For cybercommand please welcome back admiral rogers commander of cybercommand director National Security agency and several other titles. We are grateful for your many years of distinguished service with your parents today threats continue to grow in scope and severity but the nation remains unprepared to address these threats is a defining feature of the 21st century. As a result the committee is focused on cybersecurity concern of a lack of security we were hopeful without any serious effort from Alaska Administration the new litmus ration would have on within 90 days of the inauguration. Ninety days have come and gone but all policy provided while the executive branchs disheartening this committee has not stood selfhood but has adopted more than 50 provisions to enable the department to defend against threats in cyberspace. Cyberis an issue to require an integrated approach we simply do not have that now. The very fact that each agency of government believes it is responsible for defending the homeland we have with those themes that the adversaries would use against us most notably divided kingdom has recognized that approach but with the recent assessment of the National Cybersecurity center that would help to address the deficiencies here in United States those that should be evaluated to address those deficiencies the coast guard has an interesting mix of authorities to be just as applicable in cyberspace as territorial waters. With the United States to seamlessly transition to the military authorities. It could be a powerful tool to impede the existing organizational structure with the handoffs to the entity for for their response of the mediation or lawenforcement action progress for the efforts of department of defense by vendor stands cybercommand is on track to reach full capability for the training in the fall of 2018. But unless we see dramatic changes of the future budgets i am concerned they will respond to Malicious Behavior and in short. Services began to prioritize or deliver the cyberWeapons Systems to be headed down the path. And those to replace those individuals at the conclusion of there first assignments on the Cyber Mission force. We have already heard about puzzling issues specifically out of the 127 cyberofficers completing the first two were none with back to the cyberrelated job that is unacceptable to suggest a lack of focus. With a steady pipeline talent those of we have trained already is essential for the cyberMission Force admiral rogers to a to to help us better understand to take a closer look at the existing models of those services are sufficient or if we should consider a different model we plan to have another hearing with outside experts of the cyberservice. And this is before the committee. Thank you very much let me join you to have welcome admiral rogers. But a with the testimony until the importance of cyberthat we face. Something to for your service and dedication. With his espionage and theft of intellectual property to support the military and economy so now to experience firsthand of that manipulation and distortion to threat in the bedrock of our democracy and with those cyberattacks now the scope of what we are defending against and it even takes on greater urgency. In just one years time Intelligence Community has warned that the Russian Election interference will be a normal. Well designated as Critical Infrastructure with that of louis operation to continuously conduct. , those to deter such actions as secretary Carter Commission and to serve on the task force to testify twice this year. They advocate the operations through cyberspace what key leaders on the other side value the most that could include their own Financial Wellbeing to be turned the cyberattacks. With that across the department of defense across the local government involving dod the Intelligence Community we have not seen evidence yet delaware appreciate those problems and intend to address them. Cybercommand specifically with the Cyberspace Operations with expelling intruders out to penetrate the networks of adversaries. That this mess is that element conducted through cyberspace. Sa and then we urge you on these managed of these matters. Welcome back. So the opportunity to talk about the hardworking men and women of cybercommand to describe how that conducts efforts of the domain to support the Nations Defense against sophisticated adversaries. That the nation needed a military command to focus on cyberspace with the support elements given the responsibility of the Department Systems and networks and also relies on cybercommand to build forces and be prepared to employ them with critical ever structure to require support the pace of conflict has intensified the last few years not one day has gone by the boc one yvette occurring somewhere in the world. Consequences for military and a nation at large those sectors that are operating with sophistication and speed and precision as they continue to expand their capabilities to a dancer interest through cyberspace to undermine the United StatesNational Interest to those of the allies. It is the unfolding according to a cell logic continuing to better understand we use this to enhance the department of Situational Awareness of management of risk. To update on those initiatives the frame lines of operation to support the joint force commander objectives to return those two critical of a structure. Full spectrum Cyberspace Operations to ensure the allies denied the same to any adversary. The Information Networks includes Weapons Systems and platforms to complete a bill out of the cyberMission Forces to be fully operational by the end of fiscal year 18 and to hold targets that risk. That is critical to the National Security interest with the unified combat and command status with the u. S. Of cybercommand director of the National Security agency to oppose partnership with the nsa in benefit Cyberspace Operations with that may evolve as it has efficiency in the future. The National Defense authorization act is a separate provision for splitting bad arrangement this is another provision that i support to Cyber Command will in gauge over other matters with the responsibilities and authorities over the coming years including cybermanpower to build capacity to streamline the acquisition process that our critical enablers to have the dynamically changing Global Environment along with the office of secretary of defense to work with you and your staff to iron out those details the are motivated to accomplish the assigned emissions missions. To secure the system now works counter adversaries objectives through cyberspace. The command operation to create a cybereffects on the battlefield their cost of the emerging to meet the requirement as they look a those operational approach is overtime. This combined with agile policies faster Decision Making process broader concept of operation and smarter command and control structures the men and women thank you for your support as they overcome those challenges to allowing to accomplish the mission to endorse those efforts on their behalf. If investment of resources is paying off to help keep americans safer but in other domains as well i will afford to continuing a dialogue and in the months to come. I look forward to answering your questions. So oh to affect the outcome of the election in france idiocies any slack of the chinese efforts to commit cyberattacks or affect elections . No i do not. To have any reduction of russian behavior . No i do not. The committee was told me it cybercapabilities of those cable adversaries will far exceed to defend key infrastructure do you agree with that assessment . Diane agreed in general has why those deterrents are so important. But we would have to have a policy followed by a strategy. Qsr. We dont have that the new team is working on that. The check is in the mail. [laughter] we have the fbi and Law Enforcement to permit does plan security to defend those Computer Networks and the department of defense to develop and employee is the status quo sustainable . It is my question is is it the most effective . My recommendation is the challenges with very specialized and distinct responsibilities is the ability to respond in a focused way it is the key to success and that is the challenge. Do we need a cybercore . In my experience to be successful at cyberyou not only need to understand those technical aspects but the broader urd aspect of which they occur. Some where there is a manner woman sitting at a keyboard directing operations if we went with a unique approach we would generate a force that was positioned but not understanding of that deeper context that is a stronger way to go about doing this. Not a single one stayed with cyber . A you getting the cooperation that you need for your command . I talked to the Service Chiefs personally. One that i am particularly highlighting and i have suggested is that Cyber Mission force that i am responsible for i knowledge there is only one part. Was that received by the airforce . They are clearly working their way through this. I personally have at chief of staff i sat him down the line have the right picture rexene said you have an accurate sense were not where we need to be. So my job is to help them to keep the pressure on him to sustain this. Is in your job you have to look at scenarios. Give us the best and