Transcripts For CSPAN3 Hearing 20240704 : vimarsana.com

Exit selectivity it will come to order. This is a short hearing weve never had this combination of the select committee will come to order. This is a historic hearing, we have never had this combination of witnesses, a fantastic collection of expertise to help us make sense of the Chinese Communist party is doing in cyberspace and how we can better defend ourselves. I thought this morning we spend a lot of time on the committee debating or thinking about the question of whether china will make a move militarily against taiwan and what would be the timeline of such a move. Obviously this is a unknowable question and people continue to debate it, but in some meaningful sense i wonder if such invasion or the preparation for such invasion which would be incredibly costly as the Ranking Member eloquently pointed out yesterday has already begun. If the intelligence operation of the battle space has begun for over 20 years the ccp has been attacking government, defense contractors, technology in cyberspace that is a fact. For a long time these were focused on theft, robbing us of valuable technology. That was then used to drive military modernization. Unprecedented modernization. Another focus of attack is gathering Sensitive Information on hundreds of millions of americans with attacks on Companies Like anthem health, the office of personnel management. Im sure anyone who served in the military got a nice letter after military records had been compromised. Mine is framed in my office in my basement. According to the fbi chinas vast Hacking Program is the Worlds Largest and they have stolen more americans personal and business data than every other nation combined. But that was not enough, in the past few years our intelligence and Cyber Security agency have discovered the ccp has hacked into american Critical Infrastructure for the sole purpose of disabling and destroying Critical Infrastructure in the event of a conflict over taiwan for example. This is the cyberspace equivalent of placing bombs on american bridges, Water Treatment facilities and power plants. There is no economic benefit for these actions. There is no pure intelligence gathering rationale, the sole purpose is to be ready to destroy american infrastructure, which would inevitably result in chaos, confusion and potentially mass casualties. It is outrageous, active and direct threat to our home and, military, ability to search forces forward in the event of conflict and it is not a hypothetical. As witnesses will testify today the Chinese Government has already done it, Cyber Warriors are doing everything we can to stop it, dealing with malware and water utilities, oil and gas, power grids and other utilities in western territories and across the american homeland. The damage that can be done by this is almost hard to imagine. We need to step up and defend Critical Infrastructure, defend ourselves in cyberspace. It is a critical part of deterrence. It will take unprecedented collaboration between the public and private sector to create the kind of layered cyber deterrent we need to prevent disaster because its not just a government problem it is a whole of society problem. Our committee is the select committee on strategic competition between the United States and the Chinese Communist party. That is a long title. In a real way the name of the committee vastly understates the problem set. It is not just strategic competition, but a strategic threat pointed at the heart of america. If we do not address the threat the ccp will have the ability to turn off the lights for everyday americans, shutdown cities and cause massive loss of american lives. That is unacceptable. I believe men and women of good faith in both parties can come together to prevent that from happening and that is what todays hearing is all about. I now recognize the Ranking Member. Thank you to the witnesses for coming today. I understand todays change of command and you made time to come see us. I expect this will be unplugged. We look forward to todays testimony. Look folks, today we will talk about ugly gorilla and candy goo , these are not my kids instagram handles. These are aliases using ccp hackers working for the pla the Peoples Liberation army. This a wanted poster shows members of unit 61398 whom we indicted in 2014 for hacking into American Companies and stealing intellectual property. The first time we have ever indicted prc nationals for computer hacking in the u. S. For years the ccp carefully studied how the u. S. Ran Cyber Operations to develop its own concepts for cyber warfare. Xi jinping himself calls for the prc to become a cyber superpower and to dominate the world through Information Warfare. In the last dozen years the ccp has used Cyber Operations for stealing ip from companies, collecting citizen data, hacking into emails and gathering personal data from apps. Today we will be discussing an even darker side of the ccp cyber warfare tactics, activities that go far beyond merely stealing information. Last may fbi nsa and our partners released a joint advisory that Cyber Attacks were targeting Critical Infrastructure including American Power and utility systems, oil and Gas Pipelines and rail systems among others. This Cyber Campaign titled volt typhoon has been active since 2021. Ccp hackers access Computer Systems of two dozen critical entities including in hawaii and guam. Hackers attempted to access the Texas Electric grid. The purpose of the hacking was not to gather intelligence. The purpose was to install malware that once activated would disrupt or damage the infrastructure. You might ask why. Very simple. The potentially harm in a time of conflict. Pla strategists openly talk about coordinating missile strikes with Cyber Attacks as part of its offense of operations. Former director stated that chinese attempts to cover most Critical Infrastructure are to prevent the u. S. For being able to project power in asia or to cause societal chaos inside of the United States. This means targeting americans, this means we could suffer largescale blackouts in major cities, we could lose access to cell phone towers and the internet. We could lose access to clean water and fuel. So how do we respond . First we must be clear eyed about the threat, the ccp objectives for a cyber attack are not just to impede military readiness. They seek to target military sorry civilian infrastructure to cause political, economic and social chaos and in the pla own words, shake the enemies will tell war. Second we must hunt and destroy malware. We need to discover and destroy all malicious code ccp is attempting to hide within networks and Critical Infrastructure. Less than 48 hours ago reuters reported that the Justice Department and the fbi were authorized to remotely disable aspects of a ccp Hacking Campaign underway now in order to protect networks and devices, this is the type of proactive action we need to take and we need to work with partners and allies to do the same. I look forward to learning more from the witnesses about this particular counter campaign. Third, we must deter our adversary. Malicious chinese code has not yet disrupted any of our networks, any cyber attack that results in physical damage or loss of life would grant the United States the inherent right to selfdefense. If this ccp which activate code that would cause harm we need to make sure that we have the capability to respond and to respond decisively. Look forward to hearing from our Witnesses Today and yield back the balance of a time. Thank you, privilege to have a great panel of witnesses. The second confirm National Cyber director, a position which came in to work on the commission, director of fbi, director of Cyber Security and infrastructure Security Agency and commander of the United States Cyber Command and director of the national Security Agency. I want to thank you. I dont want to play favorites, but when i called you to convince you to do this, i felt a little guilty because we are doing change of command today, but the fact that you were willing to do this is the ultimate testament more than any awards you are wearing on your uniform today, to the type of Public Servant that you are, that you would be willing to do this and whether you are redeploying or changing command usually you drop your pack with one week to go. You took a massive new rock in the pack because he felt so passionately about the issue. My expense working with you as chairman of the commission you are always forthcoming and generous with your time so i wanted to thank you for an exceptional career of public service, the nation owes you a great debt of gratitude. [ applause ] that was me lulling you into a false sense of security for the questioning begins. With that i want to ask the witnesses to stand and raise your right hand and i will swear human. Do you swear or affirm under penalty of perjury that the testimony you are about to give is true and correct to the best of your knowledge, information and belief so help you god . You may be seated let the record show the witnesses have answered in the affirmative. Thank you all with thanks to the director Christopher Wray will begin with opening which i believe will include a major announcement. Mr. Wray you may proceed. Thank you chairman, Ranking Member, and to the members of the select committee for inviting me here to testify today to discuss the fbis ongoing efforts to protect our nation from actions taken by the Chinese Government that threaten American Safety and prosperity. Before i go on i want to make very clear that my comments today are not about the Chinese People and certainly not about chineseamericans who contribute much to our country and are often the victims of Chinese Communist party aggression themselves. Rather, when i talk about the threat posed by china, i mean the government of china, in particular led by the ccp. The ccp dangerous actions, a multipronged assault on national and Economic Security make it the defining threat of our generation. When i described the ccp as a threat to American Safety a moment ago, i meant that quite literally. There has been far too little public focus on the fact that prc hackers are targeting our Critical Infrastructure. Water treatment plants, electrical grid, oil and natural Gas Pipelines, transportation systems, and the risk that poses to every american requires our attention now. Chinas hackers are positioning on american infrastructure in preparation to wreak havoc and cause realworld harm to american citizens and communities, if and when china decides the time has come to strike. They are not just focused on political and military targets. We can see from where they position themselves across civilian infrastructure that low blows are not just a possibility in this conflict, low blows against civilians are part of chinas plan. The prc cyber onslaught goes way beyond prepositioning for future conflict. Today and literally every day they are actively attacking our Economic Security. Engaging in wholesale theft of innovation and personal and corporate data. Nor is cyber the only prc threat that we face. The prc cyber threat is made more dangerous by the way they knit cyber into a whole of Government Campaign against us. They recruit human sources to target businesses using insiders to still the same kinds of innovation and data that the hackers are targeting. While engaging in corporate deception. Hiding beijing in transactions, joint ventures and investments. They do not just hit security and economy, they target our freedoms reaching inside borders across america to silence, course and threaten some of our citizens and residents. But i can assure you the fbi is laser focused on the threat posed by beijing. We have cyber, counterintelligence, criminal, other experts to name a few defending against it. And we are working in partnership, with the private sector, partnership with allies abroad and at all levels of the government, especially the nsa, Cyber Command, cisa and leaders i am honored to be here with today. In fact, just this morning, we announced an operation where we and our partners identified hundreds of routers that had been taken over by the prc statesponsored Hacking Group known as volt typhoon. The malware and able to china to hide, among other things, preoperational reconnaissance and Network Exploitation against Critical Infrastructure like communications, energy, transportation, and water sectors, steps china was taking to find and prepare to destroy or degrade civilian Critical Infrastructure that keeps us safe and prosperous. Lets be clear Cyber Threats to Critical Infrastructure represent realworld threats to physical safety. So, working with our partners the fbi ran a court authorized on Network Operation to shut down volt typhoon and the access it enabled. This operation was an important step, but there is a lot more to do and we need your help to do it. To quantify what we are up against, the prc has a bigger Hacking Program than that of every major nation combined. In fact, in fact if you took every single one of the fbi cyber agents and intelligence analysts and focused them exclusively on the china threat, chinas hackers would still outnumber fbi cyber personnel by at least 50 to 1. As we sit here while important budget discussions are underway, i will note this is a time to be keeping ahead of the threat by investing in our capabilities rather than cutting them. We need to ensure that we sustain and build on the gains we have made that have enabled us to take actions like the volt typhoon operation that i just mentioned. The budgets that emerge from discussions underway now will dictate what kind of resources we have ready in 2027. A year that as this committee knows all too well the ccp has circled on its calendar. That year will be on us before you know it. As i described the prcs already, today, putting the pieces in place. I do not want those watching today to think we cannot protect ourselves, but i do want the American People to know that we cannot afford to sleep on this danger. As a government and a society we have got to remain vigilant and actively defend against the threat that beijing poses. Otherwise, china has shown it will make us pay. Thank you, looking forward to todays discussion. Thank you. Director you are recognized for your Opening Statement. Chairman gallagher, Ranking Member, distinguish members of the select committee thank you for the opportunity to testify. I have been honored to lead the office of National Cyber director in the white house for a little over a month now and im grateful to congress and your leadership for creating this office. Mr. Ranking member i appreciate our conversation yesterday and your interest in the workforce challenges. Established by congress to advise the president on Cyber Security policy and strategy. In particular we coordinate many important agencies with Cyber Missions across the government to ensure federal coherence on for Cyber Security policy. We have budgetary responsibilities to ensure the government is making appropriate investments in Cyber Defense and resilience and we focus on implementation and ensuring the president s strategy is successfully and transparently executed. Coordination and collaboration are essential to our ethos. Cyber security remains a team effort and im proud to be testifying with some of our nations finest leaders. This hearing is timely because the American Public needs to be aware of the threat to Critical Infrastructure. Our Chinese Communist<\/a> party