[House Hearing, 116 Congress]
[From the U.S. Government Publishing Office]
U.S.-IRAN TENSIONS: IMPLICATIONS FOR HOMELAND SECURITY
=======================================================================
HEARING
before the
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED SIXTEENTH CONGRESS
SECOND SESSION
__________
JANUARY 15, 2020
__________
Serial No. 116-57
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.govinfo.gov
__________
U.S. GOVERNMENT PUBLISHING OFFICE
41-269 PDF WASHINGTON : 2020
COMMITTEE ON HOMELAND SECURITY
Bennie G. Thompson, Mississippi, Chairman
Sheila Jackson Lee, Texas Mike Rogers, Alabama
James R. Langevin, Rhode Island Peter T. King, New York
Cedric L. Richmond, Louisiana Michael T. McCaul, Texas
Donald M. Payne, Jr., New Jersey John Katko, New York
Kathleen M. Rice, New York Mark Walker, North Carolina
J. Luis Correa, California Clay Higgins, Louisiana
Xochitl Torres Small, New Mexico Debbie Lesko, Arizona
Max Rose, New York Mark Green, Tennessee
Lauren Underwood, Illinois Van Taylor, Texas
Elissa Slotkin, Michigan John Joyce, Pennsylvania
Emanuel Cleaver, Missouri Dan Crenshaw, Texas
Al Green, Texas Michael Guest, Mississippi
Yvette D. Clarke, New York Dan Bishop, North Carolina
Dina Titus, Nevada
Bonnie Watson Coleman, New Jersey
Nanette Diaz Barragan, California
Val Butler Demings, Florida
Hope Goins, Staff Director
Chris Vieson, Minority Staff Director
C O N T E N T S
----------
Page
Statements
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Chairman, Committee on
Homeland Security:
Oral Statement................................................. 1
Prepared Statement............................................. 2
The Honorable Mike Rogers, a Representative in Congress From the
State of Alabama, and Ranking Member, Committee on Homeland
Security:
Oral Statement................................................. 3
Prepared Statement............................................. 4
Witnesses
Ms. Barbara A. Leaf, Director, Geduld Program on Arab Politics,
Washington Institute:
Oral Statement................................................. 6
Prepared Statement............................................. 8
Mr. Vincent Stewart, Special Advisor and Chairman, Board of
Advisors, Middle East Media Research Institute:
Oral Statement................................................. 12
Prepared Statement............................................. 14
Mr. Thomas S. Warrick, Nonresident Senior Fellow, Atlantic
Council:
Oral Statement................................................. 22
Prepared Statement............................................. 24
Mr. Anthony J. Tata, CEO and President, Tata Leadership Group:
Oral Statement................................................. 27
Prepared Statement............................................. 29
For the Record
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Chairman, Committee on
Homeland Security:
Letter From the Jewish Federations of North America............ 63
U.S.-IRAN TENSIONS: IMPLICATIONS FOR HOMELAND SECURITY
----------
Wednesday, January 15, 2020
U.S. House of Representatives,
Committee on Homeland Security,
Washington, DC.
The committee met, pursuant to notice, at 10:03 a.m., in
room 310, Cannon House Office Building, Hon. Bennie G. Thompson
[Chairman of the committee] presiding.
Present: Representatives Thompson, Jackson Lee, Langevin,
Richmond, Correa, Torres Small, Underwood, Slotkin, Green of
Texas, Titus, Barragan, Demings; Rogers, King, Katko, Higgins,
Green of Tennessee, Joyce, Crenshaw, Guest, and Bishop.
Chairman Thompson. The Committee on Homeland Security will
come to order.
The committee is meeting today to receive testimony on
``U.S.-Iran Tensions: Implications for Homeland Security.''
Without objection, the Chair is authorized to declare the
committee in recess at any point.
Good morning. Today the committee is meeting to examine the
Homeland Security implications of the recent escalation in
U.S.-Iran tensions in the wake of the killing of Qassem
Soleimani. Iran and Iranian-linked terrorists have shown a
capability and willingness to conduct terrorist attacks against
the United States and our allies and interests abroad. Clearly
the escalation of tensions between the United States and Iran
could have dire consequences for the security of the homeland.
More broadly, the suspension of U.S.-led counterterrorism
efforts against ISIS in the region ostensibly, in order to
focus on the threat from Iran and its proxies may allow ISIS to
reconstitute in unsecured areas of Iraq and Syria. This would
dramatically undermine the fight against ISIS and make U.S.
interests abroad and home less safe.
As Members of Congress we have an obligation to do
everything in our power to protect our constituents by
defending the Nation from physical attacks, cyber attacks and
influence campaigns designed to undermine our democracy and
sway public opinion in favor of Iran, or its friends.
I am deeply concerned that President Trump has no strategy
and his administration has failed to plan adequately for
addressing the Homeland Security consequences that might follow
military actions in Iran. The administration must immediately
put forward a measured comprehensive strategy that accounts for
potential threats to the homeland from Iranian actors and their
proxies.
As part of that strategy, the Department of Homeland
Security must ensure it is prepared for all contingencies
related to the escalation in U.S.-Iran tensions. I look forward
to a frank discussion today about what the strategy should be.
I am particularly interested in understanding how Iran could
use its relatively sophisticated cyber capabilities against
State and local governments and critical infrastructure to
extract revenge for the death.
We need to understand whether potential targets are
prepared to defend against Iranian cyber threats and what the
Federal Government can do to help them if they are not.
Although there have been no specific threats to the critical
infrastructure, escalation of tensions with any adversary
demands that we take stock of all the current measures we
employ to defend ourselves. This is particularly true in the
case of Iran, a country that is unpredictable in its responses
and hide behind proxies and sympathizers to do its dirty work.
Toward that end I would be remiss if I did not note that
the Chemical Facilities Anti-Terrorism Standards Program is set
to expire in April. Although the House has begun work on
reauthorizing this important antiterrorism program, the Senate
has not. At this point it is unclear if the Senate intends to
work with the House to reauthorize the program. I urge the
Senate to begin work on this National security priority. It
would be irresponsible to allow the program to lapse at this
time.
Finally, in recent weeks we have seen an uptick in Iran's
influence activity on social media. I do not need to tell
anyone here that it is an election year and influence activity
is bound to increase. Given the committee's election security
work, I am concerned Iran might escalate its influence
activities as we approach the election and what more the
Federal Government and its private-sector partners should be
doing to counter Iranian messaging.
We need to be prepared to confront and defend against
Iran's influence efforts and ensure the integrity of our
democracy and our most sacred institutions. We are fortunate to
be joined by witnesses with vast experience with the Department
of State, Defense, and Homeland Security as well as expertise
in matters related to Iran.
I look forward to a productive discussion today and remain
committed to ensuring this committee does its part to help
secure the homeland from threats posed by Iran, its proxies, or
any other who would seek to do to harm to Americans.
The Chair now recognizes the Ranking Member of the full
committee, the gentlemen from Alabama, Mr. Rogers, for an
opening statement.
[The statement of Chairman Thompson follows:]
Statement of Chairman Bennie G. Thompson
January 15, 2020
Today, the committee is meeting to examine the homeland security
implications of the recent escalation in U.S.-Iran tensions in the wake
of the killing of Qasem Soleimani. Iran and Iranian-linked terrorists
have shown a capability and willingness to conduct terrorist attacks
against the United States and our allies and interests abroad. Clearly,
the escalation of tensions between the United States and Iran could
have dire consequences for the security of the homeland. More broadly,
the suspension of U.S.-led counterterrorism efforts against ISIS in the
region, ostensibly in order to focus on the threat from Iran and its
proxies, may allow ISIS to reconstitute in unsecured areas of Iraq and
Syria. This would dramatically undermine the fight against ISIS and
make U.S. interests abroad and home less safe.
As Members of Congress, we have an obligation to do everything in
our power to protect our constituents by defending the Nation from
physical attacks, cyber attacks, and influence campaigns designed to
undermine our democracy and sway public opinion in favor of Iran or its
friends. I am deeply concerned that President Trump had no strategy and
his administration has failed to plan adequately for addressing the
homeland security consequences that might follow military action in
Iran. The administration must immediately put forward a measured,
comprehensive strategy that accounts for potential threats to the
Homeland from Iranian actors and their proxies.
As part of that strategy, the Department of Homeland Security must
ensure it is prepared for all contingencies related to the escalation
in U.S.-Iran tensions. I look forward to a frank discussion today about
what that strategy should be. I am particularly interested in
understanding how Iran could use its relatively sophisticated cyber
capabilities against State and local governments and critical
infrastructure to exact revenge for the death of Soleimani. We need to
understand whether potential targets are prepared to defend against
Iranian cyber threats, and what the Federal Government can do to help
them if they are not. Although there have been no specific threats to
critical infrastructure, escalation of tensions with any adversary
demand that we take stock of all the current measures we employ to
defend ourselves. This is particularly true in the case of Iran, a
country that is unpredictable in its responses and hides behind proxies
and sympathizers to do its dirty work.
Toward that end, I would be remiss if I did not note that the
Chemical Facilities Anti-Terrorism Standards Program is set to expire
in April. Although this House has begun work on reauthorizing this
important anti-terrorism program, the Senate has not. At this point, it
is unclear if the Senate intends to work with the House to reauthorize
the program. I urge the Senate to begin work on this National security
priority. It would be irresponsible to allow the program to lapse at
this time.
Finally, in recent weeks, we have seen an uptick in Iran's
influence activity on social media. I do not need to tell anyone here
that it is an election year, and influence activity is bound to
increase. Given this committee's election security work, I am concerned
Iran might escalate its influence activities as we approach the
election and what more the Federal Government and its private-sector
partners should be doing to counter Iranian messaging. We need to be
prepared to confront and defend against Iran's influence efforts and
ensure the integrity of our democracy and our most sacred institutions.
We are fortunate to be joined by witnesses with vast experience
with the Departments of State, Defense, and Homeland Security and
expertise in matters related to Iran. I look forward to a productive
discussion today and remain committed to ensuring this committee does
its part to help secure the homeland from threats posed Iran, its
proxies, or any others who would seek to do America harm.
Mr. Rogers. Thank you, Mr. Chairman. Iran has been
escalating tensions in the Middle East for decades. Since the
Nuclear Deal was signed, Iran's malign activities have only
increased.
The $100 billion in assets released by the Obama
administration helped Iran enhance the manpower and capability
of its terrorist proxies. It helped Iran to conduct vicious
cyber attacks on private industry and allied nations. It
enabled them to grow their missile stockpiles and improve their
lethality.
Six months after it signed the JCPOA, Iran conducted
ballistic missile test with missiles carrying the inscription,
``Israel should be wiped off the Earth''. It is clear that the
Obama-era policies of appeasement did not work. The President
was right to take the United States out of the JCPOA and
reimpose sanctions.
The President understood that the JCPOA was not going to
contain Iran. That flawed deal was doing nothing to end the
very clear and direct threat the Iranian regime poses to the
United States, Israel, and the rest of our allies. For over a
decade, Iran has funneled money, terrorists, and advanced
weapons to its proxies in Iraq, Syria, and Lebanon, who used
them to attack U.S. troops and Israeli citizens.
In doing so, Iran is responsible for the deaths of over 600
Americans. The latest American murdered at the hands of Iran
was a civilian contractor and father of 2 young children in
California. Fortunately, the President took decisive action to
eliminate the brutal terrorist primarily responsible for his
death and the deaths of thousands of others.
Qassem Soleimani was sanctioned as a terrorist by the
United Nations and the Obama administration. For over 20 years
he lived at IRGC's Quds Force, a foreign terrorists'
organization. Soleimani was not visiting Baghdad because it was
a great holiday destination. He was there with--as some peace
envoy--he was not there as some peace envoy. He was there to
meet with a leader of a terrorist group to plan more attacks on
Americans.
The President used the law and his Constitutional authority
as commander-in-chief to eliminate this terrorist mastermind
before he could kill again. For the first time in years Iran
received the message that there will be no real consequences
should they continue to threaten--that there will be real
consequences should they continue to threaten the United States
and our allies.
I hope Iran understands this message and finally ends their
malicious and destabilizing actions in the Middle East. I also
hope that the Iranian regime understands that the United States
will not hesitate to defend our homeland against any threat
that they advance.
For years the Department of Homeland Security, FBI, and
other law enforcement partners have kept close watch on Iran's
intentions and its capability to strike our homeland. The
threat from Iran is real. We know they continue to shelter
senior al-Qaeda leaders and allow them to conspire with other
terrorists.
We have witnessed their cyber attacks on our industry and
local government. We thwarted their plots to conduct
assassinations in the United States and we have arrested their
operatives for surveilling critical infrastructure and plotting
attacks on our homeland. We must remain vigilant in the face of
these threats. It is more important than ever for Americans to
report suspicious activity to law enforcement at every level to
share information and intelligence on threats to our security.
Nearly all committee Members attended the threat briefing
with senior DHS officials last week to learn more about the
Iranian threat and the Department's response. I want to commend
the Acting Secretary Wolf for the actions the Department is
taking to mitigate the threat from Iran. I look forward to
continuing this committee's bipartisan efforts to ensure DHS
has the authority and resources it needs to successfully
counter the threat from Iran and other sponsors of terror.
I thank the witnesses for coming and I thank each of them
for their service to our Nation. I look forward to a
constructive hearing and good discussion on what actions the
Government should take to counter the threat from Iran, and I
yield back.
[The statement of Ranking Member Rogers follows:]
Statement of Ranking Member Mike Rogers
January 15, 2020
Iran has been escalating tensions in the Middle East for decades.
Since the nuclear deal was signed, Iran's malign activities have
only increased.
The $100 billion in assets released by the Obama administration
helped Iran enhance the manpower and capability of its terrorist
proxies.
It helped Iran to conduct vicious cyber attacks on private industry
and allied nations.
It enabled them to grow their missile stockpiles and improve their
lethality.
Six months after it signed the JCPOA, Iran conducted ballistic
missile tests with missiles carrying the inscription ``Israel should be
wiped off the earth.''
It is clear the Obama-era policies of appeasement did not work.
The President was right to take the United States out of the JCPOA
and reimpose sanctions on Iran.
The President understood that the JCPOA was not going to contain
Iran.
That flawed deal was doing nothing to end the very clear and direct
threat the Iranian regime poses to the United States, Israel, and the
rest of our allies.
For over a decade, Iran has funneled money, terrorists, and
advanced weapons to its proxies in Iraq, Syria, and Lebanon, who used
them to attack U.S. troops and Israeli citizens.
In so doing, Iran is responsible for the deaths of over 600
Americans.
The latest American murdered at the hands of Iran was civilian
contractor and father of 2 young children in California.
Fortunately, the President took decisive action to eliminate the
brutal terrorist primarily responsible for his death and the deaths of
thousands of others.
Qussem Souleimani was sanctioned as a terrorist by the United
Nations and the Obama administration.
For over 20 years, he led the IRGC's Quds Force, a foreign
terrorist organization.
Souleimani was not visiting Baghdad because it's a great holiday
destination.
He wasn't there as some peace envoy.
He was there to meet with the leader of a terrorist group to plan
more attacks on Americans.
The President used the law and his Constitutional authority as
commander-in-chief to eliminate this terrorist mastermind before he
could kill again.
For the first time in years, Iran received the message that there
will be real consequences should they continue to threaten the United
States and our allies.
I hope Iran understands this message and finally ends their
malicious and destabilizing actions in the Middle East.
I also hope the Iranian regime understands that the United States
will not hesitate to defend our homeland against any threat they
advance.
For years, the Department of Homeland Security, the FBI, and other
law enforcement partners have kept close watch on Iran's intentions and
its capability to strike our homeland.
The threat from Iran is real.
We know they continue to shelter senior al-Qaeda leaders and allow
them to conspire with other terrorists.
We've witnessed their cyber attacks on our industry and local
government.
We've thwarted their plots to conduct assassinations in the United
States.
We've arrested their operatives for surveilling critical
infrastructure and plotting attacks on the homeland.
We must remain vigilant in the face of these threats.
It is more important than ever for Americans to report suspicious
activity and for law enforcement at every level to share information
and intelligence on threats to our security.
Nearly all committee members attended a threat briefing with senior
DHS officials last week to learn more about the Iranian threat and the
Department's response.
I want to commend Acting Secretary Wolf for the actions the
Department is taking to mitigate the threat from Iran.
I look forward to continuing this committee's bipartisan efforts to
ensure DHS has the authority and resources it needs to successfully
counter the threat from Iran and other sponsors of terror.
I thank the witnesses for coming and I thank each of them for their
service to our Nation.
I look forward to a constructive hearing and a good discussion on
what actions the Government should take to counter the threat from
Iran.
Chairman Thompson. Thank you very much. Other Members of
the committee are reminded that under the committee rules
opening statements may be submitted for the record.
I welcome our panel of witnesses today. Our first witness,
Ambassador Barbara A. Leaf is the Ruth and Sid Lapidus fellow
and director of the Geduld Program of Arab Politics at the
Washington Institute for the Near East policy. Ambassador Leaf
served as U.S. Ambassador to the United Arab Emirates from 2014
to 2018.
Next we are joined by Lieutenant General Vincent R. Stewart
who served as a special advisor and chairman of Middle East
Media Research Institute Board of Advisors. Lieutenant General
Stewart formally served as the deputy commander of the U.S.
cyber command and director of the Defense Intelligence Agency.
We also are joined by Mr. Thomas Warrick, a non-resident
senior fellow at the Atlantic Council. Mr. Warrick previously
served as the deputy assistant secretary for counter-terrorism
policy at the Department of Homeland Security from 2008 to
2019.
Finally, we are joined by Brigadier General Anthony Tata,
the CEO and president of Tata Leadership Group. After retiring
from a 28-year career in the United States Army, Brigadier
General Tata recently served as North Carolina's Secretary of
Transportation.
Without objections the witnesses' full statement will be
inserted in the record.
I now ask each witness to summarize his or her statement
for 5 minutes beginning with Ambassador Leaf.
STATEMENT OF BARBARA A. LEAF, DIRECTOR, GEDULD PROGRAM ON ARAB
POLITICS, WASHINGTON INSTITUTE
Ms. Leaf. Chairman Thompson, Ranking Member Rogers,
distinguished Members of the committee, what comes next after
the January 3 killing of Quds Force commander Qassem Soleimani
and a senior Iraqi militia commander?
In my view we cannot take literally Foreign Minister
Zarif's statement that with Iran's missile strikes on U.S.
Forces in Iraq, Iran has concluded proportionate measures in
self-defense. Rather, we are in a pause in an escalatory cycle.
The factors driving this cycle are numerous, although
Soleimani's quest to drive the United States from the region is
long-standing.
The essential stalemate between Washington's maximum
pressure campaign and Tehran's maximum resistance campaign:
Tehran's view that it is already in a war, an economic war
waged by the United States. Its leaders' conviction that they
have staying power and tools that the United States lacks.
Attacks on shipping, assassinations, terrorism, formidable
regional proxies, providing Tehran myriad ways to continue
countering U.S. pressure. Thus the impasse. Thus the continuing
threats.
I will focus here on Iraq and the Persian Gulf where Tehran
will almost certainly revert to a campaign of pressure. In
Iraq, Tehran has long judged, enjoys a decisive advantage over
the United States in influence and coercive tools. In the Gulf,
Tehran has repeatedly demonstrated to Washington's closest
allies their strategic role and abilities are acute,
notwithstanding the presence of longstanding U.S. military
facilities and thousands of U.S. service members.
In Iran, Soleimani leaves behind a well-oiled disciplined
machine acting on behalf of a regionally powerful, if
economically stressed, state. In Iraq, Iranian-affiliated
militias are pushing hard to fulfill his vision, forcing the
departure of the 5,000 strong U.S. military training mission.
The pressure is unrelenting within the government on Shia and
Kurdish politicians and most brutally against Iraqi protestors
who reject both Iranian interference and the recent threat-
induced parliamentary vote.
The Iraq of 2020 aptly reflects Soleimani's efforts in
Iraq, always weak vis-a-vis Iran and the government, itself,
suborned and weakened by a set of proxy armed actors not under
the state's control and largely pliant under Iranian direction.
Today some 3 dozen such militias operate in Iraq commanding
some 60,000 members.
They flout Iraqi law and the Constitution, operate training
sites and arms depots that are no-go zones for the Iraqi
security forces. They have repeatedly targeted U.S. military
sites and U.S. diplomatic facilities over the past 18 months;
participate in Iran's program to transfer advance missile
technology to Lebanese Hezbollah and targeted the Saudi East
West Pipeline.
Whether these militias will take on a future Hezbollah
style role abroad, acting on Iran's behalf is as yet an open
question. While fully half of the 70- to 80,000 U.S. forces
deployed in the Middle East are ranged across the 6 GCC
countries, these countries have felt extraordinarily exposed
and vulnerable amidst escalating tensions between the United
States and Iran, and Iranian attacks on Gulf energy
infrastructure and oil tankers in 2019.
They are acutely vulnerable to Iran's full suite of
asymmetrical tools, cyber in particular. A prolonged takedown
of the electrical grids alone would be devastating. I will say
that the administration's responses throughout that period of
last year's attacks by Iran were contradictory and somewhat
confusing.
This and the lack of U.S. response to the earlier attacks
appear to have led Tehran to calculate that it bore little risk
of reprisal, especially in September 2014. Why do these
activities in the Gulf or in Iraq via proxies, matter for U.S.
Homeland Security?
Number 1, oil. Notwithstanding the new U.S. role as an
energy mega giant, oil remains a global commodity, its price
affected directly by security or insecurity in the Persian
Gulf, carrying a knock-on effect for economies including our
own.
Number 2, counterterrorism. Our ability to pursue robust
counter-terrorism efforts with dependable allies directly
affects our security at home. Sustaining critical training for
Iraqi security forces, intelligence sharing and acquisition
leading the enduring defeat of ISIS in Iraq and Syria are now
very much in question. ISIS cell attacks in Iraq alone last
year numbered nearly 900.
If we are compelled to pull U.S. trainers from Iraq,
sustaining them in Syria will be impossible in my view.
Finally, regional stability. In Karim Sadjadpour's words,
Qassem Soleimani's sinister genius was marshalling both Sunni
and Shia extremists to bring a wrecking ball earlier to the
U.S. project in Iraq, then building out a foreign legion to
expand Iran's influence far across the Arab Middle East.
This project of constructing parallel institutions to the
state that suborn it and follow foreign direction is vividly on
display in Iraq, Syria, and Lebanon. It's a recipe for chronic
instability and insecurity across a widening arc of territory
that is home to nearly 70 million people, the globe's fourth-
largest oil producer, source of a global extremist scourge and
source of more than 8 million refugees.
Thank you.
[The prepared statement of Ms. Leaf follows:]
Prepared Statement of Barbara A. Leaf
January 15, 2020
Chairman Thompson, Ranking Member Rogers, distinguished Members of
the committee, thank you for the opportunity to come before the
committee today to discuss a set of issues which has gripped the U.S.
Government, the Congress, and indeed, much of the American public for
the last 2 weeks. The subject you have asked me and my fellow panelists
to address is a critical one--the homeland security implications of
rising U.S.-Iran tensions; specifically, what we might anticipate in
the aftermath of the U.S. lethal targeting of Qassem Soleimani on
January 3. I would like to acknowledge up front a debt I owe to the
invaluable primary research and analysis on the Shia militias that form
Qassem Soleimani's ``foreign legion'' of proxies, done by my colleagues
at the Washington Institute, Phillip Smyth and Michael Knights, work
which has been invaluable background for my discussion today.
Four days after Soleimani's death, Iran responded dramatically,
with a volley of ballistic missiles directed at 2 bases hosting U.S.
military trainers in Iraq. We cannot take FM Javad Zarif's statement
immediately afterwards--that Iran has ``concluded proportionate
measures in self-defense''--as a signal that Tehran's missile strike
definitively brings this matter to a close, however. Rather, we are in
a pause in an escalatory cycle, one in which the United States and Iran
are very likely to find themselves once again facing decisions on a
kinetic response, sooner rather than later.
The factors driving this cycle are numerous, although Soleimani's
vision to drive the United States from the region is long-standing--the
essential stalemate between Washington's ``maximum pressure campaign''
and Tehran's ``counter-pressure campaign'' sets the more immediate
context; Iran's move up the escalatory ladder was on vivid display last
summer in the waters of the Persian Gulf, against Saudi Aramco, and in
repeated attacks on U.S. military and civilian personnel in Iraq.
