[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]
WORLDWIDE THREATS TO THE HOMELAND: ISIS AND THE NEW WAVE OF TERROR
=======================================================================
HEARING
before the
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED FOURTEENTH CONGRESS
SECOND SESSION
__________
JULY 14, 2016
__________
Serial No. 114-83
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.gpo.gov/fdsys/
________
U.S. GOVERNMENT PUBLISHING OFFICE
25-265 PDF WASHINGTON : 2017
____________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
Internet:bookstore.gpo.gov. Phone:toll free (866)512-1800;DC area (202)512-1800
Fax:(202) 512-2104 Mail:Stop IDCC,Washington,DC 20402-001
COMMITTEE ON HOMELAND SECURITY
Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas Bennie G. Thompson, Mississippi
Peter T. King, New York Loretta Sanchez, California
Mike Rogers, Alabama Sheila Jackson Lee, Texas
Candice S. Miller, Michigan, Vice James R. Langevin, Rhode Island
Chair Brian Higgins, New York
Jeff Duncan, South Carolina Cedric L. Richmond, Louisiana
Tom Marino, Pennsylvania William R. Keating, Massachusetts
Lou Barletta, Pennsylvania Donald M. Payne, Jr., New Jersey
Scott Perry, Pennsylvania Filemon Vela, Texas
Curt Clawson, Florida Bonnie Watson Coleman, New Jersey
John Katko, New York Kathleen M. Rice, New York
Will Hurd, Texas Norma J. Torres, California
Earl L. ``Buddy'' Carter, Georgia
Mark Walker, North Carolina
Barry Loudermilk, Georgia
Martha McSally, Arizona
John Ratcliffe, Texas
Daniel M. Donovan, Jr., New York
Brendan P. Shields, Staff Director
Joan V. O'Hara, General Counsel
Michael S. Twinchek, Chief Clerk
I. Lanier Avant, Minority Staff Director
C O N T E N T S
----------
Page
Statements
The Honorable Michael T. McCaul, a Representative in Congress
From the State of Texas, and Chairman, Committee on Homeland
Security:
Oral Statement................................................. 1
Prepared Statement............................................. 2
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Ranking Member, Committee on
Homeland Security:
Oral Statement................................................. 3
Prepared Statement............................................. 5
The Honorable Sheila Jackson Lee, a Representative in Congress
From the State of Texas:
Prepared Statement............................................. 6
Witnesses
Honorable Jeh C. Johnson, Secretary, Department of Homeland
Security:
Oral Statement................................................. 11
Prepared Statement............................................. 13
Mr. James B. Comey, Director, Federal Bureau of Investigation,
U.S. Department of Justice:
Oral Statement................................................. 18
Prepared Statement............................................. 19
Mr. Nicholas J. Rasmussen, Director, The National
Counterterrorism Center, Office of the Director of National
Intelligence:
Oral Statement................................................. 23
Prepared Statement............................................. 25
For the Record
The Honorable Jeff Duncan, a Representative in Congress From the
State of South Carolina:
Excerpt, Congressional Record.................................. 42
The Honorable Sheila Jackson Lee, a Representative in Congress
From the State of Texas:
Strengthening the Federal Cybersecurity Workforce.............. 46
The Honorable John Katko, a Representative in Congress From the
State of New York:
Article, Washington Post....................................... 70
Appendix
Questions From Ranking Member Bennie G. Thompson for Hon. Jeh C.
Johnson........................................................ 77
Questions From Honorable Loretta Sanchez for Honorable Jeh C.
Johnson........................................................ 85
WORLDWIDE THREATS TO THE HOMELAND: ISIS AND THE NEW WAVE OF TERROR
----------
Thursday, July 14, 2016
U.S. House of Representatives,
Committee on Homeland Security,
Washington, DC.
The committee met, pursuant to notice, at 10:06 a.m., in
room 311, Cannon House Office Building, Hon. Michael T. McCaul
[Chairman of the committee] presiding.
Present: Representatives McCaul, Smith, King, Rogers,
Duncan, Marino, Barletta, Perry, Katko, Hurd, Carter, Walker,
McSally, Ratcliffe, Donovan, Thompson, Sanchez, Jackson Lee,
Langevin, Keating, Payne, Vela, Watson Coleman, and Torres.
Chairman McCaul. The Committee on Homeland Security will
come to order. The purpose of this hearing is to receive
testimony regarding threats to our homeland around the globe.
Before I begin my opening statement, I would like to take a
moment to remember the Dallas police officers who lost their
lives in the line of duty last week.
[Moment of silence.]
Chairman McCaul. We will never forget. The tragedy reminds
us that every day our first responders take risks to protect
us, and we can honor their sacrifice by showing that we support
them and that we have their backs.
In the past month, we witnessed 4 major terrorist attacks
in 4 weeks in 4 countries, including the deadliest terrorist
attack on the United States homeland since 9/11. All these
attacks are believed to be the work of ISIS, the new standard-
bearer of evil. In fact, the group has now been linked to
almost 100 plots against the West since 2014, an unprecedented
wave of terror.
Nearly 15 years after 9/11, we must confront the reality
that we are not winning the war against Islamist terror. While
groups like ISIS may be losing some ground in Syria and Iraq,
overall, they are not on the run; they are on the rise. I am
concerned that we have only seen the tip of the iceberg.
Director Comey, you prophetically warned this committee 2
years ago that there would eventually be a terrorist diaspora
out of Syria and Iraq, with jihadists returning home to spread
extremism. That exodus has now begun. Thousands of Western
foreign fighters have departed the conflict zone, including
operatives who are being sent to conduct attacks, as we saw in
Paris and in Brussels. At the same time, ISIS's on-line
recruiting has evolved, and they now micro-target followers by
language and country.
Although our Nation is shielded by two oceans, geography
alone cannot protect us from this mortal threat. The statistics
speak for themselves. In the past 2 years, Federal authorities
have arrested more than 90 ISIS supporters in the United
States, and in 2015, we saw more home-grown jihadist plots than
we have ever tracked in a single year. I commend your agencies
for stopping dozens of potential tragedies, but too many have
already slipped through the cracks, and we know that more plots
are in the pipeline.
In the wake of Orlando, Americans are demanding to know how
we got to this point, and a clear majority of them say
Washington is not doing enough to roll back this threat. They
are stunned by the political correctness here in our Nation's
capital, especially the refusal to call the threat what it is.
We must define the threat in order to defeat it, just as we did
with communism and fascism. We cannot hide the truth, and we
cannot redact it from reality.
So let's be frank about who the enemy is. We are fighting
radical Islamists. These fanatics have perverted a major
religion into a license to kill and brutalize, and while their
beliefs do not represent the views of the majority of Muslims,
they represent a dangerous global movement bent on conquering
and subjugating others under their oppressive rule.
Sadly, we have failed to commit the resources needed to
win. I was recently on the USS TRUMAN aircraft carrier in the
Persian Gulf, where our sailors are launching sorties to
destroy ISIS positions. While I am proud of their efforts, I am
not encouraged by our progress.
Last month, CIA Director John Brennan gave the
administration a failing grade in the fight and said that,
``Our efforts have not reduced the groups' terrorism,
capability, and global reach.''
The President is sticking to a strategy that is better
suited for losing a war than winning one. Each day we stick
with half measures, ISIS is able to dig in further and advance
a murderous agenda across the globe--another day to plot and
another day to kill.
The violence is becoming so frequent that we now simply
refer to jihadist attacks by the name of the city in which they
were perpetrated: Paris, Chattanooga, San Bernardino, Brussels,
Orlando, Istanbul. How many more will be added to the list
before we get serious about taking the fight to the enemy?
This is the greatest threat of our time, and I urge each of
you here today to explain to this committee and to the American
people how you are planning to elevate our defenses to keep
Americans safe.
With that, the Chair now recognizes the Ranking Member, Mr.
Thompson.
[The statement of Chairman McCaul follows:]
Statement of Chairman Michael T. McCaul
July 14, 2016
Before I begin today's hearing I would like to take a moment to
remember the Dallas police officers who lost their lives in the line of
duty last week. We will never forget.
The tragedy reminds us that every day our first responders take
risks to protect us, and we can honor their sacrifice by showing that
we support them and that we have their backs.
The past month we witnessed 4 major terrorist attacks, in 4 weeks,
in 4 countries, including the deadliest terrorist attack on the United
States homeland since 9/11.
All of these attacks are believed to be the work of ISIS, the new
standard-bearer of evil. In fact, the group has now been linked to
almost 100 plots against the West since 2014--an unprecedented wave of
terror.
Nearly 15 years after 9/11, we must confront the reality that we
are not winning the war against Islamist terror.
While groups like ISIS may be losing some ground in Syria and Iraq,
overall they are not ``on the run,'' as the Obama administration says.
They are on the rise.
But I am concerned that we have only seen the tip of the iceberg.
Director Comey, you prophetically warned this committee 2 years ago
that there would eventually be a ``terrorist diaspora'' out of Syria
and Iraq, with jihadists returning home to spread extremism.
The exodus has now begun. Thousands of Western foreign fighters
have departed the conflict zone, including operatives who are being
sent to conduct attacks, as we saw in Paris and Brussels. At the same
time, ISIS' on-line recruiting has evolved, and they now micro-target
followers by language and country.
Although our Nation is shielded by two oceans, geography alone
cannot protect us from this mortal threat.
The statistics speak for themselves. In the past 2 years, Federal
authorities have arrested more than 90 ISIS supporters here in our
country, and in 2015 we saw more home-grown jihadist plots than we have
ever tracked in a single year.
I commend your agencies for stopping dozens of potential tragedies,
but too many have already slipped through the cracks. We know that more
plots are in the pipeline.
In the wake of Orlando, Americans are demanding to know how we got
to this point, and a clear majority of them say Washington is not doing
enough to roll back the threat.
They are stunned by the political correctness here in our Nation's
capital, especially the refusal to call the threat what it is. We must
define the threat in order to defeat it--just as we did with communism
and fascism.
We cannot hide the truth, and we cannot redact it from reality. So
let's be frank about the enemy: We are fighting radical Islamists.
These fanatics have perverted a major religion into a license to
kill and brutalize. And while their beliefs do not represent the views
of a majority of Muslims, they represent a dangerous global movement
bent on conquering and subjugating others under their oppressive rule.
Sadly, we have failed to commit the resources needed to win. I was
recently on the USS Truman aircraft carrier in the Persian Gulf, where
our sailors are launching sorties to destroy ISIS positions. While I am
proud of their efforts, I am not encouraged by our progress.
Last month, even CIA Director John Brennan gave the administration
a failing grade in the fight and said that, ``our efforts have not
reduced the group's terrorism capability and global reach.''
The President is sticking to a ``drip, drip'' strategy that is
better suited for losing a war than winning one. And each day we stick
with half-measures, ISIS is able to dig in further and advance a
murderous agenda across the globe. Another day to plot, another day to
kill.
The violence is becoming so frequent that we now simply refer to
jihadist attacks by the name of the city in which they were
perpetrated: Paris. Chattanooga. San Bernardino. Brussels. Orlando.
Istanbul.
How many more will be added to the list before we get serious about
taking the fight to the enemy?
This is the greatest threat of our time, and I urge each of you
today to explain to this committee--and to the American people--how you
are planning to elevate our defenses to keep Americans safe.
Mr. Thompson. Thank you very much, Mr. Chairman.
Before I begin, I want to express also my condolences to
the families affected by violence in recent weeks. Today, the
pain that is felt by families in Baton Rouge, Dallas, Falcon
Heights, and Orlando is reverberating across the country.
I want to thank Director Comey and Director Rasmussen for
their service and for appearing before us today.
Secretary Johnson, I also want to thank you for your
service. This is likely your last time that you will testify in
this room, the very room where your grandfather testified in
1949. When Joe McCarthy called your grandfather to testify 67
years ago, it was a time of heated, divisive rhetoric and fear,
fear of infiltration by the Communist ideology. Unfortunately,
today, the Nation finds itself again in a period of heated
rhetoric fueled by fear.
Today, Americans legitimately fear infiltration by the
violent ideology espoused by ISIL. Last month's horrific
terrorist attack in Orlando, Florida, underscores ISIL's
violent ideology in reaching Americans and inspiring terrorism.
Without training, direction, or support by a foreign terrorist
organization, the Orlando assailant, armed with an AR-type
rifle and 9-millimeter semiautomatic pistol, carried out the
deadliest shooting in American history. During the attack, the
shooter pledged allegiance to ISIL, but prior to the attack, he
historically aligned himself with competing foreign terrorist
organizations. Soon after, evidence emerged that the shooter
may have been motivated by racism and homophobia. Yet, in the
hours and days post-Orlando, members of this body and the
Executive branch wasted no time labeling this tragedy as an act
of terrorism.
In contrast, last summer, when a gunman, who, like the
Orlando shooter, was radicalized on-line, opened fire on 9
parishioners in a Charleston, South Carolina, church, many in
this body and, indeed, the Executive branch refused to label
this attack an act of terrorism.
Last week, a gunman, who we understand through his on-line
activities subscribed to a violent political ideology that runs
counter to American values, ambushed police officers in Dallas,
Texas, at a peaceful protest to send a political message, yet
many of the same people in this body and the administration who
labeled past mass shootings that were inspired by a foreign
terrorist organization as an act of terrorism were quick to
dismiss the notion that the Dallas attack was an act of
terrorism.
While foreign terrorist organizations like ISIL represent a
significant homeland security threat, today's threat
environment is far more diverse than back in 1949, when this
room was used to investigate the threat posed by one ideology,
communism.
Those who single-mindedly focus on one ideology or group,
namely ISIL, run the risk of leaving us vulnerable to attacks
by other foreign terrorist organizations, like al-Qaeda, and
even domestic terrorist organizations.
To underscore the domestic terrorism threat, I note that
earlier this year, anti-Government extremists took over a
Federal facility in Oregon, threatening the security of Federal
Government employees for 41 days. Law enforcement officers
consistently ranked the threat from anti-Government groups
higher than the threat from foreign terrorist organizations.
Still, the same voices that were so quick to label incidents in
Orlando and San Bernardino acts of terrorism have largely been
silent about the heightened threat environment associated with
anti-Government groups.
Today's witnesses, you may be chided by my Republican
colleagues for the fact that, in your written testimony, the
phrase ``radical Islamist terrorism'' is not used. However,
fixation on that phrase is misplaced insofar as the threat
posed by ISIL and other foreign terrorist organizations
receives significant attention in the testimony. More troubling
is the fact that nowhere in your testimony is there a passing
mention of domestic terrorism or anti-Government groups.
Terrorist-inspired lone-wolf or small-scale attacks can be
inspired by foreign or domestic actors.
To respond to this new wave of terror, inspired mainly by
propaganda on the internet, the administration is pursuing
programs to counter violent extremism. Putting aside the fact
that there is some debate on the effectiveness of such
programs, I have questions about whether the agency charged to
carry out the administration's CVE efforts are working to
prevent terrorist recruitment and radicalization by all types
of terrorist groups. I was happy to learn from the Secretary
this morning that they just this week pushed out the directives
for the $10 million allocation for the CVE grant funding.
Beyond the discussion of CVE, however, I look forward to
engaging the witnesses in an issue common to the attacks in
Orlando, San Bernardino, Charleston, and Dallas: The
availability of assault weapons to terrorists. We must be able
to keep guns out of the hands of terrorists. Members of
Congress, the administration, and the American public recognize
this. However, Speaker Ryan and Republican leadership continue
to approve empty gestures posing as legislation instead of
bringing up a vote on sensible gun control. We know that the
common thread between most recent attacks, both inspired by
foreign and domestic actors on American soil, has two
commonalities: Radicalization and assault weapons. I do not
accept the notion that nothing can be done to address the
availability of military-style firearms to individuals who
intend to do harm to our country. When it comes to protecting
this Nation, Congress will be rightfully judged by the American
people on whether it tackles both.
Thank you, Mr. Chair. I yield back and look forward to the
testimony.
[The statement of Ranking Member Thompson follows:]
Statement of Ranking Member Bennie G. Thompson
July 14, 2016
Unfortunately, today, the Nation finds itself in a period of heated
rhetoric-fueled by fear. Today, Americans legitimately fear
infiltration by the violent ideology espoused by ISIL. Last month's
horrific terrorist attack in Orlando, Florida, underscores that ISIL's
violent ideology is reaching Americans and inspiring terrorism.
Without training, direction, or support by a foreign terrorist
organization, the Orlando assailant, armed with an AR-type rifle and
9mm semi-automatic pistol, carried out the deadliest shooting in
American history.
During the attack, the shooter pledged allegiance to ISIL but prior
to the attack, he historically aligned himself with competing foreign
terrorist organizations. Soon after, evidence emerged that the shooter
may have also been motivated by racism and homophobia. Yet, in the
hours and days post-Orlando, Members of this body and the Executive
branch wasted no time labeling this tragedy as an ``act of terrorism.''
In contrast, last summer, when a gunman, who, like the Orlando
shooter was radicalized on-line, opened fire on 9 parishioners in a
Charleston, South Carolina, many in this body and, indeed, the
Executive branch, refused to label this attack an ``act of terrorism.''
Last week, a gunman who we understand, through his on-line
activities, ascribed to a violent political ideology that runs counter
to American values, ambushed police officers in Dallas, Texas, at a
peaceful protest to send a political message.
Yet, many of the same people in this body and the administration
who labeled past mass shootings that were inspired by foreign terrorist
organizations as ``acts of terrorism,'' were quick to dismiss the
notion that the Dallas attack was an act of terrorism.
While foreign terrorist organizations like ISIL represent a
significant homeland security threat, today's threat environment is far
more diverse than back in 1949, when this room was used to investigate
the threat posed by one ideology--communism.
Those who single-mindedly focus on one ideology or group--namely
``ISIL''--run the risk of leaving us vulnerable to attacks by other
foreign terrorist organizations like al-Qaeda and even by domestic
terrorist groups.
To underscore the domestic terrorism threat, I would note that
earlier this year, anti-Government extremists took over a Federal
facility in Oregon, threatening the security of Federal Government
employees for 41 days. Law enforcement officers consistently rank the
threat from anti-Government groups higher than the threat from foreign
terrorist organizations.
Still, the same voices that were so quick to label incidents in
Orlando and San Bernardino ``acts of terrorism'' have largely been
silent about the heightened threat environment associated with anti-
Government groups.
To today's witnesses, you may be chided by my Republican colleagues
for the fact that, in your written testimony the phrase ``radical
Islamist terrorism'' is not used. However, fixation on that phrase is
misplaced, insofar as the threat posed by ISIL and other foreign
terrorist organizations receives significant attention in the
testimony.
More troubling, is the fact that nowhere in your testimonies is
there even a passing mention of domestic terrorism or anti-Government
groups. Terrorist-inspired lone-wolf or small-cell attacks can be
inspired by foreign and domestic actors.
To respond to this new wave of terror, inspired mainly by
propaganda on the internet, the administration is pursuing programs to
counter violent extremism. Putting aside the fact that there is some
debate on the effectiveness of such programs, I have questions about
whether the agencies charged to carry out the administration's CVE
efforts are working to prevent terrorist recruitment and radicalization
by all types of terrorist groups.
I am troubled that the Department of Homeland Security recently
announced $10 million in CVE grant funding but has yet to issue the
Department-wide strategy which I have been requesting for over a year
and have consistently been told is ``forthcoming.''
Beyond the discussion of CVE, I look forward to engaging the
witnesses on an issue common to the attacks in Orlando, San Bernardino,
Charleston, and Dallas--the availability of assault weapons to
terrorists.
We must be able to keep guns out of the hands of terrorists.
Members of Congress, the administration, and the American public
recognize this. However, Speaker Ryan and Republican leadership
continue to approve empty gestures posing as legislation instead of
bringing up a vote on sensible gun control.
We know that the common thread between the most recent attacks--
both inspired by foreign and domestic actors--on American soil had two
commonalities: Radicalization and assault weapons. I do not accept the
notion that nothing can be done to address the availability of
military-style firearms to individuals with intent to do harm to our
country. When it comes to protecting this Nation, Congress will be
rightfully judged by the American people on whether it tackles both.
Chairman McCaul. I thank the Ranking Member.
Other Members are reminded that opening statements may be
submitted for the record.
[The statement of Hon. Jackson Lee follows:]
Statement of Honorable Sheila Jackson Lee
July 14, 2016
Chairman McCaul, Ranking Member Thompson, thank you for this
opportunity to hear testimony on ``Worldwide Threats to the Homeland:
ISIS and the New Wave of Terror.''
Today's hearing is an opportunity for the committee to receive
testimony from the witnesses about terrorist threats, including the
radicalization and terrorism recruitment in the United States and
abroad.
We will also receive testimony about what the Executive branch is
doing to counter both home-grown and domestic violent extremism.
I join my colleagues on the committee in welcoming the Secretary of
Homeland Security Jeh Johnson, FBI Director James Corney, and Nick
Rasmussen, director of the National Counterterrorism Center to today's
hearing.
As a senior Member of the House Committee on Homeland Security and
Ranking Member of the Judiciary Subcommittee on Crime, Terrorism,
Homeland Security and Investigations the topic of threats to homeland
security is of significance and especially in light of recent events.
My primary domestic security concerns are:
preventing foreign fighters and foreign-trained fighters
from entering the United States undetected;
countering international and home-grown violent extremism;
addressing the uncontrolled proliferation of long-guns that
are designed for battlefields and not hunting ranges;
controlling access to firearms for those who are deemed to
be too dangerous to fly;
Protecting critical infrastructure from physical and cyber
attack; and
Strengthening the capacity of the Department of Homeland
Security and the Department of Justice to meet the challenges
posed by weapons of mass destruction.
foreign fighters and foreign-trained fighters
I initially introduced the ``No Fly for Foreign Fighters Act''
after the investigation of an attempt to detonate explosives on a
Northwest Airlines Flight on Christmas day 2009.
Investigation of the incident revealed that counterterrorism
agencies had information that raised red flags about this individual,
referred to as the ``underwear bomber,'' but the dots were not
connected and he was not placed in the Terrorist Screening Data base or
the TSDB.
This incident shone a spotlight on potential gaps in our watch list
programs, and terrorists screening process, which indicate significant
improvements were needed. That said, questions about the system remain.
In fact, it is not uncommon to see news of a flight being diverted
or an emergency landing because a passenger happened to be on the No-
Fly list but there was a delay getting that information.
It is even more common to read articles about the frequency of
false positives and individuals being mistakenly identified as being on
the list--causing them and their fellow passenger significant delay and
frustration.
The issue of false positives is something that I know many of my
colleagues on the committee are particularly interested in, as well as
groups such as the ACLU.
In light of the events of the last 12 months, however, the issue of
homeland security and, in particular, the accuracy of our screening and
watchlisting process has become even more significant to me.
More than 30,000 foreign fighters from at least 100 different
countries have traveled to Syria and Iraq to fight for ISIL since 2011.
In the last 18 months, the number of foreign fighters traveling to
Syria and Iraq has more than doubled.
In the first 6 months of 2015, more than 7,000 foreign fighters
have arrived in Syria and Iraq.
Of those traveling to Syria and Iraq to fight for the Islamic State
terrorist group, it is estimated at least 250 hold U.S. citizenship.
The accuracy of our terrorist screening tools are more critical now
than ever before.
That is why I worked with the Chairman of the Judiciary Committee
and Mr. Ratcliffe who is a Member of the Judiciary Committee and
Homeland Security, to introduce H.R. 4240, which mandates an
independent review of the TSDB's operation and administration.
Although the inspector general for the Department of Justice
conducts annual audits of the TSDB, there has not been an independent
review since the GAO study after the 2009 incident.
H.R. 4240 directs the GAO to conduct an independent review of the
operation and administration of the TSDB, and subsets of the TSDB, to
assess: (1) Whether past weaknesses have been address; and (2) the
extent to which existing vulnerabilities may be resolved or mitigated
through additional changes.
The legislation was drafted broadly, to allow the GAO to conduct a
comprehensive review not just of the TSDB's accuracy, but of its entire
operation and administration.
Following its study, the GAO will submit a report to the House and
Senate Judiciary Committees, with its findings and any recommendations
for improvements.
H.R. 4240, which passed the House under suspension, is the next
step in ensuring that the screening and watchlisting process works as
it is intended.
countering violent extremism at home and abroad
One of the enduring challenges for Members of this committee is how
we guide the work of the Department of Homeland Security.
One challenge we have faced is finding definitions for terrorism
that will address the reality that these acts are intended to
intimidate or terrorize the public or a minority group.
Understanding what terrorism is begins in law with its definition.
Title 22 of the U.S. Code, Section 26S6f(d) defines terrorism as
``premeditated, politically motivated violence perpetrated against
noncombatant targets by subnational groups or clandestine agents,
usually intended to influence an audience.''
The FBI defines terrorism as ``the unlawful use of force or
violence against persons or property to intimidate or coerce a
government, the civilian population, or any segment thereof, in
furtherance of political or social objectives.''
Terrorism is a violation of the criminal laws of the United States
or of any State or other subdivision of the United States and appears
to be intended to intimidate or coerce a civilian population, to
influence the policy of a government by intimidation or coercion, or to
affect the conduct of a government by mass destruction, assassination,
or kidnapping.
DHS defines Domestic Terrorism as:
``Any act of violence that is dangerous to human life or potentially
destructive of critical infrastructure or key resources committed by a
group or individual based and operating entirely within the United
States or its territories without direction or inspiration from a
foreign terrorist group.''
Groups and individuals inspired to commit terrorist acts are
motivated by a range of personal, religious, political, or other
ideological beliefs--there is no magic formula for determining the
source of terrorism.
Further, the complexity of adding social media as a new source of
recruitment for violent extremists is complicating the efforts of law
enforcement, domestic security, and National defense.
The line between lawfully-protected speech and activity that may be
to some radical--should be clearly defined.
Taking care to protect civil liberties and Constitutional rights
means that our system of laws must acknowledge that reading, writing,
or speaking one's views or beliefs even when they are unpopular is not
a crime.
Hate speech is not a crime--while an act of violence motivated by
hate is a crime.
Violent Extremist threats within the United States can come from a
range of violent extremist groups and individuals, including Domestic
Terrorists and Homegrown Violent Extremists (HVEs).
In the wake of the killings at Mother Emanuel in Charlotte South
Carolina; San Bernardino; the Pulse Night Club in Orlando; and the
murder of 5 police offers protecting participants in a peaceful
demonstration in Dallas, Texas it is evident that home-grown violent
extremism is a threat that must be addressed.
reduction in weapons of war on u.s. streets and ease of access to guns
for those on the no-fly list
Gun violence carnage that claimed the lives of more than 300,000
persons during the period 2005-2015, include the following:
1. On July 7, 2016, in Dallas Texas 4 police officers and 1 transit
officer were killed by a lone gun man using a AK-74 assault-
style rifle and a handgun;
2. On June 12, 2016, in Orlando, Florida at the Pulse nightclub a
single shooter armed with a .223 caliber AR type rifle and 9mm
semiautomatic pistol killed 49 people and left 53 injured;
3. On December 2, 2015 in San Bernardino, California, two gunmen
armed with two .223 caliber AR-15-type semi-automatic rifles
and two 9mm semi-automatic pistols killed 14 people and injured
21 others at the Inland Regional Center;
4. On July 7, 2015 in Chattanooga, Tennessee a gunman shot and
killed 5 people, including 2 U.S. Marines and a Naval Officer,
and shot and injured 2 others at a recruiting center and U.S.
Naval Reserve Center;
5. On June 7, 2015, a gunman shot and killed 9 people at the Mother
Emanuel African Methodist Episcopal Church in Charleston, South
Carolina, one of the oldest and largest black congregations in
the South;
6. On August 5, 2012 in Oak Creek, Wisconsin, a gunman shot and
killed 6 people, and injured 3 others, at the Sikh Temple of
Oak Creek;
7. On December 14, 2012, a gunman using a Bushmaster .223 caliber
model XM15 rifle with a 30 round magazine in 5 minutes murdered
26 persons, including 20 children and 6 school administrators
and teachers, at Sandy Hook Elementary in Newtown, Connecticut;
8. On November 11, 2009, at Fort Hood, near Killeen, Texas, a
gunman shot and killed 13 people, and wounded 30 others; and
Nearly 100 metropolitan areas have experienced mass shootings like
these since 2013.
Mass shootings occur more frequently in States that do not require
background checks for all gun sales, and analyses of mass shootings in
the United States between 2009 and 2015 document that the majority of
mass shootings occur in venues where the carrying of firearm is not
restricted.
I have introduced two measures that specifically address issues of
gun safety raised by the carnage over the last few years.
The first bill is H.R. 3125 ``Accidental Firearms Transfers
Reporting Act of 2015,'' which seeks to shed light on the gun purchase
loophole that led to Dylan Roofs tragic possession of the firearm used
to murder 9 innocent persons at Emanuel A.M.E.
Church in Charleston, South Carolina, as well as the numerous other
cases where a firearm was handed over to an unintended and potentially
dangerous recipient.
The bill would require the director of the Federal Bureau of
Investigations to report to Congress the number of firearm transfers
resulting from the failure to complete a background check within 3
business days.
The FBI is further instructed to disclose and report on the
procedures in place and actions taken after discovering a firearm has
been transferred to a transferee who is ineligible to receive a
firearm.
This bill directs the FBI to report on the erroneous transfer of
firearms every 6 months to ensure internal oversight and effective
monitoring to expose any other patterns or practices in need of
administrative or legislative action.
I have also introduced, H.R. 5470, ``Stopping Mass Killings By
Violent Terrorists Act,'' gives our law enforcement agencies another
tool to help keep the most dangerous weapons out of the hands of home-
grown terrorists.
H.R. 5470, the ``Stopping Mass Killings by Violent Terrorists
Act,'' prohibit a firearms dealer from transferring a semiautomatic
assault weapon or large-capacity ammunition clips to a purchaser until
the Attorney General has verified that the prospective transferee has
truthfully answered new questions on the firearms background check
questionnaire regarding contacts between the prospective purchaser or
transferee and Federal law enforcement authorities.
Specifically, H.R. 5470 requires and provides that:
(1) with respect to any firearm or large-capacity ammunition feeding
device, the attorney general update the Background Check Questionnaire
to include questions relating to the existence and nature of any
contacts with Federal law enforcement agencies within the prior 24
months;
(2) for a purchaser questionnaire, affirming the existence of contacts
with Federal law enforcement agencies, that the purchase of a covered
firearm cannot be consummated until affirmative approval is received by
the FBI; and
(3) with respect to any firearm or large-capacity ammunition feeding
device (LCAFD), any purchaser who refuses or fails to provide the
information required, the Transferor (Seller) shall nevertheless submit
the uncompleted questionnaire to the FBI for further review or
investigation.
On average gun violence claims the lives of 90 persons each day.
Since 1968, more than a million persons have died at the hand of a gun.
The homicide rate in the United States is about 6.9 times higher than
the combined rate in 22 other highly-developed and populous countries,
despite similar non-lethal crime and violence rates.
securing critical infrastructure
Last year Assistant Secretary Caitlin Durkovich informed a
gathering of energy firm executives at an energy conference that ISIS
has been attempting to hack American electrical power companies.
Critical infrastructure is dispersed throughout the United States
and if primarily under the control of private owners or non-government
operators; and includes:
The Electronic Utility Grid;
Water Treatment facilities;
Ports, railways, and highways;
Telecommunication System;
Food production, processing, and distribution;
Health care delivery system; and
financial system
Critical infrastructure relies upon distributed computer networks
to support vital functions and delivery systems.
The security of computing networks rely upon strong encryption and
protocols to assure that the security of encryption passwords and
network access is maintained.
To support the work of the Department of Homeland Security in
providing cyber protection to critical infrastructure, I introduced
H.R. 85, the Terrorism Prevention and Critical Infrastructure
Protection Act.
The bill facilitates research and development activities to
strengthen the security and resilience of the Nation's critical
infrastructure against terrorist attacks and All-Hazard events.
The bill establishes research initiatives that would provide the
Secretary of Homeland Security with a report on:
the degree that certain critical infrastructure is reliant
upon other types of critical infrastructure;
programs that would improve professional development for
security professionals;
assessment of vulnerabilities in software systems,
firewalls, applications, and methods of analyzing
cybersecurity; and
coordination of Federal agencies' response to cyber
terrorism incidents.
The bill would take an in-depth approach to securing critical
infrastructure.
