Good afternoon. Senator manchin, Ranking Member should be here shortly. He had a meeting off the hill. Thank you, senator blumenthal, for being here. Senator purdue, as well. We have a number of our other members who are joining us virtually today. Today, the cybersecurity subcommittee welcomes for the first time colleagues to present the findings of the Cyberspace Solarium Commission. Our friend, senator king, and representative gallagher. Theyre joined by fellow commissioner, retired Brigadier General, john c. Inglis. Welcome to all. Thank you for coming to discuss this important topic in todays hearing. I would like to extend my congratulations as well no Mike Gallagher and her wife ann on the recent birth of their birthday girl, grace. Good luck on your greatest adventure yet and all the amazing moments yet to come associated with it. I would like to recognize Mark Montgomery who serves or who served as executive director of the commission. Section 1652 of if ndaa establishes Cyberspace Solarium Commission to study alternatives to protecting the United States a the commission has produced an impressive report that advocates a combination of all three, deterrents by denial, deliberate shaping of International Norms through aggressive diplomacy and continued engagement of malicious cyber adversaries. The report presents a number of reforms for our deliberation. Of particular importance are the following recommendations. That the department of defense evaluate the size and capacity of the Cyber Mission forces. That the department of defense taking an expanded role and exercises in planning relevant to protection against cyberattacks of significant consequence. That the department of defense and Cybersecurity Companies hunt on defense industrialbased networks and that the administration establish a National Cyber director. These recommendations are valuable contributions to the debate on what policies, programs, and organizational constructs will best advance the nations cybersecurity. I am proud that we were able to incorporate 11 of these recommendations into the Committee Mark of the ndaa with several additional recommendations which were unfortunately outside of our jurisdiction but were incorporated later on the floor discussion. While this hearing comes too late to inform the ndaa mark, three objects of the study remain relevant for this subcommittees oversight of the departments Cyber Strategy and operations and for the committees conferencing of the ndaa. First and foremost, i want to discuss the motivations behind the commissions recommendation and recent annex further detailing the establishment of a National Cyber director. How is the interagency planning an execution process broken today . What authorities, especially those relevant to offensive cyber action should be available to the director . How would the National Cyber director act to direct or coordinate department of defense action in response to a cybersecurity incident of significant consequence . This subcommittee that has focused on improving coordination among the entities within the department of defense to ensure synchronized efforts in emptying and executing their cyberspace missions. I believe that the principle cyber adviser within the office of the secretary of defense has been effective in performing that particular oversight and coordination role and advising the secretary of defense. This has been accomplished without the establishment of a large bureaucracy and without creation of yet another cyber stove pipe within the dod. In this years ndaa, we included a provision that strengthened the cyber advisers oversight and coordination role. There was a provision in the 2020 ndaa that added cyber advisers to provide the secretaries with this critical coordination asset. The principle cyber advisers have a departmental or service role, while the proposal for a National Cyber adviser concerns a national role. However, i think there may be some similarities between the functions of the principle cyber advisers and the National Cyber director as envisioned by this commission. I would therefore appreciate discussion on the similarities and differences between the roles of the dod principle cyber advisers and the proposed National Cyber director. Second, i hope to better understand the recommendations the commission provided regarding the department of Defense Cyber targeting. Do they see the plans as matching the committees observations . Did it find the departments aspirations to be realistic . Finally, i want to hear how the department of defense can better execute its mission to direct the nation against russian, chinese, iranian and north korean cyberattacks. What are the departments capability shortfalls . What should its role be in Emergency Response actions. Thank you for agreeing to testify before this subcommittee. And senator, manchin, welcome. Senator blumenthal sat in and, welcome, do you have any comments . Thank you very much. I appreciate that. Thank you, senator rounds. I welcome our witnesses. Mike, is he going to be on okay. Who served as cochairs of the cyber Solarium Commission that this Committee Established last year and the third retired chris inglis who served as one of the commission members. Senator king of course is a distinguished member of this committee. Representative gallagher, i want to thank him for this week on the commission and for your Great Service in the house. Chris inglis is no stranger to this committee, deserved as a deputy of the National Security agency. Thank