Transcripts For CSPAN2 Adm. Rogers Testifies On Cyber Comman

The [inaudible conversations] the Committee Meets today to hear at all Mike Boettcher is. You have more titles than anybody else. The commander of the u. S. Cyber command, director of the agency and chief of the Security Service given your upcoming retirement this might be the last time you are dropping in. As the recent National Defense strategy identified renewed great power with russia and china and that kind of stands along with what the general said when he said that we are losing our qualitative and quantitative edge as we move into this 3to National Defense strategy. As we approach the eighth anniversary of the Cyber Command, we should recognize the remarkable progress made in the concept establishing the command. Later this year we anticipate the Operational Capability for 6,200 persons Labor Commission force despite the main successes, there are still significant challenges. The committee remains concerned about the hollow cyber force due to the lack of priority across the services to deliver the required tools and capabilities and personnel. Efforts have improved but the fact remains we are not where we need to be. We like if necessary and we have some questions about this during the question time in the fact that i think in a similar disadvantage in the responsibilities that are spread across the dod and the fbi with little semblance of coordinati coordination. We cant just work with a major attack and try to get this rig right. We need to address that to see if we have some improvements that we can make it structurally. Senator reid. Thank you very much mr. Chairman. This is a last appearance by that committee. Let me thank you for decades of service to the nsa on Cyber Command. One of the threats facing the influence operations but mostly conduct through cyberspace and engaged in the sophisticated influence Campaign China has been engaged in Information Operation against their own citizens and their behavior and is becoming more active abroad conducted against u. S. Companies and their own economic gain. And in the attempt to silence the company from exercising three speech these efforts highlight the vulnerabilities in the area bu that we hope will address today. While they are conducting the obligations it still predominantly is designed for the technical operations to defend or attack the system. To sustain the function its not to do with the content of information and the cyberspace, the Cyber Command has made important strides in the cognitive dimension that still has a long way to go to focus on the engagement not merely an operational tactical support to engage forces you to other organizations are responsible for what the department called psychological operations but those components have no expertise in the technical space of the operations. It combines a technical dimension to manipulate cyberspace is because weve separated of these we are greatly disadvantaged when it comes to the adversarys integrated operation include a provision cosponsored by senator mccain and myself. To contribute informationthey cn warfare and a specific strategies, plans and capabilities in this arena to be adversaries. Eager to learn how Cyber Command is responding to this legislation. The other adversaries have mastered the art against the United States interested allies. We testified with the committee be adversaries are using operations to achieve strategic objectives and will continue to do so unless they face clear repercussions. Not only russia but all adversaries in the information sphere as a part of this we need to engage in those against us at the source by disrupting them in cyberspace. The natural mission team is to according to the Cyber Strategy the National Mission teams were created to defend the country by disrupting ongoing Cyber Attacks and significant consequence. Some of these operations in cyberspace are directed against the foundations of american democracy, free expression, political views and Political Party organizations for the significant consequences justifying the use of the team is in the department strategy. They mad made despite numerous s and i want to thank them for their leadership. Finally to understand they are critical on these issues i raised this matter wha with the director of National Intelligence and at a recent public hearing with the intelligence committee, the disappointing answer i received as the president has instructed any action on these threats and in addition it requires not only the Defense Department integrated elements of the warfare but its essential to integrate all of the National Security organizations across the government as a whole. This requires leadership that has been lacking a. Thank you, senator reid. I would regretfully say senator rounds will not be here today or this week with the loss of his father. Thank you for your support and the opportunity to talk with you today about the hardworking men and women in the Cyber Command but first i would like to take a moment to extend our thoughts and prayers t to chairn mccain and his family. They undertake this helpfully and senator mccain, keep fighting and we look forward to you getting back. On behalf of the men and women im here to discuss the command posture and describe how we prepare for and execute operations in the cyberspace domain to support against increasingly sophisticated adversaries. The cyberspace domain that existed when we first established Cyber Command over eight years ago has evolved dramatically. We face threats that have increased in sophistication, magnitude and intensity, volume and philosophy threatening the security interest and economic wellbeing. China and russia got easier as competitive renamed the greatest concern but the regimes like iran and north korea have growing capabilities to conduct the cyberspace activities. Further, several states have campaigns against defense contractors to scout and steel the technologys capabilities and systems. Our adversaries have grown more emboldened to conduct an increasingly aggressive activities to extend without fear of significant consequence. We must change our approach is that oapproachesand responses io change this dynamic. While its evolved, the three Mission Areas the First Priority is the defense of the department of defense information network. Second, enable other commanders by delivering effects in and through cyberspace. Finally, defend against Cyber Threats who support others when directed to do so by the secretary defense and in concert with the National Defense strategy we are churning the path to sustain cyberspace superiority and give up her operational advantage and increased options for Combatant Commanders and policy makers. Without cyberspace we are into n todayare intothese battles thek commission increase across all domains that endanger the security. Since my last update almost a year ago theyve achieved a number of significant mileston milestones. First joint force headquarters are responsible for securing them operating at defending the complex infrastructure as the chief Operational Capability. Second, the joint Task Force Organization that we created to lead the fight against cyber and isis into the broad military campaign. We will continue to pursue isis in support of the objectives and third, significantly enhanced the training in the operation platform to prepare the battle space in the adversaries and we will bring several additional accomplishments to be elevated in the Combatant Commander when i step down later this spring as the combatant command we will have the responsibilities of being a joint force provider and trainer responsible for providing Mission Space ready forces to other Combatant Commanders and to ensure joint forces are trained to a High Standard and remain interoperable. In addition in april, we will start moving into the stateoftheart integrated cyber center and joined facilities. This will be the first fully integrated Operation Center that enhances the whole of government coordination and approves planning and operations against the range of growing Cyber Threats. Within this domain its imperative to evil training and tools of operators we recently delivered the first of several toolkits designed to enable the Cyber Mission forced to work against the adversary networks while reducing the risk of exposure as well as the fight with capabilities that design and to disrupt the use of the internet. The ability to leverage all partners including School Businesses we intend in the coming year to raise an without needing to jump over the clearance rooms for example which for many are difficult barriers. Of course all these tools require you trequire a talentedd sophisticated workforce to operate. The cyber acceptance will help manage and maintain cyber expertise in the highly competitive talent market. Success also remains with continued integration of the reserve and National Guard and in the headquarters we employ more than that parttime reserve perhaps more significantly we are nearing the completion of the buildup of the Mission Force when all teams on the path to each the Operational Capability before the end of the fiscal year. The focus is shifting beyond the bill to ensure we are ready to perform the mission and to execute sustained Mission Outcomes year after here for the sustained effort over time and i realize cybersecurity is a issue that requires a whole of government approach that brings together not only the Government Department agencies but also the private sector and international partners. Over the last year weve increased interaction with Critical Infrastructure within the private sector and a broad set of partners supporting them. The National Defense authorization act included a provision that describes the conditions for splitting were ending the arrangement and the department is working its way through the question is that ultimately the secretary in conjunction to provide a final recommendation to the president. All of us at Cyber Command are proud of the roles that we play overseen by the congress particularly this committee. Finally after serving over four years as the commander of Cyber Command and after 37 years of service as a naval officer im set to retire later this spring and i will do all i can period o period to enjoy the mission continues. Men and women remain motivated and that we have a smooth transition. Im grateful for the continued support and combatant of myself and Cyber Command team and i look forward to answering your questions today. In my Opening Statement, i address the three agencies that are responsible for standing against the attacks and Homeland Security is th to leave for Critical Infrastructure and the pending government Computer Networks and third, the department of defense as the need for defending the homeland and an employee military Cyber Capabilities we have the dod to the dhs and fbi. Though one agency has all of the authority. What needs to be done to encourage the government statement combating the Cyber Threats that are out there. The challenge as i look at the problems in th and the perse of the Operational Committee how we execute and generate outcomes of people. I think that it is less an issue of people not understanding the respective roles in the infrastructure that youve outlined and instead i think the challenge is how do we integrate those capabilities into a tight hole if you will that