[House Hearing, 111 Congress]
[From the U.S. Government Printing Office]
[H.A.S.C. No. 111-179]
U.S. CYBER COMMAND: ORGANIZING FOR CYBERSPACE OPERATIONS
__________
COMMITTEE ON ARMED SERVICES
HOUSE OF REPRESENTATIVES
ONE HUNDRED ELEVENTH CONGRESS
SECOND SESSION
__________
HEARING HELD
SEPTEMBER 23, 2010
[GRAPHIC(S)] [NOT AVAILABLE IN TIFF FORMAT]
U.S. GOVERNMENT PRINTING OFFICE
62-397 WASHINGTON : 2010
___________________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Printing Office,
http://bookstore.gpo.gov. For more information, contact the GPO Customer
Contact Center, U.S. Government Printing Office. Phone 202-512-1800, or
866-512-1800 (toll-free). E-mail, gpo@custhelp.com.
HOUSE COMMITTEE ON ARMED SERVICES
One Hundred Eleventh Congress
IKE SKELTON, Missouri, Chairman
JOHN SPRATT, South Carolina HOWARD P. ``BUCK'' McKEON,
SOLOMON P. ORTIZ, Texas California
GENE TAYLOR, Mississippi ROSCOE G. BARTLETT, Maryland
SILVESTRE REYES, Texas MAC THORNBERRY, Texas
VIC SNYDER, Arkansas WALTER B. JONES, North Carolina
ADAM SMITH, Washington W. TODD AKIN, Missouri
LORETTA SANCHEZ, California J. RANDY FORBES, Virginia
MIKE McINTYRE, North Carolina JEFF MILLER, Florida
ROBERT A. BRADY, Pennsylvania JOE WILSON, South Carolina
ROBERT ANDREWS, New Jersey FRANK A. LoBIONDO, New Jersey
SUSAN A. DAVIS, California ROB BISHOP, Utah
JAMES R. LANGEVIN, Rhode Island MICHAEL TURNER, Ohio
RICK LARSEN, Washington JOHN KLINE, Minnesota
JIM COOPER, Tennessee MIKE ROGERS, Alabama
JIM MARSHALL, Georgia TRENT FRANKS, Arizona
MADELEINE Z. BORDALLO, Guam CATHY McMORRIS RODGERS, Washington
BRAD ELLSWORTH, Indiana K. MICHAEL CONAWAY, Texas
CAROL SHEA-PORTER, New Hampshire DOUG LAMBORN, Colorado
JOE COURTNEY, Connecticut ROB WITTMAN, Virginia
DAVID LOEBSACK, Iowa MARY FALLIN, Oklahoma
JOE SESTAK, Pennsylvania DUNCAN HUNTER, California
GABRIELLE GIFFORDS, Arizona JOHN C. FLEMING, Louisiana
NIKI TSONGAS, Massachusetts MIKE COFFMAN, Colorado
GLENN NYE, Virginia THOMAS J. ROONEY, Florida
CHELLIE PINGREE, Maine TODD RUSSELL PLATTS, Pennsylvania
LARRY KISSELL, North Carolina CHARLES K. DJOU, Hawaii
MARTIN HEINRICH, New Mexico
FRANK M. KRATOVIL, Jr., Maryland
BOBBY BRIGHT, Alabama
SCOTT MURPHY, New York
WILLIAM L. OWENS, New York
JOHN GARAMENDI, California
MARK S. CRITZ, Pennsylvania
LEONARD L. BOSWELL, Iowa
DAN BOREN, Oklahoma
HANK JOHNSON, Georgia
Paul Arcangeli, Staff Director
Kevin Gates, Professional Staff Member
Kari Bingen, Professional Staff Member
Jeff Cullen, Staff Assistant
C O N T E N T S
----------
CHRONOLOGICAL LIST OF HEARINGS
2010
Page
Hearing:
Thursday, September 23, 2010, U.S. Cyber Command: Organizing for
Cyberspace Operations.......................................... 1
Appendix:
Thursday, September 23, 2010..................................... 25
----------
THURSDAY, SEPTEMBER 23, 2010
U.S. CYBER COMMAND: ORGANIZING FOR CYBERSPACE OPERATIONS
STATEMENTS PRESENTED BY MEMBERS OF CONGRESS
McKeon, Hon. Howard P. ``Buck,'' a Representative from
California, Ranking Member, Committee on Armed Services........ 2
Skelton, Hon. Ike, a Representative from Missouri, Chairman,
Committee on Armed Services.................................... 1
WITNESSES
Alexander, Gen. Keith B., USA, Commander, U.S. Cyber Command..... 3
APPENDIX
Prepared Statements:
Alexander, Gen. Keith B...................................... 33
McKeon, Hon. Howard P. ``Buck''.............................. 31
Skelton, Hon. Ike............................................ 29
Documents Submitted for the Record:
[There were no Documents submitted.]
Witness Responses to Questions Asked During the Hearing:
[There were no Questions submitted during the hearing.]
Questions Submitted by Members Post Hearing:
Mr. Miller................................................... 49
Mr. Skelton.................................................. 47
Mr. Turner................................................... 50
U.S. CYBER COMMAND: ORGANIZING FOR CYBERSPACE OPERATIONS
----------
House of Representatives,
Committee on Armed Services,
Washington, DC, Thursday, September 23, 2010.
The committee met, pursuant to call, at 10:05 a.m., in room
2118, Rayburn House Office Building, Hon. Ike Skelton (chairman
of the committee) presiding.
OPENING STATEMENT OF HON. IKE SKELTON, A REPRESENTATIVE FROM
MISSOURI, CHAIRMAN, COMMITTEE ON ARMED SERVICES
The Chairman. Good morning. We welcome you to our hearing
today, a hearing on U.S. Cyber Command, organizing for
cyberspace operations.
We will hear for the first time in this committee since
Cyber Command was established from General Keith Alexander, the
first commander of U.S. Cyber Command. He also continues to
serve in his role as the director of National Security Agency
[NSA].
General Alexander has had a long record of service to our
Nation and is a genuinely nice person, to boot. I think perhaps
the most important thing for the American people to learn from
this hearing is that they have exactly the right person in
charge of this new command. General Alexander is simply the
best, though I will note that there are some other generals
from his class at West Point who also haven't done too badly.
General Alexander, we certainly welcome you and thank you
for your testimony today.
U.S. Cyber Command, or CYBERCOM as it has been called, has
been tasked with conducting the full range of activities needed
for the Department of Defense [DOD] to operate effectively in
cyberspace. Of one thing I am confident: Cyberspace will be a
big part of future warfare.
That means we can't afford to get this wrong. The
establishment of CYBERCOM is a critical milestone for our
Nation's defense. Cyberspace is an environment where
distinctions and divisions between public and private,
government and commercial, military and non-military are
blurred. And while there are limits to what we can talk about
in this open forum, the importance in this topic requires that
we engage in this discussion in a very direct way and include
the public.
The threats facing the Nation in cyberspace are daunting
and have been underappreciated until recently. Just within the
DOD, there are some--more than 15,000 different computer
networks, including 7 million computing devices on 4,000
military installations around the world.
These information systems face thousands of attacks a day
from criminals, terrorist organizations, and more recently from
more than 100 foreign intelligence organizations. DOD recently
announced a new cyber strategy to deal with that burgeoning
threat.
To understand how well prepared the Department of Defense
is to handle the magnitude of the threat, we need to ask some
fundamental questions. Where are we today with CYBERCOM? Where
do we want to take it in the future? And do we have what we
need to get there?
An additional challenge for this committee is determining
how CYBERCOM fits into the broader national security effort.
DOD has traditionally led the way in protecting information
systems, so it is natural for CYBERCOM to play a role beyond
just protecting military networks. What that role should be,
however, needs very careful analysis.
We know that as a Nation we must do more to improve
security in cyberspace and manage risk without choking off
creativity or innovation.
And, General, we look forward to hearing your testimony
today on how you intend to address these very, very important
issues.
[The prepared statement of Mr. Skelton can be found in the
Appendix on page 29.]
The Chairman. Now let me turn to my friend, my colleague,
the gentleman from California, Mr. McKeon.
STATEMENT OF HON. HOWARD P. ``BUCK'' MCKEON, A REPRESENTATIVE
FROM CALIFORNIA, RANKING MEMBER, COMMITTEE ON ARMED SERVICES
Mr. McKeon. Thank you, Mr. Chairman. I want to thank you
for holding today's hearing on Cyber Command and, General
Alexander, for joining us today. And I would like to align
myself with your remarks about how fortunate we are to have
General Alexander as the first commander of Cyber Command and
to have you in this place at this time. We are very fortunate.
Thank you.
Cyber is an operational space that extends well beyond
Internet searches and e-mail messages into a world of
networking, interconnected systems, and pathways that can reach
into individual components of critical weapons systems. The
potential for harm from malicious activity reaches beyond the
traditional military sphere of influence, as financial systems,
critical domestic infrastructure--such as power and water
treatment plants--and personal information all can be touched
and disrupted through cyberspace.
With this in mind, I look with great anticipation to Cyber
Command becoming fully operational next month. The Department
of Defense in many ways has been at the leading edge of
defending against malicious cyber activity and in understanding
the problems and opportunities that cyberspace brings to our
Nation. And I believe we have in General Keith Alexander the
most appropriate person to lead this newly formed command under
U.S. Strategic Command.
U.S. Cyber Command will be the touch-point for all things
cyber within the department and will therefore carry a heavy
burden. The services have built an infrastructure physical
capability, as well as policies and processes, to handle the
extensive activity that must be conducted in the cyber realm.
Now General Alexander will have to ensure those efforts are
brought under one vision and one mission, and it is nice to see
that support group sitting right there behind you, all the
services, everybody working together, because this is very,
very important.
Now General Alexander will have to ensure those efforts are
brought under one vision and one mission, with the goal of
maintaining our military's ability to conduct its operations in
cyberspace. Let there be no doubt: This space is contested and
presents a persistent vulnerability for our military, civilian,
and commercial infrastructures, especially as we increase our
dependence on it.
As then-DNI [Director of National Intelligence] Dennis
Blair commented on in testimony to the Senate Select Committee
on Intelligence on February 2nd, we cannot be certain that our
cyberspace infrastructure will remain available and reliable
during a time of crisis.
In his recent Foreign Affairs opinion piece, Deputy Defense
Secretary William Lynn also touched on the significant threat
that exists in cyberspace. The department is under constant
attack, and attacks will only increase in a crisis situation.
Accordingly, the department must ensure the appropriate
investments in technology infrastructure and people are being
made and the appropriate authorities, processes, policies and
organizations are in place to allow our Nation's military to
meet today's challenges.