is doing in cyberspace and how we can better defend ourselves. I thought this morning we spend a lot of time on the committee debating or thinking about the question of whether china will make a move militarily against taiwan and what would be the timeline of such a move. Obviously this is a unknowable question and people continue to debate it, but in some meaningful sense i wonder if such invasion or the preparation for such invasion which would be incredibly costly as the Ranking Member<\/a> eloquently pointed out yesterday has already begun. If the intelligence operation of the battle space has begun for over 20 years the ccp has been attacking government, defense contractors, technology in cyberspace that is a fact. For a long time these were focused on theft, robbing us of valuable technology. That was then used to drive military modernization. Unprecedented modernization. Another focus of attack is gathering Sensitive Information<\/a> on hundreds of millions of americans with attacks on Companies Like<\/a> anthem health, the office of personnel management. Im sure anyone who served in the military got a nice letter after military records had been compromised. Mine is framed in my office in my basement. According to the fbi chinas vast Hacking Program<\/a> is the Worlds Largest<\/a> and they have stolen more americans personal and business data than every other nation combined. But that was not enough, in the past few years our intelligence and Cyber Security<\/a> agency have discovered the ccp has hacked into american Critical Infrastructure<\/a> for the sole purpose of disabling and destroying Critical Infrastructure<\/a> in the event of a conflict over taiwan for example. This is the cyberspace equivalent of placing bombs on american bridges, Water Treatment<\/a> facilities and power plants. There is no economic benefit for these actions. There is no pure intelligence gathering rationale, the sole purpose is to be ready to destroy american infrastructure, which would inevitably result in chaos, confusion and potentially mass casualties. It is outrageous, active and direct threat to our home and, military, ability to search forces forward in the event of conflict and it is not a hypothetical. As witnesses will testify today the Chinese Government<\/a> has already done it, Cyber Warriors<\/a> are doing everything we can to stop it, dealing with malware and water utilities, oil and gas, power grids and other utilities in western territories and across the american homeland. The damage that can be done by this is almost hard to imagine. We need to step up and defend Critical Infrastructure<\/a>, defend ourselves in cyberspace. It is a critical part of deterrence. It will take unprecedented collaboration between the public and private sector to create the kind of layered cyber deterrent we need to prevent disaster because its not just a government problem it is a whole of society problem. Our committee is the select committee on strategic competition between the United States<\/a> and the Chinese Communist<\/a> party. That is a long title. In a real way the name of the committee vastly understates the problem set. It is not just strategic competition, but a strategic threat pointed at the heart of america. If we do not address the threat the ccp will have the ability to turn off the lights for everyday americans, shutdown cities and cause massive loss of american lives. That is unacceptable. I believe men and women of good faith in both parties can come together to prevent that from happening and that is what todays hearing is all about. I now recognize the Ranking Member<\/a>. Thank you to the witnesses for coming today. I understand todays change of command and you made time to come see us. I expect this will be unplugged. We look forward to todays testimony. Look folks, today we will talk about ugly gorilla and candy goo , these are not my kids instagram handles. These are aliases using ccp hackers working for the pla the Peoples Liberation<\/a> army. This a wanted poster shows members of unit 61398 whom we indicted in 2014 for hacking into American Companies<\/a> and stealing intellectual property. The first time we have ever indicted prc nationals for computer hacking in the u. S. For years the ccp carefully studied how the u. S. Ran Cyber Operations<\/a> to develop its own concepts for cyber warfare. Xi jinping himself calls for the prc to become a cyber superpower and to dominate the world through Information Warfare<\/a>. In the last dozen years the ccp has used Cyber Operations<\/a> for stealing ip from companies, collecting citizen data, hacking into emails and gathering personal data from apps. Today we will be discussing an even darker side of the ccp cyber warfare tactics, activities that go far beyond merely stealing information. Last may fbi nsa and our partners released a joint advisory that Cyber Attacks<\/a> were targeting Critical Infrastructure<\/a> including American Power<\/a> and utility systems, oil and Gas Pipelines<\/a> and rail systems among others. This Cyber Campaign<\/a> titled volt typhoon has been active since 2021. Ccp hackers access Computer Systems<\/a> of two dozen critical entities including in hawaii and guam. Hackers attempted to access the Texas Electric<\/a> grid. The purpose of the hacking was not to gather intelligence. The purpose was to install malware that once activated would disrupt or damage the infrastructure. You might ask why. Very simple. The potentially harm in a time of conflict. Pla strategists openly talk about coordinating missile strikes with Cyber Attacks<\/a> as part of its offense of operations. Former director stated that chinese attempts to cover most Critical Infrastructure<\/a> are to prevent the u. S. For being able to project power in asia or to cause societal chaos inside of the United States<\/a>. This means targeting americans, this means we could suffer largescale blackouts in major cities, we could lose access to cell phone towers and the internet. We could lose access to clean water and fuel. So how do we respond . First we must be clear eyed about the threat, the ccp objectives for a cyber attack are not just to impede military readiness. They seek to target military sorry civilian infrastructure to cause political, economic and social chaos and in the pla own words, shake the enemies will tell war. Second we must hunt and destroy malware. We need to discover and destroy all malicious code ccp is attempting to hide within networks and Critical Infrastructure<\/a>. Less than 48 hours ago reuters reported that the Justice Department<\/a> and the fbi were authorized to remotely disable aspects of a ccp Hacking Campaign<\/a> underway now in order to protect networks and devices, this is the type of proactive action we need to take and we need to work with partners and allies to do the same. I look forward to learning more from the witnesses about this particular counter campaign. Third, we must deter our adversary. Malicious chinese code has not yet disrupted any of our networks, any cyber attack that results in physical damage or loss of life would grant the United States<\/a> the inherent right to selfdefense. If this ccp which activate code that would cause harm we need to make sure that we have the capability to respond and to respond decisively. Look forward to hearing from our Witnesses Today<\/a> and yield back the balance of a time. Thank you, privilege to have a great panel of witnesses. The second confirm National Cyber<\/a> director, a position which came in to work on the commission, director of fbi, director of Cyber Security<\/a> and infrastructure Security Agency<\/a> and commander of the United States<\/a> Cyber Command<\/a> and director of the national Security Agency<\/a>. I want to thank you. I dont want to play favorites, but when i called you to convince you to do this, i felt a little guilty because we are doing change of command today, but the fact that you were willing to do this is the ultimate testament more than any awards you are wearing on your uniform today, to the type of Public Servant<\/a> that you are, that you would be willing to do this and whether you are redeploying or changing command usually you drop your pack with one week to go. You took a massive new rock in the pack because he felt so passionately about the issue. My expense working with you as chairman of the commission you are always forthcoming and generous with your time so i wanted to thank you for an exceptional career of public service, the nation owes you a great debt of gratitude. [ applause ] that was me lulling you into a false sense of security for the questioning begins. With that i want to ask the witnesses to stand and raise your right hand and i will swear human. Do you swear or affirm under penalty of perjury that the testimony you are about to give is true and correct to the best of your knowledge, information and belief so help you god . You may be seated let the record show the witnesses have answered in the affirmative. Thank you all with thanks to the director Christopher Wray<\/a> will begin with opening which i believe will include a major announcement. Mr. Wray you may proceed. Thank you chairman, Ranking Member<\/a>, and to the members of the select committee for inviting me here to testify today to discuss the fbis ongoing efforts to protect our nation from actions taken by the Chinese Government<\/a> that threaten American Safety<\/a> and prosperity. Before i go on i want to make very clear that my comments today are not about the Chinese People<\/a> and certainly not about chineseamericans who contribute much to our country and are often the victims of Chinese Communist<\/a> party aggression themselves. Rather, when i talk about the threat posed by china, i mean the government of china, in particular led by the ccp. The ccp dangerous actions, a multipronged assault on national and Economic Security<\/a> make it the defining threat of our generation. When i described the ccp as a threat to American Safety<\/a> a moment ago, i meant that quite literally. There has been far too little public focus on the fact that prc hackers are targeting our Critical Infrastructure<\/a>. Water treatment plants, electrical grid, oil and natural Gas Pipelines<\/a>, transportation systems, and the risk that poses to every american requires our attention now. Chinas hackers are positioning on american infrastructure in preparation to wreak havoc and cause realworld harm to american citizens and communities, if and when china decides the time has come to strike. They are not just focused on political and military targets. We can see from where they position themselves across civilian infrastructure that low blows are not just a possibility in this conflict, low blows against civilians are part of chinas plan. The prc cyber onslaught goes way beyond prepositioning for future conflict. Today and literally every day they are actively attacking our Economic Security<\/a>. Engaging in wholesale theft of innovation and personal and corporate data. Nor is cyber the only prc threat that we face. The prc cyber threat is made more dangerous by the way they knit cyber into a whole of Government Campaign<\/a> against us. They recruit human sources to target businesses using insiders to still the same kinds of innovation and data that the hackers are targeting. While engaging in corporate deception. Hiding beijing in transactions, joint ventures and investments. They do not just hit security and economy, they target our freedoms reaching inside borders across america to silence, course and threaten some of our citizens and residents. But i can assure you the fbi is laser focused on the threat posed by beijing. We have cyber, counterintelligence, criminal, other experts to name a few defending against it. And we are working in partnership, with the private sector, partnership with allies abroad and at all levels of the government, especially the nsa, Cyber Command<\/a>, cisa and leaders i am honored to be here with today. In fact, just this morning, we announced an operation where we and our partners identified hundreds of routers that had been taken over by the prc statesponsored Hacking Group<\/a> known as volt typhoon. The malware and able to china to hide, among other things, preoperational reconnaissance and Network Exploitation<\/a> against Critical Infrastructure<\/a> like communications, energy, transportation, and water sectors, steps china was taking to find and prepare to destroy or degrade civilian Critical Infrastructure<\/a> that keeps us safe and prosperous. Lets be clear Cyber Threats<\/a> to Critical Infrastructure<\/a> represent realworld threats to physical safety. So, working with our partners the fbi ran a court authorized on Network Operation<\/a> to shut down volt typhoon and the access it enabled. This operation was an important step, but there is a lot more to do and we need your help to do it. To quantify what we are up against, the prc has a bigger Hacking Program<\/a> than that of every major nation combined. In fact, in fact if you took every single one of the fbi cyber agents and intelligence analysts and focused them exclusively on the china threat, chinas hackers would still outnumber fbi cyber personnel by at least 50 to 1. As we sit here while important budget discussions are underway, i will note this is a time to be keeping ahead of the threat by investing in our capabilities rather than cutting them. We need to ensure that we sustain and build on the gains we have made that have enabled us to take actions like the volt typhoon operation that i just mentioned. The budgets that emerge from discussions underway now will dictate what kind of resources we have ready in 2027. A year that as this committee knows all too well the ccp has circled on its calendar. That year will be on us before you know it. As i described the prcs already, today, putting the pieces in place. I do not want those watching today to think we cannot protect ourselves, but i do want the American People<\/a> to know that we cannot afford to sleep on this danger. As a government and a society we have got to remain vigilant and actively defend against the threat that beijing poses. Otherwise, china has shown it will make us pay. Thank you, looking forward to todays discussion. Thank you. Director you are recognized for your Opening Statement<\/a>. Chairman gallagher, Ranking Member<\/a>, distinguish members of the select committee thank you for the opportunity to testify. I have been honored to lead the office of National Cyber<\/a> director in the white house for a little over a month now and im grateful to congress and your leadership for creating this office. Mr. Ranking member i appreciate our conversation yesterday and your interest in the workforce challenges. Established by congress to advise the president on Cyber Security<\/a> policy and strategy. In particular we coordinate many important agencies with Cyber Missions<\/a> across the government to ensure federal coherence on for Cyber Security<\/a> policy. We have budgetary responsibilities to ensure the government is making appropriate investments in Cyber Defense<\/a> and resilience and we focus on implementation and ensuring the president s strategy is successfully and transparently executed. Coordination and collaboration are essential to our ethos. Cyber security remains a team effort and im proud to be testifying with some of our nations finest leaders. This hearing is timely because the American Public<\/a> needs to be aware of the threat to Critical Infrastructure<\/a>. Our Intelligence