you, chris, for being here too. I want to speak about the efforts of this commission, why it has been successful and what lessons we can learn from the future. A commission of this type is intended not just to educate congress. The executive branch and the public. Its to forge a consensus on what needs to be done to fix the problems the commission identifies. Too often those recommendations are too vague or difficult for congress to legislate on. The commission spent a lot of time and effort turning those into drafts of text. This was an immensely important decision. If you have to turn an idea into bill language, you have to think it through and it has to be compatible with congress which is to draft laws. Without those legislative drafts, much of the commissions work might already be collecting dust on someones shelf. A vast majority of the commissions recommendations were included in one form or another in the ndaa bills passed by the house and senate including a significant number of representations that crossed the jurisdictional lines of committees. Getting approval across multiple committees for legislative amendments on the floor of the house and senate is extremely hard. Something that senator king and representative gallagher know very well and were able to do it. One of the main and most Influential Commission recommendations is the creation of a National Cyber director. This recommendation is not popular with the administration and senator rounds and i concluded that the proposal needed a bit more polishing by the commission in order to better understand what this positions role should be. Senator king and representative gallagher took this on and have produced a very, very good proposal which we will talk about here today. The commission cochairs believe this position is crucial to integrating the response of all departments and agencies who have to be involved in dealing with major cyberattacks. We must have the military cyber forces and Homeland Security officers being a team. I hope the president can be persuaded to not just to accept this idea, but to embrace it, to improve our National Security. I do have two concerns i would like to address with our witnesses today. First, the recommendation to require reporting out of all Critical Infrastructure entities to the department of Homeland Security. While its important that we do all that we can to respond to Cyber Threats in the timeliest manner, we must do so without interrupting reporting. As Ranking Member of the energy and Natural Resource committee, a primaries example are critical energy. Intelligence should be made available to the director. The commissions report rejected a model of deterring major cyberattacks on our Critical Infrastructure by ensuring adversaries, namely retaliating against their Critical Infrastructure through cyberattacks. A strategy of deterrence based on retaliation against an adversary is the basis of our Nuclear Deterrence that has been in place since the end of world war ii. We do not consider this illegal, immoral or ineffective. The idea that an adversary would be deterred from hitting our infrastructure does not seem very likely to me. This is even assuming that we will be able to identify and incapacitate those cyber forces which i submit is a momentary solution. Before turning to our witnesses formomentary solution. The Committee Proposed and endorsed ndaa, extension of the life of the commission. Done for the 9 11 commission and a good idea for senator king and congressman gallagher to observe how the commissions work is implemented and resolve issues not legislated in this cycle. Thank you, mr. Chairman. Thank you, senator manchin. The best way to approach this probably since youve done a combined opening state in the record now, senator king, would you like to begin and well have you and then representative gallagher and then finish up with general inglis if that works in terms how you would like to proceed . Thank you, mr. Chairman. There are so many aspects of are this an Opening Statement could go on all rch. Ill try very hard not to make that happen. Let me make one point about the pandemic. Among all the other things weve learned i think one of the most important things weve learned is that the unthinkable can happen. A year ago we would not have contemplated where we are now with a disease that we are having to deal with on a worldwide basis. So it is with a cyberattack. Seems unthinkable, the stuff of science fiction. Yet it can and it has happened. In fact, its happening right at this very moment. Our basic purpose in the work that we did on this commission and ill outline how it was, how we proceeded, was to be the 9 11 commission without 9 11. Our whole purpose is to avoid not only a cyber catastrophe, but a death by 1,000 cyber cuts, and thats really what we want to talk about here today. The commission as you mentioned, mr. Chairman, was set up almost two years ago in the National Defense authorization act, and our mission was to develop a comprehensive Cyber Strategy for the country and recommend how it should be implemented. There were 14 members, and i think part of the success of the commission rests upon how it was structured. There were 14 members. Four members of congress. And then there were four members from the executive, from the relevant agencies, and six members from the private sector. We had over 30 meetings. We had 90 of attendance at our meetings. We met in this building just downstairs. Over and over. We had hundreds of documents, witnesses, and an immense amount of literature, search and review of all of the ideas that could be brought before us on these subjects. Im proud to say the work of this commission was entirely nonpartisan. In fact, to this day other than the four members of congress, who wear their party labels on their sleeves, i had no idea of the Party Affiliation of any of the other ten members of the commission. And i can honestly say in all of those 30 meeting theres was not a single comment, discussion, question that suggested any partisan content or any kind of partisan point of view in our committees, in our commissions discussions. 