The House Homeland Security subcommittee on Cyber Security held a hearing with officials from the Homeland Security department and the Energy Department regarding the federal governments Cyber Security programs. The subcommittee looked into the security of election systems, the governments i. T. Systems, and the security of the nations electric grid. The committee on Homeland Securitys subcommittee on Cyber Security and Infrastructure Protection will come to order. First of all, im sure i speak for all of us here on the dais in expressing our deepest condolences to all of the family members and all of the victims of yesterdays tragedy in las vegas. Events liking the one yesterday demand the utmost humanity in response to such blind hate and evil and hopefully will give us all a renewed senses of purpose as we approach the tasks of the day. The subcommittee is meeting today to receive testimony regarding the department of homeland securities Cyber Security mission. I recognize myself for an Opening Statement. Were here today at the start of national Cyber SecurityAwareness Month to discuss what i believe is one of the defining Public Policy challenges of this generation. The Cyber Security posture of the United States. Weve seen Cyber Attacks hit nearly every sector. Of our economy with devastating impacts to both Government Agencies and the private sector alike. And it is our shared duty to insure that were doing our very best to defend against the very real threat our cyber adversaries are posing. But make no mistake, the Cyber Security challenges we face are about much, much more than simply protecting bottom lines or intellectual property or even our nations most classified information. They also impact the personal and often irreplaceable information of every american. This year we have seen on a grand scale just how much damage can be done by a single individual or entity looking to conduct a cyber attack. The Equifax Breach shows that it takes only one bad actor and only one exploitable vulnerability to do something to compromise the information of 145 million americans. This is not the first cyber attack that has garnered national attentions and unfortunately it almost assuredly will not be the last. As the members of this panel and as our witnesses here today know well, there is no Silver Bullet for guaranteed technology to fix the Cyber Security problem. Rather we need to be part of an ongoing sustained, dedicated persistent and comprehensive campaign to insure the United States remains the worlds Cyber Security superpower. We will continue to need a sharp work force and collective efforts in Public Private partnerships and the leadership of our Government Agencies to leverage our resources and to counter our highly sophisticated cyber adversaries. Today the subcommittee meets to hear from the government officials that are charged with meeting these cyber threats. These are the folks on the front lines day in and day out. Dhs is the federal governments lead civilian agency for Cyber Security and within it the National Protection and programs direct i cant tell director where nppd leads our National Effort to safeguard and enhance the resilience of the nations physical and cyber infrastructure, helpling federal agencies and when requested, the private sector harden their networks and respond to Cyber Security incidents. They partner with critical intrastructure owners and operators and other enterprise stakeholders to offer a wide variety of capabilities, such as system assessments, Incident Response and mitigation support. And the ability to hunt for malicious cyber activity. This collaborative approach to mitigating Cyber Incidents is meant to prioritize meeting the needs of dhss partners and is consistent with the growing recognition among government, academic and Corporate Leaders that Cyber Security is increasingly interdependent across sectors and must be a core aspect of all management strategies. This committee has been working hard to ensure that nppd and dhs in its entirety has the necessary authorizations and organization it needs to combat growing cyber threats. Dhs needs a strong and sharp work force. Both to protect its Cyber Security and Infrastructure Protection missions. Earlier this year, the committee marked up and passed hr 3359, the agency act of 2017 to reorganize and to strengthen nppd. As the cyber Threat Landscape continues to evolve, so should dhs and in doing that, hr 3359 is the tool well use to bring nppd to a more visible role in Cyber Security of this nation. As a committee and a congress we have taken important steps in the right direction with legislation on information sharing, on modernizing the federal governments Information Technology and in getting our state and local officials the Cyber Security support that they need. Some of these programs have been years in the making. Realtime collaboration between the government and the private sector is a lofty and worth while goal. Through the automated sharing program, or ais, dhs has been partnering with industry to create and enhance that broader informationsharing environment. And weve made progress in the right direction. While we know proactive information sharing is only as good as the information being provided, that type of relationship can only be made possible with a Strong Foundation of trust. Im looking forward to a robust discussion today, not only how the government can be best organized and equipped to insure we are leveraging the resources of the federal government but how the government it can forge and grow the necessary partnerships to achieve the greater Cyber Security for our nation. We have to get this right. Because new technologies, the internet of things, driverless cars, artificial intelligence, and quantum computing, they are all rapidly evolving. So we need to be securing at the speed of innovation, and not at the speed of bureaucracy. We are in an era that requires flexibility, resiliency and discipline. And i hope i will hear those values operationalized in the forthcoming testimony. Cyberspace plays an increasingly dominate role and it will take continued collaboration across the public, private, international and domestic spaces to keep making the advancements needed to prioritize Cyber Security for our country. I know this is a responsibility that everyone on this subcommittee takes extraordinarily seriously. The chair now recognizes the ranking minority leader for his Opening Statement. Mr. Richmond, from louisiana. Thank you, mr. Chairman. Good morning. Im pleased were kicking off Cyber SecurityAwareness Month by talking to the department of Homeland Security about the Cyber Security mission and how congress can help ensure dhs is well positioned to prevent from Cyber Attacks. Before i begin i would like to send my condolences to the families of the victims of sunday nights horrific shooting. To the survivors, youre in our thoughts and prayers. To the brave First Responders who were running into danger when everyone else was running away from it, we are grateful. The democrats on this committee have said this before but it it bares repeating. At some point were going to have to come together and enact sensible Gun Legislation and as the congressman representing new orleans, i cannot sit silently as the president insults the hurricane survivors of puerto rico and the san juan mayor whos trying to help them. Ive been through katrina and i know what its like when youre