[Senate Hearing 114-204, Part 5]
[From the U.S. Government Publishing Office]
S. Hrg. 114-204, Pt. 5
DEPARTMENT OF DEFENSE AUTHORIZATION FOR APPROPRIATIONS FOR FISCAL YEAR
2016 AND THE FUTURE YEARS DEFENSE PROGRAM
=======================================================================
HEARING
before the
COMMITTEE ON ARMED SERVICES
UNITED STATES SENATE
ONE HUNDRED FOURTEENTH CONGRESS
FIRST SESSION
ON
S. 1376
TO AUTHORIZE APPROPRIATIONS FOR FISCAL YEAR 2016 FOR MILITARY
ACTIVITIES OF THE DEPARTMENT OF DEFENSE, FOR MILITARY CONSTRUCTION, AND
FOR DEFENSE ACTIVITIES OF THE DEPARTMENT OF ENERGY, TO PRESCRIBE
MILITARY PERSONNEL STRENGTHS FOR SUCH FISCAL YEAR, AND FOR OTHER
PURPOSES
----------
PART 5
EMERGING THREATS AND CAPABILITIES
----------
APRIL 14, 2015
Printed for the use of the Committee on Armed Services
S. Hrg. 114-204, Pt. 5
DEPARTMENT OF DEFENSE AUTHORIZATION FOR APPROPRIATIONS FOR FISCAL YEAR
2016 AND THE FUTURE YEARS DEFENSE PROGRAM
=======================================================================
HEARING
before the
COMMITTEE ON ARMED SERVICES
UNITED STATES SENATE
ONE HUNDRED FOURTEENTH CONGRESS
FIRST SESSION
ON
S. 1376
TO AUTHORIZE APPROPRIATIONS FOR FISCAL YEAR 2016 FOR MILITARY
ACTIVITIES OF THE DEPARTMENT OF DEFENSE, FOR MILITARY CONSTRUCTION, AND
FOR DEFENSE ACTIVITIES OF THE DEPARTMENT OF ENERGY, TO PRESCRIBE
MILITARY PERSONNEL STRENGTHS FOR SUCH FISCAL YEAR, AND FOR OTHER
PURPOSES
__________
PART 5
EMERGING THREATS AND CAPABILITIES
__________
APRIL 14, 2015
__________
Printed for the use of the Committee on Armed Services
Available via the World Wide Web: http://www.fdsys.gov/
_________
U.S. GOVERNMENT PUBLISHING OFFICE
24-522 PDF WASHINGTON : 2017
____________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
Internet:bookstore.gpo.gov. Phone:toll free (866)512-1800;DC area (202)512-1800
Fax:(202) 512-2104 Mail:Stop IDCC,Washington,DC 20402-001
COMMITTEE ON ARMED SERVICES
JOHN McCAIN, Arizona,Chairman
JAMES M. INHOFE, Oklahoma JACK REED, Rhode Island
JEFF SESSIONS, Alabama BILL NELSON, Florida
ROGER F. WICKER, Mississippi CLAIRE McCASKILL, Missouri
KELLY AYOTTE, New Hampshire JOE MANCHIN III, West Virginia
DEB FISCHER, Nebraska JEANNE SHAHEEN, New Hampshire
TOM COTTON, Arkansas KIRSTEN E. GILLIBRAND, New York
MIKE ROUNDS, South Dakota RICHARD BLUMENTHAL, Connecticut
JONI ERNST, Iowa JOE DONNELLY, Indiana
THOM TILLIS, North Carolina MAZIE K. HIRONO, Hawaii
DAN SULLIVAN, Alaska TIM KAINE, Virginia
MIKE LEE, Utah ANGUS S. KING, JR., Maine
LINDSEY GRAHAM, South Carolina MARTIN HEINRICH, New Mexico
TED CRUZ, Texas
Christian D. Brose, Staff Director
Elizabeth L. King, Minority Staff Director
____
Subcommittee on Emerging Threats And Capabilities
DEB FISCHER, Nebraska, Chairman BILL NELSON, Florida
KELLY AYOTTE, New Hampshire JOE MANCHIN III, West Virginia
TOM COTTON, Arkansas JEANNE SHAHEEN, New Hampshire
JONI ERNST, Iowa KIRSTEN E. GILLIBRAND, New York
THOM TILLIS, North Carolina JOE DONNELLY, Indiana
LINDSEY GRAHAM, South Carolina TIM KAINE, Virginia
TED CRUZ, Texas
(ii)
C O N T E N T S
____________
April 14, 2015
Page
Military Cyber Programs and Posture.............................. 1
Rosenbach, Honorable Eric, Principal Cyber Advisor to the 4
Secretary of Defense.
McLaughlin, Lieutenant General James K., USAF, Deputy Commander, 9
U.S. Cyber Command.
O'Donohue, Major General Daniel J., USMC, Commanding General, 24
U.S. Marine Corps Forces Cyberspace.
Wilson, Major General Burke E., USAF, Commander, 24th Air Force, 29
Commander, Air Forces Cyber.
Tighe, Vice Admiral Jan E., USN, Commander, U.S. Fleet Cyber 34
Command, Commander, U.S. 10th Fleet.
Cardon, Lieutenant General Edward C., USA, Commander, U.S. Army 40
Cyber Command.
Questions for the Record......................................... 51
(iii)
DEPARTMENT OF DEFENSE AUTHORIZATION FOR APPROPRIATIONS FOR FISCAL YEAR
2016 AND THE FUTURE YEARS DEFENSE PROGRAM
----------
TUESDAY, APRIL 14, 2015
U.S. Senate,
Subcommittee on Emerging
Threats and Capabilities,
Committee on Armed Services,
Washington, DC.
MILITARY CYBER PROGRAMS AND POSTURE
The subcommittee met, pursuant to notice, at 2:35 p.m. in
room SR-222, Russell Senate Office Building, Senator Deb
Fischer (chairwoman of the subcommittee) presiding.
Committee members present: Senators Fischer, Ayotte, Ernst,
Tillis, Nelson, Gillibrand, and Donnelly.
OPENING STATEMENT OF SENATOR DEB FISCHER, CHAIRWOMAN
Senator Fischer. Good afternoon. The hearing will come to
order.
The subcommittee meets today for its annual posture hearing
on military cyber programs. And I'd like to welcome all of our
witnesses today, and thank each and every one of you for your
very honorable service to this country.
Our hearing will be structured in two panels. First, we
will hear from Mr. Eric Rosenbach, the Principal Cyber Advisor
to the Secretary of Defense, and Lieutenant General Kevin
McLaughlin, the Deputy Commander of U.S. Cyber Command. Then,
after we do a few rounds of questions, we will ask each of the
cyber component commanders to provide their opening remarks and
also respond to the committee's questions.
Given the number of witnesses, we ask that everyone keep
their remarks to 5 minutes. And your full written testimony
will be included in the record.
While the hearing today is the fourth Senate Armed Services
hearing on cyber this Congress, it is the first of what I hope
will be many engagements for our Subcommittee on Emerging
Threats and Capabilities. I thank our witnesses for being here
today, and I look forward to their testimony.
With that, I would ask that the full text of my opening
statement be entered into the record without objection.
[The prepared statement of Senator Fischer follows:]
Prepared Statement by Senator Deb Fischer
The subcommittee meets today for its annual posture hearing on
military cyber programs. I'd like to welcome all of our witnesses
today, and thank them each for their honorable service.
Our hearing will be structured in two panels. First, we will hear
from Mr. Eric Rosenbach, the principal cyber advisor to the Secretary
of Defense, and Lieutenant General Kevin McLaughlin, the deputy
commander of U.S. Cyber Command. Then, after a couple rounds of
questions, we will ask each of the cyber component commanders to
provide their opening remarks and answer some questions. Given the
number of witnesses, we ask that everyone keep their remarks to five
minutes. Your full written testimony will be included in the record.
The chairman of the Joint Chiefs recently stated that the United
States enjoys a significant military advantage in every domain except
for the cyber sphere. In cyber, ``we don't have an advantage,''
Chairman Dempsey stated, ``and that makes this chairman very
uncomfortable.'' Those sobering remarks should make all of us very
uneasy. Confronting our cyber challenges should be among our highest
priorities. I look forward to hearing from our witnesses on how they
plan to effectively train, arm, and equip our 6,200 person Cyber
Mission Force with the necessary level of urgency.
We have a lot to be proud of--finding resources for a new mission
is challenging, especially in times of limited budgets. I commend the
Department of Defense, the Services, and Cyber Command for their
accomplishments to date. However, much work remains to be done to
ensure that the cyberwarriors we are training have the capabilities,
tools, and infrastructure necessary to deter and defeat those seeking
to exploit our cyber assets. I am concerned that while we have made
great progress in creating more defensible networks and building the
cyber mission teams, we have lagged behind considerably in developing
the capabilities and policy necessary to impose costs on our
adversaries. This hinders our ability to deter those seeking to exploit
the United States through cyberspace.
To illustrate my concern, consider the fact that the fiscal year
2016 budget request includes $5.5 billion in cyber investments.
Unfortunately, when you dig a little deeper into that request, it
appears that only 8 percent of that $5.5 billion is allocated for Cyber
Command and the training and equipping of our Cyber Mission Forces.
These teams are expected to be the backbone of the Department of
Defenses cyber capability: guarding the DOD network, supporting our
warfighters' requirements in cyberspace, and defending the nation from
cyberattack when authorized to do so. We must ensure that these forces
are provided with adequate ftlnding to meet the expectations placed
upon them. Otherwise, we run the risk of having 6,200 well-frained
individuals who lack the capabilities necessary to deter and defeat our
adversaries--or, as Chairman McCain put it, a ``hollow cyber force.''
Last month, during our full committee posture hearing for U.S.
Cyber Command, Admiral Rogers testified that the United States is ``at
a tipping point where we not only need to continue to build on the
defensive capability, but we have got to broaden our capabilities'' so
that policy makers and military leaders are equipped with an adequate
range of options. I am eager to hear how each of you plan to meet the
urgent need for offensive military cyber capabilities, and whether the
current budget request is sufficient to meet the challenges we face.
Not a day goes by where we don't hear of a bad actor frying to use
cyberspace to steal data, impose their will through coercion, or
threaten our critical infrastructure. The Cyber Command's written
testimony last month was quite sobering. It stated that potential
enemies may be ``leaving cyber fingerprints on our critical
infrastructure'' in order to send a message about its vulnerability.
Our adversaries are using their cyber capabilities to deter us, and in
many respects they are succeeding. It is necessary to signal to those
looking to harm the United States that the consequences of doing so
will greatly outweigh any perceived benefit. I look to each of your
helping us to understand what cyber capabilities will be necessary to
impose costs, reverse these troubling trends, and establish better
deterrence in cyberspace.
While the hearing today is the fourth Senate Armed Services hearing
on cyber this Congress, it is the first of what I hope will be many
engagements for our Subcommittee on Emerging Threats and Capabilities.
I thank our witnesses for being here today, and I look forward to
their testimony.
Senator Fischer. I would like to welcome the Ranking Member
of the committee, Senator Nelson from Florida, to offer any
remarks he may have.
STATEMENT OF SENATOR BILL NELSON
Senator Nelson. Thank you, Madam Chairwoman.
Welcome. We are obviously at a critical juncture. There's a
real cyber threat out there. This Senator certainly has a
concern that, despite all of the alarms that have been raised
about the cyber threat, we still don't seem to be taking it
very seriously.
Not long ago, Admiral McConnell, the Director of National
Intelligence and NSA as well as the head of Cyber Command,
stated his belief that foreign adversaries could bring down the
grid on the East and West Coasts through cyber attack.
Recently, I received a briefing from well-informed industry
experts that were tasked in a national security staff-sponsored
cyber threat exercise. And what they briefed me is that a
relatively small group of knowledgeable people could bring down
the economy of this country in 3 days. They could wreck the
Internet and other critical infrastructure systems in this
country in relatively short order. Now, such forecasts are made
despite the standup of Cyber Command and assurances about how
well it's progressed in its ability to protect the country.
It's still hard for us to get the U.S. Chamber of Commerce
to come in behind any legislation involving cyber security
except that which would be entirely voluntary on the part of
the business community. And, in light of these real-life cyber
attacks, it seems to me that offense in cyber has the sort of
advantages that ballistic missiles have enjoyed over missile
defenses for over a half a century, and that cyber weapons can
have the effects like weapons of mass destruction.
So, I'm concerned that, in the case of cyber, we are not
being honest with ourselves, or the American people, that
effective defenses are practical and within the reach of our
military in the near term. Specifically, I'm concerned that
Cyber Command inherited a strategy from NSA signals
intelligence from that culture that has significant limitations
in the context of military operations.
Our intel agencies always strive, appropriately so, to know
everything about an adversary's capabilities. And, in cyber,
that means gaining knowledge of the other side's malware and,
whenever possible, their intentions for executing attacks. The
hope is that NSA and Cyber Command will reliably have such full
insight and can take effective action. But, it's unreasonable,
in this Senator's view, to rely so heavily on the success of
our intelligence operations to anticipate attacks, especially
in an area like cyber, where technology enables adversaries to
be quite elusive and to be able to go on the offense without us
having a sufficient defense. We must assume that determined
adversaries will be resourceful enough to keep secrets from us
and to achieve significant surprise. And I don't expect that
we're going to have the capability to completely neutralize our
adversaries' cyber force, given that computers are cheap and
easy to replace, and that the Internet is a vast domain in
which to hide and maneuver.
And so, this then brings up the issue of deterrence. Our
critical infrastructure is vulnerable, but at least there is
deterrence with folks like Russia and China, because they have
a lot to lose, as well, knowing that we could respond
offensively with a large-scale attack on their economic
targets.
So, it's just like the ICBMs of years ago, mutual assured
destruction. But, what about the rogue nations or rogue
elements--North Korea, Iran, and so forth? And we've certainly
had examples of that already--the Sony attacks, et cetera.
And so, I want to know from our witnesses if you would
agree that deterrence in these circumstances may not be really
possible. After Cyber Command's creation, we are finally
fielding trained military forces to execute operations. We're
about halfway towards our force goals. But, these forces are,
to a significant degree, in this Senator's opinion, hollow, in
that we are not yet able to equip them with the tools they need
to function effectively. We're in a situation, although
understandable--a flawed assumption is that military cyber
operations would be an extension of NSA's SIGINT activities,
including utilizing the same tools and infrastructure. And,
while NSA has always, obviously, got to be a critical partner
for Cyber Command, it's now understood that this Command needs
a different set of capabilities.
And so, I want to get into that, Madam Chairwoman, as we
get into our discussion.
And if you guys can't answer the questions, then let's go
into a classified setting.
Thank you, Madam Chairwoman.
Senator Fischer. Thank you, Senator Nelson.
We do plan to have two panels today. And we'll keep track
of questions that you gentlemen are unable to answer in an open
setting, and then we will go to a classified setting after
that.
But, welcome, again, to the subcommittee. If you have your
opening statements ready, we will accept those at this time
Mr. Secretary, if you'd like to begin, please. Welcome.
STATEMENT OF HONORABLE ERIC ROSENBACH, PRINCIPAL CYBER ADVISOR
TO THE SECRETARY OF DEFENSE
Mr. Rosenbach. Thank you very much, Madam Chairwoman,
Ranking Member Nelson. I really appreciate the opportunity to
testify here before the subcommittee to you and other members
of the subcommittee.
And I'm also very happy to be with Lieutenant General
McLaughlin, the Deputy Commander. He's a very good partner in
all this, along with the services, who are working hard.
I think that I don't need to spend a lot of time telling
you about the cyber threat landscape, as Senator Nelson just
explained. But, over the past several years, we've seen that
this is growing, both in sophistication and urgency. When you
look at something like the Sony cyber attacks or other things,
attacks just against our own DOD networks, we recognize that we
need to take this very seriously, both from the state and the
nonstate perspective.
Another thing that is really important to highlight,
though, is that we're very realistic, from the Department of
Defense (DOD) perspective, that this is a team sport, that we
do not actually have the lead for all domestic cyber security,
that DHS is the lead for many aspects; we need to partner with
the FBI; and, just as you mentioned, Senator Nelson, that the
private sector has a very important role in protecting
themselves. We do have a key role, though. And I'll talk a
little bit more about that.
I would like to tell you a little bit about the way we
think about deterrence, because this is critically important to
our thinking. And, in light of the evolving nature of the
threat, DOD is committed to a comprehensive, whole-of-
government cyber strategy to deter attacks. This strategy
depends on the totality of U.S. actions, to include declaratory
policy, overall defensive posture, effective response
procedures, indication and warning capabilities, and the
resilience of U.S. networks and systems.
Within this, we have three specific roles within the U.S.
Government, from a deterrence perspective:
First, we need to develop capabilities to deny a potential
attack from achieving its desired effect.
Second, the United States must increase the cost of
executing a cyber attack. In this regard, DOD must be able to
provide the President with options to respond to cyber attacks
on the United States, if required, through cyber and other
means. So, something that I would like to emphasize is,
although it's a cyber attack, we don't think about the response
purely through a cyber lens. It would be all the tools of
foreign policy and military options.
And finally, we have to ensure that we're resilient, so, if
there is an attack, that we can bounce back. This, when it
comes down to it, is pure cost-benefit-type analysis to make
sure that the costs are much higher than the benefit to the
adversaries who want to attack us. But, again, I have to be
very candid that some type of attacks are much easier to deter
than others. In the case of nation-states, those are easier to
deter. As you mentioned, sir, the Chinese and the Russians,
easier to deter--much easier to deter than the North Koreans or
the Iranians, and, some of the lower-level criminal attacks or
the theft of intellectual property, the most difficult, as I
know you all understand.
In order to bolster this deterrence strategy in the
Department, we've made the conscious decision to invest in
capabilities, and the Cyber Mission Force in particular, that
allow us to improve our deterrence posture. So, we have built
robust intelligence. I do think that it's an important part of
it, although not the core part. I would agree with Senator
Nelson on that. And we know that we need to reduce the
anonymity in cyberspace so that adversaries who attack us don't
think that they can get away with it, that we know who they
are, that they will be identified, and we'll be able to take
action. These attribution capabilities have increased
significantly in recent years, and we continue to work closely
with intelligence and law enforcement to improve this.
I just want to remind you all, there are three important
missions that we have in DOD:
The first, and our most important mission, is for us to
defend our own DOD networks. I know that may be surprising.
When you think about the Department of Defense, we're very
network-reliant and network-centric, the largest enterprise
network in the world. All of our military operations depend on
our network. And that's why Cyber Command's first job is to
defend DOD networks. The Secretary makes that very clear.
Second, we need to defend the Nation against significant
cyber attacks. This is a small part of all the cyber attacks
against the United States. This is not a denial-of-service
attack, unless it would cross the threshold of armed attack,
for most instances. Right? The Department of Defense is not
here to defend against all cyber attacks; only that top 2
percent, the most serious.
And then, finally, we want to provide full-spectrum cyber
options to the President or the Secretary in cases where that
would be advantageous to our National interests.
To carry out these missions, we're building a Cyber Mission
Force which is composed of 133 teams. I can tell you more
details about that. But, I want to emphasize, too, that there's
an important role for the National Guard and Reserves. We want
to capitalize on the expertise that folks who are in the
private sector but still want to serve the country have. And
we've already worked with the services to allow some force
structure on that. And developing this talent in a cadre of
cyber experts is very important to the Secretary. Since
Secretary Carter has been here, it's one of his top priorities,
is ensuring we have new tunnels through which talent can come
into the Department and cyber and other ways.
Again, to show that we're thinking very clearly about this,
next week we'll release a new strategy for the Department that
will guide the way forward for the next several year in cyber.
The Secretary has driven this, he's very action-oriented, with
projects, milestones, and things that we'll be able to measure
our effectiveness on. And I'm more than happy to tell you all
some about that today, and a lot more in the future, next week.
Also, I just want to emphasize how important building
strong partnerships is--with the private sector, with our other
government agencies, and with allies and partners. The
geography of the Internet itself means that we can't do this
alone, and we've invested a lot of time, even recently, in
Asia, the Gulf, and other places in the Middle East, and, of
course, with our traditional allies, the five allies, and in
NATO, in this area.
So, in conclusion, I think it's also important to emphasize
that the role that Congress plays in this is very important,
both in passing legislation, like the information-sharing
legislation, or cyber security legislation that improves the
standards of cyber security. Up until now, we've had a very
good relationship with the Senate Armed Services Committee and
your staff. We want to be very helpful. I look forward to that
continuing over the next several years.
With that, I'd request that I could submit my written
record for--or, my written testimony for the record, and turn
the podium over to Lieutenant General McLaughlin.
[The prepared statement of Mr. Rosenbach follows:]
Prepared Statement by Honorable Eric Rosenbach
Chairman Fischer, Ranking Member Nelson, and members of the
Subcommittee, thank you for inviting me to discuss Department of
Defense (DOD) efforts in cyberspace. It is my honor to appear today
with my colleague from U.S. Cyber Command, Lieutenant General
McLaughlin. Cybersecurity is an increasingly urgent and important topic
in today's interconnected world, and I appreciate the opportunity to
explain the Department's mission in this space and how we continue to
improve America's cybersecurity posture.
With respect to cyberspace, DOD continues to focus on its three
vital missions: (1) defending DOD information networks to assure DOD
missions, (2) defending the Nation against cyberattacks of significant
consequence, and (3) providing cyber support to contingency plans and
operations. Today, we face diverse and persistent threats in cyberspace
that cannot be defeated through the efforts of any single organization.
Although DOD maintains robust and unique cyber capabilities that we use
to defend our networks and the Nation, we must continue to work closely
with our partners in the Federal Government, the private sector, and in
countries around the world to ensure we have the necessary strategies,
policies, capabilities, and workforce in place to succeed.
the cyber threat landscape
We live in a wired world, and despite the convenience that
connectivity brings, it also makes robust cybersecurity more important
than ever. State and non-state actors are conducting cyber operations
for a variety of reasons, expanding their capabilities, and targeting
the public and private networks of the United States, its allies, and
partners. These cyber threats continue to increase and evolve, posing
greater risks to the networks and systems of the Department of Defense,
our national critical infrastructure, and U.S. companies and interests.
External actors probe and scan DOD networks for vulnerabilities
millions of times each day, and over one hundred foreign intelligence
agencies continually attempt to infiltrate DOD networks. Unfortunately,
some incursions--by both state and non-state entities--have succeeded.
Malicious actors are also targeting U.S. companies. At the end of
last year, North Korean actors attacked Sony Pictures Entertainment in
the most destructive cyberattack against the United States to date.
North Korea destroyed many of Sony's computer systems, released
personal and proprietary information on the Internet, and subsequently
threatened physical violence in retaliation for releasing a film of
which the regime disapproves.
Cyberattacks also pose a serious threat to networks and systems of
critical infrastructure. The Department of Defense relies on U.S.
critical infrastructure to perform its current and future missions.
Intrusions into that infrastructure may provide persistent access for
potential malicious cyber operations that could disrupt or destroy
critical systems in a time of crisis. Because of these severe
consequences, DOD is working with our partners in the interagency and
private sector to ensure these systems are better protected.
