[House Hearing, 116 Congress]
[From the U.S. Government Publishing Office]
[H.A.S.C. No. 116-74]
HEARING
ON
NATIONAL DEFENSE AUTHORIZATION ACT
FOR FISCAL YEAR 2021
AND
OVERSIGHT OF PREVIOUSLY AUTHORIZED PROGRAMS
BEFORE THE
COMMITTEE ON ARMED SERVICES
HOUSE OF REPRESENTATIVES
ONE HUNDRED SIXTEENTH CONGRESS
SECOND SESSION
__________
SUBCOMMITTEE ON INTELLIGENCE AND EMERGING THREATS AND CAPABILITIES
HEARING
ON
THE FISCAL YEAR 2021 BUDGET REQUEST FOR U.S. CYBER COMMAND AND
OPERATIONS IN CYBERSPACE
__________
HEARING HELD
MARCH 4, 2020
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
______
U.S. GOVERNMENT PUBLISHING OFFICE
40-605 WASHINGTON : 2020
SUBCOMMITTEE ON INTELLIGENCE AND EMERGING THREATS AND CAPABILITIES
JAMES R. LANGEVIN, Rhode Island, Chairman
RICK LARSEN, Washington ELISE M. STEFANIK, New York
JIM COOPER, Tennessee SAM GRAVES, Missouri
TULSI GABBARD, Hawaii RALPH LEE ABRAHAM, Louisiana
ANTHONY G. BROWN, Maryland K. MICHAEL CONAWAY, Texas
RO KHANNA, California AUSTIN SCOTT, Georgia
WILLIAM R. KEATING, Massachusetts SCOTT DesJARLAIS, Tennessee
ANDY KIM, New Jersey MIKE GALLAGHER, Wisconsin
CHRISSY HOULAHAN, Pennsylvania MICHAEL WALTZ, Florida
JASON CROW, Colorado, Vice Chair DON BACON, Nebraska
ELISSA SLOTKIN, Michigan JIM BANKS, Indiana
LORI TRAHAN, Massachusetts
Josh Stiefel, Professional Staff Member
Eric Snelgrove, Professional Staff Member
Caroline Kehrli, Clerk
C O N T E N T S
----------
Page
STATEMENTS PRESENTED BY MEMBERS OF CONGRESS
Langevin, Hon. James R., a Representative from Rhode Island,
Chairman, Subcommittee on Intelligence and Emerging Threats and
Capabilities................................................... 1
Stefanik, Hon. Elise M., a Representative from New York, Ranking
Member, Subcommittee on Intelligence and Emerging Threats and
Capabilities................................................... 3
WITNESSES
Nakasone, GEN Paul M., USA, Commander, U.S. Cyber Command, and
Director, National Security Agency............................. 6
Rapuano, Kenneth P., Assistant Secretary of Defense for Homeland
Defense and Global Security, and Principal Cyber Advisor to the
Secretary of Defense, U.S. Department of Defense............... 4
APPENDIX
Prepared Statements:
Langevin, Hon. James R....................................... 21
Nakasone, GEN Paul M......................................... 42
Rapuano, Kenneth P........................................... 23
Documents Submitted for the Record:
[There were no Documents submitted.]
Witness Responses to Questions Asked During the Hearing:
[There were no Questions submitted during the hearing.]
Questions Submitted by Members Post Hearing:
Mr. Scott.................................................... 57
THE FISCAL YEAR 2021 BUDGET REQUEST FOR U.S. CYBER COMMAND AND
OPERATIONS IN CYBERSPACE
----------
House of Representatives,
Committee on Armed Services,
Subcommittee on Intelligence and Emerging Threats and
Capabilities,
Washington, DC, Wednesday, March 4, 2020.
The subcommittee met, pursuant to call, at 3:26 p.m., in
room 2212, Rayburn House Office Building, Hon. James R.
Langevin (chairman of the subcommittee) presiding.
OPENING STATEMENT OF HON. JAMES R. LANGEVIN, A REPRESENTATIVE
FROM RHODE ISLAND, CHAIRMAN, SUBCOMMITTEE ON INTELLIGENCE AND
EMERGING THREATS AND CAPABILITIES
Mr. Langevin. The subcommittee will come to order.
I apologize to everyone for being late. We just left the
Vice President giving a briefing on the coronavirus issue to
the Democratic Caucus, but we will get underway.
I want to welcome everyone to today's hearing on the fiscal
year 2021 budget request for military operations in cyberspace.
I would first of all like to welcome our witnesses here
today.
Mr. Kenneth Rapuano serves as both the Assistant Secretary
of Defense for Homeland Defense and Global Security and as the
Principal Cyber Advisor to the Secretary of Defense. Prior to
returning to government service, Mr. Rapuano worked for
federally funded research and development corporations focusing
on homeland security and counterterrorism issues.
Mr. Rapuano, welcome back.
Next, General Paul Nakasone serves in three capacities
concurrently: Commander, U.S. Cyber Command; also Director of
the National Security Agency, and Chief of the Central Security
Service. Before his current role, he commanded U.S. Army's
Cyber Command and has served as a career intelligence officer
through his 33 years in uniform.
General Nakasone, thank you for your service to the Nation,
and we are pleased to have you back before the subcommittee
once again.
So the Department of Defense created U.S. Cyber Command
[CYBERCOM] in 2009, and more than 10 years later we are still
working diligently on establishing the foundations, concepts,
doctrine, training, and metrics needed to ensure the security
of the Nation in the cyberspace domain.
