[House Hearing, 111 Congress]
[From the U.S. Government Printing Office]
[H.A.S.C. No. 111-180]
OPERATING IN THE DIGITAL DOMAIN: ORGANIZING THE MILITARY DEPARTMENTS
FOR CYBER OPERATIONS
__________
HEARING
BEFORE THE
SUBCOMMITTEE ON TERRORISM, UNCONVENTIONAL THREATS AND CAPABILITIES
OF THE
COMMITTEE ON ARMED SERVICES
HOUSE OF REPRESENTATIVES
ONE HUNDRED ELEVENTH CONGRESS
SECOND SESSION
__________
HEARING HELD
SEPTEMBER 23, 2010
[GRAPHIC] [TIFF OMITTED] TONGRESS.#13
U.S. GOVERNMENT PRINTING OFFICE
62-398 WASHINGTON : 2010
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office, http://bookstore.gpo.gov. For more information, contact the
GPO Customer Contact Center, U.S. Government Printing Office.
Phone 202-512-1800, or 866-512-1800 (toll-free). E-mail, gpo@custhelp.com.
SUBCOMMITTEE ON TERRORISM, UNCONVENTIONAL THREATS AND CAPABILITIES
LORETTA SANCHEZ, California, Chairwoman
ADAM SMITH, Washington JEFF MILLER, Florida
MIKE McINTYRE, North Carolina FRANK A. LoBIONDO, New Jersey
ROBERT ANDREWS, New Jersey JOHN KLINE, Minnesota
JAMES R. LANGEVIN, Rhode Island K. MICHAEL CONAWAY, Texas
JIM COOPER, Tennessee THOMAS J. ROONEY, Florida
JIM MARSHALL, Georgia MAC THORNBERRY, Texas
BRAD ELLSWORTH, Indiana CHARLES K. DJOU, Hawaii
BOBBY BRIGHT, Alabama
SCOTT MURPHY, New York
Kevin Gates, Professional Staff Member
Kari Bingen, Professional Staff Member
Jeff Cullen, Staff Assistant
C O N T E N T S
----------
CHRONOLOGICAL LIST OF HEARINGS
2010
Page
Hearing:
Thursday, September 23, 2010, Operating in the Digital Domain:
Organizing the Military Departments for Cyber Operations....... 1
Appendix:
Thursday, September 23, 2010..................................... 17
----------
THURSDAY, SEPTEMBER 23, 2010
OPERATING IN THE DIGITAL DOMAIN: ORGANIZING THE MILITARY DEPARTMENTS
FOR CYBER OPERATIONS
STATEMENTS PRESENTED BY MEMBERS OF CONGRESS
Miller, Hon. Jeff, a Representative from Florida, Ranking Member,
Subcommittee on Terrorism, Unconventional Threats and
Capabilities................................................... 2
Sanchez, Hon. Loretta, a Representative from California,
Chairwoman, Subcommittee on Terrorism, Unconventional Threats
and Capabilities............................................... 1
WITNESSES
Flynn, Lt. Gen. George J., USMC, Deputy Commandant for Combat
Development and Integration, U.S. Marine Corps................. 4
Hernandez, Maj. Gen. Rhett A., USA, Assistant Deputy Chief of
Staff,
G3/5/7, U.S. Army, Incoming Commanding General, U.S. Army
Forces Cyber Command........................................... 5
McCullough, Vice Adm. Bernard J., III, USN, Commander, U.S. Fleet
Cyber Command/U.S. 10th Fleet, U.S. Navy....................... 3
Webber, Maj. Gen. Richard E., USAF, Commander, 24th Air Force and
Air Force Network Operations, U.S. Air Force................... 6
APPENDIX
Prepared Statements:
Flynn, Lt. Gen. George J..................................... 36
Hernandez, Maj. Gen. Rhett A................................. 43
McCullough, Vice Adm. Bernard J., III........................ 25
Miller, Hon. Jeff............................................ 23
Sanchez, Hon. Loretta........................................ 21
Webber, Maj. Gen. Richard E.................................. 58
Documents Submitted for the Record:
[There were no Documents submitted.]
Witness Responses to Questions Asked During the Hearing:
[There were no Questions submitted during the hearing.]
Questions Submitted by Members Post Hearing:
Ms. Sanchez.................................................. 75
OPERATING IN THE DIGITAL DOMAIN: ORGANIZING THE MILITARY DEPARTMENTS
FOR CYBER OPERATIONS
----------
House of Representatives,
Committee on Armed Services,
Subcommittee on Terrorism, Unconventional
Threats and Capabilities,
Washington, DC, Thursday, September 23, 2010.
The subcommittee met, pursuant to call, at 2:05 p.m., in
room 2212, Rayburn House Office Building, Hon. Loretta Sanchez
(chairwoman of the subcommittee) presiding.
OPENING STATEMENT OF HON. LORETTA SANCHEZ, A REPRESENTATIVE
FROM CALIFORNIA, CHAIRWOMAN, SUBCOMMITTEE ON TERRORISM,
UNCONVENTIONAL THREATS AND CAPABILITIES
Ms. Sanchez. Good afternoon. I am sorry for being delayed.
But I would like to welcome all of you and thank you for
joining us here today.
The recent announcement by the Department of Defense [DOD]
that they had suffered a major compromise of classified
military computer networks has renewed discussions about what
more DOD and the government should do to operate in the digital
domain. The establishment of the United States Cyber Command
[USCYBERCOM] and the announcement of a new cybersecurity
strategy by Deputy Secretary of Defense William Lynn are
important milestones, but we all know that more needs to be
done.
Today the subcommittee is looking to discuss three main
objectives for this hearing: One, to understand the plan to
organizational structure for the military services' cyber
component organizations and how they will present forces to the
U.S. Cyber Command; understand--two, understand services'
challenges to recruiting, retraining, to training a cadre of
cyber operations professionals; and three, to discuss
initiatives supporting service-specific requirements for cyber
operations.
The purpose of this hearing is for the members of this
subcommittee to learn what progress the services are making and
organizing to carry out the full range of cyber operations,
including computer network defense, offense, and exploitation
functions. We also hope that the witnesses before us will be
able to flesh out the doctrinal training and recruiting needs
that will enable service concepts.
So today we have four distinguished witnesses before us.
First we have Vice Admiral Bernard McCullough, III, of the U.S.
Navy, the Commander of the U.S. Fleet Cyber Command and the
U.S. 10th Fleet. Welcome.
