Transcripts For CSPAN Admiral Michael Rogers Testifies On FY

The subcommittee will come to order. I want to welcome everyone to todays hearing of the emerging the subcommittee will come to order. This is our first opportunity to explore this request and the major implications for key defense missions. I think it is fitting that the first area we will dive into is cyber h cyber. This is an increasingly important domain of warfare and an area where we have increased our emphasis on overseeing the departments progress in building and maintaining cyber forts tods protect, defend, maintain, and when necessary conduct offensive operations in cyber space. As we move towards developing the fiscal year 2018 ndaa, i have made cyber and sigher warfare one of my main priorities. In the coming workz weeks, we plan to introduce standalone cyber warfare information that strengthens congressional oversight of Cyber Operations including mandating prompt notifications to congress in the event of unauthorized disclosures. We look forward to continuing to work with u. S. Cyber command and the department of defense as we finalize this draft legislation to ensure occasions are responsive to our needs but without adding undue burdens on the department of defense. In addition to strengthening congressional oversight in the area of cyber warfare other key areas will provide provision tods strengthening our own signer warfare capabilities and enhance our partnerships across the globe. In order to more thoroughly understand these issues i would like to welcome or witness Admiral Mike Rogers is the director of the National Security agency. Let me now recognize Ranking Member jim langevin for any opening comments hed like to make. Thank you, mad emchair and welcome admiral rogers. I want to thank you for testifying before us today. Its always a pleasure to have you before the subcommittee and thanks for bricking along a crowd, makes for a little more offa n interesting hearing. So the president s budget for fiscal year 2018 was delivered just this morning as the chair stated and so i look forward to hearing about Priority Investments in cyber and about any potential new legislative initiatives relatding to cyber. Last year, Congress Passed legislation establishing u. S. Cyber command as its own unified combatant command. The subkmilt tee worked diligently on the underlying legislation because we recognize the importance of a trained and ready forcible to conduct effective Cyber Operations in concert with other military and u. S. Government efforts. Consistent with the appropriate legal authorities and policies. The fy 17 ndaa also formalized relationship with the principal cyber adviser to ensure advocacy and oversight of the command. We also provided u. S. Cyber command with limited cyber peculiar acquisition authorities two years ago, and id like to acknowledge the thoughtfulness by which the department has implemented this authority. Today, i look forward to hearing about where these two initiatives stand, both the process by which necessary resources are being transferred from strat com to cyber com, and the new resources being provided as necessary for effective implementation. Clearly remade progress employing military signer operations over the years. Weve been biltd building the cyber force but now we must make sure that theyre ready and stay ready for a threat that morphs on a daily basis. The persistent training environment of course is key to that end. Although the cyber domain is not new, theres still much that were learning and we must leverage those lessons learned. We must assess the force that we are building, hugh how we employ it in order to ensure cyber com is post tured correctly and if tools and capabilities are the best that we can provide them. So next week im going to be traveling to nato, the nato cyber cooperative, Cyber Defense center of excellence to attend its annual conference. I expect that psi sigh conthe provide extraordinary incite on how our allies view the cyber domain and how International Law are applicable and it will provide me with insight on how we can increase cyber collaboration against russian aggression. Admiral, id also appreciate your views on how we may strengthen collaboration with our nato apple lies. So in close rg are i just want to echo what the chair said about the importance of formal lizing notifications to congress of sensitive cyber military operations, the cyber quarterly brief provides us a forum to oversee Cyber Operations and i was especially pleased with the participation of the joint staff and osd at the last engagement. However, in our oversight capacity, i believe that we must work with the department to gain timely, more standard notifications as the chair mentioned, and i know that were going to work toward that end. So with that, i thank you admirable rogers for appearing today, thank you for what youre doing at nsa and your Cyber Command and with that i will yield back. Thank you, jim. I also would like to remind members that immediately following this open hearing the committee will reconvene upstairs in 2337 for a closed, classified round table discussion with our witness. Admiral rogers youre now recognized for your Opening Statement. Thank you. Chairman stefanik, Ranking Member langevin and members of the subcommittee. Thank you for your enduring sep support and the opportunity today to talk about the hardworking men and women of the United States Cyber Command. I look forward to discuss the posture and welcome the opportunity to describe how they conduct efforts in the cyber space domain and supports the Nations Defense against so he 50 indicate and powerful adversaries. They recognized seven years ago that the nation needed a military command focused on cyber space. U. S. Cyber command and its ub soared nate elements have been given the responsibility to direct, operate, secure and defend the departments systems and networks which are fundamental to the execution of all dod missions. The department and the nation also rely on us to build ready cyber forces and to be prepared to deploy them when Cyber Attacks, i dod support. The pace of International Conflict and cyber space threats has intensified over the past few years. Hardly a day has gone by during that i tenure that we have not seen at least one cybersecurity event occurring somewhere in the world. This is consequences for our military and nation at large. We face a growing variety of advanced threats from actors who operate with ever more sophistication and precision. At u. S. Cyber command we track state and nonstate adversaries as they continue to expand their capabilities, to vns their interest in and through cyber space and try to undermine the United States National Interests and those of our allies. Conflict in the cyber domain is is not a continuation of kinetic operation business digital means. Its unfolding according to its own logic which we continue to better understand and were useding this understanding to enhance the departments and the nations situation awareness and to manage risk in the cyber arena. Id also look forward to updating you on our initiatives and plans to help do that. Our three lines of operation are to provide Mission Assurance for dod operations and defend the department of defense information environment to support joint force commander objective globely and to deter or defeat strategic attacks. We conduct full spectrum military cyber actions in all domains. And sure freedom of access in cyberspace and denight same to our adversaries. Defensetive dod networks remains our top priority and that includes Weapons Systems and their platforms as well as data. To execute our missions, i requested a budget of approximately 647 million for fiscal year 18 which is nearly a 16 inyees from fiscal year 17 do you to additional funding of elevation from the fiscal year 17 flrks daa billing out cyber force and capabilities and tools and jtf support in the fight against isis. Were completing the buildout of the Cyber Mission force with all teams scheduled to be fully proigs operational by the end of fiscal year 18 and with the from the Services Continue walgly increase sieb force readiness to hold targets at richk. Your strong an continued support is critical to the success of the department in defending our National Security interests in cyber. As you well know, i serve as both commander of the United States Cyber Command and director of the National Security agency. This dual hat appointment has a close relationship between cyber. Com and nsa. The institutional arrangement between these two organizations will evolve as ieber command grows to full proficiency in the near future. The National Defense authorizedation act also described conditions for splitting the dual hat arrangement which can only happen without impairing either organizations effectiveness and ability to execute their missions. This