Tehran's view is that it is already in a war, an economic war waged by
the United States, but its leaders are equally convinced that they have
staying power and tools that the United States lacks. Iran has
developed doctrine, systems, and methods for operating in the ``gray
zone'' rather than in head-on conventional conflicts, and its array of
asymmetrical tools, which range from attacks on shipping,
assassination, terrorism, to a formidable array of regional proxies
provide it the way to continue countering U.S. pressure. While wreaking
revenge. As Suzanne Maloney put it recently, ``The regime's
determination to end the American siege is magnified by an ideological
and strategic zeal to settle scores for Soleimani's death, to preserve
or even expand the footprint that he achieved for Iran across the
broader Middle East, and ideally emerge from this crisis with some big
strategic gain, such as durably eroding U.S. presence and influence in
the broader Middle East.''
I would like to focus in my remarks on the geo-political
ramifications of Jan. 3, in particular in Iraq and the Persian Gulf,
two arenas where Tehran is most likely to look for opportunities to
avenge Soleimani's death. It is there that Tehran will almost certainly
revert to a campaign of pressure and attacks. In Iraq, Tehran has long
judged it enjoys a decisive advantage over the United States in
influence and coercive tools. In the Gulf, Tehran has repeatedly
demonstrated to Washington's closest allies that their strategic
vulnerabilities are acute, notwithstanding the presence of long-
established U.S. military facilities and thousands of U.S. service
members.
If ever two adversaries of the United States brought on their own
deaths, it was Iranian Quds Force Commander Qassem Soleimani and Jamal
Jaafar Ibrahimi (AKA Abu Mahdi Al Muhandis), commander of the Iraqi
militia Kata'ib Hezballah. Killed as they departed Baghdad airport
together, Soleimani and Al Muhandis were long-time collaborators in a
common project to target U.S. troops to drive them out of Iraq; their
pioneering handiwork in the use of explosively-formed projectiles (EFP)
killed hundreds of U.S. service members and maimed thousands more. More
recently, KH's task from Soleimani--to harass and target U.S. military
personnel with repeated shelling of training sites over much of 2019--
finally resulted in the death of an American on Dec. 27; the U.S.
response 2 days later, targeting 5 KH sites, was met with a violent
assault by the militia and its supporters on the U.S. Embassy in
Baghdad.
Both architect and orchestrator of Iran's destructive regional
policies in Syria, Lebanon, Iraq, Yemen, and Bahrain, Soleimani had
achieved a singular stature in Iran and in the wider Middle East by
dint of his own extraordinary media profile and the multiple successes
he claimed on behalf of Tehran: For turning the tide of Syria's civil
war to Bashar Al Assad's favor; for being first on the battlefield in
2014 as ISIS forces surged across northern Iraq toward Erbil; for his
small-investment-huge-payout decision to train and equip Yemen's
Houthis with advanced missile technology, such that they could strike
deep into Saudi territory, threaten the UAE and put international
shipping in the Bab Al Madeb at risk; for his unmatched role as
kingmaker or breaker in Iraq, in no small part through the network of
militias he had created, groomed, trained, and resourced from the early
months after the 2003 invasion of Iraq. As my colleague, Phillip Smyth,
has neatly put it, ``Iran's Shia militia network are their true nuclear
program and one that has achieved measurably huge results for Tehran''
in the region.
At the time of his death Soleimani thus appeared to be a Colossus
bestride the region. He was a cult figure for Iran's legions of foreign
Shia proxies, and an interlocutor respected and feared in equal measure
by officials in Iran's near-beyond.
But if Soleimani's demise at U.S. hands has electrified both
regional and foreign audiences, the operation's second major casualty--
collateral damage or intended target, depending on the U.S. official
asked--is potentially as impactful for Iraq, and therefore for U.S.
interests. Al Muhandis was both head of the most powerful militia in
Iraq, Kata'ib Hezballah, and as Deputy Commander of the PMF exerted
far-reaching command and control over nearly 50 other organizations in
the PMF network; his killing will have direct bearing on the future of
the U.S. military presence in Iraq and our ability to counter terrorist
threats to the U.S. homeland.
iraq
History shows us that removing a leader of violent movements--even
one as supremely capable, influential, and charismatic as Soleimani--is
rarely sufficient on its own to permanently disrupt the trajectory of
events or even the organization itself. In Iran, Soleimani leaves
behind a well-oiled, disciplined machine acting on behalf of a
powerful, if economically stressed, state. Iran's Supreme Leader moved
immediately to appoint Ismail Qaani, Soleimani's deputy in the Quds
Force, as successor. This move reinforced the dual message of
organizational continuity and Iran's relentless commitment to the
Resistance cause. In the days to follow, IRGC leaders underlined the
latter point in public messaging: With the commander of the IRGC
flanked by the flags of member groups of regional resistance, including
that of Iraq's Hashd al Shaabi, and with IRGC-Quds Force commander
Qaani's meeting with individual commanders of Iraq's Shia militia
community.
In Iraq, a hard push by Iranian-affiliated militias--through their
representation at the highest levels of the Iraqi government and their
political representation in the parliament--has resumed to affect the
departure of the 5,000-strong U.S. military training mission. Qassem
Soleimani's project for post-ISIS Iraq was to end the U.S. military
presence in Iraq, and with its departure, to reduce to the degree
possible U.S. influence there. An earlier effort in Iraq's Council of
Representatives in the spring of 2019 was sidelined. But in the wake of
Soleimani's death, the Council passed a non-binding resolution
requesting the government begin the process for ending the foreign
troop presence in Iraq; passed with a fraudulent quorum, the vote was
obtained after overt threats by KH and its allies against MPs.
Notwithstanding those threats, virtually all Kurdish and Sunni MPs
stayed away from the vote. And notwithstanding the fraudulent nature of
the parliamentary vote, Iraq's acting PM repeatedly announced his
request of the United States to begin consultations on winding up the
U.S. military mission.
The pressure by Iranian-backed militias is unrelenting--within the
government, on the acting PM, on Shia and Kurdish politicians, and most
brutally, against the throngs of Iraqi protestors across Baghdad and
southern, Shia-dominated Iraq, who have rejected both Iranian
interference and the recent threat-induced parliamentary vote.
Prominent Iraqi militia leaders like Asaiab Ahl Al Haq's Qais al
Khazali have publicly declared that Tehran's missile strike, while
honoring Soleimani, would not suffice as a response for Al Muhandis'
death. Iraqi militia leaders have made overt threats to resume kinetic
targeting of U.S. military personnel; indeed, there have been several
instances of rockets falling in Baghdad since the Iranian missile
strikes. For the moment, Iraq's Iranian-affiliated militia community
appears to be following Tehran's direction to pause, but that is a
pause likely to be short-lived.
the pmf problem
Iraq's evolution since 2003 has been as much shaped by Qassem
Soleimani's vision for the country as by the energy, money, and lives
spent under 3 successive U.S. administrations. Soleimani's focus on
Iraq was unblinking and unsparing; his approach reflected the
perspective of a war-time generation of leaders, that Iraq posed the
foremost National security threat to Iran. Thus Soleimani worked
methodically and largely successfully for a set of unvarying objectives
there: An Iraq always weak vis-a-vis Iran, its Shia-majority political
class reliant on and deferential to his ``guidance,'' and above all,
the government itself suborned and weakened by a set of proxy armed
actors not under the State's control and largely responsive to Iranian
direction. Today approximately 3 dozen such militias operate in Iraq,
commanding some 60,000 members.
The Iraq of 2020 aptly reflects Soleimani's efforts. With the
departure of U.S. troops in 2011, Iraqi militias were re-directed by
Soleimani to Syria's civil war, where they gained critical battlefield
experience, under IRGC-QF direction fighting on behalf of Bashar Al
Assad. In the crisis of ISIS' surge across northern Iraq in 2014 and
with Grand Ayatollah Sistani's exhortation to Iraqi youth to volunteer
for the fight, Soleimani oversaw and shaped directly the explosion of
Iraqi militias and took a role on the battlefield in directing their
efforts. In 2016 the militias were folded formally into the Iraqi
security forces and termed the Popular Moblilization Forces. Iraqi
National Security Advisor Falah Fayyad is double-hatted as its
commander, but the real power to the organization lay with its Deputy,
KH Commander Abu Mahdi Al Muhandis--not with the PM, to whom,
Commander-in-Chief, the PMF notionally reported. Securing the funding
of the state, the member militias of the PMF from the outset retained a
dual-key chain of command, retaining primary loyalty to their political
commanders, many of whom in turn followed Iranian ``guidance,'' if not
direction.
These militias flout Iraqi law and the constitution in myriad ways;
they did so in recruiting fighters for Syria, and they do so currently
in operating training sites and arms depots that are no-go zones for
the Iraqi security forces. But nowhere has that allegiance to a set of
leaders outside the State--outside Iraq itself--been more evident than
in the repeated targeting of U.S. military training sites and U.S.
diplomatic facilities by KH, AAH and other militias for the past 18
months; their participation in Iran's program to transfer advanced
missile technology to Lebanese Hezballah; and KH's targeting of the
Saudi East-West pipeline.
Thus is born a militia state, or one at real risk of becoming so.
With the fall of Mosul to Iraqi government forces in December 2017, the
Iraqi government should have moved to complete the transformation or
compulsory demobilization of the constituent members of the PMF into
the ISF. It was unable to do so. As recently as September 2019 the
Iraqi PM felt compelled to issue an ultimatum to the PMF to hand over
weaponry to the state, permit ISF access to militia arms depots and
bases, and to cease all unlicensed activities. The reason? Press
reports identifying KH as the entity behind the May 2019 attack on
Saudi Arabia, and months of apparent foreign airstrikes on KH arms
depots that were supporting Iran's work to transfer advanced missile
technology to Lebanon for Hezballah. But to no effect.
With Abu Mahdi Al Muhandis's death, and a successor still unnamed,
the key Iraqi militias of significance, closest to Iran, remain in a
state of uncertainty. They are maneuvering rapidly to try to shape the
next government, however.
The most important of the militias closely affiliated with the Quds
Force--the Badr Organization, Kata'ib Hezballah, Asaib Ahl Al Haq,
Kata'ib Al Imam Ali, Kata'ib Sayyid Al Shuhada--also command the lion's
share of the PMF rank and file, 18-25,000 for Badr alone, and the rest
comprising somewhere in the range of 31,000 members. They have all
deployed ``in-theatre''--in Syria; several participate actively in
Iran's ``precision missile'' project to move parts and technology from
Iran through Iraq and Syria to Lebanon; several have engaged in lethal
support and training for extremists in Bahrain, and 1--KH--to date has
engaged in attacks outside Iraq/Syria, on Saudi Arabia. While smaller
by far in numbers, the phenomenon of drawing foreign fighters into
their ranks from Europe (generally dual-national citizens) to fight in
militia ranks in Syria has been observed. One possible model for the
future--the risk of reverse flows, establishment of cells abroad as
Hezballah has done successfully--should certainly not be ruled out.
the gulf
The long-standing U.S. military presence in the Middle East ranges
currently between 50-65,000 personnel, fully half of whom at any given
time may be stationed in the 6 Gulf Cooperation countries. While the
U.S. naval presence in Bahrain, now headquarters of the Fifth Fleet,
dates back to the late 1940's, our operating presence in the other Gulf
countries largely date to immediately after the first Gulf War; U.S.
forces in Saudi Arabia being a particularly sensitive issue internally,
the United States has not had ``permanent'' stationing of troops there
since 2003, although the administration has sent several thousand to
the Kingdom in recent months in response to last year's attacks on
Saudi energy infrastructure by Iran.
Yet despite that presence, there is no question that the GCC
countries--with the possible exception of Oman--have felt
extraordinarily exposed and vulnerable for the last 8 months, a period
of sustained, escalating tensions between the United States and Iran
and thinly-disguised attacks by the latter on Gulf energy
infrastructure and oil tankers traversing the Gulf. Persian Gulf energy
fuels the world economy, meeting nearly 20 percent of global demand.
But these small and vulnerable states are also uniformly embarked on
efforts to diversify their economies away from fossil fuel dependency,
redefining themselves as hubs for tourism, transportation, finance and
banking, and manufacturing--sectors which depend every bit as global
oil markets do on a secure and stable environment.
Notwithstanding decades-long huge investments by the GCC countries
in U.S. and European weapons systems, including missile defense, these
6 countries remain hugely vulnerable. With small populations, economies
which have developed with a significant dependency on expatriate labor,
the GCC countries are particularly vulnerable to Iran's full suite of
asymmetrical tools, cyber in particular. For countries that rely on
desalinization for 95 percent of their potable water supply, that
import 90-95 percent of their foodstuffs, that have diversified their
economies by making themselves hubs for global trade, air traffic,
shipping and finance, a prolonged takedown of the electrical grid alone
would be devastating.
U.S.-Iran tensions soared with the administration's announcement in
April 2019 that it would aim to ``drive to zero'' Iran's oil exports; a
stark U.S. warning to Iran followed on May 5--asserting intelligence
indicated possible Iranian intentions to target American citizens or
facilities in the Gulf and Iraq--that any Iranian attack on ``U.S.
interests or those of its partners (would) be met with unrelenting
force.'' Iran responded exactly 1 week later with attacks on 4 tankers
berthed off the UAE coastline; 2 days later, the Saudi East-West
pipeline was hit by explosive-bearing drones, later determined to have
been launched by one of Iran's closest proxies in Iraq, Kata'ib
Hezballah. Thus ensued months of thinly-veiled attacks by Iran--on a
U.S. drone, on Saudi oil pipelines, on foreign tankers, and most
spectacularly on Sept 14, on the heart of the Saudi energy enterprise
in Abqaiq.
The administration's responses throughout these months were
contradictory and confusing. Secretary Pompeo made an early trip to
Baghdad to warn Iraqi leaders--who we can be certain passed this
message immediately to Tehran--that the United States would respond
immediately, forcefully to any move against an American citizen. But
this warning--and U.S. non-response to the series of Iranian attacks
against Gulf partners, international shipping, even to the downing of a
U.S. drone--had the ironic effect of so strictly de-limiting what would
be ``off limits'' that it appears Tehran boldly calculated it could
land a strategic strike on Saudi Arabia and bear little risk of
reprisal. This calculation was borne out, in fact.
In the aftermath of Soleimani's death and Iran's for-now limited
response, the question for Washington's Gulf partners remains
unanswered--does the U.S. security umbrella extend to them? If Iran
returns to attacks on shipping or energy infrastructure, will the
United States respond--and if so, how? If Saudi Arabia suffers a
further, more devastating attack, what then?
conclusion
Americans are pressed by the events of the last 2 weeks to ask: Why
do Iran's activities in the Gulf or in Iraq, via proxies or directly,
matter for U.S. homeland security?
No. 1: Oil: notwithstanding the new U.S. role as an energy mega-
producer, oil remains a global commodity, its price affected directly
by security--or insecurity--in the Persian Gulf, carrying a knock-on
effect on global economic health, including our own. The administration
appears uncertain about how much longer the United States should wear
the mantle of ensuring the free and unconstrained flow of energy and
commerce in the Persian Gulf. Iran picked up on that ambivalence, as
did our Gulf partners.
No. 2: Counter-terrorism: Our ability to pursue robust counter-
terrorism efforts in concert with dependable allies goes directly to
our security at home. Whether we will be able to sustain a critical
capability-building mission for Iraqi security forces, benefit in
intelligence-sharing and gathering from being there on the ground, and
help direct efforts to drive toward an enduring defeat of ISIS in Iraq
and Syria are now very much in question. ISIS cell attacks in Iraq
alone numbered nearly 900 in 2019. And if we are compelled--or choose--
to pull U.S. trainers from Iraq, sustaining them in Syria is likely to
be impossible. In the same vein, the relations of trust and confidence
and influence that we sustain with our Gulf partners are critical to CT
efforts by/through/with their policy makers, intelligence, defense, and
finance officials.
No. 3: Regional stability: Karim Sadjapour aptly noted this week
Qassem Soleimani's ``sinister genius'' in marshalling both Sunni and
Shia extremists to bring a wrecking ball early on to the U.S. project
in Iraq, then building out ``a foreign legion'' to expand Iran's
influence far across the Arab Middle East. Soleimani's terrible
legacy--constructing parallel institutions to the state that suborn and
overpower it, and follow foreign direction--is vividly on display in
Iraq. It is a recipe for chronic instability and insecurity across a
widening arc of territory that is home to nearly 70 million people;
home to the globe's fourth-largest oil producer, source of a global
extremist scourge, source of more than 8 million refugees.
What should the United States do? Navigating the turbulence
besetting Iraq will be paramount, to ensure the critical U.S.-led
Coalition counter-terrorism mission there can endure, and U.S. military
trainers can operate safely. That will require more vigorous and more
visible engagement from Washington, backstopping the tough work in
which our Ambassador and diplomatic staff in Baghdad and Erbil are
engaged. And to be most effective, that effort should be robustly
multilateral, drawing on the Coalition and the United Nations. Much has
been made this past week on the administration's support for Iran's
protestors, but shockingly little attention has been spared for Iraqis
who have suffered and died for more than 3 months to press many of the
same demands. Washington should unequivocally signal support for the
protestors across Iraq seeking a new government, via early, clean
elections; those same protestors have been the victims of Soleimani's
militia project, targeted for assassination and brutal repression in
the streets. Washington should focus its pressure, with targeted
sanctions on both the senior government officials and the militia
commanders responsible for the repression.
While the administration has asserted that ``deterrence has been
restored'' with Soleimani's death, it is fair to ask when it was lost.
And deterrence, to be enduring and effective, cannot be built on a
single action, however dramatic. The U.S. security umbrella for the
Persian Gulf is well-tattered, and an honest discussion between the
United States and its partners on how to restore it--including what
that requires of our quarreling partners--is long overdue.
Finally, it goes without saying that the time for vigorous
diplomatic work is also upon us, lest the United States and Iran simply
return to what I think of as a 40-year-long frequently violent non-
relationship. The asymmetrical threats to U.S. interests and security,
to those of our friends in the region, that Qassem Soleimani
constructed in more than 2 decades of dedicated work will not be undone
through economic sanctions alone, nor do they lend themselves for the
most part to a military response.
As Ariane Tabatabai wrote in 2019, ``One thing the Iranians do not
lack is options. The regime can use the (threat network) as a strike
force to further its foreign policy goals in the region.'' The United
States, too, has a range of options to contend with any of the threats
to homeland security--indirect or otherwise--that Iran considers over
the months ahead. One of the most important options for the
administration to exercise now is diplomacy, even as we keep economic,
cyber, covert, and conventional military tools at the ready to contain,
deter, and disrupt Iranian resort to asymmetrical warfare. As the dust
settles on the 2 matching ``black swan'' events of the last 2 weeks--
the most consequential U.S. strike on a foreign government official in
modern times, and the first conventional Iranian attack on U.S. forces
since the Iran-Iraq war--it is time to turn swiftly to identify the
channel and the pathway to negotiations.
Chairman Thompson. Thank you for your testimony.
I now recognize Lieutenant General Stewart to summarize his
statement for 5 minutes.
STATEMENT OF VINCENT STEWART, SPECIAL ADVISOR AND CHAIRMAN,
BOARD OF ADVISORS, MIDDLE EAST MEDIA RESEARCH INSTITUTE
General Stewart. Good morning, Chairman Thompson, Ranking
Rogers, and other distinguished Members of the committee.
I'm honored to be here as an advisor to the Middle East
Media Research Institute, an organization for the last 20 years
that looked at the social and intellectual currents within
Iran. I'd like to step back just a little bit as we talk about
this situation in Iran as this continues to unfold.
I believe it is more important than ever that we pause and
put whatever short-term actions Iran takes into longer-term
context, via Iran's desired end-state. We should strive to
remember during times of tension that the regime's tactical
actions are ultimately a means to an end and not the ends
themself.
With that I'd like to start with Iran's theory of victory
or their desired end-state. Iran believes that it is the
dominant regional and cultural power, and the United States and
its allies in the region are impediments to Iran's desired end-
state. The Iranian government believes they are the victim of
U.S. actions, are, in fact, rational actors protecting the
region and themselves from undue foreign influence.
Iran believes it will successfully force the United States
to leave the region. But the question is since we are obviously
stronger conventionally, how does Iran believe it can
accomplish its end-state? Iran understands that its military
capabilities will not deter the United States from conducting
military actions and that they would eventually be overmatched
by our armed forces.
Iran has built a capable force of an imposed cost on the
United States, its allies, its forward staging basis and its
interest in the region, but cannot militarily match U.S.
capabilities in the long term. However, Iran views asymmetric
activities as a viable cost means--low-cost means to eject the
United States from the region. Iran's asymmetric warfare can be
viewed as a three-legged stool comprising of support to malign
actors and terrorists, information operations, and a range of
cyber activities.
All of these components are part of a long-term campaign to
make the U.S. cost of staying in the region untenable while
eroding support for the United States and avoiding the
threshold of an overt U.S. military response. Since Iranian
military support to terrorists and malign actors is covered in
the extensively and classified reporting, I'll focus on the
second and third legs of the stool.
Iranian information operations, influence operations are
not well-understood and target several audiences, but most
important is their own domestic population, which the regime
seeks to keep united around nationalism and a perceived
victimhood. Like-minded terrorists, militants, and religious
groups are also key constituencies.
Iran's fastest-growing audience are international, Russia
and China, and increasingly U.S. allies in the region and
abroad. Last, I want to highlight that with the rise of social
media and the ease of transmitting messages, the Iranians
increasingly see different factions inside the United States as
information operation targets. That includes building upon the
divide between Democrats and Republicans and convincing the
American people that we have no interest in the region that the
only thing we can expect from the region is enduring warfare,
and therefore we should withdraw.
So what are some of the messages from the Iranians?
Geography matters. Iran has no options of leaving the region.
We have a population of 80 million people. They have a rich
history of culture and heritage and we will be here when the
Americans leave. In spite of the propaganda, what they perceive
as U.S. propaganda that they are destabilizing the region, that
they are, in fact, rational actors on the international stage
and conform to international norms of behavior. They go through
this litany. ``We have complied with the joint comprehensive
plan of action. We have taken the responsible action to defend
our country after the attack on Soleimani'', and so they
continue to emphasize those messages.
The bottom line on Iranian information operations is this:
Anything that gives the regime narrative a boost is a victory
on the path to Iran's theater victory. Their three-legged stool
of asymmetric warfare is carefully calibrated.
The cost of U.S. presence is high while cultivating an
image of being rational actors and victims. All actions and the
reactions must be viewed through those lens. The third leg of
their asymmetric warfare is cyber space and we will spend a
good bit of time talking about that during this hearing. Since
the Stuxnet event, Iran has embarked upon a comprehensive
approach; developed both offensive and defensive cyber
capabilities. We have seen them exercise those capabilities
against nation-states, Saudi Aramco, against small companies,
against our own financial system, and the Sands Casino in 2017.
In the interest of time, the Iranians are not as capable as
the Russians or Chinese, but they have expressed their intent
to develop both offensive and defensive capabilities. They are
partnering with other countries to learn, share, and counter
our interests. They have demonstrated an ability to conduct
attacks, incurring costs to private U.S. companies, foreign
entities in the multi-billion--million-dollar ranges. They will
include cyber space operations as a key component of their
asymmetric response to the killing of Soleimani. What makes
this foreign threat so unique is that this is the one area
where the U.S. Government is essentially telling the U.S.
private sectors to fend for yourself. I'll stop there and I
look forward to your questions.
[The prepared statement of General Stewart follows:]
Prepared Statement of Vincent Stewart
``All men can see these tactics whereby I conquer, but what none can
see is the strategy out of which victory is evolved.'' Sun Tsu
Good morning Chairman Thompson, Ranking Member Rogers, and other
distinguished Members of the committee. I'm honored to appear before
you today as special advisor and chairman of the board of advisors of
the Middle East Media Research Institute (MEMRI), to discuss U.S.-Iran
tensions and implications for homeland security. I am proud to be a
part of an independent institution which has for over 20 years been at
the forefront of documenting and analyzing political, social, and
intellectual currents in Iran.
As the situation with Iran continues to unfold, I believe it is
more important than ever that we pause and put whatever short-term
actions Iran takes into the longer-term context of Iran's desired end-
state. We should strive to remember during times of tension that the
regime's tactical actions are ultimately a means to an end, and not the
ends themselves.
``If you know the enemy and know yourself, you need not fear the result
of a hundred battles. If you know yourself but not the enemy, for every
victory gained you will also suffer a defeat. If you know neither the
enemy nor yourself, you will succumb in every battle.'' Sun Tsu
With that I'd like to start with Iran's ``theory of victory'' or
desired end-state. Iran believes it is the rightful dominant regional
and cultural power, and that the United States and its allies in the
region are the impediments to Iran's desired end-state. The Iranian
government believes they are the victims of U.S. actions and are in
fact the rational actor protecting the region and themselves from undue
foreign influence. Iran believes it will successfully force the United
States to leave the region. But the question is, since we're obviously
stronger conventionally, how does Iran believe it will accomplish its
end-state?