Lieutenant General George J. Flynn, U.S. Marine Corps, is
the Deputy Commandant for Combat Development and Integration.
Major General Rhett Hernandez, the U.S. Army, is the
Assistant Deputy Chief of Staff, G3/5/7. I know what that
means. Oh, hi.
And Major General Richard Webber, U.S. Air Force, is the
Commander of the 24th Air Force.
Once again, I want to thank all of the witnesses for being
here today. I look forward to hearing your testimony. Without
objection, we will take your written testimonies and submit
them for the record. And what I would like to have you all is
to summarize or tell us what you think we should be taking away
from your testimonies, or what you haven't told us that is
important for us to know.
And we will be observing the 5-minute rule for questions
from the Members. As you see, I have our ranking member here
Mr. Miller, very diligent. And we probably will be joined by
some others, but what this will allow us to do is probably ask
as many questions as we probably want to, Mr. Miller.
So I will now yield to the ranking member from Florida Mr.
Miller for his opening statement.
[The prepared statement of Ms. Sanchez can be found in the
Appendix on page 21.]
STATEMENT OF HON. JEFF MILLER, A REPRESENTATIVE FROM FLORIDA,
RANKING MEMBER, SUBCOMMITTEE ON TERRORISM, UNCONVENTIONAL
THREATS AND CAPABILITIES
Mr. Miller. Thank you, Madam Chairman. I have a full
statement I would like entered into the record.
And as you know, we had a full committee hearing this
morning with General Alexander. And I think it is appropriate
that we take an opportunity to visit with each of the services
today and see where they are going, what their issues are that
they need to bring before us, because we know this is an
operational area that we cannot cede to anybody. Our forces are
too reliant on its capability, and its effectiveness is only
enhanced by the sophisticated and expert application of its
benefits.
So in view of time, knowing that we have votes coming up, I
would like to again ask that my full statement be entered into
the record.
[The prepared statement of Mr. Miller can be found in the
Appendix on page 23.]
Ms. Sanchez. Great. I thank my ranking member.
And I have just been notified that we are looking at votes
maybe in--starting in about another 20 or 30 minutes, so I
think that it is incredibly important that we begin and at
least get the testimony in of our witnesses.
Again, gentlemen, thank you so much for taking the time to
be before us today. And maybe we will begin with Vice Admiral
McCullough of the U.S. Navy.
STATEMENT OF VICE ADM. BERNARD J. MCCULLOUGH III, USN,
COMMANDER, U.S. FLEET CYBER COMMAND/U.S. 10TH FLEET, U.S. NAVY
Admiral McCullough. Chairman, thanks for holding this
hearing. We think it is incredibly important to the defense of
the United States.
Chairwoman Sanchez, Ranking Member Miller, thank you for
the opportunity to discuss the United States Fleet Cyber
Command and the U.S. 10th Fleet.
Madam Chairwoman, on 29 January, 2010, I assumed command of
the United States Fleet Cyber Command and the United States
Navy 10th Fleet. As the Navy's component command to the United
States Cyber Command, Fleet Cyber Command directs cyberspace
operations to deter and defeat aggression, ensure freedom of
action, and achieve military objectives in and through
cyberspace. While much of our mission parallels those of the
other services' cyber components, Fleet Cyber Command has
unique responsibilities as a central operational authority for
networks, cryptology, signals intelligence, information
operations, cyber, electronic warfare and space operations in
support of forces afloat and ashore.
The Navy's vision is to fully develop our ability to
operate in cyberspace and to accomplish this task by fusing and
developing our capacity across all networks, signals
intelligence systems, and electronic warfare systems. As such,
we organize and direct Navy cryptologic operations worldwide
and integrate information operation and space planning and
operations as directed.
Tenth Fleet was originally established during the Second
World War to develop and implement antisubmarine warfare
capability and capacity. Today the reestablishment of the 10th
Fleet is built upon the same principles. The operational focus
of the 10th Fleet in the U.S. Fleet Cyber Command will enable
us to accomplish our mission across all ranges of cyber
operations.
To succeed we must be able to operate freely across the
electronic spectrum while facing threats that range from the
mundane, such as atmospheric interference, to highly advanced
threats, such as network intrusion and malicious attack. It is
Fleet Cyber Command's responsibility to analyze this advanced
threat and develop the tactics, techniques, and procedures
necessary to defend our network and be ready to take whatever
steps are necessary to freely operate across all domains.
As Fleet Cyber Command continues to mature, we are finding
ways to capitalize on the expertise of our sister services,
working together to identify threats and establish a unified
response.
Operationally we are moving out. Since our standup in
January, we have partnered with USCYBERCOM--CYBERCOM's service
components that are with me here today, as well as the U.S.
Coast Guard, in support of United States Pacific Command and
Pacific Fleet exercises. We are viewing--we are reviewing our
network operations to enhance shared situational awareness and
the inherent security that comes from cooperative oversight. We
have also partnered with industry, academia and federally
funded research and development centers during these exercises
and routinely to take advantage of their knowledge and
capability. The commercial sector drives this domain, and we
must leverage their capacity and investment.
None of our efforts will provide mission accomplishment
without effective recruiting and training of sailors who are
technologically savvy and able to apply their skills to the
defense of the fleet's networks. I have visited all but one of
my subordinate operational commands, and I can assure the
subcommittee that the Navy has an outstanding force of sailors
ready to support the Nation across the entire range of cyber
operations.
We have initiatives to create new officer specialties,
including cyber warfare engineers and cyber warrant officers.
The establishment of a training program at the United States
Naval Academy will create new opportunities to train officers
dedicated to cyber operations.
With any new operational area or domain, there is always
room for tremendous growth. Every day I am amazed at the
ability of our sailors to think beyond the traditional
operational areas and to apply their expertise to the cyber
realm. It is in that environment that we will cultivate and use
to help recruit future experts.
There is no way the Department of Defense can compete with
industry in the area of monetary compensation, salary if you
will, but we can provide our people with expanded opportunities
for education, training, and help them build experience as
leaders that cannot be matched elsewhere.
My staff in command headquarters at Fort Meade is growing
in strength and capacity each month. We currently operate with
a headquarter staff of 130 that will grow to approximately 200
personnel over the next year, ensuring that we have the
expertise needed to successfully operationalize cyber.
I thank you for this opportunity to discuss U.S. Fleet
Cyber Command and the 10th Fleet and appreciate your support of
our Navy and the Department of Defense. I look forward to
answering your questions.