The state of cyber in national defense is more central than
ever, and 2020 marks a sea change, with cyber firmly
established and accepted as a warfighting domain, capability,
and asset. This is highlighted best through the current
operational posture and institutional maturation of CYBERCOM.
Over the course of 2020, this subcommittee expects the command
to aggressively address issues of readiness, operational tempo,
and the defense of the Nation's electoral system, among other
things.
This subcommittee has worked to ensure that the Department,
the military services, and CYBERCOM are equipped with the tools
and authorities necessary to achieve their objectives. In the
fiscal year 2020 NDAA [National Defense Authorization Act], we
granted new authorities to CYBERCOM and bolstered multiple
frameworks for legislative oversight. We seek to balance an
appropriate degree of oversight while ensuring the command
retains operational flexibility. We will continue this trend
through our collective work in the 2021 bill.
CYBERCOM is facing possibly the most challenging year in
its existence. General Nakasone, your command sits at the
center of the Department's efforts to secure the information
environment. The United States faces increasing malicious
activity from Russia, Iran, China, and others.
We know about how Russia weaponized information during the
2016 elections, and we must do more to anticipate and counter
these sophisticated operations. While we have had some success
countering Russia's malign influence campaigns in 2018, we must
not let our guard down. We must ensure that we are properly
organized within the Department of Defense and coordinating
across the United States Government.
I hope you will give us a full assessment of your efforts
to protect the country from malign cyber activity. I will be
particularly interested to hear how you are working with
partners in the interagency to promote a more stable cyberspace
and protect our allies' critical infrastructure.
I want to hear, specifically, how you are coordinating and
deconflicting activities domestically with the Department of
Homeland Security and internationally with the Department of
State.
I am also interested to hear from our witnesses about their
assessment of CYBERCOM's current force structure.
For the past year, I have had the privilege of serving on
the Cyberspace Solarium Commission and want to thank you, in
particular, Mr. Rapuano, for your many contributions to our
work.
One of the areas of focus of the Commission has been
whether CYBERCOM's force structure properly reflects the
command's operational aspirations. Essentially, we need to
candidly assess whether a force conceived more than 7 years ago
is sufficient for a dramatically different environment today. I
will also be curious to hear candid assessments on how organic
capabilities resident in the services are rationalized with
CYBERCOM's mission and strategy.
Throughout our Nation's history, our military has grown
accustomed to focusing on the offensive systems, forces, and
platforms that deliver effects against our adversaries. Given
our geographic advantage of two oceans and our history of
primarily fighting overseas, we are conditioned to fight
offensively. However, in a connected world with an inestimable
number of internet-connected devices, networks, vehicles, and
systems, our defensive posture in the cyber domain has never
been more critical.
So, while I fully support CYBERCOM's more offensively
postured construct, I am concerned that the President's fiscal
year 2021 cyber budget signals in select places that we can
sacrifice defensive programs and investments in favor of
investments in offensive cyber systems and programs.
So I hope that the witnesses will speak candidly about
balancing resources to ensure the Department is best postured
to protect the United States in cyberspace, whether through
defensive or offensive missions.
So, with that, I want to thank our witnesses for appearing
before us today. I thank you for all that you are doing on
behalf of the country to keep all of us safe.
As a reminder, after this open session, we will move to
room 2337 for a closed, member-only session.
With that, I will now turn to Ranking Member Stefanik for
her remarks.
[The prepared statement of Mr. Langevin can be found in the
Appendix on page 21.]
STATEMENT OF HON. ELISE M. STEFANIK, A REPRESENTATIVE FROM NEW
YORK, RANKING MEMBER, SUBCOMMITTEE ON INTELLIGENCE AND EMERGING
THREATS AND CAPABILITIES
Ms. Stefanik. Thank you, Chairman Langevin.
Secretary Rapuano and General Nakasone, welcome back to
this committee.
We are now 2 years removed from U.S. Cyber Command reaching
full operational capability. In that time, we have witnessed
several significant achievements with tangible operational
results. These included the interagency efforts with the Russia
Small Group and Operation Synthetic Theology and also the
development and implementation of a strategy that emphasizes
continuous engagement, hunting our adversaries forward, and
reasserting deterrence in cyberspace.
During this time, we have seen our adversaries adapt,
blending cyber and information warfare to form an operational
continuum that continues to challenge us in the digital realm.
What worked for our cyber forces in helping to secure our 2018
midterm elections will not necessarily guarantee our security
moving forward. We must acknowledge the creativity of our
adversaries and continue to adapt our playbook. We must ensure
that election security is a continuous, sustained effort 365
days a year.
There has been significant progress within the Cyber
Mission Force over the past year--specifically, the
understanding and categorizing of specific cyber operations
forces, the delegation of important operational authorities,
the establishment of cyber-peculiar capability development, and
the understanding of cyber vulnerabilities within our own
installations and weapons systems.
We have made headway to mature our cyber forces, but much
work lies ahead. I am interested in hearing what we have
learned about the operational needs of the Cyber Mission Force.
Are we organized with the appropriate skill sets, number of
personnel, and force structure to meet the future needs of the
Nation?
As we reevaluate our cyber posture, these findings will be
critical to ensuring we align the appropriate resources,
policy, and authorities to the Cyber Mission Force to stay
ahead of our adversaries and reaffirm the notion of deterrence
in cyberspace.
With that, I yield back.
And thank you again to our witnesses.
Mr. Langevin. I thank the ranking member.
Before I recognize Secretary Rapuano, I want to briefly
note to our witnesses that the cumulative cyber budget has not
been made available to Congress or the American people. The
President's budget was formally delivered nearly a month ago,
and we are still waiting for the congressionally mandated
budget documents for cyberspace operations.