The establishment of Cyber Command meets an important step
in strengthening the department's cyber capabilities. As
confirmed in the 2010 Quadrennial Defense Review, the Pentagon
needs both a centralized command for cyber operations and the
development of a comprehensive approach to cyber operations.
Despite this progress, many questions remain as to how
Cyber Command will meet such a broad mandate. Your testimony
today therefore will help this committee understand Cyber
Command's functions and how the department is mitigating its
vulnerabilities in cyberspace.
Thank you for joining us. I look forward to your testimony.
I yield back, Mr. Chairman.
[The prepared statement of Mr. McKeon can be found in the
Appendix on page 31.]
The Chairman. I thank the gentleman from California.
General Alexander, we recognize you for your statement.
However, would you be kind enough to introduce the folks behind
you, who as I understand head up the commands of each of the
services? Would you do that first, please?
STATEMENT OF GEN. KEITH B. ALEXANDER, USA, COMMANDER, U.S.
CYBER COMMAND
General Alexander. Chairman Skelton, Ranking Member McKeon,
absolutely.
Let me introduce the folks that we have. First, Vice
Admiral Barry McCullough, a leader of 10th Fleet, Fleet Cyber
Command. It pains me to say this as an Army guy, but I will
tell you that they are out front. He has done a superb job
leading his unit, working with some of the COCOMs [Combatant
Commands] in setting up the tactics, the techniques,
procedures, doctrine of how we will fight. We, working as a
team, have put together a joint task force looking at this, how
we would, Cyber Command, support the combatant commands. He has
led a lot of that effort, done absolutely superb. They are
doing great.
We have Lieutenant General George Flynn, U.S. Marine Corps,
leading MARFORCYBER, perhaps one of the best in leading some of
the stuff and issues that we have in situation awareness and in
doctrine. And since he has that in the Marine Corps, he can do
both for us. Absolutely superb to have him.
Coming on board, Major General Rhett Hernandez on 1 October
will take over U.S. Army Cyber. He is right now at the deputy
ops, G3/5. We have had a number of conversations on the way
forward. He understands the mission. He and Army Cyber are
jumping forward. They have put together a unit, and I think
that is making great, great headway.
Last but not least, Major General Dick Webber, Air Force
Cyber, 24th Air Force. A couple of things that they have done.
One, he has set up his command down at San Antonio, Texas, done
a superb job, recently gone through an I.G. [Inspector General]
inspection to see if they are ready for their full operational
capability, did a great job on that, passed that by Air Force
Space. They have great folks. I was down there a few weeks ago.
They are doing a great job, absolutely superb.
I would tell you, Chairman, one of the great honors and
privileges for being in this job is to have the team behind us
working this together and working with NSA and the intel
community, absolutely superb.
One of the--one of the things that I wanted to do was,
first, thank you and the committee for the support in helping
us stand up U.S. Cyber Command and the component commands. Like
you, we see this as something critical to the Defense
Department to help us direct the operations in defense of our
networks.
And as you stated, this is a complex issue. We face severe
threats. Those threats to our national security, in my opinion,
are real. It is occupying much of our time and attention. At
the unclassified level, we have stated that we see probes and
scans to our networks that come up on the order of 200,000,
250,000 times an hour, and we have got to be prepared to meet
those.
Our services in combatant commands depend on a command-and-
control system, a computer system that has the integrity and
reliability to operate in combat. We have the mission to help
ensure that that happens.
As you mentioned, we are approaching our full operational
capability. I will tell you that we have met many of the tasks
that we set out to do. As we described last time, we have
brought the Joint Task Force-Global Network Ops up to Fort
Meade, repositioned the Joint Ops Center there at Fort Meade.
It is operating today. That was part of the BRAC [Base
Realignment and Closure] process. Now we have co-located them
with the NSA Threat Operations Center, and that is a great step
forward. That was done and completed in May and has been
operating ever since.
Some of the issues that we work with are the issues that I
think you would expect us to do. First and foremost, how are we
going to support the combatant commands? How are we going to
defend this network in crisis? And those are the things that we
are taking on first, establishing the tactics, the techniques
and procedures for doing just that, and we are breaking this
out, looking at the most significant threats first and ensuring
that if something were to happen, we can take those threats on.
I did provide a written statement for the record. As you
know, Chairman, I am not that good at reading. I am an Army
officer, so I would ask that that be submitted.
The Chairman. Without objection, that will be part of the
record. Thank you.
General Alexander. I would--I would tell you that this is a
work in progress, what we are doing at Cyber Command. This is
going to take time for us to generate the force. If I were--if
you were to ask me what is the biggest challenge that we
currently face, it is generating the people that we need to do
this mission.
We have about--we have our command stood up, our staff
stood up, but the force is what we now have to rely on. The
services are expanding that mission, going to 1,000 per year
over the next few years, and I think we are headed in the right
time. That is the biggest focus that we have, how we get that
force generated, and the topic of discussion throughout the
department. And I will tell you, rest assured, we know that
that is important to get this done.
I see these remarks and this opportunity to start the
dialogue, an open, transparent dialogue on what we are trying
to do in Cyber Command to defend our Defense Department's
networks against attack and to accomplish other missions that
we would have as delegated to us to defend other networks
throughout the government.
And, Mr. Chairman, I would pass it back to you.
[The prepared statement of General Alexander can be found
in the Appendix on page 33.]
The Chairman. I certainly thank the gentleman.
Mr. McKeon, gentleman from California.
Mr. McKeon. Thank you, Mr. Chairman.
General, how do you see the Cyber Command improving the
department's ability to provide a trained cyber force to ensure
that service research and development investments, and
procurement programs will provide a united, comprehensive
approach to DOD cyber operations?
General Alexander. Congressman, I think the key thing on
this is to do it as a joint organization, so the standards are
the same throughout--throughout the command. So bringing in--
whether it is the tools we create or the students we put
through there, doing it as a joint force with one standard is
the key thing, and we have taken that approach, so our cyber
training is at one school.
And if we have to go to multiple schools, it will be done
with one standard. And I think that is what we need to do, so
that you know, our combatant commanders know, the folks that
are forward know that whether they get a soldier, Marine,
airman or sailor, that that person is trained to a standard and
can accomplish the mission that is expected of them.
Mr. McKeon. How does Cyber Command provide U.S. Strategic
Command with a wider menu of strategic options? How do you
respond to concerns that the alignment of defensive and
offensive capabilities represents too much cyber capability
resting in one command or within the Department of Defense? And
why were these two functions placed under your command? What
operational efficiencies were achieved by this alignment?
General Alexander. That is a great question--question,
Congressman. Let me--let me just drop back and go to the 2008.
As you may recall, there was a significant problem on our
networks that we discovered. At that time, we had the defense
and the operations in one command, under the Joint Task Force-
Global Network Operations. And that task force got one level of
intelligence and could see one part of the network.
Operating on the other side was the Joint Functional
Component Command-Net Warfare, trained at a different level
with different intel insights at a different classification
level, same network, two organizations. And if you are
operating at the National Training Center, you wouldn't have
the defensive team out there defending and then take them off
the field and run out with an offensive team. It is the same
team.
And so the good thing that we have done here is we have
brought those two together, merged those, and I think that is
key to the success here. We need that to operate as one team.
The offense and defense cannot be different here, because
these operations will occur in real time. And I think we have
to be prepared to do that. It is not time to say, oh, this is
your mission and you are on your own.
It is also experience that we have seen in some of our red
team and blue teams of what is happening in our networks. And I
think that is a--a huge and a positive step and goes
significantly towards providing better support to the COCOMs.
Mr. McKeon. Thank you very much.
Thank you, Mr. Chairman.
The Chairman. Historically speaking, we, you, are ahead of
those examples within the military, particularly the Army, at
the creation of a new system. The beginning of the Army Air
Corps was not fully appreciated or understood in its initial
foray into the military.
I think the same can be true in transferring the cavalry
into the tank corps. That was not fully appreciated. But I
think we do appreciate this new challenge. And we are up to the
task, it appears.
I would like to ask you, what do you need from Congress? It
is our duty, as you know, under the Constitution to provide and
raise and maintain the military. What do you need from us at
the inception of your command, which will be a long and
historic command, long after everyone in this room passes from
sight? So what do you need to get you off to a good start,
unlike the cavalry going into the tanks and that flying machine
of yesteryear?
General Alexander. Chairman, two things go through my mind
when you say that. One, I hope that is a long time. And, two,
somebody offered me some great courses. Now I know what they
were talking about.
With respect to--to cyberspace, I think there are two
things that we need your continued support on. First, in terms
of resources, we need the continued support of Congress and the
resources that the department is putting forward for the
component commands that we have here. It is going to have to
grow. Each of them are looking at this and addressing that, and
we will need your continued support to make that happen.
And the second is authorities. Right now, the White House
is leading a discussion on what are the authorities needed, and
how do we do this, and what will the team--the Defense
Department and Cyber Command is a member of that team--how will
that team operate to--to defend our country?
What they will look at across that is, what are the
authorities? What do we have legally? And then, given that,
what do we have to come back to Congress and reshape or mold
for authorities to operate in cyberspace? We would solicit your
support on that, when that is brought forward from the White
House.
The Chairman. Would you please describe for all of us the
threat environment as you see it? And I know that is a complex
answer, but would you do your best to describe the threat
environment that you face on a daily basis?
General Alexander. In an unclassified forum, let me give
you the threat in these three broad--broad areas. Going back
over time, since the--the inception of the Internet, as it
were, probably the key thing that we have seen is hacker
activity and exploitation. That is where someone comes in and
takes information from your computer, steals your credit card
number, takes money out of your account. We have seen that go
on, and that endures. And it is perhaps the most significant
form of the threat that we see today, not just stealing our
intellectual property, but also our secrets in other parts of
our networks.
The concern, though, is if you go to 2007, Estonia was the
first time that a nation-state was attacked in cyberspace. And
so we see a shift from exploitation to actually using the
Internet as a weapons platform to get another country to bend
to the will of another country. While it is hard to attribute
that to a nation-state, you can see it did happen when two
nations were quarreling over political issues.
That followed, again, by more attacks in 2008 into Georgia.
Those were disruptive. And let me describe disruptive. I have
four daughters and 12 grandchildren, so you are driving the
vehicle with all these kids in the back, and you are trying to
talk to someone in the front seat, and they are all talking
real loud. It happens occasionally. That is a disruption. When
they finally quiet down, you can talk again.
A disruptive attack prevents you from doing your business
for the time being, but is normally something that you can
recover from and then go on and do your business.
What concerns me the most is destructive attacks that are
coming. And we are concerned that those are the next things
that we will see. And those are things that can destroy
equipment, so it is not something that you recover from by just
stopping the traffic. It is something that breaks a computer or
another automated device and, once broken, has to be replaced.