[The prepared statement of Admiral McCullough can be found
in the Appendix on page 25.]
Ms. Sanchez. Thank you, Admiral.
We will talk now to--or we will hear from Lieutenant
General George Flynn, U.S. Marine Corps, please.
STATEMENT OF LT. GEN. GEORGE J. FLYNN, USMC, DEPUTY COMMANDANT
FOR COMBAT DEVELOPMENT AND INTEGRATION, U.S. MARINE CORPS
General Flynn. Chairwoman Sanchez, Representative Miller,
and distinguished members of the subcommittee, thank you for
the opportunity to be here today. Let me begin by saying thanks
for all you and all the other members of the House Armed
Services Committee do to support our service men and women,
their families, and especially our marines.
Cyberspace is clearly a new domain, and because it is
manmade, it is something we learn more about each day. It is
many things to many people. In my view, it is like terrain. It
must be defended, and we must use it to gain advantage.
Just like the other traditional domains, our goal in
developing our cyber capability is to create the means to
maintain our freedom of action, not only in cyber, but in the
other domains as well. Our focus initially has been in three
areas: to improve our ability to defend our networks; to create
a small component command staff to support not only the efforts
of U.S. Cyber Command, but also to develop the capabilities
needed to be inherent in our service force structure; and also
to create the operators needed to support USCYBERCOM efforts.
Accordingly, we are taking a deliberate and joint approach
to our cyber requirements, and we are using some of the past
lessons to inform our requirement efforts in developing our
organizational equipment and training requirements. We are
seeking to find the right balance of efficiency and
effectiveness in meeting both the U.S. Cyber Command
requirements and our service requirements. This is why we are
joined at the hip with U.S. Cyber Command to build the
necessary mission capabilities, and we will adjust our approach
as we learn more about the challenges and opportunities that
are assuredly ahead.
I have prepared a written statement. I would request that
it be a part of the record. And I am looking forward to
answering your questions.
[The prepared statement of General Flynn can be found in
the Appendix on page 36.]
Ms. Sanchez. Perfect. Thank you so much, General.
Now we will ask Major General Hernandez of the U.S. Army
for his 5 minutes or less.
STATEMENT OF MAJ. GEN. RHETT A. HERNANDEZ, USA, ASSISTANT
DEPUTY CHIEF OF STAFF, G3/5/7, U.S. ARMY, INCOMING COMMANDING
GENERAL, U.S. ARMY FORCES CYBER COMMAND
General Hernandez. Chairwoman Sanchez, Congressman Miller,
and members of the subcommittee, thank you for your ongoing
support of our military and for the opportunity to appear
before this panel with my counterparts from other military
services today.
The Army established Army Forces Cyber Command as our
service component to the United States Cyber Command. Our
mission is to plan, synchronize, direct, and conduct network
operations in defense of all Army networks and mission
objectives. We stand ready when directed to conduct those
cyberspace operations necessary to ensure U.S. and allied
freedom of action in cyberspace.
We are organizing, training, and equipping Army forces to
support Cyber Command's lines of operation. By providing shared
situational awareness of the Army's portion of the Department
of Defense information networks, we help the Commander, Cyber
Command exercise command and control.
On 1 October, I will become the Commander of Army Cyber
Command. I will ensure the Army closely coordinates with other
services and the combatant commanders to fully protect our
digital infrastructure, and that the combatant commanders
receive the cyber support they require to accomplish their
joint missions.
The Army organizes, trains, and equips to ensure that we
can help protect and defend our Nation. Cyberspace is a domain
and dimension of that defense. In cyberspace we know operations
occur at net speed routinely and instantly across national
boundaries and often involve multiple state and non-state
actors. We are challenged to rapidly attribute adversary
activity and anticipate collateral effects. We must address
these requirements and undertake more robust measures to
operate and defend our networks.
The Army Cyber Command construct leverages years of
experience and a deliberate approach that will now meld unique
cyber operations capabilities from the 9th Signal Command, the
Intelligence and Security Command, and the 1st Information
Operations Command into one fully integrated command structure
to globally command and control all cyber operations for the
Army. We will use a single--and are using it today--operations
center that is tied to Cyber Command's Joint Operational Center
as the focal point for planning, synchronizing, and conducting
cyber operations.
In this organization people will be the centerpiece of our
efforts to improve cyber operations. To effectively operate, we
must change our culture. The first line of defense in
cyberspace is the user, and every individual must understand
that cyberspace is a contested environment that we must
protect.
The second line of defense is our corps of cyber
professionals who defend our networks and ensure operations. We
will win in cyberspace with the best-trained and most
professional personnel. To that end we must increase our
capacity to grow cyber professionals, and resources are
necessary to train the cyber workforce required for this ever-
changing environment. Once trained, we must keep them in the
ranks. Retaining highly trained cyber professionals is
essential to maintaining our ability to effectively conduct
cyber operations.
As our workforce matures, we must continue to quickly
identify and acquire new capabilities in this rapidly evolving
mission. The Army has multiple initiatives under way to improve
our global network operations in defense, as well as expand our
cyber capabilities, and Army Cyber Command will drive these
efforts.
Chairwoman Sanchez and other members of the subcommittee,
as I assume command, I pledge my support to you and to our
Nation, and I look forward to our continued relationship. Your
Army stands ready to defend and protect our digital
infrastructure. I appreciate the opportunity to speak on these
important matters and look forward to addressing any questions.
Thank you.
[The prepared statement of General Hernandez can be found
in the Appendix on page 43.]
Ms. Sanchez. Thank you very much.
And next we have Major General Richard Webber, U.S. Air
Force. Hello, General.
STATEMENT OF MAJ. GEN. RICHARD E. WEBBER, USAF, COMMANDER, 24TH
AIR FORCE AND AIR FORCE NETWORK OPERATIONS, U.S. AIR FORCE
General Webber. I would like to thank Chairwoman Sanchez,
Ranking Member Miller, and the other distinguished members of
the subcommittee for the opportunity to appear before you and
represent the dedicated and exceptional men and women of 24th
Air Force.
As our Secretary of the Air Force and Chief of Staff of the
Air Force stated, our goal is to protect our mission-critical
infrastructure, improve our capabilities, and develop greater
cyber expertise and awareness to complement the entire
Department of Defense cyberspace effort.