At DOD, we are also increasingly concerned about the cyber threat
to the companies in our Defense Industrial Base. We have seen the loss
of significant amounts of intellectual property and sensitive DOD
information that resides on or transits Defense Industrial Base
systems. This loss of key intellectual property has the potential to
hurt our companies and U.S. economic growth, but also enables
adversaries to more easily achieve technological parity with us.
In light of these evolving threats, DOD is committed to a
comprehensive, whole-of-government cyber deterrence strategy to deter
attacks on U.S. interests. This strategy will depend on the totality of
U.S. actions, to include declaratory policy, overall defensive posture,
effective response procedures, indications and warning capabilities,
and the resiliency of U.S. networks and systems.
Fundamentally, however, deterrence is largely a function of
perception, and DOD has three specific roles to play within a whole-of-
government deterrence strategy. First, DOD must develop cyber
capabilities to deny a potential attack from achieving its desired
effect. If our adversaries perceive that they are not going to succeed
in conducting an attack they will be less inclined to act. Second, the
United States must increase the cost of executing a cyberattack. In
that regard, DOD must be able to provide the President with options to
respond to cyberattacks on the United States if required, through cyber
or other means. As the President has said, the United States reserves
the right to respond to cyberattacks at a time, in a manner, and in a
place of our choosing. Finally, we must ensure our systems are
resilient, and able to withstand and recover quickly from any potential
attack on our own networks. Within DOD, it is our responsibility to
make our own systems resilient. Nationally, we support other agencies
of the government, like the Department of Homeland Security and the
National Institute of Standards and Technology, in fostering effective
resiliency measures for the country as a whole.
To support our deterrence posture, DOD is investing significantly
in our Cyber Mission Force to conduct cyber operations. Underpinning
the Cyber Mission Force, we have built robust intelligence and warning
capabilities to reduce anonymity in cyberspace and identify malicious
actors' tactics, techniques, and procedures. Our attribution
capabilities have increased significantly in recent years, and we will
continue to work closely with the intelligence and law enforcement
communities to maintain effective attribution capabilities.
dod's evolving cyber strategy and the future cyber workforce
As I have said, the Department of Defense has three primary
missions in cyberspace: (1) defend DOD information networks to assure
DOD missions, (2) defend the United States against cyberattacks of
significant consequence, and (3) provide full-spectrum cyber options to
support contingency plans and military operations. U.S. Cyber Command
(CYBERCOM), as a sub-unified command to U.S. Strategic Command, is
responsible for defending DOD networks and defending the Nation from
cyber threats, and works in partnership with the combatant commands to
conduct full-spectrum cyber operations.
To carry out these missions, we are building the Cyber Mission
Force and equipping it with the appropriate tools and infrastructure to
operate in cyberspace. Once fully manned, trained, and equipped in
fiscal year 2018, these 133 teams will execute CYBERCOM's 3 primary
missions with nearly 6,200 military and civilian personnel.
As we continue to strengthen the Cyber Mission Force, we recognize
the need to incorporate the strengths and skills inherent within our
Reserve and National Guard forces. Each Service, therefore, has
developed Reserve component integration strategies that embrace Active
component capabilities in the cyberspace domain and leverage the
Reserve and National Guard strengths from the private sector. Up to
2,000 Reserve and National Guard personnel will also support the Cyber
Mission Force by allowing DOD to surge cyber forces in a crisis. When
called upon, these surge forces will serve as a robust DOD-trained
force to help defend national critical infrastructure.
As Secretary Carter has said several times in the last month, the
development of a cadre of cyber experts--both in and out of uniform--is
essential to the future effectiveness of U.S. cyber capabilities, and
we are committed to ensuring the workforce for the cyber domain is as
world class as the personnel in other warfighting domains. To that end,
we are developing and retaining a workforce of highly skilled cyber
security specialists with a range of operational and intelligence skill
sets. This cyber workforce must include the most talented experts in
both the uniformed and civilian workforce, as well as a close
partnership with the private sector. Achieving robust capabilities will
require long-term planning and investment to ensure that a pipeline of
cyber security talent is available to benefit the Department of Defense
and the Nation as a whole.
Over the past several years, DOD's approach toward cyberspace has
continued to evolve and mature. As such, the Department is in the
process of finalizing a new, updated strategy, which will guide DOD's
activities in cyberspace in defense and support of U.S. national
interests. Once approved by the Secretary, we plan to conduct a series
of briefings and discussions with Members of Congress and their staffs.
This strategy builds upon our previous cyber strategy from 2011, the
national security missions and objectives of the 2014 National Security
Strategy, the 2014 Quadrennial Defense Review, and the 2011
International Strategy for Cyberspace.
building strong partnerships
Successfully executing our missions in cyberspace requires a whole-
of-government and whole-of-nation approach. DOD continues to work with
our partners in other Federal Departments and agencies, the private
sector, and countries around the world to address the shared challenges
we face. We work particularly closely with our partners in the
Department of Homeland Security and Department of Justice to ensure
collaboration in cyber operations and information sharing across the
Federal Government, and we have seen tremendous advancement in our
ability to work as a single, unified team.
Additionally, Secretary Carter has placed a particular emphasis on
partnering with the private sector. We need to be more creative in
finding ways to leverage the private sector's unique capabilities and
innovative technologies. The Department does not have all the answers,
and working with industry will be critical to ensuring our technical
military advantage in the future. We are examining ways to expand our
collaboration with industry and developing incentives and pathways to
bring more cyber expertise into the Department.
Finally, our relationship with Congress is absolutely critical. As
the President has said many times, congressional action is vital to
addressing cyber threats. I appreciate the early steps taken during
this session to build consensus on information sharing legislation, and
await progress on other key provisions, such as data breach and cyber
criminal provisions, included in the President's legislative proposal
submitted earlier this year.
conclusion
Cyber threats are real, serious, and urgent, and we can only
overcome them with a cohesive, whole-of-government approach. We have
made significant strides, but there is still more work to be done. I
look forward to working with this committee and the Congress to ensure
that DOD has the necessary capabilities to keep our country safe and
our forces strong. Thank you again for the attention you are giving to
this urgent matter. I look forward to your questions.
Senator Fischer. Thank you, Mr. Secretary.
General.
STATEMENT OF LIEUTENANT GENERAL JAMES K. McLAUGHLIN, USAF,
DEPUTY COMMANDER, U.S. CYBER COMMAND
General McLaughlin. Madam Chairwoman and Ranking Member
Nelson, thank you very much for having us here today. It's a
pleasure to be before you.
It's an honor to also testify with Mr. Rosenbach, our
Principal Cyber Advisor to the Secretary of Defense.
And it's an honor to be able to tell you a little bit about
what's happening at U.S. Cyber Command, to represent the hard
work of the men and women that are in our Command, and so you
could hear a little bit about what their focus is today.
I think that, both in your opening comments and in Mr.
Rosenbach's, a discussion of threat is sort of paramount. And I
think what I'd, maybe, just add to that is, what's different
today, on the military side, is commanders. Whereas, before
they might have thought of the threat as a nuisance or
something where maybe, you know, people were conducting
espionage against the United States, realize that, today, the
cyber threats are actually something that could actually
threaten their ability to command and control their forces and
put at increased risk to their ability to accomplish their
mission, and that--the Sony attacks are a great example, and
it's not lost on them that, today, destructive attacks could
occur against, you know, their own cyber terrain, making it
difficult or impossible for them to accomplish their mission.
So, the threat, in that context, is not just important to U.S.
Cyber Command, but it's important to the Department, you know,
writ large.
The--so, the real--the issue is, What are we doing about
it? And so, the creation of U.S. Cyber Command, again, as
Senator Nelson kind of went through a little bit of our
history, we've been around just a little bit over 4 years. We
are about halfway into the fielding of our Cyber Mission Force,
which are the 133 teams, which are a significant way of
bringing capacity and capability to bear in our ability to
defend the United States and to accomplish Department of
Defense missions in cyberspace.
Admiral Rogers, as--in addition to the three missions that
Mr. Rosenbach laid out that U.S. Cyber Command has--has really
laid out a vision that--where we have four imperatives within
our Command aimed at getting after the challenges that have
already been laid out today and that I think we'll discuss in
more detail.
The first is to defend our Nation's vital interest in
cyberspace. We don't do that alone. As was mentioned, our
primary lane in the road is to defend our Department of Defense
networks and then to bring military capabilities to military
commanders. But, we do know that, as part of a broader team
with other parts of the government, with the private sector and
with our allies, there is a much broader strategic mission
that's really on the plates of Americans and our allies. And
that's, How do we deal with the threats, more broadly, to the
Nation? And that is a key part of this first imperative.
Second, we have to operationalize this mission set. There
was a early part in Senator Nelson's comments about early
focus, perhaps, on approaches that might align themselves with
the intelligence business. And we know we're dependent on
intelligence in this area, but what we have to focus on is
bringing an operational mentality to this space. This is not
just an IT-focused endeavor. This is an operational domain. And
so, we are bringing the same operational mindset and processes
that we would see in any of the other domains. That's a
critical transition, culturally and from a mindset perspective,
to how we think about operations in military cyberspace.
Third, we have to integrate cyberspace operations in
support of joint-force-commander objectives. A key part of the
capacity and capability that we're going to bring is there to
support the operations of other commanders, noncyber-focused
commanders. And so, a key focus for us is to make sure we
integrate and we bring capacity to all the combatant commanders
around the globe, and that they have a place to turn for cyber
capability, whether it's defensive or offensive in nature.
And then, last, accelerate towards full-spectrum
capability. We have to have the ability not just to do--to
defend our networks. That's critical. Not just to command and
control cyber forces. But, we have to be able to bring full-
spectrum capabilities, including offensive capabilities, to
bear if we're going to be a full command, able to meet the
challenges of our Nation.
All of these forces, as we bring them into being, will also
have to be trained and brought to a high level of readiness.
And so, you wouldn't expect a fighter wing or a carrier strike
group or a brigade combat team to ever go into combat if it
hadn't been fully trained and certified as ready to conduct its
warfighting mission. And so, a major focus for us will to be to
make sure that the forces that we have are also brought up to
that same level of readiness and that, when they are asked to
go into combat, that--you know, that the commanders understand
that they're certified and they're able to do their job.
It is a real privilege to be here with you today. I would
like to thank the committee for its strong support, and the
Congress for their support, in this area. This open testimony
is important for us to actually--just to make sure that these
important issues are both understood by, you know, the rest of
the military as well as the American people that are watching
this. We look forward to working with you as partners, help
operationalize the cyber domain, and to make, you know, the
challenges that we're faced a little bit less daunting in the
future.
Thank you.
Senator Fischer. Thank you, General.
We will start with 6-minute rounds. And I will begin, for
either of you gentlemen to answer.
In the President's fiscal year 2016 budget in dealing with
cyber investments, he has $5.5 billion in that budget, but yet
we only are looking at 8 percent of that going to Cyber Command
and the development of the Cyber Mission Forces. Do you think
that's sufficient?
Mr. Rosenbach. Ma'am, I'll take that first.
I'd say we need to be careful when we look at the cyber
budget, because, although maybe 8 percent--and I'm not sure
about that number--of the 5.5 billion is going directly to
CYBERCOM, there's a lot of money that goes indirectly, through
NSA or through DISA or through other places, that ends up
supporting them. So, NSA is a combat-support agency. There are
lots of things they do to support CYBERCOM.
That said, in the Department and in a fiscally constrained
environment, cyber is one of the only three areas where it's
either held or grown over the last several years. And the
Secretary has made very clear that it's an area that will
continue to receive increased growth, and the vast majority of
that is for Cyber Command. So, the bottom-line answer is, we
even assess that 8 percent is not enough and that there should
be some additional growth, and that's part of the strategy,
moving forward.
Senator Fischer. Can you give us any examples of what's
needed to more efficiently and effectively provide training?
General McLaughlin. So, ma'am, what we have on the training
side--let me first tell you what we have, and what it is that
we still need--one thing that we do have is, as we were
directed to bring on the 133 teams, each of the services--and
you'll be talking with some of those component commanders in a
little bit--were asked to build capacity, really almost
overnight, to be able to produce, you know, young enlisted and
young officers that could come onto these teams. That part of
the training's going great. They went from a standing start,
doubled, and then really doubled again their capacity to build
those people that are the initial accessions onto these teams.
The place that we still have work to do, and we're pursuing
it with vigor, is what we call the persistent training
environment. And that is the ability now to take those teams,
once the people show up, and--like we would in--you know, in
any other warfighting domain--and have the ability for those
teams, either subsets of teams or entire teams, to do training
against--routinely--against, you know, live adversaries, like
aggressor forces, to be able to do mission certification or
mission rehearsal events, and to sort of train throughout a
continuum from the time they show up until the time they might
have to deploy or do their COMINT job.
Senator Fischer. Right.
General McLaughlin. That part----
Senator Fischer. I'll speed you along a little bit on that.
On--but, when we're looking ahead, can you say, in this
setting, what you feel will be needed in the future?
General McLaughlin. Yes, ma'am, I'd--what's going to be
needed in the future is, we need to have a couple of
components. We need to have a range environment, so the virtual
environment for these forces to do training. It needs to be
interconnected throughout the United States. We need to have
aggressor--you know, forces that replicate the adversary so
that there's someone to train against. We have to have people
that actually manage and sort of write training scenarios and
scripts. So, it's all the components that make up the capacity
to train our forces.
Senator Fischer. You mentioned, General, earlier, about the
readiness and the force structure. How do you measure that?
Where do you come up with, say, the number 6200? How do you
measure that at all?
General McLaughlin. Well, ma'am, the initial sizing of the
Cyber Mission Force, I think, was really put together to--with
an estimate of the amount of offensive and defensive capacity
we thought we needed as a Department.
Senator Fischer. Have you been able to, I guess, verify
that number, or are you still in the process of estimating what
you need on that for readiness and to be prepared and just
moving forward? Where are you on that?
General McLaughlin. Ma'am, I would say that we are
primarily focused on taking the forces that have been allocated
to us and, on the readiness side, to make sure those forces are
trained and ready. I don't--I wouldn't say that we've done a
lot of analysis up to this point to determine: Is--are 133
teams the right number, or enough? We're mostly trying to take
those teams and make sure that they're ready to do their job.
Senator Fischer. So, you can't say, at this point, if that
number would be adequate.
General McLaughlin. No, ma'am. But, I also wouldn't be able
to say that it's not adequate. You know, our view right now is,
we're only halfway fielding the teams. So, I think we would
have to get them all the way fielded and have them at full
operational capability to be able to do reasonable analysis as
to whether or not there's sufficient resource there.
Senator Fischer. When you look at the question of
deterrence--and, Mr. Secretary, I appreciated your comments on
that, that it wouldn't necessarily be a cyber response to a
cyber attack--but, do you think, at this point, our adversaries
view an attack on either government agencies or the private
sector--but, let's focus on government agencies--do you think
they're--they view an attack right now as low risk for a high
reward?
Mr. Rosenbach. Ma'am, I'd say it really depends on what
type of attack. I would say they probably do view it as low
risk, when it comes to the exploitation and trying to steal
data. I would say it's considerably a higher risk if they were
to conduct a destructive attack against a DOD network, for
example. The deterrence level there is much higher, and I think
they see that as high risk, which is what we go for.
Senator Fischer. Thank you.
Senator Nelson.
Senator Nelson. Thank you, Madam Chairwoman.
Obviously, NSA is going to be a critical partner for Cyber
Command. And I think it's pretty well, however, understood that
Cyber Command needs a different set of capabilities: command
and control, operational planning, situational awareness,
battle damage assessment, mission execution, network
infrastructure, weapons.
Mr. Secretary, do you agree that Cyber Command lacks robust
joint computer network infrastructure to execute military cyber
campaigns effectively?
Mr. Rosenbach. Yes, sir, they currently do not have a
robust capability.
Senator Nelson. Well, what are the attributes of the needed
infrastructure?
Mr. Rosenbach. Sir, I can go into a lot more detail in a
closed session. But, I would say, here, that the ways we think
about this depend on offense or defense. In defense, I think we
have pretty robust capability, and we're in good shape, but
could be better. And I think big data analytics could make that
even stronger, something we're calling the ``unified
platform,'' bringing that together. On offense, Secretary
Carter, when he was Dep Sec Def, made the decision and put
money against a more Title 10-specific infrastructure that
would be for military options, that goes after a platform and
access and a payload, to put it in very simplistic terms. But,
I can talk to you a lot more about that in a classified
session.
Senator Nelson. Okay. Do you agree that Cyber Command lacks
a robust command-and-control platform and systems to plan and
execute fast-moving and large-scale cyber operations?
Mr. Rosenbach. Yes, sir, I agree with that.
Senator Nelson. You agree that Cyber Command itself does
not have the resources or expertise to build this cyber
command-and-control infrastructure and weapon systems.
Mr. Rosenbach. At this point, sir, I think that the
question of resources is one where we have added resources in
those areas. And, because we're trying to be very smart about
attacking a very difficult technical problem, we're doing it in
a measured way to be good stewards of government money. These
are very hard technical problems. And, rather than invest a
large amount of money before we're sure, we're kind of taking
that incremental approach, but are working towards it. And, I
think, when we see success, the Secretary, in particular, will
be willing to invest more in it.
Senator Nelson. Well, if you don't have the resources, do
you think that the military services will have to do this?
Mr. Rosenbach. Sir, there's no doubt the Services play a
huge role in this. And I say this very honestly, that what
they've done, thus far, has been great, and they will continue
to play a key role in----
Senator Nelson. I'm sure. But, we're trying to help you,
here. So, are the Army, Navy, and Air Force prepared to step up
and budget for these joint requirements?
Mr. Rosenbach. It depends on the service, but, in large
part, the services are stepping up, although, in a tough
environment like we have right now, it's very hard for them to
allocate existing resources to cyber. And so, one of the things
that we're looking at is whether there should be new resources
for the services.
Senator Nelson. So, you're not even to the point of
allocating the task to each of the services.
Mr. Rosenbach. It depends on what the task is, sir. But,
here's why we haven't specifically allocated tasks to each of
the services. There is as big decision to make about the model
that we want for CYBERCOM. And, essentially, it comes down to
this. Is CYBERCOM going to be more like SOCOM, with those types
of authorities and that type of model, or is it going to be
something closer to now that is much more reliant on service-
generated man/train/equip and the capabilities, in particular?
That's a decision we're thinking very consciously about, but
have not yet made.
Senator Nelson. And that's the lack of a policy decision
that has been made. And so, does Cyber Command have the
resources and the expertise to at least produce operational
requirements?
Mr. Rosenbach. I think it depends. And, honestly, I'd
prefer that you ask General McLaughlin for his perspective on
that so that I'm not answering too much for the Command on
that.
Senator Nelson. Well, let me ask you. If you're lacking in
this area, which you've already said, basically, that you don't
have the budget for it, how is the Secretary--what should the
Secretary of Defense do to provide the needed support?
Mr. Rosenbach. I guarantee you this, sir, that Secretary
Carter really cares about cyber. He's taking it very seriously.
And if we see that there's a need for additional resources, he
would be the first one to put them there.
The other thing I would say is, it's nothing against
CYBERCOM, but it's a young command. It's nascent and it's still
growing. And it does take a very highly developed human-capital
base to make acquisition decisions, to run programs, things
that, traditionally, the services have done. And that's why
we're thinking so carefully through this.
Senator Nelson. In your planning, do you plan to hit
nonmilitary targets?
Mr. Rosenbach. Sir, I can tell--I can touch a lot more
detail in a closed session. But--yes, but in a very, very
precise and confined way that would always adhere to the Law of
War and all the things we think about for collateral damage and
other targeting. And I'm sure General McLaughlin could add more
to that; in particular, in a classified environment.
Senator Nelson. Such as, if, for example, that you wanted
to take out the enemy's air defenses, you could go in and knock
out the power stations, the civilian power stations.
Mr. Rosenbach. Sir, you know, I think talking in a
classified environment would be better for specifics. And then
I can go into great detail about things like that.
Senator Fischer. Thank you, Senator Nelson.
Senator Ernst.
Senator Ernst. Thank you, Madam Chairman.
Thank you, gentlemen, for being here today.
This past weekend, I had a very exciting drill, in that we,
in the Iowa National Guard, spent some time discussing our 2016
Vigilant Guard exercise. This is exercise play which will
involved Federal agencies, of course the Iowa Army and Air
Guard, as well as State agencies, local agencies. It's a series
of--the play will include a series of weather and natural
disasters, but also including cyber attack and security issues.
And it is something that we have recognized at all levels in
the government in Iowa, that this is a very real possibility.
So, I appreciate you stepping up. I know that the Command
is new, but I look forward to those challenges and
opportunities that we have in developing that. And I am excited
about the 17 series cyber branch bringing on officers and new
soldiers into that area. I will tell you, in the Guard, we have
a great number of members that would quite adequately fill into
those types of activities.
Admiral Rogers, I believe, on March 4th before the House
Armed Services Committee, he did state that there--in quote,
``There's no DOD solution to our cyber security dilemmas. The
global movement of threat activity in and through cyberspace
blurs the U.S. Government's traditional understanding of how to
address domestic and foreign military, criminal, and
intelligence activities.
And, with that being said, the National Defense
Authorization Act (NDAA) for Fiscal Year 2014 directed the
President to develop an integrated policy to deter adversaries
in cyberspace and to provide that cyber deterrence policy to
Congress within 270 days. And that deadline has come and gone,
and we have not seen that policy. Considering that we see a
continuously evolving threat to our cybersecurity, this failure
to present a deterrence policy places our country at risk. And
again, we're seeing that at all levels, in all places of the
United States.
And, to Senator Nelson's point, we talked a lot about
budgeting, but it's very difficult to budget when you don't
know what the administration's policy is. When you talk about
SOCOM-type activities versus other types of activities, we
don't know, we don't have a policy.
And so, I would just ask, Mr. Secretary, is there something
that we're not aware of that is stopping the President from
providing this policy? Are there some hurdles that we need to
overcome? What do we need to do to get that policy?
Mr. Rosenbach. Yes, ma'am. First of all, I'd just like to
say I've met with the Iowa TAG several times to talk about
cyber issues. Very smart guy. And I also--my mom would kill me
if I didn't say I spent my summers in Lake Okoboji, so I know
about Iowa.
[Laughter.]
But, that's--yes, ma'am, but that's not to butter you up
and to not admit that we're not late on the----
[Laughter.]
--the deterrence report that you mentioned.
The interagency and the White House has led an effort. That
report is almost entirely finished. We've put a lot of thought
into it. And, just because I'm in the Pentagon, I'm not able to
say exactly when it would come to you. But, I want to emphasize
that that's more of a report. The overall deterrence policy is
something in--a cyber operations policy that the National
Security Council has put forward and does play into our
thinking, in a large degree.
So, I wouldn't want anyone to think that there's not a lot
of deep thinking about deterrence in the U.S. Government, but
particularly in DOD.
Senator Ernst. Okay. Well, I appreciate that. And, yes, you
did butter me up. Okoboji is lovely. So, you're welcome back
anytime.