the worst abuse for the cyberattacks on the United States. The worst worstcase scenario has a couple of dimensions about right destructive activity focusing on aspects of Critical Infrastructure including space. But in addition the other thing that concerns me is do we see data manipulation . So what happens if we change the data . That is of very different challenge and third what happens when non state actors that that enables the into go with the status quo . The best is we develop a policy followed by a strategy. One. As you have pointed out in terms of the technical aspects of cybercybercommand has been in the forefront with those of cognitive information that changes Public Opinion have you been tasked to conduct those operations . No we have not that is not part of the defined responsibilities per se. There are some things were doing right now for example, in the fight against isis with combat commanders but i cannot go into that right now but if information is delaware what bin file will be optimize ourselves . When i first guarded by journey given us a uniform with expertise and the soviet union collapsed we decided that would be required to do away with those institutions in need to step back and reassess the. So your expertise is rather limited. The skill set and the personnel. I am the first to unmet. It is not comparable. Not on the day to day basis around the world. So, has been given the lead on operations . Any problem is cybercommand . So redo work closely sold this this day mission that goes to grow what with other organizations so going back to the cold war doing the of radio towers nobody seems to be doing this aggressively. Certainly we aeronaut where we need to be so were you aware of the penetration of the election and 2016 in terms of active involvement . Qsr yes, sir. What actions did you take greg. Here i have to give this to the director of of nsa. And that they were engaged in the effort to inform the fbi to inform those organizations but in turn i make sure the dod and other elements have that awareness of cybercommand so ive become aware of efforts of u. S. Infrastructure. With the department of Homeland Security if for example, so if the secretary of defense to determine they could assert themselves and in this seven not have to do that with cybercommand. Sea would be prepared to disrupt these operations . And then to look back so we have to be much better prepared from 2018. I apologize. After looking at the experience of 2016 the attribution to a foreign state going after the keys systems to be seen. Thank you very much. Admiral rogers and enough be fair to evaluate the article they showed you this morning but are they finding of the new . How did they come up with the billions to come up with nuclear test does that make sense to you . I will not get into specifics but we have publicly its knowledge to see those koreans in a criminal mechanism of if you will. And then to come to that conclusion that maybe right. But one element to generate revenue when we see the growth from 1300 and raleigh have all visited with the policy or lack of policy to make a position there is too much authority at the top of it was quoted december of last year before the committee to say we want to be more agile than the reality is we have to push this authority down to a lower level in certain areas. Does that make sense . Qsr. And to assume the new responsibilities this is an important area in the cyberarena. We have then to begin israel to talk about uh director for this cybersubcommittee meeting the senator that was with me at that time of course chairs the subcommittee we had the meeting editing was pretty productive that they might be doing Something Better it is much more complex. But they also said the three things that was significant. If they had studied the system or other countries as well. Theres a reason to every time i am in televisa vice see him. In fact, we were just talking about some potential test cases to see how that plays out but i look to him and one of the things i have learned is there is no one Single Organization that has all the answers there is the power of the partnership to create a system to gain insider knowledge for a whole host of partners in sight outside the government the academic world is one big civil one example. So being in a position spending at the university of tulsa are we having access to the people that will become necessary with the very serious problem that we have is there an effort to promote of programs . There is. We have relationships right now with over 200 academic institutions although one thing i try to highlight is to be larry e. Of creating a cyberforce for everybody who has cookie cutters. Some people will be really good but they have spent much of their personal life and this we have to get the full spectrum of capability. Pcs countries that came in after the of parliamentary election the first time in 96 years there redoing things in addition with a level of warfare. He also started working the they have views those cybercapabilities more than 62005 vendor times over the last two months so this is something that is happening so if you see Something Like example in the ukraine it didnt take any need time im sure youre on top of everything that is happening thank you mr. Chairman and admiral for your service in response to senator reid you said you were aware of the russian attempts to interfere in our election. Are you aware or were you aware of Russian Communications with members of the Trump Campaign team . Now you are into my rule as an essay i am here with cybercommand i will not get into that. And the standard reluctance but i also see you not just as cybercommand as nsa director also. Also. Okay. The chairman asked this is what we see of this behavior a new normal to which he responded i think somewhat yes. How do we counter these type of cyberenable operations and who has that responsibility greg. In terms of russian executions . If you refer to the Intelligence Community assessment we identified many elements involved in the campaign with respect to what should redo the first is to publicly oust the behavior to have a Public Discourse for those that was engaged in the behavior second we have to make this much more difficult for them to succeed to pardon the systems or take a look at the election process and probably look at this end to end to ask what changes to me to make . Third 22 climatize ourselves to the idea and we were back into the time frame of the manipulation of media to be a more discerning reader and lastly we also need to make it very clear those nations states or groups it is unacceptable to me gauge of this behavior and there is a price to pay. At this point is sounds like listening to the previous answers that were in a position we cannot prevent a cyberattack on things like critical of for structure. But when we say prevent that is why deterrence becomes important we won the gold to convince the actors you dont want to do this this is not in your best interest. Ended different setting that is a care, will you share with us under the threat of the attack or the attack with that word deterrence greg. Khanate classify aids setting. That would be very helpful. Would you consider Critical Infrastructure of Voter Registration rules greg. I think one of the challenges the process we used to identify the current Critical Infrastructure areas of the private sector we tend to look at that industrial output associated with it one of the things need to think about now is not just output but data and information existing in those areas of a critical consequence. But in simplistic terms we need to if they show up to vote and that they are not registered voter in the data has been manipulated that is pretty serious that is Critical Infrastructure. Take a look at that definition. O will fall upon the chairmans statement with regard to the cyberofficers cyberofficers, is one of the reasons to be viewed as a career path . That theyre taking officers and to employ them in other areas. You have low wide spectrum of cyberrequirements it is why im trying to make that argument. What we need to do something along the order of one third how do we put them elsewhere within the broader Cyber Enterprise to build that level of expertise across the department . Settlement to sound like the air force is ripping people after they finish the time with us to make them airplane mechanic that is not what we hear seeing at all. News that the way to be a fourstar . You mean could you build a career . Clearly in the military we are in the military i am not above all last person that will do this side of think. With regard to the cyberservice. The cyberis less cybersurfing this but more a combination of active as well as significant reserve. Is any allies trying this correct. Nobody right now who has really gone to the Single Service most try to use the existing Service Structure that is what you do for your career that is what is being done by most nations around the world. Keep us posted. On page two of the written testimony you say they continue to maintain the Initiative Just short of for to challenge the ability to react and respond. So what constitutes an act of for in your opinion in terms of policy of the agency greg. Then model lawyer or a policy individual that involves legality. It is clear not just United States but