Community<\/a> has noted a prc threat actor is pre positioning to in the event of conflict conduct disruptive and potentially destructive attacks. The prc threat actor volt typhoon as it has been named by a private sector partner has conducted Cyber Operations<\/a> focused not on financial gain or espionage, but on deploying deep access into Critical Infrastructure<\/a> systems that put those systems at risk. The aim is clear. In early stages of conflict they want to disrupt our military ability to mobilize and to impact systems that allow us to thrive in this increasingly digital world. We can, must and importantly we are seizing the initiative from adversaries in order to protect and defend the American People<\/a>. Last year President Biden<\/a> issued the national Cyber Security<\/a> strategy which outlines a bold vision for a prosperous connected future and calls for us to build a future that has a foundation of deep and enduring collaboration among stakeholders in the digital ecosystem. The national Cyber Security<\/a> strategy is threat agnostic, technology agnostic, built on two fundamental shifts that we must one, rebalance the responsibility to defend cyberspace and two realign incentives to favor longterm investments. Today end users of technology, the individuals and Small Businesses<\/a> and critical if a structure entities that make up constituencies in your district back to my image response ability for keeping the nation secure. We must demand more from the most capable actors in cyberspace including the government. We must build Future Systems<\/a> to be more inherently defensible and resilient. This means Market Forces<\/a> and programs like must reward security and resilience. This leads directly to the first pillar of the strategy which is simple in concept but daunting in scope. Defend Critical Infrastructure<\/a>. As we can see from the prc targeting critical of the structure systems are on the terrain of which adversaries wish to engage. Critical infrastructure owners and operators, the majority of whom are private entities, not governments are on the front lines. Part of our success will then come from scaling Public Private<\/a> partnership and collaboration. Beyond scaling these collaborative mechanisms and setting clear harmonized Cyber Security<\/a> requirements, the government must also be a good partner when incident has occurred and federal assistance is required. As we sure up defense we must also look to change the dynamics in cyberspace to favor defenders which means, for example, addressing the open Research Problem<\/a> of software measurability that makes it difficult to understand the quality of code used, a topic that oncd is working to elevate. We are also working to address the over half 1 million open jobs in cyber fields. It is vital that we invest in workforce programs to improve the pipeline of talent, expand opportunities for all citizens to learn Digital Skills<\/a> and open these good paying jobs and careers all segments of society, including those who have never seen themselves in cyber. This administration is tackling this through the limitation of the National Cyber<\/a> workforce and education strategy released by oncd in july. Administration focus on Cyber Security<\/a> has put us on a firm strategic footing to counter the threat from prc actors and others. We will only sees the initiative by leveraging the foundational partners that we rely on including congress. Ultimately Cyber Security<\/a> requires unity of effort, no one entity can achieve shared goals alone. Sitting here today with our close partners i hope youll see how our u. S. Team is enhanced by thoughtful, patriotic cyber practitioners at all levels of government and from across industry. Working together to build a defensible, resilient, digital ecosystem. Thank you for the opportunity to testify today and i look forward to your questions. Thank you, director your recognized for your Opening Statement<\/a>s. Thank you for the opportunity to testify on efforts to protect the nation from the preeminent cyber threat from the peoples republic of china. As americas civilian Cyber Defense<\/a> agency and the coordinator for Critical Infrastructure<\/a> resilience and security, we have long been focused on the cyber threat from china. As you have heard in recent years we have seen a deeply concerning evolution in chinese targeting of Critical Infrastructure<\/a>. In particular, we have seen chinese cyber actors, including those known as fold typhoon burrowing deep into Critical Infrastructure<\/a> to enable destructive attacks in the event of a major crisis or conflict. This is a world where a major crisis halfway across the planet could well endanger the lives of americans here at home through the disruption of pipelines, the severing of telecommunications. The pollution of our water facilities, the crippling of transportation modes, all to ensure they can incite societal panic and chaos and to deter our ability to marshal military might and civilian will. The threat is not theoretical. Leveraging information from government and Industry Partners<\/a>, cisa teams have found and eradicated chinese intrusions in multiple Critical Infrastructure<\/a> sectors including aviation, water, energy, transportation. Based on this information this is likely just the tip of the iceberg. So we are working aggressively with partners in industry and across the government to take action now knowing that the threat is real and urgent. First through authorities from Congress Based<\/a> on recommendation from the cyberspace commission, were using joint Cyber Defense<\/a> collaborative to catalyze robust operational collaboration with industry and government to enable us to uncover additional chinese malicious activity and to develop ways to more rapidly detect it. We are also using Free Services<\/a> and resources providing intelligence to Critical Infrastructure<\/a> owners and operators across the country so they can detect and prevent chinese malicious activity. Now were using hundreds of subject Matter Experts<\/a> and advisers across the nation to work directly with businesses to help them improve security and resilience of the Critical Services<\/a> that americans rely on every hour of every day. The reality is however eradicating chinese intrusions, bolstering resilience and even some of the great disruptive work that the doctor talked about is all necessary, but it is not sufficient. The truth is the chinese cyber actors have taken advantage of very basic flaws in our technology. We have made it easy on them. Unfortunately the technology underpinning Critical Infrastructure<\/a> is inherently insecure because of decades of Software Developers<\/a> not being held liable for defective technology. That has led to incentives where features and speed to market have been prioritized against security leaving our nation vulnerable to cyber invasion. That has to stop, Technology Manufacturers<\/a> must ensure that china and other cyber actors cannot exploit the weaknesses in our technology to saunter through the open doors of Critical Infrastructure<\/a> to destroy it. It has to change. We are at a critical juncture for National Security<\/a>. Todays hearing should serve as urgent call to action, specifically, every victim of a cyber incident should report it to cisa or fbi every time knowing that a threat to one is a threat to all and Cyber Security<\/a> is National Security<\/a>. Every Critical Infrastructure<\/a> entity should establish a relationship with their local team and take advantage of Free Services<\/a>, including vulnerability scanning to ensure they can identify and prevent vulnerabilities that the chinese cyber actors are using with every Critical Infrastructure<\/a> entity using the services and Cyber Security<\/a> performance goals as well as the advisories we have published with nsa and fbi and International Partners<\/a> to do the necessary investments in cyber hygiene to ensure they can protect networks including throughout their supply chains. Every Critical Infrastructure<\/a> entity needs to double down on resilience. Businesses need to prepare for and expect an attack. And test and prepare for an exercise, Critical Systems<\/a> so that they can continue to operate through disruption and recover rapidly to provide services to the American People<\/a>. Finally, every Technology Manufacturer<\/a> must build, test and Deploy Technology<\/a> that is secure by design, we have to drive toward a future where cyber actors cannot take advantage of technology defects to break into Critical Infrastructure<\/a>. This is a future underpinned by Software Liability<\/a> regime based on measurable standard of care and safe haven for those Software Developers<\/a> who do responsibly innovate by prioritizing security first. Now none of this is possible unless every ceo, every business leader, every board member for critical structure companies recognize that cyber risk is business risk. Managing it is a matter of Good Governance<\/a> and fundamental National Security<\/a>. Thank you for the opportunity. I look forward to your questions. Thank you very much. Members of the selectivity i am honored to represent the men and women of Cyber Command<\/a> and the national Security Agency<\/a> asthma time as commander and director draws to a close. They give her the opportunity to reflect on changes ive witnessed on the technical and operational environments over my sixyear tenure. And to hear your concerns. The peoples republic of china poses a challenge unlike any our nation and allies have ever faced. Competing fiercely in the information domain. Cyber actors are pre positioning in Critical Infrastructure<\/a> and it is not acceptable. Defending against this activity is our top priority. The men and women of Cyber Command<\/a> and the national Security Agency<\/a> maintain strategic advantage by contesting the threats posed by prc in cyberspace by using the full scope of authorities and full spectrum of capabilities to impose cost, deny benefits and encourage restraint on the part of adversary. It will continue to strengthen partnerships across the government, Form Partners<\/a> and private industry so we may operate anywhere we are needed. We are ready and postured to contest malicious activity at home and abroad as cyberspace threats increase our force to counter threats are stronger and more capable. Cyber command and the national Security Agency<\/a> or using capabilities and partnerships to deny opportunities, frustrate their efforts and systematically eradicate intrusions. One significant contribution, our ability to counter threats is our relationship with the private sector. Cyber command and the Security Agency<\/a> partners with industries to underpin the ability to track, detect and mitigate activity against infrastructure at scale. One example of the impact of the strong relationships was demonstrated in may of 2023 with Cyber Security<\/a> advisory, the first documented prc activity against Critical Infrastructure<\/a> referred to publicly as a volt typhoon. 11 different Industry Partners<\/a> call sealed the advisory along with interagency partners. Other Industry Partners<\/a> contributed behind the scenes in partnership with Cyber Security<\/a> collaboration center. Lastly i would like to reiterate my appreciation for the opportunity to speak with you and recognize continued efforts to bring attention to this critically important issue which impacts National Security<\/a>, the lives and livelihoods of the American People<\/a>. I look forward to our conversation. Thank you, sir. Director jen easterly your Opening Statement<\/a> both written and spoken i commend the written as well. Kind of teases out the troubling implications of an attack on Critical Infrastructure<\/a>. I read it and im left with the application that china is pursuing a strategy designed to either hold us hostage in the event of International Incident<\/a> such that we would be afraid to respond or to cause casualties on the homeland is that accurate assessment from your testimony . Absolutely. As i mentioned and alluded to it is Chinese Military<\/a> doctrine to attempt to induce societal panic in their adversary. Arguably the Chinese Government<\/a> got a little bit of a taste of this in the aftermath of the Ransomware Attack<\/a> on Colonial Pipeline<\/a> may of 2021 shutting down gas to the eastern seaboard for several days americans cannot get to work or take the kids to school, cannot get folks to the hospital. It caused a bit of panic. Imagine that on a massive scale. Imagine not one pipeline but many disrupted. Telecommunications going down so people cannot use their cell phones. People start getting sick from polluted water, trains get derailed, air Traffic Control<\/a> system, port control systems now function. This is truly and Everything Everywhere<\/a> all at once scenario. And it is one where the Chinese Government<\/a> believes that it will likely crush american will for the u. S. To defend taiwan in the event of major conflict there. This is also a scenario that we can and indeed must prevent for the robust practices i mentioned in my statement which amounts to the deterrent by denial and resilience, but also through the deterrence and escalation of punishment, a credible threat and perhaps most apparently through american strength and unity and the power of our value. General easterly you have to assume theyre targeting Critical Infrastructure<\/a> and guam so what would attack on that mean for our ability to respond in the event of crisis . It could have a Significant Impact<\/a> on what we need to do to provide a series of options that our commander in the Indo Pacific Region<\/a> would want to respond with comic medications. Ability to be able to leverage our most lethal weapons systems. These are areas we rely on. Director wray, if you focus all the fbi cyber professionals on the china threat, we would still be at what sort of disadvantage with respect to the humans in china focusing on american . We would be at a disadvantage of at least 50 to 1. Part of the reason i say at least is because one of the things we have seen from the Chinese Government<\/a> which has devoted massive resources to the biggest Hacking Program<\/a> in the world by a mile is that they also work with cyber criminals. Which is then a whole force multiplier to that significant enterprise. Roughly how many people or percentage of resources are devoted to china . Of our resources . It is the biggest chunk of counter intelligence, by far. Probably the biggest chunk of Cyber Program<\/a> by far. And then of course we have other divisions like weapons of mass destruction folks who are the one to do the work on covid origins for example for the fbi. We have criminal folks, criminal investigation folks working on the functional part which much of that is coming from precursors in china. So it is really a threat that pervades and permeates almost all programs. You previously testified when it comes to tiktok that it screams of National Security<\/a> concerns and why . What is the risk posed by tiktok . The most important starting point is the role of the Chinese Government<\/a>. The app Parent Company<\/a> is effectively beholden to the Chinese Government<\/a> and that in turn creates a series of National Security<\/a> concerns in the prc governments ability to leverage that access or authority. So first, the data which gives them the ability to control Data Collection<\/a> on millions of users which could be used for all sorts of intelligence operations or influence