is another provision i publicly state i did support pending the attainment of certainly critical Cyber Command will engage with this subcommittee in other matters related to the enhancement of commands responsibility and authorities in the coming year. This would include increasing cyber manpower, enhancing the professional zation of the cyber workforce, building defensive and offensive capability and kpapt, and developing and streamlining our acquisition processes. These are critical enablers for cyber space and a globally changing environment and most or all of these particulars have been directed in recent nda acts along with the office of secretary of defense for policy and the joint staff well talk with you and your staffs to hiern out the plaem mendation details of that legislation. The men and women of Cyber Command are proud of the rolls roelds that we play in our efforts and are motivated to accomplish our assigned missions overseen by the congress, particularly this subcommittee with the we work to secure and defend dod systems and networks, counter adversaries and support national and joint war fighting object difz in and through cyber 1rst century threats together in the private and Public Sectors. This combined with agile olicies decisionmaking processes capabilities command and control processes will ensure that Cyber Command maintains its potential to counter our adversaries. Processes capabilities i look forward to answering your questions. Thank you. We now turn to questions. First i want to thank you for your service and leadership. My first question is very broad. Last years ndaa elevated to a full comma bat nt command. What steps need to happen . I know that process is ongoing. Given the language weve spent much of the last year working our way through the specifics. If a decision is ultimately approved were prepared to apply that. Until we have an answer i would wait until we get into the how. Part of your responsibilities in section 923 when we alvated cybercome to the full combat nt command involved development of doctrine and tactics. What role do you have in advocating for or driving dock trinnle development . As the senior operational commander its the partnership between that cyber team and our fellow operational commanders and policy makers that help shape. So what is the dock trib that should shape how we employ this capability. If you look at what weve done over the course of last year, the efforts against isis, things were doing against other real world challenges are shaping the way we are looking at how we are shaping the force for the future. A couple years, for example, i can remember a year ago two years ago one of our fundamental concepts was we are always going to deploy forward and full teams. One of the things we found with practical experiences we can actually deploy in smaller subelements. Objectives in and thrr the reason im not a proponent is my concern is if we are not careful, we will view cyber as the very technical, very specialized, very narrow mission set. In my view is cyber fits within a broader context. And if you want to be successful in the ability to achieve outcomes in the cyber space arena, you need to understand that prodder context. Im afraid that if we go the Service Route we will tend to generate incredibly technically proficient but very narrowly focused operators. And one of my take aways from being a member of the department of defense is we are best optimized for outcomes when our works fors has a broader perspective. We had a dialogue, is it so needing of specific attention that we should create a separate soft service. We ultimately decided that the right answer was to create a joint warfighting construct in 1987 was born special operations command. In addition, we said that that operational entity needed to be a little uniquely structured. It not only should be a war fighter but should be given budget resource that is enable it to not only employ capability but determine the capabilities that actually drive the investments and actually generate the capability. I think that is a very effective model for us to think about for cyber and Cyber Command vice just automatically transitioning to the idea of separate service. My time is about to expire i now recognize mr. Langevin. Thank you. Congress has provided cyber come with limited authority. I want to commend the thoughtfulness by which it was implemented. Can you provide a general overview on how that authority will be excuted and overseen. Again, we thought it offered a good model. We actually Cyber Command actually approached our teammates and said you have a skillset, you have personnel who are much more proficient in this area. So they were kind enough to actually identify the the two initials who are going to provide the oversight. Youll see that play out over the course of the next couple of months. Just a couple things to finish ironing out. You will see this implement this over the course of next few months. The authority has not been used yet. Not yet. There are some specific things i have to make sure are in place before we start spending the money and using this. That will all be finished within the next month or so. Can you provide an example of what you think the authority . What ive asked is weve already identified for example a series of capabilities through Cyber Commands point of partnership. We call it. Out in Silicon Valley. So ive got ive already got a structure interacting with the private structure. Now i want to overlay this authority to actually now i actually purchase, if you will, and acquire some of that capability from the private sector that weve been talking to them about now for the last few months. So ive tried to work the requirement piece in anticipation. Now weve got that and overlay the Acquisition Authority you are going to see us to start to enter into some specific contracts focused on a couple specific mission sets defense and capability for Cyber Protection teams is the first area were going to focus on. Very good. So i mentioned in my Opening Statement that i am going to be attending the annual conference t nato the Cyber Defense center of excellence next week. What is the relationship with the center and snateo and your opinion how can we cooperate more closely with our allies having that cooperation be strengthened . For example, like yourself, i was just out there last june and spoke at the same conference youll be going to next month. Every time i am in astonia i spend time at the center. The points i try to make are a couplefold. Irst, under the nato framework, the center represents the position of the members of the alliance that participate in the center. Not necessarily the alliance as a whole. So for example not all 28 nations, 29 now actually participate in the center. I would like to see if we can somehow tie the center to natos policy development for example. I think that can accelerate some things. Also trying capacity is a challenge and trying to meet our own priorities and help key allies. One of the things im interested in is creating a partnership with european command, talking about potentially placing an individual maybe in the center in the course of the next year or so to more directly link with ourselves. Also see what can we do within the xercise framework that alliance is starting to create in cyber now. Ive already extended invitations to them to observe our exercise e in framework but i would like to do the same thing in the nato arena. So you know it comes past cyber information sharing legislation thats something domestically but also we have robust Cyber Threats framework but i would like to do the same thing in the nato arena. Information sharing for example the israelis. How are we doing with robust cyber threat sharing information with our nato partners. Right now, most cyber sharing tends to be focused in many ways on a nation to nation basis. Thats another one of the challenges that im interested in Cyber Command. How can we work that more formally military organization to military organization. So were doing this once and not 29 different times. The other services have Cyber Commands. What is cyber come doing as far as the manning and concept of operations as far as having duplicative issues within those services . The the way the the way were each of those Service Primary Cyber Operations<\/a> including mandating prompt notifications to congress in the event of unauthorized disclosures. We look forward to continuing to work with u. S. Cyber command and the department of defense as we finalize this draft legislation to ensure occasions are responsive to our needs but without adding undue burdens on the department of defense. In addition to strengthening congressional oversight in the area of cyber warfare other key areas will provide provision tods strengthening our own signer warfare capabilities and enhance our partnerships