Ethis committee will come t order. To help us understand what china is doing. We spend a lot of time on this committee debating whether xi jinping will make a move. This is a question that people continue to debate. I wonder if such an invasion or the preparation for such an invasion which would be incredibly costly as the Ranking Member very eloquently brought up yesterday has already begun. Put differently, the ccb has been attacking us. Government, our defense contractors, our Development Firms in cyber. And they had been robbing us on tech. And they used that to their military modernization. And they have been gathering information on people and companies. Our military records have been compromised. Mine is framed in my office, in my basement. According to the fbi, chinas vast Hacking Program is the Worlds Largest and theyve stolen more americans personal and business data than any other nation combined. But that wasnt enough for the ccv. In the past few years, our intelligence and Cyber Security agency has discovered the ccv has hacked into american infrastructure disabled and destroying our Critical Infrastructure in the event of a conflict, conflict over taiwan for example. This is the cyber space equivalent of placing bombs on american bridges, Water Treatment facilities and power plants. Theres no economic benefit for these actions. Theres no pure intelligence gathering rational. The sole purpose is to be ready to destroy american infrastructure which would inevently cause chaos. The Chinese Government has already done it. Our Cyber Warriors have been trying to stop it across the American Homeland. The damage that could be done by this is almost hard to imagine. We need to step up. Defend our Critical Infrastructure, defend ourselves in cyber space. Its a critical part of deterrence. It will take unprecedented collaboration between the public and private sectors to create the type of layered cyber deterrent that we need to prevent disaster because its not just a government problem its a whole society problem. Our committee is called the select economy on u. S. China and the Chinese Communist party. The name of our committee vastly under states the problem. Its not just a strategic its a threat. And china will be able to cause massived loss of american lives. Thats unacceptable. I believe men and women of good faith in both parties have come together to prevent that from happening, thats what todays hearing is all about. I recognize the Ranking Member for his Opening Statement. Thank you so much mr. Chair and thank you for the witnesses for coming today. I understand that general nakasoni is your change of command. You made tyke to you made time to come see us. And i imagine this will be nakasonis unplugged. And were going to talk about the pla. This wanted poster shows members of unit 61398 whom we indicted in 2014 for hacking into American Companies and stealing intellectual property. This was the first time weve ever indicted prc nationals for computer hacking in the u. S. For years the ccp studied how the u. S. Ran Cyber Operation to develop its own concept for warfare. Xi jinping has studied and collected data. Hacking into government emails and even potentially gathering personal data from apps like tiktok. However today we will be discussing an even darker side of the ccp cyber tactics. Going beyond merely stealing information. Last may, released a joint advisory that ccp Cyber Attacks were targeting u. S. Critical infrastructure including American Power and utility systems, oil and Gas Pipelines, and rail systems among others. This Cyber Campaign titled volt typhoon has been inactive since 2021. Ccp hackers access Computer Systems of at least 2 dozen critical entities including in hawaii and in guam. The hackers even attempted to hack the texas power grid. The purpose was to install malware that once activated would disrupt or damage the infrastructure. You might ask why. Very simple, to potentially harm us in a time of conflict. Strategists talk about attacks. Former cisa director stated that quote chinese attempts to attack infrastructure or to cause societal chaos inside the United States. This means targeting americans. This means we could suffer large scale blackouts in major cities. We could lose access to our cell towers and the internet. We could lose access to clean water and fuel. So, how do we respond . First, we must be clear eyed about the threat. The ccps objectives for a cyber attack are not just to impede military readiness. They also seek to target military infra, im sorry civilian infrastructure to cause political, economic and social chaos and in the plas own words quote shake the enemies will to war. Second, we must hunt and destroy malware. We have need to discover and describe all malicious code the ccp is attempting to hide within our network and Critical Infrastructure. In fact, less than 48 hours ago, reuters reported that the Justice Department and fbi were authorized to disable aspects of a ccp Hacking Campaign on the way now in order to protect our networks and devices. This is exactly the type of proactive action that we need to take. And we need to work with our partners and allies to do the same. I look forward to hopefully learning more from the witnesses about this particular, about this counter campaign. Third, we must deter our adversaries. While malicious chinese code hasnt yet disrupted any of our networks, any that would cause loss of life would inherent the u. S. The right to respond. We need to make sure we have the capability to respond and respond decisively. I look forward to hearing from our Witnesses Today and i yield back the rest of the my time. We are witnessed to have a great panel of witnesses. The honorable cockell jr. , Christopher Ray is the director of the fbi. Jen easterly is the director of infrastructure Security Industry and general paul nakasoni. I too have to thank you general nakasoni. I dont want to play favorites but when i called you to try to convince you to do this, i felt a little guilty because you were doing your change of command. But the fact that you were willing to do this. More than the awards youre wearing on your uniform today just to the type of public serevent that you are. That you would be willing to do this. And you know, whether youre redeploying or changing command, usually you kind of trap your you kind of block your pack. I just wanted the outset of this hearing to thank you for an exceptional career of Public Service. The nation owes you a great debt of gratitude. We can stand for that. I asked the witnesses to stand and raise your right hand that was me lulling you into a false sense of security before the questioning begins. I would like you to stand so i can swear you in. Do you swear or affirm under penalty of perjury that the system youre about to give is true. You may sit. Director ray will begin with his testimony. Which i believe will include a major announcement. Mr. Ray, you may proceed. Thank you chairman gallagher, Christian Morti for inviting me today to discuss the fbi east ongoing effort to protect our nation from actions taken by the Chinese Government that threaten American Safety and prosperity. Before i go on, i do want to make very clear that my comments today are not about the chinese people. And certainly not about Chinese Americans who contribute much to our country and are frankly often the victims of Chinese Communist party aggression themselves. Rather, when i talk about the threat posed by china, i mean the government of china. In particular led by the ccp. The ccps dangerous actions, chinas multiprong assault make it the designing threat of our generation. When i describe the ccp as a threat to American Safety a moment ago, i meant that, quite literally. There has been far too little public focus on the fact that prc hackers are targeting our Critical Infrastructure. Our Water Treatment plants, our electrical grid, our oil and natural Gas Pipelines. Our transportation systems. And the risk that poses to every american requires our attention now. Chinas hackers are positioning on american infrastructure to cause havoc to american citizens and communities if and when china decides the time has come to strike. Theyre not focused just on political and military targets, we can see from where they position themselves across civilian infrastructure that low blows arent just a possibility in the event of a conflict. Low blows as a civilian are part of chinas plans. But the prc that goes way beyond prepositioning for conflict, today and literally every day theyre actively attacking our economic security. Engaging in wholesale theft of invasion and our personal and corporate data. Nor is cyber the only prc threat we face. The prc threat is more dangerous because of how they knit the campaign against us. They recruit human sources to target our businesses using insiders to steal the same kinds of invasion and data that their hackers are targeting. While also engaging in corporate deception hiding beijings hand in transactions, joint ventures and investments to do the same. And they dont just hit our security and economy, they target our freedoms reaching inside our borders across america to silence, coerce and threaten some of our citizens and residents. But i can assure you the fbi is laser focused on the threat posed by beijing. Weve got cyber, Counter Intelligence, criminal, and wmdx experts just to name a few defending against it. And were working in partnership, partnership with the private sector. Partnership with our companies abroad. In fact, just this morning, we announced an operation where we and our partners identified hundreds of routers that had been taken over by the prc state sponsor group known as volt typhoon. The volt typhoon enabled china to hide among other things preoperational reconnaissance, Network Exploitation against Critical Infrastructure like our communications, energy, transportation, and water sectors. Steps china was taken to find or prepare or degrade the infrastructure that keeps us safe and prosperous. Lets be clear, Cyber Threats to our Critical Infrastructure represent real world threats to our physical safety. So working with our partners, the fbi ran a court authorized on Network Operation to shut down volt typhoon and the access it enabled. Now this operation was an important step but theres a whole lot more to do and we need your help to do it. To quantify what were up against. The prc has a bigger hacking section of any other nation. In fact, if you took every single one of the fbis cyber agents and intelligence analysts and focused them exclusively on the china threat. Chinas hackers would still outnumber fbi cyber personnel by at least 501. So as we sit here, while important budget discussions are under way, i will note that this is a time to be keeping ahead of the threat by investing in our capabilities rather than cutting them. We need to ensure that we sustain and build on the gains that weve made that have enabled us to take actions like the volt typhoon operation. Budgets that emerge from discussions under way now will dictate what kind of resources we have ready in 2027. A year that as this committee knows all too well the ccp has circled on its calendar. That year will be on us before you know it. As ive described the ccp is already today putting their pieces in place. Those watching today to think we cant protect ourselves. But i do want the American People to know that we cannot afford to sleep on this danger. As a government and a society weve got to remain vigilant and actively defend against a threat that beijing poses. Otherwise china has shown it will make us pay. I move forward to todays discussion. Thank you, sir. Chairman gallagher, Ranking Member, christian morte and distinguished members of the committee. Thank you for the opportunity to testify. I have been honored to lead the office of the National Cyber director oncd for over a month now. And your leadership for creating this office. I appreciated our conversation yesterday. Onc was established. We coordinate many important agencies with Cyber Missions across the government to ensure federal coherent on Cyber Security policy. We have budgetary responsibilities to ensure that the u. S. Government is making appropriate moves. Excuse me, successfully and transparently executed. Coordination and collaboration are central to our ethos. Cyber security remains a joint effort and im proud to be testified with some of our nationings brightest leaders. Conduct disruptive and destructive attacks. The prc threat actor, volt typhoon has it has been named has conducted Cyber Operation focused not only financial gain or espionage but into Critical Systems that put those systems at risk. Their aim is clear in the early stages of a conflict they want to disrupt our militarys ability to mobilize and to impact the system that allow us to thrive in our increasingly digital world. We can, must and importantly are season the initiative from former adversaries to defend the American People. Last year President Biden called for us to build a future that as a foundation of deep and enduring collaboration. The national Cyber Security strategy is built on two fundamental shifts that we must one rebalance a responsibility to defend cyber space and two, realign incentives to favor long term investments. Today in users of technology, the individuals, Small Businesses and Critical Infrastructure entities that make up constituencies in your district. This means that Market Forces and Public Programs alike must reward security and resilience. This leads directly to the first pillar of the strategy which is simple in concept but daunting in scope. Defend Critical Infrastructure. As we concede from prc targeting, Critical Infrastructure systems are in terrain from which our adversaries wish to engage us and Critical Infrastructure