Why despite the reform activities in the process are taking longer in fiscal year 2015 is an average of 95 days to process the secret clearance and 179 days for the secret clearance. In 2016, it took an average of 166 days to process and 246 for the topsecret clearance. Thats quite a job in the timeline it takes to get there. More than a decade ago that processes were transferred from the department of defense and now there is talk of transferring the process back to the department of defense. We also have the newly created the opm and the dod have a shared responsibility to make sure we stop moving the organizational boxes around as we transition, we need to talk about the efficiency and make sure at the end of the day we are protecting and securing the United States of america. Theres a tremendous amount of people that are working on these issues. We will have additional hearings and discuss that. I personally believe and i would like to draw this out, attracting and retaining the professionals has got to be a challenge for the government. If a challenge in the private sector it is a challenge across the board i was fortunate to have a newly minted soninlaw in the field and the opportunities for him for employment, id never seen anything like it which is good as his fatherinlaw. But on a serious note, we have to address the government, the whole government. How do we maintain it professionals because we need so many of them and theres vulnerability for the country as a whole. I appreciate you being here and i would like to recognize mr. Cummings. Thank you. I would like to call you for this hearing. Its important that we let federal employees know how important they are and we do everything in our power to provide them with the type of salaries and security they need. That is one of the things that would help to attract them and keep them. Its about the process needed to conduct background checks for federal employees for seeking very important security clearances so they can have access to the most guarded secrets. This couldnt come at a more perfect time. Yesterday i sent a letter requesting the pentagon investigation of the president S National Security adviser for the potentially serious violation of the United States constitution. I was joined by the Ranking Members of the committee in the judiciary, Homeland Security, foreign affairs. General flynn has admitted they received payment in december of 2015 voted by russia today that a state sponsored propaganda outlet. During that event, the general dined with russian president vladimir putin. As the letter explains, the department of defense warns the officers that they may not accept any direct or indirect statement from Foreign Governments without congressional approval to continue to hold offices of trust under the monuments clause of the United States constitution. On january 6, intelligence officials issued a report detailing the attack on the United States to undermine the elections. This report concluded with high confidence that the goal was to underline public faith in the democratic process. This report describes the principal and propaganda of li outlet. The kremlin staff and supervisors or to use coverage recruiting people who can come data messaging because of their ideological beliefs. It is extremely concerning that general flynn chose to accept payment at an event hosted by the propaganda arm of the russian government at the same time the country is engaged in the attack against this nation and the efforts to undermine the election. Something is wrong with the picture. President trump has chosen to be the National Security adviser may have violated the constitution in the process. We didnt know how much and whether it was 5,000, 50,000, we dont know. We dont know whether he would receive payments on separate occasions or whether he sought approval from the pentagon or congress to accept the statements. We dont know. We dont know if the constitution should or will ha have. We do not know what if anything reported about the contacts with officials from russia or other countries. These are the questions that need to be answered. I also have questions about the individuals that we seek to join the administration and obtain access to classified information while they are apparently under investigation. For example, thereve been reports that the Campaign ChairmanPaul Manafort has been advising the white house while at the same time hes reportedly under fbi investigation with russian interests. We want to know how but clearances are handled and if the new applicants are under criminal investigation. Do they allow these individuals to continue to have access to classified information or is there a process to place a hold on someones clearance until the investigation result is the question . He claims democrats became interested in the russian hacking for political reasons and for example we had no interest in Cyber Attacks against opm. They didnt make a big deal of that. The president is 1000000 wrong. Ie and other democrats worked aggressively on the committees investigation of the attacks and we held multiple hearings including one that i requested we conducted extensive interviews with the witnesses and reviewed 10,000 pages of documents and issued to reports from the majority and minority staff. I called on other agencies including the state Department Social service in which we were both attacked and for investigating the sniper attacks with j. P. Morgan chase. Officials have warned us on the biggest forprofit Community Health systems which are the hae largest acting Health Information reached into call for investigating the Cyber Attacks including home depot. We are focusing on political reasons and intelligence agencies warned us if we do not act now, the adversaries including russia are determined to just write again. We need to get answers to these and i think all the witnesses for being with us today. And again mr. Chairman, thank you for the hearing and i will yield back. Any members that would like to submit a written statement, i would like to recognize the panel of the mrs. And we are pleased to welcome kathleen who is the acting director of the United States office of Personnel Management. Accompanied by David Devries the chief Information Officer at the office of Personnel Management and the chief Information Security officer at the United States office of personal Personnel Management, and the director of the National BackgroundInvestigations Bureau into their expertise on the issue will be important to the subject matter, so everybody will be sworn in. We are also honored to have Jerry Halverson asked the chief Information Officer at the United States department of defense is. My understanding is mr. Halverson is retiring at the end of the month and we can think of no better gift for you then having to testify before congress. I know you were looking forward to it, so happy birthday and thank you for coming to testify before congress but we thank you for your service to the country and at the department of defen defense. We really do appreciate your expertise and we wish you well. Thank you for your service and willingness to be here today. He stepped up to the plate and took the assignment. Again we welcome you all in all witnesses are to be sworn before they testify so if you could raise your right hand. Do you solemnly swear or affirm the testimony youre about to give will be the truth, the whole truth and nothing but the truth, so help you god . Let the record reflect that the witnesses all answered in the affirmative. Your entire statement will be made a part of the record that we would appreciate if you keep your comment to five minutes and any supplements will be made a part of the record. You are now recognized for five minutes. Good mornin good morning mr. Chairman and members of the committee. Thank you for the opportunity for my colleagues and myself to testify on behalf of the office of Personnel Management. As yo these that im joined tody by the director of the National BackgroundInvestigation Bureau committee chief Information Officer and the opm chief Information Security officer. While presently the acting director i do have over 25 years of service at the agency. Opm realizes how critical the topics of todays hearings are to the National Security, and i look forward to having a productive conversation about the transition in the security process and Information Technology security. As you know, it was established october 1, 2016 and as the primary provider to the Background Information ccharlie has extinguished career in the federal government and private industry. His career has been focused on National Security. His experience includes serving in capacities of the cia including the director of security and width of the fbi assistant director reading the security division. It is designed with a focus on the National Security, Customer Service and continuous process improvement. Its a new organizational structure aimed at leveraging the automation, transforming that is business processes and transparency. In 2014, the markets capacity fomarkets capacityfor the contn services was drastically reduced and this resulted in an investigative backlog. It was by that Cyber Security incidents that were announced in 2015. Looking forward, it is a priority to address the backlog while maintaining a commitment to quality. To accomplish this they are focusing efforts in the three primary areas, first working to increase capacity by hiring federal investigators and increasing the number of investigative fieldwork contracts. Second, focusing on policy process changes to improve the operations. Third, they