is to optimize the data level. I think that is the area where i look at the future. Thats where i would like to see us focus is how to ge get down o the integrate the structure of any one of the challenges i of e current structure as i said people understand that the respective roles. It is sent for speed and agility at one of the things we are living in right now weve got to get faster and be more agile. Theres a lot of discussion about the gaps that exist. The adversaries will seek to exploit the gaps and the confusion that follows an attack as various agencies grapple with the authorities needed. What are the most dangerous as yowe look at them . The time it takes to deploy capability and the time it takes to coordinate a response across multiple organizations windows wellmeaning and hardworking organizations or existing in a separattheseparate structures, t optimized for speed. To me, i think the biggest challenge is how we integrate this into an execution levels. There is a Legal Framework and that his and m is in my role asn operational commander but where i see the need for speed [inaudible] theres an ongoing dialogue about the right way ahead of you said previously its treated almost like Nuclear Weapons in the sense that they are outside of the area of responsibility controlled at the chief executive level and isnt delegated now. Anything change under this new administration . I dont want to speak for the policy side, but we are in a policy discussion on this issue and the secretary of defense is aggressive at articulating this concern. There is an ongoing discussion at the moment that i hope will come ahead in the nearterm. I will get. Thanks very much mr. Chairman i have a serious question and it just yes or no answers the Mission Teams have significant consequences. Is that accurate . Yes although if i could get is accurate for Cyber Command. But i understand the point youre asking. For the campaign misinformation is to break. Do you agree that they will continue to deduct the Cyber Operation for the strategic objectives unless they face the clear repercussions. To disrupt the operations where they originate. Im not the most qualified, but the mission team was particularly at the origin have the authority to do so. I dont have the daytoday authority to do that. You need to be directe wouldd by the president and secretary of defense. Have you been to forget to do so given thi this at the second consequence is that you recognize already . I would be glad to go into more detail based on the authority i have is a commander as a commanderi have a nationale that begins some specific work i would rather not go into that using the authority i maintain. The ability of the commander to prepare and structure that you need the direct authority. Essentially we are watching them in truth and spread disinformation and become more sophisticated to achieve strategic objectives and just essentially sitting back and waiting. I dont know if i would characterize it as sitting back and waiting. Its probably fair to say we havent opted to engage in the same behaviors that we are seeking. In the past we have seen threats buildinthreads buildinge point that it manifests which already has weve taken action will just continue to watch the. The technological aspects that you do pretty well in the message versus the meal we are all over the place in terms of fragmentation. Is there anywa any way to pull t back together. Your time is to get everybody wind up. Its designed to the Financial Transactions its not just ideas, its money that motivate the. For the legal financing and to monitor sanctions. Im not knowledgeable about the capability resources but i will say the Cyber Command and the nsa as well spend time working e working with our counterparts about the developing insight and knowledge and other means that give them insight to enable them to take action. Do you think they are effective . I think the economic efforts that are undertaken are positive. Youve seen them with a host of actors. To consider 1200 e. Eight military nominations before the committee for the required length of time in the pending military operations. All in favor. Opposed, no. In your Opening Statement you noted the importance of the National Guard and reserve Cyber Warriors and many of those young men and women bring the cyber schools from the private sector, very important. However we dont mention if they plan to track the Cyber Capabilities found in the Committee Meets<\/a> today to hear at all Mike Boettcher<\/a> is. You have more titles than anybody else. The commander of the u. S. Cyber command, director of the agency and chief of the Security Service<\/a> given your upcoming retirement this might be the last time you are dropping in. As the recent National Defense<\/a> strategy identified renewed great power with russia and china and that kind of stands along with what the general said when he said that we are losing our qualitative and quantitative edge as we move into this 3to National Defense<\/a> strategy. As we approach the eighth anniversary of the Cyber Command<\/a>, we should recognize the remarkable progress made in the concept establishing the command. Later this year we anticipate the Operational Capability<\/a> for 6,200 persons Labor Commission<\/a> force despite the main successes, there are still significant challenges. The committee remains concerned about the hollow cyber force due to the lack of priority across the services to deliver the required tools and capabilities and personnel. Efforts have improved but the fact remains we are not where we need to be. We like if necessary and we have some questions about this during the question time in the fact that i think in a similar disadvantage in the responsibilities that are spread across the dod and the fbi with little semblance of coordinati coordination. We cant just work with a major attack and try to get this rig right. We need to address that to see if we have some improvements that we can make it structurally. Senator reid. Thank you very much mr. Chairman. This is a last appearance by that committee. Let me thank you for decades of service to the nsa on Cyber Command<\/a>. One of the threats facing the influence operations but mostly conduct through cyberspace and engaged in the sophisticated influence Campaign China<\/a> has been engaged in Information Operation<\/a> against their own citizens and their behavior and is becoming more active abroad conducted against u. S. Companies and their own economic gain. And in the attempt to silence the company from exercising three speech these efforts highlight the vulnerabilities in the area bu that we hope will address today. While they are conducting the obligations it still predominantly is designed for the technical operations to defend or attack the system. To sustain the function its not to do with the content of information and the cyberspace, the Cyber Command<\/a> has made important strides in the cognitive dimension that still has a long way to go to focus on the engagement not merely an operational tactical support to engage forces you to other organizations are responsible for what the department called psychological operations but those components have no expertise in the technical space of the operations. It combines a technical dimension to manipulate cyberspace is because weve separated of these we are greatly disadvantaged when it comes to the adversarys integrated operation include a provision cosponsored by senator mccain and myself. To contribute informationthey cn warfare and a specific strategies, plans and capabilities in this arena to be adversaries. Eager to learn how Cyber Command<\/a> is responding to this legislation. The other adversaries have mastered the art against the United States<\/a> interested allies. We testified with the committee be adversaries are using operations to achieve strategic objectives and will continue to do so unless they face clear repercussions. Not only russia but all adversaries in the information sphere as a part of this we need to engage in those against us at the source by disrupting them in cyberspace. The natural mission team is to according to the Cyber Strategy<\/a> the National Mission<\/a> teams were created to defend the country by disrupting ongoing Cyber Attacks<\/a> and significant consequence. Some of these operations in cyberspace are directed against the foundations of american democracy, free expression, political views and Political Party<\/a> organizations for the significant consequences justifying the use of the team is in the department strategy. They mad made despite numerous s and i want to thank them for their leadership. Finally to understand they are critical on these issues i raised this matter wha with the director of National Intelligence<\/a> and at a recent public hearing with the intelligence committee, the disappointing answer i received as the president has instructed any action on these threats and in addition it requires not only the Defense Department<\/a> integrated elements of the warfare but its essential to integrate all of the National Security<\/a> organizations across the government as a whole. This requires leadership that has been lacking a. Thank you, senator reid. I would regretfully say senator rounds will not be here today or this week with the loss of his father. Thank you for your support and the opportunity to talk with you today about the hardworking men and women in the Cyber Command<\/a> but first i would like to take a moment to extend our thoughts and prayers t to chairn mccain and his family. They undertake this helpfully and senator mccain, keep fighting and we look forward to you getting back. On behalf of the men and women im here to discuss the command posture and describe how we prepare for and execute operations in the cyberspace domain to support against increasingly sophisticated adversaries. The cyberspace domain that existed when we first established Cyber Command<\/a> over eight years ago has evolved dramatically. We face threats that have increased in sophistication, magnitude and intensity, volume and philosophy threatening the security interest and economic wellbeing. China and russia got easier as competitive renamed the greatest concern but the regimes like iran and north korea have growing capabilities to conduct the cyberspace activities. Further, several states have campaigns against defense contractors to scout and steel the technologys capabilities and systems. Our adversaries have grown more emboldened to conduct an increasingly aggressive activities to extend without fear of significant consequence. We must change our approach is that oapproachesand responses io change this dynamic. While its evolved, the three Mission Areas<\/a> the First Priority<\/a> is the defense of the department of defense information network. Second, enable other commanders by delivering effects in and through cyberspace. Finally, defend against Cyber Threats<\/a> who support others when directed to do so by the secretary defense and in concert with the National Defense<\/a> strategy we are churning the path to sustain cyberspace superiority and give up her operational advantage and increased options for Combatant Commanders<\/a> and policy makers. Without cyberspace we are into n todayare intothese battles thek commission increase across all domains that endanger the security. Since my last update almost a year ago theyve achieved a number of significant