Ethis committee will come t order. To help us understand what china is doing. We spend a lot of time on this committee debating whether xi jinping will make a move. This is a question that people continue to debate. I wonder if such an invasion or the preparation for such an invasion which would be incredibly costly as the Ranking Member very eloquently brought up yesterday has already begun. Put differently, the ccb has been attacking us. Government, our defense contractors, our Development Firms in cyber. And they had been robbing us on tech. And they used that to their military modernization. And they have been gathering information on people and companies. Our military records have been compromised. Mine is framed in my office, in my basement. According to the fbi, chinas vast Hacking Program is the Worlds Largest and theyve stolen more americans personal and business data than any other nation combined. But that wasnt enough for the ccv. In the past few years, our intelligence and Cyber Security agency has discovered the ccv has hacked into american infrastructure disabled and destroying our Critical Infrastructure in the event of a conflict, conflict over taiwan for example. This is the cyber space equivalent of placing bombs on american bridges, Water Treatment facilities and power plants. Theres no economic benefit for these actions. Theres no pure intelligence gathering rational. The sole purpose is to be ready to destroy american infrastructure which would inevently cause chaos. The Chinese Government has already done it. Our Cyber Warriors have been trying to stop it across the American Homeland. The damage that could be done by this is almost hard to imagine. We need to step up. Defend our Critical Infrastructure, defend ourselves in cyber space. Its a critical part of deterrence. It will take unprecedented collaboration between the public and private sectors to create the type of layered cyber deterrent that we need to prevent disaster because its not just a government problem its a whole society problem. Our committee is called the select economy on u. S. China and the Chinese Communist party. The name of our committee vastly under states the problem. Its not just a strategic its a threat. And china will be able to cause massived loss of american lives. Thats unacceptable. I believe men and women of good faith in both parties have come together to prevent that from happening, thats what todays hearing is all about. I recognize the Ranking Member for his Opening Statement. Thank you so much mr. Chair and thank you for the witnesses for coming today. I understand that general nakasoni is your change of command. You made tyke to you made time to come see us. And i imagine this will be nakasonis unplugged. And were going to talk about the pla. This wanted poster shows members of unit 61398 whom we indicted in 2014 for hacking into American Companies and stealing intellectual property. This was the first time weve ever indicted prc nationals for computer hacking in the u. S. For years the ccp studied how the u. S. Ran Cyber Operation to develop its own concept for warfare. Xi jinping has studied and collected data. Hacking into government emails and even potentially gathering personal data from apps like tiktok. However today we will be discussing an even darker side of the ccp cyber tactics. Going beyond merely stealing information. Last may, released a joint advisory that ccp Cyber Attacks were targeting u. S. Critical infrastructure including American Power and utility systems, oil and Gas Pipelines, and rail systems among others. This Cyber Campaign titled volt typhoon has been inactive since 2021. Ccp hackers access Computer Systems of at least 2 dozen critical entities including in hawaii and in guam. The hackers even attempted to hack the texas power grid. The purpose was to install malware that once activated would disrupt or damage the infrastructure. You might ask why. Very simple, to potentially harm us in a time of conflict. Strategists talk about attacks. Former cisa director stated that quote chinese attempts to attack infrastructure or to cause societal chaos inside the United States. This means targeting americans. This means we could suffer large scale blackouts in major cities. We could lose access to our cell towers and the internet. We could lose access to clean water and fuel. So, how do we respond . First, we must be clear eyed about the threat. The ccps objectives for a cyber attack are not just to impede military readiness. They also seek to target military infra, im sorry civilian infrastructure to cause political, economic and social chaos and in the plas own words quote shake the enemies will to war. Second, we must hunt and destroy malware. We have need to discover and describe all malicious code the ccp is attempting to hide within our network and Critical Infrastructure. In fact, less than 48 hours ago, reuters reported that the Justice Department and fbi were authorized to disable aspects of a ccp Hacking Campaign on the way now in order to protect our networks and devices. This is exactly the type of proactive action that we need to take. And we need to work with our partners and allies to do the same. I look forward to hopefully learning more from the witnesses about this particular, about this