broadly internationally we have not reached a broad consensus i you would define and clearer actionable terms with the cyberarena looks like. Have a redo that . To get the prophecy people together and to be involved in a broad discussions internally with the u. S. Government and foreign partners to form a consensus help us out for your not aware but a lawyer but one of the first people live and ask what sort of acting in your judgment would go beyond this threshold of four . Is that criteria intent with those tactics or techniques used could be set criteria . It implies People Better focused that is a general conversation we found ourselves in. I am trying to mentally work myself through with a more specific set with the attributes that would be defined as an act of war. Use delaware technical developments are outpacing policies we find that in the commerce area also. But do you have anything new that you dont have now . In broad terms you need to reassess that authority to have the right investment of manpower i am very honored the department is focused on this mission and the first to a knowledge cybercompetes with of broader range but the argument i am trying to make it is within those priorities i think cyberis pretty high we need to focus the investment and prioritize it but we cannot be willing to accept five per 10 years for Development Cycles trading people for whatever will not get us there. Tell us what you need. Yes, sir,. Mr. Chairman following that line of questioning when of uh issues raised is how the government responds to cyberattacks and escalates is there a coherent plan in place to allow the federal government to respond to major cyberattacks and escalate the response greg. I dont know enough to accurately respond some of that is outside of my purview. I am not trying to be a smart ass but not in a position to say that categorically yes or no. I was concerned prior earlier responses your strategy of deterrence because i dont see how deterrence will work with regard to russia to see a continuation to have his systems. What i am looking for you is leadership and coordination to be prepared. Title date you heard me say the strategy is deterrence i thought i communicated is deterrence should be part of a broader strategy and the first to mcnall is that. That transition with a private company and government response are they in place and if not what authorities do you need . Clear is that aspect but i am wondering if it is cultural. That they have penetrated your system here is where they are and a din some cases the responses i will work with you. But in some cases thanks very much we will never hear anything in some cases you saw this play out with some states response to the election. That is the testimony we have heard that if you hearings but to be highly concerned if you dont have the authority or some aspect of the federal government to say to the secretary of state be recognized the states rights for all lections huge use of the Technology Want to pursue as a states rights issue but if you dont have level of sophistication to be certified so i hope you can come to the committee with the list of authorities in place before the next election is not adequate that they think they are covered reassurances that they are by the most highly sophisticated experts in our government to be developed by the department of defense i dont dispute at at all. Befalls with the Homeland Department of security idol speak for them at all but secretary kelly should speak for himself. But i do it knowledge that clearly dod has a role. No doubt. With regard to the most recent election resaw the mills of the successful french candidates also rumor of campaigns launched on the internet and accusing of preparation of the president ial election. How could the United States leverage the cyber40 allies them partners negative should be have of role and how do we deal with those respites. This is more of nsa than cybercommand i will not get into specifics but talking to the of french counterparts to be publicly attributed to penetrate the infrastructure this is where we seek were doing similar things with the german counterparts with the upcoming election sequence more than cybercommand. Thank you mr. Chairman as you know there has been some debate the geographically based counterterrorism strategy were legal authorities depends considerably on where they take place it is similar lead dependent on zeros areas that active. Bid is an issue for us the point that i chide to make i tried to make take diocese for example, it isnt necessarily syria or iraq but to have an impact on that but we have that challenge. Yes maam. Are you bound by the limitations set forward with the president ial policy guidance . Yes maam i have to meet ppv 20. Looking at bat to with the interconnectedness of the nature of cyberspace what impact does that have on your operations . Can you meet the requirements of the Combatant Commanders . Not as fast as i would like for grovel not get into specifics but if this issue came to ahead we can work it out to an reword granted the authorities to execute earlier doing to extend beyond the physical and firemen to of syria and iraq and the first to rick knowledge it is a the fastest processing and the world. You have suggestions that congress should make . Before i go to congress i will have a dialogue with my immediate boss about what a framework with lookalike and then we will come to our own conclusions first. Bad is the policy from 2013 to be reviewed by the department . Department document it is a president ial document. Is the department reviewing it . We are broadly looking at cyberauthorities right now are provided employment to the secretary with the things they may want to look at. So based on your experience where do you think improvements should be made . Everything ive hearing from the current team they acknowledge the structure emplace are not fast enough which is a good step for me. So what do redo . If you except the promise what should we do . It is an ongoing topic of discussion now rather not get into this publicly although they are reaching out to have no complaints. This secretary will breen them at any conclusions for word complex. And dont want to speak for the secretary. In testimony before the house you mentioned an unresolved question about deity generated capacity in the cyberbeen outside the government. Knu elaborate . Specifically what type of capacity wouldbe beneficial in what gaps are you trying to fill . It goes to if we will defend Critical Infrastructure the point i try to make is i dont want to show up in the middle of a crisis and some of these sectors that is my experience from the military discovery learning while in contact is a painful way to learn that increases voss and takes more time and your not effective enough. The argument i try to make to build on the sector with Critical Infrastructure is sound can recreate these mechanisms with the private sector and operate 24 7 . Water be seeing . Du support those capabilities on the private sector . Been a Perfect World would her a greater structure they are putting telemetry on the networks couldnt you share that with us . Prefers recommendation with the private sector is already making those actions. We do that some what but i want to be more institutionalized in realtime. Mr. Chairman for the record we have been having these hearings now for four years and talk about the problem everybody is convinced it is a serious problem for quite appreciate the fact of how you could supply for the record the five things you think we should do talking about it is important but action. Have your smart people think about it. Legislation, regulation, rel ationships, communication, we would all find that helpful is an echo of the question from earlier. Second we have approached this with the government the approach i think it should be whole society because it is an odd situation where you have government for sherbrooke those vulnerable elements are in the private sector like financial systems, guest, pipeline, el ector, we had a situation 2011 cyberbill regulatory to the private sector but failed there was great resistance to regulatory approach. We dont have some to defend themselves against russian mobs or missile attacks from north korea. We do that what about a system where we work with the private sector to assist them financially to install those measures and in exchange they could get some compensation of liability and free stuff . But how redo that without them taking their foot off the gas greg. Generally that gets a better outcome than polarization penalizing but the question that you raised that the traditional enemy have a strong wall and cybershows much of what we are seeing is a National Security issue to have a whole approach of we handle the. This is the training government and the private sector but of all street goes down. I agree. And to support that amendment getting into the National Defence act last year said 180 days a report is due for nonmilitary options available to deter correspond to imminent threats but that date is coming just to remind you. This is a way to force that development of cyberpolicy the the president has 180 days to describe those actions that could warrant a military response. I know they have a lead they will respond formally we have been a part of that process. I am