owners and operators the majority of who are private entities. The government must also be a good partner when an incident has occurred. Assistance is required. And even as we look at defense, we also need to favor defenders. Addressing the open resource problem, that makes it difficult to understand the quality of code we use. A topic that were looking to address. It is vital we invest in program, expand opportunities for all citizens to learn Digital Skills and open these skills to all segments of society. Including those who have never seen themselves in cyber. This is through implementation of the the af strategy. The administerss focus on Cyber Security has put us on a firm strategic footing to counter. But we will only seize the initiative by leverages the partners we rely on including congress. Ultimately, Cyber Security requires a unity of effort, no one entity can achieve our shared goals alone. Sitting here today with our close partners i hope you will see how our u. S. Team is enhanced by a thoughtful, patriotic cyber working together to build a defensible resilient digital eco system. Again i thank you for the opportunity to testify today, i look forward to your questions. Thank you, sir. Director easterly youre recognized for your Opening Statement. Thank you for the opportunity to testify and to protect the nation from the preimminent cyber threat from the peoples republic of china. Critical infrastructure, resilience and security we have long been focused on the cyber threat from china. But as youve heard in recent years we have seen a deeply concerning evolution in chinese targets of u. S. Critical infrastructure. In particular, weve seen chinese cyber actors including those known as volt typhoon burring deep into our Critical Infrastructure to enable destructive attacks in the middle of a conflict. This is a world where a major crisis half way across the planet could well endanger the lives of americans here at home. Through the disruption of pipelines, the severing of our telecommunications. The crippling of our transportation mode. The threat is not theoretical. Leveraged information have found an eradicated chinese infiltration including aviation, water, energy, transportation. Based on this information this is likely just the tip of the iceberg. So were working to take action now knowing this threat is real and this threat is urgent. First, through authorities from the Congress Based on a recommendation from the cyber state. Were using our joint Cyber Operation to enable us to uncover more cyber threat. Were also using our Free Services and resources and providing owners and operators across the country so that they can detect and prevent chinese malicious fplts and were working direct lip with businesses to help them increase the resilience on the critical. The reality eradicating chinese, bolstering and even some of the great disruptive work is all necessary but its not sufficient. The truth is, the chinese cyber actors have taken advantage of very basic flaws in our technology. Weve made it easy on them. Unfortunately the technology under pinning our Critical Infrastructure is inherently insecure because of decades of Software Developers not being held liable for defective technology that has led to incentives where features and speed to market have been prioritized against security. Leaving our nation vulnerable to cyber invasion. That has to stop. Technology manufacturers must ensure that china and other cyber actors cannot exploit the weakness in our technology to saunter through the open doors of our Critical Infrastructure to destroy it. That has to change. Were at a critical juncture for our critical security. Todays hearing should serve as an urgent call to action. Specifically every victim of a cyber incident should report it to cisa or fbi every time knowing that a threat to one is a threat to all and Cyber Security is tphaalgs security. Every Critical Infrastructure entity should establish a relationship with their local cisa team and take advantage of our Free Services including vulnerability scanning to ensure they can identify and prevent the as the vulnerability that the chinese actors are using. And fbi and International Partners to do the necessary investments in cyber hygiene to ensure they can protect their networks including throughout their supply chains. Every Critical Infrastructure entity needs to double down on resilience. Prepare for an attack and test and prepare for their Critical Systems. Every Technology Manufacturer must build, test and Deploy Technology that is secure by design. We have to drive toward a future. Which actors cannot take advantage of technology defect. This is a future under pinned by a software regime based on a measurable standard of care and safe haven for those Software Developers who do innovate by prioritizing security first. Every ceo, every Business Leader, every board member for a Critical InfrastructureCompany Recognizes that cyber risk is business risk. And its a matter of good governace. Members of the select committee, thank you for the opportunity to look at the operational environments over my six year tenture. Including fiercely in the information domain. Prc cyber actors are prepositioning in our u. S. Critical infrastructure and it is not acceptable. Defending against this active activity is our top priority. The men and women continue to maintain our strategic advantage by using the full scope of our authorities and the full spectrum of our capabilities to impose costs, deny benefits and encourage restraint on the part of the our adversary. We will continue to strengthen partners, foreign partners so we may operate any where we are needed. We are ready and postured to contest crp positions at home and abroad. Our force to counter these threats are stronger and more physical. That deny the prc that deny, frustrate their strategic efforts and systematically eradicate industry. The instructure at scale. One example of the impact of these strong relationships was demonstrated in may 2023 with the Cyber Security advisory which was the first documented prc. Other industry partnered acted behind the scenes with our center. I would like to reiterate to recognize the communities effort to bring attention to in effort which impacts our National Security and the lives and livelihoods of the American People and i look forward to our conversation. Thank you, sir. Director easterly, your Opening Statement both written and spoken really teases out the troubling implications of an attack on our Critical Infrastructure. Hostage in the event of an International Incident such that we would be afraid to the af respond or to cause casualties on the homeland. Is that an accurate assessment that i can take from the testimony . Absolutely, as i mentioned, it is doctrine to induce societal panic in their adversary. The Chinese Government got a little bit of a taste of this in the aftermath of the ransom ware attack. Telecommunications go down, so people cant use their telephones. People start getting sick from the water. This is truly and everything, everywhere, all at once scenario. And its one where the Chinese Government believes it will likely crush american will for the unions to defend taiwan in the event of a major conflict there. This is also a scenario that we can indeed can prevent through denial through the deterrence and escalation of punishment, a credible threat and then perhaps most importantly through american strength and unity and the power of our values. General, nakasone, we have to assume theyre attacking. It can have an impact on what we can going to do in the Pacific Region would want to respond with. The ability to leverage our most lethal weapons systems. These are all areas we would rely on. Director wray we mind me again of a stat that i thought was phenomenal. If you focus all of the fbi cyber professionals on the china threat we would still be at what sort of disadvantage with respect to the humans in china that are focusing on america. We would be at a disadvantage at least 50 to 1. 50 to 1. The reason i say is because de voted massive resources to the biggest hacking system in the world by a mile. They also work with cyber criminals. Yeah. Which is then a whole force multiplier. How many of their resources are devoted to china would you say . Of our resources . Yeah. It is the biggest chunk of our Counter Intelligence program by far and probably the biggest chunk of our Cyber Program by far. And of course we have other divisions like our weapons of mass destruction folks who are the ones who did the work on covid origin for the fbi. We have criminal folks, criminal investigation working on the fentanyl. It permeates almost all of our programs. You have previously testified when it comes to tiktok that it creams of National Security concern. Why . What is the risk posed by tiktok. The most important starting point is the role of the Chinese Government. The acts Parent Company is e effectively beholding to the Chinese Government. Which in turn creates a concern in the part of the authority to leverage that access or that authority. First the data, it gives them the ability to control Data Collection on millions of users which could be used for all sorts of intelligence operations or influence operations. Second the recommendation algorithm which could be used for all sorts of st r information. Which is something that we could not detect. And ai. The ability to get personality data and feed it into those operations which means the opportunity to compromise millions of devices. And you put all those things together. It is a threat that i think is very, very significant. And again it all starts back with the starting point which is the Chinese Government itself and their role and their ability to control these difference aspects of it. Thank you, my time is expired. His questioning game improving with every hearing. And as they say game respects game. Youre recognized. Thank you, first we want to recognize the real world Cyber Attacks that are happening today in ukraine. At the behest of russia. Recently the russians cut off Internet Access for tens of millions of ukrainians in one cyber attack alone. And they then cut off power for hundreds of thousands of ukrainians in a separate cyber attack and so, i have a question for general nakasone. You know we actually depict this here. It could look Something Like this. In a conflict situation, the ccp could aim to attack the american infrastructure the same way the russians are attacking ukraine, right. That is correct. Let me turn to a real attack by the ccp. General nakasone so far we have identified malware but it has not been deployed yet. In the case of malware you would be able to detected like typhoon, correct. We would be able to, yes. Here is a picture of you five years ago, and you said this which really caught my eye, you said, if a nation state decided to attack our Critical Infrastructure, thats above the threshold of war. Isnt that what you said . So i do recall appearing there from that quote, yes. I probably would have said it differently today, Ranking Member. Okay, then the next part of that quotation also caught my eye. You continue by saying, and we would simply respond. In your written statement, you talk about imposing. I would like to say, cyber con has a way to respond. We cannot be episodic in looking at this threat. We need to be increasingly to both enable and act. What we have done over the past five years has been able to look at imposing costs in a much broader fashion. Whether or not its publishing a matter. Whether or not its being to work closely with treasury. This is the idea of consistently being able to persistently being engaged with your adversary. Who would attempt to put malware into our infrastructure. First we will attribute it back to you. Secondly that could be an act of war and third we will respond decisively. I would like to touch on tiktok as well. Our data talks are not unique compared to other Companies Like facebook otherwise known as twitter. I personally agree that various data privacy concerns, but the key difference is that unlike tiktok are not known by a company beholding. Tiktok is different. Which by their very nature. What makes tiktok so challenging and therefor so risky from a district, that are over and over national. Those are norms that are blurry. Thank you for disabled this volt typhoon campaign. Couple of question, one is, in this year of election. Obviously the foreign minister recently told Jake Sullivan assured him that the ccp is not going to affect with our elections this year. How can we prevent that from happening . Well, has promised a lot of things over the years so i guess i will believe it when i see it. Itll be the starting point. Second, we work very hard across the interagency. All the agencies you see represented here. Plus a whole host of other partners to try to anticipate and prevent any efforts to interfere in our elections. And there have been enormous strides made over the years. Not just amongst all three of our agencies but between our agencies and state and local Election Officials, secretaries of state etc. To try to prevent cyber interference in our electoral system. The pervasive problem of Disinformation Campaigns and things like that. And there again we have to work with the private sector and not just the interagency. All that has to be combined with the publics role in being a more discerning and media savvy. How many routers were you working with . I dont know the exact number but it was millions of routers. These Small Office Routers were very outdated which made them easy targets for the Chinese Governments. These small office, home Office Routers were not themselves the intended targets. The targets of course were our Critical Infrastructure. But what the chinese were doing were using