H.R. 85 would provide oversight committees and Members of Congress
with a better understanding of the terrorism preparedness of critical
infrastructure owners and operators, contractors, or non-Government
agency entities that provide computer-related support or services to
critical infrastructure.
DHS Protective Security Coordination Division (PSCD) is established
to conduct specialized field assessments to identify vulnerabilities,
interdependencies, capabilities, and cascading effects of impacts on
the Nation's critical infrastructure.
I am particularly interested in the work of the DHS PSCD office
because of a Jackson Lee amendment adopted last year under House
consideration of the H.R. 1731, ``National Cybersecurity Protection
Advancement Act of 2015.''
The Jackson Lee amendment allowed the Secretary of Homeland
Security to consult with sector-specific agencies, businesses, and
stakeholders to produce and submit to the Committee on Homeland
Security a report on how best to align Federally-funded cybersecurity
research and development activities with private-sector efforts to
protect privacy and civil liberties while assuring security and
resilience of the Nation's critical infrastructure.
The amendment included a cybersecurity research and development
objective to enable the secure and resilient design and construction of
critical infrastructure and more secure accompanying cyber technology.
Finally, this Jackson Lee Amendment supports investigation into
enhanced computer-aided modeling capabilities to determine potential
impacts on critical infrastructure of incidents or threat scenarios,
and cascading effects on other sectors; and facilitating initiatives to
incentivize cybersecurity investments and the adoption of critical
infrastructure design features that strengthen cybersecurity and
resilience.
cybersecurity challenges
The arrival of the Internet of Things, which will introduce
ubiquitous wireless technology far beyond the limitations of computers
or computing devices to include practically every physical object in
our environment.
The cybersecurity challenges of tomorrow will look very different
from the cybersecurity challenges of today.
One of the chief concerns of the FBI is the use of encryption by
criminals and terrorist to hide information on the internet.
This is not a new concern, the use of techniques that facilitate
Government access to encryption products was litigated by the Justice
Department during the Clinton administration in 1990s at the time the
general public began using the internet.
Computing technologists, cybersecurity experts, companies, civil
liberties organizations, researchers, and innovators strongly oppose
this approach then as they do today.
One of the major problems with trying to control who has access to
strong encryption is how easy it is to get or create an encryption
computer program.
In the research I had my staff conduct, it was easy to find
encryption programs on the internet that were written by academics,
researchers, students, and others with the requisite level of computing
programming knowledge.
In fact, I found that keeping an algorithm secret, for the purpose
of security, is universally considered as a sign that the encryption
program is likely poorly written.
In my analysis of the facts regarding this very complex area of
computing security the most important knowledge to possess is the
password or key.
The other important cybersecurity component is well-trained
personnel who must do the work in protecting computing systems and
information assets.
weapons of mass destruction
In the not-too-distant future, the harnessing of nuclear energy
will no longer be the privilege of only a few nations.
Today, nuclear energy is under serious consideration in more than
55 developed and developing countries and an additional 60 countries
are expressing interest in, considering, or actively planning for
nuclear power.
These efforts, if successful, would represent a quadrupling of
today's 30 nuclear powered nations.
These ambitious nations face immense security challenges and for
these reasons the United States should be working to develop
relationships with nations who are willing to accept our assistance in
developing peaceful nuclear programs.
However, I believe that we should take this effort one step further
by developing the infrastructure to move excess nuclear material and
waste from these nations so that it may be safely disposed of without
concern that it could fall into unfriendly hands.
I will soon introduce legislation to establish much-needed
foresight in meeting the future challenges posed by the emergency of
nuclear power in developing nations.
In my statement I have outlined several areas of particular concern
regarding Worldwide Threats and Homeland Security Challenges.
I thank today's witnesses for their testimony and look forward to
the opportunity to ask questions.
Thank you.
Chairman McCaul. We are pleased to have a distinguished
panel of witnesses before us today on this important topic.
First, the Honorable Jeh Johnson, Secretary of the Department
of Homeland Security. I believe this possibly could be your
last testimony before this committee, and we appreciate your
service to the Nation.
Next, the Honorable James Comey, director of the FBI at the
U.S. Department of Justice, and then, finally, the Honorable
Nicholas Rasmussen, director of the National Counterterrorism
Center in the Office of the Director of National Intelligence.
I thank all of you for being here today. The Chair now
recognizes Secretary Johnson to testify.
STATEMENT OF HONORABLE JEH C. JOHNSON, SECRETARY, DEPARTMENT OF
HOMELAND SECURITY
Secretary Johnson. Thank you, Mr. Chairman, Congressman
Thompson, Members of this committee. You have my prepared
statement for the record. I will just offer a few remarks here
briefly.
I want to thank this committee for the productivity in
cranking out legislation that I believe has indeed helped
secure our homeland in the time that I have been Secretary. I
have observed this committee work in a collaborative fashion,
and it has been really productive, so I thank you for that.
I want to thank my colleagues, Nick and Jim, for our work
together protecting the homeland.
Lots of people ask me what keeps me up at night. It is hard
to prioritize and rank what keeps me up at night. I have a lot
of things that keep me up at night, but if you ask me to rank
them, my best effort I would have to say the prospect of home-
grown violent extremism--another San Bernardino, another
Orlando--is No. 1 on my list. We deal in this age not just with
the terrorist-directed attack but the terrorist-inspired attack
and now a new category of terrorist-enabled attacks. These are
things that keep me up at night. It is difficult for our law
enforcement and our intelligence community to detect the self-
radicalized actor.
Foreign terrorist travel, the prospect of foreign terrorist
travel to our homeland keeps me up at night. Of course,
cybersecurity, aviation security, border security, the prospect
of what we refer to as special interest aliens arriving on our
Southern Border are things that we should all be focused on and
dedicated to addressing.
Militarily, we continue to take the fight, pursuant to the
President's strategy, to the Islamic State and al-Qaeda
overseas. I have been pleased with the number of strikes that
have taken out leaders of the Islamic State, particularly those
focused on external attacks. Of course, our intelligence
community and law enforcement efforts to protect the homeland
here continue.
I have a lot of confidence in the FBI, under Jim's
leadership in particular, with their aggressive
counterterrorism law enforcement efforts. We together have
worked much more actively in the last 2 years, I think, with
State and local law enforcement on protecting the homeland and
sharing information about what we see on a National and
international level. Active-shooter training for local law
enforcement is something that, since I have been Secretary, we
have prioritized and enhanced through our National Targeting
Center at Customs and Border Protection, and with better data
collection and sharing of data, I think we do a better job of
knowing who is traveling to the United States and knowing about
individuals of suspicion before they get here to put them on a
watch list, a selectee list, and what have you.
We have enhanced the security around our Visa Waiver
Program. With the help of this Congress last year, we now have
the ability to deny visa-free travel to those who have traveled
to Syria, Sudan, Iraq, Iran, and, as a result of the three new
countries I added to the list because of this new legislative
authority, Yemen, Somalia, and Libya.
Public vigilance and public awareness must be keys to our
efforts in combating home-grown violent extremism. Public
awareness, public vigilance can and do make a difference.
Along with our CVE efforts that Congressman Thompson
focused on, I am pleased that there appears to be bipartisan
support for continued efforts at countering violent extremism.
I am pleased that we have grant money this year to combat it. I
hope that, in future years, Congress will provide us with more
grant money.
I look forward to questions from this committee in terms of
our aviation security efforts, efforts to secure the Republican
and Democratic National Conventions. I personally plan to
travel to Cleveland tomorrow and to Philadelphia next week to
inspect the security at both convention sites.
In general, we encourage the public to continue to travel,
to continue to associate, to celebrate the holidays, celebrate
the summer season, but public vigilance and public awareness
can and do make a difference in this current environment.
Thank you. I look forward to your questions.
[The prepared statement of Secretary Johnson follows:]
Prepared Statement of Hon. Jeh C. Johnson
July 14, 2016
Chairman McCaul, Representative Thompson, and Members of the
committee, thank you for holding this annual threats hearing with me,
the FBI director and the director of NCTC. I believe this annual
opportunity for Congress to hear from us, concerning threats to the
homeland is important. I welcome the opportunity to be here again.
counterterrorism
San Bernardino and Orlando are terrible reminders of the new
threats we face to the homeland.
We have moved from a world of terrorist-directed attacks, to a
world that also includes the threat of terrorist-inspired attacks--
attacks by those who live among us in the homeland and self-radicalize,
inspired by terrorist propaganda on the internet. By their nature,
terrorist-inspired attacks are often difficult to detect by our
intelligence and law enforcement communities, could occur with little
or no notice, and in general, make for a more complex homeland security
challenge.
This threat environment has required a whole new type of response.
As directed by President Obama, our government, along with our
coalition partners, continues to take the fight militarily to terrorist
organizations overseas. ISIL is the terrorist organization most
prominent on the world stage. Since September 2014, air strikes and
special operations have in fact led to the death of a number of ISIL's
leaders and those focused on plotting external attacks in the West. At
the same time, ISIL has lost about 47% of the populated areas it once
controlled in Iraq, and thousands of square miles of territory it once
controlled in Syria. But as ISIL loses territory, it has increased its
plotting on targets outside of Iraq and Syria, and continues to
encourage attacks in the United States.
On the law enforcement side, the FBI continues to, in my judgment,
do an excellent job of detecting, investigating, preventing, and
prosecuting terrorist plots here in the homeland.
Following the attacks in Ottawa, Canada in 2014, and in reaction to
terrorist groups' public calls for attacks on government installations
in the Western world, I directed the Federal Protective Service to
enhance its presence and security at various U.S. Government buildings
around the country.
The Department of Homeland Security has intensified our work with
State and local law enforcement, and strengthened our information-
sharing efforts. Almost every day, we share intelligence and
information with Joint Terrorism Task Forces, fusion centers, local
police chiefs, and sheriffs. And we are now able to instantly cross-
reference suspects against law enforcement and counterterrorism
databases and share information-often in almost-real time--with our
domestic as well as international partners. We are also enhancing
information sharing with organizations that represent businesses,
college and professional sports, community and faith-based
organizations, and critical infrastructure.
And, since 2013 we've spearheaded something called the ``DHS Data
Framework'' initiative. We are improving our ability to use DHS
information for our homeland security purposes, and to strengthen our
ability to compare DHS data with other travel, immigration, and other
information at the Unclassified and Classified level. We are doing this
consistent with laws and policies that protect privacy and civil
liberties.
We also provide grant assistance to State and local governments
around the country, for things such as active-shooter training
exercises, overtime for police officers and firefighters, salaries for
emergency managers, emergency vehicles, and communications and
surveillance equipment. We helped to fund an active-shooter training
exercise that took place in the New York City subways last November, a
series of these exercises earlier this year in Miami and Louisville,
and just last month at Fenway Park in Boston. In February, and last
month, we announced another two rounds of awards for fiscal year 2016
that will fund similar activities over the next 3 years.
We are enhancing measures to detect and prevent travel to this
country by foreign terrorist fighters.
We are strengthening the security of our Visa Waiver Program, which
permits travelers from 38 different countries to come to the United
States for a limited time period without a visa. In 2014, we began to
collect more personal information in the Electronic System for Travel
Authorization, or ``ESTA'' system, that travelers from Visa Waiver
countries are required to use. ESTA information is screened against the
same counterterrorism and law enforcement databases that travelers with
traditional visas are screened, and must be approved prior to an
individual boarding a plane to the United States. As a result of these
enhancements, over 3,000 additional travelers were denied travel here
through this program in fiscal year 2015. In August 2015, we introduced
further security enhancements to the Visa Waiver Program.
Through the passage in December of the Visa Waiver Program
Improvement and Terrorist Travel Prevention Act of 2015, Congress has
codified into law several of these security enhancements, and placed
new restrictions on eligibility for travel to the United States without
a visa. We began to enforce these restrictions on January 21, 2016.
Waivers from these restrictions will only be granted on a case-by-case
basis, when it is in the law enforcement or National security interests
of the United States to do so. Those denied entry under the Visa Waiver
Program as a result of the new law may still apply for a visa to travel
to the United States. In February, under the authority given me by the
new law, I also added three countries--Libya, Yemen, and Somalia--to a
list that prohibits anyone who has visited these nations in the past 5
years from traveling to the United States without a visa. In April, DHS
began enforcing the mandatory use of high security electronic passports
for all Visa Waiver Program travelers. In both February and June, CBP
enhanced the ESTA application with additional questions.
We are expanding the Department's use of social media for various
purposes. Today social media is used for over 30 different operational
and investigative purposes within DHS. Beginning in 2014 we launched 4
pilot programs that involved consulting the social media of applicants
for certain immigration benefits. USCIS now also reviews the social
media of Syrian refugee applicants referred for enhanced vetting, and
is extending this review to additional categories of refugee
applicants. Based upon the recommendation of a Social Media Task Force
within DHS, I have determined, consistent with relevant privacy and
other laws, that we must expand the use of social media even further.
CBP is deploying personnel at various airports abroad, to pre-clear
air travelers before they get on flights to the United States. At
present, we have this pre-clearance capability at 15 airports overseas.
And, last year, through pre-clearance, we denied boarding to over
10,700 travelers (or 29 per day) before they even got to the United
States. As I said here last year, we want to build more of these. In
May 2015, I announced 10 additional airports in 9 countries that we've
prioritized for preclearance. In May, CBP announced an ``open season,''
running through August 1, for foreign airports to express interest in
participating in the next round of preclearance expansion. I urge
Congress to pass legislation enabling preclearance operations in
Canada, by providing legal clarity to CBP officials who are responsible
for the day-to-day operation of preclearance facilities there.
For years Congress and others have urged us to develop a system for
biometric exit--that is, to take the fingerprints or other biometric
data of those who leave the country. CBP has begun testing technologies
that can be deployed for this Nation-wide. With the passage of the
fiscal year 2016 Omnibus Appropriations Act, Congress authorized up to
$1 billion in fee increases over a period of 10 years to help pay for
the implementation of biometric exit. In April, the Department
delivered its Comprehensive Biometric Entry/Exit Plan to Congress,
which details CBP's plan for expanding implementation of a biometric
entry/exit system using that funding. I have directed that CBP redouble
its efforts to achieve a biometric entry/exit system, and to begin
implementing biometric exit, starting at the highest volume airports,
in 2018.
Last January I announced the schedule for the final two phases of
implementation of the REAL ID Act, which go into effect in January 2018
and then October 2020. At present, 24 States are compliant with the
law, 28 have extensions, and 4 States or territories are out of
compliance without an extension. Now that the final time table for
implementation of the law is in place, we urge all States, for the good
of their residents, to start issuing REAL ID-compliant drivers'
licenses as soon as possible.
In the current threat environment, there is a role for the public
too. ``If You See Something, Say Something''TM must be more
than a slogan. We continue to stress this. DHS has now established
partnerships with the NFL, Major League Baseball, and NASCAR, to raise
public awareness at sporting events. An informed and vigilant public
contributes to National security.
In December we reformed ``NTAS,'' the National Terrorism Advisory
System. In 2011, we replaced the color-coded alerts with NTAS. But, the
problem with NTAS was we never used it, it consisted of just two types
of Alerts: ``Elevated'' and ``Imminent,'' and depended on the presence
of a known specific and credible threat. This does not work in the
current environment, which includes the threat of home-grown, self-
radicalized, terrorist-inspired attacks. So, in December we added a new
form of advisory--the NTAS ``Bulletin''--to augment the existing
Alerts, and issued the first Bulletin providing the public with
information on the current threat environment and how they can help.
The December Bulletin expired last month, and we issued a new and
updated Bulletin on June 15.
Given the nature of the evolving terrorist threat, building bridges
to diverse communities is also a homeland security imperative. Well-
informed families and communities are the best defense against
terrorist ideologies. Al-Qaeda and ISIL are targeting Muslim
communities in this country. We must respond. In my view, building
bridges to our communities is as important as any of our other homeland
security missions.
In 2015 we took these efforts to new levels. We created the DHS
Office for Community Partnerships (OCP), which is now the central hub
for the Department's efforts to counter violent extremism in this
country, and the lead for a new interagency Countering Violent
Extremism (CVE) Task Force that includes DHS, the Department of Justice
(DOJ), the FBI, the National Counter Terrorism Center (NCTC) and other
agencies. We are focused on partnering with and empowering communities
by providing them a wide range of resources to use in preventing
violent extremist recruitment and radicalization. Specifically, we are
providing access to Federal grant opportunities for State and local
leaders, and partnering with the private sector to find innovative,
community-based approaches.
Ensuring that the Nation's CVE efforts are sufficiently resourced
has been an integral part of our overall efforts. Last week, on July 6,
I announced the CVE Grant Program, with $10 million in available funds
provided by Congress in the 2016 Omnibus Appropriations Act. The CVE
Grant Program will be administered jointly by OCP and FEMA. This is the
first time Federal funding at this level will be provided, on a
competitive basis, specifically to support local CVE efforts. The
funding will be competitively awarded to State, Tribal, and local
governments, nonprofit organizations, and institutions of higher
education to support new and existing community-based efforts to
counter violent extremist recruitment and radicalization to violence.
Finally, given the nature of the current threat from home-grown
violent extremists, homeland security must include sensible gun control
laws. We cannot have the former without the latter. Consistent with the
Second Amendment, and the right of responsible gun owners to possess
firearms, we must make it harder for a terrorist to acquire a gun in
this country. The events of San Bernardino and Orlando make this
painfully clear.
aviation security
As we have seen from recent attacks in Egypt, Somalia, Brussels,
and Istanbul, the threat to aviation is real. We are taking aggressive
steps to improve aviation and airport security. In the face of
increased travel volume, we will not compromise aviation security to
reduce wait times at Transportation Security Administration (TSA)
screening points. With the support of Congress we are surging resources
and adding personnel to address the increased volume of travelers.
Since 2014 we have enhanced security at overseas last-point-of-
departure airports, and a number of foreign governments have replicated
those enhancements. Security at these last-point-of-departure airports
remains a point of focus in light of recent attacks, including those in
Brussels and Istanbul.
As you know, in May of last year a Classified DHS Inspector
General's test of certain TSA screening at 8 airports, reflecting a
dismal fail rate, was leaked to the press. I directed a 10-point plan
to fix the problems identified by the IG. Under the new leadership of
Admiral Pete Neffenger over the last year, TSA has aggressively
implemented this plan. This has included retraining the entire
Transportation Security Officers (TSO) workforce, increased use of
random explosive trace detectors, testing and re-evaluating the
screening equipment that was the subject of the IG's test, a rewrite of
the standard operating procedures manual, increased manual screening,
and less randomized inclusion in Pre-Check lanes. These measures were
implemented on or ahead of schedule.
We are also focused on airport security. In April of last year TSA
issued guidelines to domestic airports to reduce access to secure
areas, to require that all airport and airline personnel pass through
TSA screening if they intend to board a flight, to conduct more
frequent physical screening of airport and airline personnel, and to
conduct more frequent criminal background checks of airport and airline
personnel. Since then employee access points have been reduced, and
random screening of personnel within secure areas has increased four-
fold. We are continuing these efforts in 2016. In February, TSA issued
guidelines to further enhance the screening of aviation workers in the
secure area of airports, and in May, TSA and airport operators
completed detailed vulnerability assessments and mitigation plans for
nearly 300 Federalized airports.
We will continue to take appropriate precautionary measures, both
seen and unseen, to respond to evolving aviation security threats and
protect the traveling public.
Without short-cutting aviation security, we are also working
aggressively to improve efficiency and minimize wait times at airport
security check points in the face of increased air travel volumes. I
thank Congress for approving our two reprogramming requests that have
enabled us to expedite the hiring of over 1,300 new TSOs, pay
additional overtime to the existing TSO workforce, and convert over
2,700 TSOs from part-time to full-time.
We have also brought on and moved canine teams to assist in the
screening of passengers at checkpoints, solicited over 150 volunteers
from among the TSO workforce to accept temporary reassignment from less
busy to busier airports, deployed optimization teams to the Nation's 20
busiest airports to improve operations, and stood up an Incident
Command Center at TSA headquarters to monitor checkpoint trends in real
time.
We continue to encourage the public to join TSA
PreCheckTM. The public is responding. While enrollments a
year ago were at about 3,500 daily, now enrollments are exceeding
15,000 a day. For 90% of those who are enrolled and utilize TSA
PreCheckTM, wait times at TSA checkpoints are 5 minutes or
less.
Airlines and airports are also assisting to address wait times. We
appreciate that major airlines and airport operators have assigned
personnel to certain non-security duties at TSA checkpoints, and are
providing support in a number of other ways. Longer term, we are
working with airlines and airports to invest in ``Innovation lanes''
and other technology to transform the screening of carry-on luggage and
personal items.
Our efforts are showing results. Nation-wide, the wait time for
more than 99% of the traveling public is 30 minutes or less, and more
than 90% of the traveling public is waiting 15 minutes or less. But we
are not taking a victory lap. Over the Fourth of July holiday weekend,
TSA screened 10.7 million travelers. June 30 and July 1 were the
highest-volume travel days we have seen since 2007. During this period,
however, the average wait time Nation-wide in standard security lines
was less than 10 minutes, while those in TSA PreCheckTM
lines waited an average of less than 5 minutes.
We plan to do more. The summer travel season continues, followed by
holiday travel in the fall and winter. We are accelerating the hiring
of an additional 600 TSOs before the end of the fiscal year. And we
will continue to work with Congress to ensure TSA has the resources it
needs in the coming fiscal years.
As I have said many times, we will keep passengers moving, but we
will also keep them safe.
cybersecurity
Along with counterterrorism, cybersecurity remains a cornerstone of
our Department's mission. Making tangible improvements to our Nation's
cybersecurity is a top priority for President Obama and for me to
accomplish before the end of the administration.
On February 9, the President announced his ``Cybersecurity National
Action Plan,'' which is the culmination of 7 years of effort by the
administration. The Plan includes a call for the creation of a
Commission on Enhancing National Cybersecurity, additional investments
in technology, Federal cybersecurity, cyber education, new cyber talent
in the Federal workforce, and improved cyber incident response.
DHS has a role in almost every aspect of the President's plan.
As reflected in the President's 2017 budget request, we want to
expand our cyber response teams from 10 to 48.
We are doubling the number of cybersecurity advisors to in effect
make ``house calls,'' to assist private-sector organizations with in-
person, customized cybersecurity assessments and best practices.
Building on DHS's ``Stop. Think. Connect.'' campaign, we will help
promote public awareness on multi-factor authentication.
We will collaborate with Underwriters Laboratory and others to
develop a Cybersecurity Assurance Program to test and certify networked
devices within the ``Internet of Things''--such as your home alarm
system, your refrigerator, or even your pacemaker.
I have also directed my team to focus urgently on improving our
abilities to protect the Federal Government and private sector. Over
the past year, the National Cybersecurity Communications Integration
Center, or ``NCCIC,'' increased its distribution of information, the
number of vulnerability assessments conducted, and the number of
incident responses.
I have issued an aggressive time table for improving Federal
civilian cybersecurity, principally through two DHS programs:
The first is called EINSTEIN. EINSTEIN 1 and 2 have the ability to
detect and monitor cybersecurity threats attempting to access our
Federal systems, and these protections are now in place across nearly
all Federal civilian departments and agencies.
EINSTEIN 3A is the newest iteration of the system, and has the
ability to automatically block potential cyber intrusions on our
Federal systems. Thus far E3A has actually blocked over a million
potential cyber threats, and we are rapidly expanding this capability.
About a year ago, E3A covered only about 20% of our Federal civilian
networks. In the wake of the malicious cyber intrusion at the Office of
Personnel Management, in May of last year I directed our cybersecurity
team to make at least some aspects of E3A available to all Federal
departments and agencies by the end of last year. They met that
deadline. Now that the system is available to all civilian agencies,
50% of Federal personnel are actually protected, including the Office
of Personnel Management, and we are working to get all Federal
departments and agencies on board by the end of this year.
The second program, called Continuous Diagnostics and Mitigation,
or CDM, helps agencies detect and prioritize vulnerabilities inside
their networks. In 2015, we provided CDM sensors to 97% of the Federal
civilian government. Next year, DHS will provide the second phase of
CDM to 100% of the Federal civilian government.
I have also used my authorities granted by Congress to issue
Binding Operational Directives and further drive improved cybersecurity
across the Federal Government. In May 2015, I directed civilian
agencies to promptly patch vulnerabilities on their internet-facing
devices. These vulnerabilities are accessible from the internet, and
thus present a significant risk if not quickly addressed. Agencies
responded quickly and mitigated all of the vulnerabilities that existed
when the directive was issued. Although new vulnerabilities are
identified every day, agencies continue to fix these issues with
greater urgency then before the directive.
Last month, I issued a second binding operational directive. This
directive mandated that agencies participate in DHS-led assessments of
their high-value assets and implement specific recommendations to
secure these important systems from our adversaries. We are working
aggressively with the owners of those systems to increase their
security.
In September 2015, DHS awarded a grant to the University of Texas
at San Antonio to work with industry to identify a common set of best
practices for the development of Information Sharing and Analysis
Organizations, or ``ISAOs.'' The University of Texas at San Antonio
recently released the first draft of these best practices. They will be
released in final form later this year after public comment.
Finally, I thank Congress for passing the Cybersecurity Act of
2015. This new law is a huge assist to DHS and our cybersecurity
mission. We are in the process of implementing that law now. As
required by the law, our NCCIC has built a system to automate the
receipt and distribution of cyber threat indicators at real-time speed.
We built this in a way that also includes privacy protections.
In March, I announced that this system was operational. At the same
time, we issued interim guidelines and procedures, required by this
law, providing Federal agencies and the private sector with a clear
understanding of how to share cyber threat indicators with the NCCIC,
and how the NCCIC will share and use that information. We have now
issued the final guidelines and procedures consistent with the deadline
set by the law.
I appreciate the additional authorities granted to us by Congress
to carry out our mission. Today, we face increasing threats from cyber
attacks against infrastructure and I strongly believe that we need an
agency focused on cybersecurity and infrastructure protection.
I have asked Congress to authorize the establishment of a new
operational component within DHS, the Cyber and Infrastructure
Protection agency. We have submitted a plan which will streamline and
strengthen existing functions within the Department to ensure we are
prepared for the growing cyber threat and the potential for large-scale
or catastrophic physical consequences as a result of an attack. I urge
Congress to take action so we are able to ensure DHS is best positioned
to execute this vital mission.
conclusion
I am pleased to provide the committee with this overview of the
progress we are making at DHS on countering threats. You have my
commitment to work with each Member of this committee to build on our
efforts to protect the American people.
I look forward to your questions.
Chairman McCaul. Thank you, Mr. Secretary.
The Chair now recognizes Director Comey for his testimony.
STATEMENT OF JAMES B. COMEY, DIRECTOR, FEDERAL BUREAU OF
INVESTIGATION, U.S. DEPARTMENT OF JUSTICE
Mr. Comey. Thank you, Mr. Chairman, Mr. Thompson. My
written statement has been submitted.
I think what I would do in just a few minutes is just
highlight the way in which we in the FBI are thinking about the
primary threat to the homeland, which comes at us in the form
of the so-called Islamic State, the group that we call ISIL,
and that is a threat that has 3 prongs. It is an effort by ISIL
through their poisonous propaganda to motivate people to travel
to their so-called caliphate; second, an effort to inspire
those who don't travel to engage in acts of violence,
especially directed at law enforcement or people in military
uniform; and the third prong of that threat, which we talk
about less, but we in this business focus on every day, are the
directed efforts, that is, their efforts to send people to the
United States to kill innocents or to specifically recruit and
task people in the United States to kill innocents. Those are
the 3 prongs of the ISIL threat.
There is good progress that has been made against the so-
called traveler threat. Since last summer, we have seen a drop
in the number of people attempting to travel to the so-called
Islamic State. That may be a function of the fact that the
message has gotten out that people will spend a long stretch in
jail if they attempt to travel. It could also be a function of
the fact that people have discovered that the so-called glory
of the Islamic State is nothing but a mirage, and it is hell on
earth. It could also be something that involves people staying
home to try and do something on behalf of the Islamic State. So
we don't take great comfort in a drop in the number of
travelers.
The second prong is the one that dominates our lives today.
As Secretary Johnson mentioned, there are hundreds of people in
the United States who are consuming the propaganda of this so-
called Islamic State and being motivated to move toward
violence. Our job together is to find those needles in a
haystack. In fact, our job is harder than that. It is to find
pieces of hay in that haystack that may become a needle and
disrupt them before they move from consuming to acting on that
poisonous propaganda.
Those are--and the most painful examples of that recently,
obviously, are Orlando and San Bernardino, but there are plenty
of others around this country. We have arrested 4 just in this
month to disrupt them, people who are moving on that path from
consuming to acting on violence.
The last prong, as I said, is one we never take our eye
off, for the reasons you mentioned, Mr. Chairman. We all know
there will be a terrorist diaspora out of the caliphate as
military force crushes the caliphate. Those thousands of
fighters are going to go someplace, and our job is to spot them
and stop them before they come to the United States to harm
innocent people.
I am lucky to lead an organization like the FBI that is
made up of great men and women who do this all day every day,
and to do it in partnership with the kind of people sitting at
the table here and the people who they represent. We are doing
our absolute best against a threat that is difficult to see and
to stop. I am very proud of the work we have done today, and it
will continue.
I also didn't know this was Secretary Johnson's last
appearance. I have 7 years left in my term, so I will be back.
I just want to say what a pleasure it has been to work with my
old friend, not that you are old, but my friend from many years
ago, and to see what he has done at that great organization.
Thank you, Mr. Chairman.
[The prepared statement of Mr. Comey follows:]
Prepared Statement of James B. Comey
July 14, 2016
Good afternoon Chairman McCaul, Ranking Member Thompson, and
Members of the committee. Thank you for the opportunity to appear
before you today to discuss the current threats to the homeland and our
efforts to address new challenges including terrorists' use of
technology to both inspire and recruit. The widespread use of
technology permits terrorists to propagate the persistent terrorist
message to attack U.S. interests whether in the homeland or abroad. As
the threat to harm our interests evolves, we must adapt and confront
the challenges, relying heavily on the strength of our Federal, State,
local, and international partnerships. Our successes depend on
interagency cooperation; among those partners with me today are the
Department of Homeland Security and the National Counterterrorism
Center with whom we work to address current and emerging threats.
counterterrorism
Preventing terrorist attacks remains the FBI's top priority. The
terrorist threat against the United States remains persistent and
acute. The threat posed by foreign fighters, including those recruited
from the United States, traveling to join the Islamic State of Iraq and
the Levant (``ISIL'') and from home-grown violent extremists are
extremely dynamic. The tragic event in Orlando last month is a somber
reminder of this threat. The FBI is leading a Federal terrorism
investigation with the assistance of our State, local, and Federal
partners. The on-going investigation has developed strong indications
of radicalization by this killer, but further investigation is needed
to determine if this attack was inspired by foreign terrorist
organizations. We are spending a tremendous amount of time trying to
understand every moment of the killer's path, to understand his
motives, and to understand the details of his life. Our work is very
challenging: We are looking for needles in a Nation-wide haystack, but
even more challenging, we are also called upon to figure out which
pieces of hay might someday become needles. That is hard work and it is
the particular challenge of identifying home-grown violent extremists.
These threats remain the highest priority and create the most
serious challenges for the FBI, the U.S. intelligence community, and
our foreign, State, and local partners. ISIL is relentless and ruthless
in its pursuits to terrorize individuals in Syria and Iraq, including
Westerners. We continue to identify individuals who seek to join the
ranks of foreign fighters traveling in support of ISIL, and also home-
grown violent extremists who may aspire to attack the United States
from within. In addition, we are confronting an explosion of terrorist
propaganda and training available via the internet and social
networking media. Terrorists readily disseminate poisoned propaganda
and training materials to attract easily-influenced individuals around
the world to their cause. They encourage these individuals to travel,
but if the individuals cannot travel, the terrorists motivate them to
act at home. This is a significant change and transformation from the
terrorist threat our Nation faced a decade ago.
ISIL's wide-spread reach through the internet and social media is
most concerning as the group has proven dangerously competent at
employing such tools in furtherance of its nefarious strategy. ISIL
uses high-quality, traditional media platforms, as well as wide-spread
social media campaigns to propagate its extremist ideology. Recently
released propaganda has included various English language publications
circulated via social media.