counter campaign. Third, we must deter our adversaries. While malicious chinese code hasnt yet disrupted any of our networks, any that would cause loss of life would inherent the u. S. The right to respond. We need to make sure we have the capability to respond and respond decisively. I look forward to hearing from our Witnesses Today and i yield back the rest of the my time. We are witnessed to have a great panel of witnesses. The honorable cockell jr. , Christopher Ray is the director of the fbi. Jen easterly is the director of infrastructure Security Industry and general paul nakasoni. I too have to thank you general nakasoni. I dont want to play favorites but when i called you to try to convince you to do this, i felt a little guilty because you were doing your change of command. But the fact that you were willing to do this. More than the awards youre wearing on your uniform today just to the type of public serevent that you are. That you would be willing to do this. And you know, whether youre redeploying or changing command, usually you kind of trap your you kind of block your pack. I just wanted the outset of this hearing to thank you for an exceptional career of Public Service. The nation owes you a great debt of gratitude. We can stand for that. I asked the witnesses to stand and raise your right hand that was me lulling you into a false sense of security before the questioning begins. I would like you to stand so i can swear you in. Do you swear or affirm under penalty of perjury that the system youre about to give is true. You may sit. Director ray will begin with his testimony. Which i believe will include a major announcement. Mr. Ray, you may proceed. Thank you chairman gallagher, Christian Morti for inviting me today to discuss the fbi east ongoing effort to protect our nation from actions taken by the Chinese Government that threaten American Safety and prosperity. Before i go on, i do want to make very clear that my comments today are not about the chinese people. And certainly not about Chinese Americans who contribute much to our country and are frankly often the victims of Chinese Communist party aggression themselves. Rather, when i talk about the threat posed by china, i mean the government of china. In particular led by the ccp. The ccps dangerous actions, chinas multiprong assault make it the designing threat of our generation. When i describe the ccp as a threat to American Safety a moment ago, i meant that, quite literally. There has been far too little public focus on the fact that prc hackers are targeting our Critical Infrastructure. Our Water Treatment plants, our electrical grid, our oil and natural Gas Pipelines. Our transportation systems. And the risk that poses to every american requires our attention now. Chinas hackers are positioning on american infrastructure to cause havoc to american citizens and communities if and when china decides the time has come to strike. Theyre not focused just on political and military targets, we can see from where they position themselves across civilian infrastructure that low blows arent just a possibility in the event of a conflict. Low blows as a civilian are part of chinas plans. But the prc that goes way beyond prepositioning for conflict, today and literally every day theyre actively attacking our economic security. Engaging in wholesale theft of invasion and our personal and corporate data. Nor is cyber the only prc threat we face. The prc threat is more dangerous because of how they knit the campaign against us. They recruit human sources to target our businesses using insiders to steal the same kinds of invasion and data that their hackers are targeting. While also engaging in corporate deception hiding beijings hand in transactions, joint ventures and investments to do the same. And they dont just hit our security and economy, they target our freedoms reaching inside our borders across america to silence, coerce and threaten some of our citizens and residents. But i can assure you the fbi is laser focused on the threat posed by beijing. Weve got cyber, Counter Intelligence, criminal, and wmdx experts just to name a few defending against it. And were working in partnership, partnership with the private sector. Partnership with our companies abroad. In fact, just this morning, we announced an operation where we and our partners identified hundreds of routers that had been taken over by the prc state sponsor group known as volt typhoon. The volt typhoon enabled china to hide among other things preoperational reconnaissance, Network Exploitation against Critical Infrastructure like our communications, energy, transportation, and water sectors. Steps china was taken to find or prepare or degrade the infrastructure that keeps us safe and prosperous. Lets be clear, Cyber Threats to our Critical Infrastructure represent real world threats to our physical safety. So working with our partners, the fbi ran a court authorized on Network Operation to shut down volt typhoon and the access it enabled. Now this operation was an important step but theres a whole lot more to do and we need your help to do it. To quantify what were up against. The prc has a bigger hacking section of any other nation. In fact, if you took every single one of the fbis cyber agents and