[House Hearing, 116 Congress]
[From the U.S. Government Publishing Office]


                                     
 
                         [H.A.S.C. No. 116-74]

                                HEARING

                                   ON

                   NATIONAL DEFENSE AUTHORIZATION ACT

                          FOR FISCAL YEAR 2021

                                  AND

              OVERSIGHT OF PREVIOUSLY AUTHORIZED PROGRAMS

                               BEFORE THE

                      COMMITTEE ON ARMED SERVICES

                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED SIXTEENTH CONGRESS

                             SECOND SESSION

                               __________

  SUBCOMMITTEE ON INTELLIGENCE AND EMERGING THREATS AND CAPABILITIES 
                                HEARING

                                   ON

     THE FISCAL YEAR 2021 BUDGET REQUEST FOR U.S. CYBER COMMAND AND

                        OPERATIONS IN CYBERSPACE

                               __________

                              HEARING HELD
                             MARCH 4, 2020

                                     


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]                                     




                          ______

             U.S. GOVERNMENT PUBLISHING OFFICE 
 40-605               WASHINGTON : 2020 

  


   SUBCOMMITTEE ON INTELLIGENCE AND EMERGING THREATS AND CAPABILITIES

               JAMES R. LANGEVIN, Rhode Island, Chairman

RICK LARSEN, Washington              ELISE M. STEFANIK, New York
JIM COOPER, Tennessee                SAM GRAVES, Missouri
TULSI GABBARD, Hawaii                RALPH LEE ABRAHAM, Louisiana
ANTHONY G. BROWN, Maryland           K. MICHAEL CONAWAY, Texas
RO KHANNA, California                AUSTIN SCOTT, Georgia
WILLIAM R. KEATING, Massachusetts    SCOTT DesJARLAIS, Tennessee
ANDY KIM, New Jersey                 MIKE GALLAGHER, Wisconsin
CHRISSY HOULAHAN, Pennsylvania       MICHAEL WALTZ, Florida
JASON CROW, Colorado, Vice Chair     DON BACON, Nebraska
ELISSA SLOTKIN, Michigan             JIM BANKS, Indiana
LORI TRAHAN, Massachusetts
                Josh Stiefel, Professional Staff Member
               Eric Snelgrove, Professional Staff Member
                         Caroline Kehrli, Clerk
                         
                            C O N T E N T S

                              ----------                              
                                                                   Page

              STATEMENTS PRESENTED BY MEMBERS OF CONGRESS

Langevin, Hon. James R., a Representative from Rhode Island, 
  Chairman, Subcommittee on Intelligence and Emerging Threats and 
  Capabilities...................................................     1
Stefanik, Hon. Elise M., a Representative from New York, Ranking 
  Member, Subcommittee on Intelligence and Emerging Threats and 
  Capabilities...................................................     3

                               WITNESSES

Nakasone, GEN Paul M., USA, Commander, U.S. Cyber Command, and 
  Director, National Security Agency.............................     6
Rapuano, Kenneth P., Assistant Secretary of Defense for Homeland 
  Defense and Global Security, and Principal Cyber Advisor to the 
  Secretary of Defense, U.S. Department of Defense...............     4

                                APPENDIX

Prepared Statements:

    Langevin, Hon. James R.......................................    21
    Nakasone, GEN Paul M.........................................    42
    Rapuano, Kenneth P...........................................    23

Documents Submitted for the Record:

    [There were no Documents submitted.]

Witness Responses to Questions Asked During the Hearing:

    [There were no Questions submitted during the hearing.]

Questions Submitted by Members Post Hearing:

    Mr. Scott....................................................    57
      

    THE FISCAL YEAR 2021 BUDGET REQUEST FOR U.S. CYBER COMMAND AND 
                        OPERATIONS IN CYBERSPACE

                              ----------                              

                  House of Representatives,
                       Committee on Armed Services,
     Subcommittee on Intelligence and Emerging Threats and 
                                              Capabilities,
                          Washington, DC, Wednesday, March 4, 2020.
    The subcommittee met, pursuant to call, at 3:26 p.m., in 
room 2212, Rayburn House Office Building, Hon. James R. 
Langevin (chairman of the subcommittee) presiding.

 OPENING STATEMENT OF HON. JAMES R. LANGEVIN, A REPRESENTATIVE 
 FROM RHODE ISLAND, CHAIRMAN, SUBCOMMITTEE ON INTELLIGENCE AND 
               EMERGING THREATS AND CAPABILITIES

