[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]




       EMERGING THREATS AND TECHNOLOGIES TO PROTECT THE HOMELAND

=======================================================================

                                HEARING

                               before the

                            SUBCOMMITTEE ON
                     CYBERSECURITY, INFRASTRUCTURE
                        PROTECTION, AND SECURITY
                              TECHNOLOGIES

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             FIRST SESSION

                               __________

                           FEBRUARY 12, 2015

                               __________

                            Serial No. 114-3

                               __________

       Printed for the use of the Committee on Homeland Security
                                     

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                                   

      Available via the World Wide Web: http://www.gpo.gov/fdsys/
                                     ______

                         U.S. GOVERNMENT PUBLISHING OFFICE 

94-107 PDF                     WASHINGTON : 2015 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001
                            
      
 
 
 
 
 
 
 
 
 
 
      

                               __________

                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Candice S. Miller, Michigan, Vice    James R. Langevin, Rhode Island
    Chair                            Brian Higgins, New York
Jeff Duncan, South Carolina          Cedric L. Richmond, Louisiana
Tom Marino, Pennsylvania             William R. Keating, Massachusetts
Steven M. Palazzo, Mississippi       Donald M. Payne, Jr., New Jersey
Lou Barletta, Pennsylvania           Filemon Vela, Texas
Scott Perry, Pennsylvania            Bonnie Watson Coleman, New Jersey
Curt Clawson, Florida                Kathleen M. Rice, New York
John Katko, New York                 Norma J. Torres, California
Will Hurd, Texas
Earl L. ``Buddy'' Carter, Georgia
Mark Walker, North Carolina
Barry Loudermilk, Georgia
Martha McSally, Arizona
John Ratcliffe, Texas
                   Brendan P. Shields, Staff Director
                    Joan V. O'Hara,  General Counsel
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director
                                 ------                                

SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION, AND SECURITY 
                              TECHNOLOGIES

                    John Ratcliffe, Texas, Chairman
Peter T. King, New York              Cedric L. Richmond, Louisiana
Tom Marino, Pennsylvania             Loretta Sanchez, California
Steven M. Palazzo, Mississippi       Sheila Jackson Lee, Texas
Scott Perry, Pennsylvania            James R. Langevin, Rhode Island
Curt Clawson, Florida                Bennie G. Thompson, Mississippi 
Michael T. McCaul, Texas (ex             (ex officio)
    officio)
                  Vacant, Subcommittee Staff Director
                    Dennis Terry, Subcommittee Clerk
       Christopher Schepis, Minority Subcommittee Staff Director
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable John Ratcliffe, a Representative in Congress From 
  the State of Texas, and Chairman, Subcommittee on 
  Cybersecurity, Infrastructure Protection, and Security 
  Technologies:
  Oral Statement.................................................     1
  Prepared Statement.............................................     2
The Honorable Cedric L. Richmond, a Representative in Congress 
  From the State of Louisiana, and Ranking Member, Subcommittee 
  on Cybersecurity, Infrastructure Protection, and Security 
  Technologies:
  Oral Statement.................................................     3
  Prepared Statement.............................................     5
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Oral Statement.................................................     5
  Prepared Statement.............................................     7

                               Witnesses

Mr. Andy Ozment, Assistant Secretary, Office of Cybersecurity and 
  Communications, National Protection and Programs Directorate, 
  U.S. Department of Homeland Security:
  Oral Statement.................................................     8
  Prepared Statement.............................................    10
Ms. Huban A. Gowadia, Director, Domestic Nuclear Detection 
  Office, U.S. Department of Homeland Security:
  Oral Statement.................................................    15
  Prepared Statement.............................................    16
Mr. Joseph F. Martin, Acting Director, Homeland Security 
  Enterprise and First Responders Group, Science and Technology 
  Directorate, U.S. Department of Homeland Security:
  Oral Statement.................................................    24
  Prepared Statement.............................................    26
Mr. William Noonan, Deputy Special Agent in Charge, Criminal 
  Investigative Division, U.S. Secret Service:
  Oral Statement.................................................    31
  Prepared Statement.............................................    33
Mr. William Painter, Analyst, Government and Finance Division, 
  Congressional Research Service, Library of Congress:
  Oral Statement.................................................    36
  Prepared Statement.............................................    37

                                Appendix

Questions From Ranking Member Bennie G. Thompson for Andy Ozment.    53
Questions From Hon. James R. Langevin for Andy Ozment............    53

 
       EMERGING THREATS AND TECHNOLOGIES TO PROTECT THE HOMELAND

                              ----------                              


                      Thursday, February 12, 2015

             U.S. House of Representatives,
                    Committee on Homeland Security,
 Subcommittee on Cybersecurity, Infrastructure Protection, 
                                 and Security Technologies,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 2:37 p.m., in 
Room 311, Cannon House Office Building, Hon. John Ratcliffe 
[Chairman of the subcommittee] presiding.
    Present: Representatives Ratcliffe, Palazzo, Clawson, 
Richmond, Langevin, and Thompson.
    Mr. Ratcliffe. The Subcommittee on Cybersecurity, 
Infrastructure Protection, and Security Technologies will come 
to order.
    The subcommittee meets today to exam critically important 
components within the Department of Homeland Security and to 
provide each of them an opportunity to give Members an update 
on the current state of affairs and direction moving forward, 
which will help inform this subcommittee's future oversight and 
legislative efforts.
    Given the recent alarming terrorist attacks in Paris, the 
increase in violent extremist activity across Europe, and the 
increase in cyber attacks from nation-state and organized 
criminal actors, it is important that each of these components 
rise to the challenge and meet these threats.
    Yesterday, the full committee heard from both the law 
enforcement and intelligence communities about the rising 
threat of foreign fighters and the risk from individuals who 
have traveled and trained with ISIS or other extremist groups 
in Syria and Iraq.
    The National Protection and Programs Directorate is charged 
with the protection of our Nation's critical infrastructure in 
both the cyber and physical security realms. Cyber attacks and 
breaches against our Government agencies and critical 
infrastructure have grown exponentially, and the capabilities 
of our adversaries are becoming more advanced. As we have seen 
over the past few months with the hack of Sony Pictures and 
last week's breach of health insurance giant Anthem, these 
attacks are becoming the norm, and they are increasing in their 
sophistication.
    The National Cybersecurity Communications and Integration 
Center, or NCCIC, within the NPPD is the leading the effort to 
prevent, detect, and mitigate cyber attacks against critical 
infrastructure, Federal agencies, and the private sector. The 
NCCIC's mission is a critical civilian component in the sharing 
of threat information between the Government and the private 
sector.
    The United States Secret Service also plays an important 
role in the sharing of cyber threat information through the 
NCCIC and back out to the private sector to help prevent and 
mitigate future attacks. The Secret Service Criminal 
Investigation Division investigates cyber crime cases involving 
financial breaches, such as the Target and Home Depot 
intrusions. The Secret Service also trains hundreds of State 
and local law enforcement officers, prosecutors, and judges in 
the field of computer forensics and digital evidence-handling 
techniques through its National Computer Forensics Institute.
    The Domestic Nuclear Detection Office within DHS is 
responsible for detecting and deterring illicit nuclear and 
radiological material from entering the United States. While 
DNDO is the lead agency within the United States Government for 
coordinating these efforts, it works hand-in-hand with other 
DHS components, including TSA, Customs and Border Protection, 
State and local law enforcement, and the intelligence 
community. DNDO works with these partners to provide them with 
the technology, training, and best practices to ensure the 
interdiction of radiological or nuclear material before it can 
enter the United States.
    While DNDO had previously experienced some stumbles along 
the way, under the current leadership of Dr. Gowadia it has 
become one of the best-functioning components within the 
Department of Homeland Security.
    DNDO also works closely with the Science and Technology 
Directorate to further its mission. S&T is the primary research 
and development arm of DHS, and it manages science and 
technology research, development, and acquisition for the 
Department's operational components and first responders.
    S&T has also experienced difficulties since its creation, 
some of which it is still grappling with today. These have 
included poor outreach efforts, inconsistent coordination with 
other DHS components, and a lack of clear research and 
development definitions. I know that S&T's director, Dr. 
Reginald Brothers, has been working to correct some of these 
issues over the past year, but it does concern me that some of 
these more basic issues have yet to be corrected. I am very 
much looking forward to working with Dr. Brothers and his staff 
to move the directorate forward.
    I look forward to hearing from each of you that are here on 
today's panel about the current state of affairs and the 
anticipated future direction of each of your vital components. 
I am certain that Ranking Member Richmond and the other Members 
of the subcommittee also look forward to working with you and 
providing oversight and legislative solutions where 
appropriate.
    [The statement of Chairman Ratcliffe follows:]
                  Statement of Chairman John Ratcliffe
                           February 12, 2015
    The subcommittee meets today to examine critically important 
components within the Department of Homeland Security and to give each 
of them an opportunity to give Members an update on the current state 
of affairs and direction moving forward, which will help to inform this 
subcommittee's future oversight and legislative efforts.
    Given the recent alarming terrorist attacks in Paris, the increase 
in radical and violent extremist activity across Europe and the 
increase in cyber attacks from nation-state and organized criminal 
actors, it's important that each of these components rise to the 
challenge and meet these threats. Yesterday, the full committee heard 
from the law enforcement and the intelligence communities about the 
rising threat of foreign fighters, and the risks from individuals who 
have traveled and trained with ISIS or other extremist groups in Syria 
and Iraq.
    The National Protection and Programs Directorate is charged with 
the protection of our Nation's critical infrastructure in both the 
cyber and physical security realms. Cyber attacks and breaches against 
our Government agencies and critical infrastructure have grown 
exponentially, and the capabilities of our adversaries are becoming 
more advanced. As we have seen over the past few months with the hack 
of Sony Pictures, and last week's breach of health insurance giant 
Anthem, these attacks are becoming the norm and they're increasing in 
sophistication. The National Cybersecurity Communications and 
Integration Center within NPPD is leading the effort to prevent, 
detect, and mitigate cyber attacks against critical infrastructure, 
Federal agencies, and the private sector. The NCCIC's mission is a 
critical civilian component in the sharing of threat information 
between the Government and the private sector.
    The United States Secret Service plays an important role in sharing 
of cyber threat information through the NCCIC and back out to the 
private sector to help prevent and mitigate future attacks. The Secret 
Service's Criminal Investigative Division investigates cybercrime cases 
involving financial breaches, such as the Target and Home Depot 
intrusions. The Secret Service also trains hundreds of State and local 
law enforcement officers, prosecutors, and judges in the field of 
computer forensics and digital evidence handling techniques through its 
National Computer Forensics Institute.
    The Domestic Nuclear Detection Office within DHS is responsible for 
detecting and deterring illicit nuclear and radiological material from 
entering the United States. While DNDO is the lead agency within the 
United States Government for coordinating these efforts, it works hand-
in-hand with other DHS components including TSA, Customs and Border 
Protection, State and local law enforcement and the intelligence 
community. DNDO works with these partners to provide them with the 
technology, training, and best practices to ensure the interdiction of 
radiological or nuclear material before it can enter the United States. 
While DNDO had previously experienced some stumbles along the way, 
under the current leadership of Dr. Gowadia, it has become one of the 
best functioning components within the Department.
    DNDO also works closely with the Science and Technology Directorate 
to further its mission. S&T is the primary research and development arm 
of DHS, and it manages science and technology research, development, 
and acquisition for the Department's operational components and first 
responders. S&T has also experienced difficulties since its creation, 
some of which it is still grappling with today. These have included 
poor outreach efforts, inconsistent coordination with other DHS 
components, and a lack of clear research and development definitions. I 
know that S&T's director, Dr. Reggie Brothers, has been working to 
correct some of these issues over the past year but it does concern me 
that some of these more basic issues have yet to be corrected. I am 
very much looking forward to working with him and his staff to move the 
directorate forward.
    I look forward to hearing from each of you on the current state of 
affairs and the anticipated future direction of each of your vital 
components. I'm certain that Ranking Member Richmond and the other 
Members of the subcommittee also look forward to working with you and 
providing oversight and legislative solutions where appropriate.

    Mr. Ratcliffe. The Chairman now recognizes the Ranking 
Minority Member of the subcommittee, the gentleman from 
Louisiana, Mr. Richmond, for any statement that he may have.
    Mr. Richmond. Thank you, Mr. Chairman. Mr. Chairman, 
congratulations on assuming the Chair of this important 
subcommittee. Thank you for holding this hearing today on 
programs that are central to our oversight responsibilities.
    I also want to thank the Ranking Member of the full 
committee, Mr. Thompson, for his participation in today's 
hearing and to highlight the tremendous level of expertise and 
experience that the Democrats bring to the subcommittee. In 
addition to the three most senior Democrats of the full 
committee, including Ranking Member Thompson, Ms. Sanchez, and 
Ms. Jackson Lee, we have a past Chairman of this subcommittee, 
Jim Langevin, who has returned to the committee after his term 
on Select Intelligence. Needless to say, we have a very strong 
team.
    In the past, Chairs and Ranking Members of this 
subcommittee have found common ground on vital areas of policy 
that have helped protect our Nation's citizens and have been 
focused on protecting our critical infrastructure. I look 
forward to continuing this tradition of bipartisanship with 
Chairman Ratcliffe.
    My primary focus will be to identify, oversee, and improve 
the authorities within DHS to help them assist our Nation's 
critical infrastructure to find acceptable and achievable 
levels of security from a wide range of man-made threats and 
natural disasters.
    We know that the privately-owned entities that make up the 
Nation's critical infrastructure, including our ports, energy 
networks, chemical manufacturers, transportation and financial 
sectors, and telecommunication providers, are all vital to our 
societal and economic well-being.
    Many constituents know all too well--my constituents know 
all too well what can happen when these systems fail. Ten years 
ago, the destruction of Hurricane Katrina had a debilitating 
impact on National security, economic security, and public 
health and safety. Needless to say, it is in the National 
interest to ensure that such critical infrastructure is 
adequately protected.
    What we do here in Washington affects how firefighters, 
police, EMS technicians, border and maritime security, and 
doctors and nurses protect Americans every day, especially in 
times of disaster. Aside from the physical critical 
infrastructure security issues, both man-made and natural, it 
will be necessary to do all we can to develop a workable cyber 
protection framework for critical-infrastructure entities in 
order to protect the rest of our economy.
    The President put forward a series of legislative proposals 
at the State of the Union that I think are a solid beginning 
for Congress to consider. These proposals would further refine 
and expand the authorities that DHS gained by last year's 
cybersecurity bills that were originated in and passed by this 
subcommittee and full committee, the Senate, and signed by the 
President.
    In closing, I would be remiss if I did not mention the 
looming funding crisis at DHS. Although this crisis is mainly 
manufactured by my friends in the Majority, it is real 
nevertheless. Sixteen days from now, the bulk of DHS's 
management and support for the homeland security enterprise 
will be forced to close due to political gamesmanship.
    We will hear testimony from the Congressional Research 
Service today that will outline the funding scenarios ahead of 
us and their likely impact on the programs that are being 
mentioned before us. I sincerely hope that we will all take 
heed to this sobering testimony and come together to find a 
solution.
    Mr. Chairman, I look forward to working with you on the 
many complex challenges that face our subcommittee.
    Thank you, and I yield back.
    [The statement of Ranking Member Richmond follows:]
             Statement of Ranking Member Cedric L. Richmond
                           February 12, 2015
    Mr. Chairman, congratulations on assuming the Chair of this 
important subcommittee, and thank you for holding this hearing today on 
programs that are central to our oversight responsibilities.
    I also want to thank the Ranking Member of the full committee, Mr. 
Thompson, for his participation in today's hearing and to highlight the 
tremendous level of expertise and experience that the Democrats bring 
to the subcommittee.
    In addition to the three most senior Democrats of the full 
committee including Ranking Member Thompson, Ms. Sanchez, and Ms. 
Jackson Lee, we have a past Chairman of this subcommittee, Jim Langevin 
who has returned to the committee after his term on Select 
Intelligence.
    Needless to say, we have a very strong team.
    In the past, Chairs and Ranking Members of this subcommittee have 
found common ground on vital areas of policy that have helped protect 
our Nation's citizens, and have been focused on protecting our critical 
infrastructure. I look forward to continuing that tradition of 
bipartisanship with Chairman Ratcliffe.
    My primary focus will be to identify, oversee, and improve the 
authorities within DHS to help them assist our Nation's critical 
infrastructure to find acceptable and achievable levels of security 
from a wide range of man-made threats and natural disasters.
    We know that the privately-owned entities that make up the Nation's 
critical infrastructure; including our ports, energy networks, chemical 
manufacturers, transportation and financial sectors, and 
telecommunication providers, are vital to our societal and economic 
well-being.
    My constituents know all too well what can happen when these 
systems fail. Ten years ago, the destruction of Hurricane Katrina, had 
a debilitating impact on National security, economic security, and 
public health and safety. Needless to say, it is in the National 
interest to ensure that such critical infrastructure is adequately 
protected.
    What we do here in Washington affects how firefighters, police, EMS 
technicians, border and maritime security, and doctors and nurses, 
protect Americans every day, especially in times of disaster.
    Aside from the physical critical infrastructure security issues, 
both man-made and natural, it will be necessary to do all we can to 
develop a workable cyber protection framework for critical 
infrastructure entities in order to protect the rest of our economy.
    The President put forward a series of legislative proposals at the 
State of the Union that I think are a solid beginning for Congress to 
consider. These proposals would further refine and expand the 
authorities that DHS gained by last year's cybersecurity bills that 
were originated in, and passed by this subcommittee and full committee, 
the Senate, and signed by the President.
    In closing, I would be remiss if I did not mention the looming 
funding crisis at DHS. Although this crisis is mainly manufactured by 
my friends in the Majority, it is real nevertheless. Sixteen days from 
now, the bulk of DHS's management and support for the homeland security 
enterprise would be forced to close due to political gamesmanship.
    We will hear testimony from the Congressional Research Service 
today that will outline the funding scenarios ahead of us, and their 
likely impact on the programs testifying before us. I sincerely hope 
that we all take heed to this sobering testimony and come together to 
find a solution.
    Mr. Chairman, I look forward to working with you on the many 
complex challenges that face our subcommittee.
    I yield back.

    Mr. Ratcliffe. I thank the gentlemen from Louisiana.
    The Chairman now recognizes the Ranking Minority Member of 
the full committee, the gentleman from Mississippi, Mr. 
Thompson, for any statement that he may have.
    Mr. Thompson. Thank you very much. Likewise, Mr. Chairman, 
welcome. I have been where you are. There is nothing like being 
in charge, trust me.
    I am happy to have our witnesses here today.
    Also, thank you for holding this hearing to discuss the 
developments and activities in the National Protection and 
Program Directorate, the Domestic Nuclear Detection Office, and 
the Science and Technology Directorate, all of which are 
important areas of oversight for this subcommittee.
    I note that we are also to hear testimony today from the 
Cyber Operations Branch of the Secret Service. While I know 
this subcommittee has oversight of cybersecurity issues, 
Chairman McCaul and I agreed in the committee oversight plan 
for the 114th to include oversight of the Secret Service under 
the jurisdiction of the Subcommittee on Oversight and 
Management Efficiency.
    While I am sure we will find the testimony interesting, I 
find it odd that the Service is testifying before a 
subcommittee that does not have oversight responsibilities, 
considering the difficulties the Service has experienced lately 
and the intense scrutiny the Service is under at this moment 
and especially in light of the recent shake-up in senior 
leadership, some of which occurred just a few days ago.
    On another matter, if there is no quick resolution to the 
budget impasse regarding the continuing resolution in fiscal 
year 2015 appropriations, there are only 16 calendar days and 5 
legislative days until the Department of Homeland Security 
shuts down on February 28, closing down the bulk of DHS's 
management and support of the homeland security infrastructure 
that was built following the 9/11 terrorist attack.
    I will just mention a few of those things that would be 
impacted: Shuttering the DHS Domestic Nuclear Detection Office, 
which would no longer alert and coordinate with law enforcement 
agencies and withholding the Securing the Cities grants that 
pay for the critical nuclear detection capabilities in cities 
across the country; halting research and development work on 
countermeasures to devastating biological threats on nuclear 
detection equipment and on cargo and passenger screening 
technology; also crippling FEMA's preparation for future 
disasters and furloughing 22 percent of FEMA's personnel, as 
well as ending FEMA's training activities of local law 
enforcement for weapons-of-mass-destruction events.
    Also, Mr. Chairman, some of DHS's employees would continue 
to work in the event of a shutdown. They would be forced to do 
so without pay, creating a significant distraction and dealing 
a tremendous blow to a Department with already low morale.
    Among those who would be expected to protect Americans 
without getting paid would be more than 40,000 Border Patrol 
Agents and Customs and Border Patrol Officers; more than 50,000 
TSA aviation security screeners; more than 13,000 Immigration 
and Customs Enforcement agents, more than 40,000 Active Duty 
Coast Guard military members; and more than 4,000 Secret 
Service law enforcement agents and officers.
    With such serious consequences, it is no wonder three 
former DHS Secretaries sent a letter to Senators Mitch 
McConnell and Harry Reid calling for a clean DHS funding bill. 
The essential funding for the Department of Homeland Security 
is no place for the majority to showboat against immigration 
reform that strengthens our economy and our country.
    Thank you, Mr. Chairman. With that, I yield back.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
                           February 12, 2015
    Mr. Chairman, welcome to the gavel, and thank you for holding this 
hearing to discuss developments and activities in the National 
Protection and Program Directorate, the Domestic Nuclear Detection 
Office, and the Science and Technology Directorate, all of which are 
important areas of oversight for this subcommittee.
    I note that we are also to hear testimony today from the cyber 
operations branch of the Secret Service. While I know this subcommittee 
has oversight on cybersecurity issues, Chairman McCaul and I agreed in 
the Committee Oversight Plan for the 114th to include oversight of the 
Secret Service under the jurisdiction of the Subcommittee for Oversight 
and Management Efficiency.
    While I am sure we will find the testimony interesting, I find it 
odd that the Service is testifying before a subcommittee that does not 
have oversight responsibilities, considering the difficulties the 
Service has experienced lately and the intense scrutiny the Service is 
under at the moment, and especially in light of the recent shakeup in 
senior leadership, some of which occurred just a few days ago.
    On another matter, if there is no quick resolution to the budget 
impasse regarding the Continuing Resolution and Fiscal Year 2015 
Appropriations, there are only 16 calendar days and 5 legislative days 
until the Department of Homeland Security shuts down on February 28, 
closing down the bulk of DHS's management and support of the homeland 
security infrastructure that was built following the 9/11 terrorist 
attacks.
    I will just mention a few:
   Shuttering the DHS Domestic Nuclear Detection Office, which 
        would no longer alert and coordinate with local law enforcement 
        agencies, and withholding the Securing the Cities grants that 
        pay for critical nuclear detection capabilities in cities 
        across the country;
   Halting Research and Development work on countermeasures to 
        devastating biological threats, on nuclear detection equipment, 
        and on cargo and passenger screening technologies;
   Crippling FEMA's preparations for future disasters, and 
        furloughing 22 percent of FEMA personnel;
   Ending FEMA training activities with local law enforcement 
        for Weapons of Mass Destruction events.
    Although some DHS employees would continue to work in the event of 
a shutdown, they would be forced to do so without pay, creating a 
significant distraction and dealing a tremendous blow to a Department 
with already low morale.
    Among those who would be expected to protect Americans without 
getting paid would be:
   More than 40,000 Border Patrol Agents and Customs and Border 
        Patrol Officers;
   More than 50,000 TSA aviation security screeners;
   More than 13,000 Immigration and Customs Enforcement law 
        enforcement agents and officers;
   More than 40,000 active-duty Coast Guard military members; 
        and
   More than 4,000 Secret Service law enforcement agents and 
        officers.
    With such serious consequences, it is no wonder three former DHS 
Secretaries sent a letter to Senators Mitch McConnell and Harry Reid 
calling for a clean DHS funding bill. The essential funding for the 
Department of Homeland Security is no place for the Majority to 
showboat against immigration reform that strengthens our economy and 
our country.
    Thank you, Mr. Chairman, and with that I yield back.

