senate seat. this is a special election. tom coburn is retiring. this comes to us courtesy of oklahoma state university. >> oklahoma state university, i'm a professor of political science here. it is my pleasure to moderate the u.s. senate debate. this has been a joint effort between the is league of women voters and oklahoma state university. let's introduce the candidates. and jamesnson lankford. [applause]

welcome. as you all know, a campaign has a long job interview. we will be approaching this debate as an interview. we have selected a series of questions dealing with the most salient issues of our time and we will hear where the candidates stand. is going to be that each candidate will have two minuss for a remark, two -- two minutes for a closing statement. all of the questions in mind section of the process were selected by me alone. we will take some questions from the students in the audience. we have ushers walking through now reading paper. we asked students write their name in the year they are here

at osu. is that willn it review those questions and bring me the top three. with that, let's start with our opening statement. based on the coin toss, the state senator connie johnson will be going last. start withord will your opening statements. >> thank you. it is my honor to be here. the folks that are here in this room. it is a privilege to be here. we carry a responsibility to our state and the nation. 22 years i served in ministry working with families. school andm high college-age students. it was my joy to do that. four years ago my wife and i were called to serve in the

house of representatives. this is still serving families. this is still doing what we have always done to do a weekend with our time and effort to make the best difference that we can for god and our state. i have to tell you four years ago walking into the house of representatives it was more like walking back on campus at middle school at lunch because middle school lunch private self on insulting each other and saying crazy things. i thought that was exactly what congress is. a big middle school lunchroom. trying to reset a tone an example of how we pay respect to each other, even when we disagree, how to set up parameters and say this is the thing we consider best in the nation. how to begin those things accomplished? to move us from complaining to solving the issues. we have all kinds of educational issues as a nation. all kinds of opportunities that are not one out for the youngest

generation as they come out. we want everyone to have those great opportunities. we have income inequality. it is essential to us that we take those things seriously and work together to find real result. i strongly believe conservative solutions when out. those options and ideas when in every town in our state across america. if we will honor each other as we walk through the process. all before the conversation tonight. >> thank you. senator johnson. .> thank you good evening everyone. it is my honor and cleverest -- privilege to be here this evening to present my feelings and thoughts, to see how those issues resonate with you as voters in oklahoma. congressman langford it is correct, it is time to have a conversation about economic

equality, about fairness in our economic system, about taxes, about health care, about women's reproductive freedom, and about privatization of social security and what that means for the well-being of the majority of all, citizens who are baby boomers now. it is a time for us to have a conversation devoid of labels, democrat.ervative and it is time to talk about the people of all, and what issues concern them. what issues government should be addressing and what issues you should be addressing as individuals. my campaign has been for the people. i have traveled the state. i've heard you talk about the need to strengthen public education. that areto create jobs meaningful and pay a living wage. perhaps increasing infrastructure.

i have mostly heard you talk about the need for the government to get out of our business, to let people live their lives, to let people make choices and individuals of the government shouldn't have anything to do with. i come to tonight with 33 years of experience in the oklahoma state senate having resolved problems with citizens and written policies that made a difference in lives. i'm asking for your vote to go and do the same thing in washington. herehappy that you are tonight. i look forward to the conversation. >> all right. thank you. [applause] >> i did or did to mention we have lost -- ask the audience to hold applause until the end of the debates we can focus on answer is. thank you. it is time now for the questions. the first question will go to you, congressman langford. i set it up for the question

that a campaign is a long job interview. let's talk about campaign finance reform. this is what takes place for members of congress run for public office. using you think the money spent on campaigns is a problem and do you support a constitutional amendment to curtail it? >> thank you. i would not support an amended to curtail it. the first amendment was set up to protect political speech. the last thing the finals -- founders wanted to have with a keen stepping up and telling everyone how to talk about things, what they could talk about, and we have students not protesting in hong kong because the leadership in china is stepping in and saying we have a few changes we are going to make and help select the group of leaders and try to alter some of the system. we should allow the free conversation that is happening.

beis a great frustration to able to walk through the campaign-finance issues and make sure you do everything correctly. appropriate toy have the transparency needed in that process. as many people would know, if you're going to have a commercial on television, they don't do that for free. if you're going to have a sign in a yard that does cost money. , the fundraising that happens doesn't go to the candidates. it goes to get the message out in the campaign. when i go to someone and say i would like to have your help to get the message out they can make a decision on who they believe in and what they're going to do. transparency is important. we have that. they can see every donor out there in the race. that is entirely appropriate. i don't like you thought of silencing clinical stage. -- political speech. >> if in fact the cost of

running a campaign is 10 times the cost of the salary that i would expect to receive, i'm on minimum wage. we are a grassroots campaign. those are the only thing that trumped dollars. we have enjoyed traveling the state in my car, using gasoline, paying food for my health. the cost the campaign should not outweigh the value of the campaign. what we have today with decisions like citizens united where untold amounts of cash are being funneled into campaigns by private corporations in ways that employee policy makers to make decisions that are not always in the best interest of the people. those of the concerns we are speaking to when we talk about campaign finances reform. that court hearing has been upheld.

it doesn't leave us any better place when it comes to how we fund our campaigns and get our message out to people. i appreciate this opportunity to and talk to the students those were watching us online. this is one of the free opportunities economic reason to. thank you. >> the islamic state, with airstrikes taking place in syria and iraq, should congress vote on authorization of military action? how would you vote? >> that is a conversation that needs to be had. this ongoing crisis in the middle east, the 240 skirmishes that have occurred in the world since world war ii are an example, and the united states has been involved in all of them. examples of wars that are basically founded and based in

religious issues. we keep trying to put a political military solution on a religious situation. we can see that it continues and it is not being successful. atould take a long look whether we send our troops into harms way again, into situations that we have not been able to resolve because of the nature of the situation. taken.t has been there are alternatives though. we need to look at peaceful resolution and get our house in order in terms of how we are spending money for things overseas versus spending money on soldiers when they come home. for is the big challenge me. we have be prepared for when they come back we don't need to be going in towards the first place. >> thank you. >> the islamic state is not under the previous authorization

for the use of military force. theress voted to approve execution of military force for those directly connected to september 11, 2001 attacks. the president is saying that he still has authorization to move into syria based on that .uthorization he doesn't. that is not an accurate use of military force. in the 2002 authorization it was connected to iraq. he is moving forces into this. the issue is, this is something that congress has to resolve. this is the way the system was set up. if you go back to the federalist paper you will determine all these different amendment and where it came from. finds the power and shows how different war power is from the previous king of england. he could call up his army and then go execute the army. he could work at unbeatable to

have the war. the president will not have the same authority. he can't call it the army and then be commander-in-chief. he is commander in chief after congress has approved that. that was the american people would be engaged in a conversation. when we feel threatened and understand there is a real threat the american people through their elected representatives would say it is time to engage. we are willing to put our sons and daughters at risk. the president should come back. >> thank you. this next question deals with ebola. it is in our backyard. texas governor rick parry is calling on officials to permit screening positional's -- officials at all points of entry. they would take temperatures and determine overall health. if elected would you support those moves? >> we have procedures in place in the president is doing a decent job of trying to do some

changes in that process. what needs to happen now is verified everyone coming from west africa. did you contact and not just .ssume sometimes they know, sometimes they don't. the gentleman in texas was fully aware he had contact with ebola and he lied on his form. first check, it needs to be every individual that comes from that region. when you talk about one person in the united states, that is a dramatic thing for us. and west africa, 7500 people right now have ebola. their system is completely overwhelmed. the cdc estimates i january there may be as million -- as many as half a million people. while they take this very seriously the need to take ebola seriously and understand people halfway across the world are in desperate need of engagement.

