Transcripts For CSPAN3 Defense Department Officials Testify

CSPAN3 Defense Department Officials Testify On Cybersecurity Threats September 14, 2016

Military nominations, none of which are controversial. Is there any objection to that . If not, since a quorum is not present, but i asked committee to consider the 4,158 pending nominations, of these nominations, 503 nominations are two days short of the committees requirement. The nominations be in committee for seven days, i recommend the committee waive the sevenday rule to permit the nomination of these officers before the senate goes out for the october recess. Is there a motion to favorably report these 4,158 nominations to the senate . So moved. Is there a second . Second. All in favor . Aye. I thank the committee. We wouldnt want to go out for a long time without these pending nominations, none of which are in any way controversial. And i think that there was a cyber attack on admiral rogers automobile which accounts for him being late this morning. Well have a full investigation. Hes joking. Mr. Secretary, we welcome you and admiral rogers, and well begin with you, mr. Secretary. Chairman mccann, Ranking Member reid. Thank you for inviting us on encryption. With your permission ive submitted a longer written statement and would ask it be made part of todays record. If youll hold for a minute, secretary lettre, i forgot my own Opening Statements. I wondered about that. I thought you were going to spare us. Probably should, given the calendar, but, could i just, ill go ahold and hold you secretary lettre. Encryption has become ubiquitous across the Counter Terrorism fight. Messaging applications developed by some of our most Innovative Companies to create a safe haven where they can operate with near secrecy and at arms length from enforcement. From syria to San Bernardino to paris to brussels to perhaps even orlando, isil has utilized encrypted communications that just a few years ago were limited to a select few of the worlds premiere military services. This is a complex and differ problem with no easy solutions. We must balance our National Security needs and the rights of our citizens. We must also recognize that authoritarian regimes are eager to get encrypted software so they can further their own agendas. And ignoring like the white house has done is also not an option. I look forward to hearing how the use of encryption by terrorist organizations is impacting your ability to protect and prevent future attacks and how the proliferation of encryption alters the way you do business at the nsa and cybermiral roger frequently spoken about the dual hat. Last year you told this committee, quote, i will strongly recommend to anyone who asks that we remain in the dual hat relationship, this is simply the right thing to do for now as the white house reiterated in late 2013. You stated that it might not be a prm nents solution but it is a good solution given where we are. Were you asked again in our hearing earlier this year and you reaffirmed the need to keep the two organizations tightly aligned. Thats why im troubled by recent reports that the Obama Administration may be trying to prematurely trying to break the dual hat before president obama leaves office. On friday it was reported that secretary of Defense Ash Carter and James Clapper have backed a plan to separate Cyber Command and the nsa. Here we go again. Another major policy matter has apparent lay bely been decided consultation whatsoever between the white house and the department of defense or this committee. I urged secretary carter to provide this committee and this congress the details of the plan and his reason for supporting. I will hope he will explain what has changed since the last time the administration rejected this idea in 2013. And while im sure the phrase predecisional is written somewhere in our witnesss briefing papers, i would remind them that this committee does not take well to being stone walled while their colleagues in the administration leak information to the press. Even if this decision has not been made, our witnesses should still be able to provide substantive analysis on the consequences of separating the dual hat for our National Security and for taxpayers. Let me be very clear. I do not believe rushing to separate the dual hat in the final months of an administration is appropriate, given the very serious challenges we face in cyberspace and the failure of this administration to develop an effective deterrence policy. Therefore, if a decision is prematurely made, to separate nsa and Cyber Command, i will object to the confirmation of any individual nominated by the president to replace the director of the National Security agency if that person is not also nominated to be the commander of Cyber Command. This committee and this chairman are tired of the way that congress in general and this committee is treated by this administration. These issues present larger concerns about whether the department is appropriately organized to manage the defensive and offensive requirements of the sicyber commission. We know the Department Faces challenges in recruiting and retaining top talent. We know that the system hinders Technological Advancement and has eroded our technologicy aic superiority. Both russia and china have leveraged cyber to systematically pillage certain technologies, create uncertainty in our networks and demonstrate