Social media is used as a tool for groups such as ISIL to spot and
assess potential recruits. With greater access to social media
platforms, terrorists can spot, assess, recruit, and radicalize
vulnerable persons of all ages in the United States either to travel to
engage in terrorist organization activities or to conduct a homeland
attack. Such use of the internet, including social media, in
furtherance of terrorism and other crimes must continue to be addressed
by all lawful means, while respecting international obligations and
commitments regarding human rights (including freedom of expression),
the free flow of information, and a free and open internet.
Unlike other groups, ISIL has constructed a narrative that touches
on all facets of life from career opportunities to family life to a
sense of community. The message isn't tailored solely to those who are
overtly expressing symptoms of radicalization. It is seen by many who
click through the internet every day, receive social media push
notifications, and participate in social networks. Ultimately, many of
these individuals are seeking a sense of belonging, not necessarily
with the initial intention to participate in terrorist activities.
Echoing other terrorist groups, ISIL has advocated for lone offender
attacks in Western countries. Recent ISIL videos and propaganda
specifically advocate for attacks against soldiers, law enforcement,
and intelligence community personnel in Western countries. Several
incidents have occurred in the United States, Canada, and Europe that
indicate this ``call to arms'' has resonated among ISIL supporters and
sympathizers. The challenge here is how to defeat ISIS and thwart its
use of the internet for terrorist and other criminal activity while
continuing to help the internet be a force for good that promotes the
enjoyment of freedom of expression, association, and peaceful
assembly--especially for individuals who are acutely at risk.
Some of these conversations occur openly on social networking
sites, but others take place via private messaging platforms that use
encryption. Terrorists' exploitation of encrypted platforms presents
serious challenges to law enforcement's ability to identify,
investigate, and disrupt terrorist threats. We respect the right of
people to engage in private communications, regardless of the medium or
technology. Whether it is instant messages, texts, or old-fashioned
letters, citizens have the right to communicate with one another in
private without unauthorized Government surveillance, because the free
flow of information is vital to a thriving democracy.
The United States believes that the internet has been, and will be,
a tremendous force for good--it has enabled the promotion and
protection of fundamental freedoms. But the internet's potential is
dependent on people's ability and willingness to use it without undue
restrictions and fear. Individuals must be able to trust that there
will be respect for privacy, access to information, and freedom of
expression, and there will be appropriate legal restraints on
Government action. Without these protections, the internet risks
becoming a mechanism for social control, rather than a place for all to
express and exchange ideas, views, and information. The risks posed by
terrorism are great, and the need for law enforcement is strong, but we
must balance those requirements against the important role played by
free expression in helping to address those same challenges.
The benefits of our increasingly digital lives, however, have been
accompanied by new obstacles and, accordingly, we are considering how
criminals and terrorists might use advances in technology to their
advantage. Investigating and prosecuting these offenders is a core
responsibility and priority of the Department of Justice. As National
security and criminal threats continue to evolve, the Department has
worked hard to stay ahead of changing threats and changing technology.
The decisions we make over the next several years about the future of
the internet--including the laws and policies that are put in place to
protect freedom of expression while thwarting terrorist and other
criminal activities--will determine whether our children will continue
to enjoy an open, interoperable, secure, and reliable internet. This in
turn will greatly affect whether the internet will continue to yield
the remarkable social, economic, and political progress that it has to
date.
We must ensure both the right of people to engage in private
communications as well as the protection of the public. The more we as
a society rely on electronic devices to communicate and store
information, the more likely it is that information that was once found
in filing cabinets, letters, and photo albums will now be stored only
in electronic form. When changes in technology hinder law enforcement`s
ability to exercise investigative tools and follow critical leads,
those changes also hinder efforts to identify and stop terrorists who
are using social media to recruit, plan, and execute an attack in our
country.
We are seeing more and more cases where we believe significant
evidence resides on a phone, a tablet, or a laptop--evidence that may
be the difference between an offender being convicted or acquitted. If
we cannot access this evidence, it will have on-going, significant
impacts on our ability to identify, stop, and prosecute these
offenders.
The FBI is using all lawful investigative techniques and methods to
combat these terrorist threats to the United States, including both
physical and electronic surveillance. Along with our domestic and
foreign partners, we are collecting and analyzing intelligence about
the on-going threat posed by foreign terrorist organizations and home-
grown violent extremists. We continue to encourage information sharing.
In partnership with our many Federal, State, local, and Tribal agencies
assigned to Joint Terrorism Task Forces around the country, we remain
vigilant to ensure the safety of the American public. The FBI continues
to pursue increased efficiencies and information sharing processes as
well as pursue technological and other methods to help stay ahead of
threats to the homeland.
intelligence
Integrating intelligence and operations is part of the broader
intelligence transformation the FBI has undertaken in the last decade,
and while we are making progress, we still have more work to do. Our
goal every day is to get better at using, collecting, and sharing
intelligence to better understand and defeat our adversaries.
We have established an Intelligence Branch within the FBI to lead
integration across the organization, with responsibility for all
intelligence strategy, resources, policies, and functions. The branch
is headed by an Executive Assistant Director who looks across the
entire enterprise and drives integration. We have also established a
Bureau Intelligence Council within the Intelligence Branch to ensure we
take a consolidated and integrated approach to threats. As part of this
council, senior-level intelligence professionals will lead enterprise-
wide strategic assessments, facilitate a broader understanding of how
threats mitigated across operational programs are related, and help
balance our priorities with those of the broader intelligence community
and U.S. Government.
We have also put in place training for all levels of the workforce,
from entry-level employees to senior leaders, to ensure we achieve that
integration throughout the enterprise. New agents and analysts now
engage in practical training exercises and take core courses together
at the FBI Academy--and, as a result, are better prepared to
collaborate effectively throughout their careers. In addition, all
field supervisory agents, supervisory analysts, and foreign language
program managers, as well as headquarters unit chiefs, now attend a 2-
day forum focused on sharing best practices to advance integration. All
section chiefs and GS-15 field agents and analysts also attend a 2\1/
2\-day course on effectively integrating intelligence processes to
maximize resources against prioritized threats. Finally, our entire
executive management team at headquarters has participated in two
integration sessions to ensure the integration of intelligence into
every aspect of the FBI's work.
In addition, we are dedicated to expanding the developmental and
leadership opportunities for all members of the intelligence program
workforce. We recently put in place 7 additional Senior Supervisory
Intelligence Analyst positions in various offices around the country to
increase leadership opportunities for our analyst cadre and enhance our
management of field intelligence work. These GS-15 analysts manage
intelligence in the field, fulfilling a role that has traditionally
been performed by agents and demonstrating we are promoting effective
integration throughout the organization.
We have also redesigned the training curriculum for another part of
the Intelligence Program workforce--Staff Operations Specialists
(``SOSs'')--to aid in their performance of tactical functions in the
field. In addition, a new development model clearly identifies SOS work
responsibilities, tasks, training, and opportunities at the basic,
intermediate, and advanced levels to guide the professional growth of
SOSs across the organization at all points throughout their FBI
careers.
Similarly, our language workforce continues to make important
contributions to the mission. Our language professionals have recently
supported numerous important investigations and operations, including
Malaysia Airlines Flight 17 last summer, numerous ISIL-related
investigations, the disruption of a nuclear threat in Moldova, and so
many others. The National Virtual Translation Center (``NVTC'') also
continues to provide excellent service, supporting hundreds of
Government offices each year.
The FBI cannot be content to just work what is directly in front of
us. We must also be able to understand the threats we face at home and
abroad and how those threats may be connected. Toward that end,
intelligence is gathered, consistent with our authorities, to help us
understand and prioritize identified threats and to determine where
there are gaps in what we know about these threats. We then seek to
fill those gaps and learn as much as we can about the threats we are
addressing and others on the threat landscape. We do this for National
security and criminal threats, on both a National and local field
office level. We then compare the National and local perspectives to
organize threats into priorities for each of the FBI's 56 field
offices. By categorizing threats in this way, we strive to place the
greatest focus on the gravest threats we face. This gives us a better
assessment of what the dangers are, what's being done about them, and
where we should prioritize our resources.
cyber
Virtually every National security and criminal threat the FBI faces
is cyber-enabled in some way. We face sophisticated cyber threats from
foreign intelligence agencies, hackers for hire, organized crime
syndicates, and terrorists. These threat actors constantly seek to
access and steal Classified information, our trade secrets, our
technology, and our ideas--things of incredible value to all of us and
of great importance to our National and economic security. They seek to
strike our critical infrastructure and to harm our economy.
The pervasiveness of the cyber threat is such that the FBI and
other intelligence, military, homeland security, and law enforcement
agencies across the Federal Government view improving cybersecurity and
preventing cyber attacks as a top priority. Within the FBI, we are
targeting the most dangerous malicious cyber activity: High-level
intrusions by state-sponsored hackers and global organized crime
syndicates, as well as the most prolific botnets. We need to be able to
move from reacting to such malicious activity after the fact to
preventing such attacks. That is a significant challenge, but one we
embrace.
As the committee is well aware, the frequency and impact of
malicious cyber activity on our Nation's private sector and Government
networks have increased dramatically in the past decade and are
expected to continue to grow.
We continue to see an increase in the scale and scope of reporting
on malicious cyber activity that can be measured by the amount of
corporate data stolen or deleted, personally identifiable information
compromised, or remediation costs incurred by U.S. victims. For
example, as the committee is aware, the Office of Personnel Management
(``OPM'') discovered last year that a number of its systems were
compromised. These systems included those that contain information
related to the background investigations of current, former, and
prospective Federal Government employees, as well as other individuals
for whom a Federal background investigation was conducted. The FBI is
working with our interagency partners to investigate this matter.
Another growing threat to businesses and individuals alike is
ransomware, which is malicious software that takes control of victims'
computers and systems and encrypts the data until the victims pay a
ransom. Last year alone reported losses from ransomware totaled more
than $24 million. The FBI works closely with the private sector so that
companies may make informed decisions in response to ransomware and
other malware attacks. Companies can prevent and mitigate malware
infection by utilizing appropriate back-up and malware detection and
prevention systems, and training employees to be skeptical of emails,
attachments, and websites they don't recognize. The FBI does not
encourage payment of ransom, as payment of extortion monies may
encourage continued criminal activity and paying a ransom does not
guarantee that an organization will regain access to its data.
The FBI is engaged in a myriad of efforts to combat cyber threats,
from efforts focused on threat identification and information sharing
inside and outside of Government, to our emphasis on developing and
retaining new talent and changing the way we operate to defeat these
threats. We take all potential threats to public and private-sector
systems seriously and will continue to investigate and hold accountable
those who pose a threat in cyber space.
Finally, the strength of any organization is its people. The
threats we face as a Nation have never been greater or more diverse and
the expectations placed on the Bureau have never been higher. Our
fellow citizens look to us to protect the United States from all of
those threats and the men and women of the Bureau continue to meet and
exceed those expectations, every day. I want to thank them for their
dedication and their service.
Chairman McCaul, Ranking Member Thompson, and committee Members, I
thank you for the opportunity to testify concerning the threats to the
homeland. I am happy to answer any questions you might have.
Chairman McCaul. Thank you, Director Comey.
The Chair now recognizes Director Rasmussen.
STATEMENT OF HONORABLE NICHOLAS J. RASMUSSEN, DIRECTOR, THE
NATIONAL COUNTERTERRORISM CENTER, OFFICE OF THE DIRECTOR OF
NATIONAL INTELLIGENCE
Mr. Rasmussen. Good morning, Chairman McCaul, Ranking
Member Thompson, and Members of the committee. I appreciate the
opportunity to join my colleagues Secretary Johnson and
Director Comey here this morning to talk about the threats that
worry us the most.
I would also like to thank you, Mr. Chairman, for your
recent visit to address my work force at NCTC in a town hall
setting. It was a terrific, terrific session, and I appreciate
the support that your committee and you personally have shown
to our work force and to our mission.
As Director Comey and Secretary Johnson said, the attack in
Orlando underscores the critical nature of our collective
vigilance against home-grown violent extremism. Looking ahead,
we certainly expect that more additional home-grown violent
extremists will try to replicate the violence and potentially
capitalize on media attention that came from attacks like those
like the one in Florida generated. It is clearly the case that,
in the past few years, the pool of potential home-grown violent
extremists has expanded significantly. As Director Comey has
talked about in prior testimony, the FBI has investigations
across all 50 States that touch on this population.
This increase in caseload tracks with ISIL's rise in
prominence in the large-scale media and propaganda apparatus
that it has tried to development to influence populations
around the world. As we approach 15 years after the 9/11
attacks, I would say it is fair to say that the array of
terrorist actors around the globe is broader, deeper, and wider
than it has been at any time since 9/11. It is ISIL's
narrative, rooted in unceasing warfare against all that it
defines as its enemies that also extends well beyond the Syria
and Iraq battlefield. ISIL has carried out attacks ranging in
tactics and targets, from the downing of a Russian airliner in
Egypt to the attacks last November in Paris against
restaurants, a sports stadium, and a concert venue, attacks on
an airport in Brussels--in both--in Brussels and Istanbul--and,
most recently, the killing of hostages and law enforcement
officials in a cafe in Bangladesh. All of these attacks show
how ISIL can draw upon local individuals, local affiliates to
carry out these lethal attacks.
So this array of recent attacks that I just rattled through
demonstrates that the threat landscape is in many ways less
predictable than ever. While the scale of the capabilities
currently demonstrated by most of the terrorist actors that we
are dealing with does not rise to the level of the capability
that core al-Qaeda had to carry out catastrophic attacks on 9/
11, it remains fair to say that we face more threats
originating in more places involving more individuals than at
any period since 9/11.
It is ISIL's access to resources and territorial control in
areas of Syria and Iraq that are key ingredients to the group's
development of external operations capability, which includes
the group's ability to threaten the homeland. For that reason,
shrinking the size of that territory controlled by ISIL,
denying ISIL access to additional manpower in the form of
foreign fighters remains a top priority. Success in these areas
is essential to our ultimate effort to prevent the group from
operating on a global scale as a terrorist organization.
Clearly, progress has been made in these areas, but despite
this progress, it is our judgment that ISIL's ability to carry
out terrorist attacks in Syria, Iraq, and abroad has not to
date been significantly diminished, and the current tempo of
ISIL-linked terrorist activity is a painful reminder ISIL's
global reach.
It is important to understand that we do not judge that
there is a direct link between the group's current battlefield
status on the ground in Iraq and Syria and the group's capacity
to operate as a global terrorist organization with capabilities
around the world. ISIL's external operations capability has
been building and entrenching during the past 2 years, and we
don't think that battlefield reverses alone in Iraq will be
sufficient to degrade that terrorism capability that has
evolved with ISIL.
So, without question, the tremendous efforts we are making
as a Government to counter ISIL are absolutely warranted, but I
want to shift briefly for a moment to stress that we still
regard al-Qaeda and al-Qaeda's various affiliated organizations
as a principal counterterrorism priority, and we are
particularly concerned about al-Qaeda's growing safe haven in
Syria.
We know that ISIL is trying to strengthen its global
network by relocating some of its remaining leadership from
South Asia to Syria, and these leaders include individuals who
have been part of the group since the time even before 9/11.
Now that many of them are in Syria, we believe that they will
work to threaten the United States and our allies.
Turning to broader trends in the contemporary threat
environment, I will briefly highlight three that concern us the
most. The first trend is the persistent effort by our terrorist
adversaries to target the aviation sector. While there is much
more I could say in a Classified setting on this, I can say
here that both al-Qaeda and ISIL remain focused on defeating
our defenses against aviation-related attacks.
The second trend I would highlight is the increasing
ability of terrorist actors to communicate with each other
outside our reach through the use of encrypted applications.
Third, while we have seen a decrease in the frequency of
large-scale, complex plotting efforts that sometimes span
several years, we are instead seeing proliferation of more
rapidly evolving and maturing threats, the so-called flash-to-
bang ratio that we have talked to this committee before about.
The time between when an individual first decides to pursue
violence and when an actual attack might occur has become
extremely compressed, placing much greater pressure on law
enforcement and intelligence.
In our environment, our best hope of providing enduring
security in this environment rests on our ability to counter
the appeal of terrorism and dissuade individuals in the first
place, and that goes to the subject of countering violent
extremism, which was something raised by both the Chairman and
the Ranking Member.
NCTC, working with DHS and FBI, has developed CVE tools to
build community resilience across the country, but there is
clearly more work to be done by all of us together in this
environment, and I look forward at NCTC to our doing our part.
Thank you, Mr. Chairman.
Thank you, Ranking Member, and Members of the committee.
I look forward to taking your questions.
[The prepared statement of Mr. Rasmussen follows:]
Prepared Statement of Nicholas J. Rasmussen
July 14, 2016
Thank you, Chairman McCaul, Ranking Member Thompson, and Members of
the committee. I appreciate this opportunity to discuss the terrorism
threats that concern us most. I am pleased to join my colleagues and
close partners, Secretary Jeh Johnson from the Department of Homeland
Security (DHS), and Director James Comey of the Federal Bureau of
Investigation (FBI).
Over the past several years, we have had great success in
strengthening our Homeland security and have made progress in reducing
external threats emanating from core al-Qaeda and the self-proclaimed
Islamic State of Iraq and the Levant, or ISIL, due to aggressive
counterterrorism (CT) action against the groups. Unfortunately, the
range of threats we face has become increasingly diverse and
geographically expansive, as we saw with ISIL's recent wave of attacks
in Bangladesh, Iraq, Saudi Arabia, and Turkey. As these attacks
demonstrate, ISIL's strategy is to weaken the resolve of its
adversaries and project its influence world-wide through attacks and
propaganda, ultimately perpetuating fear.
The continuing appeal of the violent extremist narrative and the
adaptive nature of violent extremist groups continue to pose
substantial challenges to the efforts of our CT community. In addition
to the attacks overseas, we are no doubt reminded by the shooting in
Orlando, Florida, last month that home-grown violent extremists, or
HVEs, who are inspired by groups such as ISIL remain an unpredictable
threat we face in the homeland. Because HVEs are frequently lone
actors, often self-initiating and self-motivating, their threats are
harder to detect and, therefore, harder to prevent. But just as the
threat evolves, so do we. We are constantly adapting, and we must
continue to improve.
threat overview
The attack in Orlando underscores the importance of what we are
here today to discuss and the critical nature of our vigilance against
home-grown violent extremism. While the reasons for the attack in
Florida become known and continue to inform how we detect and respond
to these types of incidents, we remain committed to keeping our Nation
safe. The best way to combat terrorism is a whole-of-Government
approach, where Federal, State, and local intelligence and law
enforcement collaborate.
We expect some HVEs will try to replicate the violence and
potentially capitalize on the media coverage and attention that attacks
like the one in Florida generated. Although we do not see a large
number of these types of threats at the moment, we expect to see an
increase in threat reporting around the summer holidays and the large
public events, celebrations, and gatherings that accompany them. We
will continue to track and monitor the threats and share that
information with our partners.
In the past few years, the pool of potential HVEs has expanded. As
Director Comey has said, the FBI has investigations on around 1,000
potential HVEs across all 50 States. While HVEs have multiple factors
driving their mobilization to violence, this increase in caseload
tracks with ISIL's rise in prominence and its large-scale media and
propaganda efforts to reach and influence populations world-wide. What
we have seen over time is that HVEs--either lone actors or small
insular groups--continue to gravitate toward simple tactics that do not
require advanced skills or outside training. The majority of HVEs will
likely continue to select traditional targets, such as military
personnel, law enforcement, and other symbols of the U.S. Government.
Some HVEs--such as the Orlando shooter in June and the San Bernardino
shooters in December 2015--may have conducted attacks against
personally significant targets. The convergence of violent extremist
ideology and personal grievances or perceived affronts likely played a
role in motivating these HVEs to attack.
As we approach 15 years since 9/11, the array of terrorist actors
around the globe is broader, wider, and deeper than it has been at any
time since that day. ISIL's narrative, rooted in unceasing warfare
against all enemies, extends beyond the Syria-Iraq battlefield. ISIL
has conducted attacks ranging in tactics and targets--the bombing of a
Russian airliner in Egypt; the attacks in Paris at restaurants, a
sports stadium, and a concert venue; the killing of hostages and
Bangladeshi law enforcement officials in a cafe in Bangladesh; and the
bombing of a crowded commercial district in Baghdad--all of which
demonstrate how ISIL can capitalize on local affiliates on the ground
for attacks. The threat landscape is less predictable and, while the
scale of the capabilities currently demonstrated by most of these
violent extremist actors does not rise to the level that core al-Qaeda
had on 9/11, it is fair to say that we face more threats originating in
more places and involving more individuals than we have at any time in
the past 15 years.
As we recently saw at Istanbul's Ataturk Airport and the attack in
Belgium in March, terrorists remain focused on attacks against aviation
because they recognize the economic damage that may result from even
unsuccessful attempts to down aircraft or against airline terminals, as
well as the high loss of life and the attention media devotes to these
attacks. World-wide security improvements in the aftermath of the 9/11
attacks have hardened the aviation sector but have not entirely removed
the threat. Violent extremist publications continue to promote the
desirability of aviation and its infrastructure for attacks and have
provided information that could be used to target the air domain.
We have come to view the threat from ISIL as a spectrum, where on
one end, individuals are inspired by ISIL's narrative and propaganda,
and at the other end, ISIL members are giving operatives direct
guidance. Unfortunately it is not always clear; sometimes ISIL members
in Iraq and Syria reach out to individuals in the homeland to enable
others to conduct attacks on their behalf. More often than not, we
observe a fluid picture where individuals operate somewhere between the
two extremes.
ISIL's access to resources--in terms of both manpower and funds--
and territorial control in areas of Syria and Iraq are the ingredients
that we traditionally look to as being critical to the group's
development of an external operations capability, to include their
ability to threaten the homeland. For that reason, shrinking the size
of territory controlled by ISIL, and denying the group access to
additional manpower in the form of foreign fighters and operatives,
remains a top priority, and success in these areas will ultimately be
essential to our efforts to prevent the group from operating as a
terrorist organization with global reach and impact. And clearly,
progress has been made in these areas. But despite this progress, it is
our judgment that ISIL's ability to carry out terrorist attacks in
Syria, Iraq, and abroad has not to date been significantly diminished,
and the tempo of ISIL-linked terrorist activity is a reminder of the
group's continued global reach.
While ISIL's efforts on the ground in Syria and Iraq remain a top
priority for the group's leadership, we do not judge that that there is
a direct link between the group's current battlefield status in Iraq
and Syria and the group's capacity to operate as a terrorist
organization with global capabilities. Their external operations
capability has been building and entrenching during the past 2 years,
and we do not think battlefield losses alone will be sufficient to
degrade completely the group's terrorism capabilities. As we have seen,
the group has launched attacks in periods in which the group held large
swaths of territory as well as during the past few weeks, as the group
feels increasing pressure from the counter-ISIL campaign. In addition
to their efforts to conduct external attacks from their safe havens in
Iraq and Syria, ISIL's capacity to reach sympathizers around the world
through its robust social media capability is unprecedented and gives
the group access to large numbers of HVEs.
ISIL spokesman Abu Muhammad Adnani's most recent public statement--
which encourages ISIL supporters in the United States to conduct
attacks in their home countries instead of traveling to Iraq and
Syria--may suggest that ISIL recognizes the difficulty in sending
operatives to the homeland for an attack. ISIL likely views the United
States as a harder target than Europe due to Europe's proximity to the
conflict. U.S. ports of entry are under far less strain from mass
migration, and U.S. law enforcement agencies are not overtaxed by
persistent unrest, as some of our counterparts are overseas.
In Europe, we are concerned about ISIL's demonstrated ability to
conduct coordinated attacks by deploying operatives from Syria and Iraq
and leveraging European jihadist networks. ISIL attacks in Paris in
November and Brussels in March revealed several factors that could
enable future operations. First, the role of ISIL's cadre of foreign
fighters in planning and executing external operations is key. As we
know, several of the Paris and Brussels attackers had experience
fighting in Syria, including Paris attack coordinator and operative
Abdelhamid Abaaoud.
A second factor that has contributed to ISIL's successful attacks
in Europe is the flexibility of their operatives. Those serving as
facilitators can transition to attackers for different operations. Some
of the Brussels attackers supported the Paris attacks by providing
explosives and transportation for operatives. This is a dynamic that
the U.S. Government must consider in order to effectively aid our
European counterparts in identifying and disrupting future attacks.
Finally, ISIL's leveraging of criminal, familial, and communal ties
contributes to its ability to advance plotting in Europe. Many
operatives involved in the attacks in Paris and Brussels share a
similar story of getting involved in criminal activities before
becoming radicalized to violence.
Similar to the HVE challenge we face, Europe-based individuals have
responded to ISIL's violent message and act on the group's behalf. A
violent extremist attacked a police officer and his wife last month in
France and pledged his allegiance to ISIL amir Abubakr al-Baghdadi
during the hostage situation through a live-streaming social media
service.
Last year we confirmed that ISIL had successfully sent several
operatives--including at least two of the Paris attackers--from Syria
to Western Europe by having them blend in with the flow of some 1
million migrants, asylum seekers, and refugees who traveled from Turkey
to Greece in 2015. Although ISIL most likely will continue to seek
opportunities to infiltrate these Europe-bound flows when it is
operationally expedient to do so, the group probably would prefer other
options to deploy operatives to the homeland because of the relative
difficulties to entering the United States via the U.S. Refugee
Admissions Program. Specifically, applicants have little-to-no control
as to whether the United Nations will refer them for consideration by
the U.S. Refugee Admissions Program. Those refugees who are referred to
the U.S. Refugee Admissions Program are then subjected to a process for
resettlement of refugees administered by the United Nations High
Commissioner for Refugees (UNHCR).
To ensure proper scrutiny of refugee applicants referred to the
United States by the UNHCR, the National Counterterrorism Center (NCTC)
has worked extensively with the screening community to deliver a
comprehensive, end-to-end refugee vetting system that streamlines
operations without compromising safety, removes stovepipes, and
increases transparency across the board. This screening is just one
part of a comprehensive system of checks--including the participation
of the Departments of Homeland Security, State, Defense, and the FBI as
well as additional intelligence agencies--that includes extensive in-
person overseas interviews, biographic and biometric assessments, and
recurrent vetting.
NCTC screening is done in two ways: The first is identity
resolution. We utilize automated programs to correlate biographic
information of refugee applicants against the Terrorist Identities
Datamart Environment, the U.S. Government's central repository of
international terrorist information, for potential matches. All of
these computer-generated matches are reviewed by analysts trained to
resolve identities. We access other intelligence community (IC)
holdings to then validate those findings.
The second way is our screening against IC holdings. We screen
applicant biographic information against the IC holdings to identify
any possible matches to raw intelligence reporting and then conduct
analysis to determine any nexus to terrorism.
The tremendous efforts we are undertaking to counter the ISIL
threat are absolutely warranted, but I want to stress that we still
view al-Qaeda and the various al-Qaeda affiliates and nodes as a
principal counterterrorism priority. For example, while ISIL is driving
most terrorist threats against Europe, we know that the pressures we
face on the Continent are not limited to ISIL. The attack on the
Charlie Hebdo magazine office in Paris by individuals linked to AQAP in
January 2015 is a key example of the broad violent extremist threat
facing Europe. We would not tier our priorities in such a way that
downgrades al-Qaeda in favor of a greater focus on ISIL. When we are
looking at the terrorism threats that we face as a Nation, including to
the homeland, al-Qaeda still figures prominently in that analysis.
We are particularly concerned about al-Qaeda's safe haven in Syria
because we know al-Qaeda is trying to strengthen its global networks by
relocating some of its remaining leadership cadre from South Asia to
Syria. These leaders include some who have been part of the group since
before the September 11 attacks and, once in Syria, we believe they
will work with the al-Qaeda affiliate there--the Nusrah Front--to
threaten the United States and our allies.
The Nusrah Front is al-Qaeda's largest affiliate and one of the
most capable armed groups operating in Syria. Its integration of al-
Qaeda veterans provides the group with strategic guidance and enhances
its standing within the al-Qaeda global movement. In April, the U.S.
military successfully targeted some of the Nusrah Front's senior
members, including long-time al-Qaeda member and former spokesman for
the group in Syria, Abu Firas al-Suri. We will remain vigilant in our
efforts to counter this group and the threats it poses to the West.
We believe we have constrained the group's effectiveness and their
ability to recruit, train, and deploy operatives from their safe haven
in South Asia; however, this does not mean that the threat from core
al-Qaeda in the tribal areas of Pakistan or in eastern Afghanistan has
been eliminated. We assess that al-Qaeda and its adherents in the
region still aspire to conduct attacks and, so long as the group can
potentially regenerate capability to threaten the homeland with large-
scale attacks, Al-Qaeda will remain a threat. Al-Qaeda's allies in
South Asia--particularly the Haqqani Taliban Network--also continue to
present a high threat to our regional interests.
The IC is cognizant to the level of risk the United States may face
over time if al-Qaeda regenerates, finds renewed safe haven, or
restores lost capability. We are very much on alert for signs that al-
Qaeda's capability to attack the West from South Asia is being restored
and would warn immediately if we find trends in that direction. I am
confident that the U.S. Government will retain sufficient capability to
continue to put pressure on that core al-Qaeda network and therefore
reduce the risk of a resurgence by al-Qaeda in the region.
We also see increasing competition between violent extremist actors
within South Asia itself, between and among the Taliban, ISIL's branch
in South Asia, and al-Qaeda. This is an additional dynamic that we are
working to understand. While conflict among terrorist groups may well
distract them from their core mission of plotting attacks against
Western targets, conflict also serves to introduce a degree of
uncertainty into the terrorism landscape that raises questions that I
don't think we have answers to yet. This is something we are watching
very closely.
Stepping back, there are two trends in the contemporary threat
environment that concern us most. First is the increasing ability of
terrorist actors to communicate with each other outside our reach with
the use of encrypted communications. As a result, collecting precise
intelligence on terrorist intentions and the status of particular
terrorist plots is increasingly difficult.
There are several reasons for this: Exposure of intelligence
collection techniques, disclosures of Classified information that have
given terrorist groups a better understanding of how we collect
intelligence, and terrorist groups' innovative and agile use of new
means of communicating, including ways that are sometimes beyond our
ability to collect, known as ``going dark.''
Second, while we've seen a decrease in the frequency of large-
scale, complex plotting efforts that sometimes span several years,
we're instead seeing a proliferation of more rapidly-evolving threat or
plot vectors that emerge simply by an individual encouraged to take
action who then quickly gathers the few resources needed and moves into
an operational phase. The so-called ``flash-to-bang'' ratio--the time
between when an individual decides to attack and when the attack
occurs--in plotting of this sort is extremely compressed and allows
little time for traditional law enforcement and intelligence tools to
disrupt or mitigate potential plots.
ISIL is aware of this, and those connected to the group have
understood that by motivating actors in their own locations to take
action against Western countries and targets, they can be effective,
especially if they believe they cannot travel abroad to ISIL-controlled
areas. In terms of propaganda and recruitment, ISIL supporters can
generate further support for their movement, even without carrying out
catastrophic, mass-casualty attacks. And that's an innovation in the
terrorist playbook that poses a great challenge.
countering violent extremism (cve)
The number of individuals going abroad as foreign terrorist
fighters to Iraq and Syria only emphasizes the importance of
prevention. Any hope of enduring security against terrorism or
defeating organizations like ISIL rests in our ability to counter the
appeal of terrorism and dissuade individuals from joining them in the
first place.
To this end, as announced in January 2016, the Countering Violent
Extremism Task Force was stood up to organize Federal CVE efforts. The
CVE Task Force will be led by the Department of Homeland Security for
the first 2 years; afterward, the Department of Justice will assume
leadership. It will be staffed by multiple departments and agencies,
including the FBI and NCTC. The main objectives of the task force are
to coordinate Federal support for on-going and future research, and
establish feedback mechanisms to incorporate sound results; synchronize
Federal Government outreach to, and engagement with, CVE stakeholders
and provide technical assistance to CVE practitioners; manage and
leverage digital technologies to engage, empower, and connect CVE
stakeholders; and work with CVE stakeholders to develop intervention
programs.
NCTC continues to refine and expand the preventive side of
counterterrorism. We have seen a steady proliferation of more proactive
and engaged community awareness efforts across the United States, with
the goal of giving communities the information and tools they need to
see violent extremism in their midst and do something about it before
it manifests itself. NCTC, in direct collaboration with DHS and the
inter-agency team, has led the creation of CVE tools to build community
resilience across the country.
