Is that correct . I believe thats the case. Mr. Rogers not here. With that, again, i thank the chairman, and i now welcome power panel of witnesses. First, i would again like to welcome senator king, the former governor of maine who served as cochair of the solarium kitchen. Sits on the Senate Armed Services committee and intelligence and others and has been a vocal leader in cybersecurity throughout his tenure. I welcome the senator here. Next, representative Mike Gallagher, cochair of the Cybersecurity Solarium Commission and current member of the house of representatives for the 8th district of wisconsin. Mr. Gallagher is a member of the house Armed Services dmt a s co and a former member of this committee. Id like to welcome mr. Gallagher again back to congress after his paternity leave. I thank you for interrupting your paternity leave and being here with us. Again, gratsz on your daughter grace. In addition to being a huge packers fan, going to be proud of her father for the work that youve done with the commission. Next well hear from Suzanne Spaulding commissioner of cyber Solarium Commission and Senior Adviser of strategic and international studies. Before that, she served upd secretary for National Protection and programs director at the department of Homeland Security, which is now cybersecurity and infrastructure Security Agency. So i look forward to hearing her unique perspective and her emphasis on how Civic Education is an essential component of resiliency. Finally, we have dr. Samantha roberts, commissioner of cyber solarium and former National Security adviser during bush administration. Currently serving as chair of the foundation for defense of democracies center for cyber and technology innovation, and i deeply appreciate her coming to speak with us today and for her incredible contributions to i think continuity of the economy pl plan. With that, without objection, the witnesses full statement will be inserted into the record. I now ask each witness to summarize their statement for five minute beginning with senator king. It was a pleasure serving with you on the commission and i look forward to hearing your comments today. You are now recognized. Mr. Chairman, thank you very much for holding this hearing. It really means a lot to the work of the commission to be taking this next step. I would say that i use this Technology Every wednesday morning for the Senate Prayer breakfast an it seems to work very effectively except when we try to sing hymns. I think as long as we dont sing hymns well be fine. I appreciate your time. I appreciate involvement of representative who outlined a series of bills, all of which we think are important. I really want to thank him for his work. I want to give a little bit of background. The first thing to observe is in the last six months, weve learned that the unthinkable to happen. The unthinkable can happen. In the last 48 hours weve learned cyber is an ever present threat, as the chairman mentioned in his opening statement. The attack on twitter, which was a commercial one, but also the apparent attack by the russians on the security of our pursuit of a vaccine. Its just a reminder that this is not an academic question but its something really front and center in threats that this country is facing. The commission that youve mentioned several times, and that Mike Gallagher and i were privileged to cochair were set up in the 2019 National Defense a act. It had a unique structure, four sitting members of congress, four members from the executive and six members from the private sector. I can honestly say throughout our deliberations, and we had over 30 meetings, 400 interviews, thousands of pages of documents, there was not a single moment of partisanship or of partisan discussion. In fact, i had no idea the Party Affiliation of the other 10 members of the commission who arent members of congress. That, it seems to me, speaks to the importance and overriding power of this issue that really must unite us. So that was the work of the commission. We went through, as i mentioned, 30 meetings together. We had a stress test. We had a sort of contest of ideas in the middle of last summer. We really tried to approach this with fresh eyes to look at really two basic questions, what should our strategy be and what should our organizational structure be to protect, to prepare, and to prevent Cyber Attacks. As you mentioned, there are 82 recommendations in the report, 54 of which have been converted into legislative recommendations and presented to the various committees of both the house and the senate in the form of fully drafted legislative proposals. What were talking about is whats called layered cyber deterrents. That means resilience so that our adversaries feel theres not much to be gained by attacking us because of our security and our protection of our systems, but also a declaratory policy that if attacked we will respond. One of the deficiencies in our cyber posture over the last several decades has been we have a deterrent strategy for a major sort of threshold of use of force but we havent had a strategy and we havent articulated a doctrine that would provide a deterrent for less than use of force kind of Cyber Attacks. For that reason, as ive said many times, were a cheap date. Our adversaries dont compute the cost of attacking us. That has to change. Thats the strategic picture. The organizational picture is that cyber is scattered throughout the federal government. Its in the defense department, its in the Intelligence Community, its dhs, fbi. We really need to try to straighten out the organizational structure. One of my observations has been that messy structure equals messy policy. That leads with the creation of a National Cyber director in the white house appointed by the president , confirmed by the senate, which will give continuity to this important interest. We want somebody in the federal government who wakes up every morning with the mission of protecting this country in cyber space. Finally one of the crucial elements that we try to address in the report, and frankly its a difficult one, is the relationship between the government and the private sector. 