Then with that, again, i thank the chairman and i now welcome our panel of witnesses. First, i would again like to welcome senator angus king, the former governor of maine, who served as cochair of this commission. Senator king currently sits on the Senate Armed Services committee and the committee on intelligence among others and has been a vocal leader on cybersecurity throughout his tenure. I welcome the senator here. Next, representative Mike Gallagher, cochair of the cyber Space Commission and current member of the house of representatives for the 8th district of wisconsin. Mr. Gallagher is a member of the house Armed Services committee and a former member of this committee. I also would like to welcome mr. Gallagher back to the committee again, back to congress after his paternity leave. I thank him for interrupting his paternity leave being with us. Again, congratulations on your daughter grace. In addition to being a huge packers fan, i know youre very proud as a father and for the work you have done as a commissioner. Next we will hear from suzanne spalding, a Senior Adviser at the center of strategic and intention studies. Before that, ms. Spalding served as under secretary for National Protection and programs director at the department of homeland security, which is now the cybersecurity and Infrastructure Security Agency. So i look forward to hearing her unique perspective and her emphasis on how Civics Education is an essential component of resiliency. Finally, we have dr. Samantha roberts, a commission of the Cyber Commission and former Deputy National security adviser during the bush administration. The doctor is currently serving as chair for defense democracy, center for cyber and technology innovation. I deeply appreciate her coming to speak with us today and for her incredible contributions to our thinking, continuity of the economy plan. With that, without objection, the witnesss full statement will be inserted into the record. I now ask each witness to summarize their statement for five minutes beginning with senator king. Senator king, it was a pleasure serving with you on the commission and i look forward to hearing your comments here today. You are now recognized. Mr. Chairman, thank you very much for holding this hearing. It really means a lot to the work of the commission to be taking this next step. I would say that i use this Technology Every wednesday morning for the Senate Prayer breakfast and it seems to work very effectively except when we try to sing hymns. I think long we dont sing any hymns today we will be okay. I appreciate your time. I also appreciate the involvement and engagement of representative katko who outlined a series of bills, all of which we think are important. I really want to thank him for his work. I want to give a little bit of background. The first thing to observe is that in the last six months weve learned that the unthinkable can happen. The unthinkable can happen. And in the last 48 hours weve learned that cyber is an everpresent threat. As the chairman mentioned in his opening statement, the attack on twitter, which was a commercial one but also the apparent attack by the russians on the security of pursuit of a vaccine. It is just a reminder that this is not an academic question, but it is something that is really a front and center in threats that this country is facing. The commission that you have mentioned several times and that Mike Gallagher and i were privileged to cochair was set up in the 2019 National Defense act. It has had a unique structure. It had four sitting members of congress, four members from the executive and six members from the private sector. I can honestly say that throughout our deliberations and we had over 30 meetings, had 400 interviews, thousands of pages of documents there was not a single moment of partisanship or of partisan discussion. In fact, i have no idea the Party Affiliation of the other ten members of the commission who arent member of congress. That, it seems to me, speaks to the importance and overriding power of this issue that really must unite us. So that was the work of the commission. We went through, as i mentioned, 30 meetings together. We had a stress test. We had a sort of contest of ideas in the middle of last summer, and we really tried to approach this with fresh eyes, to look at really two basic questions. What should our strategy be and what should our organizational structure be to both protect, to prepare and to prevent cyberattacks. As you mentioned, there are 82 recommendations in the report, 54 of which have been converted into legislative recommendations and presented to the various committees of both the house and the senate in the form of fullydrafted legislative proposals. What were talking about is what is called layered cyber deterrence, and that means resilience so that our adversaries feel that theres not much to be gained by attacking us because of our security and our protection of our systems, but also a declaratory policy that if attacked we will respond. One of the deficiencies in our cyber posture over the last several decades has been we have a deterrent strategy for a major sort of threshold abuse of force, but we havent had a strategy and we havent articulated a doctrine that would provide a deterrent for less than use of force kind of cyberattacks. For that reason, as i have said many times, we are a cheap date. Our adversaries dont compute the cost of attacking us. That has to change. Thats the strategic picture. The organizational picture is that cyber is scattered throughout the federal government. It is in the defense department, it is in the intelligence community, it is in dhs, it is in the fbi, and we really need to try to straighten out the organizational structure. One of my observations has been that messy structure equals messy policy. That leads with the creation of a National Cyber director in the white house, appointed by the president , confirmed by the senate, which will give continuity to this important interest. We want somebody in the federal government who wakes up every morning with the mission of protecting this country in cyber space. Finally, one of the crucial elements that we tried to address in the report, and, frankly, it is a difficult one, is the relationship between the government and the private sector. 