Yes, and General Orr is very intent on making sure that we
have a very realistic exercise play, this upcoming year. And
so, we are excited about this opportunity.
So, as we continue to develop the cyber deterrence policy,
what are some of the challenges that you are facing right now?
Senator Nelson has brought up a number of challenges that are
out there, SOCOM versus other types of activities. What are
those challenges? And do you see anything that we, as
legislators, can assist you with in that aspect?
Mr. Rosenbach. Thank you, ma'am. I'll sort of answer quick
and then let General McLaughlin say it.
The biggest challenge, quite frankly, when we think about
deterrence, is making sure that we deter enough that the attack
doesn't come, but we don't escalate things to the point that we
bring more attacks upon ourselves. So, it's really important to
remember that the United States is a glasshouse when it comes
to cyber, and we need to be really careful how much we do
things like think about going on offense, because that almost
inevitably will lead to more attacks on us. So, that's why we
think about using other tools in the toolbox, like economic
sanctions or other aspects of military show of force, from my
perspective.
But, I think General McLaughlin has thoughts on this, too.
General McLaughlin. The key thing on the--from the Cyber
Command perspective, ma'am, on the deterrence piece, is really
making sure we deliver the capabilities that are part of
deterrence. It's defendable networks--make sure that we get
those networks fielded so that the adversary doesn't think he
just has an easy target and doesn't tempt them to use their
capability. Today, I think we are--we could be an easy target,
because we haven't fielded that defendable terrain. Getting our
teams not only fielded, but, as was mentioned--Mr. Rosenbach
mentioned things like the unified platform or Title 10 tools
and infrastructure--we think of those sort of as enablers.
And so, we need to get the enablers crisply defined and
fielded so that you have people plus the capability, whether
you consider them the weapons or the infrastructure. It's the
kit that our teams--that these component commanders behind me,
that their teams need to actually be able to have a robust
capability. I think, from--on the deterrence piece, that's what
we really bring to the table at Cyber Command, will be the
military forces that can be an element of deterrence, certainly
not the--certainly not everything that's required to deter.
Senator Ernst. Thank you. My time is expired.
Thank you, General. Thank you, Secretary.
Thank you, Madam Chairman.
Senator Fischer. Thank you, Senator.
And Senator Tillis.
Senator Tillis. Thank you, Madam Chairman.
Thank you, gentlemen, for being here today.
One quick question is, How does any of the funding you
receive--how is it threatened by sequestration?
Mr. Rosenbach. Sir, I'm going to give you one specific
example and then turn to General McLaughlin so he can give you
more detail.
During sequestration in the past, it put a big hole in the
training pipeline for these Cyber Mission Forces. And what we
saw is, because we had to turn off schoolhouses, there was as
big impact on the rate of development for the overall Cyber
Mission Force. And it really has hurt us in a way that makes me
nervous. And, if that were to happen again, we'd be even
further behind in developing the capability----
Senator Tillis. And, Secretary----
Mr. Rosenbach.--the capabilities like that.
Senator Tillis. Mr. Secretary, that, as the human capital
you need to execute the mission, can you give me a rough idea,
in terms of a percentage of the pipeline that you would have
liked to have had versus was affected by sequestration--a rough
idea of what that is?
Mr. Rosenbach. I think, honestly, General McLaughlin can
give you more details on that, and even more on the impact.
Senator Tillis. Okay.
General McLaughlin. So, sir, we're roughly 50 percent
through the fielding of those 133 teams, and we are--we're
supposed to have all of them at initial capability by the end
of fiscal year 2016. So, we literally have a quarter of the
additional teams that are in the build just for--in this, in
the next fiscal year. So, sequestration will make--will put a
big dent on the ability of the Services to produce the people
that we need to fill out those teams.
Senator Tillis. What about the--some of the longer-term
investments that you have to make while we're in this budget
mode of living paycheck to paycheck? What sorts of long-term
strategic investments are out there that you would like to make
that are impossible to make on 12-month investment horizons?
Mr. Rosenbach. Sir, Secretary Carter recently has
emphasized that sequestration is one of those things where it's
actually a waste of money, for the reason that you note, is,
we're not able to do long-term planning, so you make poor
investment decisions based on a shorter time horizon.
For some of the big rocks, as CYBERCOM calls them--so, the
persistent training environment, a unified platform--those are
things that are a more significant investment that we think
much harder about whether or not we would allocate resources to
when we're unsure of how much will actually be there.
Senator Tillis. You all were mentioning that your top
priority is the 2 percent of, I think, DOD or defense- related
cyber attacks that you see. Is that--did I hear that correctly?
Mr. Rosenbach. Yes, sir. It's not exactly 2 percent. Only
to show--for the biggest threats to the Nation are the ones in
that defend-the-Nation mission that we try to prevent or deter.
Senator Tillis. What about the sort of macro threat? If I
were--I worked in the private sector and did ethical hack
testing and tried to find ways to penetrate businesses--large
businesses and--you know, if I were on the cyber battlefield, I
wouldn't necessarily go after the ones where I know it's going
to hurt most if I get caught. To lead up to your capacity to do
that, I'd go after the downstream supplier base for DOD. I'd go
after municipalities and government institutions to disrupt a
broader population so that you have a whole lot of things that
you have to look at before I would get to a level--I mean, are
we looking at threats in that way? And do we have resources
marshaled in that way? Because that transcends into the private
sector and the U.S. Government supply base, which is large and
diverse.
Mr. Rosenbach. Yes, sir, that's a great question. There are
two ways, in particular, that we've been watching this as it
relates to DOD. So, the first is, we know that a lot of the
defense contractors have been penetrated and intellectual
property pulled out. And so, we're trying to use new
contracting mechanisms. And the SASC has been very helpful in
this in passing some aspects of the law to make it better so
that the private sector has sort of upped their game. Then,
second, TRANSCOM, we've seen, has been penetrated by some
adversaries--the Chinese, in particular--who know that, by
going to the supply chain, they may be able to hit us at a
weaker point than going directly there. And that's something
that SASC also did some reports on that were helpful. So, those
are the two ways.
And then, in the more general private sector, it's an even
more difficult situation, because it's a significant investment
for a lot of the private-sector firms.
Senator Tillis. I don't think I'll get to this question,
but I would like to speak with you all at some point about, How
do we look at the underlying infrastructure through which all
these cyber attacks occur? And are we looking at ways to,
maybe, look ahead to an architecture that makes it still
maintain the privacy considerations, but find better techniques
or a better underlying infrastructure for authentication so
that it puts you in a better position to defend and potentially
attack?
But, I had a final question that has more to do with--I
love what the Commandant of the Marine Corps said at a SASC
meeting a couple of months ago. He says he never wants to put
an American soldier in a position to where he or she is going
into a fair fight. And I think, for most of our men and women
in uniform, we've got the strategies to do that. But, it seems
to me that, in this realm, we have adversaries out there that,
on any given day, although our sophistication may be slightly
better, there are certain battlefields where it could just be a
fair fight and we could get--we could be harmed as much as we
could do harm. Is that a fair assessment?
Mr. Rosenbach. Sir, I think it's a fair assessment, just
given the asynchronous, asymmetric nature of cyber. And General
McLaughlin probably has some thoughts on that, too.
General McLaughlin. Well, I think, because of the diverse
nature of the threats against us, including threats that
operate in ways that we wouldn't operate as a Nation--it's just
not in our character--I do think you could see the potential
where it might not look--where it might look like it's a fair
fight, you know, at least today. And so, I think our goal is--
at least within the DOD side--is to make it where it's not
fair, you know, to bring these capabilities to bear that
we're--that we've been discussing, so that our military forces,
in particular, don't have to go into conflict, in the future,
thinking about this is going to have be a fair fight.
Senator Tillis. Thank you.
Senator Fischer. Thank you, Senator Tillis.
Senator Gillibrand, I know you just arrived. Would you--are
you ready for your questions? Okay, thank you.
Senator Gillibrand. Thank you, gentlemen, for being here.
Appreciate your service and your hard work.
CYBERCOM obviously has a wide array of responsibilities.
How do you deal with unexpected threats? And do you have the
capabilities to meet those threats? And, in the event of a
cyber attack, would you need an additional surge capacity?
General McLaughlin. Ma'am, I think the ability to deal with
unexpected threats, and then surge them, requires a--some
attributes that I think that we are building. First is the
ability to be flexible, to be able to move resources from one
set of challenges to another. We've seen the need for that,
just in the recent 12 months. You know, we've seen things, like
the Sony attack, we've seen resurgent issues with regard to
Russia. So, we've seen issues where our Department has made,
including the cyber, adjustments in priority. So, being
flexible and agile to respond to things that perhaps you
weren't forecasting is something that's built into our model.
But, you raise a great point on the ability to surge. So,
we are building a set of forces--we've talked a little bit
about them today--133 cyber teams that are going to be the
basic capacity and capability for our military forces in Cyber.
What we've also added, though, are forces in the total force.
So, all the services have constructs for their Reserve Forces.
And the Army and the Air Force have--with their Guard forces,
are actually going to be brought online and actually provide
capacity for the Nation if they needed to be called up. You
could surge and bring even more military capacity with the
total force. That is part of our construct. It's just really
been defined in about the last 12 months, and now both the
Reserves and the Guard are building their teams, certified to
the same standards that the Active Duty teams will have. And
that will be additional resource if there was a surprise or a
need to surge resources to an emergency.
Senator Gillibrand. And what's your vision, with regard to
Guard and Reserve components, for CYBERCOM?
General McLaughlin. Our vision, from the Cyber Command
perspective, was very clear. We wanted to make sure that all
Reserve and Guard forces were able to be trained to the same
standard so that, if they were called up to do the Title 10--
you know, to support in a Title 10 status--they would be equal
and capable.
Senator Gillibrand. So, you're envisioning equivalent
training.
General McLaughlin. Yes, ma'am.
Senator Gillibrand. Okay.
General McLaughlin. Absolutely. And that they would be able
to also be commanded and controlled in a seamless, the same way
that the Active-Duty Forces would--you know, would be commanded
and controlled.
So, that's the--that's really the--from the Cyber Command
perspective, what we laid out. Each of the Services has taken a
slightly different way that they've--that they are thinking
about integrating Reserve and Guard forces into their
structure. They all fit within our construct at Cyber Command.
And I know each of the--those component commanders in the
second panel would be glad to talk to you about specifically
what's unique about each Service, in terms of how they think
about their----
Senator Gillibrand. And will that change after fiscal year
2016? Would you still be able to--the people assigned to
CYBERCOM would still be able to receive the same training?
General McLaughlin. Yes, ma'am. Our plan is that this--
that's the steady-state----
Senator Gillibrand. Okay.
General McLaughlin:--mode that we would like to be in.
Senator Gillibrand. And then, representing New York,
obviously, we have a lot of emerging threats to our
infrastructure, to our financial markets, and to basic national
security. And I've met with a lot of the experts in the field
there. What are your thoughts on the relationship and the
coordination between Homeland Security and DOD, in terms of
cybersecurity and role responsibilities? And, more to the
point, do you see--what do you see as the Department of
Defense's role in the support of States, DHS, and the FBI?
Mr. Rosenbach. I'll take that one, ma'am.
I think--it's been interesting for me, because I've been in
the Department for almost 4 years now, working on cyber issues.
And when I first came, there was a lot of tension between DOD
and DHS, and a little struggle about who would have the lead.
It's completely different now. The relationship is very strong.
We know that DHS/FBI have the lead for domestic issues. We then
will come in behind them and support them, very often. You
could ask General McLaughlin, if you want, for example, about
the support that DOD and NSA gave during the Sony cyber attacks
in a domestic way.
And then, the relationships between the State and local
governments usually is through DHS, just like defense support
for civil authorities. In all ways, we need a lead Federal
agency, and then we can provide support to them or to the
States.
Senator Gillibrand. Now, if you are doing this level
coordination and training, do you have the resources and
support you need to do those missions?
Mr. Rosenbach. Ma'am, you know, because the cyber threat is
growing so much, we see that we'll need more resources down the
line, and the Department has prioritized Cyber as one of those
that will continue to get additional resources.
Senator Gillibrand. Do you need any additional authorities?
Mr. Rosenbach. Right now, there are none that we think we
need, but we've always worked real closely with the Senate
Armed Services Committee (SASC) in the past. And I'm sure, if
we identified those, that we would--we would welcome your
support.
Senator Gillibrand. In the issue of recruitment, we've just
received a report from all Services articulating their plans
either to create separate specialties or designators for cyber.
It's my understanding that the training necessary to build a
cyber warrior can take up to 2 years. How do you envision the
development, not only of separate specialties for cyber, but
also career tracks for cyber warriors? How do we retain them
and get a return on the investment the United States has put
into these warriors?
Mr. Rosenbach. I'll let General McLaughlin speak in more
detail, but I know that's something you've worked a lot on in
the past, and been helpful in getting new authority for us.
That has been very good. So, I would like to thank you for
that, explicitly, and then let General McLaughlin talk more
about the details of the training.
General McLaughlin. Sure. Senator, the--each--as you
mentioned, each Service is thinking through what type of
specialties and career tracks it needs in the cyber warfare
domain. They've all taken slightly different paths, but each of
them are--have come up with a path so that you can now come in
as a new entry or accession, and you can conceive a career in
this area. It's not something you would dabble in or come in
and out of.
Senator Gillibrand. That's great.
General McLaughlin. And so, from our perspective, it's not
only important that they've done that so that our initial
people, as they come in, are qualified, but we actually need,
you know, mid-level and senior, you know, people that have deep
experience in this. So, the--so, their work to build the career
path is critical for us, and it's something we're watching.
We've really just sort of laid out the requirement, and each of
the Services, you know, strapped on and has, I think, again,
taken a slightly different path, but each of them, at the end
of the day, are going to have people with that type of--that
depth over a career.
Senator Gillibrand. Thank you.
General McLaughlin. The last thing, you mentioned about
just--I would just add--keeping them in. So, retention will be
a big deal.
Senator Gillibrand. Yup.
General McLaughlin. If you're going to invest 2 years
training someone on a set of very, very high-end skills that
actually are marketable in the civilian workplace, our job will
be to retain them. It's not only to show that they have a valid
career, but also if there are incentives or other things that
might help offset, you know, the fact that they could make more
elsewhere, you'll see us--where each of the Services is looking
at that.
And then also flexible models. You know, how can we be
flexible in the workforce of the 21st century to let people,
you know, feel like they--perhaps we could bring in people from
the private sector, or we could do other things, not just use
the same model we've always used in the Department.
Senator Gillibrand. Thank you.
Senator Fischer. Thank you, Senator.
We will have a 4-minute round for the second round, here,
so we can have our second panel up and still get down to the
classified briefing. Senator Nelson would like to meet down
there yet today.
So, I'm just going to ask a couple of quick questions,
here, Mr. Secretary. One on deterrence again, and then on
acquisition, if I can.
When we look at the sanctions that were recently authorized
by the President and against the cyber attackers, how do you
see that contributing towards better deterrence in cyberspace?
And specifically, when you look at the other agencies, when you
look at State and you look at Treasury and you look at Justice,
are the agencies working together? And how's the Department
working with him on that?
Mr. Rosenbach. Thank you, ma'am. In the case of the Sony
attacks, on the sanctions that went against the DPRK, we, as an
interagency, looked very, very closely at the organizations we
could target with those sanctions that would inflict the most
cost on them. So, remember what I talked about, the cost-
benefit relationship for deterrence; that's why. So, that, of
course, was led by Treasury and other experts in the
interagency, but we had as much a voice in that as anyone. And
I do think that's something that was effective and has impacted
the decision calculus of the North Koreans.
Senator Fischer. When we have a show of force in other
domains, that can have a stabilizing effect, I believe, on a
situation that may be deteriorating out there. How important do
you think it is that we be able to do that within the cyber
realm?
Mr. Rosenbach. Ma'am, I think, honestly, most countries
around the world know that we have capability in cyber and
could demonstrate that force. I personally don't think that it
would be wise to demonstrate it unless we really needed to,
because I'm very worried about how vulnerable we are and that
someone would then follow our example and just try to show the
United States that they could also take down part of the
infrastructure to demonstrate that. So, I think a cautious
approach, where we're conservative and we try to keep things
stable, is quite important.
Senator Fischer. A lot of times, we hear that cyber is
similar--the--a cyber deterrence is similar to nuclear
deterrence. Many people believe that. I question it in many
regards. Feel free to correct me on that, but how do you see
it?
Mr. Rosenbach. Without sounding too, maybe, cheeky, I'd say
most of the people I hear who say that tend to be from the Cold
War era and think that things are very analogous, when, in
fact, I don't think they are at all. And I agree with you that
the analogy with the nuclear part is not that strong.
Senator Fischer. I was able to spend some time back in
Nebraska, the last 2 weeks, and I spent a day out at STRATCOM
and had some briefings on cyber. So, it--it's fascinating
what's out there. I appreciate the work you do on that.
With acquisition now. When we look at the latest addition
of the better buying power list, cyber security--they're
listing that as a new area of emphasis, and they want to
elevate that in the acquisition process. What input do you have
on that release from Secretary Kendall? How do you see that
shaping up?
Mr. Rosenbach. Yes, ma'am. I work very closely with Under
Secretary Kendall. Almost every day, we're in touch. And in my
role as the Principal Cyber Advisor, I'm kind of the point
guard or the quarterback for things on cyber inside the
Department. And so, of course, he's the lead on that. But, it
was something that was coordinated even with the Services. And
we want to, you know, just strengthen our ability to make some
of the defense contractors up their game a little bit in cyber
security.
Senator Fischer. And when you look at the acquisition
process, I mean it takes forever, right? So, when you're
looking at cyber and you're looking at technology, how are you
going to speed that up in order to, I mean, truly meet the
needs that are there before what you're trying to acquire
becomes out of date in 18 months and you haven't even gotten
through the process?
Mr. Rosenbach. That's a great question. And I assure you,
Secretary Carter's interest in accomplishing exactly that is
very passionate, and he's put a lot of pressure on everyone in
the Department to do better. Next week, he is going to Silicon
Valley and will give a speech. That's one of the topics that
he's going to address to try to push us to do better in that
area and build more bridges with the private sector. Silicon
Valley, just one example.
Senator Fischer. Great. Thank you.
Senator Gillibrand.
Senator Gillibrand. Can you just describe--it came up in
the last hearing, that we're going to be doing some recruiting
for Guard and Reserve in Silicon Valley--can you describe what
that program's going to look like?
Mr. Rosenbach. Ma'am, I can't give too many details,
because I don't want to unveil the gift before it comes next
week in the speech, but we've been thinking a lot about ways we
can get new pipelines or tunnels of talent into the Department
from kind of nontraditional places. So, the Guard is another
place where, in going and traveling and visiting some of the
Guard units, I've recognized there really are people who, for
example, work for Microsoft and still work in the Guard in
Washington State. That's just one way, but we would also like
to try to find other ways in the Department where you don't
have to go into one of the Services, for example. So, we're
thinking a lot about that. Silicon Valley is a natural place.
New York and around New York City, another place. There are a
couple of places like that, where we're looking at centers of
excellence.
Senator Gillibrand. So, once it's public, can you send me a
letter describing the program?
Mr. Rosenbach. Yes, ma'am, I will absolutely do that. I
promise I'm not trying to be evasive. I'm just trying to----
Senator Gillibrand. No, I know. I just--I'm interested, so
I want to know.
Mr. Rosenbach. I will. We'll send you the full report. And
I can brief your staff----
Senator Gillibrand. To the extent you need any support for
that program in this NDAA, let me know and we will write it.
Mr. Rosenbach. Great. Thank you.
Senator Gillibrand. So, any substantive language needs to
be added about authorities or funding, this year's NDAA would
be the appropriate place to try to put that in.
Mr. Rosenbach. Yes, ma'am, thank you.
Senator Gillibrand. Continuing on, on the issue of sort of
the dynamic threat environment, how do you address the fact
there's continually morphing requirements and distinct threats
that face both the DOD and the United States as a whole? How do
you plan for it? How do you model for it? How do you stay ahead
of it?
Mr. Rosenbach. I'll say, very generally, and then I'd like
General McLaughlin's thoughts, is, we try to build a very
capable force that is dynamic enough that it can shift. And,
with that, I think he can give you the best answer.
General McLaughlin. Yes, ma'am. I think if we spend our
time trying to predict exactly what the threat is going to be
or how it will manifest itself, we'll end up guessing wrong.
So, our job is to field forces that both technically are
trained at a very high level, you know, they have a lot of
technical skills, and they've been given a flexible set of
capabilities so that--and that we have great intelligence--you
know, we'll need great intelligence capabilities, as well--so
that, if something occurs, and it will, that we didn't
forecast, we don't have to retool our force, you know, create
new capabilities. We actually can take the people and the
capabilities we've fielded and rapidly put them against some
new or emerging threat.
Senator Gillibrand. And I assume you're also training for
offensive acts.
General McLaughlin. Yes, ma'am. I would mean that for both
our defensive and our offensive teams.
Senator Gillibrand. And you probably need to answer this in
the closed setting, but can you describe a little bit where you
feel the threats are, whether they're lone-wolf threats or
they're state-actor-driven threats, or if it's really a balance
of both? If you need to Reserve that for closed setting, you
can.
General McLaughlin. Yes, ma'am. I think to address it in
depth, it would be better in closed hearing, but I will tell
you they span the range from the Nation-state-level threats
to--you know, to the lone wolf or--
Senator Gillibrand. But, do you see either one more of a
growing threat or more of a risk?
General McLaughlin. I think they're all threats, but I
would say the place to bring the most capacity are nation-
state-level threats.
Senator Gillibrand. State actors, yeah.
General McLaughlin. Yes, ma'am.
Senator Gillibrand. Thank you.
Thank you, Madam Chairwoman.
Senator Fischer. Thank you, Senator.
Thank you, gentlemen. Hopefully, a little after 4:00, we'll
meet you down in the SCIF for a classified session. Thank you
so much.
And, with that, I would ask that panel two step forward,
please. And I apologize, to you folks, that we have a brief
time for your presentation.
On our second panel, we have Lieutenant General Cardon, who
is the Commander, U.S. Army Cyber Command; Vice Admiral Tighe,
Commander, U.S. Fleet Cyber Command; Major General Wilson,
Commander, Air Forces Cyber; and Major General Daniel
O'Donohue, Commanding General of the U.S. Marine Corps Forces
Cyberspace.
So, welcome, gentlemen. I would----
And, I'm sorry, ma'am. It's so good to see you.
Welcome, to all of you. And I would ask that, if you would
have very brief opening remarks, Senator Gillibrand and I,
then, will ask questions and give you an opportunity to respond
to those.
So, Major General O'Donohue, would you like to begin,
please?
STATEMENT OF MAJOR GENERAL DANIEL J. O'DONOHUE, USMC,
COMMANDING GENERAL, U.S. MARINE CORPS FORCES CYBERSPACE
General O'Donohue. Madam Chairwoman, it's an honor to
appear before you today on behalf of your marines and their
families. Thank you for continued support to our growing cyber
capability.