    Mr. Langevin. The subcommittee will come to order.
    I apologize to everyone for being late. We just left the 
Vice President giving a briefing on the coronavirus issue to 
the Democratic Caucus, but we will get underway.
    I want to welcome everyone to today's hearing on the fiscal 
year 2021 budget request for military operations in cyberspace.
    I would first of all like to welcome our witnesses here 
today.
    Mr. Kenneth Rapuano serves as both the Assistant Secretary 
of Defense for Homeland Defense and Global Security and as the 
Principal Cyber Advisor to the Secretary of Defense. Prior to 
returning to government service, Mr. Rapuano worked for 
federally funded research and development corporations focusing 
on homeland security and counterterrorism issues.
    Mr. Rapuano, welcome back.
    Next, General Paul Nakasone serves in three capacities 
concurrently: Commander, U.S. Cyber Command; also Director of 
the National Security Agency, and Chief of the Central Security 
Service. Before his current role, he commanded U.S. Army's 
Cyber Command and has served as a career intelligence officer 
through his 33 years in uniform.
    General Nakasone, thank you for your service to the Nation, 
and we are pleased to have you back before the subcommittee 
once again.
    So the Department of Defense created U.S. Cyber Command 
[CYBERCOM] in 2009, and more than 10 years later we are still 
working diligently on establishing the foundations, concepts, 
doctrine, training, and metrics needed to ensure the security 
of the Nation in the cyberspace domain.
    The state of cyber in national defense is more central than 
ever, and 2020 marks a sea change, with cyber firmly 
established and accepted as a warfighting domain, capability, 
and asset. This is highlighted best through the current 
operational posture and institutional maturation of CYBERCOM. 
Over the course of 2020, this subcommittee expects the command 
to aggressively address issues of readiness, operational tempo, 
and the defense of the Nation's electoral system, among other 
things.
    This subcommittee has worked to ensure that the Department, 
the military services, and CYBERCOM are equipped with the tools 
and authorities necessary to achieve their objectives. In the 
fiscal year 2020 NDAA [National Defense Authorization Act], we 
granted new authorities to CYBERCOM and bolstered multiple 
frameworks for legislative oversight. We seek to balance an 
appropriate degree of oversight while ensuring the command 
retains operational flexibility. We will continue this trend 
through our collective work in the 2021 bill.
    CYBERCOM is facing possibly the most challenging year in 
its existence. General Nakasone, your command sits at the 
center of the Department's efforts to secure the information 
environment. The United States faces increasing malicious 
activity from Russia, Iran, China, and others.
    We know about how Russia weaponized information during the 
2016 elections, and we must do more to anticipate and counter 
these sophisticated operations. While we have had some success 
countering Russia's malign influence campaigns in 2018, we must 
not let our guard down. We must ensure that we are properly 
organized within the Department of Defense and coordinating 
across the United States Government.
    I hope you will give us a full assessment of your efforts 
to protect the country from malign cyber activity. I will be 
particularly interested to hear how you are working with 
partners in the interagency to promote a more stable cyberspace 
and protect our allies' critical infrastructure.
    I want to hear, specifically, how you are coordinating and 
deconflicting activities domestically with the Department of 
Homeland Security and internationally with the Department of 
State.
    I am also interested to hear from our witnesses about their 
assessment of CYBERCOM's current force structure.
    For the past year, I have had the privilege of serving on 
the Cyberspace Solarium Commission and want to thank you, in 
particular, Mr. Rapuano, for your many contributions to our 
work.
    One of the areas of focus of the Commission has been 
whether CYBERCOM's force structure properly reflects the 
command's operational aspirations. Essentially, we need to 
candidly assess whether a force conceived more than 7 years ago 
is sufficient for a dramatically different environment today. I 
will also be curious to hear candid assessments on how organic 
capabilities resident in the services are rationalized with 
CYBERCOM's mission and strategy.
    Throughout our Nation's history, our military has grown 
accustomed to focusing on the offensive systems, forces, and 
platforms that deliver effects against our adversaries. Given 
our geographic advantage of two oceans and our history of 
primarily fighting overseas, we are conditioned to fight 
offensively. However, in a connected world with an inestimable 
number of internet-connected devices, networks, vehicles, and 
systems, our defensive posture in the cyber domain has never 
been more critical.
    So, while I fully support CYBERCOM's more offensively 
postured construct, I am concerned that the President's fiscal 
year 2021 cyber budget signals in select places that we can 
sacrifice defensive programs and investments in favor of 
investments in offensive cyber systems and programs.
    So I hope that the witnesses will speak candidly about 
balancing resources to ensure the Department is best postured 
to protect the United States in cyberspace, whether through 
defensive or offensive missions.
    So, with that, I want to thank our witnesses for appearing 
before us today. I thank you for all that you are doing on 
behalf of the country to keep all of us safe.
    As a reminder, after this open session, we will move to 
room 2337 for a closed, member-only session.
    With that, I will now turn to Ranking Member Stefanik for 
her remarks.
    [The prepared statement of Mr. Langevin can be found in the 
Appendix on page 21.]

STATEMENT OF HON. ELISE M. STEFANIK, A REPRESENTATIVE FROM NEW 
YORK, RANKING MEMBER, SUBCOMMITTEE ON INTELLIGENCE AND EMERGING 
                    THREATS AND CAPABILITIES

    Ms. Stefanik. Thank you, Chairman Langevin.
    Secretary Rapuano and General Nakasone, welcome back to 
this committee.
    We are now 2 years removed from U.S. Cyber Command reaching 
full operational capability. In that time, we have witnessed 
several significant achievements with tangible operational 
results. These included the interagency efforts with the Russia 
Small Group and Operation Synthetic Theology and also the 
development and implementation of a strategy that emphasizes 
continuous engagement, hunting our adversaries forward, and 
reasserting deterrence in cyberspace.
    During this time, we have seen our adversaries adapt, 
blending cyber and information warfare to form an operational 
continuum that continues to challenge us in the digital realm. 
What worked for our cyber forces in helping to secure our 2018 
midterm elections will not necessarily guarantee our security 
moving forward. We must acknowledge the creativity of our 
adversaries and continue to adapt our playbook. We must ensure 
that election security is a continuous, sustained effort 365 
days a year.
    There has been significant progress within the Cyber 
Mission Force over the past year--specifically, the 
understanding and categorizing of specific cyber operations 
forces, the delegation of important operational authorities, 
the establishment of cyber-peculiar capability development, and 
the understanding of cyber vulnerabilities within our own 
installations and weapons systems.
    We have made headway to mature our cyber forces, but much 
work lies ahead. I am interested in hearing what we have 
learned about the operational needs of the Cyber Mission Force. 
Are we organized with the appropriate skill sets, number of 
personnel, and force structure to meet the future needs of the 
Nation?
    As we reevaluate our cyber posture, these findings will be 
critical to ensuring we align the appropriate resources, 
policy, and authorities to the Cyber Mission Force to stay 
ahead of our adversaries and reaffirm the notion of deterrence 
in cyberspace.
    With that, I yield back.
    And thank you again to our witnesses.
    Mr. Langevin. I thank the ranking member.
    Before I recognize Secretary Rapuano, I want to briefly 
note to our witnesses that the cumulative cyber budget has not 
been made available to Congress or the American people. The 
President's budget was formally delivered nearly a month ago, 
and we are still waiting for the congressionally mandated 
budget documents for cyberspace operations.
    Secretary Rapuano, I am also disheartened that even your 
opening statement relied only on top-line figures for 
cyberspace operations. So I hope that the numbers are going to 
be forwarded to Congress imminently.
    With that, I will turn it over to you, Secretary Rapuano. 
You are now recognized for your opening statement.