delighted that is worked on because one of those gaps is a coliseum and a strategy is critical because right now deterrence does not work and finally as retired about this think about what the russians did in 2016. There were three components of packing and leaking the the Voting System which did think is a very serious issue but the other was information and manipulation and that is hard to adapt with those that have the first amendment. What we need to think about it is a heightened level of Digital Literacy to understand when they are being misled and manipulated. My wife has a sign that says the most difficult thing on the internet is to determine the authenticity of of quotation from abraham lincoln. [laughter] behalf to understand this is a whole new lovell to manipulate reports from those french elections that isnt illegal to say he had them but had defender self against that . Think about that how do we educate our people to be more discerning crux of america this the brave new world for all of us. It is particularly challenging in the country that values freespeech. Admiral rogers thank you for service to our country. Wearing two hats what is the earliest date you think cyber, should be elevated to commack and come back and comeback and command. It is a policy issue that is not fair to think we can do in a reasonably short period time. Instead of the criteria before such a move was made. We have identified those tapes those steps im confident we could do this in a short period of time. Can you say what the activities have to be . We have identified to shift current responsibilities down to us make changes from the document signed from the of president to outline what combat and commanders insist with the geographic aspects we have to make the changes. Then we have identified investments. There is an advantage to have to separate organizations while the information would be shared would be any different manner. But those activities would be different. Can you share the Positive Side of a move like that could. I am on record to say recommendation is after six or nine months seeking to the conclusion the answer is to separate the two to remain closely aligned because they work in the same battle space so it is still a unique relationship in the long run it is the right thing to do with a series of steps that each organization is optimized to achieve a successful outcome particularly with the cybercommand but it could be done within a reasonable period of time. Have you classify that infrastructure and what efforts it is cyber, taking vital to the deity mission wrecks. Diana stand. With the Defense SecuritySecurity Service to make sure that those businesses of infrastructure have access to information and i spend a lot of time focused on this not that it is unique but that is dependent on capabilities so how can we speed up the process . It is hard right now to deal directly with the framework created overtime potentially we could amend that with companies that have a direct relationship to provide capabilities or infrastructure. Also be pick a couple places those that are a little more isolated with some test cases with Critical Infrastructure on the island to highlight how we Work Together very closely because there is no alternative generator. We forget it how critical blow cyberaspects are can you think of any other areas that require dominant sea dominant in cyber . Our success looks at the ability of the rest of the department of the of broader ability. Welcome back admiral rogers it has become evident to meet me Crystal Clear that russia has mastered the domain and effectively sets up a situation to coordinate those fake automated social media accounts for those to amplifies the stories effectively that is true of thick noose for real news said those are proving with daytoday business as well as the lead have seen in europe so does cybercommand have a role to play as a threat not just a reality . If you look at the low weighed the spectrum and information dynamic plays out, but i am so focused on executing missions let me get the structure set im trying to conceptualize and my own mind how we bring that cyberwarfare how do we do this in the integrated way . Were not there yet. What is the right way for word . You have people assigned the issue of thousands that are out there as a mechanism that look like social media accounts theyre really just automated that takes a story that interested 10 people and makes it look like it is interested of 10,000 now negative news feed shows up so have elected that capability to make it clear that they are not genuine . Because it seems if you take that piece out on a constant rolling basis you have dramatically diminished impact. With that scenario that you went through. They were focused largely externally. But this is not attached to actual people in the United States. Though wade that this will go next you will see domestic manipulation and for us right now i am not directly involved but with government efforts to generate insight we share with major social media providers will be believed to be criminal but is of threat to the nation. See you can go in relative the realtime . American some cases reported cent immediate realtime but i get enough to show the ambac comprehensive effort. Im trying to engender a broader dialogue we have to stop looking at this with one individual. That speaks to the relationship with their Financial Services or utility or media. From your perspective, what more can we be doing to help them connect with our National Guard and their capabilities, what else can we do . I can walk you through what pennsylvania is doing, delaware, washington, its interesting to me. I think to myself you are in a different world. The biggest challenge, and it is one that ive outlined about six different priorities for Cyber Command if there are things we are going to focus on, one of sixs motivations try to partner with Northern Command as well as the National Guard bureau so we are seeing the investments which i am very supportive of and appreciative of. How do we create a mechanism so that we can actually apply that in real time. We are doing something now where the air force is activating sequence in the guard. If we had a major cyber event i feel very comfortable about understanding is going to do what. Im curious about if it is not something catastrophic or where the dod active force is viewed as the responsibility. How do we apply them and what is the control structure in place. We do that now and its a very mature in terms of how we respond to natural disasters and we have a great process. Maybe it runs parallel to teams where they provide backup in case of any sort of incident in the super bowl and things like that. We always have them on standby in as we look at major events and progression whether it is elections or others throughout the year we have those guard capabilities. One o one of the other challenges in the guard construct is based on state. I have the council of governors and the tags in many instances the state is going to be counting from the cyber perspective into the cyber arena doesnt reside in the state so how do we take advantage of more broadly and im trying to figure the construct on something that isnt always defined to make sense. A number of my colleagues moving on to a different topic keep the personnel they are so theres been a lot of suggestions about bringing civilians and fill in the gaps. But they also stated that each dose is not a luxury. It is essential when you have a military. When we put look at things this how do we make sure it isnt being deluded fox its the reason ive argued creating the cyber force. The nationstate can do this and civilian cannot. To bring the total spectrum active reserve contractor civilian, private sector not to bring together one single slice so i would be wary about swinging the pendulum too far in one direction away from a piece of that. Thank you mr. Chair. The office of the director of National Intelligence released an assessment on the activities and intentions in recent years and general clapper testified regarding this report yesterday in the judiciary so we all know that do you feel the actions in the cyber attack it should be viewed as unacceptable. It is not a behavior that he wants tyouwant to encourage or r that you want to see repeated. How to get there is the challenge. What is your opinion of the role of the military in preventing these type of events. Our job is to generate insight and knowledge that help inform a potential response and ability to get ahead of the problem to identify in advance intent to do something that all arms policymakers and military commanders with the ability to engage in the operations or choices that communicate to the other party we know what youre thinking about doing. And the Cyber Command side, again, if we define the infrastructure to the nation and we are directed by the president or the secretary we can apply the capabilities in partnership with others because we wont be the only one in the department of security we can apply those capabilities proactively with some of the owners. It was very clear by general clapper yesterday they would continue these efforts and we know theyve been doing this since the 1960s or 70s that thebutthey have many more toolse toolbox. So you are still awaiting direction for everyone to