capability. Make no mistake, they are the first movers in the cyber domain, and they have put us on the defensive, but the administration has consistently failed to provide a meaningful response. The latest media reporting that russia may try to undermine our electoral process underscores this point. Russia is using cyber to undermine American National interests, and now it appears our democracy could be the next target. And the administrations response to a mere warning from the secretary of state of defense . Is that the best the United States can do . Despite this committees numerous requests for a cyber deterrence framework, the administration has failed to present any meaningful strategy. Instead, it is evidently distracted itself with debates over the dual hat. Instead of shaping the limits of acceptable behavior in cyberspace, the administration instead has allowed russia and china to write the playbook. As a result, this administration has left the United States vulnerable. I look forward to hearing more about the Cyber Operations against isil and the challenges, opportunities and constraints you are facing on the cyber front, senator reid. Thank you very much, i will join you in welcoming the secretary and admiral rogers back to the committee. Thank you for your service. This is a Third Committee hearing foocussed on the encryption issue and its impact on National Security. The rapid growth of sophisticated applications and extremely secure physical Access Controls to smartphones and computers has an adverse impact on Law Enforcement agencies at all levels and impairs the ability Intelligence Community to detect and counter Cyber Threats to the nation. At the same time, this Security Technology helps to protect individuals, corporations and the government against seeker crime, espionage, terrorism and aggressi aggression. While fbi director comey has talked about the danger of going dark, Michael Chertoff has advised against and these experts argue that cyber vul ner bts are the greatest threats to the public and National Security and this debate undisclosed the difficulty we all face and must deal with very quickly, because its growing, as the chairmans testimony indicates, its a growing threat to our National Security and our Law Enforcement. Major problem for Law Enforcement at this juncture is gaining access to data and physical devices in their control, where physical access is rarely applicable. Or to gain Remote Access to devices when they are turned on and communicating. And the latter set of problems is not qualitatively new, and i will ask in questioning whether theyre more manageable than these Law Enforcement issues. Another area i hope we are able to discuss today is the issue that the chairman brought up, the issue of Cyber Command. I understand the administration is considering whether it is the right time to elevate it to a unified command and if they should terminate the socalled dual hat arrangement. Additional issues, especially whether the director of nsa should be a civilian rather than an officer. While i know that is difficult, i will welcome any of your thoughts or considerations on these important issues. Another area i know is of interest to the committee and difficult to comment on publicly is several applications of hacking by outside actors. Again, that is a very critical issue and one that were very much involved and interested in. Thank you for your service and thank you for your appearance today. Now secretary. Chairman mccain and Ranking Member reed, with your permission, i have a written statement that is a little longer than my Opening Statement here, and id ask that it be made part of my record. I would like to underscore three points. The department of defense seeks strong encryption and ensuring the Key Data Systems remain secure and impenetrable to our adversaries today and well into the future. The departments support for the use of strong encryption goes well beyond its obvious military value. For example, commercial Encryption Technology is not only essential to u. S. Economic security and competitiveness, but the Department Demands on our commercial contractors to help protect National Security systems. Research and Development Data related to our weapons systems. Classified and Sensitive Information and Service Members and Department Civilians personally identifiable information and health records. Second, we are concerned about adversaries, particularly terrorist actors, using technology innovation, including ubiquitous information. It is compounded by the pace and scope of change, not only in the threat environment but also in associated technologies. Our adversaries are constantly searching, looking and adopting new and widelyavailable, encryption capabilities. With terrorist groups such as the Islamic State of iraq and the levant, isil, leveraging such technology to recruit, plan and conduct operations. Our concern grows as some parts of the Communication Technology industry move toward encryption systems that providers themselves are incapable of unencrypting, even when served with lawful requests for government to do so for Law Enforcement or National Security needs. This presents a unique policy challenge, one that requires that we carefully review how we manage the tradeoffs inherent in protecting our value, which include individual privacy as well as our support for u. S. Companies ability to innovate and compete in the