this disease will spread if the united states doesn't engaged in there is no other place in the world better but then we are at dealing with this disease. it would be wrong to back up and say we are going to allow half a million people to die because we don't want to engage. we should lean in and help. we are equipped to do that. we should pay attention to ports of entry to verify we are doing basic screening. >> state senator. >> i believe this is the most dire world health issue of our time. it was just a matter of time before it came to america. , agree with the congressman the majority of these cases are centered in west africa. with a highly mobile society of today people travel from africa to china to japan, to new england. those areas are just as likely and just as capable of exposure

as any other place in the world. for ourhensive system ports would cover anyone who comes from overseas. the method of screening is noninvasive. is screened, i don't think anyone would consider it a hassle. it is something we all as citizens of the world have to be committed to. until we can get this under control i don't think any measure is too extreme. screening in of itself is not a difficult process create it is available, it can be instituted immediately. it is one that people don't mind having to go through. >> thank you. we will start with you state senator. marriage equality. the debate is on the heels of the supreme court decision to reject the report appeals inrturning same-sex marriage

five states including oklahoma. there are 20 states that ban same-sex marriage. my wife and i moved to a state would recognize our marriage. if a same-sex couple moved to a different state they will not be considered married. should congress step in and make same-sex marriage legal in all 50 states? should we leave this to the states? >> i'm pleased that this debate comes on the heels of that decision. i celebrated yesterday with my ofends in oklahoma who are different gender orientation. i understand their challenges. i understand them as humans first and foremost. how we treat human beings differently from the way we would like to be treated. this question of same-sex marriage was voted on in

oklahoma 10 years ago. since that time our demographic has changed substantially. dohink people who choose to and are differently oriented, they have the same rights as those of us who are oriented the way our. i don't think there should be an opportunity for states to decide. just like interstate commerce, we ought to be able to have that freedom to go from state to state and people be able to keep their values and lifestyles intact without government interference. i believe in the united states were to take on that issue it would be a useful discussion when we see we are have five states so far. that attitude is changing as our state grows older and our nation becomes more mature. we have a basic duty to respect

humanity. >> congressman langford? >> every person is created in the image of god. every person has value and worth. the united states constitution clearly leaves the authority for marriage to the states. i would say it is because it is clear from the 10th amendment, all things not reserved are reserved to the states. over and over again when any issue on marriage came up supreme court said that is a state issue. that is not a federal government issued. the federal government should not be engaged in a marriage issue at all. as recently as last are the the hearing that occurred when the final piece cannot think of federal government involved in this argument, this is a state issue. states alone can make the decision about marriage and how

to define marriage. what's interesting was yesterday the supreme court said we are not going to hear a case and their interpretation was either states make the decision or a single federal judge in a state can make that decision. they literally conflicted against their own argument from a year ago in their own opinion. if you read through and see what happened versus what they did last year, it is amazing the separation between the two. this is uniquely a state issue. individuals are to be respected. think the definition of marriage we should maintain. but the stakes make the decision, not the federal government. >> thank you. this question comes back to you. dealing with veterans, the decision to send troops into hostile situations can and should be a difficult one. the debate over how to care for those trips when they return from war for many is simple.

serve your country and receive support when he returned home. multiple reports have highlighted deficiencies. do you support increasing veteran health care? what's i support the veteran being able to make the decision on where they go for health care. capability.ave that multiple others continue to bring up the same issue. if a veteran isn't woodward oklahoma why do they need to drive to a veteran center? past five or six good hospitals on the way? their family has to make that trip and get in line at the v.a. center to be able to go to the process. is not right. it doesn't treat them with respect. the first thing is to not look at just the finance side. to look at the process issue. allow veterans to choose where

they go for health care rather than force them to certain locations. we passed the bill through the house of representatives that gives veterans the first opportunity. miles, wewithin 40 took the first of the city want to allow more opportunities. we hope we can flip the senate and open that up to a greater group of people and allow veterans to choose. that is an essential part, to honor the promise that has been made. you may change things for a future person signing up you don't break the promise for those who have already served. >> thank you. >> thank you. as a former member of the house, the senate veterans committee, it is usually will have a lovefest when it comes to veterans. i really agree with everything the congressman has said.

regarding the need to care for veterans once they return from war. deeper when you talk about not only the health care setting but every day when they are jobless, when they are sometimes incarcerated. record numbersm are committing suicide because of ptsd. we are not listening to our veterans in terms of help they say they need let alone providing services they need. as your senator i will fight just as hard for veterans as i have at the state level. i believe veterans have given up everything they have. you drop what they were doing and went to war to protect our freedom. when they return home we need and we deserve to give them the best they can afford. i was privileged to witness the honor flight coming through the

airport in washington dc. we were having a celebration tonight in oklahoma city to honor those veterans. the pride i saw on their faces for what they did to our country will never leave my memory. to bes what will drive me of service to them further. >> thank you. >> one of the most important responsibilities in the u.s. and is the power to confirm supreme court nominee is. would you confirm a nominee who was more politically progressive or conservative than yourself. whod you confirm a nominee holds the opposite position you have on issues like abortion, same-sex marriage, or stem cell research? >> the positions appointed by the president are vetted pretty well. with president obama in place now, i don't think i would have to worry about the type of

nominee that he would send. the question is whether i would support someone who has different views. if the majority of the committee votes for that it doesn't matter what i support but i would continue to be the voice questioning that person about their views. we are concerned about the supreme court ruling on marriage equality. the same supreme court struck down section four of the voting rights act. the supreme court is potentially all over the place. we estimate the representatives of the people have to use our voices to make sure we that them in ways that guaranteeing that we can expect them to perform in their capacities and for them to uphold the laws the land. the laws of the land what will be the ultimate test and the ultimate judge of who gets elected to be a supreme court justice. mythe first test is not preference.

court is a co-equal branch of government. people lose track of that. there is a perspective that the president is the ceo of the government. the design is there is an executive branch, judicial branch, and legislative branch. they are co-equal. the checks and balances are just on one or the other. they are in place so that no one branch can infringe on individual rights of a person. it is not just that they compete with each other, they are watching each other to make sure the individual is protected. my first litmus test would be do you follow the original intent of the constitution? a few look at the design come our you falling that as a guide or view goal by his is a living document that can change? if it changes without amendments that is not consistent with the constitution. there is a way for the constitution to change through an amendment process.

if they follow a strict instruction of the constitution i could become bullet that person. they are determined to make cultural references or political preferences rather than following through the law, i would oppose them. >> thank you. this question builds on your discussion of the constitution. base in the supremacy clause of the constitution federal laws trump state laws. there are several states in violation of federal drug enforcement laws regarding marijuana. should congress follow the leads of those states and legalize marijuana nationally or should federal law enforcement getting the legalization of marijuana in states like kerala -- colorado? many areasone of the the president has spoken to the justice department and said do not enforce federal law. i am aware it is federal law but do not enforce it. picktive prosecution to which laws need to be enforced.

that is a problem. the president takes the oath of constitutionor the and to protect the laws and be able to execute faithfully the laws of the land. we have a law on the book. if there is a need to change that law there needs to be a vote taken away, not just the president stepping up to say i am not going to enforce a law and ignore it. that should not be an option. as recently as yesterday the governor of colorado, one of the greatest governors in the nation, he made the statement that he believed that colorado was reckless when they legalize marijuana. this is the democratic governor of colorado. because of what is happening now in colorado and what he sees in the damage it is doing. he wish they would have had more research and more data before they made this decision as a state. -- part of it is

my perspective. i work with teenagers for 22 years. itave seen the damage that has done to families when teenagers get involved in drug use. itadults use drugs they pass onto them. i have a hard time saying the best thing we can do is to get their parents to smoke more marijuana and for that to be legal. >> state senator johnson? ask the question was more so about the federal law trumping the state law. the president having issue basically, a hands-on position about what is going on in colorado and washington. as many of you know i have been the legislator who has promoted reform of marijuana policies among other sentencing policies in oklahoma because of the unsustainability from an economic perspective. from a medical and human perspective and the perspective of our economy, our agriculture, for ak it is terrible

child who is suffering from , it is just as bad for us to allow the children to die without having any concern for the fact that we have a natural substance that was created by god that would address those seizures and has been shown to be the only thing that addresses those seizures. those children dying are no different than the children dying are no different than the children dying in the streets because of prohibition. but at the end of the day oklahoma is the state where it's an indigenous plant and our agricultural community can benefit and make products from suntans to lotions to papers to clothing and those are the issues we should look at and weigh more so than what we're talking about in terms of checking state laws right now.

