[House Hearing, 118 Congress]
[From the U.S. Government Publishing Office]


                         [H.A.S.C. No. 118-23]

                                HEARING

                                   ON

                   NATIONAL DEFENSE AUTHORIZATION ACT

                          FOR FISCAL YEAR 2024

                                  AND

              OVERSIGHT OF PREVIOUSLY AUTHORIZED PROGRAMS

                               BEFORE THE

                      COMMITTEE ON ARMED SERVICES

                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED EIGHTEENTH CONGRESS

                             FIRST SESSION
                               __________

    SUBCOMMITTEE ON CYBER, INFORMATION TECHNOLOGIES, AND INNOVATION

                                   ON

          CYBERSPACE OPERATIONS: CONFLICT IN THE 21ST CENTURY
                               __________

                              HEARING HELD
                             MARCH 30, 2023


                                     
                  [GRAPHIC NOT AVAILABLE IN TIFF FORMAT]

                               __________

                    U.S. GOVERNMENT PUBLISHING OFFICE
                    
52-420                    WASHINGTON : 2024                                        
  


    SUBCOMMITTEE ON CYBER, INFORMATION TECHNOLOGIES, AND INNOVATION

                  MIKE GALLAGHER, Wisconsin, Chairman

MATT GAETZ, Florida                  RO KHANNA, California
LISA C. McCLAIN, Michigan            SETH MOULTON, Massachusetts
PAT FALLON, Texas                    WILLIAM R. KEATING, Massachusetts
DALE W. STRONG, Alabama              ANDY KIM, New Jersey
MORGAN LUTTRELL, Texas               ELISSA SLOTKIN, Michigan
JENNIFER A. KIGGANS, Virginia        JARED F. GOLDEN, Maine
NICK LaLOTA, New York                PATRICK RYAN, New York
RICHARD McCORMICK, Georgia           CHRISTOPHER R. DELUZIO, 
                                         Pennsylvania

                Josh Stiefel, Professional Staff Member
               Michael Hermann, Professional Staff Member
                    Payson Ruhl, Research Assistant

                            C O N T E N T S

                              ----------                              
                                                                   Page

              STATEMENTS PRESENTED BY MEMBERS OF CONGRESS

Gallagher, Hon. Mike, a Representative from Wisconsin, Chairman, 
  Subcommittee on Cyber, Information Technologies, and Innovation     1
Khanna, Hon. Ro, a Representative from California, Ranking 
  Member, Subcommittee on Cyber, Information Technologies, and 
  Innovation.....................................................     2

                               WITNESSES

Nakasone, GEN Paul M., USA, Commander, U.S. Cyber Command, and 
  Director, National Security Agency/Chief, Central Security 
  Service........................................................     5
Plumb, Hon. John F., Assistant Secretary of Defense for Space 
  Policy, and Principal Cyber Advisor to the Secretary of Defense     3

                                APPENDIX

Prepared Statements:

    Gallagher, Hon. Mike.........................................    31
    Nakasone, GEN Paul M.........................................    49
    Plumb, Hon. John F...........................................    32

Documents Submitted for the Record:

    [There were no Documents submitted.]

Witness Responses to Questions Asked During the Hearing:

    Mr. Gallagher................................................    61
    Mr. LaLota...................................................    61

Questions Submitted by Members Post Hearing:

    [There were no Questions submitted post hearing.]

 
           
          CYBERSPACE OPERATIONS: CONFLICT IN THE 21ST CENTURY

                              ----------                              

                  House of Representatives,
                       Committee on Armed Services,
      Subcommittee on Cyber, Information Technologies, and 
                                                Innovation,
                          Washington, DC, Thursday, March 30, 2023.
    The subcommittee met, pursuant to call, at 8:28 a.m., in 
room 2118, Rayburn House Office Building, Hon. Mike Gallagher 
(chairman of the subcommittee) presiding.

OPENING STATEMENT OF HON. MIKE GALLAGHER, A REPRESENTATIVE FROM 
    WISCONSIN, CHAIRMAN, SUBCOMMITTEE ON CYBER, INFORMATION 
                  TECHNOLOGIES, AND INNOVATION

    Mr. Gallagher. The subcommittee will come to order.
    I ask unanimous consent that the Chair be authorized to 
declare a recess at any time.
    Without objection, so ordered.
    I also ask that our members and witnesses be mindful of our 
three CITI [Subcommittee on Cyber, Information Technologies, 
and Innovation] commandments:
    We start on time. Check.
    We use language that the average American can understand. 
So, please limit the use of acronyms and jargon if you can.
    And we will enforce the 5-minute rule, which also includes 
witnesses' responses.
    So, I will do my best to keep this moving.
    With that, good morning, everyone. And thank you for being 
here today for our hearing on the Department of Defense's 
cyberspace activities. We ask a lot from the Department in this 
space, from securely operating networks and inherently insecure 
weapon systems, to assisting small and large businesses with 
their interaction with the defense industrial base.
    However, more important than anything else is how prepared 
and capable we are to hold our adversaries at risk. I have 
repeatedly expressed my concerns about the Department's pace 
for growing and modernizing the ships, the aircraft, and the 
weapons that are required for a potential fight with China.
    If we accept that we need more time to build the platforms 
required for a kinetic conflict, it is my genuine belief that 
our ability to robustly use information and cyber operations 
should provide us with the opportunity to buy time to maneuver 
for our kinetic forces.
    While there have been some signs of progress, such as the 
first delivery of a budget built through the CYBERCOM [U.S. 
Cyber Command] commander's enhanced budgetary authority, there 
are still wide gaps in where we are today and where we need to 
be very soon.
    There are chronic issues such as force readiness, lack of 
sufficient intelligence support to cyberspace operations, and 
the shortcomings in agile acquisition of cyber capabilities 
that continue to plague the cyber force. These problems aren't 
new. And it is actually remarkable how much effort Congress has 
expended on pulling and pushing the Department to embrace the 
promise of cyber operations.
    Since 2013, Congress has tried to address force design and 
readiness through 24 different pieces of legislation. Twenty-
four. And over that same period we have tried to address the 
civilian and military cyber workforce dilemma 45 times; 
CYBERCOM acquisition matters, 12 times; and defense industrial 
base cybersecurity, 42 times. And the list goes on.
    More frustrating is that the country's collective 
capabilities in readiness are seemingly no better off because 
of it.
    In the words of Albert Einstein, insanity is doing the same 
thing over and over again and expecting different outcomes. So, 
I look forward to hearing why I am not insane from our 
witnesses, Dr. John Plumb, serving as both the Assistant 
Secretary of Defense for Space Policy and the Principal Cyber 
Advisor; as well as General Paul Nakasone, the seasoned 
Commander of U.S. Cyber Command.
    And with that, I will recognize the ranking member.
    [The prepared statement of Mr. Gallagher can be found in 
the Appendix on page 31.]

STATEMENT OF HON. RO KHANNA, A REPRESENTATIVE FROM CALIFORNIA, 
      RANKING MEMBER, SUBCOMMITTEE ON CYBER, INFORMATION 
                  TECHNOLOGIES, AND INNOVATION

    Mr. Khanna. Thank you, Mr. Chairman.
    And thank you to our witnesses for appearing before us 
today, and the men and women you represent.
    Thank you, General Paul Nakasone for meeting yesterday and 
for your ideas on recruitment, as well as your suggestions on 
how we can continue to keep our Nation safe from cyberattacks.
    Our adversaries continue to use cyberspace to conduct 
malicious activities against the United States, its allies, and 
its interests. These include Iran, Russia, and China. I applaud 
the Department of Defense and U.S. Cyber Command for the 
progress that has been made in recent years. Certainly the 
change in posture in the past 5 years has been quite remarkable 
as we have transitioned to a posture of defend forward.
    But we certainly still have work to do. China aggressively 
uses cyberspace to obtain economic advantage and gather 
sensitive information. Also, unfortunately, the CCP has been 
the prime mover of a lot of trade secret theft, IP 
[intellectual property] theft, which I am particularly aware of 
given that companies in my district in Silicon Valley have been 
the targets.
    Russia continues to engage in malicious activities to 
achieve its ends.
    And the governments of Iran and North Korea, as well as 
malicious and profit-motivated actors, continue to act to 
further their own interests.
    Our cyber forces are engaged every day in the whole-of-
government effort to defend the country. And given our 
decentralization and our focus on privacy, this task is harder 
for us than for many other nations.
    With these growing threats then must come increased 
attention. I appreciate that we are going to be supporting the 
Cyber Command in this President's budget, especially in areas 
of force readiness, training, and support for partners and 
allies in efforts such as hunt forward.
    The committee is tracking challenges associated with 
growing, retaining, and training the force. And I want to make 
sure we can continue to discuss that effort in greater detail. 
I look forward to some creative ideas you may have of how our 
committee can help the recruitment of first-class talent in 
technology.
    As I said to the general, I want to make sure that some of 
the most talented folks aren't just going to IPOs [initial 
public offerings] and they become multimillionaires, but also 
serving the country.
    I also hope to hear about the command's service-like 
authorities, including enhanced budget control.
    Thank you. And with that, Mr. Chairman, thank you for 
convening the hearing, and I yield back.
    Mr. Gallagher. Dr. Plumb, you are recognized for 5 minutes.