STATEMENT OF KENNETH P. RAPUANO, ASSISTANT SECRETARY OF DEFENSE 
 FOR HOMELAND DEFENSE AND GLOBAL SECURITY, AND PRINCIPAL CYBER 
ADVISOR TO THE SECRETARY OF DEFENSE, U.S. DEPARTMENT OF DEFENSE

    Secretary Rapuano. Thank you, Chairman Langevin, Ranking 
Member Stefanik, and members of the committee.
    I am pleased to be here today with General Nakasone, 
Commander of U.S. Cyber Command, to report on the progress that 
the Department of Defense has made over the past year 
implementing the 2018 DOD [Department of Defense] Cyber 
Strategy and working towards the Department's core objectives 
in cyberspace.
    The 2018 DOD Cyber Strategy prioritizes the challenge of 
great power competition and recognizes that the Department must 
defend forward to counter our competitors' long-term, 
coordinated campaigns of malicious activity to gain political, 
economic, and military advantage.
    The strategy normalizes the Department's efforts in the 
cyberspace domain, integrating cyberspace operations into 
military operations across all physical domains, and reinforces 
the need to prevent or degrade threats before they harm U.S. 
national interests.
    Our new approach to competition in cyberspace is enabled by 
the new Presidential policy on cyberspace operations. Thank you 
also to Congress for legislation which clarified that 
cyberspace operations are traditional military activities. 
Taken together, these changes have advanced the Department's 
ability to operate in cyberspace, allowing us to execute 
transparent, well-coordinated, and timely operations.
    Since last year, I have been focusing on implementing the 
DOD Cyber Strategy and effectively closing the gaps identified 
in the subsequent congressionally directed Cyber Posture 
Review. To this end, I have augmented the expertise and 
capacity of the cross-functional team of experts in the Office 
of the Principal Cyber Advisor.
    We have had a number of successes, including: defining the 
cyber operation forces; initiating the first DOD-wide effort to 
achieve 100 percent visibility of network devices at the 
operating system level; defining what constitutes the 
Department's cyberspace operating force and finalizing 
readiness standards for the Cyber Mission Force; and, finally, 
maturing the concept of layered deterrence.
    We have also made progress in operationalizing the new, 
more proactive approach in cyberspace. My guidance from the 
Secretary is clear: Defending elections is an enduring mission 
of the Department of Defense. To that end, we are supporting a 
whole-of-government effort to defend the 2020 elections. The 
Department, principally through U.S. Cyber Command and NSA's 
[National Security Agency's] Election Security Group, is 
complementing other Federal departments by leveraging our 
unique authorities and capabilities and the proactive approach 
to defend forward.
    Our new, proactive approach in cyberspace is not limited, 
however, to defending elections. Through outstanding 
cooperation with the interagency and the NSC [National Security 
Council], the Department is able to conduct the full range of 
missions articulated in the NDS [National Defense Strategy] and 
the DOD Cyber Strategy. Accordingly, our cyber forces are 
increasingly engaged in cyberspace to promote stability and 
security and to defend the United States. Our interagency and 
private-sector partners are key to ensuring that DOD can 
operate and project power in a contested cyber environment.
    The increasingly provocative activities of key competitors 
demonstrate how vulnerable the Department is to attacks against 
the many non-DOD-owned assets that are nevertheless critical to 
our ability to execute our missions. Their vulnerability means 
that adversaries could disrupt military operations without 
actually targeting military networks and systems themselves.
    To address these challenges, we are strengthening alliances 
and attracting new partners to take a whole-of-society approach 
to enabling better security and resilience of key assets.
    For example, to enable collaboration and unity of effort 
between DOD and the Department of Homeland Security in support 
of protecting critical infrastructure and defense critical 
assets, we have focused on maturing processes and procedures 
for cooperation and information-sharing and enabling 
operational collaboration.
    We have taken a range of actions, including carrying out 
combined training events with DHS [Department of Homeland 
Security] and private-sector entities and collaborating with 
DHS to exchange cyber threat information with private-sector 
entities.
    We are also finalizing an agreement with DHS, the Federal 
lead for improving the security and resilience of much of the 
Nation's critical infrastructure, to implement section 1650 of 
the fiscal year 2019 NDAA to allow DOD to provide DHS with up 
to 50 cybersecurity personnel on a non-reimbursable basis to 
enhance cybersecurity cooperation and unity of effort.
    The key theme of the DOD Cyber Strategy is strengthening 
international alliances and attracting new partners. In 2019, 
the Secretary issued new international cybersecurity 
cooperation guidance to clarify priorities for addressing cyber 
threats through building the capacities of our international 
partners and refining responsibilities among DOD components.
    The guidance directs how DOD components will 
collaboratively pursue the objectives of the National Defense 
Strategy, the National Cyber Strategy, and the DOD Cyber 
Strategy as they apply to security cooperation in cyberspace.
    Thank you for the opportunity to appear before you this 
afternoon. With the 2018 National and DOD Cyber Strategies in 
place, we are confident that the Department has the right 
policy, guidance, authorities, and funding levels to support 
the defense of our Nation in cyberspace.
    I look forward to continue working with you and our 
critical stakeholders both inside and outside the U.S. 
Government to build on this process. Thank you.
    [The prepared statement of Secretary Rapuano can be found 
in the Appendix on page 23.]
    Mr. Langevin. Thank you, Secretary Rapuano.
    General Nakasone, you are now recognized.

