Im pleased to yield to the chair mr. Wilson. And ladies and gentlemen, it is a unique situation where i have just been recognized and get to preside simultaneously. It really gives me an opportunity to thank the Ranking Member smith for their planning this week, cyber week. It is a recognition for our three witnesses how important what youre doing protecting American Families. Im very grateful. We had a hearing yesterday on Cyber Threats to American Families, our National Defense. We have this hearing later this afternoon. We have a briefing. I want the American People to know we have really good people like coppingman langevin all the way from long island, who is the Ranking Member of the emerging threat subcommittee. This really is a bipartisan issue that we face of great concern of attacks on our government, on private businesses, on american citizens. And what youre doing is so important. We have extraordinary staff people who are here working on these issues. And, again, each one of you in your capacity are making such a difference. And we look forward to working with you in the future. In particular, secretary work, during the cyber hearing yesterday, it was mentioned in the Opening Statement about the concept and proposal of hackback. For example, when a private Company Takes retaliation into their own hands and hacks back at someone who has attacked their network or systems. Can you outline concerns that you have and is hack back inherently a government function that only the government should do, or is there a private role . Well, this is a very, very important issue for us because Cyber Attacks often have second, third, fourth order of consequences that we really have to understand. They may cause escalation that were unintended. So this is an extremely important policy question for us as a nation to grapple with. Admiral rogers deals with this on a daily basis, and i would ask him to provide us specifics. I also try to point out at an operational level we have so many actors in this domain already adding more only complicates things. The second and third order of facts, as the secretary has outlined, are of significant concern. From my perspective, i have to be very careful going down this road. I dont think its one we truly understand. From my perspective, the potential to further complicate an already comp a indicated situation is very significant here. And as complicated as it is, im just so hopeful on the expertise that you have. To me it would be a deterrence with some level of hackback. So i hope this is pursued and the capable people that you are and that you have working with you, i cant wait to hear of their capabilities as to deterrents stopping hacking on American Families. And mr. Halvorsen, the Department Released a new manual for the report on civil authorities which for the first time addresses Cyber Security related incidents. Can you explain how dod gets requests for such a report, especially if coming from a state or local agency . Yes, sir. There are formal processes we would go through with that. But one of the things i want to stress is is the informal processes we have put in place. We have scheduled routine meetings with industry, ciso, my Ciso Richard Hale who you will hear from today in a closed meeting. We are sharing that data. We are moving forward to be able to give them some of our data quicker. Mikes work has been superb in being able to lower the classification levels of data so we can share that much quicker with industry and accept theirs in a similar fashion. All of those things plus whats in the manual are adding to our all of us, industry and the governments collection of data and what ill call Operational Intelligence that we can use to better security. I would also add this is an issue where we collaborate very closely between the department of Homeland Security, the fbi about how can we make sure we are most effective and efficient within the Broader Authority construct. Im trying to make sure can we use that existing framework to the maximum extent possible as opposed to something new and complex in the cyber arena. Thank you for pitching in. I want you to know as a very grateful navy dad with three sons in the army guard. But im very grateful for your service. And nachl service in general. Secretary work, you stated the iranian actors have been was implicated in a 20122013 attacks against u. S. Financial institutions and in february 2014, last year, cyber attack on the Las Vegas Sands casino. What economic sanctions or legal actions resulted from this activity . Are they being maintained . Sir, im going to have to take that for the record. I dont know exactly what sanctions the ddos attack that you refer to against the Financial Services was attributed to iran, as well as the sands casino, as you said. Im going to have to get back to you and say exactly what we did as a result of those two attacks. Mike might know. No specific sanctions tied to each of those individual events. Clearly a broader discussion of whats acceptable and not accept acceptable. Oops oops it has decreased. In part because of the broader, very public discussion where we were acknowledging the activity and we were partnering between the government and Financial Sector what we could do to work the resiliency peace preclude the iranians ability to actually penetrate. Knock on wood we were successful with. And, again, thank each of you. To mr. Larsen of washington state. Thank you, mr. Chairman. If any of you can answer this question, im curious, though, are we still exploring what the outer limits of what constitutes the equivalent of a physical attack against the u. S. When were looking at Cyber Attacks. Do we know what would be an equivalent cyber attack that would warrant the kind of and size of response we might do if it was a physical kinetic attack against the u. S. . Are we exploring the outer limits still . We have defined an event of significant