worked with the customer agencies to prioritize the cases that are most critical to the National Security. Information technology also plays a central role in the ability to enhance the Background Investigation process. While still in development, the new system will be operated and maintained on behalf. On opm behalf this is being led by the new chief Information Officer. He has a strong relationship with his agency. To strengthen the infrastructure security we are also working on fortifying the entire ecosystem. As a federal government modernizes how it does business, opm focused on the tools and technology to deliver the optimum service and security. Opm and hence the efforts of multiple angles in Cyber Security tools and updates with implemented staff and agencywide training we hired a critical personnel and continue to collaborate with our interagency partners. Touching on the efforts i just outlined, cybersecurity tools and updates include 100 use of authentication and the access of the network. This is done in the use of the cards and the nature system compliance initiatives. Furthermore they recognize cybersecurity is not just about technology but its also about people. Theyve added seasoned Cyber Security experts to its already talented team. They hired a number of new senior managers and leaders and realigned the sabres into the program and resources under the chief Information Security officer. In this capacity they are responsible for taking the steps necessary to control the access to sensitive information. They strengthened their awareness by enrolling in multiple information intelligence sharing programs and in conclusion, the necessary partnerships have been developed to improve the efficiencies and will enable us on the holistic approach to change to adopt new tools and procedures that enhance the security of their networks and data. Thank you for the invitation to testify before you today, and we welcome any questions that you may havmay have. Have. Thank you for your testimony. I dont know if you care to say anything that i will recognize you. You dont have anything i would like to take this opportunity to thank you. I could come from 30 years in the army and i transitioned to become a Senior Executive at the last two and a half years at the dod and i arrived here in 2016 and its a pleasure being here today to answer your questions. Thank you for the opportunity. We have to bring the microphones up close to make sure we can hear you. Thank you for the opportunity to speak today. One of the things i want to make clear its eye and ran in to the events and we have made a lot of advancements but its only to get us to a standard environment. By no means am i saying we are successful but we are doing our best to improve the information. Theres other items i would be happy to discuss on the improvements. Thank you mr. Chairman i would be glad to join in on the conversation. To echo what was mentioned, we are focused as we begin or end our fourth month as an entity one is recovering the capacity to do Background Investigations improving the ability and a ende innovations that will help with the executive agent to look at what the investigation will look like when we move into the future. The key to this is an organizational structure beyond what is access to the september 29 and adding the capabilities of investments and in terms of innovation. Then very important. On the spectrum of about 100 customers across the federal government. With that, im happy to be here and thank you for the opportunity today. You are now recognized for five minutes. Thank you for the opportunity to testify on the departments Information Technology cybersecurity report to the National BackgroundInvestigation Bureau. Im with the chief Information Officer and most of you are familiar so i will make this short. We are responsible for the development and securing the systems. We brought the full expertise of that department in the cybersecurity resources to bear on this problem and its important for the system with a more reliable. The defense Information System in the oversight established a Background InvestigationSystem ProgramManagement Office to implement the effort. They are responsible for the development and obligation of the system capability needed to support the investigative process to include ensuring that Cyber Security protections and resiliency of the capabilities. The alignment of the systems assure that we leverage all National Security systems, and capabilities to protect the Background Investigation and we are doing that. The department has made headway on this since i testified before the committee must february. We are on track to deliver the capabilities needed. In 2016 they funded activities to better posture of funding in 2017. I would like to thank the congress and members for supporting the funding request for the infrastructure and cybersecurity modernization. The resolution did include the start and we thank you for that. Theres other partners to discover the capabilities we will provide with a more efficient, effective and secure Background Investigation system in the future. Through the process we are actively partnering with industries integrating the feedback in the process to ensure we are focusing on capable of these into keeping up with the changing pace of technology. Im pleased with the current process and i look forward to seeing what they will accomplish as the make progress towards delivering several of the prototype capabilities into the initial for investigating process in 2018. This is an important opportunity to strengthen the security of the infrastructure to support the federal background process. This approach utilizes the recognized cybersecurity expertise and industry practices while maintaining a streamlined centralized government approach to the Investigative Services provided today for more than 100 different federal agencies. Thank you for the support and i look forward to your questions. I would like to recognize the gentleman from texas and the subcommittee on Information Technology. Thank you mr. Chairman and Ranking Member for continued diligence. I have some basic questions for you. Do you have a technical background . Who is the person directly reporting to you that is responsible for preventing another attack like the one we saw months ago . If you could move the microphone up. Theres no one specifically in the chain of command is immediately responsible. We relied on them for the assistance that we are operating on today. Thank you for running into the fire. I recognized the difficulty and in the brief remark, you talked about the first step getting them up to a baseline. Can you take 90 seconds to explain the baseline . One was to set up the strategy so it was a stabilization phase and we understood there were quite a few systems, so we knew we had to take the steps to get them back into the compliance and they had another Engineering Task that included the Network Segmentation and then the tuning process. Throughout fiscal year 16 we were able to accomplish that in the baseline we felt comfortable we could control the environment and understood where we were in the boundaries and inventories. So, of the gao theyve all done reviews and theres been a number of outstanding issues that have been on the high risk report. Of those documents, how many of those have been identified and are still outstanding . Therthere are still items outstanding and we prioritize them. What is the highest priority vulnerability that still stands . It was the most significant that was identified in the report as well as the Security Officer hiring process. You talked about the segment and we saw that in the breaches. They were able to basically move without, with impunity through the network and my question is what have you done to make life harder once they get past the defenses . Its impossible to understand as a customer oriented agency we have to communicate with some of the segmentations identify the major systems and as well as the privilege and non privileged users the segmented those between each other in the firewalls on the training tools to ensure one candidate to another if there are attempts to get one or another they are stopped and there is a followup. In my remaining minutes i want to ask a question and i do not mean to be indelicate. Why did we get to the situation, and i ask that to learn from this experience so we can apply it across the federal government. I know theres a los a lots f Lessons Learned in the reports issued and thats what ive been going off of trying to apply them to the next steps to be able to suppress the threat. Youve been there for enough time and have seen the problems that have probably been shocked. Why do you think the network got to where it was . There were systematic failures that went with it. I will now recognize the subcommittee. Thank you all for your testimony today. This is the committees third hearing on the data breach. Theres millions of federal employees and they responded almost immediately and did an extensive investigation into the incident and the total staff of more than 10,000 pages of documents and interviewed multiple witnesses. I must address the elephant in the room. We are holding a hearing in the sophisticated actors likely a state actor for a hack that occurred more than a month ago but the kennedy has chosen not to take any action to investigate the hacking and propaganda. Only last month, the nsa, fbi and cia concluded with a higher degree russia hacked groups in the nation to influence the election. We have done is euro oversight on this issue and there hasnt been a single hearing