    Mr. Ratcliffe. I thank the gentleman from Mississippi.
    Other Members of the subcommittee are reminded that opening 
statements may be submitted for the record.
    We are pleased today to have a distinguished panel of 
witnesses before us on this very important topic.
    I thank you all for being here.
    I would like to recognize the panel en banc, and then each 
of you will have the opportunity to provide opening statements.
    Our first witness is Mr. Andy Ozment. He is the assistant 
secretary for the Office of Cybersecurity and Communications 
within the National Protection and Programs Directorate of the 
Department of Homeland Security.
    Welcome.
    Our second witness, Dr. Huban Gowadia, is the director of 
the Domestic Nuclear Detection Office in the Department of 
Homeland Security.
    Next, we will hear from Mr. Joseph Martin, who is the 
acting director of the Homeland Security Enterprise and First 
Responders Group within the Science and Technology Directorate 
at the Department of Homeland Security.
    Also joining us today is Mr. William Noonan, who is the 
deputy special agent in charge of the Criminal Investigative 
Division at the United States Secret Service.
    Finally, we have with us Mr. William Painter, a government 
and finance division analyst at the Congressional Research 
Service.
    Again, the Chairman, the Ranking Member, and the Members of 
this subcommittee very much appreciate the witnesses' presence 
today.
    The witnesses' full statements will appear in the record.
    The Chairman now recognizes Mr. Ozment for 5 minutes to 
testify.

   STATEMENT OF ANDY OZMENT, ASSISTANT SECRETARY, OFFICE OF 
   CYBERSECURITY AND COMMUNICATIONS, NATIONAL PROTECTION AND 
   PROGRAMS DIRECTORATE, U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Ozment. Thank you, Chairman.
    Chairman Ratcliffe, Ranking Member Richmond, Ranking Member 
Thompson, and Members of the subcommittee, I am pleased to 
appear today to discuss the work of the Department of Homeland 
Security's National Protection and Programs Directorate, or 
NPPD, to address persistent and emerging cybersecurity risks to 
the U.S. homeland.
    As the internet and network technologies become an 
increasingly omnipresent part of our daily lives, growing cyber 
threats present an increasing risk to critical infrastructure, 
our economy, and our National security.
    As a Nation, we are faced with pervasive threats from 
malicious cyber actors. These individuals and groups are 
motivated by a variety of reasons that include espionage, 
political and idealogical beliefs, and financial gain. For 
example, certain nation-states pose a significant economic 
cyber threat as they aggressively target and seek access to 
public- and private-sector computer networks with the goal of 
stealing and exploiting massive quantities of data, including 
intellectual property and other sensitive information. In 
another example, we saw in the recent Sony incident that cyber 
attacks also have the potential to damage physical 
infrastructure.
    The DHS National Protection and Programs Directorate 
undertakes its cybersecurity activities within its overarching 
mission to secure and enhance the resilience of the Nation's 
cyber and physical infrastructure. We view ourselves as a 
customer service organization, and our customers are Federal 
civilian department and agencies, private-sector infrastructure 
owners and operators, and State, local, Tribal, and territorial 
governments.
    In serving these customers, our guiding principles are to 
prioritize our customers' needs, to build and retain their 
trust, to ensure privacy and civil rights across the depth and 
breadth of our cyber and communications activities, and to 
enable continuous improvement to stay ahead of the malicious 
actors that we face.
    To achieve our cybersecurity mission, we focus on helping 
our partners understand and manage cyber risk, reduce the 
frequency and impact of cyber incidents, and build partner 
capacity. So what do we bring to our customers? Broadly, we 
accomplish these goals through a variety of means, and I would 
like to highlight a few of them.
    We share timely and accurate information and analysis to 
enable private and public-sector partners to protect 
themselves. We provide on-site assistance to Federal agencies 
and critical-infrastructure entities that are impacted by a 
significant cybersecurity incident. We provide technology and 
services to detect and block cyber threats from impacting 
Federal civilian agency networks.
    We enable Federal agencies to more readily identify network 
security issues and take prioritized action. We provide 
Classified information to commercial cybersecurity companies so 
they can better protect their private-sector customers. And we 
maintain a trusted environment for private-sector partners to 
share information and collaborate to understand cybersecurity 
threats and trends.
    These activities are only successful through our continued 
engagement and collaboration with public and private partners. 
NPPD engages its cybersecurity stakeholders through a variety 
of mechanisms, to include the National Cybersecurity and 
Communications Integration Center, or the NCCIC.
    The NCCIC is a 24/7 National hub for sharing cyber and 
communications information between Federal agencies, the 
intelligence community, law enforcement, and the private 
sector. In 2014, the NCCIC received over 97,000 incident 
reports and issued nearly 12,000 actionable cyber alerts or 
warnings. NCCIC teams detected over 64,000 vulnerabilities on 
Federal and non-Federal systems and directly responded to 115 
significant cyber incidents with on-site support to our 
customers.
    Among its roles, the NCCIC provides incident response 
assistance during significant cyber events. The NCCIC also 
disseminates information on potential or active cybersecurity 
threats, incidents, and vulnerabilities to both public and 
private-sector partners. As a final example, the NCCIC conducts 
vulnerability assessments to identify cybersecurity risks and 
recommend mitigations.
    Congress' support to these activities resulted in 
bipartisan action last year to pass critical cybersecurity 
legislation. That legislation enhanced our ability to measure 
and motivate Federal civilian agencies to improve their own 
security, it codified the NCCIC into law, and provides DHS with 
the ability to enhance our cyber workforce.
    Enactment of these bills represents a significant moment 
for the Department's cybersecurity mission, and I thank 
Congress for this action. This committee, in particular, 
undertook significant efforts to bring these bills to 
enactment.
    However, additional legislation is needed. Carefully 
updating laws to facilitate cybersecurity information sharing 
is essential to improving the Nation's cybersecurity. While 
many companies currently share cybersecurity threat information 
under existing laws, we need to increase the volume and speed 
of information shared between the Government and the private 
sector. It is essential to ensure that cyber threat information 
is shared quickly between trusted partners to detect and block 
cyber threats before they can cause damage.
    The NCCIC's role is a critical piece of the President's 
recent legislative proposal because its core mission, as stated 
in this committee's unanimously passed National Cybersecurity 
Protection Act, is coordinating and serving as an interface for 
cybersecurity information across the Government and private 
sector. We must connect the dots, and the NCCIC is our 
mechanism for doing so.
    Thank you for the opportunity to testify, and I look 
forward to any questions you may have.
    [The prepared statement of Mr. Ozment follows:]
                   Prepared Statement of Andy Ozment
                           February 12, 2015
                              introduction
    Chairman Ratcliffe, Ranking Member Richmond, and distinguished 
Members of the subcommittee, I am pleased to appear today to discuss 
the work of the Department of Homeland Security (DHS) to address 
persistent and emerging cyber threats to the U.S. homeland.
    In my testimony today, I would like to highlight how DHS helps 
secure cyber infrastructure and discuss a few specific examples of 
instances in which we prevented and responded to a serious 
cybersecurity challenge.
                       the on-going cyber threat
    Growing cyber threats are an increasing risk to critical 
infrastructure, our economy and thus, our National security. As a 
Nation, we are faced with pervasive threats from malicious cyber 
actors. These individuals are motivated by a variety of reasons that 
include espionage, political and ideological beliefs, and financial 
gain. Certain nation-states pose a significant cyber threat as they 
aggressively target and seek access to public and private-sector 
computer networks with the goal of stealing and exploiting massive 
quantities of data.
    Some nation-states consistently target Government networks for 
traditional espionage, theft of protected information for financial 
gain, and other purposes. Increasingly, State, local, Tribal, and 
territorial (SLTT) networks are experiencing nation-state cyber 
activity similar to that seen on Federal networks. In addition to 
targeting Government networks, there is a growing threat of nation-
states targeting and compromising critical infrastructure networks and 
systems. Such attacks may provide persistent access for potential 
malicious cyber operations that could lead to cascading effects with 
physical implications, including injury or loss of life.
                         dhs cybersecurity role
    The DHS National Protection and Programs Directorate (NPPD) 
undertakes its cybersecurity activities within its overarching mission 
to secure and enhance the resilience of the Nation's critical 
infrastructure. By leveraging its core capabilities of information and 
data sharing; incident response and capacity development; vulnerability 
assessments; and situational awareness, NPPD applies its expertise and 
resources to assist with building the Nation's resilience to physical 
and cybersecurity risks.
    NPPD works with infrastructure owners and operators and Government 
partners, to provide timely information, analysis, and assessments 
through its field force and headquarters components. These capabilities 
are applied to maintain and provide situational awareness, increase 
resilience, and understand and mitigate risk. Through established 
partnerships including DHS support from partners in Science & 
Technology, U.S. Secret Service, and the Domestic Nuclear Detection 
Office, NPPD leads the National unity of effort for infrastructure 
security and resilience and builds the capacity of partners across the 
Nation. NPPD also directly protects Federal infrastructure against both 
physical and cyber threats and responds to incidents that threaten 
infrastructure or sensitive information.
    NPPD executes this mission through several key responsibilities:
   First, NPPD informs decision makers on potential impacts by 
        performing comprehensive consequence analyses that assess 
        cross-sector interdependencies and cascading effects.--NPPD 
        utilizes integrated analysis and modeling capabilities to 
        understand cyber and physical risk and assist with 
        prioritization of infrastructure to ensure resources are 
        focused on protecting the assets or services of greatest 
        significance. This capability also enables NPPD to maintain and 
        provide situational awareness to public and private-sector 
        partners about the potential impacts of future incidents and 
        inform investments of various forms in effective preparedness 
        given limited resources.
   Second, NPPD reduces cyber and physical risks to critical 
        infrastructure through collaboration with Federal agencies, 
        State, local, Tribal, and territorial governments and the 
        private sector.--NPPD works with its partners to conduct 
        voluntary critical infrastructure and cybersecurity 
        assessments. These assessments allow partners to better 
        understand their physical and cybersecurity resilience and 
        vulnerabilities and provide recommendations for how they can 
        improve. At the National level, NPPD leads or contributes to 
        the development of risk management plans and approaches such as 
        the National Infrastructure Protection Plan and the 
        Cybersecurity Framework.
   Third, NPPD programs promote cybersecurity knowledge and 
        innovation to create a safer and more secure cyber 
        environment.--NPPD enables Federal departments and agencies to 
        address cybersecurity challenges by providing guidance on 
        technology, emerging risks, and best practices. To this end, 
        NPPD partners with the private sector, law enforcement, 
        military, and intelligence communities to identify and mitigate 
        vulnerabilities and threats to information systems before they 
        can cause significant harm.
   Fourth, NPPD provides direct protection and conducts 
        incident response activities to minimize the frequency and 
        impact of incidents affecting Federal networks and 
        facilities.--NPPD secures and protects the buildings, grounds, 
        and property owned or occupied by the Federal Government, as 
        well as the people on those properties, by conducting Facility 
        Security Assessments, recommending appropriate countermeasures, 
        overseeing a large contract Protective Security Officer 
        workforce, and exercising law enforcement authorities. On the 
        cyber side, NPPD directly protects Federal networks by 
        identifying vulnerabilities through the Continuous Diagnostics 
        and Mitigation (CDM) program and by detecting and blocking 
        threats through the EINSTEIN program. NPPD also responds to 
        cyber incidents affecting Federal networks upon request of the 
        impacted agencies to determine and recommend necessary 
        mitigations.
   Fifth, NPPD is responsible for ensuring effective 
        telecommunications for Government users in National emergencies 
        and for establishing policies and promoting solutions for 
        interoperable emergency communications used on a daily basis 
        across the country at the Federal, State, and local levels.--As 
        the Sector Specific Agency for Communications and for Emergency 
        Services, NPPD protects and strengthens the security, 
        reliability, survivability, and interoperability of the 
        Nation's communications capabilities at the Federal, State, 
        local, Tribal, and territorial levels. NPPD serves the first 
        responder community by serving as a board member and providing 
        technical assistance for the initiative to establish a National 
        Public Safety Broadband Network and supports development of 
        standards and best practices for the interoperability of first 
        responder communications. NPPD is also helping lead the 
        transition of public safety communications from land-mobile 
        radio to broadband and Voice-Over-Internet Protocol (or VOIP). 
        In order to ensure that communications are available to manage 
        and coordinate a major incident, NPPD also assures the 
        provision of National Security and Emergency Preparedness 
        communications by administering the Priority Telecommunications 
        Service (PTS).
  dhs shares information widely with federal agencies and the private 
                 sector, and provides incident response
    DHS takes a customer-focused approach to information sharing, using 
information to detect and block cybersecurity attacks on Federal 
civilian agencies and sharing information to help critical 
infrastructure entities in their own protection. We provide information 
to commercial cybersecurity companies so they can better protect their 
customers through the Enhanced Cybersecurity Services program, or ECS, 
and we maintain a trusted information-sharing environment for private-
sector partners to share information and collaborate on cybersecurity 
threats and trends via a program known as the Cyber Information Sharing 
and Collaboration Program, or CISCP. This trust derives in large part 
from our emphasis on privacy, confidentiality, civil rights, and civil 
liberties across all information-sharing programs, including special 
care to safeguard personally identifiable information.
    DHS also maintains the National Cybersecurity & Communications 
Integration Center (NCCIC), which serves as a 24x7 centralized location 
for the coordination and integration of cyber situational awareness and 
incident management. NCCIC partners include all Federal departments and 
agencies; State, local, Tribal, and territorial governments; the 
private sector; and international entities. The NCCIC provides its 
partners with enhanced situational awareness of cybersecurity and 
communications incidents and risks, and provides timely information to 
manage vulnerabilities, threats, and incidents.
    In 2014, the NCCIC received over 97,000 incident reports, and 
issued nearly 12,000 actionable cyber alerts or warnings. NCCIC teams 
also detected over 64,000 vulnerabilities on Federal and non-Federal 
systems and directly responded to 115 significant cyber incidents.
            protecting federal civilian cyber infrastructure
    DHS directly supports Federal civilian departments and agencies in 
developing capabilities that will improve their own cybersecurity 
posture. Through the Continuous Diagnostics and Mitigation (CDM) 
program, DHS enables Federal agencies to more readily identify network 
security issues, including unauthorized and unmanaged hardware and 
software; known vulnerabilities; weak configuration settings; and 
potential insider attacks. Agencies can then prioritize mitigation of 
these issues based upon potential consequences or likelihood of 
exploitation by adversaries. The CDM program provides diagnostic 
sensors, tools, and dashboards that provide situational awareness to 
individual agencies, and will provide DHS with summary data to 
understand relative and system risk across the Executive branch. NPPD 
is moving aggressively to implement CDM across all Federal civilian 
agencies. Memoranda of Agreement with the CDM program encompass over 97 
percent of all Federal civilian personnel. An initial award of CDM 
tools in 2014 to fill immediate capability gaps at participating 
agencies, will, in the future, provide DHS with better data to protect 
the dot-gov, and has resulted in $26 million in cost avoidance. The 
President's 2016 budget requests $102.7 million for the CDM program. 
Two-thousand fifteen will be an exciting year for the CDM program: 
Acquisition Groups A and B, covering 7 agencies and over 45% of all 
Federal civilian personnel, will begin to deploy CDM tools starting in 
the third quarter of fiscal year 2015. By the first quarter of fiscal 
year 2016, 25 agencies and over 95% of all Federal civilian personnel 
will have started deploying CDM tools provided by DHS. NPPD is 
implementing a commercial off-the-shelf, or COTS, technology for the 
CDM dashboard to provide agencies with a detailed understanding of 
their cybersecurity risk and enable comprehensive situational awareness 
across the Federal Government. The agency-level dashboards will begin 
deployment in fiscal year 2015, and the Federal dashboard is expected 
to reach Full Operating Capability in fiscal year 2017.
    While CDM will identify vulnerabilities and systemic risks within 
agency networks, the National Cybersecurity Protection System, or 
EINSTEIN, detects and blocks threats at the perimeter of the network or 
at the Internet Service Provider. EINSTEIN is an integrated intrusion 
detection, analysis, information sharing, and intrusion-prevention 
system. The President's 2016 budget requests $463.9 million for the 
EINSTEIN program. Perhaps the best way to understand EINSTEIN is 
through the analogy of a car attempting to enter a protected perimeter 
such as a military base. EINSTEIN 1 can be thought of as analogous to a 
cop on the beat looking for a particular license plate. The system 
captures key data about internet traffic entering an agency through 
basic network flow information. EINSTEIN 2 is akin to a cop who not 
only sees the license plate but sends an alert to other security 
personnel to alert them to a potentially prohibited or malicious 
vehicle. EINSTEIN 2's network intrusion detection system (IDS) 
technology uses custom signatures, based upon known or suspected cyber 
threats within Federal network traffic. EINSTEIN 3A, or E3A, is much 
like a gatehouse that prohibits vehicles whose license plates set off 
an alert from entering the base. E3A supplements EINSTEIN 2 by adding 
additional intrusion prevention capabilities and enabling ISPs, under 
the direction of DHS, to detect and block known or suspected cyber 
threats using indicators.
    NPPD's Office of Cybersecurity and Communications (CS&C) screens 
all data captured by EINSTEIN 1 and EINSTEIN 2 sensors to ensure it is 
analytically relevant to a known or suspected cyber threat. E3A 
combines existing analysis of EINSTEIN 1 and EINSTEIN 2 data as well as 
information provided by cyber mission partners with existing commercial 
intrusion prevention security services to allow for the near-real-time 
deep packet inspection of Federal network traffic to identify and react 
to known or suspected cyber threats. Participating agencies currently 
have access to their network flow records through participation in 
EINSTEIN 1 and receive information about their own data specific to 
their networks in accordance with CS&C's cybersecurity information 
handling policies and guidelines. E3A is currently deployed and 
offering DNS and email services to eleven (11) departments and 
agencies, covering approximately 25% of all dot-gov (.gov) traffic. 
Forty-six (46) agencies have signed Memorandum of Agreements (MOA) to 
participate in E3A services covering 90% of all Federal civilian 
traffic. It reduces threat vectors available to actors seeking to 
infiltrate, control, or harm Federal networks. We look forward to 
working with Congress to further clarify DHS's authority to deploy this 
protective technology to Federal civilian systems.
  securing the homeland against persistent and emerging cyber threats
    Cyber intrusions into critical infrastructure and Government 
networks can cause significant damage and be perpetrated by 
increasingly sophisticated actors. The complexity of emerging threat 
capabilities, the inextricable link between the physical and cyber 
domains, and the diversity of cyber actors present challenges to DHS 
and our customers.
Financial Sector Distributed Denial of Service (DDoS) Attacks
    Cyber attacks on the U.S. financial sector are often discussed as 
an area of concern. There were increasingly powerful DDoS incidents 
impacting leading U.S. banking institutions in 2012 and 2013, and high-
profile media coverage of financial sector cybersecurity challenges in 
2014. US-CERT has a distinct role in responding to a DDoS: To 
disseminate victim and potential victim notifications to United States 
Federal Agencies, Critical Infrastructure Partners, International 
CERTs, and U.S.-based Internet Service Providers.
    US-CERT has provided technical data and assistance, including 
identifying 600,000 DDoS-related IP addresses and supporting contextual 
information. This information helps financial institutions and their 
information technology security service providers improve defensive 
capabilities. In addition to sharing with relevant private-sector 
entities, US-CERT provided this information to over 120 international 
partners, many of whom contributed to our mitigation efforts. US-CERT, 
along with the U.S. Secret Service, FBI and other interagency partners, 
also deployed to affected entities on-site technical assistance, or 
``boots on the ground.'' US-CERT works with Federal civilian agencies 
to protect USG systems from becoming part of a botnet, since botnets 
are a tool that cyber criminals use to deflect attribution in DDoS 
attacks.
    During these attacks, our partners in the DHS Office of 
Intelligence and Analysis, or I&A, provided long-term, consistent 
threat updates to the Department of Treasury and private-sector 
partners in the Financial Services Sector. I&A analysts presented 
sector-specific Unclassified briefings on the relevant threat 
intelligence, including at the annual Financial Services Information 
Sharing and Analysis Center (FS-ISAC) conference, alongside the Office 
of the National Counterintelligence Executive and the U.S. Secret 
Service. At the request of the Treasury and the Financial and Banking 
Information Infrastructure Committee (FBIIC), I&A analysts provided 
Classified briefings on the malicious cyber threat actors to cleared 
individuals and groups from several financial regulators, including the 
Federal Deposit Insurance Corporation (FDIC), Securities and Exchange 
Commission (SEC), and the Federal Reserve Board (FRB).
Point-of-Sale Compromises
    On December 19, 2013, a major retailer publically announced it had 
experienced unauthorized access to payment card data from the 
retailer's U.S. stores. The information involved in this incident 
included customer names, credit and debit card numbers, and the cards' 
expiration dates and card verification value (CVV) security codes. The 
CVV security codes are 3- or 4-digit numbers that are usually on the 
back of the card. Separately, another retailer also reported a malware 
incident involving its Point of Sale (POS) system on January 11, 2014, 
that resulted in the apparent compromise of credit card and payment 
information.
    In response to this activity, NCCIC/US-CERT analyzed malware 
identified by the Secret Service as well as other relevant technical 
data and used those findings, in part, to create two information-
sharing products. The first product, which is publicly available and 
can be found on US-CERT's website, provides a non-technical overview of 
risks to Point-of-Sale systems, along with recommendations for how 
businesses and individuals can better protect themselves and mitigate 
their losses in the event an incident has already occurred. The second 
product provides more detailed technical analysis and mitigation 
recommendations, and has been securely shared with industry partners to 
enable their protection efforts. NCCIC's goal is always to share 
information as broadly as possible, including by producing products 
tailored to specific audiences.
    These efforts ensured that actionable details associated with a 
major cyber incident were shared with the private-sector partners who 
needed the information in order to protect themselves and their 
customers quickly and accurately, while also providing individuals with 
practical recommendations for mitigating the risk associated with the 
compromise of their personal information. NCCIC especially benefited 
from close coordination with the private-sector Financial Services 
Information Sharing and Analysis Center during this response.
                       cybersecurity legislation
    Last year, Congress acted in a bipartisan manner to pass critical 
cybersecurity legislation that enhanced the ability of the Department 
of Homeland Security to work with the private sector and other Federal 
civilian departments in each of their own cybersecurity activities, and 
enhanced the Department's cyber workforce. Enactment of these bills 
represents a significant moment for the Department's cybersecurity 
mission, and I thank Congress for this action. This committee in 
particular undertook significant efforts to bring the bills to passage.
    Additional legislation is needed. While many companies currently 
share cybersecurity threat information under existing laws, there is a 
heightening need to increase the volume and speed of such information 
sharing between the Government and the private sector--and among 
appropriate private-sector organizations--without sacrificing the trust 
of the American people or individual privacy, civil rights, or civil 
liberties. It is also essential that we ensure the integration of 
threat indicators to provide shared situational awareness. We must 
connect the dots. Carefully updating laws to facilitate cybersecurity 
information sharing is essential to improving the Nation's 
cybersecurity. We also must provide law enforcement additional tools to 
fight crime in the digital age, create a National Data Breach Reporting 
requirement, and further clarify DHS's authority to deploy protective 
technologies to Federal, Executive branch, civilian systems.
                               conclusion
    DHS will continue to work with our public and private partners to 
create and implement collaborative solutions to improve cybersecurity, 
focused on reducing frequency and impact of high-consequence 
cybersecurity incidents. We work around the clock to ensure that the 
peace and security of the American way of life will not be interrupted 
by malicious actors seeking to exploit our reliance on the internet and 
networked technologies. Each incarnation of the cyber threat has unique 
traits, and mitigation requires agility and layered security. 
Cybersecurity is a process of risk management in a time of constrained 
resources, and we must ensure that our efforts achieve maximize 
security as efficiently as possible while preserving privacy, civil 
rights, and civil liberties.
    DHS represents an integral piece of the National effort to increase 
our collective cybersecurity, but we cannot achieve our mission without 
a foundation of voluntary partnerships with the critical infrastructure 
community, industry, and our Government partners. While securing 
cyberspace has been identified as a core DHS mission since the 2010 
Quadrennial Homeland Security Review the Department's view of 
cybersecurity has evolved to include a more holistic emphasis on 
critical infrastructure which takes into account the convergence of 
cyber and physical risk.
    DHS will continue to serve as the center of integration, 
information sharing, and collaborative analysis, at machine-speed 
wherever possible, of global cyber risks, trends, and incidents. 
Through our unique role in protecting civilian Government systems and 
helping the private sector protect themselves, DHS can correlate data 
from diverse sources, in an anonymized and secure manner, to maximize 
insights and inform effective risk mitigation. We are working to 
further mature the ability of NCCIC to receive information at machine 
speed, which will support emerging capabilities of networks to self-
heal and to recognize and block threats before they reach their 
targets. This will in turn diminish the profit model for cyber 
adversaries and reduce our response time to a cyber incident from days 
or hours to seconds.
    DHS provides the foundation of the U.S. Government's approach to 
securing and ensuring the resilience of civilian critical 
infrastructure and essential services. We look forward to continuing 
the conversation and continuing to serve the American goals of peace 
and stability, and we rely upon your continued support. Thank you for 
the opportunity to testify, and I look forward to any questions you may 
have.