across the globe. In order to more thoroughly understand these issues i would like to welcome or witness Admiral Mike Rogers<\/a> is the director of the National Security<\/a> agency. Let me now recognize Ranking Member<\/a> jim langevin for any opening comments hed like to make. Thank you, mad emchair and welcome admiral rogers. I want to thank you for testifying before us today. Its always a pleasure to have you before the subcommittee and thanks for bricking along a crowd, makes for a little more offa n interesting hearing. So the president s budget for fiscal year 2018 was delivered just this morning as the chair stated and so i look forward to hearing about Priority Investments<\/a> in cyber and about any potential new legislative initiatives relatding to cyber. Last year, Congress Passed<\/a> legislation establishing u. S. Cyber command as its own unified combatant command. The subkmilt tee worked diligently on the underlying legislation because we recognize the importance of a trained and ready forcible to conduct effective Cyber Operations<\/a> in concert with other military and u. S. Government efforts. Consistent with the appropriate legal authorities and policies. The fy 17 ndaa also formalized relationship with the principal cyber adviser to ensure advocacy and oversight of the command. We also provided u. S. Cyber command with limited cyber peculiar acquisition authorities two years ago, and id like to acknowledge the thoughtfulness by which the department has implemented this authority. Today, i look forward to hearing about where these two initiatives stand, both the process by which necessary resources are being transferred from strat com to cyber com, and the new resources being provided as necessary for effective implementation. Clearly remade progress employing military signer operations over the years. Weve been biltd building the cyber force but now we must make sure that theyre ready and stay ready for a threat that morphs on a daily basis. The persistent training environment of course is key to that end. Although the cyber domain is not new, theres still much that were learning and we must leverage those lessons learned. We must assess the force that we are building, hugh how we employ it in order to ensure cyber com is post tured correctly and if tools and capabilities are the best that we can provide them. So next week im going to be traveling to nato, the nato cyber cooperative, Cyber Defense<\/a> center of excellence to attend its annual conference. I expect that psi sigh conthe provide extraordinary incite on how our allies view the cyber domain and how International Law<\/a> are applicable and it will provide me with insight on how we can increase cyber collaboration against russian aggression. Admiral, id also appreciate your views on how we may strengthen collaboration with our nato apple lies. So in close rg are i just want to echo what the chair said about the importance of formal lizing notifications to congress of sensitive cyber military operations, the cyber quarterly brief provides us a forum to oversee Cyber Operations<\/a> and i was especially pleased with the participation of the joint staff and osd at the last engagement. However, in our oversight capacity, i believe that we must work with the department to gain timely, more standard notifications as the chair mentioned, and i know that were going to work toward that end. So with that, i thank you admirable rogers for appearing today, thank you for what youre doing at nsa and your Cyber Command<\/a> and with that i will yield back. Thank you, jim. I also would like to remind members that immediately following this open hearing the committee will reconvene upstairs in 2337 for a closed, classified round table discussion with our witness. Admiral rogers youre now recognized for your Opening Statement<\/a>. Thank you. Chairman stefanik, Ranking Member<\/a> langevin and members of the subcommittee. Thank you for your enduring sep support and the opportunity today to talk about the hardworking men and women of the United States<\/a> Cyber Command<\/a>. I look forward to discuss the posture and welcome the opportunity to describe how they conduct efforts in the cyber space domain and supports the Nations Defense<\/a> against so he 50 indicate and powerful adversaries. They recognized seven years ago that the nation needed a military command focused on cyber space. U. S. Cyber command and its ub soared nate elements have been given the responsibility to direct, operate, secure and defend the departments systems and networks which are fundamental to the execution of all dod missions. The department and the nation also rely on us to build ready cyber forces and to be prepared to deploy them when Cyber Attacks<\/a>, i dod support. The pace of International Conflict<\/a> and cyber space threats has intensified over the past few years. Hardly a day has gone by during that i tenure that we have not seen at least one cybersecurity event occurring somewhere in the world. This is consequences for our military and nation at large. We face a growing variety of advanced threats from actors who operate with ever more sophistication and precision. At u. S. Cyber command we track state and nonstate adversaries as they continue to expand their capabilities, to vns their interest in and through cyber space and try to undermine the United States<\/a> National Interests<\/a> and those of our allies. Conflict in the cyber domain is is not a continuation of kinetic operation business digital means. Its unfolding according to its own logic which we continue to better understand and were useding this understanding to enhance the departments and the nations situation awareness and to manage risk in the cyber arena. Id also look forward to updating you on our initiatives and plans to help do that. Our three lines of operation are to provide Mission Assurance<\/a> for dod operations and defend the department of defense information environment to support joint force commander objective globely and to deter or defeat strategic attacks. We conduct full spectrum military cyber actions in all domains. And sure freedom of access in cyberspace and denight same to our adversaries. Defensetive dod networks remains our top priority and that includes Weapons Systems<\/a> and their platforms as well as data. To execute our missions, i requested a budget of approximately 647 million for fiscal year 18 which is nearly a 16 inyees from fiscal year 17 do you to additional funding of elevation from the fiscal year 17 flrks daa billing out cyber force and capabilities and tools and jtf support in the fight against isis. Were completing the buildout of the Cyber Mission<\/a> force with all teams scheduled to be fully proigs operational by the end of fiscal year 18 and with the from the Services Continue<\/a> walgly increase sieb force readiness to hold targets at richk. Your strong an continued support is critical to the success of the department in defending our National Security<\/a> interests in cyber. As you well know, i serve as both commander of the United States<\/a> Cyber Command<\/a> and director of the National Security<\/a> agency. This dual hat appointment has a close relationship between cyber. Com and nsa. The institutional arrangement between these two organizations will evolve as ieber command grows to full proficiency in the near future. The National Defense<\/a> authorizedation act also described conditions for splitting the dual hat arrangement which can only happen without impairing either organizations effectiveness and ability to execute their missions. This is another provision i publicly state i did support pending the attainment of certainly critical Cyber Command<\/a> will engage with this subcommittee in other matters related to the enhancement of commands responsibility and authorities in the coming year. This would include increasing cyber manpower, enhancing the professional zation of the cyber workforce, building defensive and offensive capability and kpapt, and developing and streamlining our acquisition processes. These are critical enablers for cyber space and a globally changing environment and most or all of these particulars have been directed in recent nda acts along with the office of secretary of defense for policy and the joint staff well talk with you and your staffs to hiern out the plaem mendation details of that legislation. The men and women of Cyber Command<\/a> are proud of the rolls roelds that we play in our efforts and are motivated to accomplish our assigned missions overseen by the congress, particularly this subcommittee with the we work to secure and defend dod systems and networks, counter adversaries and support national and joint war fighting object difz in and through cyber 1rst century threats together in the private and Public Sector<\/a>s. This combined with agile olicies decisionmaking processes capabilities command and