Protection, and securitysecuri technologies will come to order. First of all, im sure speak for all of us here on the dais in expressing our deepest condolences to all of the family members and all of the victims of yesterdays tragedy in las vegas. Events like the one yesterdayic really demand the utmost humanity in response to such blind hate and evil, and hopefully will give us all a renewed sense of purpose today as we approach the task of the h day. The subcommittee is meeting today to receive testimony regarding the department of Homeland Security is Cybersecurity Mission. I recognize myself for an Opening Statement. We are here to today, at the start of National Cybersecurity awareness month, to discuss what i believe is one of the defining Public Policy challenges of ouri generation, the cybersecurityy posture of the United States. We have seen cyberattacks hit practically every sector of our economy with devastating impact to both Government Agencies ande the private sector alike, and its our shared duty to ensure were doing our best to defend against the very real threat our cyber adversaries pose. Y but make no mistake, the cybersecurity challenges we face are about much, much more than simply protecting bottom lines, or intellectual property, or even our nations most classified information. They also impact the personal, often irreplaceable informationt of every american. P this year, weve seen on a grand scale just how much damage can be done by a single individualee or entity looking to conduct a cyber attack. The equity fax breach shows that it takes only one bad actor and only one exploitable vulnerability to do something to compromise the information of 145 million americans. This is not the first cyber thtack that has garnered National Attention and, unfortunately, it almostt assuredly will not be the last. As the members of this panel and as our witnesses here today know well, there is no Silver Bullet or guaranteed technology to fix the cybersecurity problem. Techno rather, we need to be part of an ongoing, sustained, dedicated, persistent and comprehensive campaign to ensure the United States remains the worlds cybersecurity superpower. We will continue to need a sharp workforce, the collective efforts in publicprivate partnerships, and the leadership of our Government Agencies to leverage our resources and counter our highly sophisticated cyber adversaries. Coday, this subcommittee meets to hear from the government sop officials charged with meeting these Cyber Threats. Mittee these are the folks on the front lines day in and day out. Dhs is the federal governments lead civilian agency for cybersecurity, and within it, the National Protection and programs directorate, or nppd,in leads our National Effort to safeguard and enhance the resilience of the nations physical and cyber infrastructure, helping federal agencies and, when requested,re the private sector harden their networks and respond to cybersecurity incidents. Nppd partners with criticalden t infrastructure owners and operators and other Homeland Security enterprise stakeholders to offer a wide variety of cybersecurity capabilities, such as system assessments, Incident Response and mitigation support and the ability to hunt forem malicious cyber activity. This collaborative approach to mitigating Cyber Incidents isor meant to prioritize meeting the needs of dhs partners, and is consistent with the growing recognition among government, academic and Corporate Leaders that cybersecurity is increasingly interdependent across sectors and must be ate core aspect of Risk Management strategies. This committee has been workings hard to ensure that nppd and dhs in its entirety has the necessary authorizations and organization it needs to combat growing Cyber Threats. Dhs needs a strong and sharp workforce than an efficient organizational structure to support both its cybersecurity and its Infrastructure Protection missions. Earlier this year, this committee marked up and passed h. R. 3359, the cybersecurity ann Infrastructure Security Agency act of 2017 to reorganize and threngthen nppd. As the cyber Threat Landscape continues to evolve, so should dhs, and in doing that, h. R. 3359 is the tool well use to bring nppd to a more visible role in the cybersecurity of this nation. As a committee, and as a congress, we have taken important steps in the right direction with legislation on information sharing, modernizint the federal governmentse rig information technology, and in getting our state and local officials the cybersecurity support they need. Some of these programs have been years in the making. Realtime collaboration between the government and the private sector is a lofty and worthwhile goal. Through the automated indicatorn sharing program, or ais, dhs has been partnering with industry tr create and enhance that broaderg informationsharing environmenta and weve made progress in the right direction. Try to while we know that proactive information sharing is only as good as the information being provided, that type of relationship can only be made possible with a Strong Foundation of trust. Im looking forward to a robuste discussion today, not only about how the department can be best organized and equipped to ensure that we are leveraging the resources of the federal government towards this immenser challenge, but also how the government can