During this dynamic period of transition, it's especially
important that we receive budget capability on time, as well as
flexible support for still developing manpower, acquisition,
and training initiatives.
As a component of U.S. Cyber Command and in full
partnership with our sister Services and agencies, Marine Force
Cyber is ready to conduct full-spectrum cyberspace operations.
Specifically, we provide the joint force specialized cyber
teams in a dedicated joint force headquarters. In our component
role, our worldwide cyberspace operations are primarily in
support of SOCOM. This reinforces a broader relationship, in
keeping with the Marine Corps' role as a global crisis-response
expeditionary force and readiness. In our service role, the
Commandant set a clear priority to fully integrate cyberspace
operations into the already multi-domain approach for our
marine air/ground task forces and naval expeditionary forces.
This involves a reset of our networks based on operational
principles and innovative manpower model or challenging
readiness standards and a supporting IT strategy that includes
operationally responsive acquisitions. Commanders at every
level seek competitive advantage in air, land, sea, and
cyberspace, with a combined-arms approach, in concert with
maneuver, intel, command and control, kinetic and nonkinetic
fires. Commanders should be able to contain and defeat
adversaries in cyberspace while simultaneously operating across
all other domains with potentially degraded but still resilient
command and control.
To that end, we are fielding the cyber forces required by
our strategy--ready, on time, and with increasing
interoperability--in ways we have not imagined. Even before
units are fully manned, trained, and equipped, we are achieving
operational outcomes as these teams support current operations
in stride with their fielding.
We defend against advance threats through active
deterrence, hardening of our networks, realistic training, and
exercises in high-fidelity cyber ranges. Every marine is
increasingly trained as a disciplined and opportunistic cyber
warrior.
Currently, we are pursuing a joint service strategy for the
multiyear development of a unified network that will facilitate
command and control, provide real-time situational awareness,
and assist with decision support for commanders. Our network
will be optimized for operational support to forces as they
deploy globally in an unstable and unpredictable security
environment. The marines provide a ready, forward expeditionary
extension of cyber capability for the joint interagency and
combined force.
Thank you for the opportunity to appear before you today
and the continued support for your dedicated marines. I look
forward to answering your questions.
[The prepared statement of General O'Donohue follows:]
Prepared Statement by Major General Daniel J. O'Donohue, USMC
introduction
Chairman Fischer, Ranking Member Nelson, and distinguished members
of this subcommittee, it is an honor to appear before you today. On
behalf of all marines, our civilian workforce, and their families, I
thank you for your continued support. I appreciate the opportunity to
discuss the Marine Corps' cyberspace operations posture.
The Marine Corps is the Nation's expeditionary force-in-readiness.
We are forward deployed, forward engaged, and prepared for crisis
response. For generations, your marines have been victorious against
our Nation's foes by remaining agile and adaptable to dynamic
environments and evolving threats. As the force that is 'the most ready
when the Nation is least ready,' we are prepared to defend against
adversaries who operate across multiple domains to include cyberspace.
Our current operating environment is volatile, complex, and
distinguished by increasingly sophisticated threats that seek
asymmetric advantage through cyberspace. Our cyberspace posture guards
against these threats, while simultaneously exploiting our competitive
advantage in employing combined arms to include closely integrated
cyberspace operations.
Our joint cyberspace mission builds on the Marine Corps
institutional focus as a global crisis response force with strong
naval, interagency, combatant command (COCOM), Special Operations
Forces, cross-service and coalition partnerships. 2015 is a key
transitional year as we deploy rapidly maturing cyber capabilities and
make them central to Marine Air Ground Task Force, COCOM and coalition
training, planning, and operations. Activities in cyberspace
increasingly influence all our warfighting functions.
Marine Forces Cyberspace Command (MARFORCYBER) is engaging in
ongoing cyberspace operations, making strong progress with the force
build, achieving operational outcomes, and building capacity for
tomorrow's opportunities and challenges. Our priorities are to operate
and defend our networks, support designated COCOMs with full spectrum
cyber operations, organize for the fight, train and equip the cyber
workforce, develop workforce lifecycle management, and to ensure
mission readiness through joint and service capabilities integration.
mission and organization
As the Service component to U.S. Cyber Command, MARFORCYBER
conducts full spectrum Cyberspace Operations to ensure freedom of
action in and through cyberspace, and deny the same to our adversaries.
The operations include operating and defending the Marine Corps
Enterprise Network (MCEN), conducting Defensive Cyberspace Operations
(OCO) within the MCEN and Department of Defense Information Networks
(DODIN), and--when directed--conducting Offensive Cyberspace Operations
(OCO) in support of joint and coalition forces. MARFORCYBER is also
designated at the Joint Force Headquarters-Cyber (JFHQ-CYBER) as
directed by CYBERCOM.
The Marine Corps is in a period of transition from multiple legacy
contractor owned and operated networks to a unified system architecture
that is organized according to our warfighting philosophy and doctrine.
We are building a naval approach that will enable the warfighting
functions for competitive advantage in a complex environment. These
unique characteristics give our Service a competitive advantage in an
intersecting battlespace.
operationalizing cyber
MARFORCYBER is in its 6th year of operation. Our focus remains
developing ready cyberspace capability for the naval, joint and
coalition force. Consistent with our Commandant's guidance, we are
developing tactical cyber capacity as an organic aspect of how we
fight. Marines will increasingly operate and defend in a compromised
and degraded environment. We must align our operational readiness
standards and risk mitigation to this reality. Our battlefield networks
must be resilient, redundant and interoperable, and extend from the
garrison environment forward to the tactical edge of battle.
Further, in conjunction with joint and interagency partners, we
intend to pursue the development of an integrated and unified platform
for cyberspace operations that will enable centralized command and
control, real time situational awareness, and decision support. We are
accomplishing this through close coordination with industry partners,
and aligned with Deparment of Defense (DOD) and CYBERCOM priorities in
support of the Joint Information Environment.
train and equip
In this presumably automated and system driven arena, our most
valuable resource is our people. Just as the Marine Corps remains
dedicated to the notion that there is no more dangerous weapon than a
Marine and his rifle, we must provide our Marines with the tools and
resources they need to defend our Nation. In order to maintain an
asymmetric advantage, we must outpace our adversaries' ability to
develop and procure those resources. The acquisition process by which
we acquire vehicles and aircraft incurs steep opportunity costs when
applied to cyber technology and innovation. Our acquisition processes
are deliberately procedure heavy and risk averse, to ensure appropriate
delivery of viable solutions. Statutory and regulatory changes will be
required in order to enable responsiveness to emerging cyber threats
and missions. Current acquisition processes do not adequately support
the delivery tempo required for emerging cyber solutions. The tempo at
which emerging technologies must be acquired to meet cyberspace
operational mandates is occurring at a much greater pace, which creates
tension within the acquisition process. We must strike a balance
between rapid acquisition to meet emerging threats and changing
operational demands and maintaining disciplined engineering rigor of
enterprise networks. Adaptability and flexibility are critical to
ensuring our cyber mission force teams are ready.
MARFORCYBER's approach to training and developing the cyber work
force has a singular vision-to train as we fight. Specifically,
MARFORCYBER will adapt a persistent training environment to support
training and exercises of cyber units that are assigned to conduct
military cyber operations. This training environment will be designed
to enhance military occupational skills (MOS) proficiency, test and
development of next generation solutions, host remote training and
education of Marine Corps Operating Forces, and refine tactics,
techniques, and procedures (TTPs) to increase effectiveness of
cyberspace operations. Additionally, we are developing a web based
training environment hosted by Carnegie Mellon University Software
Engineering Institute, a Federally Funded Research and Development
Center (FFRDC). This environment combines extensive research and
innovative technology to offer a new solution to cyberspace operations
workforce development. The focus of this collaboration is to help
practitioners and their teams build knowledge, skills, and experience
in a continuous cycle of professional development. The combined effect
of this approach is for cyberspace operations workforce to train
individually and collectively. This initiative will support the future
development and certification of Cyber National Mission Forces (CNMF)
training requirements.
We have dramatically increased cyber integration into the training
cycle by leading, supporting, or participating in over 31 combined,
joint, and Marine Corps exercises in the past year. Commanders across
our Marine Corps are asking for cyber capabilities both in real world
operations and in training to ensure their marines are ready to face
the challenges presented by a shifting complex landscape.
workforce life-cycle management
We have seen substantial increases in capacity and capability. Such
achievements are significant but they have not been easy, and
MARFORCYBER's success grows from the hard work of its people. Marines
and civilians have shown a sharp interest in pursuing a cyber career.
Since 2012, we have dramatically increased our workforce-with an
authorized strength of almost 1,000 marines and civil servants today.
By the end of fiscal year 2016, MARFORCYBER's authorized strength will
increase to over 1,300 personnel, which is in line with previous
projections. The majority of these new personnel are allocated to
support the cyber mission force as directed by the Secretary of
Defense.
In order to attract and retain the best people, the Marine Corps
has followed multiple lines of effort. To improve continuity and reap
greater return-on-investment in the lowest density highest demand
military occupational specialties (MOS), we have coordinated with our
Service to extend standard assignments to 4 years. Additionally, the
number of feeder MOS available to lateral move into critical cyber
related specialties has been increased in order to obtain a larger
talent pool of qualified and experienced Marines. We are currently
accessing 16 feeder occupational specialties from the communications,
signals intelligence, electronic warfare, data, and aviation specialty
fields to meet the personnel demands of cyber occupational field. The
largest reenlistment or lateral move bonus offered in the past year of
$60,750 was offered to sergeants who move into the Cyber Security
Technician specialty. To drive home the point of how seriously the
Marine Corps takes its cyber talent management, this bonus consumed 16
percent of the retention bonus budget for the last fiscal year.
Furthermore, to ensure we have the right metrics, we are leveraging
academia and industry to understand how to better attract and retain
talent. In the future, our focus will broaden to include generating a
sustainable force generation model that retains a unique, skilled
expertise within the larger contexts of cyber ready MAGTFs.
Going forward, the Marine Corps is reviewing its manpower models,
and considering new management structures to adapt with the
increasingly complex and technical aspects of the security environment
in which we operate. Beyond technical training, we will place an
increasing emphasis on leaders with experience to shape and mentor
incoming talent. Courses of action are being developed today in order
to impact our manpower models this summer. In the long term, we will
look forward to your assistance in order to reshape this new paradigm.
readiness
MARFORCYBER is leading the effort to take cyberspace operations
mainstream across the Marine Corps so as not to be outpaced in an
evolving and complex battlespace. Initial teams are being operationally
employed as they achieve IOC. As we support the DOD and CYBERCOM
efforts to implement a unified cyberspace architecture of the JIE, we
continue to improve the operational readiness of our existing
enterprise network (MCEN). We have assumed full control of the MCEN,
which was previously contractor-managed, and have decreased our legacy
network footprint.
In conjunction with joint, interagency, and private partners, we
intend to improve our operational readiness and our ability to measure
it. In this context, our staff is working and collaborating with our
partners to develop rapid acquisition of tools, training environment,
and development of procedures that will allow us to train as we fight.
Last June, CYBERCOM certified our first Cyber Mission Team (CMT) as
fully operational (FOC) and simultaneously, our first national Cyber
Protection Team (CPT) and the second Cyber Mission Team (CMT) reached
initial operational capability (IOC). MARFORCYBER is on track to have
over75 percent of its CMT, CPT, and CST teams resourced by the end of
fiscal year 2015.
In order to fulfill the requirements of CYBERCOM, we have been
actively engaged in building and sourcing our national and combat
mission, protection, and support teams (CMT, CPT, CST). With one CMT
currently certified, the plan going forward is to have MARFORCYBER's
second CMT certified early in calendar year 2015. We have one
operational CPT working from the MCNOSC, which is our service wide
network operations and security center. Our second CPT, which will be
in support of national missions, is in the process of certification
now. In addition, we stood up our Joint Forces Headquarters-Cyber
(JFHQ-C), now at Full Operational Capability (FOC), which directs and
coordinates the actions of cyber forces in support of directed
missions. The current glide slope for team build-out is to have two
CMTs, three CPTs, and one CST at either IOC or FOC by the end of fiscal
year 2015. No later than the end of fiscal year 2017 all teams will be
FOC, meaning the Marine Corps will furnish one NMT, three CMTs with one
CST in support, and eight CPTs. Three of those CPTs will be dedicated
to Marine Corps' specific needs. All other teams will function in
support of joint requirements from unified and sub-unified combatant
commands.
conclusion
Over the past 6 years, MARFORCYBER experienced both the increased
risk and opportunity presented by a world that grows more connected.
These experiences reinforced the need to remain focused on our
priorities of developing our organization and cyber workforce, refining
our service support to MAGTF operations and joint cyber forces, and
securing our networks to yield results for commanders worldwide.
Although I am pleased to report that our growth is increasing our
capacity, capability, and integration with warfighters, I must
reiterate the opportunities and challenges that lie ahead are great.
While global technology advances rapidly, the Marine Corps faces
challenges in adapting its acquisitions to operate at the speed
required of cyberspace. Critically, in this domain characterized by
human activity, people remain our center of gravity. Resourcing and
sustaining this most valuable asset also remains a difficult task.
These are difficult challenges, but through your continued support and
leadership, we can count such difficulties among the many that marines
have overcome in the defense of this great nation.
Thank you for this opportunity to appear before you today. Thank
you for your continued support of our marines and civilians and I look
forward to answering your questions.
Senator Fischer. Thank you, sir.
General Wilson.
STATEMENT OF MAJOR GENERAL BURKE E. WILSON, USAF, COMMANDER,
24TH AIR FORCE, COMMANDER, AIR FORCES CYBER
General Wilson. Madam Chair Fischer and the distinguished
members of the panel--of the subcommittee, thank you for the
opportunity to appear before you today alongside my component
commanders. It's an honor to represent the outstanding men and
women of 24th Air Force and Air Forces Cyber.
I'm extremely proud of the work our airmen, officers,
enlisted, and civilians do every day to field and employ cyber
capabilities in support of combat and Air Force commanders.
In the interest of time, let me just share a few examples
to highlight how our airmen are making positive, lasting
impacts to our Nation.
Last year, the Air Force completed the migration of our
unclassified networks from many disparate systems into a single
architecture. We transitioned 644,000 users over--across 250
geographic locations to a single network, and reduced over 100
Internet access points to a more streamlined 16 gateways. The
end result is a more reliable, affordable, and, most
importantly, defensible network, which has been a significant
step forward for the Air Force.
The Air Force also championed the fielding of the next
generation of technology, known as the Joint Information
Environment, by partnering with the Army in the Defense
Information Systems Agency. Together, we are implementing joint
regional security stacks in modernizing our networks in order
to achieve a single DOD architecture. The combined team
achieved a critical milestone last fall, when we fielded the
first security stack down at Lackland Air Force Base, in Texas.
We fielded several more, and continue to push hard. These
efforts will benefit the entire Department by reducing our
network attack surface and increasing network capacity and
capability. We see this as a very significant step.
Like the other Services, we have made significant progress
towards fielding and employing our initial Cyber Mission
Forces. Today, the Air Force has 15 teams that have achieved
initial operating capability, and 2 teams have achieved and
have reached full operating capability. In addition to
providing unprecedented support to joint and coalition combat
forces in Afghanistan and Syria, these cyber forces are engaged
in support to combatant commanders and Air Force commanders
around the world, as well as defense of the Nation.
I'm proud to report our Air Reserve component is a full
partner in the Cyber Mission Force build in addition to our
other day-to-day cyber operations. We've leveraged traditional
reservists, Air Reserve technicians and Air National Guardsmen
across the Command to meet our warfighting commitments. Whether
it's providing command and control of our cyber forces from one
of our operation centers, deploying as part of our combat
communications team, installing cyber infrastructure around the
world, or any other task, each of our total-force airmen meet
the same demanding standards and serve alongside their Active
Duty counterparts. In my humble opinion, it's a tremendous
example of the total-force integration at work.
Today, the Air Force also--we've instituted several key
initiatives to better recruit, develop, and retain our cyber
forces. Most recently, we approved a Strikes for Certifications
Program, which provides the opportunity for candidates to
enlist at a higher grade when entering the Air Force with
described--or the desired cyber-related certifications. We've
also continued our selective reenlistment bonus program to
provide additional incentives for enlisted members to continue
to serve in the demanding cyber and intelligence specialties.
For our officers, we have complemented the cyberspace warfare
operations career track, which we established several years
ago, with our new Cyber Intermediate Leadership Program, which
we believe has been key. Our first board competitively selected
83 majors and senior captains to serve in command and
operational positions, many as members of the Cyber Mission
Force.
And finally, we continue to host a number of initiatives
aimed at improving the outreach to our Nation's younger
generation. I'd like to highlight just one, if I could, please.
It's called Cyber Patriot. And it's sponsored by the Air Force
Association, in partnership with local high schools and middle
schools around the country, several industry partners, as well
as cyber professionals from the Air Force. Cyber Patriot's goal
is to inspire students to pursue careers in cyber security or
other STEM career fields. In September, we had over 2,100
teams, involving nearly 10,000 students in the United States,
Canada, United Kingdom, and our DOD schools around the world.
They all began participating in cyber training and
competitions. We saw a 40-percent increase in participation,
this school year. Cyber Patriot culminated here locally at the
National Harbor last month, when 28 teams competed in national
finals. Students earned national recognition and scholarships.
And, without a doubt, the program is an example of how public/
private partnerships can make a real difference. Personally,
it's been a rewarding--very rewarding to see our airmen giving
back to our younger generation.
These are just a handful of examples of how Air Forces
Cyber and 24th Air Force are all-in and fully committed to the
mission. Our cyber force is more capable than ever before. We
continue to have challenges, but we get better every day.
None of this would be possible without your continued
support. It's clear resource stability in the years ahead will
be vital to our continued success in developing airmen and
maturing our capabilities to operate in, through, and from the
cyberspace domain. Simply put, our cyber warriors are
professionals in every sense of the word, and they deserve our
full support.
Along with my fellow commanders, it's an honor to be here
today. Thank you again for the opportunity, and I look forward
to your questions.
[The prepared statement of General Wilson follows:]
Prepared Statement by Major General Burke E. Wilson, USAF
introduction
Chair Fischer, Ranking Member Nelson, and distinguished members of
the subcommittee, thank you for the opportunity to appear before you
today, with my counterparts from the other military Services, to
discuss Air Forces Cyber's contributions to joint operations in
cyberspace. We have made significant strides towards normalizing the
Air Force's cyber operations over the last few years. Air Forces Cyber
(24th Air Force) is one of four Service Cyber Components established to
support U.S. Cyber Command; our headquarters is at Joint Base San
Antonio-Lackland, TX, and we have ongoing cyber operations around the
world. The outstanding men and women of Air Forces Cyber have been
diligently working to increase our capacity and capability to build,
operate, defend, and engage across the full spectrum of cyberspace
capabilities in, through and from cyberspace in support of joint
warfighters. I'm extremely proud of the work they do each and every day
in support of military operations around the world, while at the same
time, innovating and mastering new and emerging technologies within
cyberspace to project global military power.
Cyberspace is an inherently global domain that impacts nearly every
function of our Joint Force, which is increasingly dependent upon cyber
capabilities to conduct modern military operations. To that end,
today's capabilities enable streamlined command, control and execution
of joint operations through the rapid collection, fusion, and
transmission of information at unprecedented speed, capacity, and
precision.
However, the pace of threats continues to grow in scope, intensity
and sophistication. Recent attacks such as the Sony Pictures
Entertainment incident that resulted in physical damage demonstrate
that no industry or sector is immune to this growing threat. State-
sponsored actors, non-state-sponsored actors, criminals, and terrorists
operating in the cyberspace domain will continue their attempts to
penetrate Department of Defense (DOD) networks and mission systems. We
must remain vigilant and not falter in our commitment to properly
prioritize our support to cyber missions, even with the strain of
diminishing resources across the Department.
In response to these growing threats, Air Forces Cyber remains
committed to delivering innovative and cost-effective solutions for the
joint warfighter with unwavering focus on delivering mission success.
Air Forces Cyber's priorities are as follows: employ cyber capabilities
in support of combatant and Air Force commanders; develop and empower
our airmen and take care of their families; lead through teamwork,
partnerships and a strong warfighting narrative; and equip the force
through rapid, innovative fielding of cyber capabilities. In this
dynamic environment, resource stability will be critical to our ability
to protect our networks, provide the needed cyber forces, protect
critical information, and provide full spectrum cyber capabilities in
support of combatant and air component commanders around the world.
employing cyber capabilities
Air Forces Cyber has placed significant emphasis on normalizing
cyber operations. We continue to transform our organization to an
operational Component Number Air Force providing ready cyber forces and
capabilities to combatant and Air Force commanders. Our operational
level command and control center has made incredible gains towards our
ability to effectively integrate the full spectrum of cyber operations
and capabilities in support of joint and air component operations.
We cannot stand still in this environment and must continue to
build our capability and capacity. Working closely with Air Force Space
Command, 25th Air Force (formerly Air Force Intelligence, Surveillance
and Reconnaissance Agency), and the Air Staff we have established cyber
forces in support of the DOD's approved strategy. In full coordination
with our Total Force partners in the Air National Guard and Air Force
Reserves, these new cyber teams are providing U.S. Cyber Command with
capabilities to defend the Nation, support combatant commanders, and
defend the DOD Information Network. We have reorganized our units to
meet the training and equipment requirements to build a ready force of
approximately 1,700 mission-ready personnel. In concert with the Air
Force's basing process, we have identified Joint Base San Antonio-
Lackland, TX, as well as Scott Air Force Base, IL, as primary locations
for our Cyber Protection Teams. The remaining cyber forces will operate
at the National Security Agency's regional operating centers. Today,
Air Forces Cyber has 17 operational cyber mission teams--2 fully
operational teams and an additional 15 teams that have achieved initial
operational status. Our Joint Forces Headquarters-Cyber also declared
initial operational status in October 2013 and continues to work toward
achieving full operational status.
In 2014, the Air Force designated seven cyberspace systems as
weapons systems directly supporting our lines of effort. This
designation has been critical to our ability to operationalize and
integrate cyber capabilities through a normalized budget, sustainment
and support process.
The Air Force has completed the migration of its portion of the DOD
Information Network (e.g. the Air Force Information Network (AFIN))
into a single, centrally-managed, and defended architecture.
Transitioning over 644,000 users across more than 250 geographic
locations to a single network has enabled Air Forces Cyber (24th Air
Force) to operate, maintain, and defend a standardized network using
centralized control and decentralized execution with more optimally
employed resources. Additionally, we've worked tirelessly to collapse
over 100 internet access points into a more streamlined and manageable
16 gateways for the Air Force. The end result has been critical to
achieving a more effective, efficient, and defensible network.
Finally, our operations center is leveraging a combat-proven joint
planning and execution process to command and control our cyber forces.
Air Forces Cyber is employing small defensive cyber maneuver forces to
complement our enterprise defensive capabilities to identify, assess
and mitigate vulnerabilities and adversary actions within our networks.
