Challenges facing u. S. Cyber command. I would like to thank you for convening this forum. Its an honer to represent the individuals of this fine organization. Im grateful and humbled by the opportunity to lead this impressive team. Im confident you would be proud of the men and women of u. S. Cyber command if you saw their commitment to mission and hard earned successes on a daily basis as i am fortunate to do. While my written statement goes into detail, i would like to highlight the challenges we face in todays environment. And some of the initiatives the command is pursuing to meet those challenges. Over the last year, we have seen an increase of Cyberspace Operations by state and nonstate actors. We have seen a wide range of malicious cyber activities aimed against government and private sector. At u. S. Cyber command, we focus on actors that pose a threat to our National Interest through cyberspace. Nations still represent the gravest threat to security. But we continue to watch closely for signs of nonstate actors making significant improvements in their cyber cape bills. Malicious actors use cyberspace to steal intellectual property and personal information and criminals use of ran so many wear to export companies is a worry sp trend. Malicious actors have intruded in the networks ranging from the joint staffs Unclassified Networks to networks controlling inf infrastructu infrastructure. They are using cyberspace to shape potential operation ways view to limiting our options. Despite this challenging environment, u. S. Cyber command continues to make progress as emphasizes shifts to operationalizing the command and sustaining its capabilities. Over the past year, we have continued building capability and capacity of Cyber Command while operating at an increased tempo. We continue to make progress in building a Cyber Mission force of the 133 teams that will be built and fully operational by 30 september 2018. Today we have 27 teams that are operational and 6 that attained initial operational capability. Its important to note that even teams that are not fully operational are contributing to our cyberspace efforts with nearly 100 teams conducting Cyberspace Operations today. For example, the command continues to support u. S. Central commands efforts to degrade and defeat isil. Last year, we noted we had just established the joint force headquarters dod information networks. Today i can proudly report it has made Great Strides towards its goal of leading the day to day security and defense of the departments data and networks. Also as the dod expands the joint information environment, we will have significantly more confidence in the overall security and resilient of our systems. Our operations to defend d to dw networks and the nations Critical Infrastructure proceed with pay host of federal industry and international partners. Recognizing that d do is just one component of the nation cyber team, u. S. Cyber commands annual exercises, cyber flag and guard offer unmatched realism as we train with federal, state industry and international partners. Additional, Cyber Mission teams are regular participants in the exercises of all the combatant commands. We need to persist in a training environment when the department is continuing to develop to gain skills and to sustain readiness across our force. Im excited by the innovation, shift and focus on Long Term Strategy thats emerging in the command and dod. We established a Partnership Program in Silicon Valley to link command personnel to some of the most innovative minds. A program is aligned and colocated with the departments Defense Innovation unit oec experimental. We are building on the synergy among all elements. Last september, the department identified the need to transform dods Cyber Security culture by improving individual per to form answer and acount built. The second and chairman approved the dod Cyber Security culture and Compliance Initiative to address those concerns. Cyber command was identified as the mission lead for this initiative and is working closely with the joint staff and osd to build a requisite capacity and structure. Cyber command is also actively contributing to the implementation of the new d do Cyber Strategy. The strategy released in april of 2015 provides a detailed plan to guide the development of dod cyber forces and strength dod Cyber Defense and cyber det deterrence posture. The purvervasive nature of cyberspace through all is he fa sets of alive and across boundaries coupled with a growing cyber threat makes deterrence in cyberspace a challenge. But ever more important. A proactive strategy is requires that offers options to the president and secretary of defense to include integrated Cyberspace Operations to deterred aver varies from action and to control escalation. To help with all of this, we requested and received enhanced acquisition and manpower authority. I thank congress and the president for the awizations granted and the physical year 16. This represents a significant augmentation of our ability to provide capabilities to our Cyber Mission teams as well as our ability to attract and retain a Skilled Cyber work force. We are currently studying how to best implement the provisions and laying the groundwork needed to put them into affect while in parallel involving a formalized singization framework. We that, thank you for convening this forum and inviting me to speak. Thank you. General dempsey was asked about our ability to address challenges to this country. He basically he stated that we have significant advantages in every major challenge except one, and that was cyber. Do you agree with general dempsey comment about a year ago . I do. The phrase i use internally with him is cyber is one area we have to acknowledge that we appear competitors who have every bit as much capacity and