these easy targets to hide their role in the hacking of our Critical Infrastructure. So thats why the point that was made about making sure that were not creating an easier attack surface for them is very important. I would like to thank our witnesses for joining us today. Thanks again for your service. General nakasone thank you for your over 30 years of service to our nation. There are some things that could have consequences on entities like hospitals and Water Systems and power grids and other civilian targets. What makes the prc activities like embedding latent mall malware in the system. What makes them unique to other responsible cyber actors. Responsible cyber actors of democracies like our own do not target the civilian infrastructure. Theres no reason for them to be in our water. Theres no reason for them to be in our power. This is a decision by an actor to focus on our structures. Thats not what we do. The Ranking Member talked about atribution and finding out who was behind this attack. And its not about playing defense. One thing we can do very effectively is having a very robust offensive capability as a deterrent. So that folks understand like china that if there is a cyber attack against our nation that what will be coming back their way will be orders of magnitude greater. First of all do we have the capability to do that. And if so, do we communicate that in various ways so that china knows what the consequences will be if they take such an action. We do have the capabilities and were very, very good, the best. From our policy members to the conversations we conduct to the real world examples that we do with a series of difference partners. The one thing i can tell you is first we have discovered what theyre doing and we have exposed it. Secondly the partnerships that exist between our agencies and commands are something that concerns the chinese. And finally, its the work with the private sector that gives us scale. They may have 50 501 but when we use the private sector we outnumber them. The Critical Infrastructure like oil and Gas Pipelines give me a reason why someone would preposition in those Critical Infrastructure and what conclusion should we reach as congress and the American People from these reports . This is an attempt to provide the chinese options in crisis or conflicts. When we have discovered them in these Critical Infrastructures the first thing we need to do is make sure we get them out. The second thing is we need to have a vigilance that continues on ward. This is not an episodic threat were going to face. This is consistent. This is the piece that director a talked to. We have to have defensive capabilities. Director easterly you talked about Holding Software companies responsibility for the software theyve written for a variety of different sources especially the electrical grid. Give me your perspective on how we could do that. How can we do that in a timely way. How with how can we make sure that any software written is held responsibility and how can we expose the liabilities. As you pointed out this is both a current problem and a legacy issue. What is critical is we start now to develop a regime. This was part of the National Cyber strategy that can actually hold Software Makers liable for creating defective technology. Because frankly i believe if we had Something Like that and that was put in place at the dawn of the internet and when software was developed, we would not be in a world where the internet is full of malware and software is ripe with inability. Not speed to market, not cool features. Thats really important in a place where congress could be incredibly helpful. We also have been working directly with industry as general nakasone pointed out. The force multiplier of having their presence in all of these discussions, industry to put a priority on secure by Design Software as well as International Partners. The last thing i would say is we need to ensure that individual consumers are also aware that they need to be asking for products that are secure by design and not defective. We are making things too easy for our adversaries. Thank you mr. Chairman, i yield back. Mrs. Caster. Thank you mr. Chairman, thank you all for being here today and everything you do to keep america safe. Director easterly i understand a High Percentage of Cyber Attacks in the u. S. Are in the Energy Sector. How would you characterize the corporation, the proactive nature of public and private entities across the Energy Sector . Thanks for the question, so as the National Coordinator we work with whats called sector committees essentially that have representation from Critical Infrastructure owners and operators. One of the things that i found most impressive since i came into this role is that the Energy Sector, the people at that table are ceos. And you do not see that across every sector. And that really shows that ceos in the Energy Sector understand this issue and understand the need to make significant investments in their Cyber Security and in their cyber resilience. And so that is a very positive thing. We have categorized the work in the sector and the department of energy and cesar which handles all of the cyber work so that Companies Understand the threat. We did this very close to the russian invasion of ukraine. The grid across the country is an aging and in many places is decrepid. Theres invasion and distributed systems. I think of afterhurricane ian hit southwest florida. The subdivision, the neighborhood that had a distributive system that did not go away. Are you working with those systems where youre not as dependent on volatile field sources. Youre thinking about the Cyber Attacks but also long term resiliency. How is that working and do you have any recommendations of congress on that. Yeah, exactly and that is the keyword. We are living in a highly digitized, highly vulnerable, highly connected world which highly it is impossible to prevent all bad things. It is impossible to prevent disruptions. We have been working to focus on that resilience. To expect there will be disruption and to be able to continue to operate through a disruption and to recover. Some of the exercises that weve worked on with our industry and federal government really double down with that concept fpt. To the point that the aging grid goes down to legacy and infrastructure. We also need to ensure that we are investing in building resilience into the legacy infrastructure. Its a difficult thing to do. Im encouraged there may be some use of Artificial Intelligence that help us rewrite some of the code bases at least in the Technology World where you have very sketchy code that is generating instability. We can help to shore it up. Do you want to say anything about these ages routers that director wray referred to with volt typhoon and how they targeting americans and what folks need to know. Yeah, thanks for the question. Just so folks understand and my teammates can weigh in as well. When we talk about malware. Malware has been mentioned several times. This is actually not malware thats why the Cyber Security was living off the land. What these chinese cyber actors are doing is essentially finding a vulnerability and then finding ways to live within a computers operating system so theyre actually very, very hard to detect. Because they look like any other person whos operating on it and theyve elevated their ability to act like a system administrator. You cant tell its a chinese actor. Thats what theyre doing on these routers so they can build these large botnets for command and control to allow them to t essentially bought nets for command and control, to allow them to have a launching pad on our Critical Infrastructure, where they take advantage of yet another vulnerability. Said the routers themselves may not be aging. They just essentially were created to be terribly insecure. They dont update their software. They allow for very insecure interfaces with the internet and i think just today, at some point in time, cisa and fbi will actually publish what we call a secure by design alert, specifically for the manufacturers of routers and those Small Office HomeOffice Capabilities that director wray talked about, of the very basic things that need to be done to shut off the chinese cyber actors from using these routers as launch points. Thank you, i yield back. Mr. Newhouse. Thank you, mr. Chairman. Let me also express my thanks to each and everyone of you for your dedication to keeping our country as safe as possible. As you all know, there is an election coming up this year. The Ranking Member broached the subject. I wanted to delve a little deeper into this notion of election integrity. Over the past year we as a committee, weve heard from a lot of different experts. Its good to see you again, dr. Easterly, on many of the emerging trends that weve been seeing an advanced technologies that are being used in misinformation campaigns, weve got deep fakes, ai, all kinds of social media and algorithmic types of warfare. Certainly the four countries, china, russia, iran, north korea keep coming up, but theres also a lot of nonstate actors that we hear about, as well. So ive got several questions and i think not directed at any of you, but all of you, if we have time to weigh in, so gave in the everexpanding nature of advanced technologies in all of these nonstate actors capabilities, what concerns you most about u. S. Election integrity and the possibility of future election interference . Importantly for us to hear, also to adapt to these kinds of changing conditions, what policies should we consider amending and which programs do you rely on in particular for resources . The general mentioned this. Should the government expand its role in the Public Private partnerships . And all of this, how does this all occur without infringing on the First Amendment, the right to free speech, and also each states constitutional free and equal elections clause. And then just for people listening to this hearing, what gives you confidence and faith in our ability to ensure free and Fair Elections . So ill start with you, general. Let me start with the last part of your question, congressman, which is weve done this before, weve done it successfully before, 2018, 2022, 2022 per all of the agencies at this table have been working together. This is our fourth effort in terms of Election Security and im very confident in terms of what we will be able to deliver, a safe and secure election. Thats based upon the fact that not only has our methodology gotten better but our partnerships have expanded. Its not just the part of the stable. Is the private sector. Its understanding internationally where we need to be able to partner and see what adversaries are doing outside of the United States, and that very effectively. Its a really important question, thank you. Serves as a sector risk agency so we leave the federal effort to support state and local Election Officials, who are those on the front line of managing, administering, and defending election infrastructure. I have confidence because of the enormous amount of time that i spent with secretaries of state, chief Election Officials, state election directors, who work every day to ensure that they can effectively defend their election infrastructure from the full range of threats, from Cyber Threats, from physical threats, from operational risks and from foreign malign influence, and i think whats incredibly important is for the American People to understand the enormous amount of work thats been done with our partners in the federal government, but at the state and local level and with industry, to improve the security and the resilience of our election infrastructure. One thing to note, that its the diversity and decentralization of our election infrastructure, because its managed by state, by 8800 separate jurisdictions around the country. That heterogeneity gives a resilience and there is also enormous amounts of controls, physical, technological, procedural, that keeps that infrastructure resilient. So the American People should have confidence in the integrity of our election infrastructure and every american, if they have any questions about it, serve as a poll worker, serve as an observer. Talk to your local Election Officials and ask them questions. Its a transparent process that everybody should support their Election Officials who are working hard to ensure the integrity of our most foundational democratic process. Thank you. Mr. Ray . I would second the remarks of both my colleagues. I would just add in terms of things that we are concerned about, you alluded to the role of deep fakes. Obviously ai will enhance some of the same Information Warfare that weve seen from our foreign adversaries for quite some time. We are also concerned about the ways in which misinformation, is Information Warfare if you will, from a foreign adversary and Cyber Attacks can work in tandem. And i think for example about the iranians effort in the fall of 2020 that director ratcliff and i did a public announcement about where you had a cyber intrusion that was not as effective as the radiance wanted others to think it was, but they built sort of a Disinformation Campaign on top of it. We were able to expose it and largely render it ineffective, working with all of our partners up here, but thats the kind of thing that i think we will see more of. What am i confident in . Im confident in my partners. Americans can be confident in our election system and our democracy, but im also mindful of the fact that our adversaries are getting more and more sophisticated and that there are more and more foreign adversaries that want to get in on this game. Thank you gentlemen, time has expired, mr. Moulton. Thank you mr. Chairman. Its easy to think of the threat posed by the Chinese Communist