85 of the target space in cyber is in the private sector. The private sector computers, whether in the Financial Sector or energy or transportation or telecommunications, they are the frontline troops in this battle, and yet its the federal government that often has the resources and expertise and ability to pull together this information in order to protect our country. So ill go back to, i think, one of you stated, i think represent katko stated and Mike Gallagher stated, this was our mission from the beginning. We wanted to be the 9 11 Commission Report without 9 11. Thats really what weve tried to focus on in this project. I want to thank the committee. Now is the time to put recommendations into law, into practice if were going to protect our country in the way that we all believe it can be done and certainly it should be done. The unthinkable can happen but we can be prepared, we can prevent and we can protect this country. Thank you. Thank you, senator king. One of the cochairs, did an outstanding job and i was proud to serve on the commission. Thank you for your testimony. Now i recognize congressman gallagher to summarize the Commission Statement for five minutes. Thank you. Not only for chairing this hearing today but immense contributions to the commission. Our final report would not have been possible, building on the work youve been doing for the last decade, so it was really great to work with you. I thank you Ranking Member katko for your engagement for meeting with us and our staff multiple times and for your leadership on these issues. Thank you, chairman thompson for giving us this form today. Let me just echo what my cochair senator king married to a packers fan said at the out set. We come from different parties, appointed on different sides and outside experts, commissioner spalding and it would have been impossible to confirm Party Affiliations if you listened to one of the debates we had as we met as a commission. What came out of the process was truly nonpartisan support that tends to put the country at any parochial or political interest. This really has been an issue that every president ial administration for the past 25 years, democrats and republicans has tried to figure out. How do we cyber space. Our efforts are vulnerable, if not already compromised. Our country lost hundreds of millions in states intellectual property theft. Major cyber attack on the nations Critical Infrastructure. Our Economic System would create chaos and damage. In an effort to for stall future, examined a broad range of policies that can more effectively defend our nation in cyber space. I should admit our Public Relations plan when we released march 11th, 2020, did not factor in a Global Pandemic taking over the conversation. Thats all the more reason its important to have hearings like this today. Not only suggest our full report and our pandemic annex. I would highlight key, one, reform structure and organization for cybersecurity that starts with establishing a National Cyber director with executive office of the president , cyber director as senator king outlined. It includes strengthening cisa outlined so it can serve as central core element to support integrative state and local cybersecurity efforts. I think its important that were not creating new organizations within the federal government but elevate and empower existing organizations like cisa that made progress but need more support from congress. Second i would say we have a variety of recommendations on national resilience, congress should codify rules of specific agencies, focusing National Risk management efforts and developing and maintaining continuity planning process so we think through the unthinkable now so were not having to make things up on the fly in the wake of cyber 9 11. Third and finally highlight need to reshape cyber ecosystem towards greater security. Were recommending, for example, congress establish and fund National Cybersecurity certification and labeling process to establish and manage program on security certification and labeling of ict products as well as establish bureau of cyber statistics charged with collecting data on cybersecurity. These recommendations and many more like them in the report are designed to implement the commissions recommended strategy of layered cyber deterrents, which is our theory how we evolve into harder target, ally and worse enemy, better defend our nation, economy and way of life in cyber space. Thank you for giving us the opportunity to present our findings here today. We look forward to the debate. Again, i want to highlight not only the contributions of the commissioners youll hear from but also our wonderful staff who has dedicated a year of their life to this important effort. I yield back. Thank you, chairman gallag r gallagher. I commend you. Both you and senator king are a great team cochairing cyber space, were indebted to you for your work and service. With that, thank you for your testimony and i now red cross nice miss spaulding to summarize the Missions Statement for five minutes. Youre muted. Youre unmuted. Thank you members of the committee. Thank you for this opportunity