forge and grow the necessary partnerships to achieve greater cybersecurity t for our nation. We have to get this rightsary because new technologies, the internet of things, driverless cars, artificial intelligence, and quantum computing, are rapidly evolving. We need to be securing at the speed of innovation, not of bureaucracy. Because we are in an era that requires flexibility, resiliency and discipline and i hope i will hear those values operationalized in the forthcoming testimony. Cyberspace plays an increasingly dominant role in the fabric of our society, and it will take continual collaboration across the public, private, international and domestic spaces to keep making the advancements needed to prioritize cybersecurity for our country. I know this is a responsibility that everyone on this subcommittee takes extraordinarily seriously, and i look forward to the discussion today with our witnesses. The chair now recognizes the t ranking minority member of the subcommittee, the gentleman from louisiana, mr. Richmond force Opening Statement. Thank you, mr. Chairman. Good morning. Please were kicking off cybersecurityin awareness monthy talking to the department of Homeland Security about its Cybersecurity Mission and how congress can help ensure dhs ist wellpositioned to protect Critical Infrastructure from Cyber Attacks. Before they can, however, i would like to send my condolences to the families of victims sunday nights horrific shooting. To the survivors, your you in r thoughts and prayers here to the brave First Responders who ran into danger when everyone else was running away from it, were grateful. The democrats on this committee has said this before but it bears repeating. At some point will have to come together and enact sensible gunt legislation. And and as the congressman representing new orleans i cannot sit silently as the president consults the routine survivors of puerto rico, andep the san juan mayor who is trying to help them. Ive been through katrine and i know what its like when youree at your most vulnerable moment and youve lost everything. And what youre looking for ist assistance because its beyond your capacity to respond to a storm of that magnitude. So having seen people grieve the loss of their homes and businesses and struggled to peace their lives back together, i can tell you the last thing the people in puerto rico and the Virgin Islands need our in insults. I urge the president to take a break from twitter, roll up his sleeves and get to work. Turning to the issue at hand, as an agent of represent new orleans which a significantsleee Energy Sector assets. Last month we heard disturbing reports of a new wave of efforts to reach Energy Sector networkss in the United States. According to symantec, in some cases hackers achieved unprecedented access toachiev operational systems. In light of these reports im interested to know how the department of Homeland Security and the department of energy are working together to secure Energy Sector networks and make them more resilient. Additionally, as a member of this committee and the Congressional Task force on Election Security, im eager to hear about dhs is activities to secure our election systems. Although the administrations commitment to the Critical Infrastructure designation appeared to waver earlier this year, i was encouraged when acting secretary duke told Committee Democrats last month that there are no plans to resend the designation. With that comment i look for during about the progress dhs is making to help state and localat governments security election infrastructure and whether the department has adequate resources to carry out its responsibilities in that space. For example, i understand theres a ninemonth wait for a risk and Vulnerability Assessment, and that some secretaries of state have complained about the lengthynd clearance process for electionas officials. I am concerned these challenges may deter some states, particularly those i started a Critical Infrastructure designation come from taking full advantage of the resources dhs can bring to bear. To that point, dhs has struggled to build some of the relationships necessary to execute its Election Security mission. Although ive heard dhs is making progress in this regard, i am concerned mistakes made notified certain secretaries ofg state that their election infrastructure has been targeted, though it had not been, maeve undermined the trust that dhs has sought to build. I will be interested in learning what do you need from congress to address election infrastructure request more quickly and build trust within the election infrastructure community. Finally, when ms. Manfra, testified in march i asked what i could expect the dhs Cybersecurity Strategy. The strategy required pursuant to legislation offered wednesday march 23 to it still has not been submitted to congress. I understand the Trump Administration did not fill leadership positions relevant to the execution of dhs, Cybersecurity Strategy with any real sense of urgency, and ongoing vacancies may be contributing to the delays. But the strategy six months overdue, and that is not acceptable. With that, mr. Chairman, i yield back the balance of my time. Thank the gentleman. The chair now welcomes and recognizes the chairman of the full committee, my colleague from texas, mr. Mccaul for any Opening Statement that