party as something far away. They may be carrying out a Genocidal Campaign against that minorities in their own country. They may be getting more Nuclear Weapons more quickly than any other country in the world, and they may steal secrets from our military and our private misses every single day. But your testimony makes clear that what the Chinese Communist party is also doing right now is positioning themselves to change the lives of every american in ways that we wouldnt expect every single day, to cut us off from our water or electricity whenever they want, to take control of our phones or our personal data, to take out the gps system that we rely on, that helps our kids get home. Those of us who see classified intelligence have seen China Building these capabilities for years. But most of our Critical Infrastructure, our electricity and water and rail systems, they are run by state and local governments who are the private sector. They may not understand these threats. So director easterly, how do we in the federal government ensure that these entities are protecting a system so vital to all of us . How do i convince a small town in my district marblehead, the town of 20,000 where i grew up, to invest and cybersecurity to stop the Chinese Military . Im all for Holding Software makers accountable, but if a Water Authority doesnt help take their software for 10 years, that may be too late. How do we protect ourselves today . Its a great question so we have to attack it both that the Software Developer level, but then of course that the Software User level. But as we know, many of these Public Utilities and even smaller Critical Infrastructure entities are target rich but cyber report. They might have two people who are focused on security and theyre the same two people who are doing administration or the finances for the company. And so, one of the things that weve done with the support of congress is built a very large field for us of advisors and subject Matter Experts to be our frontline forces, to work with all of the Critical Infrastructure owners and operators, the businesses large and small, to ensure that they are aware of the Free Services that we have that can make it easy on these entities to actually ensure their security and resilience. So very basic things. I think that a lot of entities probably dont know does exist, so this is a place where wed love to work with you on the committee to make sure these small towns that would be fantastic. Cisa. Gov, all our free stuff. One last point, asic, basic, basic cyber hygiene, its not rocket science. If they do the basics they can stay safe. Director ray, you explained that tiktok is beholden to the Chinese Communist party, which can access users private personal data, influence their feeds. Earlier today taillon experienced a 3000 increase in distributed denial of service attacks last quarter, 3000 . Imagine thats a coincidence with their election, so the Chinese Communist party has shown a willingness to influence elections. Im heartened by the experience and competence of the federal government in protecting the integrity of our election system, but just to understand, if the ccp were to want to change tiktok feeds to bias one candidate or another in the upcoming president ial election, would they be able to do so . My understanding is that under chinese law that would be something that they would be permitted to do. And we already know they influence chinese children to study science and math. Could they be able to suggest to American Kids that they use more drugs . Again, my understanding is that the Chinese Government and Chinese Communist party, if it wants to exercise that authority, can easily exercise that authority. China describes it Cyber Efforts as proceeding on four factors, deterrence, reconnaissance, offense and defense, deterrence. How do they think about deterrence and how do we think about the terrans in response . In terms of the way that we think about it, congress, as we think about deterrence by denial and deterrence by cost position, deterrence by denial is what we are discussing here in terms of publishing and being able to expose the chinese are doing in an ossified manner. This is the difference. This is the challenge china now faces. Weve uncovered what theyre doing and we will continue to do that. So as we uncover this. Im running out of time but i want to comment on one of the things you said to me. Its clear from all weve heard including the workforce challenges direct rate described, that we need more cyber experts to serve our country. Given the threats that we played out today, do you have a message for Young Americans who might want to do something about this . The future of our nation, the future of our economy is tied so closely to the future of our ability to operate in cyberspace. If youre looking for a challenge. If youre looking for fulfillment, i will tell you that any of the agencies that you see here provide a mission and a responsibility that would morph your imaginable expectations, and i truly believe in the importance of National Service, and i would encourage all americans to think about that. Thank you mr. Chairman. I feel like we can make seth a colonel in the reserves or something. Mr. Molinaro . Thank you mr. Chairman and thank you all for being here today. Director wray, i wanted to followup with you on some of the comments that you had made, in addition to the cybersecurity issues you talked about the human sources, the insiders, corporate deception, beijing hiding their hand in corporate joint ventures and this whole topic of leverage and beholden to the ccp. When you appeared in october on 60 minutes you mentioned you had seen a variety of efforts by chinese businesses attempting to acquire businesses, land, and infrastructure in the United States in a way that presents National Security concerns. I saw that and i thought that was a very powerful statement. I followed up with a letter to you outlining some concerns i had about an investment in my own district. In my own district there is a company, goshen, which is a ccp affiliated company. Its worked with the pla and many of its top leaders, including the leader of its north american operations, have ties to the ccp. Goshen is wanting to build an electric vehicle battery factory in my district. Its been given hundreds of millions of dollars in federal, state and local tax dollars to do so. To build and operate its factory in my district, goshen plans to bring 20 to 50 chinese nationals to michigan. If that happens, how confident are you that it will not be used for espionage . In other words, do you believe there is a risk these individuals will be spies working in the United States . Well id have to drill in deeper on the specific example to be able to weigh in on that, but what i can tell you is that a lot of this ultimately traces back to the blurry if not nonexistent line between the Chinese Government and its private sector. And their ability, the Chinese Governments ability to, should they choose to leverage that authority, that reach, that access in a way that undermines our National Security, which is why acquisitions, buying land, buyin businesses, so forth, while it may be legal, can still raise National Security concerns because it divides a vehicle for them to, if they want to leverage that access, to conduct surveillance or other operations that undermine our National Security. And weve seen time and time again where theyve used that access, leveraged that access to do that, and in a way it ties into the operation that we are here talking about this morning, which is leveraging in a different sense. The excess is the problem. We dont want to wait until theyve actually stolen whatever the information is. We need to try to get, as they say in the counterterrorism context, left of them. How confident are you in the state departments vetting process when it comes to chinese nationals in this country . Im not the expert on state department processes. And i want to be clear, as i said in my opening, that our concerns are not just with all chinese nationals. Our concern is with the Chinese Communist party and the Chinese Government. The Chinese Government has shown a willingness to leverage insiders who have no origins in china, for example. So vetting is a very important part of our resilience and our National Security but its not sufficient in its own right. So your concern is with the leverage. They could do that with chinese nationals. They could use it with other individuals, as well. What kind of leverage are you seeing right now, the Chinese Communist party using in this country . Wellet covers the waterfront. Ill give you one example thats public. So ge aviation, a major, public, very Sophisticated Company entered into a joint venture with it wasnt a chinese company, but the chinese were able to recruit an insider at the joint venture. The joint venture was then able to get access to sensitive ge information, which then it used, he used to help chinese Intelligence Officers back in china hack ges systems. So you had the joint venture, which enabled the recruitment of the insider, which enabled the cyber hacking. And then for extra credit, the guy was essentially able to cover the tracks because of his insider access. Now fortunately theres a happy ending to that story, because ge did what we want all businesses to do. It had a Good Relationship with the fbi and our local field office, and we were able to essentially run a sting operation back against the chinese, prevent millions and millions and millions and millions of dollars of rmd from being fleeced by the chinese and essentially lure an mss officer who was involved to brussels where he was arrested, and weve extradited him, and hes now in federal prison. Thats what we need to happen more often but it also shows that if a company has sophisticated and big as ge can fall prey to this, what company couldnt . So ge did the right thing. If the company was a ccp affiliated company would they have done the same thing . I wouldnt count on it thank you point the gentlemans time has expired. Mr. Kim. Thank you to the four of you for coming on here today. I want to build on something that congressman moulton was talking about. Director easterly, you talked about just the importance of being able to connect in with the different communities across our nation. I was very interested what you said about the field force, making people aware, organizations aware of the services that are being provided, and a lot of the conversation today has been talking about how can we prevent some of this type of situation where we would have these vulnerabilities with our Critical Infrastructure. But director easterly, you also framed it and i thought it was a very poignant way to frame it, talking about some of the concern of societal panic i think is the phrase that you used, something that can be done against us that can very much damage our ability to operate, create that kind of concern amongst the ark and people that could sway political decisionmaking and weighing decisions in that way. So i guess i just wanted to ask the four of you, yes we put everything that we can into trying to prevent something from happening. But god forbid something were to happen, some type of major disruption, whether gps or Something Else of that nature. What kind of active planning are we doing in a whole of government way . Are the four of you brought into that type of coordinated effort for that type of zero hour, day after type of planning . I just want to have some sort of assurance or some sort of understanding of what kind of work you all are doing and that responsive way, not the preventative way to tackle this issue and prevent that type of societal panic that you all were worrying us about. So please, wherever you want to start, director easterly. Yeah, im happy to start. Really its not my phrase, societal panic, its the chinese, part of their doctrine, and its a pretty scary phrase, frankly. But we are working very closely with fema, our partners in the department, and they are going to lead a hold of nation planning effort to ensure that we can respond to significant National Security events. Now this is of course building on years and years of National Readiness plans and National Response plans. With respect to cyber in particular, we were asked by the National Cyber director as part of the National Cybersecurity strategy to update the National CyberIncident Response plan, so dealing with massive attacks across the country, and we are working on that very closely with our government partners as well as our industry partners, because as youve heard, industry plays a Critical Role in this, because they often times have the best information on whats happening in private, Critical Infrastructure. So that conductivity will be incredibly important for us to catalyze an Effective Response if there is a major attack on our nation. Mr. Coker, i just want to turn to you. How do you feel about our readiness and preparation in that kind of capacity . Are we doing everything we need to at the federal, state and local level . K you for the question and the concern and while i am very confident that we are taking the steps that we need to, for example, i think you heard about some of the exercises that we work with cisa on to prepare our sector Risk Management agencies for these types of situation. I am concerned that we continue to work with the state, local, tribal and territorial governments. Said several times today, theyre on the front lines of these types of actions and i view them as being a combatant commander, if you will, with many of us being supporting commanders. They are the ones who need our support. So as part of our shift in the National Cybersecurity strategy, to shift the burden of the responsibility to those who are most capable, in this instance its the federal government thats most capable to prevent and then to leave the resilience in the case of an instance like this. Id love to keep up with this because look, in new jersey we have a lot of readiness in responding to hurricanes and other storms, but i just dont really feel like theres a lot of muscle memory understanding how to be able to deal with some of these other types of approaches. Ill just end with director easterly again, talking about the readiness that we need. I have a real concern about some of the funding discussions we are having here on capitol hill last september House Republicans voted on a budget that would cut 22 to cisa. I guess i just wanted to get a sense from you what that would do in terms of our impacts and readiness. It would have a catastrophic impact on our ability to protect and defend the Critical Infrastructure that americans rely on every hour of every day. Thanks, i yield back. Thank you mr. Chairman, i want to thank all of our Witnesses Today for your valuable testimony and the work that you do to help protect americans on a daily basis. In particular, general nakasone, i want to wish you continued success and a well deserved retirement. I want to focus my remarks initially on the importance of reauthorizing a section 702 of pfizer, the foreign Intelligence Surveillance act. And as we know, section 702 of fish is set to expire here in congress if we fail to reauthorize that program on april 19 of this year. And i would argue its of existential importance to this country from a National Security standpoint. 