or request. The chai chairman of the subcome asked about Lessons Learned and i would like to ask you about Lessons Learned in the folder about these exposed in the data breach. We took those vulnerabilities and i can assure you in the system the work they are doing todaare doingtoday in the new se taking the Lessons Learned to make sure the systems we are built are built from the ground up with cybersecurity and we have assumed in the beginning the system could be penetrated so theres a condition we have that we are making sure the newo things you want to stop, certainly stop people from getting in but you dont want the answer to be youve got to shut the system down so we will fight through any attempt to be able to block and contain and eradicate any system loss. Did they help in understanding how things could be improved . They went a long way in assuring the public to prevent this from happening again but its clear that the politics are willing or able to do the necessary object and oversight on the russian attack. Thats why i and every one of my colleague in the house signed on to legislation to establish the independent Bipartisan Commission to investigate the foreign interference in the 2016 elections. As i have said publicly, the congress has organized such that i have limits and cannot investigative sources and methods which clearly is the purview of the kennedy and i would also suggest we were the First Committee specifically on Information Technology. We were the first to dive into the data breach and we have been pushing from the department of education and others to make sure we have the proper defenses in place and to suggest it is tt theres only one particular country would be naive at best it couland could be everything m someone in a van down by the river to a nationstate. I think that should be investigated and iv and i saidh publicly, and i also think everybody should know, every member of congress should note the House Intelligence Committee is the only organization that is set up to do that. Very briefly, the congressman and i over a month ago i held a bill that asked we have this investigation and the reason we did that is we didnt want it to get mired in a political battle like the Kennedy Committee did. It would be patterned after the 9 11 commission so that we would bring americas best experts to the table and it would be an equal number of democrats. They would look at this carefully and i need to explain this. They would come back with recommendations and have subpoena power. Then wed be fine with it. Every single democrat in congress signed onto the bill. We felt we didnt need to move to the common ground. We needed to move to Higher Ground but that this was such a serious attack on the democracy. It deserves that kind of attention so the bill is still out there. Not only democrats have signed on and one of the reasons we have concern about it is the chairman of the Intelligence Committee mr. Nunez is a part of the Transition Team for President Trump. I want to explain that to the gentle lady. Thank you very much. We entered into a contract that we expanded the coverage we already had. We have the coverage and those affected by the two breaches and it runs out in december of 18. They are covered the entrance with a signup or not. They are complying with congressional directions to have the contract over ten years. Weve had to go through it in the military and you have gone through it, too. There is a lot of information and vulnerability. I hope what is being done is going to be effective. If they suffer another compromise and systems are breached, who makes the final call as to whether or not they are taken offline or continue to run ask if it is in the new systems that are developed for the new system, yes. They get the report of it. The majority staff on the kennedy had a report indicating that there were certain tools following the previous breaches that were brought and then they were delayed in terms of the employment but they had to make a certain notification, so with notifications did the team require to make before deploying these tools and what is the purpose of the notifications . Any tool that we go out and market and do the research on we have a Procurement Office that works with us to make sure the appropriate language is put into that and then we move into the process of the deployment of the tool. There have been delay is because the notification requirements. Im not aware of that specific statement. Have there been other challenges to timely deploying some of these tools or roadblocks . As i mentioned earlier, stabilizing. Theyve been very flexible making sure they can give us the time. It may have been a problem before the breach. Dot outside of what i am reading in the reports. Did you think there was a problem . We now recognize the gentleman from massachusetts. Thank you mr. Chairman and the witnesses for your great work and willingness to help us. I want to address the issue that was raised by mrs. Kelly about the inability to investigate what is going on with the russian hacking. But before i get into that, lets talk about the issue that brings you here. In june and july the publicly disclosed the Information Systems had been experiencing massive data breaches compromising the Social Security numbers, home addresses, background and other highly sensitive personal information to 22 million individuals. The Cyber Breaches were not only devastating in terms of the impactheirimpact on the financiy of the victims but rather the greek National Security threat as the security questionnaires, about an 80 page document that grows down on folks and was filled out by nearly 20 million americans who have a security clearance and privilege. The information of those individuals were included among the data. Some people called thats like a cyber pearl harbor because all the folks that were active and interested working on the National Security organizations basically were given up. I asked at a very basic level, i said have you gone back and encrypted to Social Security numbers of these employees. They had one of the successors. I asked again have the encrypted to 22 Million People and they said there are still vulnerabilities. So let me ask have we encrypted the numbers of at least 22 Million People . Yes we have. I have one remaining system and that is scheduled for the next month. There is one major database on the mainframe and they understand the resistance on the method, i get that. I would like to introduce my letter from december 15 or 14th asking for a hearing on the hacking. There is an fbi investigation regarding cyber activity dated on the step. The analytical process and attribution as it is produced by the office of the director of national intelligence. I would submit a statement for the record by the directorate of national intelligence. Without objection. So, we have enough here to do an investigation into this is the stuff that is unclassified that the Intelligence Community has put out. If youre going to do an investigation. You have to dive into the infrastructure observation data and i dont think that is appropriate. This is our own fbi. They interfered and it may not have been outcome determinant. But based on the fbi and the office of the director of National Security. They tried. It may have been just chaos, but they interfered in the election and if we are turning a blind eye to that, that is a shame. That is core to our democracy. If we just say thats somebody elses work, it is our work. There are plenty of reports and we have to do it publicly. People have to fear we have a certain integrity in our own system and others are not allowed to interfere in that. It is a red line and we shouldnt allow that and it should be very serious obligation to the committee to make sure that it doesnt happen again. We are a committee of unlimited jurisdiction. This should be bipartisan, not democrat versus republican. The time is expired. As i said, there should be an investigation, prosecution. The gentle mans time is expired. The Intelligence Committee is the only one that can look at the sources and methods. Look what the agencies themselves have made. The time is expired at if you are going to do a proper investigation is the kennedy did with the breach of the office of Personnel Management, you have to look at the two sides of the breach, those that are trying to do with which the committee cannot look at the breach that is the House Intelligence Committee. We could look at those that are breached and how and at the systems were and how bad it was set up. The gentle man is out of order. The time is expired. I keep you more than five minutes. What i think is inappropriate and i am trying to answer the question, it would be inappropriate for us to dive in. You might want to do an investigation youre solved. I dont think that the congress should be diving into the individual private systems in the party. If you want me to start issuing subpoenas, im probably not going to do it but how about to suggest it. You asked me a question. I did not. The gentle man is out of order. I think we need to calm down here a little bit. You have made some statements and i would ask you give the courtesy of a minute and a half to respond. I will not. Please let me finish, thank you. This has been an attack on our democracy. The passion he has expressed is not limited to him that the things that underpin our democracy have been attacked over and over again. As i said yesterday, and we keep saying, we have to wait until. It is the Ranking Member believe they should do an investigation. Number two, as i said the bill would resolve this issue very nicely. We