operations. Second, the recommendation algorithm which could be used for all sorts of influence operations or to so in divisiveness and discord and thats not something we readily detect which makes it more of a pernicious threat. Of course ai enhances all of that, ability to collect u. S. Person data and feed into the influence operations makes it exponentially more dangerous to americans. Third and finally it gives them the ability should they so choose to control the software on millions of devices which means the opportunity to technically compromise millions of devices. As you put those things together, it is a threat that i think is very significant. It all starts back with the starting point which is the Chinese Government<\/a> itself and their role and the ability to control different aspects. Thank you, i am excited to recognize the Ranking Member<\/a>. His questioning and prop game improves with every hearing. Game respects game. Thank you, first i want to discuss the impact of Cyber Attacks<\/a>, realworld Cyber Attacks<\/a> happening today in ukraine. At the behest of russia. Recently the russians cut off Internet Access<\/a> for tens of millions of ukrainians in one cyber attack alone. They then cut off power for hundreds of thousands of ukrainians in a separate cyber attack and so i have a question for general easterly. We actually depict this here and it could look Something Like<\/a> this. In a conflict situation the ccp could aim to attack american infrastructure the same way that the russians are attacking ukraine right . That is correct. Let me turn to a potential real cyber attack by the ccp. General, so far we have discovered ccp malware in certain infrastructure, but they have not been activated yet. In the event that the malware were activated you would be able to attribute it back to the ccp just like you did with volta typhoo we are very good at attributing thats correct. Now, in 2018 you wereat the Aspen Security Forum<\/a> and here is a picture of you five years ago. And you said this which caught my eye. If a nationstate decided to attack Critical Infrastructure<\/a>, that is above the threshold of war. Isnt that what you said . I do recall appearing from that quote, yes and i probably wodve said differently today. And the next part of that quotation also caught my eye. You continued by saying and we would certainly respond. In your written statement you talk about imposing cost on potential adversaries. I want you to say very clearly, cyber has the capability to respond decisively. It does and this is a really important point. We cannot be episodic in looking at the threat. We need to be engaged every single day with a series of different capabilities, working with a different partners to enable and act. When we have done over the past five years is been able to look at imposing cost in a broad fashion whether or not publishing unclassified manner, with the adversaries doing, whether or not working with the bureau or able to work closely with justice and treasury, this is the idea of consistently being able to persistently be engaged with adversary. A message to anybody paying attention. Ccp or anyone else who would intend to buy malware into our Critical Infrastructure<\/a>. First we will attribute it back to you if it is activated, secondly that could be an act of war. Third, we will respond decisively. Let me move to another topic. I would like to touch on tiktok as well director wray. The ceo came to capitol hill and set a couple things i would like to get your response on. He said data privacy concerns with regard to tiktok are not unique compared to other Companies Like<\/a> facebook and x or twitter. I personally agree that other social media apps have various data privacy concerns, but the key difference is that unlike tiktok they are not owned by a company beholden to the ccp. I want to get your reaction. I presume you agree that it is unique in the sense that its owned by a company beholden to the ccp. It is unique compared to western companies which are by their nature not holden to western government. What makes tiktok so challenging and therefore so risky from a National Security<\/a> perspective is that we are talking about a government and the Chinese Government<\/a> that is over and over again demonstrated contempt for the rule of law and international norms. Lines that we consider very important in the u. S. And in the west between private sector and the government, those are lines at best that are blurry, if not nonexistent. I want to ask about the news that you broke during your testimony. Thank you for your proactive action with regard to disrupting remotely disabling this vault typhoon campaign. A couple questions. One is, in this year of elections, obviously the foreign minister recently told Jake Sullivan<\/a> and assured him the ccp is not going to interfere with elections this year. How do we prevent that from happening . Well, china has promised a lot of things over the years. So i guess i will believe it when i see it, thats the starting point. Second, we work very hard across the inner agency, all agencies represented here, plus a host of other partners to try to anticipate and prevent efforts to interfere in our elections. There have been enormous strides made over the years, not just amongst all three of our agencies, between our agencies and state and local Election Officials<\/a>, secretaries of state, to try to prevent cyber interference for example. And then of course also the pervasive problem of foreign influence in terms of disinformation and things like that. There again we have to work with either sector not just the inner agency, but all of that has to be combined with the public in being a more discerning and media literate populace because they have a role to play here. Sorry, the router, how many states where they located in . I dont have the number of states with me. I know it was hundreds of routers and it is a good example of the point director easterly was making. These Small Home Office<\/a> routers were very outdated which made them easy targets for the Chinese Government<\/a>. These small office Home Office Routers<\/a> were not themselves the intended targets, the targets were Critical Infrastructure<\/a>, but what the chinese were doing was using the easy targets to hide their role in hacking of Critical Infrastructure<\/a>. Thats why the point that was made about making sure that we are not creating an easier attack surface is so important. Thank you, i would like to thank the witnesses for joining. Thank you for your service. I would like to begin, somewhat assert other nations conduct Cyber Operations<\/a>, some of those things could have consequences on entities like hospitals and Water Systems<\/a> and power grids and other civilian targets. What makes the prc activities like embedding latent malware in systems, what makes it unique in relation to other responsible cyber actors . Responsible cyber actors of democracies like our own do not target civilian infrastructure. There is no reason for them to be in the water, to be in our power, this is a decision by an actor to actually focus on civilian targets. Thats not what we do. The Ranking Member<\/a> talked about attribution, determining who was behind the cyber attack and then making sure there are repercussions for those actions. I would argue its not just us playing defense because we will never get out in front of the insidious which happens with Cyber Attacks<\/a> and the folks that dream of ways to attack the system. One thing we can do effectively is have a very robust offense of capability as a deterrent so that folks understand, like china if there is a cyber attack on this nation that goes after Critical Infrastructure<\/a>, what will be coming back is orders of magnitude greater. First of all do we have the capability to do that and if so do we communicate that in various ways so china knows what the consequence will be if they take such action . We have the capability and we are the best. In terms of the way they are communicated, it is different ways, from policymakers to the exercises we conduct to the real world examples that we do with a series of partners. The other thing i would tell you is first of all that we have discovered what they are doing and we have exposed. The partnerships that exist between our agencies and commands is something that concerns the chinese. Finally it is the work with the private sector that gives us scale. They may have 50 to 1, but we have the private sector and we outnumber them. Also very concerned about the ccp prepositioning within our Critical Infrastructure<\/a> like oil and Gas Pipelines<\/a>. Give me a reason why someone would preposition in those Critical Infrastructure<\/a> and what conclusions should we reach as congress and the American People<\/a> from these reports . As director easterly talked about , this is an attempt to provide the chinese options in crisis or conflict. When we have discovered them the first thing we need to do is make sure that we get them out. The second thing is we need to have vigilance that continues onward. This is not episodic threats, this is persistent, the generational piece that director wray talked about, we have to operate every day, vigilant, offensive and defensive capabilities. You talked about Holding Software<\/a> companies liable for the software they have written for a variety of sources, especially the electric grid. Give me your perspective on how we would most effectively do that . How could we do it timely . How can we make sure its done in two ways to make sure future software written is held liable for vulnerabilities and how do we retroactively address software thats already there that exposes liabilities . Thank you for the question. As you pointed out, this is a current problem and legacy issue. What is critical is that we start now to develop a regime and this was part of the Cyber Strategy<\/a> that can actually hold Software Makers<\/a> liable for creating defective technology because frankly, i believe if we had Something Like<\/a> that and i was put in place at the dawn of the internet with software was developed we would not be in a world where the internet is full of malware and software is rife with vulnerability. We need Software Reliability<\/a> regime based on measurable standards of care and also safe harbor for those developers who do responsibly innovate by prioritizing security and not speed to market or cool features. So that is really important and a place where congress could be incredibly helpful. We have also been working directly with industry as general easterly pointed out, the force the player of having their presence in all of these discussions, industry, to put priority on secure by Design Software<\/a> as well as International Partners<\/a>. The last thing i would say is we need to ensure that individual consumers are also aware that they need to be asking for products that are secure by design and not defective. We are making things too easy for our adversaries. Thank you all for being here today and everything you do to keep americans safe. Director easterly i understand a High Percentage<\/a> of Cyber Attacks<\/a> in the u. S. Are in the Energy Sector<\/a>. How would you characterize the cooperation and proactive nature of public and private entities across the Energy Sector<\/a> . Thank you for the question. As the National Coordinator<\/a> for resilience and security we work with what is called sector committees essentially that have representation from Critical Infrastructure<\/a> owners and operators. One of the things i found most impressive since i came into this role is that the Energy Sector<\/a>, the people at the table are ceos. You do not see that across every sector. That really shows that ceos in the Energy Sector<\/a> understand the issue and understand the need to make significant investments in their Cyber Security<\/a> and cyber resilience. So that is a positive thing. We have catalyzed a good working relationship across the site and with the department of energy and caesar which handles cyber work to ensure that Energy Companies<\/a> understand the threat. We did this aggressively around the russian invasion of ukraine as part of the shields up campaign. Importantly understanding steps they need to take to reduce risk to our energy grid. The grid across the country is aging and often in many places decrepit with a lot of innovation going on. A lot of new Clean Energy Sources<\/a> are coming online, there are, there is innovation in distributed systems. Think of after Hurricane Ian<\/a> hit southwest florida, the subdivision come in the neighborhood that had a distributed system that did not go off the grid. They had backup power. Are you thinking ahead, working with the department of energy on how to build those more Resilient Systems<\/a> where you are not as dependent on volatile fuel sources, you think about the Cyber Attacks<\/a> and also long term resiliency. How is that working and do you have recommendations on that . Absolutely and that is the key word. We are living in a highly digitized, highly vulnerable, highly connected world. For frankly it is impossible to prevent all bad things, it is impossible to prevent disruption so we have been working with interagency and Industry Partners<\/a> to focus on that resilience, to expect that there will be disruption and be able to continue to operate through the disruption and to recover. Some of the exercises we have worked on with industry and federal partners really double down on that concept incredibly important to the point about aging energy, it goes back to congressmans question about legacy infrastructure. We also have to ensure that we are investing in building resilience into the legacy infrastructure. I am encouraged that there may be use of Artificial Intelligence<\/a> to help us to rewrite some of the code base in the Technology World<\/a> where you have said very sketchy code creating vulnerabilities. We could actually help to share it up. Do you want to say anything about the aging routers that the director referred to with volt typhoon and how our, how are they targeting americans and what folks need to know . Thanks for the question. To help folks understand and my teammates can weigh in. When we talk about malware, malware has been mentioned, this is not a malware issue. That is why the name of the Cyber Security<\/a> advisory was living off the land. What these chinese cyber actors are doing is essentially finding a vulnerability, and then finding ways to live within a computer operating system so they are actually very hard to detect because they look like any other person who is operating and i have elevated the ability to act like a system in a ministry to. So you cannot tell it is a chinese actor. Thats what they are doing on the routers so they can build these large nets for command and control to allow them to have a launching pad on Critical Infrastructure<\/a> where they take advantage of another vulnerability. The routers themselves may not be aging. It just essentially were created to be terribly insecure. Interfaces wit internet and i think just today at some point in time they will publish what we call a secure by design alert specifically for the manufacturers of routers and a Small Office Home<\/a> Office Capabilities<\/a> that the director talked about. The very basic things that needed to be done to shut off the chinese cyber actors from using these routers as these are basic things that need to be done to shut off the cyber actors from using