Iran understands that its military capabilities will not deter the
United States from conducting military actions, and that they would
certainly be overmatched by our armed forces. Iran has built a capable
force that would impose costs on the United States, its allies, its
forward-staging bases and its interest in the region but cannot
militarily match United States' capabilities in the long term.
However, Iran views asymmetric activities as a viable, low-cost
means to eject us from the region. Iran's asymmetric warfare can be
viewed as a three-legged stool comprising support to malign actors and
terrorists, information operations, and a range of cyber activities.
All of these components are part of a long-term campaign to make the
U.S. cost of staying in the region untenable while eroding support for
the United States and avoiding the threshold for an overt U.S. military
response. Since Iranian military support to terrorists and malign
actors can best be viewed through the lens of Classified reporting,
I'll focus on the second and third legs of the stool and their
implications.
Iran's information operations are not well-understood and target
several audiences. The most important is their own domestic population,
which the regime seeks to keep united around nationalism and perceived
victimhood. Like-minded terrorists, militants, and regional religious
groups are also a key constituency. Iran's fastest-growing audiences
are international: Russia and China, and increasingly U.S. allies in
the region and abroad. Last, I want to highlight that with rise of
social media and ease of transmitting messages, the Iranians
increasingly see different factions inside the United States as
information operations targets. That includes building upon the divide
between Democrats and Republicans and convincing the American people
that we have no interest in the region, that the only thing we can
expect from the region is enduring warfare and therefore we should
withdraw.
But if those are Iran's information operations targets, what are
its messages? Their messages include the following and all support
Iran's theory of victory:
Geography matters, we Iran, have no options of leaving the
region, we have a population of 80 million people with a rich
3,000+ year history, culture, and heritage--we will be here
when the Americans leave.
In spite of U.S. propaganda that suggests we are the most
de-stabilizing force in the region, we are in fact, the
rational actor on the international stage and we conform to
international norms of behavior.
We were abiding by the Joint Comprehensive Plan of Action
(JCPOA) agreement, but the United States withdrew from the
agreement and imposed economic sanctions to force
renegotiations of an agreement that the other parties continue
to support.
Our most capable General was the subject of a targeted
assassination while visiting a sovereign country with the
attempt to provoke an escalation and drag us into war.
In response to this targeted assassination, we responded in
a proportional manner and launched missiles at U.S. bases in
self-defense with the aim of de-escalating the situation.
Because the missile attack would take place in the sovereign
state of Iraq, we alerted the Iraqis, in advance of our missile
strikes in compliance with international norms.
We will ultimately prevail in ejecting the United States
from the region because we have the moral high ground and you
lack the will to persist in the region.
The bottom line on Iranian information operations is this: Anything
that gives the regime's narratives a boost is a victory on the path
toward Iran's theory of victory. Their three-legged stool of asymmetric
warfare is carefully calibrated to make the costs of the U.S. presence
high while cultivating an image of being the rational actor and victim.
All actions and reactions must be viewed through that lens.
The third leg of Iran's asymmetric efforts are in cyber space. Iran
views cyber space as a vital tool of statecraft and internal security
that must be developed in order to undermine enemies and threats to the
regime. Iranian doctrine calls for cyber operations as a low cost and
often plausibly deniable way to collect information and retaliate
against threats. For these reasons Iran often uses proxies to hide
cyber operations.
Following the 2010 Stuxnet attack on Iran's uranium-enriching
capabilities, Iran invested heavily in cyber defenses and capability.
Since then it is thought to have carried out some major cyber attacks,
including the 2017 attack on Saudi Aramco with the Shamoon virus,
following which that network had to be almost completely rebuilt. Also,
the 2018 attack on the Italian oil company Saipem, using a version of
Shamoon, impacted hundreds of the company's servers as well as personal
computers in the UAE, Saudi Arabia, Scotland, and India. Also probed,
and hit, were a small dam in update New York in 2016, and the Sands
Casino in Las Vegas in 2014.\1\ In 2018, the Department of Justice
(DoJ) charged 9 Iranians in a wide-scale cyber-theft campaign, stealing
more than 31 terabytes of documents and data from more than 140
American universities and 30 American companies. Previously in March
2016, the United States charged 7 Iranians for a coordinated campaign
of DDoS attacks against 46 companies, mostly in the U.S. financial
sector, from late 2011 through mid-2013. In November 2019, Iranian
hackers were going after employees at major manufacturers and operators
of industrial control systems used by power grids, manufacturing, and
oil refineries.\2\
---------------------------------------------------------------------------
\1\ npr.org/2020/01/09/794816793/Federal-authorities-warn-of-irans-
cyber-threat-capabilities, January 9, 2020.
\2\ zdnet.com/article/hard-disk-wiping-malware-phishing-and-
espionage-how-irans-cyber-capabilities-stack-up/, January 7, 2020;
Forbes.com/sites/kateoflahertyuk/2020/01/06/the-iran-cyber-warfare-
threat-everything-you-need-to-know/#29ba0b3015aa, January 6, 2020.
---------------------------------------------------------------------------
The U.S. intelligence community's World-wide Threat Assessment of
January 2019 said that Iran was attempting to build cyber capabilities
that would enable attacks against critical infrastructure in the United
States and elsewhere. It stated that ``Iran has been preparing for
cyber attacks against the United States and our allies'' and that it
was capable of ``localized, temporary disruptive effects''--including
disrupting a large company's corporate networks for days to weeks.\3\
---------------------------------------------------------------------------
\3\ https://www.dni.gov/files/ODNI/documents/2019-ATA-SFR_SSCI.pdf.
---------------------------------------------------------------------------
After the January 3 killing of IRGC Qods Force commander Qassem
Soleimani, the Department of Homeland Security released on January 4,
2020 a bulletin warning about Iran's ``robust cyber program,'' stating
that ``Iran is capable, at a minimum, of carrying out attacks with
temporary disruptive effect against critical infrastructure in the
Unites States'' and that ``an attack in the homeland may come with
little or no warning.''\4\
---------------------------------------------------------------------------
\4\ dhs.gov/sites/default/files/ntas/alerts/
20_0104_ntas_bulletin.pdf, January 4, 2020.
---------------------------------------------------------------------------
On January 8, Acting DHS Secretary Chad Wolf tweeted that he had
``visited the team at Cybersecurity and Infrastructure Security Agency
to discuss cyber threats, election security, Iranian cyber capabilities
& the impressive work CISA does to protect critical infrastructure.
They've been training for years & stand vigilant to respond to any
threat against the homeland should one arise.''\5\ Later that day, the
House Homeland Security Committee tweeted that ``foreign cyber attacks
could pose a serious threat to our Nation.''\6\
---------------------------------------------------------------------------
\5\ twitter.com/DHS_Wolf/status/1214948930070482951, January 8,
2020.
\6\ twitter.com/HomelandDems/status/1215018179828822018, January 8,
2020.
---------------------------------------------------------------------------
iran's cyber threat capabilities
On January 6, 2020, the Cybersecurity and Infrastructure Security
Agency (CISA) described the Iranian cyber threat:\7\
---------------------------------------------------------------------------
\7\ cisa.gov/insights, January 6, 2020.
---------------------------------------------------------------------------
``Iran and its proxies and sympathizers have a history of
leveraging cyber and physical tactics to pursue National interests,
both regionally and here in the United States, such as:
Disruptive and destructive cyber operations against
strategic targets, including finance, energy, and
telecommunications organizations, and an increased interest in
industrial control systems and operational technology.
Cyber-enabled espionage and intellectual property theft
targeting a variety of industries and organizations to enable a
better understanding of our strategic direction and policy
making.
Disinformation campaigns promoting pro-Iranian narratives
while pushing anti-U.S. sentiments.
Attacks against U.S. citizens and interests abroad and
similar attacks in the homeland.
Unmanned aircraft system (UAS) attacks against hardened and
soft targets.''
official u.s. statements
An FBI spokesperson said: ``While our standard practice is to not
comment on intelligence products, the FBI is aware of the continued
possibility that retaliatory actions could be taken against the United
States and its interests abroad. [ . . . ] While there is no specific
or credible threat to the homeland at this time, we urge the public to
be vigilant and report any suspicious activity to law enforcement. As
always, we will work with our intelligence and law enforcement partners
to gather, share, and act upon threat information.''\8\
---------------------------------------------------------------------------
\8\ thehill.com/policy/cybersecurity/477434-fbi-dhs-issue-bulletin-
warning-of-potential-iranian-cyberattacks, January 8, 2020.
---------------------------------------------------------------------------
A January 9 DHS press release about a meeting between Acting
Secretary Wolf, CISA, and FEMA stated that ``there are currently no
specific, credible threats against our homeland.'' The press release
also noted that ``Iran has a history of leveraging asymmetric tactics
to pursue national interests beyond its conventional capabilities, and
its use of offensive cyber operations is an extension of that doctrine.
CISA is urging all organizations to assess their cyber readiness and
take steps to protect their networks and assets, including adopting a
state of heightened awareness, increasing organizational vigilance,
confirming reporting processes, and exercising incident response
plans.''\9\
---------------------------------------------------------------------------
\9\ dhs.gov/news/2020/01/09/acting-secretary-wolf-receives-updates-
fema-and-cisa-traveling-honduras, January 9, 2020.
---------------------------------------------------------------------------
round-up of recent cyber incidents with iranian involvement \10\
---------------------------------------------------------------------------
\10\ csis.org/programs/technology-policy-program/significant-cyber-
incidents, accessed January 9, 2020.
---------------------------------------------------------------------------
January 6, 2020.--The website of the Texas Department of
Agriculture was hacked and its home page replaced with an image
of Soleimani and the text ``hacked by Iranian Hacker.''\11\
Texas Governor Greg Abbot tweeted: ``Attempted cyber attacks
from Iran against Texas agency website are occurring about
10,000 per minute.''\12\
---------------------------------------------------------------------------
\11\ thehill.com/policy/cybersecurity/477408-texas-department-of-
agriculture-website-featured-pro-iran-image-after, January 8, 2020.
\12\ twitter.com/GregAbbott_TX/status/1214955296721903618, January
2, 2020.
---------------------------------------------------------------------------
November 2019.--Microsoft security researchers found that in
the last year, an Iranian hacker group carried out ``password-
spraying attacks'' on thousands of organizations, but since
October, have focused on the employees of dozens of
manufacturers, suppliers, or maintainers of industrial control
system equipment and software.
October 2019.--The NSA and GCHQ found that a Russian cyber
espionage campaign had used an Iranian hacking group's tools
and infrastructure to spy on Middle Eastern targets.
October 2019.--Iranian hackers targeted more than 170
universities around the world between 2013 and 2017, stealing
$3.4 billion worth of intellectual property and selling stolen
data to Iranian customers.
October 2019.--Iranian hackers conducted a series of attacks
against the Trump campaign, as well as current and former U.S.
Government officials, journalists, and Iranians living abroad.
September 2019.--Iranian hackers targeted more than 60
universities in the United States, Australia, United Kingdom,
Canada, Hong Kong, and Switzerland in an attempt to steal
intellectual property.
July 2019.--An Iranian hacking group targeted LinkedIn users
associated with financial, energy, and government entities
operating in the Middle East.
July 2019.--U.S. Cybercommand issued an alert warning that
Government networks were being targeted with malware associated
with a known Iran-linked hacking group.
May 2019.--Iran developed a network of websites and accounts
used to spread false information about the United States,
Israel, and Saudi Arabia.
statements by iranian officials on cyber issues
May 28, 2019.--``The Dejfa [``Digital Fortress''] apparatuses
include 10 separate interconnected apparatuses. They are an example of
a strong fortress [dejfa in Farsi] that primarily guards the country in
light of cyber attacks. These apparatuses were created domestically and
launched under the command and direction of the MAHER Center [MAHER is
the Farsi acronym for Center for Handling and Responding to Cyber
Events]. Dejfa is a comprehensive security program that includes a
range of security apparatuses. Dejfa identifies a huge part of the
threats found on-line, particularly on the National information
network, and neutralizes them. It should be noted that the apparatuses
that make up Dejfa are not limited only to identifying and confronting
threats on the National information network; they also identify threats
in infrastructure, on the internet, on equipment networks, on cell
phones, in industrial equipment and . . . neutralize them.
``Dejfa is used to discover damage done by malware on-line, such as
bots, identifying the type of malware by anti-virus collection and
neutralization. [Using Dejfa] we identify DDoS attacks and neutralize
them. Additionally, we analyze the damage that is reported according to
international protocols, and confront it. Dejfa also exposes the
threats and risks in the protocols of websites. Through Dejfa, users
are taught to test the penetrability of software that operates on the
internet, and to search for the level of the strikes against equipment
that is used in the country and to confront them. With Dejfa, automatic
security assessment is carried out in the apparatuses that operate in
cyber space, and if they are found to be lacking the required security,
alerts are issued.''\13\
---------------------------------------------------------------------------
\13\ YJC.ir/fa/news, May 28, 2019.
---------------------------------------------------------------------------
December 13, 2019.--Iranian Information and Communications
Technology Minister Mohammad-Javad Azari Jahromi tweeted about the
thwarting of a cyber attack on Iran: ``An organized cyber attack
against the Iranian government's electronic systems was identified and
thwarted by the Dejfa cyber defense. The attack was carried out as part
of the known APT27 attack and was aimed at spying on government data.
Servers with the file of the data for spying were identified, and we
identified the perpetrators of the attack.''\14\
---------------------------------------------------------------------------
\14\ https://twitter.com/azarijahromi/status/1206071513222467585.
---------------------------------------------------------------------------
December 9, 2019.--Iranian Passive Defense Organization chairman
Gen. Gholamreza Jalali said on the subject of a national internet for
Iran: ``It is true that this [government] support for a national
internet [in Iran] came late, but in any event we should be glad that a
positive discussion about a national intranet for Iran has found a
place also among senior government officials. I personally thank
[Iranian President Hassan] Rohani. In my opinion, now is the best time
to require all the apparatuses to complete the national internet . . .
``The Majlis must require the government to complete all phases of
the national internet by March 2021. One of the most important areas of
the national internet that now has flaws is an Iranian search engine.
Its lack was recently felt in the internet cutoff [during the November
2019 revolt].
``The second priority of the national internet services is an
Iranian email [platform] . . . Likewise, the Majlis must determine the
fate of the domestic CDN and DNS . . .
``This matter of a national internet and its urgency must be
clearly explained to public opinion. The establishment of this network
is not aimed at cutting off the international internet but is
infrastructure that will allow the public to enjoy the fast, quality
services of a national internet and at the same time will boost
internet speed in the country. We are striving for independence in
cyber space . . . ''\15\
---------------------------------------------------------------------------
\15\ farsnews.com, December 9, 2019.
---------------------------------------------------------------------------
December 9, 2019.--``One of essential things for completing the
national intranet is a national metadata [apparatus for searching,
cycling, cataloging, and limiting access to data on the internet]. If
we want to provide international-level service, this project must be
carried out, because the foundation of most of the new services is in
metadata.''\16\
---------------------------------------------------------------------------
\16\ farsnews.com, December 9, 2019.
---------------------------------------------------------------------------
December 8, 2019.--Iranian President Rohani said at a Majlis
session during the presentation of the 2020-2021 budget: ``Since the
beginning of the 11th government, broadband capability has been
increased 20 times over. This process will continue until we succeed in
strengthening the national intranet, such that the public will not need
international intranet. Recently, Supreme Leader Khamenei issued an
order in this matter. We will monitor the implementation of this order
in the Supreme Council of Cyberspace, and our public will notice better
conditions in this area . . . ''\17\
---------------------------------------------------------------------------
\17\ President's website, president.ir/fa/112698, December 8, 2019.
---------------------------------------------------------------------------
December 2, 2019.--Iranian Passive Defense Organization Chairman
Gen. Gholamreza Jalali said about the need for a national intranet that
Iran is ``striving for a model of implementing the regime in cyber
space that will be based on our regime's principles and logic . . .
Recent events have proven a number of things on the matter of the
national intranet. One of them is that the need for a national network
was strongly felt. This network is expected to be independent of a
foreign network . . . ''\18\
---------------------------------------------------------------------------
\18\ https://www.memri.org/tv/irgc-general-gholamreza-jalali-head-
iran-civil-defense-organization-waze-israeli-tools-demonstrations-need-
intranet; https://www.shahrekhabar.com/political/157536384011529.
---------------------------------------------------------------------------
November 26, 2019.--Gen. Jalali said: ``Today the area of war is
not necessarily military, but is in the arena of culture, economy,
cyber, and the creation of science--all are arenas of struggle and
supreme effort. Therefore, now is a golden opportunity for the Basij
members to enter the various arenas and create victory in all the
realms . . . ''\19\
---------------------------------------------------------------------------
\19\ IRNA, November 26, 2019.
---------------------------------------------------------------------------
November 24, 2019.--IRGC Deputy Commander Gen. Ali Fadavi said:`` .
. . The internet is a means by which America carries out its evil
deeds. The Islamic Revolutionary Front will certainly enter into this
matter in order to create an internal network for the internet, such
that the enemy will not be able to do evil via the internet.''\20\
---------------------------------------------------------------------------
\20\ ISNA.ir, November 24, 2019.
---------------------------------------------------------------------------
November 12, 2019.--Gen. Jalali said, in response to a question
about whether the reports about the cyber attack on Iran's oil
infrastructure by America after Iran downed a U.S. drone were true,
that these attacks had been carried out but that they had not impacted
Iran's infrastructure.\21\
---------------------------------------------------------------------------
\21\ ISNA.ir, November 12, 2019.
---------------------------------------------------------------------------
November 5, 2019.--In the Passive Defense Organization, Jalali
said: ``There is a need to act seriously to inoculate the
infrastructure with cybersecurity. In this way, we must show our
willingness to the public and to the enemy, to boost public morale and
cause the enemy to despair.''\22\
---------------------------------------------------------------------------
\22\ farsnews.com, November 11, 2019.
---------------------------------------------------------------------------
October 30, 2019.--Iranian Information and Communications
Technology Minister Mohammad-Javad Azari Jahromi said at a
cybersecurity work meeting at the Munich Security Conference: `` . . .
Iran, having been the target of cyber attacks, has increased its
security using Dejfa. With this system, we successfully blocked 33
million cyber attacks last year. Unilaterality and the use of sanctions
are threats to international cybersecurity. The solution for
cybersecurity issues is the use of a multilateral apparatus . . .
''\23\
---------------------------------------------------------------------------
\23\ farsnews.com, October 30, 2019.
---------------------------------------------------------------------------
October 29, 2019.--Passive Defense Organization Chairman Gen.
Gholamreza Jalali said in an interview on Iran's Channel 2: ``The
Americans cannot hurt us on the cyber level because we have identified
our own weaknesses by conducting 4 maneuvers in different sectors of
energy, transportation, banking, etc . . . By having a powerful system
of defense, we tricked them into our trap.''
On the topic of Russian hackers attacking various countries: ``We
are indeed seeking cyber defense agreements with friendly countries
like Russia, China, India, and Pakistan. The existence of a national
intranet and internal social networks are imperative to our country's
security, but the Communications Ministry states that it has not been
assigned the specific task of creating a National cyber space.
``We have 5 SCADA [Supervisory Control and Data Acquisition]
systems that we developed ourselves. We used one for a gas supply
network, but there is no consensus about their use for social networks.
``We are fully competitive with foreign [countries] in developing
anti-malware [software], and it is imperative that we use anti-malware
software that is self-developed for our country's vital networks. We
have developed about 200 Iranian cyber products, including switches,
routers, and security devices, and if the government gives its support,
these products will be superior in quality to foreign products. The
country's scientific field has shown how powerful it is.''\24\
---------------------------------------------------------------------------
\24\ ISNA.ir, October 29, 2019.
---------------------------------------------------------------------------
September 17, 2019.--Expediency Council secretary Mohsen Rezaee
said at the opening ceremony for the first class of a Basij cyber corps
officer development program: ``The Americans once fought the nations in
the military arena. Now they are moving into cultural, economic, and
cyber warfare. The people of the Ashura, with our enterprising and
dedicated youth, have rendered American military equipment ineffective,
and so the war has been drawn into new arenas.''\25\
---------------------------------------------------------------------------
\25\ tasnimnews.com, October 17, 2019.
---------------------------------------------------------------------------
September 11, 2017.--Iranian Army deputy chief of staff Ahmad Reza
Pourdastan said at an appreciation ceremony for outstanding
communications and technology personnel: ``We are facing a complex war.
Our capacities in communications and electronic systems are good, and
we have turned our ideas into products in a very short time. We have
offensive and defensive capabilities in the cyber arena.''\26\
---------------------------------------------------------------------------
\26\ tasnimnews.com, September 11, 2017.
---------------------------------------------------------------------------
October 17, 2017.--Iranian Information and Communications
Technology Minister Mohammad-Javad Azari Jahromi said: ``On October 17,
2017 several Iranian websites were defaced. Fortunately, we identified
and contained the issue, which we need to take seriously. The more
powerful we become, the more attacks there are. Now Iran is the victim
of cyber attacks. Security in Iran's cyber network is very important.
We plan to train 10,000 cybersecurity experts in the next 4
years.''\27\
---------------------------------------------------------------------------
\27\ tasnimnews.com, 2017.
---------------------------------------------------------------------------
July 29, 2019.--Expediency Council chairman Amoli Larijani met with
Song Tao, head of the Chinese International Liaison Department, and
said that cooperation in cyber administration and human rights issues
is possible between Iran and China. Song Tao said: ``China considers
Iran a strategic partner and a friend. Despite global developments, we
will maintain these relations and they will grow stronger. China is
always willing to become active in the region in cooperation with Iran
in implementing JCPOA and ensuring peace in the region. We are willing
to cooperate in the cyber arena. America's current steps violate
international law, but in the future, time will be on the side of Iran
and China.''\28\
---------------------------------------------------------------------------
\28\ tasnimnews.com, July 29, 2019.
---------------------------------------------------------------------------
July 23, 2019.--Highlights of statements by Passive Defense
Organization chairman Gholamreza Jalali: They [the Americans] are
openly declaring that they have launched a cyber war against us;
therefore it is imperative that we fortify our capacities for cyber
deterrence as much as possible, even though the Americans themselves
rate Iran highly in terms of its cyber defenses. The Americans are more
vulnerable to cyber threats than other nations because of their high
level of dependence on cyber infrastructure. This fact has caused some
concern due to America's invasive behavior in cyber space.\29\
---------------------------------------------------------------------------
\29\ ISNA.ir, July 23, 2019.
---------------------------------------------------------------------------
July 15, 2019.--Basij lieutenant commander Mohammad Hossein Sepehr
said at the closing ceremony for the eighth assembly for cyber space
admins: ``Khamenei says that `cyber space is as important as the
Islamic revolution.' The cultural field is part of jihad. If we leave
cyber space we will probably be hit. At this time, the Western faction
is the most arrogant in its power in cyber space, due to its wealth,
equipment, and other possibilities. At this time, the most powerful
research is in cyber space . . . Some view cyber space as a threat, but
it is in fact the greatest opportunity in the Muslim world. According
to tradition, power, scope, and speed in communications are signs of
the coming of Mahdi. It is therefore imperative that cyber space will
be under the rule of Shi'ite followers of the 12 imams [Iranian
Shi'ite]. Communication sciences must be under the authority of the
Nation, which in turn is under the authority of Imam Mahdi . . . Today
we must strengthen and bring about the wills through cyber space . . .
''\30\
---------------------------------------------------------------------------
\30\ farsnews.com, July 15, 2019.
---------------------------------------------------------------------------
July 7, 2019.--IRGC commander Hossein Salami said at the unveiling
of the Sepehr 110 Tactical Communications System and its handing over
the relevant units: ``We can announce that we are at the cutting edge
of the following technologies: Communication, intelligence, command,
and control. We want IRGC communications to be among the most advanced
in the world. The cost of science and technology in the field of
communications, intelligence, and cyber is very high. We are on the
front lines of expanding this knowledge. We intend to act quickly in
this field, using our young scientists and engineers. Gradually, our
enemies are coming to understand out true power. Our enemies are
focused on economic warfare, psychological maneuvers, and political
pressure in an effort to shake the will of the Iranian people to
continue on the path of honor.''\31\
---------------------------------------------------------------------------
\31\ tasnimnews.com, July 7, 2019.
---------------------------------------------------------------------------
June 27, 2019.--An article by Abu Al-Fazel Nia, cultural advisor at
the Iranian Embassy in Syria, stated: ``At the height of the media
coverage of the situation in the Gulf and the possibility of a U.S.-
Iran war, Iran announced that it had successfully uncovered the CIA's
espionage networks--in Iran and some countries of the region and the
world, exposing American spies. It is possible that this news did not
get much attention because the public was too occupied with Trump's
changeable position toward Iran, and due to the American effort to draw
attention away from its defeat in the cyber arena by Iran's cyber
champions; this shows that Iranians are superior to Americans in the
virtual arena. This Iranian accomplishment is a victory for the
resistance--which is not only an armed resistance, but an array of
resistance across all aspects of life; the world is trying to mislead
the public about Iran's technological capabilities.''\32\
---------------------------------------------------------------------------
\32\ alwatan.sy/archives/202919, June 27, 2019.