cannot just turn a blind eye to when we have the 17 intelligence agencies unanimously agreed with regards to the license and there seems to be one of the things i noticed. I accept the president and im looking forward to meeting with him next week. But the idea that russia could come in and interfere, all of us should be going berserk. Hes got documents that youve already entered into the record that are unclassified. How far we can go is another thing. We know what happened in the committee. Basically, it became a partisan fight. You are going well outside of the scope of this. Im asking you a simple question. Ive answered it. I told you. Im going to ask one more time. All she asked is take the unclassified information, do not turn a blind eye to an attack on the electoral system. You have the transition kennedy for President Trump. As much as i like him, he has an investigation that would have integrity, and i pushed it over and over again. They are men of integrity [inaudible] when people look at the situation i will be very brief when people look at the report and they see somebody on the Transition Team then it becomes questionable. [inaudible] lets recognize the gentleman from north carolina. The compassion of the 22,000 people that god packed into the potential Security Breaches that are there instead of losing or winning i wish we had as much passion about that. Lets start to focus on the real aspects of what we need to be doing. Theres others in the irs. Lets focus on the hardworking american taxpayers. I am sick and tired of hearing a repeat his talking points over and over again. There is no one that will work in a more bipartisan way than me to get the truth. I disapprove of the talking points that continue to get repeated to undermine the duly elected president. Will the gentle man yield . I will not. When we are looking at this, you may think that you had 100 dual authentication. She was always responsive to this committee and to me personally. I want to make sure that we can clarify the testimony because the 100 dual authentication is at the front door, is it not because we have indications that there is still a whole lot in the system if they get in the front door, only two of the 46 systems inside would require that. Is that your understanding . I think that i will be for. That is correct, 100 to get up to the networks. Once they get in, they have access based upon the attributes that they are assigned to. How do you respond to the twt two of the 46 systems of the Major Applications that would require the authentications is that accurate . How do we define success weve been promising encryption over and over again and yet today we are not there. Was it a lack of resources . Scheduling change on the mainframe that is the only one that was delayed. We will have everything in encrypted by the end of 2017 fiscal year . They include Social Security numbers and so forth will be encrypted this year, yes. How do you segment the legacy system . Either one of you can answer. As a part of the strategy, we looked at all of the systems we had and determined. Are you going from zero trust . You rushed into the fire and decided you were going to look at every single system. So we could tell all of those potential employees or those that had their personal life history looked at data by the end of 2017 you have a great usher in that we have the most uptodate sophisticated protection that they would ever see and it would be segmented in the way that if somebody gets in the front door he wont be able to go through the whole system is that correct . There are many in the network and analysianalysis tool and ths prevention, we have now where detection and a 24 7 center watching for those event to come through. The gentle woman from flori florida. I want to say good morning to all of you and thank you for being here. Before i get into the question, i feel compelled to make this comment. I spent 27 years in law enforcement. Im concerned about the issue we are discussing today. Security breaches of any kind deserve every bit of attention. Ive been here shy of the month bua monthbut what i didnt signs what i believe was the blatant disrespect that was displayed. So if we are going to solve the nations problems, civility has to be at the center. And with my question but after failing. Last november, the New York Times and other Media Outlets reported that while meeting with the pre minister of japan. President trump allowed his son and daughterinlaw to sit in part of the meeting. In reporting about this meeting, the times found, and i quote, anyone present for such a conversation between the two heads of state should at a minimum have security clearance. We do not know whether President Trump stopped the practice of allowing aggregat aggregate it e security clearances from attending meetings with dignitaries and other foreign officials. What are the security risks for having individuals that do not have the appropriate security clearance present during the classified meetings or briefings ask the determination as to whether an individual has a security clearance is left to the agency for whom they ar are employed or contracted with and situation is different. The president has the ability to grant a clearance or access to classified information for anyone they please at their discretion. I am not aware of any of the details in the meeting that meet occurred in the leadership. I dont know any of the details about that and if it was discussed or not. But in the Current Situation it would be to allow individuals even without clearance to know or have access. So each department would make that determination if there is nand there isno basic general gr the people to have security clearances in certain situations or positions . There are general guidelines and specifically, there are investigative standards that we follow when conducting an investigation. The agency that grants follows the adjudication and whether the individual is eligible to receive classified information. Then in a separate act if the answer is affirmative, the agency would make the determination whether to brief them into a National Security program. When i asked you to yield, and i will share this in my opening statement, i talked about all the efforts we have made in the committee with regard to the other, i listed them all one by one and i said it in a way that we suddenly got excited about the russian hacking but i later found out and again i will share my courtesy to you because i didnt want anybody to think that this was something new. When he said in a bipartisan way hours upon hours trying to deal with this and i give a lot of credit to the chairman and that is all i was trying to tell you. We try t tried to work on this y single time. Will the gentleman yield purchased a comment certainly, please. We will be the judge of that. The gentleman from maryland is a good friend and a trusted on and in the passion of my not yielding back i dont want anything to be inferred about the relationship and willingness to work in a bipartisan way and i apologize for my passion not yielding but i want to stress our friendship and willingness to get to the bottom line is unyielding and unchanging and i would think the gentle woman. The gentleman from ohio. You are the chief Information Officer for the department of defense. In your testimony you said they are responsible for all matters related to the department of defense including cybersecurity for the department. In this capacity they are responsible to design and secure the new systemsecured the new so protect the background process is that accurate . It is. Are you familiar than what the december 6 Washington Post story on the front page the pentagon study revealing 125 billion waste. Do you have the resources you need to help the agencies make decisions about the individuals and the resources to do the job . We have the resources to design a system that is secure and can attack and defended the data. You have the resources to do everything you are tasked to do. Everything specific to this issue. But not overall is that what youre saying . But you are familiar with the story on the front page of the post . Iem. The findings of the study, 125 billion. Do you agree with those findings ask they talked about as many back office were somehow come as many people there as we have troops in the field in total. Do you agree with what you know about the study . Do i personally agree, i. If you want more data i will take any morwonttake any more e for the record. Were you interviewed or talked to in the course of the study lacks to the i will get that confirmed but i will talk in the course of my business. If a clear path, that is important, too. But the study said he and the article of the reports said is that the savings in the bureaucracy waste and other areas is money that could go into the weapon systems that the troops where i think most would want a tax dollars to go. The article continues that wouldnt have required the layoff and reduction instead it would streamline the proxy and curtail highpriced contractors and make better use of Information Technology. Do you have any idea what they are referring to there to make better use of the Information Technology . If you are asking if they can do better in the technology, ive testified in numerous hearings. Do i believe they should continue to adopt the best commercial practices, should we bring more commercial systems on, ive said we should and i believe there are ways to reduce some money. Do i think that number is correct personally, i do not. Now you sound like you do agree with the study. Is it both . There are efficiencies to be