NCTC has sent our officers on multiple occasions to meet with the
communities in places such as Denver, Sacramento, Buffalo, and
Minneapolis to raise awareness among community and law enforcement
audiences about the terrorist recruitment threat. Our briefing is now
tailored to address the specific issue of foreign fighter recruitment
in Syria and Iraq, and we have received a strong demand signal for more
such outreach. The Community Resilience Exercise, a table-top exercise
that brings together local law enforcement with community leadership to
run through a hypothetical case-study-based scenario featuring a
possible violent extremist or foreign fighter, aims to encourage the
creation of intervention models at the local level. In the same way
that local partners, including law enforcement, schools, social service
providers, and communities, have come together to provide alternative
pathways and off-ramps for people who might be vulnerable to joining a
gang, we are encouraging our local partners to implement similar models
for violent extremism. The more resilient the community, the less
likely its members are to join a violent extremist group.
conclusion
Chairman McCaul, Ranking Member Thompson, and Members of the
committee, thank you for the opportunity to testify before you this
morning. As we are reminded by the events in Florida as well as
globally just a couple of weeks ago, the role that NCTC, FBI, and DHS
play in combating terrorism, along with this committee's support, is
critically important. I know the collaboration among all the agencies
represented here will continue over the months and years to come in
order to continue to protect the homeland.
Thank you all very much, and I look forward to answering your
questions.
Chairman McCaul. Thank you, Director.
I now recognize myself for questions.
There are some who argue that our military actions in Iraq
and Syria have diminished the threat to the homeland, and I
think, Director Rasmussen, you touched upon this. However, the
CIA director, John Brennan, just recently in his testimony gave
the administration a failing grade in the fight against ISIS
and said, ``Our efforts have not reduced the group's terrorism
capability and global reach.''
[The information follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman McCaul. I want to ask this question to each of
you, starting with Secretary Johnson. Do you agree with the CIA
director's comments?
Secretary Johnson. I haven't read Director Clapper's--I
mean, Director Brennan's testimony in its entirety. I have seen
excerpts of it.
The way I would assess it is we are making significant
progress in ISIL's ability to maintain any type of caliphate in
Iraq and Syria. I think any time a terrorist organization from
the homeland security perspective is able to establish a
caliphate, that has real implications and troubling
implications. We have made progress there in our ability to
roll back their territory, degrade their ability to finance,
degrade their ability to communicate.
I agree with Nick's assessment, however, that we have--
ISIL's ability to conduct external attacks, to inspire, to
self-radicalize is still very much present, and that is
something that we need to continue to focus our U.S. Government
National security, homeland security resources on. In no
respect, I think, are we satisfied that their ability to engage
in external attacks and self-radicalize actors and inspire
actors has been diminished to the point where we can step back
and take a breather. We have to stay focused on that very much
so.
Chairman McCaul. Director Comey.
Mr. Comey. I agree with what Secretary Brennan--excuse me--
Director Brennan said. The intelligence community assesses
that, as the caliphate is crushed, the so-called Islamic State
will become more desperate to demonstrate its continued
vitality, and that will likely take the form of more asymmetric
attacks, more efforts at terrorism. So I agree with Secretary
Johnson. It is necessary to crush the caliphate, but we can't
take our eye off what the next move will be by these killers.
Chairman McCaul. Director Rasmussen.
Mr. Rasmussen. I guess the way I would think about it, Mr.
Chairman, is that one shouldn't necessarily expect that there
is a one-for-one correlation between progress on the ground in
Iraq and Syria, which is undeniable and is essential to our
long-term effort to crush ISIL or to defeat ISIL, but one
shouldn't expect a one-for-one correlation between that effort
and the results we are seeing on that front and near-term
shrinkage of this external operations capability that the group
has invested in over time. So I would consider that as
something that is going to lag. Our success in this area is
going to take longer and require more effort.
Chairman McCaul. The next question, we have been long
worried about ISIS' internet directives to kill both military
and police officers in this country. After Dallas and the
tragic events there--I was born and raised in that city--we now
see a new threat to law enforcement from another direction that
I see--this, I am concerned about--from fringe groups out
there. I direct this to Secretary Johnson and Director Comey.
As we look at the upcoming Republican Convention--and I
will be attending on Monday--can you comment on the threat from
these fringe groups? I know some have directed people to come
to Cleveland and bring your weapons. Obviously, there is great
concern among the American people of the status of security at
that convention.
Secretary Johnson, can you comment on that?
Secretary Johnson. Well, I am concerned about the prospect
of demonstrations getting out of hand. I am concerned about the
possibility of violence. We have within DHS some 3,000
personnel that will be dedicated to the security of the
Republican National Convention and the Democratic National
Convention each, consisting of Secret Service, TSA, Homeland
Security Investigations, Customs and Border Protection, NPPD,
Coast Guard. I know that there will be at least another 1,000
or so U.S. Government personnel at hand in both places, a
number in Cleveland of the Ohio Guard, as well as probably
thousands in terms of State and local law enforcement.
We have been planning and preparing for both conventions
now for over a year. As I mentioned earlier, I plan to inspect
the security at both sites; Cleveland tomorrow, Philadelphia
next Friday.
So I think we have to be concerned about things getting out
of hand, very definitely, but there will be a lot of security
and lot of preparation in place. There is a certain level of
First Amendment protected activity that is guaranteed to
demonstrators at National political conventions. It will be
confined. It will be roped off in an isolated area, but it is
something that we will have a lot of security devoted to, Mr.
Chairman.
Chairman McCaul. Thank you.
Director Comey, to the extent you can in an open setting,
can you talk about the nature of the threats, threat streams
you see out there to this convention?
Mr. Comey. Yes, Mr. Chairman. The definition of domestic
terrorism is someone who engages in acts of violence directed
against other people in order to coerce a civilian population
or try and coerce a government, and so, any time there is a
National spotlight on a political event in the United States,
there is a risk that groups that aspire to do just that, to
engage in acts of domestic terrorism, will be attracted.
It is a threat we are watching very, very carefully. It is
the reason we have hundreds of people focused on intelligence
and deployed to Cleveland. I don't want to talk about
particular groups here, but there is a concern any time there
is an event like this that people from across a spectrum of
radical groups will be attracted to it, so we are watching it
very, very carefully.
Chairman McCaul. Thank you. Last question. I want to ask
you about the National security implications of Secretary
Clinton's private server. You stated that she used personal
emails extensively while outside the United States, including
sending and receiving work-related emails in the territory of
sophisticated adversaries. Given that, you assessed it is
possible that actors gained access to her personal email
account. I know when we travel overseas, we are told not to
bring these devices into nations with foreign adversaries.
[The information follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman McCaul. You went on to say that 7 of her email
chains concerned matters classified at Top Secret but also
special access programs that were sent and received. Those
programs were designed in part to protect the country's most
highly classified and sensitive information.
Can you tell us, if her private server, if these emails
were breached, what would be the National security implications
to that, and could American lives be at risk?
Mr. Comey. Thank you, Mr. Chairman. I was hoping to talk
about terrorism, but I will do my best to address this in an
open setting.
As I have said publicly, I don't know--we don't have direct
evidence that the server was successfully hacked. We wouldn't,
though, expect to see that evidence from sophisticated
adversaries, given the nature of the adversary and given the
nature of the system.
The definition of Classified information is it is
information that an intelligence agency assesses the improper
release of which would cause some damage to the United States.
I can't answer the question beyond that without going into
the specifics of the emails, which I can't do in an open
setting.
Chairman McCaul. I know we can't talk about what special
access programs were on these emails in the server. You and I
know how sensitive they are. I hope and pray that they were not
compromised.
With that, the Chair recognizes the Ranking Member.
Mr. Thompson. Thank you, Mr. Chairman.
Director Comey, as America's top cop, I want you to
appreciate my question as it relates to the access to guns in
this country by dangerous people. The International Association
of Chiefs of Police, the Major Cities Chiefs Association, and
other groups representing law enforcement are supportive of
sensible gun laws, including the broadening of background
checks, and I am talking about the Charleston loophole. We are
told that, with the 3-day requirement, that if your department
hadn't completed the check, that person can automatically get a
gun. What are your thoughts on that loophole?
Mr. Comey. Well, thank you, Mr. Thompson. I can answer
factual questions. The Bureau does not get involved in
policymaking or recommending legislation, so that is--issues
like that should be directed to the Department of Justice.
The way that the law works is, after 3 days, if we have not
denied the transaction by finding some prohibition, the
retailer may transfer the weapon. Now, large retailers like
Walmart will not, they wait for an affirmative clear from the
FBI, but smaller retailers, for economic reasons that I
understand, will frequently transfer in the absence of a no,
and so that is what happened in Charleston.
Mr. Thompson. So I guess your testimony is smaller
retailers, because of capacity or otherwise, sometimes approve
purchases of guns, like in the Charleston incident, that, under
normal circumstances, would have been--that individual would
have been prevented from purchasing that gun?
Mr. Comey. Right. The case in Charleston was that killer
should not have gotten access to that gun because there was
documented evidence that he was a drug user. At a larger
retailer, as a matter of discretion, they would not have
transferred the gun until they heard back affirmatively it is
OK from the FBI. The smaller retailers, because each individual
sale may be more important to them than a bigger company, will
likely transfer. That is the most common case.
Mr. Thompson. Thank you very much.
Secretary Johnson, you have stated that we must make it
harder for a terrorist to acquire guns in this country. A lot
of us are concerned about the assault-style, military-grade
weapons, which generally is a weapon of choice for, like,
Orlando and other situations. Have you thought how Congress
could make it harder for these international or domestic
terrorist individuals to acquire guns?
Secretary Johnson. Yes. I believe that, consistent with the
Second Amendment, as interpreted by the Supreme Court and
consistent with a responsible gun owner's right to own a gun,
we can and we should make it harder for a terrorist to obtain a
gun to commit a terrorist act. There is legislation now in
Congress, sponsored by Senator Feinstein and others, and then
there is an alternative approach, sponsored by Senator Collins
and others, that would give the Attorney General added
discretion to deny a gun purchase if somebody is on one of the
various lists. I think that that is a sound approach. I think
that we should provide the Attorney General with that added
discretion, along with some form of an adjudication process to
adjudicate the denial if the attempted gun purchaser chooses to
do so.
So I think that--I encourage Congress to wrestle with this
issue, wrestle with these proposals, because I think that it is
not just a matter of public safety that we do this, it is now a
matter of homeland security that we make it harder for a
terrorist to acquire a gun.
Mr. Thompson. Thank you.
Director Comey, your website: ``Don't Be A Puppet''. I
understand that you established this to educate school-age
children about the threat of violent extremism. Not
surprisingly, law enforcement officers have looked at it also.
Can you tell me how that website has--has it accomplished
what you wanted to? Are there some other things you would like
to do to get the community engaged in helping identify some of
these extremist groups?
Mr. Comey. Thank you, Mr. Thompson. The website ``Don't Be
A Puppet'' is designed in a way we hope will be more attractive
for kids, who are looking for something a little cooler than
the FBI normally throws out, to explore the ways in which
extremist groups, both radical Islamic groups and other
extremist groups, might try to recruit them or lure them. So it
is a series of games and interactive events on the website that
allow them to go in and explore and learn from it.
We have gotten great feedback from around the country. We
invited a lot of people to give us input before we rolled it
out. We have gotten great feedback from teachers especially
that they like it, that the kids--the kids, I think their grade
for us is about a B. They think we could be a little cooler,
but we have stretched as far as we could stretch right now in
the coolness department, and it is--we are getting great
feedback. So we will continue to watch it and see.
There are plenty of other things we are doing. The
Department of Homeland Security is doing a ton of things. There
is always more we can do.
Mr. Thompson. Thank you.
Last question. Director Rasmussen, the attack in Bangladesh
illustrates that ISIS will threaten Westerners outside of the
Middle East. Are soft targets, such as cafes in Bangladesh or a
club in Orlando, the new battlefield in which Americans should
expect ISIS to attack? If so, what can the United States do to
counter this type of terrorist activity?
Mr. Rasmussen. Thank you, Mr. Thompson. I guess I would
highlight two things that we can do to try to counter this kind
of vulnerability when Americans are traveling or living
overseas. The first is just being as open and transparent with
the American people as possible about the risks we see in
overseas locations. We work very closely with the State
Department to provide them the intelligence they need to make
sound, sensible judgments about travel warnings and travel
alerts for Americans who are going overseas or living overseas.
Beyond that, though, I would say our best hope is to work
with local partners to buildup their capacity, to increase the
capacity of local law enforcement, local military authorities
to respond to and to prevent--local intelligence authorities to
respond to or prevent these kinds of acts of terror. As you can
imagine, if you think about all the different places around the
globe where ISIL has been active, that is a mixed story. In
some cases, we have very, very capable partners overseas with
whom we can work very closely. In other cases, those partners
have a lot of challenges and suffer from a lot of capacity
deficits that we are going to have to work out over time.
Mr. Thompson. Thank you. I yield back.
Chairman McCaul. I thank the Ranking Member.
The gentlemen from New York, Mr. King, is recognized.
Mr. King. Thank you, Mr. Chairman.
Let me thank all the witnesses for their testimony and for
their service.
Secretary Johnson, when you said you were--wondering what
keeps you awake at night, I thought you were going to say it
was testifying before Congress, because that would--again,
thank you for your service.
Director Comey, I would like to discuss Orlando with you,
not for the sake of Monday morning quarterbacking but planning
toward the future. The investigation was stopped by the FBI
based on the criteria at the time that he did not seem at all
sophisticated; he didn't know the difference between Sunni and
Shia; didn't seem to have any formed ideology at all.
Based on what we know now about the profile that ISIS is
looking for--in some cases, the person who is deranged, the
person who may be influenced by Islamist ideology, and whether
or not he is Islamist himself, whether he even fully
appreciates it--I would ask going toward the future, how long
investigations can be kept open? I think basically it is a 6-
month investigation now, and then it either has to be stopped
or get extended. Can there be an indefinite period where the
local police would be brought more into it? I mean, obviously,
you don't have the personnel to be carrying out surveillance
all over the country or to be following people, but if you have
local police, detectives, undercovers, informers, sources, if
it could be handed off for a period of time to the local
police, they can say: Here is a person who doesn't meet the
threshold of terrorism. We don't have enough to keep a formal
investigation open, but can you keep an eye on him, or can you
report back to us on him?
I am thinking like, for instance, in New York City, you
probably have more cops than FBI agents in the whole country,
or take Chicago, with a large police force, and others. So
could better use be made of local law enforcement, and could
these people who are in sort of a twilight zone between
terrorism and maybe just being dysfunctional citizens, that
local police could be really kept apprised, and they ought to
in turn keep you apprised?
Mr. Comey. Yes. Thank you, Mr. King. That is a very good
question. The answer is I don't know yet, although we are
having those conversations with our State and local partners.
The way it works in the FBI is a preliminary investigation
stays open for 6 months, and then it can be extended in the
local field office for another 6 months. It can be extended
after that; it just requires higher level of approvals.
What happens with preliminary investigations is it is
designed to figure out, is there anything here? If there is, we
convert it to a full investigation. If the preliminary rebuts
the initial allegation, then we close it.
Our local partners have asked, is there some way that, in
addition to us being on the joint terrorism task forces, where
they see all the cases we open and close, is there something
else we might be able to do to flag a person? That is a knotty
question, but it is one that is a serious question, so we are
working through that right now. I don't know, but it is worth a
conversation.
Mr. King. I also think in terms of the Boston Marathon
bombing where the older Tsarnaev brother, you know, nothing in
the preliminary investigation showed anything, but if the local
police had been aware of it, they may have heard of what he was
saying in the mosque, the fact that he was thrown out of the
mosque for some of his conduct, and that could have, you know,
reopened the full investigation.
So, again, to the extent you can use local police, I think
it is really essential, because they are really certainly an
added element, and, again, they would have sources just by the
nature of being local cops that may not be available at the
Federal level.
Secretary Johnson, I know that your Department has been
aggressively exploring the use of social media. Can you give us
the status of those efforts? Do you feel you have sufficient
resources to do what you want to do as far as vetting, as far
as employees, as far as immigrants to go forward?
Secretary Johnson. We use social media for something like
30 different purposes across the Department. We have expanded
the use of social media when it comes to immigration reviews,
immigration benefits.
What I would like to do is build a centralized social media
center for excellence, which will be housed in our National
Targeting Center in CVP. We have a reprogramming request
pending right now with Congress to help fund that. In the
outyears, I would like to see Congress do a bit more to help us
out with a centralized social media capability. Right now, a
lot of that is done for USCIS, but as I am sure you know, CIS
is a fee-based organization. So there are enough purposes for
social media across our entire Department that I want to see
this capability expanded and funded. So we have the
reprogramming request now, and we could use more money in the
future years.
Mr. King. Secretary, I have been a supporter of DHS grant
programs. I can tell you, though, on the floor of the Congress,
there is concern among a good number of people about the CVE
grants, that they may go to an organization like CAIR, which
has been an unindicted co-conspirator and which I understand
the FBI is still not allowed to deal with. Is there any
assurance you can give us that those grants would not go to an
organization like CAIR?
Secretary Johnson. There will be a security review
conducted with respect to each potential grantee before we
grant out any money.
Mr. King. But----
Secretary Johnson. This is a new program. We just announced
notice of the proposal out to the public, solicitation out to
the public last week, but there will be a security review in
connection with every grant.
Mr. King. But being an unindicted co-conspirator in one of
the largest money-laundering terrorist cases in the country,
shouldn't that be sufficient grounds to deny a grant?
Secretary Johnson. Without knowing the specific case, that
seems likely, yes, sir.
Mr. King. It was the Holy Land Foundation case. My
understanding is the FBI still will not deal with CAIR because
of that.
Director Comey, is that true?
Mr. Comey. That is correct.
Mr. King. Thank you. I yield back.
Chairman McCaul. The Chair recognizes Ms. Sanchez.
Ms. Sanchez. Thank you, Mr. Chairman.
I want to thank all of the gentlemen before us today for
all the great work that you are doing.
Secretary Johnson, in March, you came before our committee,
and we were discussing the countering violent extremism
mission, and we talked about having the Department of Homeland
Security allowing some of those grants to be used to nonprofit
organizations to help us in countering the fight and going
after the fight against terror. I just want to thank you and
compliment you, because I know that you are finding new and
innovative ways to include those nonprofits that we have in our
area. As you know, I have one of the largest Muslim and Arab
communities in our Nation, so we work very closely with a lot
of our nonprofits to keep an ear to the ground and to ensure
that we are on the forefront of trying to eliminate any of this
radicalization that has such a potential, as we saw in San
Bernardino.
I want to ask a couple of questions. The first would be,
after
9/11, we tried to share more information between local, State,
and Federal agencies, especially in the intelligence gathering
and sharing. So I wanted to ask you a little bit about, is that
working? Are we going to open up more or eliminate more silos?
What more can we do to ensure now, as we see really the front
line of information, as we saw in Los Angeles, for example,
when somebody saw something, phoned it in, and our local
enforcement was able to get to some bomb-making materials and
other things that a gentleman had, how can we help to ensure
that information is shared, or is there enough going on at this
point? I would ask any of you.
Secretary Johnson. I will start. My general assessment is
that we are doing much better now than we used to through JTFs,
through joint intelligence bulletins, through fusion centers,
through our own personal relationships working together. Jim
and I, for example, had been on conference calls with literally
hundreds of State and local law enforcement personnel to share
what we are seeing here at a National level.
In terms of the public's sharing information with us, that
is a work in progress. It is almost always the case that when
somebody self-radicalizes, there was somebody else that saw the
signs. So we all from the homeland security perspective and the
law enforcement perspective need to continue to encourage the
public: If you see something, say something. But in terms of
our own information sharing in law enforcement, I think we are
on the right track, and I think we are much better than we used
to be.
Ms. Sanchez. Good. I have a question for you all with
respect to my transit authorities. In particular, in Orange
County, we run a large bus system. We are getting ready for a
streetcar. Obviously, California is working on this high-speed
rail. I have a two-prong question. The first would be, any
guidance that these agencies should follow in making these new
systems, because we are developing, especially this fixed rail?
Anything that we should worry about with respect to cyber
attack? Second, the biggest issue that my transit agency has
are all of this attack from a cyber perspective. Every day,
every day, people are trying to get into their systems, they
are trying to, you know, really raise chaos. What can they do,
or what would you suggest?
Secretary Johnson. I would suggest that they work with our
critical infrastructure protection experts within NPPD. The
National Protection Programs Directorate, we have considerable
expertise when it comes to rail security. TSA actually also has
a rail security mission. But I have seen some fairly
sophisticated analysis of how to build a secure rail station or
a secure transit center that we can share with anyone who asks
us.
Ms. Sanchez. Any of--OK. I will submit the rest of--more
detailed questions along this topic, and hopefully, we can get
some answers for the record, because they are very concerned
about these cyber types of situations going on. Thank you.
Thank you all.
Chairman McCaul. The Chair recognizes the gentleman from
Texas, Mr. Smith.
Mr. Smith. Thank you, Mr. Chairman.
Director Comey, first of all, thank you for your many years
of service to our country. It is appreciated by many
individuals.
I would like to ask you first about Syrian refugees. Before
this committee last October, you testified that you had
concerns about admitting Syrian refugees when a thorough
background check was not possible; in fact, you called it a
risk. Do you still have concerns about admitting Syrian
refugees where you cannot conduct the thorough backgrounds, and
do you consider them a risk now?
Mr. Comey. Yes. Thank you, Mr. Smith. I think what all
three of us said when we last talked about this together was we
were comparing our ability to vet Iraqi refugees favorably with
our ability to vet Syrian refugees. We have made great
progress, and since we were last together, we have made even
more progress at getting better at knowing what we know about
anybody who is looking to come into the United States.
The point I was trying to make then and I still believe is
true is that we will know, certainly on average, less about
somebody coming from Syria than somebody coming from Iraq, just
given the United States' long-standing presence in Iraq.
So there is no such thing as zero risk. The challenge we
face is not being able to see as rich a picture about somebody
coming from Syria as from Iraq.
Mr. Smith. Right.
Mr. Comey. I have stayed away from the policy question
about whether it is a good idea or bad idea to let in refugees.
That is not for the FBI. So my view of it is basically the same
as it was last October.
Mr. Smith. OK. Because you said last October, there is risk
associated with bringing anybody in from the outside,
especially from a conflict zone like Syria, my concern there
about bringing Syrian refugees into the United States is that
there are certain gaps I don't want to talk about publicly in
the data available to us.
So you stand by that statement----
Mr. Comey. Yes.
Mr. Smith [continuing]. There is a risk and you have
concerns?
Mr. Comey. Yes.
Mr. Smith. OK. Thank you. Let me go to another subject. It
doesn't have to do with terrorism, but it does have to do with
National security. You testified before the Oversight Committee
that former Secretary of State Clinton did not comply with the
Federal Records Act, at least in some respects, and you were
summarized as saying you thought she violated at least some
aspects of the Federal Records Act.
Under the Federal Records Act, I understand that anyone
found guilty of willfully and unlawfully concealing, removing,
mutilating, obliterating, destroying, or attempting to do any
such action against a Federal record can be fined and
imprisoned for up to 3 years. In addition to fines and possible
imprisonment, anyone holding Federal office who is convicted of
this crime can lose his or her position and be disqualified
from holding Federal office in the future.
If Mrs. Clinton violated the Federal Records Act, could
these penalties apply to her?
Mr. Comey. Mr. Smith, I do remember vividly my 4 hours and
40 minutes before the committee last week. I don't think I
testified about that we had found a violation of the Federal
Records Act. In fact, our investigation focused on Classified
information, whether it was mishandled or transmitted in ways--
--
Mr. Smith. Well, here is your exact statement. You were
asked if you thought Secretary Clinton complied with the
Department's policies under the Federal Records Act. Your first
sentence back was: ``I don't think so. At least in some
respects, no.'' That was interpreted as your saying that she
violated at least in part the Federal Records Act.
Mr. Comey. Yes, I must--either I screwed that up or I was
misunderstood. I thought I was answering a question about with
respect to Department of State policy on their use of systems.
I am no expert in the Federal Records Act, and that was not the
gravamen of our investigation.
Mr. Smith. Did you consider prosecuting her for violating
the Federal Records Act?
Mr. Comey. You said did I--did we consider that?
Mr. Smith. Did you consider that?
Mr. Comey. No.
Mr. Smith. OK. Thank you, Mr. Comey.
Thank you, Mr. Chairman. Yield back.
Chairman McCaul. The Chair recognizes the gentleman from
Rhode Island, Mr. Langevin.
[Microphone issues.]
Mr. Langevin. Thank you, Mr. Chairman.
I want to thank you and the Ranking Member for holding this
hearing. [Audio malfunction] testifying before.
Director Rasmussen, I was struck by your testimony that,
speaking of degrading ISIL's capabilities and denying it access
to fighters and resources, ``clearly, progress has been made in
these areas.'' Yet in your very next sentence you state, and I
quote, ``it is our judgment''--an example, ``ISIL's ability to
carry out terrorist attacks . . . abroad has not to date been
significantly diminished.''
So how do you square these two statements? Is it the result
of the residual foreign fighters that traveled there before the
flow was staunched? Is it more because of the home-grown
violent extremist problem? Or is there some other explanation?
Mr. Rasmussen. Thank you for the question. I guess the way
I would think about it is that we have always looked at ISIL as
having multiple agendas, being a multifaceted organization. As
we have talked about with this committee, they were in the
business of trying to create and run a caliphate. As was in my
testimony, I think we have made progress in diminishing some of
their capacity to do that, shrinking the territory that they
hold, denying them as rich a flow of resources as they had at
the beginning of the conflict.
But they have also got another prong to their agenda, and
that is this effort to carry out or inspire or enable attacks
at various places around the globe. That line of effort that
ISIL is engaged in, we have had less success at diminishing
their capacity in that area. As I said, we shouldn't be
surprised because there isn't necessarily a one-for-one
connection between success in our efforts in one area--denying
them territory, constraining their resources--and success in
this other area--diminishing their attack capacity.
Is is obviously true that the greater success we have in
shrinking their territory and as we shrink their resource
picture, over time we will degrade their capacity. I was simply
making the analytic observation that that may take time, and
that not only is there a one-for-one correlation in progress
across these two lines of effort, but there may be a
significant lag as well.
Organizations have proven that even when they are
relatively small, operating in a clandestine way, and not with
all the benefits of a State or a caliphate, can still carry out
or direct complex terrorist attacks around the globe. So that
is simply the distinction we are trying to make, is that there
are multiple things going on with ISIL.
Mr. Langevin. Thank you.
So to the panel, as you all know, I am very deeply
concerned about the issue of cybersecurity, something I have
spent years on, and I share this with both the Chairman, as
well as with the DNI, who in his recent threats testimony has
time [audio malfunction] the threat that we face in this
domain.
So one of the frustrating aspects of cybersecurity, of
course, for me and for many others, is the lack of reliable
metrics. So for each of you, how do you measure how much the
threat is increasing and what progress we are making in
defending ourselves?
So for each of you, I would be interested to know what
metrics you personally rely on to make these assessments. How
do you decide whether we are moving forward, treading water, or
falling behind?
Secretary Johnson. Congressman, the metrics that first come
to mind for me in the DHS mission, we are building the
capability right now in our Federal civilian .gov system to
block intrusions into the system. So I measure the number of
intrusions blocked. The last time I looked with E3A, Einstein
3A, we had blocked well in excess of 500,000 in the Federal
civilian system.
I also measure our progress in cybersecurity by the number
of private-sector entities, ISAOs, companies that we have
signed up to share our automated information-sharing
capability, and our progress in terms of getting Federal
agencies on-line with our DHS capabilities.
So those are 3 ways right there. I defer to the other
witnesses.
Mr. Langevin. Thank you.
Director Comey.
Mr. Comey. As you know, Congressman, it is an area that is
not susceptible of a great set of metrics, but we look at
essentially the demand for our services, complaints to our
Internet Crime Complaint Center, the number of cases opened--
that is, referrals to us from the private sector or other
Government agencies--as a proxy for the threat that we face.
There are other qualitative measures, but those are the two
that come to mind.
Mr. Rasmussen. I have a somewhat narrower slice of this
problem because I worry about it from the perspective of an
international terrorist organization trying to develop a cyber
capability. So there, the metrics I would look at is the amount
of intelligence reporting we see over time that speaks to a
terrorist organization's desire to gain that capability, to
threaten the United States or other countries with that
capability, and then also when they have been able to succeed
at doing that.
Thus far, I think it is generally true that this has been
something that terrorist organizations aspire to do, but thus
far, without as much success as they would have liked.
Mr. Langevin. Thank you.
I know my time has expired. I hope we can continue, though,
to focus on this metric aspect so that we understand whether we
are in fact making progress and not just rely on anecdotal
evidence. But thank you for the work you are doing.
I yield back the balance of my time.
Chairman McCaul. The gentleman from South Carolina, Mr.
Duncan, is recognized.
Mr. Duncan. Thank you, Mr. Chairman.
I would like to recommend to my colleagues that they view
Senator Tim Scott's floor speech from yesterday. It is on his
Facebook page. You can probably call his office to get a copy
of it.
I would like to provide, when it gets here, a copy of that
speech for the record, Mr. Chairman.
Chairman McCaul. Without objection, so ordered.
[The information follows:]
Excerpt Submitted For the Record by Hon. Jeff Duncan
our american family
Congressional Record S5055, July 13, 2016.
Mr. SCOTT. Mr. President, I rise today to give my second speech
this week discussing the issues we are facing as a nation following
last week's tragedies in Dallas, Minnesota, and Baton Rouge. This
speech is perhaps the most difficult because it is the most personal.
On Monday, I talked about how the vast majority of our law
enforcement officers have only two things in mind: protect and serve.
But, as I noted then, we do have serious issues that must be resolved.
In many cities and towns across the Nation, there is a deep divide
between the Black community and law enforcement. There is a trust gap,
a tension that has been growing for decades. And as a family, one
American family, we cannot ignore these issues because while so many
officers do good--and as I said on Monday, we should be very thankful
and supportive of all of those officers who do good--some simply do
not. I have experienced it myself.
So today I want to speak about some of those issues--not with
anger, although I have been angry. I tell my story not out of
frustration, although at times I have been frustrated. I stand here
before you today because I am seeking for all of us, the entire
American family, to work together so we all experience the lyrics of a
song that we can hear but not see: peace, love, and understanding.
Because I shuddered when I heard Eric Garner say, ``I can't breathe.''
I wept when I watched Walter Scott turn and run away and get shot in
the back and killed. And I broke when I heard the 4-year-old daughter
of Philando Castile's girlfriend tell her mother, ``It's OK, I'm right
here with you.'' These are people. Lost forever. Fathers, brothers,
sons.
Some will say and maybe even scream: But they have criminal
records. They were criminals. They had spent time in jail.
And while having a record should not sentence you to death, I say,
OK, then, I will share with you some of my own experiences or the
experiences of good friends and other professionals.
I can certainly remember the very first time I was pulled over by a
police officer as just a youngster. I was driving a car that had an
improper headlight. It didn't work right. And the cop came up to my
car, hand on his gun, and said: Boy, don't you know your headlights are
not working properly? I felt embarrassed, ashamed, and scared--very
scared.
But instead of sharing experience after experience, I want to go to
a time in my life as an elected official to share just a couple of
stories as an elected official. But please remember that in the course
of 1 year, I have been stopped seven times by law enforcement
officers--not four, not five, not six, but seven times in 1 year as an
elected official. Was I speeding sometimes? Sure. But the vast majority
of the time I was pulled over for nothing more than driving a new car
in the wrong neighborhood or some other reason just as trivial.
One of the times I remember I was leaving the mall. I took a left
out of the mall, and as soon as I took a left, a police officer pulled
in right behind me. That was my first time. I got to another traffic
light, and I took another left into a neighborhood. The police followed
behind me. I took a third left onto the street that at the time led to
my apartment complex and then finally I took a fourth left coming into
my apartment complex, and then the blue lights went on. The officer
approached the car and said that I did not use my turn signal on the
fourth turn. Keep in mind, as my colleagues might imagine, I was paying
very close attention to the law enforcement officer who followed me on
four turns. Do you really think that somehow I forgot to use my turn
signal on the fourth turn? Well, according to him, I did.
