Well, good morning. We meet in organization to protect our nation in cyber space. To begin i would like to thank senators rounds and nelson for their leadership on these issues in our Cyber SecuritySub Committee. This hearing builds upon the good work they and their Sub Committee have done to tackle the critical challenge of cyber. This is a that is growing more dire and more complex. Not a week passes that we dont read about some disturbing new incident. This is a totally new kind of threat as we all know. Our adversaries state and nonstate actors view the entire information domain as a battle space and across it they are waging a new kind of war against us, the war involving what extending beyond our military to include our businesses and our people. The department of defense has a Critical Role to play in this new kind of war but it cant succeed alone. To be clear we are not succeeding. We have lacked pollties in the cyber domain and we still dochlt it is because we were trying to defeat a 21st century threat. This is true in the executive branch and frankly it is also true here in the congress. We are failing. Thats why this committee is holding todays hearing and why we have taken unorthodox step of inviting witnesses to appear today. Our withins are the senior officials responsible for ieber within their respective ageneral i ts. I to wrap you on. Scott smith for federal bureau of information and chris for prekts and pra director at department of Homeland Security. Also i would also like to note the empty chair at the witness able. They invited whies Cyber Security rob joyce. Many of us know mr. Joyce and respect him for his experience and expertise on cyber and many years of government service. Unfortunately. The white house decided to viet live gej after it having before congress. I believe the issue of cyber requires us to completely rethink our old ways of doing business. To me the empty chair before us represents a fundamental misalliance limi misalignment. All of our kwe answered for the their part of the Cyber Mission. None of them accountable for d add addressing in in its entirety. It is to make it and director governments efforts. That official is literally prohibited by legal precedent from appearing before the congress. So when we ask who has sufficient authority to protect and defend our nation from Cyber Threats and who is accountable the answer is quite literally no one. Previous administration struggled between the fbi given that no Single Agency has all of the authority is required to protect and respond. The model created cig thif cant coop nugs of Cyber Attacks. We continue to seek to effacing similar challenges a number of our sallies in can for example the United Kingdom recently established its Cyber Security center. It or ke straits num sitting side by side. Today is to have an honest and open conversation. Our concerns are not meant to be critical of our witnesss leadership or your organizati s organizations. Rour intend is to understand the kechl decon fliks to identify where and how we can improve. The last thing any of us wants is to waste precious time because everyone who rushed to the scene taught they were in charge i thank the witnesses as we continue to assess and address our cyber challenges. Thank you very much for holding this hearing. I welcome our hearing today. Let me come in for their great leadership on the sub economy. Cyber threat does not create jurisdictional bound i haves. Each Agency Functions specialized laws and authorities. It established a Cyber Response kbrup to pull together government response but these are organizations with little continuity that come together only in response to events. I believe what is needed is an int dwrated organizational structure. This arrangement has precedent. The coast guard exercises these responsibly and enjoys from the American People. We cant solve this problem but we would solve this problems. These taeps rise above the intersection. The team delegated gi secretary of defense. And there is urgency to our task. Russia attacked our election last year and the may toe alliance. The Intelligence Community ensures us it will attack our upcoming midterm elections. Finally, the okay. They hef it is creating the partner p ifs. He can the government muts work with nechl it must be in cooperation with the private tack to have. There the and before day please proceed. Thank you members of the committee. It is an honor to discuss the roles and responsibility of department of defents and defending the nation from cyber atalks and significant consequence. Im here as my reals as the si sis tans as ale the priens pal side advise sore is in which i see it lead the coordination across the department and with our inner Agency Partners and integrate Cyber Capabilities with mission assurance. I appreciate the ability to testify because these do require a government approach. D. O. D. Is developing cyber courses and capabilities to establish several missions in cyber space. Today i will focus on the mission to defend the United States and interest against high consequence sieb are attacks. The departments efforts to build defib fibber missions force playing a key role in playing out this mission. They