    Mr. Ratcliffe. Thank you, Mr. Ozment.
    The Chairman now recognizes Dr. Gowadia to testify.

   STATEMENT OF HUBAN A. GOWADIA, DIRECTOR, DOMESTIC NUCLEAR 
     DETECTION OFFICE, U.S. DEPARTMENT OF HOMELAND SECURITY

    Ms. Gowadia. Good afternoon, Chairman Ratcliffe, Ranking 
Member Richmond, and Ranking Member Thompson, distinguished 
Members of the subcommittee. It is a pleasure to be here with 
my colleagues from the Department of Homeland Security and the 
Congressional Research Service to testify about the Domestic 
Nuclear Detection Office, or DNDO, on our on-going efforts to 
protect the homeland from nuclear and radiological threats.
    As articulated in the new National security strategy, no 
threat poses as grave a danger to our security and well-being 
as the potential use of nuclear weapons and materials by 
irresponsible states or terrorists. DNDO was created in 2005 as 
an interagency with a singular focus--preventing nuclear 
terrorism--realized through two missions: Technical nuclear 
forensics and nuclear detection. We work with Federal, State, 
local, and international partners, as well as those in the 
private sector, academia, and the National laboratories.
    For both missions, we are responsible for coordinating 
interagency efforts to develop strategies, conduct research, 
and deploy capabilities in support of our operational 
stakeholders. For example, DNDO's National Technical Nuclear 
Forensics Center provides centralized stewardship, planning, 
and integration of U.S. Government-wide efforts. Since the 
Center's establishment in 2006, DNDO has advanced nuclear 
forensics capabilities and improved National exercises by 
making them increasingly collaborative and realistic.
    Focusing on an in extremis National capability, we are 
investing in our technical expertise pipeline. DNDO is on track 
to have 35 new Ph.D.'s added to the workforce by 2018.
    On the detection mission, DNDO coordinates the United 
States Government's capabilities through the construct of the 
Global Nuclear Detection Architecture, or GNDA. Recently, in 
collaboration with our interagency partners, we published the 
2014 GNDA Strategic Plan, which will guide our efforts as we 
collectively design and implement the architecture.
    To address technical challenges, DNDO conducts an 
aggressive program of transformational research and 
development. Among our many accomplishments have been 
breakthrough sensing materials that have transitioned from the 
laboratory to commercially-available products. In fact, until 
recently, one such material, Stilbene, was only available in 
limited supplies from suppliers in Ukraine. Through our small-
business innovation research efforts, U.S. industry now 
produces this material domestically at lower cost and in 
greater quantities.
    As the Department's lead for acquiring and deploying 
radiation-detection systems, DNDO brings a rigorous and 
disciplined approach to testing and procurement. Since 
inception and in conjunction with our partners, we have 
completed over 100 test campaigns and 7 pilots to evaluate the 
performance of various nuclear detectors.
    DNDO's collaborative systems acquisition efforts have 
ensured that all Coast Guard boarding parties and all TSA Viper 
teams are equipped with radiation detectors. All incoming 
general aviation flights are met by detector-equipped Customs 
and Border Protection officers. One hundred percent of trucks 
and cars and almost 100 percent of maritime containerized cargo 
is scanned for radiation at our ports of entry before release 
into the United States.
    Because detection is about more than just equipment, we 
focus on the critical triad of intelligence, law enforcement, 
and technology. The ability to detect and interdict nuclear 
threats is maximized when well-trained law enforcement and 
public safety personnel conduct intelligence or information-
driven operations using the right technology. Indeed, by the 
end of this year and working with our State and local partners, 
we intend to have basic preventive nuclear capabilities in all 
50 States.
    I would like to relate an excellent example of this triad 
at work. Last month, in Fairfield, Connecticut, a police 
officer stopped a stolen car and discovered an industrial 
radioactive source in the trunk. The officer contacted the 
local fire department and the Connecticut State Police 
Emergency Services Unit. Within 4 minutes, a trooper responded, 
equipped with radiation detectors provided via our Securing the 
Cities program. I should note that our S&T's National Urban 
Security Technology Laboratory supports this program.
    The officers were thereby able to quickly resolve the 
situation at the local level using the right technologies and 
protocols. Information, law enforcement, and technology coming 
together to address radioactive material that was out of 
regulatory control.
    In conclusion, DNDO has made considerable progress since 
its creation in 2005. As I have shared today, we are realizing 
the results of our research and development investments through 
the maturation of our Nation's nuclear detection and technical 
forensics capabilities. With your continued support, we will 
work steadfastly to make nuclear terrorism a prohibitively 
difficult undertaking for our adversaries.
    Thank you for this opportunity, and I look forward to your 
questions.
    [The prepared statement of Ms. Gowadia follows:]
                 Prepared Statement of Huban A. Gowadia
                           February 12, 2015
    Chairman Ratcliffe, Ranking Member Richmond, and distinguished 
Members of the subcommittee. Thank you for the opportunity to testify 
before you today. I am honored to join my esteemed colleagues from the 
U.S. Department of Homeland Security (DHS) at this hearing regarding 
the emerging threats we face and the development of technologies 
employed to defend the homeland. Whether it is strengthening 
cybersecurity, combating cyber crime, protecting critical 
infrastructure, or preventing nuclear and radiological terrorism, DHS 
seeks to employ our Nation's talents and technological edge to defeat 
sophisticated and agile adversaries. I appreciate your attention to the 
threat of nuclear terrorism and your interest in the efforts and 
progress DHS' Domestic Nuclear Detection Office (DNDO) has made to 
prevent its occurrence.
    As President Obama stated on March 25, 2014 at the joint press 
conference following the 2014 Nuclear Security Summit, ``I convened the 
first Nuclear Security Summit in Washington four years ago because I 
believed that we need a serious and sustained global effort to deal 
with one of the greatest threats to international security--and that's 
the specter of nuclear terrorism . . . given the catastrophic 
consequences of even a single attack, we cannot be complacent.'' The 
potentially catastrophic effects of a nuclear detonation, whether 
executed surreptitiously by a state or a non-state actor, would have 
far-reaching impacts on our Nation and the world. A radiological 
attack, via a ``dirty bomb,'' would result in far less destruction, but 
would still be extremely disruptive to our way of life.
    The spectrum of nuclear security spans physical protection of 
nuclear and other radioactive materials, detection of such materials 
out of regulatory control, rendering devices safe, response and 
recovery to incidents, and forensics and attribution of materials. DNDO 
has specific, focused responsibilities for two elements in this 
spectrum: Detection and nuclear forensics. And as reducing the risk of 
nuclear terrorism is a whole-of-Government challenge, DNDO works with 
Federal, State, local, Tribal, territorial, and international partners 
as well as those in the private sector, academia, and the National 
laboratories to fulfill its mission.
                              authorities
    With the recognition of the need to focus efforts to detect nuclear 
and other radioactive materials that have become unsecured, DNDO was 
established in 2005 by National Security Presidential Directive (NSPD)-
43 and Homeland Security Presidential Directive (HSPD)-14 and 
subsequently codified in Title V of the Security and Accountability For 
Every (SAFE) Port Act (Pub. L. No. 109-347), which amended the Homeland 
Security Act of 2002. Pursuant to section 1902 of the Homeland Security 
Act, DNDO is required to develop, with the approval of the Secretary 
and in coordination with the Departments of Energy (DOE), State (DOS), 
Defense (DoD), and Justice (DOJ), an enhanced global nuclear detection 
architecture (GNDA), and is responsible for implementing the domestic 
portion.
    The architecture serves as a framework for detecting (through 
technical and non-technical means), analyzing, and reporting on nuclear 
and other radioactive materials that are out of regulatory control. 
Non-technical detection refers to an alert from law enforcement or 
intelligence efforts and collected by GNDA partners under their 
statutory authorities and consistent with National policy. DNDO is also 
charged to enhance and coordinate the nuclear detection efforts of 
Federal, State, local, and Tribal governments and the private sector to 
ensure a managed, coordinated response. To accomplish this, DNDO leads 
programs to conduct transformational research and development for 
advanced detection technologies, deploy nuclear detection capabilities, 
measure detector system performance, and ensure effective response to 
detection alarms.
    In 2006, DNDO's National Technical Nuclear Forensics Center was 
established by NSPD-17/HSPD-4 and later authorized by the 2010 Nuclear 
Forensics and Attribution Act (Pub. L. No. 111-140) with the mission of 
characterizing radiological and nuclear devices prior to detonation. 
DNDO was given responsibilities to provide centralized stewardship, 
planning, and integration for all Federal nuclear forensics activities. 
The Act also established the National Nuclear Forensics Expertise 
Development program and required DNDO to lead the development and 
implementation of the National Strategic Five-Year Plan for Improving 
the Nuclear Forensics and Attribution Capabilities of the United 
States.
    These authorities have directed our focus in preventing nuclear 
terrorism through the enhancement of nuclear detection and technical 
forensics capabilities. In both instances, we rely on the critical 
triad of intelligence, law enforcement, and technology. Thus, to 
maximize the Nation's ability to detect and interdict a threat, it is 
imperative that we apply detection technologies in operations that are 
driven by intelligence indicators, and place them in the hands of well-
trained law enforcement and public safety officials. Similarly, to 
enhance attribution capabilities, the U.S. Government (USG) must ensure 
that information from law enforcement, intelligence, and technical 
nuclear forensics is synthesized to identify the origin of the material 
or device and the perpetrators.
    While we have made significant improvements in both detection and 
forensics over the years, the threat of nuclear terrorism persists, and 
requires constant vigilance.
          developing the global nuclear detection architecture
    Cited in Presidential Directive and legislation, the GNDA is a 
multi-faceted, layered, defense-in-depth framework, with the objective 
of making the illicit acquisition, fabrication, and transport of a 
nuclear or radiological device or material prohibitively difficult. 
DNDO relies on a well-conceived arrangement of fixed and mobile 
radiological and nuclear technical detection capabilities to present 
terrorists with many obstacles to a successful attack, including 
greatly increasing costs, difficulty, and risk.
    To develop the architecture, DNDO assesses current and planned 
capabilities against the evolving radiological and nuclear threat, 
using rigorous risk assessments, for example. Since 2007, and as 
directed by HSPD-18 (Medical Countermeasures against Weapons of Mass 
Destruction), DNDO has collaborated with the DHS Science & Technology 
Directorate (S&T) to produce the Integrated Chemical, Biological, 
Radiological, and Nuclear Terrorism Risk Assessment. DNDO leads the 
biennial radiological and nuclear terrorism risk assessment, which is 
then combined with similar biological and chemical risk assessments. In 
order to better inform resource allocation decisions, DNDO has improved 
the threat models in the risk assessment by adding an adaptive, 
intelligent adversary model and is working with DOE's National 
Laboratories to enhance improvised nuclear device models. DNDO has also 
supported DHS risk assessments such as the Strategic National Risk 
Assessment and the Homeland Security National Risk Characterization. 
DNDO is also working with operational partners to develop models that 
will provide vulnerability estimates for the risk assessment and more 
refined estimates for impacts to operations.
    To guide the strategic direction of the GNDA, the USG interagency 
developed the first-ever Global Nuclear Detection Architecture 
Strategic Plan in December 2010. In April 2012, the Secretary of 
Homeland Security issued a DHS Global Nuclear Detection Architecture 
Implementation Plan, which identified priorities, necessary 
capabilities, and monitoring mechanisms to assess progress. Recently, 
DNDO has worked with interagency partners to update the Global Nuclear 
Detection Architecture Strategic Plan. The 2014 Strategic Plan presents 
an updated definition and vision for the GNDA, as well as a mission, 
goals, and objectives for interagency efforts to detect, analyze, and 
report on nuclear or other radioactive materials that are out of 
regulatory control.
    While USG efforts and programs are critical, developing a global 
nuclear detection architecture relies largely on the decisions of 
sovereign foreign partners to develop and enhance their own national 
and regional detection programs. DNDO contributes to interagency 
efforts led by the Department of State by laying the groundwork to 
assist partner nations in developing defense-in-depth approaches to 
detecting illicitly trafficked nuclear or other radioactive materials. 
DNDO has also assisted in the development of guidelines and best 
practices through the Global Initiative to Combat Nuclear Terrorism and 
the International Atomic Energy Agency (IAEA) to outline the key 
characteristics of an effective architecture. To date, IAEA has used 
these guidelines and best practices in six regional training courses to 
help 42 nations initiate planning of national-level detection 
architectures, with over 100 planners trained in architecture 
development. To make the course available to a broad set of 
stakeholders, DNDO assisted the IAEA in conducting a train-the-trainer 
session to further expand the instructor pool to allow for English, 
Spanish, and French language versions of the course. This strategic 
partnership will continue to serve as a force multiplier for USG 
nuclear security efforts for years to come.
      conducting transformational research and developing systems
    Pursuant to Presidential Directive and the law, DNDO is also 
responsible for conducting an aggressive, evolutionary, and 
transformational program of research and development to generate and 
improve technologies to detect nuclear and radioactive materials. 
DNDO's transformational research and development efforts seek to 
achieve dramatic advancements in technologies to enhance our National 
detection and forensics capabilities. These developments may also 
reduce the cost and operational burden of using advanced technology in 
the field to maintain an enhanced level of protection. Annually, DNDO 
updates its research and development strategy based on prevailing risk, 
advancements in technology, and the availability of funding. By 
supporting technological advancement for both nuclear detection and 
forensics, DNDO achieves a strategic and fiscal benefit for the 
Government.
    Although significant progress has been made in addressing the gaps 
and needs of the GNDA and nuclear forensics, several challenges remain 
that require sustained investment. DNDO's technical challenges include 
the need for systems that:
   Are cost-effective with sufficient technical performance to 
        ensure wide-spread deployment;
   Can detect special nuclear material, such as plutonium and 
        uranium, even when heavily shielded;
   Facilitate enhanced wide-area searches in a variety of 
        scenarios, to include urban and highly cluttered environments;
   Can be used to monitor traffic in challenging pathways, such 
        as between ports of entry along our land and sea borders; and
   Determine the origin and manufacturing process of seized 
        material.
    DNDO has and will continue to advance fundamental knowledge in 
nuclear detection and forensics through a sustained long-term 
investment in the Exploratory Research program and Academic Research 
Initiative. These efforts directly address the aforementioned 
challenges through basic and applied research to feed more mature 
research and development projects such as DNDO's Advanced Technology 
Demonstrations.
    To develop essential technical expertise while advancing 
fundamental knowledge in nuclear sciences, DNDO invests in academic 
research through the Academic Research Initiative, supporting the next 
generation of scientists and engineers in areas such as advanced 
materials, nuclear engineering, radiochemistry, and deterrence theory. 
Since inception in 2007, DNDO has awarded 77 grants to 50 academic 
institutions, and supported over 400 students. On average, this program 
support results in over 50 journal papers per year. We are beginning to 
see these projects move up the technology pipeline. A new room 
temperature thallium-based semiconductor detector was transferred from 
Northwestern University to our Exploratory Research program and is now 
in its preliminary design review phase of development. Nuclear 
resonance cross-sections measured at Duke University are being used in 
our shielded special nuclear material detection projects, and 
background radiation measurements performed by University of California 
at Berkeley are being used in support of programs across the 
interagency.
    Several DNDO-sponsored research efforts have also led to new 
commercial products that provide enhanced operational capabilities to 
Federal, State, and local law enforcement and public safety personnel. 
Even before a Helium-3 shortage was identified, DNDO teamed with the 
Defense Threat Reduction Agency to explore options for better, more 
cost-effective alternatives for neutron detection.\1\ For portal 
systems, which require the largest quantities of this gas, DNDO worked 
with industry and is now deploying alternative detection technologies 
that do not require Helium-3. This enables the country to devote the 
scarce supplies of Helium-3 to those applications where no substitutes 
are possible. We have tested Helium-3 alternative technologies for use 
in mobile, backpack, and hand-held radiation detectors, several of 
which have already shown performance superior to the current-generation 
technologies. Importantly, due to a collaborative USG-wide effort to 
address the shortfall, our USG strategic reserve of Helium-3 can meet 
demand beyond fiscal year 2040.
---------------------------------------------------------------------------
    \1\ Helium-3 is a gas that is widely used to detect neutrons that 
are emitted by certain nuclear and other radioactive materials. Helium-
3 results from the radioactive decay of tritium. As the need for 
tritium for nuclear weapons decreased, so too did the availability of 
Helium-3.
---------------------------------------------------------------------------
    Other recent DNDO technological successes that transitioned from 
laboratories to commercially-available products include:
   Advanced radiation sensing materials such as cesium lithium 
        yttrium chloride, strontium iodide, and stilbene, which have 
        enhanced detection characteristics and can be used to build 
        more capable systems featuring simplified electronics, low 
        power requirements, and greater reliability;
   New electronics and advanced algorithms, for data processing 
        for identifying radioisotopes that support networked radiation 
        detection for improved wide-area search capabilities;
   Compact dual-energy X-ray generators with improved density 
        discrimination and higher shielding penetration that have been 
        integrated into commercially-available mobile radiography 
        systems; and
   Software to automatically detect special nuclear material 
        and shielding material in radiography images.
    DNDO continues to develop breakthrough technologies that increase 
performance and reduce the operational burdens of our front-line 
operators and improve their mission performance. For example, we are 
collaborating with U.S. Customs and Border Protection's (CBP) 
Laboratories and Scientific Services to use machine learning to greatly 
reduce the number of nuisance alarms in radiation portal monitors. In 
addition, we work with the Massachusetts Port Authority, S&T's Border 
and Maritime Security Division, and the United Kingdom's Home Office to 
develop and evaluate the next generation non-intrusive inspection 
imaging equipment. Of particular note, the collaboration in this case 
is expected to produce the first wholly-integrated system capable of 
detecting both nuclear material and contraband. Further, we jointly 
evaluate parameter-setting modifications to reduce the number of alarms 
from naturally-occurring radioactive material. In fact, after a 
rigorous program of laboratory tests, modeling and simulation, field 
trials, and successful pilots at two ports of entry, CBP has deployed 
the new technique to 26 seaports and 7 land border crossings through 
January 2015. This technique, which involves adjustments to the 
settings on the radiation portal monitors, is yielding operational 
efficiencies by reducing alarm rates from benign sources and the 
associated time CBP Officers would have needed to manually inspect that 
cargo.
    In addition to CBP, DNDO worked closely with the U.S. Coast Guard 
(USCG), the Transportation Security Administration (TSA), and State and 
local partners to identify key operational requirements for the design 
of next-generation radioisotope identification devices that can be used 
by law enforcement officers and technical experts during routine 
operations to identify radioactive materials and adjudicate alarms. 
Based on the enhanced detection material lanthanum bromide and improved 
algorithms, this new hand-held technology is easy-to-use, lightweight, 
and more reliable and, because it contains built-in calibration and 
diagnostics, has a much lower annual maintenance cost. An example of a 
successful acquisition program, the new system is receiving very 
positive reviews from operators in the field.
                   characterizing system performance
    DNDO's technology development efforts are coupled with a rigorous 
test and evaluation program. Over the years, DNDO's test program has 
grown and matured. To date, we have conducted more than 100 test and 
evaluation campaigns at more than 40 laboratory and operational venues, 
and evaluated systems including pagers, handhelds, portals, backpacks, 
and vehicle-, boat-, aircraft,- and crane-mounted detectors, as well as 
next-generation radiography technologies. To ensure the equipment is 
evaluated in the manner in which it will be used, these test campaigns 
are always planned and executed with operational users. In addition, we 
include interagency partners and use peer-reviewed processes. The 
results from DNDO's test campaigns have informed Federal, State, local, 
and Tribal partners on the technical and operational performance of 
detection systems, allowing them to select the most suitable equipment 
and implement the most effective concepts of operation for their unique 
needs.
    Pursuant to the law, DNDO leads the development of technical 
capability standards, and in collaboration with the National Institute 
of Standards and Technology, also supports the development, 
publication, and adoption of National consensus standards for radiation 
detection equipment. A total of 24 standards, including 11 U.S. 
standards with the American National Standards Institute, 10 
international standards with the International Electrotechnical 
Commission, and 3 technical capability standards now exist for homeland 
security applications. We have assessed commercially-available 
detection systems against National and international standards and in 
various operational scenarios. Notably, we completed the Illicit 
Trafficking Radiation Assessment program, a collaboration with the 
European Commission's Joint Research Center and the IAEA to evaluate 
nearly 80 instruments against consensus standards. The results enabled 
our stakeholders to compare the performance of commercially-available 
radiation detection equipment and provided manufacturers with 
constructive feedback on their products.
  implementing the domestic component of the global nuclear detection 
                              architecture
    DNDO is instrumental in implementing the domestic component of the 
global nuclear detection architecture. In conjunction with Federal, 
State, local, Tribal, and territorial operational partners, DNDO 
applies a disciplined approach to procure small and large-scale 
radiation detection and/or identification systems and deploy them at 
ports of entry, along our land and maritime borders, and in the 
interior of the United States. In addition, as part of DHS's Strategic 
Sourcing efforts, DNDO is the Department's commodity manager for hand-
held radiological and nuclear detection equipment. This enables us to 
take advantage of technical advancements and achieve cost savings by 
leveraging the volume demand of Department-wide and other Federal 
users.
    DNDO's collaborative system acquisition efforts have ensured that 
all USCG boarding parties have radiation detection equipment; all in-
coming general aviation flights are met by CBP Officers with radiation 
detectors; 100 percent of trucks and cars entering our Nation at land 
ports of entry are scanned for nuclear and other radioactive materials; 
almost 100 percent of maritime containerized cargo is similarly scanned 
at our sea ports of entry; and the TSA's Visible Intermodal Prevention 
and Response teams are equipped with radiation detectors.
    While technology acquisition and deployments are critical, we must 
also ensure that the training, exercise, and cross-jurisdictional 
protocols integral to mission success are adopted and sustained by 
operational partners. As such, DNDO provides program assistance 
services to Federal, State, local, Tribal, and territorial stakeholders 
who are developing or enhancing radiological and nuclear detection 
capabilities. This support includes assistance in developing and 
integrating local or regional programs into the global nuclear 
detection architecture, guiding the development of concepts of 
operations and standard operating procedures, and developing training 
and exercise products to ingrain those procedures into day-to-day 
activities.
    DNDO has made considerable progress in enhancing National 
radiological and nuclear detection capabilities in the following ways:
   We are on schedule to complete discussions on the 
        establishment, maintenance, and sustainment of radiological and 
        nuclear detection programs in all 50 States by the end of 2015.
   In conjunction with regional partners, we have developed 
        robust detection capability in the New York City region, 
        through the Securing the Cities program, where more than 19,450 
        personnel have been trained in nuclear detection operations and 
        more than 8,800 pieces of detection equipment have been 
        deployed. National program implementation began with expansion 
        to Los Angeles/Long Beach in 2012, and they are beginning to 
        train personnel and receive detection equipment. In 2014, the 
        National Capital Region was selected as the third Securing the 
        Cities site.
   DNDO's Assistance Program is currently engaged with 33 
        States, two major Urban Area Security Initiative regions (non-
        Securing the Cities), and 28 U.S. Coast Guard Area Maritime 
        Security Committees.
   Since 2008, DNDO has deployed Mobile Detection Deployment 
        Units over 200 times to provide radiological and nuclear 
        detection and communications equipment for Federal, State, and 
        local agencies to augment their capabilities during special 
        events or in response to elevated threat conditions.
    DNDO provides training products and support to develop, enhance, 
and expand radiological and nuclear detection capabilities. In 
partnership with the Federal Emergency Management Agency (FEMA), the 
Federal Law Enforcement Training Center, DOE, and DOJ, DNDO develops 
and implements protocols and training standards for the effective use 
of radiation detection equipment and associated alarm reporting and 
resolution processes. Since 2006, DNDO has developed 49 training 
courses listed in the Federal course catalog. In collaboration with 
interagency partners, including the Federal Law Enforcement Training 
Center, more than 33,500 law enforcement personnel and public safety 
officials from 35 States have participated in DNDO-supported 
radiological and nuclear detection training.
    DNDO also assists State and local partners in developing, 
designing, and conducting exercises that are compliant with the 
Homeland Security Exercise and Evaluation program methodology. The 
exercises provide valuable hands-on experience for personnel performing 
radiological and nuclear detection operations and assist decision 
makers in integrating the detection mission into their daily 
operations, while fostering the exchange of ideas and best practices 
amongst State and local partners. Since 2006, DNDO has conducted 
exercises with 21 States and annually supports up to 20 exercises. In 
fiscal year 2014, DNDO conducted 19 domestic exercises with State and 
local partners, as well as two international exercises.
    DNDO fields a unique Red Team that can objectively assess the 
operational effectiveness and performance of DNDO programs and deployed 
radiological and nuclear detection capabilities at the Federal, State, 
and local levels. Our Red Team works across the interagency employing a 
whole-of-Government approach to improve our National capabilities. At 
the Federal level we partner with DoD, DOE, and DOJ; within DHS with 
CBP, FEMA, TSA, USCG, and U.S. Secret Service; and with a myriad of 
State and local agencies across the United States. The Red Team 
evaluates deployed systems and operations and their associated tactics, 
techniques, and procedures, in as-close-to-realistic environments as 
possible. As covert and overt assessments are generally the only 
opportunity for operators of radiological and nuclear detection systems 
to gain experience detecting uncommon nuclear sources, these operations 
provide valuable feedback on the performance of tactics, techniques, 
and procedures. This feedback enables operators to improve their 
concepts of operation and readiness. For the past 5 years, DNDO's Red 
Team has averaged more than 25 overt and covert assessments per year, 
successfully conducting 33 evaluations in fiscal year 2014 in support 
of operational partners.
    DNDO is responsible for enhancing and coordinating the nuclear 
detection efforts of Federal, State, local, and Tribal governments and 
the private sector to ensure a managed, coordinated response. We also 
coordinate across the interagency to establish protocols and procedures 
to ensure that the technical detection of unauthorized nuclear 
explosive devices, fissile material, or other active radioactive 
material is promptly reported to the Secretaries of Homeland Security, 
Defense, and Energy, the Attorney General, and others as appropriate 
for action by law enforcement, military, emergency response, or other 
authorities.
    DNDO's Joint Analysis Center is essential in enhancing situational 
awareness, as well as providing technical support and informational 
products, to Federal, State, and local partners. The Joint Analysis 
Center maintains and provides awareness for mission partners of 
deployed detection capabilities, monitoring on-going events or threats, 
and maintaining historical data. Using the Joint Analysis Center 
Collaborative Information System, DNDO facilitates nuclear alarm 
adjudication and the consolidation and sharing of information through 
geographic information system displays and databases. This system is 
available for direct access by our State and local partners, providing 
them with the ability to manage, document, and execute a radiological 
and nuclear detection program. This includes the ability to 
electronically maintain training and certification, and consolidates 
and maintains a database of detector equipment and Nuclear Regulatory 
Commission State licensees. Through this information system, we connect 
to the Triage system, maintained by DOE's National Nuclear Security 
Administration, to enable a seamless transition when National-level 
adjudication assistance is required. To increase awareness of lost and 
stolen sources and other relevant information, DNDO's Joint Analysis 
Center publishes Unclassified weekly information bulletins, summarizing 
relevant news articles and providing useful facts about radioactive 
materials. This weekly information bulletin currently reaches every DHS 
Fusion Center and over 2,000 global nuclear detection architecture 
stakeholders.
    In addition to direct interaction with individual States and law 
enforcement agencies, DNDO hosts biannual State and Local Stakeholder 
Working Group meetings and Executive Steering Council meetings with law 
enforcement and other supervisory personnel to exchange best practices 
and to obtain feedback on DNDO's initiatives. The State and Local 
Stakeholder Working Group provides a forum for DNDO to meet with our 
stakeholders to discuss their current activities, lessons learned, and 
planned detection initiatives. This forum also provides State and local 
leaders an opportunity to convey their perspective on mission needs and 
radiation detection requirements, so that DNDO can develop the 
necessary products and services to support their efforts. The Executive 
Steering Council provides policy coordination and implementation 
between DNDO and senior-level State and local leaders regarding 
radiation detection programs, and serves as a mechanism to solicit 
input from senior leaders on their successes, evolving requirements and 
challenges, as well as for DNDO to apprise them of on-going efforts to 
support their jurisdictions. Both the Stakeholder Working Group and the 
Executive Steering Council have been received favorably and continue to 
reinforce the relationship between DNDO and key stakeholders.
                    acquisition process improvements
    To enhance mission delivery and improve investment management, DNDO 
designed the Solution Development Process. Aligned with DHS Acquisition 
Management Directive 102-01, the Solution Development Process 
institutes an integrated governance approach to program and project 
oversight throughout the systems engineering life cycle. The process 
brings all programs and projects under leadership governance-
establishing a shared language, with common practices to increase 
efficiencies, promote programmatic and budgetary transparency, and 
bolster accountability. It aligns with DHS enterprise architecture, 
acquisition management, and capital planning and investment processes. 
A critical component of the process is the active involvement of 
operational partners, who serve as Lead Business Authorities, and 
requires rigorous technical reviews at each programmatic stage. In 
adhering to the process, DNDO ensures current and future programs are 
appropriately structured and have the necessary oversight for success. 
DNDO will continue to incorporate lessons learned and process 
improvements as the process matures, sharing them throughout DHS to 
strengthen Departmental unity of effort--one of the Secretary's top 
priorities.
    Based in part on lessons learned from the cancelled Advanced 
Spectroscopic Portal program, DNDO has significantly bolstered 
acquisition management policy and strengthened its implementation via 
robust and disciplined governance and program management processes. 
DNDO closely collaborated with CBP to complete a post-implementation 
review and identified 32 lessons learned, including findings in 
acquisition management. These efforts have enabled us to ensure that 
programs are selected based on sound business cases and are well-
managed, resulting in an efficient and effective use of DNDO's 
appropriated funds.
    Finally, recognizing the important contributions and innovations of 
private industry, National laboratories, and academia, DNDO has evolved 
its acquisition focus from one that is predominantly fueled by a 
Government-funded, Government-managed development process to one that 
relies upon industry-led research and development. As such, DNDO 
technology development programs now proceed with a ``commercial first'' 
approach; engaging first with the private sector for solutions and only 
moving to a Government-sponsored and managed development effort if 
necessary. This approach leverages private-sector innovation, taking 
advantage of industry's innate flexibility and ability to rapidly 
improve technologies. In some cases, shifting to commercial-based 
acquisitions will even reduce the total time to test, acquire, and 
field technology.
                         forensics capabilities
    An act of nuclear terrorism or an interdiction of a nuclear threat 
would necessitate rapid, accurate attribution. Any USG response would 
need sound scientific evidence supporting the determination of the 
responsible parties. Nuclear forensics would support leadership 
decisions. DNDO's National Technical Nuclear Forensics Center focuses 
on continuously evaluating and improving the nuclear forensics 
capabilities with specific responsibilities to:
   Improve the readiness of the overarching USG nuclear 
        forensic capabilities, from pre- to post-detonation, through 
        centralized stewardship, planning, assessment, exercises, 
        improvement, and integration;
   Advance the technical capabilities of the USG to perform 
        forensic analyses on pre-detonation nuclear and other 
        radioactive materials; and
   Build and sustain an expertise pipeline for nuclear forensic 
        scientists.
    Operational readiness of USG nuclear forensics capabilities has 
improved markedly in recent years. Efforts of the nuclear forensics 
community are integrated through the alignment of program capabilities, 
coordination of research and development and operational activities, 
and accelerated capability development through synchronized interagency 
investments. The interagency uses two primary DNDO-led mechanisms, the 
Nuclear Forensics Executive Council and Steering Committee, to 
facilitate consistent coordination across the USG. DNDO led the 
interagency effort to update and extend the National Strategic Five-
Year Plan for Improving the Nuclear Forensics and Attribution 
Capabilities of the United States, completing it in December 2014, and 
continues to synchronize resources among partner agencies through an 
established budget crosscut. Requirements are now regularly identified 
and developed by the Nuclear Forensics Requirements Center, co-chaired 
by DNDO and the FBI.
    Since the Nuclear Security Summit in 2010, international 
partnerships in nuclear forensics have greatly expanded, resulting in 
stronger National and international capabilities. DNDO provides 
subject-matter expertise to numerous initiatives, including 
multinational nuclear forensics table-top exercises, to enhance 
understanding among policy makers, law enforcement officials, and 
scientists, and to encourage and assist other nations in developing 
their national capabilities.
    Forensics exercises have become increasingly realistic and complex, 
with intensive multi-agency planning among the FBI, DOE, Army, Air 
Force, and DNDO. Many of the exercises now include State and local law 
enforcement. Other exercises have involved the Federal law enforcement 
and intelligence communities in order to plan and synchronize the 
fusion of intelligence, law enforcement, and technical forensics 
information, leading to a more efficient and effective attribution 
process. In the international context, DNDO was involved in the 
``@tomic 2014'' table-top exercise in February of last year, bringing 
together 31 nations and several international organizations to enhance 
knowledge and awareness of how nuclear forensics can be used in nuclear 
smuggling cases. The exercise served as a side event leading up to and 
informing the Nuclear Security Summit 2014.
    Technical nuclear forensics capabilities for analysis of nuclear 
and other radioactive materials have steadily advanced. DNDO's efforts 
are focused on continually improving the accuracy, precision, and 
timeliness of material characterization information, and linking that 
information to the process and place of that material's origin. To 
date, DNDO has developed seven radiological and nuclear certified 
reference materials, which are forensically-relevant calibration 
standards used by the National laboratories to improve confidence in 
analytical conclusions. Additionally, DNDO has developed the first-ever 
laboratory-scale uranium processing capability that allows us to 
determine forensic signatures associated with specific variations in 
uranium manufacturing processes. This capability enables us to 
determine forensics signatures without having direct access to samples 
from foreign fuel cycles. We are now developing a similar plutonium 
processing capability. Further, in cooperation with DOE and DoD, DNDO 
has developed and installed a nuclear forensics data evaluation 
capability at Sandia National Laboratories that enables forensic 
scientists to develop and test data analysis tools and evaluate large 
sets of data in order to identify distinguishing characteristics of 
specific nuclear materials. DNDO remains focused on advancing the 
National ability to trace nuclear materials back to their source.
    DNDO's efforts to restore the National expertise pipeline have also 
shown substantial success to date. The Congressionally-mandated 
National Nuclear Forensics Expertise Development program is a 
comprehensive effort to grow and sustain the scientific expertise 
required to execute the National technical nuclear forensics mission. 
Launched in 2008, this effort is a key component in assuring a robust 
and enduring nuclear forensics capability and its contribution to the 
Nation's efforts at preventing nuclear terrorism. In close partnership 
with eight National Laboratories, the program has provided support to 
more than 300 students and faculty and 27 universities in partnership 
with 11 National laboratories. We are steadily progressing toward 
adding 35 new Ph.D. scientists to the nuclear forensics field by 2018 
to revitalize the pipeline and replace anticipated attrition or 
retirements from the DOE National Laboratories. Twenty-four new nuclear 
forensics scientists have come through the National Nuclear Forensics 
Expertise Development program and been hired by the National 
laboratories and Federal agencies since the program's inception.
                                closing
    Thank you again for the opportunity to discuss the on-going efforts 
of DNDO to prevent and protect against radiological threats.
    While DNDO has made considerable progress since it was established 
in 2005, much remains to be done. It will be a challenge to remain one 
step ahead of the adversary--particularly one that is intelligent and 
adaptable. We must ensure our efforts are robust so that the obstacles 
terrorists face are many. DNDO's detection and forensics programs, in 
concert with those of our partners and stakeholders, both in these 
areas and along the spectrum of nuclear security, are foundational 
elements in creating these impediments. Together, we can build upon 
DNDO's integrated approach to architecture planning, testing and 
assessments, research and development, operational support, and nuclear 
forensics to strengthen the Nation's capabilities to deter, detect, and 
interdict the nuclear threat and to hold those responsible accountable 
for their actions. We remain committed to this challenge and deeply 
appreciate this subcommittee's sustained interest and support in our 
shared goals to secure the homeland.