---------------------------------------------------------------------------
June 17, 2019.--Supreme National Security Council secretary Ali
Shamkhani said: ``Alongside the economic war and the intelligence war,
America is carrying out cyber attacks against Iran and many countries.
We examine and look at these threats by cooperating and having close
ties with our partners, and we have activated protective measures
against them.
``A while ago, one of the CIA's most complex cyber networks was
exposed and damaged by the Iranian intelligence apparatus. Due to the
cooperative anti-espionage network Iran is part of, alongside many
other world countries, we shared information about the American network
with our partners, which led to the uncovering and collapse of a
network of CIA intelligence outposts and the arrests of several spies,
who were punished in different countries. The Americans called Iran's
action an embarrassing failure.''\33\
---------------------------------------------------------------------------
\33\ mehrnews.com, June 17, 2019.
---------------------------------------------------------------------------
conclusions/assessments
A June 25, 2019 assessment of Iran's cyber power by the Center for
Strategic and International Studies Senior VP James Andrew stated that
Iran's cyber operations are conducted primarily by the IRGC, the Basij,
and Iran's Passive Defense Organization. According to the assessment,
the IRGC is behind a series of incidents against American targets,
Israeli critical infrastructure, Saudi Arabia, and other Gulf states.
The Basij manages what its leaders say are 120,000 cyber war
volunteers; while this number is probably exaggerated, the Basij uses
its connections in universities and religious schools to recruit a
proxy hacker force. The Passive Defense Organization is responsible for
protecting Iran's infrastructure. There is also Iran's Supreme Council
of Cyber Space, comprising senior military and intelligence officials.
The assessment adds that while Iran has probed U.S. critical
infrastructure for targeting purposes, it is not clear how successful
an attack would be. The kind of massive denial-of-service attacks it
carried out against major banks in 2011-2013 would not be so effective
today, while ``the most sophisticated kinds of cyber attack (such as
Stuxnet or the Russian actions in the Ukraine) are still beyond Iranian
capabilities.'' However, poorly-defended targets in the United States,
such as smaller banks or local power companies, or poorly-secured
pipeline control systems, are vulnerable. ``What stops Iranian
action,'' he said, ``is not a shortage of targets but rather questions
about the utility of such attacks.''\34\
---------------------------------------------------------------------------
\34\ csis.org/analysis/iran-and-cyber-power, June 25, 2019.
---------------------------------------------------------------------------
Other past attacks that would not be as successful today involved
using malicious software to wipe data, or potentially hijacking crucial
machinery, as Iranian hackers attempted to do with the New York State
dam in 2013.\35\
---------------------------------------------------------------------------
\35\ washingtonpost.com/technology/2020/01/03/cyber-attack-should-
be-expected-us-strike-iranian-leader-sparks-fears-major-digital-
disruption, January 3, 2020; washingtonpost.com/politics/2020/01/06/
iran-can-use-cyberattacks-against-us-thats-not-nearly-bad-it-sounds,
January 6, 2020.
---------------------------------------------------------------------------
Immediately after Soleimani's killing, Jon Bateman, a former
Defense Intelligence Agency analyst on Iran's cyber capabilities and
now a cybersecurity fellow for the Carnegie Endowment for International
Peace, said, ``At this point, a cyber attack should be expected.''\36\
However, Hoover Institution at Stanford fellow Jaquelyn Schneider
stated: ``In an already dangerously volatile situation, the United
States should not focus unwarranted attention on potential cyber
attacks by Iran.'' Doing so, she added, ``is a distraction from the
real risk of escalation--highly alert military forces in the region
inadvertently firing at one another or crossing redlines toward all-out
war.''\37\
---------------------------------------------------------------------------
\36\ washingtonpost.com/technology/2020/01/03/cyber-attack-should-
be-expected-us-strike-iranian-leader-sparks-fears-major-digital-
disruption, January 3, 2020.
\37\ washingtonpost.com/politics/2020/01/06/iran-can-use-
cyberattacks-against-us-thats-not-nearly-bad-it-sounds, January 6,
2020; nytimes.com/2020/01/07/opinion/iran-cyber-attack-hacking.html,
January 7, 2020.
---------------------------------------------------------------------------
implications
The question is not whether the Iranians have the capability to
attack our public and private-sector institutions, but when, where, and
how we will respond?
The Iranians are not as capable as the Russians or the Chinese. But
they have expressed their intent to develop both offensive and
defensive capabilities. They are partnering with other countries to
learn, share, and counter our interest. They have demonstrated an
ability to conduct attacks incurring costs to private U.S. companies
and foreign entities in the multi-million-dollar range. They will
include cyber space operations as a key component of their asymmetric
response to the killing of Soleimani. What makes this foreign threat so
unique, is that it is the one area where the U.S. Government is
essentially telling the U.S. private sector to ``fend for yourselves.''
We need a National-level strategy on protection of U.S. companies from
foreign cyber threats touching on everything from information sharing
to insurance. Having spent the last 2 years in the private sector after
decades in public service, I am consistently struck by how little our
private-sector leaders understand the threat or what actions they
should take in response. We need a common understanding of what an
attack and war in cyber space looks like. We need increased emphasis on
public-private partnership to achieve ``collective defense'', and we
need increased emphasis on educating the populace on the real threat
from cyber space activities.
I look forward to your questions.
Chairman Thompson. Thank you for your testimony.
I now recognize Mr. Warrick to summarize his statement for
5 minutes.
STATEMENT OF THOMAS S. WARRICK, NONRS. ESIDENT SENIOR FELLOW,
ATLANTIC COUNCIL
Mr. Warrick. Mr. Chairman, Ranking Member Rogers, Members
of the committee, thank you for the opportunity to testify.
One week ago today, the IRGC fired 22 missiles at 2 Iraqi
airbases. According to the New York Times, if the attack had
killed Americans the options put in front of the President
would have included cyber attacks to disable Iran's oil and gas
sector. It is important this committee asks whether the United
States oil and gas industry would have been ready for the
Iranian cyber attack that would have followed.
Here is another question, not hypothetical. While Americans
celebrated Thanksgiving, someone hit Iran with a massive cyber
attack publicly disclosing 15 million Iranian debit card
numbers on a social media site. The Iranians made the rare
concession that this was, ``very big''. It is important this
committee asks if our bank and credit card companies are ready
if Iran tries to hack the card numbers of millions of
Americans.
In my testimony I'm going to discuss the 4 ways Iran
threatens the homeland. I want to make 3 preliminary points
about Iranian cyber attacks and then focus on Iran's peculiar
sense of symmetry as a means of understanding how they would
carry out threats.
Mr. Chairman, Iran's 4 possible attack vectors are
terrorism, cyber attacks, disinformation, and influence
operations. Of these, terrorism is the least likely in the
short term but it is still possible. The last state-sponsored
attempted terrorist attack on U.S. soil was in 2011 when a
group of IRGC Quds Force officers tried to assassinate the
Saudi Ambassador in Washington, DC. Iran can also call on proxy
groups like Lebanese Hezbollah.
No. 2, cyber threats, I'll come back to in a second.
No. 3, disinformation operations. Iran spreads false
propaganda about the United States including the false idea
that the United States actually supported ISIS, which obviously
was not true.
Fourth, influence operations. As General Stewart said and
as there was an outstanding expose in Wired magazine in August
2018, I note more recently Facebook and Twitter have since
found thousands of accounts linked to the Iranian government.
Iran is getting better at influence ops.
Let me go back to cybersecurity and make 3 preliminary
points. First, Iran and its allies considered the United
States, Israel, and Saudi Arabia as responsible for each
others' attacks. To be sure, we hold Iran responsible for the
actions of its proxies.
Second, the Trump administration uses sanctions and cyber
attacks as their go-to tools. U.S. officials have admitted
twice on background to recent cyber attacks on Iran, and as I
mentioned earlier, the option of a cyber attack after an
American had been killed on January 8.
Third, the implication that it is safe for the United
States to carry out cyber attacks against Iran is actually
dangerous. Iran will retaliate but the cyber defenses of Iran's
likely targets are uneven.
Mr. Chairman, this leads me to the most important point I
would like you to take away from my testimony. Iran's
government follows a peculiar sense of symmetry. When the
United States does something to Iran, Iran tends to respond,
not in exactly the same way but the symmetry is there. Some
examples: After the January 2 strike against Soleimani, the
Iranian Supreme Leader told his national security council to
``strike America directly and in exact proportion to the
attack''.
More strategically, in May 2018, United States maximum
pressure sanctions slashed Iran's oil exports. Iran tried to
show that if the United States could cut Iran's oil exports,
Iran could cut our allies' exports, in May and June with
attacks on tankers and a Saudi pipeline, then with a September
14 Abqaiq attack that briefly cut Saudi oil exports in half.
Another symmetry: On July 4, Britain seized an Iranian
tanker that was violating international sanctions. On July 19,
Iran seized a British tanker. On August 15, the British
authorities released the Iranian tanker. On September 27, Iran
released the British tanker. There is symmetry in cyber space.
After Stuxnet targeted Iran's industrial control systems in
2010, Iran developed a similar offensive capability and used it
here in the United States in 2013. That took 3 years.
In August 2012, Iran's Shamoon malware deleted 35,000 hard
drives at Saudi Aramco. What got less publicity is that 6
months earlier something called Wiper deleted data on national
Iranian oil company computers. In July 2012, new U.S. sanctions
targeted Iranian banks. Two months later Iran ramped up denial-
of-service attacks whose main targets were U.S. banks. The
symmetry goes in the other direction.
When the Iran Nuclear Deal was enforced, Iranian cyber
attacks appeared to drop. More recently after the 2018 maximum
pressure campaign, Iranian cyber attacks increased. Within 24
hours after the June cyber attacks against Iran, private U.S.
businesses noted an increase in Iranian cyber attacks.
Mr. Chairman, let me briefly mention 3 points about what
the United States should do to defend the homeland.
First, any time the U.S. Government thinks about cyber
offense it needs to focus just as much on cyber defense. Over
time, Iran has improved its cyber capabilities, reduced its
response time and shown it is capable of strategic surprise.
This is especially a problem with Iran because of their
peculiar sense of symmetry. Anything we do to Iran, Iran is
likely to do back at us.
Second, while most Federal Government computers are
protected, U.S. civilian cyber defenses are uneven. DHS and the
FBI both need more resources to work more closely with the
private sector.
Third, it is very good that DHS has increased its efforts
since January 3 by repeating earlier warnings, issuing new
alerts, putting out a new in-task bulletin and jointly
releasing a joint-intelligence bulletin with the FBI.
The Trump administration needs now to increase and elevate
its efforts to educate the American people about what they and
we need to do to protect ourselves. Iran is going to be a
threat for the foreseeable future. I'd be happy to answer any
questions.
[The prepared statement of Mr. Warrick follows:]
Prepared Statement of Thomas S. Warrick
January 15, 2020
Mr. Chairman, Ranking Member Rogers, Members of the House Committee
on Homeland Security, thank you for the opportunity to testify today on
implications of current U.S.-Iran tensions on homeland security.
In the morning hours of Wednesday, January 8, 2020, Iraqi time, the
Iranian Islamic Revolutionary Guards Corps (IRGC) fired 22 surface-to-
surface missiles at 2 Iraqi airbases, Al-Asad and Irbil, killing no
one. According to the New York Times this past Sunday, if that attack
had killed any Americans, the Pentagon would have put in front of
President Trump a set of retaliatory options that included strikes on
an Iranian naval vessel and cyber attacks ``to partly disable Iran's
oil and gas sector.''
Would the United States oil and gas industry have been ready for an
Iranian cyber attack that would likely have followed?
That is a hypothetical question, but the next one is real. While
Americans celebrated Thanksgiving, someone hit Iran with a massive
cyber attack: Publicly disclosing 15 million Iranian bank debit card
numbers on a social media site. On Wednesday, December 11, Iran's
telecommunication minister--who previously shrugged off U.S. cyber
retaliation for the September 14 Iranian attack on a Saudi oil
facility--made the rare admission this was ``very big.''
After first saying the attack was an inside job, Iran said on
December 11 that a nation-state carried it out.
Are we confident that all the banks and credit card companies in
the United States are ready to defend themselves if Iran tries to hack
into the names and card numbers of millions of Americans?
Since the December 27 killing of an American citizen at an Iraqi
military base outside Kirkuk, a lot of attention has rightly been paid
to the possibility of a shooting war between Iran and the United
States. However, for more than a decade, Iran and the United States
have been engaged in a campaign in cyber space that affects the U.S.
homeland. That campaign is now expanding into other arenas as well.
Iran's campaign deserves more attention from the American people and
the U.S. Government because it requires us to look at possible
strategic gaps in our defenses. For example, while most Federal
Government computers are protected, U.S. civilian cyber defenses are
uneven.
This campaign fits into a larger strategic picture that we can
discuss during the question-and-answer session. Today I will go quickly
through the 4 ways that Iran threatens the homeland. I would like to
draw the committee's attention to 3 preliminary points about cyber
attacks specifically. I will then focus on what I call Iran's peculiar
sense of symmetry, which helps explain much of Iran's logic in its
campaigns against us. Finally, I would like to respectfully suggest
some areas where the committee may be able to help the United States
better secure itself from Iran's efforts to target us, especially in
cyber space.
four ways iran threatens the united states
There are 4 possible attack vectors that Iran could use to target
the United States: Terrorism, cyber attacks, disinformation, and
influence operations.
1. Terrorism is unlikely but possible, at least in the short
term.--The last state-sponsored attempted terrorist attack on U.S. soil
was in 2011, when an extremely small number of IRGC Qods Force (IRGC-
QF) officers, including Abdul Reza Shahlai, tried to assassinate the
Saudi Arabian ambassador, Adel Al-Jubeir, in a Washington restaurant.
The plot was worked through Mansour Arbabsiar, who was arrested by the
FBI in 2011 when his flight between Mexico City and Amsterdam landed at
New York's John F. Kennedy airport. Arbabsiar pled guilty and
cooperated with authorities in helping obtain evidence against other
IRGC officers involved in the plot. Arbabsiar is now serving a 25-year
sentence in Federal prison in Marion, Illinois. U.S. law enforcement
officials long tried to bring Abdul Reza Shahlai to justice, most
recently on December 5, 2019, by offering a $15 million reward for
information leading to the disruption of his fund-raising and spending
networks. He was reportedly the target of a separate strike in Yemen
the night of January 2-3. Although it is unlikely the Houthis in Yemen,
who get resources and aid from Shahlai and the IRGC-QF, would turn him
over, the United States should continue to bring him to justice.
Iran also can call on proxy groups like Lebanese Hizballah. On
December 3, 2019, Ali Kourani was sentenced to 40 years in prison for
being a sleeper operative for Hizballah's terrorist arm, the Islamic
Jihad Organization.
2. Cyber-threats from Iran are certain, and on-going.--DHS's
Cybersecurity and Infrastructure Security Agency (CISA) put out a
statement by Director Chris Krebs in June and elevated it to an alert
on January 6 after the January 2 strike on Qasim Soleimani. DHS
released a National Terrorist Advisory System (NTAS) Bulletin on
January 4. DHS and the FBI have also released a Joint Intelligence
Bulletin to State and local law enforcement. I will focus on Iran's
cyber threats in a moment, but the extent to which the Iranians are
improving in this area should be a concern.
3. Disinformation operations.--Iran has used disinformation
operations against the United States, spreading false propaganda that
has included the outrageous idea that the United States supported ISIS.
A State Department Inspector General report said that in 2016, one-
third of the Iraqi public held this view. Iranian disinformation was
the chief reason.
4. Influence operations.--Facebook and Twitter have found thousands
of social media accounts who looked liked regular users and independent
organizations, but were in fact linked to the Iranian government.
three preliminary points about cyber attacks
Mr. Chairman, permit me to go back to cyber attacks.
First, when Iran retaliates for attacks against it, Iran and its
allies consider the United States, Israel, and Saudi Arabia as
responsible for each other's attacks. Iranian proxies held the United
States responsible for a strike conducted by the Israelis. To be sure,
the United States holds Iran responsible for the actions of Iran's
proxies.
Second, in recent months, the Trump administration has decided that
sanctions and cyber attacks are their go-to tools. After the September
14 kinetic attack on a Saudi oil facility, the Trump administration
searched for a ``cyber silver bullet.'' President Trump was reportedly
``reluctant to widen the conflict in a region he has said the United
States should leave.'' And, as I noted earlier, a cyber attack was one
of the options if the Iranians had killed anyone at Al-Asad or Irbil on
January 8.
This leads me to my third preliminary point. The implication that
cyber attacks are somehow safer for the United States than kinetic
attacks is dangerous. The cyber defenses of Iran's likely targets in
the United States are uneven. More needs to be done to prepare the
American people for Iranian cyber retaliation.
iran's peculiar sense of symmetry
This leads me to my most important point: When it comes to the
United States, Iran's government follows a peculiar sense of symmetry.
When the United States does something to Iran, Iran tends to respond--
not exactly in the same way, but the symmetry is almost always there.
This applies across the board, in both kinetic attacks and in cyber
space. Look at what Iran said and did after the January 2 strike
against Islamic Revolutionary Guards Corps Qods Force (IRGC-QF) Major
General Qasim Soleimani. The next day, Iranian Supreme Leader Khamenei
made an unusual appearance at the Iranian Supreme National Security
Council and gave them a written order that Iran ``strike America
directly and in exact proportion to the attack,'' as two sources told
the New York Times.
Consider the September 14 Iranian attack on Saudi oil facilities at
Abqaiq: Starting in May 2018, ``maximum pressure'' U.S. sanctions
reduced Iran's oil exports. Iran thinks it is defending itself against
economic warfare waged by the United States. After Iran tried for a
year to get Europe to ease the pressure, Iran showed it could reduce
U.S. allies' ability to export oil, first in May and June with attacks
on tankers and a Saudi pipeline, then with the Abqaiq attack that
halved Saudi oil exports.
Another symmetry: On July 4, Britain seized an Iranian tanker
violating international sanctions. On July 19, Iran seized a British
tanker. On August 15, Gibraltar authorities released the Iranian
tanker. On September 27, Iran released the British tanker.
Iran's sense of symmetry is more pronounced in cyber space. In
2013, Iran developed a cyber attack capability after the ``Stuxnet''
malware that targeted Iran's Siemens industrial control systems (ICS)
came to light in June 2010. From Stuxnet's discovery until Iran's first
ICS attack was 3 years.
On July 30, 2012, new U.S. sanctions targeted Iranian banks. Two
months later, Iran ramped up denial-of-service attacks whose main
targets were--U.S. banks.
In August 2012, Iran's surprise ``Shamoon'' attack deleted 35,000
Saudi Aramco hard drives and was described as ``the biggest hack in
history.'' What got less publicity is that in early 2012, malware later
dubbed ``Wiper'' deleted data on Iranian Oil Ministry and National
Iranian Oil Company computers.
The symmetry can be positive: When the Iran nuclear deal was in
force, Iranian cyber attacks appeared to drop. This comes from
anecdotal evidence, because U.S. companies are not required to report
Iranian cyber attacks to the Department of Homeland Security.
When the Trump administration began its 2018 ``maximum pressure''
campaign, Iranian cyber attacks increased within 24 hours.
On June 20, 2019, after Iranian attacks on civilian tankers,
President Trump retaliated by cyber attack. Private U.S. businesses
noticed a further increase in Iranian cyber attacks.
This leads to 3 important points: Over time, Iran has both improved
its cyber capabilities and reduced its response time. What took Iran 3
years to respond to in 2010, and 6 months to respond to now in 2012, is
now down to days and hours.
Additionally, the United States also needs to recognize that Iran
is capable of strategic surprise. Iran achieved strategic surprise with
the precision of its kinetic attack against Abqaiq in September 2014,
and the apparent precision in hitting targets on January 8 at Al-Asad
and Irbil--all without killing anyone. Iran could achieve strategic
surprise in cyber space, and we would not know it until they hit us.
Before I go on to discuss what we should do, I want to make one
point clear. Iran's sense of symmetry doesn't mean that if we stopped
what we're doing, Iran would stop being a threat to the United States
and our allies. Iran would still continue to harbor its nuclear
ambitions and, more importantly, it would continue its malign behavior
that is de-stabilizing the region, including being a threat to Israel
and other U.S. allies. We can discuss this more in the question-and-
answer session, but Iran's strategic goals have never been more clear
than they are now, after the January 2 strike that killed Qasim
Soleimani.
what u.s. policy makers should do
Mr. Chairman, let me turn to what the United States should do to
address the threats to the homeland from Iran. I will focus here on
Iran's most active threat to our the cyber defenses.
Most Federal Government computers are protected, but U.S. civilian
cyber defenses are uneven. Iran's previous civilian targets included
``aerospace, defense, and petrochemical companies,'' local government,
universities, and a business owned by a prominent American supporter of
Israel.
On June 22, Chris Krebs, the director of DHS cybersecurity warned
of a ``rise in malicious cyber activity . . . by Iranian regime actors
and proxies.'' He warned of increasing Iranian use of ``wiper'' attacks
and Iranian efforts ``to steal data and money.'' He renewed this
warning earlier this month.
Normally, when U.S. policy makers consider kinetic strikes, they
activate plans to notify and protect military and civilian personnel
and facilities. The same logic should apply for cyber attacks, but it
doesn't.
First, responsibility for offense and defense is divided. Cyber
Command and the National Security Agency handle military offense and
defense, but the FBI, DHS, and--notably--the private sector handle
civilian defense. While there is coordination, they don't all go to the
same meetings or have access to the same information.
Second, notification of the private sector in advance of cyber
attacks by the United States or our allies is not feasible because too
many people would have to be notified. If Iran's retaliation is fast,
decentralized, or has good opsec, the private sector will get no
warning.
Normally, the threat of Iranian cyber retaliation would lead the
President and his top officials to have a frank conversation with the
American people about why cyber attacks against Iran are necessary and
why Americans should increase their cyber defenses, roughly analogous
to the 1950's ``civil defense'' campaign.
However, drawing attention to the risks of cyber attacks against
Iran would undercut the President's goal not to be seen heading into
another Mideast conflict. Yet the best defense is to say, publicly and
in multiple channels, that the American people need to do more to
defend themselves against cyber threats from Iran and elsewhere.
DHS's campaign since January 3 of repeating earlier warnings,
issuing an NTAS bulletin, and issuing cybersecurity alerts are all
welcome developments. My concern is that these warnings will reach
cybersecurity experts and people like this panel who follow threats
from Iran very closely, but that the American people and smaller
American businesses will not. Cyber operators are looking for the
unlocked door.
This starts with the basics: (1) Update your software. (2) Install
anti-virus software. (3) Use two-factor authentication where you can.
(4) Watch out for phishing emails. (5) And most importantly, educate
yourself to resist efforts by our adversaries to sow division among
Americans. Congress should give thought to how we educate both our
young people in school and ourselves as adults. Cyber defense is a
life-long enterprise.
Lower-level warnings, like the CISA director's January 4 statement,
will not be enough to deter severe criticism from the American people
if Iran achieves strategic surprise like Iran's 2012 Shamoon attack or
the recent Abqaiq attack.
The United States and its allies should not ``do nothing'' in
response to attacks like Abqaiq. Nor should we cease all measures that
oppose Iran's destabilizing actions.
However, because of Iran's peculiar sense of symmetry, the Trump
administration needs to do more to prepare the American people to
defend against Iranian cyber retaliation. Whoever was behind the
exposure of 15 million Iranians' debit card numbers, the Iranians will
be motivated to retaliate in kind. A possible cyber attack to partially
disable the Iranian oil and gas sector could put America's oil and gas
sector at risk of a comparable attack.
Iran has shown us, twice, that the IRGC has improved its kinetic
capabilities. It has shown us over the past 10 years it has improved
its cyber capabilities. It's incumbent on the U.S. Government to work
more closely with the public and the private sector to improve U.S.
cyber defenses. Iran will continue to be a threat for the foreseeable
future.
I would be happy to address any questions and to go into the
strategic issues that we haven't been able to cover so far today.
Thomas S. Warrick is a Nonresident Senior Fellow at the Atlantic
Council. He worked Iraq and Iran issues for the State Department from
1997-2007 and was the Department of Homeland Security's senior Iran
expert from 2007 until June 2019.*
---------------------------------------------------------------------------
* Attachment has been retained in committee files.
Chairman Thompson. Thank you very much for your testimony.
I now recognize Brigadier General Tata to summarize your
statement for 5 minutes, and I hope I didn't ambush your name
too much.