are essential to the departments approach to supporting u. S. Government efforts to defend the nation against significant Cyber Attacks. With the goal of ensuring u. S. Dominance in cyber space these teams conduct operations and could deny at ver cherries to improi to impose costs. The cms Cyber Protection teams support a broader domestic response. The forces are focused on defending Dod Information Networks but select teams could provide additional capacity or capability to our federal partners if and when necessary. Dods role in cyber space goes beyond adversary focused operations and includes identifying and mitigating our own vulnerabilities consistent with statutory provisions related to these efforts, we are working with our u. S. Domestic partners and with foreign partners and allies to identify and mitigate cyber vulnerabilities in our networks, computers, critical dod infrastructure and weapons systems. While dod has made significant progress, there is more to do alongside with our other Agency Partners in the broader whole of government effort to protect u. S. National interests in and through cyber space. The outward focus of dod Cyber Capabilities to mitigate foreign threats at points of origin compliments the strengths of our interAgency Partners as we strive to improve resilience should a significant cyberattack occur. In accordance with law and policy during Cyber Incidents dod can be called to directly support the dhs in its role as the lead for protecting, mitigating and recovering from domestic sieb Cyber Incidents or the doj in its role as prosecuting cyber crimes. The work of our departments has resulted in increased understanding of our respective roles and responsibilities as well as authorities. Despite this, however, as a government we continue to face challenges when it comes to cyber Incident Response on a large scale, and it is clear we have more work to do to ensure we are ready for a significant cyber incident. We must resolve seam and gap issues among various departments, clarify thresholds for dod assistance and identify how to best partner with the private sector to ensure a whole of nation response if and when needed. Dod has a number of efforts under way to address these challenges and to improve both our readiness and that of our interAgency Partners. For instance, we are refining policies and authorities to improve the speed and flexibility to provide support and we are conducting exercises such as cyber guard with a range of interagency and state and local partners to improve our planning and preparations to respond to Cyber Attacks. Additionally, the cyber executive order 13800 signed in may will go a long way in identifying and addressing the shortfalls in our current structure. Though the department has several unique and robust capabilities, i would caution against ending the current framework and reassigning more responsibility for Incident Response to dod. The reasons for this include the need for the department to maintain focus on its key mission, the longstanding tradition of not using the military for civilian functions and the importance of maintaining consistency with our other domestic response frameworks. Its also important to recognize that a significant realignment of Cyber Response roles and responsibilities risks diluting dod focus on its core military mission to fight and win wars. Finally, putting dod in a lead role for domestic Cyber Incidents is a departure from opened response practice in other domains in which civilian agencies have the lead responsibility for domestic Emergency Response efforts. It could be disruptive to establishing the critical unity of effort thats necessary to for success. The federal government shouldnt maintain should maintain the same basic structure for responding to all other natural emergencies, whether natural disasters or cyberattacks. There is still work to be done, both within the department and with federal departments to improve efforts in cyber space. I am in the process of reinveg rating the role of the cyber adviser and clarifying the lines of accountability and authority in cyber and better integrating and communicating dod cyber space strategy, plans and train and equip functions. Well also up date our strategies on key cyber issues such as deterrence and translating the guidance into capabilities, forces and operations that will maintain our superiority in this domain. The department is also working to ensure that several Strategic Initiatives it is undertaking come to fruition, including the elevation of u. S. Cyber command, the implementation of the cyber executive order initiating the cyber accepted Service Program and rationalizing the departments cyber budget sdin vements. Our relationship with congress is critical to everything we are doing to defend the nation. From a high consequence cyberattacks. I am grateful for congresss strong support and interest in these issues, and i look forward to your questions and working with you and your staffs Going Forward. Thank you. Thank you, mr. Chairman and the committee. As the committee is aware, the frequency and sophistication of cyberattacks on our nation have increased dramatically in the past decade and only look to