That could cause tremendous damage.
In the department's concern, if that were to happen in a--
in a war zone, that means our command-and-control system and
other things suffer. We have got to be prepared for that, both
from a defensive perspective and then to ensure that the enemy
can't do it to us again, so full operational capability.
The Chairman. General, you have the four service commanders
seated behind you, and thank you for introducing them a moment
ago. Would you tell us how they are supposed to interact with
your command?
General Alexander. The way--the way we have worked this to
date is to set this up in the following manner, our first--what
I will call our first version 1.0. When we look at what is
going on globally, if there is a global cyber action against
our department, the question is, how are we going to organize
our forces? And what we don't want to do is say, well, the Navy
will do Navy, and the Army will do Army, and the Air Force will
do Air Force.
What we have come up with is we need to set up a joint task
force or, in this case, perhaps a joint cyber ops task force,
and that cyber ops task force would work with Cyber Command,
but go forward to work with the combatant command to present
forces from all the services to meet in operational mission.
And then let us train as a first step how each of those forces
would do that, what we would do for PACOM [Pacific Command],
CENTCOM [Central Command], EUCOM [European Command], SOUTHCOM
[Southern Command], and NORTHCOM [Northern Command], if
required.
So what we are trying to do is organize that as a joint
force so that in each case you would have folks from each of
the services supporting that. Rather than having three services
providing that to a combatant command, have it one, a cyber
task force.
You--many make an analogy similar to the way SOF forces are
presented, special ops forces are presented. I think that is a
close analogy and probably something that we will get to. So
that is how we are organizing it. And now what we are doing is
working with the combatant commands on specific plans to see,
do we have the force structure to meet what you would require
in that plan? And if not, what force structure do we need? And
use those force structure requirements to drive the growth that
we would have in each of our components.
So that is a long-winded answer to get to it, but it is
organizing in a joint force to accomplish those missions. I
think that is the best thing for the department and our Nation.
The Chairman. Thank you.
Mr. Ortiz.
Mr. Ortiz. Thank you, Mr. Chairman.
And thank you so much for--for what you do to keep our
country safe and strong.
I mean, this seems to be like you have got to get very
skilled people to work for you. I mean, how do you recruit them
or how do you train them before you get them to work for you?
And do you feel that you have enough staff to do what you have
to do?
And my next question would be, I mean, if they were to
disrupt and conduct an attack where you lose all kinds of
communication, is there any way for a backup system?
General Alexander. Let me answer this, first, with the
recruit, train, and I will just add in retain. I think this is
one of the key issues that we are looking at right now: What is
the--if you will--the calculus for retaining this high-end
talent?
Well, when we send them through school, they go for two
years. It would be my preference that they don't cycle through
their jobs as we would normally do in the military, but keep
them in place longer.
My initial assessment is all the service chiefs and
combatant commands see it similarly. We are going to need to
keep people in place longer and to retain them. We are getting
a lot of good folks. You know, I will tell you, it is a
privilege and honor to see the great folks that we are getting
in there. The key is, how do we retain them? Because everybody
wants good people.
And so I think the bonus systems and other things are ones
that we have to look at. That is yet to be done to ensure that
we retain that right force.
Enough staff, I think we have enough staff. I think the
staffs are, at least for right now, the right size. I think
that first priority, grow the cyber force and cyber operators,
make sure we have enough to meet those emerging combatant
commander requirements. So I would focus on getting the forces
that we need, then come back and re-address the staff one more
time later, but I think we have got enough.
Now, hopefully my staff is not tuned into that right now,
but I think that is true.
And your last question was, if they conduct an attack on us
in cyberspace, do we have a backup system? So there are things
that we have to look at in that area, whether it is a backup
system or other options that--that would allow us the agility
to maintain our command and control are things that we have to
look at.
We are looking at those. We are coming up with, I think,
some tremendously innovative things that I would prefer not to
put out here right now, but I think it will provide exactly
what you are asking for, that kind of agility for the command
and control of our forces abroad.
Mr. Ortiz. I know there is a lot of Members here, and I
don't want to take too much time to allow other Members to ask
questions. Thank you, Mr. Chairman.
The Chairman. Thank you.
Mr. Conaway.
Mr. Conaway. Thank you, Mr. Chairman.
The--in the open source press, a major disruption drove a
task force--a deal called Operation Buckshot Yankee. Can you
visit with us a little bit about what that was and what impact
it had on the way you looked at the plans that you had in place
up until that point in time when that happened?
General Alexander. Thank you, Congressman. Yes, Operation
Buckshot Yankee, a foreign adversary using an air gap jumping
tool, had gotten some malicious software on to our classified
networks.
Mr. Conaway. Would----
General Alexander. The way that happens is, if you use a
thumb drive or other removable media on an unclassified system,
the malware would get on that removable media, ride that
removable media over to the other system. And so think of it as
a man in a loop wire, and so a person could be taking
information they needed from an unclassified system, putting it
onto a classified system, and so that software would ride that
removable media and go back and forth.
It was detected by some of our network folks within the
advanced network ops, our information assurance division at
NSA. When we brought that forward, it caused a couple things to
happen.
As I mentioned earlier, first, it became clear that we
needed to bring together the offense and defense capabilities.
And so Global Network Ops was put--Joint Task Force-Global
Network Ops was put under my operational control in--within a
month of that happening. And I think that started to change the
way we look at this.
And then the Secretary of Defense set in motion the next
step, which was to set up Cyber Command as a sub-unified
command. And I think both of those are the right things to do.
What it does is it gets greater synergy between those who are
defending the networks and what they see and those that are
operating in the networks abroad and what they see and bringing
that together for the benefit of our defense. I think that is
exactly what the Nation would expect of us.
Mr. Conaway. Okay. And you used the phrase air gap. That is
the thumb drive that was----
General Alexander. Right. So when a thumb drive goes from
one computer, and when it is unplugged, now we call that the
air. And then when it gets plugged in----
Mr. Conaway. Okay. Talk to us a little bit about your--the
dual hats you wear, Cyber Command and heading--still heading
NSA. I suspect I know what you--the end is--but can you walk us
through how you are going to make sure both get your undivided
attention?
General Alexander. Yes. Well, I--well, I guess the initial
quip was, I will work twice as hard. But the reality is, in
cyberspace, that is--that is where NSA operates and has
tremendous technical expertise. It has our Nation's expertise
for crypto-mathematicians, for access, for linguists, for
everything that you would need to operate in cyberspace.
And what the Secretary said is, we can't afford to
replicate the hundreds of billions of dollars that we put into
NSA to do another for Cyber Command and then another perhaps
for DHS [Department of Homeland Security] and others. Let us
leverage what we have and bring that together.
And so by bringing these two together, we have actually
accomplished that goal. Now, they--they have and operate under
separate staffs and under different authorities, as you know.
And so under the Cyber Command, the thing that has helped, I
always had, since I have been the director of NSA, the
additional duty as the Joint Functional Component Command-Net
Warfare, so I had that job. What I didn't have was the staff,
the--the horsepower and the staff that I have now, so actually
that helps us.
And I think you can see the momentum picking up with that
staff and the staffs of the folks behind us. When you bring
this much talent to the problem, we are going to make progress,
and we are. So I think that is a very good value added.
And I will tell you another thing. We have two great
deputies. The NSA deputy, Chris Inglis, is one of the best
people I have ever worked with. And on the cyber side, we have
now Lieutenant General Bob Schmidle, Rooster, absolutely the
same type person, just extremely competent, great to work with,
a team player. And together they are forming the right team,
and I think our Nation will benefit from that.
Mr. Conaway. Thank you for that. Let me follow up on--a
little bit of what Solomon was saying. Our enemy for the most
part is, you know, 14- to 25-year-old, you know, really bright
folks who are off the reservation. To counter those, can you,
in fact, attract and do the standards of personal conduct,
background, and everything else that you have to have in order
to allow them access to our secrets? Are there enough folks out
there who are not tainted by, you know, previous conduct that
you can still get into the system so we can take advantage of
them and they can man these slots that you are forming?
General Alexander. We are having great success to date,
that if the economy were to pick up, that might change that
calculus. But right now, we have great success in hiring, great
outreach. We are getting great people.
In fact, on the NSA side, one of our positions, we had 800
applicants. And, you know, so when you look at that--so we are
getting a great number of folks.
I think the real key goes back to an earlier question. So
once you got those great people, now you are going to say, so
how do you keep them? And I think it is by the job we do, by
the leadership of the folks behind us, and how they lead and
train those and the missions that we have.
If it is exciting, you know they will stay. And if we pay
them right and take care of them, I think we will keep these
folks.
Mr. Conaway. Thank you, Mr. Chairman. Yield back.
The Chairman. Mr. Taylor, please.
Mr. Taylor has asked that Mr. Kissell be called upon in his
stead.
Mr. Kissell.
Mr. Kissell. Thank you, Mr. Chairman. I thank the gentleman
from Mississippi for yielding.
And, General, thank you and your staff for being here
today. It is a very important issue. And I want to follow up
the question a little bit more to what my colleagues have
already asked about the recruitment of personnel.
In the recruiting of people to come in and be part of your
staff, do they then work as civilians and not--not traditional
military?
General Alexander. We have a combination of both military
and civilian.
Mr. Kissell. Okay. And--and--and taking that a little bit
further, how do we test our system in terms of bringing people
in and--and having self-inflicted attacks? How do we figure
out, you know, where we think we are safe and by bringing
people in to test it and--and having somebody who is capable to
come in and test that type system?
General Alexander. That is the great part, Congressman,
about bringing together that offense with defense. The red
teams, our red teams, our advanced network ops, are constantly
doing that, hunting, checking our networks. It is something
that we are going to have to grow.
I think one of the key things that we have put on the table
is what I will call hunting on our networks for adversaries
that are there. You are always going to have to do it. And that
creates it from a more static capability to a more dynamic,
because you are actually looking for something that is going
on.
And, for example, if you had a bank and we set up a
perimeter defense and then left every night, and every morning
once a week we would see they got in there, so we keep changing
the defense, that would be static. But now if we had a roving
guard there waiting for people, trying to stop them, that would
be more like the active defense that we are looking at in the
future. I think we have got to do both.
Mr. Kissell. And we know that the civilian side of cyber
defense is--is--is certainly not what we have in the military.
How does that affect your efforts to compensate for, to--to get
around whatever the situation may be, the inadequacies in the
civilian side? What does that mean for you guys?
General Alexander. Well, we depend on many of those
civilian networks and infrastructure for department operations,
especially in crisis. And so our partnership with homeland
security and others to help work that is a key issue that we
are working with the Department of Homeland Security.
I think that--that team and partnership is growing. We need
to keep pushing that forward, because some of those networks,
those capabilities have to be there in crisis for our country.