>> thank you. surveys have shown the younger generation and perhaps even some of the students sitting in this audience think it is more likely they will see a ufo in their lifetime than a social security check. what reforms to social security if any would you push for? >> i would push against privatization of social security. social security is that thing that, yes, we hope our younger generation will be able to benefit and share in what i hope to share in one day. but at this point there are efforts in congress and at the national level along with other areas of our lives to privatize that system in ways that will put a lot of people, women in particular, who have a difficult time getting a job making equal pay for equal work, thrust into poverty if we allow privatization schemes to come in and take over our social security system. the system, i believe, is

working as it is. we should do some things to shore it up. but in no case would i support a change where we would privatize social security. it's just as bad as privatizing education, privatizing other pensions, privatizing child welfare in oklahoma. privatization means profitization, profiteering. that's what we're seeing. people deserve to profit over private interests. social security is a system that is there. it has been there. it serves people who have worked all their lives and in their twilight years deserve to have a reasonable income and some security that keeps them from being poor. >> thank you. congressman lankford? >> first off it's probablely more likely in oklahoma they'll see big foot than a ufo. ufo's typically land farther west of us apparently. the big challenge that we have is really making sure social security does what it was designed to do. social security in its birth

was designed to kick in at age 65. at that time the average life expectancy was between 62 and 65. it was an emergency plan put in place that if someone out lived their own retirement and past their life expectancy there would be something there as an emergency backup so people didn't end up on the street. it is a compassionate nation that said we want to be able to come alongside the disabled, those that can't work anymore, and have some emergency backup but has now risen to be something people say will pay for all of my retirement. people are slowing down actually saving for their own retirement. people need to save for their own retirement and make plans big or small. some people can only set aside $10 a month. set it aside. start a plan to get that going and know social security is a backup on that. one of the things we struggle with right now, i hate to bring his name up but harry reid has said many times publicly social security is not something we have to deal with right now. it doesn't go insolvent for 20 years. we don't need to deal with it.

i adamantly disagree. we do need to deal with it when you look at the whole process of social security and to evaluate how it is done if you go back to tip o'neill and ronald reagan in the 1980's they made a plan to save social security. it is now just being birthed and implemented. it takes decades to get it going. you have to start early. very important we do this debate now. verage thank you. congressman repealing the affordable care act also known as obama care has been a reoccurring topic in congress. instead of discussing why or why not obama care should be repealed let's get to the central topic of of the debate. do you believe quality health care is a right or privilege in the united states of america? >> well, it is both as strange as that sounds. it is something actually given to every individual. if anyone walks into a hospital right now, with severe injury, they are given care. every emergency room in the country does that. every single entity. we have backups, medicaid for those that are in poverty

especially moms and children. but our system is set up for individuals to be able to engage and take personal responsibility. for individuals that decide i'm not going to take personal responsibility for their own life then there is a tremendous push back on that. so what are you going to do to be able to step in and take responsibility for your life? so each family has responsibility for their own family. employers have taken that to be able to push that and say i'll provide health care coverage for individuals or employees but i can tell you the wrong way to do that is to federalize it. now, i've said it like this with multiple people. i run into very few people that i meet that say this system is really not working well. i don't find anyone that says the health care system is working well right now as far as the payment system. you know what would really make this work better? let's give it to washington because washington seems to fix every private problem much better than the private sector did. the problem is not that it's going to get better with washington. it's going to get more complicated, more expensive. it decreases the amount of

access. we've seen premiums go up, folks now struggling to be able to find access to the care they want while others are receiving care. there is a better, simpler way to do this. our community health clinics, both of us have been very engaged with, is a better model to help in different areas of poverty. our medicare system in other ways but not like this, not a takeover of the whole health care system. >> thank you. state senator johnson? >> whether health care is a right or privilege is the question. and i agree with congressman lankford. it is both. however, we have a health care proposal for the first time in 50 years that is actually making a difference in the lives of people who were heretofore unable to afford insurance but to have access to meaningful, affordable, quality health care. the affordable care act means that people who were not insured before, millions are now insured. the fact that we have a congress that has continually,

54 times, voted to try to repeal a law that has been passed, that has been upheld, that has been implemented, says that we're wasting money and killing people. and that's the priority. i believe it's more important for us to look at what is going on with our health care system when people can't get the care they need, when our systems of government, our systems of care are overloaded but people's health care conditions are continuing to decline. i believe oklahoma is rated 48th in health care. that says to me that not only should it be a right, not only should it be a privilege, it should be a necessity. government exists to provide those things that we can't do individually. health care, when you have your health, you have everything. when you have your health, you have a better worker. when you have workers who are respected, you don't have employers trying to direct their health care services.

>> thank you. state senator, the fact is that most voters will cast their ballot consistent with their party i.d. there is, however, a growing population of independent voters. why should an independent voter vote for you? >> the platform that i have spoken to throughout this campaign in terms of strengthening public education, creating meaningful and living wage jobs through investment in our infrastructure, those are things that resonate i believe not only with democrats but with republicans and certainly with independents, but the third area of this campaign which talks about protecting civil liberties, protecting civic freedoms, that i think is the area that resonates with independents because in a sense independents have gench up on both parties. because of the party positions on things that impact them individually. i think in addition to

independents we have a lot of libertarians who are concerned about this overreach of government, where government is spying on us on our daily lives n a daily way. where we are incarcerating for profit people who have been caught or convicted of possession of nonviolent. where women's right to choose, to make decisions about their own reproductive health care are challenged and constricted and even to the point of limiting women's rights to contraception. i think those are the aspects of my campaign that resonate with people who are outside of either party but who want to see a change, who want to hear a voice that will speak differently and that will speak truth. >> congressman, why should an independent voter vote for you? >> i reach out to republicans, independent, and democrats. we're one state. there are 4 million of us. we do not all agree. not all republicans agree about everything. not all democrats agree about everything. not all independents.

i have four members in my family. we struggle to pick a restaurant after church on sunday and try to find agreement among the four of us. we don't all agree on every issue but we can get a chance to respect each other as we talk through the process. so what i bring to an independent is this. i do have a very conservative perspective. i believe in the constitution. i believe that system actually helps us. i believe the economy really can grow if government is less engaged in the day-to- day operation of the economy and we can get back to the growth of individual lives and their families and allow people to live their lives on their own and make their own choices. i would also say one of the things, i meet a lot of independent, they're very frustrated with is rhetoric. they want to see people treat each other with respect. my christian role i come to you from, working with families for years, there will be people i disagree with but i treat people with respect. i want to listen to all people of all backgrounds and hear it out. george will makes a great statement. i've always appreciated it.

truth is not responsible for its owner. i think it is pretty wise to be able to listen to that. there are people i may disagree with on other issues but i'll agree on that one. it demands that you actually slow down and be able to listen to people in the process and get to know folks and it also demands i turn around and say this is what i think and we have a reasonable conversation. >> thank you. congressman the debate is based on beefing up border security. is border security key to illegal immigration? >> no. it is much bigger than that. i come from a couple different perspectives. one is i believe every person is created by god and has worth and is worthy of respect. the second thing is i really do believe that there is a responsibility that every person has to their own nation. i am a citizen of this country. in this country i have unique rights and responsibilities. in every other country i'm a guest. that is the same for anyone else. now, if the conversation is

about just build a fence and that's going to fix it, well, there are areas where we actually should have a fence and a strong fence. but down the texas/mexico border, the international border is actually the center of the rio grande river. you're not going to build a fence down the middle of the river. neither are you going to abdicate to mexico that river and the boundaries? how do you deal with it? border security is essential. we should have good policing along our borders and make sure the north and south border and maritime coast, that we're watching who is coming in. we should work with the governments of mexico and the other three countries, realizing that we have 11 million people here illegally. 10.5 million of those folks are from poor countries. mexico, guatemala, honduras, and el salvador. well, if they're going to come from central america they have to cross the mexican border coming through guatemala into mexico. we should work with me with mexico to control that border enforcement as well and should have a policy that allows individuals to apply, come work

for short periods of time in the united states, with absolute standards and make sure that occurs. the only way that happens is enforcement actually at the workplace. so multiple areas to do it right. >> thank you. state senator johnson? >> thank you. people were talking about immigration and the congressman has pointed out that a majority are coming from areas south of america. i think we have to also realize that we are all immigrants in america apart from the indigenous people. we all came to america in one shape, form, or fashion. my people came over in the bottom of a slave ship. and so the process for people coming into america is what i think we need to look at more so. when we establish a system that has checks and balances, that people want to come to work, that's fine. if people want to come and make america a new home, if they're willing to abide by the rules, to do test, to become a citizen

and pay the money, frankly, then we should be open. because again, we all came here from somewhere. i think our policies about immigration are in need of repair. i think the president has been proposing some solutions that congress has yet to act on. as your next u.s. senator, i would be open to all aspects of the issue of immigration. i would definitely be open to the things that i think ensure that people again who come here, who abide by the rules, who do what's necessary, and they begin paying taxes, and they actually contribute to society, america is a better place when we have diversity. the food that we get, the inventions that come our way, the technological advances that are coming to america, all of those things come about because we are inviting people into our space. >> thank you. well, it's time now to hear from oklahoma state university students. a panel has reviewed the