mileston milestones. First joint force headquarters are responsible for securing them operating at defending the complex infrastructure as the chief Operational Capability<\/a>. Second, the joint Task Force Organization<\/a> that we created to lead the fight against cyber and isis into the broad military campaign. We will continue to pursue isis in support of the objectives and third, significantly enhanced the training in the operation platform to prepare the battle space in the adversaries and we will bring several additional accomplishments to be elevated in the Combatant Commander<\/a> when i step down later this spring as the combatant command we will have the responsibilities of being a joint force provider and trainer responsible for providing Mission Space<\/a> ready forces to other Combatant Commanders<\/a> and to ensure joint forces are trained to a High Standard<\/a> and remain interoperable. In addition in april, we will start moving into the stateoftheart integrated cyber center and joined facilities. This will be the first fully integrated Operation Center<\/a> that enhances the whole of government coordination and approves planning and operations against the range of growing Cyber Threats<\/a>. Within this domain its imperative to evil training and tools of operators we recently delivered the first of several toolkits designed to enable the Cyber Mission<\/a> forced to work against the adversary networks while reducing the risk of exposure as well as the fight with capabilities that design and to disrupt the use of the internet. The ability to leverage all partners including School Businesses<\/a> we intend in the coming year to raise an without needing to jump over the clearance rooms for example which for many are difficult barriers. Of course all these tools require you trequire a talentedd sophisticated workforce to operate. The cyber acceptance will help manage and maintain cyber expertise in the highly competitive talent market. Success also remains with continued integration of the reserve and National Guard<\/a> and in the headquarters we employ more than that parttime reserve perhaps more significantly we are nearing the completion of the buildup of the Mission Force<\/a> when all teams on the path to each the Operational Capability<\/a> before the end of the fiscal year. The focus is shifting beyond the bill to ensure we are ready to perform the mission and to execute sustained Mission Outcomes<\/a> year after here for the sustained effort over time and i realize cybersecurity is a issue that requires a whole of government approach that brings together not only the Government Department<\/a> agencies but also the private sector and international partners. Over the last year weve increased interaction with Critical Infrastructure<\/a> within the private sector and a broad set of partners supporting them. The National Defense<\/a> authorization act included a provision that describes the conditions for splitting were ending the arrangement and the department is working its way through the question is that ultimately the secretary in conjunction to provide a final recommendation to the president. All of us at Cyber Command<\/a> are proud of the roles that we play overseen by the congress particularly this committee. Finally after serving over four years as the commander of Cyber Command<\/a> and after 37 years of service as a naval officer im set to retire later this spring and i will do all i can period o period to enjoy the mission continues. Men and women remain motivated and that we have a smooth transition. Im grateful for the continued support and combatant of myself and Cyber Command<\/a> team and i look forward to answering your questions today. In my Opening Statement<\/a>, i address the three agencies that are responsible for standing against the attacks and Homeland Security<\/a> is th to leave for Critical Infrastructure<\/a> and the pending government Computer Networks<\/a> and third, the department of defense as the need for defending the homeland and an employee military Cyber Capabilities<\/a> we have the dod to the dhs and fbi. Though one agency has all of the authority. What needs to be done to encourage the government statement combating the Cyber Threats<\/a> that are out there. The challenge as i look at the problems in th and the perse of the Operational Committee<\/a> how we execute and generate outcomes of people. I think that it is less an issue of people not understanding the respective roles in the infrastructure that youve outlined and instead i think the challenge is how do we integrate those capabilities into a tight hole if you will that is to optimize the data level. I think that is the area where i look at the future. Thats where i would like to see us focus is how to ge get down o the integrate the structure of any one of the challenges i of e current structure as i said people understand that the respective roles. It is sent for speed and agility at one of the things we are living in right now weve got to get faster and be more agile. Theres a lot of discussion about the gaps that exist. The adversaries will seek to exploit the gaps and the confusion that follows an attack as various agencies grapple with the authorities needed. What are the most dangerous as yowe look at them . The time it takes to deploy capability and the time it takes to coordinate a response across multiple organizations windows wellmeaning and hardworking organizations or existing in a separattheseparate structures, t optimized for speed. To me, i think the biggest challenge is how we integrate this into an execution levels. There is a Legal Framework<\/a> and that his and m is in my role asn operational commander but where i see the need for speed [inaudible] theres an ongoing dialogue about the right way ahead of you said previously its treated almost like Nuclear Weapons<\/a> in the sense that they are outside of the area of responsibility controlled at the chief executive level and isnt delegated now. Anything change under this new administration . I dont want to speak for the policy side, but we are in a policy discussion on this issue and the secretary of defense is aggressive at articulating this concern. There is an ongoing discussion at the moment that i hope will come ahead in the nearterm. I will get. Thanks very much mr. Chairman i have a serious question and it just yes or no answers the Mission Teams<\/a> have significant consequences. Is that accurate . Yes although if i could get is accurate for Cyber Command<\/a>. But i understand the point youre asking. For the campaign misinformation is to break. Do you agree that they will continue to deduct the Cyber Operation<\/a> for the strategic objectives unless they face the clear repercussions. To disrupt the operations where they originate. Im not the most qualified, but the mission team was particularly at the origin have the authority to do so. I dont have the daytoday authority to do that. You need to be directe wouldd by the president and secretary of defense. Have you been to forget to do so given thi this at the second consequence is that you recognize already . I would be glad to go into more detail based on the authority i have is a commander as a commanderi have a nationale that begins some specific work i would rather not go into that using the authority i maintain. The ability of the commander to prepare and structure that you need the direct authority. Essentially we are watching them in truth and spread disinformation and become more sophisticated to achieve strategic objectives and just essentially sitting back and waiting. I dont know if i would characterize it as sitting back and waiting. Its probably fair to say we havent opted to engage in the same behaviors that we are seeking. In the past we have seen threats buildinthreads buildinge point that it manifests which already has weve taken action will just continue to watch the. The technological aspects that you do pretty well in the message versus the meal we are all over the place in terms of fragmentation. Is there anywa any way to pull t back together. Your time is to get everybody wind up. Its designed to the Financial Transactions<\/a> its not just ideas, its money that motivate the. For the legal financing and to monitor sanctions. Im not knowledgeable about the capability resources but i will say the Cyber Command<\/a> and the nsa as well spend time working e working with our counterparts about the developing insight and knowledge and other means that give them insight to enable them to take action. Do you think they are effective . I think the economic efforts that are undertaken are positive. Youve seen them with a host of actors. To consider 1200 e. Eight military nominations before the committee for the required length of time in the pending military operations. All in favor. Opposed, no. In your Opening Statement<\/a> you noted the importance of the National Guard<\/a> and reserve Cyber Warriors<\/a> and many of those young men and women bring the cyber schools from the private sector, very important. However we dont mention if they plan to track the Cyber Capabilities<\/a> found in the National Guard<\/a> and reserve force and weve had this discussion before. In 2016, the Government Accountability<\/a> office i that cod be used to report a cyber incident however the department of defense does not have the visibility of all National Guard<\/a> units capabilities for the support. Last year i introduced legislation along with my Committee Coffee<\/a> senator gillibrand and senator fisher to correct this oversight but unfortunately it wasnt included in the final version of the 2018. And as of july 52017, they have not complied and recommendatio recommendations. So how do you ensure that they are fully tapping into the expertise of the National Guard<\/a> and reserve when the dod doesnt have visibility of all of the capabilities within the National Guard<\/a> and what more can we do to correct this in the Cyber Command<\/a> . I try to work closer to the National Guard<\/a> bureau and team and they just established band released a Cyber Strategy<\/a> for example last month as a matter of fact and we were a part of that dialogue on how we make sure we are using an integrated approach as it can be an active only component or civilian only component as you and i have discussed the aspects of store . Beyond my immediate responsibilities. When i try to work with the viewewith theviewer with us fora structure that enables us to access the full range of capabilities. They tried to do the same thing over time for language. People have Language Skills<\/a> with no connection to the jobs we train them to do and im trying to think that we do the same thing overtime with the guard preserve. Certainly an additional identifier or some thing that can be tracked. I think we really need to focus on not more so than we have done in the past just because of the continuing threat that we see. And kind of a long the same theme, it is such an important part of the National Defense<\/a> and we are going to continue to improve the capabilities and readiness in this area. So if you could, in just a couple of minutes i have left, what more can we do to make sure we have an adequate pool of talented individuals that can step up into these fields . Weve seen that large military recruiting has been very difficult even for our regular branches of service. So, what can we do to make sure that we are filling