Mr. Kissell. What about outside of government? You say
industry--the greater civilian world. Does their--their lack of
defenses in so many places, does that hamper what you are
doing? Or is this something you work around?
General Alexander. Well, I think there are two--two parts
to that. One is, I think industry also recognized the issues
here and are trying to step forward, but we have to partner
with industry, and I think it has to be a partnership. I think
DHS has to be in that construct of that partnership.
The reason, much of the infrastructure that we have is
owned by industry, that we operate on is owned by industry, and
they have tremendous technical talent. We have to bring those
together with what the government knows from a threat
perspective and the tactics, techniques and procedures that we
develop for operations.
And we have to bring both of those together and ensure that
those are right. That is part of the discussion that is ongoing
right now that will eventually result in, ``Here is how the
team will operate,'' that would result in the request for
authorities that I think the White House will--is working now
to bring forward.
Mr. Kissell. Thank you, sir.
And thank you once again to the gentleman from Mississippi.
And thank you, Mr. Chairman.
The Chairman. Mr. Coffman, please.
Mr. Coffman. Thank you, Mr. Chairman.
I am--I am wondering, General, if you could review for us
just for a minute--you mentioned 2007, the--the first cyber
attack on Estonia. Where did that come from? What were the
ramifications of that, that attack, in terms of the disruption?
General Alexander. Absolutely. It is in open press, a lot
of this, so I will give you the gist of it. And I know the--the
reporters will get this more accurate.
But in May of 2007, there was a Russian statue that the
Estonians were going to take down, a big political discussion
between Estonia and Russia. Hacktivists from Russia appeared to
attack it, and from around the world different computers were
brought into play to send spam e-mail, a distributed denial-of-
service attack, on much of the government of Estonia's
infrastructure, making it almost impossible for their banks to
do business internally and, for sure, externally to Estonia
caused tremendous damage and has resulted in them building a
cyber capability themselves.
So a huge problem, and it was all around that political
issue. Attribution, saying specifically was this caused by one
nation-state or another is difficult and not something that we
have.
Mr. Coffman. Okay, thank you, General. The--how would you--
in terms of the threat assessment--and I think you have
described what the--what the tactical measures are, in terms of
threatening our infrastructure. But could you, in terms of
evaluating the peer competitors of the United States, in terms
of their threats in cyberspace, how would you evaluate them?
Let us say China, Russia. Who are the peer competitors of the
United States that threaten us--that potentially would threaten
us?
General Alexander. That is a great question, Congressman,
because in cyberspace, it is not so much necessarily the--the
size of the country as it is the idea of the person who is
creating the software.
I think there are a number of countries out there that are
near peers to us in cyberspace, and hence the concern. This is
an area that--that others can have an asymmetric capability and
advantage.
And there are two parts to that question, if I could just
add an extension to it, is, first, we think about nation-
states, but just given that part of the discussion, the non-
nation-state actors are also a concern. And then if you look in
this, in this area, when people create tools, cyber tools, the
unintentional distribution of some of those tools can cause the
most problems. We have got to be prepared for all of that, for
these nations that are out there.
And we are not the only smart people in this area. There
are others that are just as capable of us and in some areas
perhaps more capable. And so we have to ensure across that
board that we cover that spectrum. China, Russia, and you can
just go around the world and pick--most of the modern nations
have capabilities that I think many could argue are near to us
and in some areas may exceed our capabilities.
Mr. Coffman. General, who--who would exceed our
capabilities?
General Alexander. Well, it depends on the area. So if you
were to--if you were to build a--a--a whole suite of tools--and
if you go back to the 1950s, you know, it was a discussion
about the different capabilities of us versus Russia, Russia
had power capabilities over us in some areas, actual electrical
power and the development of power engines and some
capabilities, and we had it in perhaps the computer and some
other areas.
We are going to see in the tools, the development of tools,
one country may be the best at developing worms or viruses.
Another may be the best at developing tools for exploitation
that are stealthy. We don't see them. Another country may be
the best at developing tools that can attack certain specific
systems, because they see that as in their national interest.
And so our concern, my concern in answering this--and I
think what we as a Nation have to look at, is you have to cover
that whole spectrum to protect our country. And so what we have
to do is--we are not going to be--we have to recognize that,
first, there are other smart people out there, and that is why
we have got to take this so serious. It is an asymmetric
advantage that some could have over us, and we have got to put
that defense up.
Mr. Coffman. Thank you.
Mr. Chairman, I yield back.
The Chairman. I thank the gentleman.
Mr. Reyes, please.
Mr. Reyes. Thank you, Mr. Chairman.
General, good to see you, and thank you for the work that
you are doing in this very critical area. I think it is--it is
great news that we are getting the kind of talent that we know
we are able to attract, and certainly getting 800 applicants
for the position that you referenced is good news.
But I have got--the--the question I have is, you are
dependent on all the services to provide you the personnel with
these skills. And I am just curious, do you--do you think that
all the services are--I guess, first of all, at the same level,
in terms of attracting and providing for opportunities as a
career in cyber, for--for their respective personnel? Do you
think they are all at the same level?
And the second thing is, are there any concerns that you
have--since you are dependent on them--that you have--you have
expressed to the other services about this issue? It seems to
me you are--you are dependent on their ability to give you that
kind of support.
General Alexander. I am optimistic that we will get the
force that we need. We are pushing on the services to go faster
to bring those forces in. And the issues that we have talked
about--how do you not only recruit some of these, but how do
you retain them? And in what--in what mix do you bring them in?
Are they all military? Are they military-civilian? How do we
add those mixes in? And how do they complement other actors
that we have within NSA, the I.C. [Intelligence Community], and
other elements of DHS, as an example? How do we bring all that
together, are parts of the discussion.
If I were to tell you my greatest concern, it is moving
fast enough to provide a capability to defend our networks in
time if a crisis were to occur. We see that as our number-one
mission: Be ready.
And right now, we--we have to build that force to get
there. That is going to take some time. We have some force
structure. The services have leaned forward on that. They are
presenting some capabilities. We are moving down that road.
It doesn't--you don't instantly create a cyber actor or a
cyber operator. It takes time. Some of the training programs go
18 months. And so even if we had 100 or 1,000 more today, we
would want to send those through training.
Some of the discussions the service chiefs have had with me
is, can we do on-the-job training for some of these folks that
are pretty smart, put them in this area, and give us an
increased capacity earlier, and then send them to a training
program, a formal training program as we bring in others? We
have got to look at all of that.
Mr. Reyes. In the context of the threats that you just
mentioned, we are focused mostly on attacks from other
countries on our--through the--via the Internet. I am
concerned, given the case of Private Manning and--and the
WikiLeaks case, as well, about attacks within, you know--in
other words, people that have access to our systems that
deliberately either steal information from our secure systems
or, in some cases, may be enemy agents that have access to
them.
What--are you concerned about that? What are--what are we
doing about that? And how can we--what can we do to minimize
those kinds of concerns?
General Alexander. Congressman, I am--I am concerned about
it. It is an issue. I do think we have some ideas on how to
address that, some of which we have already implemented, some
that will need to be implemented as we transition to a new
architecture. I think both of those will help address that
problem.
There is always going to be concern about an inside actor
and, I would just add to it, supply-chain issues. Both of those
are going to be key things that we are going to have to look
at. Knowing that those are issues will help us in the
development and planning of our future systems, and I think we
have got to address those with our eyes wide open.
It is always going to be a problem. There are things that
we can do to mitigate it. We will never solve that 100 percent.
Mr. Reyes. Thank you. Thank you, General.
Thank you, Mr. Chairman.
The Chairman. I thank the gentleman from Texas.
Mr. Wilson, please.
Mr. Wilson. Thank you, Mr. Chairman.
And, General, thank you very much for your service. I am
very grateful that our colleague, Congressman Roscoe Bartlett
of Maryland, for years has raised the concerns about cyber
warfare and how this could affect the American people. And I
appreciate your efforts to protect the American people.
Throughout my time in Congress and as the ranking member of
the Military Personnel Subcommittee, I have had the opportunity
to meet and hear from many wounded veterans. Many are eager to
return to the fight. It seems to me it would be in the best
interests of the Department of Defense to retain these
individuals and their knowledge and their experience.
With that said, are there any efforts being made to retrain
wounded warriors within the Cyber Command? If not, would that
be a potential option?
General Alexander. We do have within the services and
within NSA a program to--to hire the wounded warriors, and we
have brought some onboard that are operating either in this or
one capacity or the other. That is a great point.
I would just like to emphasize, we can use these soldiers,
sailors, airmen and Marines. They have tremendous capability,
and they present a credible operator for the rest of the folks
to see. So it is a huge step forward. And we have brought a
number on board.
I think we could do more on that. We need to work with the
services on that, and we are.
Mr. Wilson. And I have seen it firsthand. I was visiting at
Landstuhl, and a young lady had lost both legs. And her--within
48 hours, her comments were, ``I want to be back with my
buddies.'' And so people do want to serve. And so I can see
what you are doing is giving a great opportunity for very
talented people who want to serve our country.
There has been concern of personal liberties and privacy
being compromised with regard to cybersecurity. As a command,
what will you do from a process perspective, as well as
technological perspective, to ensure privacy and civil
liberties are protected? Is there anything Congress can do to
assist you in your efforts?
General Alexander. That is a great question. Thank you,
Congressman, because I think two parts to this. One, we have a
responsibility to protect the civil liberties and privacy of
the American people and of our people. That is non-negotiable.
Constitution, that is what we are there for. We have to do
that.
Now, there are two issues with this. One, transparency.
What can we do to show you, Congress as an oversight body, what
we are doing and the American people? And, two, how do we also
help ensure that what they understand is accurate?
Because a lot of people bring up privacy and civil
liberties. And then you say, well, what specifically are you
concerned about? And they say, well, privacy and civil
liberties.
So is this system--are you concerned that the anti-virus
program that McAfee runs invades your privacy or civil
liberties? And then answer is no, no, no, but I am worried that
you would. And so now we are--so let us explain what we are
trying to do to protect the department's systems.
And I think that is where Congress, the administration, the
department can work together to ensure that the American people
understand exactly what we are doing and how we are doing it.
That is part of the transparency that I think needs to be put
on the table.
What we can't do, we can't say, ``Here is a specific threat
that we are defend against and how we are defending against
it,'' because the adversary within three days would be able to
work around it. So it is those--those two things. That is a
very important issue, I think, that we have to confront now and
fix.
Mr. Wilson. And for the health and safety of the American
people, such as electrical grids, you mentioned the banking,
commerce system of Estonia, all of this is--is so important.
A final question. Your activities fall under Intelligence
Title 50, Attack Title 10, and Law Enforcement Title 18. How do
you balance these legal authorities?