 STATEMENT OF GEN PAUL M. NAKASONE, USA, COMMANDER, U.S. CYBER 
        COMMAND, AND DIRECTOR, NATIONAL SECURITY AGENCY

    General Nakasone. Good afternoon, Chairman Langevin, 
Ranking Member Stefanik, and distinguished members of the 
committee. I look forward to discussing the state of U.S. Cyber 
Command in 2020, its 10-year anniversary from when it was 
formed.
    Today, I want to highlight how Cyber Command is providing 
clear returns on the investment the Nation has made in it. In 
the statement I submitted for the record, I explained how Cyber 
Command is expanding the competitive space for the Department 
of Defense. Making this all possible are the contributions made 
by our military and civilian personnel and the support you and 
the Department of Defense continue to give us.
    Let me touch on three issues that are at the forefront of 
our efforts today: elections, readiness, and the people that 
make up the DOD cyber force.
    We are 244 days from the 2020 Presidential election. My top 
priority is a safe and secure election that is free from 
foreign influence.
    Our strategy at Cyber Command, working with NSA and other 
partners across the government, is to generate actionable 
insights, to harden defenses, and to be ready to impose costs, 
if necessary. Malicious actors are trying to test our defenses 
and our resolve. We are ready for them and for any others who 
may try to interfere with our democratic processes.
    I have great confidence in the Cyber Mission Force to 
execute missions because it is a mission-ready force. Ten years 
ago, our national leaders envisioned a command that could lead 
the military's efforts to defend U.S. interests in cyberspace. 
Today, that vision is a reality.
    The Cyber Mission Force is highly trained, well-equipped, 
and manned by our Nation's finest men and women--Active, Guard, 
and Reserve military and civilians alike. They provide the 
Department of Defense and the Nation with capacity to conduct 
defensive activities, like rapid incident response, and they 
stand ready to execute a range of cost-imposing operations.
    The readiness and operational success of the Cyber Mission 
Force is a testament to the quality of our people. Recruiting, 
training, developing, and retaining the best talent is 
essential for the military to defend the Nation in cyberspace.
    I thank you for the legislative flexibility you have 
afforded the Department to do just that, such as the creation 
of the Cyber Excepted Service to fast-track civilian hiring. I 
continue to pursue creative ways to leverage our Nation's best 
and brightest who want to contribute to our missions, 
especially through closer partnerships with the National Guard 
and the Reserves.
    Distinguished members of the committee, thank you once 
again for your support of U.S. Cyber Command. I look forward to 
your questions.
    [The prepared statement of General Nakasone can be found in 
the Appendix on page 42.]
    Mr. Langevin. Thank you, General Nakasone.
    We will now go to questions, and I will recognize myself 
for 5 minutes.
    Let me begin--General Nakasone and Mr. Rapuano, in 
December, the Secretary of Defense signed a memorandum to the 
Department that created the new term ``Cyber Operations 
Force,'' which will now encompass the Cyber Mission Force as 
well as other cyber-specific operational elements.
    Can you please help us understand how a definition was 
decided and which forces were determined to be in the Cyber 
Operations Force while other operation elements, such as the 
Air Force's mission defense teams, were excluded?
    General Nakasone. Chairman, as you are well aware, one of 
the authorities that has been granted to me is the joint force 
provider role. That is the ability for us at USCYBERCOM and 
myself, particularly, to have cognizance over select elements 
of our cyber force DOD-wide.
    We initially began with looking at the cyber force as only 
133 teams, our Cyber Mission Force. But as we realized, given 
our three missions, to include securing the Department of 
Defense Information Network, we needed to have greater 
visibility over a larger force. So that cyber operational force 
now is not only 133 teams, but it is also the cybersecurity 
service providers, the people that run the networks for each of 
the services.
    And I would offer, why is that important? That is important 
because we want to have the ability to drive training standards 
that are equal across all of our services. That is a lesson 
that we have learned with our Cyber Mission Force. One training 
standard allows us to be interoperable, drives a higher level 
of training, drives a higher level of capacity.
    Mr. Langevin. Can you talk about which teams were excluded 
and which were not?
    General Nakasone. We looked very carefully, Chairman, at 
each of the service capabilities. And so those cyber elements 
that were doing a uniquely service-specific job, such as a 
defensive job for unique weapon systems, we looked at that and 
we thought that that was a service retain mission and one that 
would remain in the cognizance of the services.
    Mr. Langevin. So how many people will be part of the new 
Cyber Operations Force?
    General Nakasone. Roughly, back-of-the-envelope math, 
Chairman, I would say the 6,187 that are part of our Cyber 
Mission Force. And then I would say probably double that with 
regards to our cybersecurity service providers across all four 
services.
    Mr. Langevin. Okay. All right. Thank you.
    So my next question. Cyber Command right now is being 
utilized today to a greater degree than ever before. For all 
the various mission sets and the demand signal from the 
Secretary and the other combatant commanders, do you believe 
that the approximately 6,100 personnel in the Cyber Mission 
Force is the right size? And if not, what would be the correct 
size?
    General Nakasone. Chairman, as you know, we created the 
Cyber Mission Force in late 2012 and started building it in 
2013. It was designed on 133 teams, given the planning that we 
had at the time.
    What has changed since 2013? We are starting now to do 
election support, an enduring mission, as our Secretary has 
talked about. We have seen our adversaries have gone from 
exploitation, disruption, destruction into influence 
operations. We see the defend-forward strategy that our 
department has now, what we at U.S. Cyber Command are doing as 
persistent engagement, and we see the corresponding hunt-
forward missions. Finally, we see across our services the 
necessity not just to defend networks but also to be very 
careful in defending our data and our weapons systems as well.
    That is a long response to say what we are doing, given all 
of those missions, is, through a series of exercises this year, 
looking to gather data; what is the right size force that we 
need? Obviously, as a commander, I would tell you that I never 
have enough forces, but what I do need is I need the ability to 
show that in data.
    And when we come back to that, we will provide that, 
obviously, to the Department. And the Department, through their 
process, will make a determination on the right size force.
    Mr. Langevin. Okay. And can you talk about the zero-based 
review in the 2020 NDAA and how it will address any existing 
deficiencies?