Twenty-Fourth Air Force just celebrated its 1-year
anniversary, and I would like to take this opportunity to
highlight some of the Command's recent accomplishments. On
September 11, 2010, the Air Force Space Command Inspector
General conducted an assessment and declared 24th Air Force
ready for the full operational capability. And as soon as we--
and soon we anticipate declaring 24th Air Force fully
operational.
There are numerous ways 24th Air Force has made progress
towards achieving this major full-operational capability
milestone. I would like to touch on four significant examples.
First, we have undertaken extensive collaboration with our
fellow air components and other combatant commands to integrate
cyber courses of action into their operational plans. This is a
distinct transition from our legacy approach in which cyber was
relegated to a support role focused on assuring the network,
rather than assuring the mission.
Second, we have made strides in obtaining dedicated
intelligence resources to support our operations. As a result,
we are shifting from a reactive network defense posture to one
that is more predictive and dynamic. Ultimately this will
facilitate our ability to predict and deter attacks before they
take place.
Third, we have worked with Air Force Space Command to
restructure and train our cyber professional workforce to
produce capable, vigilant personnel with an operational rather
than a maintenance-only mindset.
Finally, we have streamlined our cyber acquisition
processes. This gives our airmen the tools they need when they
need them to rapidly deliver capabilities for operations in an
increasingly dynamic and contested domain.
Let me summarize by saying that the Air Force is committed
to producing professional cyber warriors dedicated to assuring
the joint mission and preserving our freedom of action in
cyberspace. Because operating in cyberspace is a team sport, I,
the men and women of 24th Air Force are proud to work alongside
our teammates in USCYBERCOM and our sister services.
I would like to thank the subcommittee for your continued
support as we endeavor to meet the challenges of defending
cyberspace for the joint warfighter. I look forward to your
questions.
[The prepared statement of General Webber can be found in
the Appendix on page 58.]
Ms. Sanchez. Thank you, General. Thank you to all you
gentlemen.
I will remind my colleagues that we will go by the 5-minute
rule, and I will begin by asking some questions.
The first thing I would like to ask you all is there is
somewhat of a difference of opinion. I have been, as you know,
chairwoman since about the end of January with respect to this
subcommittee, and the issues that go before it, cybersecurity
being one of the more newer, difficult--you all know it is a
very complex issue. So some have told me that with respect to
the military, everybody has got a different system; even within
each department, every ship, every plane, every unit, everybody
has got different--they are operating under all different
systems.
So my question is, is it your experience or your thought
that the more consolidated our networks become, the more
sameness we have across our networks within a service or
across--or even across all services, that the easier it will be
to defend that, or are we so stuck in legacy systems and
upgrades and everything to all of that that we are never going
to see that, and it would be easier for you all to defend all
the different systems that you each have under you?
Maybe we will start with the admiral over there.
Admiral McCullough. Chairwoman, as you suggest, as we built
the network inside the military, we all sort of built it in our
own way. The Navy, for instance, has three different systems.
We have the Navy-Marine Corps Intranet that is transitioning to
Next Generation Enterprise Network for our CONUS [continental
United States] in Alaska and Hawaii part of our organization.
OCONUS [outside the continental United States], we have
something called ONE-NET, and then on ships we have something
called IT-21. So we have got three networks inside what I will
call our service enterprise network, and it is by nature the
way the system was developed.
I think it is beneficial--and as General Alexander
explained earlier this morning about moving to a different type
of network, and he called it ``computing on the edge'' or
``cloud computing.'' And I think it is advantageous as we move
forward that we do it as a united joint--in a united joint
manner.
I also think it is imperative as we develop dynamic
situational awareness of the networks that we--all the services
do it in a manner that is interoperable, compatible, and takes
advantage of what USCYBERCOM does under STRATCOM [Strategic
Command] to develop that situational awareness so we don't go
on a divergent path. I think if we gain that ability and
capability, that the network will be much easier to defend and
maintain.
Ms. Sanchez. Anybody have a differing approach or something
you all want to add?
And this is my concern. My concern is, of course, that we
not only have to worry about what is inside the services'
network or networks, but we also have to worry about the fact
that we interact with outside networks, let us just say
contractors who are providing for us, and that the more we are
one joint, the more openings there are, if we are all looking
at--if we are working with contractors and others. And, of
course, that seems to me in talking to everybody, that is one
of the easiest ways to break into a system is the weakest link,
which is individuals sometimes inside the military, but, of
course, you know, we are exponentially creating even larger
avenues into our networks.
Do you all have a concern about that, or do you think just
concentrating--if we really had one network that worked across
everything, that concentrating all our efforts just to protect
one thing would be easier than walling off into different
sections everything that we do?
Yes, General.
General Webber. If I could add, our legacy within the Air
Force was essentially a separate network for each of our major
commands. So Air Combat Command, Space Command, Air Mobility
Command, they each had their own approach. And each of those
systems were made up of a collection of hardware and software,
each with their strengths and their weaknesses.
But in this arena, you are only as strong as your weakest
link. And so what we are doing is we are migrating over several
years to a single, more homogeneous Air Force network that will
be much better designed in terms of giving us situational
awareness, as well as allowing us efficiencies to operate,
because when your system is not working and you pick up the
phone, you want to call the help desk that knows how your
system operates.
Now, once you have done that, then you need to consider how
you defend things in depth. If you try to defend everywhere, in
essence you defend nowhere. And so what we are asking our
warfighters to do is identify to us what are those crown
jewels, those mission-critical things that you must have to do
your mission; for example, air mobility. You must have this op
center, these key links, this hardware, this software, this
data in motion, this data at rest. And then we are going to
design a defense in depth for those crown jewels.
Ms. Sanchez. Let me ask one more question, and then I will
let my colleague Mr. Miller ask some questions.
As you are moving and evolving towards this larger network,
do you feel that you have the right acquisition process that
allows you to meet those needs? And I will give you an example.
When we--on another committee when we were looking at a
particular project--it was a very big project--we did not have
the right acquisition people within a particular department, so
we all--what happened was that the contractor was allowed to
almost act as the contract officer within the department,
because, you know, information and this--and this technical
skill sometimes can be easier found outside than brought in
house.
So do you feel that you--and we know it from engineers and
STEM [Science, Technology, Engineering and Mathematics] and
everything, but there is also the acquisition process which
sometimes has some of those people, but a lot of times doesn't
have somebody so well-versed in what we are actually looking to
acquire. So my question to you is do we have--do you have the
ability to build an acquisition process, or do you have it in
place, that will allow us to know what we are asking for and
really get the best systems that we need as we evolve to the
future? Anybody?