85 of the target space in cyber is in the private sector. The private sector computers, whether theyre in the Financial Sector or energy or transportation or telecommunications, theyre the front line troops in this battle, and yet it is the federal government that often has the resources and the expertise and the ability to pull together this information in order to protect our country. So ill go back to, i think one of you stated, i think representative katko stated and Mike Gallagher said this was our mission from the beginning. We wanted to be the 9 11 Commission Report without 9 11. Thats really what weve tried to focus upon in this project. So i want to thank the committee, and now is the time to put these recommendations into law, into practice if were going to protect our country in the way that we all believe it can be done and certainly it should be done. The unthinkable can happen, but we can be prepared. We can prevent and we can protect this country. Thank you, mr. Chairman. Thank you, senator king. Again, thank you for your leadership on the cyber Space Commission as one of the cochairs. You did an outstanding job and i was proud to serve with you on that commission. Thank you for your testimony. Now i recognize congressman gallagher to summarize the Commission Statement for five minutes. Thank you. Mr. Gallagher, you are recognized. Chairman, not only for chairing this hearing today but for your immense contributions to the commission. Our final report would not have been possible were it not for your leadership, and in many areas we were building upon work that you have been doing for the last decade. So it was really great to get to work with you. Thank you to Ranking Member katko for your engagement from the start of this effort, for meeting with us and our staff multiple times, and for your leadership on these issues. Thank you, chairman thompson, for giving us this forum today. Let me echo what my cochair, senator king, who is married to a packers fan, i should note, set from the outset. We come from different parties and we were appointed by different parties, and certainly the commissioner as well, but it would have been impossible to determine the Party Affiliations if you were to listen to one of the many debates we had as we met as a commission. I think what came out of this process was a truly nonpartisan report that attempts to put the interests of the country ahead of any parochial or political interest. This really has been an issue that every president ial administration for the past 25 years, democrats and republicans, has tried to figure out. How do we defend u. S. Interests and promote u. S. Values in cyber space . Despite these wellintentioned efforts, our networks are vulnerable, if not already compromised. Our country has lost hundreds of billions of dollars to nation states sponsored intellectual theft via cyber means and a cyberattack on our nations Critical Infrastructure in our system would create chaos and lasting damage. In an effort to forestall such a future, the commission examined a broad range of policies to effectively defend our nation in cyber states. Our Public Relations plan released publicly on march 11th, 2020, did not factor in a Global Pandemic taking over the conversation, but it is all the more reason it is to have hearings like this today. We hope not only will you digest our full report but read the pandemic annex. I would highlight a few of the commissions key recommendations up front. One, reform the u. S. Governments structure for cybersecurity starting with establishing a National Cyber director situated in the executive office of the president , senate confirmed, and supported by the office of a National Cyber director as senator king outlined. It also continues to strength cisa. I think it is important to note that the overall approach we are taking here is not to create a bunch of new organizations within the federal government but rather an attempt to elevate and empower existing organizations like cisa who have made important progress in recent years but need more support from congress. Second, i just would say we have a variety of recommendations on promoting national resilience, specifically that congress should codify the rules of sectorspecific agencies, focusing National Risk management efforts and developing and maintaining a continuity of economy planning process so we think through the unthinkable now so were not having to make things up on the fly in the wake of a cyber 9 11. Third and finally, i would highlight the need to reshape the cyber ecosystem towards greater security. We are recommending that congress establish and fund a National Cybersecurity certification and labelling process to establish and manage a program on security certification and labelling of ict products as well as establish a bureau of cyber statistics charged with collecting and providing data on cybersecurity. These recommendations and many more like them in the report are all designed to implement the commissions recommended strategy of layered cyber deterrence, which is our theory for how we evolve into a harder target, better ally