    And, also, how quickly are the services prepared to grow 
the pipeline needed to provide you with the force to fill out 
the deficiencies between your current strength and your ideal 
size?
    Secretary Rapuano. I would note that we had an exercise not 
long ago with the Secretary of Defense with the NDS 
Implementation Group looking at cyber and went through the 
whole framework. General Nakasone did an outstanding job 
briefing.
    But the issue of our force sizing came up. And there was a 
lot of emphasis--just as General Nakasone has just explained, 
this was at the very beginning; 2013 versus 2020 is a whole new 
paradigm in terms of the evolving threat and in terms of our 
evolving understanding of the needs.
    So the Secretary directed at the end of that meeting that 
we conduct this assessment, which will be supporting the 
response to the NDAA requirement.
    Mr. Langevin. Okay. Thank you.
    The ranking member is now recognized for 5 minutes.
    Ms. Stefanik. I am going to yield my time to Rep. 
Gallagher.
    Mr. Gallagher. Thank you.
    And thank you to both of you gentlemen for your active 
participation in the Cyber Solarium Commission; General 
Nakasone, for making yourself available on numerous occasions 
to brief the Commission; and Mr. Rapuano, for being an active 
member of the Commission and having an almost perfect 
attendance record on the Commission's meetings, which I know is 
hard to achieve. And most Members of Congress on the Commission 
did not even achieve that attendance record.
    So we are really looking forward to unveiling the final 
report, which would not have been possible were it not for the 
leadership of Chairman Langevin and his active engagement in 
it. So we hope it is a start of a very robust discussion about 
not only how far we have come under both of your leadership but 
how far we still need to go and where we can improve.
    And just to kind of follow up on the line of questioning 
from the chairman, just to put a point on it, General Nakasone, 
since the Cyber Mission Force was created, it is fair to say 
the demands on that force have increased.
    So, while we can't say here today that you need to increase 
the Cyber Mission Force by X number and it is going to cost 
this amount of dollars, it would be fair to say, if we were to 
do a force structure assessment of the Cyber Mission Force, it 
would probably come back with an expanded vision for the Cyber 
Mission Force, correct?
    General Nakasone. So, Congressman, I would offer that, I 
think as we take a look at the expansion missions, that 
obviously there will likely be, you know, a corresponding look 
at what the proper size needs to be.
    If I might, one of the things that I perhaps didn't 
emphasize enough that I think really has changed tremendously 
is the fact that the strategies, the policies, the authorities 
have all changed dramatically even in the past 24 months. And 
that has driven a larger OPTEMPO [operational tempo], an 
OPTEMPO we can talk about in closed session today. Because I 
think you can see, given the right strategy, policies, and 
authorities, what this force is able to do.
    Mr. Gallagher. And then just to the extent you can, give us 
a sense of what your team was doing last night in near-real-
time as you have tried to, kind of, learn the lessons of 2016. 
Just give us a taste of what that looks like.
    General Nakasone. So, Super Tuesday, yesterday, team comes 
in at 6 o'clock in the morning. We have teams ready to go. We 
have the interagency up on one chat system, so we are talking 
between the Department of Defense, Department of Homeland 
Security, intelligence community. We have a very good feel from 
elements of our National Guard in certain States of what is 
ongoing.
    This is all different than what we were doing in 2018. In 
2018, I look back on that, even though very successful, it 
looks like a pickup game to me, as opposed to what I saw 
yesterday--constant communications. ``Hey, we see indications 
of a problem here.'' ``Do we see any indications in foreign 
intelligence that that might be indicative of someone making a 
move?'' ``No, we don't.''
    This is the type of interaction--rapid. I think it is 
representative of the domain in which we operate, but I think 
it is also the idea of we have all of these elements together. 
The National Security Council is online. We have a really good 
sense of, across the interagency and across the whole of 
government, how we operate.
    Ms. Stefanik. Reclaiming my time, I am going to yield to 
Mr. Waltz to give other members an opportunity.
    Mr. Waltz. Thank you.
    Just continuing on the election security piece, over 9,000 
counties across the United States, different operating systems, 
different levels of talent, different funding.
    How do we--number one, I think it is worth noting that the 
Guard is the only entity that is in all 9,000 counties across 
the United States. So, question one, what more can the Guard 
do, from an election security piece?
    Number two, are we thinking about this in the right way, in 
the sense of deterrence, right? Can we possibly bat 1,000? Can 
we possibly defend perfectly? Or, if we have a foreign 
adversary attacking what we have labeled critical 
infrastructure, do we need more of a deterrence posture? And 
what would that look like?
    General Nakasone. Congressman, if I might begin with what 
our strategy is in Election Security Group, because I think 
this is a part of the answer to your question.
    So what are we doing? We are really operating under three 
focus efforts right now. One, how do we generate maximum amount 
of insights on our adversaries? We want to know our adversaries 
better than they know themselves.
    Secondly, how do we improve the defense? How do we work 
with the Department of Homeland Security to ensure election 
infrastructure is more readily defended? And how do we work 
closely with the FBI [Federal Bureau of Investigation] to 
provide information to social media companies to ensure that 
they have it?
    And then, thirdly, how do we impose cost?
    I would offer, one of the things that has been to our 
advantage is we have the experience of 2018, but the other 
thing is that we are not approaching this episodically. Since 
the 8th of November in 2018, we have been working this issue, 
and we are continuing to look at how do we continue to engage 
with our adversaries in a number of different means to ensure 
that they understand that we see what they are doing.
    Mr. Waltz. I just--I know we are out of time. I think you 
are doing a fantastic job. Things are far better than they were 
in 2016. But I think we need to make it clear that this is only 
going to stop when the other side understands that we have the 
capability and will to impose costs on their system. And that 
is a sea change. It is kind of like going from counterterrorism 
in the 1990s to post-
9/11 in terms of how we are thinking about it.
    And I yield my time. Thank you, Ranking Member.
    Ms. Stefanik. I yield back.
    Mr. Langevin. The gentleman's time has expired.
    Mr. Larsen is now recognized.
    Mr. Larsen. Thank you, Mr. Chairman.
    General Nakasone, along those same lines, we talked a 
little bit about this yesterday, but I have had eight townhalls 
since the beginning of the year in my district. And every 