    Mr. Ratcliffe. Thank you, Dr. Gowadia.
    The Chairman now recognizes Mr. Martin for his testimony.

   STATEMENT OF JOSEPH F. MARTIN, ACTING DIRECTOR, HOMELAND 
  SECURITY ENTERPRISE AND FIRST RESPONDERS GROUP, SCIENCE AND 
  TECHNOLOGY DIRECTORATE, U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Martin. Good afternoon, Chairman Ratcliffe, Ranking 
Member Richmond, and Ranking Member Thompson, and distinguished 
Members of the subcommittee. Thank you for inviting me here 
this afternoon.
    My name is Jay Martin. I am the acting director of S&T's 
First Responders Group. As a first responder for over 20 years 
here in the National capital region, I understand the needs of 
the first-responder community and the potential that innovative 
technology can have on issues of emerging threats.
    DHS and our Nation's first responders operate in an 
evolving environment of both threats and opportunities. Our 
accelerating pace of risk and technology development loom over 
every mission in the Department. S&T's approach to R&D allows 
us to be more agile in helping our partners stay ahead of the 
threats and seize available opportunities.
    Recognizing the needs of our partners, S&T leans forward in 
engaging the end-user community to bring more focus to our 
work. We leverage technical expertise in critical areas that 
touch on all aspects of operations. We partner with emerging 
innovation leaders in industry, like wearable-technology 
developers. We strive to bring new solutions to widespread 
operational use in the homeland security enterprise.
    As part of being more forward-leaning, S&T recently 
finalized five visionary goals--cross-cutting goals that focus 
our work around common objectives. These align with 
Congressional direction, support Departmental policy, and 
address strategic challenges and threats identified by the 
homeland security enterprise.
    Our goals include: Screening at speed--that is, security 
that matches the pace of life; a trusted cyber future--
protecting privacy, commerce, and community; enable the 
decision maker--actionable information at the speed of thought; 
responder of the future--protected, connected, and fully aware; 
and, finally, resilient communities--disaster-proofing society.
    To achieve these visionary goals, S&T built a prioritized 
portfolio around Apex programs. Apex is focused on the most 
challenging homeland security problems to take a broad approach 
to reaching these goals, not a single-technology solution.
    Since S&T's first Apex began with the Secret Service in 
2010, we have helped partners identify efficiencies, save 
money, and integrate emerging technologies. For example, my 
group leads the Next Generation First Responder Apex. This 
program will enable first responders to make faster decisions, 
be more efficient, and operate safer as they respond to threats 
and disasters.
    Our Apex program is focused on unique challenges faced by 
fully-networked responders and is considering the cybersecurity 
impacts in all aspects of emerging technologies. This includes 
wearable technologies, advanced communications, and enhanced 
personal protective equipment.
    Across this Nation, over 70,000 Federal, State, local, 
Tribal, and territorial agencies are responsible for public 
safety and emergency response. S&T's ability to build 
partnerships is critical to supporting their efforts. S&T 
tailors its business model to succeed with these responders, 
including DHS operational components like my colleagues on the 
panel.
    Industry engagement is fundamental, and our programs are 
innovative, not only in outreach to responder and commercial 
entities but also in the use of alternative approaches to 
conduct research and development. Price competitions and a 
consolidation and integration of international markets are 
examples of ways that we are evolving how S&T does business.
    One of S&T's highest priority areas is in reinforcing 
response and recovery to a potential radiological or nuclear 
event. We work in conjunction with DNDO on pre-incident 
operations and with FEMA, Department of Energy, and EPA on 
response and recovery. S&T focuses lab and academia experts on 
the immediate problem of how to prepare and use equipment 
already in the hands of first responders if a radiological 
nuclear event were to occur. Our work enables State and local 
responders to increase their capabilities and to respond in the 
first minutes, hours, and days of an emergency.
    S&T conducts research development, testing, and evaluation 
to secure our Nation's critical information infrastructure and 
to plan for a more secure cyber future. S&T works to create 
partnerships between Government and private industry, the 
venture-capital community and the research community, including 
academia and National laboratories.
    Among our priorities is the financial sector, who we work 
with to ensure market reliability and cyber protection, as well 
as with the first responders on identity credentials and access 
management. S&T also assists in transforming cybersecurity 
technologies from research labs to the homeland security 
enterprise and the commercial marketplace.
    As our work with first responders demonstrates, we use 
technology as a force multiplier to enhance responder 
capabilities. We are also working with industry in new ways to 
use evolving technology to its fullest by integrating it into 
our approaches.
    Thank you for inviting me to appear before you today. I 
appreciate the opportunity to testify, and I will be pleased to 
answer your questions.
    [The prepared statement of Mr. Martin follows:]
                 Prepared Statement of Joseph F. Martin
                           February 12, 2014
    Good morning Chairman Ratcliffe, Ranking Member Richmond, and 
distinguished Members of the subcommittee. Thank you for the 
opportunity to testify before you today on the role of the Department 
of Homeland Security's (DHS) Science and Technology Directorate (S&T). 
S&T's mission is to help strengthen America's security and resiliency 
by providing assessments, analysis, and reports and developing 
innovative technology solutions for the Homeland Security Enterprise. 
In this testimony, I will discuss how technology shapes today's threat 
environment, empowering homeland security operators and first 
responders with new capabilities but also enabling malevolent actors. 
To address this, S&T helps operators harness and utilize technology, 
scientific knowledge, and engineering as a force multiplier and, where 
possible, to gain leap-ahead capabilities. To illustrate the role of 
technology and how S&T delivers it to the Homeland Security Enterprise, 
I will talk about S&T's experience with first responders and how we 
work with them to overcome gaps and achieve their missions more 
effectively, efficiently, and safely.
    Today, S&T and the Homeland Security Enterprise exist in an 
environment of rapidly-evolving threats and opportunities, and the 
accelerating pace of risk and technological development loom over every 
mission in the Department. Threats now range from lone-wolf violent 
extremists to non-state actors with state-like capabilities to rogue 
states with increasingly sophisticated abilities. In the past, only 
state actors had the resources and technical capacity necessary to 
create extreme levels of destruction and disruption. Today, individual 
actors have access to technology that is sufficient to make explosive 
devices, develop biological weapons, or execute sophisticated cyber 
attacks. The wide variation of potential malicious actors--ranging from 
individuals to terrorist groups to state actors--each have a wide range 
of capabilities and options to carry out acts that pose immense 
challenges to homeland security operators. All of this is compounded by 
the accelerating evolution and revolution of technology. The fields of 
manufacturing and material sciences, information technology, and 
biosciences have made revolutionary gains in the last decade. With the 
commercial sector, particularly small and medium-sized business, 
driving innovation and with trends like the maker movement 
proliferating and democratizing technology, new homeland security 
challenges and opportunities continue to mount.
              reinventing r&d to be more modern and agile
    The traditional Federal model for research and development (R&D) is 
based on decades-old assumptions that, in many cases, are ill-suited to 
today's environment and can stifle innovation in Government. Federal 
funding still drives the majority of basic and applied research, but 
private-sector investment focused on late-stage development surpassed 
Government's total annual R&D investments in the 1980s and has 
continued this trend. In homeland security, innovation cycles in areas 
like advanced analytics, communications, additive manufacturing, and 
cyber occur so quickly that traditional Government vehicles for 
investment and acquisition struggle to keep up with advances and 
changes in technology.
    Recognizing the growing need for homeland security-tailored 
technology paired with an evolving innovation ecosystem that includes 
greater investment by the private sector, S&T is reinventing its 
approach to R&D to be more agile in helping our partners stay ahead of 
threat trends. We are becoming more forward-leaning, bringing more 
focus to our portfolio, and engaging more effectively with industry. We 
are dedicating a portion of our R&D programs to leveraging technical 
expertise in critical areas that touch on all aspects of operation 
(e.g., data analytics, network security). We are partnering with 
emerging innovation leaders in industry and shifting our R&D and 
testing and evaluation toward DHS component-based innovation centers 
focused on bringing new solutions to wide-spread operational use. Taken 
together, this will make S&T a more capable R&D agent for homeland 
security operators and first responders.
S&T's Visionary Goals
    As part of being more forward-leaning, S&T recently finalized five 
visionary goals as North Star-like objectives. To arrive at the five 
goals below, S&T used an inclusive, transparent platform to garner 
input not only from all of S&T but also from our partners and 
stakeholders inside and outside of Government. The goals are cross-
cutting and coalesce S&T around common objectives, align with 
Departmental doctrine and policy, and address strategic challenges and 
threats identified by the Homeland Security Enterprise. Finally, and 
perhaps most importantly, the Visionary Goals inspire and excite the 
science and technology ecosystem around ambitious, innovative 
solutions.
   Screening At Speed: Security that Matches the Pace of 
        Life.--Noninvasive screening at speed will provide for 
        comprehensive protection while adapting security to the pace of 
        life rather than life to security. With safeguards to protect 
        privacy, unobtrusive screening of people, baggage, or cargo 
        will enable the seamless detection of threats with minimal 
        impact on the pace of travel and speed of commerce.
   A Trusted Cyber Future: Protecting Privacy, Commerce, and 
        Community.--In a future of increasing cyber connections, 
        underlying digital infrastructure will be self-detecting, self-
        protecting, and self-healing. Users will trust that information 
        is protected, illegal use is deterred, and privacy is not 
        compromised. Security will operate seamlessly in the 
        background.
   Enable the Decision Maker: Actionable Information at the 
        Speed of Thought.--Predictive analytics, risk analysis, and 
        modeling and simulation systems will enable critical and 
        proactive decisions to be made based on the most relevant 
        information, transforming data into actionable information. 
        Even in the face of uncertain environments involving chemical, 
        biological, radiological, or nuclear incidents, accurate, 
        credible, and context-based information will empower the 
        decision maker to take instant actions to improve critical 
        outcomes.
   Responder of the Future: Protected, Connected, and Fully 
        Aware.--The responder of the future is threat-adaptive and 
        cross-functional. Armed with comprehensive physical protection, 
        interoperable tools, and networked threat detection and 
        mitigation capabilities, responders of the future will be 
        better able to serve their communities.
   Resilient Communities: Disaster-Resilience for the Future.--
        Critical infrastructure of the future will be designed, built, 
        and maintained to be resilient to naturally-occurring and man-
        made disasters. Decision makers will know when a disaster is 
        coming, anticipate the effects, and use already-in-place or 
        rapidly deployed countermeasures to shield communities from 
        negative consequences. Resilient communities struck by 
        disasters will not only bounce back but bounce back quicker.
    In establishing S&T's Visionary Goals, we took a major step forward 
in creating two-way dialogue around our work. This crowdsourcing shaped 
our final product with additional feedback that we would not 
necessarily have otherwise been able to tap into. As a natural 
extension, we created the National Conversation on Homeland Security 
Technology, which brings together all interested parties (responders, 
operational users, citizens, academia, and industry to name a few) to 
play a role in shaping the future of homeland security technology. 
Through on-line forums and in-person discussions, we will foster 
understanding of the homeland security market and build progress toward 
outcomes that will keep us all safer and minimize disruption to the 
pace of daily life.
  using science and technology to address first responder operational 
                                 needs
    To look at the role of technology and how S&T delivers new 
capabilities to the Homeland Security Enterprise, an illustrative 
example is our work for the responder community. More than 70,000 
Federal, State, local, Tribal, and territorial and entities support 
public safety and emergency response in every community across the 
Nation. First responders cross disciplines, including law enforcement, 
fire services, emergency medical services and emergency management, and 
serve communities of widely-ranging sizes and specific needs against a 
backdrop of complex operational realities and limitations.
    First responders also face a myriad of threats that materialize in 
various fire, natural disaster, terrorism, and mass casualty 
emergencies. As a result, responder organizations must plan for wide-
ranging response including routine, day-to-day duties as well as rare, 
catastrophic events. Those organizations also face the challenge of 
furnishing responders with equipment and training that enable all-
hazard response to rare events without interfering with routine duties.
    To identify common gaps and address the most pressing responder 
needs, S&T has an organization within the Directorate--its First 
Responders Group (FRG)--dedicated to strengthening first responder 
safety and effectiveness. S&T, through FRG, focuses on evolving, high-
impact threats and how to prepare responders without disrupting day-to-
day operational duties. Example projects include all-hazard 
communications and data interoperability, situational awareness, and 
personal protective equipment as well as more specific work in 
radiological/nuclear response and recovery. As new threats emerge, S&T 
works with the first responder community to identify and fill resulting 
capability gaps guided by several principles for identifying solutions:
   Operational Needs Drive Projects.--Recognizing that 
        initiatives must be based on user needs and driven from 
        responders in the field.
   Building on Existing Investments.--Encouraging efficiencies 
        by building on existing investments saves money by avoiding 
        unnecessary and duplicative development of new hardware, 
        software, data development, and training.
   Leveraging Existing Solutions.--Conducting technology 
        foraging to help leverage existing interagency and private-
        sector solutions before any investments in new solutions are 
        made.
   Forming Partnerships.--Building partnerships across Federal, 
        State, local, Tribal, and territorial agencies as well as with 
        international partners to maximize funding and increase 
        adoption.
   Daily Use Solutions.--Seeking technological solutions that 
        improve not only catastrophic response but daily use by first 
        responders.
   Non-Proprietary Solutions.--Ensuring that technologies from 
        different manufacturers can actually interoperate requires the 
        use of open-source, non-proprietary solutions and standards-
        based approaches.
   Affordable and Accessible Solutions.--Recognizing that 
        solutions need to be affordable and commercially available for 
        purchase.
    As you will see detailed below, S&T tailors its business model to 
succeed with State, local, Tribal, and territorial first responders in 
addition to DHS operational components including the Domestic Nuclear 
Detection Office (DNDO), National Protection and Programs Directorate 
(NPPD), and Secret Service. Industry engagement is fundamental, and our 
programs are innovative not only in outreach to responder and 
commercial communities but also in use of funding vehicles. Prize 
competitions and consolidation and integration of international 
markets, for example, draw down risk to industry and incentivize 
product development.
First responder engagement at every stage of development
    FRG engages end-users at every stage of the technology development 
process. By engaging end-users at the beginning of the technology 
development cycle for requirements and then continuing throughout the 
R&D process, FRG fosters user-produced innovation and ensures that the 
solutions developed have a high probability of being transitioned to 
the field. Prototypes will then be commercialized, deployed, and 
adopted as rapidly as possible. For fielded technologies, this enhances 
wide-spread adoption of these technologies in the field. This early and 
frequent engagement also helps FRG to better align current and future 
investments with responders' highest-priority needs.
    First responder capability gaps are identified through a series of 
studies that culminate in a knowledge product known as Project 
Responder, which describes the highest-priority needs for catastrophic 
incident response. The latest iteration, Project Responder 4, focuses 
on identifying high priority capability needs, shortfalls, and 
priorities for catastrophic incident response. It identifies a set of 
enduring and emerging capability needs, frames them into technology 
objectives, and assesses the state of science and technology to meet 
those needs. Findings are based on discussions with Federal, State, and 
local first responders as well as technical subject-matter experts. 
These interactions ensure that potential solutions reflect operational 
considerations and are based on an actionable and achievable technology 
path or roadmap. With Project Responder as a foundation, FRG uses its 
First Responder Resource Group, consisting of more than 120 first 
responders and representatives of National first responder 
associations, to translate broad capability gaps and needs into 
defined, validated requirements, performance measures, and concepts of 
operations that can be incorporated into FRG's solicitations for 
projects. Recent requirements have ranged from location information and 
proximity to risk for responders to communication in any environmental 
condition to versatile clothing and equipment that protects against 
multiple hazards.
    After identifying requirements, FRG conducts internal and external 
technology foraging to determine who else is working in this space and 
what partial or complete solutions may already exist. Wherever 
possible, existing investments by Federal partners, academia, and the 
private sector are leveraged. FRG selects projects for funding based on 
a number of criteria including the practitioner-identified gaps, 
criticality/operational impact, threat likelihood, applicability, state 
of the science, cost-benefit analysis, ease of integration, transition 
likelihood, and time needed to prototype. Responders work with FRG 
program managers throughout the life cycle of each project and assist 
DHS in creating awareness in the field of these newly-developed 
solutions.
    Ultimately, S&T teams with the first responder community and 
commercial sector to transition technologies, standards, and knowledge 
products and integrate them into regular use. As solutions develop into 
mature, commercial products, they ultimately can be purchased by first 
responder organizations through the Federal Emergency Management 
Agency's (FEMA) Authorized Equipment List (AEL), which is a list of 
equipment approved for purchase using FEMA grants. As a service to 
first responders, FRG also provides objective buying advice for first 
responders looking at the AEL to help them make informed purchase 
decisions. The System Assessment and Validation for Emergency 
Responders (SAVER) program conducts objective assessments and 
validations of commercial off-the-shelf equipment and publishes 
explanations for different tools and technologies and their 
application. After S&T has helped commercialize a product and published 
it on the AEL, we still work with responders through FirstResponder.gov 
and other Federal R&D agencies such as the National Institute of 
Justice to promote awareness and enable informed procurement decisions 
in the first responder community.
Radiological/nuclear response and recovery
    One of FRG's highest-priority areas is reinforcing response and 
recovery to a potential radiological or nuclear event. The detonation 
of a radiological dispersal device or improvised nuclear device (IND) 
has the potential to cause significant casualties, economic disruption, 
and critical infrastructure destruction. Responding to and recovering 
from such an event poses unique challenges to responder organizations. 
S&T, through its National Urban Security Technology Laboratory (NUSTL), 
works in conjunction with DNDO on pre-incident operations and with 
FEMA, the Department of Energy (DOE), and the Environmental Protection 
Agency (EPA) on response and recovery. A distinguishing aspect of S&T's 
program is that, recognizing the significant lag between development of 
new technology and broad deployment with responders, S&T focuses lab 
and academia experts on the immediate problem of how to prepare and use 
equipment already in the hands of first responders if a radiological or 
nuclear event were to occur. S&T's products and science-based guidance 
(e.g., how to manage complex incident data, methods to mitigate 
community exposure to radiation hazards) go directly to State and local 
responders, increasing their capabilities to respond in the first 
minutes, hours, and days of a radiological emergency.
    The foundation for S&T's work was analysis of significant but 
broadly dispersed work already completed or under way in the field 
combined with direct interaction with local agencies to understand 
their major roadblocks in preparing for radiological response. This was 
documented and synthesized in the DHS S&T Radiological/Nuclear Response 
and Recovery Research and Development Investment Plan. Based on the 
plan, the related portfolio now consists of 10 individual activities 
serving a broad coalition of stakeholders. Examples include the 
following:
   Compiling guidance and best practices on radiological 
        particle containment, rapid gross-decontamination, and early 
        phase waste management into an electronic application, making 
        it easy for local agency decision makers and responders in the 
        field to access key information.
   Revisiting scientific research and publications related to 
        radiological dispersal device response to make guidance 
        actionable for first responders through tools and preparedness 
        efforts.
   Improving radiological data management and modeling 
        technology used by specialized Federal agencies and making it 
        more easily available and accessible to State and local 
        agencies to increase operational capability and also increase 
        communication and coordination between levels of government.
    Another S&T project of interest is the Radiological Emergency 
Management System (REMS), which is a network of gamma radiation 
detectors that provides emergency managers with information on 
environmental radiation levels to support response and recovery 
operations in the event of a radiological or nuclear event. REMS was 
designed at NUSTL in coordination with DNDO and commercialized by a 
major instrument manufacturer. The New York Police Department, which 
has a deep relationship with NUSTL, has purchased and deployed dozens 
of REMS sensors as part of its operational system and stands as a 
baseline for potential use in other major metropolitan areas.
    Though S&T's investment in radiological/nuclear response and 
recovery is relatively young, the portfolio is making a significant 
impact by leveraging millions of dollars in previous and on-going 
investments by DNDO, FEMA, the Department of Defense, EPA, and DOE and 
by taking advantage of long-standing relationships with DHS components 
like DNDO and FEMA with operational missions in this space.
Next Generation First Responder Apex program
    Since S&T's first Apex program began with the Secret Service in 
2010, Apex programs have been some of our most successful. With recent 
expansion of Apexes as a portion of S&T's portfolio, much of the 
original Apex structure will remain--these will still be cross-cutting, 
multi-disciplinary efforts intended to solve problems of strategic 
operational importance--but the projects are being scaled to apply to a 
wider portion of the portfolio and will operate on longer 5-year time 
lines. The Next Generation First Responder (NGFR) Apex program vision 
is first responders who are protected, connected, and fully aware and 
capable of faster, more efficient, and safer response to threats and 
disasters of all types. NGFR is developing an integrated and modular 
ensemble that includes an enhanced duty uniform, personal protective 
equipment (PPE), wearable computing and sensing technology, and robust 
communication capability. The modularity and flexibility of NGFR's 
approach promotes affordability while still supporting diverse 
environments, including PPE and duty uniforms enhanced for fire 
resistance, liquid resistance and splash protection, puncture 
resistance, and improved usability and comfort.
    NGFR is harnessing the best existing and emerging technologies and 
integrating them into a well-defined and standards-based open 
architecture. A fundamental element of NGFR's strategy to accomplish 
this will be tapping into the dynamic and growing market for wearable 
sensors and smart technology. It will use innovative outreach and 
funding vehicles like prize competitions to bring in innovative corners 
of the market that have not historically partnered with the Federal 
Government. NGFR will ultimately be able to provide real-time situation 
awareness and give previously unattainable recognition and avoidance of 
hazards before, during, and after incidents.
    To support NGFR and many other projects, S&T is also being more 
innovative in its interface with the international first responder 
community. First responders around the globe share a common mission to 
ensure the safety and security of the people they serve. They are often 
asked to respond to complex incidents like the Deep Water Horizon oil 
spill and Fukushima Daiichi nuclear disaster. Most countries 
collaborate at an international level but largely address responder 
challenges independently and face funding challenges, duplicate effort, 
and struggle to gain traction in a fragmented global market. To 
facilitate more robust cooperation and build a larger market for global 
first responder needs, S&T leads the International Forum to Advance 
First Responder Technology. The forum is a government-sponsored 
platform for the following:
   Defining a common set of capability gaps across the globe;
   Using assessments of global markets and opportunities to 
        inform prioritization;
   Providing a platform for international collaboration on R&D 
        initiatives and solutions;
   Engaging industry throughout, to prepare it to make advanced 
        technology available at affordable prices.
    The forum initially consists of government representatives from 
S&T's 13 bilateral partners, Finland, and Japan. It will give 
responders a global voice and use common problem sets and standards to 
create or broaden global markets for first responder technology. 
Ultimately, this lowers risk for industry and incentivizes investment 
in more robust capabilities and product lines.
Identity, Credential, and Access Management
    To protect first responder voice and data communications, assuring 
secure access to networks and systems is critical. This requires the 
registration, verification, authentication, and authorization of 
network users. This technology area is commonly called Identity, 
Credential, and Access Management (ICAM). FRG, in close partnership 
with S&T's Cyber Security Division, NPPD's Office of Emergency 
Communication (OEC), the DHS Office of the Chief Information Officer, 
the White House's Program Manager for the Information Sharing 
Environment (PM-ISE), and other partners, is developing ICAM approaches 
for the Nation's public safety community. While many ICAM solutions do 
exist today, significant interoperability issues remain for many 
technical and policy reasons. This leads most public safety officials 
to maintain multiple cyber identities to perform their job, which is 
not only inefficient but also adds security risks.
    With more than 60 percent of the public safety community leveraging 
communication and information-sharing capabilities of broadband 
services, S&T has a responsibility to help secure communications and 
data across these networks. This is an increasingly complex problem, 
but we collaborate with our partners to address this by developing and 
proliferating standards-based approaches that align with Federal ICAM 
guidance. Related to this problem, S&T must assure that ICAM practices 
of the future (NPSBN) will meet the security needs of the public safety 
community and be interoperable with the practices of other networks. 
FirstNet is an independent authority charged with implementing a single 
wireless broadband data-sharing network, the NPSBN, primarily for 
public safety personnel. Ultimately, more than 5 million members of the 
public safety community may use FirstNet, and S&T, along with other 
public and private partners will help ensure the security and 
dependability of communications across the NPSBN for first responders.
    In January 2015, with our partners, the PM-ISE, and the 
International Association of Chiefs of Police, S&T released a report 
recommending principles and actions for developing an ICAM 
interoperability strategy that will focus on registering, verifying, 
and authorizing network users. While this strategy focuses on FirstNet, 
the principles and actions will be relevant to any initiative that 
needs to identify and authorize users for access to secure resources. 
We will continue to work with our partners, in particular PM-ISE and 
NPPD OEC, to address immediate and longer-term needs of first 
responders on high-priority ICAM issues.
                               conclusion
    Today, I discussed how technology shapes today's threat environment 
as a double-edged sword, empowering operators and first responders on 
one hand but enabling malevolent actors and raising the risk of complex 
technological disasters on the other. As our work with first responders 
demonstrates, S&T is helping the Homeland Security Enterprise harness 
and utilize technology as a force multiplier and to gain leap-ahead 
capabilities.
    Thank you for inviting me to appear before you today. I appreciate 
the opportunity to testify and would be pleased to answer any questions 
you may have.

    Mr. Ratcliffe. Thanks very much, Mr. Martin.
    The Chairman would now like to recognize Mr. Noonan to 
testify.