control processes will ensure that Cyber Command<\/a> maintains its potential to counter our adversaries. Processes capabilities i look forward to answering your questions. Thank you. We now turn to questions. First i want to thank you for your service and leadership. My first question is very broad. Last years ndaa elevated to a full comma bat nt command. What steps need to happen . I know that process is ongoing. Given the language weve spent much of the last year working our way through the specifics. If a decision is ultimately approved were prepared to apply that. Until we have an answer i would wait until we get into the how. Part of your responsibilities in section 923 when we alvated cybercome to the full combat nt command involved development of doctrine and tactics. What role do you have in advocating for or driving dock trinnle development . As the senior operational commander its the partnership between that cyber team and our fellow operational commanders and policy makers that help shape. So what is the dock trib that should shape how we employ this capability. If you look at what weve done over the course of last year, the efforts against isis, things were doing against other real world challenges are shaping the way we are looking at how we are shaping the force for the future. A couple years, for example, i can remember a year ago two years ago one of our fundamental concepts was we are always going to deploy forward and full teams. One of the things we found with practical experiences we can actually deploy in smaller subelements. Objectives in and thrr the reason im not a proponent is my concern is if we are not careful, we will view cyber as the very technical, very specialized, very narrow mission set. In my view is cyber fits within a broader context. And if you want to be successful in the ability to achieve outcomes in the cyber space arena, you need to understand that prodder context. Im afraid that if we go the Service Route<\/a> we will tend to generate incredibly technically proficient but very narrowly focused operators. And one of my take aways from being a member of the department of defense is we are best optimized for outcomes when our works fors has a broader perspective. We had a dialogue, is it so needing of specific attention that we should create a separate soft service. We ultimately decided that the right answer was to create a joint warfighting construct in 1987 was born special operations command. In addition, we said that that operational entity needed to be a little uniquely structured. It not only should be a war fighter but should be given budget resource that is enable it to not only employ capability but determine the capabilities that actually drive the investments and actually generate the capability. I think that is a very effective model for us to think about for cyber and Cyber Command<\/a> vice just automatically transitioning to the idea of separate service. My time is about to expire i now recognize mr. Langevin. Thank you. Congress has provided cyber come with limited authority. I want to commend the thoughtfulness by which it was implemented. Can you provide a general overview on how that authority will be excuted and overseen. Again, we thought it offered a good model. We actually Cyber Command<\/a> actually approached our teammates and said you have a skillset, you have personnel who are much more proficient in this area. So they were kind enough to actually identify the the two initials who are going to provide the oversight. Youll see that play out over the course of the next couple of months. Just a couple things to finish ironing out. You will see this implement this over the course of next few months. The authority has not been used yet. Not yet. There are some specific things i have to make sure are in place before we start spending the money and using this. That will all be finished within the next month or so. Can you provide an example of what you think the authority . What ive asked is weve already identified for example a series of capabilities through Cyber Command<\/a>s point of partnership. We call it. Out in Silicon Valley<\/a>. So ive got ive already got a structure interacting with the private structure. Now i want to overlay this authority to actually now i actually purchase, if you will, and acquire some of that capability from the private sector that weve been talking to them about now for the last few months. So ive tried to work the requirement piece in anticipation. Now weve got that and overlay the Acquisition Authority<\/a> you are going to see us to start to enter into some specific contracts focused on a couple specific mission sets defense and capability for Cyber Protection<\/a> teams is the first area were going to focus on. Very good. So i mentioned in my Opening Statement<\/a> that i am going to be attending the annual conference t nato the Cyber Defense<\/a> center of excellence next week. What is the relationship with the center and snateo and your opinion how can we cooperate more closely with our allies having that cooperation be strengthened . For example, like yourself, i was just out there last june and spoke at the same conference youll be going to next month. Every time i am in astonia i spend time at the center. The points i try to make are a couplefold. Irst, under the nato framework, the center represents the position of the members of the alliance that participate in the center. Not necessarily the alliance as a whole. So for example not all 28 nations, 29 now actually participate in the center. I would like to see if we can somehow tie the center to natos policy development for example. I think that can accelerate some things. Also trying capacity is a challenge and trying to meet our own priorities and help key allies. One of the things im interested in is creating a partnership with european command, talking about potentially placing an individual maybe in the center in the course of the next year or so to more directly link with ourselves. Also see what can we do within the xercise framework that alliance is starting to create in cyber now. Ive already extended invitations to them to observe our exercise e in framework but i would like to do the same thing in the nato arena. So you know it comes past cyber information sharing legislation thats something domestically but also we have robust Cyber Threats<\/a> framework but i would like to do the same thing in the nato arena. Information sharing for example the israelis. How are we doing with robust cyber threat sharing information with our nato partners. Right now, most cyber sharing tends to be focused in many ways on a nation to nation basis. Thats another one of the challenges that im interested in Cyber Command<\/a>. How can we work that more formally military organization to military organization. So were doing this once and not 29 different times. The other services have Cyber Command<\/a>s. What is cyber come doing as far as the manning and concept of operations as far as having duplicative issues within those services . The the way the the way were each of those Service Primary<\/a> Operational Cyber<\/a> subcomponent of u. S. Cyber command. So whether it is army cyber, coast guard cyber, air force cyber, fleet cyber, they have an operational relationship to me. Thats how we try to work the joint and the service piece in a very integrated way. I am the first to the acknowledge and i was a Service Component<\/a> commander before the job. In those Service Structures<\/a> they are both to me in the execution of their joint responsibilities but they also have Additional Service<\/a> responsibilities and i try to be the connecting partner with them commands is a and also par the Service Leadership<\/a> to make sure that from a service and a joint perspective within the department were aligned and focused on priorities and outcomes. So lets par lay that into that her federal agencies certainly have a cyber Space Department<\/a> so to speak. Cyber come as far as coordinating mechanisms between agencies could you explain that a little bit please. So we coordinate directly primarily in the rest of the government with the department of Homeland Security<\/a> thats particularly driven by the fact that one of Cyber Command<\/a>s three missions as if directed by the president or the secretary of defense to defend Critical Infrastructure<\/a> against acts of significant cyber consequence. We would do that in partnership with the dhs. So because of that were closely aligned with them. In fact i was just talking with the team yesterday between the private sector and in the private sector the u. S. Government has designated 16 different areas. Think about finance, transportation, aviation. There are 16 different segment that is the federal government has dezzyig nated as critical. Weve picked one of those 16 segments to do a test case, if you will, between dhs, Cyber