This new approach has proven truly effective in a number of operations
over the past year and we continue to make strides in the planning,
command, control, and execution of cyberspace operations.
develop and empower our airmen and take care of their families
Our innovative airmen are the centerpiece to our Air Forces Cyber
capabilities. Therefore, we continue to be wholly committed to
recruiting, training, developing, and retaining the right cyber talent.
Whether a military or civilian candidate, the Air Force begins by
recruiting highly-qualified individuals with demonstrated competency
and character.
To meet the growing requirements of the Department of Defense's
Cyber Mission Force, the Air Force has restructured and expanded its
initial training and force development programs. These changes are
yielding significant results and put us on pace to nearly quadruple the
rate at which cyberspace operators will be qualified to join Air Force
cyber teams in support of the Cyber Mission Force.
Realizing the need to operationalize our training, we have also
mirrored our cyber operations training based on lessons from our
counterparts in air and space operations. Specifically, we have
leveraged the mission qualifications process to ensure our cyber
operators meet mission-ready status. Additionally, our cyber operators
now participate in U.S. Cyber Command and Air Force Warfare Center
events such as Cyber Flag and Red Flag to better hone their skills
through real-world force-on-force exercises that provide the ability to
integrate cyber capabilities with other domains in a live training
environment. Air Forces Cyber's participation in simulated live-fire
environments is accelerating the development and fielding of new
tactics, techniques and procedures. These cyber warrior's experiences
are further magnified when participants bring hard won lessons back to
their home units.
Air Forces Cyber's participation in a wide array of combatant
command, joint, and Service exercises also complements our efforts to
integrate cyber effects with both kinetic and non-kinetic operations
across multiple warfighting domains. While demanding in terms of time
and resources, these exercises have become integral to effectively
developing our airmen into a ready cyber force capable of operating in
joint and coalition environments.
To better develop our forces, the Air Force has also instituted a
new cyberspace officer career field specific to Cyberspace Warfare
Operations to develop airmen with the requisite skills and expertise to
meet our Nation's emerging needs. In addition, a Cyber Intermediate
Leadership program has been developed to ensure cyber operators and
appropriate intelligence officers are provided the right professional
growth opportunities in key command and operational positions. The
first Air Force board recently convened to review and competitively
select officers for these unique leadership positions. In an effort to
retain our highly skilled enlisted force, the Air Force offers a
selective reenlistment bonus that provides additional incentive to
continue to serve our Nation in this emerging mission.
lead through teamwork, partnerships and a strong warfighting narrative
Conducting successful operations in cyberspace requires seamless
integration with a host of mission partners. In many ways, cyber is a
``team sport'' and Air Forces Cyber (24th Air Force) is wholly
committed to strengthening our relationships with other Air Force
partners, our sister Services and interagency counterparts, combatant
commanders, coalition allies, as well as civilian and industry
partners. Given the proximity of our headquarters and close mission
alignment, 25th Air Force continues to be a critical strategic partner
across all of our missions. The 25th Air Force Commander, Major General
Jack Shanahan, has been a steadfast supporter throughout the standup of
the Cyber Mission Forces.
U.S. Cyber Command serves as the focal point for all DOD cyber
operations. As one of the four Service Cyber components, we provide an
array of cyber forces and capabilities in order to defend DOD
Information Networks (DODIN), support combatant commanders, and
strengthen our Nation's ability to withstand and respond to cyber
events. The recent stand-up of the Joint Force Headquarters DODIN under
the leadership of Lieutenant General Hawkins and the Defense
Information Systems Agency (DISA) was a major milestone in normalizing
the command and control of network defensive operations.
As already highlighted, we partner closely with the Air Reserve
component in day-to-day cyber operations. Through a compliment of
Traditional reservists, Air Reserve technicians and Air National
Guardsmen, our Air Force's cyber units are a striking example of Total
Force Integration in action. These total force professionals bring a
unique blend of experience and expertise to the full spectrum of cyber
missions. Many work in prominent civilian positions within the
Information Technology industry, which bolsters our mission
effectiveness through their willingness to serve the Nation. Likewise,
we are often able to retain unique skillsets gained by investment in
our airmen by supporting their continued service in the Air Force
Reserves or Air National Guard. These partnerships will be vital to our
future operations as the Air Reserve component continues to provide
integrated support of the DOD's Cyber Mission Force.
Air Forces Cyber also understands the cyberspace domain is
primarily provisioned by private industry and our ability to
collaborate with our industry partners benefits the Nation's
cybersecurity posture. We have developed Cooperative Research and
Development Agreements with industry leaders such as Symantec, AT&T,
USAA, Northrop Grumman and 21 other partners to share and collaborate
on innovative technologies and concepts. These collaborative efforts
allow us to advance science and technology in support of cyberspace
operations, as well as share best practices with industry partners. We
continue to leverage this program and are currently in the process of
enhancing our partnerships with academia.
We also enjoy strong relationships with other DOD components. As an
example, the Air Force recently aligned with the Army and the DISA to
support the development and fielding of a key technology in the
transition to a Joint Information Environment (JIE). Together we are
implementing Joint Regional Security Stacks (JRSS) and making
enhancements to our networks with Multi-Protocol Label Switching (MPLS)
as part of the single security architecture. Through this teamwork, the
first JRSS ``security stack'' was fielded at Joint Base San Antonio-
Lackland, TX, in line with 1 of the 16 Air Force Gateways. Additional
``security stacks'' are being installed at other Air Force and DOD
sites as part of the JIE. These efforts [JRSS, MPLS] benefit the entire
DOD by reducing attack surface of our networks and threat vectors--
allowing for more standardized security of our networks and by
providing increased network capacity to support defense missions.
We are also fortunate to have a longstanding, close relationship
with San Antonio, TX, also referred to as ``Cyber City USA.'' The local
community has committed significant resources to support the growth of
cybersecurity both locally and nationally. Our leadership team
participates in a variety of civic leader engagements to share lessons
related to cybersecurity. The community leadership also understands
that encouraging our younger generation to gain the needed cyber skills
will be essential to our Nation's success in this arena. By partnering
together, Air Forces Cyber (24th Air Force) supports a broad array of
programs designed to touch young students. A good example is the Air
Force Association's ``CyberPatriot'' STEM initiative in which our
airmen mentor cyber teams as part of a nationwide competition involving
nearly 10,000 high school and middle school students. Another example
is our ``Troops for Teens'' program at a local high school focused on
reaching over 100 at-risk students through exposure to military values,
heritage and way of life. These programs are two of many ways our
airmen give back to their communities.
equip the force through rapid, innovative fielding of cyber
capabilities
We are also making gains in improving our acquisitions process to
support the ever changing technology of cyberspace. The Air Force Life
Cycle Management Center has worked diligently to streamline our ability
to provide solutions to support our cyber missions through ``Rapid
Cyber Acquisition'' and ``Real Time Operations and Innovation''
initiatives. These efforts have resulted in the fielding of
capabilities that have thwarted the exploit of user authentication
certificates, the unauthorized release of personally identifiable
information, and the blocking of sophisticated intrusion attempts by
advance persistent threat actors. These technical solutions were
developed and fielded in weeks to months.
Similarly, Air Forces Cyber (24th Air Force) is working closely
with 25th Air Force to improve our development, fielding, and
employment of multi-domain capabilities that leverage the Air Force's
unique strengths in cyber, electronic warfare and intelligence,
surveillance and reconnaissance. The collaboration is enabling airmen
to drive innovative solutions to many of our most challenging
operational challenges. It also harnesses the subject matter expertise
in other Air Force organizations such as the Air Force Research
Laboratory, Air Force Institute of Technology, National Air and Space
Intelligence Center, Air University, Air Force Academy, as well as
academia and industry to meet growing joint warfighter needs.
conclusion
We are proud of the tremendous strides made by Air Forces Cyber
(24th Air Force) to operationalize cyber capabilities in support of
joint warfighters and defense of the Nation. Despite the challenge of
growing and operating across a diverse mission set, it is clear Air
Force networks are better defended, combatant commanders are receiving
more of the critical cyber effects they require, and our Nation's
critical infrastructure is more secure due to our cyber warriors'
tireless efforts. They truly are professionals in every sense of the
word.
Congressional support has been essential to the progress made and
will only increase in importance as we move forward. Without question,
resource stability in the years ahead will best enable our continued
success in developing airmen and maturing our capabilities to operate
in, through and from the cyberspace domain. Finally, resource stability
will foster the innovation and creativity required to face the emerging
threats ahead while maintaining a capable cyber force ready to act if
our Nation calls upon it.
Senator Fischer. Thank you, sir.
Vice Admiral Tighe.
STATEMENT OF VICE ADMIRAL JAN E. TIGHE, USN, COMMANDER, U.S.
FLEET CYBER COMMAND, COMMANDER, U.S. 10TH FLEET
Admiral Tighe. Thank you. Madam Chairwoman Fischer and
distinguished members of the subcommittee, thank you for your
support to our military and for inviting me to appear before
you today. I appreciate the opportunity to share with you the
Navy's operational view of cyberspace in addition to our
initiatives to improve both our cybersecurity posture and
operational capabilities as part of the joint cyberspace team
in order to address this ever-increasing threat to our Nation
and our allies.
Fleet Cyber Command directs the operations to secure,
operate, and defend Navy networks within the Department of
Defense information network. We operate the Navy network as a
warfighting platform which must be aggressively defended from
intrusion, exploitation, and attack so that it is both
available and trusted for all maritime missions that the Navy
is expected to carry out. The Navy network consists of more
than 500,000 end-user devices, approximately 75,000 network
devices, and nearly 45,000 applications and systems across
three security enclaves.
We've transformed the way we operate and defend this
network over the past 2 years based on operational lessons
learned. Specifically, beginning in summer of 2013, the Navy
fought through an adversary intrusion into our largest
unclassified network. Under a named operation, known as
Operation Rolling Tide, Fleet Cyber Command drove out the
intruder through exceptional collaboration with affected Navy
commanders, U.S. Cyber Command, the National Security Agency,
Defense Information Systems Agency, and our fellow service
cyber component commanders.
Although an intrusion upon our networks is always
troubling, this operation served as a learning opportunity and
has matured the way that we operate and defend our networks and
simultaneously highlighted our gaps in cybersecurity posture
and weaknesses in our defensive operational capabilities. As a
result of this operation and other cybersecurity initiatives
inside of the Navy, we have already made, proposed, or planned
for a nearly $1 billion investment that greatly reduces the
risk of successful cyberspace operations against Navy networks.
Of course, these investments are built on the premise that our
future real budgets will not be drastically reduced by
sequestration.
Specifically, if budget uncertainty continues, we will have
an increasingly difficult time addressing this very real and
present danger to our National security and maritime
warfighting capability.
Operationally on a 24-by-7 and 365-day-a-year basis, Fleet
Cyber Command is focused on configuring and operating layered
defense and depth capabilities to prevent malicious actors from
gaining access to Navy networks, in collaboration and
cooperation with our sister Services, U.S. Cyber Command, Joint
Force Headquarters, DODIN, DISA, and the National Security
Agency. Additionally, we're driving towards expanded cyberspace
situational awareness to inform our network maneuvers and
reduce our risk. As you know, the Navy and other Service
components are building the maneuver elements in the Cyber
Mission Force for U.S. Cyber Command by manning, training, and
certifying teams to the U.S. Cyber Command standards. Navy is
currently on track to have personnel for all 40 Navy-sourced
Cyber Mission Force teams in 2016, with full operational
capability the following year. Additionally, between now and
2018, 298 Cyber Reserve billets will also augment the cyber
force manning plan.
In delivering on both U.S. Cyber Command's and the U.S.
Navy requirements in cyberspace, I am fortunate to have
fantastic partners, like these component commanders, in
addition to many other partner organizations across the Navy,
Department of Defense, U.S. Government, academia, industry, and
our allies who are every bit a member of our team cyber and
critical to our collective capability.
Thank you again, and I look forward to your questions.
[The prepared statement of Admiral Tighe follows:]
Prepared Statement by Vice Admiral Jan E. Tighe, USN
Chairwoman Fischer, Ranking Member Nelson and distinguished members
of the xubcommittee, thank you for your support to our military and the
opportunity to appear before you today along with my military Service
component counterparts and partners.
Madam Chairwoman, I have been in command of U.S. Fleet Cyber
Command and U.S. 10th Fleet for just over 1 year. U.S. Fleet Cyber
Command reports directly to the Chief of Naval Operations as an Echelon
II command and is responsible for Navy Networks, Cryptology, Signals
Intelligence, Information Operations, Electronic Warfare, Cyber, and
Space. As such, U.S. Fleet Cyber Command serves as the Navy Component
Command to U.S. Strategic Command and U.S. Cyber Command, and the
Navy's Service Cryptologic Component Commander under the National
Security Agency/Central Security Service, exercising operational
control of U.S. Fleet Cyber Command operational forces through 10th
Fleet. Specifically, we conduct cyberspace operations to ensure Navy
and joint or combined forces' freedom of action while denying the same
to our adversaries.
The commissioning of U.S. Fleet Cyber Command and reestablishment
of U.S. 10th Fleet on January 29, 2010, closely followed the Navy's
2009 acknowledgement of information's centrality to maritime
warfighting, known as Information Dominance. Information Dominance is
defined as the operational advantage gained from fully integrating the
Navy's information functions, capabilities, and resources to optimize
decision making and maximize warfighting effects. The three pillars of
Information Dominance are assured command and control (C2), battlespace
awareness, and integrated fires. U.S. Fleet Cyber Command is a key
warfighting element in delivering on missions across those three
pillars.
Since my U.S. Fleet Cyber Command predecessor ADM Michael S. Rogers
last testified before this subcommittee in July 2012, the Department of
Defense (DOD), U.S. Cyber Command, and the Service components have
significantly matured cyber operations and enhanced cyber operational
capabilities. I appreciate the opportunity to outline the Navy's
progress over the past two years, where we are headed to address an
ever increasing threat, and how budgetary uncertainty is likely to
impact our operations.
cyber operations, posture, and future investments
U.S. Fleet Cyber Command directs operations to secure, operate, and
defend Navy networks within the Department of Defense Information
Networks (DODIN). We operate the Navy Networking Environment as a
warfighting platform, which must be aggressively defended from
intrusion, exploitation and attack. The Navy Networking Environment
consists of more than 500,000 end user devices; an estimated 75,000
network devices (servers, domain controllers); and approximately 45,000
applications and systems across 3 security enclaves.
Operations during the past 2 years led to a fundamental shift in
how we operate and defend in cyberspace. Specifically, late summer 2013
we fought through an adversary intrusion into the Navy's unclassified
network. Under a named operation, known as Operation Rolling Tide, U.S.
Fleet Cyber Command drove out the intruder through exceptional
collaboration with affected Navy leaders, U.S. Cyber Command, National
Security Agency, Defense Information Systems Agency (DISA), and our
fellow Service cyber components. Although any intrusion upon our
networks is troubling, this operation also served as a learning
opportunity that has both matured the way we operate and defend our
networks in cyberspace, and simultaneously highlighted gaps in both our
cybersecurity posture and defensive operational capabilities. As a
result of this operation and other cybersecurity initiatives, the Navy
has already made or proposed (through fiscal year 2020) a nearly $1
billion investment that reduce the risk of successful cyberspace
operations against the Navy Networking Environment. Of course these
investments are built on the premise that our future year budgets will
not be drastically reduced by sequestration. Specifically, if budget
uncertainty continues, we will have an increasingly difficult time
fully addressing this very real and present danger to our national
security and maritime warfighting capability.
The Navy's future cybersecurity investments are being informed by
the Navy's Task Force Cyber Awakening, which was chartered by the Chief
of Naval Operations and the Assistant Secretary of the Navy for
Research, Development, and Acquisition to gain a holistic view of
cybersecurity risk across the Navy, and beyond just our corporate navy
networks to include combat and industrial control systems. The fiscal
year 2016 proposed budget includes Task Force Cyber Awakening--
recommended investments amounting to $248 million for fiscal year 2016
and $721 million across the Future Years Defense Plan. Task Force Cyber
Awakening will make additional recommendations on how to organize and
resource capabilities to mitigate that risk.
Concomitant with the Task Force Cyber Awakening outcomes is the
migration to a single defensible cyber architecture, which is vital to
the continued success of Navy's worldwide operations. The Navy
recognizes that the Joint Information Environment (JIE) is an
operational imperative and endorses that vision, including the
implementation of a single security architecture (SSA). The Department
of the Navy intends for the Navy and Marine Corps Intranet (NMCI) to
serve as the primary onramps into JIE, incorporating JIE technical
standards through our network technical refreshment processes as those
standards are defined. Through delivery of these enterprise
environments, the Navy will achieve the tenets of JIE's framework of
standards and architecture consistency.
For our part, U.S. Fleet Cyber Command is operationally focused on
continuously improving the Navy's cyber security posture by reducing
the network intrusion attack surface, implementing and operating
layered defense in depth capabilities, and expanding the Navy's
cyberspace situational awareness as outlined below.
reducing the network intrusion attack surface
Opportunities for malicious actors to gain access to our networks
come from a variety of sources such as known and zero day cyber
security vulnerabilities, poor user behaviors, and supply chain
anomalies with counterfeit devices from untrusted sources.
Operationally, we think of these opportunities in terms of the network
intrusion attack surface presented to malicious cyber actors. The
greater the attack surface, the greater the risk to the Navy mission.
The attack surface grows larger when security patches to known
vulnerabilities are not rapidly deployed across our networks, systems,
and applications. The attack surface also grows larger when network
users, unaware of the ramifications of their on-line behavior exercise
poor cyber hygiene and unwittingly succumb to spear phishing emails
that link and download malicious software, or use peer-to-peer file
sharing software that introduces malware to our networks, or simply
plug their personal electronic device into a computer to recharge it.
The Navy is taking positive steps in each of these areas to reduce
the network intrusion attack surface including enhanced cyber awareness
training for all hands. Furthermore, we are bolstering our ability to
manage cyber security risks in our networks through our certification
and accreditation process, and through cyber security inspections
across the Navy. Additionally, the Navy is reducing the attack surface
with significant investments and consolidation of our ashore and afloat
networks with modernization upgrades to the Next Generation Enterprise
Network (NGEN) and the Consolidated Afloat Networks and Enterprise
Services (CANES), respectively. Finally, the Navy is executing a Data
Consolidation Center (DCC) strategy, which will reduce the number and
variance of information systems at the same time allow for a
centralized approach towards managing the confidentiality, integrity,
and availability of our data.
For long-term success in cyber security, the Navy is working on
improved acquisition and system sustainment processes. Specifically, we
will design in resiliency by generating a common set of standards and
protocols for programs to use as guiding principles during procurement,
implementation, and the configuration of solutions, which will improve
our cyber posture by driving down variance.
The Navy recognizes that all hands (users, operators, program
managers, systems commands . . . ) have an impact (for better or worse)
on the magnitude of the Navy's attack surface and the mission risk
associated with it. U.S. Fleet Cyber Command must defend this attack
surface, regardless of size, using defense in depth capabilities
described below.
defense in depth
The Navy is working closely with U.S. Cyber Command, NSA/CSS, our
Cyber Service Partners, DISA, interagency partners, and commercial
cyber security providers to enhance our cyber defensive capabilities
through layered sensors and countermeasures from the interface with the
public internet down to the individual computers that make up the Navy
Networking Environment. We configure these defenses by leveraging all
source intelligence and industry cyber security products combined with
knowledge gained from analysis of our own network sensor data.
We are also piloting and deploying new sensor capabilities to
improve our ability to detect adversary activity as early as possible.
This includes increasing the diversity of sensors on our networks,
moving beyond strictly signature-based capabilities (to include
reputation-based and heuristic capabilities), and improving our ability
to detect new and unknown malware.
JIE Joint Regional Security Stacks are also integral to our future
defense in depth capabilities. As described above, the Navy has already
consolidated our networks behind defensive sensors and countermeasures.
We expect that JIE Joint Regional Security Stacks (JRSS) v2.0 will be
the first increment to bring equal or greater capability to Navy
Defense in Depth. Accordingly, the Department of Navy is planning to
consolidate under JRSS 2.0 as part of the technical refresh cycle for
NMCI when JRSS meets or exceeds existing Navy capabilities.
cyber situational awareness
Success in cyberspace requires vigilance: it requires that we
constantly monitor and analyze Navy Networking Environment. We must
understand both its availability and vulnerabilities. Furthermore we
must be able to detect, analyze, report, and mitigate any suspicious or
malicious activity in our networks. The Navy is planning to expand our
current capabilities to include a more robust, globally populated and
mission-tailorable cyber common operating picture. Additionally, with
improved network sensor information across the DOD, however, comes the
need for a single dedicated data strategy and big data analytics for
all DOD network operations and defense data. This will allow for better
overall situational awareness and improved speed of response to the
most dangerous malicious activity by leveraging the power of big data
analytics to harness existing knowledge rapidly.
u.s. fleet cyber command operational forces
U.S. Fleet Cyber Command's operational force comprises nearly
15,000 Active and Reserve sailors and civilians organized into 22
Active commands and 32 Reserve commands around the globe. The commands
are operationally organized into a 10th Fleet-subordinate task force
structure for execution of operational mission. Approximately 35
percent of U.S. Fleet Cyber Command 's operational forces are aligned
with the cyber mission.
status of the cyber mission force
As you may recall, during a hearing before the Senate Committee on
Armed Services on March 12, 2013, General Keith Alexander briefed the
Cyber Mission Force model, which DOD endorsed in December 2012. The
Cyber Mission Force is designed to accomplish three primary missions:
National Mission Teams will defend the Nation against national level
threats, Combat Mission Teams to support combatant commander priorities
and missions, and Cyber Protection Teams to defend Department of
Defense information networks and improve network security.
Navy and other cyber Service components are building these teams
for U.S. Cyber Command by manning, training, and certifying them to the
U.S. Cyber Command standards. Navy teams are organized into existing
U.S. Fleet Cyber Command operational commands at cryptologic centers,
fleet concentration areas, and Fort Meade, depending upon their
specific mission. Navy is responsible for sourcing four National
Mission Teams, 8 Combat Mission Teams, and 20 Cyber Protection Teams as
well as their supporting teams consisting of 3 National Support Teams
and 5 Combat Support Teams.
The Navy is currently on track to have personnel assigned for all
40 Navy-sourced Cyber Mission Force Teams in 2016 with full operational
capability in the following year. As of 1 March 2015, we had 22 teams
at initial operating capability (IOC) and 2 teams at full operational
capability (FOC). We are in the process of manning, training, and
equipping our fiscal year 2015 teams to meet IOC standards by the end
of fiscal year 2015. Additionally, between now and 2018, 298 cyber
Reserve billets will also augment the Cyber Force manning plan as
described below.
