Transcripts For CSPAN2 Hearing On Cybersecurity Policy 20151

CSPAN2 Hearing On Cybersecurity Policy October 5, 2015

Of the nation in broad terms, and strong encryption is important to strong internet defense and will defend it is in our best interests. Within the broad framework of though the challenge we cant figure out is realizing that communication that the use by very law abiding citizens, nationstates and companies engage in lawful activity is also being used by criminals, terrorists, nationstates who attempted generate advanced against the United States advocates are allies and partners. So were trying to figure out how do we balance these two important. Is a privacy and security, and realizing the world around us is changing in a foundational way. So were trying to come to grips broadly with how do we do with the reality of the technical world around us to yet the broader legal and social imperatives we have begun the first acknowledge we do not have a defined way to hit you in the end i think this is about how to get the best minds together to address this. When i look at our capabilities are is a problem we cant overcome when we worked together between the private sector interest, academic world. I think thats the way ahead in broad terms. Thank you very much. Thank you, mr. Chairman. Thank you, mr. Chairman. Sandra inhofe is chairing the epw committee. He couldnt be here. Youve given us a good summary of the threats that we face other threats that are actually occurring today, and i appreciate that. Senator mccain fantasy about staff reporting on the policy that congress has asked you to report on, and that not having been done. Mr. Secretary work come into 2014 nba a the senate and house agreed on a provision that required the services to report on the cyber vulnerabilities of weapons and Communication System to connected by networks. Something that came out of our strategic subcommittee on a bipartisan basis and was eventually expanded to include all Weapons Systems, not just satellites and missiles a National Missile defense. We dont have that final report. I believe its overdue. This budget i believe it is 200 million in it to help fund this effort. What can you tell us about that . First let me say may take some time. If it does, i understand but i dont think we got any report from the dod to state what progress youve made and how much longer it will take. Well again on both of the boys come on the policy we expect that its in the final deliberations, its an interagency effort, you know, generally try to establish norms and deterrence is central to the policy. But again its a denial precise and cost a position. I am the first to do with the farthest ahead on the denial and resilient sport. Those are the areas where we are moving faster, the cost imposition part because weve elected to retain the retaliatory mechanism of Cyber Attacks of the National Level just like Nuclear Weapons because of the risk of escalation. What about the other, the vulnerability of our Weapons Systems . It is a big, big problem. Many of the Weapons Systems we have now were not built to withstand a concerted cyberthreat pics are going through every single one of the Weapons Systems which Frankie Kendall has done is has prioritized the Weapons Systems inc. Is working to very carefully and i expect this work to be done very soon. We now have new requirements in our Key Performance parameters speed so you have assigned an individual to be responsible for this speak with this. Frankie kendall is the one whos going to all of the different working with obviously our cio, also the Cyber Command and all of our cyber experts. Which is responsible for taking a look at the Weapons Systems and also requiring kpp. Performance parameters, for new Weapons Systems so when we build them cannot Cyber Defenses built in from the beginning. What about our defense contractors. Admiral rogers, they maintain and build a system and have highly Sensitive Information. Are we satisfied they are sufficiently protecting . We acknowledge theres a vulnerability. We been public about our concerns about for nationstates trying to access some of the operational technologies to penetrations in a clear defense contractor between clear defense contractor between a forest if we pay changes to the concoction relationships between us and those copies went out to meet minimum requirements, and foremost now of penetrations. We are clearly not what we need to be but we continue to make progress. I think its a bipartisan commitment on partners to help you with it. Secretary work, if it takes for my let us do. We will have to evaluate to get i also understand some of the protections can be done without much cost some may require considerable cost. We hope you will complete about. Admiral rogers, you i believe last week reported in the Los Angeles Times about the threat from china. You note one thing that theyre involved in obtaining u. S. Commercial and trade data in a foreign nation, advanced nation, ally of ours. I was told that one of their companies bid on the contract and that the chinese have got all the good data from the web and discount was its hard to win a bid when your competitor knows what you are bidding. Is the kind of thing happening . It has been. We have been very public of that. I think thats reflective in the agreement that you so raised during the president of chinas visit last week where we are explicit about that concern. My time is up but i would just ask, you are not allowed if you saw an American Business being a damaged to improper action, you are not allowed to advise them or share any information with them while our adversaries defenses their businesses . I would provide information and insightful in my intelligence have asked director dennis as will the command of the Cyber Command if under that sort of became of activity i would