Yes. General.
General Webber. I can tell you the three-step approach that
my boss for the organize, train, and equip side of the
business, General Kehler at Air Force Space Command, has put in
place, and I think it gets at all the challenges of this
domain. And if you would envision a pyramid, and at the tip of
the pyramid are those things that you literally need in hours
or days. That is done for us by our 688th Information
Operations Wing. And if you see a piece of malware, and you
need a response to it now, these are the professionals that
take care of that for us.
The second stage are things you would need in the 12-, 18-,
24-month timeframe, and in that arena, we are looking towards
things like a Cyber Safari, which is a version of Big Safari,
or even to a certain extent the Air Force TENCAP [tactical
exploitation of national capabilities] Program that is skilled
at matching these kind of rapid acquisitions.
And then the foundation of the pyramid is the classic
acquisition where you have your PEO [Program Executive
Officer], and you go to your product center. Although in that
arena, because this domain changes so rapidly, you need to
spiral develop. You need to consider block updates, and you
need to make sure that you can spiral in new technologies, as
well as be able to spiral the requirements as the threat
changes.
Ms. Sanchez. Thank you, General.
Mr. Miller.
Mr. Miller. Reading an article from Under Secretary Lynn in
a recent Foreign Affairs magazine, he identified ways to
effectively defend the networks from attacks and exploitation.
And what I want to know is, yes, as we continue to defend, are
we combining offensive actions with our current defensive
actions? And can you talk about it in this setting?
Admiral McCullough. I will take a stab at that, sir.
General Alexander talked about this morning to some degree,
and--when he explained what we did in response to Buckshot
Yankee, and how previous to that time we had an offensive team
which was Joint Force Combined Command Network Warfare and
Joint Task Force Global Network Operations. So the operations
and the defense were under Global Network Operations, and other
capability was resident in Network Warfare. And they had
different levels of security clearance and access to different
levels of information. And we found when we went to Buckshot
Yankee that you had to combine those teams to be able to
conduct full-spectrum cyber operations to both defend and
operate and deter. And so within the confines of this room, we
are working across a full spectrum of network operations, sir.
Mr. Miller. We have got some budget constraints upon us and
I think the chairman and I both want to make sure that we are
efficiently spending all the funds that you have at your
disposal. The question would be if we need to cut any programs
or any initiatives, have you identified those that we can
afford to cut?
General Flynn. Sir, are you talking in the area of cyber
or--that is real difficult to answer right now because we are
in the middle of standing up what we are doing right now. And
right now we are not looking at cutting what we are doing in
cyber because this really has become something new that we are
doing. We are increasing our defensive capabilities because we
are more reliant on the Net than we ever were. And in addition
to that, we need to increase the number of people that we have
assigned to work at U.S. Cyber Command on network operations.
So the question, I think, is not so much what you would cut
within Cyber Command, it would be more recognizing this as
something new that is happening out there. It is what is old
that would be the trade-off. And, for example, what we are
doing in our service, in the Marine Corps, right now, we are
conducting a force structure review group. It is to take a look
at what structure you are going to need in the future. And
this--I think cyber would be one of those fact-of-life changes
that is new. So what--because this is new, and what is legacy
then could go away. And that is a detailed process, that is
what we are doing.
But in cyber, if you--off the top of my head, what would
you--what would you do in a fiscally informed environment? I
think right now this is where the growth is, because this is
where--this is something new, and it is something that changes
every day. So I don't have one off the top of my head to offer
on that, sir.
Mr. Miller. I have got four more questions that I just want
to submit for the record since we have got a vote.
Ms. Sanchez. Certainly.
We just had a vote call. We probably have about 10 minutes
before we have to stop. I would like to give the opportunity to
Mr. Langevin to ask his questions for 5 minutes or less. The
gentleman from Rhode Island.
Mr. Langevin. I thank the Chair.
Gentlemen, thank you for being here, for the outstanding
work that you are doing, and really talking about a critical
issue, I think, that in many ways has been and in many ways
still is overlooked, an overlooked element of our national
defense. Obviously cybersecurity is going to become a growing
and more complex challenge as time goes on, and we are never
going to be able to get to the point where we are fully secure
because it is such a moving target. So we all have our work cut
out for us, and I thank you for the outstanding work you are
doing.
Having chaired the subcommittee that oversaw our Federal
cybersecurity efforts, this is certainly a long--both a
professional and personal interest of mine. And securing our
critical data and information infrastructure is an immensely
challenging and complex task, one which the Department of
Defense has really confronted head on. And DOD obviously is
viewed as a standard bearer not just for its technical
abilities, but also due to a keen appreciation of the
seriousness of the threat that faces our Nation.
For me, this is the--our cyber challenges are--some of the
vulnerabilities are the kind of things that certainly keep me
up at night. However, there is obviously still room for
improvement, despite the advances we have made and the steps we
have taken, especially at the individual service level.
Now, earlier this morning, General Alexander touched on one
of the important issues, and that is the protection of our
physical critical infrastructure. My question for you all is
many military bases are reliant on outside, privately
controlled power plants, water systems. Recently--the recent
public attacks, such as the Stuxnet worm, demonstrated a
growing interest in targeting industrial control devices such
as SCADA [Supervisory Control and Data Acquisition] systems. So
my question is how are your individual services working to
address these types of threats? And have there been any damage
assessments performed on cyber, including control system
vulnerabilities to individual bases?
General Flynn. Sir, one of the additional hats I wear is I
oversee a base a little bit south of here, and one of the key
things we have done is we have identified all our critical
infrastructure. So we know where the critical nodes are,
whether it be in power, water supply, or anything else that may
pass through the base. So the first step has been throughout
not only the base down at Quantico, but throughout the Marine
Corps, we have identified those critical nodes.
In the area of communications, where necessary we have
created the redundancy that we need to be able to do that. But
the first step in coming up with a solution is we have
identified where those critical nodes are, and we are taking
the steps to do what we can to mitigate them if it is possible.
Mr. Langevin. Very good.
General.
General Webber. The Air Force is partnering with the
national labs that are also working very hard on this issue,
and our objective is to take each one of these vulnerabilities
that are based on industrial control systems, understand how
they work. And then my intent is to put out a direct--a
Commander's direction that would be throughout the Air Force
that says if you have this fuel system, or this HVAC [Heating,
Ventilation and Air Conditioning] system, or this water system,
or this power system, it will be installed in this way, it will
be protected with a firewall this way, the settings will be set
up very specifically. But right now those systems are very much
wide open, and we haven't even taken the low-hanging fruit
steps that we need to start taking now.