Secretary Rapuano, I am also disheartened that even your
opening statement relied only on top-line figures for
cyberspace operations. So I hope that the numbers are going to
be forwarded to Congress imminently.
With that, I will turn it over to you, Secretary Rapuano.
You are now recognized for your opening statement.
STATEMENT OF KENNETH P. RAPUANO, ASSISTANT SECRETARY OF DEFENSE
FOR HOMELAND DEFENSE AND GLOBAL SECURITY, AND PRINCIPAL CYBER
ADVISOR TO THE SECRETARY OF DEFENSE, U.S. DEPARTMENT OF DEFENSE
Secretary Rapuano. Thank you, Chairman Langevin, Ranking
Member Stefanik, and members of the committee.
I am pleased to be here today with General Nakasone,
Commander of U.S. Cyber Command, to report on the progress that
the Department of Defense has made over the past year
implementing the 2018 DOD [Department of Defense] Cyber
Strategy and working towards the Department's core objectives
in cyberspace.
The 2018 DOD Cyber Strategy prioritizes the challenge of
great power competition and recognizes that the Department must
defend forward to counter our competitors' long-term,
coordinated campaigns of malicious activity to gain political,
economic, and military advantage.
The strategy normalizes the Department's efforts in the
cyberspace domain, integrating cyberspace operations into
military operations across all physical domains, and reinforces
the need to prevent or degrade threats before they harm U.S.
national interests.
Our new approach to competition in cyberspace is enabled by
the new Presidential policy on cyberspace operations. Thank you
also to Congress for legislation which clarified that
cyberspace operations are traditional military activities.
Taken together, these changes have advanced the Department's
ability to operate in cyberspace, allowing us to execute
transparent, well-coordinated, and timely operations.
Since last year, I have been focusing on implementing the
DOD Cyber Strategy and effectively closing the gaps identified
in the subsequent congressionally directed Cyber Posture
Review. To this end, I have augmented the expertise and
capacity of the cross-functional team of experts in the Office
of the Principal Cyber Advisor.
We have had a number of successes, including: defining the
cyber operation forces; initiating the first DOD-wide effort to
achieve 100 percent visibility of network devices at the
operating system level; defining what constitutes the
Department's cyberspace operating force and finalizing
readiness standards for the Cyber Mission Force; and, finally,
maturing the concept of layered deterrence.
We have also made progress in operationalizing the new,
more proactive approach in cyberspace. My guidance from the
Secretary is clear: Defending elections is an enduring mission
of the Department of Defense. To that end, we are supporting a
whole-of-government effort to defend the 2020 elections. The
Department, principally through U.S. Cyber Command and NSA's
[National Security Agency's] Election Security Group, is
complementing other Federal departments by leveraging our
unique authorities and capabilities and the proactive approach
to defend forward.
Our new, proactive approach in cyberspace is not limited,
however, to defending elections. Through outstanding
cooperation with the interagency and the NSC [National Security
Council], the Department is able to conduct the full range of
missions articulated in the NDS [National Defense Strategy] and
the DOD Cyber Strategy. Accordingly, our cyber forces are
increasingly engaged in cyberspace to promote stability and
security and to defend the United States. Our interagency and
private-sector partners are key to ensuring that DOD can
operate and project power in a contested cyber environment.
The increasingly provocative activities of key competitors
demonstrate how vulnerable the Department is to attacks against
the many non-DOD-owned assets that are nevertheless critical to
our ability to execute our missions. Their vulnerability means
that adversaries could disrupt military operations without
actually targeting military networks and systems themselves.
To address these challenges, we are strengthening alliances
and attracting new partners to take a whole-of-society approach
to enabling better security and resilience of key assets.
For example, to enable collaboration and unity of effort
between DOD and the Department of Homeland Security in support
of protecting critical infrastructure and defense critical
assets, we have focused on maturing processes and procedures
for cooperation and information-sharing and enabling
operational collaboration.
We have taken a range of actions, including carrying out
combined training events with DHS [Department of Homeland
Security] and private-sector entities and collaborating with
DHS to exchange cyber threat information with private-sector
entities.
We are also finalizing an agreement with DHS, the Federal
lead for improving the security and resilience of much of the
Nation's critical infrastructure, to implement section 1650 of
the fiscal year 2019 NDAA to allow DOD to provide DHS with up
to 50 cybersecurity personnel on a non-reimbursable basis to
enhance cybersecurity cooperation and unity of effort.
The key theme of the DOD Cyber Strategy is strengthening
international alliances and attracting new partners. In 2019,
the Secretary issued new international cybersecurity
cooperation guidance to clarify priorities for addressing cyber
threats through building the capacities of our international
partners and refining responsibilities among DOD components.
The guidance directs how DOD components will
collaboratively pursue the objectives of the National Defense
Strategy, the National Cyber Strategy, and the DOD Cyber
Strategy as they apply to security cooperation in cyberspace.
Thank you for the opportunity to appear before you this
afternoon. With the 2018 National and DOD Cyber Strategies in
place, we are confident that the Department has the right
policy, guidance, authorities, and funding levels to support
the defense of our Nation in cyberspace.
I look forward to continue working with you and our
critical stakeholders both inside and outside the U.S.
Government to build on this process. Thank you.
[The prepared statement of Secretary Rapuano can be found
in the Appendix on page 23.]
Mr. Langevin. Thank you, Secretary Rapuano.
General Nakasone, you are now recognized.