the gap with qualified individuals that meet the requirements of todays military . First you have to look at it as an ecosystem, theres different components that function from civilians to active military to the guard and reserve. Each of the components is different attributes to one of the things we need to do is come up with solutions for the congress for the example with civilian acception service, that is a big positive for us and the civilian side. On the dod side, the service is open for the active working through so other compensation tools for example that we can use. Are there other things we need to do in terms of the commitment to individuals when the first and last wicket commissioned in terms of can we outline them early on and of and offer them d service in the cyber region. On the guard and reserve, it is a similar kind of thing. One that goes to your point, and its been a little while since ive had this conversation but outside of the army guard and army reserve and National Guard<\/a>, they tend to use reserves on the cadre status. And one of things im trying to work with my guard teammates on his theres a way to use the structure and the guard also add the same kind of thing that gets to the point about how we access individual skills. We clearly are not there yet but i wonder is that a part of the structure that we need to be looking at. My time is expired but certainly this is an issue that we need to wrangle with and make sure we are coming up with an appropriate answers are thank you very much. We wish you well in retirement. Since senator rounds is not here, i will speak for him in that we have the privilege of leading the cybe this labor sube and i want you to know that we think the public sectors and the department of defense are woefully unprepared and split and segmented and not coordinated to be able to handle now what is one of the greatest threat to the National Security<\/a>, the Cyber Attacks<\/a> that constantly comes on and w come l that about the private Sector Community<\/a> as well. Now, having said that, i want to enter into the record a letter that senator blumenthal, senator shaheen and i said to the secretary of defense on february 6, and 1 of the things that we ask a is tha at the natl Mission Teams<\/a> that are a part of the Cyber Command<\/a> Cyber Mission<\/a> should be ordered to prepare to engage russian cyber operators and disrupt their activities as they conduct clandestine influence operations against the forthcoming elections. What you enter thawould you ente record . Is there any question in your mind that they have conducted these kind of activities against the past . No sir. And in an answer to senator reid, you have said yes if the russians were successful as if there was some doubt in your mind that they had been successful. I apologize, the point i was trying to make was the strategy that we talked about acts of significant consequence and i was trying to get to the consequence. So, we have been attacked and there are a lot of us that feel like they are still being attacked and that we are going to be attacked particularly with regards to our elections which we considered as Critical Infrastructure<\/a>. And let the record note that you nodded affirmatively. So, what is the holdup . This is much broader than the dod and Cyber Command<\/a>. The department of Homeland Security<\/a> is responsible for the election infrastructure in the segments that the private have been identified as Critical Infrastructure<\/a> they are the sector lead in fact i had this conversation with the department in the last couple of weeks about what we are giving to generate insight and knowledge and help the effort and the leadership role. Let me be appropriate and respectable and interject, please because time is fleeting. For someone who is looking out for the common defense of the country to say theyve got the lead in this and that, but im Cyber Command<\/a> and its going to be a combatant command, that doesnt cut it over here. The challenge is we have the law and of the Legal Framework<\/a> that shapeof shapes what dod cad cannot do. What do you need as the commander to say go after and punish these guys that are trying to tear apart our Critical Infrastructure<\/a> . A policy decision that indicates the direction to do that and again, i would have to then be tasked with a specific option i would rather not go into the specifics of any of that and they would be reviewed by the secretary, chain of command to make a recommendation to the president and then based on that we would be given specific direction and authority in accordance to the recommendation from the secretary defense and others i would assume the department of Homeland Security<\/a> and others. So the chain of command is what you need. Let the record reflect this and we would appreciate an answer. Thank you mr. Chairman. Thank you for your decades of service i remember your testimony last year. Youve been nothing but consistent talking speed and agility anwith speedand agilityl continue to nudge us towards that goal. I have a question to follow up on a couple of questions weve already had today and recently the defense Science Board<\/a> last year concluded, and there i if a quote at least for the next decade Cyber Capabilities<\/a> are the most capable adversaries likely to exceed the United States<\/a> ability to defend key Critical Infrastructure<\/a>. Do you agree with that conclusion . We were a part of that effort. There is no doubt right now i would argue technology favors the defense. The scope of what you are trying to defend in the vulnerabilities keeps you awake at night. So the ability to preclude his minimal. And you mentioned last year. But then this gets into the broad question about are there other activities that can be brought to bear. Our ability to deter this type of activities, you know the Nuclear Attack<\/a> leedy tour by having the threat of mutual violations in the cyberspace, what icyber space,what is the dy today relative to where we were a year ago and is it adequate to defend against intrusion and i want to add to that specifically weve had these questions and in your mind, are we capable, the United States<\/a>, defending the election of this coming year . Im not an expert on the electoral system as a whole. I havent looked at it as a target so to speak. Doesnt that speak to the issue i know the Homeland Security<\/a> is charged with is there a capability up to your capability and then you have each service has their own growing capabilities so the question and we all talked around here, who is in charge of getting the highest and best deterrence detection and the preclusion capabilities regarding safe collection. When the constitutional structure speaks we are responsible for the execution of the process and the federal government, department of Homeland Security<\/a> for providing Government Resources<\/a> to assist the states in the execution and defense of data structure and in my role i would be the first, not talking to the individual state officials about walking me through to get your assessment of where you think you are. Im trying to generate the knowledge now to help inform this with a readiness to if directed. Du jour interact with . What are the menu of options that you and the department of f defense can give the president should they so choose to respond to the Cyber Attacks<\/a>. We have a deterrent into the question is is there a similar response and what is included in the menu . The first place i would make hiis number one because someone comes to us it doesnt mean we should automatically default and ive always urged me to think more broadly and look at the full capability as a nation. There are certain specific steps that have been taken over the course of the last couple of years. Thereve been some specific steps taken. I wouldnt ask this at an open hearing but its obvious as the one senator sittin senator e that the poetic efforts are failing and the activity is onesided on where we need to be and want to be. I dont want to talk about what we can do about it. With practice speed and agility. About 1. 8 million cyber short in the next five years as they come trade and the fbi, dhs and the dod. So the question is we are not going to win the war against china for example in terms of the ability to put Cyber Warriors<\/a> in the field. The question is where does Technology Like<\/a> Artificial Intelligence<\/a> come to bear and where are we claiming that hill in terms of if this were a trigger pull, that is historical in the last war. The future war may be who has the best mind focused on Artificial Intelligence<\/a>, robotics etc. On this specific case where are we in terms of Artificial Intelligence<\/a> and how is that going to help us face the shortfall over the next five years . We are looking at what are the technical capabilities that enable us to optimize the Human Capital<\/a> piece of this that are also interested in the fact on your point we are not going to industrialize our way out of this. This and going to get us where we need to be. Its not a sustainable strategy. Among the things we are looking at, how can you apply technology to help overcome the Human Capital<\/a> piece . The other point i would make is again, dont just focus on cyber versus cyber. How do we bring this capability in place to convince actors out there in the nationstates, criminal nonstate actors you dont want to engage in this behavior otherwise youre not going to succeed or if you do come at a price that you pay will far exceed any benefit they get. Thank you mr. Chairman. I want to follow up on both senators reid and nelsons questions and then on the action of the administration i just want to be clear as i understand you said the President Trump<\/a> has never ordered the cyber com to take any action to defend or thwart attempts to the elections this fall is that correct . I said id never been given any specific direction to take additional steps outside my authority. Ive taken the steps within my authority to be a good effective commander. Someone in the administration has asked you to take any additional steps. Ive been granted any additional authorities, capacity capabilities and that is certainly true. I understand that to be a confirmation of what i just said. I apologize. Its come to my attention the department of defense contracts with it companies that share sensitive source code data with russia and other hostile governments while they do business overseas and that this practice risks exposing sensitive underlying codes within the National Security<\/a> platforms. And as i understand, there arent any safeguards like disclosure to protect against these risks. Can you confirm whether that is the case and what the role is to ensure the safety and integrity of the vod platform . First, Cyber Command<\/a> has no direct role with civilian users if you will. Now having said that im aware of this issue, and weve worked with others and the department tin the department toaddress why then others and providers giving. Thereve been instances that ive had them walk me through what have you done with your code. I want to compare this version versus what we are currently using. Ive done that in a couple of instances, but your point goes to the a broad dialogue about what should the nature of the relationship be in the department and its key infrastructure. It just forces us to step back and look at things very differently