questions that were submitted by students in the audience. and the first question comes from kenneth wang who is a senior. his question is to you, state senator. do you support the policy of using drone strikes to kill suspected terrorists, including u.s. citizens? >> the policy of using drones is typical of america's foreign policy to date. and that is military solutions to basically what are religious conflicts around the world. i think the policies regarding the drones are under review. i don't agree with that use of that technology. i do understand that it's been useful if in some settings but i think there are other ways for us to resolve our differences. and the use of extreme measures like drones ought to be the very last consideration in our policies. >> thank you. >> this is a difficult issue in

a lot of ways. it's a war time. we are at a status of war and the use of those have been individuals that are directly connected to al qaeda typically. so this ongoing conversation that's happened for about the last 12 years, president bush used drones in some of the strikes. president obama has accelerated that. but i ask the question, it would be interesting for you and i to have the conversation maybe after this is over. is there a difference between an f-16 launching a missile, between an apache launching a hell fire or between a drone being able to launch something? some individuals would say yes they don't like a drone. they want a pilot in aircraft actually launching that rather than a pilot being a thousand miles away in a safe, secure room. i would say really in a war time experience there is no difference. when you deal with the issue of what happens if that's an american on the ground there, well, americans have rights that are different than other individuals. we have constitutional protection. if an american commits a trees anonymous act and is at war with the united states with their own country, if there is

any way to be able to capture that individual they should stand for trial. if there is no way safely to be able to arrest that person and they are in a battle field situation in preparation to attack the country with the enemy, yes, we are justified. that is no different than a police officer standing on the street, an american citizen draws a gun and says i'm about to shoot you for a police officer to be able to respond to that. it may be difficult to process, but the president of the united states has a very difficult responsibility. that is to protect america and to protect our country from all enemies foreign and domestic. though the president and i have disagreed on many issues this is one that requires oversight. it is one area i do not disagree with him. we should protect america. >> thank you. congressman, this next question comes from kelsey hull who is a sophomore here at osu. where do you stand on the issue of religious liberty particularly applied to the islamic faith? >> i am absolutely adamantly protective of religious liberty. it is one of the issues i talk

about on the house floor and openly to a lot of people. because i come from a ministry background a lot of people come to me and say you need to tone down your conversation about god because you are in a secular role now. i always smile and say look at article 6 of the constitution. it says there is no religious test for any o officer of the united states. you don't have to have a certain faith or put your faith away to be able to serve the united states. that is the same for every single american. every person that's in this room, you can have a faith, live your faith out, or choose to have no faith at all. be a christian, be jewish, be islamic, buddhist, hindu, sikh, whatever you choose to be, this is the united states of america and we're different. so we should protect the religious liberties of every individual and i would stand up as an individual and say regardless of your faith background we do need to protect those rights. let me give you one caveat. there are some in the islamic faith that cannot practice their faith apart from the government also being in line with their faith. literally their faith drifts

into shaharya law to say for me to function i have to also control the government. i have to control the community. that's not all that are in the islamic faith but there are some. that's the way they practice. we in the united states absolutely honor those that have religious faith but you cannot be an individual that would try to undercut the united states government for the practice of your faith. the government exists to protect all faiths not to allow you a vehicle to take over a section of any part of the government. >> thank you. state senator? >> thank you. this whole issue of religious liberty believe is one that is very concerning to many voters and it comes under that whole title of what does the government do and what does the government not do? what should the government do with regard to people's lives, their liberty, their pursuit of happiness? i believe that religious liberty is essential and that for the government to try to interfere and determine who is supposed to do what is an embarrassment.

it is actually a slap in the face to people who choose to be different. so that in our country when we have a condition of religious liberty being questioned or being constrained, that is not the best possible situation for us. i believe that in this -- in these days and times we have extremists in every faith. those of us who would only adhere to the old testament in the christian faith versus being under grace in the new testament, sometimes we can be just as rigid in our views to the extent that we are infringing on those territories similar to what other extremists religious might be doing. religious liberty is a personal issue it is an issue that the government should not be addressing. it is an issue that the united states was founded on. we came here seeking religious freedom and for us to change now and try to constrict one group one way or another is

unacceptable in my opinion. >> thank you. well, state senator, this question comes from derek wieldman who is a junior here at osu. which of the senate commitees do you feel you are most qualified to serve on? >> thank you, derek. these osu students are deep thinkers. i appreciate that. i've got a daughter who just graduated from here. i have served significantly in the area of health and human services. in fact, for the last 33 years. i've been in the area when we reformed medicaid, when we've reformed the health care authority in the state of oklahoma. but i've also focused on criminal justice reform. how do we reform our criminal justice laws in ways that are productive and that don't cost us a lot of money? i've enjoyed serving on the veterans committee. i really got a big lesson when i served on the transportation committee because i know that

roads and bridges are the key to recovery for our society in terms of economic principles. so i think i know i would like to stay in health and human services but i have a heart for the veterans. i have an economic interest in transportation. i've enjoyed serving on energy. i would be available to serve wherever i'm best suited to serve, wherever my leader thinks i should serve. i would serve in that position, do my best, and then as i gain seniority, i would branch out into other areas that continue to expand my expertise in order to better help citizens of the state of oklahoma. >> thank you. congressman? >> i currently serve on the committee called oversight and government reform in the house of representatives. i'm a subcommittee chairman on that and have oversight for energy, policy, health care, and entitlements. i work a tremendous amount with things like social security and disability but i also work a lot on the issues of oversight

of government. duplication in government. now that's never -- it's maybe a shock to you but at times the federal government can be fairly inefficient. shocking, i know. the committee that has the greatest jurisdiction on that in the senate is called homeland security government accountability. that committee, itself, allows me to be able to step in and continue the work i've already done the last four years in the house of representatives. how do we do greater oversight? it's not a republican/democrat issue. bureaucracy is bureaucracy. it doesn't matter who is in the white house at that point. you deal with duplication in government. one bill i currently have that we passed in the house of representatives is called the taxpayers' right to know and forces every agency to list every program they do, how much they spend on it, how many staff are assigned and how they eval yacht the program if at all. that has passed the house of representatives overwhelmingly bipartisan. i'd like to take it over to the senate and try to get it passed. that is one thing i could actually implement on the homeland security government

accountability so we can require the agencies to provide that list and look for the areas where we have duplication. why do we need 50 programs across ten different agencies that do the same thing? we don't have money to spare. if you haven't noticed we're over $17 trillion in debt which is the big issue we face. we have got to get our government back to a greater efficiency. >> thank you. that'll have to be our last question. it's time now for closing remarks. once again based on the coin toss, congressman, you have two minutes. >> thank you. thanks for the conversation. i'm glad you're all able to be here. for those that endured to the end online as well i appreciate the conversation for your engagement to stay involved. it is extremely important that people don't make decisions based on a sign or sticker, that people make decisions based on real insight. i appreciate you all are engaging to do the research. i would ask if you would like to do additional research on me and my background, what i think about issues go to james

lankford.com and would be able to find out what i believe and what i am all about. this is an issue about trust. as you said earlier, this is a long job interview. actually said that a lot as i traveled around the state. i don't come from a political background. i treat this like a job interview. i go to people and say here's what i believe and what i'm all about. i don't run down other candidates. i don't try to do compare/contrast stuff. i say here's who i am and people can make a decision about who they want to be able to hire in this role. but i would ask for your vote and your trust. my family and i worked and prayed very hard for our nation and we do stay engaged. we're committed to serving all 4 million oklahomans in every community in every town in every city and every small, rural village. we're going to stay engaged and trying to listen. i can also say to you even when i listen and do my research, at the end i have the responsibility to be able to make a decision. the issues we face right now in america are serious. they are difficult.

anyone who comes to you and says we can fix all this if we will just -- then they fill in the blanks -- is over simplifying some of the issues we deal with as a nation. this year we have $500 billion in overspending. now, four years ago when i came to the house of representatives and joined the budget committee we were $1.4 trillion in overspending that year. through the budget fight for the last four years we've been able to get it down to 500 billion. we have many difficult issues to go. we have to balance and we have to deal with the issues of every day americans and oklahomans. i will listen. i will research. at the end i will lead to be able to make the decisions to help us in the nation. god bless you. look forward to our ongoing conversation the next 28 days. >> thank you. state senator? >> thank you. it's been a pleasure to be here this evening and to share in these conversations about the issues that most affect us as people. we've talked about veterans. we talked about immigration. we've talked about defense and health care and social security