intelligence analysts and focused them exclusively on the china threat. Chinas hackers would still outnumber fbi cyber personnel by at least 501. So as we sit here, while important budget discussions are under way, i will note that this is a time to be keeping ahead of the threat by investing in our capabilities rather than cutting them. We need to ensure that we sustain and build on the gains that weve made that have enabled us to take actions like the volt typhoon operation. Budgets that emerge from discussions under way now will dictate what kind of resources we have ready in 2027. A year that as this committee knows all too well the ccp has circled on its calendar. That year will be on us before you know it. As ive described the ccp is already today putting their pieces in place. Those watching today to think we cant protect ourselves. But i do want the American People to know that we cannot afford to sleep on this danger. As a government and a society weve got to remain vigilant and actively defend against a threat that beijing poses. Otherwise china has shown it will make us pay. I move forward to todays discussion. Thank you, sir. Chairman gallagher, Ranking Member, christian morte and distinguished members of the committee. Thank you for the opportunity to testify. I have been honored to lead the office of the National Cyber director oncd for over a month now. And your leadership for creating this office. I appreciated our conversation yesterday. Onc was established. We coordinate many important agencies with Cyber Missions across the government to ensure federal coherent on Cyber Security policy. We have budgetary responsibilities to ensure that the u. S. Government is making appropriate moves. Excuse me, successfully and transparently executed. Coordination and collaboration are central to our ethos. Cyber security remains a joint effort and im proud to be testified with some of our nationings brightest leaders. Conduct disruptive and destructive attacks. The prc threat actor, volt typhoon has it has been named has conducted Cyber Operation focused not only financial gain or espionage but into Critical Systems that put those systems at risk. Their aim is clear in the early stages of a conflict they want to disrupt our militarys ability to mobilize and to impact the system that allow us to thrive in our increasingly digital world. We can, must and importantly are season the initiative from former adversaries to defend the American People. Last year President Biden called for us to build a future that as a foundation of deep and enduring collaboration. The national Cyber Security strategy is built on two fundamental shifts that we must one rebalance a responsibility to defend cyber space and two, realign incentives to favor long term investments. Today in users of technology, the individuals, Small Businesses and Critical Infrastructure entities that make up constituencies in your district. This means that Market Forces and Public Programs alike must reward security and resilience. This leads directly to the first pillar of the strategy which is simple in concept but daunting in scope. Defend Critical Infrastructure. As we concede from prc targeting, Critical Infrastructure systems are in terrain from which our adversaries wish to engage us and Critical Infrastructure owners and operators the majority of who are private entities. The government must also be a good partner when an incident has occurred. Assistance is required. And even as we look at defense, we also need to favor defenders. Addressing the open resource problem, that makes it difficult to understand the quality of code we use. A topic that were looking to address. It is vital we invest in program, expand opportunities for all citizens to learn Digital Skills and open these skills to all segments of society. Including those who have never seen themselves in cyber. This is through implementation of the the af strategy. The administerss focus on Cyber Security has put us on a firm strategic footing to counter. But we will only seize the initiative by leverages the partners we rely on including congress. Ultimately, Cyber Security requires a unity of effort, no one entity can achieve our shared goals alone. Sitting here today with our close partners i hope you will see how our u. S. Team is enhanced by a thoughtful, patriotic cyber working together to build a defensible resilient digital eco system. Again i thank you for the opportunity to testify today, i look forward to your questions. Thank you, sir. Director easterly youre recognized for your Opening Statement. Thank you for the opportunity to testify and to protect the nation from the preimminent cyber threat from the peoples republic of china. Critical infrastructure, resilience and security we have long been focused on the cyber threat from china. But as youve heard in recent years we have seen a deeply concerning evolution in chinese targets of u. S. Critical infrastructure. In particular, weve seen chinese cyber actors including those known as volt typhoon burring deep into our Critical Infrastructure to enable destructive attacks in the middle of a conflict. This is a world where a major crisis half way across the planet could well endanger the lives of americans here at home. Through the disruption of pipeline