U.S. Fleet Cyber Command has also been designated as the Joint
Force Headquarters-Cyber by U.S. Cyber Command to support U.S. Pacific
Command and U.S. Southern Command in the development, oversight,
planning and command and control of full spectrum cyberspace operations
that are executed through attached Combat Mission and Support Teams. In
2014, Navy's Joint Force Headquarters-Cyber was certified and declared
to have achieved full operational capability. This capability was
attained without additional U.S. Fleet Cyber Command resources. As the
Cyber Mission and Support Teams continue to grow and mature, additional
resources to operationally control and manage these teams in support of
combatant command priorities will be required.
reserve cyber mission forces
Through ongoing mission analysis of the Navy Total Force
Integration Strategy, we developed a Reserve Cyber Mission Force
Integration Strategy that leverages our Reserve sailors' skill sets and
expertise to maximize the Reserve component's support to the full
spectrum of cyber mission areas. Within this strategy, the 298 Reserve
billets, which are phasing into service from fiscal year 2015 through
fiscal year 2018, will be individually aligned to Active Duty Cyber
Mission Force teams and the Joint Force Headquarters-Cyber.
Accordingly, the Joint Force Headquarters-Cyber and each Navy-sourced
team will maximize its assigned Reserve sailors' particular expertise
and skill sets to augment each team's mission capabilities. As our
Reserve Cyber Mission billets come online and are manned over the next
few years, we will continue to assess our Reserve Cyber Mission Force
Integration Strategy and adapt as necessary to develop and maintain an
indispensably viable and sustainable Navy Reserve Force contribution to
the Cyber Mission Force.
future cyber workforce needs
The Navy's operational need for a well-trained and motivated cyber
workforce (active, Reserve and civilian) will continue to grow in the
coming years as we build out the balance of Cyber Mission Force and as
we refine our needs to holistically address the challenges being
informed by Task Force Cyber Awakening. We will depend upon commands
across the Navy to recruit, train, educate, retain and maintain this
workforce including the Chief of Naval Personnel, Navy Recruiting
Command, Naval Education and Training Command and Navy's Institutions
of Higher Education (United States Naval Academy, Naval Postgraduate
School, and Naval War College.) Additionally, the establishment of Navy
Information Dominance Force (NAVIDFOR) in 2014 as a Type Commander will
go a long way in generating readiness for cyber mission requirements.
NAVIDFOR will work closely with the man, train, and equip organizations
across the Navy to ensure that U.S. Fleet Cyber Command and other
Information Dominance operational commands achieve proper readiness to
meet mission requirements.
recruit and retain
There are many young Americans with the skill sets we need who want
to serve their country. I am very encouraged by the dedication and
commitment I see entering our ranks. I am awed by their dedication and
growing expertise every day. We must consistently recruit and retain
this technically proficient group of diverse professionals for the
cyber mission to sustain this momentum.
In fiscal year 2014, the Navy met officer and enlisted cyber
accession goals, and is on track to meet accession goals in fiscal year
2015. Currently authorized special and incentive pays, such as the
enlistment bonus, should provide adequate stimulus to continue
achieving enlisted accession mission, but the Navy will continue to
evaluate their effectiveness as the cyber mission grows.
Today, Navy Cyber Mission Force (CMF) enlisted ratings (CTI, CTN,
CTR, IS, IT) are meeting retention goals. Sailors in the most critical
skill sets within each of these ratings are eligible for Selective
Reenlistment Bonus (SRB). SRB contributes significantly to retaining
our most talented sailors, but we must closely monitor its
effectiveness as the civilian job market continues to improve and the
demand for cyber professionals increases.
Cyber-related officer communities are also meeting retention goals.
While both Information Warfare (IW) and Information Professional (IP)
communities experienced growth associated with increased cyber
missions, we are retaining officers in these communities at 93 percent
overall. Both IW and IP are effectively-managing growth through direct
accessions, and through the lateral transfer process, thereby ensuring
cyber-talented officers enter, and continue to serve.
With respect to the civilian workforce, we are aggressively hiring
to our civilian authorizations consistent with our operational needs
and fully supported by the Navy's priority to ensure health of the
cyber workforce. We have also initiated a pilot internship program with
a local university to recruit skilled civilian and military cyber
workforce professionals. Navy will measure the success of this approach
as a potential model to harness the Nation's emerging cyber talent.
As the economy continues to improve, we expect to see more
challenges in recruiting and retaining our cyber workforce.
educate, train, maintain
To develop officers to succeed in the increasingly complex
cyberspace environment, the U.S. Naval Academy offers introductory
cyber courses for all freshman and juniors to baseline knowledge.
Additionally, the U.S. Naval Academy began a Cyber Operations major in
the fall of 2013. Furthermore, the Center for Cyber Security Studies
harmonizes cyber efforts across the Naval Academy.
Our Naval Reserve Officer Training Corps' (NROTC) program maintains
affiliations at 51 of the 180 National Security Agency Centers of
Academic Excellence at colleges around the country. Qualified and
selected graduates can commission as information warfare officers,
information professional officers, or intelligence officers within the
Information Dominance Corps.
For graduate-level education, the Naval Postgraduate School offers
several outstanding graduate degree programs that directly underpin
cyberspace operations and greatly contribute to the development of
officers and select enlisted personnel who have already earned a
Bachelor's Degree. These degree programs include Electrical and
Computer Engineering, Computer Science, Cyber Systems Operations,
Applied Mathematics, Operations Analysis, and Defense Analysis. Naval
War College is incorporating cyber into its strategic and operational
level war courses, at both intermediate and senior graduate-course
levels. The College also integrates strategic cyber research into
focused Information Operations/Cybersecurity courses, hosts a Center
for Cyber Conflict Studies to support wider cyber integration across
the College, and has placed special emphasis on Cyber in its war gaming
role, including a whole-of-government Cyber war game under active
consideration for this coming summer or fall.
With respect to training of the Cyber Mission Force, U.S. Cyber
Command mandates Joint Cyberspace Training and Certification Standards,
which encompass procedures, guidelines, and qualifications for
individual and collective training. U.S. Cyber Command with the Service
Cyber Components has identified the advanced training required to
fulfill specialized work-roles in the Cyber Mission Force. Most of the
training today is delivered by U.S. Cyber Command and the National
Security Agency in a federated but integrated approach that utilizes
existing schoolhouses and sharing of resources. The Navy is unified in
efforts with the other Services to build Joint Cyber training
capability, leveraging Joint training opportunities, and driving
towards a common standard.
declining budgets
While the overall Navy budget has been impacted by financial
constraints and sequestration, the Navy has done a good job in terms of
minimizing the budgetary impact on U.S. Fleet Cyber Command and the
capabilities it employs to conduct its operations. Should this
circumstance change and future budgets decline, however, there will be
an impact to the capability and capacity to conduct operations in
cyberspace. The scope and magnitude of such impacts would be driven by
the scope and magnitude of a budget decline.
It is, however, possible to speak in broad terms regarding the
potential areas of impact. Operations in cyberspace are highly
dependent on people--to a certain extent our people are part of the
warfighting platform in cyberspace. Budgetary declines impacting our
ability to attract and retain the numbers of people with the requisite
skills and experience would negatively impact the Navy's ability to
conduct operations in cyberspace. Additionally, declining budgets
affecting the ability of the Navy to implement initiatives described
above that reduce the network intrusion attack surface, enhance defense
in depth and cyber situational awareness, or modernize/migrate to the
Joint Information Environment greatly jeopardizes the Navy's ability to
accomplish all missions, since all Navy mission accomplishment depends
on having an available and secure network. Finally, reductions to
procurement accounts, beyond cyber operations- or network-specific
budgets, traditionally have delayed or slowed modernization of programs
across the Navy. The unintended consequence of delayed modernization is
delayed cyber vulnerability remediation in everything from business
applications to weapon systems.
summary
Our success in the maritime domain and joint operational
environment depends on our ability to maintain freedom of maneuver and
deliver effects within cyberspace. To ensure operational success in the
maritime and other warfighting domains, defense of Navy and DOD
networks and information is essential and cannot be separated from the
overall maritime operational level of war.
In order to continue to progress in cyberspace operations, we must
have sufficient resources to ensure we close any identified
cybersecurity gaps and provide our workforce with the right
capabilities to maintain our warfighting advantage. We must be
prepared--both technologically and with skilled operators, civilian and
uniformed--and remain innovative. The threat in cyberspace will only
continue to grow despite our budgetary challenges. U.S. Navy freedom of
action in cyberspace is necessary for all missions that our Nation
expects us to be capable of carrying out including winning wars,
deterring aggression and maintaining freedom of the seas.
I thank you for this opportunity to share U.S. Navy and U.S. Fleet
Cyber Command operations and initiatives in cyberspace.
Senator Fischer. Thank you, Admiral.
General Cardon.
STATEMENT OF LIEUTENANT GENERAL EDWARD C. CARDON, USA,
COMMANDER, U.S. ARMY CYBER COMMAND
General Cardon. Madam Chairwoman Fischer, members of the
subcommittee, it's an honor to be here on behalf of Army Cyber
Command and 2nd Army alongside my fellow joint commanders. I
appreciate the work of this committee to protect the American
people from emerging threats and to ensure our military has the
capabilities needed to defend the Nation.
The Army's gained tremendous momentum, both with
institution and operationalizing cyberspace, but much work
remains. For the institution, we've created the Cyber Center of
Excellence at Fort Gordon, Georgia, and Army Cyber Institute,
at the United States Military Academy. In addition, the Army is
establishing the necessary service frameworks for building
cyber capabilities for the Army and, by extension, the joint
force.
Operationally, we've made progress supporting both the Army
and combatant commands. With respect to the Cyber Mission
Force, we have 25 of the 41 teams on mission now, and expect to
have all 41 teams on mission by the end of fiscal year 2016, as
planned. However, we're employing these teams as they reach
initial operating capability. The threat, vulnerabilities, and
mission set demand this sense of urgency. We're also building a
total Army force to include 21 additional Army Reserve and Army
National Guard cyber protection teams.
We're going to need more people, beyond what is required
for the Cyber Mission Force, to build out the support required
to fully employ the Cyber Mission Force and to build cyber
capabilities for all Army formations. To better manage our
people, the Army created a Cyber Branch 17, and we're exploring
the creation of a cyber career field for our civilian
personnel. For training, we have essentially funded Joint Model
for Individual Training. We're working to build the collective
training capabilities and associated facilities within a joint
construct. For equipping the forces, we're developing and
refining the necessary framework to give us the agility needed
in programming, resourcing, and acquisition for the
infrastructure, platforms, and tools. For more defensible
architecture and network, we're partnered with the Army Chief
Information Officer, Defense Information Systems Agency, and
the Air Force for an extensive network modernization effort.
These are critical to the joint information environment and to
the security, operation, and defense of our networks.
Our budget priorities include fielding the Cyber Mission
Forces, growing our joint force headquarters cyber, developing
a skilled cyber workforce, highlighting capabilities for that
Cyber Mission Force, and restationing our headquarters. The
Army's fiscal year 2016 requested cyberspace operations budget
is $1.02 billion, and that includes $90 million for our Fort
Gordon operational headquarters facility. We've made tremendous
progress. With your support, we'll have the necessary program
resources to continue this momentum. We cannot delay, for the
struggle is on us now.
Thank you, and I'm happy to answer your questions.
[The prepared statement of General Cardon follows:]
Prepared Statement by LTG Edward C. Cardon, USA
introduction
Chairman Fischer, Ranking Member Nelson, and members of the
subcommittee, thank you for your support of our soldiers and civilians,
our Army, and our efforts to operationalize cyberspace. It is an honor
to address this subcommittee on behalf of the dedicated soldiers and
Army Civilians of U.S. Army Cyber Command (ARCYBER) and Second Army who
work every day supporting Joint and Army commanders defending the
Nation in cyberspace.
Army Cyber Command and Second Army have gained tremendous momentum
building the Army's cyberspace capabilities and capacity. While making
significant strides over the past 2 years, continued progress requires
persistent congressional support in three core areas: people,
operations, and technology. Put differently, we require resources,
appropriate authorities, organizations, and capabilities, which can be
synchronized in time and space with singular purpose to accomplish
directed missions. This testimony focuses on the actions and activities
the Army has underway, or is planning, to support our title 10
responsibilities to organize, man, train, and equip Army cyber forces
for cyberspace operations.
mission and organization
Army Cyber Command and Second Army directs and conducts cyberspace
operations as authorized, or directed, to ensure freedom of action in
and through cyberspace, and to deny the same to our adversaries. To
accomplish this mission, the Secretary of the Army and the Army Chief
of Staff streamlined the Army's cyberspace command and control
structures by placing operational control of all Army operational cyber
forces under one commander. The ARCYBER commanding general is
responsible for Army and joint cyberspace operations; is designated as
the Second Army commanding general responsible for all Army network
operations (to meet United States Code titles 40 and 44 requirements as
defined by Headquarters, Department of the Army); and is designated as
the Army's Joint Force Headquarters-Cyber (JFHQ-Cyber) commander
responsible for cyberspace operations supporting select geographic
combatant commands as directed by U.S. Cyber Command (CYBERCOM). This
construct enables unity of effort for cyberspace operations. The
Secretary of Defense's recent decision to establish Joint Force
Headquarters-Department of Defense Information Networks (DODIN) better
aligns DODIN operations, and by extension, Army networks, in a joint
construct. This decision is essential to realizing the Department's
goal of establishing one joint global network that the Services operate
within and extend for operational missions.
Other recent Army decisions include the formation of the Army Cyber
Institute at the U.S. Military Academy, West Point, the establishment
of the U.S. Army Cyber Center of Excellence (Cyber CoE) at Fort Gordon,
GA, and the transition of the proponent for cyberspace operations from
ARCYBER to the Army's Training and Doctrine Command at the Cyber CoE.
The Cyber CoE is now the Army's center of gravity for
institutionalizing cyberspace, to include developing the necessary
doctrinal, organizational, training, and materiel activities and
policies. We have already established the initial elements of Army
JFHQ-Cyber at Fort Gordon, GA, and will collocate the ARCYBER
headquarters alongside National Security Agency-Georgia at Fort Gordon
by 2020. The fiscal year 2016 President's budget includes a request for
$90 million to build a state-of-the-art headquarters and operations
facility at Fort Gordon for Army Cyber Command.
To carry out our mission, ARCYBER and Second Army's budget
priorities include fielding the Cyber Mission Forces; growing the
Army's JFHQ-Cyber; developing a highly-skilled cyber workforce;
piloting capabilities for Cyber Mission Forces; and re-stationing
ARCYBER headquarters.
The budget for ARCYBER funds the headquarters activities supporting
all Army cyberspace operations, including the Army JFHQ-Cyber and the
Army Cyberspace Operations Integration Center. Information technology
capabilities we are focusing on include network modernization, cyber
analytics, network mapping, cloud and virtualization, and advanced
platforms and tools. Additionally, we are working with the Army CIO/G-6
and acquisition community to strengthen cybersecurity across the Army.
bounding the impact of cyberspace on military operations
Our momentum in cyberspace is also being driven by broader
institutional changes to Army concepts. The Army's doctrine, Unified
Land Operations, and recently published Army Operating Concept,
establish a set of assumptions about conditions of the network and
cyber-electromagnetic environment in which our forces are expected to
operate. Services and combatant commanders base their plans on the
expected Army capabilities, derived from this doctrine. Despite
downsizing, the Army is adding capabilities that amplify military
effects while allowing more effective operations in and through
cyberspace. Commanders at all levels are synchronizing cyberspace
operations into traditional land, sea, air, and space activities in
time and space. They are simultaneously organizing networked assets,
the electromagnetic spectrum, and kinetic forces in all domains to
achieve a disproportionate advantage. Achieving operational success
hinges on having the requisite command and control, alignment of
authorities with missions, and other key enabling capabilities such as
intelligence, targeting information technology and communication
activities. Tactical and enterprise networks are converging and future
networks and the data they carry will be more contested and
challenged--especially in more intense forms of conflict.
Today the network is a critical enabler and also an operational
capability for cyberspace operations. Army Cyber Command is charged to
plan and direct cyberspace operations supporting both the Army and
CYBERCOM, and these missions require unity of effort and unity of
command.
Now that cybersecurity has to be considered an element of
cyberspace operations, where does cybersecurity fit, within the DOD's
full-spectrum of cyberspace operations? In other words, where does
statutory responsibility for cybersecurity nest with the operational
commanders' responsibility to conduct full-spectrum cyberspace
operations?
To fully operationalize cyberspace, Army leaders and cyber
organizations must be capable of ensuring both freedom of maneuver in
cyberspace, and integrating interactions between cyberspace operations
and our traditional military activities, that are increasingly reliant
on networks and network-dependent enablers. This requires an agile and
adaptive network that does not exist in the Army today. The Army
recognizes it must collapse its vast array of disparate networks,
enclaves, and nodes at both tactical and enterprise levels to improve
security, effectiveness and efficiency through network modernization.
In his recent House Armed Services subcommittee on Emerging Threats and
Capabilities testimony, the Army's Chief Information Officer, LTG
Robert Ferrell, described how the Army is achieving this modernization
as part of the Joint Information Environment (JIE).
recruiting, retaining, and developing cyberspace operations personnel
The Army's first priority for cyberspace capabilities is to grow
the Cyber Mission Force (CMF). We have increased our CMF capacity
exponentially since September 2013 with 25 of 41 teams at initial
operating capability. We are on track to have all 41 Army CMF teams
established and operating by the end of fiscal year 2016. However, they
will not all be fully operationally capable until fiscal year 2017.
Nothing is more important and vital to the growth of cyber
capabilities than our ability to attract and retain the best people. As
such, the Army views people as the centerpiece to cyberspace
characterized by high degrees of competence and character. After a
detailed study, the Army determined it needs 3,806 military and
civilian personnel with core cyber skills. To help meet our personnel
needs, the Secretary of the Army established a cyber branch on
September 1, 2014, and discussions are ongoing to determine how to
better manage civilians supporting cyberspace operations. In addition,
the Army has also created an ``E4'' additional skill identifier to
better track personnel who have served in cyber and cyber related
assignments as we build the branch and the force.
The Army has enjoyed success with in-Service recruiting into the
growing cyber force, and is actively working to expand access to high-
quality recruits. We have increased recruiting aptitude scores, visibly
expanded our marketing efforts, and started work on a Cyber CoE-led
initiative to encourage Science Technology Engineering and Mathematics
cadets from both U.S. Military Academy (USMA) and the Reserve Officers'
Training Corps (ROTC). We will commission the first 30 cyber branch
officers from both USMA and ROTC programs this summer. Once assessed
into the cyber branch, officers are managed by the U.S. Army Human
Resources Command's Cyber Management Branch.
Furthermore, the Cyber CoE, in collaboration with ARCYBER and other
stakeholders is working to implement a cyber Career Management Field
for enlisted personnel that will encompass accessions, career
management, and retention this fiscal year. The Army recently approved
Special Duty Assignment Pay, Assignment Incentive Pay, and bonuses for
soldiers serving in operational cyber assignments. We have also
expanded cyber educational programs, including training with industry,
fellowships, civilian graduate education, and utilization of inter-
service education programs (e.g., Air Force Institute of Technology and
the Naval Postgraduate School). We are confident these will serve as
additional incentives to retain the best personnel for this highly
technical field.
Additionally, as part of our Total Force efforts, we have worked
with the Reserve components on key retention initiatives, including
bonuses for critical skill servicemembers transitioning from active
duty service into the Reserve components; and accession bonuses for
commissioned and warrant officers upon award of their duty qualifying
military occupational specialties. Appropriate Special Duty and
Assignment Incentive Pays should be considered for each of the Reserve
components' cyber soldiers.
Recruiting and retaining Army civilian cyber talent is challenging,
given internal Federal employment constraints regarding compensation
and a comparatively slow hiring process. Current efforts to attract and
retain top civilian talent include extensive marketing efforts, and
leveraging existing programs and initiatives run by the National
Security Agency, Office of Personnel Management, and National Science
Foundation.
The targeted and enhanced use of recruiting, relocation, and
retention bonuses, and repayment of student loans will improve efforts
to attract, develop, and retain an effective cyber civilian workforce.
These authorities exist but require consistent and predictable long-
term funding. Retaining highly-skilled cyber professionals will
continue to be a significant challenge that needs to be addressed.
training
Training is critical to building and retaining our cyberspace
force. Individual and collective cyber training has four components:
training the CMF; integration of cyber into unified land operations at
echelon; training other cyber forces and enablers; and training to
achieve basic cybersecurity awareness across the Total Army.
To fund CMF joint training requirements for Active component
soldiers and civilians, the Department of Defense provided resources
through CYBERCOM for all the Services through fiscal year 2016. This
training allotment was only for Active component soldiers and
civilians. Training and sustainment resourcing after fiscal year 2016
will become a Service responsibility, which the Army must fund
beginning in 2017. To determine the way ahead for the transition to
Service responsibility, the Army Cyber CoE recently conducted a Joint
Cyber Training Forum with CYBERCOM and representatives from other
Services and agencies. The forum concluded that the Services are best
positioned to develop common core individual training for specific CMF
work roles. Consequently, the Army is re-evaluating cyber-related
training at its specialty schools to better align the curriculum with
CMF requirements. To meet the growing demands for trained cyberspace
operations personnel, and in accordance with the Total Army policy with
reference to cyberspace, the Cyber CoE has initiated a partnership with
the Army National Guard Professional Education Center in Little Rock,
AR, to increase cyber training throughput.
Both ARCYBER and the Cyber CoE are developing robust collective
training methods that include both simulated, virtual, and real-world
operational events on ranges and networks that stress individual and
team capabilities. We now require dedicated training facilities,
support infrastructure and cyberspace live fire facilities consistent
with joint range requirements at the Service and joint levels.
Permanent training environments with dedicated facilities and resources
will enable training innovations and further growth in capability and
capacity available to combatant and Army commanders.
To help integrate cyberspace operations into unified land
operations at echelon, Army Cyber Command works closely with Army
Training and Doctrine Command to ensure the continuum of cyberspace
leader development, education, and training remains current and
relevant despite the high rates of technological change. The Cyber CoE
is explicitly charged with incorporating joint standards into existing
programs of instruction in Military Occupational Specialty schools and
the Army Combined Arms Center is incorporating cyber operations
planning into their training scenarios. The Army must place equal
attention toward the training of our cyber network defense service
providers, our computer emergency response teams, and our information
technology professionals. Finally, the Army must continue to improve
the effectiveness of cybersecurity training across the Total Army. This
also requires a culture change.
The Army maximizes its contribution to the joint environment
through fully participating in the design and conduct of CYBERCOM-
sponsored and executed training and exercise events. Army Cyber Command
has also incorporated cyberspace operations into multiple operational
plans and major exercises--building a cadre of cyberspace planners now
supporting the joint force and Army commanders. The Army recognizes
that cyber capabilities should also extend and be executed at the
tactical edge to provide our forces a winning advantage across
warfighting functions; therefore, the Army is working hard to define
cyber requirements, including training requirements, for cyber support
to our Corps and below formations with pilot programs planned for this
year. We continue to expand our professional cyberspace opposing force,
to more effectively train organizations and individuals on how to
better protect and defend themselves against cyber-attacks and how to
operate in a degraded cyberspace environment during operational
training events, such as major exercises and training center rotations.
reserve components integration
Army Cyber Command is a total multi-component force of Active and
Reserve components which are fully integrated into the cyberspace force
mix. Building the U.S. Army Reserve (USAR) and Army National Guard
(ARNG) cyber forces is a high priority for the Army and ARCYBER. Our
Reserve Components integration strategy was reflected in the Army's
input to the Department's response to section 933 of the National
Defense Authorization Act for Fiscal Year 2014, titled ``Cyber Mission
Analysis for Cyber Operations of the Department of Defense,'' which
requested an analysis of the Reserve components' role in cyberspace
operations and is focused along several lines of effort, including:
building an operational reserve in the USAR and ARNG for cyberspace
crisis response; seeking opportunities to provide dual-use capability
in support of Military and Homeland Defense and Defense Support of
Civil Authorities missions; organizing cyber units to match CMF
structure; aligning ARNG and USAR cyber forces under ARCYBER training
and readiness authority; leveraging industry connected skills; and
using the Reserve components' retention advantages for the Total Force.