STATEMENT OF GEN PAUL M. NAKASONE, USA, COMMANDER, U.S. CYBER
COMMAND, AND DIRECTOR, NATIONAL SECURITY AGENCY
General Nakasone. Good afternoon, Chairman Langevin,
Ranking Member Stefanik, and distinguished members of the
committee. I look forward to discussing the state of U.S. Cyber
Command in 2020, its 10-year anniversary from when it was
formed.
Today, I want to highlight how Cyber Command is providing
clear returns on the investment the Nation has made in it. In
the statement I submitted for the record, I explained how Cyber
Command is expanding the competitive space for the Department
of Defense. Making this all possible are the contributions made
by our military and civilian personnel and the support you and
the Department of Defense continue to give us.
Let me touch on three issues that are at the forefront of
our efforts today: elections, readiness, and the people that
make up the DOD cyber force.
We are 244 days from the 2020 Presidential election. My top
priority is a safe and secure election that is free from
foreign influence.
Our strategy at Cyber Command, working with NSA and other
partners across the government, is to generate actionable
insights, to harden defenses, and to be ready to impose costs,
if necessary. Malicious actors are trying to test our defenses
and our resolve. We are ready for them and for any others who
may try to interfere with our democratic processes.
I have great confidence in the Cyber Mission Force to
execute missions because it is a mission-ready force. Ten years
ago, our national leaders envisioned a command that could lead
the military's efforts to defend U.S. interests in cyberspace.
Today, that vision is a reality.
The Cyber Mission Force is highly trained, well-equipped,
and manned by our Nation's finest men and women--Active, Guard,
and Reserve military and civilians alike. They provide the
Department of Defense and the Nation with capacity to conduct
defensive activities, like rapid incident response, and they
stand ready to execute a range of cost-imposing operations.
The readiness and operational success of the Cyber Mission
Force is a testament to the quality of our people. Recruiting,
training, developing, and retaining the best talent is
essential for the military to defend the Nation in cyberspace.
I thank you for the legislative flexibility you have
afforded the Department to do just that, such as the creation
of the Cyber Excepted Service to fast-track civilian hiring. I
continue to pursue creative ways to leverage our Nation's best
and brightest who want to contribute to our missions,
especially through closer partnerships with the National Guard
and the Reserves.
Distinguished members of the committee, thank you once
again for your support of U.S. Cyber Command. I look forward to
your questions.
[The prepared statement of General Nakasone can be found in
the Appendix on page 42.]
Mr. Langevin. Thank you, General Nakasone.
We will now go to questions, and I will recognize myself
for 5 minutes.
Let me begin--General Nakasone and Mr. Rapuano, in
December, the Secretary of Defense signed a memorandum to the
Department that created the new term ``Cyber Operations
Force,'' which will now encompass the Cyber Mission Force as
well as other cyber-specific operational elements.
Can you please help us understand how a definition was
decided and which forces were determined to be in the Cyber
Operations Force while other operation elements, such as the
Air Force's mission defense teams, were excluded?
General Nakasone. Chairman, as you are well aware, one of
the authorities that has been granted to me is the joint force
provider role. That is the ability for us at USCYBERCOM and
myself, particularly, to have cognizance over select elements
of our cyber force DOD-wide.
We initially began with looking at the cyber force as only
133 teams, our Cyber Mission Force. But as we realized, given
our three missions, to include securing the Department of
Defense Information Network, we needed to have greater
visibility over a larger force. So that cyber operational force
now is not only 133 teams, but it is also the cybersecurity
service providers, the people that run the networks for each of
the services.
And I would offer, why is that important? That is important
because we want to have the ability to drive training standards
that are equal across all of our services. That is a lesson
that we have learned with our Cyber Mission Force. One training
standard allows us to be interoperable, drives a higher level
of training, drives a higher level of capacity.
Mr. Langevin. Can you talk about which teams were excluded
and which were not?
General Nakasone. We looked very carefully, Chairman, at
each of the service capabilities. And so those cyber elements
that were doing a uniquely service-specific job, such as a
defensive job for unique weapon systems, we looked at that and
we thought that that was a service retain mission and one that
would remain in the cognizance of the services.
Mr. Langevin. So how many people will be part of the new
Cyber Operations Force?
General Nakasone. Roughly, back-of-the-envelope math,
Chairman, I would say the 6,187 that are part of our Cyber
Mission Force. And then I would say probably double that with
regards to our cybersecurity service providers across all four
services.
Mr. Langevin. Okay. All right. Thank you.
So my next question. Cyber Command right now is being
utilized today to a greater degree than ever before. For all
the various mission sets and the demand signal from the
Secretary and the other combatant commanders, do you believe
that the approximately 6,100 personnel in the Cyber Mission
Force is the right size? And if not, what would be the correct
size?
General Nakasone. Chairman, as you know, we created the
Cyber Mission Force in late 2012 and started building it in
2013. It was designed on 133 teams, given the planning that we
had at the time.
What has changed since 2013? We are starting now to do
election support, an enduring mission, as our Secretary has
talked about. We have seen our adversaries have gone from
exploitation, disruption, destruction into influence
operations. We see the defend-forward strategy that our
department has now, what we at U.S. Cyber Command are doing as
persistent engagement, and we see the corresponding hunt-
forward missions. Finally, we see across our services the
necessity not just to defend networks but also to be very
careful in defending our data and our weapons systems as well.
That is a long response to say what we are doing, given all
of those missions, is, through a series of exercises this year,
looking to gather data; what is the right size force that we
need? Obviously, as a commander, I would tell you that I never
have enough forces, but what I do need is I need the ability to
show that in data.