capability as we do. That i would say to my fellow members of the committee emphasizes our need to address this issue in a comprehensive fashion. So after we finish the defense bill, i would i will spend a great this committee will spend a great deal of its time on this issue since the threat is as admiral rogers stated. You stated last year in the house hearing, there is uncertainty about how we would characterize what is offensive and what is authorized. Again, that boils down ultimately to a policy decision and to date we have tended to do that on a case by case basis. In other words, do we if we respond, how do we respond . All of those it seems to me, our policy decisions have not been made. Is that correct . I guess, chairman, the way i would describe it is we clearly still are focused more on an event by event particular circumstance. And i think in the long run, were clearly we all want to try to get to is something much more broadly defined and well understood. So that you understand, when you detect an attack or as the or detect a probable attack, so right now you are acting on a case by case basis . Sure. Does russia have the capability to inflict serious harm to our Critical Infrastructure . Yes. Does china have the same capability . Some measure of the same capability, yes. How is chinas behavior evolves since the opm breach . We continue to see them engage in activity directed against u. S. Companies. The question we need to ask is, is that activity then in turn shared with the Chinese Private industry . We acknowledge states engage in the use of cyber as a tool to gain access and knowledge. The question or issue we have always had with the chinese is while we understand we do that formations to generate insight, using that to generate economic advantage is not something thats acceptable to the u. S. Do you agree that the lack of deterrence or repercussions for malicious cyber behavior emboldens those seeking to exploit the u. S. Through cyber . Yes. Eadmiral, we are looking at consolidation of command here as far as your responsibilities are concerned. I believe that the secretary of defense will also support such a move. So i will be recommending that the committee that we include that consolidation in the Defense Authorization bill as we mark up. I think my friend senator reed also agrees with that. Would you agree that probably the issue of cyber warfare is the least understood by all of our leadership, including in government executive and legislative branch . Its certainly among the least understood. I think thats a fair is part of this problem is that this challenge is rapidly evolving . I think thats clearly an aspect of it. The speed and the rate of change as well as the complexity. It can be intimidating. I would be the first to acknowledge that many people find this a very intimidating mission area. If you had a recommendation for this committee and congress as to your significant two or three priorities, what would you recommend . In terms of cyber overall . Action that you would like to see the congress and the executive branch take. I think we clearly need to focus on ensuring that we have got our defensive house in order and that were able to defend our systems as well as our networks. We need to think beyond networks into individual which means policy. Please, go ahead. Secondly, we need to continue to generate the complete spectrum of capabilities to provide options for our policy makers as well as our operational commanders. So when we have these issues, we have a series of capabilities that we can say, here is capabilities that we can choose from. And then lastly, i think we have just got to the other point i try to make is, weve got to figure out how to bridge across not just the dod but the entire u. S. Government with the private sector about how were going to look at this problem in an integrated national way. Would you also agree that sequestration could threaten you with a hollow force after you have recruited and some of the brightest minds in america to help you . Very much so. I would highlight in fy13, i can remember going i was in a different job at the time. But still i was doing leading the navy cyber effort. As much of my work force explained to me why we should stay with you if this is what were going to have to deal with on a periodic basis, being told were furloughed, were not going to get paid. I can remember telling them in 13, please stay with us. I hope this is a onetime thing. Sequestration means further hamper further because everything is our ability to meet time lines we have been given have been predicated on sustaining of this. I will not be capable of generating that capability in the timely way that right now were on the hook to do. Senator reed. Thank you, mr. Chairman. One of the issues that has been discussed and mentioned in my Opening Statement is raising Cyber Command to a full unifies command. And yet i also noted and you acknowledge that only half the Cyber Command newly formed Cyber Mission is initially capable to ioc. And then some critical elements such as training environment, uniform platform doesnt exist. Are you in your mind mature enough to be a full uniformed command now . Yes. And what would that advantage give you . Or what would that decision give you . Whethn we think what tend to drive should something be elevated . Across the department, we tnd to focus on the impairties of of command and unity of effort and in it would be fungal not geographic. In this case, does the function rise to a global level and is it of sufficient priority to merit coordination across the entire department. The other issue i would argue is one of speed. All of those argue again, i just am one input. I realize this is a broader decision than just admiral rogers. Theres many opinions that will be factored in. My input to the