Mr. Langevin. Admiral McCullough.
Admiral McCullough. Congressman, I mean, as you well know,
the systems that you discuss are very vulnerable to attack. The
Navy has worked through the Commander of Navy Installations
Command to identify critical nodes in that infrastructure. Do
we have a plan for alternate power sources or alternate water
sources? A lot of this is single source into a basin. If you
take that capacity away, you have some capability on backup
electric-power generation, but very little in other resources,
such as water, sewer, et cetera.
And so it is--our mission sets DOD networks, but we are
very well aware that given the vulnerabilities of various
systems, that we have to work with DHS and others to get at the
root issue, and we are working in that direction, sir.
Mr. Langevin. And General Hernandez.
General Hernandez. Congressman, that is a great question. I
am not aware of the level of detail that the Army has gone into
identifying critical infrastructure and vulnerabilities. I will
gladly take that as part of my assessment and take it as a
statement and question for the record and come back to you as
soon as I have completed that.
[The information referred to was not available at the time
of printing.]
Mr. Langevin. I hope we can pay particular attention to all
of this. I just--in closing, when I chaired the subcommittee on
emerging threats and cybersecurity at Homeland Security, one of
the vulnerabilities to critical infrastructure that came to
light as a result of work done at Idaho National Labs was the
threat to our electric grid. And again, so much of our--so many
of our bases are dependent on local power systems, maybe off
base. And if they are not secure, then clearly our bases are
not going to be secure. Idaho National Labs, through this
Aurora test, was able to actually blow up a--cause a generator
through a SCADA attack to blow up and take the generator out.
These things aren't just sitting on a shelf somewhere where
you can just plug them in. They are going to take months to
build, ship and install. So again, I hope we can redouble our
efforts to pay attention to our vulnerabilities, particularly
in that area and other areas in critical infrastructure,
especially as it affects our bases.
Thank you.
Ms. Sanchez. I thank the gentleman from Rhode Island.
We have six votes on the floor, and so we will have to wrap
up this hearing, unfortunately. And I say that because I know
how much you all prepared to be before us today, and I am sorry
that it is, you know, crazy season in the Congress and that we
have floor votes.
But I would like to ask a question before we close, and I
have a feeling that many of the Members will submit for the
record some questions, and we would love to have--if you could
answer those for us.
I recently had Dr. Regina Dugan out--the Director of DARPA
[Defense Advanced Research Projects Agency]--out in my
district, and we went to schools to talk to young people about
how important and--to motivate them to be in the science,
technology, engineering, mathematics arena because, as we know,
that really is the future for a lot of what we are talking
about.
Can you talk about--one of you mentioned, and I think it
was the Vice Commandant--that--how you motivate people to come
and actually work for the military when the salary is not
comparable and the benefit package obviously is not comparable
to what we see in Silicon Valley or even in my area of Orange
County, California, where we have so much of this going on in
the private sector? What are the challenges? And what can we do
to help you to ensure that we are getting the right talent to
help us with such an incredibly important issue? Any of you?
Yes, General.
General Webber. I think the first step has to be how do you
get the young folks hooked on the idea of working in the cyber
environment and paying attention to their math and science
skills. One thing that I would commend to you and I have
already commended to my fellow component commanders is an Air
Force Association program called Cyber Patriot. And basically
what it is is a program that teaches junior ROTC [Reserve
Office Training Corps] folks--so this is high-school age--how
to build and operate and then defend a network. And then they
compete in a nationwide shoot-out in terms of how well did they
build their network, how well did they operate it, and then how
well did they defend it. So far we are anticipating at least
300 high schools across the Nation are going to compete in
this. So that is one of the good ways to get these folks
hooked.
I think they are attracted to the training that we offer
them. For each of us, these are going to be high-skill jobs. It
is going to take probably a minimum of 24 months of training,
and we are all looking for ways that we can keep them at least
back-to-back assignments in the mission area. But then should
they decide that they--that they want to leave the Air Force
and perhaps work for a contractor or another government agency,
I think that is where the Total Force comes in. And I think we
collectively need to place our Guard units and our Reserve
units in the right locations--and we in the Air Force have done
that--where they can just take off that suit maybe once a month
and walk across the street and do these exciting missions in
cyber that they have been trained in.
Ms. Sanchez. Great.
Anybody else?
General Flynn. One of the key parts here is we are also
going to take a Total Force look. And the challenge is not only
getting the Active Duty, but, as General Webber said, also the
Reserves.
So the Total Force does have a piece to play here, and it
is something that we can take a look at as we right now try to
define what an operational reserve is. And this is one area to
take a look at. And we also have to also attract the
professional civilian workforce as well.
The other part I would say is we have to take a look at
some of our personnel practices within the services. A lot of
what we do, we have never did it for money anyway, so there is
a motivation that comes to cause a young man or woman to join
any of the Armed Forces. So we have to continue to capitalize
on that.
But one thing that we have to take a look at is once you
get somebody schooled in this area, and they become an
effective operator, they need to stay in it. And so we are
going to have to take a look at career progression that--you
know, is it going to be acceptable to somebody not to have to
do out-of-occupational-specialty assignment to get promoted?
This may be the case where once you are in cyber, you never
leave cyber, something like we do with some of our Special
Operations units.
And then the other part is the training investment. We are
going to have to take a look at maybe the length of our
enlistment contracts. If it takes you 2 years to get somebody
to be a skilled operator, then in most cases you only have 2
years left on Active Duty. So we have to take a look at that,
and then, I think, what would be the appropriate incentive
package. And in some cases, for--just like we see with young
marines now returning again and again to Afghanistan, sometimes
it is just the opportunity to do what you like doing and being
part of something that is bigger than yourself.
Ms. Sanchez. Thank you.
Admiral McCullough. If I could pile on.
Ms. Sanchez. Yes, Admiral. Pile on, pile on. Go ahead.
Admiral McCullough. Okay. I think you can recruit the young
men and women based on their excitement about the opportunities
that are given, the educational opportunities that are given in
this field, the opportunities to have a broad scope of
responsibility that you don't necessarily get in the commercial
sector. And once we educate them in the Navy--ours are 6-year
contracts for these folks. Once you educate them, you have got
to get them out into the field to practice this art, and then I
think you have them.