to be here today to testify. Its an honor to be here with my fellow witnesses and particularly, chairman, an honor it was to work with you again, having worked with you in 2007 on the commission for cybersecurity for 44th president which you cochaired. And i want to thank you for your long outstanding leadership on cybersecurity issues. And the bipartisanship, nonpartisanship, which youve heard today, really that tenwas set at the top by our two cochairs, senator king and congressman gallagher, so thank you for that. Of course a pleasure to work with commissioner ravage. I want to touch briefly on three key areas i think should and must be acted on very quickly given vulnerabilities weve noted with the pandemic. The first is strengthening dhs Cybersecurity Agency or cisa, the organization i once led at dhs is called, thanks in no small measure to the work of this committee and chairman thompson and i thank you for that. With malicious cyber actors targeting hospitals, vaccine developments and governments at every level and stayathome workforce presenting a massive attack service, cisas work has never been more important. This is why the Commission Urges congress to provide cisa promptly with the resources and authorities, including Administrative Subpoena Authority that it needs to be the National Risk manager, to serve as the central cyber civilian Security Authority to support federal, state, local, territorial and tribal governments and the private sector, to conduct continuity economy planning, a concept that the commissioner brought to the commission, so important. Identify systemically important Critical Infrastructure and coordinate planning and readiness across government and the private sector. Second, with regard to improving cyber ecosystem and reducing vulnerabilities, the commission turned first to improving the efficiency of the market. We looked at why isnt the market performing its function of driving better cybersecurity, a key reason we determined was that markets need information to operate effectively. So we asked the congress, establish that National Cybersecurity certification and labeling authority, the kind of underwriter laboratories effort that congressman gallagher mentioned, publish guidelines for secure cloud services, create that bureau of cyber statistics, promote a more effective and robust cyb cybersecurity mark and National Certification law. Finally, i believe one of the most important pillars in the report is resilience. We need to reduce the benefits side in the adversaries cost benefit analysis. Often that means reducing our dependence upon those network systems, developing redundancy, even analog systems, paper ballots, for example, are a way of building resilience into our election infrastructure. We have a number of urgent election related recommendations including reforming regulation of online political advertisements providing Grant Funding for states to improve election systems, replace outdated equipment, ensure voter verifiable paperbased systems and conduct post election audits. These are perhaps the most urgent of our recommendations. And id like to close with our recommendation to build public resilience against democracy at a whole. Media literacy is important but we need to focus on deterring the key objective of our adversaries, which is to weaken democracy by pouring gasoline on the flames of division that already engulf online discourse. Pushing americans to give up on institutions, not just elections but the justice system, the rule of law, and democracy itself. They portray our institutions as not just flawed by irrevocably broken. Where protesters and judicial reform advocates seek changes to make our institutions and our nation stronger, our adversaries seek only to make us weaker. They want americans to despair at the prospect of bringing about change, to despair at the prospect of being able to discern fact from fiction. They want to destroy the informed and engaged citizenry upon which a healthy democracy depends. To defeat our adversaries objective it calls for reinvigorating Civic Education, to help americans rediscover our shared values. Understand why democracy is so valuable that it is under attack and that every american must stay engaged, to hold our institutions accountable and continue to move us toward that more perfect union. Thank you for this opportunity, and i look forward to your questions. Thank you commissioner spaulding. Again, both for your participation and contributions and broad dedication and work on cyber. With that, i thank you for your testimony. Finally i now recognize doctor ravage to summarize. You are now recognized. Thank you. Thank you chairman thompson, Ranking Member katko, distinguished members of the committee and my fellow witness witnesses, who i have come to know and greatly admire over this past year. I thank you for inviting me to participate about one of our most pressing questions our government is currently tasked with answering. What steps can government and private sector do to defend our businesses, our military, our citizens, our country against future Cyber Attacks. Our recommendations in the cyber solarium hardening our resilience maintaining capability, capacity to impose cost on the adversary all in the service of deterring the type of catastrophic attack that our too esteemed Commission Chairman laid out in open speak in the report. We would not have lived up to the responsibility given us if we had not thought about what our country would do in the math of a significant cyber attack. I want to spend the next few minutes underscoring one of the commissions recommendations, the need for the u. S. To deve