Command<\/a>, that private sector as well as nsa from an information and intelligence sharing. That would be the nsa rule to try to get down to execution level. How would we do this day to day. My experience as a military individual has taught me i dont like to do discovery learning when im moving to contact against an op ponenlt. It tends to be high loss rate. Incredibly inefficient and ineffective, often resource intensive and much slower. How can i create those relationships and exercise them now before we get into a Major Incident<\/a> directed against one f those 16 segments. What is cyber comes supporting role . Has the d. O. D. Codified that relationship so that if there is an incident or accident that that can be really instituted very seamlessly if such an event should happen . Our role on the defensive side is to support and ensure the continued operation for example of those networks Weapons Systems<\/a> and platforms that those operational on to rs and count excute their missions. In addition we generate offensive capability particularly for a paycome and other on to excute their missions. In geographic commands outside the United States<\/a> because we dont really see i dont think right now in my mind how would we apply cyber offensively capeably in the United States<\/a> thats not the role of the d. O. D. Our focus inside the United States<\/a> would be largely defensive. One of the things its a focus area ive set out a series of goals for 2017. One of those goals is increased Cyber Reserve<\/a> and guard integration to get to the question that you are really driving at. How do we make sure that for a domestic incident that all elements of the d. O. D. Are aligned and we all know how were going to do this and all the forces know what their role is going to be the command and control is all outlined. Northcom knows what theyre going to do, i know what im going to do. I would loik to use the defense support Civil Affairs<\/a> which has been an ongoing process weve used for decades. I would like to use that as a test model. Im a big fan of lets use what is working elsewhere. Lets not create Something Different<\/a> or unique the that to the maximum extent that i can. Thanks for coming. I would like to go back to the question of unified Cyber Command<\/a>. Your answer i wasnt concerned about the the answer the portion of the answer like were still working it out. I was concerned because i thought i heard you Say Something<\/a> that runs counter to what we told you all to go. That is the decisions made to do this and that is the secretary and the president dont need to make a decision d actually do a unifie command. Command. It does beg the question to that capability what flecksibility do you need in person knelt, what flexibility do you need to fully utilize and even develop a formal framework . Among the ways that we try to ask ourselves, if were going with a Service Based<\/a> approach which is what were excuting how would you do it. We came up with a couple of baseline principles. The first is it doesnt matter what your service is and doesnt matter if youre guard or reserve we build to one standard. We have created a joint framework for every position within the Cyber Mission<\/a> force we can tell you what the pay grade is and we can tell you what the qualifications standards are and what the duties are that are assigned the position. Weve got to create integrated force and if we do a thousand different variance i cant optimize that. The second thing i said was the structure of the teams needs to be the same regardless of whether its a particular service, guard or reserve the analogy i use was it doesnt matter if we have an f16 squadron in the guard or in the active force. Theres one squadron nomenclature for an f16 that we can then employ anywhere globally because we know everybody is built to the same standard. So that was another principle i said. The only way we can make a Service Based<\/a> approach work is active or reserve guard or reserve it doesnt matter. Were building to one standard. If we stick to that framework im very comfortable that we can make a Service Approach<\/a> work for us. If we insist on variance, if we insist on everybody doing their own thing, im the first to admit this is not a model that is going to generate the outcomes that we need. Im the first to acknowledge that. The role of the private sector . So the private sector when i look at them, a couple things come to mind. Number one, theyre providing theyre the ones going to provide the human capital. Whether that ends up wearing a uniform, whether part of our civilian Government Workforce<\/a> or a contracter force. They dont start in the private sector. So its one of the reasons why i spend a fair amount of time in Cyber Command<\/a> and as the director of nsa for that to the same extent in some ways with the academic world with private industry about so tell me how you create a workforce. What works for you. What incentives are you using, what has failed. In hindsight you say to yourself dont go down this road because it failed spectacularly for us. Even as i acknowledge theres a difference between government and the private seblingter. I still think theres things to learn from each other. In addition i think two other areas were the private sector. The first is technology. The days when d. O. D. Is going to be the engine for technological innovation and change i think are long behind us. It is just not the d. O. D. Model. That is why we created a point of partnership in Silicon Valley<\/a> and in boston, its why i thought the acquisition piece was so important for us. Weve got to be able to tap into that private sector in terms the of acquisition and technology and capability. And then the last area is a little bit counter intuitive in some ways. When it comes to the generation of policy, concepts, thought, the private sector can play a huge role here. I think back to the beginnings of Nuclear Deterrence<\/a> and Nuclear Policy<\/a> for example. If you go back in the 1950ings, and you read much of the thought process, much of that was flowing from the academic world. Hardly anybody remembers now that Henry Kissinger<\/a> in the 1950s, and early 19690s was a professor at harvard writing about concepts of Nuclear Deterrence<\/a>, Nuclear Deployment<\/a> that he and others ended up sharing the strategic vision. I would like to see us do the same thing in cyber. As we begin the process of looking at the 2018 budget, i am interested to know to what extent you were able to factor in strategy and threats and sort of Strategic Thinking<\/a> about what needs to be done as you put together the budget for Cyber Command<\/a> and to what extent youve still been ham strunk by the bca and those cap numbers. So like any entity its all about prioritization for us. Weve spent a lot of time figuring out finite resources and growth how were going to prioritize. So our inputt for the fiscal year 18 budget and truth in the lending we just rolled it out as the government as a department this afternoon and during the midday today so i have not yet seen the specifics yet. I know what the broad number is but i havent seen the subelements of that so i will talk broadly. For the 18 input, we try to identify those priorities. In a macro sense, in no particular order ive been arguing man power, investment and corps capabilities, and then number three how can i accelerate number one and number two. How can i do both of those faster. Ecause in some ways even though as the one ransom ware issue that weve been going through shows theres af a capability theres a lot of motivated men and women doing good work. Impacted and that wasnt from a impacted and that wasnt from a lack of effort we spent significant Time Starting<\/a> in march asking ourselves how might this play out how do we position ourselves in the case of because microsoft had put out the patch. We as users saw that and started asking ourselves how might an opponent attempt to exploit this vulnerability. One of the reasons why we use a defense in depth strategy. Solution, one single no one single way to fix this problem. Its layers built on top of each other. That has been the key to our success. So were asking ourselves how can we do this faster. Every day one of my biggest concerns is and ive never really had this same viewpoint in almost 36 years of commissioned service. Every day i literally solution, no one single way to fix this problem. Think to myself we are in a race to generate more capacity and more capability at the same time than im watching a host of global actors do the exact same thing. So were trying to sustain both staying up with them but quite frankly my objective is to to set. Ead of the problem i dont like reacting to things. I dont think thats what the nation wants from us. So until im able to bore into the specifics of the budget that kind of gives you a broad sense of what i