share the insights with the dhs and fbi to have a Mission Associate with interfacing with the private sector in a much more direct way than i do. Senator manchin . Thank you, mr. Chairman. Thank all three of you for your service and being here today. Admiral rogers, start with the. Which country is the most determined and successful hacker of the u. S. . Could use u. S. . Could you see the one what im . Which country deeply into those committed, successful hacker of the u. S. . If you look at volume and nation statewide, nation statewide, china, prc has been the one we been the most vocal about. They are not the only one by any stretch of imagination. I thought the last time i recall you think of more concerns russia the more of the ability or expertise to do us damage. I thought your question fully focus more on volume. If the prospectus capability, if you will, then we been very public about saying i would probably put the russians, their capability. But it seems like china is more committed and determined . They do it at a volume level. I understand. Director clapper, if i may, i know you just said no come emphatically no, you dont believe that this agreement that the president of china and our president has made last week will work. With that, is there any penalties in this agreement if one or the other violates or is it is basically what weve agreed and let it go at that . The terms that i have seen, i dont think it treats specifically penalties or certainly implied penalties. I think the threat of economic sanctions which brought minister mong to this country i think is a luster to of owning something to the chinese if they transgress or violate this agreement. I think as admiral rogers was discussing earlier, with respect to sanctions their certain our hope of governments possibilities here. Dont have to do necessarily cyber eye for an eye. It could be some other form of retaliation. I dont think, to answer your question, police were unaware that there are specific penalties if the agreement is violated spirit thats why i think youre pretty quick and send you dont think you were. He said no to that i think when the chairman asked you. The reason i said no of course is the extent to which a chinese prolonging of our data, our intellectual property is pretty pervasive. I think the question to the extent to which the government actually orchestrate all of it, or not. I think were in, to borrow president reagan term, trust but verify mode, at least as far as intelligence is concerned. We are inherently skeptics. Could i add something speak with i have a question for you, secretary, and you can go ahead and add to that. Recent news article that examines similar between chinas j. 315 of our strike fighter, with a been able to do in such a rapid. The time without any r d come to believe that gives them a competitive advantage . I understand there may be some differences as far as in the Software Come in the weaponry and this and that. But they are making leaps which are uncommon at the behest of us. And we notice i understand people we are not taking any actions against them spent id like to work this in and follow up with your first question. At the highest levels weve made it clear that we believe chinese actions in the cyber sphere are totally unacceptable as a nation state. We made that clear in a white right of different ways that i would characterize the agreement that we have as a confidence Building Measure with the chinese were were asking them to prove to us that they are serious about what they say, about what theyll do to control these efforts. They were really for things we agreed to do. First, we would give time responses to information when we say hey, we believe theres a problem here and weve agreed to Exchange Information on cyber crimes, weve agreed to possibly collect electronic evidence that could mitigate malicious cyber active if it is occurring on our soil. We both agreed we would not knowingly conduct cyber enabled theft of intellectual property which as you say has been a problem. We are told and thats a problem, is unacceptable. They have said that they will work to curb that. Then weve agreed to, effort to promote international norms, and the final thing is we will have a high level joint mechanism when we can meet at least twice a year and say look, this is just a working. You are not coming through with what you have said. So this isnt a treaty or anything like that. Its a confidence Building Measure for us to find out if china is going to act responsibly. I agree totally with the director clapper. Theyve got to prove to us, and we know that theyve stolen information from our defense contractors, and it has helped them develop systems, and were pardoned our systems through Defense Industrial base initiative and were trying to make we know that j20 is pretty much mirroring our f. 20. We know that j. 31 is pretty much mirroring our f35. When we know this and the cost to american taxpayers and let them, why wouldnt we take heart actions against them . Why wouldnt we, i dont understand why wouldnt retaliate. There are a wide variety of cost and position options that we have. They are developed through the interagency. And again its not necessarily kind, i mean, titfortat. It is proportional response and were working through all of those right now spend my time is up and if i could followup on the that if we could meet with you later. Absolutely. If i may just add a word here about, this is a point admiral rogers has made in the past about terminology, lexicon, nomenclature definitions are important. And so what this represents, of course, is espionage, economic, Cyber Espionage. And, of course, we, too, practice Cyber Espionage in a public forum to say how successful we are, but we are not bad at it. So we talk about what are we going to do to counter espionage or punish somebody come