these routers as long points. Mr. Neuhaus. Thank you, mr. Chairman. Thank you. Thank you for keeping the dedication to our country as safe as possible. Did you know there was an election coming up this year . This is the number of subjects that i want to dive in deeper. This is a different notion of elections and integrity. We have heard from a lot of different experts. They have many of the emerging trends. They have advanced social media and algorithmic types of warfare. Certainly, the four countries, china, iran, these are all of the things that we are hearing about as well. I have several questions. Not directed to any of you, but all of you. We should have time to weigh in. This is going to be the possibility of future election interference. For us, this is to adapt to these kinds of changes and conditions. What policies should we consider amending . Which programs do you rely on . Should the government expand its role in the public and private partnerships . How does this all occur without infringing on the First Amendment<\/a> or the right to free speech . How are you stating constitutional elections . For people listening to this hearing, what gives you confidence and faith in our ability to ensure free and Fair Elections<\/a> . I will start with you. Let me start with less part of your question. We have done it successfully before. All of the agencies at this table, they have been working together. This is based upon the fact that not only our methodology has gotten better, but our partnerships have expanded trade it was understanding internationally, we are going to see what adversaries are doing outside the United States<\/a>. We could do that very effectively. It is a really important question. We have state and local Election Officials<\/a>. They are on the frontline. They are administering election infrastructure. I have confidence, because of the enormous amount of time that i have spent with secretaries of state. Chief officials. State election directors, work every day. Trying to effectively defend their election from the full range of threats. They have operational risks. This is from foreign employees. Whats incredibly important is for the American People<\/a> to understand the enormous amount of work that has been done. This is the state of low level. We are improving the security and resilience of our election infrastructure. It is the diversity and decentralization of the election infrastructure. It is managed by state. 8000 separate jurisdictions around the country. That gives its resilience. They are trying to keep that infrastructure resilient. They should have confidence in the integrity of our election. If they have any questions about it, serves as an observer. Talk to your local Election Officials<\/a>. They are looking at the support of Election Officials<\/a> that are working hard. They are ensuring the integrity of our democratic process. I would add another section. We can add it in terms of those things. This is in the role of defects. I want to enhance some of the same Information Warfare<\/a> that we are seeing from a foreign adversary. This is for quite some time. They have this Information Warfare<\/a>. This is from a foreign adversary. For example, they have iranians effort in fall of 2020. The director and i, are moving onto a public announcement, ahead of a cyber intrusion. They might have wanted others to think it was. They are looking at the Disinformation Campaign<\/a> on top of it. They were effective, working with all of these partners. That is the kind of thing that we will see more of. Im confident in my partners. Americans can be confident in our election system. Im also mindful of the fact that our adversaries are more sophisticated. They have more foreign adversaries who want to get in on it. It is easy to think about the Chinese Communist<\/a> parties. They need to be carrying out the genocidal campaigns against minorities in their own country. They could be building more nuclear weapons. This is more quickly. They could steal secrets from the military on our private businesses. Changing lives of every american. This is ways that they wouldnt expect. Cutting us off from our water. They are building these capabilities for years. They are run by state and local governments run by the private sector. You need to understand these threats. How do we in the federal government to ensure that these entities are protecting the systems so vital to all of this . How do i commit to a small town in the district . This is where i grew up. They need to invest in cybersecuritys to stop the Chinese Military<\/a> . Im all for Holding Software<\/a> accountable. If they dont update the software for 10 years, that could be too late. How do we protect ourselves today . That is a great question. We have to attack it at the Software Developer<\/a> level, but of course at the Software User<\/a> level. Many of these public utilities, and smaller critical structure entities, are target rich, but cyber poor. They have two people who are focused on security. They are doing administration, or the finances for the company. One of the things that we have done for the support of congress, is build a very large field force. Advisers and subject Matter Experts<\/a>, will be the frontline forces. They will have all the Critical Infrastructure<\/a>s and operators. The businesses are large and small to ensure that they are aware of the Free Services<\/a> that are making it easy on these entities. Trying to ensure the security and resilience. Very basic things. A lot of entities dont know that they exist. This is a place where we would love to work with you on the community, to make sure we have these small towns. We have all of this free stuff. One last point, basic cyber hygiene. It is not rocket science. If they do the basics, they can stay safe. You explained that tiktok is going to be from a chinese party. This can influence the feeds. Earlier this month, they reported that taiwan experienced a 3000 increase in the denial of Cyber Attacks<\/a>. This is including 3000 . With their election, the Chinese Communist<\/a> party has shown a willingness to influence elections. Im heartened by the experience and confidence of the federal government, protecting the integrity of our election system. If the ccp were going to change tiktok feeds to buy is one candidate or another in the upcoming president ial election, would they be able to do so . That would be something they are permitted to do. They are studying science and math. Would they be able to suggest to americans to use more drugs . To my understanding, the Chinese Government<\/a> and communist party wants to exercise that authority. They can easily exercise that authority. China describes the Cyber Efforts<\/a> as machining form factors from reconnaissance offense and defense. How do these deterrents get thought about . How do we think about deterrence in response . In terms of the way we think about it, we think about deterrence by denial and cost in position. Deterrence by denial is what we are discussing here in terms of publishing and being able to expose what the chinese are doing in an unclassified manner. This is the challenge that we now face. We have uncovered what they are doing. We will continue to do that. As we recover this, it is clear from all we have heard in the workforce challenge as a director, we need more cyber experts to serve our country. Given the threats that we have laid out today, you have a message for Young Americans<\/a> . Do they want to do something about this . Is the future of our economy. It is tied so closely to the ability to operate in cyberspace. If you are looking for a challenge, or fulfillment, i would tell you that any of the agencies that you see here, provide in mission and responsibility that would work. If you are imaginable, you have the expectations. I truly believe in the importance of national certs. I would encourage all americans to think about that. I think we could make a colonel in the reserves. You can take advantage. Thank you, commissioner chairman. I wanted to followup with you on some of the comments that you had made in addition to the Cyber Security<\/a> issues that we talked about. Human in sources, deception, aging, hiding their hand. Corporate joint ventures are here. This is in this whole topic of leverage. When you appeared in october on 60 minutes, you mentioned you had seen a variety of efforts by chinese businesses attempting to acquire businesses, land and infrastructure within the united dates. This is in a way that presents National Security<\/a> concerns. I saw that, and i thought that was a very powerful statement. I followed up with a letter to you, outlining some concerns that i had about an investment in my own district. In my own district, there is a company. This is an affiliated company. Many of its top leaders, including the north american operations leaders, have ties to the ccp. They want to build an electric Vehicle Factory<\/a> in my district. It they have given hundreds of millions of dollars to do so. To build and operate its factory in my district, they plan to being 2215 chinese nationals to michigan. If that happens, how confident are you that it will not be used for espionage . Do you believe that there is a risk that these individuals will be spies working for the United States<\/a> . I would have to drill in deeper on the specific example to be able to weigh in on that. What i can tell you, is that a lot of this ultimately traces back to the blurry of nonexistent lines for the Chinese Government<\/a>, and its private sector. The Chinese Government<\/a>s ability, should they choose to leverage that, and reach that access, this is in a way that undermines our National Security<\/a>. This is why acquisitions, buying land, buying businesses, and so forth, they could be legal. They should still raise National Security<\/a> concerns. This provides a vehicle for them to leverage that access to conduct surveillance, or other operations that undermined our National Security<\/a>. We have seen time and time again, they have used that access. They have done that. In a way, this is the operation that we are talking about this morning. This is leveraging in a different sense. The excess is the problem. We dont want to wait until we have actually stolen with the information is. We need to try to get as they say in the counterterrorism context, this is right to the left. I want to be clear, as i said in my opening, our concerns are not with all chinese nationals. Our concerns are with the Chinese Communist<\/a> party, and the Chinese Government<\/a>. They have shown a willingness to leverage insiders who have no origins in china. This is a very important part of our resilience and National Security<\/a>. This is not sufficient in its own right. Your concern is with the leverage that they can do . They can use it with other individuals as well . What kind of leverage are you seeing right now what is the Chinese Communist<\/a> party using in this company . It covers the waterfront. I will give you one example that is public. Ge aviation, a major public, very sophisticated company, entered into a joint venture. It wasnt a chinese company. The chinese were able to recruit an insider at the joint venture. The joint venture was able to get access to Sensitive Information<\/a>. He used it to help chinese Intelligence Officers<\/a> back in china hack jesus systems. You have the joint venture, which enabled the recruitment of the insider, which included enable the cyber hacking. He was able to cover the tracks because of his insider access. Fortunately, there is a happy ending to that story. Ge, did what we want all businesses to do. They had a Good Relationship<\/a> with the fbi, and our local field office. We were able to essentially run a sting operation back against the chinese. Millions and millions of dollars of r d from Big Companies<\/a> from the chinese, essentially blurred another officer who was involved to brussels. He was arrested. We extradited him. He is now in federal prison. That is what we need to happen more often. It shows that the company is sophisticated. They can fall prey to this. What company couldnt . The company was a ccp affiliated company. What they have done the same thing . I wouldnt count on it. The generals time has expired. The importance of the different communities across our nation. I was very interested with what you said about the field force. Making people aware of organizations and services that are being provided. A lot of conversations today, how can we prevent some type of situation where we have these liabilities the Critical Infrastructure<\/a> is involving . You always framed it. Im talking about some of the concern of the societal panic. This is something that can be done against us. They can very much damage our ability to operate and create that concern amongst the American People<\/a>. They could sway political decisionmaking. They are weighing in these decisions. I just want to ask the four of you, we put everything that we can to try to prevent something from happening. God forbid, something were to happen. We have a major disruption. Gps, or Something Else<\/a> of that nature. What kind of active planning are we doing . Is this a different government way . Are the four of you brought into that type of ordinate effort for that type of action . Are we trying to have some sort of understanding . What kind of work are you doing in a responsive way . Not a preventative way. This is what you are worrying us about. This is not for societal panic. It is the chinese part of their doctrine. Its a pretty scary phrase. We are working very closely with fema. We have different partners in that department. We are going to lead a whole nation planning effort, to ensure that we can respond to significant National Security<\/a> events. We have National Cyber<\/a> directors as part of the strategy. We are updating the National Cyber<\/a> Incident Response<\/a> plan. This is across the country. We are working on that very closely with our government partners. As well as with our Industry Partners<\/a>. As you have heard, industry plays a Critical Role<\/a> in this. They oftentimes have the best information on what is happening in private and Critical Infrastructure<\/a>s. That connectivity, will be important for us to catalyze an effective response. I just want to turn to you. How do you feel about the preparation for this . Are we doing everything that we need to at the federal, state, and local level . We are taking the steps that we need to. I am concerned that we continue to work with the state, local, and tribal territories. Several times today, they are on the front lines. I need them as being a combatant commander. This is with many of us supporting commanders. They are the ones who need our support. This is part of our shift in the National Science<\/a> security strategy. They have the responsibility to those who are the most capable. In this instance, it is the federal government that is the most will to prevent and lead the resiliency. I would love to keep up with this. In new jersey, we have a lot of readiness. We responded to hurricanes. I just dont really feel like there is a lot of muscle memory in order to deal with these types of approaches. I would just end with the director again. We are talking about the readiness that we need. I have a real concern about some of the funding discussions that we are having here on capitol hill. House republicans voted on a budget. 