STATEMENT OF ANTHONY J. TATA, CEO AND PRESIDENT, TATA
LEADERSHIP GROUP
General Tata. Chairman Thompson, Ranking Member Rogers,
Members of the committee, thank you for inviting me here today
for the privilege of providing comment on the important topics
of homeland and National security.
Killing Qassem Soleimani and Abu Mahdi al Muhandis, both
specially-designated terrorists, provides for a safer Middle
East and a safer homeland in America. In strategy and in
warfare, leadership networks and resourcing matter. Soleimani
and Muhandis were experienced commanders overseeing a vast
terror network that executed Iran's revolutionary strategy of
exporting terror backed by Iran's $26 billion military budget.
Together they carried out 3 decades of terror against the
United States and our vital interests and allies in the Middle
East to include, but certainly not limited to, training,
resourcing, and resupplying Shia militias in Iraq to disrupt
U.S. operations, resourcing Hezbollah to attack Israel,
planning and resourcing the thwarted attack on a Washington, DC
restaurant a few miles from here, creating money-laundering
schemes within the United States to fund terrorism, protecting
the bin Laden family, al-Qaeda leadership and Taliban members
immediately after the 9/11 attacks, training, resourcing and
transporting Abu Musab al Zarqawi and other al-Qaeda members to
fight coalition forces in Iraq, resourcing the Houthi rebels in
Yemen to attack Yemen and Saudi Arabia, and resourcing and
commanding multiple recent attacks against U.S. interests in
the region.
Just as Osama bin Laden orchestrated the attacks that
killed nearly 3,000 Americans, Soleimani orchestrated attacks
that killed and maimed over 6,500 Americans through improvised
explosive devices alone. Just as bin Laden continued to pose a
clear and present danger to American interests world-wide until
his death, so did Soleimani. Soleimani, however, was more
dangerous than bin Laden because he was flush with resources
from Iran, a designated state sponsor of terror whose defense
budget has risen 60 percent between 2015 and 2018, from $16
billion to $26 billion.
Soleimani developed, refined, and deployed explosively
foreign penetrators, lethal roadside bombs made of Iranian
milled 6-inch copper discs, PVC or steel pipe, urea nitrate, a
blasting cap, and typically a passive infrared switch trigger.
When a target crossed the beam on the passive infrared switch,
it ignited the blasting cap which, in turn, detonated the
explosives, propelling a molten copper disc at 8,000 feet per
second through its mark, killing and maiming whoever might be
in the projectile's path of destruction.
Frequently, the destruction from an EFP sealed the
vehicle's doors shut, leaving American soldiers to burn alive.
Often Soleimani's EFPs were deployed in multiple arrays where
several copper discs would punch through Humvees and other
fighting vehicles, ripping arms and legs from service men and
women. Soleimani and his chief lieutenant, Muhandis, were the
masterminds behind and suppliers of these EFPs. Just in the
last 18 months, 2 U.S. Federal judges each separately found
Iran liable for their role in killing and injuring Americans in
Iraq by providing material support to Iran's proxy terrorist
groups.
Those U.S. District Court cases are Karcher v. the Islamic
Republic of Iran and Fritz v. the Islamic Republic of Iran,
which I have included in my testimony. Evidence in both cases
proved that Soleimani and Muhandis, both senior leaders in
Iran's IRGC Quds Force, acted on behalf of Iran to ensure
Americans would die. Just one quote from witness testimony in
those cases, from General David Petraeus, the MNF-I press
conference he spoke at in April 2007 said, ``And there's no
question, again, that Iranian financing is taking place through
the Quds Force of the Iranian Republican Guards Corps to
support opposition forces in Iraq.''
As they were moving freely about the region coordinating
terror with Hezbollah and Shia militias in Iraq, Soleimani and
Muhandis presented themselves in a designated combat zone as
the leaders of a designated terrorist organizations, the Quds
Force and Kata'ib Hezbollah. President Trump responded
appropriately under the same authorization of use of military
force that President Obama used against state and non-state
actors in Iraq, Syria, Afghanistan, Yemen, the northern tier of
Africa, and other locations.
While serving as the deputy commanding general of U.S.
forces in Afghanistan in 2006 and -7, I directed several combat
missions to include drone strikes, artillery strikes, air
assaults, and other operations, some of which found me on the
ground with the soldiers conducting those missions.
Everything I've seen, read, and understand regarding the
strike underscores its legality, importance, and proportionate
nature to reset the balance of power in the Middle East with
respect to U.S. interests and Iranian influence. The Soleimani
strike is consistent with U.S. National security strategy as it
relates to Homeland Security.
I brought a copy of the strategy today that the President
published in 2017, that mentions pursuing threats to their
source and defeating jihadist terrorists, and dismantling
transnational criminal organizations, both of which the Quds
Force is.
Practically, in my roles as an education leader here in
Washington, DC and in North Carolina as secretary of
transportation, and now as a chief executive with Air Data
Solutions, I have been steeped in analysis of threats and
responsibility for specific homeland security infrastructure
and citizens over the last 10 years. To include--I am concerned
about, including cyber attacks on key infrastructure such as
airport, air traffic systems, physical security of soft target
such as schools and mass transit for shock value, attacks on
seaports to impact commerce, smuggling weapons and other
resources to enable attacks, and biological warfare against
crops affecting our food supply.
Finally, with Soleimani and Muhandis removed from the
equation, we have an opportunity to positively reshape the
dynamic in the Middle East toward peace and enhance homeland
security. As a young United States Military Academy cadet, in
1981 my classmates and I witnessed first-hand the return of
U.S. hostages in Iran to American soil at West Point, where
they spent their first weeks reintegrating. The cruelty of the
Iranian Islamic Revolution is seared in my memory and I'm
personally proud that we have begun to fight back.
Thank you, sir.
[The prepared statement of Mr. Tata follows:]
Prepared Statement of Anthony J. Tata
January 15, 2020
Chairman Thompson, Ranking Member Rogers, Members of the
committee--thank you for inviting me here today to provide comment on
the important topics of homeland and National security.
Killing Qassem Soleimani and Abu Mahdi al Muhandis, both Specially
Designated Terrorists, provides for a safer Middle East and a safer
homeland in America.
soleimani's legacy of terror
In strategy and warfare, leadership, networks, and resourcing
matter. Soleimani and Muhandis were experienced commanders overseeing a
vast terror network. Backed by Iran's $26 billion military budget,\1\
together they carried out 3 decades of terror against the United States
and its vital interests and allies in the Middle East, to include (but
are not limited to):\2\
---------------------------------------------------------------------------
\1\ Decoding Iran's Defence Spending, International Institute for
Strategic Studies, November 13, 2018.
\2\ The Exile--The Stunning Story of Osama bin Laden and Al Qaeda
in Flight, Cathy Scott-Clark and Adrian Levy, Bloomsbury (2017).
---------------------------------------------------------------------------
i. Training, resourcing, and resupplying Shi'a militias in Iraq to
disrupt U.S. operations;
ii. Resourcing Hezbollah to attack Israel;
iii. Planning and resourcing the thwarted attack on a Washington,
DC restaurant;\3\
---------------------------------------------------------------------------
\3\ Iranian Charged in Terror Plot, The Washington Post, Jerry
Markon & Karen DeYoung (October 12, 2011); and Iranian agents once
plotted to kill the Saudi Ambassador in D.C.--The case reads like a spy
thriller, The Washington Post, Reis Thebault (January 4, 2020).
---------------------------------------------------------------------------
iv. Creating money-laundering schemes within the United States to
fund terrorism;\4\
---------------------------------------------------------------------------
\4\ U.S. Attorney's Office SDNY Press Release: Hizballah Related
Money Laundering Scheme, December 15, 2011; and U.S. Attorney's Office
SDNY Press Release: Manhattan U.S. Attorney Announces $102 Million
Settlement of Civil Forfeiture and Money Laundering Claims Against
Lebanese Canadian Bank, June 25, 2013.
---------------------------------------------------------------------------
v. Protecting the bin Laden family, al-Qaeda leadership, and
Taliban members immediately after the 9-11 attacks;
vi. Training, resourcing, and transporting Abu Musab al Zarqawi and
other al-Qaeda members to fight coalition forces in Iraq;
vii. Resourcing the Houthi rebels in Yemen to attack Yemen and
Saudi Arabia;
viii. Resourcing and commanding multiple recent attacks against
U.S. interests:
Shooting down 2 drones
Seizing oil tankers
Attacking Saudi oil fields
Killing an interpreter and wounding 2 soldiers in Kirkuk
Attacking the U.S. embassy in Baghdad.
Just as Osama bin Laden orchestrated the attacks that killed nearly
3,000 Americans, Soleimani orchestrated attacks that killed and maimed
over 6,500 Americans through improvised explosive devices alone. Just
as bin Laden continued to pose a clear and present danger to American
interests world-wide until his death, so did Soleimani. Soleimani,
however, was more dangerous than bin Laden because he was flush with
resources from Iran, a designated state sponsor of terror, whose
defense budget has risen over 60 percent between 2015 and 2018 from $16
billion to $26 billion.
Unlike bin Laden, who spent his final years as an isolated hermit,
Soleimani was able to use his title and rank as a shield from
prosecution and retribution. He skillfully used the Iranian-state
apparatus as his ``keys to the kingdom'' of the Middle East. With
approval from the highest-authority in Iran, the Supreme Leader,
Soleimani used Iranian-state-owned businesses and banks as virtual cash
machines to fund and support his terrorist activities, and those of
proxy groups including Hamas, Hezbollah, and al-Qaeda. To think that
Soleimani was not planning or actively trying to kill Americans at the
time of his death is to deny or ignore everything he had done in Iraq
for years preceding his death. Soleimani spent those years zealously
targeting Americans and killing them--more so than any single
individual terrorist in recent times.
impact on u.s. service members, contractors, and their families
Indeed, Soleimani was an expert at death and destruction. In April
2007 I had just returned from a 13-month tour of duty as the deputy
commanding general of U.S. Forces in Afghanistan and was appointed as
the deputy director of the Joint Improvised Explosive Device Defeat
Organization--responsible for training the force, defeating enemy IEDs,
and attacking enemy IED networks. Accordingly, we had operations and
intelligence cells State-side and in both the Iraq and Afghanistan
theaters of operations.
Soleimani developed, refined, and deployed explosively-formed
penetrators (EFPs)--lethal roadside bombs made of an Iranian-milled 6-
inch copper disc, PVC/steel pipe, urea nitrate, a blasting cap, and
typically, a passive infrared switch trigger. When a target crossed the
beam of the passive infrared switch it ignited the blasting cap which
in turn detonated the explosives, propelling a molten copper disc at
8,000 feet per second through its mark, killing and maiming whoever
might be in the projectile's (and its many fragment's) path of
destruction. Frequently the destruction from an EFP sealed the vehicle
doors shut, leaving American soldiers to burn alive. Often Soleimani's
EFPs were deployed in multiple ``arrays'' where several copper discs
would punch through Humvees and other fighting vehicles, ripping arms
and legs from servicemen and women. Soleimani and his chief lieutenant
Muhandis were the masterminds behind, and suppliers of, the EFPs.
Soleimani and his terrorist proxies spearheaded Iran's efforts to
inflict death and destruction on Americans in an attempt to disrupt
American foreign policy objectives in the region, and to deny the Iraqi
people a free and democratic Iraq.
The Department of Defense reports that, at least, 602 brave
Americans were killed by Soleimani's lethal IEDs. While accurate, that
number is misleading. For every casualty there are historically ten-
fold wounded. The math then suggests that Soleimani killed and wounded
over 6,500 American servicemen and women. Even that number in no way
captures the costs to tens of thousands of American spouses, children,
parents, and communities all ripped apart as if they themselves were
hit by these gruesome bombs.
iran and soleimani responsible
Just in the last 18 months, two U.S. Federal judges each separately
found Iran liable for their role in killing and injuring Americans in
Iraq by providing material support to Iran's proxy terrorist groups.
Those U.S. District Court cases are Karcher et al v. the Islamic
Republic of Iran and Fritz et al v. the Islamic Republic of Iran
(attached).** Evidence in both cases proved that Soleimani and
Muhandis, both senior leaders in Iran's IRGC Quds Force acted on behalf
of Iran to ensure Americans would die. Both of these cases introduced
expert witness testimony from combat veterans on the front lines in
Iraq that describe Iran's role in supplying EFPs to Iraqi militias that
were carrying out these brutal attacks. I submit these 2 Federal
district court rulings and refer to just a few quotes of supporting
expert witness testimony \5\ buttressing each:
---------------------------------------------------------------------------
** Attachment A has been retained in committee files.
\5\ Karcher, et al. v. Islamic Republic of Iran Case No. 1:16-cv-
00232-CKK (Aug. 26, 2019); and Fritz et al. v. Islamic Republic of Iran
Case No. 1:15:cv-00456-RDM (August 2, 2018).
---------------------------------------------------------------------------
Former CENTCOM commander General David Petraeus said at an
MNF-I press conference in April 2007: ``And there's no
question, again, that Iranian financing is taking place through
the Quds force of the Iranian Republican Guards Corps (to Iraqi
fighters).''
Former Division and JIEDDO commander Lieutenant General Mike
Oates said: ``In fact, one of Iran's primary forms of material
support to the Special Groups was financing, manufacturing and
deploying EFPs.''
The State Department issued a country report that stated:
``Iran's Qods Force continued to provide Iraqi militants with
Iranian-produced advanced rockets, sniper rifles, automatic
weapons, and mortars that have killed Iraqi and Coalition
Forces as well as civilians.''
Dr. David Gartenstein-Ross, said of Muhandis: ``Muhandis was
given Iranian citizenship in the 1990's, and became an advisor
to IRGC-QF commander Qasem Soleimani. Muhandis returned to Iraq
in March 2003 and created Kata'ib Hizballah in 2007.''
authorization of use of military force
As they were moving freely about the region coordinating terror
with Hezbollah and Shi'a militias in Iraq, Soleimani and Muhandis
presented themselves in a designated combat zone \6\ as the leaders of
designated terrorist organizations, the Quds Force \7\ and Kataib
Hezbollah. President Trump responded appropriately under the same
Authorization of Use of Military Force \8\ that President Obama used
against state and non-state actors in Iraq, Syria, Afghanistan, Yemen,
the Northern Tier of Africa, and other locations. Indeed, Iran never
stopped attacking U.S. interests in the Middle East even after the Iran
nuclear deal. Given Soleimani's assistance to al-Qaeda in the immediate
aftermath of the 9-11 attacks, the strike on Soleimani was especially
consistent with the AUMF. Indeed, President Trump's strike was part of
our National security strategy of pursuing terror ``threats to their
source.''\9\
---------------------------------------------------------------------------
\6\ Executive Order 12744 (The Arabian Peninsula Areas).
\7\ Executive Order 13224.
\8\ AUMF, Pub. L. 107-40, codified at 115 Stat. 224 and passed as
S.J.Res. 23 by the U.S. Congress on September 14, 2001.
\9\ National Security Strategy, President Donald J. Trump, December
2017.
---------------------------------------------------------------------------
imminent threat
Commanders with combat experience leading servicemen and women in
harm's way are required to make life-or-death threat assessments as
part of their job. Threats requiring decisive action are usually
kinetic and complex, derived from a vast array of information and
intelligence that needs to be considered holistically, often times in a
matter of moments. The forces loyal to and commanded by Soleimani and
Muhandis had already attacked and killed an American interpreter and
wounded 2 soldiers with rockets, and then subsequently attacked the
U.S. Embassy in Baghdad. Whether larger successive attacks were
minutes, days, or weeks from happening, the fact that Soleimani/
Muhandis-led terrorists had already attacked the United States twice in
a matter of days, coupled with their Commanders' battlefield presence
and their long and malevolent pasts, underscores the very imminence of
a real and present threat. It would have been irresponsible for
President Trump not to act. And he did so decisively and
proportionally.
While serving as the deputy commanding general of U.S. Forces in
Afghanistan in 2006 and 2007, I directed several combat missions to
include drone strikes, artillery strikes, air assaults, and other
operations, some of which found me on the ground with the soldiers
conducting those missions. Everything I have seen, read, and understand
regarding this strike underscores its legality, importance, and
proportionate nature to reset the balance of power in the Middle East
with respect to U.S. interests and Iranian influence.
regional strategy
This administration's policy and strategy in the region is well-
stated in the National Security Strategy document published in December
2017, and in multiple open-source commentaries. I will summarize by
saying broadly the strategy is to:
Stop Iran's drive to hegemony in the region;
Prevent their development of nuclear weapons;
Disrupt their exportation of terror around the region and
world;
Coerce the Iranian government to stop oppressing its people;
Root out terrorism at its source; and
Protect U.S. vital interests in the region.
eliminating soleimani makes the united states safer
The Soleimani strike is consistent with U.S. National Security
strategy as it relates to Homeland Security. Specifically, the 2017
National Security Strategy highlights the administration's plan to
secure the homeland by:
i. Secure U.S. Borders and Territory:
a. Defend Against Weapons of Mass Destruction.
b. Combat Biothreats and Pandemics.
c. Strengthen Border and Immigration Policy.
ii. Pursue Threats to Their Source:\10\
---------------------------------------------------------------------------
\10\ Emphasis added.
---------------------------------------------------------------------------
a. Defeat Jihadist Terrorists.
b. Dismantle Transnational Criminal Organizations.
iii. Keep America Safe in the Cyber Era.
iv. Promote American Resilience.
By definition, if we are concerned about Iran exporting terror
either to the Middle East or to the United States, if we eliminate
their chief exporter, Soleimani, then we have disrupted their
operations, if not dismantled them in the near term. The Quds Force is
tightly aligned with Hezbollah and its far-reaching terror tentacles
around the world. They were a threat 40 years ago and they are a threat
now. As has been our strategy for the last 2 decades, we must find
these threats as near to their wellspring as possible and eliminate
them.
Practically, in my roles as an education leader here in Washington,
DC and in North Carolina, as Secretary of Transportation of North
Carolina, and now as a chief executive with Air Data Solutions, an
infrastructure and agriculture imaging company, I have been steeped in
analysis of threats to and responsibility for specific homeland
infrastructure and citizens over the last 10 years.
That Iranian sleeper cells exist in the United States is a matter
of record.\11\ Soleimani's death has created confusion in the Quds and
Hezbollah terrorist command-and-control networks and impacts the
resourcing of terrorist operations abroad. Similarly, when we kill a
high-value target such as Soleimani or Muhandis, their fellow
terrorists begin communicating and making mistakes. We most likely have
new and actionable intelligence based upon the Soleimani strike. The
idea is to keep the pressure on the enemy and never let up.
---------------------------------------------------------------------------
\11\ Iranian Charged in Terror Plot, The Washington Post, Jerry
Markon & Karen DeYoung (October 12, 2011).
---------------------------------------------------------------------------
That notwithstanding, the Iranians have long persisted with ``Death
to America'' chants and while I believe the Soleimani strike presents
an opportunity for diplomatic opening, there undoubtedly will be
Iranian hard-liners who wish to continue with the reign of terror. To
that end, since prior to recent events, I have been and remain
concerned about:
i. Cyber attacks on key infrastructure such as airport air traffic
systems;
ii. Physical security of soft targets such as schools and mass
transit for shock value;
iii. Attacks against seaports to impact commerce;
iv. Smuggling of weapons and other resources to enable attacks;
v. Biological warfare against crops affecting our food supply.
These are persistent threats, which with Soleimani gone will be
much harder for Iran to execute. The strategy now should be one of
continuing to engage Iran with all elements of national power,
diplomatic, informational, military, and economic, to dissuade Iran
from its long-standing predilection to kill Americans.
With Soleimani and Muhandis removed from the equation, we have an
opportunity to positively reshape the dynamic in the Middle East toward
peace and enhance homeland security. As a young United States Military
Academy cadet in 1981 my classmates and I witnessed first-hand the
return of the U.S. hostages in Iran to American soil at West Point
where they spent their first weeks reintegrating. The cruelty of the
Iranian Islamic Revolution is seared in my memory, and I am personally
proud that we have begun to fight back.
Chairman Thompson, Ranking Member Rogers, and Members of the
committee--thank you again for this opportunity to discuss my
experience and views on this important issue and with respect to
countering terrorism and protecting the homeland. I look forward to
answering any questions you might have.***
---------------------------------------------------------------------------
*** Attachments B-D have been retained in committee files.
Chairman Thompson. I thank all the witnesses for their
testimony. I'll remind each Member that he or she will have 5
minutes to question the panel. I will now recognize myself for
questions.
This hearing, ``U.S.-Iran Tensions: Implications for
Homeland Security'' is titled because a lot of concern has been
expressed as to whether or not with the recent incident in Iran
are we in a safer or are we safe, or what should we look out
for? So the question that I'd ask all the witnesses is, with
those events of recent time in Iran, what do you believe is the
greatest threat emanating from Iran today to the homeland?
Ambassador Leaf.
Ms. Leaf. Mr. Chairman, I think in the immediate term my
biggest concern is the future of the, or the status of the U.S.
military mission in Iraq for the reasons that I cited and that
I went into greater detail in my written testimony. That is--
the fight against ISIS is not over. The caliphate is gone but
the attacks happen daily across Iraq and certainly there are
thousands of ISIS members who have access to several hundred
million dollars of monies for their attacks. So to the degree
that we don't navigate the turbulence in Iraq well, we're going
to see that mission pushed out. That mission goes directly to
Homeland Security.
Chairman Thompson. General.
General Stewart. The question really is, is the missile
attack against al-Asad--sufficient to say that we have done
something and we can de-escalate and have a conversation. I
don't believe that's sufficient to show the magnitude of the
attack against Qassem Soleimani. So I expect that while not a
direct terrorist threat to the homeland, terrorist threat
globally has increased. If nothing else Soleimani controlled,
and I use that term advisedly, controlled militias and the
malign actors.
I don't know who controls those actors now. I don't know
which ones will now say we have got to take revenge as a result
of this activity. So I suspect that there will be some
terrorist activity globally, time and place of choosing that
requires a good bit of planning, but not directly to the
homeland. The direct threat to the homeland is if the rhetoric
continues and we decide to do something in cyber space. There
are vulnerable areas within our cyber environment both in the
financial and the electrical power sector.
So if we're not doing everything to harden those positions,
again, the uncontrolled, if not controlled or then the high-
level activities by the Iranians, we could see activity in
cyber space, and I'm very concerned about some vulnerabilities
there.
Chairman Thompson. Mr. Warrick.
Mr. Warrick. Mr. Chairman, the possibility of a terrorist
attack by Iran here in the homeland is that: A possibility. But
cyber attacks are a certainty. Equally certain is that Iran is
going to continue its disinformation operations and, as well,
that Iran is going to find ways to try to divide Americans,
increase divisions and conflict within our society as Russia
and China are already doing.
I also do want to agree with Ambassador Leaf and go more to
the point that if Iran succeeds in forcing the United States to
withdraw from Iraq on Iran's terms, rather than on our own,
that will be a victory that we will be paying for for many,
many years. Finally, I also agree that the possibility of ISIS
staging a resurgence is also a certainty. The question is
whether U.S. forces are going to be able to contribute to
trying to prevent that from happening.
So that poses a long-term danger to the homeland that we
have to take into account.
Chairman Thompson. General.
General Tata. Mr. Chairman, the revolution in Iran, they
have been chanting death to America for 40 years. So I look at
threats: Are they willing and are they able? Certainly, they
are willing and they will remain willing as long as the
theocracy rules Iran. So the motivation to harm Americans has
not really changed in 40 years, and the motivation to export
terror has not really changed in 40 years. What, what we have
to look at is what is their capability, willing and able.
They're totally willing. Now, are they as able today as
they were before January 2, and my contention is with Soleimani
removed from the battlefield, and Muhandis--we don't mention
him a lot but Muhandis was a critical player in Iraq--with
those 2 people, the leadership matters. I'd liken it to
removing the queen off the chessboard. He was somebody who
moved around diagonally, straight forward, backward, to make--
to ensure that Iran was enabling its campaign of terror to
disrupt U.S. interests, vital interests in the region.
With him gone, we have an opportunity now and Iran knows
how important he is, or was to their efforts. I believe that we
have an opportunity. The individual who has replaced him was in
the Afghan theater for Quds Force, not as familiar with ISIS,
not as familiar with the Iraq theater of war, much less
capable, doesn't have the elan that Soleimani had. I believe
that we have got an opportunity now to have a diplomatic
outreach.
Chairman Thompson. I now recognize the Ranking Member of
the Full committee, the gentleman from Alabama, Mr. Rogers, for
questions.
Mr. Rogers. Thank you, Mr. Chairman. We have all seen over
the last few days the massive protests in Iran and for the
first time they are not chanting death to America and Israel.
