Armed services subcommittee. Mr. Gallagher the subcommittee will come to order. I ask everyone to be mindful of our committee rules. We start on time. U. S. Language the average american can understand. And we stick to the fiveminute rule, including on witness responses. With that, good morning, everyone, thank you for being here today for our hearing on the department of defenses cyberspace activities. We ask a lot from the department in this space. From securely operating networks and inherently insecure Weapons Systems to assisting small and large systems. More important than anything else is how prepared and capable we are to hold our adversaries at risk. Ive expressed my concerns about the departments pace for modernizing and growing the ships, aircraft and other weapons for a fight with china. If we accept that we need more time, it is my genuine belief that our ability to robustly use information and Cyber Operations should provide us with the opportunity to buy time to maneuver for our kinetic forces. While there have been some signs of progress such as the first delivery of a budget built through cybercom commanders enhanced Budget Authority there are wide gaps between where we are and where we need to be soon. There are issues like force readiness, lack of support and the shortcomings in acquisition of Cyber Capabilities that continue to plague the cyber force. These problems arent new and its remarkable how much effort congress has expended on pulling and pushing the department to embrace the promise of Cyber Operations. Since 2013, congress has tried to address force design and readiness through 24 different pieces of legislation. 24. Over that same period we tried to address the civilian and military cyber work force dilemma 45 times. Cybercom acquisition matters 12 times. Defense Industrial BaseCyber Security 42 times. And the list goes on. More frustrating is that the countrys collective capabilities and readiness are seemingly no better off because of it. In the words of albert einstein, insanity is doing the same things over and over again and expecting a different outcome. I look forward to hearing from our witness, dr. John plumb, serving as principal cyber adviser, as well as general Paul Nakasone, the seasoned commander of u. S. Cyber command. With that, i recognize the Ranking Member. Mr. Khanna thank you, mr. Chairman. Thank you to our witnesses for appearing before us today and the men and women you represent. Thank you, general Paul Nakasone for meeting yesterday and for your ideas on recruitment as well as your suggestions on how we can continue to keep our nation safe from cyber attacks. Our adversaries continue to use cyberspace to conduct malicious activity against the United States, its allies and its interests. These include iran, russia, and china. I applaud the department of defense and u. S. Cyber command for the progress made in recent years. Certainly the change in posture in the last five years has been quite remarkable. As we have transitioned to a posture of defend forward. But we certainly still have work to do. China aggressively uses cyberspace to obtain economic advantage and gather sensitive information. Also unfortunately the c. C. P. Has been the prime mover of a lot of trade secrets which im aware of given that companies in my district in Silicon Valley have been the targets. Russia continues to engage in ma licious activities to its end and the governments of iran and north korea as well as malicious and profitmotivated actors continue to act to further their own interest. Our cyber forces are engaged every day in the whole of government effort to defend the country and given our decentralization and our focus on privacy, this task is harder for us then for many other nations. With these growing threats then must come increased attention. I appreciate that we are going to be supporting the Cyber Command and this president s budget especially in areas of force readiness, training, and support for partners and allies in efforts going forward. The committee is tracking challenges associated with growing, retaining and training the force and i want to make sure we can continue to discuss that effort in greater detail and look forward to some Creative Ideas you may have of how our committee can help the recruitment of first class talent and technology. As i said to the general i want to make sure that some of the most talented folks arent just going to i. P. O. s and become multimillionaires but also serving the country. I also hope to hear about the commands service like authorities including enhanced budget control. Thank you and with that, thank you, mr. Chairman, for convening the hearing and i yield back. Mr. Gallagher dr. Plumb, youre recognized for five minutes. Dr. Plumb thank you, chairman gallagher, Ranking Member khanna. Distinguished members of the committee, good morning. Thank you for inviting me to testify on the defense departments cyber posture. Im pleased to appear alongside general nakasone. As secretary austen said from the first russia is an acute threat. This is as true in cyberspace as any other domain. China has used its capabilities to steal Research Information from public and private sector stewings including the defense Industrial Base. Today in competition chinese cyber intrusions are the most prolific in the world. In crisis, p. R. C. Leaders believe achieving dominance will allow them to seize the initiative, disrupt our ability to mobilize, protect and sustain the joint force and to ensure p. R. C. s entity. Russia engages in malicious cyber activities to support its global espionage campaigns, steal intellectual property, and promote disinformation. Russia has also