found by doing what we are doing and i think we will achieve some. I do not think the numbers in a study in my personal opinion they are not correct. But you think that the 25 billion number is a little high that would gather to say they could see if part of what mckenzie found in the study was implemented and how we could better get the money to the weapon systems and truths. I will not hazard to guess. This is an area i kno know it isnt the primary focus of the hearing today that this is an area that we need to study if we can get more money to the systems and to the troops in this potential waste even the officer says there is some way they are but certainly anything we can find and with that i will yield back. The gentleman from maryland for five minutes. I wanted to start by responding to the question you posed about whether the Democratic National committee would be a proper object. It is not part of the government private entity for most purposes when you think about the Democratic National convention where it is going to be located. That is a private matter and association. On the other hand it struck me that the Supreme Court said the political partiethatpolitical pc instrumentalities capable of state acts and purposes so when you go back and look the Supreme Court said the party couldnt exclude from participation people based on race so it is applied to the Political Parties but they were not private entities. They were public instrumentalities and in other cases, the court is treated as public instrumentalities and public carriers for the purpose of effective action in the democracy and i think if you look from a global perspective that is the role the parties play. If they are organizing political activity for tens of hundreds of millions of people. And so if they are saber vulnerable it makes the whole country cyber vulnerable and casts a cloud over the democratic government itself. In the end i think it is a complicated question but i would side with the Ranking Member and others that are speaking on this side of it. Let me pose a question. I wasnt here for the original brief. But i want to ask a question. We know from the national Intelligence Community about the fact they believe there was an organized campaign with russia to subvert the 2016 election and theres certain other countries where its concentrated like nigeria as a place where there is phishing attacks going on. Do you have a list of the most common enemies or culprit cybersecurity that you would use and i dont know if that is something that you can answer. I will deter to mr. Devries to answer that. If i could, i would like to defer. We have the Network Monitoring that part of the ecosystem. One of the things i want to make clear, we rely on our partners in the department of Homeland Security and other components. The potential attribution isnt our job. Our job is to protect the data. You are a Customer Service agency and want to serve with the agencies that interact. The problem is that we have outside entities that are trying to invade and undermine. Do we know who those entities are. They tell us its russia but then other people know its a fat guy on the couch somewhere. Why cant it be a skinny guy on the couch . Where is it coming from and is there any attempt to get to the bottom of it . The dhs and fbi release those records. Do you believe that there will be a technological answer so that he can create a secure cyber environment or is this intact we go up two steps and fall back three steps . Right now, it is an uphill fight and technology will get some of the solutions but its like any area in technology. We will move the sites forward to those that want to use the technology we will move the strides forward and it will be a continuing analysis and engagement. It isnt going to end anytime soon. Thank you mr. Chairman and i wont yield back. We will now recognize the new member to the committee. Committee. We are proud to have him here, the gentleman from kentucky. I would like to followu foln the Infrastructure Project that opm abandoned last year. The understanding is you are no longer releasing the data centers or the new environment, but rather repurposing the hardware equipment. My question is is this accurate . How much did they pay the contractor for the new Infrastructure Project before terminating the contract of may 2016 . I will have to get back to you with the exact amount. I do not have been a group with me today. Why was the contract terminated backs to beat the the effort was to build a new infrastructure. They went out on a contract and that contractor basically didnt show up to work and we terminated the contract and repositioned the equipment as we purchased we have what hes paid for. It is my understanding that the first two phases were completed and after approximately 45 million of investment, they abandoned the project that you said we have what we paid for or did we lose what we paid for . I am now building on that. Is opm still operating that legacy in the environment . We took a look at what the network was. We have high valued asset and centers of gravity if you will. We talked about some of the defense we put in place so it isnt the same legacy infrastructure that it was, not by a long shot. Ten bb assured . Said absolutely. We wouldnt be here if it was not. I will yield back. To gentlewoman from the Virgin Islands for five minutes. Thank you for being here to testify. I appreciated your testimony this morning and it seems to be wide ranging of the discussion that we are having this morning but we are here protecting from inside threats and it is a paramount importance to you all and us. Healthy individuals are granted access. The vector, for you specifically, how would you handle the clearance process for someone under active fbi investigation; what happens in that investigation . When an agency puts in for the clearance, it is the determination this individual needs a clarence for whatever work they are going to be doing. The individuals information is sent over. What if you find out that the person is under active investigation, what happens at that point . If we determine that they are under active investigation, we would notify the requester of what we understand to be in the investigation and we would continue our part unless we were told to stop based on some decisions. Knowing you will continue the investigation with someone under an active fbi investigation, would that be one of the factors in disqualifying the individual from the clearance racks divvied hispanic not necessarily. It would be the agency themselves if they have the Education Authority or it could be consolidated in the facility. So then the agency had the determination whether they have the security. For the ultimate decisionmaker for the senior white house staffer, who would that person be . The office for the white house is that determine her for the individual and a senior whitthe seniorwhite house levela security clearance. Who pleases that person in the office, the chief officer . Is that an independent appointed by the president , who is that individual . I dont know right now. I would love to know. It is an possible for the decisionmaker to make a decision granting a National Security clearance if the person is under an fbi investigation. It is possible. The reason i ask that according to multiple reports, several members of the campaign and the Incoming TrumpAdministration May be under the fbi investigation for their connections. The country implicated in the hacking it received the beat codeveryone seems interested n today. Console which or eddy white house staffers that have access are under criminal investigation by the fbi. I do not know that. Debut will yield back she is the acting director if you could get back to us about who specifically is it charge and who are the people that make determinations could you make that commitment quick. We will get back to you. Also it would be great to know and that process flu the Decision Maker is rebels under fbi investigation of the chairman and the Ranking Member that would be helpful with that determination. If they have questions they can be directed to the acting director. I assume at some point she will answer a question she is always getting back to us. She was not even ask a question in that series so i do think that was a little inappropriate for a kid she did make a commitment to get back to the committee so that is reasonable. I will recognize myself for five minutes. So tell me about the authority to operate as the authorities to operate was a Material Weakness the ig reported 18 major systems still did not have current authorities so what does the current state . Back all are currently compliant. In a fly 60 the strategy was to understand all the systems so we took our time the two major initiatives to look at all the systems to ensure the best pathway for word. The next was to ensure that everybody was in compliance. So now we will switch over here so what is the current state of the ability to look at social media . We have bent talking to 0 00 p. M. About background check investigation through social media so what are you doing not doing in that process . I have two points to make. In april of 2016 there is a directive sent to allow investigation to use cuffs social media publicly available to form the investigation. And on a targeted basis using increased to resolve issues were and we are in the of middle of a short pilot power to incorporate into a more consistent use one and how do we collect the information to make sure it is accurate of any value. You need to define short pilot civic the number of pilots and have been conducted