 STATEMENT OF WILLIAM NOONAN, DEPUTY SPECIAL AGENT IN CHARGE, 
      CRIMINAL INVESTIGATIVE DIVISION, U.S. SECRET SERVICE

    Mr. Noonan. Good afternoon, Chairman Ratcliffe, Ranking 
Member Richmond, Ranking Member Thompson, and distinguished 
Members of the subcommittee. Thank you for the opportunity to 
testify with our DHS partners regarding the evolving threat of 
cyber crime to our Nation and our work to research and develop 
technologies that aid us in countering new and emerging 
threats.
    The Secret Service continues our founding mission to 
investigate crimes impacting our Nation's financial system. 
Over the past several decades, our financial system has 
increasingly become dependent on information technology. As a 
result, criminals motivated by greed have adapted their methods 
and are using cyber space to steal sensitive information for 
use in highly profitable fraud schemes and other illicit 
activities.
    The wealth accrued by the world's most skilled cyber 
criminals is staggering. Most have become multi-millionaires 
through their criminal endeavors, and they are not stopping 
there.
    Current cybersecurity efforts are being outpaced by 
criminals, who reinvest their illicit proceeds to strengthen 
their cyber capabilities. Over the past 10 years, the Secret 
Service has observed the development of transnational cyber 
criminals into highly-capable adversaries. They routinely 
compromise highly secure computer networks, they accomplish 
increasingly profitable schemes, they enable the malicious 
cyber operations of others, and they undermine the rule of law 
in order to protect their criminal enterprises.
    Rich off the money they have stolen from Americans, our 
Nation faces increasing risk that sophisticated cyber criminals 
may coordinate their unique skill sets and combined expertise 
to conduct cyber attacks against our critical infrastructure.
    In considering all the high-profile cyber incidents this 
past year, it is clear that defense alone is inadequate. 
Proactive law enforcement investigations are essential in 
combating these threats. Conducting these investigations is 
what drives our work at the Secret Service. We focus on 
investigating the most capable cyber criminals, those 
individuals and groups that continue to reinvest their profits 
in growing capability.
    To combat these criminals, the Secret Service works closely 
with our partners at DHS's Science and Technology and National 
Protection and Programs Directorates in addition to our 
partners in academia and the private sector to research and 
develop technologies to enhance our operations.
    Through our international network of Electronic Crimes Task 
Forces, the Secret Service partners with over 4,000 private-
sector organizations; 2,500 international, Federal, State, and 
local law enforcement agencies; and over 350 academic partners.
    Just to highlight three examples of where Secret Service 
works with our academic partners: At Carnegie Mellon 
University, the Secret Service has assigned special agents to 
the CERT Coordination Center since 1998. Through this 
partnership, the Secret Service has been able to develop and 
field innovative technologies that enable the Secret Service to 
both investigate and protect against cyber threats. It is 
through this partnership at Carnegie Mellon that the Secret 
Service first established the Critical Systems Protection 
Program in 2001 and continues to develop and field technologies 
to secure the critical systems that our protective mission 
depends on.
    At the University of Tulsa, the Secret Service established 
the Cell Phone Forensic Facility in 2008 to understand threats 
involving mobile devices and support law enforcement 
investigations. This facility continues to be a global center 
of excellence in those fields, continually developing new 
methods for recovering evidence from mobile devices and 
performing the most challenging of forensic exams--those 
involving damaged devices. This facility is an excellent 
example of an effective academic partnership, where students 
conduct work and research that directly address some of the 
most challenging problems we face.
    At the University of Texas, Austin, the Secret Service is a 
member of the Center for Identity and serves on its board of 
advisors. The Center for Identity was established in 2010 and 
is focused on researching the identity ecosystem and 
strengthening our ability to counter identity theft and other 
emerging identity-related threats.
    The work of our private and academic partners is critical 
for the Secret Service to keep pace with the changing use of 
technologies by adversaries who target our homeland.
    As this panel demonstrates, cyber crime is just one of 
several challenges at the intersection of technology and 
security that our Department is charged with countering. We at 
the Secret Service are committed to continuing to adapt and 
innovate the performance of our integrated mission.
    Thank you for the opportunity to testify, and I look 
forward to your questions.
    [The prepared statement of Mr. Noonan follows:]
                  Prepared Statement of William Noonan
                           February 12, 2015
    Good morning Chairman Ratcliffe, Ranking Member Richmond, and 
distinguished Members of the subcommittee. Thank you for the 
opportunity to testify on the Secret Service's progressive efforts to 
protect our homeland by countering cyber criminal activity.
    The cyber crime threats to our homeland continue to rapidly grow 
fuelled by the wealth these illicit activities are generating. For over 
three decades the Secret Service has investigated cyber criminal 
activity \1\ and worked to counter some of the most proficient 
transnational cyber criminal groups. Based on our experience 
investigating and apprehending many of the most capable and prolific 
transnational cyber criminals, I hope to provide this committee with 
useful insight into the continued threat our Nation faces from 
malicious cyber activity.
---------------------------------------------------------------------------
    \1\ Congress established 18 USC  1029-1030 as part of the 
Comprehensive Crime Control Act of 1984 and explicitly assigned the 
Secret Service authority to investigate these criminal violations.
---------------------------------------------------------------------------
                  the transnational cyber crime threat
    Nearly 15 years ago, advances in computer technology and greater 
access to personally identifiable information (PII) via the internet 
created on-line marketplaces for transnational cyber criminals to share 
stolen information and criminal methodologies. This has resulted in a 
steady increase in the quality, quantity, and complexity of cyber 
crimes targeting private industry and critical infrastructure. These 
crimes include network intrusions, hacking attacks, and account 
takeovers leading to significant data breaches affecting every sector 
of the economy. Recently reported payment card data breaches are 
examples of this long-term trend of major data breaches perpetrated by 
transnational cyber criminals who are intent on targeting our Nation's 
financial payment system for illicit gain.
    The wealth accrued by the world's most capable cyber criminals is 
staggering. Some have become millionaires through their cyber criminal 
activities, even buying numerous resort properties in tropical 
locations. More significantly they are reinvesting what they have 
stolen to develop increasingly sophisticated cyber capabilities and 
organizations to perpetuate and expand their illicit schemes. The 
capabilities these criminals develop are increasingly being used by 
foreign states for intelligence collection or military purposes.
    The collaboration amongst top tier cyber-criminals is astounding. 
These individuals routinely trust one another with millions of dollars 
as they execute their highly distributed transnational criminal 
conspiracies. These groups have increasingly segmented their 
operations, allowing for the development of highly-talented specialists 
in performing each part of the criminal schemes: From gaining 
unauthorized access to protected computer networks, to engaging in 
sophisticated frauds, to laundering and distributing their proceeds. 
These growing specialties raise both the complexity of investigating 
these cases, as well as the level of potential harm to companies and 
individuals.
    For example, illicit underground cyber crime marketplaces allow 
criminals to buy, sell, and trade malicious software, access to 
sensitive networks, spamming services, payment card data, PII, bank 
account information, brokerage account information, hacking services, 
and counterfeit identity documents. These illicit digital marketplaces 
vary in size, with some of the more popular sites boasting membership 
of approximately 80,000 users and some sites being highly exclusive 
invitation-only associations. These digital marketplaces often use 
various digital currencies, and cyber criminals have made extensive use 
of digital currencies to pay for criminal goods and services or launder 
illicit proceeds.
         the secret service strategy for combating this threat
    The Secret Service proactively investigates cyber crime using a 
variety of investigative means to often infiltrate these transnational 
cyber criminal groups and counter every element of their criminal 
schemes. As a result of these proactive investigations, the Secret 
Service is often the first to learn of planned or on-going data 
breaches and is quick to notify affected companies and institutions 
with actionable information to mitigate the damage from the data breach 
and terminate the criminal's unauthorized access to their networks. 
Victim companies rarely identify unauthorized access to their networks; 
rather law enforcement, financial institutions, or other third parties 
identify and notify the likely victim company of a data breach.
    A trusted relationship with the victim is essential for confirming 
the crime, remediating the situation, beginning a criminal 
investigation, and collecting evidence. To foster these trusted 
relationships, in 2001, Congress directed the Secret Service to develop 
a National network of electronic crimes task forces, based on our 
existing New York Electronic Crimes Task Force, for the purpose of 
preventing, detecting, and investigating various forms of electronic 
crimes, including potential terrorist cyber attacks against critical 
infrastructure and financial payment systems. Today the Secret Service 
operates a global network of 38 Electronic Crimes Task Forces (ECTF) as 
part of this growing network. These ECTFs are the foundation for the 
Secret Service's investigations of cyber crime and our primary means of 
sharing actionable information with potential victim companies. For 
example, in 2014, based on information discovered through just one of 
our on-going cyber crime investigations, the Secret Service notified 
hundreds of U.S. entities of cyber criminal activity targeting their 
organizations.
    The Secret Service also invests in developing the capabilities of 
our State and local partners. In partnership with the State of Alabama, 
the Secret Service operates the National Computer Forensic Institute 
(NCFI) to train State and local law enforcement investigators, 
prosecutors, and judges in how to conduct computer forensic 
examinations, respond to network intrusion incidents, and conduct cyber 
crimes investigations. Graduates of NCFI typically join the Secret 
Service's network of ECTFs, and have frequently made vital 
contributions to significant Secret Service investigations of 
transnational cyber criminals.
    As the Secret Service investigates cyber crime, we discover new and 
emerging cyber criminal methods and share relevant cybersecurity 
information broadly to enable other organizations to secure their 
networks while protecting on-going investigations and the privacy and 
civil rights of all involved. The Secret Service accomplishes these 
objectives through contributions to industry-leading annual reports 
like the Verizon Data Breach Investigations Report and the Trustwave 
Global Security Report, and through more immediate reports, including 
joint Malware Initial Findings Reports (MIFRs).
    For example, this year UPS Stores Inc. used information published 
in a joint report on the Back-Off malware to protect itself and its 
customers from cyber criminal activity.\2\ The information in this 
report was derived from a Secret Service investigation of a network 
intrusion at a small retailer in Syracuse, New York. The Secret Service 
partnered with the National Cybersecurity & Communications Integration 
Center (NCCIC/US-CERT) and the Financial Services Information Sharing 
and Analysis Center (FS-ISAC) to widely share actionable cybersecurity 
information derived from this investigation to help numerous other 
organizations, while protecting the integrity of the on-going 
investigation and the privacy of all parties. For UPS Stores, Inc., the 
result was the identification of 51 stores in 24 States that had been 
impacted, enabling UPS Stores, Inc. to contain and mitigate this cyber 
incident before it developed into a major data breach.\3\
---------------------------------------------------------------------------
    \2\ See http://www.us-cert.gov/security-publications/Backoff-Point-
Sale-Malware.
    \3\ See UPS Store's press release. Available at: http://
www.theupsstore.com/about/media-room/Pages/The-ups-storenotifies-
customers.aspx.
---------------------------------------------------------------------------
    As we share cybersecurity information discovered in the course of 
our criminal investigations, we also continue pursuing our 
investigation in order to apprehend and bring to justice those 
involved. Due to the inherent challenges in investigating transnational 
crime, particularly the lack of cooperation of some countries with U.S. 
law enforcement investigations, occasionally it can take years to 
finally apprehend the top tier criminals. The Secret Service works 
closely with its partners in the Departments of Justice and State to 
develop the capabilities of foreign law enforcement partners and to 
foster collaboration.
    For example, in July of 2014 Secret Service agents arrested Roman 
Seleznev of Vladivostok, Russia, through an international law 
enforcement operation. Mr. Seleznev has been charged in Seattle in a 
40-count indictment for allegedly being involved in the theft and sale 
of financial information of millions of customers. Seleznev is also 
charged in a separate indictment with participating in a racketeer 
influenced corrupt organization (RICO) and conspiracy related to 
possession of counterfeit and unauthorized access devices.\4\ This 
investigation was led by the Secret Service's Seattle Electronic Crimes 
Task Force.
---------------------------------------------------------------------------
    \4\ See http://www.justice.gov/usao/waw/press/2014/October/
seleznev.html.
---------------------------------------------------------------------------
    In another case, the Secret Service, as part of a joint 
investigation with U.S. Immigration and Customs Enforcement's Homeland 
Security Investigations (HSI) and the Global Illicit Financial Team 
(GIFT), hosted by IRS-Criminal Investigations, shut down the digital 
currency provider Liberty Reserve, which was allegedly widely used by 
criminals worldwide to store, transfer, and launder the proceeds of a 
variety of illicit activities. In addition, the Treasury Department's 
Financial Crimes Enforcement Network found Liberty Reserve to be a 
financial institution of primary money laundering concern pursuant to 
Section 311 of the USA PATRIOT Act. Liberty Reserve had more than 1 
million users, who conducted approximately 55 million transactions 
through its system totaling more than $6 billion in funds. The founder 
of Liberty Reserve, Arthur Budovsky, was recently extradited from Spain 
to the United States. Mr. Budovsky is among seven individuals charged 
in the indictment. Four co-defendants--Vladimir Kats, Azzeddine el 
Amine, Mark Marmilev, and Maxim Chukharev--have pleaded guilty and 
await sentencing. Charges against Liberty Reserve and two individual 
defendants, who have not been apprehended, remain pending. This 
investigation was led by the Secret Service's New York Electronic 
Crimes Task Force.
               legislative action to combat data breaches
    While there is no technology available to prevent data breaches of 
U.S. customer information, legislative action could help to improve the 
Nation's cybersecurity, reduce regulatory costs on U.S. companies, and 
strengthen law enforcement's ability to conduct effective 
investigations. In January, the administration proposed law enforcement 
provisions related to computer security, highlighting the importance of 
additional tools to combat emerging criminal practices.\5\ We continue 
to support changes like these that will assist us in countering the 
rapidly-evolving threat of cyber crime.
---------------------------------------------------------------------------
    \5\ This proposal is available at: http://www.whitehouse.gov/omb/
legislative_letters/.
---------------------------------------------------------------------------
                               conclusion
    The Secret Service is committed to continuing to safeguard the 
Nation's financial payment systems by defeating cyber criminal 
organizations. Responding to the growth of these types of crimes, and 
the level of sophistication these criminals employ, requires 
significant resources and substantial collaboration among law 
enforcement and its public and private-sector partners. Accordingly, 
the Secret Service dedicates significant resources to improving 
investigative techniques, providing training for law enforcement 
partners, and sharing information on cyber threats. The Secret Service 
will continue to coordinate and collaborate with other Government 
agencies and the private sector as we develop new methods for combating 
cyber crime. Thank you for your continued commitment to protecting our 
Nation's financial system from cyber crime.

    Mr. Ratcliffe. Thanks very much, Mr. Noonan.
    Last but not least, the Chairman would like to recognize 
Mr. Painter to testify.

 STATEMENT OF WILLIAM PAINTER, ANALYST, GOVERNMENT AND FINANCE 
 DIVISION, CONGRESSIONAL RESEARCH SERVICE, LIBRARY OF CONGRESS

    Mr. Painter. Good afternoon, Chairman Ratcliffe, Ranking 
Member Richmond, Ranking Member Thompson, and distinguished 
Members of the subcommittee. Thank you for inviting me to 
appear before you today to discuss how DHS's budget situation 
could affect the Department's efforts to develop new 
technologies and confront emerging threats.
    I will discuss three potential scenarios for the fiscal 
year 2015 DHS appropriations and examine what each could entail 
for the Department going forward. As you know, Congress has 
not, to date, provided annual appropriations for DHS but, 
instead, provided an extension of funding for the Department 
through a continuing resolution, or CR, that expires on 
February 27.
    At least three possible immediate futures for DHS 
appropriations exist. First is extension of the CR. The second 
is enactment of a fiscal year 2015 annual appropriations bill 
or, third, a lapse in annual discretionary appropriations.
    First, extension. So far, in fiscal year 2015, DHS has been 
operating under a series of interim CRs, which typically 
provide temporary funding at a given rate of operations rather 
than a set level for the year. Interim CRs expire at a 
specified date prior to the end of the fiscal year. A second 
type of CR is the full-year CR, which provides funding all the 
way through to the end of the fiscal year. DHS has operated 
under the terms of such a CR only once, in fiscal year 2011.
    To preserve Congressional prerogatives, Congress generally 
places several restrictions on the use of funding provided 
under an interim CR. These include a prohibition on the start 
of new projects, prohibiting funding decisions, including 
grants, that would impinge on Congress' final funding 
prerogatives, and allowing only the most limited funding action 
permitted in the resolution to continue the Government's work.
    As a result of these restrictions and uncertainty over when 
they may be lifted and annual funding levels finally set, an 
agency funded under an interim CR experiences several 
challenges.
    A CR may provide funding at a higher or lower rate than 
needed to carry out Departmental priorities. For example, under 
the current CR, S&T is being allocated funds as a rate higher 
than needed for construction of the National Bio and Agro-
Defense Facility, while DNDO is getting funds at a much lower 
rate than it needs to buy radiation detectors for front-line 
DHS personnel. This mismatch is not on the basis of an 
affirmative policy decision by Congress. It is simply because 
those programs need to change from the previous year's 
baseline, and the funding stream did not.
    Timing can also be an issue. After an interim CR is 
replaced, a Department may not have time to use some of the 
funding it has been provided before it expires at the end of 
the fiscal year. Although most of the budget for DNDO and S&T 
can be used up to 3 to 5 years after it was appropriated, most 
of NPPD's appropriation expires at the end of each fiscal year.
    The second potential scenario is enactment of an annual 
appropriations bill. This would allow DHS to carry out its 
mission with transparent and explicit direction from Congress 
in terms of funding levels for its many missions. DHS would be 
able to hire staff, initiate new projects, and award grants 
within the parameters laid out in the enacted legislation and 
accompanying explanatory statement.
    The third possible scenario is what would occur in the 
event that the current CR expires without extension or 
replacement. Annual appropriations for DHS would lapse. DHS 
would be required to implement a shutdown furlough, as they did 
in the Government-wide lapse in appropriations in October 2013. 
This would represent a disruption in DHS operations and raise 
obstacles to efficient management and oversight much greater 
than those raised by an interim continuing resolution. In 2013, 
roughly 85 percent of the Department's functions continued 
during the shutdown, but 96 percent of S&T, 95 percent of DNDO, 
and 43 percent of NPPD staff were furloughed.
    DHS personnel who are legally permitted to continue to work 
in the event of a lapse generally fall into two categories: 
Those with activities that are not funded through 1-year 
appropriations and those whose work is exempted under specific 
authorities of the Antideficiency Act. Among the components of 
interest today, only the Office of Biometric Identity 
Management and Federal Protective Service under NPPD continued 
to operate during the furlough, with funding made available 
through fee revenues and multi-year appropriations. Most of the 
Secret Service and NPPD cybersecurity function continued to 
work in the absence of annual appropriations because of 
Antideficiency Act exemptions.
    As it faced the 2013 shutdown, DHS identified several 
activities that would be subject to furloughs and curtailment 
of activities under a lapse in annual appropriations, including 
all non-disaster grant programs, NPPD's Critical Infrastructure 
Protective Security Advisor Program, the Chemical Site Security 
Regulatory Program, and research and development activities. As 
the underlying laws that determine who is furloughed and who is 
exempt have not changed, one can expect a similar result in the 
event that fiscal year 2015 appropriations lapse.
    I would like to thank the subcommittee again. Like all of 
us at the Congressional Research Service, I am happy to answer 
your questions.
    [The prepared statement of Mr. Painter follows:]
                 Prepared Statement of William Painter
                           February 12, 2015
    Good morning Chairman Ratcliffe, Ranking Member Richmond, and 
Members of the subcommittee.
    I am privileged to appear before you today on behalf of CRS in 
response to your request to discuss how the budget situation for the 
Department of Homeland Security (DHS) could affect the efforts of its 
various components to develop new technologies and confront emerging 
threats.
    Accordingly, my statement summarizes key portions of several CRS 
reports regarding DHS appropriations for fiscal year 2015, the impact 
of continuing resolutions (CRs), and the impact of a lapse in annual 
appropriations for DHS.
    I will begin with a brief overview of the current status of the DHS 
appropriations process, and then discuss three potential scenarios and 
what each would entail for DHS developing technology and confronting 
emerging threats.
    When discussing specific programs, I will explore the impact of 
various potential budget scenarios on the operations of the DHS 
components represented on the panel with me today, National Programs 
and Protection Directorate (NPPD), the Domestic Nuclear Detection 
Office (DNDO), the Science and Technology Directorate (S&T), and to a 
limited extent, the cybersecurity-related functions of the U.S. Secret 
Service (USSS). Unfortunately, the publicly-available documentation 
regarding the USSS budget lacks the granularity necessary to discuss 
those functions in significant detail.
                   dhs appropriations current status
    DHS operated with an overall budget of $59.2 billion for fiscal 
year 2014. Forty-seven-point-nine billion dollars, or 81%, was 
discretionary spending, which relied on budget authority provided 
through appropriations acts.\1\ The fiscal year 2014 Homeland Security 
Appropriations Act (Pub. L. No. 113-76, Division F) enacted almost $3 
billion for DNDO, S&T, and NPPD.
---------------------------------------------------------------------------
    \1\ Department of Homeland Security, Budget in Brief, Fiscal Year 
2016, p. 8.
---------------------------------------------------------------------------
    The administration requested $60.9 billion for DHS for fiscal year 
2015, of which $49.0 billion was discretionary funding. DNDO, S&T, and 
NPPD comprised $2.9 billion of that request.
    As fiscal year 2014 drew to a close, no annual appropriations bills 
for fiscal year 2015 had been enacted. On September 19, 2014, the 
President signed into law Pub. L. No. 113-164, which provided temporary 
funding for Government operations as senior appropriators indicated 
they would pursue an omnibus appropriations package in the closing 
months of the 113th Congress, rather than stand-alone appropriations 
bills. The Consolidated and Further Continuing Appropriations Act, 
2015, was signed into law as Pub. L. No. 113-235 on December 16, 2014. 
Congress did not include full annual appropriations for DHS as part of 
the package, but provided an extension of continuing appropriations for 
the Department through February 27, 2015.\2\
---------------------------------------------------------------------------
    \2\ Division L of Pub. L. No. 113-235.
---------------------------------------------------------------------------
    The administration submitted its fiscal year 2016 budget request to 
Congress on February 2, 2015. According to the Department, the request 
includes almost $64.9 billion for DHS, more than $51.9 billion of which 
is discretionary spending. When compared in fiscal year 2015, this 
represents a $3.7 billion increase compared to the overall DHS budget 
request, and a $2.8 billion increase in the DHS discretionary request. 
The requested appropriations for NPPD, S&T, and DNDO total almost $2.8 
billion.
    The annual appropriation for DHS was not finalized when the budget 
request was assembled. DHS does not directly compare in its public 
budget request documentation the fiscal year 2016 request with the 
legislation under consideration for fiscal year 2015. Table 1 provides 
such a comparison for the selected agencies.

 TABLE 1.--ENACTED, REQUESTED, AND PROPOSED APPROPRIATIONS FOR SELECTED DHS COMPONENTS, FISCAL YEAR 2014-FISCAL
                                                    YEAR 2016
                                (Budget Authority in Rounded Millions of Dollars)
----------------------------------------------------------------------------------------------------------------
                                              Fiscal       Fiscal Year 2015       Fiscal     Analysis of Fiscal
                                             Year 2014 ------------------------  Year 2016    Year 2016 Request
          Component/Appropriation          ------------                        ------------     vs. H.R. 240
                                                          Budget     H.R. 240     Budget   ---------------------
                                              Enacted     Request                 Request     +/- $      +/- %
----------------------------------------------------------------------------------------------------------------
U.S. Secret Service (USSS):
    Salaries and expenses.................     $1,538      $1,586      $1,616      $1,867        $252      15.6%
    Acquisition, construction,                     52          50          50          72          22      43.5%
     improvements, and related expenses...
                                           ---------------------------------------------------------------------
      USSS TOTAL..........................      1,590       1,636       1,666       1,939         273      16.4%
National Protection and Programs
 Directorate (NPPD):
    Management and Administration.........         56          66          62          64           3       4.1%
    Infrastructure Protection and               1,187        1198        1189       1,312         123      10.3%
     Information Security.................
    Federal Protective Service (FPS) *....     [1,302]      [1343]      [1343]     [1,443]        101       7.5%
    Office of Biometric Identity                  227         252         252         284          31      12.5%
     Management...........................
                                           ---------------------------------------------------------------------
      NPPD TOTAL..........................      1,471       1,515       1,502       1,659         157      10.5%
Science and Technology (S&T):
    Management and Administration.........        129         130         130         132           2       1.6%
    Research, Development, and Operations.      1,091         942         974         647        -327     -33.6%
                                           ---------------------------------------------------------------------
      S&T TOTAL...........................      1,220       1,072       1,104         779        -325     -29.4%
Domestic Nuclear Detection Office (DNDO):
    Management and Administration.........         37          37          37          38           1       2.6%
    Research, Development, and Operations.        205         199         198         196          -2      -1.0%
    Systems Acquisition...................         43          68          73         123          50      69.4%
                                           ---------------------------------------------------------------------
      DNDO TOTAL..........................        285         304         308         357          49      16.1%
----------------------------------------------------------------------------------------------------------------
* FPS is not included in the total resources because it is funded through collections from the agencies for whom
  FPS provides services.
Sources.--CRS analysis of fiscal year 2014 explanatory statement, fiscal year 2015 DHS Congressional
  justifications, H.R. 240 (114th Congress), and the DHS Budget in Brief, Fiscal Year 2016.
Notes.--Table displays rounded numbers for simplicity of presentation. To ensure validity of analysis, all
  operations, including calculations of percentages, were performed with unrounded data.