The Army and ARCYBER will continue to develop a total multi-
component Army cyber force that includes 21 Reserve Component Cyber
Protection Teams trained to the same standards as the active Component
cyber force. The civilian acquired skills and experience of Reserve
component soldiers should be leveraged to provide equivalency for cyber
training, enabling faster integration of the Reserve components'
capability into the cyberspace force mix. In October 2014, in
coordination with the Director of the Army National Guard, the Army
activated one Army National Guard Cyber Protection Team in a title 10
status supporting ARCYBER and Second Army.
Army Guard and Reserve Forces routinely augment our headquarters
now for cyberspace operations even as we work to build additional
capability and capacity in the Guard and Reserve. Our Reserve
components' contributions include supporting Operation Enduring
Freedom, current operations in Southwest Asia, the Defense Information
Systems Agency, CYBERCOM, the standup of Army JFHQ-Cyber, and the
defense of Army networks. As we move forward with the ARNG and USAR to
build the Total Army cyber force, we will continue to train and
integrate 429 ARNG and 469 USAR soldiers into the Army's cyberspace
operations.
Authorities are a complex problem. The 933 report was an excellent
start for defining the critical role our Reserve components play in
cyberspace operations. While title 10 authorities are clear, Title 32
and State Active Duty status require the application of varied State
constitutional, legislative, and executive authorities and coordination
with state agencies and officials. While every State is different,
there is merit in developing a common approach for authorities and
capabilities to facilitate rapid and effective response in cyberspace.
equipping the army's cyberspace operations force
As cyberspace grows more complex, and increasingly contested with
sophisticated threats able to exploit known and unknown
vulnerabilities, cyberspace operations and cybersecurity have become
exceptionally critical to national security. Sophisticated software,
that almost anyone can operate, is readily available for altruistic or
nefarious purposes. Aided by the proliferation of dual-use
technologies, cyber actors of all types take advantage of the
connectivity, openness, and relative anonymity of cyberspace, as
illustrated by the recent attacks on Sony Pictures Entertainment and
Anthem health insurance. Today electronic hardware and software are
increasingly embedded in everything from vehicles to guided missiles,
and are often integrated into systems which are difficult and costly to
update or upgrade. New threats or vulnerabilities are identified with
increasing speed and at widely ranging intervals making updates time-
consuming. These factors present new vulnerabilities and pose new
threats to our warfighting systems.
To combat the growing threats to our networks, we have to modernize
and move to the Joint Information Environment (JIE) as quickly as
possible to improve mission effectiveness, enhance security, and
increase efficiency--an imperative to protecting the DODIN. In
conjunction with our joint partners, the Army is aggressively improving
its defensive posture beginning with architecture modernization efforts
that reduce attack surface area, improve bandwidth and reliability, and
fortify our long-standing but ever-critical perimeter and defense-in-
depth capabilities. Notably, the Joint Regional Security Stack (JRSS)
initiative, a component of the JIE, will consolidate and improve the
security of currently disparate networks, and provide foundational
elements for enhanced situational awareness.
Recent intrusions plainly underscore the extent to which DOD lacks
sufficient situational awareness, putting operations and sensitive data
at grave risk. With the proliferation of cyberspace capabilities
globally, situational awareness depends upon analysis of unprecedented
quantities of data gathered across friendly, enemy, and neutral
cyberspace. Essential data elements, providing clues to cyber-attacks,
often originate deep within adversary space, and span our entire
defenses. All of these separate data sources must be captured,
aggregated, and correlated in near real-time to discover ever-evolving
and diverse threats, including insider threats.
To improve our situational awareness in cyberspace, we are
aggressively pursuing foundational cyber analytics capabilities.
Coupled with architecture modernization, our efforts align directly
with JIE standards and its Single Security Architecture construct. In
parallel, we are pursuing several advanced technologies to include
network mapping, cloud and virtualization, and cyber infrastructure,
platforms and tools, all of which are also fully integrated with
CYBERCOM's Unified Platform initiative. Additionally, we are an active
partner with Defense Advanced Research Projects Agency on its PLAN X
cyberwarfare program, developing foundational platforms for the
planning and execution of cyber operations.
Given the pace of technological change in cyberspace, we must also
address distinct requirements, resourcing and acquisition processes for
cyber technologies affecting the entire spectrum of research,
development, testing, evaluation, fielding, and sustainment. Dynamic
and agile institutional processes are crucial to building and
maintaining our decisive technological advantage. Recent updates to
policy instructions for the Joint Capabilities Integration and
Development System and the Defense Acquisition System provide a
foundation for requirements and acquisition governance and management.
These policy updates are rooted in agility, flexibility, and
accountability to rapidly deliver cyberspace capabilities. The Army is
also establishing fiscal and governance structures for investments and
appropriations for urgent requirements.
To keep pace with technology, we must also capitalize on the
cumulative innovative power of industry, academia, and our National
Laboratories to develop, test, and pilot promising technology and
concepts. This requires a willingness to engage in iterative
development and testing, where success is measured by rapidly
validating assumptions, failing cheaply, early, and often. Where
resources are liberated from non-performing programs and applied to
those demonstrating promise; and where new or enhanced cyberspace
capabilities are delivered in weeks or months instead of months or
years.
In recognition of the unique demands of cyberspace technologies,
the Army has designated a cyber-focal point at the office of the
Assistant Secretary of the Army for Acquisition, Logistics, and
Technology, and designated initial cyber materiel development roles
across our Program Executive Offices. The Army is deeply focused on
improving the security posture and resilience of its critical weapons
and business platforms, ensuring cyber threats and vulnerabilities are
considered both in the design phase and throughout production and
sustainment. In addition, the Army is focused on ensuring the advanced
cyber technologies being procured for cyber mission forces today are
integrated into comprehensive, sustainable acquisition programs that
fully address defensive, offensive and DODIN cyberspace operations
requirements. Remaining focused on DOD and CYBERCOM guidance and
directives, we will ensure Army capabilities are presented in alignment
with joint requirements and are interoperable within the joint
community, optimizing our collective investments across DOD. As we work
to ensure current processes evolve to capitalize on innovative
technologies, ultimately, new programming and acquisition authorities
would provide greater flexibility to developing and fielding the
infrastructure, platforms, and tools needed by our operational cyber
forces.
conclusion
Operationalizing cyberspace is a journey. Army Cyber Command,
Second Army, and Army JFHQ-Cyber have made tremendous progress
operationalizing cyberspace for the Army. Army networks are better
defended and our cyber forces are better manned, trained and equipped.
Recent institutional changes are helping recruit, retain, and
continuously develop competent and disciplined cyber professionals.
Despite cyberspace operations' central role in current defense
strategy, today funding for core requirements remains uncertain. Cyber
professionals--resourced with the right infrastructure, platforms and
tools--are the key to dominance in cyberspace. Continued persistent
congressional support is essential to ensure our Army has the required
resources and authorities, and the right people, processes, and
technologies to provide our combatant commanders and national decision
makers with a ready, capable, and superior operational cyber force.
With your support, the Army will continue to provide national
leaders and military commanders with an expanded set of options
supporting national security objectives. With your support, we will
deliver.
Senator Fischer. Thank you, sir.
Thank you all for your service to this country, and thank
you for being here today to answer our questions and provide us
with some good information.
Admiral Tighe and General Wilson, I know that, both the
Navy and the Air Force, you've established task forces to
review weapon systems for vulnerabilities. And, as we're
looking at those systems, I know that you want to ensure that
they haven't been compromised, and also that they are
configured to resist a cyber attack in the future. Can you tell
us how you're prioritizing those reviews? And when do you
expect to have those high-priority systems assessed?
Admiral Tighe. Yes, Madam Chairman, I'll take the first
shot.
From the Navy perspective, my command has been
operationally involved in demonstrations to help us assess how
at risk that the Navy missions may be. Beyond the
responsibilities we have for our corporate networks, for our
communications, for our C4ISR capabilities, we know that there
are potential risks that exist inside of our weapon systems and
inside of our control systems in our platforms. And so, our
demonstration has helped to inform Navy investment decision-
making from a Task Force Cyber Awakening, is the organization
that was stood up by the CNO and by the assistant Secretary of
the Navy for Research, Development, and Acquisition, to take a
holistic view across all of the Navy investment portfolios, all
of the Navy system commands and programs so that we are
accounting for cyber security in the most holistic way in all
of those programs.
Senator Fischer. So, you're looking to see if anything's
been corrupted within an existing system?
Admiral Tighe. We're looking to make sure that cyber
security is accounted for in every program that we are--you
know, at developing and delivering to the Navy, every
capability that may depend upon an operating system or
something related to network in that regard. And so, Task Force
Cyber Awakening has broken into three different subgroups to
look--organizationally, do we have the right authorities to,
again, go beyond the authorities that we execute, you know, in
behalf--on behalf of cyber and communication systems and our
networks, go into control systems, go into operating systems.
And, as it pertains to dealing with any vulnerabilities
that may exist there, what is the right resource investment
strategy to mitigate the risk that exists today, especially on
our ships that we will have with us for many years to come? How
will we mitigate any risk that may exist there? And how will we
build the types of teams that we are building, aimed at
communications and networks, for those types of systems, which
are different skills, different tool sets, when you get into
the realm of the combat systems and the----
Senator Fischer. Right.
Admiral Tighe.--and the control systems. And so, that's
what----
Senator Fischer. When do you expect that to be assessed,
then?
Admiral Tighe. We're expecting the Task Force Cyber
Awakening to----
Senator Fischer. I know the Navy's further along.
Admiral Tighe. We are. It started in September. We are
trying to get to completion on Task Force Cyber Awakening by
this summer. But, there will be enduring resource investments,
organizational changes, and potentially additional processes
put in place, much like the SUBSAFE Program took on making sure
water doesn't get into our submarines, thinking in terms of
CYBERSAFE for our systems that go beyond the things that we are
protecting and defending today.
So, by the summer, we should have a good feel for what are
our next steps, whether we will be, you know, totally complete
at that point. there's--there may be more work to be done,
certainly more investment to be made, in terms of mitigating
the risks that we are carrying.
Senator Fischer. Okay. I just have a half-minute left.
Admiral Tighe. Sorry.
Senator Fischer. If I could have the other gentlemen--
what's happening with the Air Force, and then the Marines and
the Army, as well, on this?
General Wilson. Absolutely, ma'am. So, we--
Senator Fischer. You have, like, a half--three of you,
half-minute.
[Laughter.]
General Wilson. Ours is called Cyber Secure Task Force. The
Chief and the Secretary just approved that, then it kicked off
about a month ago--4 to 6 weeks ago. They've given us 12
months. It's a whole-of-Air-Force-effort initiative to look
across programs, networks, as well as installations. It's
focused on our core missions--air superiority, space
superiority, global strike, command and control, et cetera. I
think we've done a nice job in the network side, with some of
the Cyber Mission Force standing up. There's a recognition that
we may be vulnerable in our program of record. And so, that's
really the focus. I mean, we're involved from the 24th Air
Force perspective, but it's really a whole-of-service--CIO,
program offices, PEOs, et cetera.
Senator Fischer. Okay. Thank you.
General O'Donohue. The Marines are tracking with the Navy.
We're part of Task Force Cyber Awakening. We have programs that
we share with the other Services. We'll work with them as we
go, comprehensively. And then, lastly, we're working with our
acquisition community to get this at the root requirement as we
get new systems coming in.
Senator Fischer. Thank you, sir.
General.
General Cardon. And, ma'am, the Army, same as the others,
specifically for the programs of record, given the scale of the
Army's equipment, going forward, making cyber security a key
performance parameter on all contracts, and then to work
backwards, and then--over time. And then, finally, I would say
this is a competitive space, so we're never really going to be
done in this space. This is going to have to be something that
we just constantly assess on a regular basis----
Senator Fischer. General, have you budgeted for that?
General O'Donohue. It's not inside my budget. It's--would
be inside the acquisition budgets. The Army's been having a--
quite a debate about how much do we really fix, against which
threats? And General Williamson and I are were--are working
together on that, both of them.
Senator Fischer. Thank you, sir.
Senator Gillibrand.
Senator Gillibrand. Thank you, Madam Chairwoman.
I appreciate all your presentations. And I was very excited
to hear about a lot of the work you're doing to get the best
cyber warriors you can. I think it's very exciting.
So, I want to look a little bit into the issue of the
Reserve component, which you all mentioned, how you're
addressing it. My understanding for the Air Force, that they
plan to staff its Cyber Command requirements, in part, from the
National Guard units. With regard to Army, do you also intend
to staff part from National Guard units for your CYBERCOM
requirements? And, if not, how do you plan to use the Reserve
components, specifically?
General Cardon. So, ma'am, we have, in the Army National
Guard, 1,035. They work in Cyber Command, in DISA, in my own
headquarters, in the Joint Force Headquarters. And, of that,
there are 11 Cyber Protection Teams. And one of those is on
Active Duty now, up in Maryland.
Senator Gillibrand. And how do you do their training? Do
they get a different kind of training or the same kind of
training?
General Cardon. We're still--we just started growing. The
one we have, we've received--17 have received equivalency
training, thus far.
Senator Gillibrand. Oh, that's good.
General Cardon. So, they have to----
Senator Gillibrand. Seventeen individuals?
General Cardon. Correct. They have to be trained to the
same standard that's----
Senator Gillibrand. Yeah.
General Cardon. For the others, working with the
institution, education systems, the PEC, down in Arkansas, to
get that online with the Cyber Center of Excellence, which will
give them equivalency training for the training, as well. So,
they'll all be trained to the same standard.
Senator Gillibrand. That's excellent.
And, for Air Force, how do you plan to train the--your
Reserve components?
General Wilson. Ma'am, the same--to the same standard. They
go through the same schoolhouse, same curriculum, same
standard.
Senator Gillibrand. They'll just do it over time? It'll
take them longer, because there are only--or would you have
them in a--
General Wilson. They come right through the same
schoolhouse, side by side with Active Duty members, whether
they're Guard, Reserve, or----
Senator Gillibrand. So, you might activate them for a
certain amount of time to get the training? Like activate you
for the 6 months to get the training, or whatever it is?
General Wilson. You're right, spot on, ma'am.
Senator Gillibrand. That makes great sense, actually.
That's terrific.
Do you think the Services need additional resources for
this training, for this additional capacity? And, if you do, I
hope you request it.
General Wilson. So, ma'am, for the Air Force, we've already
built that into the model.
Senator Gillibrand. Okay.
General Wilson. We've invested in our schoolhouses both at
Goodfellow, Keesler, and at Hurlburt, the first two being
intermediate--or initial training for intel and our cyber
training, and then, at Hurlburt for our intermediate training.
And so, all of those adds have been put in place. We're looking
at the training model in the out years to make sure that we're
comfortable with the size of the pipeline that we have today.
But, that's already been accomplished. Matter of fact, the
courses are up and running full steam right now.
Senator Gillibrand. That's great.
And this was mentioned in the previous panel, but retention
obviously is something important if you're going to invest up
to 2 years training these cyber warriors. Do you have plans on
how to retain them, whether it's through, I don't know,
compensation or--I don't know what plan you would--or approach
you would take.
General Wilson. So, ma'am, in the Air Force, we have
several different retention initiatives, both for Active and
for Reserve and Guard. We like to say we'll never compete on
price. We just are not going to be able to--
Senator Gillibrand. You certainly----
General Wilson.--compete on price.
Senator Gillibrand.--can't, yeah. [Laughter.]
General Wilson. It just isn't going to happen. So, we do
look at targeted reenlistment bonuses. We look--we're
considering proficiency pay for certain skill sets, when they
achieve certain skills. To be honest, it's the pride of
service, it's the fact that there's a pretty interesting
mission set, and we empower and give a lot of responsibility
for very young folks. We find they have a passion. Not
everybody is going to stay in the Service. That's just a fact.
The first thing we do when they think about getting out of the
active Duty is, we put our arms around them and talk to them
about the Guard and Reserve opportunities out there.
Senator Gillibrand. That's great, yeah.
General Wilson. And if that's not the case, that's okay. We
consider it an investment for the country, and we'll restock
the pipeline.
Senator Gillibrand. Can you update me a little bit on Rome
Labs and how that's being developed?
General Wilson. I'm sorry, ma'am, didn't----
Senator Gillibrand. Can you update me on Rome Labs and how
that's being developed for the Air Force?
General Wilson. Absolutely. So, ma'am, Rome Labs is key.
It's one of our science and technology wheelhouses. It's the
epicenter for our S&T work. It's a very tight relationship with
regard to the technology that's come out of Rome Labs. We're
taking a look at the portfolio and then how to accelerate some
of the technologies that are coming out of the labs, and how do
we field it, make it operational in a more rapid fashion. And
so, that's--it's key to the partnership there.
Senator Gillibrand. Sure.
And, Lieutenant General, can you talk a little bit about
how West Point's doing? I thought their cyber training was very
impressive when I was last there. And I met a number of the
cadets that were focused on that, and I thought it was really
inspiring.
General Cardon. So, this year we'll assess 30 cadets into
17--15 from the Reserve Officer Training Programs, 15 from the
Academy. The Academy has adjusted their programs to account for
cyber security, so I think that is going to be a tremendous
benefit here for the future.
Like with the Navy, they're--we're also exposing all of the
officers to cyber security, because this has to become part of
the foundational education that we expect them to have.
If I could just loop back on the retention really quick. On
the high-end operators, what we've started doing is using 6-
year enlistments. We're having no troubles filling that. The
retention, I think, all of us are working through what is the
best model to retain them.
Senator Gillibrand. And the other thing that I was
impressed by at Fort Drum was that they're off the grid. And I
thought that was vital, in terms of cyber defense and cyber
missions, that there's an independence, where you can't be
subverted or isolated because of energy needs. So, I would
recommend to all the Services, to the extent we have assets
anywhere around the world, that ability to be off the grid is
vital, in terms of protecting infrastructure and protecting
abilities to respond. So, thinking long-term, defensively.
Admiral Tighe. I think the Navy, as part of Task Force
Cyber Awakening and our shore infrastructure folks, recognize
that we are dependent on a combination, obviously, of power
generation that is internal to the Navy and commercial power
providers, and then--you know, that extends to overseas in all
the complexities there. So, our facilities folks have taken a--
taken on a special project to go study and look at what is--
what does ``good'' look like, in terms of the resiliency that
we need to be resistant to any type of attack on that
infrastructure upon which you depend.
Senator Gillibrand. Thank you.
Thank you all. Very grateful.
Senator Fischer. Thank you, Senator.
Thank you all. I would invite you to join us in the SCIF
for a classified briefing.
And, with that, I will adjourn the open hearing today.
Thank you.
[Whereupon, at 4:07 p.m., the subcommittee adjourned.]
[Questions for the record with answers supplied follow:]
Questions Submitted by Senator Kelly Ayotte
iran's recent cyber activities
1. Senator Ayotte. General McLaughlin, how would you describe
Iran's cyber activities and capabilities generally?
General McLaughlin. [Deleted].
2. Senator Ayotte. Mr. Rosenbach and General McLaughlin, has Iran
conducted cyberattacks or cyber intrusions against the United States or
our allies in the last year or so? To the degree you are able, please
provide an unclassified response.
Mr. Rosenbach. A growing number of computer forensic studies by
industry experts strongly suggest that several nations--including
Iran--have undertaken offensive cyber operations against private sector
targets to support their economic and foreign policy objectives, at
times concurrent with political crises. As DNI Clapper noted, Iranian
actors have been implicated in the 2012-13 distributed denial of
service attacks against U.S. financial institutions and in the February
2014 cyber attack on the Las Vegas Sands casino company.
General McLaughlin. Recent Iranian cyber operations likely include
the destructive attack impacting Saudi Arabia's national oil company,
Aramco, in 2012, and Iranian hackers penetrating the U.S. Navy and
Marine Corps unclassified networks in 2013. Iranian hackers also
harvested U.S. Government login and password information by fabricating
an article from a security company ``Newcaster'' to redirect readers to
an information gathering site.
More recently, the Director of National Intelligence testified
before the Senate Armed Service Committee, on February 26, 2015, that
Iran was responsible for a destructive cyber attack against a Las Vegas
casino in February 2014. These attacks combined with continued
distributed denial of service attacks targeting the U.S. financial
sector show Iran's continued perseverance and cyber ambition.
leveraging the national guard
3. Senator Ayotte. General Cardon, Admiral Tighe, General Wilson,
and General O'Donohue, given the expertise that resides in the Reserve
component and the relative cost efficiency of the Reserve component,
including the Guard, please provide more detail regarding how your
Service is utilizing the Reserve component to improve and build your
Service's cyber capabilities?
General Cardon. The Army and Army Cyber Command, as the Army's
component to U.S. Cyber Command, continue to build a Total Army
approach for our cyber forces that will provide staff augmentation and
support to Joint and Army commands. Current examples of such Reserve
component support include:
The Army Reserve Cyber Operations Group conducting Defensive
Cyberspace Operations support and provides Department of Defense
Information Network operations and Computer Network Defense Service
Provider support to the Southwest Asia Cyber Center.
United States Army Reserve providing U.S. Cyber Command with
cyberspace planners, an intelligence fusion cell, and joint personnel
to man critical positions within the command.
The Virginia Army National Guard Data Processing Unit, conducting
cyber operations in support of U.S. Cyber Command.
The United States Army Reserve Military Intelligence Readiness
Command, which will transition to the Army Reserve Intelligence Support
to Cyberspace Operations Element, providing intelligence support and
analysis products to U.S. Cyber Command.
United States Army Reserve personnel also serve within the Army's
Joint Force Headquarters-Cyber to execute joint cyberspace operations
for U.S. Cyber Command.
The Army's plan includes one Army National Guard cyber protection
team currently serving on active status, 10 Army National Guard cyber
protection teams, and 10 United States Army Reserve cyber protection
teams being built through Fiscal Year 2018 - all essential components
of the Total Army cyber force. They will be trained to the same
standard as the Cyber Mission Force.
The United States Army Reserve and Army National Guard are integral
components of Army Cyber Command's Total Army approach to cyberspace
operations.