702 is a crucial tool for providing the u. S. With the ability to target foreign people overseas to gather information that allows us to protect our citizens both abroad and here at home. And when we think about todays topic, the ccp cyber threat to the American Homeland and National Security, i want to direct my questions to director wray and general nakasone. Can you talk or explain how the information derived from section 702, as we specifically focus on our topic today, aids in protecting our troops from chinas malign activities in the pacific and the u. S. Effort to counter chinas Cyber Espionage here on u. S. Soil and our efforts to prevent transnational repression . I want to strongly second your comments about section 702 and its insipid indispensability to our National Defense from foreign threats. Specifically in the context of todays hearing, 702 is the greatest tool the fbi has to combat prc hacking groups. Just to give a concrete example, just last year, thanks to fisa 702 information, we were able to identify prc state sponsored cyber actors taken initial steps to access particular u. S. Transportation hub and we were able to quickly notify the new entity and share technical details, which enabled them to be able to kick the chinese off the networks before harm could be done, before some of the more apocalyptic scenarios weve been talking about here could transpire. Thats the kind of thing that happens, frankly, not infrequently in our work. That he 702 enabling us to identify prc malicious cyber activity targeting americans, targeting american Critical Infrastructure, enabling us to warn victims, to notify them with details that enable them to take effective defensive action. And so in my view, failure to reauthorize section 702, or for that matter, reauthorizing it in a way that severely restricted our ability to use it would be a form of unilateral disarmament in the face of the Chinese Communist party, which i can assure the American People, the Chinese Government is not tying his hands behind his back. Its going the other direction and we need to do the same. Thank you, general nakasone . Congressman, section 702 is the most important authority that the national Security Agency uses every single day to keep americans safe and secure our nation. As someone who was at the pentagon on 9 11, to consider that we would return to the days before section 702, where we couldnt connect the dots, is almost inexplicable to me. The other piece that i would add to your question is 702 is so agile that it provides us an ability to see the chinese precursor chemicals that are being used to feed fentanyl, which is the scourge of our nation. 100,000 americans lost their lives in 2022. 702 allows us to identify those precursors. That saves lives. The final point that i would offer is that of the surveillance authorities that are out there today, the most transparent, the most effective, the most important authority is 702. It balances Civil Liberties and privacy and the requirements of our National Security. Thank you, i yield back. I think the gentleman for his incredible work on that issue, as well. Mr. Torres. Thank you. General nakasone, the United States is a cyber superpower. Do you consider china a comparable cyber superpower . Congressman, i consider china a near peer adversary, yes. What is the likelihood of china outcompete in the United States in cyberspace . I think even the attention that we are putting on this today, the realization that our nation must change the strategic environment, that must change, our National Defense strategy, our National Security strategy, i think we are will maintain that superiority. A reassuring answer. During world war ii the United States was concerned that nazi germany would be the first to develop an atomic bomb. Today we are concerned that china could be the first to develop a quantum computer capable of breaking modern encryption. Director easterly, whos winning the quantum computing arms race . I would probably ask general nakasone to weigh in on that specifically. Can you point out one of the critical things that we are moving towards right now . Our agency creates the keys, codes and cryptography that assures the underlying encryption of our nation. We are developing those keys, codes and cryptography in partnership with nist to ensure that our nation is safe from a quantum computer would you describe. National security memorandum 10 talks about this. We were on the way to being able to do that and we will be able to defeat any type of quantum capability the chinese have in the future. So we are winning the race . We are. Artificial intelligence, there is a real risk that advanced ai could enable anyone, anywhere to carry out a cyber attack on Critical Infrastructure. What can be done to prepare ourselves for a world of widely distributed Cyber Weapons of mass destruction . This is an area where i have significant, significant concerns because ai is moving faster. It is moving at a speed that is three times the speed of moores law. It is unpredictable and it will probably be the most powerful weapon of our generation. Most powerful weapon of the last generation was owned and operated by nations who were just incentivized to use it. These are generally owned and operated and produced by private Sector Companies who are driven by a prophet native. So we need to be very, very specific about the guardrails and ultimately the type of regulation that will help prevent the use of these capabilities for nefarious purposes by rogue nations, by cyber criminals, by terrorists, and we need to move incredibly quickly to do that. And i think this and china are the two generational issues that we need to be riveted on to protect our nation. And as you noted, Ai Development is largely unfolding among a small number of companies, secretly, behind the scenes, and i think most of us even in congress are out of the loop. Do you feel like these companies are keeping you abreast of the latest advances in ai and the implications that those advances would have for cybersecurity . I think one other good news story is because of the illumination of this issue and the inherent risks, by the congress, by the administration, industry has had to come to the table and actually work in a more transparent way, which we greatly appreciate. But we need to see more of that, and frankly, we need to have secure guidelines in place. There needs to be secure by design for ai, which is why weve been working with all the big Generative Ai Companies and International Partners to ensure that wendys capabilities are created, security is the top priority. There are multiple leaders. The cisa director, the National Cyber director, the deputy for emergency technology, the head of cyber com will play a role in setting cyber policy and there are multiple Law Enforcement agencies, fbi, secret service, Homeland Security investigations that play a role in combating cyber crimes like ransomware. Who is in charge of creating the various moving parts of cyber policymaking and Law Enforcement . Statutorily its the office of the National Cyber director that serves that purpose, sir. How does your role differ from that of the deputy National Security adviser for cyber and emerging technologies . Whats the difference between those two roles . National Security Council writ large fields all mechanisms of National Power and cyber is but one. So when the nsc provides guidance and advice to the president , its far more than cyber. But there is a deputy nsa specifically for cyber, so how does that role differ from yours . We work very closely together but the big difference is there is more than operational flavor to that role than my role. Again, our office is providing strategic and policy guidance, not operational guidance, which is what the National Security council does with our colleagues. Again on the far broader than cyber more operational than the office of National Cyber director. But i also want to be real clear that we work very closely together, literally weekly we have a leader to leader. But our staff are working together daily. Gentlemens time has expired. Mr. Johnson. Director easterly, director wray, i just want to have a conversation with the two of you, largely around the maritime comedy port situation. It seems to me that our ports are becoming more reliant on equipping, technology, infrastructure from prc affiliated firms. I find that concerning. Is that a legitimate threat . Yes. So i think its a good example of the theme that weve been talking about at this hearing and other contexts as well, which is if you are talking about chinese businesses, there is the potential that they can be leveraged by the Chinese Government for all manner of concerns. When you combine that with some of the Cyber Security concerns that have also been discussed here in the context of ports and Maritime Security, its sort of a double whammy. These supply chains of course are so interconnected and so heavily reliance, upstream and downstream, and it doesnt take very much hitching a giddyup to start to strangle our ability to engage in International Trade or to power the american economy. How do you assess the awareness of our maritime partners, the port operators, shippers, carriers, about this threat hell yes, so one of the issues, and you may be alluding to this, sir, is that 80 of cranes in our ports are z pmc, so it goes to the point about chinese controlled infrastructure in our Critical Infrastructure. Part of the issue is and we work very closely with the coast guard who serve as the sector risk agency for Maritime Transportation systems, we make all of the owners and operators aware of the very real threat and the risk when you have such a monopoly in a manufacture its very hard to rip and replace. Same concerns with the communications infrastructure. What we do is we provide, working with the coast guard, information on the threat and we provide what they can do to mitigate the impact of that threat so there are things that can be done to lessen that risk. But of course we should work to be able to not have to depend on this type of chinese infrastructure, which ultimately is controlled by the ccp. Youre exactly right. I think thats worth double underlining, that 80 of the ship to shore cranes are manufactured by prc affiliated firms. It does seem like that is a liability, all things to be considered. Director wray, more to add on that front . I would agree with both your comments and director easterly, i would add that its just more than the ports and the cranes. Maritime sector more broadly is something that we know the chinese have targeted and thats part of why together with sis and coast guard and others weve tried to put out a load of information about best practices, mitigation, guidance, et cetera, to try to reduce the risk, but ultimately if we are going to be in a more secure posture, we are going to have to be mindful of the Chinese Governments ability to leverage its business. Lets assume that yall are doing everything right. Youve done a good job educating these private sector partners because so much of this infrastructure, as we talked about, whether its electricity, whether its water and now we are talking about ports, really is owned and operated by the private sector. Lets assume youve done a perfect job of educating them. What do you assess they need to do that are over the course of the next three next to 5 used to minimize the dangers of this threat. Im happy to start. One other thing i want to mention, fbi actually put out something specific about chinese manufactured drones, which is another area we have significant concerns in. But in terms of what you need to do, it goes back to ensuring that we have an awareness of the threat environment and that they are taking those measures to invest in basic cyber hygiene. Some of these are just taking the basics to understand your infrastructure, to know what the vulnerabilities are so you can drive remediation of them. That cyber hygiene is so important. I made the point in the Opening Statement but i really think its worth doubling down. Every ceo, every board member, every Business Leader of a Critical InfrastructureOwner Operator has to see cyber risk as a core business risk. They