coordinate the efforts to stop. I dont have a defined mission here. We need to do that for everyone to come together. They continue to increase the Cyber Security capabilities and advance to Cyber Attacks and theyve placed the focus on the advanced capabilities. How does that work with the other commands to counter the threats they face . I partnered with honolulu two weeks ago and i try to get out there every six months. I try to do this with all of the Combatant Commanders around the world. Are we meeting the requirements. Cyber command in many ways. Much of the success is going to be defined by others and that is the way that it should be. So we spent a good deal of time outlining capabilities. It should be the priority for how the capabilities are appli applied. And the meetings with the other Combatant Commanders part of the function to encourage a. We have to do the same thing in cyber. As other Government Agencies try to fill their requirement as well, i would like to know specifically how important it is to continue the nonmilitary investments in education particularly in the programs for the growing need of the Cyber Command. The workforce is going to be a spectrum from the guard and reserve and contractors. For much of the active piece, much of it will be done by the private sector and not by the government. So as i said we have relationships with over 200 institutions and its one of the reasons why we spend a fair amount of time. Tell me how you generate a workforce and i acknowledge that there are some differences but there are some things i could learn from you about what works for you because it cant be all about money. Thank you mr. Chair. Admiral, its good to see you again. Youve been on the job about two years now. Three. If you were to go back three years ago and were in the same Committee Hearing with the answers have changed substantially . Where in other words have we made significant progress . We have capability. We are actually using it. We have a good way ahead. We have a commitment to that way ahead. As you go through this, when you think about the competitors is the gaps narrow or wide between the capabilities to defend ourselves and to potentially respond to narrowing the gap i would also tell myself you are not moving fast enough. We acknowledge we are not where we want to be. Over the last three years the sense of ownership and i for one think we are making a huge mistake if we leave this hearing or if the private sector thinks we are coming up with a solution but they all benefit from. Its what the consequences should be that we need some security ourselves and our businesses and homes and states. How have they improved . Some have made significant improvement. Others, to go to your point its hard to expect the police force to stop burglaries not just unlocked that open. He will turn all the lights on and leave the house for an extended period of time and say feel free. Thats not going to get us where we need. We havent been in here for a hearing a week before and how do we get to the point that we put pressure on the private sector not to mandate that to use it as a distinguishing factor choosing between one potential contractor or supplier and another. If you want to do business in the authorities is that within the Current Authority . We made some in the contractor will language. Did they try to define in the discussion i think that we were talking about needing some sort of thirdparty suppliers, maybe a state agency adhering to a baseline standard. We could do an assessment or an inspection. It is the kind of thing looking at the reality they have a supplier base. We need to hold them to the same standard and repeat what we always say in the committees. All you need to do this understanis understandthe supplr that one critical component that shuts down the ability. After elevation how do you envision a standard operator and what are the priorities . Now w now we are into a kind of what if scenario. I just dont like getting into the what if kind of things. Now we need to let the process play out and see what bottomline they come to. On behalf of chairman mccain, senator warren. I want to ask about the importance of the nonmilitary agencies which includes defending the United States against Cyber Attacks by the nonstate actors. Our Department PromotesInternational Norm in cyberspace and helps make our partners and allies more secure. I think youve already talked about that and it counters the online radicalization by the nonstate actors everyday. I want to ask with reductions in funding to the state department and counter radicalization programs make the job easier or harder. I am concerned about the significant reductions to them on dod departments proposed by the administration. Hes agencies provide critical support for the work and i just want to make sure that doesnt get overlooked. But i also want to do is follow up on a question senator hirono asked. They helped the preferred american president ial candidate and last week they did exactly the same thing in order to help the preferred french president ial candidate. They need to step up the game and their gameand i know you arf that. You stated in the testimony that improving the Network Defenses and building a Cybersecurity Culture depend on skilled people so i would like to press you on the question how we recruit and retain cyber warriors. One of the witnesses said that the military recruiting system is so focused on filling quotas they end up recruiting only today to execute the missions we would need a decade from now. Can you tell us about your recommendations to ensure we are recruiting the right talent and the threats that we would face tomorrow . Its the digital warriors in the 21st century and the images we are the cutting edge of something brandnew and everyday we are shaping the future in a way that nobody else gets to do and we are doing things that nobody else on the outside can do. We have a focus and a vision and we are driving so we are looking for how to get ahead of this and then one of the skill sets that i need this is one area that i would highlight. Im saying to myself right now we are probably not optimized for the data requirements, so what kind of skills do i need is that a uniform scale, with a contractor makes more sense, is that something that the reserve can do and they are going to stay there and do that, that is probably an example saying to myself is still in my mind we havent developed a plan. In the 2017 Defense Department authorization we gave a lot of flexibility on how to recruit talent. So let me just ask do you have all of the authority that you need or do we need more exemptions from federal hiring malls and other changes come to help you in your recruiting efforts not just today that from todabut fromtoday and a year frd a few years. I find the ability we are lagging. Is this something we are failing to understand and not optimizing the outputs that we need im not at the stage yet but i told the team if we come to the conclusion we have to ask for more authority that is what we are doing. We have to take advantage of the willingness and the committee to work with us when it comes to flexibility in the capital peace. I know how much you have invested in the cyber military force and the Mission Force overall that you have made enormous progress that i hope youll let us know more in advance. Let us know because if you need more flexibility you should have more flexibility. Thank you mr. Chair. Thank you for everything. In the testimony we heard this good to see you again. Thank you for everything. The Science Board said, quote, for at least the next decade. Creek Critical Infrastructures. Part of the challenge is, decisions and priorities made decades ago, not reflective of the Digital World we find ourselves in today and the cost of replacing that fixed infrastructure is huge. It is not likely we will replace that infrastructure in the near term. The scale is beyond the ability of our society. On defense, deterrence, detection from your earlier testimony. My question is in an open hearing like this, on the offensive side do we develop offense of capabilities as well. Developing offensive capabilities, we are relaying those in the fight against isis. I would rather not get into the same standpoint. I would like to move to the question of the day, how do you stand up to this, trains are a major part of this is you said. Between 201316, the office of secretary of defense and the chief of staff were supposed to come to an agreement on a joint Training Program funded by services on cybermissions. Can you update us on the status of that agreement . We will transition to that model in aps, initial outfit of the cybermission using much of the nsas infrastructure, speaking as director of nsa to use nsas structure, schoolhouses, National Encryption schools to do much, not all but much of the training associated with the initial force. That build out and full operating capability is due to be completed and we are on track for 36002018. And the training and development and sustainment of the force would transition to Service Structure, we are on track to do that right now. With each service develop their own cyberwarriors . We have mandated training standard by physician. Each service that oftentimes partnering, there is Navy Training in pensacola, we all get together and say