Thank you. [ applause ] good morning, ladies and gentlemen. I dont know if you share my sense of enthusiasm but its great when you come from the hinterlands of the state and come to washington, d. C. , and get a chance to interact with the people who are Decision Makers behind the scenes. You dont normally always get a chance to see them. And thats our opportunity this morning p. Alan mayorkas is a very distinguished individual that you may not really have spent a lot of time focusing on. Yet, in 1998 he was appointed by then president clinton to be one of the youngest u. S. Attorneys out of central california. Then he went to the private sector and, when he went there, the National Law Journal called him one of 50 most influential attorneys in the nation. And of course, the president , obama, put him into dhs for citizenship and Immigration Services where he oversaw an organization of 18,000 individuals and a 3 billion budget. Then he took the big step. In 2013 president obama then said you become the deputy secretary for dhs. Now he runs an agency as we all know, 60 billion, 240,000 employees and he is the number two for this incredibly vast enterprise that has so many of the issues that relate to so much of our personal lives. So without further ado, deputy secretary mayorkas. Plaus plus [ applause ] thank you. Thank you very much. Good morning, everyone. And i very much appreciate the opportunity to share some thoughts with you. I thought this morning i would really focus my comments on Cyber Security in particular, one of our greatest priorities and one of the greatest National Security imperatives that we face. One year ago today, as a matter of fact, one year ago, two men wearing body armor, carrying assault rifles, hand guns and 1,500 rounds of ammunition stepped out of a vehicle and started shooting at the curtis s Caldwell Center in garland, texas. They did not achieve their objective. They were thwarted by valiant and brave Law Enforcement officers who were ready for the attack. One of those valiant officers was shot in the ankle, was able to recover in a local hospital, but no one died. The curtis Caldwell Center was targeted because they had exhibited a cartoon show with respect to the prophet mohammad in protest of the tragic Charlie Hebdo assault that had occurred a month earlier in paris, france. The attack was essentially thwarted successfully because of the fact, in part, that the Intelligence Community had shared information with local Law Enforcement with respect to anticipated attacks on the center, and the prospect of just such an event. And we, in this country, are quite mature and evolved in the sharing of information in the counterterrorism arena. Not only within the Intelligence Community, the federal Intelligence Community, but very importantly and critically with our first responders, through a network of Fusion Centers and other mechanisms we share information in as realtime as possible with state and local tribal Law Enforcement so that those individuals are equipped to protect the public whom they serve. That level of evolution and maturity does not yet exist in the realm of Cyber Security. And yet, it is no less a security imperative. In fact, there is something unique about the Cyber Security realm that really underscores how imperative the sharing of information is in this realm. And that is the ease and accessibility of replication of harm and the replication of an attack. When i was a federal prosecutor and handled at the outset of my career i handled bank robberies. I remember seeing bank robbers who hit one bank and moved on to another. And the ability to execute their particular modus operandi and replicate in one institution the harm that they had sought to inflict in another was actually quite difficult and usually unsuccessful. Here in the Cyber Security realm, as we all know all too well, it is just a click of a button away. When one hits one institution, whether it be ransomware or whatever harm one seeks to inflict, one can easily hit another institution in a matter of seconds if not simultaneously. That calls for the sharing of information in a way that is rather unprecedented in the Law Enforcement arena. Very often in an investigation information is not shared because, number one, the investigation may be conducted in the context of a grand jury. But more importantly, the investigation is seeking to identify the perpetrator and achieve accountability. In a Cyber Security realm, the perpetrator may be an ocean away, may be inaccessible to Law Enforcement and actually apprehending the perpetrator may not necessarily be as important as ensuring that the victimization is in fact not replicated elsewhere. And so, the paradigm that we are seeking to establish in the cybersecurity realm is a much more open and sharing of information paradigm than otherwise exists in the traditional enforcement and security arenas. What we are seeking to accomplish in the department of Homeland Security and across the administration is to treat the cyber threat indicator itself, this unique indicator of the perpetrator, to share that, to no longer consider it a commodity for profit but, rather, to share it as a public good. So that, if in fact one institution is harmed, we share the information as to the nature of the vulnerability and, more specifically, the nature of the exploitation and enable others who may share that vulnerability to patch the vulnerability and protect themselves from suffering the very same harm. Right now we have a number of obstacles in achieving that informationsharing paradigm to which we aspire. It is im not worried about the obstacle of undercutting profit because we know very well that in the Cyber Security realm there are many avenues. In fact, theyre exploding in growth and number, many avenues of making a profit. And the cyber threat indicator, the profit makers do not need to rely upon. But rather, there are different obstacles. Number one, i think there is a general sense of distrust between the Technology Community and government writ large. There is certainly a residue of distrust in the postsnowden environment. And that residue, quite frankly, has been built upon or sharpened a bit, quite frankly, in the dialogue around encryption and the sometimes polarizing nature of that debate. And we have to work through our disagreements. We have to work through the distinct policy positions around critical and important issues and find a level of trust that allows us to protect one another and, therefore, collectively to protect the nation as a whole, number one. Number two, there is a skepticism in the private sector as to what is in it for us. We will share information with the government, but what will we receive in return. Will we, in fact, only be the subject of an investigation, whether our Cyber Security protocols within our institution are adequate to protect our customers, our shareholders, our clients, our students, our patients, whatever the nature of the duty is. Will we become the subject of investigation, or otherwise will it just be a oneway stream of sharing of information. And what we are building in the department of Homeland Security is a mechanism of, frankly, mutual benefit. Our intention in receiving information from the private sector, stripped of personally identifiable information, so that we safeguard an individual or an institutions privacy