They are pointing the figure back at the government, in part
because my understanding is the economic pressure they are
under there, which they are just going to be exacerbated now by
our European and other allies who are talking about
implementing sanctions because of the shooting down of the
airliner and then trying to aggressively cover it up.
Theocracies always care about self-preservation more than
anything else. Given this new level of tumult in their country,
do you think that is going to heighten the chances of them
striking out at us, or striking out at those protestors? What
consequences would that have to our homeland security here?
General Tata. Ranking Member Rogers, I, I think the fact
that they are a theocracy, I think the fact that they are, as
you mentioned, are concerned about self-preservation, primarily
what they will try to do is preserve their regime. So as we
look at what their capabilities are, as I mentioned they are
willing, they want to--it is good for their business to chant
death to America and try to eliminate Israel and have that as
their stick, so to speak. It is good for their theocratic
ideologs of--that, uhh, follow them, and how that translates
into capability; they're very capable, particularly with the
$26 billion defense budget that they've had this past year.
So what we need to do is understand that the threats remain
because they are still willing to do it. We have to do an
assessment of the threats and in light of the Soleimani strike.
What is their capability? Command-and-control is a key
fundamental factor on the battlefield, and it is a life-long
key factor. You know, Sun Tzu talks about it all, the clause of
which, et cetera, and this is something that we really must
take into account, is what is the future of Iran's Quds Force
going forward?
As we kill enemy leaders, they also light up the network
and begin to talk, and make mistakes, and it provides new
intelligence for us. So we need to have, right now, a massive
intelligence-gathering operation, which I'm sure we do, that
picks up on all of the dynamics going on in the Middle East
between Iran and all of its proxies so that we can build target
folders and continue to keep the pressure on the enemy.
Mr. Rogers. Now, in response to the Chairman's question,
which I think is the key question for this committee in this
hearing is, you know, what vulnerability do we have to the
homeland from Iran, and pretty much uniformly you all said
cyber threats. Going back to my point about the economic
pressure and the domestic political pressure that the Iranian
threats have, do they really have the economic capability to
put behind a serious cyber attack on our country?
Mr. Warrick. Mr. Rogers, they do and that is because they
choose to prioritize expenditures on things like the IRGC Quds
Force instead of the things that would make investments that
would help their own people.
Mr. Rogers. You think that will continue even given the
economic pressures they are having, and the protests in the
streets. Now, it seems to me at some point to just preserve
yourself, you have got to start shifting that money back to let
them have services again and money to buy groceries and things
to be able to keep your power.
General Stewart. The cost of entering the cyber space is
pretty low.
Mr. Rogers. Is that right?
General Stewart. If you can identify malware and you can--
even if you get limited amount of help in dissecting malware,
you can turn that into a tool that you can use.
So the entry into this space isn't high. We are not talking
about millions and billions of dollars, but a fairly low-cost--
--
Mr. Rogers. From what we have heard from other panels, the
cost for defensive capabilities is pretty high. That is one of
the reason--and you have talked in--Mr. Warrick talked about we
need to put more money behind our defensive--more assets. So it
sounds like the offensive threat is less expensive than the
defensive capabilities.
General Stewart. Well, the risk to their networks, it is
pretty expensive to defend that, but to develop a capability
that could be deployed whether for intelligence gathering, for
disruption or for decisive defeat action, that cost is not
terribly high. Now, they made a commitment to building their
own intranet, building their down defensive capability. That
was their first priority, but in terms of delivering offensive
capability, that cost isn't terribly high.
Ms. Leaf. Mr. Rogers, if I could just address another
element of your question.
I mean, the monies require, the budget require--first of
all there is the prioritization as Tom Warrick noted, the
prioritization of these asymmetrical tools including cyber, but
also the proxies. If you look at Iraq or you look at Yemen--
well, look at Yemen. That was a very low, small investment,
high return in terms of the pressure that it put on Saudi
Arabia, and the pressure it put on us indirectly. In Iraq those
militias are 6--some of them go back to the 1980's, the Badr
organization.
The others came up on the battlefield after the 2003
invasion, and during the fight against ISIS. They are
parasitical. They are much like the IRGC, moving into the
economic space and praying on the Iraqi financial bodies. So
that is, again, a way that Iran does things on the cheap.
Mr. Rogers. Thank you, I yield back.
Chairman Thompson. Thank you very much. The Chair
recognizes the young lady from Texas for 5 minutes, Ms. Jackson
Lee.
Ms. Jackson Lee. Let me thank the Chairman and Ranking
Member.
A byline that was cited by a number of news stations after
the attack in Iraq on the soldiers was from a soldier that said
``I was 100 percent prepared to die''. To think as we relate to
the issue of the impact on the homeland, we must also recognize
the human impact and the deliberative responsibility of this
Congress and the Executive to make informed, intelligent, and
deeply strategized decisions. We are now living with the false
information of weapons of mass destruction.
In the act of war, before the inspectors were even allowed
to determine whether they existed, we now call Iraq the endless
war. So Ambassador Leaf, I want to ask some questions and I
will appreciate your indulgence of quick answers. I want to get
to all of the panelists. I'd like think that the American
people, I'll declare, do not intend to support going to war
with Iran. But what do you foresee as the next direct military
conflict between the United States and Iran?
Ms. Leaf. Given the way Iran goes at conflict, which is the
so-called gray zone, not head-to-head conventional conflict, it
will revert to form. So attacks on shipping, cyber, et cetera,
against partners. I don't see the immediate quest to take a
strike at the United States because they are outmatched, but
they will put pressure, they are putting pressure through Iraqi
militias. That is where the battlefield is. So I don't see a
strike as such being the most likely prospect.
Ms. Jackson Lee. Do you think in using proxies, such as the
Shiite group and others, could provoke the United States,
however?
Ms. Leaf. That's a question I really can't answer, but it
appears that the administration has settled on a line that if
an American is killed, that will elicit a response.
Ms. Jackson Lee. So we have the potential for escalation?
Ms. Leaf. Yes, as I said earlier, I do believe we are at a
pause, but we are still in an escalatory cycle.
Ms. Jackson Lee. It is clear that the President made false
statements about the Obama administration giving $250 billion
or $150 billion when those were dollars that had been retained,
and they were Iran's dollars. So it is important to have
accurate information to the American people and in the process
of deliberation.
Lieutenant General Stewart, you said Iran's fastest growing
audience being Russia, China, and U.S. allies in the region.
Can you please clarify how you see their potential involvement
and also the detriment to those, particularly the allies, in
the region including Israel, Kuwait, Jordan?
General Stewart. Congressman, I think probably more than
anything else the idea that we are not acting rationally and
that they are conforming to international norms, is the message
and themes that they are trying to get to our allies, and some
of our adversaries. That we, Iran, are more stable and more
deliberative in our process. We won't escalate. We will conform
to agreements. We want to reduce the violence. None of which
are particularly true, but those are the messages and themes
that they are pushing to our allies----
Ms. Jackson Lee. That'll be part of the false narrative as
well as saying we'll stand by you when the United States will
not.
General Stewart. That----
Ms. Jackson Lee. That one of----
General Stewart. That's certainly part of the messaging.
Ms. Jackson Lee. That only promotes danger for our
soldiers, for the United States. Mr. Warrick, we are all
concerned about cyber attacks. I sit on the subcommittee
dealing with that on this full committee, and so give us--you
gave us really a good explanation, but give us a deep dive into
how far into the cybersecurity system that can impact the
average American if Iran chose to do so.
Mr. Warrick. Representative Jackson Lee, the first thing to
remember is that cyber attackers are looking for an open door.
So in an open society like the United States, in effect, all of
us who have a computer, who have a home network, who have a
small business, are now on the front lines and are subject to
potential attack from a country like Iran.
What this means is an entirely new dynamic. It is no longer
sufficient for us to guard our military bases, or our
Government buildings. We now have to figure out an entirely new
strategy to work with the entire American public to educate the
American people on our collective responsibilities. This is
going to take, I think, an entirely different and stronger
approach that I would hope would be led from the White House,
in a way that makes improving our cyber defenses a National
goal, much like civil defense was a bipartisan National goal in
the 1950's.
Chairman Thompson. The gentlelady's time has expired.
Ms. Jackson Lee. I thank you. Yield back.
Chairman Thompson. The Chair recognizes the gentleman from
North Carolina, Mr. Bishop for 5----
Mr. Bishop. Thank you, Mr. Chairman. Thank you all for
being here.
You know, specifically, focusing on the purpose of today's
hearing, there have been a number of claims in public and even
maybe implications in some of the statements by Members today
that there was a lack of planning by the U.S. Government
including, perhaps, DHS for the aftermath of what happened in
Iran. I wonder is there anybody on this panel--we have heard a
confidential briefing, but is there anybody on this panel who
is intimately familiar with the details of the Department of
Homeland Security's planning or lack thereof?
Mr. Warrick. Well, I believe, Representative Bishop, that
would be me, but I am not going to get into any discussion of
any Classified matters at an open hearing. Obviously you would
want to hear from the people at DHS who are currently working
those matters, as I left several months ago.
But as I know you have been briefed and as DHS leadership
has said, they are quite a few activities, operations that are
under way now that the Department is engaged in to try to help
protect the American people.
I have no quarrel at all with any of those. Quite the
contrary, I think they are excellent. I just think that there
needs to be more of them and better funding from the Congress.
Mr. Bishop. So to follow that up, Mr. Warrick, are such
efforts, as a general practice, of long-standing, that is to
say they don't just--aren't brought up in a crisis, but they as
a matter of fact are pursued on a regular programmatic basis?
Mr. Warrick. The Department realized after the Arbabsiar
attack in 2011 that DHS had more actions going on against Iran
than almost anybody else in the Government realized. I do have
to say that that attempted terrorist attack on U.S. soil met
with a very vigorous response from the Secretary of Homeland
Security at the time and the entire Department leadership. I
was very proud of having been involved in that effort.
Mr. Bishop. Thank you, sir. General Tata, you said in the
course of your comments that you have to do an assessment of
threats. Would it be your expectation that those assessments
would be on-going as a matter of course over a long period of
time and not just started in response to a crisis?
General Tata. That is correct, Congressman. The threat
assessment cycle is one that is continuous, and it happens for
overseas threats and for homeland security threats. The
planning is all nested with the National security strategy that
the President and the National Security advisor put out 2 years
ago, and it very clearly talks about pursuing threats to their
source and defeating terrorists, and defeating transnational
criminal networks. So that is where you see DOD and DHS in the
joint planning collaboration that happens where they assess
threats and develop plans to counter those threats.
Part of that planning is to fight the enemy on their 5-yard
line and wherever they may be. Part of it is to defend our 5-
yard line to use a football analogy.
Mr. Bishop. Thank you, General. General Stewart, in your
testimony you talked about Iran's objectives and its asymmetric
activities. One was to avoid the threshold for an overt U.S.
action. It would appear that Iran miscalculated in this
particular case. Wouldn't you agree?
General Stewart. Specific to the missile strike on the
bases?
Mr. Bishop. Yes, sir.
General Stewart. I don't think that was a miscalculation. I
don't think Iran views that as a miscalculation. I think they
viewed that as a demonstration that they would strike back, an
overt demonstration that hit targets that they could reasonably
tell their audiences that ``we have done something''.
Mr. Bishop. Well, I think what I am getting at, and I am
not sure if I am following you General, I am talking about the
strike on General Soleimani and the killing of him. Do you
think--are you saying that you think Iran anticipated that the
United States would do that or did they miscalculation----
General Stewart. Not at all.
Mr. Bishop. OK. All right.
General Stewart. Not at all.
Mr. Bishop. One other thing is that you said that the most
important information operation they have is on their own
domestic population, which the regime seeks to keep united.
Based on events of the last days, would you say they
miscalculated on that as well and in the interest of accurate
information, you know, I heard one public figure say that the
killing of Soleimani is like killing Princess Di, or Elvis.
Would you agree with that equivalence and do you think they
have miscalculated in terms of their own population's reaction?
General Stewart. Their population reaction actually
switched from a support to the reaction to the Soleimani
killing but switched as a result of the airplane strike. So
there is no way that they could have calculated that if we make
an accidental shoot down of a commercial aircraft that the
population would rise up in the wake of the cry for--the
outrage over Soleimani's killing.
Mr. Bishop. Thank you.
General Stewart. I don't know if I would call it a
miscalculation. They are not dealing with it well and that
causes some stress internally, but I wouldn't call it a
miscalculation.
Mr. Bishop. Thank you, sir. My time has expired. I yield
back.
Chairman Thompson. Thank you very much. The Chair
recognizes the gentleman from California, Mr. Correa for 5----
Mr. Correa. Thank you, Mr. Chairman. First of all let me
thank you for holding this most important hearing, and I'd like
to thank our witnesses for being here today. Again, a very
critical issue.
I have a question for all of you on the panel here. As you
know, Iranian General Soleimani built the world's largest
terrorist network with international terrorists like Hezbollah.
Now that he is out of the picture, how would you characterize
the threats posed by Iran's proxies, Hezbollah, Hamas, other
militias, toward the United States and abroad? Do they have
cells in the United States?
Is this a threat, especially given as some of you have
stated, now that he is out of the picture, is there a call for
revenge, and are there cells in the United States that could
pose an immediate threat to us? Ambassador Leaf?
Ms. Leaf. Sir, I know that Hezbollah has cellular networks
all over the world and I think it is clear that they have them
in the United States. To my knowledge, this does not extend to
some of the other proxy actors, but I think it is important to
note, going back to your original question, that the Quds Force
will survive, has survived, will survive and continue on the
mission that Soleimani--the vision that he defined for the
region.
Certainly it was a decapitation and Esmail Ghaani, his
successor, is a character of a different type, but I have no
doubt that they will exercise the kind of command and control
throughout their networks, whether it is Hamas, Hezbollah, and
certainly in Iraq in such a way that our interests will be
threatened.
Mr. Correa. So Ambassador, are you saying that command and
control, despite his elimination, is still there and therefore
there is discipline in the ranks?
Ms. Leaf. Certainly in Iraq, yes.
Mr. Correa. In the United States, the cells?
Ms. Leaf. These--well, I'm going to defer to Tom Warrick on
the issue of Hezbollah.
Mr. Correa. Thank you. General Stewart.
General Stewart. I don't know--I won't speak to cells here,
but the estimates are 20- to 80,000 members make up this
militia, 20- to 80,000. Some of them will remain under command
and control of the IRGC Quds Force. My greater concern are
which of the ones that will go rogue with the intent to avenge
the death of Soleimani, the martyred Soleimani.
Mr. Correa. That's a question mark?
General Stewart. That's a question mark. I don't know how
many, but even if a small percentage----
Mr. Correa. Mr. Warrick, I'm running out of time. Excuse
me, General.
Mr. Warrick. So there was the recent disruption of a
Hezbollah group including one of their sleeper operatives. It
would be foolish of us to assume that by taking one out that
there aren't others that need to be addressed by the FBI at the
proper time and place. I do agree though with General Stewart
and with Ambassador Leaf, that the Iranians would regard it as
a ruthless but ``good at a trade'' if United States were forced
by Iran to leave Iraq, if all they thought they had to pay was
the price of one of their generals, I'm afraid the ruthlessness
of the regime would make them think that was a good deal for
them.
Mr. Correa. General Tata.
General Tata. Yes, Congressman, it is well-documented by
the FBI and Southern District of New York in open source, and
other places that there are sleeper cells here in the United
States both for the Quds Force and for Hezbollah financing. I
referenced in my opening statement about the hundreds of
millions of dollars that there were being laundered by
Hezbollah in the United States, a case brought before the
Southern District of New York, or by the Southern District of
New York.
The FBI intercepting the plot by the Quds Force to attack a
restaurant a few miles from here in Washington, DC. It would be
naive of us to assume that there aren't other cells that we
have not yet found. So they exist and as far as command-and-
control networks of Quds Force, you know, you take out the--you
destroy part of that network. Certainly they will regroup and
reassemble, but you cannot overestimate the impact of killing
Soleimani, in my opinion.
Mr. Correa. General Stewart, we talked about the
capabilities, cyber, offensive capabilities of Iran. Is there a
possibility that they could team up with Russian experts and
come up to a greater level of threat to the homeland if they
were to do that?
General Stewart. In their own words, they have talked about
partnering with a number of countries, to include the Russians,
the Pakistanis. So in their own words they talk about sharing
and collaborating. So if they do that they certainly can
increase their capability.
Mr. Correa. The Chair, thank you very much.
Chairman Thompson. Thank you very much. The Chair now
recognizes the gentleman from Texas, Mr. Crenshaw for 5
minutes.
Mr. Crenshaw. Mr. Chairman, thank you everybody for being
here. I'll start with you, Ambassador Leaf.
You mentioned the importance of the mission in Iraq and
that's a contentious issue across the political spectrum. Could
you address directly why we have a mission in Iraq and address
directly the, you know, the slogan of no more endless wars? Why
are we there? What's the U.S. interest?
Ms. Leaf. The importance of the U.S. military training and
advisory mission in Iraq goes precisely to a homeland security
issue which is ISIS, which continues to regenerate in Iraq and
of course across the border in Syria. So that is forthrightly
the mission, and I think it is a critical one.
Now, the size, the shape, the duration and so forth is a
question that we should have a very strong voice in. I agree
firmly with what Tom Warrick said earlier. If we are seen to be
pushed out by this collection of a militia-affiliated actors in
Iraq, or the militias themselves, we are going to lose critical
intelligence. The Iraqi security forces will lose critical
training and assistance to be able to counter that threat that
goes beyond their own homeland.
Mr. Crenshaw. Related to that would be the question of
Iranian influence in Iraq. If we were pushed out it would
become an Iranian proxy state, if you will. Does that affect
U.S. National security and related to that question, do you see
the PMFs becoming the next Hezbollah?
Ms. Leaf. So the way I look at it is Iraq is at real risk
of becoming a militia state, and as such will again pose a
threat to the security of not just the neighborhood, but more
broadly in the region.
Mr. Crenshaw. Mm-hmm.
Ms. Leaf. We don't want to return to Saddam's days when
Iraq was a real threat all across the way. So there are a
multiplicity of these militias. They are, as I said, predatory,
parasitical. They are thuggishly repressing hundreds of
thousands of Iraqis who turned out with a quest to turn Iraq
into a normal state. Iraq is not fully normal yet and it is in
our interests to stay the course and help them do that, not
only through this military mission, but the military mission is
a critical component of our reason for being there.
Mr. Crenshaw. All right. I want to move on to General
Stewart and information operations that you mentioned. You
talked about the use of social media by the Iranian government
to spread their misinformation campaigns. In the last couple of
weeks, how have you seen any change in that and how have they
used the hyper-divisive reaction to Soleimani's killing, and
the media narratives out there, have they used that internally
to spread their own misinformation campaigns?
General Stewart. I have not seen that yet but I anticipate
that they are laying the foundations to use the divisiveness.
They are laying the foundation for the divisions, the social
divisions within our country. We have seen them talk about
doing that.
Mr. Crenshaw. Yes.
General Stewart. But in the last 10 days I have not seen an
increase in that level of activity.
Mr. Crenshaw. For both Mr. Warrick and General Stewart, as
far as the symmetry that you talked about, does Iran currently
have even close to symmetrical capabilities as far as offensive
cyber warfare against the United States? Is there something you
are worried about in the future? Are you worried about it now?
Because it is not as if we don't receive attacks from Iran in
the cyber realm every day.
Mr. Warrick. But I--you are right on that, Representative
Crenshaw, but it is a fact, as General Stewart said, that
offensive cyber operations are cheap. Defensive cyber
operations are very expensive.
Mr. Crenshaw. I understand. I'm trying to get a sense of
the capability as it stands now.
General Stewart. You don't have to have the same capability
that the United States or Russia has. You only have to have
one----
Mr. Crenshaw. Yes.
General Stewart [continuing]. Can impact the electrical
power grid on the east coast of the United States, and the
cascading effects of that one device, and that is why it is
asymmetrical.
Mr. Crenshaw. I agree with that. I just--my question is it
is not like they haven't tried, right? I mean in Texas we had
10,000 attacks. So are they not implementing their full
capability yet? Is that your assessment?
General Stewart. Well, we call every event an attack.
Mr. Crenshaw. Yes.
General Stewart. It might be reconnaissance.
Mr. Crenshaw. Yes.
General Stewart. It might be simply probing. It might be an
attempt to simply deface. All of those are precursors to ``The
Attack''.
Mr. Crenshaw. Right.
General Stewart. But generally, we are pretty cavalier
about an event that occurs--an anomaly on a network and we can
attribute it as an attack, and it doesn't mean that they don't
have that capability and could, in fact, turn those probing
events into a destructive event.
Mr. Crenshaw. Mr. Warrick, you are very familiar with CISA
and what they have been doing in the Department of Homeland
Security. Is there anything they are not doing that you would
suggest that they improve upon, because they have made quite a
few steps in the last couple of years to improve upon
cybersecurity in the homeland?
Mr. Warrick. So if you look at the entire number of
cybersecurity specialists that CISA has, that number would be
dwarfed by putting 1 or 2 of our banks together with the number
of cybersecurity people they have. So the staffing disparity of
what is needed to protect the country is very different. This
is one of the things that I would hope this committee and your
colleagues on the Appropriations Committee would work together
to address.
We have totally mismatched the idea of offense and defense,
because in the military realm it means one thing. It is totally
different in homeland security in cyber space.
Chairman Thompson. Gentlemen----
Mr. Crenshaw. I am out of time. Thank you, Mr. Chairman.
Chairman Thompson [continuing]. From Texas' time has
expired. The Chair recognizes the young lady from New Mexico,
Ms. Torres Small.
Ms. Torres Small. Thank you, Mr. Chair. Thank you, Mr.
Ranking Member. Esteemed witnesses, I really appreciate you
being here. I want to pick up on Congressman Crenshaw's
questions about National security. I recognize that, you know,
what is being said here is that that is the most likely attack
we will continue to see. Mr. Warrick, you described it as a
certainty at this point that we will continue to see it.
I am very interested in your conversation about a security
gap that exists between Federal entities and some civilian
entities. Most troubling of which are critical infrastructure
and financial institutions. So my concern is, was you talked
about opening a door and lots of attempts to open those doors,
and such that all of us are now a threat. How do you see that
impacting more rural utilities or smaller utilities, like
water, wastewater, energy, and what can we do to address that
threat?
Mr. Warrick. So what the Iranians as other potential or
actual cyber adversaries face is they literally try computer
system after computer system until they find somebody that has
not updated their software; that does not have antivirus
software; that has failed to use two-factor authentication;
that has failed to do all of the basic things that really need
to be something that we start teaching in America's schools.
This needs to be done exactly in the way that we did the Civil
Defense Campaign in the 1950's.
The difference then being that a nuclear attack was a
horrifying possibility, but a cyber attack these days from our
adversaries like Iran is an absolute certainty. So I would hope
that this would get a lot more attention across the board and
at all levels.
What would not be something that any of us as citizens
would want to see is a very destructive cyber attack by an
adversary that has achieved strategic surprise against us as
the Iranians have shown that they can do, and that there would
have to be something like another 9/11 committee, or dare I say
it, even a Pearl Harbor committee that would look into how did
we miss this.
I'm telling you right now Representative, that the mismatch
between what CISA has in the way of resources and what the
threat is, is a strategic vulnerability to the United States
homeland.
Ms. Torres Small. Mr. Warrick, thank you so much for that.
I think looking long-term in terms of education, I think is
very valuable. In terms of short-term and the staffing
challenges that you described and the resources, again, I want
to get back to rural and small utilities.
What kind of resources does CISA need? What types of
expertise do we need to facilitate that type of outreach?
Mr. Warrick. So the larger utilities, obviously, have more
resources. The smaller utilities are more uniquely vulnerable
but cover, as you know, large areas and therefore there is more
at risk. This is very much a situation where ways have to be
found, obviously, to do various risk-based measurements. CISA
has a considerable amount of expertise in trying to do those
risk-based assessments.
So I recognize there has to be prioritization, but I also
recognize that our adversaries have very different
prioritization and will look for the weakest target that they
can find in a way of showing their dominance over us in cyber
space.
Ms. Torres Small. Thank you very much. Just shifting gears
slightly, in the last time I have, in the event of a successful
cyber attack against the United States, what is the likelihood
of an attack being linked to the actual actor?
Mr. Warrick. One of the challenges is that although the
attacks take place in seconds, as General Stewart knows better
than any of us, having been at CYBERCOM, it can take, you know,
days, weeks, or months to try to sort out who is responsible.
This is an asymmetry that we have to recognize and I don't
think there is any substitute for.
I would defer to General Stewart.
General Stewart. Attribution remains a challenge, but we
are seeing the actors who use certain techniques, certain
tools, certain approaches. So it is getting a lot--I won't say
a lot. It is getting easier to attribute, but it is still--I
could give a tool to a proxy and that proxy could use that tool
in multiple domains to get to the target which really makes it
hard to define who does it.