Admiral Tighe. The Navy takes pride in its ability to integrate its
Reserve resources, under the Total Force Concept, in order to
accomplish our various global missions. This is no different in the
Cyber realm. We are utilizing our current inventory of highly skilled
Reserve personnel to augment the Active Duty units assigned to defend,
operate, and deliver effects through our networks. We are growing our
capabilities in tandem with our Reserve Component by blending them into
training, unit level certification events and joint exercises.
In addition, we are implementing a Reserve Cyber Mission Force
(CMF) Integration Strategy, leveraging our Reserve Sailors' military
and civilian expertise, which best postures the Navy to engage threats
across the entire cyber mission set. In support of this strategy, there
are 298 Reserve billets, which the Navy is phasing into service from
FY15 through FY18 that will be aligned to Active Duty CMF teams and our
Joint Force Headquarters-Cyber (JFHQ-C). This alignment strategy will
allow Active Component CMF teams to capitalize on Reserve personnel's
specific cyber-related skillsets and knowledge. Navy Reserve Sailors
assigned to CMF billets provide operational support to the team's
respective operational commander, including Fleet Commanders, U.S.
Pacific Command, U.S. Southern Command, U.S. Cyber Command, and the
Defense Information Systems Agency. As the Navy builds its Reserve CMF
support structure, Fleet Cyber Command and TENTH Fleet will conduct
assessments to maximize the Reserve Force's support to CMF operational
objectives.
General Wilson. AFCYBER/24 AF/JFHQ-C is fully partnered with the
Air Reserve Component (ARC) as part of its current and future build-up
of cyber operations to support the Air Force's cyber mission and the
DOD's Cyber Mission Force (CMF). They attend and meet the same training
standards as our Active Duty operators.
From the outset, the ARC, in support of AFCYBER, has been
integrated into the Cyber Mission Force build-up of 39 teams. To meet
the demand signal of the CMF construct, the Air Force Reserve Command
(AFRC) is standing up one Classic Associate Unit in FY16, integrating
into a Regular Air Force Cyber Protection Team (CPT) squadron,
providing steady-state capacity of one CPT or 30% day-to-day mission
share. If mobilized, it will be able to provide manning for three CPTs
in a surge capacity.
In addition to the team build in the CMF, the AFRC supports
numerous other cyber missions under the 960th Cyberspace Operations
Group (CyOG). The 960 CyOG is comprised of nine squadrons. These units
defend Air Force Networks and key mission systems, train personnel,
develop new weapon systems and tools, and provide command and control
of cyber operations. In addition to the 960 CyOG, there are Individual
Mobilization Augmentees (IMAs) under AFCYBER/24 AF/JFHQ-C that support
various cyber missions.
Between FY16-FY18, the Air National Guard (ANG) is building 12
unit-equipped squadrons to sustain two steady-state CPTs, with each
organized into the 30/70 full-time/part-time ratio. The ANG is also
standing up a National Mission Team unit in FY16. These units will
align under two ANG Cyberspace Operations Groups.
In addition to the build-up within the CMF Teams, the ANG support
to cyber operations includes five cyber units. These units support
defensive cyber operations and command & control. Additionally, the Air
Guard has one of only three of the Network Operations Squadrons in the
Air Force.
Finally, the ARC plays a significant role in our engineering and
installation and combat communications. There are 38 AFRC and ANG units
supporting these missions and in the last two years the ARC deployed
over 800 personnel supporting the warfighter with these capabilities.
General O'Donohue. For the Marine Corps, we currently provide
reserve component augmentation to the MARFORCYBER headquarters and to
the Marine Corps Network Operations and Support Center (MCNOSC).
Informed by the Reserve Forces Policy Board report to Congress, ``The
Department of Defense Cyber Approach: Use of the National Guard and
Reserve in the Cyber Mission Force'' and with guidance from the
Commandant, we have begun the process to expand the role of the Marine
Corps Reserve at MARFORCYBER. The increased role of the reserve will
build a surge capacity for times of crisis, and capture the unique
skills of Reserve Marines with civilian cyber skills. As suggested by
the report, we will review our strategy in FY17.
cyber as its own service branch
4. Senator Ayotte. Mr. Rosenbach, Secretary Carter recently
suggested that ``there may come a time'' when the cyber corps may
become its own Service branch. Instead of each Service developing
redundant capabilities at great expense, would it make more sense to
have a consolidated cyber corps as its own Service?
Mr. Rosenbach. As the Secretary said, there may come a time when a
cyber corps may warrant its own Service branch, but that time is not
now. Much like each Service has a Special Forces community that embeds
under USSOCOM, today each Service organizes, trains, and equips the
Cyber Mission Force under USCYBERCOM. Since each Service has unique
cyber requirements, they are each organized a little differently,
bringing Service personnel with a variety of backgrounds, including the
military intelligence, Signals Intelligence, cyber operations,
information assurance, and information technology career fields, to
make up the cyber force. Additionally, last year, the Department
developed a Total Force strategy that would integrate approximately
2,000 Reserve Component personnel into the workforce as well. This
strategy ensures that DOD embraces cyber expertise from all sources
integrating diversity of thought, capabilities, experiences, rapid
innovation, and best practices. The current strategy provides
flexibility to address both Cyber Mission Force and Service-specific
cyber needs and readiness. Additionally, since all forces are trained
and equipped to the same joint standard, it is unlikely there would be
resource efficiencies in creating a new Service Branch at this time.
5. Senator Ayotte. General O'Donohue, Secretary Carter recently
suggested that ``there may come a time'' when cyber corps may become
its own Service branch. Why does the Marine Corps need an organic cyber
capability?
General O'Donohue. An organic cyberspace capability allows the
Marine Corps to integrate cyberspace considerations into military
operations in line with our unique role in the joint force as the
Nation's expeditionary force in readiness. The Marine Corps' maneuver
warfare and combined arms doctrine relies on integration of all
warfighting capabilities in one organization - the Marine Air-Ground
Task Force (MAGTF). Separating organic cyberspace capabilities from the
Marine Corps, and centralizing them into their own service, would limit
the MAGTF Commander's ability to integrate cyberspace considerations
into military operations and mitigate risk to their missions.
However, the Marine Corps and the MAGTF is designed to be part of a
broader Joint Force. We expect our Joint, interagency and coalition
partners to compliment our cyberspace operations through information
sharing, development of capabilities, and operational coordination.
Likewise, as we integrate cyber capabilities into the MAGTF and the
Marine Corps as a service, we expect to expand our role of providing
cyber capabilities to the joint force through our commitment to
USCYBERCOM.
6. Senator Ayotte. General O'Donohue, why shouldn't we use the
Marine Corps' end strength numbers to support expeditionary operations
and leave cyber to a separate cyber corps?
General O'Donohue. Cyberspace impacts every aspect of a 21st
century expeditionary operation. Marines forces must be knowledgeable
and sophisticated in cyberspace operations in order to conduct one of
their most essential tasks--the ability to command and control
subordinate units across the battlefield. Dedicating a portion of our
end-strength to the mastery of cyberspace operations is essential to
properly resourcing operational Commanders to conduct effective command
and control, validate threats, and assess risks. Whether or not a
separate cyber corps is established, Marines must be proficient in
cyberspace to effectively operate.
7. Senator Ayotte. General O'Donohue, are there challenges specific
to Marine Corps cyber operations that other branches do not face?
General O'Donohue. All branches face challenges and threats in
cyberspace. The Marine Corps' role as our nation's expeditionary force
in readiness requires additional flexibility. Providing a comprehensive
crisis response force that utilizes and operates effectively across all
domains presents unique challenges and opportunities to our Marine Air
Ground Task Forces (MAGTFs). The Marine Corps is undergoing a
fundamental transformation to adapt to those unique challenges and
opportunities in the cyberspace domain. As we undergo this
transformation, we will maintain our unique service character and
warfighting ethos, but we will not be bound by the past. Our Commandant
has laid out a clear vision to reset our network on warfighting
principles and integrate cyberspace operations into the Marine Air-
Ground Task Force. In the coming years this will require the
development of a cyberspace reserve component, a `cradle-to-grave'
lifecycle management process of our cyber workforce, and the
integration and normalization of cyberspace into the MAGTF. We are
addressing these unique challenges through an institutional focus led
by Headquarters Marine Corps' ``Task Force Cyber'' and through
collaboration with our industry partners and academia.
attribution capabilities
8. Senator Ayotte. Mr. Rosenbach, General McLaughlin, General
Cardon, Admiral Tighe, General Wilson, and General O'Donohue, on April
1st, the President declared a national emergency to deal with malicious
foreign cyber activities, and authorized sanctions against anyone who
uses cyber activities to threaten our national security, foreign
policy, financial stability, or who steals trade secrets. However we
cannot employ cyber countermeasures or impose sanctions that are
critical to deterrence unless we can identify the attacker. To what
degree are we able to attribute specific cyber-attacks to specific
individuals?
Mr. Rosenbach. Attribution has always been a challenge in
cyberspace, but the Department has made significant progress in this
area. Even the stealthiest cyber intruders leave footprints on victim
networks and the infrastructure they misuse to conduct their
activities. Those footprints grow more evident when those intruders are
attempting to steal intellectual property on a massive scale from
across the U.S. private sector or to penetrate large swathes of our
critical infrastructure.
The Department, U.S. law enforcement, and the intelligence
community have invested significant resources in collection, analysis,
and synthesis of all-source intelligence to unmask malicious actors'
cyber personae, identify the point of origin of their activity, and
understand adversaries' tactics, techniques, and procedures. Over time,
this allows us to identify with significant confidence groups of actors
with common intent and broad campaigns of activity targeting specific
sectors, and can reveal sufficient information to identify specific
individuals.
The Department of Justice's May 2014 indictments of five members of
the People's Liberation Army for cyber espionage against U.S. firms is
an excellent example of how the U.S. Government is able to work
together to attribute specific cyber activities to individuals. We
would draw from the same tools and capabilities to enable attribution
for the purpose of sanctions.
General McLaughlin. Our ability to determine attribution for cyber
attacks depends on several factors including sophistication of the
malicious actors, information sharing capabilities and policies, and
available trained manpower. Attribution involves an examination of
malicious activity based on technical, behavioral, and personal
characteristics. Our ability to determine attribution does not solely
rely on the mechanical process of geolocation of physical networks or
nodes. The possibility always exists the adversary has exploited/
hijacked what appears to be the origin and is directing the cyber
attacks from a remote location, anywhere in the world.
Over the past decade, our ability to identify malicious cyber
actors has improved significantly as we have adopted a federated
approach in the analysis of data necessary to pinpoint the nexus for a
given cyber operation. To stay ahead of the adversary, there are
currently processes in place to share information and analytic insight
across the DOD and the Intelligence Community. In addition, defense
contractors and other civilian organizations have their own sets of
information which assists in leading to the attribution of cyber threat
actors and their capabilities and intentions.
General Cardon. We rely completely on the Intelligence Community
for attribution of cyber threats. Our close relationship with the
Army's G2 and INSCOM as well as relationships with the National
Intelligence Community enable us to conduct more focused cyber
operations. Expanding each military Service's Counter Intelligence
cyber investigative and forensic capability and capacity would assist
in providing attribution authorities more comprehensive data
surrounding malicious cyberspace activity.
Admiral Tighe. Service Components rely on the attribution authority
and capability of NSA, USCYBERCOM, FBI and DHS to determine attribution
of cyber activity as directed by ODNI. To assist with attribution
capability, Service Cyber Components provide timely and accurate data
of malicious activity on Service networks. Increasing network sensors
and detection systems would assist Service Components in providing
timely and accurate data to the responsible attribution authority.
Additionally, expanding each military Service's Counter Intelligence
cyber investigative and forensic capability and capacity would assist
in providing attribution authorities more comprehensive data
surrounding malicious cyberspace activity.
General Wilson. Our ability to determine attribution for cyber
attacks depends on several factors including sophistication of the
malicious actors, information sharing capabilities and policies, and
available trained manpower. Attribution involves an examination of
malicious activity based on technical, behavioral, and personal
characteristics. Our ability to determine attribution does not solely
rely on the mechanical process of geolocation of physical networks or
nodes. The possibility always exists that an adversary has exploited/
hijacked from what appears to be the origin, but is directing the cyber
attacks from a remote location, anywhere in the world.
Over the past decade, our ability to identify malicious cyber
actors has improved significantly as we have adopted a federated
approach in the analysis of data necessary to pinpoint the nexus for a
given cyber operation. To stay ahead of the adversary, there are
currently processes in place to share information and analytic insight
across the DOD and the Intelligence Community. In addition, defense
contractors and other civilian organizations have their own sets of
information which assist in leading to the attribution of cyber threat
actors and their capabilities and intentions.
General O'Donohue. As outlined in the forthcoming DOD Cyber
Strategy 2015, attribution is a fundamental part of an effective cyber
deterrence strategy as anonymity enables malicious cyber activity by
state and non-state groups. In coordination with U.S. Cyber Command,
our ability to determine attribution for cyber attacks is impacted by
several factors including the sophistication of the malicious actors,
our information sharing capabilities and policies, and the depth and
capacity of our cyber workforce. Our ability to determine attribution
relies on the examination and assessment of the malicious activity
based on technical, behavioral, and personal characteristics. While it
is certainly difficult to definitively attribute malicious cyberspace
actions, the cyberspace community has developed and implemented robust
methodologies that begin with the malicious event and take into account
all applicable aspects to include the victim of the attack, the
infrastructure employed by the attacker, and the demonstrated
capability of the attacker.
Our collective ability to identify malicious cyber actors has
improved significantly in recent years, as we have adopted the
federated approach in the analysis of data necessary to pinpoint the
nexus for a given cyber operation. To stay ahead of the adversary,
there are currently processes in place to share information and
analytic insight across the DOD and the Intelligence Community.
9. Senator Ayotte. Mr. Rosenbach, General McLaughlin, General
Cardon, Admiral Tighe, General Wilson, and General O'Donohue, what can
we do to increase our attribution capabilities?
Mr. Rosenbach. Attribution is a fundamental part of our cyber
deterrence strategy as well as being critical to our ability to respond
to a cyber attack in a timely and appropriate way. The Department, U.S.
law enforcement, and the intelligence community have invested
significant resources in collection, analysis, and synthesis of all-
source intelligence to unmask malicious actors' cyber personae,
identify the point of origin of their activity, and understand
adversaries' tactics, techniques, and procedures.
DOD also collaborates closely with the U.S. private sector and
other Federal departments and agencies to broaden our understanding of
malicious activity, which improves our ability to attribute the origin
of such activity as confidently and rapidly as possible. To that end,
legislation that facilitates cyber information sharing between the U.S.
Government and private sector will support the whole-of-nation approach
that is necessary to protect against, prevent, detect, and respond to
cyber threats..
Along with its intelligence community components, U.S. Cyber
Command's National Mission Teams will be crucial to the Department's
contribution to tracking foreign cyber adversaries in order to respond
proactively to their evolving tactics, techniques, and procedures, as
well as to changes in the focus of their malicious activities as they
maneuver in cyberspace. This will be essential if we are to gain
sufficient warning to be able to take action to prevent or respond to
an impending attack of significant consequence. We appreciate
Congress's support as we expedite the building of these National
Mission Teams.
Finally, the counterintelligence organizations of the Military
Departments are uniquely positioned to improve our insight into, and to
frustrate and defeat, cyber espionage. The Military Departments and the
Under Secretary of Defense for Intelligence, in consultation with the
Principal Cyber Advisor, are developing a strategy that will specify
how the military counterintelligence organizations will collaborate
more effectively with the broader U.S intelligence and law enforcement
communities on investigations and human and technical operations that
thwart foreign cyber intelligence activities directed against the
Department and the defense industrial base. We appreciate Congress's
support as we appropriately resource these efforts.
General McLaughlin. As outlined in the recently released DOD Cyber
Strategy, improving our ability to attribute malicious cyber activity
is a cornerstone in protecting the nation's cyber enabled critical
infrastructure.
Training, recruitment, and retention of effective information
technology and analysis personnel are critical to building and
maintaining an effective cyber force. Our current build-up of the Cyber
Mission Force is a step in the right direction. It is also important we
continue to strengthen the cyber ranks of existing agencies by hiring
the most qualified individuals at all experience levels by providing
working environments that are competitive with the private sector.
Substantial investment in research and development of new
capabilities by private enterprise, educational institutions, and
government agencies is also critical to improving our attribution
capability. Attribution capability is highly dependent upon our mastery
and dominance of communication and system technologies.
Finally, the sharing of malicious cyber activity and associated
intelligence between the government and the private sector is key in
the process of understanding the cyber adversary. As attribution models
and frameworks continue to mature, unique insights and information can
be shared and organized to deliver more rapid and accurate attribution.
Combining private sector knowledge of threat streams on their systems
with the government's knowledge of the same threat streams raises the
collective understanding of adversary tactics, techniques, and
procedures. This is consistent with the Administration's emphasis on
the urgent need for cyber security legislation. Current legislative
initiatives would create the necessary conditions for effective and
efficient information sharing.
General Cardon. All attribution information received by Army cyber
forces is received through a collaboration of DOD, DOJ(FBI), DHS, and
other DOD and federal intelligence agency capabilities. Any legislation
that would facilitate cyber information sharing between the U.S.
Government and the private sector would more fully embrace a whole-of-
nation approach by providing real time intelligence, and better
equipping us to prevent, detect and respond to cyber threats.
Admiral Tighe. Service Components rely on the attribution authority
and capability of NSA, USCYBERCOM, FBI and DHS to determine attribution
of cyber activity as directed by ODNI. To increase this attribution
capability, Service Cyber Components provide timely and accurate data
of malicious activity on Service networks. Expanding each Service's
defense-in-depth approach to network sensor and detection system
coverage, data retention capacity, and supporting analytics would
assist Service Components in providing timely, accurate, and
comprehensive data to the responsible attribution authority.
General Wilson. As outlined in current legislative initiatives and
the recently released DOD Cyber Strategy, improving our ability to
attribute malicious cyber activity is a cornerstone in protecting the
nation's cyber enabled critical infrastructure.
Training, recruitment, and retention of effective information
technology and analysis personnel are critical to building and
maintaining an effective cyber force. Our current build-up of Cyber
Mission Forces is a step in the right direction. It is also important
we continue to strengthen the cyber ranks of existing agencies by
hiring the most qualified individuals at all experience levels by
providing working environments that are competitive with the private
sector.
Substantial investment in research and development of new
capabilities by private enterprise, educational institutions, and
government agencies is also critical to improving our attribution
capability. Attribution capability is highly dependent upon our mastery
and dominance of communication and system technologies.
Finally, the sharing of malicious cyber activity and associated
intelligence between Federal agencies and the private sector is key in
the process of understanding the cyber adversary. As attribution models
and frameworks continue to mature and are shared and agreed across
agencies, each agency's unique insights and information can be shared
and organized to deliver more rapid and accurate attribution. Combining
commercial threat streams with the greater levels of signals
intelligence, law enforcement/counterintelligence, and human
intelligence collection, the Intelligence Community gains a better
understanding of adversary tactics, techniques, and procedures.
General O'Donohue. As outlined in the forthcoming DOD Cyber
Strategy 2015, the U.S. requires strong intelligence, forensics, and
indications and warning capabilities to reduce anonymity and increase
confidence in the attribution of malicious actors. Mastery and
dominance of communication and system technologies are critical to the
fidelity of these capabilities. In order to build and maintain this
level of proficiency, we must recruit and retain the most qualified
individuals. Through persistent training and collaboration with private
enterprise, educational institutions, and government agencies, we must
build the collective capacity of an effective Cyber Mission Force.
Additionally, by leveraging the skills and capabilities of our allied
partners, we can increase the potential to close gaps and achieve
attribution of specific cyber-attacks to state or non-state actors.
Additionally, the sharing of malicious cyber activity and
associated information between Federal agencies and the private sector
is critical to understanding our cyber adversaries. As attribution
models and frameworks mature, each agency's unique insights can be
leveraged to deliver more rapid and accurate attribution. Commercial
threat streams augment and enhance our level of understanding of
adversary tactics, techniques, and procedures.
______
Question Submitted by Senator Jeanne Shaheen
dod and dhs cyber collaboration
10. Senator Shaheen. Mr. Rosenbach and General McLaughlin, can you
describe the Department of Defense's (DOD) efforts to collaborate and
share information with the Department of Homeland Security (DHS) in
terms of planning, operational structure, and efforts to address
external threats?
Mr. Rosenbach. DOD works very closely with its interagency partners
to ensure that it is building and implementing a whole-of-government
approach to cybersecurity. DOD's relationships with DHS and the
Department of Justice (DOJ) are and must remain strong, as DHS and DOJ
have the lead for domestic response to cyber threats. In this context,
DOD has a more limited support role.
DOD and DHS regularly collaborate and share information through a
variety of channels, ranging from daily communication between
operational centers to interagency forums such as the Cyber Response
Group and Unified Coordination Group. The two organizations also
exercise together to ensure unity of effort across the departments.
In 2010, the Secretaries of Defense and Homeland Security signed a
Memorandum of Agreement (MOA) for sharing personnel, equipment, and
facilities in order to increase interdepartmental collaboration, mutual
support for cybersecurity capabilities development, and synchronization
of current operational cyber mission activities. Today, we are
developing ways to improve collaboration and information sharing to
protect and defend U.S. critical infrastructure, to create consistent
approaches to cybersecurity across both national security and non-
national security systems, and to enhance our ability to prevent,
mitigate, respond to, and recover from domestic cybersecurity
incidents.
General McLaughlin. The Department of Defense (DOD) and the United
States Cyber Command (USCYBERCOM) maintain a healthy, positive, and
productive collaboration and information sharing relationship with the
Department of Homeland Security (DHS), focused within the National
Protection and Programs Directorate (NPPD) Office of Cyberspace and
Communications (CS&C). The terms of this relationship are set forth in
the 2010 Memorandum of Agreement (MOA) between DHS and the DOD
regarding Cybersecurity, and are further described in the 2013 U.S.
Federal Cybersecurity Operations Team National Roles and
Responsibilities chart and other applicable vision statements and
strategy papers.
Routine collaboration and information sharing between USCYBERCOM
and DHS revolves around the daily interaction between the USCYBERCOM
Joint Operations Center (JOC) and the DHS National Cybersecurity and
Communications Integration Center (NCCIC), as well as the physical
presence of exchanged liaison officers within those cyber centers. The
JOC and the NCCIC participate in twice daily operational updates,
conduct a limited exchange of operational reports, and also mutually
participate in Emergency Cyber Action Procedures conference calls and
other operational coordination forums.
Additionally, DOD and DHS benefit greatly from mutual participation
in and support of cyber training exercises. Significant collaboration
between the two departments has underpinned the success of the
USCYBERCOM-led Cyber Guard and the DHS-led Cyber Storm series of
exercises.
In order to further enhance interagency collaboration, streamline
information sharing, synchronize operational action, and focus near-
term cooperative action, various action plans have been developed
between DHS and oraganizations within DOD such as the National Security
Agency (NSA) and USCYBERCOM, Examples of these action plans in
execution include the Enhance Shared Situational Awareness (ESSA)
Information Sharing Architecture (ISA) Implementation Plan and the
draft Cyber Action Plan.