General Alexander. Well, for the--for the Title 10, they
operate under the CYBERCOM hand. Cyber Command operates under
Title 10 authorities to this committee, the House Armed
Services Committee.
NSA, we operate under Title 50, intelligence authorities
under the House Permanent Select Committee for Intelligence,
and we have in our staffs the legal teams to ensure that we do
these exactly right. And so any operations that Cyber Command
does, defensively we have the standing rules of engagement laid
out there, and any other operations that we would do would have
to be done under an execute order through the Secretary of
Defense to the President.
Mr. Wilson. And--and, again, thank you very much for your
service and commitment to our country.
And I yield the balance of my time.
The Chairman. I thank the gentleman.
Mr. Critz, please.
Mr. Critz. Thank you, Mr. Chairman.
And thank you, General, for being here. Fortunately, in my
part of the world, in western Pennsylvania, we have Carnegie
Mellon University, and they have the CyLab, and they do a lot
in cybersecurity. And we have been talking about this quite a
bit.
And one of--one of the issues that seems to come up--and it
seems like you have explained it--within the military, that we
can be stovepiped in how we accomplish or how we do things. And
it is good to see the different services working together, but
I would be curious to hear how you are partnering or how you
are working with not only private industry, but with the
educational institutions out there that have expertise so that
we are working cohesively, because I would assume that many of
the threats are very similar.
General Alexander. That is a great--a great question,
because the universities, academic institutions, labs, industry
are key partners in all of this, and we do have to reach out.
And we reach out in a couple of ways.
As you may know, from an information assurance side, both
we, NSA, Department of Homeland Security, and the department
run a program, an education program that helps the
universities. Here is a set of criteria for getting an
information assurance degree, and we work with those
universities, over 100 now, in doing that. I think that is
absolutely the right thing to do.
And as we said earlier, we are not the only smart people in
this area. In fact, many of us would argue, heck, our industry
partners have tremendous capability, so partnerships with them
makes a lot of sense. And setting up groups--and this is where
Howard Schmidt, the White House coordinator, comes in and
Homeland Security to bring these teams together. I think that
is crucial, bringing all of the players together, industry,
academia, and government, to solve these problems.
Mr. Critz. Well, thank you--thank you very much. And you
mentioned about the 250,000 attacks per hour. I think that was
the number you used. And certainly that happens in industry, as
well. In fact, some statistics show that patches to anti-virus
can be re-engineered or reverse-engineered within moments,
actually, as the patches come on board, so it is a major issue.
You mentioned about the--the thumb drives, how they carry
viruses around, and certainly it is an educational process.
I have noticed, or have read about a culture shift that has
been mentioned within the military. And I would be curious to
hear your--your description of this culture shift and what it--
what it really means.
General Alexander. So we--we actually hit three parts that
came out of that Operation Buckshot Yankee: culture, conduct
and capability. On the culture side, it was getting commanders
to understand this is commander's business. This isn't
something that you say, ``I am going to have one of my staff
run.'' This is commander's business.
Commanders are responsible for the operation of their
command, and this operational network is important to them. So
the big jump first part was commanders have a responsibility.
The second part is understanding the responsibility to
actually conduct the patches that you brought up, because if
you don't fix the patches, as you rightly stated, an adversary
sees a problem, within minutes of that problem being out there,
they have a way to hit a system with that vulnerability that we
are trying to patch.
If you haven't done the patch, you have a vulnerability
that somebody will probably exploit. And if you don't do those
patches on time, you risk not only your system, but the whole
network. So getting those right and ensuring that commanders
know that it is their business to do that, that has been the
greatest cultural things that we have pushed forward in the
military. Tremendous--tremendous jumps in from where we were
two years ago to where we are today.
Mr. Critz. Well, thank you. And my final question is--you
know, how can the Department of Defense be more proactive,
rather than reactive, in the dot-mil domain mode of cyber
defense, by incorporating the assurance, the resilience, and
the performance?
General Alexander. I think--I think the first step is, we
have to look at the way we do business and the way our networks
operate and, like industry, take that construct and see if
there isn't a better model, a more efficient, a more defensible
model, something that would be harder for our adversaries to
penetrate, and that would provide equal or better command and
control.
It is coming in the commercial side. You can see this with
your iPad, your iPhones, the new technology, computing on the
edge, all these things, cloud computing. Now we need to look at
that. Is there opportunities now for the department and the
government to use in creating more secure networks? Industry,
academia, and government are all looking at this. We have got
partners at all of those helping.
Mr. Critz. Thank you, Mr. Chairman.
The Chairman. Thank you.
Mr. McKeon, please.
Mr. McKeon. Thank you, Mr. Chairman.
General, does Cyber Command have the mandate to support
General Petraeus in Afghanistan by denying and disrupting Al
Qaeda and the Taliban's use of cyberspace? Do you have the
necessary authorities to carry out this function?
General Alexander. We have actually deployed an
expeditionary cyber support element to Afghanistan to support
General Petraeus. I did not want him to beat me up for not
doing that.
And we have a responsibility to help them protect their
networks, the Afghan Mission Networks. We are working as part
of a joint team--because the services actually will implement
that--we are ensuring that the capabilities put into that
network are defensible in helping to set that up.
We are not where we need to be in terms of setting all the
things in place, but we have come a long ways. And I think we
are making progress in that area.
If you were to ask what is the--the real issue that--that
we need to address, it is ensuring that the evolving Afghan
Mission Network is defensible, up and--up and operating,
because it is going to cover a number of countries that are in
Afghanistan.
Mr. McKeon. Thank you.
The Chairman. Mr. Langevin.
Mr. Langevin. Thank you, Mr. Chairman.
General, welcome. Thank you for your great service to our
Nation, your presence today. Again, you have had an outstanding
career, and I look forward to supporting you in your new role
as head of Cyber Command.
Cybersecurity, as you know, has been both a personal and
professional interest of mine for--for several years now. Since
serving as chairman of the Homeland Security Subcommittee with
jurisdiction over cybersecurity, I have certainly paid very
close attention to the cyber threats that are facing our
government, our military and our citizens, and the
vulnerabilities that have yet to be addressed.
I was certainly pleased to include an amendment in the
fiscal year 2011 Defense Authorization Act that would enhance
our efforts to secure our Federal networks and coordinate U.S.
resources. And I certainly strongly support the department's
moves right now to coordinate its efforts under your new
command, and I believe that they found a real expert to lead
this new initiative. And, again, I look forward to supporting
you in your work.
General, I want to ask you a direct question. If we--the
Nation were to endure a major cyber attack right now, could you
defend the Nation against that attack? Do you have the
authorities to defend the Nation against that attack?
Obviously, we are talking about the whole of our--our cyber
critical infrastructure.
As I have said--I know--because the President in his major
address on cybersecurity, the first major world leader to--to
make a major address on cybersecurity, said that our--our cyber
assets, our critical national asset--will defend and use all
assets of national power to defend it.
But my question is, again, to you. Could you defend the
Nation right now against a major cyber attack? Do you have the
authorities that you need?
General Alexander. First, Congressman, thanks for your
great support in all the cyber areas and all that you have done
over the past years on this. It is been tremendous, and we
appreciate it.
To answer your question directly, it is not my mission to
defend today the entire Nation. Our mission in Cyber Command is
to defend the Defense Department networks. And as if we are
tasked by either the Secretary or the President to defend those
networks, then we would have to put in place the capabilities
to do that. But today, we could not.
Mr. Langevin. And what would you need to do that, General?
General Alexander. I think this is what the White House,
Congressman, is actually looking at, is how do you form the
team to do the mission that you are--that you have put on the
table? How do we develop the team between Department of
Homeland Security, FBI [Federal Bureau of Investigations],
Cyber Command, and others to work as a team to defend the
Nation in cyberspace?
And in that, what are the roles and responsibility of each
member in that team? And then let us walk through in a war
game--my words--how that would work? And ensure that everybody
has the exact authorities and capability to do what needs to be
done to protect the country.
Those are the steps that we are going through. It is under
the leadership of the White House right now. Howard Schmidt and
his folks are leading that to look at this. We get to
participate in that, to put forward our ideas on how the
country could be protected, specifically the government, the
government networks, and what I will call critical
infrastructure.
Mr. Langevin. Well, let me press you a little bit more. If
America, in fact, experienced a serious high-profile attack
today against our critical infrastructure, perhaps our power
grid, banking sector, or transportation, what are the rules for
self-defense in cyberspace? And can you walk us through how
such an attack would occur? And how would the U.S. Government
work to stop it and ensure the security of our citizens?
General Alexander. That is a great question. Okay, to be
very direct on it, if an attack were to go against the power
grids right now, the defense of that would rely heavily on
commercial industry to protect it. If commercial industry had
the signatures and the--and the capabilities in place to weed
out that attack, then they would be successful.
The issue that you are really getting to is, what happens
when an attacker comes in with an unknown capability? That
unknown capability would have the ability to shut down either
the banks or the power grid if it got through.
So to defend against that, we need to come up with a more,
in my terms, a more dynamic or active defense that puts into
place those capabilities that we would need to defend in a
crisis.
That is what we are working right now in the department to
do to ensure that that works and working, actually, closely
with Department of Homeland Security and the White House to
show how that could be done. And they are looking at that as a
model to put in place and now trying to ensure that they have
the authority to do that, looking at how that would all be
created. And if they don't have, I think that is what they
would bring forward to you.
Mr. Langevin. Well, General, thank you. I know my time has
run out, but these are the things that keep me up, at least.
And I am very concerned about potential threats in the cyber
realm facing our Nation. And I--I look forward to working with
you on addressing these--these important challenges. Thank you.
The Chairman. I thank the gentleman.
Let me--let me ask this question before I call on Mr.
Boswell. General, where are each of the four sub-commands
physically located?
General Alexander. Right now, three are at Fort Meade--or
at least major portions of them are at Fort Meade. One, Air
Force, is at San Antonio, Texas, collocated with San Antonio,
Texas, and it will have a beachhead at Fort Meade. So I think
they are all in that enterprise that allows us that capability
to touch both the NSA portion and work together as an effective
team.
The Chairman. Thank you.
Mr. Boswell.
Mr. Boswell. Thank you, Mr. Chairman. Just very short.
Good to see you again, General. Appreciate your work very
much. If you have done it, why, I will just check the notes,
but I got here late, but could you tie on the DNI, how they fit
into this--I know as NSA you report to DNI. Tie this together
for us.
General Alexander. All right. NSA has a direct report to
the DNI for operational intelligence means. And we do that. The
DNI oversees all the threat-related collection that goes on in
cyberspace, as you would expect.