at your most vulnerable moment and youve lost everything and what youre looking for is assistance because its beyond your capacity to respond to a storm of that magnitude. So having seen the people greave the loss of their homes and businesses and struggle to piece their lives back together, i can tell you the last thing the people in puerto rico and the Virgin Islands need are insults. I urge the president to take a break from twitter, roll up his sleeves and get to work. Turning to the issue at hand, as i mentioned, i represent new orleans, which has Significant Energy sector assets. Last month we heard disturbing reports of a new way to breach Energy Sector networks in the United States. According tocy man tech, in some cases, hackers achieved unprecedented access to operational systems. In light of these reports, im interested to know how the department of houmd Homeland Security and the department of energy are working together to secure Energy Sector networks and make them more resilient. Additionally, as a member of this committee, and the Congressional Task force on Election Security, i am eager to hear about dhss activities to secure our election systems. Although the administrations commitment to the Critical Infrastructure designation appeared to waiver earlier this year, i was encouraged when acting secretary duke told Committee Democrats last month that there are no plans to rescind the designation. With that comment, i look forward to hearing the progress dhs is making to secure election infrastructure and whether the department has adequate resources to carry out its responsibilities in that space. For example, i understand theres a ninemonth wait for a risk and vulnerability assessment, and that some secretaries of state have complained about the lengthy clearance process for Election Officials. Im concerned that these kinds of challenges may deter some states, particularly those to the Critical Infrastructure designation from taking full advantage of the resources dhs can bring to bear. From that point, dhs has to build some. Relationships necessary to executing its security commission. Although i hear dhs is making progress, im concerned mistakes made notifying certain secretaries of state that their election infrastructure had had been targeted may have undermined the trust that dhs has sought to build. I will be interested in learning what do you need from congress to address more quickly. And build trust within the election infrastructure community. Finally, when ms. Manford testified in march, i asked when i could expect the dhss Cyber Security strategy. The strategy required pursuant to legislation i authored was due march 23rd. It still has not been submitted to congress. I understand the Trump Administration did not fill leadership positions relevant to the execution of dhs, Cyber Security strategy with any real sense of urgency. And ongoing vacancies may be contributing to the delays. But the strategy is six months overdue, and that is not acceptable. With that, i yield back the balance of my time. I thank the gentleman. The chair now welcomes and recognizes the chairman of the full committee, my colleague from texas, mr. Mccaul, for any Opening Statement he might have. Thank you, chairman wry cliff. I also would like to extend my thoughts and prayers to the victims and family members of las vegas. Im hopeful we can come together to prevent such tragedies from happening in the future. Im pleased to be here today with our distinguished guest here at this hearing. Americas National Security continued to be threatened by islamic terrorists. Tyrannical regimes. Building and proliferating weapons of mass destruction. Human traffickers, transnational gang members, like ms13, who stream across our border. These threats are wellknown, and we need to do everything we can to stop them as we see them coming. However, we also find ourselves in the crosshairs of invisible attacks and sustained cyber war from nation states and other hackers. And as we come become more reliant on computers and smartphones in both our personal and professional lives, everyone is a potential target, and sadly, many of us have already been victims. Over the past few years, we see many successful largescale cyberattacks take place. In Early September hackers were able to breach equifax, a Credit Reporting Agency gaining access to Sensitive Information on as many as 143 million people. In 2016 we know russia tried to undermine our electoral system and democratic process. And in 2015, we learned that china stole over 20 million security clearances, including mine. And probably some here at this dais. These kinds of violations are simply unacceptable. Im proud to say over the last few years this committee has recognized these threats and has led the charge in the congress to strengthen the defense of our nations networks. In 2014, we enacted several important bills that empowered dhs to bolster its work force, codified dhss cyber center and updated for the first time in 12 years. A year later, the Cyber Security act became law. Which enhances informationsharing and makes dhs the lead conduit for cyber threat indicators and defensive measures within the federal government. While informationsharing has come a long way, this illustrated just how important and beneficial these relationships are. Just last week, rob joyce, the Cyber Security coordinator at the white house, noted that we need to find a way to provide the private sector with more expansive access to cyber threat information in a controlled setting. Something i believe we need to strengthen. Moreover, issues relating to the sharing of classified information with the private sector, like crediting skf space, granting security clearances to key personnel and enabling consistent Twoway Communications are issues we are learning at closely. In other words, we have made great progress in the way indicators are shared. But i want to examine if we can do more regarding the overall sharing of classified information. Earlier this year, i was pleased to see President Trump issue an executive order to strengthen the Cyber Security of federal networks and Critical Infrastructure. Going forward, im hopeful that the house can advance legislation that i have introduced to elevate mppd as a Standalone Agency and better support the Cyber Security mission at dhs. This month is national Cyber SecurityAwareness Month. A time to learn more about these threats and offer ideas on how we can best secure ourselves against these growing threats. While weve had some success on this issue, we must do more. Our cyber enemies, including terrorists are always evolving, looking for new ways to carry out their next attack. Unfortunately, this is an issue that i believe transcends party lines. Its not a republican or democrat issue. So lets Work Together to make our Cyber Security strong and keep the American People safe. Again, id like to thank the witnesses for being here today. And thank you for your service. In a very important component of the department that often, as i mentioned in my opening, we focus a lot on counterterrorism and the border and other things. But i consider this mission that the department has to be one of the most important that this nation faces. So i look forward to the conversation and that congress and the executive branch can Work Together and how we can work with leaders in the private sector to enhance the nations Cyber Security. So with that, id