because we never used to think about things like who are you sharing source code with and doing your testing with. In the world were living now those are the kind of discussions we have to have. Who are your supplychain providers. Who has the responsibility to decide that. The defense Security Service<\/a> for the interaction with our defense contractor and they will partner with them also involved here one of the discussions currently is we need to step back and ask ourselves. I wont go into specifics, but there ibuttheres a scenario the working through that im trying to use as an example of this is why we need to make some fundamental changes in either declined to talk about that in a closed setting. So should they have that responsibility or showed someone else . Just look at the things that weve talked about a. One of the points i tried to make is the end all be all for everything and if we try to do it everything we will sell out so we need to focus on the areas. That make sense to me. Unless there is somebody responsible for coordinating activities and dealing with what homeland is doing in the Cyber Command<\/a> and the dod and what the white house is doing, no one is going to be in charge and so it seems to me that that is a challenge that we have right n now. You look at what are both offensive and defensive strategies for the United States<\/a> do you believe we have that strategy in place and could you articulate that in a way that we can understand . We have a structure in place with welldefined responsibilities. My argument would be i think experience showing us that we need to be mindful while we understand it is generating the outcomes that we want. My answer would be we are not where we need to be so that would argue we are doing the same and not necessarily going to generate different outcomes. Even as they acknowledged by a role i trrule i try to along wis act as we need to focus on this area. I dont think a structure and a strategy are the same thing while we may have structure in place it doesnt seem to produce a strategy that is easily understandable. That is a statement. Im not asking for a response. Hell does the National Defense<\/a> strategy prioritization of long term impact the mission . It calls about as a domain and also the fact that we have peer competitors within the cyber arena that we have to be capable of dealing with. I also like that it calls out competition in level below conflict and difficult gray area which i think is very powerful it goes too much of the discussion we have so far this morning. This activity that is occurring short of that conflict that is generating strategic advantage for others and not in our best interest. I like that it acknowledges we are living in a world that this is becoming the norm and we have to figure out how to deal with it. As we look at the continuing focus with our competitors with russia, china, i think that means we are going to have to do more with less and we may see us focus on other areas where in the past theyve been very focused whether it is with thicker wrists or iran and their proxies. So with the tradeoff i think that brings a lot of risk. How do you propose that cyber com and the department are able to handle that type of risk . We said we need to increasingly treat them as a high demand lowdensity resource where we have the knowledge and theres not enough capacity to do everything we want so we need to risk based model on how to allocate and continue to reassess this just like with Ballistic Missile<\/a> defense into the soft forces we shouldnt be viewed any differently so we put in a new process i just made an argument and was granted authority to reallocate some of the capability to get the challenges you talked about in the last 40 minutes or so. It wasnt envisioned it would be permanently aligned. They argued its just not going to get us where we need to be. Is that primarily going to impact the training or a patients . Its probably a combination of both. Ive been in command almost four years and have not run into a situation where we did not have some level of capacity and expertise or capability that challenges capacity. Its okay i caits okay i can des in a reasonable level of places but if i get into something larger that becomes a challenge. I am proud of the capabilities Cyber Command<\/a> house and im confident. You are building a 6200 force. How adequate do you believe that force is going to be compared to the threat we are seeing today . That was based on an assessment of. Based on the eight years of actual run time, that suggests to me the way we have structured some of the teams i told them i would leave this alone until you complete the mission generation. I would like to retool this a little bit because we could take advantage of the last eight years. I think it also argues we are probably going to need a level of additional capacity overtime. Thats something you will be talking to my successor about as the key thing during his time in command. It seems like we hear this over and over again a lot of the same challenges and i realized the nds is out now and its sending us a strategy, but it is frustrating sometimes on our side i dont know if we are seeing much progress. In last question for you. I was confused by an earlier statement so i wanted to clarify. You testified in the past you do not support creating a special service focused [inaudible] that is true. Thank you very much. Senator blumenthal. Thank you mr. Chairman. Admiral, thank you for your service. We will miss you as others have said. Have you read the special counsels indictment against 13 russians and several others . Ive seen it on a media report that havent seen the actual indictment. I recommend that you do so with all due respect for us as americans it is an incredibly chilling, absolutely terrifying account of an attack on our democracy. You refer to it as a series of actions that, quote, threaten the foundation of our democracy, and i think that is a very polite way to of putting this act of warfare in fact the russians themselves recruited as informational warfare, thats from them, not from us. So, i feel a sense of urgency about this ongoing warfare in our democracy that i feel so far is not reflected in the response from our department of defense. Thats one of the reasons why senators nelson and shaheen and i wrote to the secretar secretaf defense last week and asked for engagement with russian cyber operators and disruption of their activities. I understand from you your feeling is you have not been given the authority to take additional action. Have you asked for the authority . Ive tried to act within the authority granted me to be aggressive. We have not asked for Additional Authority<\/a> . Because i guess right now my son is i am not sure the capabilities i have would be optimal were the only response to this. Wouldnt you agree it is a necessary response . It would be part of a response. I just think we need to step back and look at this very broadly because one of the arguments not just in the current peace but others is being mindful of falling in the track just because someone comes at us and cyber that we have to default immediately going back into the same thing ive just always believe we need to step back and think a little bit more broadly. Its because of that but ive not done that to date. For how long with all due respect do we need to step back and look broadly at this ongoing attack . Literally last week in the wake of the parkland shooting, the face accounts again and again disrupting, continuing to attack the democracy in a way that most americans should find absolutely intolerable may i suggest that is perhaps appropriate at this point . Much of what youre asking me i am an operation commander. Wouldnt you agree with me that the president himself is aware of these attacks and should give you the Additional Authority<\/a> . It hasnt changed the calculus much. It is not change the cat list and the behavior of the russians. Thats my sense. And they paid no price for meddling in the 26th election. They havent paid a price thats sufficient. They have a paid any price so far as i can see how they . You could argue some of the sanctions that have been imposed and you can art you some of the indictments. I dont think its fair to say nothing. Again youre getting way outside of my lane is an operational commander sir. But its been completely inadequate so far. It hasnt generated the changes we all know we need. Thank you. Thank you mr. Chairman. Adam rome rogers i join my colleagues in thanking you for your service not only in cybercommand but also your 37 years of service to the military military. You have been asked a number of questions about the russian interference in our elections and questions about who is in charge. You testified the department of Homeland Security<\/a> is taking the lead on combating russias, countering russias efforts to tamper with our elections. It seems to me anyway that perhaps Cyber Command<\/a> has the best resources that are best equipped to actually do something in this area. You are the operational person but you dont have the specific authority from the president or anyone else for that matter to move forward. He did also indicate that you are in constant communication. I said regular. Regular contact with the department of Homeland Security<\/a> and the sense that i have is that i wonder what the department of Homeland Security<\/a> which is charged with countering what they are doing so if you are in regular contact with Common Security<\/a> would have you advise dhs to do in this area to counter russias interference with our elections . The execution of dhs mission. You havent given him them any advice . Thats not really my role maam. We talk about tell me what you are doing, what are the capabilities and Cyber Command<\/a> that could support you with. Those are the discussions and i make sure the information flow, getting the benefits of fans that we are generating based on the actions we have taken . With regard to those kinds of conversations is Homeland Security<\/a> doing what they need to be doing to counter russian interference continuing interference with our elections . You need to talk to them, maam. I dont have full knowledge that a barbara poma security is doing doing. That would be an ill formed opinion. With all the resources and the awareness that you have what kind of advice to be given to home in security because we do not get the impression that they are doing whats adequate definitely to counter anything that the russians are doing certainly not to the point where they will stop doing it. So i hope that at some point and some other committee or that the committee we will be able to ask those questions of the department of Homeland Security<\/a>. What they are doing with the elections does have an impact on National Security<\/a> and as you say they are seeking to undermine our institutions. Id like to join senator ernst on her focus of the department of defense fully utilizing the Cyber Capabilities<\/a> our our reserves and National Guard<\/a>. Thats just a statement and i concur with that. As you leave your command i am wondering what would be your suggestion that your successor focus on as he or she, it will probably be a he, take over Cyber Command<\/a> . What are the things that you would want the new person to focus on . This is what i would say to the individual assuming that nominee is