thought we needed to focus on. Would you say that the budget as has been proposed provides resources necessary to regain superiority in areas that weve lost it . It certainly moves us along that road but no one should think for one moment that this not unlike some others, is ing to require increased and sustained investment over time. This is not going to be a one or two years weve increased by some reasonable number which has been the case for the last two years and thats all youre going to need. If you look at the scope of the challenges associated with this mission set and from where were starting weve got a lot of hard work ahead of us. Would you talk a little bit about how youre going to measure success and how youre going to measure progress along that path of regaining superiority . So theres a couple components to it. First weve developed a set of or in the process of developing a set of metrics so how do we truly assess readiness for this force that weve created . Weve focused for the first few ars on assessing initial operating operating capability and final operating capabilities when you hear us talking about and youve so theres a couple components to heard me in my re weve achieved ioc essentially on time. We will until 30 september 2018 to achieve fmp oc. But one of the things i tell the team is that doesnt get to war fighting. In the end its about our ability to operate in a sustained heavy environment. Just like when were building a brandnew carrier or o fighter wing. Ts not enough just to say weve got all the pilots, weve got all the parts. Its about training, assessing readiness. Were working our way through how were going to do that weve got all the pilots, weve got all the parts. Its. Then we ask ourselves are we driving down defensive penetrations . Are we driving down mallware infections . Theres some specific metrics that we think that we can use give us a sense particularly in the defensive side are we being more effective or not. Thank you very much. My time has expired. Help me understand a little bit how we make clear to other countries in the world the consequences of Cyber Attacks<\/a>. And conventional weapons wars there may be an understanding of what the consequences will be should one country attack another with a certain kind of weapon. What is our level of dialogue with other countries including the countries we view as threats including those countries i think wars there ma an understanding of what the consequences will be should one country attack another we know attacked us about what the consequences are Going Forward<\/a>. If i could in an unclassified session im not going to get into the specifics. And it hasnt been a one size fits all approach which is true broadly for strategy for us. We have been very public and acknowledge the fact that we ave been using cyber attack. We also think its in our best interest for others to have a level of awareness that we are invest t and employing it within a Legal Framework<\/a> not indiscriminately but we are employing it. Weve also took nodged publicly in unclassified strategy documents for the department of cyber space strategy that we are developing offensive capability that we believe that deterrence is an important concept that weve got to work our way through. Were trying to communicate to the world around us that were aware of the kinds of activity were seeing out there. Some we view with concern as a result we think it is in our own nations best interest to have a set of capabilities that both generate greater options. But at the same time help communicate to others around us you dont want to go down this road with us. Think the reaction or the way it played out in the United States<\/a>, for example, is a very good example of that. Look, in a major mallware effort that took down many systems and lots of other parts of the world did not have the same level of effectiveness here in the United States<\/a>. To what degree are we treaty bound to assist an ally who is attact through cyber . And are we already assisting allies who are and maybe to use that most recent example that you just gave . So thats a bit of a legal question. Not my lane but i will give you my thoughts from my perspective. We for example nato has been very direct in saying that they view cyber as a natural continuation of the standing article 5 framework where an attack against one is an attack against all. Even as nate of acknowledges the application of article 5 is through a decision framework in the North Atlantic Council<\/a> done on a case by case basis. Broadly thats the intent and communicated in multiple forms and ways. For other nations, you would have to ask snb who is a little smarter about the specifics of the standing mutual defense treaties. Let me ask another question because we know the russians attack integrity of our we know here because theyve done that in other count we would part center with d. H. S. To do that. We would do that. Cyber command. By attempting to interdict that activity before it ever reached that u. S. Network. Quite frankly we wouldnt focus on blue or friendly space. We would be out in gray and red space if you will trying to stop he activity. Once its then once it gets here d. H. S. Has created a sector framework. Teams we would also deploy in partnership with d. H. S. To support among those 16 specific Critical Infrastructure<\/a> areas again one of the things i mentioned early that i want to test. Were going to start using one particular sector thats a little more mature than some of the other 15. Thank you. Well, thank you. Thank you for your service to the country. You stated that your First Mission<\/a> priority is defense of d. O. D. Information networks. Would you suggest that that means that defensive operations doctrinely will take precedence over offensive operations . No. Because i remind the team we have three missions and we have to be capable of excuting all of them. I cant go to my boss and say i chose to focus on number one. Dont get me wrong. Like any commander i have to prioritize. As im looking at the challenges i have told the team we will prioritize. We still have to excute. But like any other Operational Organization<\/a> in time prioritize got rces focus but weve to do all of them. Well, as you know the d. O. D. Lies upon the civilian power grid for 99 of its Power Requirements<\/a> without which im told that it becomes impossible to affect the d. O. D. Mission. Do your priorities include protecting u. S. Power grid and other Critical Infrastructure<\/a> against Cyber Attacks<\/a> . Again, i know responsibility for the defense of that in the United States<\/a> i will say one of the things im interested to see if maybe we can look at doing differently. Right now when it comes for example to Critical Infrastructure<\/a> that the d. O. D. Accounts do its mission when it comes to clear defense contractors who either are generating the capability that is we use against fighters, for example, and other platforms as well as private industry, for example, for transcome that provides services, lift, vement of cargo, under the current structure the defense zuret Services Overall<\/a> responsibility for the interface with those private companies not transcomfor example even though they work a transcome or provide service. Not necessarily with us. I would like to see is there a way to bring those operational commands Cyber Command<\/a> dss and that private sector together in a much more integrated way. Because what were finding right now is i will become aware of activity. I will pass that to dss. Dss passes that to the private sector. That doesnt come across to me is this the most fastest agile way to do business. I would like to see if we can try to change that. Admiral, you know thats been one of the challenges in the past that sometimes the whole notion of protecting the grid from Cyber Security<\/a> challenges is kind of walks the 13th floor of humanity because we and the department your department consider that a civilian responsibility of course the civilian response is that that is a National Security<\/a> issue and should not be our responsibility and my fear of course is that neither the sufficient focus on it necessary and given your stated so worth always Touching Base<\/a> on. How will Cyber Command<\/a>s posture improve once its elevated . Do you believe youll have all the resources youll have to accomplish your assigned missions . And what will the number one challenge be . Let me try to unpackage them if i forget one let me know. So first whats the benefit of elevation. Why have i and others recommended that that the smart course of action even as i acknowledge the decision is not mine as weve already talked outlined within legislation how its a timing issue absent a change in legislation. In the departments processes, when it comes to how we develop budgets, how we articulate prioritization, how we