be growing. There are significant challenges. The cyber domain is unique, constantly shifting, changing and evolving. But progress has been made in improving structures and collaboration in innovation. But more can be done. Staying ahead of todays threats requires a different mindset than in the past. The scale, scope and complexity of todays threats and the ditt Digital Domain is unlike anything weve experienced. Traditional approaches and mindsets are no longer suited to coping with the speed and volatility and complexity of the new Digital Domain. We have to include the Digital Domain as part of the threat ecosystem instead of separating it as a mechanical machine. This new era often called the fourth industrial revolution, requires the fbi to rapidly assign, align and engage empowered networked teams who are purpose driven and have fierce and unrelenting resolve to win. What does this all mean . What are we doing to meet and stay ahead of the new Digital Domain . Attribute, predict, impose consequences. Thats where the fbis Cyber Mission is going. The fbis Cyber Division and program is structured to address a lot of these unique set of challenges. In the field, the fbi is made up of 56 different field offices spanning all 50 states and u. S. Territories, each with a cyber squad and each developing multiagency cyber task forces which brings together technically proficient investigators, analysts, computer scientists from local, state and federal organizations. At fbi headquarters, in addition to the field resources, Cyber Division offers Program Management and coordination and more technically advanced responders in our cyber action teams. The cat teams are elite cyber Rapid Response force, is on call and prepared to deploy globally in response to significant Cyber Incidents. Additionally, at fbi headquarters, we manage cy watch, a 24hour watch center which provides continuous connectivity to interAgency Partners in an effort to facilitate information sharing and realtime incident management and tracking, ensuring all agencies are coordinating. In addition to these cyber specific resources, the fbi has other technical assets that can be utilized in the event of Cyber Incidents. These include our Operational Technology division, the Regional Computer Forensic Laboratory programs, and the critical Incident Response group. Providing additional expertise and capabilities and resources that the fbi can leverage at a cyber incident. Partnerships is absolutely a key and focus area for the fbi. We rely on a Robust International presence to supplement our domestic foot print. Through cyber assistant legal attaches, the fbi embeds cyber assistants with International Counterparts in 18 key locations across the globe. The fbi also relies upon private sector partnerships, infer guard, domestic Security Alliance to name a few. Building capacity at home and abroad through training, investigations and joint operations is where we are applying our efforts. Incident response, the fbi has the capability to quickly respond to Cyber Incidents across the country and scale its response to the specific incident utilizing all its resources throughout the field, headquarters, and abroad. We have the ability to galvanize and direct all the available cyber resources instantaneously. Utilizing dual authorities, as domestic Law Enforcement organization and a member of the u. S. Intelligence community, the fbi works closely with interAgency Partners within a whole of government effort to countering Cyber Threats. The fbi conducts its Cyber Mission with the goal of imposing costs and consequence on the adversary. Though we would like to arrest every cyber criminal, we recognize indictments are just one tool in a suite of options that are available to u. S. Government when deciding how best to approach this complex cyber threat. The fbi understands the importance of being coherently joint with and will continue to find ways to work with interAgency Partners in responding to Cyber Incidents. We look forward to expanding our partnerships with Cyber Command, given their new and unique capabilities and with the National Guards new cyber program, in complementing our field offices and cyber task forces. All within the confines of current laws, authorities, and expectations of the American People. We at the fbi appreciate this committees efforts in making cyber threat a focus and committing to improving how we can Work Together to better defend our nation, and we also look forward to discussing these issues in greater detail and answering any questions that you may have. Thank you, mr. Chairman. Thank you, mr. Smith. Mr. Krebs. Chairman mccain, Ranking Member reed and members of the committee thank you for the opportunity to appear before you today. In my current role performing the duties of the undersecretary for the National Protection and programs directate. I secure and defend our federal networks and facilities. Manage risk to Critical Infrastructure and improve cyber and physical security practices across our nation. This is a timely hearing. During december or october we recognized National Cybersecurity awareness month, a time to focus on how cybersecurity is a shared responsibility that affects