confirmed. Youre inheriting a structure that reflects the choices we made 10 years ago. We need to step back and ask ourselves is the structure optimized for today and tomorrow and how do we take the lessons of last eight years or we have had a whole lot of activity from the defense to the offense and the private sector. Their insights there that i think we can harness to look at how do we evolve the structure. I would also argue we need to step back and you raise this with me already this morning, how do we better work in the role and the Defense Industrial<\/a> base with contractors . It got to get a different dynamic here. We have got to look at that differently and more broadly cybercommand and it goes to some of the points you raised cybercommand in this role partnering with others how do we do this in a much more integrative way . That is something i hope i can continue to provide opinions on. How to get an integrated structure for speed and agility. You have different departments at vi, treasury. Who should take the lead in creating this integrative structure . Thats clearly the role of the administration within the executive branch so that is their task. They are working their way with dod and we are going to support this. Theres a nongoing and we will see if we can support that. Is there one agency that can take the lead in integrating our structure . I prefer to give the executive branch the chance. Thank you mr. Chairman. Admiral rogers this committee is concerned about the lack of doctrine to help deter Cyber Attacks<\/a> before they happen. Ef4 18 specifically directed the development of the National Cyber<\/a> doctrine. Why do we have one yet . We have been talking about this for years. I want to speak for others. The point im trying to make is the commanders we need this not just for cybercommand and not just for the department of defense but for the nation as a whole. As i said there is an ongoing effort right now and i hope its going to generate the points that you make. I think its frustrating not because a willful ignorance or neglect toward negligence but we clearly havent put ourselves where we need to be. Is it even possible to achieve cyber deterrence when we dont have some sort of articulated cyber doctrine . I think there are multiple components from capabilities to a sense of what we can and cant do and what we will and wont do do. I would also argue. Do we have some inherent value in our capabilities . Do we have an articulated doctrine . It pointed out there would be consequences. Would they increase their deterrence . It would increase it but the other point i wanted to try the make was dont think is tragic in and of itself is a panacea. Right now is my colleagues pointed out the russians continue to use bots and basically Information Warfare<\/a> tools to sow division in this country no doubt. Has our response than adequate to create any sort of visible deterrence to these activities . It clearly is not changed their tune the clearance. It is not effective. Lets take a hypothetical for a moment. Tomorrow theres a nationstates cyber attack against our Energy Sector<\/a> the results and power Power Outages<\/a> and results in oil and gas pipeline shutting down. Take a moment and assume the decisionmakers focus on dhs as well as the administration are in agreement that this is a hostile nationstate attack. The white house wants to respond in the cyber domain immediately. Without talking about what that looks like. There so many variables will kind of capability was used what specifically are we looking at. Are you confident in your tools and your team to be able to respond . The tools are optimized for specific actors and at the want to get into the specifics. The capabilities are optimized for specific actors and took configurations in many ways. There is so many variables. The other thing in all of this is time. Its one of the reasons why we have to get a much more integrated approach to this because one of my challenges is my experience in the military commander teaches me doing discovery learning ive been told hey we want you to forestall the following adversary. The first summit dealt with a potential adversary is an outliner and doing a lot of discovery learning. Is something we have been planning for for a long time. Thats a little bit different scenario. You mentioned a few in your initial testimony. You have talked for years about your top three Cyber Concerns<\/a> Critical Infrastructure<\/a>, data manipulation and attacks from nonstate actors. Just the way compare how you think we are doing on those three versus how you view them from our point of view when you first took this job. How have you change . The first Critical Infrastructure<\/a>, there is greater recognition for the problems and not spending a lot of time saying hey this is something we have be focused on by would still argue some segments are doing great work in other segments not so much. The second area was data manipulation. We are watching that on old in the world around us. I would argue that has gotten worse. Now you have a major actor and they are not the only ones. Now the conscious part of their strategy and they are doing it on a break alert basis. The third was nonstate act or spray it that one surprised me a little bit in a sense and im not talking criminal because criminal at 230 is a different segment of the 250 on the threat bases within the cyberspace arena. That has not taken off quite as much as i thought it would to be honest. Im running out of time. I apologize mr. Chair. Thank you mr. Chair and admiral rogers thank you so much for your service and your multiple appearances here. I was interested in the aftermath of the announcements by director mueller in the 13 russian individuals to fridays ago that the president tweeted out and im just going to use his words. I normally wouldnt use his words but im going to quote and pretty said russias quote laughing their off and he also said quote russia has succeeded beyond their wildest dreams. I think this is going to be a chapter in her life where we are going to have acknowledge we been humiliated as a country. Our democracy has been humiliated. We have had her pocket picked. We have lost what may be the first real cyber were better nation has been in and you can characterize it a lot of different ways but i think its going to be characterized as a chapter of failure. The u. S. Government failed to protect the u. S. Democracy and i want to ask you based on your lengthy experience in this position and your lengthy experience in service to the country wheres the source of that failure plex was the failure of failure of imagination . Was a failure of will . Was a failure of policy . Was a failure of structure within the failure of personnel . Was a failure of leadership . Was a failure of investment . Was of more than one of those things . We can learn from failure and we should so we can improve but i think the history of this especially the 2016 election which has now led to 19 indictments or guilty pleas by individuals and another three indictments are pleased by entities is going to be viewed as a chapter where the u. S. Government failed the u. S. Democracy and i want your best professional judgment and what may be your last appearance in this particular role as to where the source of that billiar is so we can fix fix it fix it. I dont think theres one Single Source<\/a> of failure. First one of the things that has always struck me if you go back several years we tended to define Critical Infrastructure<\/a> from the very Industrial Age<\/a> approach. For example using that methodology we didnt say to ourselves our electoral process is Critical Infrastructure<\/a>. There is no product or service to speak of that can tangibly generate an outcome. So the first thing i was struck by is what is Critical Infrastructure<\/a> mean in the age we are living in. Secondly i have been in the job for a while and ive been part of multiple administrations. I think the thought initially was we will go to them and tell them we have awareness of what they are doing this will convince them and we will take initial steps and we will convince them that they should stop. It underestimating an adversary. That clearly has not happened i dont think we anticipated what level of sustained aggressive page here we are going to see over time. This wasnt viewed as a one off. It was about one particular election and clearly we are looking at a nation who have used this as a strategic that there is value to be achieved and can tend to do this. I dont think we initially looked at it that way. The final thing that comes to my mind is this symptomatic of cyber as a whole what do we do when we are dealing with a challenge that across the so many two provides . As i said in our structure cyber capability dod, doj. Thats federal and executive ranch. He looked at capability in the private sector one of my takeaways is cyber is going to force us to think outside of the traditional lines of the use in defining problems and aligning resources. Let me ask you one more question that i was a mayor and governor. Why should local officials or state officials today believe that the United States<\/a> government will protect the United States<\/a> democracy and future elections because as i talk to governors and local officials they have very whether the federal government will act in any way to protect the electoral system from attacks such as those that russia conducted in 2016. Tell them why they should have confidence in u. S. Government. My attitude would be look i hope one of your takeaways is while the system is imperfect that clearly has not achieve the outcomes we want it is not because there motivated hardworking individuals trying to do things. Hopefully as you have said we want to be a learning nation. What we learn can change over time and thats what im hoping we are going to see in the coming months and years ahead of us. This is not all we have to worry about is six months or a year. Thats not the way this is going to work. Thank you mr. Chair. I know this ground has been gone over but first of all thank you. You have been terrific and im a big fan of the work you have done but im going to try to channel a woman who came to me not too long ago. She asked me a simple question. Is russia at war against our democracy . What would you have said to her . War is by definition a specific legal document. Im not a lawyer but what i would say to her is there shouldnt be any doubt we are in competition with these guys in and they are trying to use every tool they can to gain it damage and some of that advantage is by undermining our great institutions. Thats a lot of words. I say yes. I like to talk to people, i apologize. It came after our democracy. I cant imagine anything more essential to the United States<\/a> of america been our democracy so the next question she asked me, are we Strong Enough<\/a> that we can keep them from doing this again . Yes. Okay so then the next question she asked me and i said the same thing. The next question she asked me, are we doing that right now . We are taking steps that we are probably not doing enough. Okay she wants to know and when i want to know why the not . Im an operational commander. You are asking a question that so much bigger than me. Im not trying to duck this. Im trying to say here is what my role is. Its a problem admiral. This notion that this country came after the essence of