22 . I just want to get a sense from you what that would do in terms of our impact and redness. It would have a catastrophic impact on our ability to protect and defend the Critical Infrastructure<\/a> that americans rely on every hour of every day. Thanks for hitting home. I yelled back. I want to thank all of our Witnesses Today<\/a> for your valuable testimony, and the work that you are doing to protect americans on a daily basis. I want to wish you continued success, and a welldeserved retirement. I want to focus my remarks initially on the importance of reauthorizing section 702. This is the Intelligence Surveillance<\/a> act. As we know, section 702 expires here in congress. We could fail to reauthorize the program on april 19th. It is of existential importance from the National Security<\/a> standpoint. They are protecting them both abroad at home. This is from homeland and National Security<\/a>. Can you talk or explain how the information is derived from section 702 x they are specifically flowing on top of them today. Chinas activities are in the pacific. They have the u. S. Effort to counter chinas Cyber Espionage<\/a> here on u. S. Soil. They have efforts to reprise national investments. I want to strongly look at your comments about section 702. This is the National Defense<\/a> to foreign threats. Specifically in the context of todays hearing. 702 is the greatest. This is the greatest tool that the fbi has to combat Hacking Group<\/a>s. This is just last year. We are able to identify the statesponsored cyber actors. They thought they accessed a particular u. S. Transportation. They are quickly notifying the entity. Sharing technical details. They are enabling them to be able to kick the chinese off of the networks before harm could be done. This is everything that has been uniting frequently. They are identifying prc. Targeting americans. In my view, failure to authorize section 7, is a severely restricted article. A form of unilateral disarmament. The Chinese Government<\/a> is not tying its hands behind his back. It is going the other direction. Thank you. General . Section 702, is the most important authority that the national Security Agency<\/a> uses every day to keep americans safe, and to secure our nation. As someone who was at the pentagon on 9 11, to consider that we would return to the days before section 702, where we couldnt connect the dots, is almost in couple to me. The other piece that i would add to your question, 702 is so agile, that provides us an ability to see the chinese precursor chemicals that are being used to feed fentanyl to skirt our nations. 100,000 americans are right here. 702 allows us to identify those precursors that save lives. The final point that i would offer, from the surveillance authorities that are out there today, the most transparent, the most effective authority, is 702. It balances Civil Liberties<\/a> and privacy, and the requirements of our National Security<\/a>. Thank you. I yelled back. I think the gentleman for his incredible work. Thank you. The United States<\/a> is a cyber superpower. Do you consider china a comparable cyber superpower . Congressman, i consider china a mere adversary. Yes. What is the opportunity for them competing in cyberspace . Given the attention that we are putting on this today, the realization that our nation must change in this strategic environment, our National Defense<\/a> strategy, security strategy, i think we will maintain the superiority. A reassuring answer. During world war ii, the United States<\/a> was concerned that germany would be the first to develop an atomic bomb. Today, we are concerned that china could be the first to develop a quantum computer, capable of breaking modern encryption. Director, who is winning the bottom computing race . I would probably ask of the general to weigh in on that specifically. Tribesmen, you pointed out one of the critical things that we are moving towards right now. Our agency creates the keys, codes, and cryptography that ensures the underlying encryption of our nation. We are developing those keys, codes, and cryptography, to ensure that our nation is safe from the quantum computer which you just described. Lets talk about this. They are on their way to do that. They are looking at what the chinese have in the future. We are winning the race . We are. Artificial intelligence is good. We can enable anyone anywhere, for the critical info structure. What can be done to prepare ourselves for the world from widely distributed cyber extractions . Ai is moving faster. It is moving at a speed that is three times the speed of moores law. It is unpredictable. It will be the most powerful weapon of our generation. Most powerful generation, who were this incentivized to use it. Owned and operated by private sector companies. They were driven by profit motive. We need to be very specific about the guardrails. They will prevent these capabilities for nefarious purposes by rogue nations and cyber criminals. From terrorists. We need to move incredibly quickly in order to do that. I think this and china are the two generational issues that we need to be riveted on to protect our nation. We have a small number of companies. Specifically behindthe scenes. Do you feel like these companies are keeping abreast from the latest advances . Are they looking at these advances for Cyber Security<\/a> . This is because of the illumination of this issue. We have the inherent risks by the congress and the administration. The industry has come to the table. We need to see more of that. They need to be secured by design for ai. They have International Partners<\/a>, to ensure that these capabilities are creative. Security is the top priority. They are playing a role in cyber policy. How does your role differ from the deputy National Security<\/a> . What is the difference between those two roles . National Security Council<\/a> at large, yields on mechanisms of national power. There is a different deputy. He specifically from Cyber Security<\/a>. How does that differ from yours . We are providing Strategic Policy<\/a> guidance. This is not operational guidance. This is what the National Security<\/a> council does with our policy. This is more part of the National Cyber<\/a> directors. We work very closely together. This is weekly. Typically, we are looking at staff working together daily. I want to have a conversation with the two of you. Looking at the maritime of the situation. It seems to me that more reports are becoming reliant on equipment. We have technology and infrastructure from prc. They have all of these affiliated firms. I find that concerning. That is a legitimate threat. When you combine that with some of the Cyber Security<\/a> concerns, they have been discussed in the context of reports of Maritime Security<\/a>. They are starting to strangle our ability to engage in international traders. How do you assess the awareness of our Maritime Partners<\/a> . They have carriers knowing about this. We have these issues that you may be alluding to. 80 of cranes in our ports, represent all of that. They have chinese controlled infra structure. This is within our critic infrastructure. We are working very closely with the coast guard that was looking at the sector risk transportation systems. We are trying to make is a very real threat. This is within a manufacturer. It is hard to rip and replace. We have same concerns with communications infrastructures. We can provide working with the coast guard information on the threat. We know what they can do to mitigate the impact of that threat. This is all about that risk. We are trying not to depend on this type of chinese infrastructure. This is a control from the ctp. That is worth double underlining that 80 of the ship to short cranes. I would agree with both of your comments. It is about more than just the reports. We have the maritime sectors more broad. Something we know the chinese have targeted. That is part of life together, we are working with coast guards and others. We have tried to put out a lot of information about best practices and mitigation guidances. We are trying to reduce the risk read we are going to have to be mindful of the Chinese Government<\/a>s ability to leverage the businesses. We are educating these private sectors. It is so much infrastructure, as we have talked about. We are talking about ports. This is really owned and operated by the private sector. You have done a perfect job of educating them. What do you assess the need to do better over the course of the next three to five years . How are you minimizing the dangers of this . This is something that we mentioned. They have put out something specific about chinese manufacturers. This is another area that we have considered significance concerns. This is going back to ensuring that they have an awareness of the threat environment. They are taking those measures to invest in basic cyber hygiene. Some of this is just taking the basics to understand your infrastructure, to know what the vulnerabilities are, so that you can drive remediation of them. That cyber hygiene is so important. We are looking at clear Critical Infrastructure<\/a>s. You have to see cyber risk as a cordless rest. We have all of these national securities. This is all about the organization in this nation. We are looking at the same thing. They are supporting the Maritime Security<\/a> purports. They were trying to address this immediately. The victim reaches us immediately, is the one who is going to supply the information that will enable us not just to be able to share information with them, to better mitigate and prevent that attack, this is in many ways, preventing the attack from metastasizing to other sectors in other businesses. The first victim that gets contacted, that victims information is what helps us prevent and protect all of the other organizations. These are the victims that are potentially out there. We see this all the time when it is done right, we are looking at the field office. We are able to be there within an hour. Just a little bit more. If sharing technical indicators that they would not have had. The dots get connected. They are better able to prevent that attack from getting worse. They are also able to share intelligence. This enables us collectively, to harm other businesses. They are trying to them from being victims. Yet again, getting further left. Mr. Chair, i would close by noting that we have optimized the supply chains. Thanks. I yield. Thank you, chairman. Thank you for today. Thank you for bringing together witnesses with such commitment to defending our democracy. I appreciate it. It brings to mind, my favorite anecdote from the civil war. 1864. They just a command. This is the army of the potomac. It was surrounded by the senior staff. They were preparing for their march into northern virginia. They kept on saying they were going to do this or that. He snapped. He said stop worrying about what the general is going to do. Make them worry about what we are going to do to them. I think about that a lot when it comes to cyber. We have to do all of these things that mr. Johnson put forward. Particularly making ourselves resilient. We also have to make them worry about what we are going to do to them. The best offense we have, is not actually the nsas ability to hit their critical infra structure. I know that we can do that. Im not going to ask you all the details. That needs to be there. The best offense we have, is to turn the domestic populations on those regimes. Allow their own people to debate and deliberate. I some cells with that, whether they would like threeyear covid lockdowns. They have another sovereign nation. In the last three years, starling has improved and opened up those channels of civic discourse. They are so coercive it is corrosive to these regimes. What can we in the u. S. Government do to turbocharge our Community Ability<\/a> to turn on the civic discourse . Are we making sure that that is the u. S. Governments decision . I would like to start. The key piece that you just talked about, is what we have all realized. What we do, hasnt changed a lot. We do Cyber Security<\/a>. We have cyberspace operations. How we do it is changing so rapidly. We havent impacted this against china. Much in the same way. The wilderness campaign, is deciding that we are going to focus on our strengths. This is the same thing. Strengths begin with our partnership. This is the fact that we are able to talk with our private sector, and be able to understand broadly what is going on. We are now publishing these types of insights. This is within an unclassified manner. Hang them on websites, will have us with a plan. Maybe this is for all of them. Do we have a plan for Internet Freedom<\/a> in iran, russia, and china . Are there populations engaging . They have advanced prostate cancer. Are we ensuring that the iranian people have as much of a voice as possible in the their discontent known with the plans that are happening . That is what really keeps this thing up at night. It is not u. S. Politics. It is blatant chinese politics. I will come at it from the fbis end. You are talking about the operations that are taking place in most countries. When we call a transnational oppression by all the governments that you listed off, that is so important. Those techniques that you are talking about, they were not just doing them in their own countries. They are exporting them onto u. S. Soil. They have intended victims. They have all of these critics right here that have the audacity in their interview, to criticize those regimes. They are looking at all of the russians, et cetera. When we take action through exercising the rule of law right here, protecting those victims. We are coming out that behavior. They are back in those countries. This is what we are talking about. We are looking at these authoritarian regimes. Im trying to look at what is improving the safety of the United States<\/a>. In december, you testified that you saw blinking lights everywhere. You were especially concerned about hamas inspired domestic terrorism. We know that the chinese are filling that. This is prior to being soft targets here in the United States<\/a>. We have facilities, houses of worship, schools, places that people everyday in america go to. This includes municipalities like the ones we are talking about. To defend the public we all serve, we need to be mindful of that heightened terrorist risk. Thank you, mr. Chairman. Good afternoon to are extinguished distinguished guest. Thank you to listen to our community and our committee for these blatant threats. To our National Security<\/a> on many levels, this director wrote it down when you gave your Opening Statement<\/a>. You want to wreak havoc and realworld harm on us. We need to be ready if and when. I think it is very clear today from our discussion, that it is not if. It is already happening. The answer is resiliency, prevention, and accountability. They are trying to look at the gatecrashers. They are looking at these Critical Infrastructure<\/a>. It is unacceptable that the prc was even able to gain access to many of these sites. They were able to look at the army test sites. They have the most egregious example of this bible and going across our country. They are trying to reach our military and technical innovations. I appreciate the prompt response to our letter. I would be curious what the fbi is doing right now. This is intelligent engagement. We have intelligent tax forces that are fbi led. They are relevant from this military agency that is right here. That is within that area. They have local law enforcements that are very different. A part of giving them a different multiplier to help counter the threat. They have many numbers of investigations into different kinds of investments. Actors are associated with the prc. Trying to spy on them, if you will. Targeting the military inspirations. Installations. They are savvy about how they are looking at these investigations. Making sure the lines of communications are wide open. They know what facility is in that particular action. Whenever im looking at the field office, im visiting from this twice. This is the third round now. It never fails to inspire me. They are looking at the military presence. This is within the United States<\/a>. Im sure there are many partnerships that have been very successful in stopping many of these threats. We cannot rest on our laurels, continuing these conversations. It is going to be critical. Im looking forward to conversations right there. We have classified settings about what we can be doing. I want to follow up with the remaining time that i have. That is a huge concern. Recently, introducing a bill with many members of this committee. Including the chairman and the Ranking Member<\/a>s. Helping bridge that critical funding gap. This exists. It is certainly considering these routers, and other equipment that exists within this, they are small organizations. They do not have the resources. This is a huge vulnerability. Do we look at expanding it further . What are the consequences of us not taking action here . When it comes down to basic fundamentals, you were able to point out on the bill itself. 