have to manage it as a matter of Good Governance and National Security. So thats an Important Mission to anybody that leads an organization in this nation. I would just add to those very good points that much as director easterly referred to in her Opening Statement, same thing that kind of supports Maritime Security more broadly. We need victims to reach out to us immediately because the victim who reaches out to us immediately is the one who is going to supply the information that will enable us not just to be able to share information with them, to better mitigate and prevent their attack from becoming worse, but more importantly in many ways, prevent the attack from metastasizing to other sectors and other businesses. The first victim that gets contacted, that victims information is the one that helps us protect all the other organizations and victims that are potentially out there. So we see all the time when its done right, businesses reaching out to their local Fbi Field Office. We are able to be there, often within an hour or just a little bit more, sharing technical indicators that they wouldnt have had. The dots get connected, theyre better able to prevent that attack from getting worse but then theyre also able to share intelligence, which enables us collectively to then arm other businesses and other ports, lets say in this case, from being victims and again, getting further left of whom. Mr. Chair, i would close by noting that we have hyper optimized the supply chains for efficiency but we cannot leave resilience behind, including of course cyber. Thanks, i yield. Mr. Auchincloss. Thank you chairman for today bringing together witnesses with such credibility and commitment to defending our democracy. I appreciate it. This hearing brings to mind my favorite anecdote from the civil war. It was 1864 and grant just took command of the army of the potomac and he was surrounded by his senior staff. And they were preparing for their march into northern virginia, and they kept on saying, well lee is going to do this and lee is going to do that, and what if we ask about this, and he snapped. He said stop worrying about what generally is going to do. Lets make them worry about what were going to do to them. And i think about that a lot when it comes to cyber. Because we have to do all of these things that mr. Johnson put forward. So articulately about making ourselves resilient. But we also have to make them worry about what were going to do to them. And it strikes me that the best offense we have is not actually the nsas ability to hit their Critical Infrastructure, although i know we can do that. Im not going to ask you all the details but that needs to be there. Actually the best offense that we have is to turn their domestic populations on those regimes, to allow their own people to debate, to deliberate, to ask themselves whether they like threeyear covid lockdowns, to whether they like invading another sovereign nation. And star link in the last several years has proven that it can open up those channels of civic discourse that are so corrosive to authoritarian regimes. This question is for any of you who might tackle it but what can we in the u. S. Government do 21, turbocharge our ability to turn on their civic discourse, whether with star link or other means, and two, to make sure that that decision is u. S. Governments decision, not elon musks decision. Id like to start, congressman. I think the key piece that you just talk about is what weve all realized, which is that what we do hasnt changed a lot. The National Intelligence agency, we do signals intelligence, cybersecurity, cyberspace operations. Its the how. How is changing so rapidly and this is where we have an impact against china, much in the same way grant in the Wilderness Campaign decided that were going to focus on our strengths, not worry about his adversary. Its the same thing we have your. We have our strengths. Our strengths begin with our partnership. Our strengths begin with the fact that we are able to talk with our private sector and be able to understand broadly what is going on. The fact that we are now publishing these type of insights, unclassified manor, hanging them on our websites must and will do we have a plan, general . Maybe this is from mr. Coker or ms. Easterly, but do we have a plan for Internet Freedom in iran, in russia, in china, so that their populations can engage . The ayatollah is 84 years old. Hes got advanced prostate cancer. There is going to be a succession soon. Are we ensuring the iranian people have as much of a voice as possible in making their discontent known as that succession planning is happening . Same thing of course in china. Thats what really keeps xi jinping up at night. Its not actually u. S. Politics, its latent chinese politics. Ill come at it from the fbis and. Much of what youre talking about our operations that would take place in those countries but thats why when we call out transnational repression by all the governments you listed off, thats so important, because those repressive techniques that you are talking about, they are not just doing them in their home countries. There exporting it onto u. S. Soil and their victims, their intended victims are primarily a diaspora of this countries, dissidents and critics here who have the audacity, in their view, to criticize those regimes, the chinese, the iranians, the russians, et cetera. So when we take action through exercise of the rule of law here, to protect those victims and call out that behavior, those families are in contact with their family members back in those countries, which helps create the dynamic youre talking about. I agree with you and we had excellent hearings on transnational repression and i understand the feedback loops. I would say that we need a hold of Government Strategy for star link on steroids for these authoritarian regimes. In my last 30 seconds, director wray, i want to compliment you on the work that youve done since october 7 to improve Public Safety in the United States. I know thats been a focus of yours and that in december you testified that you saw blinking lights everywhere and that you were especially concerned about hamas inspired domestic terrorism, and we know that the chinese are fomenting that, frankly. Regrettably the Boston City Council in my home state rejected 13 million of federal terrorism funds that would help in part with cybersecurity but also terrorism preparation operations. What would be your message for you mentis polities and localities about the importance of regional preparation to defend against terrorism, but Cyber Security as well as kinetic . We are, since october 7, in a heightened threat environment from various forms of terrorist risk. The biggest one is an inspired attack by the conflict in the middle east but an attack thats inspiring some individual here in a horribly misguided way to commit an attack. And that risk is more likely to be a loan actor targeting so called soft targets here in the United States, which is facilities, houses of worship, schools, places that people every day in america go, including in municipalities like the ones you are talking about. So to to defend the public we all serve, we need to be mindful of that heightened terrorist risk. Good afternoon to our distinguished guests. Thank you so much for appearing before our committee to discuss these blatant frets that the prc poses, not only to our cybersecurity but to our National Security on many, many levels. And director wray, i wrote it down when you gave your Opening Statement. You talked about they want to wreak havoc and realworld harm on us and we need to be ready if and when. I believe its very clear today from our discussion that its not if, its already happening. So our answer is resiliency. Its prevention and its accountability. So im pleased to hear about the work that youre doing interagency to counter these threats. And back in september the chairman and i read a letter to you, director wray, as well as to secretary austin, requesting that the fbi and pentagon brief members of this committee specifically on the gatecrashers and many of our sensitive facilities, u. S. Military bases, radical infrastructure and its unacceptable that the prc was even able to gain access to many of these sensitive sites. They scuba dived around sensitive military equipment. They were able to infiltrate our army test sites, missile sites, and of course the most egregious example of the spinal going across our country. Its a blatant attack on our country to undermine our National Security and breach our military and technical innovation. So i appreciate the prompt response to our letter, and i want to ensure that this conversation continues, that our security agencies are prioritizing this at the highest level. So i would be curious what the fbi is doing right now to further secure these critical areas, to ensure that we are stopping these threats to the American People before they happen. So we are tackling it through a combination of investigations, intelligence sharing, and engagement, and to break that down a little bit further, we have in all 56 of our field offices, Counterintelligence Task forces that are fbi led but that have representatives serving on them from the relevant military agencies that are in that area, as well as many cases state and local Law Enforcement you are a very important part of giving a sort of additional force multiplier to help counter the threat. We have any number of investigations into different kinds of efforts by actors associated with the prc to spy on, if you will, or in other ways, target our military installations. Intelligence sharing, obviously things that we learn through our investigations, we are able to marshal that and share that back with our dod partners so we can use that to be even savvier about how they defend their installations, and engagement. We are trying to make sure that the lines of communication are wide open between us and whatever military facility is in that particular area. When i visited an Fbi Field Office, and i visited all 56 twice. Im on my third round. It never fails to inspire me the close relationship that exists between the local Fbi Field Office and the military presence in that state. And im sure there are many, many of these partnerships that have been very, very successful in stopping many of these threats but we cant rest on our laurels and obviously continuing those conversations is going to be nickel, and i look forward to maybe further conversations there, perhaps in classified setting about what more we can be doing. I want to quickly follow up on the remaining time that i have about rip and replace because that is a huge, huge concern. Recently introduced a bill with many members of this committee including determining the Ranking Member, representative molinar, to help kind of breach that critical funding gap that exists for rip and replace. But its certainly concerning when you hear about these routers and all the different equipment that exists within our telecom. Some of them are very, very small organizations that do not have the resources. So we want to of course repurpose some of those covid funds and put them toward ripping out this Chinese Telecom equipment. That is a huge vulnerability. So direct recently, this question is for you. Can you address really the importance of a rip and replace program, not just for this level but maybe do we need to look at expanding it further and what are the consequences of us not taking action here . Its incredibly complex supply chains, as you know. But when it comes down to some basic fundamentals, i think you pointed out around the bill itself, 24,000 pieces of Chinese Software in these supply chains. So its imperative that we help the owners of some of these less resourced entities to be able to make these important changes to reduce risk. Two things i would add is we collate whats the Information Communication Technology supply chain Risk Management task force and so im not even sure that they know that there may be capabilities with funding to do that rip and replace. So i think that education there is incredibly important. The other thing that i think we need to be aware of, and we, of course the s. E. C. Has a covered list with a variety of different chinese equipment, from dahle to wall way to cte to hi tara. What we do is we make radical infrastructure aware that they may exist in their systems, so they can also be aware of the threat, either mitigate it or replace it. I think the whole effort is incredibly important and i commend you for the bill. Certainly we have a lot of vulnerability and we are working to get i realize im almost out of time, mr. Chairman, but we are working to get a true accounting of what vulnerability still exists within governmental buildings or least governmental buildings. Thank you to all of you for appearing before our committee today. I yield back, mr. Chair. Thank you mr. Chairman. I want to thank each of our witnesses for leading extraordinary agencies at a time of great turbulence and instability in the world. Our cybersecurity capabilities are perhaps one of our greatest threats and opportunities of the 21st century. We must do more to deter and respond to threats to our systems coming from the hostile actors across the world, including north korea, russia, and iran. And we know the Chinese Communist party has incredibly sophisticated Cyber Infrastructure and will become or has been discussed today, already one of our fiercest competitors on this front. One of our greatest assets, something which the ccp overlooks, is our diversity. As speaker emerita nancy pelosi and Vice PresidentKamala Harris have both said, our diversity is our power. One aspect in which we can and must do so much more is to build and rely on a diverse pool of talent in the