what we are come to character and value of our country is all about democracy. The notion they came after us brazenly and nobody can sit in that chair and say we have got this. You guys can do this. You give our American Military<\/a> admission and the notion that you have not been given this mission to stop this from happening this year is outrageous. It is outrageous and there is no question that they no we are not coming after them and frankly your response to senator reeds question about Cyber Command<\/a>, you said we have chosen not to engage in the same behavior as russia but defending is not changing the behavior of russia. Preventing and deterring, they came after us. You we are not asking you are you going after them . We are asking you, have you the authority, have you the command to stop them from doing this again to us and 2018 . I cannot operate out of the dod network. I do not have the authority to do that. Have the legal authority. I will tell you admiral rogers if you dont have the authority to defend our voting structure and we have to fix that. Correct . I believe mr. Chairman and Ranking Member<\/a> we have the ability to fix the law to give the authority to protect their funding system could i guarantee you the secretary of missouri doesnt have the ability to go after russia. They can harden and they can go after them. The only entity that can go after russia is the United States<\/a> military. Thats the only one. I mean effectively. Maybe the department of Homeland Security<\/a> can help around the edges but their primary position is not to go after foreign nation. Its impact to protect the homeland. Ican i would argue respectfully its just beyond responding in kind. Theres a whole breadth of tools that we could potentially apply here to try to shape russias behavior in their choices. I would just urge us dont default do we have to go after them and cyber and im arguing cyber is a potential part of a broader strategy. Honestly i never saw the day that russia would go after the heart of our country, ever and that we would be sitting here parsing words about whether or not we have got this. I want somebody with your experience and your courage and your tenacity, i want somebody to sit in that chair and say to the United States<\/a> of america we have got this and until we have that moment russia is winning and that is disgusting. Thank you mr. Chairman. Thank you mr. Chairman. Guess what question im going to ask. Could this be a Russia Associated<\/a> question . A deterrence related question. On december 20 urge, 2016 Congress Passed<\/a> the National Defense<\/a> authorization act. And it was a section that required the secretary of defense to file a report on just the questions we have been talking about within 180 days which was june of 2017 about the definition of the cyber attack, what would be the response. Talks about operational authorities in what Operational Authority<\/a> is delegated to the United States<\/a> Cyber Command<\/a> for military cyber and a whole list of the purpose of the amendment which was in the law, which is in the law was to establish up clearly articulated doctrine a response to this kind of situation. Im asking you as an operator have you been tasked with drafting any part of the response to this requirement . Ive been part of the dialogue about responding to the operational piece of this in terms of overall responsibility this is the opposite is secretary of defense is responsibility. Im asking are you working on this . We are eight months late. I apologize. The specifics of the timeline. Were you given a deadline . I honestly dont remember. Here is what is frustrating. We are still talking about this issue in congress made a specific instruction to the secretary that vents on the president by the way was required to respond to congress within 180 days of Airport Initiative<\/a> in coming in june of 2017 and it hasnt come. We are way late and we keep talking about this. You and i have been in a dozen or 15 hearings on this and we dont seem to be any further ahead than we were before and the problem is you have testified today and i think why that deadly accurately and effectively until we have some clearly articulated doctrine of response to these kinds of attacks they are going to continue. If all we do is try to patch our software they are going to continue. I know that and i know that. Whats it going to take . Is it going to take destruction of a elect or grid or the Financial System<\/a> in order for us to finally get to the point of taking this seriously . Like i said sir i just dont know the specific timeline. I understand youre an operational guide that you have to understand you are the nearest thing we have. You are lucky enough to be here today but this is serious business. Let me turn to more specific questions that i think underlines what we are talking about here. What would happen today if you want your way back to your office got a call that said the u. S. Financial system has been taken down and all the computers on wall street are often the markets are in chaos. I dont mean from a policy point of view. What would the execution . He was in charge . What would the results be . Dhs would have overall responsibility for the provision of federal support in response. My role would be helped to make sure and to stand number one who is the actor so we identify who did it because if im going to respond i have to know who i am responding to and what im responding to. One of my first questions would be to make sure we understand the characterization of activity and who is the actor and what did they do . Who would take the lead . Dhs would have overall responsibility. Have you worked on this . Yes sir. I had made a long reference. The finance sector for example we have actually undertaken calls specifically. You repeatedly talk about integration by what worries me is whether anyone is in charge and i guess the followup is do we have a serious red team wargame process to be sure we are not surprised about how to react if one of these things happen . I dont know if i would use term red team. Is this something we train and exercise against . Yes. This is something we continually assess looking for indicators of this type of activity before it occurs . Yes. I want to thank you and this may be our last time to talk about this and thank you for your service and your straightforward response always and just leave you with, i hope as you leave this job you will leave the memo behind that says we are not adequately prepared. We need a doctrine. We need this to be public available. We are neither adversary to know that if they strike us in this round they are going to be struck back and i may not be cyber. Maybe a whole range of things are right now we have not done that and i deeply hope this is something you can take on as an exit interview. Thank you. Thank you mr. Chairman. Thank you mr. Chairman. Admiral rogers thank you for coming back before the committee. Can you give me a brief description in your tenure in a current role where you think things are ptomey the positive things that have occurred in the things he wished you have made more progress on a nearterm . Deposit things the things that jump out at me is cyber integration with other operational commands Centcom Socom<\/a> and things we are doing the pacific with Pacific Command<\/a> command. That has been a real strength. Thats something. I knew was a good day when you have those commanders talking about Cyber Command<\/a>. That has been a real process. Commandandcontrol structures that we put in place and how do you integrate capabilities so we can generate against isis. Was a slow start starting at ground zero but it has really taken off. That is worked out. The Campaign Planning<\/a> and the structure from a planning perspective that we put in place particularly focusing on russia in the last calendar year that really set the foundation for the future and the cyber and said, in terms of the methodology and the framework they are using in the european command. Thats a real positive trait i asked myself what are the areas and the force generation, i mean we are going to be the timeline for foc. Took a lot of work from a lot of people. The areas where we are not as far along as i wish we were, tooling capability development. We still have to work this out between the role of the services and the role of the commander that congress has given us. Some acquisitions authority. We start down that road and i think thats real positive but we have to ask ourselves about the future here. Do we have the timelines and acquisition right with the nature of the developing technology . In other words are we compressing the time to new capability will point where you feel comfortable . We are never where we want to be. Like the fact that there has been recognition. We need to do this outside of the traditional acquisition framework which is really to generate these capitalintensive capabilities. That is not what we need. I like the recognition of this. Scenario that the secretary is asking me to take a look at overtime so the something that i comment on before you leave. How will it be done on personal recruiting and attention retention . As the chair of the subcommittee im interested in other things we are doing. If you look on the uniform side i think we are probably exceeding our expectations. It doesnt mean that its perfect but the biggest challenge for me in the four years is the military component in the civilian pieces are proven to be harder. Retention and recruitment and part of it also is the process. When it comes to the military we have got a lot of people coming to us many of whom have skills that i can apply in cyber. In the cyber world its much more about going out and trying to find people with the right skills. To rarely different dynamic so the civilian pieces probably proven to be harder. Thats something where always interested in in making it easier. I can imagine how you compete with the likes of the firm that i worked with on recruiting and retaining some of the top talent. I could fill the capability in three months or you take three years to do. Think we need to look at these highly talented people moving at the pace of the threat. Since the time you started this role how would you describe the number in the nature of threats you are dealing with today versus when you begin . State actors have gotten more aggressive and not less aggressive. The threats of capability in many states are of concern to us us. If you look at the level of the russia china iran and north korea elected the level investment they are making it is significant. Last question, how good have you gotten it knowing what we dont know what im talking about this from prior committees. There are a lot of people who express frustration because when we see the lion behavior on the part of a state actor or some other organization the idea is to go out with some sort of a proportionate response to the cyber world through the thing that concerns me with that as we really dont know what we dont know about latent capability that could ultimately be the route back to us. Are we at a point where we have any better or more holistic idea of what the ladin threats are out there in the private sector of the role of government . I mean we are better but on the other hand. They are better too. One of the things that conflict teller team is you must assume we have imperfect knowledge