And when we come back to that, we will provide that,
obviously, to the Department. And the Department, through their
process, will make a determination on the right size force.
Mr. Langevin. Okay. And can you talk about the zero-based
review in the 2020 NDAA and how it will address any existing
deficiencies?
And, also, how quickly are the services prepared to grow
the pipeline needed to provide you with the force to fill out
the deficiencies between your current strength and your ideal
size?
Secretary Rapuano. I would note that we had an exercise not
long ago with the Secretary of Defense with the NDS
Implementation Group looking at cyber and went through the
whole framework. General Nakasone did an outstanding job
briefing.
But the issue of our force sizing came up. And there was a
lot of emphasis--just as General Nakasone has just explained,
this was at the very beginning; 2013 versus 2020 is a whole new
paradigm in terms of the evolving threat and in terms of our
evolving understanding of the needs.
So the Secretary directed at the end of that meeting that
we conduct this assessment, which will be supporting the
response to the NDAA requirement.
Mr. Langevin. Okay. Thank you.
The ranking member is now recognized for 5 minutes.
Ms. Stefanik. I am going to yield my time to Rep.
Gallagher.
Mr. Gallagher. Thank you.
And thank you to both of you gentlemen for your active
participation in the Cyber Solarium Commission; General
Nakasone, for making yourself available on numerous occasions
to brief the Commission; and Mr. Rapuano, for being an active
member of the Commission and having an almost perfect
attendance record on the Commission's meetings, which I know is
hard to achieve. And most Members of Congress on the Commission
did not even achieve that attendance record.
So we are really looking forward to unveiling the final
report, which would not have been possible were it not for the
leadership of Chairman Langevin and his active engagement in
it. So we hope it is a start of a very robust discussion about
not only how far we have come under both of your leadership but
how far we still need to go and where we can improve.
And just to kind of follow up on the line of questioning
from the chairman, just to put a point on it, General Nakasone,
since the Cyber Mission Force was created, it is fair to say
the demands on that force have increased.
So, while we can't say here today that you need to increase
the Cyber Mission Force by X number and it is going to cost
this amount of dollars, it would be fair to say, if we were to
do a force structure assessment of the Cyber Mission Force, it
would probably come back with an expanded vision for the Cyber
Mission Force, correct?
General Nakasone. So, Congressman, I would offer that, I
think as we take a look at the expansion missions, that
obviously there will likely be, you know, a corresponding look
at what the proper size needs to be.
If I might, one of the things that I perhaps didn't
emphasize enough that I think really has changed tremendously
is the fact that the strategies, the policies, the authorities
have all changed dramatically even in the past 24 months. And
that has driven a larger OPTEMPO [operational tempo], an
OPTEMPO we can talk about in closed session today. Because I
think you can see, given the right strategy, policies, and
authorities, what this force is able to do.
Mr. Gallagher. And then just to the extent you can, give us
a sense of what your team was doing last night in near-real-
time as you have tried to, kind of, learn the lessons of 2016.
Just give us a taste of what that looks like.
General Nakasone. So, Super Tuesday, yesterday, team comes
in at 6 o'clock in the morning. We have teams ready to go. We
have the interagency up on one chat system, so we are talking
between the Department of Defense, Department of Homeland
Security, intelligence community. We have a very good feel from
elements of our National Guard in certain States of what is
ongoing.
This is all different than what we were doing in 2018. In
2018, I look back on that, even though very successful, it
looks like a pickup game to me, as opposed to what I saw
yesterday--constant communications. ``Hey, we see indications
of a problem here.'' ``Do we see any indications in foreign
intelligence that that might be indicative of someone making a
move?'' ``No, we don't.''
This is the type of interaction--rapid. I think it is
representative of the domain in which we operate, but I think
it is also the idea of we have all of these elements together.
The National Security Council is online. We have a really good
sense of, across the interagency and across the whole of
government, how we operate.
Ms. Stefanik. Reclaiming my time, I am going to yield to
Mr. Waltz to give other members an opportunity.
Mr. Waltz. Thank you.
Just continuing on the election security piece, over 9,000
counties across the United States, different operating systems,
different levels of talent, different funding.
How do we--number one, I think it is worth noting that the
Guard is the only entity that is in all 9,000 counties across
the United States. So, question one, what more can the Guard
do, from an election security piece?
Number two, are we thinking about this in the right way, in
the sense of deterrence, right? Can we possibly bat 1,000? Can
we possibly defend perfectly? Or, if we have a foreign
adversary attacking what we have labeled critical
infrastructure, do we need more of a deterrence posture? And
what would that look like?
General Nakasone. Congressman, if I might begin with what
our strategy is in Election Security Group, because I think
this is a part of the answer to your question.
So what are we doing? We are really operating under three
focus efforts right now. One, how do we generate maximum amount
of insights on our adversaries? We want to know our adversaries
better than they know themselves.
Secondly, how do we improve the defense? How do we work
with the Department of Homeland Security to ensure election
infrastructure is more readily defended? And how do we work
closely with the FBI [Federal Bureau of Investigation] to
provide information to social media companies to ensure that
they have it?
And then, thirdly, how do we impose cost?
I would offer, one of the things that has been to our
advantage is we have the experience of 2018, but the other
thing is that we are not approaching this episodically. Since
the 8th of November in 2018, we have been working this issue,
and we are continuing to look at how do we continue to engage
with our adversaries in a number of different means to ensure
that they understand that we see what they are doing.
