Replayhenry clay. Next, depending the u. S. From Cyber Attacks. Subcommittee held a hearing with members of the cyber space mission. Recommendations including ways to streamline information between the agencies. [silence]. Soon a good afternoon. Breaking members should be here shortly. He had a meeting off of the hill and partially. Inc. You senator blumenthal for being here. Senator purdue as well. We have a number of our other members joining us virtually today. Today the Cyber Security subcommittee welcomes the first time, collies to present the findings of the Cyberspace Solarium Commission rate our friend senator king, from a rep. Gallagher from wisconsin. They are joined by fellow commissioner and retired general john, professor of cyber studies at the u. S. Naval academy and former Deputy Director of the National Security agency. Welcome to all. Thank you for coming to discuss this important topic at todays hearing. I like to extend my congratulations as well to Mike Gallagher and his wife and by the recent birth of the baby girl grace. Good luck on your greatest adventure yet in all of the amazing moments yet to come associated with it. I would also like to recognize former staff and policy director Mark Montgomery who served as executive director of the public commission. Section 1652 of the fiscal year 2019 establish the Cyberspace Solarium Commission to study alternative strategies for defending the United States against malicious cyber activities and advancing National Interest in cyberspace. Among the strategies evaluated were cyber, persistent engagement, and compliance with International Norms. The commission has produced an impressive report that of kids combination of all three deterrence and rapid attribution, delivered chasing of International Norms progressive diplomacy and continued persistent engagement of malicious cyber adversaries. It also presents a number of reforms in many legislative format for deliberation. Of particular importance, the following recommendations. That the department of defense evaluate the size and capacity of the Cyber Mission forces. The department of defense taken expanded role in exercising and planning. Relevant to protection against Cyber Attacks causing significant consequence. In the department of defense and Cyber Security companies hunt on Defense Industrial place networks and ministration established a National Cyber director. These recommendations are valuable additions to the debate on what policies, programs, organization no con start full busted destination cyber securities. I am proud that we were able to incorporate 11 of these recommendations into the Committee Mark of the mba which several additional recommendations which work and partially outside of our jurisdiction lowering inc. Later on the floor discussion. While this hearing comes too late to inform this mark, three objects of the Commission Study remain relevant for the subcommittees oversight of the department of Cyber Strategy and operations for the committees conferencing of the him the aa. First and foremost i want to discuss the motivations behind the commissions recommendations and recent antics, further detailing the establishment of a National Cyber director. Hows interagency planning and execution process broken today. What authorities especially those relevant to the cyber action could be available to the director. The National Cyber director has to director coordinate the department of defense action in response to a Cyber Security incident of significant consequence. Since its establishment the subcommittee is focused on improving coordination among many relevant entities within the department of defense producer synchronized efforts in implementing and executing their cyberspace missions. I believe the principal cyber advisor was within the office of the secretary of defense has been particularly affected performing that particular oversight and coordination role and advising the secretary of defense this has been accomplished without the establishment from a large bureaucracy and appropriation of yet another cyber stovepipe within the due g. In this years permission strengthens the oversight and coronation role. I also sponsored a provision in the fiscal year 2020 and baa then principal Cyber Advisors for each Service Secretary to provide them with this critical coordination assets. The principal Cyber Advisors have the Department Little service for a while the proposal for National Cyber advisor concerns a national role. However, i think there may be some similarities between the functions of the principal Cyber Advisors the National Cyber director as envisioned by this commission. I would therefore appreciate discussion on the similarities and differences between the roles of the dod for principal Cyber Advisors and the proposed National Cyber director. Second i hope to better understand recommendations that the commission provided regarding the department of defense and cyber targeting. The Commission SeatCyber Command current plans and operations as matching the commissions recommendations and cyber terms. And engagement. Didnt find the departments aspirations for engagement of the adversaries to be realistic. And finally, want to hear how the department of defense and better execute his commission