Permanent residents, many errors involved. You can watch this conversation on immigration and sanctuary cities any time on line, cspan. Org, go to our video library. We take to you a hearing underway, the House Armed Services committee on the fiscal 2018 budget request and emerging threats. Hearing now from admiral mike rogers, commander of u. S. Cyber command. I think back to the dialogue in the 1980 whz when i first joined first commissioned in the military in the aftermath of the failure of desert one and the effort to rescue those u. S. Hostages being held in the embassy in terrain. We had a lot of dialogue about is soft so specialized, so poorly understood by theth broad conventional part of the military, so needing of specific attention that we should create a separate sof service. We ultimately decided that the right answer was to create a joint war fighting construct. Thus in 198 was born special operations command. In addition we said that that operational entity needed to be a little uniquely structured. It not only should be a war firtd but it should be given budget it should be given Budget Resources that enable it to not only employ capability but to determine the operational capabilities and drive the investments that actually generate the capability. I think that that is a very effective model for us to think about for sidebarer and Cyber Command vice just automatically transitioning to the idea of a separate service. Thank you. My time is about to expire. I now recognize mr. Languageman. Thank you. Sir admiral, congress has provided cyber come with limited cyber peculiar Acquisition Authority. I wanted to first of all commend the thoughtfulness by which the provision was implemented. But can you please provide general overview of how that authority will be executed and overseen in the command . As you are aware we sat down with osd from a overseeing and technical perspective and asked which was the best way to implement the Acquisition Authority grant to us by the congress. Cyber command approached our teammates at so come and said look you have a skill set, personnel who are more proficient in this area. So come identified the two individuals who we have hired who are going to provide our acquisition oversight and certification, if you will. Those individuals were put in place just a couple months ago. The authorities are now almost finished which are going to see us starting this summer as weve identified it an initial set of priorities where we want to apply this authority in terms of acquisition. You will see that play out over the course of the next couple of things. We have a couple of things to finish ironing out. But you are going the see us implementing this in the next few months in the summer. The authority hasnt been used yet . Not yet because there are some specific technical and oversight and control things i have to make sure are in place before we start spending the money and using this. That will all be finished within the next monltsds or so i think. Can you speculate, provide an example of what you think the authority may be used for . What i have asked is we have already identified for example, a series of capabilities through Cyber Commandss point of partnership. We call it out in sol cone valley. So ive Silicon Valley. I already have an structure thats interacting with the private seconder. Now i want the overlay this Acquisition Authority where i actually purchase, and acquire some of that capability from the private sector that we have been talking to them about for the last few months. Ive trigd to work the requirement piece in anticipation of gaining the Acquisition Authority. Now that weve got that pretty much gone and i overlay the Acquisition Authority you are going to see us enter contracts, focused on mission sets, defense and capability for Cyber Protection teams is the first area we are going to focus on. Okay. Very good. So i mentioned in my Opening Statement that i am going to be attending the annual cyber conference at nato the cooperative Cyber Defense center next week. What is Cyber Commands relationship with cyber and nato. In your opinion, how can we cooperate more closely with our nato allies, how can that cooperation be strengthened. I was just out there last june, spoke at the same conference you will be going to next month. Every time i am in estonia i spend time at the center and actually talk to them. The points i try to make to my nato teammates are a couplefold. First, under the nato framework, the center represents the positions of the members of the alliance closest to the center. Not the alliance as a whole. For example, not oel all 29 nations participate in the center. I would like to see if we can somehow more formally tie the center to nato. That could help i think so this. Also im trying capacity is certainly a challenge. Im trying to meet our own priorities as well as help key allies in the nato alliance. One of the things im interested is i have created a partnership with european command, we are talking about potentially placing an individual maybe in the center in the course of the next year or so to more directly link with ourselves. I would like to see what we can potentially do within the exercise framework that the alliance is starting to create in cyber now. I have extended invitations for them to observe witness our framework. I would like to do the same thing in the nato framework. You know that Congress Passed the sharing information, domestically. We have robust cyber threat information sharing faerks with the israelis. How are we doing with robust cyber threat sharing information with our nato partner . Right now, most cyber sharing tends to be focused in