and worsen any and how we defend our nation, economy and way of life in cyber space. Thank you for giving us the opportunity to present our findings here today. We look forward to debate. Again, i want the highlight not only the contributions of the commissioners you will hear from but also our wonderful staff who has dedicated a year of their life to this important effort. I yield back. Thank you, chairman gallagher. Again, i commend you for your leadership on this commission, both you and senator king have made a great team and cochairing the cyber Space Commission. We are greatly indebted to you for your work in this service. With that, thank you for your testimony. I now recognize ms. Spalding to summarize the Missions Statement for five minutes. Commissioner spalding, you are muted. We need to unmute you. There you go. You are unmuted. Thank you, chairman. Thank you, chairman thompson, Ranking Member katko and members of the committee. Thank you for this opportunity to be here today to testify. It is an honor to be here with my fellow witnesses, and particularly chairman langiman, an honor it was to work with you again, having worked with you in 2007 on the commissioner for cybersecurity for the 44th president , which you cochaired. I want to thank you for your long, outstanding leadership on cybersecurity issues. The bipartisanship, the nonpartisan subpoena you have heard today, really the tone was set at the top by the two cochairs, senator king and congressman gallagher. Thank you for that. Of course, a pleasure to work with commissioner ravage. I want to touch on three key areas i think should and must be acted on very quickly, given the vulnerabilities as we have noted with the pandemic. First is strengthening dhss cybersecurity and Infrastructure Security Agency or cisa as the organization i once led at dhs is now called, thanks in no small measure to the work of the committee and chairman thompson, and i thank you for that. With malicious cyber actors targeting hospitals, Vaccine Development and governments at every level and a stayathomework force presenting workforce, the work has never been more important. This is why the Commission Urges congress to provide cisa promptly with the resources and authorities, including administrative subpoena authority, that it needs to be the National Risk manager, to serve as the central civilian cybersecurity authority, to support federal, state, local, territorial and tribal governments and the private sector, to conduct continuity of the economy planning, a concept that commissioner ravage brought to the commission, so important. Identify systemically important Critical Infrastructure and coordinate planning and ready mission across government and the private sector. Second, with regard to improving the cyber ecosystem and reducing vulnerabilities, the commission turned first to improving the efficiency of the market. When looked at, why isnt the market performing its function of driving better cybersecurity . A key reason, we determined, was that markets need information to operate effectively, so we asked that congress establish that National Cybersecurity certification and labelling authority, the kind of underwriter laboratorys effort that congressman gallagher mentioned, publish guidelines for secured cyber services, promote a more effective and robust Cyber Insurance market and pass a National Data breach notification law. Finally, i believe one of the most important pillars in the report is resilience. We need to reduce the benefit side in the adversaries cost benefit analysis. Often that means reducing our dependence upon those network systems, developing redundancies, maybe even analog systems, paper ballots, for example, are a way of building resilience into our election infrastructure. We have a number of urgent electionrelated recommendations including reforming regulation of online political advertisements, providing Grant Funding for states to improve election systems, replace outdated equipment, ensure voter verifiable paperbased systems and conduct postelection audits. These are perhaps the most urgent of our recommendations. I would like to close with our recommendation to build public resilience against Information Operations that target election but also our democracy as a whole. Media literacy is important, but we also need to focus on deterring the key objective of our adversaries, which is to weaken democracy by pouring gasoline on the flames of division that already engulf online discourse. Pushing americans to give up on institutions, not just elections, but the justice system, the rule of law and democracy itself. They portray our institutions as not just flawed but irrevocably broken, where protesters and judicial reform advocates seek changes, to make our institutions stronger, our adversaries seek only to make us weaker. They want americans to despair at the prospect of bringing about change, to despair at the prospect of being able to discern fact from fiction. They want to destroy the informed and engaged citizenry upon which a healthy democracy depends. To defeat our adversaries objective, the commission calls for reinvigorating Civics Education to help americans rediscovered our shared values, understand why democracy is so valuable, that it is under attack and that every american must stay engaged, to hold our institutions accountable and to continue to move us toward that more perfect union. Thank you for this opportunity. I look forward for your questions. Thank you, commissioner spalding. Again, both for your participation and valuable contributions to the Cyber Commission and your broad dedication and work on cyber in general. With that, thank you for your testimony. Finally, i now recognize