by a number of agencies most every chase similar conclusion there is viable information. This is what drives people crazy about government you have to conduct a study to see if looking at social media would be valuable and the conclusion is yes . Come on every time there is a terrorist attack the person they do was look at social media and more often than not they say if anybody just looked at this. Why in the world a . We are still doing a pilot . I will answer the question for you. Yes. Looking at a publicly available social media it should be used it is a joke to thank you are not. The idea that we even have to think about this in this social is open. Facebook. Instagram, twitter. Every single time we go into in interview we go for social be why is there another pilot. Isnt to determine if there is a devalued but how do you incorporate that into waste and reprocess the largest coal in the tent is not collecting information nor did is valuable but how is it incorporated in the manner that is costeffective the analysis becomes harder. I believe this is a relevant data source and we will exploit that. And as we move down the of road how is the mainstay spirit can you consider implementing your policy with user name source social media identity quick. I have not at this point. That is the position to be made for the agent. Here is my personal take on this. The people of the United States of america our about to entrust somebody with a security clearance to allow that individual to look at and understand information the rest of the public does not get to look at that is the nature of security clearance they have special privileges because we trust them. I think it would be reasonable in return nobody forces you but in return for that you think they would say that yes here is the Instagram Account if you want to look at my private account is reasonable if you try to do a background check so many are so thorough looking at a bank records and education interviewing neighbors and with the very costly and laborious process. But yet we hear so bashful to say we will look at instagram is that okay . That is not we should not give them a security clearance it is frustrating this takes so long because every time we have a problem the very first thing you are they communicating with . In if were going to give a security clearance by half past my time i recognize the gentleman from virginia. I caution the chair idol think it is a program to characterize i dont do it to him and dont do that to be. My question maybe you can answer opm is a required format transaction to the background check instead of using the legacy systems have we fully migrated over quick. I will have to defer that. You know, the answer. I do not. No, sir we have not. The legacy system asks questions and have main database system that is no longer supported it is not just duh case unweave have in terms of the interface with the applications like masking of the Social Security number. So as we have with other systems. What is opm doing to ensure the data will be protected in its location and not delayed prevented but would you doing to protect that in the process . I will have to differ. Again you cannot answer the question greg. I cannot. Does the acting director of opm get involved in cyber issues at all quick. I do someone but not the details. Have you had experience with the preacher responding to a breach during your time or before that . When it occurred if i was in another area of the organization of was not the chief Management Officer at that time. Had no responsibility for but that. Talk about protecting that data was not breached. So the individual that will be investigated interim disinformation to the standard form that is stored security that is what is queued up to the investigators we change the of process in to do that investigations for existing ones and the investigators no longer can download information to their company is days as part of the government were they poll the of records in and authenticate with the verification card issued by a 0 00 p. M. I will ask another question. With that enormous backlog of the security background checks in with those isnt we believe that will have a Significant Impact we hired 400 do for the investigators had another 200 in the already see the fruits of that edition to work off of that capacity. I get complaints all the time for private Sector Companies with the enormous numbers of jobs that the ready. The more we can do to streamline or expedite the thinking is critical. And. Nothing q. Mr. Chairman. To access personal email accounts or any other off. Employees with limited access to the bank accounts. Are you aware Immigrations Customs Enforcement Agency they couple years ago preceded the breach at opm had numerous cases where the attacks reusing a federal server were you aware of that greg. No, sir. An area that concerns me that highranking officials using personal email accounts to do business that has been a problem of the other agencies of the state department. One of the things thats concerns me is we pay a maximum amount to protect ourselves for cyberintrusion in James Clapper said the chinese not the russians that we believe hacked opm it is still not fully compliant with the use of personally identify ample information. Where are we on that . For them to access the network is it chip based quick. Yes. And that is across the board so let me ask you this in regard to people pdf on with an applicant there is us gentleman one of the top people who is turning out the best experts and the day that a graduate. We are very much backlog and car and committed to reducing the backlog and cut to that end we have just awarded contracts to increase our capacity and we are trying to reduce that backlog but those of also waiting for that investigation. I was not here for the opening of this hearing but it seems to be a tendency to be politicized and that is where some members want to go with it that is fine but the seriousness of the breach requires that then data systems are secure and one thing i may suggest is doing got a background checks while still in school so when they graduate we will not lose them to the private sector. But to have quicker access to those available is that something opm might consider could be expedite the process quick citizen reasonable to think somebody could get a really good job somewhere else but then just to wait months quick. We do have some programs redo have a fellow program where if people feel apply or recent for and graduates apply then they are vetted. To my knowledge we do not do background verifications if they received a conditional offer of employment to trigger the Background Investigation. The purpose of the hearing is to make sure we are secure and we will do whatever is possible. I will not recognize the tournament from wisconsin. Said gao recently found on sorry we have to go to the democratic questions first. I know you would not purposely not recognize me, mr. Chair. Yesterday the Ranking Member sent a letter of the serious violation of the constitution to the president S National Security adviser of the russian back Television Moment and to be described uh principal propaganda receives funding and staffing and direction from the russian government your staff provided for security holders have you or any member of your immediate family never had contact with a Foreign Government or its representatives inside or outside of the u. S. . Why are the individuals oust this question by. Reason is to insure that the individual who is making the decision understands what relationships they may have with a Foreign Government or foreign representative to get to the heart of what that relationship may be. This is the judgment of adjudication our goal is based on the response to gather as much as they could get. Have you in the past seven years provided support to any individual associated with a foreign business or Foreign Organization . Do you know if the general has clearance quick. I have not checked the record i believe he does but i do not know that the and the investigation of the general flynn would be conducted by the fbi. You dont know if he has clearance . I believe he does. Do you know if he reported to the appropriate authorities quick soar if he reported how much he was paid for his trip quick. I do not know. So use date that is the fbi to answer that question put. If his clearances through the department of defense would be through their Security Office in the organization that has that of the record if the fbi was doing the investigation they would reach out to the department and asked. Do you know that has happened click. I do not. Mr. Chairman we need to get answers to these basic questions i am requesting we send a copy of the security clearance application as well as any and all updates he may have submitted with the chair agreed to that . Send me their request. We have a responsibility and we have been talking about this this is an area that i feel we need questions answered. Gao found personal management from that datacenter Optimization Plan a racially that was supposed to be september of last year dino that would be completed a do appreciate that because it is near and dear to my heart it was not complete we are finalizing that as a back up by the end of the quarter. What is the savings for a plan like that . I do not have those final numbers yet. How Many Data Centers to you owe now quick. Today i own seven. We closed to and were coming out of the third one berger i have five left time going down at two. During the day dead discovery breach the relationship with the Inspector General blistering with a lack of