he might have. Thank you, chairman ratcliffe or i would also like to extend my thoughts and prayers to the victims and family members of the horrifying tragedy in las vegas. I am hopeful that as americans, we can come together and prevent such violence from happening again. Im pleased to be at this important hearing today with our distinguished guests here at this hearing. Americas National Security is r continually threatened by islamist terrorists, tyrannical regimes building and proliferating weapons of mass destruction, and human traffickers and transnational gang members like ms13 who stream across our border. These threats are well known, and we need do everything we can to stop them as we see them coming. Members, however, we also find ourselvesl in the crosshairs of invisible attacks in a sustained cyberwar from nationstates and other hackers. And as we become more and morers reliant on computers and smartphones in both our personal and professional lives, everyone is a potential target and sadly, many of us have already been victims. Become over the past few years we have seen many successful largescale cyberattacks take place. In early september, hackers wer. Able to breach equifax, a credit reporting agency, gaining access to Sensitive Information on as many as 143 million people. In 2016, we know that russiaiato tried to undermine our electoral system and democratic process and in 2015, we learned that china stole over 20 million security clearances including mine. And and probably some here at this dais. These kinds of violations are simply unacceptable. I am proud to say that over the last few years, the committee on Homeland Security has recognized these threats and led the charge to strengthen the defense of our nations networks. In 2014, we enacted severalre important bills that empowered dhs to bolster its workforce, codified dhss cyber center, and updated fisma for the first time in 12 years. A year later, the cybersecurity act became law, which enhances information sharing and makes te dhs the lead conduit for cyber threat indicators and defensive measures within the federal invernment. While information sharing has come a long way, the Wannacry Ransomware attack recently illustrated just how important and beneficial those relationships are. Just last week rob joyce, the cybersecurity coordinator at the white house, noted that we need to find a way to provide the private sector with more expansive access to cyber threat information in a controlled setting; something i believe we need to strengthen. Moreover, issues relating to the sharing of classified information with the privatecces sector, like accrediting scif space, granting security clearances to key personnel, anw enabling consistent twoway communication, are issues we arl looking at closely. In other words, we have made progress in the way indicators are shared but i want to examine if we can do more regarding the overall sharing of classified information. Made earlier this year, i was pleased to see President Trump issue an executive order to strengthen the cybersecurity of federal networks and Critical Infrastructure. Going forward, i am hopeful thao the house can advance secur legislation that i have introduced to elevate nppd as a Standalone Agency and better support the Cybersecurity Mission at dhs. This month is National Cybersecurity awareness month, a time to learn more about these threats and offer ideas on how we can best secure ourselves against these growing threats. While we have had some success on this issue, we must do more. O our cyber enemies, including terrorists, are always evolving looking for new ways to carry out their next attack. Fortunately, this is an issue that transcends party lines. Its not a republican or a democratic issue. Lets Work Together to make ourr cybersecurity strong and keep the American People safe. I would like to thank todays witnesses for their time and their service. A very important component of the department that often, as i mentioned in my opening, with focus a lot on counterterrorism, on the board and other thingss that i consider this mission the department has to be one of the most important that this nation faces. So i look forward to the conversation about our congress and the executive branch can Work Together and how we can work with leaders in the private sector to enhance the nation can cybersecurity. With that i would like to get back to the chairman, and if i may, submit my questions for the record. Thank the chairman, and the chair now welcomes and recognizes the ranking minority member of the full committee, the gentleman from mississippi for his Opening Statement. Thank you very much. Good morning. Id like to thank chairman ratcliffe and Ranking Members richmond for holding todays hearing to examine the work dhsg is doing to shore up our nations cyber defenses. There is no doubt that our country is facing an evolving array of Cyber Threats. As we stand here today, enemies are thinking of new and novel ways to strike at everything from banks to hospitals and chemical facilities. Nefarious actors even want to disrupt some of our most basic institutions. Last year we learned our nations election system serve as a new frontier for Cyber Attacks. Ti with every passing day we learn of new ways cyber operatives are looking to exploit everything from the media we consume to the data