General Clapper, Jim Clapper, the director of--now for DNI,
absolutely in sync with where the department's going and has
been a huge advocate and candidate for helping put this
together, absolutely superb. I think that is going to continue
to go well. I think we are building those right pieces
together.
They understand and I understand the responsibilities that
I have under the Title 50, back to the Intel Committee, and
under Title 10, back to this committee. And I think all of
those understand it, too, and know that we are--we are doing
those right.
I think--I think, if I could, one of the things that this
gets to, this question that you bring up that is so important
for our country--note that we couldn't replicate the NSA
capabilities. And so leveraging them is going to be hugely
important.
And now, ensuring that we leverage them properly, that we
need the civil liberties and privacy--and that we are
transparent, those are going to be the keys, and where we have
got to come back to you and show you how we are doing that.
Mr. Boswell. I appreciate that. I also--we all appreciate
the investment we got in NSA, and we can't duplicate it, so
that leveraging, I think, is extremely important. There is a
lot of--a lot of need there, and it is--it is kind of the
frontier right now, as we all know. So I wish you well and
thank you for your dedication, and I appreciate those strong
words you said about the in-depth you have got in the two
staffs. We wish you well. And we will do our best to be
helpful. Thank you.
General Alexander. Thank you, sir.
Mr. Boswell. I yield back.
The Chairman. I thank the gentleman.
Mr. Johnson.
Mr. Johnson. Thank you, Mr. Speaker--I mean, Mr. Chairman,
and thank you, General Alexander, for your appearance today.
I wanted--communications, logistics and intelligence
operations conducted by the Department of Defense are to some
extent reliant upon the public Internet. Is that true?
General Alexander. Absolutely, Congressman.
Mr. Johnson. And could we fight a war effectively were the
public Internet to fail or be compromised?
General Alexander. Well, that would be very difficult.
Those specific networks that we depend on were not protected,
so I would put those in that category of critical
infrastructure, myself.
Mr. Johnson. Could we fight a war in the event the global
information grid were substantially or wholly compromised?
General Alexander. If it is compromised, I think we could--
we could fight a war. If it were destroyed, that is a different
issue. And now we would--we would be back to many years ago,
and we would have to look back, because much of our command and
control, much of our intelligence depends on that network
operating.
Mr. Johnson. Do we have a specific contingency plan in the
event that that happens?
General Alexander. That is one of the missions that we are
looking at, is how do we do that? And the I.T. [Information
Technology] architecture that I described earlier, one of the
things that we are looking at is, how do we get that agility
and flexibility to operate in those degraded environments? It
is something we have got to do.
Mr. Johnson. Are you satisfied that the various agencies
and interagency councils responsible for U.S. cybersecurity,
some of which have overlapping jurisdictions or areas of focus,
are arranged such that you can do your job efficiently and
effectively?
General Alexander. Well, I think with any new area,
Congressman, you are going to have differences of opinion. I
think that is a good thing. The team is coming together good.
Now that we have Howard Schmidt on board as the White House
coordinator, I think we are getting more folks and faster
movement within the interagency.
And it goes back to a couple of the earlier questions. We
do have to resolve some of these. The White House is working
that right now to say, whose mission is it to do which part of
this? And do we have that all right? And do you have the
capabilities and authorities to do that?
Mr. Johnson. Yes, we have--we have seen where in our
intelligence-gathering apparatus there has been silos, I guess,
built and the information does not flow freely or as freely
as--as we would like. And that certainly would be--not be a
model that we would want to adopt when it comes to
cybersecurity issues. Would you agree?
General Alexander. I agree. I think it needs to be a team.
Mr. Johnson. Are there any structural changes that you
think may accommodate that aspiration?
General Alexander. I believe in the future we are going to
need to make structural changes, but I don't know what they
would be right now. I believe that, as we look at how we are
going to operate in cyberspace to protect this Nation and the
areas that you want us to protect and the Nation wants us to
protect, we then need to look at how that team is organized,
how it operates, and the authorities upon which it operates.
That is one of the things the government is working hard on
right now. We are working our portion of it. I think what you
would then want is for those teams to come together and put
that all together, and that is where the White House--
specifically Howard Schmidt and his folks--need to come back,
lay out those authorities, and come back to you with that.
And in that, they may come up with recommendations, but I
don't know any right now that I would make.
Mr. Johnson. Much of the hardware used on U.S. defense and
intelligence networks is manufactured abroad, some of it in
China. Is that correct?
General Alexander. Yes, much of computers are put together
or--or built in other countries, and China is one of the big
producers.
Mr. Johnson. Are we confident that those hardware supplies
are not compromised? And is there something that we can do with
respect to securing the items during the manufacturing process?
General Alexander. I think there are two parts to that. One
is, as we manufacture or manufacture things to a specific
standard and have the capability to test that standard, that
would be one part. Same for software. And, two, understand that
people will always try to manipulate your system, and we have
to be looking out for that and have the capability to
dynamically look to that within our networks.
Mr. Johnson. Thank you, General. You and your associates
have a big job to do, and we appreciate you for your
professionalism and your--your strong will to win in
cyberspace. Thank you.
General Alexander. Thank you.
The Chairman. I thank the gentleman.
Ms. Shea-Porter.
Ms. Shea-Porter. Thank you very much, Mr. Chairman.
And thank you for being here. Last week, there was a
briefing that the deputy commander of Cyber Command, he
discussed an upcoming disaster response exercise that was being
planned in the Department of Homeland Security and how he was
working to make sure that Cyber Command was involved in the
exercise. It was taking some effort to make sure that he was
able to participate.
While there have been questions on integration of the
services, could you please tell me how Cyber Command is working
with other government agencies, such as Department of Homeland
Security?
General Alexander. Right. We work with the Department of
Homeland Security in a number of ways. If I could, first, we,
NSA, has a team there, a cryptologic support group, that we
depend on largely to help in this cyber area.
Two, within the department, they--our Under Secretary of
Defense for Policy has a responsibility to reach out to the
Homeland Security, and we have a direct relationship to them.
For the US-CERT, the computer emergency response teams that
they have, for their operations and ensure that information is
passed back and forth.
So if you think about it--I am--I am giving you kind of a
convoluted answer, because it actually goes on several levels.
At the high level, what the departments are doing, Homeland
Security and Defense, my opinion, the Secretary of Defense and
the Secretary of Homeland Security have a vision for how they
are going to do this and they are working towards that vision
and trying to bring it.
The staffs are working together, the department staff and
that. We fall under that department staff and take their lead.
And at the operational level, on the networks, the US-CERT
worked with our Joint Operations Center and others to ensure
that information is passed on the networks about threats and
stuff, and that works pretty good.
So at the--at the player level, that is going on, and we
are building the others to get to issues like that cyber
exercise coming up.
Ms. Shea-Porter. Okay. So you feel that you are a full
player on the field now, that everybody recognizes how
essential your mission is, and that you are well integrated?
General Alexander. I think there is always going to be--for
the near term, we are going to have to do a lot of work to
integrate, because there is issues that as--as you would
expect, of who has got the responsibility for which piece? How
do we work that? I think those issues are natural. We are
working those out.
I do--I would tell you that they know we are here, they are
working with us. I just had a meeting earlier this week--and we
had Rand Beers and Phil Reitinger there at the meeting, and we
have daily VTCs [video teleconferences] with Homeland Security
in this area.
That doesn't mean that we are not going to have issues
about how much do we play, for example, in that cyber exercise,
Defense Department issues versus Homeland Security issues, and
that is probably where you will see more friction. So how much
of each do you play? How--how radical do you make the exercise?
And----
Ms. Shea-Porter. I would say that time is our enemy on
this. As fast as we can move this integration, the better off
and the safer we will be. So thank you for your efforts, and I
yield back.
The Chairman. With no further questions, General, we are
very appreciative of your being with us today. We wish you
well. And it appears you have some excellent colleagues to work
with. And we look forward to your testimony in the future. We
are, of course, here to be of assistance to make you all the
more successful.
With that, the hearing is adjourned. Thank you.
[Whereupon, at 11:22 a.m., the committee was adjourned.]
=======================================================================
A P P E N D I X
September 23, 2010
=======================================================================
PREPARED STATEMENTS SUBMITTED FOR THE RECORD
September 23, 2010
=======================================================================
[GRAPHIC(S)] [NOT AVAILABLE IN TIFF FORMAT]
=======================================================================
QUESTIONS SUBMITTED BY MEMBERS POST HEARING
September 23, 2010
=======================================================================
QUESTIONS SUBMITTED BY MR. SKELTON
Mr. Skelton. There are a number of efforts underway, in Congress
and internationally, to better define legal norms and behaviors in
cyberspace. DOD has traditionally been on the forward edge of thinking
about these issues, so I would be interested in hearing from you about
what role do you see for your command in attempting to shape the legal
environment related to cyber operations? What are some of the pitfalls
you see in proposals you are aware of? What components should we try to
pursue more vigorously?
General Alexander. United States Cyber Command (USCYBERCOM) plans
and conducts operations fully consistent with all laws and regulations.
Our foremost responsibility in this regard is to demonstrate our
support and compliance with the law. As we conduct planning, we
undertake to determine the limitations and restrictions we face, as
well as any concerns, and continuously keep the policymakers and
decisionmakers within the Department informed. We can best contribute
to effective decisionmaking by providing quality, detailed and expert
knowledge about operational considerations in and through cyberspace.
We are aware of many low-level discussions across many organizations.
At this juncture, we are principally supporting internal discussions
sponsored by Under Secretary of Defense (Policy) (USD (P)) and the
Joint Staff. In our view, the most important perspective we can bring
to the table is a perspective informed through deep technical
understanding of the domain and based in Combatant Command (COCOM)
deliberate and adaptive planning processes. The Department, led by the
Under Secretary of Defense for Policy, is conducting a review of DOD
policies relating to cyberspace.
Mr. Skelton. What service and joint training and educational
institutions do you use now, or will you use in the future, for
developing your cadre of cyber warriors?
General Alexander. Currently, the number of fully trained,
credentialed, and certified cyber personnel, military and civilian, is
limited. Training and skills development and sustainment demands
extensive time and effort. Our most significant challenge is to ensure
that on balance, the Nation benefits from all potential talent
available. USCYBERCOM currently uses several different venues for cyber
training and education, to include:
Service-specific initial occupational training and
ongoing professional military education
Computer Network Defense Course--Fort McCoy,
Wisconsin
Information Assurance Training Center, U.S. Army
Signal Center--Fort Gordon, Georgia
Basic Computer Network Operations Planners Course
(BCNOPC)--1st IO Command
Signal Corps Cyber Security Training--Fort Stewart,
Georgia
Center for Computer Network Operations, Cyber
Security & Information Assurance within NSA Associate
Directorate for Education and Training (ADET) College of
Cryptology
Eastern Michigan University--Michigan
University of Maryland Baltimore County (UMBC)--
Maryland
Northrop Grumman Cyber Warrior course--Maryland
DOD Cyber Crime Training Academy--Linthicum,
Maryland
Joint Network Attack Course (JNAC)--Center for
Information Dominance, Corey Station, Florida
Joint Cyber Analysis Course (JCAC)--Center for
Information Dominance, Corey Station, Florida
Each of these courses provides a current foundation in requisite
Information Assurance (IA) and Computer Network Defense (CND) skills.