    The evolution of funding levels across the three fiscal years 
reflected in this chart (as well as other changes below the 
appropriations level that are not reflected here) could be taken as 
evidence that DHS and Congressional priorities in confronting emerging 
threats are evolving as well. The resolution of the fiscal year 2015 
annual appropriations cycle will have a significant impact on the 
ability of the Department to align its funding to those new priorities. 
Budgets that are based on prior year funding streams or that are more 
procedurally limiting than the annual appropriations process could 
present additional challenges to the Department as it works to adjust 
to the evolving threat environment.
    fiscal year 2015 dhs appropriations: potential future scenarios
    At least three possible scenarios exist as the February 27 
expiration date of the current DHS funding stream approaches:
    (1) extension of the continuing resolution;
    (2) enactment of a fiscal year 2015 annual appropriations bill for 
        DHS; or
    (3) a lapse in discretionary appropriations.
                 extension of the continuing resolution
    Continuing resolutions (CRs)--the basis of the first possible 
scenario--come in two forms, distinguished by the duration of funding 
they provide. The most common type is an ``interim'' CR, which provides 
temporary funding for departments or agencies that lack enacted annual 
appropriations. Such finding is typically provided at a given rate for 
operations. This type of CR expires at a specified date prior to the 
end of the fiscal year. It may be extended through the enactment of 
further interim CRs, or superseded by annual appropriations laws. DHS 
has been operating under temporary CRs throughout fiscal year 2015, 
providing funding slightly less than the fiscal year 2014 rate for 
operations.
    My colleagues have written extensively on the history, functions, 
and impacts of interim continuing resolutions, and I refer you to their 
work for detailed analysis.\3\ Usually funding is provided to sustain a 
rate for operations defined in terms of funding enacted in the previous 
fiscal year. That rate may be adjusted by formula or by specific 
``anomalies''\4\ on a pro-rated basis, which is calculated based on the 
CR's duration. Any obligations or expenditures that are made using this 
temporary funding are typically deducted from the applicable full-year 
appropriation once enacted.
---------------------------------------------------------------------------
    \3\ For information on the history and procedural aspects of CRs, 
see CRS Report R42647, Continuing Resolutions: Overview of Components 
and Recent Practices, by Jessica Tollestrup; for information on the 
impacts of interim CRs, see CRS Report RL34700, Interim Continuing 
Resolutions (CRs): Potential Impacts on Agency Operations, by Clinton 
T. Brass.
    \4\ Anomalies are generally defined as provisions that alter the 
funding stream provided under a continuing resolution or the 
authorities under which that funding is utilized, i.e., increasing or 
decreasing the rate for operations for a specific program, barring the 
use of funds for a specific activity, or specifically authorizing an 
activity.
---------------------------------------------------------------------------
    The second type of CR is a ``full-year'' CR, which provides funding 
through the end of the fiscal year. DHS has operated under the terms of 
such a CR only once, in fiscal year 2011. That year, Congress agreed 
only on the budget for the Department of Defense. The rest of the 
Government operated under the terms of a full-year CR \5\ from mid-
April to the end of September, 2011. Defined funding levels (as opposed 
to a rate of operations) were established, and were generally the 
amounts in the previous fiscal year's appropriations laws (except when 
set by anomalies).
---------------------------------------------------------------------------
    \5\ Division B of Pub. L. No. 112-10.
---------------------------------------------------------------------------
    To preserve Congressional prerogatives, Congress generally places 
several key restrictions on the use of continuing funding under an 
interim CR. The current CR,\6\ as amended, includes those traditional 
restrictions, including:
---------------------------------------------------------------------------
    \6\ Pub. L. No. 113-164 as amended.
---------------------------------------------------------------------------
   Section 101(a).--That appropriations are provided ``under 
        the authority and conditions'' of the fiscal year 2014 
        appropriations laws, for projects or activities ``that were 
        conducted in fiscal year 2014'', and that were funded in those 
        specified appropriations acts;\7\
---------------------------------------------------------------------------
    \7\ 128 Stat 1867.
---------------------------------------------------------------------------
   Section 104.--That funds may not be used to initiate or 
        resume any project or activity not funded during fiscal year 
        2014;\8\
---------------------------------------------------------------------------
    \8\ 128 Stat 1868.
---------------------------------------------------------------------------
   Section 109.--That funding distributions or grant awards 
        shall not be made that would impinge on Congress's final 
        funding prerogatives;\9\ and
---------------------------------------------------------------------------
    \9\ 128 Stat 1869.
---------------------------------------------------------------------------
   Section 110.--That only the most limited funding action 
        permitted in the resolution shall be made to continue projects 
        and activities.\10\
---------------------------------------------------------------------------
    \10\ Ibid.
---------------------------------------------------------------------------
    The restrictions noted above in Sections 109 and 110 were not 
included in the fiscal year 2011 full-year CR, and the restrictions in 
Section 104 were modified, as the legislation was anticipated to be the 
final action on appropriations for the fiscal year.
    An agency funded under an interim CR experiences several challenges 
in confronting a dynamic threat environment and developing new 
technologies. To some extent, a status quo funding level combined with 
the restrictions on the use of funds provided under the terms of a 
continuing resolution may result in Federal agencies continuing to 
support existing priorities--rather than shifting to new ones--since 
only existing programs retain funding.
    In reports stretching back several years, the Government 
Accountability Office (GAO) has noted multiple negative effects of 
interim continuing resolutions on efficient program management and 
execution. GAO variously cited: The inability to allocate funds to 
programs with current needs, rather than a (possibly no longer 
relevant) recent history of funding; delays in planning; hiring 
freezes; delays in construction projects; suspension of loan and grant 
activities; inability to finalize or renew contracts in a timely 
manner; reductions in technical assistance work; delays in funding that 
increased program costs; and reductions in otherwise justifiable 
travel.\11\
---------------------------------------------------------------------------
    \11\ Summarized in CRS Report RL34700, Interim Continuing 
Resolutions (CRs): Potential Impacts on Agency Operations, by Clinton 
T. Brass.
---------------------------------------------------------------------------
    Other observers concur that interim CRs can have negative impacts. 
Past reporting by CRS regarding the impacts of interim CRs on the 
Department of Defense noted that interim CRs create challenges in the 
distribution of funds, requiring an ``inordinate amount of time and 
paper,'' and drawing resources from ``more productive management.'' The 
reporting also noted that interim CRs do not provide the authority to 
reestablish bonuses and allowances for personnel, which can negatively 
affect morale and retention of highly sought-after personnel.\12\
---------------------------------------------------------------------------
    \12\ Ibid.
---------------------------------------------------------------------------
    If full-year regular appropriations levels for fiscal year 2015 
become law, thereby allowing new programs to receive funds, projects 
may have difficulty meeting their projected time lines because of the 
shortened time frame for obligating funds for these programs. With the 
midpoint of the fiscal year approaching, difficulties may emerge in 
obligating some of the new appropriations for NPPD, for example, before 
they expire at the end of the fiscal year. Most of the budget for DNDO 
and S&T does not expire for 3 or 5 years; however, 81% of NPPD's 
Infrastructure Protection and Information Security appropriation in 
H.R. 240 expires at the end of fiscal year 2015.
    One example of how either an interim or year-long CR that extends 
last year's funding levels with no anomalies \13\ could affect DHS 
activities is the Chemical Facility Anti-Terrorism Standards (CFATS) 
activity at NPPD.
---------------------------------------------------------------------------
    \13\ In practice, interim and full-year CRs usually contain at 
least some anomalies.
---------------------------------------------------------------------------
    CFATS would be affected both in terms of its funding and its 
operations. In terms of funding, the Infrastructure Security Compliance 
Division (ISCD) requested an 8% increase in fiscal year 2015 from their 
appropriated level in fiscal year 2014 ($87 million as opposed to $81 
million). In practice, DHS had reprogrammed an additional $3 million to 
ISCD in fiscal year 2014. Under a clean CR, ISCD would be funded at a 
lower level than required to provide current services.
    In terms of operations, in December 2014, ISCD received new 
statutory authorization to regulate chemical facilities for security 
purposes. The new authority contains new provisions for ISCD to 
implement, including increased information sharing, the commission of 
certain studies, and the establishment of a self-certification program 
for regulated entities. Not all of these activities were in place in 
fiscal year 2014. The costs of implementing them would not be 
represented in a funding stream based on fiscal year 2014 funding, and 
DHS may consider some of them as new activities that could not be 
initiated under the continuing resolution.
    Another potential effect of a CR that extended fiscal year 2014 
levels would be on the S&T Laboratory Facilities appropriation. In 
fiscal year 2014, the construction of the National Bio- and Agro-
defense Facility received $404 million in appropriations. The request 
for fiscal year 2015 was $300 million, which was included in both the 
House and Senate draft bills in the previous Congress and in H.R. 240. 
Despite what appears as consensus on a funding level, a CR at fiscal 
year 2014 levels would provide more for NBAF construction than either 
Congress or the administration have proposed.
    DNDO's Human Portable Radiation Detection Systems program would 
have the opposite issue. This program purchases commercially-available 
technology for front-line DHS personnel to detect radiological or 
nuclear materials in the field. The fiscal year 2015 request of $51 
million was almost triple the fiscal year 2014 funding level of $14 
million. Again, the House and Senate generally concurred on providing 
most of the increase, but an anomaly would be required to provide that 
increase if the CR generally extended the fiscal year 2014 funding 
level.
    Given the structure of appropriations for S&T, funding shifts below 
the level of the Project, Program, and Activity level are common. Such 
shifts can provide the resources needed to carry out work under 
existing authorities. However, given the level of budget uncertainty, 
even in cases where S&T has the legal ability to engage in new work, 
there may be a hesitancy to make a commitment of resources when 
operating under a temporary CR.
          enactment of fiscal year 2015 annual appropriations
    The second potential next scenario--enactment of an annual 
appropriations bill--would arguably allow DHS to carry out its mission 
with more transparent and explicit direction from Congress in terms of 
funding levels and funding limitations for many of its missions. DHS 
may perceive more freedom to engage in certain activities, such as the 
hiring of staff. It would also be able to initiate certain new 
projects, as is the case for the other Government agencies funded 
through the consolidated appropriations act enacted in December, 2014.
    For the purposes of discussion, let us assume that the annual 
appropriation includes the funding levels outlined in H.R. 240, the 
fiscal year 2015 Homeland Security Appropriations bills introduced in 
the House in the 114th Congress.
    Under the terms of H.R. 240, in fiscal year 2015, DNDO would 
receive an almost 8% increase overall above fiscal year 2014. A $7 
million reduction in the Research Development and Operations account 
would be offset by an increase of $35 million in the Human Portable 
Radiation Detection Program. While $2 million less than requested by 
the administration, the resources provided would still support the 
purchase of portable radiation detectors for Customs and Border 
Protection, the Transportation Security Administration, and the U.S. 
Coast Guard.
    S&T would be funded $116 million below fiscal year 2014 levels 
under H.R. 240 as passed by the House. The major driver in this 
reduction is the smaller tranche of funding for the construction of the 
National Bio- and Agrodefense Facility. A 1% reduction in the Research, 
Development, and Innovation subappropriation also is present. As with 
DNDO, the funding levels included in the two bills are higher than the 
administration's request for fiscal year 2015.
    In House-passed H.R. 240, NPPD would be funded at slightly more 
than $1.5 billion--almost $32 million above the fiscal year 2014 level, 
and $13 million below the administration's request. Most of the 
increase from the previous fiscal year is driven by a $32 million 
increase in the Next Generation Networks program and rejection of an $8 
million proposed reduction in the Global Cybersecurity Management 
subappropriation. This would maintain funding levels for cybersecurity 
education.
    The explanatory statement for H.R. 240 notes that USSS ``cyber 
activities, including electronic crimes investigations and State and 
local cyber crime training'' would receive more than $108 million under 
the terms of H.R. 240. A similar figure was not presented in the 
explanatory statement for the fiscal year 2014 appropriation to allow 
for definitive overall comparison, although the support for training 
rose from $7.5 million in the fiscal year 2014 act to $12 million in 
H.R. 240.
            potential fiscal year 2015 funding lapse for dhs
    The third scenario--a default option which will occur if neither of 
the first two scenarios occur--is a lapse in annual appropriations for 
the Department. DHS will be required to implement a shutdown furlough. 
The events of October 2013 provide a reasonable understanding of this 
case. The shutdown affected operations of different DHS components to 
varying degrees. Roughly 85% of the Department's workforce continued 
with their duties during the shutdown, because of exceptions identified 
in long-standing interpretations of the Anti-Deficiency Act. Some DHS 
employees were also recalled to work after the furloughs began on the 
basis of unanticipated needs (such as disaster response activities) and 
the enactment of an appropriations law that temporarily covered certain 
personnel costs.
    In the event of a lapse, DHS personnel who continue to work without 
passage of annual appropriations or a continuing resolution generally 
fall into two categories: Those whose activities are not funded through 
1-year appropriations, and those whose work is necessary for the 
preservation of the safety of human life or the protection of property. 
The former generally continue to be paid as scheduled--contingent on 
the availability of funds, whereas the latter are not paid while the 
lapse in annual appropriations continues. Of DHS's estimated 231,117 
civilian and military employees, nearly 200,000 were projected to be 
exempted from the shutdown furlough, according to the Department. Most 
of these employees relied on annual appropriations for their salaries, 
and therefore were not paid during the funding lapse.
    Among the components of interest today, only the Office of 
Biometric Identity Management and Federal Protective Service under NPPD 
continued to operate during the furlough with funding made available 
through fee revenues and multi-year appropriations. Elements of the 
Secret Service engaged in protection of persons and facilities and 
NPPD's cybersecurity function continued to work in the absence of 
annual appropriations.
    Table 2 provides a breakdown of the initial exemption and furlough 
data provided by DHS for the four components under discussion:\14\
---------------------------------------------------------------------------
    \14\ A complete breakdown of DHS projected furloughs is available 
in CRS Report R43252, FY2014 Appropriations Lapse and the Department of 
Homeland Security: Impact and Legislation, by William L. Painter.

   TABLE 2.--DHS PROJECTED INITIAL EXEMPTION AND FURLOUGH DATA FOR SELECTED COMPONENTS, FISCAL YEAR 2014 LAPSE
----------------------------------------------------------------------------------------------------------------
                                                                                                       Projected
                                                                     Employees  Projected  Projected     % of
                             Component                               (as of 7/    Exempt    Furlough   Component
                                                                      31/2013)                        Furloughed
----------------------------------------------------------------------------------------------------------------
U.S. Secret Service................................................      6,537      6,003        534       8.17%
National Protection and Programs Directorate.......................      2,835      1,617      1,218      42.96%
Science and Technology Directorate.................................        469         20        449      95.74%
Domestic Nuclear Detection Office..................................        115          6        109      94.78%
----------------------------------------------------------------------------------------------------------------
Source.--CRS analysis of DHS ``Procedures Relating to a Federal Funding Hiatus,'' September 27, 2013.

    While DHS did not associate numbers of furloughed employees with 
specific programs, the Department identified several activities that 
would be subject to furloughs and curtailment of activities, including:
   all non-disaster grant programs;
   NPPD's Critical Infrastructure Protective Security Advisor 
        Program;
   chemical site security regulatory program; and
   research and development activities.\15\
---------------------------------------------------------------------------
    \15\ ``DHS Lapse Contingency Plan Summary,'' September 27, 2013. 
Provided by DHS Legislative Affairs.
---------------------------------------------------------------------------
    Most of the research and development activities funded by S&T and 
DNDO are performed by contractors. Even if its work was funded prior to 
the shutdown, a contractor might be prevented from continuing its work 
if it required access to a closed DHS facility or interaction with a 
furloughed DHS employee. If the shutdown persisted for an extended 
period, some contractors might suspend their work because of 
uncertainty or cash flow issues.\16\
---------------------------------------------------------------------------
    \16\ For additional information on how contracted work may be 
affected by a lapse in annual appropriations, see CRS Report WSLG681, 
What Would a Government Shutdown Mean for Federal Contractors?, by Kate 
M. Manuel.
---------------------------------------------------------------------------
    One difference from the consequences of the fiscal year 2013 
shutdown would be in the CFATS program. Since DHS has received new 
statutory authority to regulate chemical facility security,\17\ the 
statute underlying chemical facility security regulation would remain 
in force. The previous authority had a sunset date that was typically 
extended each year in appropriations acts. In the prior shutdown, DHS 
furloughed the staff of ISCD, which implements the program. If ISCD 
staff were again furloughed, the regulatory program they implement 
would pause, even though the statutory authority would continue in 
force.
---------------------------------------------------------------------------
    \17\ Pub. L. No. 113-254.
---------------------------------------------------------------------------
    A lapse in annual appropriation and the shutdown furlough that 
would follow could represent a disruption in certain DHS operations, 
and potentially raise more obstacles to efficient management and 
oversight than those raised by an interim continuing resolution.
    I would be remiss if I did not close by noting that while I sit 
before you today, the testimony I have provided would not have been 
possible without the contributions of a number of my colleagues as 
well, especially Clinton Brass, Jessica Tollestrup, Dana Shea, Daniel 
Morgan, John Moteff, and Eric Fisher.
    On behalf of CRS, thank you for the opportunity of appearing before 
you today. I am happy to respond to your questions.

    Mr. Ratcliffe. Thank you, Mr. Painter.
    I now recognize myself for 5 minutes for questions.
    Just a few days ago, President Obama announced the creation 
of the Cyber Threat and Intelligence Integration Center, or 
CTIIC, which will fall under the Office of the Director of 
National Intelligence. The stated purpose of this new center 
will be to integrate the intelligence community's cyber data 
and share it with civilian agencies.
    Mr. Ozment, I would like to start with you and ask if you 
can discuss how DHS's NCCIC anticipates working with this new 
center. Specifically, what do you anticipate the roles and 
responsibilities will be for each?
    Mr. Ozment. Thank you, Chairman.
    As you know, NPPD and the NCCIC are not a part of the 
intelligence community, nor is NPPD's NCCIC a law enforcement 
organization. The CTIIC, the Cyber Threat Intelligence 
Integration Center, is designed to address a specific problem: 
The integration of intelligence from across intelligence 
community agencies.
    From the perspective to the NCCIC, the CTIIC will be a 
supporting organization. The NCCIC is one of the operational 
cybersecurity organizations, along with NCIJTF, the National 
Cyber Joint Investigative Task Force, and U.S. Cyber Command's 
Joint Operations Center.
    The CTIIC will provide integrated intelligence in support 
of the NCCIC's daily operations. From that perspective, the 