But we do understand monetary compensation and what the
limits that we have in that area. In the Navy we provide
selective reenlistment bonuses for our cryptology technicians
that do most of this work for us, up to $75,000 for a 6-year
reenlistment. We also have broader educational opportunities
for these folks.
And so I think, with satisfaction of mission and excitement
about the opportunity that they have, that you can generate a
stable workforce in the military for this. Now, the problem is
how much does the general population bear in this type of folk,
and we are all--the four services are competing with industry,
with academia and other Federal agencies. And so does the
Nation, as you suggest, have the right capacity to support what
we are doing in this area?
Thank you.
Ms. Sanchez. Thank you.
General.
General Hernandez. Chairwoman, my piling on would be that--
in my testimony, and I firmly believe that the centerpiece and
the center of gravity to our ability to operate in cyberspace
is ensuring we can grow, retain, and train the right personnel.
So I sign up for everything that everyone has said.
The only piece I would add to this is that I think it is
going to take even more than that, and we are going to have to
use our imagination to think about what other things might we
be able to do or need to do. And I would re-echo the Air Force
comments that we need to do it earlier and do it with more
scholarships earlier in school programs to identify that
special talent that is critical in this field.
Ms. Sanchez. Great.
Thank you, gentlemen, for your testimony. Again, I am sure
that some of the other Members and I also will be submitting
for the record some more questions for you. I know your time is
valuable. As soon as you can get those answers back to us would
be great.
And with that, I believe that the committee is adjourned.
Thank you.
[Whereupon, at 2:51 p.m., the subcommittee was adjourned.]
?
=======================================================================
A P P E N D I X
September 23, 2010
=======================================================================
?
=======================================================================
PREPARED STATEMENTS SUBMITTED FOR THE RECORD
September 23, 2010
=======================================================================
[GRAPHIC] [TIFF OMITTED] T2398.001
[GRAPHIC] [TIFF OMITTED] T2398.002
[GRAPHIC] [TIFF OMITTED] T2398.003
[GRAPHIC] [TIFF OMITTED] T2398.004
[GRAPHIC] [TIFF OMITTED] T2398.005
[GRAPHIC] [TIFF OMITTED] T2398.006
[GRAPHIC] [TIFF OMITTED] T2398.007
[GRAPHIC] [TIFF OMITTED] T2398.008
[GRAPHIC] [TIFF OMITTED] T2398.009
[GRAPHIC] [TIFF OMITTED] T2398.010
[GRAPHIC] [TIFF OMITTED] T2398.011
[GRAPHIC] [TIFF OMITTED] T2398.012
[GRAPHIC] [TIFF OMITTED] T2398.013
[GRAPHIC] [TIFF OMITTED] T2398.014
[GRAPHIC] [TIFF OMITTED] T2398.015
[GRAPHIC] [TIFF OMITTED] T2398.016
[GRAPHIC] [TIFF OMITTED] T2398.017
[GRAPHIC] [TIFF OMITTED] T2398.018
[GRAPHIC] [TIFF OMITTED] T2398.019
[GRAPHIC] [TIFF OMITTED] T2398.020
[GRAPHIC] [TIFF OMITTED] T2398.021
[GRAPHIC] [TIFF OMITTED] T2398.022
[GRAPHIC] [TIFF OMITTED] T2398.023
[GRAPHIC] [TIFF OMITTED] T2398.024
[GRAPHIC] [TIFF OMITTED] T2398.025
[GRAPHIC] [TIFF OMITTED] T2398.026
[GRAPHIC] [TIFF OMITTED] T2398.027
[GRAPHIC] [TIFF OMITTED] T2398.028
[GRAPHIC] [TIFF OMITTED] T2398.029
[GRAPHIC] [TIFF OMITTED] T2398.030
[GRAPHIC] [TIFF OMITTED] T2398.031
[GRAPHIC] [TIFF OMITTED] T2398.032
[GRAPHIC] [TIFF OMITTED] T2398.033
[GRAPHIC] [TIFF OMITTED] T2398.034
[GRAPHIC] [TIFF OMITTED] T2398.035
[GRAPHIC] [TIFF OMITTED] T2398.036
[GRAPHIC] [TIFF OMITTED] T2398.037
[GRAPHIC] [TIFF OMITTED] T2398.038
[GRAPHIC] [TIFF OMITTED] T2398.039
[GRAPHIC] [TIFF OMITTED] T2398.040
[GRAPHIC] [TIFF OMITTED] T2398.041
[GRAPHIC] [TIFF OMITTED] T2398.042
[GRAPHIC] [TIFF OMITTED] T2398.043
[GRAPHIC] [TIFF OMITTED] T2398.044
[GRAPHIC] [TIFF OMITTED] T2398.045
[GRAPHIC] [TIFF OMITTED] T2398.046
[GRAPHIC] [TIFF OMITTED] T2398.047
[GRAPHIC] [TIFF OMITTED] T2398.048
[GRAPHIC] [TIFF OMITTED] T2398.049
[GRAPHIC] [TIFF OMITTED] T2398.050
[GRAPHIC] [TIFF OMITTED] T2398.051
?
=======================================================================
QUESTIONS SUBMITTED BY MEMBERS POST HEARING
September 23, 2010
=======================================================================
QUESTIONS SUBMITTED BY MS. SANCHEZ
Ms. Sanchez. Have DOD and U.S. Cyber Command provided the services
with clear doctrine, guidance, policies, and/or requirements to
accomplish their cyberspace operations mission?
Admiral McCullough. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. What additional doctrine, guidance, policies, and/or
requirements do the services need from DOD and U.S. Cyber Command to
accomplish their cyberspace operations mission?
Admiral McCullough. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. Please describe the doctrine, guidance, policies, and/
or requirements the services are developing individually and in
coordination with one another?
Admiral McCullough. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. Given current budget and personnel constraints (i.e.
shrinking end strength and heightened operational demands), describe
steps you are taking to meet your requirements to fund and staff your
cyberspace operations?
Admiral McCullough. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. What efforts have the services made to define the
emerging role of the cyber warrior for both service-specific and joint
cyberspace operations mission areas (including the development of
mission specialties, job qualification and training opportunities)?
Admiral McCullough. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. What service and joint training and educational
institutions do you use now, or will you use in the future, for
developing your cadre of cyber warriors?
Admiral McCullough. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. How are you integrating cyber capabilities into
Service-level, joint, international or interagency exercises?