. as you think about those issues i encourage you to ask the questions, what have you done for me lately? what have we done to make a difference in the lives of you and you and you? versus the lives of the special interests who seem to take over our government right now? as your next u.s. senator, i commit to you to always be a voice, to always be an ear that will listen to what is of interest to you. what are the challenges that are facing you in your lives? i've always been an advocate of voting. i challenge you tonight to believe that this election is the most important election that we will have in the next ten years. this is the election that they don't think anyone will vote in. i'm encouraging everyone. go out. use your votes. make your vote your voice. that is the only way we get to a government that really meets the needs individuals versus the needs of the few.

as your next u.s. senator it will be my privilege and my honor to represent you in the areas that matter most like education, strengthening our health, our public education, schools, and systems. i like creating jobs that are meaningful jobs that pay a living wage. but mostly, making government do the things that government is supposed to do for us as people and not in our lives as individuals. those are the challenges. those are the opportunities that lie before us today. i want to say thank you again for having us here. i want to say my family and my supporters who are here with me this evening, thank you. this has been a privilege. i appreciate you. god bless you. vote for me. 2014, november 4th. you can visit me and get more www.cj 4 n at okay.com. thank you. >> thank you. and that concludes the debate. i would like to thank state

senator connie johnson and u.s. representative james lankford for a very informative and also very cordial debate. i also would like to thank the student volunteers who helped with the event today as well as recognize the partnership between the league of women voters of oklahoma and oklahoma state university. be sure to vote on november 4th. have a good night. >> our campaign 2014 coverage continues with a week full of debates. friday night, live at 8:00 eastern, the wisconsin governors debate between incumbent governor republican scott walker and democrat mary burke. and saturday night on c-span at 8:00 eastern live coverage of the iowa senate debate with u.s. congressman democrat bruce braley and state senator republican joni earnest. sunday live at 6:00 p.m. eastern the michigan governor's debate between incumbent governor rick snyder republican and democrat mark schauer.

more than 100 debates for the control of congress. >> next, white house cyber security coordinator michael daniel. he says the obama administration will push congress to pass several cyber security bills. then political debates from illinois. in the state's 17th district congresswoman sherry busos is facing former representative bobby schilling in a rematch of the 2012 race. then between the governor pat quinn and republican businessman bruce rauner. former white house press secretary james brady died in august. tomorrow a memorial service will be held at the newseum. mr. brady served in the reagan administration, was shot during a 1981 assassination attempt on the president. vice president biden and a number of former white house press secretaries will be attending the ceremony. we'll have live coverage here on c-span. and later in the day the house

homeland security committee will hold a field hearing in the dallas/ft. worth area to hear from officials about the state's response to the ebola virus. thomas eric duncan died from the disease wednesday at a hospital in dallas. he was the first person to be diagnosed in the u.s. with the disease. we'll have live coverage of the hearing starting at 1:00 p.m. eastern. the white house cyber security coordinator and the technology rector of northrop grumman cyber an event on security. this is a two-hour conference. >> is the wire covering my tie?

[ laughter] everyone. it's great to see you out here today. scott did a good job on acknowledging a number of folks we want to thank. i'll do a quick repeat of that. again, our thanks to the center for national policy. as scott mentioned this is our second event we're doing together. hopefully it is the first of many more to come. also, a great thanks to northrop grumman our sponsor who really makes this event possible and intelligent conversations move forward. speakers oned our were delighted to have our guests. they will be part of a panel discussion that i think is quite remarkable and informative. a little promotion the monitor has a big announcement today. we are pleased to announce the debut of a new csm initiative called pass code. we call it the modern field guide to security and privacy. we realize on a global network

of monitor reporters from around the world led by mike farrow our editor and our deputy editor, both of them are here today and would be happy to talk to you more about the monitor's new initiative. we intend to provide deeply reported, solution oriented, nonfear mongering coverage that moves your understanding and the discussion forward. again you can find us at csm pass code.com. this is the debut so stay tuned between now and january when we do our formal launch. so we're here today to talk about cyber security. an important it topic. one that the monitor's office obviously is investing resources in. why is that? well, primarily, it's a big story. it's a big, complex story that touches a lot of lives. more people than ever are impacted and concerned about both privacy and digital security.

much of the discussion often times to a degree focuses on fear, uncertainty, and doubt. nd so what are the monitor values we're bringing to this discussion? well, 107 years of journalism that is deeply reported and global. we'll admit to our biases. we are constructive, progress minded, and solution oriented. these days media companies have to decide where to invest and what to cover most particularly. one of the areas we're investing in is cyber security. pass code is how we're doing it. d so remember csn pass code.com. introduce asure to vern doyle. one of my colleagues is describing him as the rare bead that is a technologist that can speak english. [ laughter]

>> i immediately tried to hire him. vern is director of technology for northrop grumman's cyber division and his team leads -- he leads an advanced cyber technology team responsible for understanding emerging problems and solving those problems in advance for customers worldwide. vern will introduce a vision for a new paradigm for cyber security thinking with the goal of making our systems more resilient. after vern finishes we'll take some q & a and with that, vern, the floor is yours. >> thank you. >> good morning. thank you for having me. so i'm here today to start a new conversation, a conversation about looking at cyber security a little bit differently with the goal of making our systems more resilient. my hope is that this conversation can move us past

the age of the high profile breach. many of the breaches are very well known. they're very personal. like the home depot breach, the target breach, this week the jp morgan chase breach was in the news front and center. these are very personal to us. because they're criminal in nature and the idea of money coming out of your wallets is a scary thing. but there are also other high profile breaches that in some ways are even more disturbing. but that aren't always as well known. shomun attack on saudi sometime ago. this was an attack on a national critical infrastructure provider. and you have the issue with the french and british navy back in 2009 with the virus. and these attacks were aimed at disabling those organizations' ability to conduct their primary mission. you can imagine the military

unable to perform its mission as a result of a computer virus. this is a very real potential problem. then you have the insider threat. we're all familiar with the snowden case. you have the cyber vigilantes like anonymous conducting espionage, disrupting systems for a wide variety of purposes. so this is a global, borderless problem, and it's not going away any time soon. the real question is, why is it so easy for the attacker and seemingly so hard for the defender? how is it that they seem to march in and out of these systems as if nobody is watching? and you'll get a lot of different opinions on that. people spend their careers trying to figure that out. but when you blow away all the smoke, i think it comes down really to two root problems. the first is that the cyber systems that we rely on are inherently vulnerable.

so the commercial operating systems, the commercial software packages, the commercial hardware platforms, these are all designed rimarily to address profit motives. they are easily obtained by the attacker. they can exploit and find the vulnerabilities in those systems and that is largely what they take advantage of. that's probably not going to change any time soon. and then the second problem is that you have machines against people in a high speed battle. and now what do i mean by that? well, you have hundreds of thousands of malware samples being generated every month. that's not people writing that malware. those are machines. those are machines automatically circumventing all of our defense systems. that malware typically operates inside of an infrastructure that is also automatically controlled by machines. so the command and control

notes, the hot points, the channels that connect these different adversary systems together are typically set up, used one time, or for a very limited period of time, and then torn down and never seen again. now, let's contrast that with the way we defend our systems. so we have fixed infrastructures. monitored by thousands of people. climbing up mountains of data trying to sort through what's happening. patching software. writing signatures. reacting and chasing and trying to find this machine driven, fast moving target. so you have a static, human controlled system battling with an automated machine driven system. and at the end of the day, the machines are going to win that battle every time. it doesn't matter how many people try to put up against those machines. and so how do we fix that? how do we overcome that?