CTIIC will help the NCCIC by providing that integrated 
perspective.
    Mr. Ratcliffe. Thank you, Mr. Ozment.
    A question for you, Mr. Martin. In the past month, S&T has 
published its visionary goals. You mentioned those five today 
in your testimony. Is it S&T's intention to shape its research 
agenda to align with these visionary goals? If so, what do you 
envision as the right mix between basic research and the 
applied science and engineering?
    Mr. Martin. Thank you, Chairman.
    It is the intention of the Directorate to shape its 
portfolio based on these visionary goals. It is going to be a 
split between research and development done to support the 
operational needs of the component and a portion of the 
portfolio to go towards Apex programs, which are mapped to 
these visionary goals.
    Our Apex programs take a more focused view at some pretty 
critical problems in the Department. It is a mixture of both 
basic and applied research. I can't give you exact amounts 
because it depends on the maturity of the technology we are 
looking at.
    Ultimately, we want to have a relatively good mix of both 
basic and applied research.
    Mr. Ratcliffe. Thank you, Mr. Martin.
    Dr. Gowadia, a question for you. Currently, as you know, 
DHS is required by the SAFE Port Act to scan 100 percent of 
containerized cargo at foreign ports of departure before that 
is loaded onto ships coming to the United States. Currently, 
DHS has requested waivers since 2012 because it has been unable 
to reach that goal.
    I want to know, do you think that, given that the Secretary 
has requested these multiple waivers, is this law even 
feasible, No. 1? No. 2, what are some of the recommendations 
that you have for addressing the threat at foreign ports of 
departure?
    Ms. Gowadia. Thank you, Chairman Ratcliffe.
    At the Department, we share your concern about the threat 
of the use of a cargo container bringing a nuclear material to 
our ports, and we have remained committed to make sure that 
goods that arrive here are safe and secure before they are 
released into the American public.
    Our Secretary has directed us to take another look at the 
100 percent overseas scanning mandate, and so we are doing that 
in concert with our industry partners as well as with foreign 
governments. This mandate cannot, of course, be implemented 
without their engagement. We need to find a business model that 
works for all of us to that end.
    Also, DNDO has a fairly significant role to play, and we 
collaborate with S&T to make sure that we are developing the 
right technologies to be able to address this mandate.
    That having been said, let me reassure you, sir, that 100 
percent of cargo containers are scanned at our ports of entry 
before they are released into the stream of commerce right here 
in the United States.
    So we are looking at this layered, disciplined approach to 
attack the problem.
    Mr. Ratcliffe. Terrific. Thank you, Dr. Gowadia.
    Mr. Noonan, very quickly in my time remaining, can you 
address Secret Service's relationship with DHS, with the NCCIC, 
and how all that comes into play when investigating cyber 
breaches?
    Mr. Noonan. Yes, sir.
    As a matter of practice over the last several years, when 
we are engaged in a cyber investigation and we are working 
together with a private-sector victim, we have our forensic 
specialists that are working with that victim company, and we 
are pulling out of those investigations evidence that is 
important in that investigation.
    When we pull out evidence in that investigation, we also 
see the criminal tools that the criminal uses to gain access 
and entry into those systems, we see the malicious code that 
they use to insert in those systems. When these things are new 
trends that we are observing, we take that information that we 
glean out of that criminal investigation and we share that with 
our partners at the DHS's NCCIC.
    DHS's NCCIC, together with the Secret Service, will put 
together a product. When we put this product together, we are 
very concerned about the privacy of the victim company, so we 
strip out everything related back to that company. We share 
those cybersecurity matters through the NCCIC out to the rest 
of infrastructure.
    As a matter of fact, because US-CERT sits with the NCCIC, 
US-CERT also pumps that same information out to the rest of a 
number of CERTs around the globe, too. So we are getting those 
cybersecurity concerns not just out to the critical 
infrastructure here domestically, but we are also getting out 
to our partners out there outside the borders of the United 
States to better protect their systems from our criminal 
adversaries that are taking advantage of our financial systems.
    Mr. Ratcliffe. Thank you, Mr. Noonan.
    My time has expired. The Chairman now recognizes the 
Ranking Minority Member, Mr. Richmond, for his questions.
    Mr. Richmond. Thank you, Mr. Chairman. I am going to yield 
my time to the Ranking Member of the full committee, Mr. 
Thompson.
    Mr. Thompson. Thank you very much, Mr. Richmond.
    We have had some very interesting testimony here today. 
There is no question that cyber is a clear and present priority 
as well as a danger for us as American citizens.
    One of the things I want to highlight, though, is that if 
we don't have a Department that is funded, a lot of the 
missions we have talked about here today will suffer. So what I 
want to give my time toward is to further elaborate on that 16-
day window that we are facing in terms of not having a funded 
Department of Homeland Security.
    Mr. Painter, you gave us three scenarios. I think all of 
them, under any circumstance, gives pause for a Department that 
really needs to get about its business of securing this 
country.
    What I am really concerned about, though, is the shutdown 
possibility and what that does for us. Are you saying that S&T 
would be one of those departments that would be impacted 
disproportionately to others in terms of employees that would 
be sent home?
    Mr. Painter. Thank you for the question, Ranking Member 
Thompson.
    The analysis that was included in my testimony was based on 
the shutdown furlough plan that was released for the October 
2013 shutdown. As we approach the possibility of a lapse in 
appropriations, the Department will release a similar plan that 
will outline exactly how many employees are in each section and 
who is likely to be furloughed.
    However, one thing that the Department made clear in its 
plan in 2013 and has been discussed is that the research and 
development activities are not considered exempt under the 
Antideficiency Act, and, therefore, those activities would be 
shut down.
    Mr. Thompson. Thank you.
    Mr. Noonan, there is no question that our men and women in 
the Secret Service do a wonderful job. We have been more than 
supportive as a committee, but there are about 4,000 agents who 
would be impacted if we don't have a budget at the end of this 
month.
    In your opinion, what effect would that have on the morale 
of those men and women?
    Mr. Noonan. Thank you for the question, sir.
    I think a CR will inherently slow down the execution and 
day-to-day operations of the Secret Service as it relates to 
our cyber program. It will delay hiring. It will impact our 
operations.
    I think along with that, you know, I think the men and 
women of the Secret Service are very dedicated to their 
mission. At the end of day, we will get our mission done. But, 
to your point, I think there will be a--obviously, there will 
be some impact, of course.
    Mr. Thompson. So the best way to get on with our challenge 
is to have a budget so that we know how to plan and implement 
accordingly. Thank you.
    Dr. Ozment, how is the implementation of CFATS impacted by 
this potential shutdown or lack of moneys for the Department?
    Mr. Ozment. Ranking Member, I am here today to represent 
NPPD. I will tell you, however, that I am the lead of our 
cybersecurity programs, and, therefore, I am not confident that 
I could give you the depth of answer that I would like to give 
you on the CFATS program. So I will ask if we can respond to 
your staff in more detail on that later.
    If you are interested, however, I am happy to talk to you 
about its impact on our cybersecurity programs.
    Mr. Thompson. Go on.
    Mr. Ozment. Thank you, Ranking Member.
    Mr. Thompson. But get me the other information, too.
    Mr. Ozment. Absolutely, sir.
    Mr. Thompson. Okay.
    Mr. Ozment. I am gravely concerned about the impact of a 
shutdown on our cybersecurity efforts. NPPD will experience 
three categories of significant impacts to our cybersecurity 
mission if there is a shut down: To our operations, to our key 
acquisition programs, and to our information-sharing 
activities.
    First, a shutdown will cause us to lose the support of over 
140 staff in our NCCIC. Without these staff, the NCCIC's 
capacity to provide a timely response to agencies or critical-
infrastructure customers seeking assistance after a 
cybersecurity incident will be decreased, and we will be less 
able to conduct expedited technical analysis of cybersecurity 
threats.
    Second, a shutdown will delay two acquisition programs that 
are essential to protecting Federal agencies from cybersecurity 
attacks and intrusions.
    First is the National Cybersecurity Protection System, 
otherwise known as EINSTEIN. We are currently ready to bring on 
board new agencies for the protection of EINSTEIN 3. A shutdown 
would prevent us from bringing on board those agencies and 
essentially stop those agencies from receiving the protection 
that they need from the cyber threats that are out there.
    In addition, the Continuous Diagnostics and Mitigation 
Program is on the verge of issuing a contract that will allow 
Federal agencies to identify critical cyber vulnerabilities and 
expedite their resolution. A shutdown would delay the issuance 
of this award and again leave agencies unprotected and less 
able to patch and be even cognizant of the vulnerabilities that 
they have.
    The final category of significant impacts would be to our 
information-sharing activities. A shutdown would significantly 
reduce the volume and timeliness of cyber threat information 
that we are able to share with our Government partners and the 
private sector. We will also be unable to bring on board new 
companies as partners in information sharing and will be unable 
to continue planning our next-generation information-sharing 
capabilities that are necessary to make our information sharing 
real-time and automated in order to enable us to combat highly-
sophisticated cyber threats.
    Mr. Thompson. Thank you very much, Mr. Chairman, and I 
appreciate your indulgence in allowing the question to be 
answered. I yield back.
    Mr. Ratcliffe. You are welcome.
    The gentleman's time has expired.
    The Chairman now recognizes the Ranking Minority Member and 
gentleman from Louisiana, Mr. Richmond.
    Mr. Richmond. Thank you, Mr. Chairman.
    I will start with Dr. Gowadia, and I will continue where 
the Ranking Member left off, which is, in the next 16 days, if 
we don't do something to fund long-term the Department of 
Homeland Security, how would that affect the work that the 
Domestic Nuclear Detection Office does with local law 
enforcement agencies as far as the alerts go?
    Ms. Gowadia. Thank you, Mr. Richmond.
    As far as responding to the alerts and alarms that come up 
from our operational partners, we have actually established 
that particular function as a mission-essential function. So, 
with a skeletal staff, we will be able to support and answer 
those phone calls, but it will be only with 10 civilian 
personnel and about 5 military detailees. So it will be a 
tremendous burden on the staff, sir.
    Mr. Richmond. Now, let's talk about your fiscal year 2015 
and 2016 budgets as far as acquisitions go. If we decrease your 
budget for next year, how would that affect your acquisitions?
    Ms. Gowadia. As you are aware, sir, we are a mission 
support office. We buy detectors for our Customs and Border 
Protection colleagues, TSA, Coast Guard. The big difference 
between the 2014 budget and the 2015 budget, the President's 
request, is a $37 million plug to get us in a position to buy 
handheld detectors and identification systems for deployment in 
the field.
    Very specifically, the detectors that our CBP colleagues 
have today are no longer supported by the vendor and have 
reached the end of their service life. We need to replace them 
so that we can make sure that commerce is not held up at the 
ports while we wait to get the right detection technologies to 
bear.
    It is a tremendous operational burden on our CBP 
colleagues, and so this is much-needed funds to make sure that 
they are able to exercise their duties in the field.
    Mr. Richmond. Which is very important to me and the 
district I represent, considering that we have the Port of New 
Orleans, Port of South Louisiana, Port of Baton Rouge, that, if 
you add them up and make them one port complex, we are probably 
No. 3 in the world, No. 1 in the United States.
    As we continue to push trade and looming trade deals in 
front of us, then this would be one example of really pushing a 
trade deal but not putting the funds in a place to make sure 
that we can get goods to commerce in a quick and orderly 
fashion.
    Mr. Martin, let me ask you almost the same question, that 
if you don't have long-term funding or anticipated funding, 
what do you think the long-term effects would be to the S&T and 
First Responder programs, No. 1, if we fail to fund DHS; No. 2, 
if we cut the budget?
    Mr. Martin. Ranking Member Richmond, in a word, it is 
disruptive. It is disruptive in the short term in that we can't 
do the support work for the State and local first responders 
that we do. It also puts a level of uncertainty in our research 
and development. It is very difficult to turn research and 
development on and off.
    It is also very difficult to start and stop contracts that 
do a lot of our research work. Probably one of the longer-term 
effects of this is we lose confidence of small business, of 
universities, of National labs to do work with the Federal 
Government. If we can't have stable budgets and sustained 
funding to support these programs, we lose the confidence of 
those groups to do work with us.
    From the first-responder perspective, it is going to be 
difficult for us to maintain any level of direct support for 
equipment testing, for any type of research or knowledge 
products we develop to move to them. To be able to keep that 
level of confidence in the responders of the work we do 
requires a stable budget.
    Mr. Richmond. Then I guess the common theme I am hearing is 
that, although we would not fund you all and you all would be 
disrupted and you would make do the best you can, the local law 
enforcement agencies around the country, the State and locals, 
would really be, for lack of a better description, left out 
there on their own because they can't rely on your support and 
help that you normally offer them.
    So, with that, Mr. Chairman, I would just like to say that 
I think that, you know, it is very critical that we fund it. I 
know that both sides differ much on immigration, and we will 
fight on immigration, and it is a legitimate difference of 
opinion. But I think that their testimony highlights the fact 
that we should not jeopardize the safety of the country over 
that one fight, which we will continue to embark on.
    So, with that, Mr. Chairman, thank you for your time, and I 
yield back.
    Mr. Ratcliffe. The Chairman thanks the gentleman.
    The Chairman will now recognize other Members of the 
subcommittee for questions they may wish to ask the witnesses.
    I would like to recognize the gentleman from Florida, Mr. 
Clawson.
    Mr. Clawson. Thank you.
    Thanks for coming, you all. I am always appreciative for 
folks who show up and have to get in the middle of our big 
battles that we have up here.
    You know, I have spent a lot of time in boardrooms, not a 
lot of time in these committees meetings. You know, I was 
always surprised--the way we do things, the witnesses come, 
they get in the middle of this partisan bashing. So if they get 
the wrong question, they don't want to answer it because it 
will make their side look bad; if they get the right question, 
then they want to answer. Then we just dig the divide between 
the two sides bigger and bigger. We don't learn anything as a 
result of that because we have a hard time getting to full 
disclosure because we are too busy being partisan.
    I fly over that, or at least I try to. I appreciate you all 
coming today. I hope you will be as open as we can because I 
don't want to pick a partisan bone here. I think it is a waste 
of time. We will have that fight another day, and that will be 
a different conversation.
    But I did want to pick your brain about a couple of things 
that I am interested in as I did the study here. It feels 
blurry to me on where the line is between private companies, 
private data, private people, and our own defense of 
cybersecurity. So I am curious, you know, how many different 
agencies get involved with our private companies? What are the 
limits of that? What is the kind of data that our Federal 
agencies should be asking for?
    If you put yourself in the position of somebody who is 
running a company, who has fiduciary responsibility not just to 
the community but also the privacy of customers, employees, 
fiduciary responsibility to shareholders, kind-of, what is the 
right answer to all that? As the stakes get higher here and we 
get more and more unsafe, who gets to decide?
    So two or three of you I am sure have strong opinions on 
this, and I would objectively just like your objective 
viewpoint on it. Whoever would like to start first, I would 
really like it.
    Mr. Noonan. Yes, sir.
    As far as law enforcement goes and working with our 
private-sector partners, it is really a two-way street of 
working with the victim company. A lot of times, it is the 
Secret Service and/or law enforcement that goes to the private 
sector when there is an incident, when there is a data breach, 
and we are the ones actually giving them information about the 
data breach and showing them where that data breach is.
    Mr. Clawson. What if it is not somebody who has been a 
victim? I mean, don't we involve companies on a broad scale for 
prevention?
    Mr. Noonan. Absolutely. So, As a matter of fact, we are 
partnered with private-sector partners through our Electronic 
Crimes Task Forces. In those Electronic Crimes Task Forces, we 
have quarterly meetings with the private sector, and we share 
ideas on criminal trends, on how to better protect themselves--
--
    Mr. Clawson. Is that mandatory participation?
    Mr. Noonan. Not on the private sector's part. On the 
Government's part, it is.
    Mr. Clawson. What percentage of our private sector 
participates? Is it enough to really make a dent on this for 
what you all are trying to accomplish?
    Mr. Noonan. So, as it relates to our Electronic Crimes Task 
Forces, it depends on the city that we are in. There is no 
mandatory requirement, of course, for the private sector to 
belong to those.
    In addition to that, we also send out industry notices to 
the private sector to better help them defend themselves from 
what we are seeing as the critical threat or the brand-new 
threat that is coming out and arising in those situations.
    Mr. Clawson. If you had to grade the private sector, 1 to 
10, about the kind of cooperation and participation that you 
are getting for disaster prevention, what would you give the 
grade?
    Mr. Noonan. I would give it a rather high grade as far as 
working in the financial services sector in relation to the 
work with law enforcement in prevention of those different 
matters that you just brought up.
    Mr. Clawson. In other industries?
    Mr. Noonan. In other industries--I am not too involved with 
many other industries. The retail sector, obviously, over the 
last year, has become more engaged in information sharing with 
law enforcement and more engaged with the Government in that 
fashion.
    Mr. Clawson. Dr. Ozment.
    Mr. Ozment. Thank you, Congressman.
    To your beginning point, I think it is worth noting that 
cybersecurity is one of the critical threats our Nation will 
face in the 21st Century. Given that, I believe almost every 
Government department and agency will ultimately have a role in 
cybersecurity as their traditional work moves on-line and every 
agency has to work with the private sector as they normally 
engage.
    So you will see, as you already do, the Secret Service 
engaging in electronic crimes, cybersecurity in their law 
enforcement capacity; sector-specific agencies, like the 
Department of Energy or Treasury, engaging with the sectors 
that they engage with, focusing on helping them in their 
cybersecurity; and, of course, the Department of Homeland 
Security looking at cross-sectors, trying to build the security 
and resilience of the American economy and our critical 
infrastructure.
    I would like to highlight--you mentioned concerns about the 
protection of private-sector information--that the Department 
has a Congressionally-legislated program called Protected 
Critical Infrastructure Information, or PCII. Organizations, 
companies that share information with the NCCIC, for example, 
that request PCII protections are protected against civil 
litigation, Freedom of Information Act laws at either the 
Federal or State level, and from the disclosure of that 
information to their regulators.
    We have many information-sharing partners and many 
companies who are participating, increasing the National 
security, and also helping each other and themselves by being a 
part of information-sharing efforts.
    Nonetheless, I think it is important that we pass 
additional cybersecurity information-sharing legislation. The 
administration's cyber threat indicator sharing proposal is 
carefully tailored to ensure that privacy and civil liberties 
are protected while getting the very tactical threat 
information that we need to protect ourselves and our companies 
and our economy to the folks that need to use it to protect 
themselves.
    Mr. Clawson. I hope we can have on-going conversations so 
that we can get the right balance here, because it very much 
concerns me that we will overreact and that individual 
customers and companies and folks will bear the price for that.
    I yield back since I am over time. Sorry about that.
    Mr. Ratcliffe. The gentleman's time has expired, but I 
thank the gentleman from Florida.
    I would also like to thank our panel of witnesses for your 
very valuable testimony. I would like to thank the Members 
present for their questions.
    I know that some Members of the subcommittee may have 
additional questions for the witnesses, but we are about to be 
called to vote, and I know that we have some events after the 
vote that would preclude continuing the hearing. So, instead, 
we will ask you to respond to any questions in writing. 
Pursuant to the committee rule 7(e), the hearing record will be 
held open for 10 days.
    Without objection, the subcommittee stands adjourned.
    [Whereupon, at 4:00 p.m., the subcommittee was adjourned.]