Ms. Torres Small. Are there specific resources that
Department of Homeland Security could apply to increase the
ability to correct attribution?
Mr. Warrick. The least significant but most important is
one that I know my colleagues have been asking for which is the
ability to require American businesses who have been hit by a
cyber attack to disclose relevant information to the Department
so that they can begin understanding and assessing this.
General Stewart. The private sector believes that the
Department has a lot more intelligence that can attribute to
targets than we actually do. The reality is in the private
sector there is tremendous amount of intelligence capability.
How we share that data, and this is why it is so important as
public-private partnership, the sharing of the data, the
collaboration in real time, is critical if we are going to
attribute and react in a timely manner.
Ms. Torres Small. Thank you. My time is expired.
Chairman Thompson. Thank you very much. Just for the
record, this committee led a bipartisan letter to the
appropriators, got CISA $350 million more and we plan to go
back again and say, based on some of the conversations today
because we're still behind in terms of capacity. We can only
get that capacity with investment. So----
Mr. Warrick. Mr. Chairman, we want to thank as just private
citizens, I thank the Members of the committee for doing that
because that was hugely important.
Chairman Thompson. Absolutely. The Chair recognizes the
gentleman from Louisiana, Mr. Higgins, for 5 minutes.
Mr. Higgins. Thank you, Mr. Chairman for holding this
important hearing. I thank our witnesses for appearing today.
I'd like to dive into the--some would say controversial killing
of terrorists. I personally support the killing of terrorists
in the battlefield, including President Trump's decision of
order, precision, strike, to take out known and brutal
terrorist Soleimani.
Iran is a threat to our homeland and continues to be the
leading state sponsor of terrorists groups, and proxy
terrorists groups across the world. They provide shelter and
training for terrorists and intend us harm. They are no friend
to the United States of America.
When I say, they, meaning an Iranian regime, not the
Iranian people. One of my best friends, been my friend since
1984, is an Iranian citizen that was stuck in his country--he
was going to college and when the Ayatollah Khomeini took over
and the radicals took over Iran, he was stuck in the country.
If he went back he will be shot. To this day, he can't go back.
So Iran, the Iranian regime is the issue and the threat
they pose to our Nation, both our homeland and abroad, not the
Iranian people. The Iranian people are beautiful people.
I have come to know their culture through my friend, but
the Iranian regime is most certainly a terrible issue that we
must confront. I think the--I am going to ask a question to
Lieutenant General and the Brigadier General, both my generals.
General Stewart, I'd like you to address, if you would, in your
written statement you mention a divide between Democrats and
Republicans with the narrative of how this thing is rolling,
especially on social media.
You said that that is used by an Iranian as, ``information
operation targets''. Can you explain in greater detail what
that means, please?
General Stewart. Just like we have seen with other foreign
governments who have taken every divisive issue, every divisive
issue and then amplified it in a social media space so that
long before we even cast a vote, we made a determination as to
which side is telling the truth. We have seen this done by
other nation states. We see this being done by the Iranians.
Any--pick your socially divisive issue, any one of them.
Create an environment, and I won't call out any social
media platform, create an environment, create the messages,
drive people to those left and right lateral limits, and I have
often said publicly and privately, I am not afraid of the
Russians, the Chinese, the Iranians, or anyone else. I am
concerned about the divide in our country and social media
allows that divide to occur, and lots of us are amplifying
those horrible----
Mr. Higgins. Well-stated and that division as it becomes
manifest and publicly consumed on social media is a tool that
Iran used to recruit, is it not?
General Stewart. I don't know how much recruiting they used
that means, but they do cause disruption in our society and
division in our society. It certainly could be used for
recruiting.
Mr. Higgins. Thank you for that clarification. Brigadier
General Tata, in your written statement you described that the
world is a safer place because of President Trump's call to
kill the known terrorist Soleimani. In your opinion, do you
believe that we are prepared to counter any future attacks by
his successors, although to some uncertainty as there should
be? We shook them up regarding who that successor will be. Do
you believe we are prepared?
General Tata. I do believe we are prepared. I think the
intelligence and communications, and special forces, and combat
force posture throughout the Middle East is appropriate and to
defend U.S. vital interests which are defense of people,
property, and the shipping lanes. Those are the key U.S. vital
interests that we have, and of course to be able to root out
terrorism at its source, to disrupt attacks on the homeland.
So as we in the days after, weeks, months after the strike
on Soleimani, the key for us in my opinion is that we have to
have an intelligence apparatus that can continue to collect
information, so that we can make informed decisions about how
to continue to disrupt the terrorists that want to do us harm.
That to me is fundamental more than anything else going
forward.
Mr. Higgins. Thank you for that answer and your
clarification, and your service. Madam, gentlemen, thank you
for appearing today. Mr. Chairman, I yield.
Chairman Thompson. Thank you very much. The Chair
recognizes the gentleman from New York, Mr. Rose for 5 minutes.
Mr. Rose. Thank you, Mr. Chairman for gathering this
extraordinary panel. I must say as well whenever Mr. Higgins
speaks, I always consider yielding all my time to him, but I
will resist.
In the immediate aftermath of the killing of Qassem
Soleimani, something that for the record I did support, there
was a concern regarding reaching out to jurisdictions regarding
a potential terrorist attack, cyber attack. As a New Yorker, we
saw that there was a strong communication between the JTTF,
NYPD, and DHS. But what I'm concerned about is that we don't
know what we don't know about our communications with other
jurisdictions.
In your experience, does CISA, DHS, as a whole, do we have
contacts with every locality? Have we built communications with
every jurisdiction and do we have a means of at least grading
whether they are up to a certain requirement, whether it be
counterterrorism or cybersecurity? I'll begin with you Ms.
Leaf.
Ms. Leaf. I think that really falls outside my bailiwick of
expertise and I would defer to my----
Mr. Rose. Of course, thank you.
General Stewart. I can't completely speak to this except
for when I talk to industry partners who do not believe there
is a great connection between their requirement at the, let's
say a small or medium-sized bank, so the right connection
within DHS to the right connection inside the IC. So from a
commercial standpoint the sentiment is we are not well-
connected. I don't know how the Homeland Security is connected
to the municipalities and governments, but----
Mr. Rose. OK.
General Stewart [continuing]. From a private-sector
standpoint, they don't feel well-connected.
Mr. Warrick. So to square the circle, Congressman, someone
at DHS could show you a map that says that the entire country
is covered by fusion centers; that the entire American economy
is covered by sector groups that meet with specific sectors.
That much is true, but the reality is how many people are there
within those JTTFs and how many people are there within those
sector groups to reach out to all of the American State and
local law enforcement, private businesses, and others. That is
what produces the gap, and General Stewart has correctly----
Mr. Rose. Do you think that this gap is something that we
should be trying to analyze and establish some type of metric?
Mr. Warrick. I wouldn't spend a lot of time analyzing it.
The gap has to be addressed in a very serious way and urgently,
lest we find ourselves the victim of strategic surprise from
somewhere.
General Tata. Congressman, as former secretary of
transportation in North Carolina, I had a law enforcement
agency. I worked very closely with emergency management in
North Carolina. I worked very closely with the Department of
Public Safety, the equivalent of DHS at North Carolina's level,
the Department of Transportation's work with the Highway
Patrol.
All of those entities have a fusion cell and emergency
management, and we worked very closely with FEMA and DHS. What
I saw a few years ago when I was in that position was close
coordination between DHS, FEMA, and other law enforcement
agencies such as the FBI.
Now, can everything been improved always? Yes. But at the
time the infrastructure is there and so it may be time to
rejuvenate that or to put some emphasis on that.
Mr. Rose. Last thing, my last minute. Can you speak to the
potential for, and I don't think this is considered nearly
enough, the potential for a cyber attack combined with a lower-
scale terrorist attack? Iran seems to have both capabilities,
and do you see that on your threat landscape?
General Stewart. It is certainly in the realm of
possibilities, but I don't see any indication of that and I
think that would be highly escalatory which would be
counterproductive for the Iranians.
Mr. Warrick. It is also true that the people who do
terrorist attacks, and the people who do cyber attacks from
Iran don't talk to each other.
Mr. Rose. Can you expand on that?
Mr. Warrick. The way Hezbollah and the Quds Force have
organized their terrorist activities is through very tightly-
held stovepipes. This is a matter of public record. This isn't
the least bit sensitive. If you look at the way the FBI and the
Department of Justice detailed the actions of the Hezbollah
sleeper operative who was recently convicted and sentenced to
40 years in prison, you can see how tightly-stovepiped
Hezbollah kept its operatives.
Cyber attacks are done through totally different
mechanisms. That is detailed in General Stewart's testimony and
it is done through different mechanisms. It would be quite
something if they could combine those. Let us hope they don't.
Mr. Rose. Thank you. That's very helpful.
Chairman Thompson. Thank you. The Chair recognizes the
gentleman from Pennsylvania, Mr. Joyce for 5 minutes.
Mr. Joyce. Thank you, Mr. Chairman. Thank you for holding
such an important hearing today.
It is no secret that the Iranian regime is no friend of the
United States. If I could just briefly summarize the highlights
from some of General Tata's comments today that we heard.
General, you testified broadly that Soleimani was a
specifically-designated terrorist, and his murder, his removal
from our continent, from our world, from our lives, makes for a
safer Middle East and a safer homeland here in the United
States. I, for one, could not be in more agreement with this.
Soleimani was a terrorist who had the blood of hundreds of
American soldiers on his hands. Weakness and appeasement of
Iran by the previous administration left the United States in a
weaker position in the region, and led to a deeply-flawed Iran
deal. Under the current President, we have taken a different
tack, pulling out and seeking to re-establish against this
rogue Iranian regime.
General Tata, your testimony also highlights that Iran and
its proxies have posed a threat for over 40 years. Why have the
past strategies, including President Obama's nuclear deal, why
have they failed to reign in Iran's hostile activities?
General Tata. Thank you, Congressman for that question. I
think part of it lies in the fact that Iran is a theocracy and
they will always, as long as they are a theocracy fueled by
extremist--Islamic extremism, they will always want to
annihilate and remove Israel from the face of the earth. They
will always want to destroy America and Western values.
Fundamentally, they are in opposition with the West. So for
my point of view, that will not change as long as they are a
theocracy fueled by fundamentalist Islam. So the nuclear deal,
you know, just this year we have the removal of the sanction to
export arms that would come due and come out of the deal had it
still been in effect. In 3 years, they would be able to import
centrifuges and ballistic missiles.
Five to 10 years to people in the Middle East is the bat of
an eye, and it is something that they will provide a holding
action while they continue to do things. The deal did not
prevent them from conducting, obviously conducting terrorist
attacks against the U.S. interests in the region. So it is this
belief that we can conduct a deal with them, that will result
in some kind of peace. What we can have is deterrence, detente,
and, you know, establish a power to counter their power in the
region.
Mr. Joyce. General Tata, what additional steps--those
deterrents that you bring to the table, what would you
recommend that we utilize moving forward to secure our homeland
and to mitigate additional threats from Iran?
General Tata. Thank you, Congressman. The additional steps
I would recommend, I have mentioned a few, ensure that we have
robust intelligence capabilities in the Middle East to be able
to pick up on the movement of these proxy groups and to
determine how Iran is going to try to conduct more influence
operations, whether or not that is kinetic or cyber. Or, you
know, and this administration is expert at pulling the levers
of diplomatic information, military economic power and
synchronizing them to achieve specific effects. So they need to
continue to do that.
Where they struck with military precision, no collateral
damage on a confirmed terrorist target and killed that target,
removed him from the battlefield. Now we need to take a look at
what lever of power can now be best applied to achieve our
strategy that is well-stated in the National security strategy
to achieve that strategy and move forward. Now that we have a
deterrent effect in that region, maybe they will talk. Maybe
they will come and achieve at least some sense of detente.
Mr. Joyce. Thank you for your important information you
brought to us today, and I yield my remaining time.
Chairman Thompson. Thank you very much. The Chair
recognizes the gentlelady from Illinois, Ms. Underwood, for 5
minutes.
Ms. Underwood. Thank you, Mr. Chairman. Since the events in
Iran I have been briefed by the Department of Homeland
Security, the Department of Defense, the chairman of the Joint
Chiefs, the Secretary of State, CIA director Haspel, and the
acting director of National Intelligence. In the briefings I
received information and intelligence regarding threats and the
administration's efforts to keep us safe in the wake of the
escalation.
As I have learned more about the administration's military
escalations in Iran, the question for me is, are we safer? The
answer after much listening, reading, studying, questioning,
and listening some more is, no.
Americans and our allies are in greater danger. Our country
is not safer in the wake of the Trump administration's recent
actions. Without a doubt, General Soleimani got the fate he
deserved and Iran remains an adversary. But after examining the
facts, we are on less stable footing in the region.
The military has suspended counter-ISIS activities. More
troops have been sent into a dangerous region. Iran is now
closer to building a nuclear weapon than they were before the
attack and we are more isolated from our allies and partners.
Ensuring the safety and security of Americans at home and
abroad is my most important duty as a Member of Congress. In
order to do that, I voted for the War Powers Resolution, and I
pledged to work to keep our country safe from any counter
attacks from Iran.
In response this administration's recent actions, we know
that Iran is more likely to deploy asymmetrical operations on
U.S. critical infrastructure and our allies. Because of this,
the intelligence community continues to caution that a possible
attack led by Iran, Iranian proxies would likely include a
malicious cyber operation. Ambassador Leaf, General Stewart,
and Mr. Warrick, as a nurse, I am concerned about how
vulnerable our country's hospitals are as targets of cyber
attacks.
What would a Wiper or ransomware attack look like if
carried out on a hospital?
Mr. Warrick. Representative, this would be one of the most
serious attacks against any community, as we have seen from
ransomware attacks that have been tried, including some that
Iran has had its hand in. Any time you have a situation like
that you are looking at the potential loss of patient records
and ability to access medications, allergies, and other
information that is necessary for the preservation of life and
health. So this could be one of the most important types of
targets an adversary might attack.
General Stewart. We continue to see adversaries look at the
hospital system, and as Mr. Warrick pointed out earlier, we are
all part of the attack surface because we all have a smart
device of some sort. We plug into a Wi-Fi network that is
unsecured. Almost every one of the devices in a hospital is on
an unsecured network to allow folks to move laterally inside
the network, steal data, disrupt systems. We are extremely
vulnerable in the hospital and health care sector, and this is
not just about stealing data. This is about impacting--we have
hearing aids now that are Bluetooth-enabled.
Ms. Underwood. Right.
General Stewart. So all of our systems are connected and
all of them create an attack surface from which you can move
laterally and be disruptive. So I think this a really important
area to focus on securing our health care infrastructure. It
has been targeted. It is a high priority for all of our
potential adversaries and criminals. So it is an area that I
think we really need to invest in and set some standards for
securing networks.
Ms. Underwood. Yes, sir. Ambassador Leaf, did you want to
add anything?
Ms. Leaf. No, not on this topic.
Ms. Underwood. OK. What Federal resources are available for
hospital administrators to proactively address cybersecurity
vulnerabilities against a cyber attack from either foreign
adversaries?
General Stewart. I can't speak to that.
Mr. Warrick. Yes, there is advice that is available. There
are tactics, techniques, and procedures.
Ms. Underwood. Mm-hmm.
Mr. Warrick. But the problem is, of course, that
implementing them is most often left to the communities that
fund those hospitals. It is not a subject of a massive Federal
grant that somehow solves the problem. It has to be done at the
State and local level in the communities.
Ms. Underwood. Right. So it sounds like it is an open
vulnerability and, you know, General Stewart mentioned stealing
data, but there is also interruptions in service delivery,
threats to individuals' health and wellness. So this is
something that I hope that this committee and our colleagues in
Congress can address.
General Stewart, in your testimony you reiterate that the
findings presented in the world-wide threats assessment of 2019
that, ``Iran is also attempting to deploy cyber attack
capabilities that would enable attacks against critical
infrastructure in the United States and allied countries.''
Can cyber attacks perpetrated by Iran and Iranian actors
such as the ransomware attacks on Baltimore and Atlanta,
provide insight into the potential scope and magnitude of
future cyber threats from Iran?
General Stewart. So the ransomware attacks that we will see
more of, by the way, it is a quick way to get funds. More and
more companies are paying the ransom because they have seen the
cost of Baltimore mitigating the ransomware attack. So these
are criminal activities that could certainly be utilized by
state actors to wipe data, to be disruptive and ultimately be
disruptive on a network. So the techniques used for ransomware
from the criminal standpoint are the same techniques that a
nation-state could use to destroy data that they think is
appropriate for disruption.
Ms. Underwood. Thank you. As I stated before, as a Member
of Congress, it is my responsibility to ensure the safety and
security of Americans at home and abroad. I am committed to
working with my colleagues in the House and on this committee
so that the United States is prepared for all contingencies
related to U.S.-Iran tensions and I yield back. Thank you.
Chairman Thompson. Thank you very much.
The Chair recognizes the gentleman from New York for 5
minutes, Mr. Katko.
Mr. Katko. Thank you, Mr. Chairman, and thank you panelists
for being here. The discussion has been excellent and I think
the testimony has been very well taken.
The situation in Iran has raised, what I think is the
biggest vulnerability in our country, and I think--I just want
to digress for a moment which I normally ask questions, I do
want to make some observations then ask a question. I think the
consensus is, is that the easiest and most, perhaps, effective
way to fight back for state actors that are bad actors, or
individuals across the globe that are bad actors, is cyber
attacks.
I really do believe that we are having this discussion; we
are talking about the things, talk about our concerns; we are
talking about our vulnerabilities just like we did before 9/11,
and we didn't do enough before 9/11 to stop what happened on 9/
11. It is, to me, the biggest concern I have, is the
vulnerability to this country from cyber attacks. I think since
9/11 we have done a very good job in the anti-terrorism field,
not a perfect job but a much better job.
Look at the resources that we put into the post-9/11 era to
make us safe from terrorist activities. Now we have this
metastasizing problem of cybersecurity. As I look at it, I do
think it is the greatest threat to our country right now, for
some of the reasons we discussed today. As I look at it, there
is 4 areas I think we can focus on to really prioritize what we
need to do. Then I want to ask a couple of questions on it.
First is cybersecurity proficiency is the smaller the
business, the smaller the family, the less knowledge they have
on the issue, the bigger the problem. Banks, of course, have
whole departments like you know that--but, you know, a lot of
businesses can't afford that. Therefore their vulnerability is
amazing. Target's major security breach happened because of a
heating and air conditioning contractor, gave the bad guys
access into the system. That is what we have got to be thinking
about. We are not thinking about it.
The emerging technology, some of us noticed. I think you
noticed it. Lieutenant General with respect to, you know,
Fitbits and the watches that we have. The internet of things is
coming and the problems that that is going to pose for us.
Every household in this country is going to have 20, 30, 40
devices that provide access to the internet and provide back
doors to cyber attacks. So that is another thing we need to
think about.
Even the supply chain issue with 5G technology and all of
that. CISA and all CISA is doing. CISA is a young start-up
company, basically, and they are doing a wonderful job under
unbelievably difficult circumstances. The ISACs they develop
Nation-wide have been wonderful, but it is not enough.
Then of course, you have on top of all that, you have let
us beef this up. You already have a shortage of 330- to 400,000
employees, right now in this country for cybersecurity jobs.
They project that with the next year or 2, or 3, there will be
over a million-person shortage.
So how do you do that without drilling down and getting
into the school curriculums like you suggested? So this is a
huge problem and we have done, as a committee, I think a
remarkedly decent job of addressing and trying to get funding
to CISA, but it is nowhere near enough and it takes much more
than this committee.
So with setting the doomsday scenario--I don't mean to do
that, but at the same token, we have got to acknowledge,
tomorrow if a bad actor wanted to flick a switch they could
take out a grid somewhere. They could affect our water supply
systems.
They are not doing it probably because we can do it to
them, but also they probably view--that we would view it as an
act of war. So with all that being said, what should we be
doing? I know we are talking about the problems. What should we
be doing to try and look at this thing holistically much better
than we have right now? Mr. Warrick, I'd ask you first.
Mr. Warrick. So Representative Katko, there is a lot that
you have said I would certainly associate myself with. I think
where we are as a country is that we have built an enormous
part of our economy around an internet that simply grew up out
of a series of decisions originally as a defense program that
turned into something that frankly, you know, from 50 years ago
we would have thought as science fiction. Now we all carry
around in our pockets more computing power than what it took to
get Americans to the moon.
But there has been no sort-of equivalent security
architecture----
Mr. Katko. That is right.
Mr. Warrick [continuing]. To make that safe. This is going
to require DHS, and FBI, CYBERCOM, the entire technology-
related security architecture of the United States to figure
out how better to work with the private sector. We don't want
the Federal Government dictating standard and reducing
innovation. That comes from a combination of public and private
measures that frankly have made our economy vibrant. But
something more has to be done on security.
One of the things that concerns me is that at DHS over the
past decade since the Department was founded, we have added
missions, and added missions, but we have not had resources
added to match the missions that have been added. This
committee, I know Mr. Higgins--I heard him at a hearing
yesterday--make some important statements about the need for an
authorization bill and one of the things I'd ask you all to
look at is, is the Department of Homeland Security adequately
scoped for the missions that it now has, because they are
different from what the Department had when it was stood up in
2003.
We are, I think, at a fundamental mismatch between the
security needs and what is funded by the Department and others
to do right now.
Mr. Katko. Mr. Chairman, I am out of time, but this is
something I just think we have to spend a lot more time on it
going forward.
Chairman Thompson. Well, and there is no disagreement. I
think you will see some legislation proposed by Mr. Richmond to
kind-of close the loop on some of those unmet challenges that
we face as a country. The Chair recognizes the gentlelady from
Michigan, Ms. Slotkin, for 5 minutes.
Ms. Slotkin. Thank you all for being here, for your
testimony and for the conversation.
I am concerned, separate from the events that went on in
the past couple of weeks, I am concerned about looking forward
and making sure we are doing everything we can to protect
ourselves and particularly to protect ourselves in our States,
and back home. I am hosting a big call this Friday, just called
Enhancing Readiness on Cyber Threats for my State and local
folks, for everything from election officials to town
supervisors.
I wondered if you could, maybe General Stewart, walk us
through very briefly just to give people back home an
understanding of how Iran is organized on cyber threats. You
know, what does it look like? Is it someone in a headquarters?
Is it a non-associated group under special cover? Just give us
the literally 30-second version of how they are organized and
perpetrate attacks.
General Stewart. By their own words they have somewhere in
the order of 2,000 or so folks organized from a strategic
level, through tactical levels, designed to No. 1, defend their
networks, and No. 2, develop capabilities to go after any
targets, partnering with nation-states. In their own words,
again, we are looking for friends and partners friendly to us.
They cited Russia, China, Pakistan, as friendly partners. So
they are organized at the strategic level. They are organized
at the tactical level. They have specialized teams that conduct
operations, both research and preparation for follow-on ops.
So they are well-structured throughout. They made a
commitment to this effort over the last 10 years.
Ms. Slotkin. We know that in sort-of modern-day cyber
warfare everybody is on this front lines. It is not traditional
military or intelligence targets. We have talked about, you
know, and I think Representative Katko, who has now departed,
is absolutely right that one day the other shoe is going to
drop, and we are all going to have this issue right in our face
in a much more serious way. I know just as being a former CIA
officer, after 9/11 we made a lot of progress on getting
different intelligence community agencies to speak to each
other, and to have better communication.
Then from the Federal down to the State and local law
enforcement. But what kind of things should we be doing if we
are thinking about the future of CISA and DHS, Mr. Warrick?
What kinds of things should we be looking for and pushing for
to now take it to the next level, so that we can be helping our
businesses, small and large, protect themselves, since they are
on the front lines?
General Stewart. Let me frame it this way. Sixty percent of
small and medium-sized business fail within 18 months of a
breach in cybersecurity. That is the economic underpinning of
our Nation. Sixty percent will fail within 18 months. Insider
threats are the greatest threat. So go back to how do we
educate the population, because insider--all of the companies
that have reported a breach, generally these are from the
inside. They all have firewalls. They all have antivirus and it
is some unknown entity inside that kicks off the attack. So we
have got to do much better at coordinating at the National
intelligence level, and I have seen significant coordination
over the last 18 months.
The piece that I think is still missing--and I have
mentioned this before--how do we move that from the National
intelligence agencies, down to DHS, who are overwhelmed? I got
to tell you, DHS does not have the number of folks----
Ms. Slotkin. Right.
General Stewart [continuing]. In order to carry out all of
the missions that we have given them.
Ms. Slotkin. Right. So then let me just push you a little
bit, because I have only a little bit of time, and maybe Mr.