Another time, I was following a friend of mine. We had just left
working out and we were heading out to grab a bite to eat at about 4
o'clock in the afternoon. He pulls out, and I pull out right behind
him. We are driving down the road, and the blue lights come on. The
officer pulls me into the median, and he starts telling me that he
thinks perhaps the car is stolen. Well, I started asking myself--
because I was smart enough not to ask him but was asking myself--is the
license plate coming in as stolen? Does the license plate match the
car? I was looking for some rational reason that may have prompted him
to stop me on the side of the road.
I also think about the experiences of my brother, who became a
command sergeant major in the U.S. Army, the highest rank for an
enlisted soldier. He was driving from Texas to Charleston and was
pulled over by a law enforcement officer who wanted to know if he had
stolen the car he was driving because it was a Volvo.
I do not know many African-American men who do not have a very
similar story to tell, no matter the profession, no matter their
income, no matter their position in life.
I also recall the story of one of my former staffers--a great guy,
about 30 years old--who drove a Chrysler 300, which is a nice car,
without question, but not a Ferrari, not a super nice car. He was
pulled over so many times here in DC for absolutely no reason other
than that he was driving a nice car. He sold that car and bought a more
obscure form of transportation. He was tired of being targeted. Imagine
the frustration, the irritation, the sense of a loss of dignity that
accompanies each of those stops.
Even here on Capitol Hill, where I have had the great privilege of
serving the people of South Carolina as a U.S. Congress Member and as a
U.S. Senator for the last 6 years--for those who don't know, there are
a few ways to identify a Member of Congress or Senate. Well, typically,
when you have been here for a couple of years, the law enforcement
officers get to know your face and they identify you by face, but if
that doesn't happen, then you have an ID badge, a license you can show
them, or this really cool pin. I oftentimes said the House pin was
larger because our egos are bigger. So we have a smaller pin in the
Senate. It is easy to identify a U.S. Senator by our pin.
I recall walking into an office building just last year after being
here for 5 years in the capital, and the officer looked at me, full of
attitude, and said, ``The pin I know, and you I don't. Show me your
ID.'' I will tell you, I was thinking to myself, either he thinks I am
committing a crime, impersonating a Member of Congress, or--or what?
Well, I will tell you that later that evening I received a phone call
from his supervisor apologizing for the behavior. That is at least the
third phone call I have received from a supervisor or the Chief of
Police since I have been in the Senate.
So while I thank God I have not endured bodily harm, I have felt
the pressure applied by the scales of justice when they are slanted. I
have felt the anger, the frustration, the sadness, and the humiliation
that comes with feeling like you are being targeted for nothing more
than being just yourself.
As the former staffer I mentioned earlier told me yesterday, there
is absolutely nothing more frustrating, more damaging to your soul than
when you know you are following the rules and you are being treated
like you are not.
But make no mistake--no matter this turmoil, these issues should
not lead anyone to any conclusion other than to abide by the laws. I
think the Reverend Martin Luther King, Jr., said it so well. Returning
violence with violence only leads to more violence and to even darker
nights, nights, to paraphrase, without stars. There is never ever an
acceptable reason to harm a member of our law enforcement community--
ever. I don't want anybody to misinterpret the words I am saying.
Even in the times of great darkness, there is light. As I shared
Monday, there are hundreds--thousands of stories of officers who go
beyond the call of duty. Ms. Taylor--whom I spoke about on Monday
night--at the Dallas incident was covered completely by at least three
officers who were willing to lose their lives to save hers. We have a
real opportunity to be grateful and thankful for our men and women in
uniform.
I shared another story on Monday night as well, and while the one I
want to tell you today does not involve a tragic loss of life, it does
show support that meant a lot to me at the time it occurred. Prior to
serving in the U.S. Senate, I was an elected official on the county
level, State level, and a Member of the U.S. Congress. I believe it is
my responsibility to hang out and be with my constituents as often as
possible and to hear their concerns. At some point during my time as a
public servant, I traveled to an event I was invited to along with two
staffers and two law enforcement officers--all four were White, and me.
When we arrived at the event, the organizer seemed to have a particular
issue with me coming to the event. They allowed my two staffers to go
into the event and seemed fine with allowing the two officers to go
into the event, who both said they weren't going in unless I was going
in. So in order to avoid a tense situation, I opted to leave because
there is no winning that kind of debate ever. But I was so proud and
thankful for those two law enforcement officers who were enraged by
this treatment. It was such a moment that I will never forget and a
situation that I would love to forget.
This situation happens all across the country. This situation
happens all across the country whether or not we want to recognize it.
It may not happen a thousand times a day, but it happens too many times
a day, and to see it as I have had the chance to see it helps me
understand why this issue has wounds that have not healed in a
generation. It helps me to appreciate and to understand and helps me
communicate why it is time for this American family to have a serious
conversation about where we are, where we are going, and how to get
there. We must find a way to fill these cracks in the very foundation
of our country.
Tomorrow I will return with my final speech in this three-part
series on solutions and how to get to where we need to go by talking
about the policies that get us there and the people solutions because
I, like you, Mr. President, don't believe that all answers are in
government. I don't believe all the solutions we need start in
government, but we need people doing things that only individuals can
do.
Today, however, I simply ask you this: Recognize that just because
you do not feel the pain, the anguish of another, does not mean it does
not exist. To ignore their struggles--our struggles--does not make them
disappear; it simply leaves you blind and the American family very
vulnerable. Some search so hard to explain away justice that they are
slowly wiping away who we are as a nation. We must come together to
fulfill what we all know is possible here in America--peace, love and
understanding. Fairness.
Thank you, Mr. President.
Mr. Duncan. Senator Scott talks about his experiences as an
African American male and some of the things we are dealing
with in this country. As a white man, I can't relate to that,
so I need those experiences from Senator Scott and others. So I
would encourage everyone to watch it, because I think it is
important in the dialog that we are having.
The Ranking Member mentioned no fly, no buy, and asked the
Secretary about that. The problem with that, it seems common
sense, but the problem with that is no one can substantially
tell us how someone gets on the no-fly list or, when it is
adjudicated, how they get off the no-fly list with any complete
understanding from Members of Congress, and we have asked.
Because especially on someone's suspicion that somebody
might be involved in or future involved in an act of terror or
crime, when we are talking about the Second Amendment, we need
to realize that no fly, no buy also violates the Fifth and
Sixth Amendment guarantees of due process. So how do you get on
it? Do you have a chance to view the charge and interview the
witnesses, hear testimony, defend yourself?
So we need to be cautious when we start delving into
limiting our Second Amendment rights by also limiting our Fifth
and Sixth Amendment rights.
Secretary Johnson mentioned in his opening statement,
written and verbal, San Bernardino and Orlando. We also need to
remember that ISIS and al-Qaeda, Islamic, radical Islamic
jihad-inspired terrorism acts incurred at Fort Hood,
Chattanooga, Little Rock, the beheading in Oklahoma, Boston
Marathon, and there are others. Those are what I came across
just off the top of my head. These were ISIL-inspired acts of
terrorism here in the United States.
I don't believe that we can throw Charleston into the same
mix. I believe that was a law enforcement issue. I don't
believe that guy was inspired by any outside groups like ISIL
in the realm of radical Islamic terrorism.
So the question I have for Secretary Johnson, and I get
this in my district all the time, we use and the title of the
hearing uses ``ISIS,'' the Islamic State in Iraq and Syria,
right? The administration uses ``ISIL,'' and I fully understand
the Islamic State in Iraq and the Levant. Why? Why is that
terminology used by the administration?
Secretary Johnson. I have used ISIL, I have used ISIS, I
have used Islamic State, Secretary Kerry uses Daesh, the press
uses different phrases. We generally refer it to as ISIL, but
not exclusively. There is no hard and fast rule.
Mr. Duncan. OK.
Secretary Johnson. The Secretary of State uses a different
word.
Mr. Duncan. The reason I ask that question is because since
2001 and since the 9/11 Commission Report came out, we have
seen, especially under this administration, the disappearing
language of terror, where words related to Islamic jihad have
been stripped from the lexicons of DOD, of law enforcement
here, and the Homeland Security Committee, we have had hearings
where we have talked about the disappearing language of terror.
I believe, and many others in the intelligence community
that I have talked to, many others in the defense industry say
if you can't identify an enemy, it is very difficult to defeat
the enemy. I want to make sure that we are talking about things
in the right terms. If I am using the wrong term, I want to
know. But I will say that what we see in this country with
these acts in San Bernardino and Fort Hood is radical Islamic
jihad, radical Islamic terrorism. So I want to make sure we
talk about that.
Your Department was set up in 2003, 22 agencies combined,
but when I go through the list of folks that are dealing with
counterterrorism in this country, we have got the Department of
State. We had a hearing yesterday in the Foreign Affairs
Committee where the Department of State has the former Center
for Strategic Counterterrorism Communications, now known as
Global Engagement Center. They have got a couple other offices
at the Department of State dealing with counterterrorism.
So we have got DOD fighting ISIS, and also with SOUTHCOM
and AFRICOM, all dealing with elements of ISIS and al-Qaeda and
other terrorism. NCTC, we have got the Director here. We have
got JTTFs all over the country. We have got the National
Targeting Center looking to make sure that our container
shipping is safe.
Now we have got this at Department of State. We have got a
lot of elements within the Department of Homeland Security
looking at, whether it is ISIS in general, whether it is border
security, whether it is the virtual sphere of Dabiq and Inspire
and Twitter and Facebook and all that, we have got the dark
web. So we have got all those multiple agencies trying to do
the same mission.
Are we not too big? The 9/11 Commission Report pointed out
the walls of separation between agencies and that information
wasn't shared. That is the reason your agency was set up.
Help me assure the American people, Mr. Secretary, that
because of all this, Department of State, your agency, and
every element that I mentioned, that we are not creating
another cumbersome large bureaucracy where we are not sharing
information and that things might fall through the cracks. Help
me assure the American people of that.
Secretary Johnson. Congressman, my top priority, since I
have been Secretary, is management reform, removing the
stovepipes just within the Department of Homeland Security.
Through our Unity of Effort initiative, I think we have come a
long way in doing that.
Two thousand two was the largest realignment of our
Government to create my Department since the creation of the
Department of Defense. It is a work in progress, but I think
that through a number of the reforms we have put in place since
I have been Secretary, we have moved a long way in the right
direction.
Speaking, I think, for all of us, I think we all do a much
better job of connecting the dots, sharing information where we
should. Every incident, every attack is a lesson learned from
which we should draw lessons. But I think we are moving in the
right direction. I think we have come a long way, sir.
Mr. Duncan. Thank you for that. This committee was set up
to oversee you and your agency so that those walls will come
down and we don't miss signals.
Mr. Chairman, thanks for the leniency, and I yield back.
Chairman McCaul. The Chair recognizes the gentlelady from
Texas, Ms. Jackson Lee.
Ms. Jackson Lee. Mr. Chairman and the Ranking Member, thank
you so very much for this hearing and the combination of
outstanding Americans who serve this Nation.
Let me thank all of you for your service.
I will not predict, Secretary Johnson, that this is your
last moment to testify in this committee, but I will say to
you, thank you for your service. You may be going on and on and
on, we do not know, but we thank you for your service.
We live in difficult times, and I believe that we should be
a partner with you. Even as we have the stovepipes of the three
branches of Government, I take the responsibilities of the
Homeland Security Department, the Department of Justice, FBI,
Mr. Rasmussen, your work, very seriously.
Because we have used the name Homeland Security so often, I
have my own nightmares that as things proceed, the Nation will
look to the Homeland Security, to the elements of Justice, and
ask the question why. I would like to be able to at least
answer that we did everything that we could probably do.
Let me start with you, Mr. Director, and let me ask the
Chairman to ask unanimous consent to put into the record
``Strengthening the Federal Cybersecurity Workforce.''
Chairman McCaul. Without objection, so ordered.
[The information follows:]
Strengthening the Federal Cybersecurity Workforce
July 12, 2016, Shaun Donovan, Beth Cobert, Michael Daniel, Tony Scott
Summary: As directed by the Cybersecurity National Action Plan and 2017
Budget, today we are releasing the first-ever Federal Cybersecurity
Workforce Strategy.
Today the Administration is directing a series of actions to
identify, recruit, develop, retain, and expand the pipeline of the
best, brightest, and most diverse cybersecurity talent for Federal
service and for our Nation.
Every day, Federal departments and agencies face sophisticated and
persistent cyber threats that pose strategic, economic, and security
challenges to our Nation. Addressing these cyber threats has required a
bold reassessment of the way we approach security in the digital age
and a significant investment in critical security tools and our
cybersecurity workforce. And these threats demand that we continue to
enhance the security of the Federal digital infrastructure and improve
the ability to detect and respond to cyber incidents as they occur.
That is why, in 2009, President Obama initiated a comprehensive
strategy to confront this ever-evolving challenge. The strategy brings
all levels of government together with private industry, academia,
international partners, and the public, to raise the level of
cybersecurity in both the public and private sectors; deter and disrupt
adversary activities in cyber space; improve capabilities for incident
response and resilience; and enact legislation to both incentivize and
remove legal barriers to cybersecurity threat information-sharing among
private entities and between the private sector and the Government.
While we have made significant progress, we must do more.
the challenge
The Federal cybersecurity workforce has the exciting and
challenging mission of protecting government information technology
(IT) systems, networks, and data from sophisticated adversaries;
safeguarding sensitive data; supporting our Nation's financial, energy,
health care, transportation, and other critical systems; and securing
our critical infrastructure and intelligence systems. However, the
supply of cybersecurity talent to meet the increasing demand of the
Federal Government is simply not sufficient. As part of a broad-
sweeping review of Federal cybersecurity policies, plans, and
procedures, the Cybersecurity Sprint launched by the Office of
Management and Budget last year revealed two key observations about the
Federal cybersecurity workforce:
Federal agencies' lack of cybersecurity and IT talent is a major
resource constraint that impacts their ability to protect
information and assets; and,
A number of existing Federal initiatives address this challenge,
but implementation and awareness of these programs are
inconsistent.
Moreover, this shortfall affects not only the Federal Government,
but the private sector as well. Recent industry reports project this
shortfall will expand rapidly over the coming years unless private-
sector companies and the Federal Government act to expand the
cybersecurity workforce pipeline to meet the increasing demand.
the opportunity
To address these and other cybersecurity challenges, earlier this
year the President directed his Administration to implement the
Cybersecurity National Action Plan (CNAP)--a capstone of more than 7
years of determined effort--which takes near-term actions and puts in
place a long-term strategy that builds on other cybersecurity efforts
while calling for innovation and investments in cybersecurity education
and training to strengthen the cybersecurity talent pipeline. As
directed by the CNAP and the President's 2017 budget, today we are
releasing the first-ever Federal Cybersecurity Workforce Strategy to
grow the pipeline of highly-skilled cybersecurity talent entering
Federal service, and retain and better invest in the talent already in
public service. And it sets forth a vision where private-sector
cybersecurity leaders would see a tour of duty in Federal service as an
essential stop in their career arc.
The Strategy establishes four key initiatives:
Expand the Cybersecurity Workforce through Education and
Training.--The Cybersecurity Workforce Strategy supports the
CNAP initiatives that propose investing $62 million in Fiscal
Year (FY) 2017 funding to expand cybersecurity education across
the Nation. This funding will lay the foundation needed to
ultimately address the shortage of cybersecurity talent across
the country. These initiatives include offering competitive
scholarships and covering full tuition for college and
university students through the CyberCorps�: Scholarship for
Service program; collaborating with academic institutions to
develop guidance for cybersecurity core curriculum and allow
colleges and universities to expand their course offerings; and
providing program development grants to academic institutions
to hire or retain professors, adopt a cybersecurity core
curriculum and strengthen their overall cybersecurity education
programs.
Recruit the Nation's Best Cyber Talent for Federal
Service.--The Workforce Strategy initiates efforts to implement
a Government-wide recruitment strategy that includes enhanced
outreach efforts to diverse cyber talent--including women,
minorities, and veterans--from apprenticeship programs,
colleges, universities, and private industry, as part of a
comprehensive plan. Over the coming months we will partner with
agencies to find ways to streamline hiring practices consistent
with current statutes and leverage existing hiring authorities,
as appropriate, to quickly bring on new talent. We will explore
opportunities to establish a cybersecurity cadre within the
Presidential Management Fellows program that leverages the
recent success of the Presidential Innovation Fellows program
and other dynamic approaches for bringing top technologists and
innovators into Government service. Additionally, we will
explore opportunities to expand the use of new or revised pay
authorities that can serve as a model for future Government-
wide efforts.
Retain and Develop Highly-Skilled Talent.--To improve
employee retention and development efforts, the U.S. Office of
Personnel Management (OPM) will work with Federal agencies to
develop cybersecurity career paths, badging and credentialing
programs, rotational assignments, and foster opportunities for
employees to obtain new skills and become subject-matter
experts in their field. Additionally, the Workforce Strategy
directs the development of a Government-wide cybersecurity
orientation program for new cybersecurity professionals to
improve information sharing and employees' knowledge of
upcoming developmental and training opportunities. The
Workforce Strategy also looks to increase the use of special
pay authorities, and improve training and development
opportunities for cyber and non-cyber employees.
Identify Cybersecurity Workforce Needs.--Cybersecurity is a
dynamic and crosscutting field, and effective workforce
planning requires a clear understanding of the gaps between the
workforce of today and the needs of tomorrow. The Workforce
Strategy directs agencies to adopt a new approach to
identifying their cybersecurity workforce gaps by using the
National Cybersecurity Workforce Framework developed by
National Initiative for Cybersecurity Education (NICE) partner
agencies, which identifies 31 discrete specialty areas within
cybersecurity workforce. Agencies are now able to better
identify, recruit, assess, and hire the best candidates with
specific cyber-related skills and abilities, and we are already
making progress in this effort. The Federal Government has
already hired 3,000 new cybersecurity and IT professionals in
the first 6 months of this fiscal year. However, there is
clearly more work to do, and we are committed to a plan by
which agencies would hire 3,500 more individuals to fill
critical cybersecurity and IT positions by January 2017.
Cybersecurity is a shared responsibility among agency leadership,
employees, contractors, private industry, and the American people. And
the Workforce Strategy details numerous initiatives to harness this
collective power and help strengthen the security of Federal networks,
systems, and assets. To address cybersecurity challenges in the
immediate future, the administration will invest in the existing
Federal workforce through initiatives focused on training and retaining
existing talent. At the same time, the Government will adjust the way
it recruits, including the way it approaches talented students and
potential employees in the cybersecurity workforce outside Federal
service.
We must recognize that these changes will take time to implement,
and the Workforce Strategy's long-term success will depend on the
attention, innovation, and resources from all levels of government. The
initiatives discussed in this Strategy represent a meaningful first
step toward engaging Federal and non-Federal stakeholders and provide
the resources necessary to establish, strengthen, and grow a pipeline
of cybersecurity talent well into the future.
Shaun Donovan is the Director of the Office of Management and Budget.
Beth Cobert is the Acting Director of the U.S. Office of Personnel
Management.
Michael Daniel is Special Assistant to the President and Cybersecurity
Coordinator.
Tony Scott is the U.S. Chief Information Officer.
Ms. Jackson Lee. Thank you.
In a speech on the 26th, Mr. Comey, before the Conference
on Cyber Engagement, you indicated in terms of threats in the
cyber world, there were 5 groups. That includes China, Russia,
Iran, nations, North Korea, and then multinational cyber
syndicates that deal with selling cyber information to the
highest bidder. You then mentioned individuals who were
purveyors of ransomware, then hacktivists, which we all contend
with, and terrorists.
Would you care to offer pointedly which of those gives you
the greatest pain and what would you call on Congress to do
about it in being a partner in this effort?
Mr. Comey. I think the biggest concern are the top of that
stack of badness, which are the nation-States and the near
nation-State actors who are engaged in sophisticated computer
intrusion aimed at our National security. That is a very, very
important part of the FBI's life. Maybe tied, because of the
impact on ordinary citizens, are the criminals that are using
the internet to lock up people's systems, to extort money from
them, to threaten their children. That is computer-enabled
crime.
So the biggest intrusion problem is the nation-States. The
biggest computer-enabled crime problem are the variety of thugs
and fraudsters and criminals who are coming at us that way.
I think Congress has been very supportive of the Department
of Homeland Security and the FBI, prodding us to work better
together, to share information better with the private sector,
which is the answer, and giving us the tools and the rules of
the road to assure the private sector that you not only need to
share stuff with us, we will all be safer if you do.
Ms. Jackson Lee. Well, let me thank you for that. I am
going to get around to that again, but I want to answer Mr.
Duncan's question.
First of all, I did see Tim Scott's very eloquent speech
and thank him for his life experience. But I introduced the No
Fly for Foreign Terrorists, and it answers Mr. Duncan's
questions in terms of looking on the TSDB and making sure that
past weaknesses have been addressed, asking the GAO to do that,
and the extent to which existing vulnerabilities may be
resolved or mitigated, making sure that you have a clean data
list to be able to utilize. I hope that bill, it has passed at
the House, will get to the Senate, and we will have at least a
guideline to deal with.
But I want to pursue the idea of cybersecurity from the
perspective of another bill I have, H.R. 85, that says that we
need a stronger relationship between the Government cyber
system and the private sector cyber system, and also to have a
back-up when either of us are deemed either vulnerable or
incapacitated.
Mr. Comey, what do you see in those alignments in making
sure that we are secure from the private sector and the Federal
sector based upon the breaches that we have had, FBI has been
impacted, Department of Homeland Security has been impacted,
the Office of Personnel has been impacted?
Mr. Comey.
Mr. Comey. I think we are making great progress. It is not
good enough. It is nowhere near good enough yet. I think we are
getting reports of somewhere in the area of 20 percent of the
incidents actually happening. We have got to do better than
that.
I think businesses are starting to figure out that it is an
imperative, a business imperative to work better with the
Government, and I think the Sony hack sent that message in a
great way to boards and to CEOs. So I would give it an interim
grade of OK.
Ms. Jackson Lee. May I ask these questions to Mr. Johnson
and Mr. Rasmussen?
Secretary Johnson, I have seen your work on countering
violent terrorism. I have been engaged with the Muslim
community very extensively and have them tell me how frightened
they are now, and I have tried to say how much we are with you
but how important it is to be part of this team. I would like
you to share your thoughts about how that works.
Mr. Rasmussen, let me throw you sort-of a curve ball of
sorts and ask you about something called--because you deal
collectively with police and you work on terrorism issues. I
want to associate myself with Mr. Thompson. I think the
individual--and my sympathy to my fellow Texans, the loss of
those officers. I was at the memorial. But I do think that was
a terrorist act. It was an individual intending to terrorize,
it might have been hate, racial hate, using a weapon of war.
There are a number of things happening. I bring to your
attention swatting, which may wind up causing an enormous
tragedy, that is being a manipulation of emails and breaching,
and I just hold up, this is what is happening to people around
the Nation. I think I am a victim of such from a person in
Bangladesh that is happening to me personally in my home in
Houston. I didn't understand what it was, but it is a dangerous
phenomenon.
So I am wondering whether or not that is to the attention
of the National terrorism research and what you think we can do
about it.
Mr. Johnson.
Secretary Johnson. Well, very quickly, ma'am, we need to
continue to go to these communities. I have been to Houston. I
have been to a lot of other communities. As we approach these
communities, we have to remember that they are not a monolith.
Islam is as diverse as Christianity. A Somali American
community in Minneapolis looks very different from a Syrian
American community in Houston. We encounter a fair amount of
suspicion, as you have noted, when the Federal Government goes
to these communities, but I think we have to keep at it and
keep building bridges.
Ms. Jackson Lee. Mr. Rasmussen.
Mr. Rasmussen. Thank you for bringing this to my attention
as well. We clearly are seeing an increase in the degree to
which foreign terrorist organizations are using on-line
technology in order to try to intimidate people, in order to
try to put out target lists, to try to inspire individuals to
go after law enforcement, intelligence officials, military
personnel, et cetera.
But at the same time there is also a great deal of focus in
the criminal world on this capability, as well, and people
trying to use the same capability to intimidate or to pursue
some criminal end, as well.
So what we try to do is discern as best we can the
motivation between the act. If it ends up being something tied
to a terrorist, a terrorist group, or a terrorist motivation,
we approach it in a certain way, and it becomes much more of a
law enforcement matter if it can be pursued as a criminal act.
But it is something we are seeing much more frequently and
something we are devoting a lot of work to trying and
understand.
Ms. Jackson Lee. Thank you.
Mr. Chairman, may I just put another item in the record,
``Cybersecurity and Crypto on the Internet.''
Chairman McCaul. Without ojection, so ordered.*
---------------------------------------------------------------------------
* H.R. 85 is available at https://www.congress.gov/114/bills/hr85/
BILLS-114hr85ih.pdf and has been retained in committee files.
---------------------------------------------------------------------------
Ms. Jackson Lee. Thank you.
Chairman McCaul. We have votes at 12:20. We have several
Members left that would like to ask questions. I am going to
try to limit everybody to 5 minutes from this point forward, if
the gentlelady has completed her questions.
Ms. Jackson Lee. I didn't have anything else.
Chairman McCaul. In deference to other Members.
Ms. Jackson Lee. Thank you, Mr. Chairman.
Chairman McCaul. I appreciate that. Without objection, that
is entered into the record.
The Chair now recognizes Mr. Walker.
Mr. Walker. Thank you, Mr. Chairman.
In November, December 2015, a report surfaced of ISIS and
affiliated groups making and using fake travel documents to
gain access to Western Europe and beyond.
Is ISIS still producing and making use of these forged
travel documents, Secretary Johnson?
Secretary Johnson. It is a general concern. I am not sure
how much more we can get into that in a public setting. Perhaps
Nick could have more to say in a public setting. I am not sure
how much more, though.
Mr. Rasmussen. I think I would probably leave it there too.
It is something we certainly have seen ISIL and other terrorist
organizations looking to develop and use that capability. We
are doing our best to understand that, the way they are using
it, so that we can either advise our European partners, who
face this in a much more frontline way than we do, but also to
inform our own ability to detect false documentation at the
border.
Secretary Johnson. Congressman, I should add that within
DHS we have a very sophisticated fraudulent detection
capability when it comes to identification documents, travel
documents. It is getting better all the time.
Mr. Walker. Director Comey, around this same time late last
year, Politico and AP reported that ISIS was taking advantage
of the refugee crisis by providing forged travel documents to
desperate individuals fleeing war and profiting from the
practice.
In addition to the profit motive, has the FBI seen evidence
that ISIS is providing these documents to their own fighters
for attacks abroad?
Mr. Comey. Well, we certainly saw it in the case of the
attacks in Paris and Brussels. I agree with what my colleague
said, we know it is a part of ISIL's tradecraft. By the way, I
think the name ISIL actually better captures the danger and the
aspiration of this group of savages than ISIS does, because it
is bigger than just Syria. But I would just echo what my
colleagues said.
Mr. Walker. As part of the United States' response to this
threat late last year, we demanded action from 5 different
European States and threatened to remove them from the Visa
Waiver Program if no action was taken. What has the response
been of those States, and what further steps have we taken to
ensure our allies in Europe are vetting travel documents
properly?
Secretary Johnson. Congressman, I would have to know the 5
specifically. We have, late last year, insisted on the use of
e-Passports. We have insisted on the use of Federal air
marshals on flights to the United States. We have insisted on
better use of API/PNR data, that is travel data. We have, in
general, sought what we refer to as HSPD-6s from these
countries, Homeland Security Presidential Directive 6s, that
guarantee security both within these countries in terms of the
travel and travel to the United States, using the Visa Waiver
Program as the entree into asking for those things.
Mr. Walker. OK. What actions, Director Comey, has the FBI
taken to independently identify and prevent travelers from
using their forged documents?
Mr. Comey. Well, obviously, working very, very closely with
our colleagues at DHS, especially CBP, and, most importantly,
our colleagues outside the United States to put in place
tripwires so they share with us any intel they get that they
may be looking to use a particular channel or particular type
of document. So the most important thing we can do is remain
knitted closely together.
Mr. Walker. Secretary Johnson, do you have anything to add
to that?
Secretary Johnson. Yes. As I mentioned earlier, we have a
fraudulent detection capability when it comes to travel
documents. We are very concerned about fraudulent passports,
fraudulent travel documents. As you noted, we have seen that in
Europe.
I should note that to travel to this country visa-free, you
have to be a citizen of that country, in Europe, for example.
But this is something we have been focused on it and it is
something we are concerned about, sir.
Mr. Walker. In wrapping up, let me pass along my
compliments to Director Comey for the good testimony in another
hearing the other day.
I was impressed that for 4 hours and 40 minutes that you
sat there without really any breaks.
Secretary Johnson, I haven't seen the latest report. I
don't know how many States are left to file on the ballot, I
don't know where you are headed, but whatever it is, I wish you
the best. So thank you.
Chairman McCaul. The gentlelady from California, Mrs.
Torres, is recognized.
Mrs. Torres. Thank you, Mr. Chairman.
Thank you to the three of you for being here and for the
on-going outreach that you are doing in my community. Certainly
the Middle Eastern community that resides within the 35th
Congressional District truly appreciates the fact that you have
made an effort to come out and help them through some very
difficult times after the San Bernardino incident.
I want to talk a little bit about the CVE grant. I want to
get a better idea as to who qualifies and specifics of that
grant. How is it going to be awarded? Are you looking at
communities with populations of at-risk youth, young
communities, big cities, small cities, types of population?
What are the criteria that you are using for these grants?
Secretary Johnson. Congresswoman, there is a 32-page notice
of funding opportunity that went out last week for the $10
million that Congress made available to us this year. We are
hoping that Congress continues to fund our CVE efforts.
The opportunities center around basically developing
resilience, challenging the narrative--that is, ISIL's
narrative--training and engagement, managing intervention
activities, and building capacity. Those are the broad
parameters. They are more specifically set forth in this 32-
page document, which I am happy to provide to you.
Mrs. Torres. Would home-grown violent extremist people,
would those targets fall under that grant, communities that
could have a potential of these types of----
Secretary Johnson. In general, yes, through intervention
activities, through countermessaging. Countermessaging is not
necessarily a Government mission.
Mrs. Torres. Right.
Secretary Johnson. Because it wouldn't be credible if it
were, me or the FBI. Through basic resources to encourage
people to move in a different direction. Broadly speaking, that
is the intent of this, but it is more specifically spelled out
in this circular.
Mrs. Torres. Other than law enforcement agencies, who else
is your Department coordinating with? For example, Department
of Education. Are there other resources where you are acquiring
data to ensure that we are maximizing this grant with other
potential grants that could be available to be utilized in
these communities?
Secretary Johnson. Well, obviously, the grantees, those who
apply for this funding are in a position to help. We will vet
them carefully. We will make our grant awards carefully. So it
is not just a law enforcement, homeland security mission. There
are private local organizations that are in a position to help
and I think that want to help.
Mrs. Torres. On the issue of lone-wolf attacks that we have
seen most recently, including law enforcement, there has been
an increase in the number of threats against law enforcement
personnel. In lieu of the two conventions coming up, how are
you ensuring that the law enforcement community is prepared to
deal with not just threats against the potential attendees, but
threats against their own personnel that would be easy targets,
easily identified?
Secretary Johnson. We intend to have within Homeland
Security some 3,000 of our personnel dedicated to the security
of each convention. I am quite sure that the security of our
own personnel is a priority for our component heads. I am quite
sure that among State and local law enforcement, they too are
concerned about threats directed against law enforcement. But I
think the average law enforcement officer would be the first
one to say that their primary obligation is the protection of
the people they serve.
Mrs. Torres. But they have to deal also with open carry in
one of those cities, and that includes long guns and automatic
weapons, correct?
Secretary Johnson. Correct, yes. That is correct. Ohio, as
I understand it, is an open-carry State.
Mrs. Torres. Right.
Secretary Johnson. So that obviously is something that
someone under State law and I suspect the Second Amendment has
a right to do. But it does present a challenging situation,
very plainly.
Mrs. Torres. Thank you. I yield back.
Chairman McCaul. The Chair recognizes Mr. Carter.
Mr. Carter. Thank you, Mr. Chairman.
Thank all three of you for being here. We appreciate your
attendance today.
First of all, Director Comey, good to see you again. I saw
you last week. Glad to have you back.
