Senator angus king and congressman Mike Gallagher. If i lived further north congressman al gore would be my member of congress. We are pleased to welcome Suzanne Spaulding who ill introduce people more formally prior to their also thomas fanning, two of the commissioners of the commission. First of all i want to thank the cochairs and that commissioners for the important work on the Cyberspace Solarium Commission. I think the end product is excellent. I think it has solid recommendations that a number of these are within our committees jurisdiction over the working hard to evaluate those and the ones that we can get them passed into law of these recommendations can be done through executive action. What id like to spend my time just enter my formal written state into the record, i just want to talk about two of the commissions recommendations. When i i got here in the congrs in 2011, cybersecurity was a hot issue. It still is. Its not going away. I remember the buzzword back ban is we have to do something about this. Weve made a number of attempts and quite honestly we made a fair amount of progress. My own sense is the bad guys, the people and often always have an advantage but i think were catching up, closing the gap between offense and defense. Theres been some very common themes. First one is where to do a better job of information sharing. I think weve accomplished that certainly with the establishment of the cybersecurity and Infrastructure Security Agency headed up by chris krebs right now. By the way when a Conference Call director krebs last week and he was reporting that bad actors, cyber actors are trying to take advantage of covid, trying to steal some of the medical information on the velvet of vaccine. This is a persistent threat thats not going away which is what makes the commissions work so incredibly important. The first recommendation i want to talk about that quite honestly were working hard at getting hopefully include if the National Defense authorization act, so it can become law is the need to put somebody in charge, a National Cyber director. We held a hearing a couple years ago of the blue ribbon study panel, and this was another panel establish on biodefense. Its interesting that the number one recommendation is the same as this committee is we need somebody in charge. Not too long ago we held a hearing on 5g. Once again, the number one recommendation out of the Committee Hearing was we need somebody in charge of the implementation, the development of 5g if going to compete in the world. So now lo and behold i think the number one recommendation out of this commission is we need somebody in charge. There is some controversy behind that. Exactly how to step it up is complex. I signed on a letter with senator rounds who is leading the charge on the Senate Armed ServicesCommittee Asking the commission to continue while you still have your commission to study and make recommendations exactly how that National Cyber director would be established in what part of the administration that individual should be placed into, that they could have the maximum positive impact. So hopefully the commission will Stay Together and make that recommendation and we can get that included into the National Defense authorization act. The other recommendation is something that we did cover in a hearing with director krebs, both insecure setting as those in the public hearing is the need for, this is senator hassan and i have bill of this, the bill is called cybersecurity vulnerability identification disclosure act. Theres just i need for system to build the contact individuals where they have no theres a threat and right now the only way they can contact those people is they can literally subpoena the records defined to those individuals are, but didnt buy them so they can contact them. This should scare anybody. This shouldnt be an issue with Civil Liberties is a very Necessary Authority that cisa needs and ill ask everybody on our committee to do what we can by hook or by crook hopefully get the and National Defense authorization act as well. Anyway, those things i want to concert on. I do want to steal the commissioners thunder here and the testimony, or my Ranking Member senator peters his thunder with his Opening Statement salter now to senator peters. Very good, mr. Chairman. Thank you. Thank you for bringing us together for the string and thank you to our witnesses for joining us today and for your hard work on the Cyberspace Solarium Commission. I especially would like to thank our colleague senator king for his leadership on cybersecurity policy and for appearing before us today and subjecting himself to our questioning. So thank you, senator king come for doing that. Cyberattacks are one of the greatest threats to our National Security and, as the Commission Found in your report, the United States is not thoroughly prepared to defend ourselves in cyberspace. The findings and recommendations included in your report could not have come at a more important time. Adversaries like china, russia, and iran have repeatedly attempted to hack into our Critical Infrastructure, interfere in our democratic processes, and engage in largescale intellectual property theft. Most recently, the Chinese Government launched a cyberattack against our hospitals and Health Care Research facilities in an effort to steal information on a Coronavirus Vaccine, an attack that threatened the health and safety of americans. Every one of these attempted attacks are targeted to undermine our national and economic security. Without sufficient cybersecurity tools, resources, and personnel, these attacks could have a devastating impact on our daily lives. Your report makes critical recommendations that Congress Must consider as we work to ensure our country is better prepared to deter, prevent, and recover from malicious cyberattacks. Your recommendations are wideranging, but boil down to three main goals we must work with our allies to promote responsible behavior in cyberspace; we must deny benefits to adversaries who exploit our vulnerabilities; and we must impose greater costs on those who engage in malicious cyberattacks. I have been proud to work on a bipartisan basis with many of my colleagues on this committee to advance legislation that will help meet some of these goals. I look forward to discussing these recommendations today and finding additional ways we can continue to strengthen our cybersecurity protections. Thank you again to all of our witnesses for joining us today, and i look forward to your testimony. Iq, senator peters. I know this is a web event, not in person very but it is the tradition of this he ill ask you to swear the test when you will give before this committee will be the truth, the whole truth and nothing but the truth so help you god. Thank you. Our first witnesses senator angus king. Senator king is a cochair of the Cyberspace Solarium Commission. Since 2013 he served as the First Independent senator from the state of maine. Prior to joining the senate was the governor of maine for two terms. Hes a a graduate of Dartmouth College and university of virginia law school. Senator king. And Ranking Member pierre, south dakota, patient the opportunity to testify before you. What id like to do is give you a little background on the commission, what our fundamental findings were and then talk about our strategy of labor, of layered cyber deterrence. First, the commission. It was set up by the 2019 National Defense act, and the mission of the commission was to establish an overall Strategic Direction for american policy in cyberspace. Thats number one. And number two, to make recommendations for implementing that strategy. Activation of 14 