given single comment standard with qualification process, what is the best way to make this work, what service has the best capability, how do we manage broadly . That is the only way to maximize . You mentioned context which is why you dont favor a unified force. Having experience with Large Organizations i am concerned about the trade off. We are in crisis stage with regard to our ability to detect and deter. I understand longterm the ideal might be to have service because of the context of the dimension. In the interim phase in this crisis mode, do we have a sense that that might be counterproductive to our ability to stand up to the immediate threat . It would be difficult to do in the short term. It would take a longterm structural cultural change. It is another reason i would optimize structures and mechanisms that are in place. We have to hold it into account, you cant just do what you want to do. There has to be accountability and oversight but i am comfortable with the current approach it will generate even as i acknowledge it is not moving as fast as we would like. There is a mismatch between current capacity and capability. You mentioned earlier history has been the extraction of data in the system, that is the primary motive for state actors, extraction of data, north korea we saw a difference when they started placing what i would call sleeper embedded probe or whatever for a bit of your event later. Do we see a continuing growth in that type of activity, any evidence of that . You see every nation state penetrating a system. They study it, understand it. There is a system penetrated, the actor manipulated change. That is one of the key things we are looking to do litigation when someone penetrated the system so that is the spectrum. Have we seen any in the us . I have seen nationstates engaged in activity in the us where they are not interested in longterm presence extracting data. Always a pleasure to see you and enjoy your testimony. The Semi Conductor industry would generate major challenges in addition to fundamental technological limits that are being reached in that area and a strategic pushed by china to reshape the market in its favor using industrial policies backed by 100 billion in government directed funds. With Semi ConductorTechnology Critical to the operation of critical us Defense Systems i am concerned chinas industrial policies pose a real threat to us National Security. Tools that you are very familiar with to deal with this, the Interagency Committee on Foreign Investment in the us. The nsa is a key contributor to National Security assessment, the military services, combat commands have a role in this process, cyber calms leading role in the department how is the command posture to support for severus process for potential foreign mergers and acquisitions that have significant implications with the Cyber Mission . Predominantly in iraq the process, the nsa side, one of the implications for the future, it is just one input i tried to make with the new team, we need to step back and assess the process and make sure it is optimized for the rules of today and tomorrow, im watching nationstates rate inside knowledge about our processes. They understand the criteria broadly that we use to make broader policy decisions, is it acceptable from a National Security perspective . My concern is you are watching some nationstates change their methodology to try to get around this process . Do you feel sylvias is adequately resourced and authorized to make the changes . I am not smart enough. We are just one element in this process and it is not something over the od writ large runs per se but i do think we need to ask that kind of question to ourselves. That is one of the things we need to be doing. I would like to turn back to the discussions we have had related to the involvement of the private sector, to be involved in any Security Operations and i know your teams have operated cyberguards over the years. The most recent when you were involved in simulating an attack on the northeast, attacks on gulf oil facilities, ports in california, all of these entities are privately owned and not part of the department of defense. The prior exercises like concerns the large portions of the exercise take place in a classified forum which places limitations in public and private sector, and the arrangement certainly is designed for capabilities, the importance of doing fat. The approach may fall short in preparing participants for a real world cyberemergency that could be catastrophic. How did you balance the need with the realities, that would necessitate very broad support, with unclear citizens and entities. One of the reasons we change the cyberguard in the private sector but if you look at the scenario. They simulated activity against the power grid, the petroleum industry, on the west coast, and we would like you to participate in this. And in terms of privatesector for the Infrastructure Associated with supporting those entities. Can we create an exercise, tabletop exercises, and we also do regular tabletop exercise at high level. The classification aspects of this, in that complex. A lot of talk about russia today and how they hacked into those emails. Continually referred to the president as russias preferred candidate, she is referring to the intelligence assessment january 6th, primarily written by your agency along with the cia and fbi. This brings in mind the curiosity from the reports i wanted to raise with you and the key judgments, aspired to help president elect trumps election chances when possible, and publicly contrasting her unfavorably to him. Agencies agree with this judgment, cia and fbi have high confidence in this judgment, nsa has moderate confidence. Would you explain the discrepancy. I wouldnt call it a discrepancy but an honest difference of opinion between three organizations. If anybody is unhappy mike rogers, i was struck by every key judgment and report, multiple sources, multiple disciplines and able to remove almost every alternative rationale i could come up with. In the case of that point, the same level of sourcing and multiple sources from different perspectives. And still agreed with the judgment. From a professional analytic perspective, not at the same competence level in the form of john brennan and jim comey. One point, russia wanted to hurt the chances and help Donald Trumps chances. Correct. That is hard to disentangle since an hour election, if you dont have there was pretty specific intelligence to differentiate. On each of the aspects of that statement. We dont discuss classified matters. A lot of open source matters, donald trump is the candidate who wanted to build up our defenses, expand our missile defenses and modernization oil and gas, none of those are very favorable to the kremlin, did your agency take those into account . Yes, sir. Looking at the last eight years, the Obama Administration in 2009 reset relations with russia six month after invading georgia, 2010 a new start. President obama said Ballistic Missile defense, at a president ial debate saying russia was the number one geopolitical foe. In 2013, the redline in syria, with russias closest middle east ally when president obama accepted Vladimir Putins offered to remove chemical weapons from syria which we know was a failed effort. 2014 which stood idly by during the crimea invasion did not offer inventive weapons when russian backed separatist started doing that despite partisan bipartisan support from this committee, by that point we have been ignoring treaty violations that the military now acknowledges. 2015 russia had a massive surge into syria continuous effort to Block Security council resolutions, 2016 they pummeled aleppo into submission. They objected to numerous provisions i wrote in the intelligence authorization act Holding Russia to account and increase the amount of time buzzing aircraft and warships in europe and the arctic. Donald trump promised to reverse those policies. The intelligence of the russian perceptions. Given eight year history of the Obama Administration the russian intelligence and leadership to undertake the hacks of those email systems and release them. You are into political judgment and that is not my area. Thank you very much. Just to follow up, admiral rogers, on this issue of moderate confidence, did you have a high degree of confidence there was an effort to discredit one candidate and only a moderate degree of confidence there is effort to support . I concurred in the report in the sense we had high confidence in the judgment that the russians clearly were trying to undermine our democracy and discredit us broadly. They wanted to make sure candidate clinton didnt win and undercut her effectiveness should she have won. High confidence in that and it was the last part and they wanted candidate trump to win. A year and a half ago by general dunford, this is the nationstate he would review is the most significant adversary, he testified based on capacity and intent, in your domain, cyber, do you view russia as an adversary, have they taken actions that put them in position as an adversary of the United States in cyber domain . Watching them engage in behaviors that are not destabilizing. Would you agree that france is a nato ally and coalition . You are aware of the reports in the last few days that there was significant evidence