how do we develop a protective strategy that makes the systems inherently resilient? one way that i'd like to introduce into this conversation is by making our cyber systems disposable. and i don't mean disposable in the sense that you throw them away like a paper cup. i'm talking about disposable in the sense that they are single use. if you think about it, that is exactly what the adversary is doing. they're malware, command and control, channels. single use. and we can do the very same thing with our own cyber system. this would make it far more difficult for an adversary to gain access and persist into the system if what they saw on tuesday was no longer there on wednesday and it was different yet again on thursday. so this would shift the battle from us chasing them to them chasing us. and that would move the advantage in favor of the defender. there are six technologies that

make this concept possible. you'll recognize them because they're already out there. and they're in varying degrees of maturity. so three of them are sort of the biggies and then there are three smaller underneath that. the first is the cloud computing paradigm. this is a technology that is designed to be flexible, recon figureable, you can establish, compute storage devices anywhere anytime. it is essentially disposable technology. the second big pillar is software defined networking. think of this as cloud for communications. rather than a static communication channel, software defined networking allows you to do ad hoc networking, allows unconventional devices to behave as routers, and really provides a lot more of that sort of flexible recon figureable, disposable

capability. and the third big pillar are these increasingly mobile end points. while many people think that the mobile end points are more vulnerable when you look at the security architecture it's actually moving in the direction of being more secure. and again, it enables a very flexible recon figureable disposable approach. when you bring those three pieces together, the software defined networking, the cloud, and the increasingly mobile end points, you have the opportunity to create an entirely disposable system. so rather than fix static gateways, static routes, static end points that never move, we would have virtualized moving gateways, ad hoc networks, and single use, private end points. this system would be controlled by our network defenders. rather than spending their time reacting and chasing and climbing up that mountain of data, they would send their time proactively recon figuring

these systems so that they are very hard to understand and breach. underneath of those three big building blocks there are three other critical enablers. they are, route of trust, identity, and always on encryption. part of the disposable concept of operations is to con figure, operate, dispose, and restore. that restoration piece comes from the root of trust. identity is a very important thing within this paradigm. being able to understand the identity of the machines and the people and permitting them into the system, permitting them the access to information based on their identity and their role is a key to keeping unauthorized people out of the system. and the always on encryption is a no brainer. all right. you don't open the door and let somebody come in and walk all over your network. all right? you need to lock down zones and lock down different information

based on always on encryption. so when those six technologies are brought together, again, it creates the opportunity for us to enable a disposable system concept of operations. let me talk about a couple of scenarios of how that might be used, kind of illustrate the application of this system. for the first one, i'd like to talk about is an operation center scenario. more of a strategic network. so imagine operators coming in to perform their jobs and rather than carrying their device with them or finding the device on their desk they walk into the building and they pull it off of a rack or out of a bin. that device would have been established to a known, good state by a team of people, network defenders that know how to do that from the root of trust. when he turns the machine on, it has an identity. it turns on the encrypted channel. that machine awe thentcates itself into a central system.

the operator then uses his fingerprint, his voiceprint, his cad card to authenticate himself into the system and his personal configuration is loaded on to this device. when he walks into the operations floor, his other analyst friends are there with him. and they form up a private, ad hoc network among the team, fully encrypted, only the people permitted to participate in that mission are allowed inside. those people can be outside the building. they can be around the world. they can be anywhere. so those operators can function throughout the day within this private trusted environment and at the end of their shift, they turn the machine off. they toss it back in the bin. and they leave. that machine is then wiped clean and given a new identity and the next shift of operators can come in and do the same thing. so that system is essentially disposed of. it's never used again. the route, the notes, the

identities. if somebody were able to see and understand it when they came in the next day it wouldn't be there anymore. now, let's take that into a more tactical environment. because tablets and lap tops are not the only kind of end points that we need to be concerned about. we need to think about unmanned vehicles, u.a.v.'s. we need to think about sensors on u.a.v.'s. we need to think about fire control systems. all of these can function within the same disposable concept of operations. so imagine if you will a special forces team has been asked to go perform a rescue mission. they need to have overhead surveillance to help them out. we're going to use some u.a.v.'s for that support. so once again the u.a.v.'s should not be sitting there with untrusted software on them, with untrusted operating systems. they should be loaded for that specific mission at the time of the mission from a strong route of trust. the people flying the u.a.v.'s and controlling them should

have their identity authenticated into that system so that they can move the u.a.v.'s over to the area of interest. and then the ground forces will have some device that is also built from a strong route of trust so that they can receive the real time video they need to conduct their mission. in the end, all of those systems will come back. they'll get wiped clean. they'll get to be given new identities. once again, that system is essentially disposed of. never used again. so this is a concept that would be very frustrating to an adversary. imagine them spending their time mapping, trying to find holes. maybe they actually identified some. but the next time they come back to take advantage of that, that system is no longer there. so how do we get there? how do we move from the react and chase model to this proactive, disposable concept of operations? one thing you don't do is take the current security

architecture and implement it to this flexible, reconfigurable infrastructure. for example you wouldn't want to take today's monitoring applications v. virtualize them, and put them into the cloud. because all you are really doing is implementing the same paradigm and you'll still be reacting and chasing. what we need to do is take those six key building blocks. we need to bring them together. we need to accelerate the integration of those six technologies and then we need to build that proactive model for security. this will make it far more difficult for the adversary to gain access and persist. if there is an insider threat, it'll make it far more difficult for him to reach out and grab information he is not permitted to have. if we want our systems more resilient in the future we need to think about making them

disposable. thank you. i guess i'll take some questions now. thank you very much. applause] >> i've been given the opportunity to ask the lead question and i'll seize that opportunity. first of all, vern, i love this image that you present of moving the momentum from the attacker to the defender. it's very helpful to look at the three supporting core technologies that could create a disposable system. within those three is there an area that your team is thinking most about and/or next step in this integration that would move us forward in creating these disposable systems? i.e. where should we focus next? >> well, we're researching each of those technologies, and some of the customers are also researching each of those technologies. i think where we need to go next is in the direction of bringing those six pieces

together and figuring out how to implement the disposable command and control, the disposable security model to wrap around the six key technologies. we're already working on the individual pieces. >> excellent. great. let's have some questions from the floor. i think, is there a mike? he gentleman here on my right. >> hi. thank you so much. this is very informative and interesting. my name is guy taylor, the national security team leader at the "washington times." , you a question about were touted as someone who speaks english or common man language about this. so let's say this hypothetical u.a.v. mission you're talking about involves recording some video. where would that video then be stored once the systems are

wiped? with that system on which that video is stored, would it be something that gets recycled constantly? it sounds like an inconceiveable amount of data that would have to be wiped and moved, wiped and moved all the time. >> yes. good question. so we're actually not talking about disposing of mission data. you know, the recorded video would potentially be temporarily stored onboard or moved into a back end cloud infrastructure. what we're talking about wiping and restoring are the infrastructure pieces of the system. so that the processors and the operating systems and the software that collects the video is what would be wiped clean and restored. the mission data would be preserved and put into the cloud and moved and changed as part of this moving target disposable model. >> in the back, could you state

your name and affiliation please when you take the mike? >> hi. brian pendleton private security consultant. my question is what about cost and risk analysis? you talked about having multiple sets of lap tops, infrastructure, businesses have a huge cost there. how are you going to get them to buy into this? >> right. so that is a good question. i've been asked that before. what is the cost of something like this? and i think you want to look at this from a life cycle cost perspective of a breach. what does it cost when an organization, whether it be a military organization, or a financial organization experiences a breach? what does that cost? the second dimension of cost is the man hours. how much time and money are we spending chasing, reacting, searching for things that are no longer there?

we want to shift that to a more efficient use of those man hours. so those are really the two biggest variables in the cost equation. cost of the breach and the cost of the people. i think if you move the needle on those, you're going to wind up coming out ahead. >> we have time for one last question. that was fast. yes. the gentleman in the black shirt here. >> i'm with voice of america. in terms of the rapid response that you mentioned that is going to shift and you're going to have disposable responses, is that country specific? for example we know iran, china, russia use different tactics. do you also analyze what kind of methods they use so the response that you give would be specific to those countries? >> i think one of the advantages of a proactive security model is that somewhat agnostic to the attacker. all right? so our goal is not to try to

analyze, react, and chase what the adversary is doing. our goal is to take control of our own systems and proactively con figure them so that they're very hard to gain access to. so independent of who is attempting to gain access, whether it's a criminal, a cyber vigilante, a nation state, we want to take control of our system. that's what the proactive security model is all about. >> vern, thank you so much. it is fascinating to hear of a potential more agile response to defending cyber attacks and we appreciate your thoughts immensely today. thank you. quick round of applause. >> thank you. applause] >> we're now going to move to the next phase of today's discussion and i want to introduce mike fera who will be up in just a moment. mike is the editor of the monitor's new pass code section. he is a veteran tech and business correspondent who shared in the boston globe's

recent pulitzer prize. we're delighted to bring mike from the globe back to the monitor where he was reporting from our san francisco bureau and was at one time our mid east editor. we're thrilled to have him leading our pass code team. mike is going to introduce you to our next speaker.