develop broad policy, it is generally built around the idea that the the comma combat nt commanders are the primary voices for the end of those processes not subunified commands. So one of my concerns has been we talk about the the importance of cyber and i acknowledge there are other priorities. And yet for some not all but for some of our processes and cyber expertise is not embedded in the current structure. I believe that elevation plugs us more directly into the primary Decision Making<\/a> processes within the department which are for combhancheds it also makes us faster because now ive got one less layer. Ive been blessd in my time. The strategic commanders i have worked with, general and how quickly we forget. I can picture. Theres a good plag officer friend. They were great to team with because i would tell them look if were going to insist everything i do flows through of ut i cant get the timeliness or the speed this helps address that. Time has expired. Now recognize mr. Cooper. Could you reflect on this proposal and whether it is a good idea or not. So broadly and i know i speak for mike rogers because im not in the policy lane but i have an opinion. As an operational commander my concern is while theres certainly historic precedence for this nation states have often gone to the private sector when we lack government capacity or capability. We did that in a revolutionary war. We didnt have a navy we went to the private sector gave them authority and protection via our government to say go out and capture cargos from the royal navy and british march nt fleet. My concern is be leery of putting more gun fighters out in the street in the wild west. As an individual tasked with protecting our networks, im thinking to myself, weve got enough cyber actors out there already just putting more out there im not sure is in everybodys best interest. I would be concerned about the legal liability you might and im not a lawyer but i would think that you have some liability issues associated with taking actions with sked and third order effect that is you dont truly understand. Thats just my concern. Are other countries doing this . Are you familiar with any other countries that have enabled their private sector . There may be equivalent Legal Framework<\/a>s out there. I certainly not that have come to my attention and not that i have had a discussion about. I was curious you used the gun fighter analogy because some people thought nra might set up a whoa null wing of activity for this. Whole new wing of activity for this. To the extent that private business in this country feels disconnected from government or that as you pointed out earlier government response is too slow or that certain National Security<\/a> interests are not recognized as being National Security<\/a> interests even when its protecting the grid, i think youre probably going to see greater pressure. I would agree. In some ways it goes back to again show youg my war college education. I dont want you to think as a taxpayer i didnt listen when i was sent to service college. The application of force has generally for the last several centuries been viewed as a mission or a right of a sovereign state. Not something that the the private sector does. We dont use for example for us we dont use contracts to actually drop and fire weapons. We dont use mercenaries to do that. We use uneforled immigrantry. I would be concerned that going that route again argues against the broad principles weve used about the role of the state and applying force. It depends on the situation but im the first to the acknowledge 100 attribution is probably a standard were going to be driving forth for a long time and not necessarily achieve immediately. What percentage of accuracy would you give us today . It depends on the acter. If you take for example speaking now as on the nsa side if you take a look at the the efforts we did in the Intelligence Community<\/a> assessment with respect to russian efforts to influence the 2016 election process, really high confidence. Very fine grain attribution. If you take a look at for example where ten days into this in collectively both the private sector and the government were still working our way through who are the acter, who is the acter or actors associated with this. So it tends to vary. Theres no single concrete answer. So with the elections were close to 90 , 95 , and 60 but i dont know. Ive never really thought about it from a number. Ok. Mr. Scott. Thank you. Admiral a long way from auburn university. I hope you never lose a war or win a ball game. Im a university of georgia graduate. I have a brother who went to the university of georgia. He as good man. Misguided individuals. All kidding aside thank you for your service and we talk a lot about how Fast Technology<\/a> changes. And the the the acquisition process being a problem. Throughout the department. I would like to hear your comments on the personnel again you speak to this in your comments. You know, when you get the young man the young woman out there thats the best and the brightest, there are opportunities in the private sector versus opportunities in the Public Sector<\/a> under your command. The challenge is there. What sue of percentage of your personnel are civilian versus uniformed . Roughly were about 80 military about 20 civilian. Thats kind of what were building to. It varies in some areas. I know we have a tremendous number of wonderful people in uniform. Some of the people that we see that seem to be the best and the brightest in the Technology Field<\/a> arent exactly the people that you imagine going to boot camp. How do we recruit in case do we have a system in place to allow those people to serve . Its one of the reasons why we try to come up with a total force concept for us. Active, guard, reserve, civilian contracter. That within that pool of five subpopulations, if you will, we can match almost any individual. Hey, i really want to get into this. I want to serve the nation. But i have no desire to deploy or be put through the physical Fitness Standards<\/a> of the uniform. Boy, i would love to work for you as a civilian. I like mobility. Im going to try the contracter route so i can move around a little bit. We try to build a structure that enables us to try to attract a pretty broad swath. The Positive Side<\/a> to me is when you get people in the team i was just talking to one of the Service Review<\/a> panels. One of the services out there has created has asked a party of gray beards to take a look at how they manage the Cyber Mission<\/a> force within their service and to answer the question are they really optimized for the future and i coincidentally this morning was just sitting down with this retired former chief and i said well youve talked to the teams because they did that as part of the process. Tell me what youre hearing from them. Because i have a sense but im curious what youre hearing. He said to me the most amazing thing is every teasm with talk to these men and women are so motivated in love with what theyre doing. That is a real plus. They are really into this mission because the selfimage theyre the digital warriors of the 21st century. The challenge weve got to work with the services who provide this man power capability, how do we manage it effectively over time and how do we also build into this the fact that weve got to the acknowledge theres some areas were going to need to do differently . We cant put a person in this once and then spend all that Time Training<\/a> them and then dont do it for another ten years. Thats ridiculous to me. On the other hand i realize theres more than a Cyber Mission<\/a> force. How are we building a broader workforce. So im working with the services about what percentage of the eligible trained population makes sense, what kind of policies we should have with respect to the retouring them so we sustain some level of capability and experience over time and were not starting u over again every three years. One of the challenges that one service is trying to deal with. Im trying to argue weve got to make some changes to. We cant just afford to retrain anybody every three years. Its a little demoralizing to the men and women. I think this is going to be one of our greatest challenges Going Forward<\/a> and how we handle the cyber war if you will and not just with your issue. We hear the same thing about the drone pilots and how dedicated they are how determined they are. And you know the need for flexibility with where they work and the time that they work. And i recognize from a pay scale were nowhere close to what they would get. But on the other hand so i appreciate their commitment to the country and youre commitment to the country as well. Thank you. Mr. Wilson. Thank you for your extraordinary leadership on organizing this hearing. Its an honor to be back you. We appreciate your Innovative Service<\/a> to