many ways on a nation to nase basis. Thats another one of the challenges, why im interested in with Cyber Command, how with we work that more formally, military organization to military organization so we are doing this once and not 29 different times as it were. Very good. My time is expired. I do have additional questions. If we dont get to a second rond ill submit them for the record. I would appreciate you getting back to me on them. Thank you admiral for the work that you do, thank for your service to the country. Yield mack. Dr. Abraham. Thank you admiral for being here. The Armed Services certainly have their own Cyber Commands. What is cyber come doing as far as the manning and the concept of operations as far as having duplicative issues within those services . Remember the way yeah, to prevent the duplication. The way we are structured, each of those Service Primary operational Cyber Commands is a subcomponent of u. S. Cyber command. Whether its army cyber, coast guard sidebar e air force cyber, fleet sidebar, mar force cyber, they have an operational relationship to me. Thats how we try to work the joint and the service piece in a very integrated way. On the first. I try to be the connecting loop partnering with them and also partnering with the Service Leadership to make sure that from a service and a joint perfepe perspective in the department we are aligned and focused on priorities and outcomes. All right. Lets parlay that into our other federal agencies at it seems all of them certainly have a cyberspace department, so to speak. Cyber com, as far as coordinating mechanisms between other federal agencies could you explain that a little bit, please. We coordinate directly primarily in the rest of the government with the department of Homeland Security. Thats particularly driven by the fact that one of Cyber Commands three mission is if directed by the president or the secretary of defense to defend Critical Infrastructure against acts of significant cyber consequence. We would do that in partnership with dhs. Because of that, we are closely relying with them. In fact i just was talking with the team yesterday. Between the private sector in the private sector the u. S. Government has designated 16 different areas, think about finance, transportation, aviation. There are 16 different segments that the federal government has designated as critical to the nations security. That infrastructure. We have picked one of those 16 segments to do a test case, if you will, between dhs, Cyber Command, that private sector as well as nsa from an information and intelligence sharing, that would be the nsa rule to get down to an execution detail about how we would do this day the day. My experience as an military individual has taught me i dont like to do discovery when im trying to contact with a cloointd. Im interested in how can i create those relationships now before we get into a Major Incident related to one of those 16 segments. I think i have time for one more question. What is cyber coms supporting role in north com, pay com, and has the d. O. D. Codified that relationship so that if there is an incident or accident that that can be really instituted very seamlessly if such an event should happen . So, our role on the defensive side is to support and own sure the continued operation, for example, of those networks, weapons systems, and platforms that those operational commanders and others count on to execute their missions. In addition, we generate offensive capability, particularly for pay comand other geographic commands outside the United States because we dont really see i dont think right now in my mind how would we apply cyber offensive capable in the United States . Not that thats not the role of the d. O. D. Our focus inside the United States would be largely defensive. One of the things its focus area i have set out a series of goals for 2017. One of those goals is increased Cyber Reserve and guard integration, to get to the question that you are really driving at, how do we make sure to for a domestic incident that all elements at d. O. D. Are aligned and we all know how we are going to do this, and all the forces know what their role is going to be, the command control is all outlined. North comknows what they are going to do. I know what im going to do. Pay com, they have a domestic responsibility. They know what they are going to do. I would like to use the defense support to Civil Affairs which has been an ongoing process we have used for decades. I would kinds of like the use that as a test model. I am a big fan of lets use what is working elsewhere, to the extent that i can. Okay. Thank you. Mr. Larson. Admiral, thanks for coming. I would like to go back to the question of unified Cyber Command. Your answer wasnt concerned about the portion of the answer we are still working it out. I was concerned because i thought i heard you Say Something that runs counter to what we told you all to do. Thats the decisions made to do this and that the secretary and the president dont need to make a decision to actually do a unified command. The law as i understand but they will drive the timing, thats separate separate. Thats my only point is the timing. If thats your only point, thats fine. I just thought i heard something else. I apologize if i miscommunicated. You have clearly provided a Legal Framework. Thats what you are doing. Absent of changing the law, thats what we have to execute. Thank you. Can i go back to something the chair was exploring with you and it has to do with having a Cyber Service or not. I actually agree with you in not having one. But it does beg the question, though, to have to have that capability. What