Mr. Waltz. I just--I know we are out of time. I think you
are doing a fantastic job. Things are far better than they were
in 2016. But I think we need to make it clear that this is only
going to stop when the other side understands that we have the
capability and will to impose costs on their system. And that
is a sea change. It is kind of like going from counterterrorism
in the 1990s to post-
9/11 in terms of how we are thinking about it.
And I yield my time. Thank you, Ranking Member.
Ms. Stefanik. I yield back.
Mr. Langevin. The gentleman's time has expired.
Mr. Larsen is now recognized.
Mr. Larsen. Thank you, Mr. Chairman.
General Nakasone, along those same lines, we talked a
little bit about this yesterday, but I have had eight townhalls
since the beginning of the year in my district. And every
townhall has its own set of issues. You are in a local area,
they bring up local issues, and so on. But I will say, every
townhall I have had, two sets of questions come up. One of them
is on election security and what are we doing to be ready for
2020.
So the question I asked yesterday, and I was wondering if
you could just cover that, is: Given the fact that some of what
we are doing we can't talk about publicly, you know, how do we
talk about, how do we communicate to the average citizen who
wants to know that the United States is doing its dead level
best? What are the actions that we are taking and what can we
describe to folks about the actions we are taking to ensure the
integrity of the vote?
General Nakasone. Congressman, regarding that question, I
think the discussion point of what we are discussing today is
so important. So what is the Department of Defense doing to
ensure a safe and secure election?
First of all, putting our assets, to include our finest
intelligence from the National Security Agency, operating
outside the United States, to understand what a variety of
adversaries might want to do.
Secondly, working across the government, so the Department
of Defense working across the government with DHS, with the
intelligence community, with other elements, to share
intelligence--I mean, to share insights to improve our
defenses, both at the State and local level for DHS as they
work with the State and local level; also with the FBI, where
they are working with the platform owners of, you know, social
media platforms that are being utilized by our adversaries
often to message our population.
And the third thing is a range of actions that we are
operating today--and we can get into more detail in closed
session--to impose costs on our adversary. Any adversary that
intends to interfere with our democratic process should know
that we are going to take action. We have the authorities, we
have the policy, we have the strategy, we have the will. And we
demonstrated that will in 2018.
Mr. Larsen. This might be for both of you. A lot of focus,
obviously, on election security in the subcommittee today. With
all that you are learning and relearning and putting in the
feedback loop to learn some more about election security, how
else are we using these young women and men who are in Cyber
Command?
Are we creating an expertise in election security as well
as making sure they have the expertise in supporting combatant
commanders for other things? Are we starting to create
divisions--not divisions in a bad way, but sub-agencies within
Cyber Command? Do we have expertise? How are you approaching
that?
General Nakasone. When we stood up our Cyber Mission
Forces, we had three missions that they were dedicated to, as
you will recall: One was defend our networks, two was to
support combatant commanders, and the third piece is to defend
our Nation in cyberspace.
Primarily, we are using the element which is the Cyber
National Mission Force, a unit I know very well, I commanded
previously, as the action arm for defending the Nation in
cyberspace with regards to elections.
I don't think it overly specializes them. In fact, what I
would tell you is we are seeing influence operations across a
spectrum of different actors. And so being able to understand
this, being able to work an election is pretty important for
us.
Mr. Larsen. Okay.
Secretary Rapuano. I would just add to that and the point
that General Nakasone made earlier, this truly is a whole-of-
government and even a whole-of-society exercise.
And one of the greatest shifts that we have seen over time,
even in the last year, is the whole-of-government enterprise
has matured dramatically. First, you have a much better
appreciation for the threat. The perception of the threat is
much more palpable today than I think it has ever been before.
Secondly, you have seen agencies and departments really up
their game. You can look at the Department of Homeland Security
and CISA [Cybersecurity and Infrastructure Security Agency].
You can look at other elements of the DHS, but the FBI and
Justice Department. They bring unique authorities and
capabilities, and they have added significantly.
So it is not about Cyber Command now doing things that
aren't military missions. They are using their military skill
sets, and they are focused on defending forward, getting at the
source of the insult. And they are supporting, through
intelligence and warning and in some cases defense support to
civil authorities, those civil agencies requesting support. So
it gets back to that rapid maturation loop that we have seen in
just one year.
Mr. Larsen. Yeah.
Secretary Rapuano. Thank you. Or 2 years, sorry.
Mr. Larsen. Two years, yeah. Thank you.
And I yield back. Thank you.
Mr. Langevin. Thank you, Mr. Larsen.
Mr. Conaway is recognized.
Mr. Conaway. No questions.
Ms. Stefanik. Can you yield to Bacon, please?
Mr. Conaway. I yield to Bacon.
Mr. Langevin. Mr. Bacon is recognized.
Mr. Bacon. Thank you.
Thank you to both. Appreciate you being here.
I have a related question on the war powers resolution
coming up. It was voted out of the Senate. It implies that we
are doing continuing operations against Iran, which I dispute.
We did a one-time kinetic operation against General Soleimani,
who was in Iraq doing war planning, someone who killed 609
Americans.
But here is my concern. So this will limit kinetic
operations, but I think it also--it doesn't just say
``kinetic.'' It implies any military operations. And what I
wonder about, what is the impact on Cyber Command if this war
powers resolution passes both Houses and becomes law?
Secretary Rapuano. I don't see it impacting Cyber Command
at all, but I will turn to General Nakasone.
General Nakasone. I don't either, Congressman. I see us
continuing to operate below the level of armed conflict. I have
all the authorities and the policies that I need to continue to
operate.
Mr. Bacon. Thank you.