STATEMENT OF HON. JOHN F. PLUMB, ASSISTANT SECRETARY OF DEFENSE 
FOR SPACE POLICY, AND PRINCIPAL CYBER ADVISOR TO THE SECRETARY 
                           OF DEFENSE

    Dr. Plumb. Well, thank you, Chairman Gallagher. Thanks, 
Ranking Member Khanna, and distinguished members of the 
committee.
    Good morning. Thanks for inviting me to testify on the 
Defense Department's cyber posture. I am honored to appear 
alongside General Nakasone.
    As Secretary Austin said from his first days in office, the 
People's Republic of China is the Department's pacing 
challenge, while Russia remains an acute threat. This is as 
true in cyberspace as it is in any other warfighting domain.
    For decades, China has used its cyber capabilities to steal 
sensitive information, intellectual property, and research from 
U.S. public and private sector institutions, including the 
defense industrial base. Today, in competition, China's cyber 
intrusions are the most prolific in the world. In crisis, PRC 
[People's Republic of China] leaders believe that achieving 
information dominance will enable them to seize and keep the 
strategic initiative; disrupt our ability to mobilize, to 
project, and sustain the joint force; and to ensure the PRC's 
desired end state.
    Russia engages in persistent malicious cyber activities to 
support its global espionage campaigns, steal intellectual 
property, disrupt critical infrastructure, and promote 
disinformation. Russia has also demonstrated it has used cyber 
as a key component of its wartime strategy. At the outset of 
its full-scale invasion of Ukraine in early 2022, Russia 
conducted cyber operations against Viasat, a U.S. satellite 
company, to degrade the command and control of the Ukrainian 
forces and enable Russian maneuvers.
    Other persistent threats arise from North Korea, from Iran, 
and from transnational criminal organizations. Together, our 
adversaries use cyberspace to conduct operations against the 
Department of Defense Information Network, the DODIN, and the 
U.S. homeland. They do this to weaken our allies and partners 
and to undermine U.S. interests.
    Since 2018, the Department has recognized that it is not 
enough to maintain a defensive posture while preparing for 
conflict. We also must defend forward to meet our adversaries 
and disrupt their efforts in competition. That is the day-to-
day struggle.
    Today, the Department campaigns in and through cyberspace 
to sow doubt among our competitors. We conduct intelligence-
driven hunt forward operations to generate insights into our 
competitors' tactics, while defending U.S. allies and partner 
computer networks. And we disrupt malicious cyber actors 
through offensive operations.
    The Department is also prioritizing capacity-building 
efforts for our allies and partners, who serve as a strategic 
advantage and a force multiplier that our adversaries can never 
hope to match.
    The President's fiscal year 2024 budget request prioritizes 
investments in all aspects of cyberspace: our people, our 
organization, our operations, our intelligence, and our 
capabilities. The request includes $13.5 billion for cyberspace 
activities, which is an increase of $1.8 billion from the 
enacted level in fiscal year 2023.
    These investments will enhance the Department's 
cybersecurity; they will increase capacity for cyberspace 
operations; they will advance research and development 
activities for new cyber capabilities.
    The budget requests $7.4 billion for cyberspace operations, 
including nearly $3 billion for U.S. Cyber Command. These 
resources will go directly to supporting our Cyber Mission 
Forces, protecting the homeland, and addressing the threats 
posed by our adversaries in cyberspace.
    And, I will just say, Chairman Gallagher, I do think we are 
better off. And we are getting better every day. And I think 
[with] the help from the Congress and the continued 
investments, we are more prepared, we are more effective, and 
we are integrating cyber more and more into our operations.
    Operating in cyberspace today is an essential part of the 
Department's ability to deter aggression and ensure our 
Nation's security. Our adversaries continue to extend and 
evolve their cyber capabilities. They are exercising them in 
both competition and conflict to degrade our advantages and 
increase their own.
    The Department is committed to strengthening both our 
defensive and offensive cyber capabilities, and to maturing our 
cyber forces in partnership with this committee.
    So, thank you for your tireless support of the Department. 
And I look forward to your questions.
    [The prepared statement of Dr. Plumb can be found in the 
Appendix on page 32.]
    Mr. Gallagher. Thank you.
    General Nakasone is recognized for 5 minutes.

 STATEMENT OF GEN PAUL M. NAKASONE, USA, COMMANDER, U.S. CYBER 
COMMAND, AND DIRECTOR, NATIONAL SECURITY AGENCY/CHIEF, CENTRAL 
                        SECURITY SERVICE