>> are we all miked up? everyone can hear us? okay. great. i'm mike fero, editor at the christian science monitor, i'm pleased to introduce michael daniel, who probably in this crowd needs little introduction, but he is special adviser to president obama and the cyber security coordinator, which i think he, himself, has described as sort of a job of herding cats because he oversees many different agencies who have many different protocols when it

comes to their security implementation. and issues and so i'll turn it over to michael. he's got some words to say. then we'll do a brief q & a and turn it over to the audience. >> thank you. thank you, everyone, for coming out this morning and participating in this event. i would be remiss if i didn't remark it is national cyber security awareness month so appreciate all of the interest in this particular topic. i think one of the points that i would like to make just to start, you know, i think that cyber security, you can clearly see it emerging as one of the defining policy challenges we face for the 21st century. and i think that is actually driven by several factors. but one of them is actually it's not obvious why cyber security is in fact such a really hard problem for us. if you look at the data on

intrusions, it actually is pretty clear that most of the time the bad guys are getting in through holes that we know about and holes that we know how to fix. so at one level cyber security really shouldn't actually be a hard problem. but if you take a step back and you think about the various aspects that cyber has taken on and given the depth of penetration it's had into all of our social lives, our private lives, our public lives in terms of the interaction with the government and in the private sector, our commerce, and economic, you start to realize that cyber security is not primarily a technical problem. it is also an economic problem in terms of incentive, a human behavioral and psychological problem. it is a physics problem because of the way met works are constructed. it's a political problem because of its international dimension. and when you start to roll all of that together suddenly you have what the folks in boston might call a wicked problem.

>> very good. >> and that's what i think starts to actually make cyber security the particularly difficult challenge that it is for us. and that's why i think it takes such a wide variety of disciplines to begin to address the problem. from the administration side, one of the things i want to highlight for this audience today is our efforts to actually expand the cyber security work force. and so to address that problem you really want a much larger and much broader work force than we currently have. we need a much bigger work force to deploy against the problem. and it needs to have an incredibly wide array of skills ranging from a lot more technically focused folks to help companies out with, and government agencies out with their immediate technical problems associated with cyber security, but, also, people that understand how cyber security interacts with their industry. how it interacts with

industrial control systems. how it interacts with our financial sector. so from a policy standpoint, from a legal standpoint. from the administration standpoint we are really trying to drive a connection with the administration's jobs training initiative. in fact, earlier this month we wrote out a whole slew of grants for community colleges and a lot of universities a lot of which will go to cyber security programs to support efforts in expanding that and of course, because this is washington we have an acronym for our efforts in this area, the national initiative for cyber education. it's a nice acronym. but that's really focused on sort of three different efforts. one of which is to expand a heat map -- develop a heat map of where the cyber security jobs are, to really expand the cyber

centers of academic excellence that are accredited by the national security agency and to expand the scholarship program that funds security related scholarships. in all of that effort we are really trying to just do what we can from a policy perspective to drive an expansion in our cyber workforce so that we have the personnel that we we need to address this wicked problem that we've talked about. i'm sure folks want to get into other subjects. >> you bring up great points to confront this wicked problem. you also say that it's really in many ways not that difficult problem. in hindsight when we look at a lot of the breaches that occur, some of them are occurring because of vulnerabilities we already know about. it's not just an issue of throwing bodies at it, it's also

a mindset shift. so how do you confront that issue? is it training? is it redirecting the existing workforce to do their job that they should be doing in a better way or is it a technical fix? how do you see that? >> i see it as a combination of all of those factors. some of it is facing the security upfront so that developers as they think of developing softwares and apps that security is just one of the aspects along with usebility or the interface that you consider when you do the development. so that's one aspect of it. another is really i think some of the ideas that are embedded in the cyber security frameworks of standards and best security practices. as a best how you do think of cyber security risk? and really starting to embed thoughts about risk management

and cyber risk management the same way that companies manage their litigation risk or their pickup truck risk. and that is something that you informs in to manage -- manage the risk. in other pieces of it is really understanding how to enable technologies and capabilities that are focused on how people actually have to interact with their information technology. so one example is killing off the password. frankly i would love to kill the password dead as a primary security method because it's terrible. but it has to be -- but when we think about replacing it, we have to replace it for something that is easy for people to use. >> what would replace the password? >> i think there's going to be a variety of technologies that will be able to do that, some of which will be biometric related. you started to see some of that with the emergence of the

fingerprint readers but also you can use the cameras on cell phones which are now ubiquitous -- the selfies are actually used for something besides posting on facebook. there are also, you know, all sorts of different related tenologyhat are used for authentication which is easy to use because of the way that people use their devices, card, card readers, all of those factors will be combined. i don't think there will will be one solution for everything. there will be multiple solutions. there will be things that we really care about securing like your bank transactions and things that you are less worried about like the cat videos on dwrube. >> those are important. this being cyber security awareness month, the monitor did a poll to see what people are doing to secure their security

especially with the breaches we've seen. we found that half of the people did something to improve their network and half the other people did nothing. of the people who did nothing they said well, they're not really concerned about it. is that a realistic view of the current landscape given what we're confronting? >> so i mean, i think that cyber security -- you're not going to be surprised that a cyber security is an issue that affects everyone. the -- i probably would not be doing my job well if i said otherwise. but i do think that -- i do think that it's an issue that everyone should be concerned about at some level because almost everyone lives some aspect of their lives online either in the form of how you interact with a company, what a company -- the data that a company might have on you. not people that are largely

connected still their data is online in various places. so it's something that everyone should really have some concerns about. but i do think that what that shows though is that we still need to work on, again, i come back to making it available and easy for people to use and to do and to make it sort of security by default rather than something you actually have to work really hard at. >> so what would that mean "security by default" in terms the apps that people use on the website? >> a lot of this comes back to how do we do the development work to make sure that we're developing a secure code from the beginning. how do you have systems that are much more intelligent themselves about monitoring their own activity and bringing the disciplines of things like biology and how do you have

networks that are sort of have the equivalence of, you know, the t and b cells that live in your body that hunt down intruders so that it's sort of just present on the network? and all of that happens, you know, much more in the background rather than being something that people have to actively engage in. and it also, i think, is making the services available to both businesses and consumers so that they can set them up and be functional on their networks. >> should the government be pushing the private sector harder? this framework is nice. it's a framework. should it be mandatory? or should there be aspects of it that should be mandatory? >> from our perspective we firmly believe that it can remain a voluntary standard -- a voluntary framework and still be effective. we actually have a long history of voluntary standards being quite effective in the united

states. i think that ultimately it's the market forces that will really make that take off and go some place and that's the most effective tool that we can harnest in that yea. -- harness in that area. >> i think clearly we can -- anybody can look at the news can see that we don't have the edge. i think probably everyone read the "times" story about the white house being concerned about j.p. morgan. that shouldn't be a surprise. t the "times" article didn't know what they were talking about. we're glad you're here to fill us in. >> i think in general we have watched for several years, you malicioustrend of the actors in cyberspace trying to target our political infrastructure and it is a

critical par of our economy and definitely a critical infrastructure for us. obviously any time we see one of our major banks being targeted and successfully targeted, that is going to be a source of concern for the white house. i would put it in its more general context though that is the broad trend of the targeting of u.s. critical infrastructure and how is it that we can do a better job of protecting that critical infrastructure over the long-term that is particularly concerning to us? while obviously we are concerned with an incident that exposes that many people as that incident seems to have done, it's also the broader, longer term trends that we are very concerned about. specifically which trends? can you point to a few threands you are most concerned about? >> so if you look at sort of three broad trends that you can ick out, one, we are hooking more and more stuff to the

internet all the time. the so-called internet of things that has somewhat arrived, your coffee maker, your car, your refrigerator. they are threat vectors in cyber terms. that's made -- we talked about cyber security in a world of wired desktops. now we're going to do it with a big data vocal cloud, just throw in all the buzz words at the same time. that makes the problem just that much harder. >> right. >> we've also watched the malicious actors be willing to move up the threat spectrum. so now it's not just a matter of doing the digital equivalent of graffiti but they are actually willing to take destructive steps. we saw that with the saudi heir in 2012. we saw that the south korean banks. we seen the attacks on our own

institutions here and we also know that the tactics and the capabilitys that are available to the malicious factors are drawn. they don't have to use them yet. but we know and we can watch their sophistication growing. there's this myth now that a lot of these hackers are still the disgruntled teen in their mother's basement which there are still some of those. hacking is a big business. and they are run like businesses. many of these organizations actually operate along very structured corporate -- corporate lines. and so the sophistication is available and the resources available to them, you know, are far, far more extensive than say 10 years ago. so that's pretty interesting right because the hackers are many steps ahead of what we're