flexibility do you need in personnel, what flexibility do youn need in contracting just kind of what flexibility do you need to ifly utilize and even develop a formal framework so you can using active component reserve guard as well as the Contractor Community . Among the ways that we try to ask ourselves if we are going to go with a service base approach, which is what we are executing, how would you do it, we came up with baselines. First is it doesnt matter what your service is, guard or reserve, we build to one standard. We created within a join framework for every position within the Cyber Mission force we can tell what you the pay grade is and we can tell what you the qualification standards are and we can tell what you the duties are that are assigned the position. I said look we have got to create one integrated force. If we do you a that you different variants i cant optimize that. The second thing we said was the structure of the teams needs to be the same regardless of whether it is a particular service, guard or reserve. The analogy i used was it doesnt matter if we have an f16 squadron in the guard or in the active force, theres one squadron nomenclature for an f16 that we can then employ anywhere globally because we know everybody is built to the same standard. We acknowledge there are some variances but everybody is built to the same standard. That was another principle, the only way we can make a service base work is active or reserve, guard or reserve, it doesnt matter. We are building to one standard f. We stick to that framework, im very comfortable that we can make a Service Approach work for us. If we insist on variance, if we insist on everybody doing their own thing im the first to admit this is not a model thats going to generate the outcomes we need. First to acknowledge that. The role of the private sector . So, the private sector, when i look at them a couple things come to mind. Number one, they are providing the they are the ones who are going to provide the Human Capital. Whether that Human Capital ends up wearing a uniform, whether its part of our civilian government work force or its contractor force. They all start in the private sector. So its one of the reasons why i spent a fair amount of time as cyber kmond and as director of the nsa to the same extent in some ways with the academic world with private industry telling me, how do you create a work force . What works for you . What incentives are you using . What has failed that in hindsight you say to yourself, dont go down this road because it really failed speccally for us even as i acknowledge there is a difference between government and the private sector. But i think there are some things that we can learn from each other. In addition i think two other areas come to mind for me with the private seconder testimony first is technology. The days when d. O. D. Is going to be the engine for technological innovation and change i think are long behind us. Its not the d. O. D. Model. Thats why we created the point of partnership in Silicon Valley and in boston. Its why i thought the acquisition piece was so important for us. We have got to be able to tap into the private seconder in terms of acquisition and technology and capabilities. And then the last area, which is a little bit counterintuitive in some ways, when it comes to the generation of policy, concepts, thought, the private sector can play a huge role here. I think back to the beginnings of Nuclear Deterrence and Nuclear Policy for example. If you go back in the 1950s and you read much of the thought process, much of that was falling from the academic world. Hardly anybody remembers now that henry kissing injury remembers in the 1950s and 1960s was a professor at harvard writing about nuclear deteernts and Nuclear Deployment that he and others ended up shaping the Strategic Vision we have. Id like to see the same thing in cyber. All right. Thank you. Ms. Complainy. Thank you madam chair would william and thank you admiral rogers for your service and being here today. Secretary mattis, before he became secretary, in talking about the budget control act and sequestration said no foe in the field could do our military as much harm as sequestration and budge control act. As we begin looking at the 2018 budge im interested to know what to what extent you are able to factor in strategy and threats and sort of Strategic Thinking about what needs to be done as you put together the budget for Cyber Command and to what extent you have still been hamstrung by the bca custom by those cap numbers. So like any entity its about prioritize ooigsation. I spent a lot of time figuring out with finite resources even with growth with finite resources how are we going to prioritize we rolled it out as a government as a department this afternoon and during the mid day today. I have not seen the specifics. I know the broad number for us but i havent seen the subelements. Ill talk broadly. I apologize but ill talk broadly. For the 18 input we tried to identify those priorities. In a macro sense in no particular order i have been arguing manpower, investment in core capabilities, and then number three, how can i accelerate number one and number two. How could i do both of those faster . Because in some ways, even though as the wanna crypt ransom wear that we have been going through shows there is motivation in the department. Men and women doing good work. We were not impacted by a wanna crip. That wasnt by a lack of effort. We sent significant Time Starting in march asking hour selves how might this play out, how will we position ourselves in the case of microsoft didnt put out the patch for the vulnerable. We as microsoft us