I want to talk briefly about the Orlando situation and
about the terrorist attack, obviously, that happened there, and
I want to talk to you about it in relation to Secretary
Johnson.
My concern is communication. I am real big on
communication. My question is this: What communication did the
two of you have during that time? During the time that it was
happening and immediately after it happened, was there any
communication? What kind of communication takes place between
all three agencies?
Mr. Comey. Well, that last part of your question is the
most important. It is vital that the people doing the actual
work in our organizations talk to each other constantly, and
they do because they are sitting together. The Joint Terrorism
Task Force in Orlando, in all of our other cities is composed
of some folks from Jeh's organization and mine. I don't
remember exactly. I think the two of us actually hosted a
Nation-wide call for all law enforcement in the wake of that.
Mr. Carter. But certainly you communicated before that
call?
Mr. Comey. You know, I can't remember. I talk to Jeh quite
frequently. It is possible I did. But I know for sure that we
hosted--I think you were there, or you might have been on a
SVTC someplace--we hosted a conference call for all law
enforcement.
But the most important thing, he and I know each other very
well, talk to each other all the time. That is great. But it is
very, very much more important that our people work together
seamlessly. That is the progress we have made in the last 15
years.
Mr. Carter. You feel like that has worked well? You feel
like there has been progress?
Secretary Johnson.
Mr. Comey. I do.
Secretary Johnson. I do, sir. I do. Jim and I are together
a lot, either in the Situation Room, at FBI headquarters, and
the like. There have been instances where I will pick up a
piece of intelligence that I am concerned about, and I will
just literally pick up my Classified phone and call him to say:
Hey, I want to be sure that you saw what I just saw.
So the level of communication at the senior-most levels, I
have my under secretary for intelligence and analysis right
here behind me, Frank Taylor, who works with the FBI all the
time, literally, on these types of threats.
Mr. Carter. OK. Let's talk about Omar Mateen specifically.
It is my understanding that there are over 1,000 open
investigations into home-grown extremists right now. When did
you first learn about Omar Mateen? When was the first time you
learned about that?
Mr. Comey. The Orlando killer first came to our attention
in the spring of 2013 when coworkers at the St. Lucie
courthouse reported to the FBI that he was making concerning
statements, and that is when we opened the preliminary
investigation.
Mr. Carter. Secretary Johnson, when?
Secretary Johnson. I am quite sure that while the FBI
investigation was open, our personnel at the JTF were aware of
the open investigation and aware of the identity of the
individual. I noted also that while the investigation was open,
he was on a TSA selectee list as well. So our departments were
clearly coordinating and sharing that information.
Mr. Carter. OK.
First of all, all three of you appear to be fine gentlemen
who truly want to protect our country, and we appreciate that.
Director Comey, let me ask you, you defended the
investigations into the Orlando killer--and thank you for
correcting me on that--and I believe you said that there was no
indication that agents missed clues that could have prevented
this massacre. Is that correct?
Mr. Comey. That is correct. I said that immediately after,
after going through the case file. I couldn't see, actually
still don't see, anything that they didn't do they should have
done.
But I have commissioned a lookback, a detailed scrub on it,
which we do in all significant matters, by experienced people
to come and say: Well, actually we should do this differently
or that differently. I haven't gotten that report yet, and as I
said at the time, I will be transparent when I get that report.
But so far, I don't see anything.
Mr. Carter. Was there any information, Mr. Secretary, that
you think that Homeland could have helped with there?
Secretary Johnson. Based on what I know, Congressman, I am
not in a position to second-guess those involved in the
investigation. I am quite sure that Jim's lookback will be
thorough, and he will be open and honest and transparent about
any lessons learned that I may be able to benefit from within
our Department too.
Mr. Carter. I appreciate you saying that, and we are going
to hold you at that. We need to learn from this.
Look, it is tough, and I know you have got a tough job, and
it us going to take communication, cooperation. We are all in
this together. I know that you gentlemen care about our country
and you want to protect us. We have got to communicate. We have
got to share information.
You know, I am just one of those who believes, if somebody
gets upset, they get upset, they will get over it. But we need
to communicate.
Thank you for your service.
Mr. Chairman, I yield.
Mr. Ratcliffe [presiding]. The gentleman yields back.
The Chair recognizes the gentleman from Massachusetts, Mr.
Keating, for 5 minutes.
Mr. Keating. Thank you, Mr. Chairman. I have quite specific
questions I will submit in writing.
But this has been a pretty tough few weeks for our country;
tougher for the families that lost loved ones. When I was a DA
before this job, I was in charge of enforcing civil rights laws
in my jurisdiction, and I tried preventative initiatives, some
of them successful, I believe, and I enforced the law. I
enforced it against civilians and I enforced it against law
enforcement when there were violations.
I also come from a police family. My dad, my brother, my
niece either were or are police officers, and I understand that
apprehension that families have as well.
You know, we have spent today talking about terrorist
threats, and we talked about cyber, our response capabilities,
our intelligence gathering. But I think our fundamental
strength as a country is who we are as a country, that we have
central tenets on respecting diversity and respecting the rule
of law. The polls that we are seeing now are showing that our
country is more divided than it has been in decades, and this
is a concern, I think, that all of us share.
But if you could, it is the only thing I am going to ask
you to reflect upon, but how important is it, for many reasons,
but also for today's subject matter, to combat threats from
inside and from outside? How important is it that we come
together as a country?
I want to commend you for the statements that you have made
during these trying times. I think you set great examples. But
how important is it when we talk about these threats that we
are together as a country? Can you take a few minutes, I will
give the rest of my time, to just reflect on some of things we
could do?
Secretary Johnson. Let me begin by saying that there are
some awful loud voices on both ends of this debate, and I
believe that the great majority of the American people, first
of all, respect the role of law enforcement, recognize that the
police officer is there to protect and to serve the community.
I also believe that most people recognize that the shooter
in Dallas is not representative of the broader movement to see
change in certain law enforcement practices.
I think that the key in the environment we are in is
effective community policing. I see it work in my own community
in Washington, DC, extraordinarily well.
So my hope is that in this period we redouble our efforts
for law enforcement to engage the community--and I consider
myself part of law enforcement--to engage the community, and
let's all see the temperature go down a bit.
Mr. Comey. We need each other. Whether it is to effectively
stop terrorists or stop thugs or make neighborhoods safe, we
need each other.
I have longed believed it is hard to hate up close. The
answer is we have to get close to each other. We have to let
people see the true heart of law enforcement, what we are
really like. We are flawed because we are human, but we care
deeply about the same things that the people we serve and
protect do.
We have to make sure in law enforcement we see the heart of
the people that we are serving and protecting and how they
might see the world differently than we do.
It is hard to hate up close. It is easy to characterize
groups. President Bush said something at the memorial service
where I sat behind the Congresswoman, said: We tend to judge
others by their worst moments and ourselves by our best
intentions.
We have to stop that and we have to try to see the true
heart of people across the divide, because there shouldn't be a
divide, because our values are the same.
Mr. Rasmussen. I will just add one thing from a terrorism
perspective. The people who work in all of our organizations
who focus on counterterrorism spend every waking hour trying to
prevent terrorist attacks from happening both at home and
overseas. We have zero tolerance among ourselves for failure in
that regard. Nobody thinks anything is acceptable in that
regard.
But failing that, if we fail, if somehow terrorist attacks
happen, what we strive to create and foster is a sense of
resilience so that the terrorist objective is not met even if
the attack happens, even if we do suffer from terrorism.
It is a lot easier to be resilient if we are united. It is
much easier to fly off in the aftermath of a terrorist attack
if we are not united and to undermine that sense of resilience.
Some societies, some countries seem to be more able to achieve
that level of collective resilience than perhaps we have been.
Mr. Keating. Thank you. It is harder to hate up close, and
it is easier to be strong up close.
Thank you. I yield back.
Mr. Ratcliffe. The gentleman yields back.
The Chair recognizes the gentlelady from Arizona, Ms.
McSally, for 5 minutes.
Ms. McSally. Thank you, Mr. Chairman.
Director Comey, I served in the Air Force to 26 years. I
have had the highest level of security clearances and have been
responsible for managing Classified information at many levels.
As you know, we take handling of Classified information very
seriously in the military, especially SCI and special access
program information.
During your press conference, you stated, quote, ``To be
clear, this is not to suggest that in similar circumstances a
person who engaged in this activity would face no consequences.
And further, to the contrary, those individuals are often
subject to security or administrative actions.''
If an airman in the Air Force had conducted behavior
similar to Secretary Clinton's, I am confident, at a minimum,
they would lose their clearance, they would be kicked out, they
would never get a clearance or be able to work for another
Federal department or agency, in addition to other fines or
anything else.
If someone were kicked out of the military for behavior
similar to Secretary Clinton and applied for a job at the FBI
under your leadership, would they be hired?
Mr. Comey. I don't think I can answer that in the abstract.
It would be a significant feature of a suitability review,
though.
Ms. McSally. Would they even get an interview if they have
had a security violation to the nature of what Secretary
Clinton did?
Mr. Comey. I can't answer that as a hypothetical. It would
be a significant feature. I can't say whether they wouldn't get
an interview or not.
Ms. McSally. OK. If someone were dismissed from the State
Department for similar behavior, you are going to give me the
same answer, you have to look at their circumstances?
Mr. Comey. Yes. But again, there would be--there is a
process. You know it in the military. There is a robust
process, I can speak inside the FBI, to assess suitability and
then to assess and adjudicate security violations among current
employees.
Ms. McSally. OK. Within the FBI, under your leadership,
let's say your chief of staff or your deputy director
mishandled Classified information in the same way that you know
about, what would be the security and administrative
consequences that you would put upon them?
Mr. Comey. Well, it would go through the regular review
process that we have and it would be adjudicated. I don't want
to, again, answer in hypothetical because we have to do this
all the time. I don't want to prejudge any cases. But it would
be looked at. It would be a significant security review. They
could be fired, a sliding scale, all the way up to reprimanded,
or lose pay, or there would be a series of disciplinary options
for the board.
Ms. McSally. You know more details about this case than
anything. So now you are done with the criminal, and now you
are looking at the administrative, what would you do?
Mr. Comey. I am not prepared to say, because I think that
gets me in an area of answering hypotheticals that could affect
my own security review process. It would be a significant
feature of a suitability and security review.
Ms. McSally. So fines, losing their clearance, losing their
job, what is on the menu?
Mr. Comey. The most severe would be losing your job. Being
walked out that day is probably the most serious. The least
serious would be a reprimand of some sort. Then a sliding scale
in between. People can get suspended. They can lose clearances.
They can have clearances knocked down. There is a range of
options.
Ms. McSally. OK. I want to move on to physically how the
Classified information got on an Unclassified system. You know,
just in the military we have JWICS, SIPRNet, NIPRNet. You
cannot cross those over in any way unless you either type in
new information on the Unclassified, because you can't send an
email from Classified to Unclassified. I am sure it is the same
in the State Department.
So you either need to type a new email with the markings on
it, right, those that were marked Classified, which you said
there were three, or you need to, I guess, print or scan, or
the most disturbing would be using a transferable media device,
like a thumb drive, to get onto the secure system and move
things over to the unsecure system, which could breach our
entire security system, as you know. That is why they are
banned in the military.
How, from your investigation, how did this Classified
information get moved over out of those three options?
Mr. Comey. Almost none of it involves information that was
moved. Instead it involves email conversations about topics
that are Classified.
Ms. McSally. But if there is markings, you either are
making a marking on an Unclassified system of a Classified
nature, which is disturbing in and of itself, or you are
physically moving it electronically.
Mr. Comey. Right. There were three emails that bore portion
markings on a paragraph, not header markings or footer markers,
for ``C,'' to indicate confidential. That was put on well down
a chain, deeper and much lower level in the State Department.
As I sit here, I don't know for sure, I think we concluded that
somebody had typed a talking point for the Secretary way down
the chain and marked that portion with a ``C.''
So it wasn't an uplift or a transfer. It was, as you said,
a typing in the first instance and then putting a portion
marking on it. But to be clear, it was just the portion that
was marked, not the document.
Ms. McSally. But still, on the Unclassified system, they
are allowed to be transmitting Confidential information?
Mr. Comey. No, because Confidential information is
Classified information.
Ms. McSally. Right.
Mr. Comey. Top Secret, Secret, Confidential.
Ms. McSally. Exactly. So they had to have actually typed
``Confidential'' on an email chain or they used transferable
media.
Mr. Comey. We have no indication of transferable media.
What we think happened is someone typed a talking point on an
unclassed system and then, for reasons that don't make any
sense to you and to me----
Ms. McSally. Right.
Mr. Comey [continuing]. Marked it with a ``C'' to indicate
that portion was Classified at the Confidential level.
Ms. McSally. OK. Director Comey, I am sure you realize that
those of us who have been involved in the security field, like
you, I mean, this is concerning on many levels that I think
needs a lot of follow-up for how that actually happened and
what is going to happen to the individuals that actually did
that.
Because if you are actually typing Classified information
and markings on an Unclassified email, I mean, that is a
security violation and those people should be held accountable
as well.
Thank you, Director.
Thank you, Mr. Chairman. I yield back.
Chairman McCaul [presiding]. The Chair recognizes Mrs.
Watson Coleman.
Mrs. Watson Coleman. Thank you, Chair.
I want to thank the three of you very much for the
information you shared with us and that you come every time we
ask. It has been very illuminating, the discussion we have had,
and it has raised some questions that I would like to share
with you.
No. 1, I wanted to talk to you, Secretary Johnson, you
mentioned some grants that are available. I live in a district
that is not part of the targeted area, the UASI area or things
of that nature, but I live in an area that has a tremendous
diversity of religious worshippers. Some of them have been
asking us for assistance in grants that would help them to put
things that would make them safer, be it cameras or whatever.
Would the grants that are being offered now, available,
would any of them qualify, even though they are not in the
target areas?
Secretary Johnson. Yes. There are grants for which a large
number of religious institutions can take advantage of for
homeland security. Sitting here, I can't recall the name of the
grant program, but there is a grant program, which I think is
about $50 million a year. It is a competitive grant program for
houses of worship, religious institutions, for their own
security.
Mrs. Watson Coleman. Anywhere?
Secretary Johnson. Anywhere.
Mrs. Watson Coleman. Thank you. I will have someone to
check with your office.
Secretary Johnson. My recollection is that it is anywhere,
yes.
Mrs. Watson Coleman. Thank you. Thank you.
I am interested in defining this, the individual that is
radicalized by home-grown, home-developed, racist-oriented
groups and then goes out and commits a crime that results in
the loss of life to more than 1 person, more than 4 people. For
instance, the Mother Emanuel situation, we understand that this
gentleman had been radicalized or had been influenced by some
groups--I don't know how you characterize them, I characterize
them as racist--and that his intention was to start a race war.
So, Director Comey, I believe that you characterized what
happened as a hate crime and this individual as a violator of a
hate crime. As you look at it now, is he also a terrorist? Does
he legitimately fall into that category?
Mr. Comey. I want to be very careful what I say about the
Charleston killer because he has two death penalty trials
coming up.
I said at the time it was for sure a hate crime. As you
know, when we investigate, it makes no difference what the
label might be on it at the beginning, we investigate it in the
same aggressive way. It was for sure a hate crime. What we are
trying to untangle was, was there also some domestic terrorism
element to that, the definition of domestic terrorism being
acts of violence directed at other humans for the intention of
coercing a Government or a civilian population.
So we look at both when we investigate a case like that. I
don't want to say at this point, given this pending trial, what
we concluded there yet.
Mrs. Watson Coleman. One of the concerns that I have is
that there are people who are influenced by these groups that
hate African Americans or hate Muslims or hate gay community
members and have a political agenda to eliminate as many of
them as they can.
So to me, it would be very important to have resources in
both, Director, in your hands as well as the Secretary's hands,
to identify, to categorize, and to respond to and to develop
programs that address that kind of terrorism. I am not certain
that we do, because we keep talking about ISIL, ISIL this, ISIL
that, but we don't necessarily drill down to these areas.
So both you, Mr. Secretary, and you, Director, I would like
to hear your thoughts on that.
Mr. Comey. Well, what I would be happy to arrange for you,
Congresswoman, is a briefing on the Domestic Terrorism Section
of the FBI's Counterterrorism Division. Our Counterterrorism
Division has two parts: International terrorism and domestic
terrorism. We have an enormous amount of resources directed to
understanding the threat from just those kind of groups,
motivated by all kinds of bias and hatred to try and kill
people or damage institutions.
So I ought to arrange for you--we have people who wake up
every day worrying about those groups and working with the
Southern Poverty Law Center, working with other groups to get
information on them so we can disrupt them.
Mrs. Watson Coleman. So will you be sharing that
information back and forth with Homeland Security, because they
do present a threat to the homeland?
Mr. Comey. Yes. We work them through our joint terrorism
task forces. So it is part of the joint work we do together.
Secretary Johnson. Congresswoman, the only thing I will add
to that is the manner in which we approach and deal with
communities, basically honest, peaceful communities, in which
an international terrorist organization is trying to recruit,
that is different from trying to approach an organization that
by its mission doesn't want to deal with the U.S. Government
and may have a violent purpose.
So those require different approaches. One, I think, is
more a matter for law enforcement. Another is, I think, more a
matter of our community engagement efforts. So they are
fundamentally different.
Mrs. Watson Coleman. Just in closing, and there is also
that third element that is not just anti-Government, but
biased, racist, and what have you, and that represents a threat
and a terrorist threat to communities that are nonviolent
communities, that are peaceful communities. That is related to
a political agenda and it does disrupt and impact individuals
as well as government.
Thank you very much. I yield back. Thank you.
Chairman McCaul. Thank you.
The gentleman from Texas, Mr. Ratcliffe.
Mr. Ratcliffe. Thank you, Chairman.
I appreciate all the witnesses being here today to talk
about our National security.
I want to start with you, Director Comey, and ask you about
the decision-making process at the Department of Justice and
the FBI regarding Secretary Clinton's private email server. You
and I had the privilege to serve together at the Department of
Justice, an organization whose reputation for integrity is
something that I know we both care deeply about.
After Attorney General Lynch and her husband met privately
with Bill Clinton on a tarmac in Phoenix, she publicly
acknowledged, in her words, that she may have cast a shadow
over the integrity of the Department and the investigation into
Mrs. Clinton's private email server, but then she didn't recuse
herself.
Now, I really can't imagine a situation, either in your
prior service as the deputy attorney general of the United
States or your current role as the FBI director, where you
would find yourself having a private 30-minute conversation
with the spouse of a target or subject of a pending Federal
investigation a week before you made the decision or
recommendation about whether or not to prosecute that person.
But if you had been, is there any doubt in your mind about
whether or not recusal would have been appropriate or
necessary?
Mr. Comey. That is a question I can't answer. I never
discussed with the Attorney General how she thought about that
issue. Each recusal situation, as you know, from being a U.S.
attorney, is a difficult and fact-specific one, so hard for me
to answer in the abstract.
Mr. Ratcliffe. Were you surprised at her meeting with the
former President?
Mr. Comey. Well, I think she herself said that it was a
mistake and something she wished hadn't happened, and that
makes good sense to me.
Mr. Ratcliffe. So did Attorney General Lynch's failure to
recuse herself factor at all into your decision about holding a
separate press conference or factor into the timing of the
press conference that you held about the FBI's recommendation
in the case?
Mr. Comey. It had no impact on the timing whatsoever. That
was driven by the case. It did have an impact and reinforced my
sense that it was very important that the American people hear
from the FBI on this issue and get as much transparency as
possible, because I didn't want to leave a lingering sense that
it wasn't doing in a professional, apolitical, honest way.
Mr. Ratcliffe. You talked a lot about precedents and the
lack of a precedent in connection with the decision in this
case. Are you aware of any precedent in your time at the
Department or at the FBI for an attorney general publicly
stating that he or she would accept the recommendation of the
FBI and its investigative team without any prior briefings
about the evidence or a briefing on their conclusions about the
evidence?
Mr. Comey. I don't know of another circumstance like this
that resembles this in any way, and I mean that in a variety of
senses.
Mr. Ratcliffe. Well, here is what I don't get, Director
Comey. If Attorney General Lynch was going to accept the
recommendation of the FBI, a recommendation that you made on
July 5, then why was there a need for a meeting with her on
July 6 when she announced her decision?
Mr. Comey. I think what she said was she would accept the
recommendation of the FBI and the career prosecutors. So the
meeting, which I attended, was among the FBI team and the
career prosecution team to lay out for her what we had found
and for them to offer their legal analysis. So I think that was
the embodiment of the recommendation that she then accepted.
Mr. Ratcliffe. Then she would make the decision?
Mr. Comey. Right. I think that is what she said and what
she did.
Mr. Ratcliffe. How long was that meeting? She said she met
with you late in the afternoon.
Mr. Comey. I think it was at least 90 minutes.
Mr. Ratcliffe. Ninety minutes.
Mr. Comey. My meetings all seem to be long these days. It
was at least 90 minutes.
Mr. Ratcliffe. So the person who wouldn't recuse herself so
that she could make the final decision about the prosecution a
week after she met privately with the spouse of the subject of
the investigation took 90 minutes to weigh the evidence
collected by more than 100 FBI agents over a year-long
investigation involving thousands of man-hours. Is that
accurate?
Mr. Comey. The lawyer in me is objecting to the form of the
question, but I will do my best to answer it.
She got a brief, I think a pretty thorough brief on the
facts and the law. As I have said to many folks, even though I
know folks have strong feelings about this, this was not a
cliffhanger from a prosecutive discretion position. My firm
belief after doing this for 30 years is that no reasonable
prosecutor would bring a case here.
So I think she decided and it looked to me like 90 minutes
was adequate to give her the picture she needed.
Mr. Ratcliffe. In that 90 minutes, did she review the 110
emails that you outlined as being either Top Secret, Secret, or
Confidential that were on Mrs. Clinton's--sent or received on
her email server?
Mr. Comey. I don't think it is appropriate for me to talk
about the specifics of that meeting.
Mr. Ratcliffe. I don't want to know about the content. I
just want to know whether she reviewed those emails at a
minimum.
Mr. Comey. I think that would be about the content of the
meeting, though. Look, I am trying to be maximally transparent,
as you can tell, in ways that are unprecedented. I don't think
I should get that specific, though.
Mr. Ratcliffe. Well, I do thank you. I am grateful for your
service in the past, present, and in the future to our Nation.
With that, I will yield back.
Chairman McCaul. The Chair recognizes the gentleman from
New Jersey, Mr. Payne.
Mr. Payne. Thank you, Mr. Chairman.
I think I would like to get a couple of things out of the
way before I start. I will say, Benghazi, Benghazi emails, and
the tarmac meeting. Now to the serious business.
Mr. Comey, Mr. Johnson, Mr. Rasmussen, let me just say I
really want to thank you for your service to this Nation. I
think, in the face of the odds that you have been up against,
you have done an incredible job in your service to this Nation,
and I thank you. I thank all of you.
I have several questions that I would like to ask. You
know, today is probably the last day before the House goes out
for the summer, and there are just so many things that we have
not done for the American people. You know, the Americans are
looking to Congress to do something to address the availability
of military-style firearms to dangerous people, and that has
been our contention all along. I have always worried about what
transpired in Dallas happening to our police departments all
across the Nation. It was my biggest fear and nightmare. When I
talk to the police departments that I have been involved with
back in my district, this was always my contention, that these
weapons would potentially end up being used against them.
Secretary Johnson, you said that gun control is part and
parcel of homeland security. Can you speak to how we can put in
place sensible gun legislation in the way that will make this
Nation secure?
Secretary Johnson. In general, I believe that we should
make it more difficult for a terrorist to possess a gun in this
country, and I think that there are ways, on a bipartisan
basis, we can agree upon legislation to do that. There are
presently statutorily-prescribed bases for denying a gun
purchase, which the FBI well knows about. What we lack right
now is the discretion to deny a gun to somebody who meets
certain specific criteria that matches one of our different
lists. Legislation to do that coupled with a prescribed
adjudication process--so that if the purchaser takes issue with
the denial, they have the ability to challenge that--I think
is, in general, a good idea. There is legislation pending in
this Congress now to try to accomplish those things, and I hope
that Congress continues to work at that.
What I meant when I said--what I meant was that we have to
face the fact that sensible gun control consistent with the
Second Amendment is not just a matter of public safety; it is a
matter of homeland security too when you look at San Bernardino
and when you look at Orlando and the weapons that were used in
those attacks.
Mr. Payne. Right. Thank you.
Director Comey, by law, the NCTC serves as the primary
organization in the U.S. Government for integrating and
analyzing all intelligence pertaining to counterterrorism,
except for the information pertaining exclusively to domestic
terrorism. Because of its lead status for counterterrorism
investigations in the homeland, the FBI arguably serves the
parallel role for the domestic terrorist threat. The
development of any interagency regime for collection and
analysis of domestic terrorism information might start with the
Bureau's capacity in this regard. What resources have the FBI
allocated and expended in the collection and analysis of
domestic terrorism-related intelligence as well as for
safeguarding civil rights as well?
Mr. Comey. Well, as I said earlier, Congressman, it is a
huge feature of the work of our counterterrorism division. We
have hundreds of people who work on what we call the DT side,
that is, at headquarters agents and analysis, and then, in
every field office, there are agents and analysts who focus
just on that domestic terrorism mission. So we have extensive
resources devoted to it all over the country.
Mr. Payne. Thank you.
You know, Secretary Johnson, everybody is saying this is
potentially the last time you will be before us. Are we safer
now than we were when you started?
Secretary Johnson. Good question. I think that the
environment has changed fundamentally from where it was 3, 4
years ago. My first 4 years in this administration in the
Department of Defense, I was giving the legal signoff on a lot
of targeted lethal force at terrorist organizations overseas to
prevent them from exporting terrorism to our homeland, and I
think we did a pretty good job of degrading a lot of the
threats that we saw at the time. We continue to do that in
places like Iraq and Syria.
Now we have got to deal with terrorist-inspired attacks,
terrorist-enabled attacks, people who live here, who were born
here who are recruited, inspired by terrorist organizations
through social media, and that is a challenging environment,
and that can happen with little or no notice to our
intelligence community, to our law enforcement community, which
requires, in my judgment, a very different kind of approach,
not just militarily, not just through law enforcement, but
through our CVE efforts, through public awareness, public
vigilance. I said in my opening remarks that the prospect of
another attack by a self-radicalized actor, someone inspired by
a terrorist organization is the thing that most keeps me up at
night. So, in that respect, that is a new threat that we
weren't dealing with on a regular basis as recently as 4, 5, 7
years ago, and it is something that I hope that, in the
Executive branch and in Congress, we will continue to dedicate
ourselves to combating.
Mr. Payne. Well, thank you very much. You will be missed.
Thank you.
Chairman McCaul. The Chair recognizes the gentleman from
New York, Mr. Donovan.
Mr. Donovan. Thank you, Mr. Chairman.
Let me add my congratulations, gratitude for your
commitment and dedication, the three of you, to the safety of
our Nation. Because you come before us so many times, we have
become very familiar with you. Jeh and Jim have been friends
from back in New York for a very long time. One of you will
appear before this committee again; one of you this may be your
last appearance. Since I am up for reelection, I hope it is not
one of my last appearances before this committee.
The Chairman is very proud when he tells our Nation so many
times that this committee has passed more legislation in this
Congress than any other committee in Congress outside of Energy
and Commerce. All of that legislation, most of that
legislation, maybe all of that legislation, results from
testimony before us from witnesses like yourself, your
expertise, sharing with us your concerns.
I have read all of your written testimony. Believe it or
not, we actually do read that. Particularly, in Director
Comey's testimony, he stresses that, in combating terrorism
through social media, we are doing everything we can within the
laws and in respecting people's privacies.
Is there something that you see as a tool that would be
helpful to each of you that either your legal teams are looking
at that we can help you? What other tool can we give you that
will make your job more effective as you respect the laws of
our Nation, as you respect the Supreme Court's decisions,
interpretations of our laws? What can we get out of this
hearing today that, if we are able to pass legislation, will
allow you to do your job more efficiently? I ask that for the
three of you. I know the votes are in 15 minutes, so I want to
get my colleagues to ask their questions as well.
Secretary Johnson. Congressman, two things to come to mind
immediately, one of which has already been passed out of this
committee, specifically, authorizing joint task forces within
my Department for border security. That is something that I
know this committee supports and has been passed by the full
House. I am hoping through one vehicle or another, it passes
the full Senate as well. Joint task forces for border security
help combat illegal immigration as well as narcotics, and there
are certain legal limitations I am finding to fully
implementing the joint task force concept for my Department.
The second thing, which I have spoken to several of you
about, is specific Congressional authorization to reorganize
our National Protection and Programs Directorate into a cyber
and infrastructure protection agency. We need an agency for our
cybersecurity mission more closely aligned with the protection
of our critical infrastructure, and that is something that I
think will go a long way to streamlining our cybersecurity and
critical infrastructure protection mission. So those are two
things that come to mind immediately.
I want to agree with what you said at the outset about how
impressed I am with the productivity of this committee. Just in
the time I have been Secretary, this committee has pushed out
legislation on cybersecurity, aviation security that I think
really has helped to strengthen the homeland. So thank you.
Mr. Donovan. We want to continue to do so.
Yes, Director.
Mr. Comey. I will give you two quick ones. One is an
enormous issue that this committee is thinking about, I think,
in a good way. We have to deal with the challenge of encryption
and its impact on our criminal justice work and our National
security work. The needles we are looking for are becoming
invisible to us in case after case after case, and that is a
big problem.
Second is a--seems like a small thing, but we have made it,
I believe, accidentally harder in our National security
investigations for our agents to use the process we use to get
telephone information, to get similar information on the
internet. The Senate is focused on this. I don't believe that
it was intended by the legislation to make it that hard for us
or is it justified by any reasonable concern about privacy.
That is called the ECTR fix. We have got to fix that.
Mr. Donovan. Thank you very much.
Director.
Mr. Rasmussen. I would just associate myself with Director
Comey's remarks about encryption. As you noticed, I highlighted
that in my opening testimony as well.
Beyond the productivity of the committee that Secretary
Johnson referred to with your legislation, I would also like to
say that we in the Executive branch also take note of some of
the staff-driven reports that have been produced on key
substantive issues as well, like foreign fighter flows and
whatnot, and I know we work closely with the committee staff to
support that work, and it actually does assist us as well.
Mr. Donovan. I thank you all.
Mr. Chairman, I yield the remainder of my time.
Chairman McCaul. I appreciate it. If I could just quickly
comment, it is very important, these three major items: The
commission to deal with encryption, we are hopeful the Senate
will take that up and mark that bill up. That is critically
important.
Director Comey, you and I understand the gravity of this
issue.
NPPD, as the Secretary has requested, is being held up by 4
other committees in Congress. That is a problem with the
jurisdiction that I think needs to be fixed. Then, finally, on
the border joint task force, it is my sincere hope we can add
that into the NDAA bill, as I will be on the conference
committee for that.
So, with that, let me recognize Mr. Perry from
Pennsylvania.
Mr. Perry. Thank you, Mr. Chairman.
Gentlemen, thank you for your service to the country. We
are all counting on you. I am thinking, with the Ranking
Member's remarks about hearings in the late--well, early and
late 1950's regarding the infiltration of communism into our
Government, and I just want to reflect on that a little bit.
Although the methods by most Americans were objectionable, in
retrospect, the information was almost all completely accurate
even though the individual, Senator McCarthy's, reputation was
destroyed. We lost sight of what he was really talking about
for the methodology, and we are just--I just want to beseech
you that we are counting on your integrity and your diligence
in keeping our country safe.
With that, Director Comey, I don't know exactly how you
characterized it, but you said recently that the FBI is
ineligible for contact with CAIR? Maybe it is not ineligible.
What is the terminology? You don't have contact with CAIR based
on the Holy Land Foundation investigation and their ties to
terrorist extremist organizations, mosques, et cetera?
Mr. Comey. Yes. Our policy is that we will not do work with
CAIR; that is, sponsor events, do joint events. If a CAIR
representative happens to come to some other event that is
being sponsored some other way, we don't kick them out, but we
don't work, as we do with so many other groups, nonprofit
groups, to sponsor activities with that group.
Mr. Perry. So there are reports or conjecture at least that
there was some involvement with the Bureau in the selection--
and CAIR in the selection of FBI witnesses to interview at the
Fort Pierce mosque regarding the Orlando massacre. Is there any
truth to that?