    General Nakasone. Chairman Gallagher, Ranking Member 
Khanna, and distinguished members of the committee, I am 
honored to testify beside Assistant Secretary Dr. John Plumb. 
Joining me today is Command Sergeant Major Sheryl Lyon, the 
U.S. Cyber Command and NSA [National Security Agency] Senior 
Enlisted Leader.
    We are honored to represent the military and civilian 
members of U.S. Cyber Command.
    In the contested cyberspace domain, U.S. Cyber Command acts 
against foreign adversaries that threaten our Nation through 
malicious cyber activity, and enables actions by our Federal, 
private, and allied partners. Last fall, a combined U.S. Cyber 
Command/NSA election security group countered malicious cyber 
actors and oversaw measures to enable the Department of 
Homeland Security and the FBI [Federal Bureau of 
Investigation], among other domestic partners, to defend the 
recent midterm elections.
    The 2022 election cycle proceeded from primaries to 
certifications without significant impacts due in part to our 
effort.
    Going forward, success for U.S. Cyber Command will be 
measured how effectively foreign adversarial actors are 
prevented from achieving their strategic objectives. Last year 
saw significant maturation for U.S. Cyber Command, but our work 
is not done.
    In 2023 we must continue to focus on our people, our 
partners, and our ability to deliver decisive advantage. We 
must improve readiness, bolster our reliance--or, I am sorry, 
bolster our resilience and maintain a culture of continuous 
improvement.
    We will continue to deliver warfighting advantage for the 
joint force and allied partners through competition, crisis, 
and conflict. We are doing so by executing our unique 
authorities to build and sustain campaigns in and through 
cyberspace and the information environment. Through these 
efforts we seek to counter adversaries in competition, to deter 
conflict, and to prevail against aggression.
    Aligning efforts of both U.S. Cyber Command and NSA is 
essential to achieving these goals and is in the best interests 
of the Nation and national security.
    It all starts with people--the men and women of U.S. Cyber 
Command working with NSA and partners here and abroad. We win 
with people. The men and women of United States Cyber Command 
are grateful for the support [that] this committee and Congress 
has given to our command.
    I look forward to answering your questions.
    [The prepared statement of General Nakasone can be found in 
the Appendix on page 49.]
    Mr. Gallagher. That was a very efficient opening statement.
    We will now move into the Q&A [question and answer] portion 
of the hearing.
    Dr. Plumb, last year's NDAA [National Defense Authorization 
Act] authorized a new Assistant Secretary of Defense for 
Cyberspace Policy. I am confident that the Senate is ready to 
rapidly confirm a nominee. Had many conversations to that 
effect. Can you explain why we are not seeing one?
    Dr. Plumb. Yes, sir.
    So, the Department has taken the language from the 2023 
NDAA and we are trying to make sure that we create ASD 
[Assistant Secretary of Defense] Cyber in a deliberate manner 
that has the most positive effect.
    So, what we are doing is following the template that was 
used to create my current position, ASD for Space, which is 
putting a FFRDC [federally funded research and development 
center] on contract to examine what is the proper structure, 
are there different pieces required, what things should be in 
this cyber ASD-ship and not--we are looking at components of 
electronic warfare, components of information warfare, what 
should belong.
    That is on contract now. We expect that that study should 
be done around September.
    But we are moving forward on it, we just want to do it 
right.
    Mr. Gallagher. So, the earlier time in which we would see a 
nominee would be after the report in September?
    Dr. Plumb. To be totally fair, that is above my pay grade, 
but that is what I would anticipate. Yes, sir.
    Mr. Gallagher. Okay. That is disappointing.
    We sat down a few weeks ago and you talked about just the 
number of reports that are foisted on you by Congress. On one 
level I agree, I think we insert far too many reporting 
requirements into the NDAA and it just sort of grows and grows 
without sort of cleaning out the number of reports that don't 
actually get read.
    On the other hand, we do it to draw attention to 
significant issues that we think are important, without 
actually having to micromanage the Department with statutory 
language.
    And the best way to avoid reports is to provide us quick 
but comprehensive answers to the questions that we are asking 
the Department.
    Do you happen to know how many reports that are related to 
cyber that the Department of Defense is delinquent on right 
now?
    Dr. Plumb. I don't have an exact number. I would imagine it 
is around 10.
    Mr. Gallagher. It is 15 reports; 15.
    So, I just would submit there has got to be a better way we 
can get answers to these questions. And I am happy to work with 
you and your team to come up with that solution. Because the 
current posture, in my, in my view is unacceptable.
    And speaking of reports, you produced the 2022 Cyber 
Posture Review. That was a congressionally mandated document to 
be produced every 4 years. Three years ago we said that the 
Cyber Posture Review needed to include an assessment, ``an 
assessment of the potential cost, benefits, and value, if any, 
of establishing a cyber force as a separate uniformed 
service.'' Yet, when we got the document it did not include 
that assessment.
    Why is that? Why did DOD [Department of Defense] ignore 
that requirement from Congress?
    Dr. Plumb. So, first of all, no intentional ignoring of any 
provision of the law there, that oversight. I will dig into how 
that happened.
    But I will say this, Congressman, we are working hard on 
answering that problem. It has been tasked in the fiscal year 
2023 NDAA as part of section 1533 of the force generation 
study.
    I have been involved in conversations with your staff on 
making sure that that study is going forward. I think it is a 
good study. I think it gives us enough time to look at. And I 
think it is really important. And one of the things it required 
us to explore, among other options for force generation, is a 
cyber service.
    Mr. Gallagher. I get that. And I understand that where you 
stand depends on where you sit. But it is not the prerogative 
of the Department to decide which part of the congressional 
mandate you get to comply with or, hey, we will answer it--we 
will answer it in a different report at a different time. We 
wanted that assessment in the Cyber Posture Review.
    So, I would appreciate you getting back to my team on why 
that didn't happen, just so we can improve this process of 
reporting and answering going forward.
    [The information referred to can be found in the Appendix 
on page 61.]
    Mr. Gallagher. How do you think about retention? It is my 
understanding that over the last year the Office of the 
Principal Cyber Advisor has had at least seven civilians 
depart, that is about 75 percent of the office's total civilian 
roster.
    Is that a concern of yours? How do you think about 
improving retention?
    Dr. Plumb. It is a concern of mine. I think, frankly, 
that--I think creation of the ASD Cyber will help solve some of 
that problem. But I am digging into that in my role as PCA 
[Principal Cyber Advisor] right now. And it is an issue I am 
determined to get after.
    Mr. Gallagher. Okay. I look forward to following up on that 
and the other issues that I raised.
    And I now recognize the ranking member for 5 minutes.
    Mr. Khanna. You know, when I first got to Washington they 
said no one reads in Washington more than one page. The 
chairman is an exception to that rule.
    But I support the effort to have reports and responsiveness 
because I think that is the essence of democracy and oversight. 
So, will look forward to working with you on that, Mr. 
Chairman.
    Let me ask you, Dr. Plumb, given your testimony on the 
CCP's cyber threats, how much of a threat do you think TikTok 
poses to the United States from a cybersecurity perspective?
    Dr. Plumb. Ranking Member, I would say that when we think 
about TikTok as a potential threat vector, the things that come 
to mind are, one, the scale. I mean, just a tremendous number 
of people in the United States use TikTok.
    And, two, the control that China may have to be able to 
direct information through it, [serve] as a misinformation 
platform. And then, of course, the data that it can collect.
    So, it is the scale of it I think that is problematic 
really for us.
    Mr. Khanna. And what do you think should be done about 
that?
    Dr. Plumb. That is a great question. I know everyone is 
considering it.
    I think we need to be aware of these various threats and be 
able to quantify them, and be able to take action against them.
    I know that is somewhat of a vague answer, sir, but I don't 
know if I have the exact answer for you right now.
    I might ask General Nakasone if he has thoughts on that.
    General Nakasone. Ranking Member, coming back to your 
question, if you consider one-third of the adult population 
receives their news from this app; one-sixth of our children 
are saying they are constantly on this app; if you consider 
that there is 150 million people every single day that are, 
obviously, touching this app, this provides, you know, a 
foreign nation a platform for information operations, a 
platform for surveillance, and a concern we have with regards 
to who controls that data.
    The Department has already, as you know, banned the use of 
that application on our phones. I think the broader discussion, 
obviously, rests with the policymakers now. But certainly this 
is a piece that our Nation has to consider.
    There are going to be other applications like this. And we 
are going to have to have some type of policy that protects 
both our ability to, obviously, to see materials but also 
protects us from an adversary's ability to conduct surveillance 
and information operations against us.
    Mr. Khanna. Is it fair to say you view that TikTok has a 
different order of threat than an American company on social 
media?
    General Nakasone. I do. I mean, if you consider the fact 
that the difference between an American company and our 
government, there is a clear separation in terms of what goes 
on there. If you take a look at an application like this that a 
nation has already said that they are going to be able to touch 
the data at any time they want to touch this data, this 
concerns--this concerns me, and certainly concerns most people 
as they look at this.
    General Nakasone. General Nakasone, when we spoke you had 
an interesting idea about scholarships, specifically in STEM 
[science, technology, engineering, and mathematics] fields or 
in fields that could be of use in AI [artificial intelligence] 
and quantum computing for the services. Could you speak to that 
and provide maybe some suggestions of what we would do as a 
committee on that?
    General Nakasone. One of the things that this committee and 
the broader Congress has done is to create programs like 
Scholarships for Service that has been tremendously helpful for 
organizations like U.S. Cyber Command, but broader 
organizations within our government.
    Artificial intelligence, machine learning, as many, as any 
members have looked at and talked about, is the future for our 
Nation, it is the future for our economy, it is the future for 
our national defense. So, any type of scholarship that would, 
obviously, focus young people on this growing importance of 
this field, where they are able to study it and then perhaps 
give back to any part of the government, I think is something 
that is honorable. I think that is something that our 
government, and certainly organizations like U.S. Cyber 
Command, could benefit from.
    Mr. Khanna. Thank you.
    Dr. Plumb, my final question is how would you assess both 
our offensive and defensive cyber capabilities compared to 
China or Russia?
    Dr. Plumb. I think we are a premier cyber power. I think 
that the United States is, under General Nakasone's leadership 
in particular, developing exquisite capabilities. And I think 
one of our goals looking forward is how do we make sure that we 