consequence. It has to cause loss of life, serious adverse u. S. Foreign policy implications or consequences or serious economic impact. Thats a broad statement. Each of them have to be addressed as an individual act. Thats why there is no established red line on what we would say this constitutes a physical attack. The question we are often asked is is when does a cyber attack trigger an act of war. Each of those would be discussed in turn depending on the type of attack and what its consequences were. As of this point, we have not assessed any particular attack has constituted an act of war. Can you admiral, you address a little bit. Be more specific about the title 10 versus title 32 responsibilities and working with the National Guard. Or even going beyond that, working with either national; state or local law enforcement. What specific criteria do you use to make that distinction . For me, among the things i look at or scope of the activity were dealing with, capacity that exists in title 10 arena versus in the title 32. Theres specific knowledge or unique insights that a particular guard structure might have that are tailored to this specific issue. Its a case by case basis. I have tried to maintain with my teammates and the states is we need one integrated workforce between the active and the reserve using the same basic scheme of maneuver so we can use these capabilities interchangeably. It gives us a broad range of options in terms of how we employ the capability. And then are you making that largely permanent . At some point in the future you moved on to Something Else and someone comes in behind you. Is this still evolving how you are trying to establish these relationships as they apply to cyber, or are these going to be largely permanent . Will we be changing the story . I think they will be largely permanent. I feel pretty good that we have done the foundational work, broadly. I always remind people. Remember, no plan ever survives contact. In the broad framework, we are likely to see things we havent anticipated. We have to be flexible and be willing to change given the specifics of whatever it is were dealing with. But for the way we are partnered, it hasnt been adversarial at all. It has been a great team. I would like to jump in on that sir. I would like to give a shoutout. We have been dealing with this on how to build up cyber capacity in the guard and reserve. We are building right now towards about 2,000 guard and reserves that are associated with this. And what we are doing right now is trying to work out the policy on what our folks can do in terms of coordination, training, advising and assist under title 32 and title 10 authorities. That is actually policy working well. We are working well with the governors. We believe this is going to be a great new story for the nation. And my last few moments here i have a question. We talked about defense of networks. We talked about resilience, denial, and the whole deterrence issue. This issue of hybrid warfare. Im curious about what steps youre taking to incorporate in a u. S. Response or even natos response in the role cyber com plays in this and incorporating a response of capability within this hybrid warfare concept. So its a concept. Were partnering as the supreme allied commander. I also highlight the work that special Operations Command are doing in this regard. I was just down in tampa about ten days ago. This was part of our broad discussion how to integrate the full range of capabilities in the department as we are trying to respond to an evolving world around us. I think we are starting to have some good conversations and a good broad way ahead. The International Framework gets a little more difficult. I think its fair to say not as far as advanced with us and nato. It is an area we have talked about we have got to work on. My time is up. Thank you very much. Thank you, mr. Larsen. We now proceed to the congressman from colorado. I appreciate your comments to earlier questions that were directed from congresswoman susan davis. But i would like to follow up and build on that. This concerns recruiting and retaining top talent. What are your efforts to and this is for you, admiral rogers in particular. What are your efforts to develop a unique cyber career track for those in the military . Services have the responsibility for man training within our department, they generate the capacity i employ as joint commander. In the cyber arena, what has been a big strength is how we are going to develop this, what are the standards, what are the skills. How do we create that workforce . Thats what i did in fact, in my last job. Im very comfortable with how each service has tried to create a career path. It enables us to extend over an entire career both this capability as well as generate the insights in the workforce. That is a big change the last 5 to 10 years. I think its a real strength for the future. It is not an area i look at how and say, wow, i have heavy concerns there. They have a good broad vision. The compaapacity and capability that workforce, i have yet to run in, knock on wood, i have not yet run into a scenario where we didnt have the level of knowledge. The challenge has been, i might have had a handful of people with the right level of knowledge. But we had people with the knowledge. I have to build that capacity out more. So we have more, if you will. Thats really encouraging. So thank you. Secretary work, the department has recently floated new civilian and military personnel reforms, compensation, retirement, et cetera. How will some of these reforms affect the Cyber Workforce . I was going to try to jump in here. This is a huge priority for secretary carter. He came into the departments believing that over time we have created these barriers for service in our government. He wants to really, as he talks, burrow tunnels through the barriers or widen the aperture. He uses cyber as an example of