and we must be capable of acting on imperfect knowledge so if you come to me telling me we always understand my response is immediate comment it doesnt always work that way. Thank you and i encourage you to give feedback to my Committee Staff<\/a> or any resources going into the nba. Thank you for your service. Thank you senator tillis. Let me make just one comment before we go on to senator peter is. Listening to the less than complimentary comments have been made i just returned last night from 12 or 13 days everyone from admiral harris oshaughnessy and all the rest that ive talked to all the way to the dnc between south and north korea. I have to say to you pacom are very complementary of the work you have done the progress you have made. Senator peters. Thank you mr. Chairman and admiral rogers wonderful to have you here and i will join in saying thank you for your service. We are going to miss you. Its been great having you before this committee and i appreciate your attention to this and speaking to me about a variety of issues as well prevent the to talk about the future of warfare and the future of technology. Thereve been questions about Artificial Intelligence<\/a> which is going to change everything not just in the motel military space but on the commercial sector, the Commerce Committee<\/a> and we had a hearing on how Artificial Intelligence<\/a> is going to change business in general and i asked what are the leading executives of one of the leading Technology Companies<\/a> in the country what did he fear most about Artificial Intelligence<\/a> . We have a hearing on the positive aspects on it but i asked him what he fear and i was surprised by his answer answer. His fear was manipulation of elections and the manipulation of Public Opinion<\/a> that can undermine democracy which i thought was a very interesting response from a leading tech company. I wanted to ask you a bit about that and the department of defense and more broadly our posture when it comes to investing in these technologies and how were we working to increase innovation and work with those commercial companies that integrated into defense systems. I will ask you that question as well. If we dont get this right what is our fear of an adversary acquiring Machine Learning<\/a> and ai systems and advanced . From a military perspective my concern is potentially you lose speed in knowledge and thats a terrible combination. Speed and knowledge are damaged and one of my concerns is that we are not careful ai gives opponents speed and knowledge better than ours. Acknowledge we have to look at it. I apologize. I guess i want to pick that up because this technology is moving through the commercial side faster than the mature side side military side. I am worried in particular about our adversaries that are able to come in and buy those technologies particularly from start of companies and trying to fill some of the gaps on the cfius process which is the committee on Foreign Investment<\/a> of United States<\/a>. They are important entities that buy Companies Come<\/a> perfectly legal and get their information needs of not just for commercial applications but to figure out how to weaponized that type of technology as well. My question to you is how can we better integrate the missions of cybercomment the nsa as it relates to this cfius review process . Are you concerned about it and what shall we be doing to make sure we are protecting this intellectual capitol that is significant National Defense<\/a> potential . Im not concerned about the process in terms of cybercommand. Its one of the advantages of being colocated with each other. My biggest concern is what you said. Sit this to me is a reflection of an environment of the past not today are the future and its clear to me that some nationstates has spent a lot of time studying this cfius process and develop strategies to overcome it. Tell me what you oversee subsidiaries are and tell me who your providers are and your intellectual properties. I will acquire that. Things like that, cfius isnt doing what we built to do. I applaud your efforts that we needed different construct. We dont want to get rid of it. We need to think about more broadly about the National Security<\/a> challenges in areas that have National Security<\/a> implications for us. Is a role for cybercomment to be actively involved in some of that process providing information so you will be aware of things that youre concerned about . How do you see a potential role . I think its much more intelligence to my role is generating knowledge and insight is much greater. One of the things we do is we generate knowledge that we are putting out reports or go to the broader effort. Thank you. I appreciate it. Thank you mr. Chairman and admiral thank you for your 37 years of service. When you say that i just feel horrible. No, no feel strong. We have pics up on a theme today this this committee feels a sense of urgency about the russians interfering in our elections. This is not a personal criticism of you. We are frustrated that this administration has not lived up to its responsibility to do something about the russian cyber action. You told senator blumenthal and senator mccaskill that not every cyber attack requires a Cyber Response<\/a> so i just want to follow up on that just a little bit here. The pentagon Cybersecurity Strategy<\/a> says and im quoting in response to certain attacks and intrusions United States<\/a> may undertake diplomatic actions, take long enforcement action and consider economic sanctions that i want to focus for just a minute on that last piece, sanctions. Congress overwhelmingly passed a law last year that impart require sanctions on individual companies that knowingly engage in malicious cyber activities on behalf of the russian government for those sanctions include freezing assets and restricting travel. The Trump Administration<\/a> has not imposed these require sanctions. Admiral rogers i know this is not your primary responsibility to impose sanctions but i want to ask a different question. What message do we send to Vladimir Putin<\/a> that the United States<\/a> is not fully implemented sanctions to counter known russian Cyber Attacks<\/a> . More broadly my concern is i believe president putin has clearly come to the conclusion that there is little price to pay here and therefore as the director of nsa and if they see as the Cyber Command<\/a> side i believe we dont change the dynamic is going to continue and 2016 wont be viewed as something isolated. This is something that will be sustained over time so the challenge for all of this is so what are the tools available diplomatic, economic and some cyber. There are tools available to us and again in fairness you cant say nothing has been done to my point is it hasnt been enough. Clearly it hasnt been enough. I appreciate that. There hasnt been enough and it doesnt do any good to have tools in the toolbox if we dont pick them up and use them. Russia will keep trying to interfere in our elections and the Trump Administration<\/a> doesnt fully implement sanctions then we are not using every tool we can to effectively deter russia from undermining democracy in the future. Let me ask you one other question if i can admiral. Its clear that the United States<\/a> needs to step up and i want to follow up on a question from senator tillis. We previously discussed the question of how the old a Skilled Cyber<\/a> force and you said improving Network Defenses<\/a> and building a Cybersecurity Culture<\/a> depends on our ability to attract the most talented people out there. This committee is now considering reform Personnel Management<\/a> act another one of our great acronyms. It governs how we recruit and retain our military offices. With that in mind admiral if he could make just one change to doma to help attract the right technical talent for the cyber job up tomorrow what would that be . Im going to look at a military construct. In a military standpoint it would probably the services are working their way through this but i think we want to make sure we have got a mechanism for professional cyber. He cant be viewed as something we do. You train any go do Something Else<\/a> and then you bring it out and its gone again. Thats not going to get us where we need to be. The Services Provide<\/a> capability and that includes people and other things and harnessing the specific outcomes is a joint commander. Its essentially very helpful to know. I know the 2017 defense bill gave the pentagon a lot of flexibility in how to recruit but i remain concerned that are recruiting system is so focused on recruiting for the military of today that we are not effectively targeting the best talent in the best suited talent to execute the missions we will face tomorrow. How we think about that is really important. Thank you again and thank you for your service and thank you for your help. Thank you mr. Chairman. Its the chairs intention to go ahead and close the meeting after a few remarks from the Ranking Member<\/a>. Is there objection to that . Thank you very much mr. Chairman. I have some specific points i want to clarify. First there are ongoing russian director inspired operation against our electoral system as we speak . Yes. Im speaking more from nsa than cyber man. With the direction of the can disrupt these at tax at the point of fortune. We could be tossed to do that that. But its legal and it can be done . Have you been asked to make a recommendation with respect to deploying these teams . No but i certainly have invited my opinion in ongoing discussions. What is your opinion . Again my comment has been being mindful of the cyber peace and id like you to think about this more broadly and the like you to think that how does this fit into something broader . You have not been formally asked for recommendations . No, sir. You have expressed your opinion to the sick or terry and of defense in the white house about the possible use of this but not in any formal way. Yes sir nothing in writing for example. Do you feel with the professional officer you have an obligation to make a formal recommendation for this . I feel this system provides me the opportunity to provide my recommendation to provide my insights and provide my insights insights. I acknowledge their other feelings out there. I acknowledge there are other perspectives and the fact that there has been a dialogue on this topic and the dialogue continues. Mr. Chairman very much. Thank you admiral or your straightforward answers and your patience and perhaps her last event here. We are adjourned. [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] the commander of u. S. National command testified at a house hearing about Ongoing Military Operations<\/a> in iraq, syria and that in the stand be discussed cooperation with regional allies to counter iranian points and retain the effects of russian operations","publisher":{"@type":"Organization","name":"archive.org","logo":{"@type":"ImageObject","width":"800","height":"600","url":"\/\/ia801003.us.archive.org\/14\/items\/CSPAN2_20180228_020300_Adm._Rogers_Testifies_on_Cyber_Command_Operations\/CSPAN2_20180228_020300_Adm._Rogers_Testifies_on_Cyber_Command_Operations.thumbs\/CSPAN2_20180228_020300_Adm._Rogers_Testifies_on_Cyber_Command_Operations_000001.jpg"}},"autauthor":{"@type":"Organization"},"author":{"sameAs":"archive.org","name":"archive.org"}}],"coverageEndTime":"20240630T12:35:10+00:00"}