demonstrated it views cyber as a key component of its wartime strategy. At the outset of his fulltime invasion of ukraine in 2022 they conducted Cyber Operations against a u. S. Satellite company to degrade command and control of ukrainian forces. Other persistent threats arise from north korea, iran and from transnational criminal organizations. Together our adversaries use cyberspace to conduct attacks against the department of Defense Information Network and the u. S. Homeland. They do this to weaken our allies and partners and undermine u. S. Interests. Since 2018 the Department Recognized that it is not enough to maintain a defensive posture while preparing for conflict. We must defend forward to defeat our adversaries and meet them in competition in the daytoday struggle. Today the Department Campaigns in and through cyberspace to sow doubt among our competitors. We conduct intelligencedriven huntForward Operations to find our competitors tactics. And we disrupt malicious cyber actors through our operations. The department is also prioritizing Capacity Building efforts for our allies and partners who serve as a strategic advantage and force multiplier our adversaries cannot hope to match. The president s 2024 budget request prioritizes investments in all aspects of cyberspace. Our people, organization, our intelligence, our capabilities. The request includes 13. 5 billion for cyberspace activities which is an increase of 1. 8 billion from the enacted level in fy 2023. These investments will enhance the departments Cyber Security, increase capacity for Cyberspace Operations, advance research and Development Operations for new Cyber Capabilities. The budget requests 7. 4 billion for Cyberspace Operations including nearly 3 billion for u. S. Cyber command. These resources will go directly to supporting our Cyber Mission forces, protecting the homeland and addressing the threats posed by adversaries in cyberspace. Ill just say, chairman gallagher, i do think we are better off and we are Getting Better every day and i think the help from the congress and the continued investments, were more prepared, more effective and were integrating cyber more and more into our operations. Operating in cyberspace today is an essential part of the departments ability to ensure our nations security. Our adversaries continue to extend and evolve their cyber activities. They are exercising them in conflict, trying to degrade our advantages and increase their own. The department is committed to increasing our defensive and offensive cyber activities in partnership with the committee. Thank you for the support of the department and i look forward to your questions. Mr. Gallagher thank you. General nakasone. Gen. Nakasone chair, Ranking Member, members of the committee. I am honored to testify alongside dr. Plumb. Joining me now is the Senior Leader of the u. S. Cyber command. In the contested cyberspace domain, u. S. Cyber command acts against foreign adversaries that threaten our nation through malicious cyber activity and enable actions by our federal, private and allied partners. Last fall, a combined u. S. Cyber command nsa Election Security group countered malicious cyber actors and oversaw activities to defend the recent midterm elections. The 2022 election cycle proceeded from primary to certification without significant impacts due in part to our effort. Going forward, success for u. S. Cyber command will be measured how effectively foreign actors are prevented from achieving their strategic objectives. Last year saw significant maturation for u. S. Cyber command but our work is not done. In 2023, we must continue to focus on our people, our partners and our ability to deliver decisive advantage. We must improve readiness, bolster our reliance im sorry, bolster our resilience and maintain a culture of continuous improvement. We must prepare for crisis and conflict. We are doing so by executing unique authorities to build and sustain campaigns in and through cyberspace and the information environment. Through these efforts we seek to counter adversaries and competition, to deter conflict and prevail against aggression. Aligning efforts of both u. S. Cyber command and nsa is important to achieving these goals and is in the best interest of the nation. It all starts with people. The men and women of u. S. Cyber command working with partners here and abroad. We win with people. The men and women of the United StatesCyber Command are grateful for the support of the committee and congress has given to our command. I look forward to answering your questions. Mr. Gallagher that was a very efficient opening statement. We will now move into the q a portion of the hearing. Dr. Plumb, last years ndaa authorized a new assistant secretary of defense for cyberspace policy. Im confident the senate is ready to rapidly confirm a nominee. Have many conversations to that effect. Can you explain why were not seeing one . Dr. Plumb yes, sir. So the department is has taken the language from the 2023 ndaa and trying to make sure we create a sign for the a deliberate manner that that has the most positive effect. So what we are doing is following the template used to create my current position, asde for space, which is putting a ffrdc on contract to examine whats the proper structure, are there different pieces required, what things should be in this cyber asd ship . Were look at components of electronic warfare, other warfare, what should belong. Thats on contract now. We expect that that study should be done around september. But we are moving forward on it, we just want to do it right. Mr. Gallagher so the earliest time to see a nominee is after the report in september. Dr. Plumb