members, format from the congress, four from the executive, and six from the private sector. It was entirely nonpartisan. There were really no partisan discussions whatsoever and apart from the four members of congress i have no idea of the partisan affiliations of any of the other members of the commission. We had 29 in person meetings. We interviewed over 400 people. We went went to thousands of pages of documents, and ended up with 81 recommendations, 57 of which require legislative action which have been submitted to the various committees and the staffs in the senate and the house. So what are the fundamental findings . The real basis of the commission rests upon three issues. One is reorganization. Get the structure right. That year talked about this at the beginning. The second is resilience. How do we build cyber defenses to keep ourselves safe from attack . And a third is response. How do we respond to attacks in such a way as to defend our country . The fundamental strategy, if you will, is called layered cyber defense. Layered cyber deterrence. Here are the latest. Number one is shaped behaviors. That is, establishing norms and standards in the International Community so that this isnt a unilateral one country kind of effort. The second is to deny benefits, and that is to strengthen our cyber defense, and that is we are position and it is reorganizing cisa and others will talk about. But the basically the more resilient and that includes plans for the recovery of the economy in the case of a cyber attack. The third is the strategy of deterrence. We have been attacked over and over, over the last ten or 15 years and are adversaries have paid very little price. We need to establish a clear declaratory policy that if you attack the United States in cyberspace, you will be able you will have to pay the cost, and thats really the fundamental idea of deterrence, and we have to be clear about it and weve got to have our adversaries make the calculations that attacking us is going to cost them. I want to change their calculus when they are making that decision, and thats what the fundamental strategy is that were going to be presenting to you today. Thank you very much holding the steering. Look forward to answer your questions. Thank you, senator king. Our next witness is congressman Mike Gallagher. He is the cochair of the cyber and space Solarium Commission. He represents wisconsins eighth Congressional District in the u. S. House of representatives. He received a bachelors degree from Princeton University and phd from georgetown university. He served in the United States marine corps for seven years and did two diploma in iraq. Congressman gallagher. Take a chairman johnson, Ranking Member peters, the names of the committee. Its an honor to be a presenting the findings of the Cyberspace Solarium Commission and thank you to you and your staffs for engaging so proactively with the work of the commission as we try and turn our recommendations into actual legislation. We start really from a sobering recognition, so her the one which animated the original project solarium some six or seven years ago which is is toy the status quo is not getting the job done. I would wholeheartedly agree with chairman johnson that weve taken important steps towards reform such a standing up cisa, u. S. Cyber command for a variety of reasons we get to achieve the speed and agility that is necessary for survival in cyberspace. How do we get there . As my good friend and fellow coach or a disking continually me, structure is policy. Id like to talk a bit about our recommendations related to structure. First, we believe we must create a house permanent select and Senate Select committee on cybersecurity in order to streamline congressional oversight and authority. Second, we believe we must establish a Senate ConfirmedNational Cyber director that chairman johnson talked about to lead National Level coordination for Cyber Strategy to serve as a public voice for cybersecurity and emerging technology issues. Third, we believe we need to strengthen cisa to ensure the National Resilience of Critical Infrastructure, conduct National Risk management and Cyber Campaign planning, and late publicprivate collaboration ultimately allowing cisa to compete for talent that only with the nsa to with the google other attractive private sector companies. Fourth, Commission Ways when he to recruit, develop and retain a stronger federal Cyber Workforce and thereby close our 35,000 person federal Cyber Workforce gap. Fifth and finally, we believe we need to strengthen our cyber supply chain. The commission has taken an approach that believes in the power of free and fair competition to breathe innovation but it amounts little more to occasionally limiting the access affirms that we dont trust into our markets. I believe this isnt working, consider the competition for 5g with the Chinese Communist party is able to subsidize their National Champions like huawei, thereby advance the goal of dominate the Global Market without him to respond to Market Forces. To counter this the commission calls for investing information and communications technology, intellectual capacity and reinvigorating our investment in research and development. This will cost some money but whether in terms of responding to a pandemic or responded to a massive cyber attack, we believe america can no longer afford to depend on the largess of the Chinese Communist party for critical technology. With that i like to once again thank chairman johnson, Ranking Member peters, along with my coach or a disking as well as commissioners tom fanning and Suzanne Spaulding who really made this unique experience was a quality of participation we got from her outside experts, the executive branch and, of course, the city members of congress that i look forward to your questions. A few, congressman , congres. Our next witness is ms. Suzanne spaulding. Shes a commission of the Cyberspace Solarium Commission and the Senior Advisor for Homeland Security center for strategic and international studies. She was the under secretary for the department of Homeland SecurityNational Protection and programs director from 2011 20112017. She previously served six years at the Central Intelligence agency as assistant general counsel and legislative advisor to the directors nonproliferation center. Ms. Spaulding. Chairman johnson, Ranking Member peters and members of the committee, thank you for this opportunity to testify here today. I i want to touch briefly on the areas that i think can and should be acted upon quickly. Particularly given the vulnerabilities have been exposed by the pandemic. The first is strengthening dhs cybersecurity and Infrastructure Security Agency, or cisa, as organization that i lead as the undersecretary that dhs is now call. Thanks in no small measure to the work of this committee for which i am grateful. Congress recognize cisa central role to reduce cyber risks and the commission strongly endorse this view. With malicious cyber actors targeted hospitals and Health Research and an athome workforce presenting a massive attack surface, cisas work is never been more important which is why we urge congress to provide the agency promptly with the resources and authorities that it needs, including Mission Support functions, to be able to be the National Risk manager, provide continuity of the economy planning, identify systemically important Critical Infrastructure, and coordinate planning and Research Across the federal government and with the private sector. Second, with regard to improving the cyber ecosystem and reducing vulnerabilities, the commission understood that markets are usually more efficient than government and can