Secondly, there are two articles that talked about our
successful operations in the 2018 election, but I don't think
the voters really know much about it. What can you say as to
your success in the 2018 election to foil what the Russians
were doing?
Secretary Rapuano. I think we can say a lot more in a
closed hearing, but, again, I will turn to ----
Mr. Bacon. And whatever you can publicly say. I think it is
helpful for our citizens to know, though, to the best extent
that we can. Because this is a success, and it is not really
well known.
Secretary Rapuano. So, Congressman, while I won't speak to
the articles, what I will speak to is the fact that, what was
different in 2018.
What was different in 2018 is, again, we had the strategy,
policies, and authorities that we needed to carry out our
missions against an adversary that was attempting to influence
our population.
Secondly, we had the will to act, the will from policy
makers and certainly all the way down, and we acted.
And the third thing is that we have a very, very highly
trained force that is very, very capable.
Mr. Bacon. Thank you.
A third question. When I came in 3 years ago, there was a
discussion of trying to dual-hat--or not dual-hat--put two
different four-stars, one for NSA, one for Cyber [Command].
I thought it was a mistake because I know our teams are
combined, NSA and Cyber, particularly for cyberattack. It is
definitely a synergistic team there. I think it works well to
have a single four-star with two different three-stars.
But is there any more discussions on separating with two
different four-stars, or is this the organizational construct
for the long term, which I hope it is?
Secretary Rapuano. Any decision on the dual-hat arrangement
and changes to the dual-hat arrangement would really be the
considered judgment collectively of the Secretary of Defense,
the Chairman of the Joint Chiefs, and the Director of National
Intelligence.
So that certainly is a possibility, but right now that is
not a focus in terms of what leadership is looking at with
regard to our cyber activities.
Mr. Bacon. Okay. I hope it is not, because I think it is
useful to have a common direction for both the Cyber side and
the NSA side on these teams, and having a single four-star
provides that unified effort. To have two different four-stars,
it could work. It is personality-dependent. But I also think it
is a recipe for disaster. So I think we have the right
construct now.
We have 6,100 people that are serving in the Cyber Mission
Force. Is that the right size? Is this working?
General Nakasone. So certainly it is working. I think
whether or not it is the right size for the future, that is
part of the issue that we are going to take on this year
through a series of different exercises to get the data to take
a look at what is the right size force given the missions and
the requirements from the Department.
Mr. Bacon. One final question, because I have about a
minute and a half left. Obviously, I am interested in this
entire topic. I think you guys do great work.
You know, in the Air Force, they combine their cyber and EW
[electronic warfare] into a common command under Air Combat
Command. But at the combatant command level, we have cyber
under yourself, sir, and then we have also EW under STRATCOM
[U.S. Strategic Command].
Is this organization division, is it working, or do we need
to relook at that?
General Nakasone. Let me address 16th Air Force first,
because I am a huge fan of what General Goldfein has done,
bringing together AFCYBER [Air Force Cyber Command], which was
the 24th Air Force, along with the 25th. Under one commander,
10 wings, able to do cyber, IO [information operations], EW,
intel.
Why is that important? Because, rapidly, the commander of
16th Air Force, AFCYBER, can move with a number of different
opportunities to get at adversaries. And what I just listed
there are all non-kinetic means that have tremendous
capabilities against our adversaries.
So my hat is off to the Air Force.
Mr. Bacon. You don't see any need to make any changes with
the EW/cyber at the combatant level?
General Nakasone. Well, again, I think this is something
the Joint Staff will continue to study.
Mr. Bacon. Okay.
General Nakasone. We are a learning organization. We are a
work in progress. And I think that, as we continue to mature,
it will probably take a look at what is the right laydown of
all the non-kinetic elements.
Mr. Bacon. Right. I personally don't have a position. I was
just curious for yours, so I thank you.
Secretary Rapuano. There are a lot of trades, obviously.
And the more time that we have in the hole, in terms of
operating in each of these areas, particularly the new
warfighting domains--cyber, space--we are going to develop a
better appreciation for where the synergies are and, as
importantly, where the organizational strengths are in terms of
what our structure and business process is.
Mr. Bacon. Okay. Mr. Chairman, I yield back.
And thank you to both these great leaders.
Mr. Langevin. Thank you, Mr. Bacon.
Mr. Brown is now recognized.
Mr. Brown. Thank you, Mr. Chairman.
I have some really basic questions. I will field both of
them. Take the time that you have to devote to it however you
want.
Army, a new accession officer into cyber, can you tell me
about how you bring that officer in, what kind of training they
go through, the assignments they need to be an effective, let's
say,
O-6 in the Cyber Command?
And then the second question I have is, can you assess
publicly--and I know that there have been some reports recently
about, sort of, like, your storage capacity, your ability to
exploit data, to capture adversary information and analyze it.
Can you talk about the infrastructure you have and give me an
assessment, whether you have what you need? Because you take in
a lot of information every day, and do you have what you need
to evaluate it, exploit it, act on it, et cetera?
General Nakasone. Congressman, the question that you ask is
one that I have a tremendous amount of interest in, because our
number one priority at U.S. Cyber Command is our people. And
let me talk a little bit about accessions, particularly for our
Army, because I know that best.
So two major places you are going to come if you are a
cyber officer, either from United States Military Academy or
ROTC [Reserve Officer Training Corps]. I believe that cyber is
the top, if not close to the top, requested branch across Army
in new lieutenants coming in. This is a popular branch that
very, very talented people want to get into.