can, as I think the chairman said in his opening remarks, work 
to integrate these with maneuver to be able to prevail and win 
in the Nation's wars.
    Mr. Khanna. Yield back.
    Mr. Gallagher. Mr. Luttrell.
    Mr. Luttrell. Thank you, Mr. Chairman.
    General and Doctor, thank you for your service and your 
continued service. Doctor, I understand that you are a 
submariner?
    Dr. Plumb. I was indeed, sir.
    Mr. Luttrell. You are a special breed of human being, sir. 
God bless you for doing that.
    My first question goes to you, Doctor.
    Senior intelligence leaders from Cyber Command have been 
vocal recently about efforts and need to establish a 
foundational intelligence center for cyberspace, no different 
from the National Intelligence Center for the Army and Office 
of Naval Intelligence for the Navy. And, in fact, there is a 
foundational intelligence center for just about every 
warfighting domain.
    What actions have you taken in the Pentagon have 
specifically pushed for this center, if any?
    Dr. Plumb. Thank you for that question, Congressman.
    I do think it will be important for us to make sure that we 
are able to provide our operators with the right foundational 
intelligence to conduct. I think General Nakasone obviously has 
a tremendous part of this.
    We are struggling with this question, both in the 
cybersecurity strategy which is, hopefully, be published in the 
near future. It is not quite through the Secretary yet, but it 
is on its way.
    And then we are also looking at this from a S&T [science 
and technology] standpoint as well. So we are kind of 
approaching from two pieces. We are not there yet. I think it 
is pretty clear that there is a signal that this is a thing we 
need to be working on.
    Mr. Luttrell. [Inaudible] if there are roadblocks we can 
assist with. It seems to make sense and be advantageous for 
something like this to be stood up. So, please let us know.
    Dr. Plumb. Yes, sir.
    Mr. Luttrell. General, do you think JADC2, the Joint All-
Domain Command and Control 2, should be a part or under the 
purview of CYBERCOM?
    General Nakasone. Well, certainly, Congressman, this is 
under the purview of the Department of Defense right now. Where 
we add to it is, obviously, the cybersecurity piece of what 
gets done.
    This is a broader element of command and control, and 
ability to fuse intelligence and operations that extends even 
beyond U.S. Cyber Command.
    We have a significant role ensuring that what we develop as 
a Department is secure and is able to function in the future.
    Mr. Luttrell. Seems like there's redundancy, does it seem 
like if it was to split or come together would it be more 
effective and efficient in your opinion?
    General Nakasone. So, as we move forward, I think as we 
move from design to actually the operational piece, then I 
think the question is where does it reside?
    Right now in the design phase I think it's, it's 
appropriate within the Department of Defense, and within the 
Office of the Secretary of Defense, and certainly within the 
Joint Staff as they move this forward.
    Mr. Luttrell. So, migration would be beneficial in the 
future?
    General Nakasone. It likely will. And I think we will learn 
a lot as we start to implement this in different places, like 
the Schriever Wargames, and Blue Flag, and the National 
Training Center. But we will have a better feel for where it 
actually needs to reside in the future, I think, Congressman.
    Mr. Luttrell. Okay. Can you tell me how much China, Russia, 
North Korea, Iran individually spent on cybersecurity, cyber 
infrastructure this past year?
    General Nakasone. I would have to take that for the record, 
Congressman.
    [The information referred to is classified and retained in 
the committee files.]
    General Nakasone. But I would tell you that one of the 
things that we do see is a rise in both the scope and 
sophistication of our adversaries, both in terms of their 
ability to conduct cyber intrusions and attacks, and their 
ability to defend their data.
    Mr. Luttrell. It seems to me, and both of you can 
appreciate this as well as the other uniformed men and women in 
the room, and my colleagues on the panel with me, is that the 
cyberspace is the next frontier of warfare. No more bombs, 
planes, and guns. It will be a push of a button, in my opinion, 
is how we will be fighting on these fronts.
    I think China is projected to spend $31 billion by 2026. 
And, yet, I think what are we spending, 13?
    And I think my statement for the record would be we need to 
be spending more on cyber risk, cyber threat, cyber control on 
our side, given the advancements of the nefarious actors around 
the globe.
    Would you agree with that statement?
    General Nakasone. So, Congressman, as a combatant commander 
I would probably never disagree with more resources.
    Mr. Luttrell. Okay.
    General Nakasone. But what I would say is that as we take a 
look at the future--and you highlighted this--this is the 
future of where we need to be able to operate in all domains. 
We are seeing this in Russia/Ukraine right now: How do you 
combine what we do non-kinetically with what goes on 
kinetically?
    There will always be a fight on the ground, or the air, or 
the sea, but there also is going to be a fight that is going to 
take place in cyberspace and space. And that is one of the 
things that I think Russia/Ukraine has demonstrated to us.
    Mr. Luttrell. Okay. I appreciate you saying that. And I 
hope you are well aware that if, inevitably, when something 
clacks off it will be you all that most likely will be on the 
front lines.
    So, again, thank you.
    I yield back, sir.
    Mr. Gallagher. Mr. LaLota.
    Mr. LaLota. Chairman, thanks so much.
    Gentlemen, thanks so much for being here and for your 
staffs for participating today.
    Gentlemen, as you both know, in 2018 the U.S. Cyber Command 
was elevated to a unified combatant command, having been 
previously operating under U.S. Strategic Command since 2009. 
Cyber is a fairly recent, complex, and critical strength and 
vulnerability for the U.S. And Space Force is also a very 
recent addition as well, having been established in 2019.
    And while I understand the complexities of establishing and 
ironing out the nuances of these new commands, Dr. Plumb, in 
prior statements made to our colleagues in the Senate you heard 
and personally spoke to the criticality of legislation for 
Space Force, specifically section 1602 of the fiscal year 2022 
National Defense Authorization Act, which designates the Chief 
of Space Operations as the ``force design architect'' for 
space.
    So, my question, Doctor, is should such a designation be 
considered for cyberspace as a warfighting domain on par with 
space?
    Dr. Plumb. Congressman, to make sure I understand the 
question, you are asking if we need a cyber warfare architect?
    Mr. LaLota. Yes.
    Dr. Plumb. I guess I would have to think through what that 
would mean. I feel like it would be General Nakasone in 
[inaudible] as Cyber Command.
    I guess I just--that is a new question for me. I would be 
happy to take that for a look-up.
    [The information referred to can be found in the Appendix 
on page 61.]
    Dr. Plumb. I think the fundamental question would be would 
it change anything or would we already be doing it and then 
we----
    Mr. LaLota. Are we on the right track right now 
organizationally?
    Dr. Plumb. I think we are on the right track. We are 
investing in our joint cyber warfare architecture in this 
budget, and have continued to do so and making sure that is 
modernized. And I feel like we are on the right track.
    The General may have some pieces to add. But I think we are 
going in the right direction. I am not sure that that 
designation would change that at all.
    General Nakasone. So, Congressman, you hit a very important 
date, 2018. When not only the fact that U.S. Cyber Command is 
elevated to strategic--or to a combatant command, but the fact 
that authorities, policies, and capability come together in 
2018. We demonstrate that in the defense of the 2018 midterm 
elections.
    And then as you see everything afterwards, whether or not 
it was ransomware, whether or not it was actions against other 
adversaries, whether or not it is election security, this is 
the key starting point. And the--one of the big things that we 
were the beneficiaries of was this committee's decision in the 
fiscal year 2019 NDAA to call cyber a traditional military 
activity. That allowed us to conduct operations like hunt 
forward operations.
    This is tremendously important.
    I think what you are also talking about is that the work 
isn't done. And so, when you think about cyber, we need to make 
sure that a simulation capability, much in the same way we have 
in other domains, is resident within cyber to include and to 
reinforce the advances we have already made.
    Mr. LaLota. Thank you.
    And following up on organizationally how we are proceeding, 
Dr. Plumb, to you, the Assistant Secretary of Defense for 
Special Operations and Low-Intensity Conflict is responsible 
for information operations. But the Assistant Secretary of 
Defense for Space Policy is responsible for cyberspace 
operations.
    So my question is, can you explain the logic as to why 
these two separate chains are established for operations within 
the same informational environment?
    Dr. Plumb. Yes. Thanks, Congressman.
    First of all, military operations, the chain of command, of 
course, is through COCOMs [combatant commands] and through the 
Secretary. The policy oversight piece, and then sometimes, so 
for instance ASD SO/LIC [Assistant Secretary of Defense for 
Special Operations and Low-Intensity Conflict] has some 
secretarial-like authorities over SOCOM [U.S. Special 
Operations Command].
    But information operations are not just the purview of 
cyber. Cyber is one vector for information operations. It is 
certainly not the whole piece.
    So, I actually think that the split does, does make sense 
when you take that into account.
    Mr. LaLota. Thank you. Appreciate that.
    And my last question is for the general. General, how do 
you envision the Cyber Mission Force and the Cyber Operations 
Force maturing over the next 3 to 5 years?
    General Nakasone. Congressman, we began with a force 133 
teams. The Secretary in the summer of 2020 authorized 14 new 
teams to be built. Congress has authorized funding for that. 
So, we are in the build of 14 more teams.
    So, I think the first part of it is greater capacity. We 
are on a road to have more teams to be able to do more 
missions.
    Secondly is clearly being able to play to our strengths. 
What is our competitive advantage? Our competitive advantage is 
information, so, being able to further leverage artificial 
intelligence, machine learning.
    And the third piece is, it is all about our partnerships. 
This is what we have learned. It is not only the partnerships 
with the National Security Agency but, broadly, how do we 
partner with FBI and CISA [Cybersecurity and Infrastructure 
Security Agency]? How do we look at a series of international 
partners that provide our Nation greater capacity and, most 
importantly perhaps, how do we partner with the private sector?
    This is what we have learned in Russia/Ukraine; the power 
of partnering with the private sector provides our Nation a 
tremendous advantage that no other nation has.
    Mr. LaLota. Thank you. And I will just close by saying I 
join with my colleague from Texas in the thought that you are 
on the front lines of our next biggest battle. And we 
appreciate the work that you are doing.
    I yield, Mr. Chairman.
    Mr. Gallagher. Doctor, Marine, Soldier McCormick.
    Dr. McCormick. Thank you, Mr. Chairman.
    In medicine we talk about a scotoma as being a blind spot. 
In business when you talk about it, it could be something that 
you just get used to and you forget that it is there, and only 
the new guy coming in can see it.
    And when we talk about the military and its preparedness, 
one of the things that concerns me is that, especially in this 
arena because it is so quick moving, and we are watching China 
in so many other ways go after our resources, go after critical 
alliances, they are outpacing us in port production and 
valuable resources that we are not going to be able to get to 
pretty soon. What do you think that they are going to do to try 
to cut us off?