tying russia to a hacking effort to destabilize the french election, that is something we should take seriously when an adversary tries to destabilize the government of an ally. There was an article in the New York Times the day before the election saturday the sixth with fascinating headlines. Us far right activists promote hacking attacks and the article was about the effort by groups in the United States to spread the hacked documents in many instances before wikileaks was able to. If we should take seriously an adversarys cyberattack on democracy of the ally should we be indifferent or concerned about efforts of americans to Work Together with or in parallel with an adversary attacking the democracy of an ally. I apologize, i am not sure i am understanding you. You testified in response to my questions that we ought to take seriously if an adversary tries to cyberattack and destabilize the democracy of an ally. If american organizations are working together with or in parallel with an adversary as they are trying to attack the government of an ally, france, should we be indifferent to that or should we take that seriously. We need to be concerned. If we are concerned, should the Us Government be concerned in this case, i will introduce this article for the record, if we should be concerned about the efforts of folks in the United States to Work Together with or in parallel with an adversary like russia attacking an hour i like france, where should that concern lie in the federal government, is that a Law Enforcement matter, dhs matter, and is a matter or Cyber Commandment . Depends on specifics of the scenario. It is a complex question. I part the article in, if individuals were taking hacked documents from illegal russian hack of the french system and disseminate it, something where would that concern lie. Initially informed opinion comes to mind. There has been debate about whether there is a good shutdown of the United States government. Can you see any circumstance under which fibercommands mission would be benefited by a shutdown . No. I know you are asking, what we went through in 2013 it is four years later anytime there is the merest hint of this potentiality i we going to go through this again . You said this wasnt going to happen. I thought they were committed to attend our mission. I dont want to work in an environment where every couple years im jerked around about will i come to work, get paid, do they value what i do, we just want to do the mission, have the support to keep moving forward. Senator graham. Thank you for your service. Director comey said a couple days ago and the hearing i was involved in in the judiciary that russia is interfering in american politics, do you concur with that . Yes. Among nationstates he russia had the most capability and the biggest intent in terms of interfering in the future. Do you agree . Yes. The you agree it was democrats in 2016, can be republicans in the next election . This is not about politics. This is an effort against the Strategic Interests of every citizen of this nation. I agree with you 1000 . Do you agree they could do this and congressional races, house and senate . Yes. You agree if somebody doesnt make a fair price they will keep doing this. Yes. Unmasking, a lot of talk about it. Are you aware of any incidental collection of 2016 candidates on both sides of the aisle . I wont get into specifics in an unclassified forum about collection writ large, but i will say we acknowledge incidental collection occurs but we have a very strict process. Can we build that out of this . The only way you can collect on an american citizen inside the country is a warrant or if an american citizen is incidentally in a conversation with somebody you are following. Unmasking is a request to your organization, an american citizen which was. Which of those did you get in 2016 . Around 1900. How many can request the unmasking of an american citizen . If you are an authorized recipient, we use two criteria. Number one, the requester must be asking this in the execution of official duties, it cant be something need to know. It has to be in the execution of official duties. The revealing of the us person has to provide context and greater value. I am just curious. Within the government, ten people, ten groups can do this, 20. In terms of authorized unmasking. To make the request. If you are on the authorized distribution for Intelligence Report you can ask, doesnt mean it gets approved. The National Security director for one of those National Security advisor on the distribution for most, not all. Every request made . Yes. There is a record of who made the request to unmask the contribution to the american citizen and there is a record whether you granted it, a record of what the person did with the information once they had it. No. There is a record of the basis why did we say yes. We remind every individual once we unmask, authorize and unmasking, we authorize that to the individual, if we unmask a report, at a particularly individual, they dont unmask the report for this report, only the individual. Doesnt change the classification. General flynn, are you familiar with the story not only with the story. Assuming he did not have the 5 the war and allowing us to collect on him, following the russian ambassador, does that make sense . Yes. We would know how that conversation was revealed and to who it was revealed, the request of your agent. It was based on an nsa report. You are the primary one. It depends if you look at title i warrants. Im not talking about warrants. Incidental. A greater potential on the fbi side in terms of collection. Incidental with us persons. Somebody took that information we gained through collection with flynn and gave it to the washington post. That is a crime. That is illegal. Are you concerned about taking the law in their own hands no matter how noble they think you that is why i have gone to my workforce. Lets make sure we understand the professional ethos of the organization, we do not engage in this behavior and if i catch you engaging in this behavior i hold you criminally liable. The bottom line, it is possible for congress to find out who requests unmasking an american citizen, who that information was given to and that is possible for us to know. On the nsa side, that is part of the Ongoing Investigation with the primary oversight committees we are going through right now. Do you know if susan wright asked for an american citizen to be on that . I would have to pull the data, i apologize. Thank you. Thanks, mister chairman, thank you, admiral rogers, for being here again and thank you for your service. We have heard repeatedly in this room as well as yesterday with director clapper that the russians will continue attacking the United States unless they are forced to pay a price and you agree. Yes, sir. Right now, are they forced to pay a price . Nothing that is changing their behavior. Nothing that is changing their behavior and nothing that will change their behavior in the future because to quote you, paraphrasing, they have more to gain than to lose by continuing this tack. So, can you recommend to us what kind of measures should be taken . I know you have been asked this question before, you were asked when you last testify here and you said tools like sanctions can be an effective option, the sanctions in my view, should be increased. I dont argue they are perfect. There will be a point where a cyberresponse would be appropriate . I would highlight when we think about deterrence we have to think more broadly. It should never default. And to the border strength as a nation. Through cyber, americans who colluded or cooperated with that attack should be held accountable. Bradley yes but now you get to illegal policy piece and that is not my lane in the road. Your lane includes defending the nation. Not action against particular individuals. Talk about the group of americans who may have colluded or cooperated with the russians in enabling or encouraging this kind of attack. And by the way they violated criminal law. It is appropriate and necessary. If i violated the law then yes, sir. Im not an attorney or a lawyer or Law Enforcement, not my area of expertise. The russians enabled and encouraged in the future. They will be paying less of a price as well. I feel like we are in a time warp. Because when you were last here we agreed we need a policy and a strategy as the chairman articulated so well and we dont have one. Can you tell the American People whose responsibility it is to develop that strategy and policy . The executive branch, multiple components, it is in the executive branch. A new team in place working their way through this in fairness to them. This is a complicated topic with a lot of complexity and nuance. I know these discussions are ongoing. I have been a part of them. I am grateful the team is willing to reach out and say what do you think . What are you thinking about you i dont want anyone walking away thinking nothing is going on, not something to proactively grapple with these tough problems. I want to conclude by stressing again, for an attack on the country, requires compelling americans who cooperated with them to pay a price. And strategy and policy for knowing when there is a cyberattack on this nation when it is an act of war that should prompt a response in cyberdomain and