process has been a commander designation would allow us to be fast he which would generate better mission outcome. The departments processes of budget prioritization, strategy, policy are all generally structured to enable direct Combatant Commander into the process. Thats what they are optimized for. I believe cyber needs to be a part of that direct process. The other aspect, obviously, is the relationship with nsa. There are several options. One is to have separate command. Or one option or additional option is to at least at a future time have the option to divide the dual hat arrangement. Can you comment on that . So, my recommendation has been for right now you need to leave them dual hatted. Part of that is the premise that we built Cyber Command on, we created it six years ago, where we said to ourselves, were going to maximize the investments that the nation had made in nsa in terms of infrastructure and capability. So because of that, we didnt have a huge military construction program, for example, for Cyber Command and put the forces, the 6,200 in different structures. We said we were going to take nsas existing spaces to do that. So my input has been for right now, based on the very model we created Cyber Command, where we really in many ways very tightly aligned these two organizations, that at the occcurrent time impossible. It would be difficult or less than optimal in my opinion to try to separate them now. But what i have also argued is we need to continue to assess that decision over time. You need to make it a conditions based assessment as to at some point in the future does it make more sense to do that. Part of that is the fact that if you are a unified command, you will be developing alternatives to nsa capabilities. Yes. Exclusive to Cyber Command so that at some point you could have an infrastructure that looks like nsa and the synergies you are talking about now operational. Yes, sir. One of the issues is that you depend upon the services to provide you a great deal of resources. In fact, its really i think interesting to note that only half of these identified units are released initially capable. And that there doesnt seem to be an intense training effort thats standardize and in place right now. What can you do what can we do to accelerate these units in terms of their maturity and their training environment . So if i could, senator, im going to respectfully disagree. Thats quite all right. You have to be respectful. Remember, we started this build process in fiscal year 13. We said we would finish it by the end of fiscal year 18. Ready to fight in a high demand environment. Were pretty much on track, as i have said publically. If you look right now in fact in the last two months, i have managed to increase timeliness since the last assessment i did in february where i publically had said based on the data as of the first of february, i believe that we will meet ioc for 91 of the teams on time and that we will meet foc for 93 of the teams on time in the two months since then were up i managed to work with the services and for ioc were up to 95 of the force. For foc were at about 93 of the force. So my only point is, im not critical of the services in terms of their generating the force. I think they are making a very good effort and its on track. Its not perfect but its on track. They have also been very willing when i have said what we need do is ensure that we have one integrated joint capability how we work cyber. There has to be one structure, one training standard. Every service agreed to adhere to that. In that recogard, im comfortab. What i think the challenge for us as i look over the next few years is we initially focus on those Mission Teams and the men and women and their training. What experience is teaching is not unlike other domains is as you both chair and Ranking Member said in your Opening Statements, thats not enough. So what finding now is its the other things that really help enable that we have to focus more on. Thank you. Thank you, mr. Chairman. Thank you, mr. Chairman. Admiral rogers, in december of last year you published an article saying a challenge for the military cyber work force. And you discussed as did you in your written Statement Today that the importance of growing and developing and maintaining this force. When you talked about it i guess it was the chairman in his statement, the 123 teams, where you are right now and aiming to 133, what comprises a cyber team . They come in several different types. Theres what we call combat and command Mission Teams. Those are aliligned with commanders. They are designed to create offensive capability, if you will. There are Cyber Protection those are about that team ccmt teams, they are about 65 individuals on a team. If you look at Cyber Protection teams, slightly different mission. So different structure, different focus. They are at about 39 individuals per team. Each of those two teams has a small subset of 23 individuals on what we call support teams. That just gives you a sense. Sure. When you add all that together, thats when you come up with the 6,187. Yes, sir. As was brought out in the chairmans statement, you would really have to know first of all, you are drawing from institutions that are training these people. This is new. This is brandnew to a lot of people, including a lot of people at this table. I know that in my state of oklahoma, the university of tulsa has really made great progress in fact your predecessor was out there and working with them. I understand from senator rounds, similar things happening in south dakota. You have these kids out there. They are learning this. They are choosing they are determining what they will do for a career. I think its a good question whether you say when we ask the question, can we depend on sustaining in this environment that w