400 interviews. We came up with 82 recommendations. 57, as senator manchin mentioned, were turned into actual legislative language. One of the basic principles of the report, they can be summarized in three words. Reorganization. Resilience. And response. Reorganization i think were going to talk a lot about today. How are we organized in order to meet this challenge . Secondly, resilience. How do we build up our defenses so that cyberattacks are ineffective and that in itself can be a deterrent if our adversaries decide its simply not worth it. Finally, response. How do we develop a deterrent strategy that will actually work, particularly for attacks below the level of the threshold of use of force. We havent had a catastrophic cyberattack, probably because of the deterrence that we already have in place. The problem is were were being attacked in a lower level way continuously. Whether its the theft of intellectual property. Whether its the theft of the opm records of millions of american citizens. Whether its the attack on our election in 2016. Thats the area where we remain vulnerable and we havent developed a deterrent policy. What is layered cyber deterrence, the fundamental theory weve put forth. Its to shape behavior. Its to deny benefits and its to impose costs. I know that were going to spend a great deal of time in this hearing talking about the National Cyber director but i want to address it briefly in these opening remarks. The mission and the structure of the National Cyber director is almost identical of the principal cyber adviser position createdality the department of defense. The difference is a wider scope. Just as we were preparing for the hearing i made a quick list of seven or eight or nine federal agencies, all of which have cyber responsibility outside of the department of defense. And the fundamental purpose and structure of the National Cyber direct sir to provide a person in the administration with the status and the advisory relationship with the president to oversee this diverse and dispersed authority throughout the federal government. For the same reason we created the adviser and department of defense we need to do it nationwide, and thats the fundamental purpose, im sure well be able to, well go into much more detail on this, but before i complete my statement ive got two written records. One is a very strong letter from the u. S. Chamber of commerce endorsing the National Cyber director position, and the second is the testimony recently in the house by former representative mike rogers, former chair of the intelligence committee, who questions that he has 180 degrees changed his position on the idea of a National Cyber director from steadfast opposition to very strong support. Id like to introduce both of those documents into the record with permission of the chair. Without objection. Thank you. Ill end my comments now and we will be able to really discuss more of the details, particularly on the National Cyber director recommendation as the hearing progresses. Thank you, mr. Chairman. Thank you, senator king. Representative Michael Gallagher. I believe youll be joining us virtually here. Are you ready, sir . I am. Can you hear me . Just back off a little bit. Hang on a second. Were going to bring that volume down just a little bit here. All right. Lets try that again. Okay. Hopefully thats also buy bit better. Much better, thank you. Welcome. Thank you, mr. Chairman and thank you foreign nor your leadership but kind words about my baby daughter. We truly feel blessed and to my good friend ranching member manchin thank you, sir and all distinguished members of the committee allowing us to testify on behalf behaof our report. I have tremendous respect for this committee before a member of the house a staffer in the senator. I actually used to wield real power that is to say. Thank you for letting me return to my roots in the senate. As senator king laid out our adversary Cyber Operations continue to increase in sophistication and frequency creating an unacceptable risk to our National Security. Given what we know the state of our defenses and adversaries intentions a major disruptive cyber attack to Critical Infrastructure at this point is almost something to be expected. So, therefore, i would say we have no choice but to hope for the best while planning for the worst. With this in mind i would like to emphasize two of our critical proposals as we look ahead to the nda conference. I strongly aye with cochair senator king establishing a National Cyber director. Country needs strategic leadership on cybersecurity and we believe this is the right balance of responsibility, necessary prominence. A Senate Confirmed cybersecurity yielding bch and policy to coordinate cyberauthority would bring the focus cybersecurity desperately needs at the highest level of the National Government and continuity of economy plannings resilience and redundancy in our Crit