other military domains or economic sanctions that made forced them to pay a price. And policy of deterrence, in my view and abject failure. Not desiring that result, that is true. Good to see you, thank you for your service. We heard over and over again in multiple hearings, we have our cyberhearing and Homeland Security tomorrow so this is really timely for me, about poor information sharing and understanding the challenges of classified information. My staff has tried to chart the National Cybersecurity structure for me and one thing that sticks out to me is cyberunified coordinated group. It appears to me to be the only place structure is set up under ppd 41 where the private sector entities seem to plug into the national structure. The interesting thing is the cyberunified coordinated group is supposed to be in response to a significant cyberevents, that is the operative phrase. In the united kingdom, the ncsc has realtime collaboration with emphasis on exchange of classified information on an ongoing basis. My first question for you is has the fibersunified coordinated group ever been called into session . Has there ever been ongoing meeting this . Have there been any meetings of this particular group followed out in ppd 41 . It does interact, it does operate. Take a question for the record about that. We participated and i am trying to remember, some of the work we do virtually will taken issue or do it via email and conference, videoconference. I take that for the record. The russian thing is a significant cyberevent and my problem, we spend a lot of time struggling with what our policy is. It looks like to me we dont have anywhere where there is an ongoing meeting structure that integrates the private sector into what is a pretty convoluted set up that we have right now. Can i disagree slightly if i could . It is fair to say the sector level we do have constructs that enable that to occur. One thing that. Points out is we dont have a sector labeled you a selection infrastructure. Like we do in transportation. Dhs made infrastructure as part of the Critical Infrastructure responsibility and that happened last year, maybe in response to this, i hopefully will find out tomorrow. It seems to me when someone is impacting our elections that overlooks all because if you look at this list our National Policies impact chemical, commercial, communication, manufacturing, everything gets impacted. I guess, forget russia for a minute. Are you familiar with the uk model . Very much so. Why arent we doing that . What is wrong and why arent we emulating it more . The uk model basically to paint a simplistic picture, they turn to their intelligence structure, nsas equivalent and said you have the preponderance of capability, inside expertise. We would like to take a portion of that capability to create this National Cybersecurity center, the individual who runs it who i worked with for a long time, they decided in their construct they were comfortable with that. For us on the us side we have always been less comfortable with the idea do you want the intelligence world to be the primary interface with the private sector . They are very comfortable and their view is it was aligning the greatest expertise and capability with the private sector and not the same baggage or history of tradition. On the us side, taking a fundamental different approach. I am hoping with this new team coming in this is an opportunity to say to ourselves are we happy with the way this is working . I have a senior diagram. You heard me say for a long time we have got to simplify the complexity of the structure, if you are in the private sector trying to figure out who i am supposed to be dealing with and why this time it was you and that organization and you tell me you want to go there, we have got to simplify this. I am down for that, the curse, with classified information. I understand that challenge. Pulling this group together after a significant cyberevent there will be a lot of monday morning quarterbacking about whether more information should have been shared. One point. I agree with everything you said but i remind people, perfect information sharing in terms of classified information will not necessarily fix every problem. If you look at reactions to the russian hacker were plenty of organizations provided as specific insights opted for a variety of reasons not to react in the same way and that wasnt about classification. I want to make people i want us to think about that and it is not a simple cure but i know that underlying disease about information sharing goes deep and it is calcified and i want to make sure we are aware of that, thank you. Thank you, mister chairman and admiral for being here and for the job you do. To pick up on senator mccaskill and the issue of classified versus unclassified, the challenge in this case with the russian hack, so much information being an being classified, the American Public doesnt know what is going on. When the American Public doesnt know what is going on on an event of this magnitude that is a real challenge for our democracy. I was not able to hear your testimony and the questions because i was at another hearing but i know there have been a number of questions about the russian hacking and what that means. Have you talked about what in the big picture that means . What is russia trying to do with the hack of our electoral system, the hack of france, germany and what they have done in many of the boston countries in eastern europe. On the us side, the director of an essay, we said in the Intelligence Community assistant three fireman bills, first was to undercut the United States and its broad intervals of democracy, send a message, it is as consistent as everybody else, not high on the hill, perfectly white and perfect structure, they have pettiness against each other so to undercut the democracy. Secondly, they had a preference that candidate clinton not win and wanted to ensure if she did win that she was weakened. The report talks about the third objective was to try, this is where nsa has a different confidence level than my other teammates that i agree with the judgment that the third objective was to help candidate trump win. If you look at the activities in the United States and the activity they have done in france, germany, trying to help ensure leaders they believe are more inclined, trying to assess to be supportive of their positions. In the russian in the french election. And these views of russia and the things they were talking to the campaign about. And National Security policies and how that might impact the russians. Not so much who winners and losers are, to undermine the Public Confidence in a democracy and how it works. That is the same thing, that is an aspect of it. The cyberintrusions, the other things they are engaging in is an effort to undermine western democracy, another way they will undermine the west. To we can them, forestall their ability to respond because there is no political consensus, with citizens i was in poland after the security conference, a number of officials, and very concerned you havent responded to the russian attack, and one of the things, if you do anything about what russia did, and the electoral system, fundamental to your democracy, how should you have any confidence to defend us when russians come after us. We had not been willing to take any overarching action against russia. Havent been willing to pass stronger sanctions, and to take action against them because of their interference. What does that say to our allies . I understand why allies would be complex. If this conduct occurred, i can understand that, you should not question our dependence, you should not call into question longterm commitment. Dont let there be any doubt of that. Russia it is not what you said. It leaves open to interpretation, that assumption. , rogers, thank you for your testimony. Express our appreciation. On behalf of chairman kane, the hearing is adjourned. [inaudible conversations] this morning the Senate Armed Services committee holds a hearing on cyberstrategy and how the us should defend against and respond to statesponsored computer hacking. James clapper, and former cia and nsa director michael hayden. And the cspan radio apps. Later today a look at cooperation between the us and saudi arabia on counterterrorism. Saudi arabias un ambassador and interior minister join former Us Ambassador to saudi arabia on a panel live at 1 15 p. M. Eastern on cspan. Sunday night on afterwards. Physician and journalist Elizabeth Rosenthal examines the business side of healthcare on an american sickness, how healthcare became big business and how you can take it back. Doctor rosenthal is interviewed by doctor david blumenthal, president of the commonwealth fund. Whether healthcare with free market, whether we can solve our problems, free Market Forces. We say probably not. I put a tongueincheek list of the dysfunctional healthcare market. If you think of healthcare, you get two crazy places, a lifetime of treatment is preferable to a cure. Im not saying for a second that anyone really thinks that but that is where Market Forces put you right now. Watch afterwards sunday night at 9 00 pm eastern. A hearing on the Economic Impact of the army corps of engineers and other local officials. The senate, environment and Public Works Committee looks at in