    In other words, what would--what should we be looking at as 
a blind spot in preparedness to outpace the Chinese and the 
Russians when it comes to preparing for the next battle in 
cyber?
    General Nakasone. I'll take that.
    So, Congressman, I think it is all about information. I 
think this is, this is where our competitive advantage is 
today, and our competitive advantage in the future needs to be 
information.
    How do we take the information from our most sensitive 
sources? How do we take the information from the private 
sector? How do we take the information from a series of 
partners?
    This is what we have done for many, many years. This is 
what we have demonstrated as a kinetic force. This is the same 
power that we need to continue to demonstrate as a non-kinetic 
force.
    When I think about China and Russia, you know, our ability 
to stay ahead of them in areas like artificial intelligence and 
machine learning, in a series of partnerships, and being able 
to leverage the private sector, this is what we must continue 
to do. That is, that is the blind spot we never can kind of 
look away from. We have to make sure that we are watching this 
very carefully.
    Dr. McCormick. So, one of the things I notice when we talk 
about investing in the future, and I was looking at colleges, 
for example, and how much money we as the government put in, 
about half versus the civilian. Which I really appreciate your 
comment on combining civilian with military resources to 
advance our technologies.
    But one of the things that concerns me is we have a lot of 
foreign students over here that we are paying the bill on both 
through the civilian and government agencies to educate. And 
then some of them are returning back to China. Some are staying 
here from China in America.
    But we have had problems with this in the past as far as 
giving up our data to other countries that are pilfering. They 
are putting a tremendous amount, just like Congressman Luttrell 
said, they are putting a tremendous amount of assets to develop 
their own, and then they are coming over here in my, my 
opinion, they are stealing our information.
    And sometimes we are just giving it to them in our highest 
educated universities. I was a professor at Georgia Tech and I 
participated in an investigation and somebody who got put in 
jail over that same exact thing. How do we protect our 
information from being stolen when we do education like that?
    And I will leave that for Dr. Plumb.
    Dr. Plumb. Well, sir, I guess I would say that, one, I am 
in certainly no position to comment on university hiring 
practices. But I will say that when it comes to classified 
information or the information in our defense industrial base 
we need to make sure we have proper vetting for anyone to make 
sure that they are not some type of a threat. And it doesn't 
really matter where they are from for that situation. It really 
depends on if we are doing a proper vetting.
    And then the second part would be to make sure that the 
information we are trying to protect, that we are doing the 
most modern things to do so, moving towards zero trust, making 
sure we have two-factor authentication, or whatever the latest 
requirements are. But just a lot of cyber hygiene is 
democratized all the way down to the lowest level.
    And it is a hard problem. It is one of the things the 
government is trying to get after by sharing more information 
with private industry and with universities on how to protect 
this information to make sure these things don't happen at the 
scale you are suggesting.
    Dr. McCormick. Okay, thanks.
    My final is just organizationally. I had somebody stop by 
my office and talk about a department in cyber. And I know this 
has been brought up already. But do you think it would be 
better, if it had to be folded under a department, kind of like 
you have the Department of Navy and Marine Corps, do you think 
it would be better folded under an Army or under Space? Because 
just given its intellectual capacity and its application to 
outer space now, would it be better to be folded under or a 
separate standalone department?
    Dr. Plumb. Congressman, I think you are asking about 
whether we should form a cyber service and, if we did, where it 
would nest.
    I guess I would say that I think, you know, first of all, 
we are taking a hard look at whether should we form a cyber 
service to provide the best effective cyber operations. I think 
our focus should be how do we get after the threat most 
effectively with these taxpayer dollars. And that threat in 
particular is that of China.
    So, I think that is really how we should focus these--our 
thoughts and our approach.
    Dr. McCormick. So, standalone or fold under a certain 
department that already exists?
    Dr. Plumb. I would not want to get ahead of any decision 
that really rests with the Secretary.
    Dr. McCormick. Just a recommendation. I was just curious.
    Okay, thank you. With that I yield.
    Mr. Gallagher. The gentleman from Massachusetts, Mr. 
Keating.
    Mr. Keating. Thank you, Mr. Chairman.
    Thank you very much for being here this morning.
    General Nakasone, last year you briefed us about your hunt 
forward efforts in Ukraine in advance of the Russian invasion. 
Now, looking back, having a little period of time to look back, 
how successful do you think those efforts have been to date?
    And how do you gauge the success in Russia countering what 
you are doing in that respect?
    And is there anything at all that surprised you with this 
experience?
    General Nakasone. Congressman, if I might just take a step 
back. Hunt forward operations began in 2018 as we started to 
think about how do we secure our Nation's elections.
    And one of the bright ideas from a young captain, said, 
hey, why don't we send a team of 8 to 10 military members to a 
country at their request, hunt down their networks with them, 
and share all that information not only with their country but, 
broadly, with industry so industry can see what is going on?
    Well, since that time we have conducted 47 missions in 22 
countries on 70 different networks. Four of them, four of them 
have been in Ukraine. Those four operations, to include the 
operation that took place 70 days prior to the invasion, I 
think were extremely successful. Not only were we able to 
identify the tradecraft, not only were we able to identify some 
of the malware, but we were able to reassure a partner that we 
were going to provide support.
    And I think that, amongst all the different things that has 
occurred, is incredibly important.
    Mr. Keating. Nothing--did anything surprise you or jump out 
at you during that experience?
    General Nakasone. So, I would say just in general, 
surprises, surprises with regards to our hunt forward 
operations is just how impactful they have become, and how 
popular they are with a series of different nations.
    Every country that I meet with says, hey, can we do a hunt 
forward operation with you?
    And so, I think to the Congressman's point about the future 
structure and what does U.S. Cyber Command look like in the 
years to come, I think there is going to be a large component 
that is going to be doing these type of operations.
    Mr. Keating. Yeah. I have been very impressed just from my 
vantage point because that was one of our greatest concerns 
entering this, just what, you know, Russia might do and what 
efforts would be available to Ukraine to counter it.
    And I think that work that you described is critical and 
will continue to be critical in that regard.
    General Nakasone. Congressman, can I just add one comment 
to that?
    You asked me about surprises. And I think, and I am not 
sure if this fits in that category, but one of the things 
that's communicated to me by the young men and women that lead 
these teams, to include the Marine major who led the team into 
Kyiv, is the fact that she told me that when I got on the 
ground I was meeting with three- and four-star generals, 
sometimes the Minister of Defense, sometimes, you know, 
significant players in the government that were well above my 
pay grade.
    And it just goes to speak to the leadership and the 
capabilities of the people that lead these teams.
    Mr. Keating. And how they really foresaw the difficulty 
that Russia could have imposed there.
    I am just following up on an earlier theme that I've had. 
Dr. Craig Martell, who's the DOD's first Chief Digital and 
Artificial Intelligence Officer, briefed us earlier this year 
about workforce issues, and how we are currently leveraging or 
planning to leverage aspects of artificial intelligence as a 
core competency of the Cyber Mission Force to help them execute 
their offensive and defensive missions.
    You know, if you aren't already, how are you integrating AI 
and this kind of training pipeline into the cyber force? Are 
you engaging? Because some of the existing relationships and 
partnerships have on the private side, is that something that 
has been helpful?
    General Nakasone. Congressman, let me tackle that in a 
couple different ways.
    First of all, to better understand where the talent exists 
you have to go to where the talent, you know, is, you know, 
occupying space right now, and that is in our academic 
institutions. So, U.S. Cyber Command a little over a year ago 
started the Academic Network to reach out to a series of 100-
plus universities within the United States to talk about what 
we do and encourage people to consider government service.
    The second piece is we have taken a very, very hard look at 
artificial intelligence and machine learning to look at, you 
know, the defense of the DOD Information Network. Every single 
day, as Mr. Martell no doubt talked about, was the fact that, 
you know, we have to have an ability to defend our networks, 
our data, and our weapon systems.
    AI and ML [machine learning] is doing that in some part 
today.
    And the third part is that we need a broader base of this 
expertise. To the chairman's point, a number of different 
measures have been passed in the NDAAs for this command. One of 
the ones that has been very, very helpful is Cyber Excepted 
Service, which is 97 percent now of our civilian population are 
utilizing. It provides us extra pays and abilities to attract 
top talent.
    And the other one that we are looking at very, very 
carefully was passed in the 2021 NDAA, which is section 1708, 
to look at a series of very high-tech personnel that can come 
into our command. We are now targeting four that we anticipate 
to hire off that.
    Those are with increased pays that allow us to go after the 
talent that is necessary to bring that to our command.
    Mr. Keating. Well, I thank you.
    And in my own district with the Navy Undersea Warfare 
Institute, and the University of Massachusetts, they have 
models and curriculum that are right there. So, I would like to 
see that continue.
    I yield back.
    Mr. Gallagher. The pride of Texas, Pat Fallon.
    Mr. Fallon. Thank you, Mr. Chairman.
    Mr. Plumb, which branch of the military is in charge of 
maritime domain?
    Dr. Plumb. The United States Navy.
    Mr. Fallon. How about land domain?
    Dr. Plumb. The Army.
    Mr. Fallon. Air?
    Dr. Plumb. Air Force.
    Mr. Fallon. Cyber?
    I mean, that is what I am talking about. We are here today 
and we are talking about cyber being the fastest growing 
domain, and it bothers me that not only do we not know who is 
in charge, it seems, but I don't know, we need a leader for 
this. Because as we just said, I heard my colleague say next 
frontier, and it is going to be the front lines of the next 
conflict.
    When you think about how inexpensive it is relative to the 
potential impact and damage that cyber can do today, it kind of 
harkens for me Billy Mitchell comes to mind, General Billy 
Mitchell, who rang the alarm in the 1920s about the importance 
of air, and got court-martialed for it, because he saw the 
future. We can't fight the war of today, we have got to fight 
the war of tomorrow and prepare for that.
    And it seems to me, you know, when I look at CYBERCOM's 
mission statement it includes, one, defend the Department of 
Defense Information Network; two, strengthen the Nation's 
ability to withstand and respond to cyberattacks; and then, 
three, conduct full-spectrum cyber operations to assist 
combatant commanders and the joint force.