We accept about 120 a year, if I am not mistaken. And from
that, your initial assignment is going to be at Fort Gordon,
Georgia, for basic officer leadership course, where you have
both the technical, the tactical, the leadership abilities that
are going to be trained as you serve there.
First assignment likely in one of four places: Fort Meade,
Maryland; Fort Gordon, Georgia; Texas; or Hawaii. You are
likely going to be leading one of our offensive or defensive
teams. So a very similar leadership construct that you are
obviously very familiar with, but it also builds in terms of,
as you get more proficient, as you are able to show your
technical prowess, as you are able to lead soldiers, then
greater responsibilities would occur.
In terms of the data, we have, through your strong support
in the committee here, a Joint Cyber Warfighting Architecture
that is being funded right now.
One of the key elements of that is increasing our data. It
is called the Unified Platform. That is now starting to come
online and, over the next year, will be really the central
focus in terms of building this warfighting architecture that
allows us to store data and then be able to conduct operations
worldwide.
Mr. Brown. Thank you.
I yield back, Mr. Chairman.
Mr. Langevin. Thank you, Mr. Brown.
We are going to have to recess here. We have two votes, and
then we will come back for the closed session. I know Mrs.
Trahan had a question she wanted to ask in closed session.
So, at this point, then, unless there are any further
questions--Ms. Stefanik, do you have any more questions?
Ms. Stefanik. No questions.
Mr. Langevin. We will adjourn, and we will come back to
closed.
[Whereupon, at 4:10 p.m., the subcommittee proceeded in
closed session.]
=======================================================================
A P P E N D I X
March 4, 2020
=======================================================================
=======================================================================
PREPARED STATEMENTS SUBMITTED FOR THE RECORD
March 4, 2020
=======================================================================
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
=======================================================================
QUESTIONS SUBMITTED BY MEMBERS POST HEARING
March 4, 2020
=======================================================================
QUESTIONS SUBMITTED BY MR. SCOTT
Mr. Scott. When it is time for service members to leave Active
Duty, either through retirement or voluntary separation, they often
seek and take employment in industry because of a federally mandated 6-
month cooling-off period before they can be hired as Federal civilian
employees. Should this restriction be relaxed or waived entirely for
these well trained and fully credentialed military cyber professionals?
General Nakasone. Recruiting and retaining top talent is my core
priority for building the force at U.S. Cyber Command. I am also
committed to ensuring that hiring decisions are undertaken fairly and
within the letter and spirit of existing laws and regulations. I
support the DOD legislative proposal to amend the statute to allow the
hiring of retired military information technology (IT) and cyberspace
professionals to DOD IT and cyberspace positions without the 180-day
cooling-off period.
Mr. Scott. What is the relationship between the U.S. Cyber Command
and the United States Coast Guard? What impact does the Coast Guard's
aging IT infrastructure have on their ability to secure their networks
against the latest cyber threats?
General Nakasone. The Coast Guard Cyber a service component of U.S.
Cyber Command and also a critical bridge with the Department of
Homeland Security. The Coast Guard's Cyber Protection Team offers
capacity to support the Coast Guard's defensive missions and protect
their IT infrastructure from cyber threats. CG Cyber has 28 members
detailed to USCYBERCOM headquarters, who carry out responsibilities in
support of global cyber operations, long-term planning, exercises, and
training. The Commandant of the Coast Guard has launched an effort to
prioritize addressing the Service's aging technology infrastructure,
and remains committed to defending its portion of the DODIN in
accordance with the direction set by USCYBERCOM. The Service is fully
equipped and postured to protect its mission critical cyber terrain and
effectively leverages its relationships with DOD and DHS to thwart
adversaries and emerging threats.
Mr. Scott. Should some of the recruiting standards be relaxed to
recruit future cyberwarriors?
General Nakasone. The military services do an exceptional job of
recruiting talent to man the uniformed portion of cyber mission force.
I have no issues with service-specific recruiting standards. I, along
with the Service Cyber Components, have the ability to recruit
civilians directly through the Cyber Excepted Service, where military
recruiting standards do not apply.
Mr. Scott. You mention in your testimony that violent extremist
organizations also have used the internet to command and control
forces, to recruit, and to spread terrorist propaganda. What about the
VEO's use of the internet for fundraising?
General Nakasone. Violent Extremist Organizations use a variety of
methods to fundraise, including Internet-based techniques. Joint Task
Force Ares is the component of U.S. Cyber Command that leads efforts to
counter violent extremist activity online. They work with partners
throughout the federal government to generate insight about the tactics
of these extremists, and they support the development of options to
counter them.
Mr. Scott. How does CYBERCOM leverage commercial threat information
providers? How does CYBERCOM share information?
General Nakasone. USCYBERCOM leverages commercial threat
information providers in three important ways. First, companies offer
finished reports about cyber actors and their tactics derived from data
they collect and research they conduct. This kind of finished reporting
supplements USCYBERCOM's analytic understanding of our adversaries.
Second, companies provide access to structured datasets that help
USCYBERCOM conduct deeper research. Finally, other companies offer a
stream of structured event data that can improve situational awareness
of real-time threats. While some contracts limit how USCYBERCOM can
share data, USCYBERCOM elements can blend information from many
providers into aggregate products that can be shared with other
partners.
Mr. Scott. The Cyber Mission Force has long been comprised of
approximately 6,100 personnel, is this the right size, given the
demands of the nation?
General Nakasone. The strategic environment has changed since the
standup of the CMF in 2012. Over this coming year, USCYBERCOM, in
partnership with the Joint Staff and Department of Defense, intends to
gather data and assess how the CMF force aligns with and should be
sized to meet the current missions it must execute.