Admiral McCullough. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. What capabilities do you have to conduct active
network operations, such as network hunting, penetration testing and
other forms of red teaming? Do you have unmet needs in this area (in
terms of people or tools)?
Admiral McCullough. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. The Committee appreciates the complexity of
coordinating cyber operations in various Service, Agency, interagency,
international and non-governmental organizations geographically
dispersed across the world. To deal with that challenge, what tools,
technologies, processes or procedures do you have in place, or are
planning, to facilitate collaboration across the full range of cyber
operations?
Admiral McCullough. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. Can you please explain your understanding of command
and control responsibilities, relationships and authorities between
U.S. Cyber Command and the military services?
General Flynn. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. Have DOD and U.S. Cyber Command provided the services
with clear doctrine, guidance, policies, and/or requirements to
accomplish their cyberspace operations mission?
General Flynn. [The information referred to was not available at
the time of printing].
Ms. Sanchez. What additional doctrine, guidance, policies, and/or
requirements do the services need from DOD and U.S. Cyber Command to
accomplish their cyberspace operations mission?
General Flynn. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. Please describe the doctrine, guidance, policies, and/
or requirements the services are developing individually and in
coordination with one another?
General Flynn. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. Given current budget and personnel constraints (i.e.
shrinking end strength and heightened operational demands), describe
steps you are taking to meet your requirements to fund and staff your
cyberspace operations?
General Flynn. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. What efforts have the services made to define the
emerging role of the cyber warrior for both service-specific and joint
cyberspace operations mission areas (including the development of
mission specialties, job qualification and training opportunities)?
General Flynn. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. What service and joint training and educational
institutions do you use now, or will you use in the future, for
developing your cadre of cyber warriors?
General Flynn. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. How are you integrating cyber capabilities into
Service-level, joint, international or interagency exercises?
General Flynn. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. What capabilities do you have to conduct active
network operations, such as network hunting, penetration testing and
other forms of red teaming? Do you have unmet needs in this area (in
terms of people or tools)?
General Flynn. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. The Committee appreciates the complexity of
coordinating cyber operations in various Service, Agency, interagency,
international and non-governmental organizations geographically
dispersed across the world. To deal with that challenge, what tools,
technologies, processes or procedures do you have in place, or are
planning, to facilitate collaboration across the full range of cyber
operations?
General Flynn. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. Can you please explain your understanding of command
and control responsibilities, relationships and authorities between
U.S. Cyber Command and the military services?
General Hernandez. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. Have DOD and U.S. Cyber Command provided the services
with clear doctrine, guidance, policies, and/or requirements to
accomplish their cyberspace operations mission?
General Hernandez. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. What additional doctrine, guidance, policies, and/or
requirements do the services need from DOD and U.S. Cyber Command to
accomplish their cyberspace operations mission?
General Hernandez. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. Please describe the doctrine, guidance, policies, and/
or requirements the services are developing individually and in
coordination with one another?
General Hernandez. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. Given current budget and personnel constraints (i.e.
shrinking end strength and heightened operational demands), describe
steps you are taking to meet your requirements to fund and staff your
cyberspace operations?
General Hernandez. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. What efforts have the services made to define the
emerging role of the cyber warrior for both service-specific and joint
cyberspace operations mission areas (including the development of
mission specialties, job qualification and training opportunities)?
General Hernandez. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. What service and joint training and educational
institutions do you use now, or will you use in the future, for
developing your cadre of cyber warriors?
General Hernandez. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. How are you integrating cyber capabilities into
Service-level, joint, international or interagency exercises?
General Hernandez. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. What capabilities do you have to conduct active
network operations, such as network hunting, penetration testing and
other forms of red teaming? Do you have unmet needs in this area (in
terms of people or tools)?
General Hernandez. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. The Committee appreciates the complexity of
coordinating cyber operations in various Service, Agency, interagency,
international and non-governmental organizations geographically
dispersed across the world. To deal with that challenge, what tools,
technologies, processes or procedures do you have in place, or are
planning, to facilitate collaboration across the full range of cyber
operations?
General Hernandez. [The information referred to was not available
at the time of printing.]
Ms. Sanchez. Can you please explain your understanding of command
and control responsibilities, relationships and authorities between
U.S. Cyber Command and the military services?
General Webber. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. Have DOD and U.S. Cyber Command provided the services
with clear doctrine, guidance, policies, and/or requirements to
accomplish their cyberspace operations mission?
General Webber. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. What additional doctrine, guidance, policies, and/or
requirements do the services need from DOD and U.S. Cyber Command to
accomplish their cyberspace operations mission?
General Webber. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. Please describe the doctrine, guidance, policies, and/
or requirements the services are developing individually and in
coordination with one another?
General Webber. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. Given current budget and personnel constraints (i.e.
shrinking end strength and heightened operational demands), describe
steps you are taking to meet your requirements to fund and staff your
cyberspace operations?
General Webber. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. What efforts have the services made to define the
emerging role of the cyber warrior for both service-specific and joint
cyberspace operations mission areas (including the development of
mission specialties, job qualification and training opportunities)?
General Webber. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. What service and joint training and educational
institutions do you use now, or will you use in the future, for
developing your cadre of cyber warriors?
General Webber. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. How are you integrating cyber capabilities into
Service-level, joint, international or interagency exercises?
General Webber. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. What capabilities do you have to conduct active
network operations, such as network hunting, penetration testing and
other forms of red teaming? Do you have unmet needs in this area (in
terms of people or tools)?
General Webber. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. The Committee appreciates the complexity of
coordinating cyber operations in various Service, Agency, interagency,
international and non-governmental organizations geographically
dispersed across the world. To deal with that challenge, what tools,
technologies, processes or procedures do you have in place, or are
planning, to facilitate collaboration across the full range of cyber
operations?
General Webber. [The information referred to was not available at
the time of printing.]
Ms. Sanchez. The committee is aware that there is an Application
Software Assurance Center of Excellence (ASACOE) at Gunter Annex,
Alabama that has been recognized by the DOD for its software
vulnerability analysis tools and methodologies. What role does the
ASACOE in 24th Air Force efforts to secure AF networks? Is the ASACOE a
program of record with funding across the FYDP to support additional
software vulnerability analysis work from the AF, or with other
services, defense agencies or Federal partners?
General Webber. [The information referred to was not available at
the time of printing.]
|
NEWSLETTER
|
|
Join the GlobalSecurity.org mailing list
|
|
|