    And that reads well on paper. But the third one is the one 
that concerns me because, you know, the Navy is going to be 
concerned about the sea with a side of cyber; and the Air 
Force, you know, air with a side of cyber; and Army, land with 
a side of cyber. And, you know, I would really, I strongly feel 
that we should be creating a seventh branch and making cyber a 
cyber service.
    And, General Nakasone, I know that you don't talk 
particularly policies. You know, our job here is to implement 
it. But would you accept command of a cyber service, sir?
    General Nakasone. So, Congressman, I would offer that, you 
know, that is, obviously, as you said a policy decision.
    But let me just provide a thought on this in terms of how 
we, how we model ourselves. And I think, as you asked a number 
of different who is in charge of. Special operations. Special 
operations is not run by any specific service yet. It is elite 
service and capability that our Nation has.
    That is what we have modeled ourselves at Cyber Command, 
this idea that having special and unique authorities that we 
are able to train, and man, and equip our force, and agility to 
maneuver. And I think that that is from my perspective, having 
commanded now for 5 years, that is a really good place that we 
are emulating towards, and making sure that our focus is on 
doing operations against our adversaries and continuing to 
build our capability.
    Mr. Fallon. Well, you know, General Nakasone, you said 
earlier that there are always going to be a land, and there is 
air, and then space. And, you know, we made a space service 
because it is ever-changing and evolving. And I am glad we did 
because of that importance.
    But I really would argue that we should consider, strongly 
consider, and we didn't get a report for it, but strongly 
consider cyber as its own service. And we have 800, well, over 
$800 billion budget and $13.5 billion is going to cyber, less 
than 2 percent. So, it is something that I really want to ring 
the alarm bells. And I think that is something that we should 
be seriously considering.
    Thank you, Mr. Chair. I yield back.
    Mr. Gallagher. Mr. Kim.
    Mr. Kim. Thank you, Mr. Chairman.
    Thank you to the two of you for coming on out here and 
talking to us about this. General, I wanted to start with you.
    Over the last couple months I have been engaged with a lot 
of ambassadors and other interlocutors from partner nations of 
ours in the Indo-Pacific talking about, you know, what are some 
areas of cooperation we can focus on. I think coalition 
building is so critical, especially given the challenges that 
we face there.
    And one thing that kind of keeps coming up over and over 
and over again is their concerns about their capabilities when 
it comes to cybersecurity, and whether or not that is at the 
level that is needed.
    This is something that I feel like would not only help them 
in terms of their capabilities and their ability to prevent 
vulnerabilities, but also in terms of our ability to work with 
them and engage, whether that is intel sharing or other 
capacities there. But you see, you know, major partners of 
ours, like Japan, having significant challenges across their 
society when it comes to this, a lot of the ASEAN [Association 
of Southeast Asian Nations] nations and others.
    So, I guess I just wanted to ask you if you would support 
or if you think it would be a good thing for us to do to try to 
increase our engagement, our efforts to be able to lift up 
their baseline of cybersecurity capabilities in the Indo-
Pacific. Is that something you think would be valuable here?
    General Nakasone. Congressman, I certainly do think it 
would be of value. And we are doing that right now.
    I just returned from an 11-day tour of many nations, to 
include several of them in the Indo-Pacific region, and you are 
right, the number one topic that they talk about is how do we 
work together with cybersecurity?
    This is the way that we are doing it at U.S. Cyber Command:
    First of all, through a series of exercises. So, Cyber Flag 
is our major exercise that takes place every summer. This 
summer it will have over 30 nations from around the world to 
participate with us.
    Secondly is through bilateral arrangements where we go and 
work with a force to ensure that they develop the capacity and 
capability to defend their own networks.
    And the last piece, which is I think just an incredible 
success story for the Department of Defense, is a State 
Partnership Program that the National Guard runs that provides 
a continuous ability for us within the Department to have 
relationships, to have exercises, to have an exchange of ideas 
with a nation.
    Mr. Kim. Yes.
    General Nakasone. The State Partnership Program that was 
run by California, and is run by California with Ukraine, is a 
great example of this. This is the platform that we have been 
using.
    Mr. Kim. Do you feel like there is--so, that is really good 
to hear about the different facets in which this is happening. 
Do you think that there is room to scale this up and room to be 
able to increase this capability and this kind of engagement?
    General Nakasone. I do. And I am seeing it already through 
our operations with hunt forward where we have had a number of 
different nations within the Pacific have asked us, and the 
Department has agreed, for us to deploy to those areas to do 
that.
    Mr. Kim. Dr. Plumb, what are your thoughts on this right 
now?
    Dr. Plumb. Congressman, fully agree with your concerns and 
with General Nakasone's statements. We are working on this.
    And your point is exactly right, which is that the more we 
can build the capacity of our allies and partners to defend 
themselves, then the more capacity we have to get after the 
adversary under the theory of a fixed number of resources, even 
if that number keeps going up.
    So, it is a strategic advantage to us to be able to do 
this.
    And the other part is, and this is really important, sir, 
it doesn't just unlock cyber cooperation, it unlocks all sorts 
of other parts of deeper cooperation, the foundation of which 
is decent cybersecurity processes so that information can be 
protected so we can share more information with all these 
partners. Absolutely essential.
    Mr. Kim. Yes. I just think this could be such a good win-
win to really help us build just these deeper, lateral, 
horizontal connections while also sort of hardening some of 
the, again, the vulnerabilities that we face in that region, 
which we know are immense there.
    And, General, I appreciate that you talked about some of 
those different facets because, you know, that Reserve 
Component, you know, specifically our National Guard members, 
they build incredible cyber capabilities. You know, in my--and 
one of those Guard programs, that State Partnership Program, 
that is something that has been incredibly fruitful.
    You know, we have the 140th Air National Guard Cyber 
Operations Squadron at Joint Base McGuire-Dix-Lakehurst in my 
district. And, you know, looking at their ability to be able to 
partner with these nations, it seems like that is essential.
    So, I know you kind of raised that earlier, but it sounds 
like that is something as well that we can continue to push on 
in terms of thinking about how to surge up these types of 
efforts. Is that right?
    General Nakasone. Congressman, the Minister of Defense from 
Albania came to visit U.S. Cyber Command. And one of the first 
things that he did was to recognize the New Jersey National 
Guard for the work that was done on a hunt forward operation. 
He told us that. He knew the captain and the lieutenant colonel 
that was leading those teams to help his nation as they came 
under cyberattack.
    This is a really good example of building partnerships in a 
way that we should be doing in the future.
    Mr. Kim. Well, I look forward to working with you on that. 
Thank you.
    Mr. Gallagher. Mr. Gaetz.
    Mr. Gaetz. Thank you, Mr. Chairman.
    It is good to see you again, General Nakasone.
    I remember back in the 1990s when President Bill Clinton 
said that we were at risk of a space arms race. And our country 
put a bit of a pause on some of our space work. And the 
governing theory was if we pause, we could slow down and make 
space more of a safe domain and not a contested domain.
    And the reality we know, as we sit here now, is while we 
may have paused during some years in the 1990s, our adversaries 
did not. Russia, China, Iran, they all became more capable in 
this regard.
    And so I just wanted to get your initial take on a similar 
call for a pause regarding AI right now. We've seen some of the 
largest tech leaders, including Elon Musk, sign this letter 
saying that the advancement of AI is such that we ought to take 
a pause and determine how to frame those capabilities.
    What is your assessment of whether or not America's 
adversaries would follow the lead of principally U.S. tech 
companies?
    General Nakasone. My sense, Congressman, is that artificial 
intelligence, machine learning is something that is resonant 
today and is something that our adversaries are going to 
continue to look to exploit in moving forward.
    Mr. Gaetz. Do you worry that if U.S. companies take a pause 
that that could constrain some of the capability development 
that you testified earlier is so necessary in getting people 
interested and engaged in AI?
    General Nakasone. So, Congressman, I guess I really 
haven't, haven't thought about that. That is a piece of policy 
that, that I am sure will be discussed in the future.
    But what I am focused on is how do we build a bigger pool 
of people that have this capability and capacity to work it?
    How do we engage with academic institutions to encourage 
young people to study AI and machine learning?
    How do we get them interested in government service?
    How do we continue to utilize this in the future?
    Mr. Gaetz. I fully share that vision. And I think the 
future of the country literally may depend on it.
    But, you know, and I am not an expert in AI. I am just 
starting to use and understand the technology intentionally. 
And it seems to me if you have got some of the big tech 
influencers in our country saying, ``whoa, whoa, pause; don't 
expand commercial vectors in AI,'' that could be 
counterproductive to the goals you just stated about enhanced 
engagement in our country.
    Do you share that concern?
    General Nakasone. So, again, Congressman, you know, my, my 
focus right now is being able to develop the talent, and the 
techniques, and the tradecraft as we look forward to utilizing 
this, you know, this important advantage that our Nation has.
    Mr. Gaetz. And as you look at the AI domain right now, we 
would, we would certainly have to concede there are some areas 
where China is ahead; right?
    General Nakasone. I think right now, as we take a look at 
the AI and machine learning domain, what we need to be focused 
on is how do we look at it in a way that we can use it 
responsibly, not only for our national defense but also for our 
economy.
    At U.S. Cyber Command we are very, very interested in the 
use of large language models and the ability----
    Mr. Gaetz. Alright. But who is ahead? My question is who is 
ahead right now?
    General Nakasone. The United States is ahead.
    Mr. Gaetz. You think we are ahead, we are ahead of China in 
AI right now?
    General Nakasone. I do.
    Mr. Gaetz. And what is your basis for that belief?
    General Nakasone. Again, discussions with experts. But I 
think that this is a tenuous place that we are at as well.
    This is being developed in the United States. This is being 
developed by, you know, a series of entrepreneurs and those 
that are working it. But this isn't take--we should not take 
this for granted that this is going to be the way of the--in 
the future. And so we need to continue to invest in it, and 
work it, and continue to utilize it.
    Mr. Gaetz. Thank you. I yield back.
    Mr. Gallagher. Thank you.
    We don't have the classified room until 10:00 a.m. It is 
not my intention to filibuster until 10:00 a.m., but I do want 
to entertain a second round of questions if any members have--
have one.
    I will start with myself.
    General Nakasone, I want you to imagine you are talking to, 
let's say, my grandma, who is a great lady. She is extremely 
smart, but it is fair to say she is more concerned about her 