address the issues of Cyber Defense<\/a>. S a former chairman of the on emerging threats and capability, im keenly aware of the huge challenges that lie before us and the extraordinary men and women that you put together to serve in your on emerging threats and capability, im command. Are Cyber Security<\/a> is a 124 hour, 30 a day, 365 day a year responsibility that requires instantaneous analysis, response, and deterrence. After each cyber attack, we have the circumstance where the government officials are grappling with whether or not c. Cyber security it constitutes a mere nuisance or an act of war. It is for this reason i introduce the cyber attack measurement study act h. R. 1030 which would require that a director of national intelligence, the Homeland Security<\/a> department, f. B. I. , and secretary of defense to conduct a study to determine appropriate standards that could be used to quantify the damage of Cyber Incidents<\/a> for the purpose of determining appropriate response. And two questions. Do you believe that there exists an interagency definition for cyber act of war . And do you believe that we have a common petric to measure a cyber incident which could benefit the interagency response . I think theres a broad certainly in the kinetic world theres a broad definition out there of an act of war. T even in the kinetic world, its still somewhat situation yaling. So i fully expect our experience in cyber is going to be something similar. It goes to the a previous question in some ways articulating those concepts in a way that actors understand that you may be tripping a threshhold that will trigger a response, i think thats in our best longterm interest. That helps i think the nation states actors groups out there understand there are potential prices to pay here. And at some point you will trip a threshhold again depending on the scenario and thats not a good place for you to be. Were clearly still working our way through there. Im not a policy guy im an operational guy. We try to figure out what do we do once the policy maker makes that determination. And thank you for recognizing too it can be nation states. It could be other actors. What a challenge. And were so grateful for your service. One of the first challenges that you have are updating antiquated infrastructure. Im grateful that the district fort esent is adjacent to gordon home of the army Cyber Command<\/a>. Can you please describe the amount of Infrastructure Modernization<\/a> that needs to occur and how the demand differs across the army, navy, air force and marines. So as we saw and ill use as an example were work ourg way through the services because i have overall operational responsibility to services physically own much. They own much of the infrastructure. So i partner with them in attempting to address that infrastructure Cyber Security<\/a>. One of the things we continue to find is we are still carrying a lot of very old infrastructure that offers potential increased vulnerability. And the defense indepth approach we use is designed to help mitigate that but i literally just sent a note to a service chief earlier this week and Senior Leaders<\/a> in that service and said, look, at some point these vulnerabilities down at the the tactical level potential to exploit that has a chance to demeg gate that. I find weve talked a lot about man power but in some ways to me the acquisition piece, thats even harder because its long term, its huge costs and it is competing against priorities like so do you want me to buy more f35s . Additional carriers . Do you want more brigade combat teams . In a world of finite resources youve got to make those resource tradeoffs. And in general, the acquisition world hasnt historicically always been incentivized for ber security outcomes as its primary metric. Thank you very much. We look forward to working with is the chairwoman to back you up primary in every way. With my time running out, i do want to thank you for the participation by the National Guard<\/a> and your efforts. What has been the level and what more can we do to help you in this regard . Look at Cyber Command<\/a>, we have over 100 guardsmen and reserves every day supporting us. Every day we currently have guard components activated on the defensive side, on the offensive side. Some of our specialized capabilities. So the guard is a day to day player for us. If you also look at with a the guard is doing from a thank you very much. Time has expired. Theyre calling votes so i want to get to everybody. Thank you. Good to be with you here today. I appreciate it. What you were talking about various structures of how we set up our command and where were headed. Im curious what our adversaries are doing. What do we know about how theyre structured and looking at what theyre doing and maybe guiding us in some way . In some ways its kind of interesting. Not going to get into a classified discussion but broadly Cyber Command<\/a> has viewed as this is an interesting concept that the u. S. Has created. What can we do to help emulate. Not arguing that its perfect. But in general, i spent a lot of time talking to allies and theyll often say to me while we may not opt to go the same particular structure youve created, the process you went through, the capabilities youve developed, the way youve created an organizational operational construct thats focused on generating outcomes were interested in doing that. Is there a way we can potentially partner . So part of Cyber Command<\/a> mission set right now is weve spent a lot of time with foreign partners around the world. I cant im the first to acknowledge i have to prioritize here but as part of the broader Department Strategy<\/a> i have prioritized different areas of the world that were heavily focused on in terms of partnership and helping those nations develop cyber capabilities. Thats our allies. What if you mentioned in a different setting going into more detail. If i could, i would be glad in the closing. Another time. I appreciate that. You did mention that we wanted people to know some of the things we were doing to counter isis. And maybe thats kind of hitting them but a shot across the bow for others. Have you felt that its had an effect . I certainly hope so. Because quite frankly again one of the reasons we opted to publicly acknowledge this was we wanted other actors to be aware that we are developing and employing again within a Legal Framework<\/a> but we are developing and employing these capabilities. There certainly is an increased awareness by some actors around the world as they look at us, as they try to study us about capabilities and kinds of things were doing again. Not getting into specific bus were certainly aware of that. In another setting. Yes, sir. I would be glad. Well have that opportunity im sure. Thank you very much. I yield back. Yes, sir. Thank you. Thank you very much admiral rogers for your testimony. At this time they are likely to call votes in the next couple of minutes or so. After votes are finished we will reconvene upstairs for the closed portion of this. If there are additional questions from the members please feel free to submit them for the record and we can anticipate a response. This committee is adjourned and we will reconvene. Thank you, maam. [captioning performed by national captioning institute] [captions Copyright National<\/a> able satellite corp. 2017] this morning President Trump<\/a> takes part in Memorial Day Services<\/a> at Arlington National<\/a> cemetery. Our live coverage beginning at 1 00 a. M. Eastern. I would like to turn to your new privacy bill the browser act. Can you tell us about the bill and also what drove you to introduce it . People are ready to see something come forward from us on the issues of privacy and on data security. And certainly now were beginning to have not only states but cities look at privacy regulation. And theyre doing it because the federal government, because congress has not taken an action. And now that the privacy issue will not have two regulators, which is a good thing, were going to have one. And the ftc has historicically been the the regulator of privacy in both the physical space and the virtual space. And we think its important to have one set of rules for the the entire eco system and one regulator for the entire","publisher":{"@type":"Organization","name":"archive.org","logo":{"@type":"ImageObject","width":"800","height":"600","url":"\/\/ia601500.us.archive.org\/8\/items\/CSPAN_20170529_084600_Admiral_Michael_Rogers_Testifies_on_FY_2018_Cybersecurity_Budget\/CSPAN_20170529_084600_Admiral_Michael_Rogers_Testifies_on_FY_2018_Cybersecurity_Budget.thumbs\/CSPAN_20170529_084600_Admiral_Michael_Rogers_Testifies_on_FY_2018_Cybersecurity_Budget_000001.jpg"}},"autauthor":{"@type":"Organization"},"author":{"sameAs":"archive.org","name":"archive.org"}}],"coverageEndTime":"20240628T12:35:10+00:00"}