field of cybersecurity. I know this is a top charity for the Biden Harris Administration and for all of you as leaders of your respective agencies, so turning to you, director coker, i know this topic is something important to you and you have spoken about it before. Can you speak on the administrations brought effort to increase our Cyber Workforce by sourcing talent from diverse places, and the benefit it brings to our ability to combat ccp efforts . Thank you so much for that question and that important topic. To me and the administration, diversity is all about achieving positive Mission Outcomes. That message cannot be misunderstood. Its about positive Mission Outcomes and we do that by having the strongest teams possible. I talked to 500,000 open cyber jobs, so whatever weve been doing lately hasnt been working. What do we need to do to fix that . We have the National Cyber workforce and education strategy that has its pillar, two that are most relevant to your question are expanding the federal Cyber Workforce and then americas large. We need to do that i, number one, having people realize the impact to National Security. We talked about National Service. I think americans want to serve our nation, and need to be clear about cybersecurity is serving our nation. Growing up, about the only National Service we had, by and large, was wearing a uniform, loading and paying taxes. Thats changed today. All this Critical Infrastructure segments that we have, thats National Security, so we need to make sure if there is an opportunity to serve our nation in cyber, used to be a misnomer that cybersecurity and cyber in general was a technical endeavor. Thats not the case. Folks think they have to be s. T. E. M. Cybersecurity is about critical thinking. Its about agility. Its about being openminded. One need not be an engineer or scientist to make contributions and cybersecurity. Also want to add that there are communities across the country that are exposed to these opportunities. Im a rural kid from kansas. I didnt know i could serve until there happened to be a recruiter that came from the naval academy. Hadnt even heard of the naval academy, and expand that to cybersecurity. So we need to go places where we havent gone before. And leaders know that we need to take opportunities for people. There is a level of risk. Need not lower standards at all. But sometimes qualifications that are listed are not valid. People can learn. We find the right people, we develop them, retain them and we turn them loose. So the administrations perspective is find the right people, looking in places we havent necessarily looked before. And why . Because we need more, better, different people to achieve positive Mission Outcomes. Thank you so very much. I now want to turn to another important topic which weighs on all of our minds, and thats the 2024 national election. As we frequently remind everyone, the 2020 president ial election was the safest, most secure election in our nations history. However, in 2016 election preceding it was scarred by russian hacking and broad Disinformation Campaigns which severely come from iced the integrity of the election. Anyone on the panel, if you would be willing to answer the question or address this, in an unclassified setting, is there any evidence at this time the ccp is using Artificial Intelligence to interfere in the u. S. Elections and how do we ensure this election is free from ccp influence . And i only have eight seconds, so sorry. 11 2 point referred to my intel colleagues on whether the ccp is actively using Artificial Intelligence. But based on the dnis report in december about the activity in the 2022 midterms, which talked about the aggregate scope and scale of foreign activity influence and interference, being more than we saw in 2018 and specifically chinese attempt that influence. We should expect it. We should absolutely expect that for an act is will attempt to influence and that they will interfere. But to be very clear, americans should have confidence in the integrity of our election infrastructure, because of the enormous amount of work thats been done by state and local Election Officials, by the federal government, by vendors, by the private sector since 2016, since election infrastructure was designated as Critical Infrastructure. Its that work that should make the American People confident in the security, resilience, and integrity of the American Election system. The gentle ladys time has expired. Mr. Gimenez . Thank you mr. Chairman. I actually share the thoughts of my colleague on the other side, mr. Auchincloss, about the need to provide technology so that the people that leaving repressive regimes like russia, china, iran, we actually start a second front without shedding any blood, so that the people inside can actually they are all seeking freedom and we need to help them achieve freedom and through the shackles off this regime. So hopefully we can have a kind of technology to allow them to communicate with themselves so that can happen. One of the things that happened, very interesting, there are hundreds of thousands of people who took to the streets of cuba back in a couple years ago in july and the first thing that the cuban government did was shutdown the internet. Identified the leaders and then took them out. We can find technology that allows people to communicate with themselves, i think we can actually help the cause of freedom around the world. So ill be working with my colleague there to see how we can make that happen. Actually believe that the cyber war that we are conducting right now is a battle and i think actually the race is really the race to a i. You agree with that . Ms. Easterly . I think a i will play a tremendous role in the battlefield to come but both on private sector as well. How important is the accumulation of data in this race to ai . Its all about data at the end of the day so it is the gold, it that data to the ccb . That data to enormously valuable. Mr. Ray, knowing that it is critical to the United States and tik tok is a huge source of data in the language they need, i believe the chinese language is a disadvantage and they need more western languages to win that race. How critical is it to our security . Tik tok is providing data to the ccp, do you think that is significant . I have significant security concerns about tik tok. It is concerns about the ability the Chinese Government would have to control the data and control the recommendation and if they wanted to, control to compromise devices. If you later ai on top of all of that, it amplifies those concerns because the ability to collect u. S. Person data and see that into their engine magnifies the problem. We look at it with a concern in the wrong hands and we no that the chinese are trying to steal it. The good news is that not only they will steal american data and feel it to their ai engine but they will steal american data to make their theft more effective. All you have to do is look at facts years ago where they were able to steal personally identifiable information from 50 million American People. I have a direct question and its a tough one that i dont know if you will be able to answer, would you ban tik tok in the United States . It is yes or no. There is a decisionmaking process that is not so lightly. Let me put it this way. As long as the Chinese Government has the ability to control all these aspects of the business, i dont see how you get your way clear to mitigating those concerns. Fair enough. I share the concerns of my colleague mr. Johnson and i share concerns with mr. Gallagher and members of the committee. With a joint investigation with supply Chain Security at maritime ports. With our joint investigative report soon and when i was the mayor of miamidade county, we operated one of the biggest ports in the United States and low and behold, the cranes come from china. 80 of the worlds cranes are manufactured in china. I thought we were okay with software that was developed in western countries and was okay operating these cranes. But, we find out that in a lot of instances, the software that is shipped to china stays there and then it is installed in china and we dont know what happens to it in that time. So, operating the software and knowing it is reporting back to china or that somehow it could be turned off at any time, think about it. 80 of the worlds commerce is controlled by those cranes. Apparently the lines are also controlled by somebody. I crawled up in one of those cranes and miami. It was illuminating. Ms. Stevens. Im always learning about our chairman. This is an honor to be with all of you. It is another topnotch hearing. Certainly, we are not the Homeland Security committee or even armed services. Yes, getting into these points about the entanglements of Cyber Security threats and its realities of which i would love to ask you about, i want to start from a more elevated place. Maybe this is a question for mr. Wray. What is the ccps motivation as far as you no and can share with Cyber Security threats and actions . We have been hearing comments and examples and all of the tools and this and that, but what are the tools . Is it to chip away at our economy and to make us look weak . In fact, some of what we are positing today is a position of weakness rather than strength because much of this technology is technology we have created. That is another point. I am more interested in the why. Well, my starting point would be as with most questions about the Chinese Governments tactics and strategy, when one asks if it is a kick, b, or c, the answer is d, all of the above. With Cyber Threats, they are using their biggest Hacking Program in the world to steal our intellectual property to advance their own economic engine. They are trying to steal personally identifiable information to feed into the influence operations and other tactics we have talked about already at this hearing. They are using cyber targeting to suppress dissidents and critics. We have announced here this morning that they are using cyber targeting to pre positioning Critical Infrastructure should they so choose to have a disruptive impact on the infrastructure. Their goal is to supplant the u. S. As the worlds greatest superpower. We are in agreement that the goal is to supplant the u. S. And we are in competition with china. Frankly, where the only nation that has the means to reshape the international order. The means being diplomatic and economic and military. We are in a competition and we will not lose sight of that. We also need to manage the competition responsibly and to avoid confrontation and conflict when we can do that by continuing to operate with confidence. I am yielding the initiative and not on the offensive. But being as strong as the United States has always been, we look at the National Strategy which is to invest at home to maintain our strategy. So we should not consider Cyber Security attacks general nakasone, what are they doing over there . Did they have a department focused on Cyber Attacks . This is in some respects hard to wrap our heads around. There are things you can talk about and cannot talk about, but i am more or less interested in terms of how we are choosing to respond to these things. What do we know about how they are actually putting all of this stuff together . We know a lot about what they are doing, as talked about today. We know who is doing it and we knew their version of the cyber command. The has specific organizations targeting different parts of the world to include the United States of america. What are we doing about it now that we know about it . The Department Strategy is to defend forward. Either by enabling partners or acting. I am out of time, but ms. Easterly, as someone with the bipartisan congress, it is a treat to hear your expertise, your phenomenal, all of you are. I yelled back. Thank you mr. Chairman. The Critical Infrastructure and property in california at risk of being attacked by the ccp and other at risk areas and it could have serious consequences for my constituents. In may with threats of cyber tax on water in our infrastructures. I see all of these directors with head of Cyber Security in all of these departments. What do we do with enter Agency Coordination on Cyber Attacks and vulnerability of ports around the world with u. S. Military and commercial presence . I think anybody can answer because you are talking about what your agency is doing and how you are protecting from the Cyber Attacks. How are we working together with different agencies . I will start and say a couple of things. With respect to the ports specific to the, it was built by congress in 2018 to serve as the National Coordinator for Critical Infrastructure and resilience and we work with the Risk Management agencies to ensure we can work with industry to help them understand the risks so they can understand and manage the risks. We have a phenomenal partnership with the u. S. Coast guard where we work with them day in and day out to do cyber assessments to help with vulnerability scanning and to ensure the Maritime Transportation sector has what they need to reduce the risks. The other thing, particularly if the ccp is watching this hearing and i assume they are. The strength of the cyber capability in the United States of america is we operate as a team. Different people do Different Things but we operate closely together and we know our strength is our unity as we work together. What about the maritime tracking system . We are not using it in this country but our i lies like japan and south korea in portugal and spain, they are using it. In china, ccp knows exactly what is going in and out. Even the ships going into the countries. How do we work with the other countries . We almost invariably on all of the things we have been talking about here