In addition to these Joint Service schools, agency and contract
efforts, there remain extensive opportunities with significant
potential: over 100 Community Colleges, Colleges and Universities which
are National Security Agency (NSA)/Department of Homeland Security
(DHS) Centers for Academic Excellence; Air Force Institute of
Technology (AFIT) Center for Cyberspace Research; the Naval Post
Graduate School (NPS); the Army's Advanced Civil Schooling (ACS)
program; the National Defense University (NDU) system; the National
Defense Intelligence College (NDIC); and the Advanced Technical
Intelligence Center (ATIC). The services are restructuring or
developing new technical training courses and job skills that will
potentially result in new occupational specialty codes throughout the
services that are trained at the basic level to enter the cyber
community.
Mr. Skelton. Do you have plans to carry out any significant joint,
interagency or international exercises that would test out DOD's
ability to respond to large-scale attacks against DOD computer
networks, similar to the ELIGIBLE RECEIVER 97 exercise?
General Alexander. Exercises are a well-recognized and traditional
DOD mechanism to develop and certify operational constructs. USCYBERCOM
has participated in one interagency and two COCOM exercises since May
2010. It is our intention and task to participate in a robust exercise
regime to support technical and operational concept development and
validation; and to use these exercises as a means to develop our
tactics, techniques, and procedures and identify gaps in policy and
law.
Mr. Skelton. What capabilities do you have to conduct active
network operations, such as network hunting, penetration testing and
other forms of red teaming? Do you have unmet needs in this area (in
terms of people or tools)?
General Alexander. USCYBERCOM has limited NSA and Service
capabilities to leverage in hunting, penetration testing, and red
teaming. We use Green Teams to respond to cyber incidents; Blue Teams
that provide in-depth review and resolution of cyber events and Red
Teams that emulate adversary procedures against DOD hosts to train
defenders and identify vulnerabilities for mitigation. We estimate that
current resources (NSA's Advanced Network Operations (ANO) and Service
Red Teams) can only cover a fraction of the DOD networks. Effective
hunting is absolutely essential to discovery, characterization, and
mitigation of threat activity on our networks. USCYBERCOM is working
with NSA and the Services to leverage the projected resource savings,
both in terms of personnel and money, we anticipate from planned
information technology initiatives that will enable us to recruit,
train, and field more hunting teams and develop and field automated
hunting and adversary data analysis capabilities to address this key
shortfall.
Mr. Skelton. In your testimony, you mentioned something called
expeditionary cyber support elements. Can you explain in more detail
what these are, and what role you see them playing in future CYBERCOM
operations?
General Alexander. COCOMs and deployed forces require the ability
to leverage USCYBERCOM expertise and capabilities in planning and
conducting full-spectrum cyber operations in support of their assigned
missions. To directly support both Combatant Commanders and Joint Task
Force Commanders, USCYBERCOM has created two complementary support
elements--the Cyber Support Element (CSE) and the Expeditionary Cyber
Support Element (ExCSE). Both are assigned to USCYBERCOM, but the CSE
is with duty at the Geographic COCOM headquarters, and the ExCSE is
deployed on orders to a Joint Task Force Commander located in an Area
of Hostilities.
The CSE supports the Combatant Commanders at their headquarters
through liaison, planning, and operations support primarily at the
Directorate of Operations, or J3 level. However, the CSE is empowered
to develop relationships and capabilities across the Combatant Command.
The CSEs have played innovative and complementary roles within the
COCOM Directorates of Intelligence (J2) and Directorates of Plans and
Policy (J5). To enable their effectiveness, the CSE has full reach-back
support to USCYBERCOM headquarters and the NSA Enterprise.
An ExCSE consists of a team of experts deployed to an active Area
of Hostilities to enable, implement, integrate, and execute cyber
operations. Currently, USCYBERCOM has two ExCSEs teams deployed--one in
Iraq and one in Afghanistan. The teams consist of five personnel: a
team chief (lead planner), a cyber attack planner, a cyber defense
planner, and two analysts (cyber and intelligence). USCYBERCOM embeds
these teams within the supported Joint Task Force headquarters
(typically J3 Directorate--Operations) to enable the delivery of cyber
effects in support of the commander's priorities.
The size, composition, and role of an ExCSE team is scalable
depending on mission requirements. For example, in Iraq and Afghanistan
the ExCSEs provide cyber expertise directly to the deployed
headquarters' planning effort while coordinating the delivery of cyber
effects through USCYBERCOM headquarters and interagency partners. In
future conflicts involving full-scale operations against sophisticated
cyber adversaries, the ExCSEs will scale to meet mission requirements.
The ExCSE teams will continue to coordinate for global effects through
USCYBERCOM but will also play a key role in coordinating planning,
direction, and execution of cyber operations through an in-theater
Joint Cyber Operations Task Force (JCOTF).
Mr. Skelton. The Committee appreciates the complexity of
coordinating cyber operations in various Service, Agency, interagency,
international and non-governmental organizations geographically
dispersed across the world. To deal with that challenge, what tools,
technologies, processes or procedures do you have in place, or are
planning, to facilitate collaboration across the full range of cyber
operations?
General Alexander. Success in the cyber domain does demand
coordination amongst all entities listed in the committee's question,
and in fact requires close interaction and cooperation with academia
and industry. USCYBERCOM has ongoing interaction/collaboration with all
of these entities and leverages NSA's existing relationships.
Additionally, to continue building essential collaboration, USCYBERCOM
is exchanging co-located liaisons and increasing leadership
participation in interagency groups (existing and planned); information
and data exchanges to build shared situational awareness; cooperative
exercises and planning efforts; periodic synchronization conferences;
and development of an Integrated Cyber Center.
______
QUESTIONS SUBMITTED BY MR. MILLER
Mr. Miller. The cyber domain has become a formidable, dangerous
``fourth'' domain in which warfare is not simply expected to occur but
indeed is occurring. Numerous sources tell us, including the DOD, that
the threat is tremendous to U.S. intellectual, utility, and financial
infrastructure. We see reports every day where other nations,
organization and, at times, individuals ``attack'' some aspect of
American society whether it be governmental organizations, civilian
organizations or even individual citizens. It would seem most of the
work the services are involved in appears to only provide defense of
the Department's IT network and specifically for their own service.
Although this is important, should the Department be involved in the
defense of the Nation's networks as well? I certainly understand there
will be legal challenges that will need to be addressed, but are we
exploring the concept of national cyber defense and not simply DOD
defense.
General Alexander. As exemplified by the 27 September 2010 DOD/DHS
Memorandum of Agreement Regarding Cyber Security, the DOD is actively
working with U.S. Government (USG) Departments and organizations (e.g.
U.S. Computer Emergency Response Team, Department of State, Department
of Energy, Department of Justice, and the Director of National
Intelligence) to collaborate and synchronize shared situational
awareness, actionable intelligence, and operations to enhance
cybersecurity for the Nation. Under authorities granted to USSTRATCOM,
USCYBERCOM exercises its Title 10 missions, roles and functions in
accordance with U.S. laws, policies, and regulations. The authority
delegated to USCYBERCOM extends only to operate, defend, and when
directed, conduct full-spectrum operations for DOD or ``.mil''
networks.
Mr. Miller. I'm concerned that as each service builds its own cyber
entities, there could be a divergence in interoperability and a lack of
interservice cooperation as each service grows in its own unique
direction thereby creating a pre-Special Operations Command Special
Operations type of situation. What are we doing to ensure this is not
happening and ensuring there is no duplication of effort which could
lead to confusion and ``cyber fratricide'' leading to mission
degradation? Are we achieving the basic military principles of economy
of force and unity of effort?
General Alexander. As a sub-unified command under U.S. Strategic
Command, U.S. Cyber Command is organized as a joint warfighting command
supported by Service cyber components. The organizational structure of
USCYBERCOM and its Service cyber components afford a joint unity of
effort and economy of force for the planning, coordinating,
integrating, synchronizing, and conduct of those activities in the
operation and defense of specified Department of Defense information
networks. USCYBERCOM and USSTRATCOM have established processes for DOD-
wide cyberspace operations capability development and acquisition to
ensure cooperation and interoperability for cyber offensive, defensive,
and network operations in its joint force.
Mr. Miller. In terms of domains of conflict, there is air, space,
land and sea. Cyber would seem to be a new domain. Would it be wise to
consider a service that would be solely dedicated to training and
equipping personnel for a joint commander just as the services provide
forces for their respective domains to the combatant commander? If not,
why not?
General Alexander. Among the principal challenges facing the DOD in
cyberspace is the ability to generate capacity--recruiting, training,
certifying, and retaining a sufficient number of cyber operators. The
services--Army, Marines, Navy, and Air Force have structure and
organizational identity to recruit and identify talent. The current
training regime is built to a Joint standard. The USCYBERCOM stand-up
was a logical step in bringing similar organizational structure and
alignment to this domain. USCYBERCOM's goal is for Joint Force
Commanders to have the ability to plan for effects in cyberspace as an
integral--not separate--part of their mission planning, execution, and
assessment cycles.
Mr. Miller. Cyber Command is intended to be a Joint Sub-unified
Command reporting to STRATCOM. I would assume that each service is
``training and equipping'' personnel to provide forces to the Joint
Cyber Command. Based on the well-documented size and scope of the cyber
threat, do you all believe that Cyber Command should be its own
Combatant Command? If the threat truly is a dangerous as we say, and I
certainly believe that it is, why wouldn't we stand up a command that
has sole responsibility to execute operations within its AOR such as
any other COCOM?
General Alexander. USCYBERCOM is a sub-unified command organized
under USSTRATCOM. There were several studies--from outside the
Department, to across the Department, and within USSTRATCOM that
considered a wide range of options for ``best fit'' organizational
alignment. These studies were undertaken with facts and informed
forecasts at that time. We believe a sub-unified command was the best
first step.