retaliate for espionage, i think its a good idea to please think about the old saw about people who live in glass houses shouldnt throw rocks. Gotcha. So its okay for them to steal our secrets that are most important i didnt say that. Spent because we live in a glass house, that is a standard senator ayotte . I did not said its a good thing. Im just saying that both nations engage in this. I want to thank all of you for being here. With regard to the chinese, i want to follow up on, we talked about the feeling of the stealing of the highest secrets in terms of our weapon secrets. But what about the 21 Million People as background check and personal information has been of course associated publicly with the chinese . And the fact we know that 5 million sets of fingerprints as well leading to potential vulnerability for our citizens. And if you put that in the context of these other issues that weve raised, it seems to me, i look very carefully, for example, secretary work, some of language youve been using it to give a speech at the Royal United Services institute in london. User deterrence must be demonstrated to be effective. Sector klapper into a prepared statement he said the muted response by most victims to cyberattack has created a permissive environment. So im trying to figure out based on what you said how we are not in a permissive environment in light of what they have stolen on our Weapons Systems but also this huge infringement on 21 Million People in this country. And also could you comment on the vulnerability of the david and where we are in terms of how it will be used against us . First, that is an assessment of what was taken. We actually dont know in terms of specifics but that is i think frames and magnitude of this theft. And it is potentially very serious, has very service applications. First, close to home from the standpoint of Intelligence Community at the potential for identifying people who may be under covert status. Just one small example, and, of course, it impose all kinds of potential and a fortuitous basic it is going to keep on giving for years. So its very series of situation. What we tried to do is educate people what to look for an out to protect themselves, but again of this is a huge threat, fast, and it has potentially damaging implications for lots of people Intelligence Committee and ts of people in department of defense and other i think what youre hearing from some of us up here is just now, what am going to do about it is the issue, as opposed to shared agreement on generic principles with the chinese. This is a set or a significant issue that is going to impact millions of americans. Im not doing what were going to do about it at that maybe a higher level decision going up to the president , bu i seems toe if were going to talk about deterrence if we dont follow up with action, and if you look at that combined with the test when we heard last week about the artificial islands being built by the chinese and the fact that we wont even go within i believe its 12 nautical mile of those islands, if you put that all from the chinese perspective i think you would think we can pretty much do what we want to do because we havent seen a response. Now, im not asking from all of you to add to that because it probably needs to be answered by the president and his National Security team, but he seems to me that they are missing a response right now from us and, therefore, were going to see, continue to see bad behavior from the chinese. Before i go out have an important question on another topic, secretary work, and that is, yesterday we heard public reports about a potential violation of the inf treaty by the russians, and that essentially russia flight tested a new groundlaunched Cruise Missile this month by u. S. Intelligence agencies say for the violates the 1987 inf treaty. And, of course, this is going back also to the reports as early as 2008 of the russia conducting tests of another groundlaunched Cruise Missile in potential violation of the inf treaty that weve raised with it and went secretary carter came before our committee on his confirmation, he listed three potential responses to these ins violations. So now we have the russians violating the inf treaty yet again, and i guess my question is, secretary carter rightly identified that we should respond either through missile defense, counterforce or countervailing measures. What are we doing about it . Center, this is a longstanding issue that weve been discussing with the russians are the system youre talking about is in development has not been fielded yet. We have had different discussions with them on our perception of the violation of the inf and have come back. This is due in discussions and we have not decide on any particular action at this point. So are you saying that you dont think they violated the inf treaty speak with we believe very strongly that they did. Thats what i thought. So what are they going to do about it . Because they have claimed they havent gone back to 2008 violations and now here we have another situation. Because they have not fielded the system were still in the midst of negotiating this position. Were giving hours, but if they do feel a system that violates the inf i would expect us to take one of three options that secretary carter outlined before the committee. My time is up but i see two consistent themes both with the chinese and the russians. A lot of talk, no action unfortunately, and people take their cues from that and that worries me. Thank you all. Thank you, mr. Chairman. Director clapper, you testified before the house Intelligence Committee recently that while the United States makes distinctions between Cyber Attacks conducted for economic purposes, taking foreign intelligence, thats the espionage agreement i think that you are referring to, or to cause

© 2025 Vimarsana