today, especially in cyber, we are working with our closest foreign partners. They are themselves being targeted by the ccp. In the context of cyber, are focuses on joint sequence of operations which almost invariably involves not just u. S. Partners but sometimes as many as 10 or 20 foreign partners working in tandem. The whole is greater than the sum of the parts. A disadvantage relative to the ccp but one advantage we have is true partnerships which is the u. S. Together with other countries to get synergies when working together. That is ultimately our best defense. So, china is ready to attack by 2027 in taiwan. We had a great meeting with the former defense secretary and he was the one actually talking about that is not going to be the war but more of the commercial stops. Meaning they will stop the ships going in and out and that is the way they will isolate taiwan. The other countries are using those systems and especially in the United States, our cranes were made by china and they are controlling it. Just a little gas line we got into trouble but when they stop the cranes we are using at the United States sports, we are in trouble. We may be can communicate, i dont know, but we cant bring anything to taiwan because it is an island. We have a big problem. How are we going to go inside the ccp and find out exactly what they are doing . I think congresswoman stevens was talking about they have their own department. I think they do and they only do Cyber Attacks. How much do we know inside of china with what they are doing to us and to other countries . We have a tremendous amount of insight with how they are organized and what their plans are and what they are doing. This is one thing the national Security Agency spends a tremendous amount of time on and we know what their intent is. Thank you very much. I have learned a lot. I have to get to the ways and Means Committee hearing, but thank you. Thank you mr. Chairman. Director wray, can you ensure the American Public today that no nonviolent protest about the ceasefire in the middle east will be investigated or surveilled by the fbi . We are not going to be investigating nonviolent First Amendment activity. Can you just determine whether it is their position on the middle east or the 2024 election. If there is an american out there engaged in expressing their view whether it is for a ceasefire or whatever that is, the fbi will not be investigating them . Our mission is to protect the American People and uphold the constitution and we intend to do both. We embrace both parts of that mission. In our view, does not matter what you are ticked off about or who you are ticked off at. There are First Amendment rights to exercise those views and we will protect that. A wrong way to express that is through violence and threats and we will investigate that. I share your view that the First Amendment a peaceful protest is at the heart of our democracy. I also appreciate some of your views as we appropriately investigate chinese threats to infrastructure and the Chinese Communist partys threats with Cyber Security that you have been very clear you do not think that should involve the profiling of Chinese Americans and i think you have been sensitive to remarks made at the university of michigan about how in the past that has happened. Can you talk about the past history of profiling Asian Americans and how you will make sure that does not happen as we appropriately investigate the chinese threats to the United States. We will pursue the threat posed by the ccp predicated on the facts and the law and our policies. They will not be based on race, ethnicity, or National Origin and they have not been. It is the case that the Chinese Government aggressively targets here to enlist them in their efforts. They also aggressively suppress and coerce and harass Chinese Americans and chinese visitors here. We view as part of our role to help protect those people. Part of the key is drawing the distinction between the Chinese Government and the Chinese Communist party as a malicious actor and Chinese Americans and chinese dissidents. I think under your leadership and public comments, you have been good about drawing that distinction. Do you have historical awareness that Chinese Americans have been profiled. Im sure you have historical awareness of the fbi during the civil rights movement. Certainly, there have been abuses and mistakes in the past and we are working to make sure those things do not happen again. We want to make clear that our work, at least since i have been director that chinese immigration is based on the law and proper predication. You can ensure Chinese Americans they are not profiled in any way and at baseline. We will not open investigation and profile people on race, ethnicity or anything of that sort. And finally as special guest, the esteemed chairman from Homeland Security and protection. I asked consent for the gentleman to participate and answer questions at this hearing. The gentleman is recognized. Thank you for allowing me to visit today is a special guest and i look forward to continuing to work with you and building resilience against our ccp cyber threat. I took an International Trip with some colleagues and some of your employees and your men and women in other countries and they are doing a phenomenal job, especially with the cyber threat. Director, it is good to see you and i want to ask you a question about the Intelligence Community warning for years that china has the ability to launch threats. In response to this threat, i understand there is a new associate director to lead china operations. Can you give enough date on the work that has been completed over the last six months and what plans are there for the remainder of the year . Great. Its good to see you. Yes, early last year, we decided to stand up a element under the associate director of china operations. We hired a terrific subject matter expert, andrew scott, to lead that to make sure we have an understanding of the Critical Infrastructure and to work effectively with partners at the state and local level. Of course, with industry to build the security and the resilience we need to defend the nation from these threats. Since that period of time, we have been talking about in this time that we have affirmatively found and eradicated chinese intrusions and are Critical Infrastructure in a variety of sectors that we believe are being used to preposition and prepare for destructive Cyber Attacks. We have many lines of effort. One is about cyber actors and one is about providing Free Services to stakeholders across the country so they have the capabilities to identify and drive remediation of these exploits and being taken advantage of by the chinese cyber actors. And as we talk about here, finalizing that collaboration known those public and private partnerships. We need industry to help build the mosaic so we have a deep understanding of the threat so we can together reduce threats to the American People. You talk about those collaborations, what value is that adding . This was the Great Innovation brought to us by the cyberspace commission. We turned it into the jcdc. We went from 10 companies we were working with 2 200. There is International Collaboration rooted in three fundamental things. Recognition that a threat to one business could be a threat to many. Why. By informing and letting them no about it is so critical. To recognize we have to share information in real time and it has to be transparent and the government has to add value and be responsible in terms of how we protect data. Finally what the jcdc offers is a scalable way to share information. Not just with the private sector but with the national Security Agency and the cyber collaboration cell and the fbi and j tf. It does help put collaboration on steroids and we are grateful to the congress for helping to fund it and authorize it into the cyberspace collaboration for coming up with the idea. Congratulations on the new idea. The administration is focused on harmonizing cyber and the cyber strategy. As you understand, the sec finalized the cyber rule which many sectors have said with the new rule that cyber employees will be spending half their time on compliance instead of facing the threats from ccp. As we pursue the cra this week as we try to pass it in the house, what is the administration doing to harmonize between departments . Thank you for your kind words and for raising this important topic. A portion of the Cyber Security strategy has been to do regulatory colonization. Part of that is to reduce the burden of compliance. The way we are going about that is we have issued requests for information and have received more than 80 responses from the private sector and public sector. Right now we are going through the process of better understanding those with the goal of reducing the burden of compliance. That is the goal right there. I appreciate that. Im out of time, but someone should tell the sec that. Thank you for being here. You are welcome back. Two comments and then we will close. One of the first things i said is that this competition is existential. I got blowback from that but i dont think after today there could be doubt. There is one path we stumble into a war for which we were illprepared and even a victory could transfer america to a garrison state. Are we slowly succumb to the sedation of tik tok and no longer stand for the ideas and values that america stands for and that the rest of the world is looking for us to stand for. There are many things we need to do and while the competition in cyber with china well outlast my time in congress, im confident about that. There are things we must do and foremost in my mind, particularly in light of comments from director wray. Tik tok is bordering on National Suicide if we continue down this road. There are members of congress collecting a paycheck but the time is now to do something about this. If you are invested, they are not going to take tik tok public in america under the current infrastructure. The time is now to act. On that heavy note, i will transition to recognizing the hard work of the democratic director who is departing the committee this week after 25 years of service on the hill. Almost as long as general nakasone has been in uniform. I will confess, john, we have worked together for a year and you fh me, personally, three years in that time. Thereve been moments that i have been laying in bed awake wishing you would leave but now i am its i am sad. One thing i have learned from working with john and the Human Rights Community is that he has been doing this since before it was cool. He is a hero in the Human Rights Community. If i had to negotiate with xi jinping with the fate of the free world on the line, i want you on my team because i know you would drive him crazy. [ laughter ]. Thank you so much, chairman. Thank you to the witnesses. This has truly been an important hearing and a call to action more than anything else. Mike and i were talking during the hearing about several ideas that you folks generated that we need to follow up on and we will do so on a bipartisan basis. Thank you for your service and thank you general nakasone for everything you have done for our nation and thank you for coming today , as well as all of you. And i will remember the website, so thank you so much. As we try to enlist our civilian partners in our collective Cyber Defense and employ what you call cyber hygiene which i love. I would also like to recognize staff director, john, who is departing today. Mike covered the highlights, but he has had other very distinguished roles in government. He was in the system may administrator for the asia u. S. Idea. He was a Senior Advisor to leader pelosi and now he is off to rick the other chapter in the next 25 years. I look forward to continuing to collaborate between us and you in your next roles. I just want to give him a big round of applause for his service. [ applause ]. I yield back, thank you. Without objection, the Committee Hearing is adjourned. Conversations] on wednesday, Federal Reserve chair Jerome Powell testifies. See the House Financial ServicesCommittee Live on cspan 3. You can also go to cspan. Org. Is i am from new jersey and one of the most important issues for me that i would like to hear President Biden touch on is the homeland crisis and how he is dealing with that. Also the large Mental Health crisis going on in this nation and what he will do to address those problems. My name is jacob and i am a postdoc fellow and i research and social theory. What i would like to see the president discuss in the state of the union is the danger that Artificial Intelligence poses to our civilization. Particularly in the way in which i think it might undermine our ability to have a fully employed economy. It might threaten our culture. I am George Snyder from st. Louis, missouri. I would like the president to take care of and close the border because we are letting too many illegals in here and its getting overwhelming. Hello, i am from new jersey. The thing i would like to see the present address is anything on gaza. It is important right now and it is ignorant not talking about it and looking at it one way. Whats the state of the Union Address live on thursday on cspan. You can also go online at cspan. Org. Cspan is provided by these Companies Including charter communications. Charter is one of the best internet providers and we are just gettinstarted. Building 100,000 miles of new infrastructure to reach those who need it most. Charter Communications Support cspan as a Public Service along with these other television providers. Giving you a front row seat to democracy. Climate and labor leaders talk about the best ways that governments can respond to natural disasters. Held at the center for american progress