doing now to try to protect our networks. given that that's the case -- should there -- when you think out this world of critical infrastructures. some of sort of critical. some are really critical when you think of the electrical grid or nuclear power plan, can you just pull the plug essentially? is that the best way protecting a nuclear power plant, for instance? >> so as tempting as that might be to do as a solution, i also don't think it's possible to line the clock back and not have some of these systems in a bold forward access. now i think you need to think about that. there are some systems that we actually decide we may want to set them up so that if you -- you may be able to get data from them remotely but if you actually wanted to make changes to them you have to be physically present. you could set up the systems to

do that. one of the rules that we have around our office is that expediency will trump cyber security every time. unless you specifically put in policies to prevent that, most people will take the expedient root. you find that a lot of times when the systems end up being connected to the internet it was because well, that was easier for the engineers to do their job. and that's true. but there is a security down side to that. and organizations need to think about that -- that convenience vs. security trade-off and do that as a more explicit risk population. in some cases it might be the case ha the asset is to particularly critical that you don't weant it connected up. that may be a risk that you want to live with putting into risk than other compensating controls. i think that's something that need to be given explicit thought than sort of just

letting it up. >> are there areas where you think we should limit the action. it's hard for me to say from not being deeply involved in sort of all the different aspects of all the different industries but clearly what i would argue is that's where the combination of the subject matter experts and the security folks in any given organization need to have some real conversations about the risk is and what the benefits are and really explicitly make that trade-off. one thing that's coming recently and debates in washington and the industry is this notion of having a professionalized cyber security workforce. in addition to have more trained people in the field or just more people the motion of somebody having someone that's certified some way being suber security specialist. what's your view on that? >> i definitely think that cyber security will evolve as a

discipline. i think it is becoming its own discipline and it's not the same as some of the other technical computer science field and it involves bringing in capacities from other -- other areas. so i think it will evolve into its own discipline. i think having some of the -- some of those certify cases will be a good thing. >> so you yourself have had to learn a lot about this field. you're not a techy? >> i'm not. >> you took some grief for that in the press. what did you think about that? >> well, actually i was -- what happened during august on a friday. so that was kind of par for the course in washington. and it comes with the territory i think here. i think some of it though was a misunderstanding of what i was trying to say which is that the -- and that was my point about why i think cyber security is such a hard problem is that, in fact, actually it involves a

whole bunch of different disciplines. and in -- and we need a bunch of different disciplines in order to address the problem effectively. and so we certainly need -- and as i was mentioning our workforce initiative, a huge chunk of that will left to the workforce to run the fire walls and develop the software and manage the security systems. but you also need people that are savvy about cyber security from a policy standpoint. how to actually get organizations to make those risk management option. how do you get the government to actually do something? how do you get the bureaucracy to function? those are different skill sets. if you look at, for example, the security on the council staff,

they have an i incredibly wide array of people who are engineers but also people who primarily have legal backgrounds, people who have done development work and the international space. people who have spent time in the military. people who have spent time in lalmt because all of those are different aspects of the problem that we need to bring to bare on the issue. >> and i imagine your experience in government various agencies urries you with the cat issue? >> yes. >> you don't have any real power with these offeringses. do you think that rule has to change in the future? >> actually, i don't. think that -- i believe that as with any of the white house

bs a lot of it is with the soft power. as you work with the agencies and bureaucracies to get them to move it in the same direction. i think with -- you can be very effective in that space as long as you understand how that space actually operates. i think cyber is such a humongous issue that you're not going to be able to put any one person in charge of it in that sense. and i actually think that would be -- i actually think that would not work very well. and instead you do need someone who can get to the various aspects of the infrastructure. what we're doing in the military and national security space. you're never going to put that under one spot. and i don't think that would be a good idea. >> can you give us a bit of an

update on what you're doing in congress to get the cyber security legislation moving? >> sure. >> we've been heavily involved with working with the committees on -- relevant committees of jurisdiction in both the house and the senate to work on the legislation and make improvements to it and get it into a place that could pass both houses and the president could sign. we remain committed to doing that. obviously getting anything past on capital hill is quite a challenge. i think that we try to be realistic but it's something that we remain actually engaged with. >> we talked to mark before coming on stage and another thing in the news is that apple and google are strengthening their security protections on their phone. something that f.b.i. director and the attorney general don't

really like so much. what's your view on that? , if you k the issue is look at the framework. encryption is the best practice and increpting data in motion are obviously smart things to do. it's not so much that any increppingsilingts. it's how did the government and our law enforcement agents can continue to gain access in the information in a court approved process that doesn't put something completely beyond the reach of law enforcement. even things that are in face or other places are reachable by search warrant. and so we do want something that the reach erly above in certain circumstances. use incrippings.

sh -- encryption. >> this is a hard area. the reason that you've seen we've had debates about encryption going back decades. i'm the babb lonian from the greek side of it in some form. i think this will continue to be an issue that we will try to navigate. >> joul to talk to jeff about getting better hackers. >> we have time for questions from the audience. f anyone ice got anything? "politico."

can you talk about what's going on in other financial institutions? was it briefings in the context of just randomly suggest. sanctions? >> so i think the way to think about this is that we keep the -- part of our job on the national security council and is to make sure that the president and his senior advisors remained informed about the wide arrange of national security threats and so that was the context in which we were treating this particular issue. it is part of an ongoing investigation with the f.b.i. service.

i think it's something that we pay attention to the sense that we are mindful of all the threats to the critical infrastructure whether you're talk about the electric sectors the telecommunication sector and so it's put into that broadst context. any time we see successful penetrations of those kinds of companies it's something we're oing to engage on. >> you in the back. >> sorry to hog the microphone but i dough think anyone else had their hand up. thank you so much. i want to ask -- maybe it's a different question. i don't want to feel like i'm conflating things. is broadly one of the topics the extent to which the xecutive that should be --

adhere to certain super scrute standards. thed a minute tration's admission they should not be pushing the pros because market forces can be seen. but then on the other hand you said expediency will trump it every time. in a week where it might have been increrted there are certain standards are in place. >> i would say that there's the difference between making something like the missed cyber security framework. saying that the government doesn't have any roll in controlling or pressuring the private sector to continue to using on and doing a better job. and i'm always concerned about a regulatory framework that is, you know, the speed of

regulation does not move at the speck of technology. we want to be very mindful. we have -- for example the framework technology, agnostic. that is different than saying that the government doesn't want to be involved with and work with the private sector to improve cyber security across the board. in fact, i firmly believe that one of the -- up with of the key changes we face is actually figuring out how the government should interact with respect to suber security. .t won't be a traditional it's going to be a new partnership and that in fact, is what -- one of the defining challenges that we'll be working on over the next, would argue

five to 10 years really is. how is it that the government at all levels is going to interact with the private sector on this issue. both within the united states and internationally as well. >> talk about hiring cyber security staff. they said that some of their main problems working have been salary, job structure and just also the issue of getting a job at the federal. by haven't seen much -- >> that was an understatement, yes. >> those are three areas that we haven't seen much movement on. are progress on various avenues trying to address some of those problems, including

prying to get broader authority for cyber security professionals. to make it easier to move them. once your in the federal government to address some of those question problems. i think that, you know, it's unrealistic for that will compete in the pry vas sector with sal. and so we can do a better job. we're never going to completely overcome that. we have to look at it with the kinds of works that you can do. and the other that you are not ready to focus. focus on those aspects of the job. it's a compli cailted -- tes certainly -- complicated area. we are trying to -- but i think that overall we still have to work the workforce as a hole because.

-- because of the limited talent pool. what's happening in terms of recruitment? are you showing up at m.i.t. and carnegie me lons to get the and ow is the revelation certain hurt that? it's a p.r. problem that plays out there. >> certainly we are trying to expand our earths. that they have faced overall have not made that any easier to do. i would say that, you know, we continue to try to focus on recruiting the best talent that we can. and -- certainly n.s.a. has faced some challenges. they're revelations as you said. what's interesting to me is that

across a wide variety of places in the federal government including our law enforcement agencies which more and more crime has moved online. so they have a greater need for that. for cyber a huge need security network. o i think that it's also something that we're trying to address holisticically. >> anybody else? >> i'm josh wiggins from inside sishe security. i was wondering what is thed a mintstration hoing to see come out of that and moving forward with the framework? are >> what we areart of

hoping for is trying to get some feedback. what has been your experience? what has been the strengths, what has been the weaknesses? where does it need clarification, expansion? we know one of the areas that was less well developed was how you measure employment. we still need more. development in that area. thingse of the kinds of we're hoping we get out of that workshop. a lot of experiences with how the framework works. >> hi. federal times. just to follow up. i was wondering if you could talk about about what you're saying in terms of adoption of the framework, how you are measuring that, especially