Warrick, you can answer this. Give us a vision of what
``right'' looks like. We have talked about how on a bipartisan
basis this committee is very supportive of enhancing the
resources that CISA and DHS has generally. Structurally, if you
are king for a day, how do we get from where we are to a better
place?
Mr. Warrick. Every American citizen needs to realize that
they are a source of cyber vulnerability or cyber resilience
and strength. They see the Department of Homeland Security
providing a coordinating mechanism that shares and assimilates
the information that we give back so that if an adversary
starts to attack us we can defend ourselves in microseconds.
That is what the future needs to look like and boy are we not
there right now. You are absolutely right.
Ms. Slotkin. I would just offer in my remaining couple of
seconds that similar to Representative Katko, I think we have
an interesting opportunity to speak as a committee about what
we want to see proactively and I think CISA would welcome this,
right, the opportunity to tell us how they get to ``right''
since they are not resourced the way they need to be now. I
would welcome the opportunity for the DHS officials to come up
here and offer those thoughts so that as we go into planning
for next cycle we can give them the resources they need to
protect us, or help protect us.
Chairman Thompson. We will. We have gotten a confirmation.
The Acting Secretary is scheduled to come on March 3 to defend
the budget. We will look at that. The problem most often comes
is when someone will ask the Secretary, do you have all the
money you need to keep us safe? He will, or she will generally
say, I am here to defend the numbers. We are here.
So we get there but just like we put the additional $350
million in the budget for CISA last time, it was not in the
budget but we put it there. So--and that was all of us working
together to make that happen. So what I'm hearing now is that
in a similar fashion we will have to kind-of take it on
ourselves to do the right thing. Thank you.
The Chair now recognizes the gentleman from Mississippi,
Mr. Guest, for 5 minutes.
Mr. Guest. Thank you, Mr. Chairman. To our distinguished
panel, thank you for being here this morning. I thank you for
what you do each and every day to keep our Nation safe.
General Tata, you provided to us a written statement that
lists forth in that statement what you describe as Soleimani's
legacy of terror. In there you list that Iran has a $26 billion
military budget and that for 3 years Iran, under Soleimani's
leadership, has carried out 3 decades of terror against the
United States. You go on to say that those include resources
that Hezbollah has been provided to attack our allied nation of
Israel in the Middle East.
It talks about him creating money-laundering schemes to
fund terrorism; that following 9/11 that he was responsible for
protecting the bin Laden family as well as al-Qaeda leadership.
More recently we have seen Iran and General Soleimani be
involved in the shooting down of drones, the seizing of oil
tankers in the Strait of Hormuz, the attacks on the Saudi oil
fields, the killing of an American contractor, and the recent
attacks on the United States Embassy in Baghdad.
You go on to state that General Soleimani has killed or
maimed more than 6,500 Americans and that he posed a clear and
present danger to Americans' interests across this globe. You
go on to say more so that he was more dangerous that Osama bin
Laden himself. Then finally you close by saying that
Soleimani's years of zealously targeting Americans and killing
them made him more dangerous than any other terrorist in recent
times. Do you believe that President Trump acted responsibly in
authorizing the strike that killed General Soleimani?
General Tata. I do believe he acted responsibly, quickly,
boldly, and it would have been irresponsible for him not to
act.
Mr. Guest. A matter of fact, you go on in your report to
say not only was--did he act responsibly, but you said he also
acted decisively and proportionally. Would you expand on that
very briefly?
General Tata. Yes, so it was--if you see the pictures,
obviously there was no collateral damage. The 2 high-value
targets were killed which, by definition makes the command and
control of those militias and back to Iran much more
challenging for that state actor and the non-state actor. So,
yes, it was under the use of authorization of use of military
force.
Soleimani was heavily involved in the transporting bin
Laden family and Taliban, and other al-Qaeda members
immediately after 9/11. That's very well-documented and he
hosted them in Tehran for several years afterward. He also
moved Zarqawi from Afghanistan to Iran and then moved him into
Iraq and resourced him. So there is no question that the AUMF
applied to Soleimani and to Muhandis, quite frankly.
Mr. Guest. General Tata, finally, as you close out your
written statement, you say with Soleimani removed from the
equation we have an opportunity to positively reshape the
dynamics in the Middle East toward peace and enhanced homeland
security. Do you believe that our homeland is safer today
following the death of General Soleimani?
General Tata. I do believe the homeland is safer today
because Soleimani and his, you know, morale-building, vast
reach that he has is no longer. Any time that you take out such
a leader with flare and elan and networks, and capabilities,
and resourcing, there is going to be an impact. It may be
weeks, months, years, but there is an impact.
It gives us this opportunity to exploit that impact and say
to Iran we were serious about this. We will deter. We will
defend and do not do this again. Do not allow for these
networks to resurge and become the threat that they once were.
I believe if we do that we may be able to get a discussion
going. We are going to be able to contain them, I think, and
deter them. You know, until the theocracy is gone, I don't have
any illusions that much will change as far as their willingness
to do us harm.
Mr. Guest. Finally, General Tata, do you believe and you
say in your report that with the death of General Soleimani
that this will help move the peace process forward in the
Middle East?
General Tata. No, he was totally counterproductive to the
peace process. That was part of Iran's two-pronged strategy was
to pretend like they were deliberating in good faith and then
to undermine all of our efforts in the Middle East, whether it
is our interests with Israel, whether it is the interest in the
Persian Gulf, whether it is our interests throughout southwest
Asia by using Soleimani to conduct strikes.
So with him gone, we are safer, Congressman, and to add to
some of the previous discussion, I would just say that in the
homeland here I would hope that as we are doing legislation to
make homeland security more robust, Mr. Chairman, that we would
take a look at airports, seaports, railroads, energy systems
and their vulnerabilities with regard to cyber, because now
with Soleimani and all of them gone, this give us a two-pronged
opportunity to reshape in the Middle East and also to make more
robust, as the discussion here has led to, our homeland
security.
Mr. Guest. Thank you, Mr. Chairman. I yield back.
Chairman Thompson. Thank you very much. The Chair
recognizes the gentlelady from California, Ms. Barragan, for 5
minutes.
Ms. Barragan. Thank you. Ambassador Leaf and Mr. Warrick,
what consequences may result from the suspension of
counterterrorism operations against ISIS and how should the
administration be preparing for contingencies at home and
abroad?
Ms. Leaf. Well, Congresswoman, it really depends on how
long this goes and it goes back--endures, and it goes back to
the issue I mentioned at the outset, which is it is quite
critical for us to be navigating the turbulent waters in Iraq
right now and that is quite testing. There is a hard push to
get our mission out. It is incumbent upon us to signal very
clearly, very consistently to--both privately and publicly that
the cost to Iraq of that question, not just to us. But the cost
will be significant. We will lose intelligence. We will lose
the ability to have eyes on the problem.
Mr. Warrick. Representative, every counterterrorism expert
that you could get to come before this panel in or out of
Government will tell you ISIS is planning a resurgence. The
most dangerous thing I would say, speaking for myself, is a
terrorist safe haven from which they can plan attacks, recruit,
train, build capacity, and thereby threaten the homeland. So
the terrorist safe haven is the thing we most need to try to
prevent.
ISIS would like to establish one in eastern Syria or
western Iraq, and that is a mission that I think we would
neglect at our peril. So I--that would be the most important
thing I think we need to be focused on, is trying to help the
Iraqi government build up the capabilities so that it can do
that mission eventually by itself. But they are certainly not
there yet.
Ms. Barragan. Great. One of my concerns has been we have
seen over the last several years a focus by the administration
on immigration. It has been such a focus that it feels as
though they have been taking away focus and efforts in other
parts of homeland security and other departments. We have also
seen the President diverting funds from the military to build
his border wall. He has been diverting billions of dollars.
In September there was a report that in Virginia the
State's cyber operations facility at Joint Base Langley will
lose $10 million, just to give you an example. So here we are
talking about cyber threats and we are talking about the
potential increase, and there is money that is being diverted
away from places like the cyber operations facility.
Does anybody on this panel want to comment about whether
the diversion of any funds from places like the cyber
operations could pose an additional danger, given that they
have less funding?
General Stewart. Maybe it is built into my intel DNA that I
am hesitant to comment on policy decisions, but any time you
strip away capabilities, personnel, from an area like
cybersecurity, that increases our risk and our vulnerabilities
and risk. It is probably not something I would do.
Ms. Barragan. OK. Anybody else? I mean, I think generally
speaking if you are investing less money into cyber operations,
that is going to result in less information and preparation. Is
that accurate?
Ms. Leaf. I am not an expert in this, Congresswoman, but
what I want to go back to is this issue of are we safer today.
I do not believe we are safer today, because I believe this is
but a pause in this cycle that we are in that we have been in
with the Iranians for decades. One of the Members of the
committee asked words to the effect of why did deterrence fail,
when did it fail?
It has failed over a period of time and when you have a
combination of this long-running cycle between the United
States and Iran and you have deterrence that shreds over time,
and specifically, I am looking back at last summer when the
Persian Gulf provided sort-of a testing theater for Iran.
So I have no doubt that there is still payback to come from
Iran notwithstanding that Soleimani is gone. He was the
national hero. He was ``like this'' with the supreme leader.
The supreme leader has put himself on the record that that
missile strike is not enough. So cyber is the logical arena.
Ms. Barragan. Well, thank you. Thank you for bringing that
up. That was going to be one of my next questions. Is this the
end of the revenge phase?
I happen to represent the port of Los Angeles which is the
busiest port. It touches every Congressional district and they
have had their own attacks on cyber operations, and this just
increases that ability. They can't just fend for themselves. We
need--the Government is helping create some of these situations
and making it worse. We need to help them and invest. Thank you
all for being here and for your testimony. I am out of time. I
yield back.
Chairman Thompson. Thank you very much. The Chair
recognizes the gentleman from Louisiana, Mr. Richmond, for 5
minutes.
Mr. Richmond. Thank you, Mr. Chairman. Brigadier General
Tata, let me just go back, and I am not trying to argue but I
think there is some inconsistencies. You said that we are safer
today because Iran was in the position to start selling weapons
in a couple of years. They would be able to buy and import
centrifuges and all those things and that they would never live
up to a deal.
Then you went on to say now because of the killing and
sanctions, that you believe that now is the time that they will
enter into discussions. Well, either they are untruthful and
they are never going to abide by a deal, or either they will.
It is not based on who crafts the deal, whether it is President
Obama or President Trump. Either they are good-faith actors or
they are not. I have no reason to believe that they are.
However, I think we had the entire international community
on our side under the Joint Comprehensive Plan. But let me ask
another question. This is not a ``got you''.
I have 20 years in elected office and there is some things
I hear over and over again that is just plain foolishness that
makes us less safe. So one of the mantras from the other side
is we have to do more with less. Can we protect more airports
with less TSA agents? Anyone think we can? Does anyone think we
can protect our internet, our local governments and our cyber
space with less money or less employees?
General Tata. Well, Congressman, since you----
Mr. Richmond. Less resources?
General Tata [continuing]. Address to me I'd like to
clarify something you said that I said which I said we are more
safe today because we have killed Iran's chief exporter of
terror, Soleimani and Muhandis, his chief executor of terror.
So the--I believe that leadership matters and decisions matter
with regard to capabilities. They are willing and able. They
are less able today because the command and control of their
chief terror network is gone.
Mr. Richmond. I didn't bring that part up. I just brought
up the openness, willingness to honor and do a deal, but I want
to be clear because I want the American people to understand
that Government has responsibilities. Part of those
responsibilities, we are not just tax-and-spend Democrats.
We want to protect the homeland and you can't do it with
less resources. So what I am asking you all, please, raise your
hand if you think we can protect this space with less
resources.
Mr. Warrick. Representative Richmond, no, quite the
contrary. Secretary John Kelly, General Kelly, four-star marine
with whom I had worked when we were both in Iraq and I proudly
served when he was the Secretary of Homeland Security, famously
told us in public and in private that the idea of doing less
with less, or doing more with less, rather, is in almost all
cases a fantasy. I would agree with Secretary Kelly on that
view. I think as stewards of the purse of the American public
it is your duty as Members of Congress to make sure that money
is spent wisely and well, and that officials are held
accountable for providing results the way American citizens----
Mr. Richmond. Reclaiming some of the time, but the point is
that in this critical space more resources are critical success
in defending our cyber space. They only have to get lucky once,
and we have to be successful 100 percent of the time.
Let me ask you another question. Do you think that the lack
of stability in terms of leadership at DHS causes some
potential for concern?
Mr. Warrick. Yes, absolutely. I am very concerned as all of
us who have served in the Department know there are enormous
advantages and especially when you come to the kind of
strategic rethinking of the Department that can really best be
done by senior officials and including political appointees who
are confirmed in their positions by the Senate.
I would hope that as--actually, I believe it was
Representative Higgins made this point at a hearing yesterday
that this is enormously important for the Department to have
more leadership confirmed by the Senate.
Mr. Richmond. Very quickly, to the two generals, do you
think it is important, and do you think it is lawful for there
to be a clear policy that answering cyber attacks doesn't
necessarily have to be responded to with a cyber attack? I
mean, can a cyber attack be so damaging to the United States
that physical force response becomes appropriate and lawful?
With that I yield back, Mr. Chairman.
General Stewart. I do not believe that the signal should be
a cyber attack will result in a counter cyber attack. That all
options should be on the table depending on the severity of the
cyber event. Though kinetic action is certainly appropriate as
a response to the cyber attack.
General Tata. I agree with General Stewart.
Chairman Thompson. Thank you, very much. The Chair
recognizes the gentleman from Rhode Island, Mr. Langevin, for 5
minutes.
Mr. Langevin. Thank you, Mr. Chairman. I want to thank our
witnesses for your testimony today as well as your service to
the country. Before I begin my questions, I will say this on
the issue of Soleimani. I don't regret for a minute that he is
gone from the face of the planet. He was a murderer, a
terrorist and a significant danger to the National security of
the United States. The one problem I do have is with the
overall lack of strategy, a strategic view of a strategy from
this administration. That is the problem. They too often
confuse tactical victories or decisions with somehow achieving
strategic success and it doesn't always add up that way.
I hope in the long run that we are safer as a result of
Soleimani gone. I guess we are going to have to wait to see
over time. General Stewart, good to see you again. It took me a
minute to recognize you with the beard, but looking very
distinguished. I think you for your service to the country and
the many years that you and I have had interaction together.
To you and Mr. Warrick, I want to discuss the Iranian cyber
threat and trying to better coordinate between U.S. Government
activities and the private-sector owners and operators of our
critical infrastructure has certainly been a major focus of the
Cyber Solarium Commission which I am currently serving which is
charged with creating an overall strategic framework guiding
policy document to help better protect the country in cyber
space.
Do you believe that there are clear lines between what
companies should be doing to protect themselves? What
additional steps should they be required to do through
regulation or incentives and what direct steps should the U.S.
Government be taking to protect National assets?
Mr. Warrick. So Representative Langevin, I mean, I am
certainly familiar with the work of the Cyber Solarium, not as
much as you are. At this point I don't think that there is
enough of a clear understanding among the American people as to
what are the responsibilities of the private sector compared to
the Federal Government. I think where we need to end up is a
better understanding upon all citizens as to what their
responsibilities are, because I think people need to do more.
I think the Government is going to have to be a shared
partner in a lot of these activities so that it is not so much
the Federal Government telling citizens what to do, but
citizens and the Federal Government, and State and local
governments all working together toward a shared aim. We did
that before in the 1950's on civil defense. We need to do it
now.
General Stewart. We would not tell any organization in the
private sector if a missile was in-bound on their target that
since it doesn't impact that Department of Defense or the
broader Government, good luck, you are on your own. That is
basically what we told them in terms of--in cyber space. Good
luck, you are on your own. Do the best you can. Harden your
defenses. The cavalry is not coming.
Mr. Warrick. Oh, but here's a brochure.
General Stewart. Here is a wonderful brochure. Call the
following numbers in the event of a crisis. How do we get from
point defense to what General Alexander calls collective
defense? That requires a sharing arrangement, where we are
protecting our Classified but they are also protecting their
proprietary information.
In many cases they are unwilling to share because it is
proprietary that translates to share value. So how do we create
the environment where we can seamlessly share intelligence at a
high enough classification level in a timely enough manner, and
they can share proprietary information and we have an
environment where we have a good give and take between the
private sector and public sector.
There are models, international models that are trying to
do this including sharing information to the private citizens
when they are under attack. We need to accelerate how we do
that and the task forces are not necessarily the answer. They
are not well-developed enough and I'll stop there.
Mr. Langevin. Well, on that point, let me ask you this for
your time at U.S. CYBERCOM and then also work at DHS
respectively, what is your assessment of the interagency
coordination when surging proactive cyber defense activities in
response to either a direct threat or a general time of
heightened tensions?
General Stewart. I have actually seen that improve
significantly, Congressman. Now, I have been away for almost a
year but in some of these specific targets that we have had an
interest, I have seen the interagency collaborate. I have seen
them plan. I have seen the increased authorities that U.S.
cybercommand receives. So that interagency coordination looked
like it was on the right path when I left the pattern in April.
I don't know where it is today, but I saw a significant
progress over the previous year or so.
Mr. Warrick. While I certainly won't dispute the General's
statement that there is progress, I do have a somewhat
different perspective. It starts out from the idea that when
offensive cyber operations are planned, the defensive
specialists are often not in the room, and that kind of thing,
I think, will have to be changed in the future, but that is a
long-term problem. It is--we have got to understand, especially
in the case of Iran that anything we do to them they will do
back at us in some unusual way.
What we need to recognize is that they know when they have
been attacked, and they don't care who attacked them whether it
is us or somebody that may not be us. They can still take it
out on us. So we have to have much better coordination between
our offensive cyber warriors and our defensive cyber
specialists.
General Stewart. If I can just build on that and I concur
about having--it is important as we think the question, are we
safer, that we listen to what the Iranian leadership says. The
artillery strikes are not enough. They can't defend everywhere.
Americans are more vulnerable to cyber threats than any other
Nation because of their high level of dependency on cyber
infrastructure. It is important for us to listen to what their
leaders say.
General Tata. I would just add that in this continuum of
Iranian tax since 1979 that are we safer, we have never been
truly safe and the question is did the Soleimani strike affect
their ability to carry out certain types of attacks. My
contention is that it has.
Mr. Langevin. Thank you all. Thank you, my time has
expired. I yield back.
Chairman Thompson. Thank you very much. The Chair
recognizes the gentleman from Texas for 5 minutes, Mr. Green.
Mr. Green of Texas. Thank you, Mr. Chairman. I thank the
Ranking Member as well. I especially thank the witnesses for
appearing today. Has the extirpation of General Soleimani
created any unintended consequences that are adverse to our
best interest, Ambassador Leaf?
Ms. Leaf. Congressman, I think that will take time to
assess. With all due respect to my co-panelists, I don't agree
that the Quds Force has really been dealt a significant blow.
They are very resilient. I think there is predictability and
method, and rationality to the way Tehran comports itself. So
I--but the unexpected, I think you have to look a bit longer
down the road.
Mr. Green of Texas. Are the consequences of leaving Iraq on
our own volition the same as being evicted, Ambassador Leaf?
Ms. Leaf. Absolutely not. Look, I think it is very
important to recall that within Iraq itself, there is a wide
body of support that did not exist in 2011. There is a wide
body of public support for us to say they well recognize it is
not just a question of the counter ISIS fight and Iraqis are
aware that they do not have that capability yet.
It is also--when we leave, the coalition leaves. There is a
shrinking of engagement with Iraq. Iraq becomes more isolated,
more vulnerable to Iran's pressure. Again, going back to the
issue of what it becomes for the region and I assure you that
our, that our partners around the region are looking carefully
at this question, are we going to get pushed out, are we going
to let ourselves get pushed out?
Mr. Green of Texas. Mr. Warrick, Nasrallah has command and
control capabilities. He has probably one of the largest armies
in the area that is not associated with a State. Is Nasrallah
one of the rogue actors that you would be concerned with?
Mr. Warrick. He is one of the most dangerous actors that we
should concern ourselves with. He is not a rogue, but as both
General Stewart and Ambassador Leaf said, the mission on which
Qassem Soleimani was engaged in when he was killed in a strike
was to build parallel state structures outside of the control
of any government. That is a hugely dangerous proposition for
the United States. This is what is creating the conditions that
create forever wars. It is ironically not the United States. It
is what Qassem Soleimani and his colleagues in the IRGC have
been working on, and that is what makes it so dangerous.
Mr. Green of Texas. The word on the street, to use a
pedestrian term, is that Iran received US$150 billion; that we
gave Iran US$150 billion. Is it true that the money Iran
received was money that we were able to deny Iran for some
number of years?
Mr. Warrick. Yes.
Mr. Green of Texas. It was Iran's money?
Mr. Warrick. Yes, that is legally what it was.
Mr. Green of Texas. Is it true that the $150 billion is
generally perceived by many, including the Treasury of the
United States of America, as an inflated number?
Mr. Warrick. So Representative Green, you happen to have
hit somebody whose wife was in the office of foreign assets
control at Treasury and has worked on this issue for more than
20 years. Those were assets frozen by Presidential order and
were returned after a negotiation. So that is a simple legal
description of what the money was.
Mr. Green of Texas. Thank you. I happen to have
intelligence indicating that $56 billion is the amount the
Treasury has tagged, but continuing with my very last question.
Well, my time is up, but if I had the time I'd ask you about
the safety of American citizens with reference to lone wolves
who tend to act on their own emotions inspired by things that
we can rarely understand, but I will not.
Mr. Warrick. I would say that you would be right in your
concerns that lone wolves are one of the most difficult things
for law enforcement and homeland security to try to prevent.
General Tata. I would just add Congressman, that one thing
that we should really look at is, why did the Iranian military
budget grow by over 60 percent between 2015 and 2018 to $26
billion dollars?
Mr. Green of Texas. Thank you, Mr. Chairman. You have been
more than generous. I yield back.
Chairman Thompson. Thank you very much. Let me thank the
witnesses for your excellent testimony. I think you have gotten
the committee in a good position to make some strong arguments
from a budgetary standpoint that would help shore up some known
vulnerabilities. We plan to use your testimony wisely in that
effort. But we absolutely thank you for your forbearance on the
questions as well as your timely response from them. So thank
you very much.
Ranking Member--well, I ask unanimous consent to submit a
statement for the record from the Jewish Federation of North
America about homeland security concerns related to Iranian
proxies.
[The information follows:]
Letter From the Jewish Federations of North America
January 15, 2020.
The Honorable Bennie G. Thompson, Chairman,
The Honorable Michael Rogers, Ranking Member,
Committee on Homeland Security, U.S. House of Representatives,
Washington, DC 20515.
Dear Chairman Thompson and Ranking Member Rogers: Thank you for
holding this morning's timely hearing on U.S.-lran Tensions:
Implications for Homeland Security. As a major stakeholder for Jewish
communal security, we wanted to share the following for inclusion in
the record of today's hearing.
We understand that the FBI, DHS, and National Counterterrorism
Center released a joint intelligence bulletin \1\ in response to the
recent escalation of U.S.-lran tensions that directly pertains to
Jewish communal security, as summarized below.
---------------------------------------------------------------------------
\1\ JIB: Escalating Tensions Between the United States and Iran
Pose Potential Threats to the Homeland, 8 January 2020 (IA-41117-20).
---------------------------------------------------------------------------
If the government of Iran (GOI) were to perceive actions of the
U.S. Government (USG) as acts of war or existential threats to the
Iranian regime, the GOI could act directly or enlist the cooperation of
proxies and partners, such as Lebanese Hizballah. Based on previously
observed covert surveillance and possible pre-operational activity, the
GOI or its violent extremist supporters could commit attacks in
retribution, with little to no warning, against U.S.-based Jewish
individuals and interests among likely targets.
In recent years, the USG has arrested several individuals acting on
behalf of either the GOI or Lebanese Hizballah who have conducted
surveillance indicative of contingency planning for lethal attacks in
the United States against facilities and individuals. In one instance,
an agent of the GOI arrested in 2018 had conducted surveillance of a
Hillel Center and the Rohr Chabad Center, Jewish institutions located
in Chicago, including photographing the security features surrounding
the Chabad Center.
Given the tenor of this assessment, we look forward to continuing
to work with you and the committee to prepare and respond to all manner
of international and domestic threats to the Jewish community.
Sincerely,
Robert B. Goldberg,
Senior Director, Legislative Affairs.
Chairman Thompson. I thank the witnesses again for their
valuable testimony and the Members for all their questions. The
Members of the committee may have additional questions for the
witnesses and we ask that you respond expeditiously in writing
to those questions.
Without objection the committee record shall be kept open
for 10 days. Hearing no further business, the committee stands
adjourned.
[Whereupon, at 12:26 p.m., the committee was adjourned.]