interests. We are unique in the department of Homeland Security as having a statutorily created office of privacy and a statutorily created office of civil rights and Civil Liberties. But we will take that information and we will disseminate it. We will disseminate it in automated form, in realtime, not only across the government but, frankly, throughout the private sector to the information sharing and analysis organizations that the president created in his november 2014 executive order. And the idea is, if that one institution shares with us information that other institutions may not be privy to, we will publish that information in a form that is useful from a Cyber Security perspective and not imposing unduly imposing from a privacy perspective throughout the participating private sector entities so that they can understand what the harm suffered was, how it was achieved, and protect themselves from suffering the very same harm. The sharing of information in the counterterrorism space took time. It took time for the government to develop the mechanisms of sharing and to develop the muscle memory, to overcome, to some extent, provincialism that existed, stovepiping, but we are in a place now that is far, far stronger and far, far better than when we the way we were in 2001. We do not have the luxury of time in the cybersecurity arena to develop institutional mechanisms, to develop a culture of information sharing and to build the muscle memory that we now enjoy in the counterterrorism space. The cybersecurity realm, as we all know, is fast evolving. It is exploding. Dr. Eviatar matana, the head of israels National Cyber bureau, described cyber space as the third revolution. There was the agriculture revolution, the industrial revolution, and now there is the cyber revolution. There are more devices connected to the internet than there are people on the planet. And things are moving fast. And we need to move fast as well. Not only as a government. We need to be far, far better in our ability to innovate than we are currently, and were making strides in that regard. But we have to be better as a community. And by that i mean as a publicprivate Community Together, in battling the threat of cybersecurity. We believe in the department of Homeland Security that we are uniquely situated to be the point of the spear in building that community, that community of sharing of information and a cohesive response to attacks that can hit one or all of us together. We have been the beneficiary of critical legislation this past year that affords the sharer of information liability protection. We are a civilian agency, civilian department, though we have Law Enforcement components. We are civilian in nature and, as i alluded to earlier, we have unique protections that afford the interests of the dissemination of information and the privacy in civil rights and Civil Liberties arena. We are working within the administration to publish critical documents to guide the private sector in the sharing of information. We look forward to rolling those out in the near future. We are enhancing our efforts not just domestically but certainly internationally. Our office of science and Technology Just entered into an agreement in principle with the government of south korea. Our office of science and technology has just entered into agreement with the government of israel to pool funding for research and development in the cybersecurity realm. This is a matter where the community is not only a Publicprivate Partnership domestically but a publictopublic and a Publicprivate Partnership around the world. I returned recently from berlin and the united kingdom, where i participated in the biannual dialogue with our key partners in the National Security space. And front and center in those dialogues was the subject of cybersecurity. Of course, encryption arose, but the sharing of information and the development of institutional responses to a harm that we are all exposed to was upper most in our minds and upper most in our discussions. And so i hope that we will be able to Work Together to build a Cybersecurity Infrastructure that parallels the success that we enjoy and that we execute in the counterterrorism and broader National Security structure, and i appreciate your time and i look forward to fielding your questions in the minutes ahead. Thank you very much. [ applause ] permit me, if i may, deputy secretary, to pose two questions. And then open it to the audience for questions themselves. So let me switch to the counterterrorism perspective. So post paris and brussels, what has become very evident is that there have been enclaves of isolated communities within those throughout europe really but specifically in brussels that have permitted the radicalization on a Community Basis of some members, certainly the ability to move in and out of these communities themselves. Given the level of rhetoric in this campaign and the concern that weve seen growing throughout europe, what is it that we can do from the department of Homeland Securitys perspective to counter the narrative of radicalization . Let me say that i appreciate thats the question. Its a very important priority of ours. The countering violent extremism mission. Last year we were very focused on the foreign fighter phenomenon. The phenomenon of individuals leaving the United States, traveling to conflict zones, syria most notably, and the concern that they became or already were radicalized with the intent of returning to the United States to do us harm. That, of course, remains a concern of ours, but increasingly we are concerned about the homegrown radicalized violent extremist. And we had an effort that was under the rubric of countering violent extremism, but we rebranded that effort very importantly and created the office for Community Partnerships because ultimately ultimately the owners of that effort must be the local communities themselves to be able to identify individuals who are on the path to radicalization and to intervene in that path. We, in the federal government, can facilitate and equip them to address this phenomenon. The director james comey has spoken on a number of occasions publicly about the fact that there are approximately 1,000 individuals under investigation in the United States now. There are individuals in every single state of our union who are under investigation. And they may very well not have travelled to an area of conflict, but instead become radicalized in their own communities. We were given funding by congress to equip local and state and tribal Law Enforcement and community organizations, whether they be nonprofit, religious or other types of organizations, to build the lines of communication and to build the apparatus to reach those individuals, their families, their friends, and equip them with the tools to intervene. We are also, of course, involved in transmitting the counternarrative. And the one thing that or at least one characteristic that really distinguishes isil in the radicalizing effort is their very sophisticated use of social media. And we, in turn, are using social media to reach the very same individuals, to ensure that the messages that they need to receive in order to thwart their path to radicalization is in fact communicated. So this is a communitybased effort that we in the federal government very much support, facilita

© 2025 Vimarsana