great granddaughters than she is about China and cyber.
    In terms that she could understand, explain the threat that 
the Chinese Communist Party poses in cyberspace.
    General Nakasone. Mrs. Gallagher, good morning. I am 
General Nakasone.
    Mr. Gallagher. Technically, Virginia Justice is her name.
    General Nakasone. Mrs. Justice, good morning. I am General 
Nakasone. As we think about our Nation, one of the things that 
I think that we should consider is the fact that our Nation is 
a nation that has been able to have a strong economy and a 
strong national defense.
    Our strong economy is based upon the fact that we are able 
to develop ideas and bring those ideas to a number of different 
people and be able to have business thrive on that. It is based 
on this idea of, you know, an idea being able to be patented 
and then being able to be sold to a broader government.
    What happens if a foreign nation takes those secrets as 
they are being developed? Doesn't have to do their research, 
doesn't have to pay for it, in fact can get it to the 
marketplace before we can. That affects our economy and that 
affects our jobs.
    That is what we are seeing today in many of our industries 
where the Chinese have had ability to steal our intellectual 
property, to repurpose it, and then to bring it to the market 
at a much lower cost than we can.
    The other thing I would say, Mrs. Justice, is the fact that 
national security is important in the sense of being able to 
take information and secure it. One of the powers of our Nation 
is the fact that we may not have the largest Army, Navy, Air 
Force, and Marines, but we have the best Army, Navy, Air Force, 
and Marines because we can really do one thing, and that is 
fuse information and operations.
    We have to be able to secure that information. And when a 
foreign power like China can get into our networks, our data, 
and our weapon systems, that puts our Nation at risk.
    Mr. Gallagher. Now I am going to ask you to do something 
even more difficult.
    I want you to hop into the DeLorean and I want you to go 
into the future. And I want you to talk to my daughter, who is 
currently 2\1/2\, and consider her as a high-school senior. And 
I want you to sort of explain two things to her.
    One, what is your pitch for her serving the country in some 
sort of cyber capacity, going to work for NSA or CYBERCOM? Make 
the pitch to her.
    And, two, what is the basic set of cyber hygiene practices 
that she and all her friends in high school should follow?
    General Nakasone. Ms. Gallagher, good morning. I would like 
to talk to you a little bit about the future.
    Mr. Gallagher. And indeed, it will be Ms. Gallagher for a 
long time, not Mrs.
    General Nakasone. The future is one where I would tell you 
that the jobs that you see today may not exist in the jobs in 
the future. The areas that our Nation is going to produce work 
in the future will likely be tied to our ability to work in 
this domain of cyberspace, the domain that you know very well 
from operating on your smartphone.
    Two decades ago the smartphones didn't even exist. And yet 
today they are accounting for a good portion of our economy. 
So, as you think about the future, one of the things that will 
not change is the importance of science, technology, 
engineering, and mathematics.
    And as you look to the future, being able to specialize in 
one of those areas opens up a broad opportunity for you to 
think about jobs that may not exist today. But being able to 
think about jobs that don't exist today also means the fact 
that you have to be able to be responsible to operate in the 
domain of cyberspace today. And being able to do that is 
understanding the fact that what you say on your phone, or text 
on your phone, or share images on your phone, sometimes are 
shared not only with the person that receives them, but other 
people that have access to it.
    And being able to understand that securing that information 
is very important.
    The second piece is, is that you should also understand 
that what you say in cyberspace perhaps may not be only viewed 
and heard by one person, so be very careful about what you 
record and what you say.
    And I think the last piece is understanding that what you 
see on the internet and what you read today may or may not be 
actually true. And so, being a discerning--being a discerning 
viewer of what you are reading and what you are seeing is part 
of being a responsible person.
    And I would say the last piece of my advice is thinking 
about government service. There is honor in government service. 
As your father has served, I would offer that he would probably 
communicate to you that the ability to give back to your Nation 
is something that will stay with you for the rest of your life.
    Mr. Gallagher. Thank you.
    The good news is, in this future TikTok no longer exists, 
'cause we will have taken bipartisan action against it. Perhaps 
it [inaudible] in the second Khanna administration in this 
future. But if anyone--do you have a second round?
    Mr. Khanna. Do we have time?
    Mr. Gallagher. Yeah, of course.
    Mr. Khanna. Terrific.
    Dr. Plumb and General Nakasone, what role have tech 
companies played in Ukraine? I know there is Starlink. Are 
there other examples of tech companies that have played a role 
in Ukraine that you are aware of?
    General Nakasone. Congressman, I think that you have 
highlighted one of the major lessons learned from Russia/
Ukraine is the power of the private sector. Whether or not it 
has been Starlink being able to provide satellite 
communications, whether or not it has been a series of 
different U.S. companies that have been able to provide 
cybersecurity support, such as Microsoft in Palo Alto, and 
others, this is an, this is an ability for us to scale.
    That is the lesson learned is that bringing the private 
sector is the opportunity for us to get to not tens of 
thousands it's tens of millions if not billions of people with 
the information that is readily important and assisting Ukraine 
today.
    Mr. Khanna. Thank you.
    Dr. Plumb. I would just add, thanks, sir, one of the 
issues, and Mr. Keating actually spoke to it earlier about 
surprise or lessons. I think it has been clear that Ukraine has 
been much more resilient from a cybersecurity standpoint than I 
think Russia might have anticipated. A lot of that is due to 
help from private sector.
    One way of making yourself resilient is to make sure that 
your data can be protected. And one way to do that is to move 
into the cloud. And, so, individual attacks have not had, 
perhaps, the effect that Russia anticipated.
    Mr. Khanna. Appreciate it.
    The reason I ask is it has become somewhat fashionable on 
both the far left or far right to be criticizing Silicon 
Valley. And I share some of the criticisms: privacy, and issues 
about protecting people from, kids from social media.
    But I also represent the area, and I fundamentally believe 
that it is going to be critical in our national security. I am 
excited that Chairman Gallagher his--in his other role as 
chairman, he is chairman of every committee around here, 
chairman of the China Committee, is leading a delegation to 
Silicon Valley and will be engaging with some of these tech 
leaders.
    If you could just, my last final question here is, talk 
about how you see the importance of that collaboration, and 
what you would like to see for a 21st century national security 
strategy?
    Dr. Plumb. I think the collaboration is essential. I do 
think that there is one piece that we could use your help with, 
which is communicating that technology, like any other system, 
can be used for good or for bad. And making sure that, as our 
brilliant men and women working in the tech corridor, in 
Silicon Valley for example, understand that there are also 
downsides to technology, and try to build in safeguards as they 
go. I think that would benefit us all going forward.
    General Nakasone. Congressman, I would just say that as we 
think about the future here, this is, this is where we need to 
have the partnerships that are so strong, not only the 
partnerships of the technology that is being developed but the 
talent that exists there.
    I am very interested for young people and even mid-career 
people to come and join our force for a period of time. This is 
perhaps something that is a unique part of U.S. Cyber Command 
that you would come in at the mid-career. But that is the type 
of talent that we need. That is the type of engineering know-
how that would really assist us.
    And so, again, I think it is both the technology and the 
talent that exists there that we want to make sure is clearly 
partnered with us in the future.
    Mr. Khanna. Thank you.
    Mr. Gallagher. I thank the ranking member.
    I am very excited to visit his district. And I might need 
your advice on how to fit in, if there's any extra, sort of, 
like, hoodies, or Allbirds, or ironic t-shirts I could wear.
    Mr. Khanna. Just wear your Packer [inaudible].
    Mr. Gallagher. Yes, appreciate it.
    Mr. Luttrell.
    Mr. Luttrell. Thank you, Mr. Chairman.
    When asked a question--from my district, my constituents 
ask me questions, like, is our military the most formidable 
force on the planet. It is easy for me to say yes, even when 
they talk about how aggressive Russia is, and how large China 
is. I say, well, we are an All-Volunteer Force, and we are 
terrifying.
    But I can quantify that by showing them the special forces 
community or a handful of Marines.
    And, General, you said that the U.S. is leading in the 
cyberspace. Now, I think it was 16 or 17 when we had the fifth 
fastest computer in the world, Titan, over at one of the 
national laboratories.
    Are you familiar with that?
    General Nakasone. I am.
    Mr. Luttrell. Okay. And so, then, right in that same 
timeframe we fired up Summit. And if I remember correctly, 
Summit went from petaflop to exascale computing speeds, which 
pushed us into the next phase of evolution when it comes to our 
processing abilities, moved us closer to AI, ML, or quantum 
which I think one of the most brilliant men in the world 
[inaudible] 15 years ago we said in 15 years we are going to be 
at quantum computing. And they said it again the day that I was 
standing there. Right?
    So, my question is--this may be a classified setting 
question--is how do I see, how do you confirm to me, because 
you said you talked to the subject matter experts in this 
space, but what does that, what does that mean? What are they 
telling you?
    Because, to me, if China, given the timeframe from when we 
fired up Summit, should have onboard or online another computer 
that would have trumped us and pushed us back some. So, the 
amount of money they are spending in that space as compared to 
us would make me think that they are ahead of us.
    So, can you give me some amplifying information or do we 
need to wait till 10:00?
    General Nakasone. If I might provide a bit of information 
and take also a portion of this in the closed classified.
    Spending money doesn't necessarily mean that you are the 
best in what you do. And being able to integrate that kind of 
capability is what really matters.
    So, being able to take, you know, the intelligence, 
integrate it with a maneuver force to have an outcome, is where 
I clearly see the United States has the lead. And it is, you 
know, not only in the fact that we can do it in the air, on the 
ground, but also in the sea.
    Being able to bring disparate parts of information together 
that mine for data, that provide the key piece of information 
to a soldier, sailor, airman, Marine on the point is what we do 
so well, Congressman. And that is the difference in terms of 
what our Nation can do.
    Mr. Luttrell. Yeah, but that is our military presenting a 
defensive posture, where the Chinese Government is reaching out 
and touching my civilians. And that is a problem.
    Does that make sense?
    General Nakasone. Again, I think perhaps more of this we 
can discuss in closed session, if you would like.
    Mr. Luttrell. Fair enough.
    I yield back, sir.
    Mr. Gallagher. Any other members?
    Okay, with that, we will adjourn the open session. And we 
will reconvene the classified portion upstairs.
    The subcommittee is adjourned.
    [Whereupon, at 9:34 a.m., the subcommittee proceeded in 
closed session.]