townhall has its own set of issues. You are in a local area, 
they bring up local issues, and so on. But I will say, every 
townhall I have had, two sets of questions come up. One of them 
is on election security and what are we doing to be ready for 
2020.
    So the question I asked yesterday, and I was wondering if 
you could just cover that, is: Given the fact that some of what 
we are doing we can't talk about publicly, you know, how do we 
talk about, how do we communicate to the average citizen who 
wants to know that the United States is doing its dead level 
best? What are the actions that we are taking and what can we 
describe to folks about the actions we are taking to ensure the 
integrity of the vote?
    General Nakasone. Congressman, regarding that question, I 
think the discussion point of what we are discussing today is 
so important. So what is the Department of Defense doing to 
ensure a safe and secure election?
    First of all, putting our assets, to include our finest 
intelligence from the National Security Agency, operating 
outside the United States, to understand what a variety of 
adversaries might want to do.
    Secondly, working across the government, so the Department 
of Defense working across the government with DHS, with the 
intelligence community, with other elements, to share 
intelligence--I mean, to share insights to improve our 
defenses, both at the State and local level for DHS as they 
work with the State and local level; also with the FBI, where 
they are working with the platform owners of, you know, social 
media platforms that are being utilized by our adversaries 
often to message our population.
    And the third thing is a range of actions that we are 
operating today--and we can get into more detail in closed 
session--to impose costs on our adversary. Any adversary that 
intends to interfere with our democratic process should know 
that we are going to take action. We have the authorities, we 
have the policy, we have the strategy, we have the will. And we 
demonstrated that will in 2018.
    Mr. Larsen. This might be for both of you. A lot of focus, 
obviously, on election security in the subcommittee today. With 
all that you are learning and relearning and putting in the 
feedback loop to learn some more about election security, how 
else are we using these young women and men who are in Cyber 
Command?
    Are we creating an expertise in election security as well 
as making sure they have the expertise in supporting combatant 
commanders for other things? Are we starting to create 
divisions--not divisions in a bad way, but sub-agencies within 
Cyber Command? Do we have expertise? How are you approaching 
that?
    General Nakasone. When we stood up our Cyber Mission 
Forces, we had three missions that they were dedicated to, as 
you will recall: One was defend our networks, two was to 
support combatant commanders, and the third piece is to defend 
our Nation in cyberspace.
    Primarily, we are using the element which is the Cyber 
National Mission Force, a unit I know very well, I commanded 
previously, as the action arm for defending the Nation in 
cyberspace with regards to elections.
    I don't think it overly specializes them. In fact, what I 
would tell you is we are seeing influence operations across a 
spectrum of different actors. And so being able to understand 
this, being able to work an election is pretty important for 
us.
    Mr. Larsen. Okay.
    Secretary Rapuano. I would just add to that and the point 
that General Nakasone made earlier, this truly is a whole-of-
government and even a whole-of-society exercise.
    And one of the greatest shifts that we have seen over time, 
even in the last year, is the whole-of-government enterprise 
has matured dramatically. First, you have a much better 
appreciation for the threat. The perception of the threat is 
much more palpable today than I think it has ever been before.
    Secondly, you have seen agencies and departments really up 
their game. You can look at the Department of Homeland Security 
and CISA [Cybersecurity and Infrastructure Security Agency]. 
You can look at other elements of the DHS, but the FBI and 
Justice Department. They bring unique authorities and 
capabilities, and they have added significantly.
    So it is not about Cyber Command now doing things that 
aren't military missions. They are using their military skill 
sets, and they are focused on defending forward, getting at the 
source of the insult. And they are supporting, through 
intelligence and warning and in some cases defense support to 
civil authorities, those civil agencies requesting support. So 
it gets back to that rapid maturation loop that we have seen in 
just one year.
    Mr. Larsen. Yeah.
    Secretary Rapuano. Thank you. Or 2 years, sorry.
    Mr. Larsen. Two years, yeah. Thank you.
    And I yield back. Thank you.
    Mr. Langevin. Thank you, Mr. Larsen.
    Mr. Conaway is recognized.
    Mr. Conaway. No questions.
    Ms. Stefanik. Can you yield to Bacon, please?
    Mr. Conaway. I yield to Bacon.
    Mr. Langevin. Mr. Bacon is recognized.
    Mr. Bacon. Thank you.
    Thank you to both. Appreciate you being here.
    I have a related question on the war powers resolution 
coming up. It was voted out of the Senate. It implies that we 
are doing continuing operations against Iran, which I dispute. 
We did a one-time kinetic operation against General Soleimani, 
who was in Iraq doing war planning, someone who killed 609 
Americans.
    But here is my concern. So this will limit kinetic 
operations, but I think it also--it doesn't just say 
``kinetic.'' It implies any military operations. And what I 
wonder about, what is the impact on Cyber Command if this war 
powers resolution passes both Houses and becomes law?
    Secretary Rapuano. I don't see it impacting Cyber Command 
at all, but I will turn to General Nakasone.
    General Nakasone. I don't either, Congressman. I see us 
continuing to operate below the level of armed conflict. I have 
all the authorities and the policies that I need to continue to 
operate.
    Mr. Bacon. Thank you.
    Secondly, there are two articles that talked about our 
successful operations in the 2018 election, but I don't think 
the voters really know much about it. What can you say as to 
your success in the 2018 election to foil what the Russians 
were doing?
    Secretary Rapuano. I think we can say a lot more in a 
closed hearing, but, again, I will turn to ----
    Mr. Bacon. And whatever you can publicly say. I think it is 
helpful for our citizens to know, though, to the best extent 
that we can. Because this is a success, and it is not really 
well known.
    Secretary Rapuano. So, Congressman, while I won't speak to 
the articles, what I will speak to is the fact that, what was 
different in 2018.
    What was different in 2018 is, again, we had the strategy, 
policies, and authorities that we needed to carry out our 
missions against an adversary that was attempting to influence 
our population.
    Secondly, we had the will to act, the will from policy 
makers and certainly all the way down, and we acted.
    And the third thing is that we have a very, very highly 
trained force that is very, very capable.
    Mr. Bacon. Thank you.
    A third question. When I came in 3 years ago, there was a 