to protect the nation against russians, chinese, iranian, and north korean Cyber Attacks. What are the departments capabilities shortfalls. Question is will be in Emergency Response actions. Thank you for your diligent efforts in producing this report and for agreeing to testify before the subcommittee. And senator mentioned, welcome. Senator blumenthal set and to make sure that things were working the way theyre supposed to. You have an opening comments. Thank you very much and i appreciate that. And our dear friends, and representative Mike Gallagher. I guess mike is going to be on. Okay. They serve as cochairs on the commission and that this Committee Established in the mba. In the retired general who served as one of the commission members. Senator king of horses distinguished member of this committee. It represented gallagher, thank him for his work on this commission every Great Service in the house. Im chris is no stranger to this many and previously served as the director of service agency. Thank you chris for being here to predominate moment speaking about the efforts of this committee. And what lessons can we learn in the future pretty commission of the type is intended not just to educate congress. The executive branch of the public, intent is to forge a consensus on one need to be done to fix the problems the commission intensifies. However too often those recommendations are too vague or difficult for congress to legislate on. The questions and spent a lot of time and effort during those into actual draft legislation sprayed this was immensely important decision. If you have to turn 90 into a building which language that we have to really think it through result has to be compatible with the main purpose of congress which is drafting laws. To be sure weve had to modify these recommendations, sometimes significantly. But without those legislative drafts, much of the commissions work might already be can enter collecting dust on someones shelf. Instead they best majority recommendations for improving in one form or another in the mba a bill passed by the house and senate including a significant number number of recommendations across lines of multiple committees. This is no mean feat pretty getting approval from multiple amendments on the floor of the house and senate is extremely hard. Something to the senator king and mr. Gallagher know very well and were able to do it. One of the main and most influential commissioners recommendations is the integration of the National Cyber director. This recommendation is not popular with administration. We also concluded that the proposal needed a bit more polishing by the commission in order to better understand. What dispositions role should be. Senator king, and representative gallagher took the sub in the last couple of months and produce a very good proposal which we will talk about here today. The Commission Culture picturesy believe this is crucial to integrating this response to all of the departments and agencies will have to be involved in dealing with major Cyber Attacks. We must have the military cyber forces of the intelligence collectors, our Law Enforcement officers and Homeland Security operating as a team. Bringing all their authorities and resources to better account and attack. I hope the president Senior Advisors can be persuaded. Not to just accept the idea but to embrace and improve our National Security. Im greatly impressed with the efforts. I do have two concerns that i would like to address with the witnesses today. For the recommendation to require the reporting of all Critical Infrastructure. And in the department of homes e led department. We must do so without interrupting the established reporting. As Ranking Member of the Natural Resource committee upon example of the critical structure entity sprayed they should still report to their department of energy and intelligence should be made available to the eventual National Cyber director. Second the commissions report explicitly rejected a model to during major Cyber Attacks on Critical Infrastructure by assuring adversaries to contemplate such action within an response mainly retaliating against their Critical Infrastructure through Cyber Attacks. The commissions report suggests a retaliatory document going to an adversary and what to do to us. That is immoral. Even inconsistent with international law. Strategy of deterrence based on retaliation in kind, symmetrical against absurd as the basis of our Nuclear Deterrence that has been in place since the end of world war ii. We do not consider the strategy illegal or immoral or ineffective. Grover, the idea an adversary would be deterred from pinning her critical structure thread, we would disable the cyber forces in computers does not seem very likely to me. Even assuming that will be able to identify and incapacitate their cyber forces which i submit is not a certain momentary solution. And issues that cannot be resolved in the legislative cycle. Thank you, mr. Chairman look forward to hearing from our witnesses. Think it senator manchin. I think the best way to approach this, probably since youve done a combined Opening Statement which is in the record now, senator kain would you like to begin and then have representative gallagher and then finish up