______
QUESTIONS SUBMITTED BY MR. TURNER
Mr. Turner. In the opening portion of your verbal testimony, you
identified developing, training, and educating cyber professionals as
CYBERCOMMAND's top challenges. Further, training, organizing, and
equipping the new cadre of cyber professionals has been a common
concern among policymakers addressing cyber-capabilities for our
National interests. Our U.S. Deputy Secretary of Defense (DSD), William
J. Lynn III, identified the ``strengthening of human capital in trained
cyber-security professionals'' as a significant concern. In his Foreign
Affairs article, he asserted that the U.S. needs to graduate ``three
times as many security professionals annually as a few years ago.'' How
do you envision the premier cyber program at Air Force Institute of
Technology being optimized to educate and train professionals at/for
CYBERCOMMAND?
General Alexander. The Air Force Institute of Technology (AFIT)
Center for Cyberspace Research offers a wide range of Certificate,
Undergraduate, Master's, and PhD level programs for the cyber
community. These programs, along with similar programs through the
Naval Postgraduate School (NPS) and the Army's Advanced Civil Schooling
(ACS) program, provide cyber professionals with the educational
foundation and professional development required to be successful as
they transition to intermediate and higher levels of responsibility and
leadership. AFIT supplements the USCYBERCOM requirements for a cadre of
trained personnel in a standardized cyber curriculum for senior
enlisted, mid-level Captains and Department of the Air Force civilians.
We intend to work closely with AFIT and NPS leadership to ensure their
programs reflect the lessons we learn from operating in cyberspace.
Mr. Turner. The Dayton area is home to the Advanced Technical
Intelligence Center (ATIC), a classified facility focused on providing
the necessary technical education for intelligence professionals. How
do you see facilities such as ATIC supplementing the training need for
security professionals?
General Alexander. The Advanced Technical Intelligence Center
(ATIC) offers a wide range of classified and unclassified, entry level/
familiarization/overview courses in the intelligence or related fields.
These programs could help fulfill intelligence community knowledge gaps
that military educational institutions are currently unable to provide.
These courses provide an effective means for gaining essential basic
knowledge requirements or specific specialized training in low-density
skill sets. USCYBERCOM will continue to collaborate with ATIC as well
as other elite learning institutions and activities through the
National Defense University system to integrate, when applicable,
current training and education requirements. USCYBERCOM will continue
to provide guidance on future requirements and standards. ATIC's
distance learning capabilities coupled with abilities to rapidly
develop training on emerging technologies could be leveraged to support
cyber-related training requirements across the DOD, until the services
can generate the capacity and throughput required to meet mission
demands.
Mr. Turner. As quoted by Deputy Secretary of Defense William Lynn
in the Foreign Affairs article, ``Defending a New Domain: The
Pentagon's Cyberstrategy,'' the report, ``NATO 2020: Assured Security;
Dynamic Engagement,'' a NATO [North Atlantic Treaty Organization]-
commissioned study chaired by former U.S. Secretary of State Madeleine
Albright, rightly identified the need for the alliance's new
``strategic concept'' to further incorporate cyber defense. The U.S.
government must ensure that NATO moves more resources to cyber defense
so the member states can defend networks integral to the alliance's
operations. As a NATO parliamentarian, I am interested in transatlantic
security and ensuring we continue to build coalition capacity around
the world. It is notable that DSD Lynn emphasized the five principles
of Department's strategy in cyberspace in Brussels, while also stating
that NATO must build a ``cyber shield'' to protect the transatlantic
alliance from any Internet threats to its military and economic
infrastructures. A) What initiatives are in place to develop NATO
partners in the cyber arena? B) When addressing cybersecurity issues
involving NATO and other international allies, what are your greatest
challenges? C) How can international partnerships be cultivated and
improved upon in the cyber domain? D) What mechanisms does USCYBERCOM
have at its disposal to share intelligence with our allies?
General Alexander. DOD has an agreement with NATO for conducting
Information Assurance (IA) and Computer Network Defense (CND)
information exchanges and related activities. EUCOM's Network Warfare
Center is the executive agent responsible for overseeing the day-to-day
management of the implementation activities of the agreement and
USCYBERCOM is the DOD agent responsible for providing and receiving IA/
CND information with the Technical Centre, NATO Computer Incident
Response Center.
The greatest challenges in addressing cybersecurity issues are the
downgrading, releasing, or disclosing of classified information, which
supports cybersecurity strategies. Enduring methods to maximize shared
situational awareness while reducing risk to U.S. networks remain a
significant challenge. Additionally, USCYBERCOM must have a means to
rapidly and securely share situational awareness information and
mitigation strategies.
Strategic partnerships should mutually benefit both USCYBERCOM and
its foreign counterparts. At minimum, informal discussions and
engagement would increase our shared understanding about activities,
capabilities, and areas for cooperative development, improve cyber
defense activities and reduce misinterpretation and potential
escalation of malicious cyber actions. Formal partnerships may also
increase shared early warning, collective self-defense, and integrated
operational planning. Further, our efforts are to support COCOM theater
cooperation plans.
USCYBERCOM is not an intelligence agency. USCYBERCOM leverages
existing DOD and intelligence community procedures and protocols. The
International CND Coordination Working Group was established and
subsequently developed standard operating procedures to facilitate the
exchange of information via weekly teleconferences between the
respective military CND watch centers, and methods to submit requests
for information regarding noted intrusion activities.
Mr. Turner. For the purposes of a hypothetical scenario, assume
Fleet Cyber Command obtains information which they believe poses a
credible threat to U.S. Naval operations or forces. Further assume that
Fleet Cyber Command believes this information could compromise Army or
ARFORCYBER operations or forces if such information were shared beyond
Fleet Cyber Command officials. How can CYBERCOM ensure that effective
communication exists among organizations, and avoid the pitfalls/
difficulties in integration faced by other entities within the national
and homeland security infrastructure?
General Alexander. Commander USCYBERCOM will lead cyberspace
operations as a joint endeavor with all cyber forces, regardless of
service component, fully integrated into a joint fighting force.
USCYBERCOM will enable and task through a joint operations center the
synchronization and coordination of DOD cyber operations. USCYBERCOM's
Joint Operations Center (JOC) is linked to service network operations
centers ensuring threat information is passed in a timely manner.
Mr. Turner. Within the last decade, some might argue that the
organizational structures of the separate agencies (FBI, CIA, etc.)
were not effectively organized to prevent a national disaster. Of which
``lessons observed'' from our intelligence community should CYBERCOM be
mindful, and address in its culture and organizational structure, in
order to be proactive and effectively prevent future asymmetric
attacks? How can our national cyber infrastructure avoid organizational
bureaucratic inefficiencies and stovepiping? How does CYBERCOM
culturally encourage collaboration, communication and information-
sharing? With which entities throughout the DOD and government does
CYBERCOM most frequently cooperate on intelligence matters?
General Alexander. In recent years (2007-2008), the cyber events in
Latvia, Lithuania, Estonia, and Georgia, have informed all domestic
U.S. agencies and organizations of the inherent vulnerabilities within
the cyber domain. USCYBERCOM continuously educates, trains, exercises,
operates, and assesses operational readiness to conduct full-spectrum
operations. In partnership with other U.S. Government (USG) agencies,
COCOMs, and DOD organizations, USCYBERCOM leverages its relationship
with the NSA to develop, assess, and monitor strategic indications and
warning through the capabilities and accesses developed by the
intelligence community (IC) and interagency.
As exemplified by the 27 September 2010 DOD/DHS Memorandum of
Agreement Regarding Cybersecurity, the DOD is actively working with the
other USG Departments to collaborate and synchronize shared situational
awareness, actionable intelligence, and operations to enhance
cybersecurity for the Nation.
To promote shared situational awareness and information sharing,
USCYBERCOM actively engages with IC and interagency organizations.
The USCYBERCOM mission requires constant interaction with IC and
interagency partners. One vehicle for this cooperation is the Joint
Interagency Task Force-Cyber (JIATF-C). The JIATF-C includes all
members of the IC, all COCOMS (and their respective Joint Intelligence
Operations Center (JIOC) elements), and multiple members of the USG
interagency community (e.g., FBI, DOJ, Treasury, DHS, DOS, etc.). Many
of these organizations have personnel integrated into USCYBERCOM to
perform vital coordination and liaison functions dramatically enhancing
the speed at which USCYBERCOM can access and share intelligence in
support of USCYBERCOM's missions and goals.
Mr. Turner. For the purposes of a hypothetical scenario, assume the
24th Air Force is headquartered and/or operates primarily out of San
Antonio, TX, and that Fleet Cyber Command is headquartered and/or
operates primarily out of Annapolis, MD. Further assume that a cyber
attack has crippled the 24th Air Force's electronic communications
capabilities. Without the ability to communicate effectively in the
event of a cyber attack, USCYBERCOM and any one of its members runs the
risk of being, in essence, useless. If a nation is under attack--be it
cyber or otherwise--communication and rapid response are vital. A) How
can USCYBERCOM ensure that the means of communication upon which it
relies will not itself be compromised? B) How can USCYBERCOM maintain
open lines of communication among its member when telephone, e-mail,
fax, etc. are compromised?
General Alexander. USCYBERCOM has four service components,
including both 24th Air Force and Fleet Cyber Command. The dispersed
nature of the headquarters components and global presence of cyber
forces serves to mitigate this scenario. The key to sustainable mission
assurance is developing and sharing a combined situational awareness.
Effectively, cyber forces at all echelons, will access this common
operational picture and take appropriate actions toward an effective
defense posture. More broadly, as a matter of prudent military
planning, USCYBERCOM and its components are developing continuity of
operations plans. These plans delineate and prioritize critical mission
functions in the event of short or long-term disruptions and designated
locations and required functionality for rapid reconstitution of
command capabilities. As our networks continue to converge, the
distinction between telephone, e-mail, and facsimile will be far less
discernable.
Mr. Turner. Jurisdiction is of tremendous significance in any
discussion of cyberspace. Cyberspace is the most unique medium through
which an individual or group may influence or attack. The ability to
conceal, obscure, or otherwise mask one's identity and geographic
locale is perhaps more prevalent in cyberspace than in any medium. What
challenges and processes do you envision in adjudicating or determining
future jurisdictional issues, which will undoubtedly arise?
General Alexander. While jurisdiction is more of an immediate
concern in civilian law enforcement, it is still an issue for military
cyberspace operators as well. Terrorists can now ``forum shop'' and
choose beneficial jurisdictions from where they can launch their
attacks. Cyberspace is a domain in which even one computer operator
conceivably possesses a global strike capability regardless of
location. It used to be that terrorists had to physically locate
themselves in their target area, but that is no longer the case. The
uniqueness of the cyberspace domain affords terrorists, nation-states,
or international criminals the ability to strike from or through
favorable jurisdictions, complicating efforts to identify, investigate,
and apprehend a perpetrator. Cyberspace affords our adversaries the
ability to mask the identity and source of an attack, making
attribution and defense a greater challenge.
|
NEWSLETTER
|
|
Join the GlobalSecurity.org mailing list
|
|
|