24,000 pieces of chinese software, is in the supply chains. It is imperative that we help the owners of some of these less resource entities, to be able to make these changes to reduce risks. We have different supplychain Management Task<\/a> forces. Im not sure that theyre looking at capabilities to funding. It is incredibly important. The other thing that i need to be aware of, the s. E. C. Has a cover list with a variety of different chinese equipment. This is what we do. We make radical infrastructure aware that they may exist within the systems. They can also be aware of the threat mitigated, or replacing. I think it is incredibly important. They will come in you for the bill. We have a lot of vulnerability. We are working to get a true account of what mobility is still existing within the government. I yield back mr. Chair. Is at a time of great turbulence and instability in the world. They have some of the greatest threats and opportunities within the 21st century. We must do more to deter responsive threats, to our systems coming from hostile actors across the world. We know the Chinese Communist<\/a> party has incredibly sophisticated cipher instructors. They have some of the fiercest competitors on this front. This is one of our greatest assets. This is something that the ccp overlooks. It is our diversity. As a speaker nancy pelosi, and Vice President<\/a> Kamala Harris<\/a> have both said, our diversity is our power. One aspect in which we can and must do so much more, this was all about cybersecurity. This is all about president joe bidens and ministration. Turning to you, director, this topic is important to you. You have spoken about it before. We are trying to increase our cyber workforce, by sourcing talent from diverse places. We are trying to combat these efforts. Thank you so much for that question, and that important topic. Diversity is all about achieving positive mission outcomes. That message is not the same. We have been misunderstood. It is about positive outcomes. We do that by having the strongest teams possible. 500,000 open cyber jobs. This has been working. What do we need to do to fix that . We have the National Cyber<\/a> workforce education strategy. This has the pillar. They are expanding the federal cyber workforce. Number one, we have people realizing the impact of the National Security<\/a>. Americans, want to serve our nation. We can be clear about cybersecurity. Growing up, this is the only National Service<\/a> that we have by law. We were voting and paying taxes. All of this Critical Infrastructure<\/a> segment, that is part of the National Security<\/a>. It is an opportunity to serve our nation. This includes cybersecurity in general. This is a technical endeavor. This is what we are stemming. Cybersecurity is about Critical Thinking<\/a> and agility. We dont need another engineer or scientist from these contributions. I also want to add that there are communities across the country, that are not exposed to these opportunities. I didnt know i could serve until that happened. The recruiter came from the naval academy. Sometimes, these qualifications are not valid. We can develop the right people. We can retain them, and then we can turn them loose. We are trying to get better people to achieve positive mission outcomes. Thank you so much. I want to turn to another important topic on all of our minds. The 2024 national election. As we frequently remind everyone that the 2020 president ial election was the safest, most secure election in our nations history. However, the 2016 election proceeding it was hard by russian hacking, and broad Disinformation Campaign<\/a>s. This severely compromise the integrity of the election. Anyone on the panel, would you be willing to answer the question, or address this . Is this in an unclassified setting . Is there any evidence at this time that the ccp is using Artificial Intelligence<\/a> to interfere in the u. S. Elections . How do we ensure that this election is free from ccp influence . I only have a seconds. Sorry. 11 2. Im looking at the intel on whether my colleagues are looking at the ccp. They are actively using Artificial Intelligence<\/a>. Based on that report in december, this is the activity in the 2022 terms. We have these chinese attempts at influence. We should absolutely expect that foreign actors will attempt to influence. They will interfere. To be very clear, americans should have confidence in the integrity of our election infrastructure, because of the enormous amount of work that has been done. Local Election Officials<\/a> by the federal government, private sector, since 2016, it is designated as Critical Infrastructure<\/a>. It is that work that should make the American People<\/a> confident in the security resilience and integrity of the American Election<\/a> system. Her time has expired. Actually share the thoughts of my colleague. I like the need to provide technology. The people that live in impressive regimes like russia, china, iran, we actually start a second front. This is without shedding any blood. People inside, they can all seek freedom. We need to help them achieve freedom. We need to throw the shackles of this regime right here. They need to allow them to communicate with ourselves, so that it can happen. Hundreds of thousands of people took to the streets of cuba. A couple of years ago, that was a lie. The first thing the cuban government did was shutdown the internet. Identify the leaders, and take them out. We can define technology that allows people to communicate. We can actually help the cause of freedom around the world. I will be working with my colleague to see how we can make that happen. I actually believe that the cyber war that we are conducting right now is a battle. I think the race is really the race to ai. Do you agree with that . I think ai will play a tremendous role in the battlefield to come. Both on the private sector on as well. How important is the accumulation of data . Is it withins race to ai . It is all about data at the end of the day. That is the gold. It is the oil. 150 million users of tiktok. How valuable is that data to the ccp . Enormously valuable. Knowing that it is critic for the United States<\/a> to win the race to ai, and tiktok, it is a huge source of data. This is the language source that we need. The chinese language is actually at a disadvantage. They need more western languages in order to win that race. Is tiktok is providing all this data to the ccp. Do you think thats a Security Threat<\/a> to the u. S. . I have significant security concerns about tiktok. Its a combination of the ability that the Chinese Government<\/a> would have, if they choose to exercise it to control the collection of the data. To control the algorithm and if they want to control and compromise devices. If you layer a. I. As you stay on top of all of that it amplifies those concerns. The ability to collect u. S. Person data and feet that in to their a. I. Engine, it magnifies the problem. We look at a. I. Is a concern in the wrong hands. We also know american a. I. Innovation is the envy of the world and the chinese are trying to steal it. The big concern is they will not only steal american data and feed it into the a. I. Engine but still American Innovation<\/a> and make the theft even more effective. Just look at that equifax hack from a few years ago where they were able to steal the personally identifiable information from 150 million American People<\/a>. I am running out of time. I need to ask a question. Would you ban tiktok in the United States<\/a> . Yes or no . Well, there is the Decision Making<\/a> process. Let me answer it this way. As long as the Chinese Government<\/a> has the ability to control all these aspects of the business, i dont see how you get your way clear to mitigating those concerns . Fair enough. I share the concerns of my colleague mr. Johnson, for the past eight months i worked with chairman gallagher and members of the committee of Homeland Security<\/a> led by Transportation Maritime<\/a> subcommittee conduct a joint investigation examining cybersecurity and supplychain threats at u. S. Maritime ports posed by the peoples republic of china, i anticipate sharing our joint investigative report soon. When i was the mayor of miamidade county, we operate one of the biggest ports in the United States<\/a>, and lo and behold, when i looked, they had chinese writing on it. 80 of the worlds cranes are manufactured in china, but whats worse, i thought we were okay with software. Software developed in western countries was okay, operating these cranes. We also find out that in a lot of instances, the software shipped to china, stays there, for over one year, and its installed in china and we dont know what happens to it in that time. Operating the software, knowing the software either reporting back to china or somehow it could be turned off at any time. Think about it. 80 of the worlds commerce is controlled by those cranes. I am way over so thank you for indulging me. The lights are also controlled by somebody. We climbed up in one of those cranes in miami. I didnt know i was afraid of heights until that. It was illuminating. Im always learning about our chairman. This is an honor to be with you. Its topnotch hearing and we are not the Homeland Security<\/a> committee or even armed services. Getting into these points around the entanglements of Cyber Security<\/a> threats and its realities of which i would love to ask you about. I just wanted to start from a more elevated place. Maybe its a question for mr. Wray. What is the ccps motivation as far as you know and can share with Cyber Security<\/a> threats and actions. We have been hearing colleagues and everyone talking about these examples and tools. What is the goal here . Is it to chip away at our economy . To make us look weak . Even some of what we are positing today is perpetuating it in this position of weakness rather than strength because much of this technology is technology we created. Thats another point. Im interested in the why . My starting point would be as with most questions about the Chinese Government<\/a>s tactics and strategy, when one asks, is it a, b, rc. Its usually all of the above. In the context of Cyber Threats<\/a>, they are using their biggest Hacking Program<\/a> in the world to try to steal our intellectual property. To advance their own economic engine. They are trying to steal her personally identifiable information to feed into the influence operations and other tactics we have talked about here already in this hearing. Are using the cyber targeting to suppress dissidents and critics. And, is revealed through the operation we have talked about and announced this morning, they are using their cyber targets to preposition on Critical Infrastructure<\/a> to be able, should they choose, to conduct a disruptive attack on our Critical Infrastructure<\/a> and at the time of conflict. All those things and they feed ultimately into their goal to supplant the u. S. As the worlds greatest superpower. I am in agreement that the goal is to supplant the u. S. We are in a competition with china. Frankly, they are the only nation that has the means to reshape the international order. Means, diplomatic, economic, military. We are in a competition and we have to acknowledge that. We will not lose sight of that. We also need to manage the competition responsibly. To avoid the confrontation and conflict, and we can do that by continuing to operate with confidence. Not yielding the initiative, not staying on the defensive, but being as strong as the United States<\/a> is always been. A look at the National Security<\/a> strategy and this as to invest at home to maintain our strength. So we should not consider cybersecurity warfare. I know, general, you are here what are they doing over there . Do they have a department that is focused on Cyber Attacks<\/a> . This is in some respects hard to wrap our heads around. I know you have your kit in caboodle you can talk about and cannot talk about. I am interested in terms of how are we choosing to respond to these things . What do we know how they are actually putting this stuff together . We know a lot of what theyre doing and we know who is doing it. We know how they are structured in their version of the national Security Agency<\/a> in u. S. Cyber. We know they have very specific organizations that are targeting different parts of the world to include the United States<\/a>. I think the important thing is now that we know that, what are we doing about it . This is to the point of the Department Strategy<\/a> is we defend forward and operate outside the u. S. To oppose adversaries by enabling our partners are acting. Thats the important piece. I am out of time but someone who funded the s. T. E. M. Caucus, bipartisan caucus in the congress, its such a treat to hear your expertise. You have been phenomenal, and all of you have. Critical infrastructure and intellectual property across california are at risk of being attacked by the ccp and other adversaries. This could have serious consequences for my constituents. In may, the l. A. Times wrote about threats of Cyber Attacks<\/a> on our water infrastructures. I am seeing these directors and head of Cyber Attacks<\/a> are cybersecurity, head of all these departments, what do we do interagency coordination on Cyber Attacks<\/a> and vulnerability at ports around the world with u. S. Military and commercial presence because anybody can answer because you are talking about what your agency has been doing and how you are protecting from the Cyber Attacks<\/a>. How are we working together with these different agencies . I will start and say a couple things. With respect to sports ports specifically. Built in 2018 to serve the role as the National Coordinator<\/a> for critical structure. We work at the sector Risk Management<\/a> agencies to ensure that we can work with industry to help them understand the risk so they can