Global Economy and also protecting our citizens from those who mean to do us grave harm. Third, the department is working with other parts of the government and the private sector to seek appropriate slubss on these issues now. We need to strengthen our partnership with the private sector, finding ways to protect our systems against our adversaries cyberattacks and at the same time finding innovative and broadly acceptable ways to address knnefarious actors. Even while we must avoid introducing any unintentional weaknesses, or hurting or Global Economic competitiveness. Mr. Chairman, the department is committed to the resiliency of our data and networks and to defending the u. S. At home and abroad. An ongoing dialog with congress and other departments and agencies and the private sector is absolutely critical as we Work Together to confront and overcome the security challenges associated with encryption. I appreciate the committees interest in the issues, grateful for the dialog and i look forward to your questions. Chairman mccain, Ranking Member reed and members of the committee. Thank you for the opportunity to appear before you today to discuss the Current Communications environment, including strong encryption and cyber challenges. When we last met on the 12th of july in a closed session, i outlined several of those challenges, and i look forward to further discussion so the American People are provided the greatest amount of information possible on these important topics. Of course some aspects of what we do must remain classified to protect National Security. So for today i will limit my discussion to those in the public doumaidomain. I by encryption, it is random data. It is generated by mathematical algorithm and uses some secret information normally called a key. Without the key, you cant undo the encryption. Nsa through its insurance mission sets the encryption standards within the department of defense. We understand encryption. We rely on it ourselves and set the standards for others in the u. S. Government to use it properly to protect National Security systems. At the same time, we acknowlecke encryption imposes a challenge. As you well know, the threat environment, both in cyberspace and in the physical world is constantly evolving, and we must keep pace in order to ibuprofen policymakers and war fighters the intelligence they need to help keep us safe. Terrorists and other adversary techniques continue to involve. They use the same internet, the same mobile communication devices, the same software and applications and the same social media platforms that lawabiding citizens around the world use. The trend is clear. The adversaries continue to get better at protecting their communications, including through the use of strong encryption. Excuse me. I want to take this opportunity to assure you and the American People that the nsa has not stood still in response to this changing threat environment. We are making investments in technologies and capabilities to help us address this challenge. And last year we started a process to help better position ourselves to face these challenges. As good as nsa is at foreign intelligence and its Information Assurance mission, the world will continue to change, and the goal is therefore to change as well so we will be as effective tomorrow as we are today. The nation counts on nsa to achieve insights into what is happening in the world around us, what should be of concern to our nations security and the wellbeing of our citizens and friends and allies. We are watching sophisticated adversaries change their communication profiles in ways that enable them to hide information relating to their involvement in things such as criminal behavior, terrorist planning, malicious sign irintrusions and even cyberattacks. Right now Technology Enables them to communicate in a way that is increasingly problematic for nsa and others to acquire critical foreign intelligence needed to protect the nation or for Law Enforcement individuals to defend our nation from criminal activity. The question then becomes so whats the best way to deal with this . Encryption is foundational to the future. The challenge becomes, given that premise, what is the best way for us to ensure the protection of information, the privacy and Civil Liberties of our citizens and the production of the foreign. Translator intelligence. Youve also asked me to talk about organizational structure. As i have said before, i do not believe that malicious cyber activity can only or must be deterred by cyber activity. Our nation can use other domains as well as using the hall of nation approach. All instruments of power should be considered. And with regard to our organizational structure, u. S. Cyber command is well along in building our Mission Force, deploying teams to defend the networks that undergird d. O. D. Operations to support Combatant Commanders worldwide and to bolster d. O. D. I ask that my previouslysubmitted written statement be part of the record and i look forward to your questions, sir. Thank you very much, add mural. Is it still your professional advice that maintaining the dual hat at this time is in our best security interest . Yes. General dempsey said that cyber is one area do you agree with that as secretary . I do agree that cyber, that the cyber threat is one of the greatest challenges we face. Admiral . Yes. Russian activity, reporting

© 2025 Vimarsana