discussion of trying to dual-hat--or not dual-hat--put two 
different four-stars, one for NSA, one for Cyber [Command].
    I thought it was a mistake because I know our teams are 
combined, NSA and Cyber, particularly for cyberattack. It is 
definitely a synergistic team there. I think it works well to 
have a single four-star with two different three-stars.
    But is there any more discussions on separating with two 
different four-stars, or is this the organizational construct 
for the long term, which I hope it is?
    Secretary Rapuano. Any decision on the dual-hat arrangement 
and changes to the dual-hat arrangement would really be the 
considered judgment collectively of the Secretary of Defense, 
the Chairman of the Joint Chiefs, and the Director of National 
Intelligence.
    So that certainly is a possibility, but right now that is 
not a focus in terms of what leadership is looking at with 
regard to our cyber activities.
    Mr. Bacon. Okay. I hope it is not, because I think it is 
useful to have a common direction for both the Cyber side and 
the NSA side on these teams, and having a single four-star 
provides that unified effort. To have two different four-stars, 
it could work. It is personality-dependent. But I also think it 
is a recipe for disaster. So I think we have the right 
construct now.
    We have 6,100 people that are serving in the Cyber Mission 
Force. Is that the right size? Is this working?
    General Nakasone. So certainly it is working. I think 
whether or not it is the right size for the future, that is 
part of the issue that we are going to take on this year 
through a series of different exercises to get the data to take 
a look at what is the right size force given the missions and 
the requirements from the Department.
    Mr. Bacon. One final question, because I have about a 
minute and a half left. Obviously, I am interested in this 
entire topic. I think you guys do great work.
    You know, in the Air Force, they combine their cyber and EW 
[electronic warfare] into a common command under Air Combat 
Command. But at the combatant command level, we have cyber 
under yourself, sir, and then we have also EW under STRATCOM 
[U.S. Strategic Command].
    Is this organization division, is it working, or do we need 
to relook at that?
    General Nakasone. Let me address 16th Air Force first, 
because I am a huge fan of what General Goldfein has done, 
bringing together AFCYBER [Air Force Cyber Command], which was 
the 24th Air Force, along with the 25th. Under one commander, 
10 wings, able to do cyber, IO [information operations], EW, 
intel.
    Why is that important? Because, rapidly, the commander of 
16th Air Force, AFCYBER, can move with a number of different 
opportunities to get at adversaries. And what I just listed 
there are all non-kinetic means that have tremendous 
capabilities against our adversaries.
    So my hat is off to the Air Force.
    Mr. Bacon. You don't see any need to make any changes with 
the EW/cyber at the combatant level?
    General Nakasone. Well, again, I think this is something 
the Joint Staff will continue to study.
    Mr. Bacon. Okay.
    General Nakasone. We are a learning organization. We are a 
work in progress. And I think that, as we continue to mature, 
it will probably take a look at what is the right laydown of 
all the non-kinetic elements.
    Mr. Bacon. Right. I personally don't have a position. I was 
just curious for yours, so I thank you.
    Secretary Rapuano. There are a lot of trades, obviously. 
And the more time that we have in the hole, in terms of 
operating in each of these areas, particularly the new 
warfighting domains--cyber, space--we are going to develop a 
better appreciation for where the synergies are and, as 
importantly, where the organizational strengths are in terms of 
what our structure and business process is.
    Mr. Bacon. Okay. Mr. Chairman, I yield back.
    And thank you to both these great leaders.
    Mr. Langevin. Thank you, Mr. Bacon.
    Mr. Brown is now recognized.
    Mr. Brown. Thank you, Mr. Chairman.
    I have some really basic questions. I will field both of 
them. Take the time that you have to devote to it however you 
want.
    Army, a new accession officer into cyber, can you tell me 
about how you bring that officer in, what kind of training they 
go through, the assignments they need to be an effective, let's 
say,
O-6 in the Cyber Command?
    And then the second question I have is, can you assess 
publicly--and I know that there have been some reports recently 
about, sort of, like, your storage capacity, your ability to 
exploit data, to capture adversary information and analyze it. 
Can you talk about the infrastructure you have and give me an 
assessment, whether you have what you need? Because you take in 
a lot of information every day, and do you have what you need 
to evaluate it, exploit it, act on it, et cetera?
    General Nakasone. Congressman, the question that you ask is 
one that I have a tremendous amount of interest in, because our 
number one priority at U.S. Cyber Command is our people. And 
let me talk a little bit about accessions, particularly for our 
Army, because I know that best.
    So two major places you are going to come if you are a 
cyber officer, either from United States Military Academy or 
ROTC [Reserve Officer Training Corps]. I believe that cyber is 
the top, if not close to the top, requested branch across Army 
in new lieutenants coming in. This is a popular branch that 
very, very talented people want to get into.
    We accept about 120 a year, if I am not mistaken. And from 
that, your initial assignment is going to be at Fort Gordon, 
Georgia, for basic officer leadership course, where you have 
both the technical, the tactical, the leadership abilities that 
are going to be trained as you serve there.
    First assignment likely in one of four places: Fort Meade, 
Maryland; Fort Gordon, Georgia; Texas; or Hawaii. You are 
likely going to be leading one of our offensive or defensive 
teams. So a very similar leadership construct that you are 
obviously very familiar with, but it also builds in terms of, 
as you get more proficient, as you are able to show your 
technical prowess, as you are able to lead soldiers, then 
greater responsibilities would occur.
    In terms of the data, we have, through your strong support 
in the committee here, a Joint Cyber Warfighting Architecture 
that is being funded right now.
    One of the key elements of that is increasing our data. It 
is called the Unified Platform. That is now starting to come 
online and, over the next year, will be really the central 
focus in terms of building this warfighting architecture that 
allows us to store data and then be able to conduct operations 
worldwide.
    Mr. Brown. Thank you.
    I yield back, Mr. Chairman.
    Mr. Langevin. Thank you, Mr. Brown.
    We are going to have to recess here. We have two votes, and 
then we will come back for the closed session. I know Mrs. 
Trahan had a question she wanted to ask in closed session.
    So, at this point, then, unless there are any further 
questions--Ms. Stefanik, do you have any more questions?
    Ms. Stefanik. No questions.
    Mr. Langevin. We will adjourn, and we will come back to 
closed.
    [Whereupon, at 4:10 p.m., the subcommittee proceeded in 
closed session.]