      
=======================================================================

                            A P P E N D I X

                             March 30, 2023

=======================================================================

      

      
=======================================================================


              PREPARED STATEMENTS SUBMITTED FOR THE RECORD

                             March 30, 2023

=======================================================================

      
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

      
=======================================================================


              WITNESS RESPONSES TO QUESTIONS ASKED DURING

                              THE HEARING

                             March 30, 2023

=======================================================================

      

            RESPONSE TO QUESTION SUBMITTED BY MR. GALLAGHER

    Dr. Plumb. The Department is currently undertaking assessments of 
the readiness of the Cyber Mission Force, to include an evaluation of 
the current model for force generation and alternative models such as a 
cyber service branch. Those assessments are ongoing and will be 
complemented and informed by efforts in response to congressional 
direction, including sections 1533, 1502, and 1534 of the National 
Defense Authorization Act for Fiscal Year 2023. I am committed to 
keeping Congress informed when the Department completes these 
assessments.   [See page 7.]
                                 ______
                                 
              RESPONSE TO QUESTION SUBMITTED BY MR. LaLOTA
    Dr. Plumb. Cyberspace is a warfighting domain, and we treat it as 
such both in doctrine and in practice. Congress has given USCYBERCOM 
USSOCOM-like authorities for organizing, training, and equipping cyber 
forces. GEN Nakasone, as USCYBERCOM Commander, is the Department's 
cyber ``force design architect'' in practice. A legislative designation 
is unnecessary.   [See page 11.]

                                  [all]