communication by a understand things have improved how is that today . Then i say that because we meet monthly with their concerns is a very Good Relationship with that with like to defer to the question to achieve Security Officer. One of the things was to establish a relationship with the Inspector General. Everything from the compliance after to the rollout and then have given us guidance to those metrics and reporting to see why that is evident in the long run as quickly as a rebel deals spirit to make that first rollcall. Highyield the remainder of my time. Director back according to the background check that is not responsible for 95 percent of the Background Investigations. Delays out of series of examples of disqualifying factors that investigators and adjudicators will use to determine eligibility. Based on question on the sf 86, think people think of the association of groups to overthrow the u. S. Government by violent means by terrorist groups are in our kiss. I think of this guideline, zapper . That fair . Yes, that would be a major piece of that category. But the disqualifying factors in the guideline include much more than that. They include whether a Person Associates with or shares the viewpoint of those who advocate using illegal or unconscionable knee to prevent government personnel to performing official duties from exercising constitutional right. Those are questions to be considered in an adjudication. It could include persons who associate or share the viewpoint of those who use illegal or unconstitutional means to quote, gain attribution for her perceived wrongs caused by federal, state, or local government. Is that correct . Also be adjudicated questions. If you investigations uncovered negative or derogatory information in any of those areas i imagine you could race concern with regard to them, zechariah . It would be noted in the investigation afford to an Adjudication Authority to make a determination as to whether that individual should be cleared. Im on a walk you through some examples. If someone said there were a boy scout or girl scout with that reason concern in the guideline . Of course not, is that right. No comes or. What if someone described themselves as the russian revolutionary who is not a fan of our democratic government. Should that raise concerns . It would, the investigator should pursue that avenue discussion with the subject is what that means. What if someone said his goal is to quote destroy the fate. What response with that implicit . That would elicit a very strong line of questioning with that individual and others to determine what he means by that so we can get a full picture to the adjudicator. What if someone says, i want to bring it everything crashing down and destroy all of todays establishment. Should that reason concern . That would be norsworthy. Each of these phrases were used by steve bannon to describe his views and goals according to of the daily he has since reportedly denied saying those things but i mention investigator would still have concerns about them. I imagine they would also want to see numerous reports about racism and views on the website that mr. Bannon used to run. This is a very serious problem. President s takes mr. Bannon to be his chief strategist and senior counselor. That only that, he just reorganized the National Security council gave mr. Bannon a permanent seat at the table while removing the chairman of the joint chiefs of staff and the director of national intelligence. This is at least causes us to wonder about this and question it. Do you, you may have answered this earlier. Somebody is under criminal investigation, i know that we now have a liaison. Tell me how that works. A criminal liaison to try to work with, what happens when you find out some of his in criminal investigation . Depending on what the criminal investigation is, and the immediate seriousness of the nature, we may immediately contact the requesting agency that is asking for the clearance to give them a heads up this is out there. They may or may not determine at that point they want to terminate the request otherwise we will continue the investigation. The fact that going further down the road, and adjudicator would faced with this question is the best individual under criminal investigation. It will be up to them to understand what that investigation is about to make a judgment whether or not that investigation for the one surrounding it would be disqualifying for access to classified information. Essentially weather shows an inability to hold onto that. In other words a person could still get a clearance. Yes. And i would assume if that person would then later on convicted of an offense then that probably his would be withdrawn, is that right . Would do that . The individual or organization that issued the clearance would be the organization to rescind the clearance. Based on what they see. If it had already been issued an individual is convicted of be up to that organization to determine whether or not that conviction has impact on the ability to be trusted. My last question. I just gave some quotes that arch attributed to mr. Bannon. If you are to raise if those questions were raised, would anyone go and then say mr. Bannon or whoever said those things denied them, would somebody go back to look to see if those statements were made in periodicals or whatever . How might that affect the security clearance of that person, do you understand my question . I believe i do. First, if we are faced with an individual who had made statements that appear to be counter to the United States, that would be an issue we would pursue with the subject themselves to start with. Twenty example, that individuals that i never said that her feel that way we would use to the best of our ability whatever sources we can fight to get to new issues and resolution to determine what the truth is to the extent that we can so we can give a full picture to the official that has to make that ultimate decision. And if you discovered that unequivocally that that person had not been honest with you, what might the fact that have . That that would be passed on to the Adjudication Authority. Thered have to determine whether that makes the defendants were not. Thank you. And i recognize ms. Maloney. Im really concerned about Cyber Security. If congress is serious about helping agencies improve their Cyber Security, it must the president to rescind, in my opinion his acrosstheboard hiring freeze. How in the world can he move world can you afford if you can even hire the people that can do the job. The freeze that he is put in place undermines the federal governments ability to recruit, develop, and maintain a pipeline of Cyber Security talent that is needed to strengthen federal Cyber Security. If there is a field that didnt change every 24 hours, it Cyber Security. You have to get the youngest, brightest, latest people that are involved in it. Im concerned about this freeze he put in place. I think it was two weeks ago. He has taken other steps to make it more difficult for federal agencies to improve the area of Cyber Security. And then he issued this memorandum ordering acrosstheboard hiring freeze in the federal government. And i want to quote from it and i quote. As part of this freeze, no vacant positions existing at noon on january 22, 2017 may be filled and no new positions may be created. So it seems to me that when it comes to improving Cyber Security, a hiring freeze is one of the most counterproductive policies that you could ever put in place. After the 2015 Cyber Security at opm, federal county scott and then omb director, sean donovan put in place a Cyber Security strategy and Implementation Plan for the entire government. And i quote, the vast majority federal agencies cite a lack of cyber and it talent is a major resource constraint that impacts their ability to protect information and assets. So i like to ask cio, can you highlight some of the challenges that opm has faced when it comes to recruiting and hiring Cyber Security specialists . Obviously you cant do anything if you can hire anybody. So could you give us some insights there . Thank you for that question. That is pertaining to opm in the federal workspace on the federal Cyber Security and it professionals. That is a concern to all of us of how to you keep the pipeline in there. I will tell you from experience in september we had for example five hiring actions out there. We had about a 60 , we did not get to them fast enough before they went someplace else. We have completed that and fill those things but our challenges how do we recruit and retain these folks. I will tell you a comes from comes from the passion of the heart. They come aboard if i give them meaningful experiences, training, they will they will stay. I think were working across the federal space of how to help improve the rotation, if you will from federal service backed industry. In again. We have made strides on it we need to continue to work on it together. I have got to say that Cyber Security is really tied to the security of the nation. I think i dont see how you can do your job if you can hire people. So i would respectfully like to request the chairman think about maybe asking for a waiver for the Cyber Security area and hiring. Number one is pointed out its hard to hire them because they are in great demand all over the country right now. That is a prime focus of the country. And so we need to work in this for the good of the country. We are all individuals, im going to write the president mild n and request that he waive it for the area of Cyber Security. But, can you just go over some of the agencies. How