to be totally fair thats above my pay grade but thats what i anticipate. Mr. Gallagher thats disappointing. We sat down a few weeks ago. You talked about the number of reports foisted on you by congress. On one level i agree. I think we insert far too many reporting requirements into the ndaa and it just grows and grows without cleaning out the number of reports that dont actually get read. On the other hand, we do it to draw attention to significant issues we think are important without having to micromanage the department with statutory language. And the best way to avoid reports is to provide us quick but comprehensive answers to the questions were asking the department. Do you happen to know how many reports related to cyber that the department of defense is delinquent on right now . Dr. Plumb i dont have an exact number. I would imagine it is around 10. Mr. Gallagher its 15 reports. Theres got to be a better way we can get answers to these questions. Im happy to work with you and your team to come up with that. Because the current posture in my view is unacceptable. Speaking of reports, you produced the 2022 cyber posture review that was a congressionally mandated document to be produced every four years. Three years ago we said the cyber posture needed to include an assessment quote. Assessment of the costs and values as a separate uniform service. Yet when we got the document it did not include that assessment. Why is that . Why did d. O. D. Ignore that requirement from congress . Dr. Plumb first of all, no intentional ignoring of any provision of the law there, that oversight ill dig into how that happened. I will say this, congressman. We are working hard on answering that problem. Its been tasked in the fy 2023 ndaa as part of the force generation study. Ive been involved in conversations with your staff on making sure that that study was going forward. I think its a good study. I think it gives us enough time to look at. I think its really important. One of the things it requires us to explore among other options is a Cyber Service. Mr. Gallagher i get that. I understand where you sit, but it is not the prerogative of the department which part of the congressional mandate youll comply with. Or to answer it in a different report. We want that assessment in the cyber posture review so i would appreciate you get back to my team on why that didnt happen so we can improve the process going forward. How do you think about retention . Its my understanding that over the last year, the office of the principal cyber adviser has had at least seven civilians depart, about 77 of the civilian roster. Is that a concern . How do you think about improving retention . Dr. Plumb it is a concern. I think creation of the s. D. Cyber will help solve some of that problem but i am digging into that in my role as pca right now and it is an issue im determined to get after. Mr. Gallagher i look forward to hearing about that. I recognize the Ranking Member for five minutes. Mr. Khanna when i got to washington everybody told me no no one reads reports more than one page. I disagree. I appreciate having the reports. That is the essence of democracy and oversight so i look forward to working with you on that, mr. Chairman. Let me ask you, dr. Plumb, given your testimony on the c. C. P. s cyber threats, how much of a threat do you think tiktok poses to the United States from a Cyber Security perspective . Dr. Plumb Ranking Member, i would say that when we think about tiktok as a potential threat factor, the things that come to mind are one, the scale, just a tremendous number of people in the United States use tiktok. And two, the control that china may have to be able to direct information through it. Misinformation platform. And then of course the data it can collect. Its the scale of it, i think, thats problematic for us. Mr. Khanna what do you think should be done about that . Dr. Plumb thats a great question. I know everyone is considering it. I think we need to be aware of these various threats and be able to quantify them and take action against them. I know thats a vague answer, sir but i dont know if i have the exact answer for you right now. You might ask the general if he has thoughts on that. Gen. Nakasone Ranking Member, coming back to your question, if you consider a third of the Adult Population receives news from this app, a third of our children are constantly on the app. Theres 150 Million People every single day that are obviously touching this app. This provides, you know, a foreign nation a platform for information operation, a platform for surveillance and a concern we have with regard to who controls that data. The department has already, as you know, banned the use of that application on our phones. I think the broader discussion obviously rests with policymakers now. Certainly this is a piece that our nation has to consider. Theres going to be other applications like this and were going to have to have some type of policy that protects both our ability to obviously to to protect us from an adversarys ability to conduct surveillance against us. Mr. Khanna is it fair to say you view tiktok as a different order of threat than an American Company . On social media. Gen. Nakasone i do. If you consider the difference between an American Company and our government, theres clear separation in terms of what goes on there. If you look at an application like this, a nation has already said theyll be able to touch this data any time they want to touch this data. This concerns me. Im sure it concerned most people at this they look at this. Mr. Khanna general, you had an interesting idea about scholarships specifically in stem fields or fields that