new ways in which we might bring people into the government and allow them to serve for a while, then go back out into the civilian workforce and then come back in. So he has challenged us. And the undersecretary of defense, brad carson, on this force of the future to say how can we make sure that in areas like cyberspace, electronic warfare, quef we have more permeability. I dont have any specifics because they are in the process of going through a deliberative, which ideas are good. But we are right with the intent of your question to improve the ways in which people can come in and out of our government service. As mr. Halvorsen said, this is an exciting mission for many people. Maybe they dont want to make a 30year government career. If they had a chance to help admiral rogers for two or three years, they are all in. So we have to improve the way to do that. Thank you. Do you have anything to add to what has already been said . Same comments. You have heard we are moving forward on pilot programs to bring programs into the government. For us to put for the first time, civilians out in industry. Those pilots are moving very well. As we use those to inform brad and his work, you will see great things coming out of this. Well, i think for your answers. Thank you for the great work youre doing. Mr. Chairman, i yield back. Thank you, mr. Langevin. We proceed to congresswoman niki tsongas. Thank you. It has been a topic of great importance. As you said, so much of this is is being able to attract the people who have the skill set to sinking this through. It is not easy stuff, thats for sure, at all. And i gather from the testimony i have heard there is a fair amount of Comfort Level with what dod and the military services have been able to do to put in place appropriate means of training, hiring, and then compensating, even though you have said you may have to come back to us in the future. But you also commented this is an interagency effort. You are working with the department of Homeland Security, law enforcement, the fbi, the intelligence community. How much sharing across those borders is taking place in terms of the skill set that you need in each of those aspects of this effort . And how comfortable are you with the ways in which you are working together and how they are responding to the challenges they face in terms of personnel . I would argue very well. For example, this is when i sat down with the director of the fbi. And talked about are there things we could be doing together. This is a conversation i had with the leadership at Homeland Security. Its a conversation, quite frankly, ive had with the private sector. We are both competing for the same pool. What works for you, what we might be able to do differently, as you said, can we partner. I will make one slight twist, because this is a point i wanted to make today. I would tell you on the opposite side the single greatest thing i have experienced with my workforce in 18 has been even a hint of a shutdown. In the last week, i have had more agitation arguing this would be the second time in two years. And were even having this discussion, hey, even if we dont shut down, the workforce is very open with us about im not so sure i want to be part of an organization where there is this lack of control. And i cant count on stability. That really concerns me. Because i cant overcome that. Secretary work, do you have any well, this is a very competitive field, as the admiral said. We are building up a total of 133 cyber teams in the Cyber Mission force. Some are focused on protection of the networks. They are called Cyber Protection teams. Some are focused on national teams. And our combatant commanders. We want to build to a total of 133 of these teams. It will be 6,200 active military duty, civilians and in some special instances, contractors. And we wont get there until 2018. So we are in the process of building these. This is a very competitive space. Were on track. We are doing well in our recruitment. As admiral rogers says, any hint of shutdown or sequesteration, that will set us back. We think we have a good mission that people will want to participate in. But we are not where we need to be yet, congresswoman. We still have until 2018 to build up the force to where we just think is the minimum necessary to do our missions. You know, i serve on the board of one of the service academies, board of visitors. I know in our discussions it has been difficult to attract young airmen in this instance to the cyber field. They come into the academy with a particular idea in mind where they want to spend their time. So its not always as simple as we would like to think given the extraordinary challenge. But i have another question as well. You know, the department has shown its commitment to leveraging cyber innovation. We have heard about that today. I commend secretary carter with making his way out to Silicon Valley to create presence, a satellite campus to have a way in which to interact more easily with that community. And i just wonder, how will you expand that program and look to other parts of the country where you have a deep bench of cyber activists, cyber innovators, cyber experts. If you are referring to the Defense Innovation experimental. It is an experimental unit. We want to see how we can interact with the private sector in the best way. For example, one of our ideas was to bring people back to the pentagon and show them what were doing. They said, no, we want to go to the field and see what your airmen, soldiers, marines and sailors, what do they do . We want to help them. So once we do the Lessons Learned there, we expect it will be successful and would become a permanent unit. We would go to other innovation centers, perhaps boston. There are different places. Mr. Halvorsen has been helping us, also. As the secretary went out to Silicon Valley, we took a team in december. We are doing a similar thing in bost