manage the risk and reduce the risk. We have a phenomenal partnership with the u. S. Coast guard where we work with them day in and day out to do cyber assessments. To help with vulnerability scanning and ensure that all the Maritime Transportation<\/a> sector has what they need to reduce risk. The other point, particularly if the ccp is watching this hearing, and i assume they are, is the strength of our Cyber Capabilities<\/a> in the United States<\/a> of america was that we operate as 18. There may be different people doing different things, but we work incredibly closely together. We know our strength is our unity as we work together. About other allies . Maritime tracking system. We are not using, unfortunately, in this country, but our allies like japan, south korea, portugal, spain, they are using it. China, ccp knows exactly was going in and out and even that our naval ships are going into those countries. How do we protect that and had we work with other countries . We almost invariably on, so the things we have been talking about here today, especially in cyber, are working with foreign partners, our closest foreign partners who are themselves also being targeted by the ccp and in the context of cyber, our focus is on conducted joint sequenced operations which almost invariably involve not just u. S. Partners is sometimes as many as 10 or 20 foreign partners working together in tandem to try to have the whole be greater than the sum of the parts. We talked about numbers, the disadvantage we are at relative to the ccp. But as general nakasone said his true partnerships we have that allows us to have the u. S. Together with some other countries say it is japan, is to get synergies from working together. Thats our best defense against the ccp. So china is ready to attack by 2027, taiwan. We had a great meeting with the former defense secretary and he was the one talking about that it will not be a war but more of the commercial. It means they will stop the ships going in and out and thats how they will isolate taiwan. When the other countries are still using those systems and especially in the United States<\/a>, our cranes were made by china and they are controlling it. You were talking about that little gas line we got into trouble. When they stop all those cranes that what we are using in u. S. Ports, we are in big trouble. We cannot communicate we can communicate maybe, dont know, but we cannot really bring anything to taiwan since it is an island. We have a big problem. We are preparing, how, will we go inside the ccp and find out exactly what they are doing. I think congresswoman stevens was talking about that. Do they have the rent apartment . I think they do and only do Cyber Attacks<\/a>. How much we know inside of china that what theyre doing to us and to other countries . We have insight in terms of how they are organized and what their plans are and what they are doing. Its one of the things the national Security Agency<\/a> spends tremendous amount of time on. We have good insight in terms of what their intent is. Anyone else want to comment . Thank you all. I learned a lot. Thank you so much, chairman. Two more, i think. Director can you assure the American Public<\/a> today that no violent protest are about a ceasefire in the middle east will be investigated or surveilled by the fbi . We will not be investigating nonviolent First Amendment<\/a> activity. Can you whatever their position is on the middle east where the 2024 election, if theres an american whos out there engaged in expressing their view whether its for a ceasefire or whatever that is, the fbi is not going to be investigating them or surveilling them . Our mission is to protect the American People<\/a> and uphold the constitution. We intend to do both and we embraced both parts of that mission. It doesnt matter what you are ticked off about or who you are ticked off at. Theres a right way under the First Amendment<\/a> to exercise those views, and we will help protect that. Theres a wrong way to exercise those views and thats violence and threats and we will investigate that. I appreciate your saying that. I share your view the First Amendment<\/a> and peaceful protest is at the heart of our democracy. I have appreciated some of your views upon making sure as we appropriately investigate chinese threats to infrastructure and the Chinese Communist<\/a> Party Threats<\/a> in dealing with cybersecurity, you have been clear you do not think that should involve the profiling of Chinese Americans<\/a> and i think you have been sensitive in the university of michigan about how in the past, that has happened. Can you speak to some of the past history of profiling of Asian Americans<\/a> and under your leadership you will make sure that does not happen as we investigate Chinese Communist<\/a> Party Threats<\/a> to the United States<\/a>. We are going to aggressively pursue the threat posed by the ccp with investigations that are predicated on the facts and the law and our policies. They are not going to be based on race, ethnicity, or national or thin and they have not been it is the case the Chinese Government<\/a> aggressively targets individuals here to enlist them in their efforts. They also aggressively suppress and coerce and harass Chinese Americans<\/a> and chinese visitors. We view as part of our role to help protect those people. Part of think he is drawing the distinction between the Chinese Government<\/a>, the Chinese Communist<\/a> party and malicious actor and Chinese Americans<\/a>, chinese dissidents as victims. As you do this, i think under your leadership, your public comments, you have been good about drawing that distinction. Do you bring ahistorical awareness that Asian Americans<\/a> in this country have been profiled in our history. Just like, im sure you have historical awareness of the fbi role during the civil rights movement. Certainly, there have been abuses or mistakes in the past, and we are determined to make sure they dont happen again. I do want to make clear that our work, at least as i have been director, focused on chinese aggression is based on the facts and the law and proper predication. You can assure Chinese Americans<\/a> that they are not being profiled or targeted. Based on their ethnicity or race . We will not open investigations based on profiling people for race, ethnicity, National Origin<\/a> or anything of that sort. Thank you. A special guest. The esteemed chairman of the houma security subcommittee on Cyber Security<\/a> and infrastructure protection, representative, i have to has consent for the gentleman to participate and ask questions at this hearing. The gentleman is recognized. Thank you for allowing me to visit today as a special guest. I look forward to doing work with you all and building resilience, the ccp they cyber threat. Director wray i took in International Trip<\/a> with some colleagues. Some of your employees, men and women, and other countries and they are doing a phenomenal job. Great job with that. Its good to see you. I want to ask, the Intelligence Community<\/a> has been warning that china has the ability to launch Cyber Attacks<\/a> and disrupt Critical Infrastructure<\/a> in response to the persistence of the threat, understand theyve understood dan ashley china operations. Can you provide an update on the work of whats been complete over the last six months . What do you have for dashwood plans for the remainder of the year . Thank you so much. Great to see you. Early last year, we decided to stand up a whole element under the associate director for china operations. We hired a terrific subject Matter Expert<\/a> to lead the effort across Agency Effort<\/a> to ensure we had a deep understanding of the threat to Critical Infrastructure<\/a> and we could work effectively with our partners across the inter agency at state and local level, and with industry, to be able to build the security and the resilience that we need to defend the nation from these threats. Since that period of time, we have affirmatively found and eradicated chinese intrusions in our Critical Infrastructure<\/a>, a variety of sectors that we believe are being used to pre position and prepare for destructive Cyber Attacks<\/a>. We have many lines of ever. Once about evicting cyber actors. One is about providing Free Services<\/a> to all stakeholders across the country so they have the vulnerability capabilities to identify and try for remediation of his vulnerabilities and exploits taken advantage of by the chinese cyber actors. As we have been talking about, catalyzing that collaboration, those Public Private<\/a> partnerships, because between government and the Intelligence Community<\/a>, we need industry to help build that mosaic so we have a deep understanding of the threat so we can, together, reduce risk to the American People<\/a>. You were talking about the collaborations, jc d. C. , what value is that adding to your china operations . Its the Great Innovation<\/a> brought by the Cyberspace Solarium Commission<\/a> that started as the chick pro and we turned it into jc d. C. Because i like rock n roll. We had that for we have 10 companies to over 200. It has been the platform we have used to catalyze the operational collaboration which is rooted in three fundamental things. Recognition that a threat to one business could be a threat to many. Why letting fbi and cisa know about a cyber threat incident is critical. Its the reciprocal responsibility of government and industry to recognize that we have to share information in realtime. It has to be transparent. The government has to add value. The government has to be responsible in terms of how we protect data. Finally what it offers is a scalable way for us to share information. Not just with the private sector but important partners across the government like the national Security Agency<\/a> sever collaboration and fbi and gtf. It helps to put operational collaboration across the cyber ecosystem on steroids. We are grateful to congress for helping to fund it and authorize it and to the Solarium Commission<\/a> for coming up with that great idea. Thank you, director. Congratulations on the new you mentioned harmonizing cyber regulation. As you understand, the sec, a cyber incident ruled that what i believe goes against the cnn, department of Homeland Security<\/a>. Many sectors have said with this new rule, there cyber employees will spend half their time on compliance instead of facing the threats from ccp, Cyber Threats<\/a>. As we pursue the cra this week, the son of my pass it and we try to pass it in the house. Whats the administration do to harmonize between agencies and departments . Thank you for your kind words and for raising this important topic. Part of the national Cyber Security<\/a> strategy has been to do regulatory harmonization. The point of the regulatory harmonization is to reduce the burden of compliance. The way we are going about that, we should a request for information. We have received more than 80 responses from the private sector and public sister. Right now we are going through the process of better understanding owes with the goal of reducing the burden of compliance. That is our goal. We understand i appreciate that. I am out of time. Someone should tell the sec that. I think the gentleman and a pleasure to have you here. Youre welcome back anytime. Maybe not anytime. Two comments and we will close. One of the first things i said in the first hearing is the stakes of this competition existential. I got a lot of blowback for that. I do not think after the testimony weve heard today there could be any doubt. There was one path where we stumble into a war for which we are ill prepared and even victory might have existential consequences in the sense of chance form america triggers and stay. Or we slowly succumb to the sedation of tiktok and we surrender. We no longer stand for the ideas and values that america stands for. The rest of the world is looking to stand for. While it has revealed many things we need to do and while the competition in cyber with china will outlast my time in congress. There are things we must do now urgently, in light of the testimony we heard from director wray, ban or force the sale of tiktok. Its bordering on National Suicide<\/a> if we continue down this road. I get they have hired an army of lobbyists including former members of congress collecting a paycheck. The time is now to do something. If you are interested in bytedance, you will not take tiktok public in america under the current ownership structure. If only your financial interest, we have to find a way to force the separation and the time is now to act. On that happy note i will transition to recognizing the hard work of the democrat staff director who is departing the committee this week after 25 years of service on the hill. Almost as long as general nakasone has been in uniform. I will confess. We have worked together for a year and you have aged me personally three years. I have cash life would be easier if you did leave but now i am sad. One thing ive learned to working with john working the Human Rights Community<\/a>, he has been doing this since before it was cool and he is a hero when the Human Rights Community<\/a> and its been cold to see that. I will give you the highest compliment which is, if i had to negotiate with xi jinping with the fate of the free world on the line, i would want you on my team because i know you would drive him crazy. [ laughter ] its been a pleasure to work with you. Thank you so much and thank you to the witnesses. It has truly been an important hearing. A call to action more than anything. Mike and i were talking about several ideas that you folks generated that we need to follow up on and we will do so on a bipartisan basis. Thank you for your service. Thank you, general nakasone, for everything ive done for our nation and for coming today as well as all of you. I will remember cisa. Gov. Thank you so much. As we try to enlist the civilian partners in our collective Cyber Defense<\/a> and employ what you call cyber hygiene which i love. I would like to recognize our staff director, john, who is departing today. Mike cover the highlights but he has had other very distinguished rules and government. Assistant administrator it usaid. Commissioner to the u. S. China Economic Security<\/a> review. A Senior Adviser<\/a> to leader pelosi. Now he is off to the next chapter, the next 25 years. I look forward to continuing to collaborate between us and you in your next roles. I want to give him a big round of applause for his service. [ applause ] back, thank you. Without objection the i am not den. I am done. I yield back. Without objection, questions for the record are due one week from today. The Committee Hearing<\/a> is adjourned. Highlighted infrastructure climate and labor leaders talk about the best way federal and local governments can invest in infrastructure and respond to natural disasters. This discussion held at the center for American Progress<\/a> in washington, d. C. [ applause ]","publisher":{"@type":"Organization","name":"archive.org","logo":{"@type":"ImageObject","width":"800","height":"600","url":"\/\/ia800202.us.archive.org\/7\/items\/CSPAN3_20240305_160200_Hearing_on_Chinas_Cyber_Threat_to_U.S.\/CSPAN3_20240305_160200_Hearing_on_Chinas_Cyber_Threat_to_U.S..thumbs\/CSPAN3_20240305_160200_Hearing_on_Chinas_Cyber_Threat_to_U.S._000001.jpg"}},"autauthor":{"@type":"Organization"},"author":{"sameAs":"archive.org","name":"archive.org"}}],"coverageEndTime":"20240707T12:35:10+00:00"}