      
=======================================================================




                            A P P E N D I X

                             March 4, 2020

=======================================================================

      



      
=======================================================================


              PREPARED STATEMENTS SUBMITTED FOR THE RECORD

                             March 4, 2020

=======================================================================

      

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
      
    

      
=======================================================================


              QUESTIONS SUBMITTED BY MEMBERS POST HEARING

                             March 4, 2020

=======================================================================

      

                    QUESTIONS SUBMITTED BY MR. SCOTT

    Mr. Scott. When it is time for service members to leave Active 
Duty, either through retirement or voluntary separation, they often 
seek and take employment in industry because of a federally mandated 6-
month cooling-off period before they can be hired as Federal civilian 
employees. Should this restriction be relaxed or waived entirely for 
these well trained and fully credentialed military cyber professionals?
    General Nakasone. Recruiting and retaining top talent is my core 
priority for building the force at U.S. Cyber Command. I am also 
committed to ensuring that hiring decisions are undertaken fairly and 
within the letter and spirit of existing laws and regulations. I 
support the DOD legislative proposal to amend the statute to allow the 
hiring of retired military information technology (IT) and cyberspace 
professionals to DOD IT and cyberspace positions without the 180-day 
cooling-off period.
    Mr. Scott. What is the relationship between the U.S. Cyber Command 
and the United States Coast Guard? What impact does the Coast Guard's 
aging IT infrastructure have on their ability to secure their networks 
against the latest cyber threats?
    General Nakasone. The Coast Guard Cyber a service component of U.S. 
Cyber Command and also a critical bridge with the Department of 
Homeland Security. The Coast Guard's Cyber Protection Team offers 
capacity to support the Coast Guard's defensive missions and protect 
their IT infrastructure from cyber threats. CG Cyber has 28 members 
detailed to USCYBERCOM headquarters, who carry out responsibilities in 
support of global cyber operations, long-term planning, exercises, and 
training. The Commandant of the Coast Guard has launched an effort to 
prioritize addressing the Service's aging technology infrastructure, 
and remains committed to defending its portion of the DODIN in 
accordance with the direction set by USCYBERCOM. The Service is fully 
equipped and postured to protect its mission critical cyber terrain and 
effectively leverages its relationships with DOD and DHS to thwart 
adversaries and emerging threats.
    Mr. Scott. Should some of the recruiting standards be relaxed to 
recruit future cyberwarriors?
    General Nakasone. The military services do an exceptional job of 
recruiting talent to man the uniformed portion of cyber mission force. 
I have no issues with service-specific recruiting standards. I, along 
with the Service Cyber Components, have the ability to recruit 
civilians directly through the Cyber Excepted Service, where military 
recruiting standards do not apply.
    Mr. Scott. You mention in your testimony that violent extremist 
organizations also have used the internet to command and control 
forces, to recruit, and to spread terrorist propaganda. What about the 
VEO's use of the internet for fundraising?
    General Nakasone. Violent Extremist Organizations use a variety of 
methods to fundraise, including Internet-based techniques. Joint Task 
Force Ares is the component of U.S. Cyber Command that leads efforts to 
counter violent extremist activity online. They work with partners 
throughout the federal government to generate insight about the tactics 
of these extremists, and they support the development of options to 
counter them.
    Mr. Scott. How does CYBERCOM leverage commercial threat information 
providers? How does CYBERCOM share information?
    General Nakasone. USCYBERCOM leverages commercial threat 
information providers in three important ways. First, companies offer 
finished reports about cyber actors and their tactics derived from data 
they collect and research they conduct. This kind of finished reporting 
supplements USCYBERCOM's analytic understanding of our adversaries. 
Second, companies provide access to structured datasets that help 
USCYBERCOM conduct deeper research. Finally, other companies offer a 
stream of structured event data that can improve situational awareness 
of real-time threats. While some contracts limit how USCYBERCOM can 
share data, USCYBERCOM elements can blend information from many 
providers into aggregate products that can be shared with other 
partners.
    Mr. Scott. The Cyber Mission Force has long been comprised of 
approximately 6,100 personnel, is this the right size, given the 
demands of the nation?
    General Nakasone. The strategic environment has changed since the 
standup of the CMF in 2012. Over this coming year, USCYBERCOM, in 
partnership with the Joint Staff and Department of Defense, intends to 
gather data and assess how the CMF force aligns with and should be 
sized to meet the current missions it must execute.