with the general if that works in terms of how you would like to proceed . Thank you, mr. Chairman. There are so many aspects of this and Opening Statement could go on all afternoon. Going to try very hard to make that not happen. Let make one point of the pandemic. Among all of the other things we have learned, think one of the most important things we have learned is that the unthinkable can happen. A year ago we would not have contemplated where we are now with a disease we are having to deal with on a worldwide basis. So it is with the cyber attack. It seems unthinkable, it seems the stuff of science fiction. And yet it can and it has happened. In fact it is happening right at this very moment. Our basic purpose in the work that we did on this commission. And i will outline how we proceeded, was to be the 911 commission without 911. Our whole purpose is to avoid not only a cyber catastrophe, but a death by a thousand cyber crimes. And that is really what we want to talk about here today. The commission, as you mention, mr. Chairman was set up almost two years ago in the National Defense authorization act. And our mission was to develop a comprehensive Cyber Strategy for the country and to recommend how it should be implemented. There were 14 members. I think part of this asset of the commission is how it was structured. There were 14 members. For members of congress, and then there were four members from the executive, from the relative agencies. And six members of the private sector. We had over 30 meetings. We had over 90 attendance in our meetings. We met in this building just downstairs. Over and over we had hundreds of documents, witnesses, and an immense amount of literatures general review of all of the ideas that could be brought before us on these subjects. I am proud to say the work of this commission was entirely nonpartisan. In fact, to this day, other than the four members of congress who wear their party labels on their sleeves, i have no idea the Party Affiliation of any of the other ten members of the commission. And i can honestly say in all those 30 meetings there is not a single comment, discussion, question that suggested any partisan content or any kind of partisan point of view in our commissions discussions. 400 interviews, we came up with 82 recommendations. Fiftyseven, as senator manchin mentioned were turned into actual legislative language. One of the basic principles of the report can be summarized in three words. Reorganization, resilience, and response. Reorganization, think we are going to talk a lot about today. How are we organized in order to meet this challenge . Secondly resilience. How do we build up our defenses so Cyber Attacks are ineffectiv ineffective. And that in itself is a deterrent for adversaries try it simply not worth it. The final is response. How do we develop the deterrent strategy that will actually work, particularly for a tax below the threshold of the use of force. We have not had a part of it we had in place for the problem is were being attacked in a lower level way continuously of us a theft of intellectual property, whether is that the possible of the opm records of millions of american citizens, whether its the attack on our election in 2016, that is the area where we remain vulnerable and we havent developed a deterrent policy. What is layered cyber deterrence . Which is a fundamental theory we have put forth. It is to shape behavior, is to deny benefits and it is to impose costs. I know were going to spend a great deal of time talk about the nation hundred National Cyber director. I want to address it briefly in these opening remarks. The mission and the structure of the National Cyber directors almost identical of the principal cyber adviser position that we created at the department of defense. The differences a wider scope. Just as we are preparing for the hearing, i made a quick list of seven or eight or nine federal agencies all which have cyber responsibility outside the department of defense. The fundamental purpose and structure of the National Director is to provide a person in the administration with the status and the advisory relationship with the president to oversee this diverse and dispersed authority throughout the federal government. For the same reason we created the cyber advisor with the department of defense we need to do it nationwide. And that is the fundamental purpose im sure we will be able to before have my statement ive to written records. One is a very strong letter from the very strong letter from the chamber of commerce endorsing the National Cyber director position. In the second is the testimony recently in the house by former representative michael rogers, former chair of the Intelligence Committee who confesses he is a one third 80 degrees change his position on the idea of a National Cyber director am steadfast opposition to very strong support. I would like to introduce both of those documents into the record with permission of the chair. Without objection. Ill end my comments now and we will be able to really discuss further details particularly on the National Cyber director recommendation as the hearing progresses. Thank you, mr. Chairman. Thank you, senator king. Represent of Michael Gallagher i believe you will be joining us ro