does this hinder your ability and capability to improve when it comes to securing it systems when youre not able to hire people . How does this affect you . Congresswoman, in terms of the hiring freeze, this is a 90 day freeze. There are many exemptions to that freeze primarily in terms of National Security, Public Health and public safety. Isnt thiS National Security . Cyber security . Agency security . Agency heads are able to make that determination into exempt those positions that are deemed to be National Security. If they are not, if they have a position a Cyber Security position that they would not feel they can come to opm and we will review the request for an exemption from the. Have any people asked for exemptions . At this point not that im aware of. I have not seen any request. My time is expired. Thank you. Thank you. If you wrap up questions. Could you please provide the committee all of the other reports conducted in the last years. Is is that something you can provide the committee . Yes, sir sir we can. Thank you. And then mr. Phelan, one of the sad realities of what happened when director archuleta was in place, suspect had legacy Systems Online that dated back to 1985. My understanding is even if you applied for a job and do not get a job at the federal government and you did it after 85 you might have been in that system. What are in that system. What are you doing to take the nonactive records so they are not online in the success of all from hacking . Have you made any adjustments there . It to be honest, i dont know. I know we have done a tremendous amount of securing the systems. Im comfortable that we have both of barriers on the frontend and the ability to fight an active shooter online on the network should it appear. I dont believe we have taken the a tremendous amount of put it off line. It needs to be accessible for any future work we do. To a degree. I mean somebody retired in 1991 and then all of a sudden we have a hack into thousand 14. It does beg the question, why is that system. The new system will have tiered storage on it both in terms on what is live and it will taken to consider some of these things. If youre offline for a while that will go into a different storage system and all be harder to access. It seems like one of the lessons we should of learned was for the nonactive employees. Again, there may be a time when you are experts on this than we are. After certain amount of time maybe it should be more sitting in some mountain somewhere instead of online. Two less questions. Who is in charge . When theres conflict, disagreement, when there is an attack . Who ultimately is in charge . So, through my program in the process we implement a based on Lessons Learned from the 2015 breach. There is a communication path that routes up to the Directors Office to the cio. With the severity and date and details related to that incident. So who is in charge . Who ultimately makes the hard decision if theres a disagreement, question, you have the dod, opm, something, who is the ultimate decisionmaker . Sir. If it is on the Current System that opm and the cio is responsible for, i do that. On the new system as we transition to it dod will. Okay. So that would be mr. Halverson or whoever his replacement is. That is correct last question. Mr. Halverson, you have the freedom of retirement running round the corner. So, given, given your years of service your perspective and expertise, what should congress understand. What are your greatest frustrations and concerns in your best suggestions you can offer us. First, i will think the congress. As you know, working through many of the members here we did get the Cyber Excepted Service which i do think is the first thing we needed to get done to recruit and move past some of the things that were blocking our ability. I do think were going to have to reevaluate the pay scale for Cyber Security personnel and other key positions. We do rely on patriotism. We can recruit recruit people up for that. But the pay disparities are getting out of hand. I will tell you, i, i have lost six or seven people this year who are good, basically because they cannot anymore turn down the offers. I can counsel them against that after certain point. I am totally convinced that you are right. I hope this congress, i plan plan on helping to champion some legislation to give more realistic assessment to provide that flexibility. I do think you are right. And and i think the most important thing that we do and i have said it before and all keep saying it. I think the secret weapon of our country to keep her security is better use of our industry in commercial mobility and agility. You have seen, we have talked with the dod to bring as much commercial into these activities. We are doing it with this system as we build the new. We need to continue the we need to continue it against the federal governments base. That means that we will have to work and raise the bar for industry on security. I will be the first to say that dod included, we have have to get better and our security practices. I am heartened by what i see my discussions with the commercial community. They are starting to take that and we are seeing a rise in their ability to protect data. We need to encourage that and open up our dialogue with the commercial sector on how best to do that and share more information. Again, we thank you for your service and we wish you nothing but the best of luck in whatever your future endeavor takes you. Thank you for your service. We recognize mr. Recognize mr. Cummings and then we will close the meeting. I want to thank all of our witness are being here today. You have certainly been extremely helpful. I express my appreciation to all that work with you. I know you all have teams of people who give their blood sweat and tears because they want america to remain the greatest country in the world. Mr. Halverson. Again, again, i want to join in with the chairman and thank you for your service. I have a brother who is a former air force officer who is a cyber expert. He talks to me all of the time about the demand for these folks who are good. I also said and sat on a Naval Academy board for the last 12 years. One thing that we have done is now mandatory that every student have, and you and you probably already know this, have extensive cyber lessons as part of our curriculum. So we see the significance of it. One of the things that we wrestle with his federal employees feel that they are under attack constantly. Weve seen recently where all kinds of measures have been put forth that really make them feel insecure. Im wondering, first of all talk about briefly the people you have worked with. And what they bring to the table. A a lot of people i think at the impression that the people who work for the federal government are not giving a lot and not giving their best and not feeding their souls as i often say. Youre on your way out. If an opportunity to work with a lot of people. Im sure one of the saddest parts is probably bittersweet thing you have created a family. I was still my children that whenever you get a job you also create a family of people who are looking out for you and who care about you and who sometimes your with more than your family. Can you talk about generally some of the people youve worked with because i know you could not have done what you have been able to accomplish without a support system. If you might just read briefly. I will say having both in the military and federal service, the highest respect for the federal workforce. They do exceptional work. They put in a lot of hours. They do their best on everything they can do. But, im also going to, that i see that also in the commercial workspace when i bring i bring people in. I think this is a leadership issue and if you make any of your employees whether there federal, military or commercial feel a part of the team and you listen to the team, they will give you everything they got to get the work done. Thats what ive seen in the federal government for 37 years. I think when we show people that you truly care about them, not just about them but their families and welfare, i tell the people come to work with us, if they are not better when they leave me, then i have failed. In other words, if the skill ever is levers not higher, if theyre not more proficient than i have done something wrong. Because i want to invest in them. I want to be a part of their destiny and touch their futures even when im dancing with angels, i want to know that theyve gone on to do great things because our nation really needs the very, very best. I can tell you that working with the chairman, we saw that. And working i give the chairman a lot of credit because when we looked at the secret service, he and i made a concerted effort to say to the secret service, we wanted the elites of the elites. We wanted the very best. We wanted to create that culture. I think were moving towards this. I dont know that weve got area but were trying to get there. Weve done that in the number of agencies in a bipartisan way. Again, the reason i raise the question is because i just want the public to be reminded that there is a vast array of federal employees that keep our country the great country that it is. I want to thank all of you and everybody who back you up for doing what you do. We still have a lot of work to do as you have made very clear. But i believe we can get it done. Thank you mr. Chairman. And thank you. Please note the men and women who work within your departments and groups how much we do appreciate. Its a tough important job. We do appreciate it. Thank you, the committee stands adjourned