Mr. Comey. I have never heard that.
Mr. Perry. OK. So, at this point, you don't know anything?
You have never heard that. You know anything about that. I
think you would refute that, generally speaking----
Mr. Comey. Yes.
Mr. Perry [continuing]. Otherwise----
Mr. Comey. I mean, I am sitting here, I guess anything is
possible, but----
Mr. Perry. Right.
Mr. Comey [continuing]. I have not heard that, I have no
reason to believe that that is true.
Mr. Perry. OK. And----
Mr. Comey. I would think that I would have heard that.
Mr. Perry. All right. Thank you. If I can find a source for
that, I will write you and ask for that particularly so we can
get to the bottom of that.
Mr. Johnson, in a recent Senate hearing, there was a CBP
Officer that made a claim regarding the Department's ending or
stopping the collection of data and the destruction of
databases regarding Islamist supremacists that he believed
might have been able to prevent the San Bernardino attack, and
you said at the time, if I recall, that you hadn't looked into
those charges. I am just wondering, in the intervening time
period, have you looked into them, and do you plan to?
Secretary Johnson. Well, the questioning 2 weeks ago from
Senator Cruz was regarding the testimony of Mr. Haney that,
across the Executive branch, we had somehow purged certain
words in our dialog. That is what Senator Cruz asked me about.
I had not heard about that before, and, frankly, given
everything that is happening with Dallas----
Mr. Perry. Sure.
Secretary Johnson [continuing]. Orlando, Ataturk Airport, I
have not had the opportunity to personally sit down and look
into Mr. Haney's allegations, and I hope you can understand
why.
Mr. Perry. I do understand. I think it was regarding
databases and connecting the dots, which would lead to another
question. So it is not just about terminology. If you could,
please, sir, take a look into that. I know you have got, at
least by your clock, a limited amount of time left, and----
Secretary Johnson. One hundred ninety days.
Mr. Perry. But who is counting, right? I know you have got
some significant issues right in front of you, but we would
like to know the outcome of that questioning regarding the
purging of those databases and the connecting of the dots, if
you could, sir.
Also, I think at the time, you said that you thought your
personnel were smart enough to connect the dots between
terrorism and things like Sharia adherence, jihad, and Islamic
supremacism more generally, and I would agree with you. It is
not a question of if they are smart enough. The question is
whether it is a career-ending offense, as Mr. Haney might
assert that it has been, and if there are constraints in those
connections of the dots at your organization, if there is a
policy of constraint.
Secretary Johnson. What I was referring to 2 weeks ago was
the work actually of those who work for the people at the table
here with me. In my observation, NCTC, the intelligence
community, my people, the FBI do an excellent job of working
together to track terrorist threats, plotting against the
homeland, whatever it is labeled. So what I said then, which I
will repeat, is I don't think that our personnel become too
bogged down in the particular label we choose to put on a
terrorist actor. They are more interested in the substance of
what that person is doing.
Mr. Perry. I am not here to discuss the labeling. You and I
have had that discussion before, probably have a bit of a
disagreement, I accept that at this point, but what I am
discussing and what I want to ask you directly, is there a
prohibition, is there any policy toward the work that Mr. Haney
was doing such that current individuals in your Department in
particular would see that as somehow bad for their career, or
they are dissuaded from doing, or they are prohibited from
doing that?
Secretary Johnson. My honest answer is I have not had an
opportunity to look into exactly what Mr. Haney----
Mr. Perry. OK.
Secretary Johnson [continuing]. Alleges, though I gather he
has written a book and he has been on TV.
Mr. Perry. I haven't read the book, but----
Secretary Johnson. It is something that I--it is something
that I am interested in learning more about.
Mr. Perry. So, regarding the database and regarding the
previous question about the policy, could you give us a written
response to that when you have time, assuming you have time----
Secretary Johnson. Yes.
Mr. Perry [continuing]. Before you leave?
Secretary Johnson. Yes.
Mr. Perry. Thank you, sir. I appreciate it.
I yield back.
Chairman McCaul. Mr. Katko from New York is recognized.
Mr. Katko. Thank you, Mr. Chairman.
I echo the sentiments of many of my colleagues on the panel
here in thanking all of you for your fine service to this great
country. Mr. Comey, I wasn't the hotshot you were at the time
at the Department of Justice, but I served with you for many
years as a Federal organized crime prosecutor, 20, as a matter
of fact, and I have always admired your skill and grace. While
I don't always agree with you on things, I do admire your
service to our country, so I thank you.
Now, Secretary Johnson, I want to--as my Subcommittee on
Transportation Security, we have direct oversight over our
airports both Nationally and internationally, and including
last-point-of-departure airports, and as you know, one of the
last-point-of-departure airports that is looking to be opened
is in Cuba, and there are 10 of them, which is an
extraordinarily large amount of last-point-of-departure
airports. During our investigation in looking into this matter
in our oversight capacity, many concerns have developed. No. 1,
do the airports have the capacity to handle the 110 flights a
day that are being contemplated to and from the United States;
concerns about the equipment, you know, whether they even have
body scanners or whether they are going to have body scanners,
whether they are going to have document verification machines,
whether they are going to have all the tools of the trade that
we have here, explosive trace detection equipment and what have
you? Those are all concerns we have.
The training and vetting of employees is another area of
concern, and a huge concern for us, especially with the insider
threat, as evidenced in Sharm El Sheikh and Mogadishu with the
downing of the airplanes.
Canines is another area of concern.
Another area of concern is whether the TSA is going to have
access to these airports, given the embargo against Cuba and
given the current state of the diplomatic relations.
Overlaid with all that, Mr. Secretary, last year, Cuba was
taken off the list of terrorist countries. One of their best
buddies is still North Korea.
Another thing that is a major concern to me is that Cuban
visas are showing up in the Middle East. A Washington Post
article from April 17 of this year, which I ask to be
incorporated into the record, evidences that these visas are
suspected to being produced in Iran and other countries.
[The information referred to follows:]
Article Submitted For the Record by Hon. John Katko
kabul libre! one new afghan trail to the west goes through cuba
By Tim Craig, April 17, 2016.
KABUL.--With roads to Europe increasingly blocked by strict border
controls, Afghans hoping to flee war and economic peril are desperately
searching for new escape routes by way of refugee camps in India,
airports in Russia and even the beaches of Cuba.
The shifting travel plans--which are also seeing Afghans attempting
to buy their way into Europe before leaving Kabul, through the purchase
of visas--may signal the next phase in a migration crisis that is
rattling world leaders and draining Afghanistan of its workforce.
After a year in which hundreds of thousands of Afghans poured into
Europe by land, more migrants are now trying to skirt hostile border
agents and dangerous boat trips by flying to their destinations. As a
result, although human smuggling was a booming industry in Afghanistan
last year, criminal rackets that trade in visas may be reaping a
windfall this year.
``People now are not willing to take great risks,'' said Tamin
Omarzi, who works as a travel agent in Kabul's largest mall. ``They
want to just travel with a passport, and don't come back.''
Last year, along with more than 1 million refugees from Syria and
Iraq, about 250,000 Afghans journeyed to Europe in hopes of securing
asylum there. Many traveled through Iran and Turkey before crossing the
Aegean Sea to Greece.
Overwhelmed by the influx, European leaders have shown less
sympathy for Afghans than for refugees from Syria and Iraq. Much of
Afghanistan, they note, remains under the control of a Western-backed
government.
Last month, the European Union reached a deal with Turkey to send
migrants back to refugee camps there, effectively severing the land
route to Europe.
Since then, travel agents in Kabul report that requests for visas
to Iran and Turkey are down by as much as 80 percent compared with last
year at this time. A United Nations report released Thursday also
concluded that the flow of migrants from Afghanistan has slowed while
``people reconsider destinations and subsequent optimal routes.''
``There is currently lower movement but no dropoff in the people
wanting to go,'' said Alexander Mundt, assistant representative for
protection at the U.N. refugee agency. ``They are just exploring their
options, their means and the right moment to go.''
Plenty of Afghans are still on the move, however, in a mass
migration that is raising new challenges for immigration agencies
across the world.
Sulaiman Sayeedi, a travel agent in Kabul's middle-class Wazir
Akbar Khan neighborhood, said there has been a surge in demand for
flights to India, Indonesia, and Central Asian countries such as
Tajikistan and Uzbekistan.
Once they arrive, Afghan travelers often claim refugee status with
the United Nations in hopes of being resettled. In India, for example,
Afghan asylum applications have doubled in recent months, according to
Mundt.
Other Afghans are flying to Moscow, believing that from there they
can cross into Ukraine or even Belarus and then move onward to E.U.
countries.
``Some people are coming in and just asking for tickets to anywhere
they can get to,'' Sayeedi said. ``They just want a better life, a more
civilized, modern life.''
To achieve that in the United States or Canada, Afghans may make
Cuba their gateway to the Western Hemisphere.
Over the past 2 months, travel agents in Kabul have been surprised
by Afghans showing up at their offices with Cuban visas, which are
suspected of having been issued in Iran or acquired on the black
market.
``Ten or 15 people have come just since January asking for tickets
for Cuba,'' Sayeedi said. ``And they are not staying there. The only
option is to move forward, probably on to Mexico and then America or
Canada.''
Other agents in Kabul also report a spike in interest in Cuba, and
U.N. officials in the northern Afghan city of Kunduz say they recently
encountered a family with Cuban visas. Havana has been a way station in
the past for South Asians hoping to transit to Central America and from
there to the United States.
Besides Cuba, some Afghans are attempting to land in South America,
either to seek residency there or make the trip north toward the U.S.-
Mexico border.
Rahimihi, a travel agent in Kabul's central Shar-e Naw district,
recently booked flights for relatives who had obtained visas for
Ecuador, as well as transit visas through Brazil.
``They first had to go to Pakistan to get the transit visa [from
the Brazilian Embassy], and then left 2 weeks ago,'' said Rahimihi,
who, like many Afghans, uses only one name. ``They want to go to
Canada.''
But central and northern European countries remain Afghans'
preferred destinations, reflecting the widely held belief here that
Germany, Norway, and Sweden are the most welcoming toward refugees.
Mohammad Unus has been deported from both Italy and Turkey over the
past 2 years while attempting to reach Germany. Now, for his third
attempt, he's working with a local travel agent.
``Since Ashraf Ghani became president, all the people want to
escape from Afghanistan,'' Unus said, reflecting widespread concern
here that Ghani's promised economic reforms haven't materialized.
``I've already spent $40,000 trying to get to Europe, and now I plan to
sell my house to get there if I have to this time.''
Such desperation is fueling the shady enterprise of visa dealing on
the streets of Kabul.
According to travel agents, Afghans are now paying dealers $15,000
to $25,000 to obtain a ``Schengen visa''--a reference to countries that
are part of the Schengen Agreement, which was drawn up to allow
unrestricted movement among 26 European nations. The business continues
even though seven of those nations, including Germany and Sweden, have
re-imposed temporary border controls.
The visa dealers work directly with rogue staffers at European
embassies who issue the visas for a kickback, the agents claim.
``You never know who is doing it on the inside, but it's someone
with a soft heart who is approving these documents,'' said Peer
Muhammad Roheen, managing director of Air Gateway Travel and Tours in
Kabul.
One travel broker, who spoke on the condition of anonymity to
discuss his sensitive business, said Afghans even with modest means are
now turning to visa dealers because ``people now prefer to go by air to
Europe directly.''
``If you got good contacts inside the embassy, you can get it done
in 1 week,'' the broker said.
When visa dealers fail to obtain valid visas, they sometimes turn
to even more elaborate schemes, according to travel agents.
Legal residents of Europe, for example, are being paid to travel to
Afghanistan or Pakistan and then give their passports to Afghans with
similar physical characteristics, said Mustafa, a travel agent in
southwest Kabul who also uses only one name. The person who gives up
the passport then claims it was lost or stolen.
``People will pay, and those short on cash will sell anything they
have,'' Mustafa said.
But U.N. officials question how many Afghans will be able to afford
expensive options for fleeing.
``The people with that kind of money to spend are already gone,''
Mundt said, adding that many of those now trying to flee are poor and
middle-class families. ``They may still have some means, but maybe
$6,000 to invest and not $20,000.''
The recent outflow of wealth and talent from Afghanistan has
alarmed Ghani, who has been urging Afghans to stay home.
But until stability returns, travel agents expect to stay busy
planning one-way trips.
``For survival, people will do anything,'' said Roheen, who
estimates that 30 percent of urban Afghan youths hope to leave the
country. ``If they encounter a problem, then they will just try another
option.''
Mr. Katko. So we have that.
Then you have the fact that airlines, like I mentioned, are
being targeted by ISIS and that Cuba remains friends with North
Korea, like I said, and many other concerns.
We are doing the oversight. We wanted to go to Cuba. And as
you well know, the Cuban Government, instead of opening their
arms and having us come and look at the airports, denied Mr.
McCaul's access to Cuba as well as mine and the Congressional
delegation. Does that give you any concern?
Secretary Johnson. Yes. I was disappointed that the
Congressional delegation was not issued visas. The Chairman
asked me if I could assist in that matter, and we tried, and we
were unable to make that happen. So I am disappointed that the
Cuban government did not----
Mr. Katko. I thought you were all-mighty and all-powerful?
Secretary Johnson. I am sorry?
Well, but let me comment more generally, sir, on this last
issue of point of departure from Cuba. What I have told our
people in TSA is I want an assurance that any last-point-of-
departure airport from Cuba satisfies our U.S. screening
standards, not just international screening standards. I have
also told TSA that I want them to get with the Cuban Government
and put in place agreements, MOUs, for Federal air marshals and
hopefully make that happen before we start commercial flights,
and I want to see a senior-level official from TSA headquarters
personally go down to Cuba to take a look at the security at
last-point-of-departure airports.
We are very focused on last-point-of-departure airports, as
I am sure you know, particularly in the Middle East region
right now. I think we have some challenges there. Since the
crash last year in the fall, I have asked our people to focus
on airports in that region. We are not going to take our eye
off the rest of the world, however. So, Congressman, this is
something that I am personally focused on.
Mr. Katko. I appreciate that. Now, let me ask just a
follow-up on one of those questions. If the Cuban Government
would disallow Federal air marshals on their flights to and
from the United States to Cuba, would that be a deal-killer for
Homeland Security?
Secretary Johnson. I would have to assess it at the time.
We don't have MOUs with every single last-point-of-departure
country. We have a number of them now, and we are expanding on
that list. I would have to assess it at the time.
Mr. Katko. OK. One last thing, Mr. Chairman, one quick
question. I have a bill that I submitted to Congress yesterday,
the last--earlier this week about oversight with the Cuban
airports, and it articulates all the concerns and the goals you
have. The only other thing it has would be that GAO would do a
follow-up review of the analysis to ensure it is accurate
before the flights begin. Would you agree with that?
Secretary Johnson. Yes.
Mr. Katko. All right. Thank you.
Chairman McCaul. The gentleman, Mr. Hurd, from Texas.
Mr. Hurd. Thank you, Mr. Chairman.
Before I begin my questions--and I am going to start with
you, Mr. Rasmussen--I would like to make an FYI to the
Secretary and the director. You probably already know, there
has been a task force that has been created, being chaired by
the Chairman of Judiciary and the Ranking Member, on looking at
police accountability and aggression toward law enforcement, 6
Republicans, 6 Democrats. We are going to try to do this in a
bipartisan way. We are going to try not to retreat to the same
tired corners and talking points on this issue, because the
reality is, is whether the color of your skin is black or brown
or your uniform is blue, you shouldn't be afraid of being
targeted when you walk the streets in the United States.
My good friend and fellow Texan Sheila Jackson Lee is on
the committee as well as well as my friend Cedric Richmond from
Louisiana, and we would welcome you all's perspective and
number of years experience in your service to the Federal
Government as we pursue this endeavor. It is hard to have a
bunch of people together, you know, being in a bipartisan
manner, but I think we can do it, because, guess what? Those
folks that are trying to sow terror and fear in our hearts,
they will not win, and they will not win, because this body is
committed to doing this and we have folks like you all on the
front line.
Mr. Rasmussen, when I was chasing al-Qaeda when I was in
the CIA, I would have loved for al-Qaeda to be using social
media the way that ISIS is. It increases the surface area of
attack where we can ultimately penetrate and understand the
plans and intentions of groups like this. If you were an
American walking around in the federally-administered tribal
areas of Pakistan and said, ``I want to join al-Qaeda,'' you
would likely get your head cut off, but now we are able to
target people from the comfort of our homes.
I am not asking to get into Classified information, but has
our intelligence on the plans and intentions of groups like
ISIS increased due to their use of social media?
Mr. Rasmussen. There is no--I like your term the greater
surface area that the group occupies because of its presence in
all these ways. That certainly provides opportunity,
opportunity in all kinds--measured in all kinds of ways for
analysis, for operational work. That isn't my responsibility
but belongs in the hands of other intelligence community
partners. On net, though, I would describe our effort to gain
an understanding of ISIL intentions and strategy and direction
as being a harder target right now than what we faced with al-
Qaeda, and it attaches to a number of issues, the encryption
issue that Director Comey has spoken so eloquently on, but also
just the fact that ISIL is a savvy----
Mr. Hurd. Right.
Mr. Rasmussen [continuing]. Experienced adversary that
knows who we----
Mr. Hurd. So you bring up encryption. I guess this question
is to Secretary Johnson. I am with you. I am glad you were able
to mention the cyber and infrastructure protection agency. I
think it is a critical tool. I agree with the Chairman and
support this. We have to get it done now, because if we don't
do it now, it is going to be years from now.
I would like to add that the efforts that the Department of
Homeland Security NPPD has done across the Federal Government
in helping protect the digital infrastructure of our fellow
agencies has been impressive.
How important is the use of encryption to make sure that
these other agencies are protecting the information that they
do have on American people?
Secretary Johnson. We are, through binding operational
directives, which is an authority that was given to me by
Congress, and other things, working with other Federal agencies
to secure their own systems. This is a work in progress. I want
to see not just the CIOs of each agency but the Cabinet heads,
the agency heads----
Mr. Hurd. Should they be using stronger encryption to
protect digital information or weaker encryption?
Secretary Johnson. It is hard to answer in general. I think
we need to improve the security of our systems. I think that is
the way I would answer it.
Mr. Hurd. Director Comey, first off, your level of
transparency on what the FBI knew or didn't know around the
Orlando killer, I think, was impressive and was important for
the American people to know and understand, and I commend you
for that.
One of the issues--and I recognize that the Orlando killer
cased a number of locations, and it appears that, at many of
those locations, there were private security. Is there a
vehicle by which private security is able to--you know, if they
see a suspicious activity report, does that go somewhere? Do
these private security have training? Is there a way to
integrate that kind of information into the JTTF structure,
into local police? Your thoughts on that.
Mr. Comey. Yes. I think it is--they are integrated. There
are probably ways to improve it in both directions through
their relationship with the local uniformed police. If they see
something suspicious, either if they--even if they pass it
informally, it is going to get to the JTTF right away. So my
sense is it is pretty good through the local police.
Mr. Hurd. Mr. Chairman, I would be remiss to not mention
and have a comment on encryption. You know, I think it was one
of your own employees, Director Comey, who mentioned that our
civil liberties are the things that make our country great;
they are not our burdens. I agree wholeheartedly with that, and
I think that we should be focusing on how we strengthen
encryption and not weaken it, and make sure that law
enforcement and the private sector are not talking past one
another but are actually working together. We also have to
ensure that we continue to create a culture within the Federal
Government that protects information and protects those secrets
that so many people have worked hard to collect.
Mr. Chairman, I yield back the time I do not have.
Chairman McCaul. I thank the gentleman.
The Chairman recognizes the Ranking Member for purposes of
a closing statement.
Mrs. Watson Coleman. Thank you, Mr. Chairman.
I yield to the gentlelady from Texas.
Ms. Jackson Lee. I thank the Ranking Member, and I thank
her for her leadership, and the Chairman.
Let me quickly--I think my questions may warrant a one-
letter--one-word answer. In light of--and, again, Mr. Comey,
thank you for your presence at the Dallas memorial. But in
light of the existence of weapons of war on the streets, would
you and your agents surmise and believe that law enforcement
are less safe because AR-15s and others are still about in this
Nation in civilian hands who may be doing wrong things, less
safe?
Mr. Comey. The more weapons in the hands of bad people, the
less safe our people are.
Ms. Jackson Lee. Second question is, with the career
investigators and prosecutors who investigated former Secretary
Clinton on the matters dealing with emails, is it my
understanding and your understanding and confidence that you
have completed the investigation as well as the Department of
Justice?
Mr. Comey. Yes.
Ms. Jackson Lee. To your satisfaction?
Mr. Comey. Yes. It was done in an apolitical, professional
way. I am very proud of my folks.
Ms. Jackson Lee. My last point is--I made a point about
swatting. I would appreciate if you could refer me to one of
your individuals at headquarters to be able to have that matter
addressed as quickly as possible.
I thank you so much very for your service. I know that
America is going to be a better Nation because we are all
working together in a unified manner.
I yield back.
Chairman McCaul. Let me just thank all three of you for
your expertise. It has been very instructive to this committee.
I want to thank you for your service on all three levels.
FBI, the amount of terrorism you have stopped in this
country astounds me, the job your agents do in arresting over
80 ISIS followers since the beginning of the caliphate.
To NCTC, for doing the intelligence fusion, which serves
this Congress, I think, and the Executive branch so well.
Finally, to Secretary Johnson, I think this will be your
last testimony before this Congress. I think you think that
that is for certain, but on a personal level, I have enjoyed
working with you. I want to thank you for your service both to
the Department of Defense, doing very important work targeting
the threat where it exists, but also as Secretary of Homeland
Security, you have truly served with honor and distinction, and
we thank you for that.
With that, this hearing stands adjourned.
[Whereupon, at 12:39 p.m., the committee was adjourned.]
A P P E N D I X
----------
Questions From Ranking Member Bennie G. Thompson for Hon. Jeh C.
Johnson
countering violent extremism
Question 1a. Federal efforts directed at Countering Violent
Extremism (CVE) often depend on Government agencies cooperating with
local groups. The administration highlights a ``community-based
approach'' for the Federal Government. According to the administration,
the Federal Government most effectively acts as a ``facilitator,
convener, and source of information.'' As such, to date the bulk of
Federal-level CVE work has revolved around community engagement. The
Department of Homeland Security has yet to release a CVE strategy;
however, it has stood up an Office of Community Partnerships.
Please detail some of the programs that this office will implement.
Answer. The Office of Community Partnerships (OCP) is focused on
partnering with and empowering communities by providing a wide range of
resources to use in countering violent extremism. OCP does this by
equipping State, local, Tribal, and territorial governments, community
organizations and other partners with necessary information, grants,
tools, and training to help them identify and counter radicalization to
violence.
OCP's major objectives include: Increasing access to grants for CVE
initiatives, community engagement, tech-sector engagement to empower
credible voices in communities vulnerable to violent extremism, field
support training to better support local communities and law
enforcement engaged in CVE efforts, and philanthropic engagement to
facilitate long-term partnerships with communities.
DHS released a comprehensive CVE strategy on October 28, 2016 which
will also be provided to you.
Question 1b. Will these programs extend beyond the current focus on
Muslim communities?
Answer. Violent extremism in all its forms poses a persistent and
unpredictable threat to the homeland and may come from a range of
groups and individuals, including domestic terrorists and home-grown
violent extremists. As such, DHS has designed a countering violent
extremism approach that addresses all forms of violent extremism,
regardless of ideology, focusing not on political, cultural, or
religious views, but on preventing violence.
Question 1c. What resources will this office receive in terms of
staffing and operating budget and will those resources be diverted from
other programs and offices?
Answer. For fiscal year 2016, the Office of Community Partnership
(OCP) received $11.3 million and 12.5 full-time equivalent. This amount
represents $3.1 million originally enacted and $8.2 million in
transferred funds to OCP for Countering Violent Extremism activities.
The fiscal year 2017 President's budget requests $3.5 million and 16
full-time employees for OCP. All resources and personnel initially
associated with the foundation of OCP are fully supported by the OCP
budget. Due to the expertise they bring, OCP continues to utilize
approximately 6 detailees (1 OPE, 1 I&A, 1 USCIS, 1 TSA, and 2 CRCL)
from within the Department.
Question 1d. Which domestic terrorist ideologies does the DHS
Office of Community Partnerships focus upon?
Question 1e. Which communities do you intend to engage regarding
issues surrounding non-jihadist terrorism?
Answer. OCP and DHS Headquarters Efforts.--DHS I&A has a team of
analysts whose sole focus is domestic terrorism analysis. These
analysts are experts in all the disparate categories of domestic
terrorism--such as violent white supremacist extremists, violent
sovereign citizen extremists, violent anarchist extremists, and violent
environmental/animal rights extremists.
The Department provides training for law enforcement; delivers
briefings to fusion centers, law enforcement, and communities; develops
research on preventing and further understanding the phenomenon of
radicalization to violence; and develops analysis on the spectrum of
domestic-based threats.
OCP Field Efforts.--DHS OCP provides direct support via field staff
in a couple of regions. For example, in Colorado, DHS OCP and the U.S.
Attorney's Office (USAO) have partnered to counter all forms of violent
extremism. Colorado has experienced both international violent
extremist incidents, with 3 teenage girls attempting to join ISIL in
October 2014 and another young woman attempting to join in April 2014,
as well as incidents of domestic violent extremism, like the Planned
Parenthood shooting in November 2015, and several incidents of
sovereign citizen extremist violence. DHS OCP and USAO have focused on
prevention (through awareness-building and counter-narratives) and
intervention. Together they are developing a community awareness
briefing (CAB) that builds comprehensive awareness of all forms of
violent extremist activity that has occurred in Colorado, both domestic
and internationally inspired.
DHS OCP and USAO have presented multiple CABs to Muslim American
leaders and parents to build awareness of ISIL and related groups.
After expanding the CAB to include information on domestic violent
extremism, they have delivered this new presentation in Colorado
Springs to Christian communities on June 4 (who expressed interest
after the Planned Parenthood shooting), and to gang prevention and
intervention partners in the Gang Reduction Initiative of Denver (GRID)
program on June 21.
DHS OCP and USAO have put on multiple Protecting Houses of Worship
events throughout the State to multiple faith communities on how to
respond to threats to their centers. USAO started these after the
Charleston AME Church shooting, which involved persons believed to be
motivated by a white supremacist extremist ideology. These briefings
include information on all types of violent extremists that have
committed acts of violence.
DHS OCP and USAO are working with local partners to institute an
intervention model in Colorado to address all forms of violent
extremism. This is still in the beginning stages, but the model will be
set up to address all forms of violent extremism, and will complement
existing models to prevent gang activity and school violence.
Question 2a. The CVE community has struggled with measuring the
effectiveness of its efforts.
How can the CVE community develop useful metrics?
Question 2b. What metrics are most useful to you in determining
whether the Department's CVE actions are having the desired impact on
the adversary and on our security more broadly?
Answer. Developing measures of performance, effectiveness, and
benchmarks for CVE programs and initiatives remains a top priority for
the Office for Community Partnerships and the CVE Task Force. Academic
partners, such as the University of Maryland's National Consortium for
the Study of Terrorism and Responses to Terrorism (START), have
published comprehensive reviews of program evaluation across a range of
CVE initiatives. The National Institute of Justice is another Federal
partner which has spearheaded efforts to fund evaluations of CVE
programs, and they have just released a new assessment of a U.S.-based
CVE program in Montgomery County, Maryland. In addition, DHS's
Directorate of Science and Technology is completing CVE program
evaluations of CVE efforts in Los Angeles and Boston; final reports for
this project are will be finalized and published in early 2017.
Federal departments, agencies, and non-governmental experts
involved in CVE programming are currently involved in a robust
conversation and information exchange on these issues. For example, the
State Department has developed a useful guide for practitioners as they
develop measures to assess CVE programs, which has been shared across
the interagency and with CVE practitioners.
With regard to the assessment of individual CVE programs, program
metrics will be required for all Federally-funded CVE programs and will
be tailored to each specific initiative before programs are launched.
The CVE Task Force will work to coordinate these efforts. Examples of
program metrics include developing a logic model as well as providing
both output measures (e.g., numbers of individuals who have
participated or number of products developed) as well as impact metrics
(e.g., percent increase in knowledge, percent increase in awareness or
percent increase in trust developed between communities and law
enforcement). These program evaluations in diverse fields of practice
like community policing, gang interventions, and public health
initiatives provides strong evidence-based assurance that our Federal
investment is being directed in the most effective ways.
Question 3. Please provide us with a time line for when CVE grants
will be awarded. What types of activities to you anticipate the grant
funding will support and how did the Department go about identifying
the activities that would most effectively counter violent extremism?
Answer. DHS anticipates that funding selection will occur in
January 2017. The grant funding will support activities in 5 focus
areas: Developing resilience; training and engaging with community
members; managing intervention activities; challenging the narrative;
and building capacity of community-level non-profit organizations
active in CVE. These focus areas are based on research, analysis of the
current gaps, and which CVE activities needs grant funding versus some
other type of support. Additionally, through the competitive
application process, the program encourages innovation and whole-of-
society partnerships. As noted in the Notice of Funding Opportunity,
senior leadership from the DHS Office for Community Partnerships, FEMA,
the DHS Office for Civil Rights and Civil Liberties, and the CVE Task
Force (which includes NCTC, DOJ, and FBI) will review all scoring
results and will make recommendations on which projects, or portions of
projects to fund in order to maximize the total impact of the available
funding including removing from consideration applications that do not
propose as large an impact relative to their costs in comparison to
other applications or are duplicative of higher-scored applications.
The results of the senior leadership review will be presented to the
Director, Office for Community Partnerships and the assistant
administrator, FEMA GPD, who will recommend the selection of recipients
for this program to the Secretary of Homeland Security. Final funding
determinations will be made by the Secretary of Homeland Security,
through the FEMA administrator. The Secretary retains the discretion to
consider other factors and information in addition to those included in
the recommendations.
cybersecurity
Question 4a. The rising number of connected devices means a
potential wider attack surface, and there has been some speculation
that the Internet of Things is the new frontier of ransomware attacks.
How credible are these concerns, and how does the Department plan
to assist small business, in particular, Main Street businesses, in
dealing with this new threat?
Question 4b. What role should the Government play in the securing
the Internet of Things?
Answer. The Internet of Things (IoT) is a broad term to describe
the proliferation of categories of devices that are connected to the
internet, to include, for example, self-driving cars, ``wearables''
that track heart rates and calories burned, and medical devices that
transmit health information in real time. Growth of the IoT presents
extraordinary opportunity for consumers and businesses, but that
opportunity is accompanied by the cybersecurity risk with any connected
network or device. A 2014 study by the President's National Security
Telecommunications Advisory Committee (NSTAC) highlights the growing
security threats that government and industry must consider with the
IoT: ``an exponential expansion in attack surfaces, a changing threat
landscape, privacy concerns, an increased potential for kinetic-focused
cyber attacks, and changes to the hardware life cycle.'' DHS agrees
with the finding in the NSTAC report.
When considering smaller cities, municipalities, and small- to mid-
sized businesses, IoT provides an opportunity to gain efficiencies,
provides for greater automation, centralizes management of remote
controllers, improves monitoring to predict or reduce failures, and
reduces cost of running and maintaining systems and services. Along
with all of these opportunities, though, come greater risks, especially
when considering increased cyber attacks against connected devices that
may result in physical disruption to services and systems.
The DHS National Cybersecurity and Communications Integration
Center (NCCIC) is dedicated to assisting the Federal Government; State,
local, Tribal, and territorial governments; and the private sector with
cybersecurity concerns. This includes situational awareness, incident
response, and information sharing related to IoT devices. The
Industrial Control System Computer Emergency Readiness Team (ICS-CERT),
housed within the NCCIC, focuses on and is closely monitoring the
threats in IoT to industrial control systems. Recognizing that
industrial control systems are both publicly and privately held, ICS-
CERT has been providing a range of products and services to protect
critical infrastructure in the context of threats in the Industrial
Internet of Things.