                            A P P E N D I X

                              ----------                              

    Questions From Ranking Member Bennie G. Thompson for Andy Ozment
    Question 1a. Please describe the status and activities of the CFATS 
regulatory program under the second and third budget funding scenarios 
given by CRS testimony today. In other words, describe in detail all 
the activities, new or continuing, that would be curtailed, or not 
curtailed under:
    Another CR, or short-term funding, and
    Question 1b. Under a DHS-wide or Government-wide shut down.
    Please include detailed metrics.
    Answer. Prior to the Protecting and Securing Chemical Facilities 
from Terrorist Attacks Act of 2014 (the CFATS Act of 2014), the 
Chemical Facility Anti-Terrorism Standards (CFATS) program was 
authorized through the appropriations process; accordingly, when the 
Federal Government faced a funding hiatus in 2013, the Department's 
authority to implement the Chemical Facility Anti-Terrorism Standards 
lapsed as well. It is not clear whether, had it been necessary, the 
Department would have had the authority to take enforcement action 
during the period of this lapse. With the enactment of the CFATS Act of 
2014, the uncertainty surrounding the Department's authority has been 
lifted. Regardless of whether the employees responsible for 
administering the program would have been furloughed in the event of a 
funding lapse this year, facilities with approved security plans in 
place would have been required to implement those plans.
    Had DHS not received funding and if the majority of CFATS program 
employees had been furloughed, the CFATS program might have seen an 
adverse impact to several high-priority activities. The program is 
currently working through a backlog of unapproved Site Security Plans, 
and a temporary stop to the CFATS program might have negatively 
impacted the number of facilities that would have been approved and 
therefore legally obligated to implement their security plans. For 
every week that CFATS inspection and Site-Security-Plan review 
activities might have ceased to occur during a funding hiatus, 20-30 
additional high-risk chemical facilities that might otherwise have been 
required to implement anti-terrorism security measures might have gone 
unprotected against terrorist attack. Additionally, for every week of a 
shut down, DHS might have been unable to authorize approximately 35 to 
40 security plans, conduct approximately 25 to 30 inspections of high-
risk facilities, or issue nearly 30 final tiering letters.
    A shut down might also have delayed the work being done to achieve 
the deadlines laid out in the CFATS Act, including the development of 
an outreach plan to identify potentially high-risk facilities that have 
not complied with their obligations under CFATS, whistleblower 
protection measures, and guidance for the regulated community on the 
Expedited Approval Program. Other impacts might have included delays to 
the development of information-sharing tools for first responders being 
created as part of Executive Order 13650, delays in rulemaking work 
being done to update the CFATS program, and delays in efforts to make 
improvements to the CFATS risk-tiering methodology.
         Questions From Hon. James R. Langevin for Andy Ozment
    Question 1a. Signature-based threat detection is, by its very 
nature, reactive. Using robust information sharing and a broad network 
of intrusion detection and prevention systems, DHS can help ensure that 
exploits directed at Federal networks are one-offs--that is, they can't 
be reused. However, discovering the initial zero-day that a nation-
state adversary or cyber terrorist uses against us presents a different 
problem. The incorporation of threat intelligence from the IC into E3A 
(Einstein 3 Accelerated) is one way to expand the base of threat 
indicators, but even E3A is only as good as the information it is fed.
    How is NPPD addressing this challenge?
    Answer. DHS intends to detect and block threats using three legs of 
a stool: Signature-based systems to block threats, analysis systems to 
identify new threats, and information sharing to disseminate threat 
information and to gather information for analysis.
    As you note, intrusion detection and prevention systems are only as 
good as the information they have about ``bad'' traffic, which is 
recorded as ``signatures.'' Signature-based systems are a necessary 
tool: Once we know about a threat, we use signature-based systems to 
block it rapidly and in a way that can scale across the whole 
Government. While signature-based tools are necessary, they are not 
sufficient. As you note, to detect and defend zero-day threats, we also 
must be able to detect new threats, traffic, or access that we don't 
already know is ``bad.'' Those capabilities are built into our plans 
for the National Cybersecurity Protection System (NCPS), of which 
EINSTEIN 3 Accelerated (E3A) is one part.
    The second leg of the stool is analysis. We will combine into NCPS 
the information that we gather from EINSTEIN 1, EINSTEIN 2, and 
EINSTEIN 3 with information that we will obtain from other programs 
like Continuous Diagnostics and Mitigation (CDM), other Government 
agencies, and information shared by the private sector. We will then 
use ``big data analytics'' to look at that information, identify 
anomalies and patterns, and detect new threats. Once we have identified 
previously-unknown threats, we will create signatures and push them out 
to E3A to block those threats. To complement this big data analytics 
approach, we are also exploring options to build adaptive analysis 
solutions into E3A itself, as described in the response to the next 
question.
    The third leg of the stool is information sharing. When we learn 
about new threats, we will push the corresponding cyber threat 
indicators out to other Government agencies and the private sector in 
near-real time: At machine speed. By sharing these indicators, we will 
greatly reduce the likelihood that an adversary can re-use attack 
infrastructure, tools, tactics, techniques, and procedures. This means 
we increase the adversary cost, and decrease the likelihood, of 
successful attacks.
    Our vision of a ``weather map'' describes this planned approach--
and we are already in the process of implementing this vision. The 
vision includes: (1) Bringing together into NCPS the data from the 
EINSTEIN sensors, CDM, our Government partners, and information shared 
by the private sector; (2) visualizing that data to aid in situational 
awareness and analysis; (3) analyzing that data to detect and 
potentially anticipate malicious actors, and (4) sharing the resulting 
cyber threat indicators back to our Government partners and the private 
sector, thus creating a virtuous circle. As in all of our activities, 
we will incorporate the strong privacy and civil liberties protections 
and oversight that are already described in our Privacy Impact 
Assessments, which are publicly available at dhs.gov.
    Question 1b. Are there other paradigms for detection that don't 
rely on foreknowledge of a threat?
    Answer. Threat actors continually modify their attacks and are 
using increasingly targeted, clandestine, and dedicated techniques. As 
a result, we must build upon our signature-based approaches with 
solutions that will detect previously-unknown malicious activity. One 
solution as described in the response to the previous question, is to 
use big data analytics. In addition, we are currently exploring options 
to build non-signature based capabilities into E3A.
    The Advanced Countermeasures and Automated Analytics Project 
utilizes the E3A Traffic Aggregation service to offer capabilities that 
blend speed and flexibility to detect advanced cyber threats, execute 
countermeasures to stop those threats from reaching their target, and 
increase the real-time and rich information sharing with departments 
and agencies. (E3A offers two services: Traffic Aggregation and 
Intrusion Prevention Security Service.)
    This prototype uses computational intelligence algorithms and 
automated detection methods to identify and quantify anomalous 
behaviors, and employs tools and techniques to support threat-driven 
pattern recognition and ``learning'' algorithms.
    Question 2a. I believe that convening stakeholders to help 
establish standards and encourage their adoption is an excellent way to 
leverage Federal investments in improving cybersecurity practices. DHS 
has played a vital role in the development of the STIX/TAXII system and 
in the deployment of the NIST Cybersecurity Framework (through the C3 
Voluntary Program).
    How can DHS continue to build upon these successes?
    Answer. Voluntary cybersecurity standards and guidance through non-
regulatory agencies such as NIST help private-sector entities to 
improve their own security.
    DHS's Critical Infrastructure Cyber Community (C3, pronounced ``C-
Cubed'') Voluntary Program is an innovative public-private partnership 
led by DHS as part of its continuing outreach and collaboration with 
the civilian government, State, local, Tribal, and territorial (SLTT) 
partners. The C3 Voluntary Program helps to align critical 
infrastructure owners and operators with existing resources that assist 
their efforts to manage their cyber risks, including through the use of 
the Cybersecurity Framework. It also facilitates forums for knowledge 
sharing and collaboration; provides access to free and readily-
available technical assistance, tools, and resources to strengthen 
capabilities to manage cyber risks; and offers opportunities to 
exchange opinions with peers and other partners in the critical 
infrastructure community.
    For the past 3 years, DHS has led the development in collaboration 
with the private sector of specifications--known as STIX and TAXII--
which standardize the representation and exchange of cyber threat 
information, including actionable cyber threat indicators. STIX, the 
Structured Threat Information eXpression is a standardized format for 
the representation and exchange of cyber threat information, including 
indicators. TAXII, the Trusted Automated eXchange of Indicator 
Information, is a standardized protocol for discovering and exchanging 
cyber threat intelligence in STIX.
    As you note, the STIX data format and the TAXII transport method 
are increasingly compatible with commonly-used commercial information 
technology (IT) products including platforms, network protection 
appliances, and endpoint security tools.
    The Enhance Shared Situational Awareness (ESSA) initiative has 
chosen STIX as the basis for sharing cyber threat indicators between 
the Federal cyber centers, ensuring interoperability between these key 
sources of information. While the NCCIC has in-house systems and tools 
to assist analysts in generating STIX indicators, those indicators are 
currently analyzed and filtered by human analysts and shared back out 
with the private sector and Federal partners through manual methods 
such as e-mail and secure portals.
    In 2014, the National Cybersecurity and Communications Integration 
Center (NCCIC) began a limited pilot with several organizations to test 
automated delivery of STIX indicators via TAXII and is currently 
executing a number of activities to expand automated cyber threat 
indicator-sharing capabilities. This means more entities are able to 
send indicators automatically to the NCCIC, creating an ecosystem of 
indicators which will in turn provide greater context to malicious 
cyber activity and rapidly increase situational awareness.
    Intentionally adaptable, the Cybersecurity Framework and the STIX/
TAXII protocols reflect a commitment to empowering Government and 
private-sector entities to manage and mitigate their own cybersecurity 
risks, with DHS as a coordination point and resource. DHS's NCCIC has a 
unique role as the center of integration, a hub for information sharing 
and collaborative analysis of global cyber risks, trends, and 
incidents.
    Our leadership role lies in protecting civilian government systems 
and helping the private sector protect itself. In the future, we look 
to make tailored information sharing as effective as possible through 
voluntary collaboration. DHS looks to continue to correlate data from 
diverse sources in an anonymized and secure manner, to maximize 
insights and inform effective risk mitigation.
    Question 2b. What are other areas that the Department sees as ripe 
for this kind of collaboration?
    Answer. Today American adversaries exploit a fundamental asymmetry 
in our network infrastructure: While nearly all of our systems and 
networks are globally interconnected, our defensive capabilities are 
not. This gives the attackers an advantage as they can find and exploit 
the weak links in our systems from anywhere around the world--at 
machine speed. By sharing cyber threat indicators in near-real time, we 
reduce that asymmetry. As the President's Executive Order 13691 
reflects, DHS and our partners are working together to find new and 
better ways to share accurate, timely data, including cyber threat 
indicators, in a manner consistent with fundamental American values of 
privacy, confidentiality, and civil liberties.
    Question 3. Private industry and private researchers regularly make 
important cybersecurity discoveries such as software vulnerabilities or 
active malware campaigns. However, because even white hat security 
research often involves essentially ``breaking in'' to secure systems, 
some researchers are concerned that they could be subject to 
prosecution under anti-hacking statutes.
    How can we ensure that needed security research is not chilled by 
these necessary laws?
    Answer. The Department of Justice is best positioned to address 
questions specifically pertaining to the Computer Fraud and Abuse Act 
(CFAA), 18 U.S.C.  1030. That criminal statute is part of a relevant 
exception to application of the Digital Millennium Copyright Act 
(DMCA), 17 U.S.C.  512, 1201-05, 1301-1332, and 28 U.S.C.  4001, 
specifically 17 U.S.C. 1201(g)(2).
    The current statutory structure appears to be predicated upon the 
``white hat'' researcher's gaining a copy of the protected copyrighted 
work after attempting to acquire or actually acquiring the permission 
of the owner of the data which is being protected by a cybersecurity 
system.
    The cybersecurity research programs within the Science and 
Technology Directorate of the Department of Homeland Security complies 
with the CFAA and the DMCA its work to date has not been hampered by 
potential CFAA or DCMA liability. However, on occasion, DHS 
cybersecurity program officials have been informed by certain 
individuals performing academic research that their research has been 
limited by the refusal of certain entities using cybersecurity systems 
to permit research on the robustness of those systems.
    The Department of Homeland Security believes that robust research 
is an important driver of improved public safety, security, and social 
progress and that the law must offer researchers the opportunity to 
carry out their research free from the fear of legal liability in the 
absence of being able to obtain permission.
    Additionally, at the time the DMCA was designed, it was a commonly-
held view that cybersecurity systems were in place to primarily protect 
against copyright violations. As our world becomes increasingly 
digitized, other areas such as protection of the electric grid, other 
infrastructure operational data, or, on an individual basis, research 
into the emerging area of cyber-physical systems or the ``Internet of 
Things,'' which consists of research into the vulnerabilities of the 
increasing computerization of devices, such as automobiles and medical 
devices, can touch us increasingly both as a society and as 
individuals.
    As a society, we must understand all such cybersecurity 
vulnerabilities, analyze the impact of the current law, particularly 
the DMCA and CFAA, and design a framework to assure an atmosphere that 
gives research the best chance to succeed while assuring the rights of 
the owners of the protected systems, the personally identifying 
information, and societal interests at stake.

                                 [all]