DHS has invested in a pilot initiative by the DHS Science &
Technology (S&T) Directorate to accelerate research and innovation
around homeland security priorities. S&T's first investment cycle on
this initiative focuses on the IoT. This investment supports developing
a solution that detects devices as they connect or disconnect from
network infrastructure and sees how they communicate. It represents a
solution for homeland security needs; in this case, securing networks
that will eventually include sensitive oil pipelines, border monitoring
assets, or airport screening systems. DHS S&T is also funding applied
Research Development Test and Evaluation addressing Cyber-Physical
Systems security in areas of Smart Manufacturing, Connected Automotive
systems and Connected Medical Devices/Systems.
Cybersecurity requires an approach known as ``defense in depth.''
There is no single technical solution that will effectively secure
networks and computers, so companies and Government agencies have
multiple layers of cybersecurity. While an adversary can break through
any individual security layer, the intent of defense-in-depth is that
an adversary will be detected or stopped before they can break through
every single security layer. In the physical world, important
information is not just protected by a locked door. Instead, important
information may be in a safe, in a locked building, with guards,
cameras, and a fence. This is the physical world's equivalent of
defense-in-depth. As IoT makes connectivity more convenient, it also
reinforces the need for defense in depth as a leading cybersecurity
practice.
transportation security
Question 5a. In the past as well as this fiscal year, the funding
for security for the surface transportation sector has been only a
small fraction of the overall funding for the Transportation Security
Administration's (TSA) mission. In fact, TSA spends only about 2
percent of its budget on surface transportation activities. At the same
time, Transit Security Grants have been cut from a peak funding of $388
million to about $100 million, including Amtrak Grants.
Given that terrorists are increasingly focusing on soft targets, as
well as the August 2015 attempted attack aboard a train traveling from
Amsterdam to Paris, how concerned are you that the prioritization of
aviation security over the surface sector could lead to vulnerabilities
elsewhere?
Question 5b. Is the Federal Government doing enough to help secure
our transit systems?
Answer. Securing surface transportation is very different from
securing aviation. A primary characteristic of surface transportation
systems is that these systems, in contrast to aviation systems, are
more accessible and open given the need to accommodate high passenger
and cargo volume. Unlike the aviation sector where TSA is responsible
for operational security, and the accompanying costs, the primary
responsibility for surface transportation security lies with the
owners/operators of the systems. The percentage of funding that TSA
allocates to surface initiatives is not indicative of a prioritization
of aviation over surface transportation. Transportation entities costs
are primarily shouldered by the system owners/operators, not the
Federal Government. Additionally, over $2.4 billion in surface
transportation security grant funds have been awarded since fiscal year
2006 for critical security initiatives.
TSA supports surface transportation stakeholders primarily through
voluntary and collaborative programs. Using TSA's risk-based,
intelligence-driven approach to security, TSA has developed a
comprehensive, multi-layered program for security in the surface modes.
Key layers in surface transportation programs include:
Information Sharing.--Joint Terrorism Task Force (JTTF)
partnerships, Homeland Security Information Network (HSIN)
postings, Sector Coordinating Council (SCC) and the Government
Coordinating Council (GCC) network, monthly calls with industry
advisory groups, Security Awareness Messages, briefings through
Field Intelligence Officers, Information Sharing and Analysis
Centers' (ISAC) incident summaries, Transit and Rail Incident
Awareness Daily (TRIAD) for industry stakeholders, and Daily
Open Source Cyber Reports (distributed through the ISACs).
Grant Funding.--TSA advises Federal Emergency Management
Agency (FEMA) for DHS grants in the Transit Security Grant
Program (TSGP), Intercity Passenger Rail Security Grant Program
(Amtrak), and Intercity Bus Security Grant Program (IBSGP), and
develops risk-based funding priorities on security initiatives
in surface transportation. Grant funding has declined since its
peak in fiscal year 2009, and recipients of these funds
therefore focus mainly on maintaining and sustaining existing
capabilities, including operational deterrence (``boots on the
ground'').
Drills and Exercises.--TSA's Intermodal Security Training
and Exercise Program (I-STEP) supports exercises which are
regional in scope involving agency representation at the
Federal, State, and local levels. A relatively new feature to
the TSA exercise layer is a ``Design-It-Yourself'' exercise
program named Exercise Information System (EXIS), which allows
TSA to support individual agencies which design their own
exercises on a smaller scale while using fewer resources than
I-STEPs require.
Training.--Each of TSA's subject-matter experts in the
surface modes of transportation either has developed or is
developing handbooks and guides containing important risk-
reduction information for industry use. Through joint efforts
with our industry stakeholders, DVDs and videos have been
produced addressing such subjects as sabotage and potential
threats in their operating environment. For example, the TSA
First ObserverTM program trains highway
professionals to observe, assess, and report potential security
and terrorism incidents.
Technical Assistance.--This includes vulnerability
assessments, guidance documents such as Security Information
Bulletins, Lessons Learned, Recommended Practices, Protective
Measures, the Security Measures and Resources Toolbox
(SMARToolbox), Best Practices, and Standards.
Baseline Assessment for Security Enhancement (BASE).--TSA
uses its Transportation Security Inspectors--Surface (TSI-S) to
conduct BASE reviews on mass transit, passenger rail, and over-
the-road bus systems. These reviews provide a comprehensive
overview and evaluation of security programs in critical
surface transportation systems across the country. The results
of these assessments inform the development of risk mitigation
priorities, security enhancement programs, and resource
allocations, including funding priorities for the TSGP.
Visible Intermodal Prevention and Response (VIPR) teams.--
TSA deploys VIPR teams--consisting of teams of Federal Air
Marshals, Behavior Detection Officers, Transportation Security
Specialists--Explosives, Transportation Security Inspectors and
Canine teams--across the United States, in close coordination
with local security and law enforcement officials, to augment
the security of transportation systems.
Through these programs, and others, TSA is efficiently utilizing
available resources to ensure that surface transportation
system owners and operators have the support and tools they
need to raise and maintain their baseline levels of security.
Question 5c. Is there any indication that terrorists are targeting
other transportation systems such as the Nation's rail system?
Question 5d. How would you assess the vulnerability of the Nation's
transportation systems such as the Nations' rail system to attacks by
home-grown terrorists?
Answer. TSA is not aware of any credible threat reporting against
U.S. rail systems at this time, despite the FBI's recent arrest of a
police officer with the Washington, DC, Metro Transit Police Department
on charges of attempting to provide material support to a designated
foreign terrorist organization. In fiscal year 2016, the Transportation
Security Administration (TSA) conducted more than 2,400 Visible
Intermodal Prevention and Response (VIPR) operations at mass transit,
passenger rail, and freight rail locations in coordination with law
enforcement and transportation system stakeholders. These VIPR
operations mitigate terrorist risk by augmenting the security layers of
these stakeholder partners. TSA's Office of Intelligence and Analysis
made more than 300 intelligence engagements with freight rail and
public transportation stakeholders (out of approximately 800 total
engagements with all transportation stakeholders), including
organizations such as the American Public Transportation Association
and the Association of American Railroads. During these engagements,
TSA intelligence analysts provided these stakeholders information about
current tactics, techniques, and procedures used by terrorists in their
attacks on these surface transportation modes world-wide. TSA uses a
variety of information to provide this analysis, including intelligence
and open-source reporting, and reviews of attacks against freight rail
and public transportation systems.
Vulnerability of rail systems is very much dependent upon the
particular location and operational purpose of the asset. TSA continues
to engage with rail system operators to discuss the current threats and
tradecraft being utilized by terrorists, as well as to collaboratively
build a comprehensive, multi-layered program for securing these surface
modes of transportation. On-going communication and information sharing
among TSA and rail security coordinators and other stakeholders ensures
existing vulnerabilities are actively mitigated and emerging threats
are addressed. Many of the programs and resources already implemented
and in place to support anti-terrorism activities also inherently
address the risk of home-grown violent extremism.
Question 6a. Recently, the inspector general released a report
detailing how certain 9/11 Act mandates have yet to be completed by
TSA. Among these mandates is are the issuance of regulations to assign
risk tiers to carriers, as well as establishing front-line training
requirements for employees.
When, in your estimation, will TSA issue guidance for these
regulations to be finalized?
Answer. Completing the 9/11 Act regulatory requirements for surface
transportation is, a priority for the TSA and DHS. The administrator of
TSA has made his commitment to seeing these mandates through to
completion in communications with both Congress and his staff. As noted
below, TSA has a clear plan for ensuring it continues to make progress.
Security Training.--As of July 12, 2016, a proposed rule to
meet the security training requirements is with the Office of
Management and Budget (OMB) for review and clearance to
publish.
Vulnerability Assessments and Security Planning (VASP).--TSA
intends to issue an Advance Notice of Proposed Rulemaking
(ANPRM) to solicit sufficient data regarding the security
measures industry currently employs as well as the potential
impact of regulations on operations. This data is necessary to
comply with minimum standards established by the OMB under
Executive Order 12866, and related OMB guidance, which include
conducting a robust analysis of the existing baseline of
persons potentially affected by a proposed rule.
Employee Vetting.--TSA intends to address the vetting
requirements (threat assessment and immigration check) through
a rulemaking to be published in sequence with the other surface
security-related rulemakings (the rulemaking for security
training will set the applicability and structure for all of
the other related rulemakings). TSA has already satisfied the
requirements of Sections 1414 and 1522 of the 9/11 Act, having
published an Interim Final Rule on False Statements Regarding
Security Background Checks (see 73 FR 44665) and issued various
guidance documents (see, e.g., TSA's February 2007 updates to
its recommended security action items for the highest-risk
freight railroads, and background check practices published by
the American Public Transportation Association in conjunction
with TSA in 2011). TSA intends for all future rulemakings,
including the surface employee vetting rule described above, to
be consistent with the standards articulated in Sections 1414
and 1522.
There are a number of external factors impacting the development of
regulations that are unpredictable and outside of the agency's control,
therefore it is not possible to provide more detailed estimates for
publications of these regulations at this time.
Question 6b. Please detail for us the changes you implemented
regarding procedures for the workforce, technology, and standard
operating procedures to the extent that you can in this setting.
Answer. The Transportation Security Administration (TSA) has
implemented a number of steps to address the issues raised in 2015 by
the Department of Homeland Security (DHS) Office of the Inspector
General (OIG) covert testing. These steps include initiatives to ensure
leadership accountability, improve alarm resolution, increase
effectiveness and deterrence, increase threat testing to sharpen
officer performance, strengthen operating procedures and technology,
and enhance training. This included a root cause analysis that
identified multiple areas for improvement, and TSA is mitigating those
areas through program action plans. All of the actions I directed in
the 10-Point Plan I gave to Administrator Neffenger are currently on-
schedule or completed.
Question 7. Recent events have shown us that terrorists overseas
continue to exploit security vulnerabilities to do harm to the
commercial aviation sector. Last February, an aircraft originating from
Mogadishu, Somalia was the target of an attempted attack. A terrorist
was able to detonate a bomb concealed within a laptop, killing himself
and injuring two others. Had the altitude been higher, the plane would
have been destroyed. Last October, a flight originating from Sharm El
Sheikh International Airport was destroyed midflight due to a reported
bomb. Although not last points of departure to the United States, these
attacks serve as reminders that we need to ensure that planes
originating from foreign countries bound for the United States are as
secure as possible. Please detail for us DHS and TSA's role in
assessing last-point-of-departure airports and ensuring they meet all
appropriate security standards.
Has the certification of Cuba as a last-point-of-departure airport
differed from the process that is used for other last-point-of-
departure airports?
Answer. The certification of Cuba's last-point-of-departure
airports does not differ from the process that is used for other last-
point-of-departure airports. Under Title 49 of the United States Code
the Secretary of the Department of Homeland Security (DHS) is required
to assess security at all foreign airports served by U.S. aircraft
operators as well as at foreign airports serving as Last-Point-of-
Departure (LPD) locations for foreign air carriers using the security
standards adopted by the International Civil Aviation Organization
(ICAO).
DHS has delegated responsibility for foreign airport security
assessments to the Transportation Security Administration (TSA). DHS,
particularly through its operational components and working closely
with our United States Government interagency partners, plays a key
role in the U.S.-Cuba relationship by securing flows of people between
the United States and Cuba. In DHS headquarters, the Office of Policy
assists the operators, like TSA and Customs and Border Protection, by
providing coordination across the Department and with the Federal
interagency partners, ensuring that the work of the components of the
Department and their missions represent a unified effort.
Consistent with the regulations at 49 C.F.R. � 1544.3 and 1546.3,
TSA evaluates the effectiveness of security measures maintained at
foreign locations through assessments of foreign airports and
inspections of air carriers that operate from those airports. To
evaluate the security of the airports, TSA's Transportation Security
Specialist use the Standards and Recommended Practices contained in
Annex 17 to the Convention on International Civil Aviation adopted by
ICAO. TSA conducts inspections of both U.S. and foreign airlines with
direct service to the United States. These inspections are based on
TSA-issued Standard Security Programs. The certification of Cuba's
last-point-of-departure airports does not differ from the process that
is used for other last-point-of-departure airports.
Question 8. In June 2015, the inspector general released a report
detailing how aviation workers with links to terrorism were not vetted
due to TSA not having access to certain watchlisting information.
Earlier this year, we learned that TSA would receive the additional
information to ensure that this does not happen again. Are you certain
that TSA has all watchlisting information needed to thoroughly vet
individuals in accordance with their responsibilities?
Answer. Following the June 2015 Inspector General report, the
Transportation Security Administration (TSA), with the Department of
Homeland Security, began receiving on an automated basis additional
records in the Terrorist Identities Datamart Environment (TIDE). This
information supplements TSA's current use of the Terrorist Screening
Database (TSDB). In addition to containing records of individuals in
the TSDB, TIDE provides information on individuals who have links to
terrorists, terrorism, or terrorist activity, but who have not met the
reasonable suspicion standard necessary to be nominated to the TSDB
(the ``Watch List''). Having automated access to this data makes it
possible for TSA to make more informed Security Threat Assessment
decisions for individuals seeking access to critical and sensitive
transportation infrastructure.
TSA began automated receipt of non-U.S. citizen data at the end of
February 2016 and in June 2016, the National Counterterrorism Center
(NCTC) provided the first monthly manual transfer of U.S. citizen data.
Following the completion of the on-going technical changes across
multiple agencies' systems necessary to support automated transfer of
these records, TSA anticipates receiving the U.S. citizen data on an
automated basis in late 2016.
Question 9. During the hearing, in response to a question from
Representative Katko, you seemed to indicate that you were in agreement
with the provision in his bill that would require an audit from the
General Accountability Office before commercial air service could begin
between Cuba and the United States. That would seem to be inconsistent
with recent actions by the Department of Transportation, and your own
Transportation Security Administration, to commence direct flights as
soon as possible. Please clarify.
Answer. During the hearing it was unclear that Representative Katko
suggested that the GAO review occur prior to commercial flights from
Cuba. The assessments undertaken by TSA in conjunction with other
Federal agencies are highly rigorous. We thoroughly respect the work of
GAO, but do not agree that a GAO review prior to the commencement of
scheduled commercial flights to Cuba is necessary or advisable.
Question 10. Is Federal Air Marshal presence a prerequisite for
last-point-of-departure flights? To your knowledge, does an agreement
for Federal Air Marshals exist for charter flights from Cuba to the
United States currently, and if so, is such an agreement being pursued
for scheduled flights?
Answer. The Federal Air Marshal Service (FAMS) is an important
component of our multilayered aviation security but FAMS presence is
not a prerequisite for last-point-of-departure flights. FAMs are
deployed using a risk-based model.
My staff is available to discuss arrangements that have been mode
with respect to FAMS presence on commercial flights to Cuba.
Question 11. Are you confident that TSA, DOT, and other agencies
have been doing/are currently undertaking the due diligence necessary
to ensure that scheduled travel from Cuba to the United States are
secure?
Answer. Yes. TSA is coordinating with the Department of
Transportation (DOT) and the Institute of Civil Aeronautics of Cuba
(IACC) to ensure that security for forthcoming scheduled air service
between our countries meets TSA's requirements as well as the high
security expectations of the U.S. traveling public. For the past 5\1/2\
years, TSA and IACC have enjoyed a strong, professional relationship.
During this period, IACC has responded favorably to the aviation
security initiative proposed by TSA. DHS has conducted 37 airport
assessments and air carrier inspections at Cuba's Last Point of
Departure airports, with additional visits scheduled through the end of
the calendar year. Through these assessments, DHS has determined that
all of Cuba's airports serving the United States and all air carriers
meet relevant international and United States security requirements.
social media in traveler vetting
Question 12a. Recently, U.S. Customs and Border Protection
published a notice asking for public comment on the addition of a
request for Visa Waiver Program travelers' social media identifiers as
part of Electronic System for Travel Authorization (ESTA) applications
and I-94W arrival and departure forms. The notice indicates that
providing this information would be optional, and that collection this
type of data ``will enhance the existing investigative process'' and
``provide DHS greater clarity and visibility to possible nefarious
activity and connections.''
Can you please explain how this data will be used to enhance the
screening of foreign travelers?
Answer. If an applicant chooses to answer this question, DHS will
have timely visibility of the publicly-available information on those
platforms, consistent with the privacy settings the applicant has set
on the platforms. Highly-trained CBP personnel may review publicly
available social media information as an additional data point to
assist in CBP's vetting of an ESTA application. Information found in
social media may be used to validate legitimate travel and to help
identify potential threats. The information will not be used to prevent
travel based on an applicant's political views, race, ethnicity, or
religion.
Question 12b. How is DHS going to authenticate or confirm that the
social media identifiers are truly associated with the person seeking
to enter the United States?
Answer. CBP conducts thorough research of applicants and uses
multiple tools to support positive identification of applicants in
social media. Each case is reviewed individually and, after a careful
review, a determination is made based on the totality of the
circumstances.
Question 12c. Will these identifiers be protected in a similar way
as other personally identifiable information?
Answer. Yes, social media identifiers will be safeguarded in the
same manner as all other personally identifiable information (PII)
collected through the Electronic System for Travel Authorization (ESTA)
application. In addition, DHS will publish an updated Privacy Impact
Assessment (PIA) and System of Record Notice (SORN) associated with
enhancements to the ESTA application questionnaire, including the
addition of an optional field for social media usernames or identifiers
for all ESTA applicants.
vulnerability of ``soft targets''
Question 13. The tragic mass shooting in Orlando and the
sophisticated, coordinated attacks at the airport in Istanbul remind us
how vulnerable soft targets often are. How do your agencies coordinate
to ensure that owners and operators of sports stadiums, movie theaters,
schools, and other soft targets have the information and guidance they
need to secure their facilities?
Answer. The National Protection and Programs Directorate (NPPD)
Office of Infrastructure Protection (IP) serves as the Sector-Specific
Agency (SSA) of the Commercial Facilities Sector, one of 16 critical
infrastructure sectors, which includes a diverse range of sites that
draw large crowds of people for shopping, business, entertainment, or
lodging. Facilities within this sector operate on the principle of open
public access, meaning that the general public can move freely without
the deterrent of highly visible security barriers. Since its inception,
in its role as SSA for the Commercial Facilities Sector, IP has
aggressively coordinated with these private-sector owners and
operators, both during an incident and steady-state operations.
During times of targeted threat or heightened security posture, or
when there are issues necessitating a private-sector perspective, IP
follows its ``Coordination Plan for Targeted Threat and Security
Engagements.'' The plan, which is implemented for both Classified and
Unclassified engagements, facilitates the rapid convening of private-
sector partners and other critical infrastructure stakeholders. This
capability aims to advance IP's ability to share Classified information
remotely, as opposed to only convening meetings in the National Capital
Region.
During domestic incidents such as the events in Orlando, or
following foreign attacks such as those in Paris, IP, in coordination
with the Office of Intelligence & Analysis and frequently the Federal
Bureau of Investigation, also rapidly convenes its sector and other
State, local, Tribal, and territorial partners for information-sharing
calls at the FOUO level. These calls consist of a threat briefing, a
status update, suggested protective measures, and an open forum
discussion for partners to provide a quick, comprehensive snapshot of
their sector or industries' activities.
During steady state, IP works with partners on a number of programs
that educate the Commercial Facilities Sector partnership base,
stakeholders, and the general public on suspicious behavior, protective
measures, and risk mitigation. Broad programs include the ``If You See
Something, Say SomethingTM'' campaign, the ``Hometown
Security'' campaign, and the Active Shooter Preparedness Program. In
addition, IP has produced and distributed a number of other resources,
including:
Suspicious Activity training videos;
On-line Training Courses (Active Shooter, Surveillance
Awareness, Insider Threat);
Protective Measures Guides; and;
Specialized guides (Evacuation Planning, Patron Screening,
Bag Search).
In addition, the Interagency Security Committee (ISC) released
Planning and Response to an Active Shooter: An ISC Policy and Best
Practices Guide as an FOUO document in July 2015. The publication is
divided into two parts: First, a new policy requirement for all
nonmilitary Federal facilities within the Executive branch of the
Government; second, a set of best practices and recommendations (not
policy requirements) to assist with implementing the active-shooter
policy. The ISC published a non-FOUO version of the same document in
November 2015 to ensure availability and visibility by a much broader
audience.
use of social media
Question 14a. We have heard a lot in recent months about how to
enhance and even codify Federal efforts to scrutinize the social media
activity of suspected terrorists. Recently, several of my colleagues
and I hosted a forum on the threat of domestic anti-Government groups.
We heard testimony from advocates like the Southern Poverty Law Center
and others, that domestic terrorist organizations are recruiting and
spreading their message in much the same way as ISIS--through internet
forums and social media campaigns.
How are the agencies you represent monitoring the on-line
activities of domestic terror groups?
Answer. DHS does not provide constant monitoring of on-line
activities; However, should there be a validated collection requirement
targeting specific information about a domestic terrorist organization,
relevant DHS components would target this organization for collection.
This would include periodic reviews of publically-available information
related to the organization for the purpose of answering the targeted
collection requirement until that requirement expires or is cancelled
by the organization requesting the collection.
Question 14b. Are your methods different from those used to screen
for individuals who may be influenced by foreign, overseas terrorist
organizations?
Answer. Social media can provide the Department with critical
information related to the execution of our mission. The Department
uses social media in a number of ways, both foreign and domestic, which
we have expanded in recent years. Today, social media is used for over
30 different operational or investigative purposes by U.S. Customs and
Border Protection, U.S. Immigration and Customs Enforcement, U.S.
Citizenship and Immigration Services, Transportation Security
Administration, Federal Emergency Management Agency, other DHS
components and offices. Operational uses are consistent with
Departmental authorities and included research, watch and warning,
screening and vetting, investigations and personnel security.
Questions From Honorable Loretta Sanchez for Honorable Jeh C. Johnson
Question 1a. Thank you Mr. Chairman, and thank you for joining us,
Secretary Johnson and Directors Rasmussen and Comey. Secretary Johnson,
in March you came before our committee and we discussed the Countering
Violent Extremism mission. I am happy to see that since then the
Department of Homeland Security noticed the new Countering Violent
Extremism Grant Program to loop in non-profits and community
organizations in the fight against terror. I agree with the notion that
we should have a local community-based component to our CVE mission,
and I think this will compliment your great work in finding innovative
ways to address the evolving threat environment.
As we continue to see efforts to break down informational silos
across the State and Federal level, will there be greater opportunity
for information sharing between State and Federal partners?
Question 1b. Will there be more information sharing with State
fusion centers regarding high-level threat actors and operations?
Answer. The U.S. Department of Homeland Security (DHS) takes very
seriously our mission to equip the Homeland Security Enterprise (HSE),
which includes State, local, Tribal, territorial (SLTT) and private-
sector partners, with timely intelligence and information sharing. At
DHS, the Office of Intelligence and Analysis (I&A) is the intelligence
community element statutorily charged with delivering intelligence to
SLTT and private-sector partners, and also sharing information from
those partners with the Department and the IC. As such, I&A is
responsible for ensuring SLTT and private-sector partners can
expeditiously access the capabilities, resources, and expertise of the
Department and serve as full participants in the HSE. I&A deploys 100
personnel to State and major urban area fusion centers and other
strategic locations Nation-wide in support of SLTT and private-sector
partners. The mission of I&A field personnel is to engage SLTT and
private-sector partners to facilitate the intelligence cycle at the
local level by: (1) Building relationships and providing intelligence
and information-sharing support, (2) conducting intelligence
collections and reporting, and (3) producing intelligence analytic
products.
I&A integrates information collected every day across DHS and from
our SLTT partners into our analysis. We continue to make progress and
aggressively work to overcome barriers to information sharing as we
bring SLTT information into the IC, and share IC information with our
SLTT and private-sector partners. In 2015, we launched the Field
Analysis Report (FAR), a new analytical product that incorporates views
and assessments from SLTT partners to provide local, State-wide, and
regional perspective to National strategic intelligence issues.
In addition, our new data cloud initiative, the DHS Data Framework,
is pulling in the most critical data sets of the Department to enhance
data sharing across the DHS Intelligence Enterprise and fill critical
gaps across the IC and with our SLTT and private-sector partners. At
the same time, we continue to deepen our relationships with our SLTT
and private-sector partners through our support of the National Network
of Fusion Centers with personnel, training, Federal grants, security
clearances, and Classified systems access, which allow DHS to better
share information regarding threats. DHS is actively executing an
information-sharing environment where Federal, SLTT, and private-sector
partners can seamlessly share and access information, with appropriate
protections, in real time.
Question 1c. If a State wants to enforce a higher level of
cybersecurity standards than those that are adopted at the Federal
level, is DHS committed to supporting such efforts?
Answer. Yes. While the Department of Homeland Security leads a
National effort to protect and enhance the resilience of the Nation's
physical and cyber infrastructure, individual States are in the
position to select a risk posture that best suits the State, and use
tailored cybersecurity programs, with support from the Federal level.
One resource States use is the National Institute of Standards and
Technology Cybersecurity Framework, the current guidance document for
cybersecurity best practices. As codified under Executive Order 13636,
DHS supports and promotes use of the Cybersecurity Framework a flexible
tool adaptable to unique circumstances, recognizing that the majority
of threat actors can be stopped by implementation of best practices in
cybersecurity. As a supplementary resource, in DHS's voluntary Nation-
wide Cyber Security Review, the questions for consideration align to
the Framework. The Framework uses international-recognized consensus-
based standards, and we would encourage States to build their policies
on similar globally-accepted standards and practices.
DHS supports a range of efforts by States to increase cybersecurity
preparedness, but recognizes that limited resources can be an issue. To
address State resourcing, FEMA provides State and local governments
with preparedness program funding in the form of Non-Disaster Grants to
build, sustain, and deliver core capabilities essential to achieving
the National Preparedness Goal of a secure and resilient Nation. The
building, sustainment, and delivery of these core capabilities requires
the combined effort of the whole community, rather than the exclusive
effort of any single organization or level of government. States are
encouraged to include cybersecurity preparedness into their decisions
when determining best use of this grant money.
Additionally, to support the cyber workforce at the State level,
the Scholarship for Service program is designed to increase and
strengthen the cybersecurity workforce that protects the Government's
critical information infrastructure. The program provides scholarships
for college and graduate students studying cybersecurity. These
scholarships are now eligible for service agreements in not only
Federal service, but in State, local, or Tribal government
organizations; yet the program is Federally-funded.
Question 2. As new transit modes such as the California High Speed
Rail or the Orange County Streetcar come on-line what steps should
agencies take or what guidance should they follow to ensure the
supporting systems are safe from cyber attack?
Answer. To better support SLTT work and provide technical expertise
and outreach, DHS provides four primary initiatives: Funding the MS-
ISAC, offering voluntary risk assessments, holding cybersecurity
exercises, and offering incident response assistance. The MS-ISAC is
the DHS-designated Information Sharing and Analysis Center (ISAC) for
all SLTT governments. The MS-ISAC supports SLTT governments by
providing education and awareness, a 24�7 security operations center,
and technical expertise in malware analysis, forensic analysis, and
incident response/mitigation. The MS-ISAC acts as a force-multiplier
for DHS in reaching out to the tens of thousands of SLTT governments
across the country. These activities may be relevant to mass public
transit lines as well.
Moreover, DHS' NCCIC shares information among public and private-
sector partners to build awareness of vulnerabilities, incidents, and
mitigations. Cyber and industrial control systems users can subscribe
to information products, feeds, and services at no cost. These
resources can be found at: https://www.us-cert.gov/ncas and https://
ics-cert.us-cert.gov/. Additionally, we encourage critical
infrastructure owners and operators, such as public transportation
operators in question, to adopt best practices by implementing the
Cybersecurity Framework. Industry-led information-sharing analysis
organizations or centers (ISAOs/ISACs) can be a powerful resource for
industry-specific information sharing and best practices.
Question 3. I have spoken with the Orange County Transit Authority,
which is located in my district. OCTA and other nearby public agencies
that support critical infrastructure are constantly under cyber attack
and they want to know what they can do to provide meaningful attack
information to fusion centers or other law enforcement that will help
reduce the overall cyber threat?
Answer. Agencies such as Orange County Transit Authority (OCTA)
have a number of options available to reduce cyber risk. To help
transit agencies better understand and utilize services provided by the
Department of Homeland Security, the Department is deploying Cyber
Security Advisors (CSA) across the country. A CSA is currently assigned
to the Los Angeles/Orange County area. OCTA and other local government
partners can reach out to [email protected] to be connected to
their local CSA. For example, one key area where CSAs can assist is to
increase organizations' ability to prepare for disruptions and
successfully manage them should they occur. DHS's CSAs can help
organizations build these kinds of capabilities by providing resources
like the Cyber Resilience Review, among others.
Information sharing is a key part of the Department of Homeland
Security's mission to create shared situational awareness of malicious
cyber activity. DHS's National Cybersecurity and Communications
Integration Center (NCCIC) is a 24�7 cyber situational awareness,
incident response, and management center that is a National nexus of
cyber and communications integration for the Federal Government,
intelligence community, and law enforcement. As provided by the
Cybersecurity Act of 2015 (Pub. L. 114-113, Division N), DHS serves as
the Government's central hub for automated cyber threat indicator
sharing. By participating in the Automated Indicator Sharing (AIS)
initiative, organizations receive machine-readable cyber threat
indicators to immediately detect and block cybersecurity threats.
An entity that is a victim of a cyber incident can receive
assistance from Federal agencies, which are prepared to investigate an
incident, mitigate its consequences, and help prevent future incidents.
For example, Federal law enforcement agencies have highly-trained
investigators who specialize in responding to cyber incidents for the
express purpose of disrupting threat actors who caused the incident and
preventing harm to other potential victims. In addition to law
enforcement, other Federal responders provide technical assistance to
protect assets, mitigate vulnerabilities, and offer on-scene response
personnel to aid in incident recovery. When supporting affected
entities, the various agencies of the Federal Government work in tandem
to leverage their collective response expertise, apply their knowledge
of cyber threats, preserve key evidence, and use their combined
authorities and capabilities both to minimize asset vulnerability and
bring malicious actors to justice.
Entities experiencing cyber incidents are encouraged to report a
cyber incident to the National Cybersecurity and Communications
Integration Center. local field offices of Federal law enforcement
agencies, their sector-specific agency, or any of the Federal agencies
including the Federal Bureau of Investigation (FBI), the National Cyber
Investigative Joint Task Force, the United States Secret Service, or
United States Immigration and Customs Enforcement Homeland Security
Investigations. The Federal agency receiving the initial report will
coordinate with other relevant Federal stakeholders in responding to
the incident.
Question 4. There are numerous public and private resources that
provide information on cyber threats. What should smaller to mid-size
agencies do to filter out the noise and focus on actionable
information?
Answer. DHS is working to promote a strong cyber ecosystem that
will shape the information technology market so that systems are more
secure, to include researching vulnerabilities, driving developers to
implement best practices, and developing standards to foster a market
for interoperable security products that will enable small and medium
agencies to better secure themselves. DHS also provides threat
intelligence products tailored to the needs of Federal network
defenders to identify the most significant threats. To help State,
local, Tribal, and territorial (SLTT) governments, DHS has created a
packet of resources specially designed to help them recognize and
address their cybersecurity risks. These resources have been aligned to
the five Cybersecurity Framework Function Areas. Additional information
can be found at: https://www.us-cert.gov/ccubedvp/sltt. In addition to
aligning activities to the Cybersecurity Framework, and subscribing to
alerts published by the Department of Homeland Security, State
government agencies may choose to participate in the DHS-funded Multi-
State Information Sharing and Analysis Center (MS-ISAC) for cyber
threat prevention, protection, response, and recovery information
targeted to the SLTT governments.